[PATCH net-next 0/6] netdevsim: psp: implement real crypto operations from the PSP spec
From: Daniel Zahka
Date: Fri May 08 2026 - 10:54:08 EST
My motivation for this series is to enable packetdrill [1] testing to work
with netdevsim the same way it would work against a real NIC + driver
stack. That means being able to write already enapsulated and
encrypted packets from userspace into a packet socket (skips normal
psp tx path), yet still trigger the psp rx path (decapsulation and
metadata creation) just based on parsing the bytes "on the wire".
I will add that I believe this also has the benefit of making the
netdevsim code higher fidelity by removing the fake authentication
hack used by data_send_bad_key testcase in psp.py, and replacing with
true authentication from aes-gcm.
The header parsing in nsim_poll() may have some side effects on
non-psp paths from the pskb_may_pull'ing in nsim_psp_handle_rx(), but
that can be avoided by not configuring psp.
As for the code, I believe it is fairly straightforward. It implements
what is described in the psp spec. It preserves passing behavior of
the psp.py tests, and I have tested the crypto interoperability with
an nvidia cx7 card.
[1]: https://github.com/google/packetdrill/pull/100
Signed-off-by: Daniel Zahka <daniel.zahka@xxxxxxxxx>
---
Daniel Zahka (6):
netdevsim: psp: reset spi on key rotation and check for exhaustion on alloc
netdevsim: psp: remove unnecessary UDP checksum computation
netdevsim: psp: move rx processing into nsim_poll()
netdevsim: psp: implement kdf from psp spec
netdevsim: psp: add real aes-gcm encryption and decryption
netdevsim: psp: count rx authentication and length errors
drivers/net/Kconfig | 2 +
drivers/net/netdevsim/netdev.c | 18 +--
drivers/net/netdevsim/netdevsim.h | 19 ++-
drivers/net/netdevsim/psp.c | 333 ++++++++++++++++++++++++++++----------
4 files changed, 272 insertions(+), 100 deletions(-)
---
base-commit: 6a4c4656b0d2d4056a1f0c35442db4e8a5cf8021
change-id: 20260430-nsim-psp-crypto-03110ff293f1
Best regards,
--
Daniel Zahka <daniel.zahka@xxxxxxxxx>