From patchwork Sat Sep 25 15:35:31 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Anoob Joseph <anoobj@marvell.com>
X-Patchwork-Id: 99658
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 2ECA7A0C45;
	Sat, 25 Sep 2021 17:36:36 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id B4016410ED;
	Sat, 25 Sep 2021 17:36:28 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 8F5DF410ED
 for <dev@dpdk.org>; Sat, 25 Sep 2021 17:36:27 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
 18PDQ9FX003440;
 Sat, 25 Sep 2021 08:36:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=yAF2YMCLrx2HcX+VfVf7sltZPUeTAX96xmvEs3Qz7/0=;
 b=BGVwTZejO8D1rfgtmWhnO5F+TZnafccUu7qBlSKwHsRVdCvnuULdRk14F+cGLmr1jyx1
 WaAghAmt2cJ3cnsjHJc4kCnSdoLUgl4XltIStgOObHBEhISuYSUl1iC02uQPzl7rGkT/
 9z7Xqr0P5oDSIRLS5GJARQWRpDI1rotVgVtc7R15QSMGHkorhJJuBF0Xz1pc2X3QAsLg
 Hm4NzuTuK58UBa9LhN5Otbf679Px3CCvynTbuq7cIJJqvgIj/2ZVhLYhSPmmGy8nYoqs
 thLC0K0JVp60PVyHFdqNM3T+C7tn0h4sffb8G55e+jb0CjVn/ZTFux8ihCpjHx33LtK/ jQ==
Received: from dc5-exch02.marvell.com ([199.233.59.182])
 by mx0a-0016f401.pphosted.com with ESMTP id 3ba14prp5r-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Sat, 25 Sep 2021 08:36:26 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;
 Sat, 25 Sep 2021 08:36:25 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend
 Transport; Sat, 25 Sep 2021 08:36:25 -0700
Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218])
 by maili.marvell.com (Postfix) with ESMTP id 58B503F7086;
 Sat, 25 Sep 2021 08:36:21 -0700 (PDT)
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Declan Doherty
 <declan.doherty@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>,
 "Konstantin Ananyev" <konstantin.ananyev@intel.com>
CC: Tejasree Kondoj <ktejasree@marvell.com>, Jerin Jacob <jerinj@marvell.com>,
 Archana Muniganti <marchana@marvell.com>, Hemant Agrawal
 <hemant.agrawal@nxp.com>, Radu Nicolau <radu.nicolau@intel.com>,
 Ciara Power <ciara.power@intel.com>,
 Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org>,
 Anoob Joseph <anoobj@marvell.com>
Date: Sat, 25 Sep 2021 21:05:31 +0530
Message-ID: <1632584132-289-5-git-send-email-anoobj@marvell.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1632584132-289-1-git-send-email-anoobj@marvell.com>
References: <1631884523-836-1-git-send-email-anoobj@marvell.com>
 <1632584132-289-1-git-send-email-anoobj@marvell.com>
MIME-Version: 1.0
X-Proofpoint-GUID: mxRpvSveXx6MtzBohmnsC5V8L3hc6TrB
X-Proofpoint-ORIG-GUID: mxRpvSveXx6MtzBohmnsC5V8L3hc6TrB
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475
 definitions=2021-09-25_05,2021-09-24_02,2020-04-07_01
Subject: [dpdk-dev] [PATCH v5 4/5] test/crypto: add IV gen cases for IPsec
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

From: Tejasree Kondoj <ktejasree@marvell.com>

Added cases to verify IV generated by PMD for lookaside IPsec.

The tests compare IV generated for a batch of packets and ensures that
IV is not getting repeated in the batch.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
---
 app/test/test_cryptodev.c                | 19 ++++++++++++
 app/test/test_cryptodev_security_ipsec.c | 52 ++++++++++++++++++++++++++++++++
 app/test/test_cryptodev_security_ipsec.h |  1 +
 doc/guides/rel_notes/release_21_11.rst   |  1 +
 4 files changed, 73 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index bfaca1d..956541e 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9080,6 +9080,9 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 	unsigned int i, nb_pkts = 1, pass_cnt = 0;
 	int ret;
 
+	if (flags->iv_gen)
+		nb_pkts = IPSEC_TEST_PACKETS_MAX;
+
 	for (i = 0; i < RTE_DIM(aead_list); i++) {
 		test_ipsec_td_prepare(&aead_list[i],
 				      NULL,
@@ -9130,6 +9133,18 @@ test_ipsec_proto_display_list(const void *data __rte_unused)
 }
 
 static int
+test_ipsec_proto_iv_gen(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.iv_gen = true;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
 test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
 {
 	struct ipsec_test_flags flags;
@@ -14054,6 +14069,10 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_display_list),
 		TEST_CASE_NAMED_ST(
+			"IV generation",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_iv_gen),
+		TEST_CASE_NAMED_ST(
 			"Negative test: ICV corruption",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_err_icv_corrupt),
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index aebbe66..78c7f3a 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -4,12 +4,15 @@
 
 #include <rte_common.h>
 #include <rte_cryptodev.h>
+#include <rte_esp.h>
 #include <rte_ip.h>
 #include <rte_security.h>
 
 #include "test.h"
 #include "test_cryptodev_security_ipsec.h"
 
+#define IV_LEN_MAX 16
+
 extern struct ipsec_test_data pkt_aes_256_gcm;
 
 int
@@ -214,6 +217,46 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
 }
 
 static int
+test_ipsec_iv_verify_push(struct rte_mbuf *m, const struct ipsec_test_data *td)
+{
+	static uint8_t iv_queue[IV_LEN_MAX * IPSEC_TEST_PACKETS_MAX];
+	uint8_t *iv_tmp, *output_text = rte_pktmbuf_mtod(m, uint8_t *);
+	int i, iv_pos, iv_len;
+	static int index;
+
+	if (td->aead)
+		iv_len = td->xform.aead.aead.iv.length - td->salt.len;
+	else
+		iv_len = td->xform.chain.cipher.cipher.iv.length;
+
+	iv_pos = test_ipsec_tunnel_hdr_len_get(td) + sizeof(struct rte_esp_hdr);
+	output_text += iv_pos;
+
+	TEST_ASSERT(iv_len <= IV_LEN_MAX, "IV length greater than supported");
+
+	/* Compare against previous values */
+	for (i = 0; i < index; i++) {
+		iv_tmp = &iv_queue[i * IV_LEN_MAX];
+
+		if (memcmp(output_text, iv_tmp, iv_len) == 0) {
+			printf("IV repeated");
+			return TEST_FAILED;
+		}
+	}
+
+	/* Save IV for future comparisons */
+
+	iv_tmp = &iv_queue[index * IV_LEN_MAX];
+	memcpy(iv_tmp, output_text, iv_len);
+	index++;
+
+	if (index == IPSEC_TEST_PACKETS_MAX)
+		index = 0;
+
+	return TEST_SUCCESS;
+}
+
+static int
 test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		     bool silent, const struct ipsec_test_flags *flags)
 {
@@ -279,6 +322,15 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 			struct ipsec_test_data *res_d, bool silent,
 			const struct ipsec_test_flags *flags)
 {
+	int ret;
+
+	if (flags->iv_gen &&
+	    td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+		ret = test_ipsec_iv_verify_push(m, td);
+		if (ret != TEST_SUCCESS)
+			return ret;
+	}
+
 	/*
 	 * In case of known vector tests & all inbound tests, res_d provided
 	 * would be NULL and output data need to be validated against expected.
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 134fc3a..d2ec63f 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -50,6 +50,7 @@ struct ipsec_test_data {
 struct ipsec_test_flags {
 	bool display_alg;
 	bool icv_corrupt;
+	bool iv_gen;
 };
 
 struct crypto_param {
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 8fc5844..cda0a92 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -91,6 +91,7 @@ New Features
 
   * Added known vector tests (AES-GCM 128, 192, 256).
   * Added tests to verify error reporting with ICV corruption.
+  * Added tests to verify IV generation.
 
 
 Removed Items