@@ -4,3 +4,12 @@ crypto_dev_id="37c8"
# your special settings for eal
socket-mem="2048,0"
+[-eal-opts]
+-c:
+-l:
+-a:
+-vdev:
+-socket-mem:
+-n:
+--log-level:
+--socket-mem:
@@ -1,6 +1,7 @@
[suite]
# Cryptodev common options qat device idcrypto_dev_id="37c9"
crypto_dev_id="37c9"
+f_path="/root/FIPS"
l="9,10,66"
socket-mem="2048,2048 --legacy-mem"
@@ -8,6 +9,9 @@ n=6
vdev="crypto_aesni_mb_pmd_1"
+[env]
+LD_LIBRARY_PATH="/export/openssl/install/lib:/export/jansson/install/lib"
+
[test_fips_aesni_gcm_gcm]
a="0000:af:00.0"
req-file="/root/FIPS/GCM/req"
@@ -100,3 +104,95 @@ rsp-file="/root/FIPS/HMAC/resp"
a="0000:1a:01.0"
req-file="/root/FIPS/AES/req"
rsp-file="/root/FIPS/AES/resp"
+
+# MARVELL specific configs
+[test_fips_mrvl_3des_ecb]
+req-file=${suite:f_path}"/TDES_ECB/req.json"
+rsp-file=${suite:f_path}"/TDES_ECB/output/rsp.json"
+
+[test_fips_mrvl_3des_cbc]
+req-file=${suite:f_path}"/TDES_CBC/req.json"
+rsp-file=${suite:f_path}"/TDES_CBC/output/rsp.json"
+
+[test_fips_mrvl_aes_cbc]
+req-file=${suite:f_path}"/AES_CBC/req.json"
+rsp-file=${suite:f_path}"/AES_CBC/output/rsp.json"
+
+[test_fips_mrvl_aes_gmac]
+req-file=${suite:f_path}"/AES_GMAC/req.json"
+rsp-file=${suite:f_path}"/AES_GMAC/output/rsp.json"
+
+[test_fips_mrvl_aes_xts]
+req-file=${suite:f_path}"/AES_XTS/req.json"
+rsp-file=${suite:f_path}"/AES_XTS/output/rsp.json"
+
+[test_fips_mrvl_aes_ctr]
+req-file=${suite:f_path}"/AEX_CTR/req.json"
+rsp-file=${suite:f_path}"/AEX_CTR/output/rsp.json"
+
+[test_fips_mrvl_ccm]
+req-file=${suite:f_path}"/AES_CBC/req.json"
+rsp-file=${suite:f_path}"/AES_CBC/output/rsp.json"
+
+[test_fips_mrvl_aes_cmac]
+req-file=${suite:f_path}"/AES_CMAC/req.json"
+rsp-file=${suite:f_path}"/AES_CMAC/output/rsp.json"
+
+[test_fips_mrvl_aes_gcm_ext]
+req-file=${suite:f_path}"/AES_GCM_EXT/req.json"
+rsp-file=${suite:f_path}"/AES_GCM_EXT/output/rsp.json"
+
+[test_fips_mrvl_aes_gcm_int]
+req-file=${suite:f_path}"/AES_GCM_INT/req.json"
+rsp-file=${suite:f_path}"/AES_GCM_INT/output/rsp.json"
+
+[test_fips_mrvl_ecdsa_keygen]
+req-file=${suite:f_path}"/ECDSA_KEYGEN/req.json"
+rsp-file=${suite:f_path}"/ECDSA_KEYGEN/output/rsp.json"
+
+[test_fips_mrvl_ecdsa_signgen]
+req-file=${suite:f_path}"/ECDSA_SIGGEN/req.json"
+rsp-file=${suite:f_path}"/ECDSA_SIGGEN/output/rsp.json"
+
+[test_fips_mrvl_ecdsa_signver]
+req-file=${suite:f_path}"/ECDSA_SIGVER/req.json"
+rsp-file=${suite:f_path}"/ECDSA_SIGVER/output/rsp.json"
+
+[test_fips_mrvl_rsa_keygen]
+req-file=${suite:f_path}"/RSA_KEYGEN/req.json"
+rsp-file=${suite:f_path}"/RSA_KEYGEN/output/rsp.json"
+
+[test_fips_mrvl_rsa_signgen]
+req-file=${suite:f_path}"/RSA_SIGGEN/req.json"
+rsp-file=${suite:f_path}"/RSA_SIGGEN/output/rsp.json"
+
+[test_fips_mrvl_rsa_signver]
+req-file=${suite:f_path}"/RSA_SIGVER/req.json"
+rsp-file=${suite:f_path}"/RSA_SIGVER/output/rsp.json"
+
+[test_fips_mrvl_rsa_siggen_expkey]
+req-file=${suite:f_path}"/RSA_SIGGEN_EXPKEY/req.json"
+rsp-file=${suite:f_path}"/RSA_SIGGEN_EXPKEY/output/rsp.json"
+[test_fips_mrvl_sha]
+req-file=${suite:f_path}"/SHA/req.json"
+rsp-file=${suite:f_path}"/SHA/output/rsp.json"
+
+[test_fips_mrvl_sha3]
+req-file=${suite:f_path}"/SHA3/req.json"
+rsp-file=${suite:f_path}"/SHA3/output/rsp.json"
+
+[test_fips_mrvl_sha3_hmac]
+req-file=${suite:f_path}"/SHA3_HMAC/req.json"
+rsp-file=${suite:f_path}"/SHA3_HMAC/output/rsp.json"
+
+[test_fips_mrvl_shake]
+req-file=${suite:f_path}"/SHAKE/req.json"
+rsp-file=${suite:f_path}"/SHAKE/output/rsp.json"
+
+[test_fips_mrvl_sha_hmac]
+req-file=${suite:f_path}"/SHA_HMAC/req.json"
+rsp-file=${suite:f_path}"/SHA_HMAC/output/rsp.json"
+
+[test_fips_mrvl_hmac]
+req-file=${suite:f_path}"/AES_CBC/req.json"
+rsp-file=${suite:f_path}"/AES_CBC/output/rsp.json"
new file mode 100644
@@ -0,0 +1,85 @@
+[default]
+hash=#
+[suite]
+# inline_dev="(a0f0,2) a0f9"
+inline_dev="0002:1d:00.0 0002:1e:00.0 0002:1f:00.0"
+[default_ipsec_opts]
+--log-level=8
+--socket-mem="1024"
+-p=0xf
+-P=
+--transfer-mode="poll"
+--config="'(0,0,21),(1,0,21)'"
+--cryptodev_mask=0
+[test_mrvl_Ipsec_Encryption]
+-f='/root/dpdk/enc.cfg'
+rule=
+ ${default:hash}SP IPv4 rules
+ sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+ ${default:hash}SA rules
+ sa out 1005 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 port_id 1 type inline-protocol-offload
+ ${default:hash}Routing rules
+ rt ipv4 dst 172.16.2.5/32 port 1
+
+[test_mrvl_Ipsec_Encryption_Jumboframe]
+-f='/root/dpdk/enc.cfg'
+-j=9200
+--mtu=9000
+rule=${test_mrvl_Ipsec_Encryption:rule}
+
+[test_mrvl_Ipsec_Decryption]
+-f='/root/dpdk/dec.cfg'
+rule=
+ ${default:hash}SA rules
+ sa in 5 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 port_id 1 type inline-protocol-offload
+ ${default:hash}Routing rules
+ rt ipv4 dst 192.168.105.10/32 port 0
+
+[test_mrvl_Ipsec_Decryption_Jumboframe]
+-f='/root/dpdk/dec.cfg'
+-j=9200
+--mtu=9000
+rule=${test_mrvl_Ipsec_Decryption:rule}
+[test_mrvl_Ipsec_Encryption_Rss]
+-f='/root/dpdk/enc_rss.cfg'
+--config="'(0,0,20),(0,1,20),(1,0,21),(1,1,21)'"
+send_spi=5
+receive_spi=1005
+inner_dst='192.168.105.10'
+rule=
+ ${default:hash}SP IPv4 rules
+ sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+ sa out 1005 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 port_id 1 type inline-protocol-offload
+ ${default:hash}Routing rules
+ rt ipv4 dst 172.16.2.5/32 port 1
+[test_mrvl_Ipsec_Decryption_Rss]
+-f='/root/dpdk/dec_rss.cfg'
+--config="'(0,0,20),(0,1,20),(1,0,21),(1,1,21)'"
+send_spi=5
+receive_spi=1005
+inner_dst='192.168.105.10'
+rule=
+ ${default:hash}SA rules
+ sa in 5 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 port_id 1 type inline-protocol-offload
+ ${default:hash}Routing rules
+ rt ipv4 dst 192.168.105.10/32 port 0
+[test_mrvl_Ipsec_Decryption_wrongkey]
+-f='/root/dpdk/dec_wrong_key.cfg'
+rule=
+ ${default:hash}SA rules
+ sa in 5 aead_algo aes-128-gcm aead_key 2f:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 port_id 1 type inline-protocol-offload
+ ${default:hash}Routing rules
+ rt ipv4 dst 192.168.105.10/32 port 0
+[test_mrvl_Ipsec_Encryption_Decryption]
+-f='/root/dpdk/enc_dec.cfg'
+--config="'(0,0,21),(1,0,21)'"
+rule=
+ ${default:hash}SP IPv4 rules
+ sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+ ${default:hash}SA rules
+ sa out 5 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 port_id 1 type inline-protocol-offload
+ sa in 5 aead_algo aes-128-gcm aead_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 port_id 1 type inline-protocol-offload
+ ${default:hash}Routing rules
+ rt ipv4 dst 192.168.105.10/32 port 0
+ rt ipv4 dst 172.16.2.5/32 port 1
+
@@ -386,3 +386,198 @@ src_ip="0000:1111:1111:1111:4444:4444:0000:1111"
expected_dst_ip="0:1111:1111:1111:4444:4444::"
expected_src_ip="0:1111:1111:1111:4444:4444:0:1111"
expected_spi="0x54"
+
+# Marvell test Vectors
+[test_mrvl_aes_128_cbc_ipv4_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.105.100"
+src_ip="192.168.105.200"
+expected_dst_ip="172.16.2.5"
+expected_src_ip="172.16.1.5"
+expected_spi="0x5"
+
+[test_mrvl_aes_128_ctr_ipv4_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.125.100"
+src_ip="192.168.125.200"
+expected_dst_ip="172.16.2.6"
+expected_src_ip="172.16.1.6"
+expected_spi="0x2d"
+
+[test_mrvl_aes_256_cbc_ipv4_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.25.100"
+src_ip="192.168.25.200"
+expected_dst_ip="172.16.2.5"
+expected_src_ip="172.16.1.5"
+expected_spi="0x23"
+
+[test_mrvl_aes_gcm_ipv4_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.106.100"
+src_ip="192.168.106.200"
+expected_dst_ip="172.16.2.6"
+expected_src_ip="172.16.1.6"
+expected_spi="0x6"
+
+[test_mrvl_null_ipv4_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.200.100"
+src_ip="192.168.200.200"
+expected_dst_ip="172.16.2.5"
+expected_src_ip="172.16.1.5"
+elid_src_ip="172.16.1.5"
+expected_spi="0xf"
+
+[test_mrvl_3des_cbc_ipv4_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.220.100"
+src_ip="192.168.220.200"
+expected_dst_ip="172.16.2.6"
+expected_src_ip="172.16.1.6"
+expected_spi="0x32"
+
+[test_mrvl_aes_128_cbc_ipv4_transport]
+devtype="crypto_cn10k"
+dst_ip="192.168.175.100"
+src_ip="192.168.175.200"
+expected_dst_ip="192.168.175.100"
+expected_src_ip="192.168.175.200"
+expected_spi="0xa"
+
+[test_mrvl_aes_128_ctr_ipv4_transport]
+devtype="crypto_cn10k"
+dst_ip="192.168.76.100"
+src_ip="192.168.76.200"
+expected_dst_ip="192.168.76.100"
+expected_src_ip="192.168.76.200"
+expected_spi="0x1f"
+
+[test_mrvl_aes_256_cbc_ipv4_transport]
+devtype="crypto_cn10k"
+dst_ip="192.168.26.100"
+src_ip="192.168.26.200"
+expected_dst_ip="192.168.26.100"
+expected_src_ip="192.168.26.200"
+expected_spi="0x24"
+
+[test_mrvl_aes_gcm_ipv4_transport]
+devtype="crypto_cn10k"
+dst_ip="192.168.176.100"
+src_ip="192.168.176.200"
+expected_dst_ip="192.168.176.100"
+expected_src_ip="192.168.176.200"
+expected_spi="0xb"
+
+[test_mrvl_null_ipv4_transport]
+devtype="crypto_cn10k"
+dst_ip="192.168.141.100"
+src_ip="192.168.141.200"
+expected_dst_ip="192.168.141.100"
+expected_src_ip="192.168.141.200"
+expected_spi="0x38"
+
+[test_mrvl_3des_cbc_ipv4_transport]
+devtype="crypto_cn10k"
+dst_ip="192.168.140.100"
+src_ip="192.168.140.200"
+expected_dst_ip="192.168.140.100"
+expected_src_ip="192.168.140.200"
+expected_spi="0x37"
+
+[test_mrvl_aes_128_ctr_ipv6_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.126.100"
+src_ip="192.168.126.200"
+expected_dst_ip="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222"
+expected_src_ip="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111"
+expected_spi="0x2e"
+
+[test_mrvl_aes_128_cbc_ipv6_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.55.100"
+src_ip="192.168.55.200"
+expected_dst_ip="2222:2222:2222:2222:2222:2222:2222:5555"
+expected_src_ip="1111:1111:1111:1111:1111:1111:1111:5555"
+expected_spi="0x19"
+
+[test_mrvl_aes_256_cbc_ipv6_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.75.100"
+src_ip="192.168.75.200"
+expected_dst_ip="8888:8888:8888:8888:8888:8888:8888:2222"
+expected_src_ip="7777:7777:7777:7777:7777:7777:7777:1111"
+expected_spi="0x1e"
+
+[test_mrvl_aes_gcm_ipv6_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.56.100"
+src_ip="192.168.56.200"
+expected_dst_ip="2222:2222:2222:2222:2222:2222:2222:6666"
+expected_src_ip="1111:1111:1111:1111:1111:1111:1111:6666"
+expected_spi="0x1a"
+
+[test_mrvl_null_ipv6_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.201.100"
+src_ip="192.168.201.200"
+expected_dst_ip="5555:5555:5555:5555:5555:5555:5555:2222"
+expected_src_ip="4444:4444:4444:4444:4444:4444:4444:1111"
+expected_spi="0x10"
+
+[test_mrvl_3des_cbc_ipv6_tunnel]
+devtype="crypto_cn10k"
+dst_ip="192.168.221.100"
+src_ip="192.168.221.200"
+expected_dst_ip="bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222"
+expected_src_ip="aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111"
+expected_spi="0x33"
+
+[test_mrvl_aes_128_cbc_ipv6_transport]
+devtype="crypto_cn10k"
+dst_ip="0000:1111:1111:1111:0000:0000:0000:0000"
+src_ip="0000:1111:1111:1111:0000:0000:0000:1111"
+expected_dst_ip="0:1111:1111:1111::"
+expected_src_ip="0:1111:1111:1111::1111"
+expected_spi="0x50"
+
+[test_mrvl_aes_128_ctr_ipv6_transport]
+devtype="crypto_cn10k"
+dst_ip="0000:1111:1111:1111:2222:2222:0000:0000"
+src_ip="0000:1111:1111:1111:2222:2222:0000:1111"
+expected_dst_ip="0:1111:1111:1111:2222:2222::"
+expected_src_ip="0:1111:1111:1111:2222:2222:0:1111"
+expected_spi="0x52"
+
+[test_mrvl_aes_256_cbc_ipv6_transport]
+devtype="crypto_cn10k"
+dst_ip="0000:1111:1111:1111:3333:3333:0000:0000"
+src_ip="0000:1111:1111:1111:3333:3333:0000:1111"
+expected_dst_ip="0:1111:1111:1111:3333:3333::"
+expected_src_ip="0:1111:1111:1111:3333:3333:0:1111"
+expected_spi="0x53"
+
+[test_mrvl_aes_gcm_ipv6_transport]
+devtype="crypto_cn10k"
+dst_ip="0000:1111:1111:1111:1111:1111:0000:0000"
+src_ip="0000:1111:1111:1111:1111:1111:0000:1111"
+expected_dst_ip="0:1111:1111:1111:1111:1111::"
+expected_src_ip="0:1111:1111:1111:1111:1111:0:1111"
+expected_spi="0x51"
+
+[test_mrvl_null_ipv6_transport]
+devtype="crypto_cn10k"
+dst_ip="0000:1111:1111:1111:5555:5555:0000:0000"
+src_ip="0000:1111:1111:1111:5555:5555:0000:1111"
+expected_dst_ip="0:1111:1111:1111:5555:5555::"
+expected_src_ip="0:1111:1111:1111:5555:5555:0:1111"
+expected_spi="0x55"
+
+[test_mrvl_3des_cbc_ipv6_transport]
+devtype="crypto_cn10k"
+dst_ip="0000:1111:1111:1111:4444:4444:0000:0000"
+src_ip="0000:1111:1111:1111:4444:4444:0000:1111"
+expected_dst_ip="0:1111:1111:1111:4444:4444::"
+expected_src_ip="0:1111:1111:1111:4444:4444:0:1111"
+expected_spi="0x54"
+
new file mode 100644
@@ -0,0 +1,441 @@
+[suite]
+devtype="crypto_cn10k"
+l='9,10'
+total-ops=30000000
+buffer-sz="64,128,256,512,1024,2048"
+
+
+[test_mrvl_AES_CBC_auto]
+chain=["CIPHER_ONLY", "CIPHER_HASH"]
+cdev_type="HW"
+cipher_algo=["aes-cbc"]
+cipher_op=["ENCRYPT", "DECRYPT"]
+cipher_key=[16, 24, 32]
+iv=[16]
+auth_algo=["sha1-hmac", "sha2-224-hmac", "sha2-256-hmac", "sha2-384-hmac", "sha2-512-hmac"]
+auth_op=["GENERATE"]
+auth_key=[64]
+# Maximum auth key length supported is 64
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[20, 28, 32, 48]
+output_cipher="*"
+output_hash="*"
+
+
+[test_mrvl_AES_CTR_auto]
+chain=["CIPHER_ONLY", "CIPHER_HASH"]
+cdev_type="HW"
+cipher_algo=["aes-ctr"]
+cipher_op=["ENCRYPT"]
+cipher_key=[16]
+iv=[16]
+auth_algo=["sha1-hmac", "sha2-224-hmac", "sha2-256-hmac", "sha2-384-hmac", "sha2-512-hmac"]
+auth_op=["GENERATE"]
+auth_key=[64]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[20, 28, 32, 48]
+output_cipher="*"
+output_hash="*"
+
+[test_mrvl_AES_GCM_auto]
+chain=["AEAD"]
+cdev_type="HW"
+cipher_algo=["aes-gcm"]
+cipher_op=["ENCRYPT"]
+cipher_key=[16, 24, 32]
+iv=[12]
+auth_algo=["aes-gcm"]
+auth_op=["GENERATE"]
+auth_key=[16]
+auth_key_random_size=""
+aad=[16]
+aad_random_size=""
+input=[256]
+digest_size=[8, 16]
+output_cipher="*"
+output_hash="*"
+
+[test_mrvl_AES_CCM_auto]
+chain=["AEAD"]
+cdev_type="HW"
+cipher_algo=["aes-ccm"]
+cipher_op=["ENCRYPT"]
+cipher_key=[16]
+iv=[7, 8, 9, 10, 11, 12, 13]
+auth_algo=["aes-ccm"]
+auth_op=["GENERATE"]
+auth_key=[16]
+auth_key_random_size=""
+aad=[8]
+aad_random_size=""
+input=[256]
+digest_size=[8, 16]
+output_cipher="*"
+output_hash="*"
+
+[test_mrvl_h_MD_SHA_auto]
+chain=["HASH_ONLY"]
+cdev_type="HW"
+cipher_algo=""
+cipher_op=""
+cipher_key=""
+iv=""
+auth_algo=["md5-hmac", "sha1-hmac", "sha2-224-hmac", "sha2-256-hmac", "sha2-384-hmac", "sha2-512-hmac"]
+auth_op=["GENERATE"]
+auth_key=[64]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[12, 16, 20, 28, 48, 64]
+output_cipher="*"
+output_hash="*"
+
+[test_mrvl_h_AES_XCBC_MAC_auto]
+chain="HASH_ONLY"
+cdev_type="HW"
+cipher_algo=""
+cipher_op=""
+cipher_key=""
+iv=""
+auth_algo=["aes-xcbc-mac"]
+auth_op="GENERATE"
+auth_key=[16]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[12]
+output_cipher="*"
+output_hash="*"
+
+[test_mrvl_DES_CBC_auto]
+chain=["CIPHER_ONLY", "CIPHER_HASH"]
+cdev_type="HW"
+cipher_algo=["des-cbc"]
+cipher_op=["ENCRYPT"]
+cipher_key=[8]
+iv=[8]
+auth_algo=["sha1-hmac", "sha2-224-hmac", "sha2-256-hmac", "sha2-384-hmac", "sha2-512-hmac"]
+auth_op=["GENERATE"]
+auth_key=[64]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[20, 28, 32, 48]
+output_cipher="*"
+output_hash="*"
+
+[test_mrvl_3DES_CBC_auto]
+# chain=["CIPHER_ONLY", "CIPHER_HASH"]
+chain=["CIPHER_ONLY"]
+cdev_type="HW"
+cipher_algo=["3des-cbc"]
+cipher_op=["ENCRYPT"]
+cipher_key=[24]
+iv=[8]
+auth_algo=["sha1-hmac", "sha2-224-hmac", "sha2-256-hmac", "sha2-384-hmac", "sha2-512-hmac"]
+auth_op=["GENERATE"]
+auth_key=[64]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[20, 28, 32, 48]
+output_cipher="*"
+output_hash="*"
+
+[test_mrvl_3DES_CTR_auto]
+chain=["CIPHER_ONLY", "CIPHER_HASH"]
+cdev_type="HW"
+cipher_algo=["3des-ctr"]
+cipher_op=["ENCRYPT"]
+cipher_key=[24]
+iv=[8]
+auth_algo=["sha1-hmac", "sha2-224-hmac", "sha2-256-hmac", "sha2-384-hmac", "sha2-512-hmac"]
+auth_op=["GENERATE"]
+auth_key=[64, 128]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[20, 28, 32, 48]
+output_cipher="470c43ce135176ff34300c11b8a5dc463be774851c405eb67a3c54e30707b6ac47b1dca58d5a2dab1dee452f7712f1803709d100608f8df9786156e4656ff60cb6a2f722e6a96932fa0dbba8c4941e61b8ca2b5903bc724d5f68856b9e6f66d7b4e42cc49b44bb85b7ce2f1c521e1a2719a47097922e0b627bbee2918ac5c5caf84d9e62d772fc676d3bce0bb17b95cb5e1477da051aebbdbbf2a7037237a3537c738aadbfff3d3f2b3be5ddbcc7213e265705224961adf48f8df3ba8a8fc2ab337f7031a0f20636c82074a6bebcf91f06e04d45fa1dcc8454b6be54e53e3f9c99f0f830b16a7a452e75e15894bf869fc585090c8c4bfbdb9f2a6246f4308300"
+output_hash="*"
+
+[test_mrvl_SNOW3G_auto]
+chain=["CIPHER_ONLY", "HASH_ONLY"]
+cdev_type="HW"
+cipher_algo=["snow3g-uea2"]
+cipher_op=["ENCRYPT"]
+cipher_key=[16]
+iv=[16]
+auth_algo=["snow3g-uia2"]
+auth_op=["GENERATE"]
+auth_key=[16]
+auth_key_random_size=""
+aad=[16]
+aad_random_size=""
+input=[256]
+digest_size=[4]
+output_cipher="*"
+output_hash="*"
+
+[test_mrvl_KASUMI_auto]
+chain=["CIPHER_ONLY", "HASH_ONLY"]
+cdev_type="HW"
+cipher_algo=["kasumi-f8"]
+cipher_op=["ENCRYPT"]
+cipher_key=[16]
+iv=[8]
+auth_algo=["kasumi-f9"]
+auth_op=["GENERATE"]
+auth_key=[16]
+auth_key_random_size=""
+aad=""
+aad_random_size=""
+input=[256]
+digest_size=[4]
+output_cipher="*"
+output_hash="*"
+
+[test_mrvl_ZUC_auto]
+chain=["CIPHER_ONLY", "HASH_ONLY"]
+cdev_type="HW"
+cipher_algo=["zuc-eea3"]
+cipher_op=["ENCRYPT"]
+cipher_key=[16]
+iv=[16]
+auth_algo=["zuc-eia3"]
+auth_op=["GENERATE"]
+auth_key=[16]
+auth_key_random_size=""
+aad=[16]
+aad_random_size=""
+input=[256]
+digest_size=[4]
+output_cipher="*"
+output_hash="*"
+
+
+[test_mrvl_NULL_auto]
+chain=["CIPHER_ONLY", "HASH_ONLY", "CIPHER_HASH"]
+cdev_type="HW"
+cipher_algo=["null"]
+cipher_op=["ENCRYPT"]
+cipher_key=[0]
+iv=""
+auth_algo=["null"]
+auth_op=["GENERATE"]
+auth_key=[0]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+digest=""
+input=[256]
+digest_size=""
+output_cipher="*"
+output_hash="*"
+
+[test_mrvl_AES_DOCSISBPI_auto]
+chain=["CIPHER_ONLY"]
+cdev_type="HW"
+cipher_algo="aes-docsisbpi"
+cipher_op=["ENCRYPT"]
+cipher_key="e6600fd8852ef5abe6600fd8852ef5ab"
+iv="810e528e1c5fda1a810e528e1c5fda1a"
+auth_algo=""
+auth_op=""
+auth_key=""
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input="000102030405060708090a0b0c0d0e91d2d19f"
+digest_size=""
+output_cipher="9dd1674bba61101b56756474364f101d44d473"
+output_hash="*"
+
+
+[test_mrvl_DES_DOCSISBPI_auto]
+chain=["CIPHER_ONLY"]
+cdev_type="HW"
+cipher_algo="des-docsisbpi"
+cipher_op=["ENCRYPT"]
+cipher_key="e6600fd8852ef5ab"
+iv="810e528e1c5fda1a"
+auth_algo=""
+auth_op=""
+auth_key=""
+auth_key_random_size=""
+aad=""
+aad_random_size=""
+input="000102030405060708090a0b0c0d0e910001020304050607d2d19f"
+digest_size=""
+output_cipher="0dda5acbd05e5567514746868a71e577bdb2125f9f72be230e9fb2"
+output_hash="*"
+
+
+[aesni_mb_AES_DOCSISBPI_01]
+vdev="crypto_aesni_mb"
+chain=["CIPHER_ONLY"]
+cdev_type="SW"
+cipher_algo="aes-docsisbpi"
+cipher_op=["ENCRYPT"]
+cipher_key="e6600fd8852ef5abe6600fd8852ef5ab"
+iv="810e528e1c5fda1a810e528e1c5fda1a"
+auth_algo=""
+auth_op=""
+auth_key=""
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input="000102030405060708090a0b0c0d0e91d2d19f"
+digest_size=""
+output_cipher="9dd1674bba61101b56756474364f101d44d473"
+output_hash="*"
+
+
+[openssl_DES_DOCSISBPI_01]
+vdev="crypto_openssl"
+chain=["CIPHER_ONLY"]
+cdev_type="SW"
+cipher_algo="des-docsisbpi"
+cipher_op=["ENCRYPT"]
+cipher_key="e6600fd8852ef5ab"
+iv="810e528e1c5fda1a"
+auth_algo=""
+auth_op=""
+auth_key=""
+auth_key_random_size=""
+aad=""
+aad_random_size=""
+input="000102030405060708090a0b0c0d0e910001020304050607d2d19f"
+digest_size=""
+output_cipher="0dda5acbd05e5567514746868a71e577bdb2125f9f72be230e9fb2"
+output_hash="*"
+
+
+[aesni_mb_DES_DOCSISBPI_01]
+vdev="crypto_aesni_mb"
+chain=["CIPHER_ONLY"]
+cdev_type="SW"
+cipher_algo="des-docsisbpi"
+cipher_op=["ENCRYPT"]
+cipher_key="e6600fd8852ef5ab"
+iv="810e528e1c5fda1a"
+auth_algo=""
+auth_op=""
+auth_key=""
+auth_key_random_size=""
+aad=""
+aad_random_size=""
+input="000102030405060708090a0b0c0d0e910001020304050607d2d19f"
+digest_size=""
+output_cipher="0dda5acbd05e5567514746868a71e577bdb2125f9f72be230e9fb2"
+output_hash="*"
+
+
+[aesni_mb_DES_CBC_00]
+vdev="crypto_aesni_mb"
+chain=["CIPHER_ONLY", "CIPHER_HASH"]
+cdev_type="SW"
+cipher_algo=["des-cbc"]
+cipher_op=["ENCRYPT"]
+cipher_key=[8]
+iv=[8]
+auth_algo=["sha1-hmac", "sha2-256-hmac"]
+auth_op=["GENERATE"]
+auth_key=[64, 128]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[12, 16]
+output_cipher="*"
+output_hash="*"
+
+
+[openssl_DES_CBC_00]
+vdev="crypto_openssl"
+chain=["CIPHER_ONLY", "CIPHER_HASH"]
+cdev_type="SW"
+cipher_algo=["des-cbc"]
+cipher_op=["ENCRYPT"]
+cipher_key=[8]
+iv=[8]
+auth_algo=["sha1-hmac", "sha2-256-hmac"]
+auth_op=["GENERATE"]
+auth_key=[64, 128]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[20, 28]
+output_cipher="*"
+output_hash="*"
+
+
+[test_scheduler_AES_CBC_auto]
+# vdev="crypto_scheduler"
+chain=["CIPHER_HASH"]
+cdev_type="ANY"
+cipher_algo=["aes-cbc"]
+cipher_op=["ENCRYPT", "DECRYPT"]
+cipher_key=[16]
+iv=[16]
+auth_algo=["sha1-hmac"]
+auth_op=["GENERATE"]
+auth_key=[64]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[20, 32]
+output_cipher="*"
+output_hash="*"
+
+
+[scheduler_AES_GCM_00]
+vdev="crypto_scheduler"
+chain=["AEAD"]
+cdev_type="ANY"
+cipher_algo=["aes-gcm"]
+cipher_op=["ENCRYPT"]
+cipher_key=[16, 24, 32]
+iv=[12]
+auth_algo=["aes-gcm"]
+auth_op=["GENERATE"]
+auth_key=[16]
+auth_key_random_size=""
+aad=[16]
+aad_random_size=""
+input=[256]
+digest_size=[16]
+output_cipher="*"
+output_hash="*"
+
+
+[test_mrvl_AES_XTS_auto]
+chain=["CIPHER_ONLY"]
+cdev_type="HW"
+cipher_algo=["aes-xts"]
+cipher_op=["ENCRYPT"]
+cipher_key=[32]
+iv=[16]
+auth_algo=["sha1-hmac", "sha2-256-hmac"]
+auth_op=["GENERATE"]
+auth_key=[64, 128]
+auth_key_random_size=""
+aad=[0]
+aad_random_size=""
+input=[256]
+digest_size=[20, 32]
+output_cipher="*"
+output_hash="*"
@@ -40,6 +40,11 @@ APPNAMECONF = "%s/app_name.cfg" % CONFIG_ROOT_PATH
class UserConf:
def __init__(self, config):
self.conf = configparser.SafeConfigParser()
+ self.conf = configparser.\
+ SafeConfigParser(interpolation=
+ configparser.ExtendedInterpolation())
+ self.conf.optionxform = str # disable case insesitivity
+
load_files = self.conf.read(config)
if load_files == []:
self.conf = None
@@ -136,6 +141,11 @@ class SuiteConf(UserConf):
case_cfg[key] = eval(data_string)
except NameError: # happens when data_string is actually a string, not an int, bool or dict
case_cfg[key] = data_string
+ except SyntaxError: # some strings will raise syntax error, we can have keys that has no value
+ if data_string == '' or type(data_string) is str:
+ case_cfg[key] = data_string
+ continue
+ raise
return case_cfg
@@ -578,14 +578,14 @@ class Crb(object):
"/var/run/dpdk/%s/config" % file_prefix for file_prefix in prefix_list
]
pids = []
- pid_reg = r"p(\d+)"
+ pid_reg = r"(\d+)"
for config_file in file_directorys:
# Covers case where the process is run as a unprivileged user and does not generate the file
isfile = self.send_expect(
"ls -l {}".format(config_file), "# ", 20, alt_session
)
if isfile:
- cmd = "lsof -Fp %s" % config_file
+ cmd = "lsof -Fp %s | grep dpdk" % config_file
out = self.send_expect(cmd, "# ", 20, alt_session)
if len(out):
lines = out.split("\r\n")
@@ -593,7 +593,7 @@ class Crb(object):
m = re.match(pid_reg, line)
if m:
pids.append(m.group(1))
- for pid in pids:
+ for pid in set(pids):
self.send_expect("kill -9 %s" % pid, "# ", 20, alt_session)
self.get_session_output(timeout=2)
@@ -1068,10 +1068,10 @@ class Crb(object):
return True
elif self.get_os_type() == "freebsd":
return False
- elif self.send_expect(
+ out = self.send_expect(
"systemd-detect-virt -c|egrep '(systemd-nspawn|lxc|docker|podman|rkt|wsl|container-other)$' ",
"# ",
- ):
- return True
- else:
+ ).strip()
+ if 'command not found' in out or out != "":
return False
+ return True
@@ -2,8 +2,10 @@
# Copyright(c) 2019 Intel Corporation
#
+import os
import re
+
import framework.utils as utils
import tests.cryptodev_common as cc
from framework.test_case import TestCase
@@ -15,7 +17,6 @@ class TestFipsCryptodev(TestCase):
self.verify("Error" not in out, "Compilation error")
self.verify("No such" not in out, "Compilation error")
self.vf_driver = self.get_suite_cfg()["vf_driver"]
- cc.bind_qat_device(self, "vfio-pci")
self._app_path = self.dut.apps_name["fips_validation"]
self._default_fips_opts = {
"req-file": None,
@@ -25,7 +26,18 @@ class TestFipsCryptodev(TestCase):
"cryptodev-id": 0,
"self-test": "",
}
- self.FIP_path = "/root/FIPS"
+ self.ld_lib = None
+ if self.nic == "cavium_a063":
+ self._default_fips_opts.pop("path-is-folder")
+ cc.bind_qat_device(self, self.drivername, generate_vfs=True, vf_count=2)
+ envs = self._suite_conf.suite_conf.load_section('env')
+ for key, value in envs:
+ if key == "LD_LIBRARY_PATH":
+ self.ld_lib = value
+ break
+ else:
+ cc.bind_qat_device(self, "vfio-pci")
+ self.FIP_path = self.get_suite_cfg()["f_path"]
def set_up(self):
pass
@@ -43,6 +55,9 @@ class TestFipsCryptodev(TestCase):
def _run_fips(self, eal_opt_str, fips_opt_str):
cmd_str = cc.get_dpdk_app_cmd_str(self._app_path, eal_opt_str, fips_opt_str)
self.logger.info(cmd_str)
+ if self.nic == "cavium_a063":
+ cmd_str = "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%s;%s" \
+ %(self.ld_lib, cmd_str)
try:
out = self.dut.send_expect(cmd_str, "#", 600)
except Exception as ex:
@@ -55,20 +70,28 @@ class TestFipsCryptodev(TestCase):
check_out = out[out.index("Done") :]
self.verify("Error" not in check_out, " req file error")
rep_list = re.findall(r"FIPS/(.*)/req/(.*).req", out)
+ if self.nic == 'cavium_a063':
+ rep_list = re.findall(r"%s/(.*)/(.*).json"%(self.FIP_path), out)
+ self.verify(rep_list != [], "Request file not found in the output")
for alog_name, file_name in rep_list:
- out = self.dut.send_expect(
- "diff %s/%s/resp/%s.rsp %s/%s/fax/%s.rsp | grep -v '#' | grep -v '\---'"
- % (
- self.FIP_path,
- alog_name,
- file_name,
- self.FIP_path,
- alog_name,
- file_name,
- ),
- "#",
- )
+ if self.nic == 'cavium_a063':
+ out = self.dut.send_expect(
+ "diff %s/%s/rsp.json %s/%s/output/rsp.json | grep -v '#' | grep -v '\---'"
+ % (self.FIP_path,
+ alog_name,
+ self.FIP_path,
+ alog_name), "#")
+ else:
+ out = self.dut.send_expect(
+ "diff %s/%s/resp/%s.rsp %s/%s/fax/%s.rsp | grep -v '#' | grep -v '\---'"
+ % (self.FIP_path,
+ alog_name,
+ file_name,
+ self.FIP_path,
+ alog_name,
+ file_name), "#")
+ self.verify("No such file" not in out, "Files are not found")
lines = re.split("\r\n", out)
self.verify(len(lines) <= 2, "%s.req file comparison failed!" % file_name)
@@ -183,3 +206,85 @@ class TestFipsCryptodev(TestCase):
)
out = self._run_fips(eal_opt_str, fips_opt_str)
self.verify("Failed init" in out, "test Failed!")
+
+ def _execute_test(self):
+ device = {}
+ vf = cc.get_qat_devices(self)
+ device["a"] = ' -a '.join(vf)
+ device["vdev"] = None
+ eal_opt_str = cc.get_eal_opt_str(self, device)
+ fips_opt_str = self._get_fips_opt_str()
+ out_file = re.search(r"--rsp-file (\S+)",
+ fips_opt_str).group(1)
+ self.dut.send_command("rm %s"%out_file)
+ self.dut.send_command("mkdir -p %s"%(os.path.dirname(out_file)))
+ self.compare_resp_file(eal_opt_str, fips_opt_str)
+
+ def test_fips_mrvl_3des_ecb(self):
+ self._execute_test()
+
+ def test_fips_mrvl_3des_cbc(self):
+ self._execute_test()
+
+ def test_fips_mrvl_aes_cbc(self):
+ self._execute_test()
+
+ def test_fips_mrvl_aes_gmac(self):
+ self._execute_test()
+
+ def test_fips_mrvl_aes_xts(self):
+ self._execute_test()
+
+ def test_fips_mrvl_aes_ctr(self):
+ self._execute_test()
+
+ def test_fips_mrvl_ccm(self):
+ self._execute_test()
+
+ def test_fips_mrvl_aes_cmac(self):
+ self._execute_test()
+
+ def test_fips_mrvl_aes_gcm_ext(self):
+ self._execute_test()
+
+ def test_fips_mrvl_aes_gcm_int(self):
+ self._execute_test()
+
+ def test_fips_mrvl_ecdsa_keygen(self):
+ self._execute_test()
+
+ def test_fips_mrvl_ecdsa_signgen(self):
+ self._execute_test()
+
+ def test_fips_mrvl_ecdsa_signver(self):
+ self._execute_test()
+
+ def test_fips_mrvl_rsa_keygen(self):
+ self._execute_test()
+
+ def test_fips_mrvl_rsa_signgen(self):
+ self._execute_test()
+
+ def test_fips_mrvl_rsa_signver(self):
+ self._execute_test()
+
+ def test_fips_mrvl_rsa_siggen_expkey(self):
+ self._execute_test()
+
+ def test_fips_mrvl_sha(self):
+ self._execute_test()
+
+ def test_fips_mrvl_sha3(self):
+ self._execute_test()
+
+ def test_fips_mrvl_sha3_hmac(self):
+ self._execute_test()
+
+ def test_fips_mrvl_shake(self):
+ self._execute_test()
+
+ def test_fips_mrvl_sha_hmac(self):
+ self._execute_test()
+
+ def test_fips_mrvl_hmac(self):
+ self._execute_test()
@@ -10,11 +10,13 @@ Test inline_ipsec.
import random
import re
import time
+from copy import deepcopy
from scapy.all import ESP, IP, Ether, SecurityAssociation, sendp
import framework.utils as utils
from framework.test_case import TestCase
+import tests.cryptodev_common as cc
ETHER_STANDARD_MTU = 1300
ETHER_JUMBO_FRAME_MTU = 9000
@@ -32,8 +34,8 @@ class TestInlineIpsec(TestCase):
Run at the start of each test suite.
"""
self.verify(
- self.nic in ["IXGBE_10G-82599_SFP", "IXGBE_10G-X540T"],
- "%s NIC not support" % self.nic,
+ self.nic in ["IXGBE_10G-82599_SFP", "IXGBE_10G-X540T",
+ "cavium_a063"], "%s NIC not support" % self.nic,
)
self.verify(
self.drivername in ["vfio-pci"],
@@ -43,6 +45,12 @@ class TestInlineIpsec(TestCase):
self.verify(len(self.dut_ports) >= 2, "Insufficient ports")
cores = self.dut.get_core_list("1S/4C/1T")
self.coremask = utils.create_mask(cores)
+ if self.nic == "cavium_a063":
+ cc.bind_qat_device(self, self.drivername, generate_vfs=True, vf_count=2)
+ inline_devs = cc.bind_mrvl_devices(self, pci_list=self.
+ get_suite_cfg()['inline_dev'])
+ self.dev_list = " -a ".join(cc.get_qat_devices(self, num=2)+inline_devs)
+
# get test port info
self.rxport = self.tester.get_local_port(1)
@@ -74,7 +82,12 @@ class TestInlineIpsec(TestCase):
self.verify("No such file" not in out, "compilation error 2")
self.eal_para = self.dut.create_eal_parameters(cores=[20, 21])
- self.cfg_prepare()
+ self.default_ipsec_opts = self._suite_conf.suite_conf.\
+ load_section('default_ipsec_opts')
+ self.eal_dict = cc.conf.suite_conf.conf._sections['-eal-opts']
+ if self.nic != "cavium_a063":
+ self.cfg_prepare()
+
def set_up(self):
"""
@@ -195,6 +208,27 @@ class TestInlineIpsec(TestCase):
self.tester.destroy_session(session_send)
return payload, p.src, p.dst
+ def gen_appcmd(self, case_config, jframe=False):
+ for key, value in self.default_ipsec_opts:
+ if not case_config.get(key):
+ case_config[key] = value
+
+ # self.eal_para = self.dut.create_eal_parameters(cores=[20, 21])
+ if not jframe:
+ case_config.pop("-j", "")
+ case_config.pop("-mtu", "")
+
+ ekeys = self.eal_dict.keys()
+ eal_str = ""
+ app_str = ""
+ for key, value in case_config.items():
+ if key in ekeys:
+ eal_str += "%s %s " %(key, value)
+ else:
+ app_str += "%s %s " %(key, value)
+ cmd = "%s %s %s -- %s" %(self.path, self.eal_para, eal_str, app_str)
+ return cmd
+
def Ipsec_Encryption(
self,
config,
@@ -211,22 +245,24 @@ class TestInlineIpsec(TestCase):
inner_dst="192.168.105.10",
sa_src="172.16.1.5",
sa_dst="172.16.2.5",
+ cmd=None
):
"""
verify Ipsec receive package
"""
- if jumboframe is not None:
- cmd = (
- self.path
- + " %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1024 -- -p 0xf -P -u 0x2 -j 9200 --mtu %s --config='%s' -f %s"
- % (self.eal_para, jumboframe, config, file_name)
- )
- else:
- cmd = (
- self.path
- + " %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1024 -- -p 0xf -P -u 0x2 --config='%s' -f %s"
- % (self.eal_para, config, file_name)
- )
+ if not cmd:
+ if jumboframe is not None:
+ cmd = (
+ self.path
+ + " %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1024 -- -p 0xf -P -u 0x2 -j 9200 --mtu %s --config='%s' -f %s"
+ % (self.eal_para, jumboframe, config, file_name)
+ )
+ else:
+ cmd = (
+ self.path
+ + " %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1024 -- -p 0xf -P -u 0x2 --config='%s' -f %s"
+ % (self.eal_para, config, file_name)
+ )
self.dut.send_expect(cmd, "IPSEC", 60)
@@ -238,11 +274,11 @@ class TestInlineIpsec(TestCase):
session_receive.send_expect("scapy", ">>>", 10)
time.sleep(1)
- session_receive.send_expect(
- "pkts=sniff(iface='%s', count=1, timeout=10)" % rxItf, "", 10
- )
if do_encrypt:
+ session_receive.send_expect("pkts=sniff(iface='%s', filter='src %s'"
+ ", count=1, timeout=10)" %
+ (rxItf, inner_dst), "", 10)
send_package = self.send_encryption_package(
txItf, paysize, do_encrypt, send_spi, count, inner_dst, sa_src, sa_dst
)
@@ -250,10 +286,14 @@ class TestInlineIpsec(TestCase):
session_receive.send_expect("pkts", "", 30)
out = session_receive.send_expect("pkts[0]['IP'] ", ">>>", 10)
else:
+ session_receive.send_expect("pkts=sniff(iface='%s', filter='src %s'"
+ ", count=1, timeout=10)" %
+ (rxItf, sa_src), "", 10)
session_receive2 = self.tester.create_session(
name="receive_encryption_package2"
)
- session_receive2.send_expect("tcpdump -nn -Xvvvi %s -c 1" % rxItf, "", 10)
+ session_receive2.send_expect("tcpdump -Xvvvi %s -c 1 src %s" %
+ (rxItf, sa_src), "", 10)
send_package = self.send_encryption_package(
txItf, paysize, do_encrypt, send_spi, count, inner_dst, sa_src, sa_dst
)
@@ -413,15 +453,16 @@ class TestInlineIpsec(TestCase):
self.verify(len(l) == 2, "Ipsec Decryption wrongkey failed")
self.dut.send_expect("^C", "#", 5)
- def test_Ipsec_Encryption_Decryption(self):
+ def test_Ipsec_Encryption_Decryption(self, cmd=None):
"""
test Ipsec Encryption Decryption
"""
- cmd = (
- self.path
- + " %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 --config='%s' -f %s"
- % (self.eal_para, "(0,0,21),(1,0,21)", "/root/dpdk/enc_dec.cfg")
- )
+ if not cmd:
+ cmd = (
+ self.path
+ + " %s --vdev 'crypto_null' --log-level 8 --socket-mem 1024,1 -- -p 0xf -P -u 0x2 --config='%s' -f %s"
+ % (self.eal_para, "(0,0,21),(1,0,21)", "/root/dpdk/enc_dec.cfg")
+ )
self.dut.send_expect(cmd, "IPSEC", 60)
session_receive = self.tester.create_session(name="receive_encryption_package")
sa_gcm = r"sa_gcm=SecurityAssociation(ESP, spi=1005,crypt_algo='AES-GCM',crypt_key=b'\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3d\xde\xad\xbe\xef',auth_algo='NULL', auth_key=None,tunnel_header=IP(src='172.16.1.5', dst='172.16.2.5'))"
@@ -429,8 +470,8 @@ class TestInlineIpsec(TestCase):
session_receive.send_expect("scapy", ">>>", 60)
session_receive.send_expect(sa_gcm, ">>>", 60)
session_receive.send_expect(
- "pkts=sniff(iface='%s',count=3,timeout=30)" % self.rxItf, "", 60
- )
+ "pkts=sniff(iface='%s', filter='src %s',count=1,timeout=30)" %\
+ (self.rxItf, '172.16.1.5'), "", 60) # Sniff for Encrypted pkt
session_receive2 = self.tester.create_session(
name="receive_encryption_package2"
)
@@ -438,9 +479,8 @@ class TestInlineIpsec(TestCase):
session_receive2.send_expect("scapy", ">>>", 60)
session_receive2.send_expect(sa_gcm, ">>>", 60)
session_receive2.send_expect(
- "pkts=sniff(iface='%s',count=2,timeout=30)" % self.txItf, "", 60
- )
-
+ "pkts=sniff(iface='%s', filter='src %s',count=2,timeout=30)" %\
+ (self.txItf, '192.168.105.10'), "", 60) # sniff for Normal pkt
payload = "test for Ipsec Encryption Decryption simultaneously"
sa_gcm = SecurityAssociation(
ESP,
@@ -470,8 +510,8 @@ class TestInlineIpsec(TestCase):
)
session_receive3.send_expect("tcpdump -nn -Xvvvi %s -c 1" % self.rxItf, "", 30)
time.sleep(2)
- sendp(eth_e1, iface=self.rxItf, count=2)
- sendp(eth_e2, iface=self.txItf, count=1)
+ sendp(eth_e1, iface=self.rxItf, count=2) # send Encrypted packet
+ sendp(eth_e2, iface=self.txItf, count=1) # send Normal packet
time.sleep(3)
rev = session_receive3.get_session_before(3)
print(rev)
@@ -491,6 +531,107 @@ class TestInlineIpsec(TestCase):
self.tester.destroy_session(session_receive2)
self.tester.destroy_session(session_receive3)
+ def test_mrvl_Ipsec_Encryption(self, jumbo=False):
+ """
+ test Ipsec Encryption
+ """
+ case_cfg = deepcopy(self.get_case_cfg())
+ enc = case_cfg.pop('rule')
+ self.set_cfg('enc.cfg', enc)
+ case_cfg["-a"] = self.dev_list
+ if jumbo:
+ paysize = random.randint(ETHER_STANDARD_MTU+300, ETHER_JUMBO_FRAME_MTU)
+ else:
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+
+ self.Ipsec_Encryption("", "", self.txItf, self.rxItf, paysize,
+ jumboframe=jumbo,
+ cmd=self.gen_appcmd(case_cfg, jframe=jumbo))
+ self.dut.send_expect("^C", "#", 5)
+
+ def test_mrvl_Ipsec_Encryption_Jumboframe(self):
+ self.test_mrvl_Ipsec_Encryption(jumbo=True)
+
+ def test_mrvl_Ipsec_Decryption(self, jumbo=False):
+ case_cfg = deepcopy(self.get_case_cfg())
+ dec = case_cfg.pop('rule')
+ self.set_cfg('dec.cfg', dec)
+ case_cfg["-a"] = self.dev_list
+ if jumbo:
+ paysize = random.randint(ETHER_STANDARD_MTU+300, ETHER_JUMBO_FRAME_MTU)
+ else:
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption("", "", self.rxItf, self.txItf, paysize,
+ jumboframe=jumbo, do_encrypt=True, count=2,
+ cmd=self.gen_appcmd(case_cfg, jframe=jumbo))
+ self.dut.send_expect("^C", "#", 5)
+
+ def test_mrvl_Ipsec_Decryption_Jumboframe(self):
+ self.test_mrvl_Ipsec_Decryption(jumbo=True)
+
+ def test_mrvl_Ipsec_Encryption_Rss(self):
+ case_cfg = deepcopy(self.get_case_cfg())
+ enc = case_cfg.pop('rule')
+ self.set_cfg('enc_rss.cfg', enc)
+ send_spi = case_cfg.pop("send_spi", 5)
+ rec_spi = case_cfg.pop("receive_spi", 1005)
+ inner_dst = case_cfg.pop("inner_dst", '192.168.105.10')
+ case_cfg["-a"] = self.dev_list
+ self.Ipsec_Encryption("", "", self.txItf,
+ self.rxItf, send_spi=send_spi, receive_spi=rec_spi,
+ inner_dst=inner_dst, cmd=self.gen_appcmd(case_cfg))
+ out = self.dut.get_session_output()
+ verifycode = "receive 1 packet in rxqueueid=1"
+ self.verify(verifycode in out, "rxqueueid error")
+ self.dut.send_expect("^C", "#", 5)
+
+ def test_mrvl_Ipsec_Decryption_Rss(self):
+ """
+ test Ipsec Decryption Rss
+ """
+ case_cfg = deepcopy(self.get_case_cfg())
+ enc = case_cfg.pop('rule')
+ case_cfg["-a"] = self.dev_list
+ self.set_cfg('dec_rss.cfg', enc)
+ send_spi = case_cfg.pop("send_spi", 5)
+ rec_spi = case_cfg.pop("receive_spi", 1005)
+ inner_dst = case_cfg.pop("inner_dst", '192.168.105.10')
+ self.Ipsec_Encryption("", "", self.rxItf, self.txItf, do_encrypt=True,
+ send_spi=send_spi, receive_spi=rec_spi, count=2,
+ cmd=self.gen_appcmd(case_cfg))
+ out = self.dut.get_session_output()
+ verifycode = "receive 1 packet in rxqueueid=1"
+ self.verify(verifycode in out, "rxqueueid error")
+ self.dut.send_expect("^C", "#", 5)
+
+ def test_mrvl_Ipsec_Decryption_wrongkey(self):
+ """
+ test Ipsec Decryption wrongkey
+ """
+ case_cfg = deepcopy(self.get_case_cfg())
+ wkey_cfg = case_cfg.pop('rule')
+ case_cfg["-a"] = self.dev_list
+ self.set_cfg('dec_wrong_key.cfg', wkey_cfg)
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.Ipsec_Encryption("", "", self.rxItf, self.txItf, paysize,
+ do_encrypt=True, verify=False, count=2,
+ cmd=self.gen_appcmd(case_cfg))
+ out = self.dut.get_session_output()
+ verifycode = "IPSEC_ESP: esp_inbound_post\(\) failed crypto op"
+ l = re.findall(verifycode, out)
+ self.verify(len(l) == 2, "Ipsec Decryption wrongkey failed")
+ self.dut.send_expect("^C", "#", 5)
+
+ def test_mrvl_Ipsec_Encryption_Decryption(self):
+ case_cfg = deepcopy(self.get_case_cfg())
+ endec_cfg = case_cfg.pop('rule')
+ self.set_cfg('enc_dec.cfg', endec_cfg)
+ case_cfg["-a"] = self.dev_list
+ cmd = self.gen_appcmd(case_cfg)
+ paysize = random.randint(1, ETHER_STANDARD_MTU)
+ self.test_Ipsec_Encryption_Decryption(cmd=cmd)
+
+
def tear_down(self):
"""
Run after each test case.
@@ -53,12 +53,13 @@ class TestIPsecGwCryptodevFunc(TestCase):
self.verify("Error" not in out, "Compilation error")
self.verify("No such" not in out, "Compilation error")
- cc.bind_qat_device(self, self.drivername)
+ # cc.bind_qat_device(self, self.drivername)
+ cc.bind_qat_device(self, self.drivername, generate_vfs=True, vf_count=2)
self._default_ipsec_gw_opts = {
- "config": '"(0,0,%s),(1,0,%s)"' % tuple(self.core_list[-2:]),
+ "config": '"(0,0,%s),(1,0,%s)"' % tuple(self.core_list[-self.number_of_ports:]),
"P": "",
- "p": "0x3",
+ "p": "0xf",
"f": "/tmp/ipsec_ep0.cfg",
"u": "0x1",
}
@@ -219,11 +220,84 @@ class TestIPsecGwCryptodevFunc(TestCase):
def test_sw_3des_cbc_ipv6_transport(self):
self._execute_ipsec_gw_test()
+ # Marvell Specific Testcases
+ def test_mrvl_aes_128_cbc_ipv4_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_128_ctr_ipv4_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_256_cbc_ipv4_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_gcm_ipv4_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_null_ipv4_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_3des_cbc_ipv4_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_128_cbc_ipv4_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_128_ctr_ipv4_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_256_cbc_ipv4_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_gcm_ipv4_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_null_ipv4_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_3des_cbc_ipv4_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_128_ctr_ipv6_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_128_cbc_ipv6_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_256_cbc_ipv6_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_gcm_ipv6_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_null_ipv6_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_3des_cbc_ipv6_tunnel(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_128_cbc_ipv6_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_128_ctr_ipv6_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_256_cbc_ipv6_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_aes_gcm_ipv6_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_null_ipv6_transport(self):
+ self._execute_ipsec_gw_test()
+
+ def test_mrvl_3des_cbc_ipv6_transport(self):
+ self._execute_ipsec_gw_test()
+
def _get_crypto_device(self, num):
device = {}
if self.get_case_cfg()["devtype"] == "crypto_aesni_mb":
dev = "crypto_aesni_mb"
- elif self.get_case_cfg()["devtype"] == "crypto_qat":
+ elif self.get_case_cfg()["devtype"] in ["crypto_qat","crypto_cn10k"]:
w = cc.get_qat_devices(self, cpm_num=1, num=num)
device["a"] = " -a ".join(w)
device["vdev"] = None
@@ -6,6 +6,7 @@ import binascii
import hashlib
import hmac
import time
+import re
# Manually Install the CryptoMobile Python Library,
# Before running this test suite
@@ -61,7 +62,13 @@ class TestL2fwdCryptodevFunc(TestCase):
self.verify("Error" not in out, "Compilation error")
self.verify("No such" not in out, "Compilation error")
- cc.bind_qat_device(self, self.drivername)
+ cc.bind_qat_device(self, self.drivername, generate_vfs=True, vf_count=2)
+ if self.nic == "cavium_a063":
+ count = len(self.get_suite_cfg().get('l').split(","))
+ cc.bind_qat_device(self, "vfio-pci", generate_vfs=True, vf_count=count)
+ else:
+ cc.bind_qat_device(self, "vfio-pci")
+
def set_up(self):
pass
@@ -269,6 +276,56 @@ class TestL2fwdCryptodevFunc(TestCase):
test_vectors["scheduler_AES_GCM_00"]["mode"] = "mm"
self.__execute_l2fwd_crypto_test(test_vectors, "scheduler_AES_GCM_00")
+ # Marvell Specific Tests
+
+ def _mrvl_test_execution(self, tname, vdev=None):
+ self.logger.info(tname)
+ t_conf = self.get_case_cfg()
+ self.__execute_l2fwd_crypto_test("", "", t_conf)
+
+ def test_mrvl_AES_CBC_auto(self):
+ self._mrvl_test_execution("test_mrvl_AES_CBC_auto")
+
+ def test_mrvl_AES_CTR_auto(self):
+ self._mrvl_test_execution("test_mrvl_AES_CTR_auto")
+
+ def test_mrvl_AES_XTS_auto(self):
+ self._mrvl_test_execution("test_mrvl_AES_XTS_auto")
+
+ def test_mrvl_AES_GCM_auto(self):
+ self._mrvl_test_execution("test_mrvl_AES_GCM_auto")
+
+ def test_mrvl_AES_CCM_auto(self):
+ self._mrvl_test_execution("test_mrvl_AES_CCM_auto")
+
+ def test_mrvl_h_MD_SHA_auto(self):
+ self._mrvl_test_execution("test_mrvl_h_MD_SHA_auto")
+
+ def test_mrvl_DES_CBC_auto(self):
+ self._mrvl_test_execution("test_mrvl_DES_CBC_auto")
+
+ def test_mrvl_3DES_CBC_auto(self):
+ self._mrvl_test_execution("test_mrvl_3DES_CBC_auto")
+
+ def test_mrvl_3DES_CTR_auto(self):
+ self._mrvl_test_execution("test_mrvl_3DES_CTR_auto")
+
+ def test_mrvl_SNOW3G_auto(self):
+ self._mrvl_test_execution("test_mrvl_SNOW3G_auto")
+
+ def test_mrvl_KASUMI_auto(self):
+ self._mrvl_test_execution("test_mrvl_KASUMI_auto")
+
+ def test_mrvl_ZUC_auto(self):
+ self._mrvl_test_execution("test_mrvl_ZUC_auto")
+
+ def test_mrvl_NULL_auto(self):
+ self._mrvl_test_execution("test_qat_NULL_auto")
+
+ def test_scheduler_AES_CBC_auto(self):
+ self._mrvl_test_execution("test_scheduler_AES_CBC_auto")
+
+
def __calculate_total_cases_numb(self):
alg_map = {}
pmd_map = {}
@@ -365,15 +422,16 @@ class TestL2fwdCryptodevFunc(TestCase):
)
self.logger.info("Total cases:\t\t\t {0}".format(count))
- def __execute_l2fwd_crypto_test(self, test_vectors, test_vector_name):
+ def __execute_l2fwd_crypto_test(self, test_vectors, test_vector_name,
+ test_vector=None):
if cc.is_test_skip(self):
return
- if test_vector_name not in test_vectors:
- self.logger.warning("SKIP : " + test_vector_name)
- return True
-
- test_vector = test_vectors[test_vector_name]
+ if not test_vector:
+ if test_vector_name not in test_vectors:
+ self.logger.warning("SKIP : " + test_vector_name)
+ return True
+ test_vector = test_vectors[test_vector_name]
test_vector_list = self.__test_vector_to_vector_list(
test_vector, core_mask=self.core_mask, port_mask=self.port_mask
@@ -469,12 +527,17 @@ class TestL2fwdCryptodevFunc(TestCase):
encoding="utf-8",
)
else:
- hash_text = str(
- binascii.b2a_hex(
- pkt_rec.pktgen.pkt["Padding"].getfieldval("load")
- ),
- encoding="utf-8",
- )
+ try:
+ hash_text = str(
+ binascii.b2a_hex(
+ pkt_rec.pktgen.pkt["Padding"].getfieldval("load")
+ ),
+ encoding="utf-8",
+ )
+ except Exception as err:
+ result = False
+ self.logger.error(f"could not get Padded data: {err}")
+ hash_text = "Could not get the Hash value"
if hash_text.lower() == test_vector["output_hash"].lower():
self.logger.info("Hash Matched")
else:
@@ -514,12 +577,11 @@ class TestL2fwdCryptodevFunc(TestCase):
QUEUE_NUM = ""
vdev = ""
- if test_vector["vdev"].find("scheduler") != -1:
+ if test_vector.get("vdev", "").find("scheduler") != -1:
vdev = test_vector["vdev"]
self.vector.append("Scheduler_" + test_vector["mode"])
elif self.__check_field_in_vector(test_vector, "vdev"):
vdev = (
- "--vdev "
+ test_vector["vdev"]
+ "1"
+ " --vdev "
@@ -530,7 +592,10 @@ class TestL2fwdCryptodevFunc(TestCase):
self.vector.append(test_vector["vdev"].upper())
else:
vdev = "-a " + " -a ".join(cc.get_qat_devices(self, num=2))
- self.vector.append("QAT")
+ if re.match("crypto_cn\d+K", test_vector['devtype'], re.I):
+ self.vector.append("mrvl_%s" %test_vector['devtype'])
+ else:
+ self.vector.append("QAT")
chain = ""
if self.__check_field_in_vector(test_vector, "chain"):
@@ -792,7 +857,7 @@ class TestL2fwdCryptodevFunc(TestCase):
out_str = ""
cipher_algo = vector["cipher_algo"]
- mBitlen = 8 * (len(vector["input"]) // 2)
+ mBitlen = int(8 * (len(vector["input"]) // 2))
bin_input = bytearray.fromhex(vector["input"])
str_input = str(bin_input, encoding="utf-8")
bin_key = binascii.a2b_hex(vector["cipher_key"])
@@ -805,14 +870,14 @@ class TestL2fwdCryptodevFunc(TestCase):
count=66051,
bearer=0,
dir=1,
- data=str_input,
+ data_in=str_input,
bitlen=mBitlen,
)
elif (cipher_algo.upper()).find("SNOW3G") != -1:
vector["iv"] = "00000000000000000000000000000000"
out_str = cm.UEA2(
- key=bin_key, count=0, bearer=0, dir=0, data=str_input, bitlen=mBitlen
+ key=bin_key, count=0, bearer=0, dir=0, data_in=str_input, bitlen=mBitlen
)
elif (cipher_algo.upper()).find("ZUC") != -1:
vector["iv"] = "00010203040000000001020304000000"
@@ -821,7 +886,7 @@ class TestL2fwdCryptodevFunc(TestCase):
count=0x10203,
bearer=0,
dir=1,
- data=str_input,
+ data_in=str_input,
bitlen=mBitlen,
)
@@ -877,7 +942,7 @@ class TestL2fwdCryptodevFunc(TestCase):
bin_key = str(bin_key, encoding="utf-8")
hash_out = cm.UIA1(
- key=bin_key, count=0x10203, fresh=0x4050607, dir=0, data=str_input
+ key=bin_key, count=0x10203, fresh=0x4050607, dir=0, data_in=str_input
)
auth_str = hash_out.lower()
@@ -894,7 +959,7 @@ class TestL2fwdCryptodevFunc(TestCase):
bin_key = str(bin_key, encoding="utf-8")
vector["aad"] = "00000000000000000000000000000000"
- hash_out = cm.UIA2(key=bin_key, count=0, fresh=0, dir=0, data=str_input)
+ hash_out = cm.UIA2(key=bin_key, count=0, fresh=0, dir=0, data_in=str_input)
auth_str = hash_out.lower()
@@ -903,7 +968,7 @@ class TestL2fwdCryptodevFunc(TestCase):
def __gen_zuc_hash(self, vector):
auth_str = ""
auth_algo = vector["auth_algo"]
- mBitlen = 8 * (len(vector["input"]) / 2)
+ mBitlen = int(8 * (len(vector["input"]) / 2))
bin_input = bytearray.fromhex(vector["input"])
str_input = str(bin_input, encoding="utf-8")
bin_key = binascii.a2b_hex(vector["auth_key"])
@@ -912,7 +977,7 @@ class TestL2fwdCryptodevFunc(TestCase):
vector["aad"] = "00000000000000000000000000000000"
hash_out = cm.EIA3(
- key=bin_key, count=0, bearer=0, dir=0, data=str_input, bitlen=mBitlen
+ key=bin_key, count=0, bearer=0, dir=0, data_in=str_input, bitlen=mBitlen
)
auth_str = hash_out.lower()
@@ -1027,7 +1092,8 @@ class TestL2fwdCryptodevFunc(TestCase):
else:
pass
if not isinstance(hash_str, str):
- hash_str = str(hash_str, encoding="utf-8")
+ # check how to convert to string withou ignoring errors
+ hash_str = str(hash_str, encoding="utf-8", errors='ignore')
vector["output_hash"] = hash_str.lower()
self.__actually_pmd_hash(vector)