diff mbox series

[v4,4/5] test/crypto: add IV gen tests

Message ID 1631884523-836-5-git-send-email-anoobj@marvell.com (mailing list archive)
State Superseded
Delegated to: akhil goyal
Headers show
Series Add lookaside IPsec tests | expand

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Anoob Joseph Sept. 17, 2021, 1:15 p.m. UTC
From: Tejasree Kondoj <ktejasree@marvell.com>

Add test cases to verify IV generated by PMD.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 app/test/test_cryptodev.c                | 19 ++++++++++++
 app/test/test_cryptodev_security_ipsec.c | 52 ++++++++++++++++++++++++++++++++
 app/test/test_cryptodev_security_ipsec.h |  1 +
 3 files changed, 72 insertions(+)

Comments

Akhil Goyal Sept. 21, 2021, 4:31 p.m. UTC | #1
> Subject: [PATCH v4 4/5] test/crypto: add IV gen tests
> 
> From: Tejasree Kondoj <ktejasree@marvell.com>
> 
> Add test cases to verify IV generated by PMD.

Title and description of the patch do not specify that
This is for lookaside IPSec.
Title: test/crypto: add IV gen cases for IPsec

Description:
Added cases to verify the IV generated by PMD
for lookaside IPsec use case.

It can also be mentioned that encap and decap are done
One after the other so that known test vector is not required.

Apart from that,
Acked-by: Akhil Goyal <gakhil@marvell.com>

> 
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
diff mbox series

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 19694f8..0422ff3 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9076,6 +9076,9 @@  test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 	unsigned int i, nb_pkts = 1, pass_cnt = 0;
 	int ret;
 
+	if (flags->iv_gen)
+		nb_pkts = IPSEC_TEST_PACKETS_MAX;
+
 	for (i = 0; i < RTE_DIM(aead_list); i++) {
 		test_ipsec_td_prepare(&aead_list[i],
 				      NULL,
@@ -9126,6 +9129,18 @@  test_ipsec_proto_display_list(const void *data __rte_unused)
 }
 
 static int
+test_ipsec_proto_iv_gen(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.iv_gen = true;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
 test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
 {
 	struct ipsec_test_flags flags;
@@ -14049,6 +14064,10 @@  static struct unit_test_suite ipsec_proto_testsuite  = {
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_display_list),
 		TEST_CASE_NAMED_ST(
+			"IV generation",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_iv_gen),
+		TEST_CASE_NAMED_ST(
 			"Negative test: ICV corruption",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_err_icv_corrupt),
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index aebbe66..78c7f3a 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -4,12 +4,15 @@ 
 
 #include <rte_common.h>
 #include <rte_cryptodev.h>
+#include <rte_esp.h>
 #include <rte_ip.h>
 #include <rte_security.h>
 
 #include "test.h"
 #include "test_cryptodev_security_ipsec.h"
 
+#define IV_LEN_MAX 16
+
 extern struct ipsec_test_data pkt_aes_256_gcm;
 
 int
@@ -214,6 +217,46 @@  test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
 }
 
 static int
+test_ipsec_iv_verify_push(struct rte_mbuf *m, const struct ipsec_test_data *td)
+{
+	static uint8_t iv_queue[IV_LEN_MAX * IPSEC_TEST_PACKETS_MAX];
+	uint8_t *iv_tmp, *output_text = rte_pktmbuf_mtod(m, uint8_t *);
+	int i, iv_pos, iv_len;
+	static int index;
+
+	if (td->aead)
+		iv_len = td->xform.aead.aead.iv.length - td->salt.len;
+	else
+		iv_len = td->xform.chain.cipher.cipher.iv.length;
+
+	iv_pos = test_ipsec_tunnel_hdr_len_get(td) + sizeof(struct rte_esp_hdr);
+	output_text += iv_pos;
+
+	TEST_ASSERT(iv_len <= IV_LEN_MAX, "IV length greater than supported");
+
+	/* Compare against previous values */
+	for (i = 0; i < index; i++) {
+		iv_tmp = &iv_queue[i * IV_LEN_MAX];
+
+		if (memcmp(output_text, iv_tmp, iv_len) == 0) {
+			printf("IV repeated");
+			return TEST_FAILED;
+		}
+	}
+
+	/* Save IV for future comparisons */
+
+	iv_tmp = &iv_queue[index * IV_LEN_MAX];
+	memcpy(iv_tmp, output_text, iv_len);
+	index++;
+
+	if (index == IPSEC_TEST_PACKETS_MAX)
+		index = 0;
+
+	return TEST_SUCCESS;
+}
+
+static int
 test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		     bool silent, const struct ipsec_test_flags *flags)
 {
@@ -279,6 +322,15 @@  test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 			struct ipsec_test_data *res_d, bool silent,
 			const struct ipsec_test_flags *flags)
 {
+	int ret;
+
+	if (flags->iv_gen &&
+	    td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+		ret = test_ipsec_iv_verify_push(m, td);
+		if (ret != TEST_SUCCESS)
+			return ret;
+	}
+
 	/*
 	 * In case of known vector tests & all inbound tests, res_d provided
 	 * would be NULL and output data need to be validated against expected.
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 134fc3a..d2ec63f 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -50,6 +50,7 @@  struct ipsec_test_data {
 struct ipsec_test_flags {
 	bool display_alg;
 	bool icv_corrupt;
+	bool iv_gen;
 };
 
 struct crypto_param {