From patchwork Fri Sep 3 04:46:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 97858 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3B801A0C53; Fri, 3 Sep 2021 06:47:32 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 28E4340E25; Fri, 3 Sep 2021 06:47:32 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 4849540E09 for ; Fri, 3 Sep 2021 06:47:30 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 182K6nkf013951; Thu, 2 Sep 2021 21:47:29 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=563Qc24yMZXxWCzsB7hAqIjMcczL+rL1shFnZjHFO8k=; b=S5V5qlqV9u3O47A1DCMCSkbmlTn75d5/AxczrcOMBuDliUe4RpGbr1mzaW+gVctdzlRC ZTZupC+QwGl4vG9INUNrZZnQ9EE/ZSy1XSUyynU3M4+LpQvkCFhwoM+rSKALFRJ0LM9+ POBekXXcxPz93SBoB+PfNK/ChHALmcDRrsdkPbk6jXonsZJq22PN+fRdILhr3hSQ06bg dVLSigwQ5IOIz2ewDZjqqyevxsbqqAAWwu1YNozrqIRpTFUC6DLymqfC2ebFRIr2m5s0 f3LkTqMossPyHhDaGlZd6BXGuxZ0JWlnzch85YjgQmi7exEU3y3NQDEYm71bUcQZkxJf Yw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3au5c31m87-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 02 Sep 2021 21:47:29 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 21:47:27 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 21:47:27 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id 4144C5B6942; Thu, 2 Sep 2021 21:47:21 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Fri, 3 Sep 2021 10:16:55 +0530 Message-ID: <1630644420-1256-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1630644420-1256-1-git-send-email-anoobj@marvell.com> References: <1628675138-17300-1-git-send-email-anoobj@marvell.com> <1630644420-1256-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: fvzVy1fAYgPZiqSkk8yP-0sCxD6v-9Qw X-Proofpoint-ORIG-GUID: fvzVy1fAYgPZiqSkk8yP-0sCxD6v-9Qw X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-03_01,2021-09-03_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 1/5] test/crypto: add lookaside IPsec tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Added test case for lookaside IPsec. Inbound known vector tests are added. Cipher list: AES-GCM 128, 192 & 256 Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj --- app/test/meson.build | 1 + app/test/test.h | 6 + app/test/test_cryptodev.c | 231 +++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 212 ++++++++++++++ app/test/test_cryptodev_security_ipsec.h | 66 +++++ .../test_cryptodev_security_ipsec_test_vectors.h | 321 +++++++++++++++++++++ 6 files changed, 837 insertions(+) create mode 100644 app/test/test_cryptodev_security_ipsec.c create mode 100644 app/test/test_cryptodev_security_ipsec.h create mode 100644 app/test/test_cryptodev_security_ipsec_test_vectors.h diff --git a/app/test/meson.build b/app/test/meson.build index a761168..f144d8b 100644 --- a/app/test/meson.build +++ b/app/test/meson.build @@ -38,6 +38,7 @@ test_sources = files( 'test_cryptodev.c', 'test_cryptodev_asym.c', 'test_cryptodev_blockcipher.c', + 'test_cryptodev_security_ipsec.c', 'test_cryptodev_security_pdcp.c', 'test_cycles.c', 'test_debug.c', diff --git a/app/test/test.h b/app/test/test.h index c3b2a87..7115edf 100644 --- a/app/test/test.h +++ b/app/test/test.h @@ -124,6 +124,12 @@ struct unit_test_case { #define TEST_CASE_WITH_DATA(setup, teardown, testcase, data) \ { setup, teardown, NULL, testcase, #testcase, 1, data } +#define TEST_CASE_NAMED_ST(name, setup, teardown, testcase) \ + { setup, teardown, NULL, testcase, name, 1, NULL } + +#define TEST_CASE_NAMED_WITH_DATA(name, setup, teardown, testcase, data) \ + { setup, teardown, NULL, testcase, name, 1, data } + #define TEST_CASE_DISABLED(fn) { NULL, NULL, fn, NULL, #fn, 0, NULL } #define TEST_CASE_ST_DISABLED(setup, teardown, testcase) \ diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9ad0b37..73923f1 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #ifdef RTE_CRYPTO_SCHEDULER @@ -42,6 +43,8 @@ #include "test_cryptodev_hmac_test_vectors.h" #include "test_cryptodev_mixed_test_vectors.h" #ifdef RTE_LIB_SECURITY +#include "test_cryptodev_security_ipsec.h" +#include "test_cryptodev_security_ipsec_test_vectors.h" #include "test_cryptodev_security_pdcp_test_vectors.h" #include "test_cryptodev_security_pdcp_sdap_test_vectors.h" #include "test_cryptodev_security_pdcp_test_func.h" @@ -124,6 +127,13 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess, const uint8_t *digest, const uint8_t *iv); +static int +security_proto_supported(enum rte_security_session_action_type action, + enum rte_security_session_protocol proto); + +static int +dev_configure_and_start(uint64_t ff_disable); + static struct rte_mbuf * setup_test_string(struct rte_mempool *mpool, const char *string, size_t len, uint8_t blocksize) @@ -754,6 +764,42 @@ crypto_gen_testsuite_setup(void) #ifdef RTE_LIB_SECURITY static int +ipsec_proto_testsuite_setup(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) { + RTE_LOG(INFO, USER1, "Feature flag requirements for IPsec Proto " + "testsuite not met\n"); + return TEST_SKIPPED; + } + + /* Reconfigure to enable security */ + dev_configure_and_start(RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | + RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO); + + /* Set action type */ + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + if (security_proto_supported( + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + RTE_SECURITY_PROTOCOL_IPSEC) < 0) { + RTE_LOG(INFO, USER1, "Capability requirements for IPsec Proto " + "test not met\n"); + return TEST_SKIPPED; + } + + /* Stop the device */ + rte_cryptodev_stop(ts_params->valid_devs[0]); + + return 0; +} + +static int pdcp_proto_testsuite_setup(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -8811,6 +8857,170 @@ test_PDCP_SDAP_PROTO_decap_all(void) } static int +test_ipsec_proto_process(const struct ipsec_test_data td[], + struct ipsec_test_data res_d[], + int nb_td, + bool silent) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + struct rte_security_ipsec_xform ipsec_xform; + uint8_t dev_id = ts_params->valid_devs[0]; + enum rte_security_ipsec_sa_direction dir; + struct ipsec_test_data *res_d_tmp = NULL; + uint32_t src = RTE_IPV4(192, 168, 1, 0); + uint32_t dst = RTE_IPV4(192, 168, 1, 1); + int salt_len, i, ret = TEST_SUCCESS; + struct rte_security_ctx *ctx; + uint8_t *input_text; + + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + gbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + /* Use first test data to create session */ + + /* Copy IPsec xform */ + memcpy(&ipsec_xform, &td[0].ipsec_xform, sizeof(ipsec_xform)); + + memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src)); + memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst)); + + dir = ipsec_xform.direction; + + ctx = rte_cryptodev_get_sec_ctx(dev_id); + + sec_cap_idx.action = ut_params->type; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_IPSEC; + sec_cap_idx.ipsec.proto = ipsec_xform.proto; + sec_cap_idx.ipsec.mode = ipsec_xform.mode; + sec_cap_idx.ipsec.direction = ipsec_xform.direction; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) + return TEST_SKIPPED; + + /* Copy cipher session parameters */ + if (td[0].aead) { + memcpy(&ut_params->aead_xform, &td[0].xform.aead, + sizeof(ut_params->aead_xform)); + ut_params->aead_xform.aead.key.data = td[0].key.data; + ut_params->aead_xform.aead.iv.offset = IV_OFFSET; + + /* Verify crypto capabilities */ + if (test_ipsec_crypto_caps_aead_verify( + sec_cap, + &ut_params->aead_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, + "Crypto capabilities not supported\n"); + return TEST_SKIPPED; + } + } else { + /* Only AEAD supported now */ + return TEST_SKIPPED; + } + + if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0) + return TEST_SKIPPED; + + salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len); + memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len); + + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = ipsec_xform, + .crypto_xform = &ut_params->aead_xform, + }; + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_mpool, + ts_params->session_priv_mpool); + + if (ut_params->sec_session == NULL) + return TEST_SKIPPED; + + for (i = 0; i < nb_td; i++) { + /* Setup source mbuf payload */ + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + input_text = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + td[i].input_text.len); + + memcpy(input_text, td[i].input_text.data, + td[i].input_text.len); + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, + RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (!ut_params->op) { + printf("TestCase %s line %d: %s\n", + __func__, __LINE__, + "failed to allocate crypto op"); + ret = TEST_FAILED; + goto crypto_op_free; + } + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, + ut_params->sec_session); + + /* Set crypto operation mbufs */ + ut_params->op->sym->m_src = ut_params->ibuf; + ut_params->op->sym->m_dst = NULL; + + /* Process crypto operation */ + process_crypto_request(dev_id, ut_params->op); + + ret = test_ipsec_status_check(ut_params->op, dir); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + if (res_d != NULL) + res_d_tmp = &res_d[i]; + + ret = test_ipsec_post_process(ut_params->ibuf, &td[i], + res_d_tmp, silent); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + } + +crypto_op_free: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + return ret; +} + +static int +test_ipsec_proto_known_vec_inb(const void *td_outb) +{ + struct ipsec_test_data td_inb; + + test_ipsec_td_in_from_out(td_outb, &td_inb); + + return test_ipsec_proto_process(&td_inb, NULL, 1, false); +} + +static int test_PDCP_PROTO_all(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -13700,6 +13910,26 @@ static struct unit_test_suite end_testsuite = { }; #ifdef RTE_LIB_SECURITY +static struct unit_test_suite ipsec_proto_testsuite = { + .suite_name = "IPsec Proto Unit Test Suite", + .setup = ipsec_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_192_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm), + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + static struct unit_test_suite pdcp_proto_testsuite = { .suite_name = "PDCP Proto Unit Test Suite", .setup = pdcp_proto_testsuite_setup, @@ -14486,6 +14716,7 @@ run_cryptodev_testsuite(const char *pmd_name) &cryptodev_negative_hmac_sha1_testsuite, &cryptodev_gen_testsuite, #ifdef RTE_LIB_SECURITY + &ipsec_proto_testsuite, &pdcp_proto_testsuite, &docsis_proto_testsuite, #endif diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c new file mode 100644 index 0000000..2431fcb --- /dev/null +++ b/app/test/test_cryptodev_security_ipsec.c @@ -0,0 +1,212 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#include +#include +#include +#include + +#include "test.h" +#include "test_cryptodev_security_ipsec.h" + +int +test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, + const struct rte_security_capability *sec_cap, + bool silent) +{ + /* Verify security capabilities */ + + if (ipsec_xform->options.esn == 1 && sec_cap->ipsec.options.esn == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "ESN is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.udp_encap == 1 && + sec_cap->ipsec.options.udp_encap == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "UDP encapsulation is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.copy_dscp == 1 && + sec_cap->ipsec.options.copy_dscp == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Copy DSCP is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.copy_flabel == 1 && + sec_cap->ipsec.options.copy_flabel == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Copy Flow Label is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.copy_df == 1 && + sec_cap->ipsec.options.copy_df == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Copy DP bit is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.dec_ttl == 1 && + sec_cap->ipsec.options.dec_ttl == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Decrement TTL is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.ecn == 1 && sec_cap->ipsec.options.ecn == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "ECN is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.stats == 1 && + sec_cap->ipsec.options.stats == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Stats is not supported\n"); + return -ENOTSUP; + } + + return 0; +} + +int +test_ipsec_crypto_caps_aead_verify( + const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *aead) +{ + const struct rte_cryptodev_symmetric_capability *sym_cap; + const struct rte_cryptodev_capabilities *crypto_cap; + int j = 0; + + while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + crypto_cap->sym.xform_type == aead->type && + crypto_cap->sym.aead.algo == aead->aead.algo) { + sym_cap = &crypto_cap->sym; + if (rte_cryptodev_sym_capability_check_aead(sym_cap, + aead->aead.key.length, + aead->aead.digest_length, + aead->aead.aad_length, + aead->aead.iv.length) == 0) + return 0; + } + } + + return -ENOTSUP; +} + +void +test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, + struct ipsec_test_data *td_in) +{ + memcpy(td_in, td_out, sizeof(*td_in)); + + /* Populate output text of td_in with input text of td_out */ + memcpy(td_in->output_text.data, td_out->input_text.data, + td_out->input_text.len); + td_in->output_text.len = td_out->input_text.len; + + /* Populate input text of td_in with output text of td_out */ + memcpy(td_in->input_text.data, td_out->output_text.data, + td_out->output_text.len); + td_in->input_text.len = td_out->output_text.len; + + td_in->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; + + if (td_in->aead) { + td_in->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; + } else { + td_in->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; + td_in->xform.chain.cipher.cipher.op = + RTE_CRYPTO_CIPHER_OP_DECRYPT; + } +} + +static int +test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) +{ + int len = 0; + + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (td->ipsec_xform.tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV4) + len += sizeof(struct rte_ipv4_hdr); + else + len += sizeof(struct rte_ipv6_hdr); + } + } + + return len; +} + +static int +test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, + bool silent) +{ + uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); + uint32_t skip, len = rte_pktmbuf_pkt_len(m); + + if (len != td->output_text.len) { + printf("Output length (%d) not matching with expected (%d)\n", + len, td->output_text.len); + return TEST_FAILED; + } + + skip = test_ipsec_tunnel_hdr_len_get(td); + + len -= skip; + output_text += skip; + + if (memcmp(output_text, td->output_text.data + skip, len)) { + if (silent) + return TEST_FAILED; + + printf("TestCase %s line %d: %s\n", __func__, __LINE__, + "output text not as expected\n"); + + rte_hexdump(stdout, "expected", td->output_text.data + skip, + len); + rte_hexdump(stdout, "actual", output_text, len); + return TEST_FAILED; + } + + return TEST_SUCCESS; +} + +int +test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, + struct ipsec_test_data *res_d, bool silent) +{ + /* + * In case of known vector tests & all inbound tests, res_d provided + * would be NULL and output data need to be validated against expected. + * For inbound, output_text would be plain packet and for outbound + * output_text would IPsec packet. Validate by comparing against + * known vectors. + */ + RTE_SET_USED(res_d); + return test_ipsec_td_verify(m, td, silent); +} + +int +test_ipsec_status_check(struct rte_crypto_op *op, + enum rte_security_ipsec_sa_direction dir) +{ + int ret = TEST_SUCCESS; + + if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + printf("Security op processing failed\n"); + ret = TEST_FAILED; + } + + RTE_SET_USED(dir); + + return ret; +} diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h new file mode 100644 index 0000000..5f1b46d --- /dev/null +++ b/app/test/test_cryptodev_security_ipsec.h @@ -0,0 +1,66 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_ +#define _TEST_CRYPTODEV_SECURITY_IPSEC_H_ + +#include +#include + +struct ipsec_test_data { + struct { + uint8_t data[32]; + } key; + + struct { + uint8_t data[1024]; + unsigned int len; + } input_text; + + struct { + uint8_t data[1024]; + unsigned int len; + } output_text; + + struct { + uint8_t data[4]; + unsigned int len; + } salt; + + struct { + uint8_t data[16]; + } iv; + + struct rte_security_ipsec_xform ipsec_xform; + + bool aead; + + union { + struct { + struct rte_crypto_sym_xform cipher; + struct rte_crypto_sym_xform auth; + } chain; + struct rte_crypto_sym_xform aead; + } xform; +}; + +int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, + const struct rte_security_capability *sec_cap, + bool silent); + +int test_ipsec_crypto_caps_aead_verify( + const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *aead); + +void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, + struct ipsec_test_data *td_in); + +int test_ipsec_post_process(struct rte_mbuf *m, + const struct ipsec_test_data *td, + struct ipsec_test_data *res_d, bool silent); + +int test_ipsec_status_check(struct rte_crypto_op *op, + enum rte_security_ipsec_sa_direction dir); + +#endif diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h new file mode 100644 index 0000000..ae9cd24 --- /dev/null +++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h @@ -0,0 +1,321 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2021 Marvell + */ + +#ifndef TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ +#define TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ + +#include +#include + +#include "test_cryptodev_security_ipsec.h" + +/* + * Known vectors + * + * AES-GCM vectors are based on : + * https://datatracker.ietf.org/doc/html/draft-mcgrew-gcm-test-01 + * + * Vectors are updated to have corrected L4 checksum and sequence number 1. + */ + +struct ipsec_test_data pkt_aes_128_gcm = { + .key = { + .data = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x3e, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x11, 0x4d, 0xcc, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* UDP */ + 0x0a, 0x98, 0x00, 0x35, 0x00, 0x2a, 0x23, 0x43, + 0xb2, 0xd0, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x03, 0x73, 0x69, 0x70, + 0x09, 0x63, 0x79, 0x62, 0x65, 0x72, 0x63, 0x69, + 0x74, 0x79, 0x02, 0x64, 0x6b, 0x00, 0x00, 0x01, + 0x00, 0x01, + }, + .len = 62, + }, + .output_text = { + .data = { + /* IP - outer header */ + 0x45, 0x00, 0x00, 0x74, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x32, 0x4d, 0x75, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* ESP */ + 0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + + /* Data */ + 0xde, 0xb2, 0x2c, 0xd9, 0xb0, 0x7c, 0x72, 0xc1, + 0x6e, 0x3a, 0x65, 0xbe, 0xeb, 0x8d, 0xf3, 0x04, + 0xa5, 0xa5, 0x89, 0x7d, 0x33, 0xae, 0x53, 0x0f, + 0x1b, 0xa7, 0x6d, 0x5d, 0x11, 0x4d, 0x2a, 0x5c, + 0x3d, 0xe8, 0x18, 0x27, 0xc1, 0x0e, 0x9a, 0x4f, + 0x51, 0x33, 0x0d, 0x0e, 0xec, 0x41, 0x66, 0x42, + 0xcf, 0xbb, 0x85, 0xa5, 0xb4, 0x7e, 0x48, 0xa4, + 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd4, + 0x29, 0xc7, 0x37, 0x57, 0x9f, 0xf1, 0x9e, 0x58, + 0xcf, 0xfc, 0x60, 0x7a, 0x3b, 0xce, 0x89, 0x94, + + }, + .len = 116, + }, + .salt = { + .data = { + 0xca, 0xfe, 0xba, 0xbe + }, + .len = 4, + }, + + .iv = { + .data = { + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 + }, + }, + + .ipsec_xform = { + .spi = 0xa5f8, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .esn_soft_limit = 0, + .replay_win_sz = 0, + }, + + .aead = true, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 12, + }, + }, + }, +}; + +struct ipsec_test_data pkt_aes_192_gcm = { + .key = { + .data = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x28, 0xa4, 0xad, 0x40, 0x00, + 0x40, 0x06, 0x78, 0x80, 0x0a, 0x01, 0x03, 0x8f, + 0x0a, 0x01, 0x06, 0x12, + + /* TCP */ + 0x80, 0x23, 0x06, 0xb8, 0xcb, 0x71, 0x26, 0x02, + 0xdd, 0x6b, 0xb0, 0x3e, 0x50, 0x10, 0x16, 0xd0, + 0x75, 0x67, 0x00, 0x01 + }, + .len = 40, + }, + .output_text = { + .data = { + /* IP - outer header */ + 0x45, 0x00, 0x00, 0x60, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x32, 0x4d, 0x89, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* ESP */ + 0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + + /* Data */ + 0xa5, 0xb1, 0xf8, 0x06, 0x60, 0x29, 0xae, 0xa4, + 0x0e, 0x59, 0x8b, 0x81, 0x22, 0xde, 0x02, 0x42, + 0x09, 0x38, 0xb3, 0xab, 0x33, 0xf8, 0x28, 0xe6, + 0x87, 0xb8, 0x85, 0x8b, 0x5b, 0xfb, 0xdb, 0xd0, + 0x31, 0x5b, 0x27, 0x45, 0x21, 0x4b, 0xcc, 0x77, + 0x82, 0xac, 0x91, 0x38, 0xf2, 0xbb, 0xbe, 0xe4, + 0xcf, 0x03, 0x36, 0x89, 0xdd, 0x40, 0xd3, 0x6e, + 0x54, 0x05, 0x22, 0x22, + }, + .len = 96, + }, + .salt = { + .data = { + 0xca, 0xfe, 0xba, 0xbe + }, + .len = 4, + }, + + .iv = { + .data = { + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 + }, + }, + + .ipsec_xform = { + .spi = 0xa5f8, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .esn_soft_limit = 0, + .replay_win_sz = 0, + }, + + .aead = true, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 24, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 12, + }, + }, + }, +}; + +struct ipsec_test_data pkt_aes_256_gcm = { + .key = { + .data = { + 0xab, 0xbc, 0xcd, 0xde, 0xf0, 0x01, 0x12, 0x23, + 0x34, 0x45, 0x56, 0x67, 0x78, 0x89, 0x9a, 0xab, + 0xab, 0xbc, 0xcd, 0xde, 0xf0, 0x01, 0x12, 0x23, + 0x34, 0x45, 0x56, 0x67, 0x78, 0x89, 0x9a, 0xab, + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x30, 0x69, 0xa6, 0x40, 0x00, + 0x80, 0x06, 0x26, 0x90, 0xc0, 0xa8, 0x01, 0x02, + 0x93, 0x89, 0x15, 0x5e, + + /* TCP */ + 0x0a, 0x9e, 0x00, 0x8b, 0x2d, 0xc5, 0x7e, 0xe0, + 0x00, 0x00, 0x00, 0x00, 0x70, 0x02, 0x40, 0x00, + 0x20, 0xbf, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4, + 0x01, 0x01, 0x04, 0x02, + }, + .len = 48, + }, + .output_text = { + .data = { + /* IP - outer header */ + 0x45, 0x00, 0x00, 0x68, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x32, 0x4d, 0x81, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* ESP */ + 0x4a, 0x2c, 0xbf, 0xe3, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + + /* Data */ + 0xff, 0x42, 0x5c, 0x9b, 0x72, 0x45, 0x99, 0xdf, + 0x7a, 0x3b, 0xcd, 0x51, 0x01, 0x94, 0xe0, 0x0d, + 0x6a, 0x78, 0x10, 0x7f, 0x1b, 0x0b, 0x1c, 0xbf, + 0x06, 0xef, 0xae, 0x9d, 0x65, 0xa5, 0xd7, 0x63, + 0x74, 0x8a, 0x63, 0x79, 0x85, 0x77, 0x1d, 0x34, + 0x7f, 0x05, 0x45, 0x65, 0x9f, 0x14, 0xe9, 0x9d, + 0xef, 0x84, 0x2d, 0x8b, 0x00, 0x14, 0x4a, 0x1f, + 0xec, 0x6a, 0xdf, 0x0c, 0x9a, 0x92, 0x7f, 0xee, + 0xa6, 0xc5, 0x11, 0x60, + }, + .len = 104, + }, + .salt = { + .data = { + 0x11, 0x22, 0x33, 0x44 + }, + .len = 4, + }, + + .iv = { + .data = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 + }, + }, + + .ipsec_xform = { + .spi = 0x4a2cbfe3, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .esn_soft_limit = 0, + .replay_win_sz = 0, + }, + + .aead = true, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 32, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 12, + }, + }, + }, +}; + +#endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */ From patchwork Fri Sep 3 04:46:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 97859 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 80B95A0C53; Fri, 3 Sep 2021 06:47:39 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AD61B40E01; Fri, 3 Sep 2021 06:47:38 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id CA89540DF7 for ; Fri, 3 Sep 2021 06:47:37 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 182IwlKK011478; Thu, 2 Sep 2021 21:47:36 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Y+zlQZdz8Mx59m33T9Ewp1OkevcpYBe/vKKtlwTzPkI=; b=kuO2ksD7Ul6eSxAj3k4DEUYEKahGr75gE7sCStjWrhDdtQyylixvRy8T3Nng36QZZVAj nIWUJY73BNuby1YKZo4CZTVPnpKOMOM19YVE+7LDLZBK7R1lCWPEeAO40v3KFsI6lqN5 MhxcA+5LWAirehKmYER/rRj/va+wwjuxXLgq/SlU1W2+2ygUQSC3ch+A85BZRFEux1lb tZEH0ngVg9oZz25EvdpfxOoonUOApaCsUfSR7DgXNioD4bh227L7OB/LXF/DRk5zOdiH 6TBNS3sArJ/zNXHiX76GqWF454tPd+q7va/PMnP0R2HdwzZp15ko96blYJ1nz17o4OvQ gQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3attqmmb7d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 02 Sep 2021 21:47:36 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 21:47:34 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 21:47:34 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id 748065B6942; Thu, 2 Sep 2021 21:47:28 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Fri, 3 Sep 2021 10:16:56 +0530 Message-ID: <1630644420-1256-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1630644420-1256-1-git-send-email-anoobj@marvell.com> References: <1628675138-17300-1-git-send-email-anoobj@marvell.com> <1630644420-1256-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: fWpfSizKNYTiBmXk7HPtmpiyYkRIjqNS X-Proofpoint-ORIG-GUID: fWpfSizKNYTiBmXk7HPtmpiyYkRIjqNS X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-03_01,2021-09-03_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 2/5] test/crypto: add combined mode tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add framework to test IPsec features with all supported combinations of ciphers. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj --- app/test/test_cryptodev.c | 73 +++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.c | 107 +++++++++++++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.h | 52 ++++++++++++++- 3 files changed, 223 insertions(+), 9 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 73923f1..d89307d 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8860,7 +8860,8 @@ static int test_ipsec_proto_process(const struct ipsec_test_data td[], struct ipsec_test_data res_d[], int nb_td, - bool silent) + bool silent, + const struct ipsec_test_flags *flags) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; @@ -8977,7 +8978,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); - ret = test_ipsec_status_check(ut_params->op, dir); + ret = test_ipsec_status_check(ut_params->op, flags, dir); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -8985,7 +8986,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], res_d_tmp = &res_d[i]; ret = test_ipsec_post_process(ut_params->ibuf, &td[i], - res_d_tmp, silent); + res_d_tmp, silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -9013,11 +9014,71 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], static int test_ipsec_proto_known_vec_inb(const void *td_outb) { + struct ipsec_test_flags flags; struct ipsec_test_data td_inb; + memset(&flags, 0, sizeof(flags)); + test_ipsec_td_in_from_out(td_outb, &td_inb); - return test_ipsec_proto_process(&td_inb, NULL, 1, false); + return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags); +} + +static int +test_ipsec_proto_all(const struct ipsec_test_flags *flags) +{ + struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + unsigned int i, nb_pkts = 1, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(aead_list); i++) { + test_ipsec_td_prepare(&aead_list[i], + NULL, + flags, + td_outb, + nb_pkts); + + ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags); + + ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_ipsec_display_alg(&aead_list[i], NULL); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_ipsec_proto_display_list(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + + return test_ipsec_proto_all(&flags); } static int @@ -13926,6 +13987,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm), + TEST_CASE_NAMED_ST( + "Combined test alg list", + ut_setup_security, ut_teardown, + test_ipsec_proto_display_list), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 2431fcb..d08e093 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -10,6 +10,8 @@ #include "test.h" #include "test_cryptodev_security_ipsec.h" +extern struct ipsec_test_data pkt_aes_256_gcm; + int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, @@ -128,6 +130,68 @@ test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, } } +void +test_ipsec_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct ipsec_test_flags *flags, + struct ipsec_test_data *td_array, + int nb_td) + +{ + struct ipsec_test_data *td; + int i; + + memset(td_array, 0, nb_td * sizeof(*td)); + + for (i = 0; i < nb_td; i++) { + td = &td_array[i]; + /* Copy template for packet & key fields */ + memcpy(td, &pkt_aes_256_gcm, sizeof(*td)); + + /* Override fields based on param */ + + if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) + td->aead = true; + else + td->aead = false; + + td->xform.aead.aead.algo = param1->alg.aead; + td->xform.aead.aead.key.length = param1->key_length; + } + + RTE_SET_USED(flags); + RTE_SET_USED(param2); +} + +void +test_ipsec_td_update(struct ipsec_test_data td_inb[], + const struct ipsec_test_data td_outb[], + int nb_td, + const struct ipsec_test_flags *flags) +{ + int i; + + for (i = 0; i < nb_td; i++) { + memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data, + td_outb[i].input_text.len); + td_inb[i].output_text.len = td_outb->input_text.len; + } + + RTE_SET_USED(flags); +} + +void +test_ipsec_display_alg(const struct crypto_param *param1, + const struct crypto_param *param2) +{ + if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) + printf("\t%s [%d]\n", + rte_crypto_aead_algorithm_strings[param1->alg.aead], + param1->key_length); + + RTE_SET_USED(param2); +} + static int test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) { @@ -148,7 +212,7 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) static int test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, - bool silent) + bool silent, const struct ipsec_test_flags *flags) { uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip, len = rte_pktmbuf_pkt_len(m); @@ -177,12 +241,37 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, return TEST_FAILED; } + RTE_SET_USED(flags); + + return TEST_SUCCESS; +} + +static int +test_ipsec_res_d_prepare(struct rte_mbuf *m, const struct ipsec_test_data *td, + struct ipsec_test_data *res_d) +{ + uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); + uint32_t len = rte_pktmbuf_pkt_len(m); + + memcpy(res_d, td, sizeof(*res_d)); + memcpy(res_d->input_text.data, output_text, len); + res_d->input_text.len = len; + + res_d->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; + if (res_d->aead) { + res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; + } else { + printf("Only AEAD supported\n"); + return TEST_SKIPPED; + } + return TEST_SUCCESS; } int test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, - struct ipsec_test_data *res_d, bool silent) + struct ipsec_test_data *res_d, bool silent, + const struct ipsec_test_flags *flags) { /* * In case of known vector tests & all inbound tests, res_d provided @@ -190,13 +279,22 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, * For inbound, output_text would be plain packet and for outbound * output_text would IPsec packet. Validate by comparing against * known vectors. + * + * In case of combined mode tests, the output_text from outbound + * operation (ie, IPsec packet) would need to be inbound processed to + * obtain the plain text. Copy output_text to result data, 'res_d', so + * that inbound processing can be done. */ - RTE_SET_USED(res_d); - return test_ipsec_td_verify(m, td, silent); + + if (res_d == NULL) + return test_ipsec_td_verify(m, td, silent, flags); + else + return test_ipsec_res_d_prepare(m, td, res_d); } int test_ipsec_status_check(struct rte_crypto_op *op, + const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir) { int ret = TEST_SUCCESS; @@ -206,6 +304,7 @@ test_ipsec_status_check(struct rte_crypto_op *op, ret = TEST_FAILED; } + RTE_SET_USED(flags); RTE_SET_USED(dir); return ret; diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 5f1b46d..cbb3ee4 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -8,6 +8,8 @@ #include #include +#define IPSEC_TEST_PACKETS_MAX 32 + struct ipsec_test_data { struct { uint8_t data[32]; @@ -45,6 +47,38 @@ struct ipsec_test_data { } xform; }; +struct ipsec_test_flags { + bool display_alg; +}; + +struct crypto_param { + enum rte_crypto_sym_xform_type type; + union { + enum rte_crypto_cipher_algorithm cipher; + enum rte_crypto_auth_algorithm auth; + enum rte_crypto_aead_algorithm aead; + } alg; + uint16_t key_length; +}; + +static const struct crypto_param aead_list[] = { + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 16, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 24, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 32 + }, +}; + int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, bool silent); @@ -56,11 +90,27 @@ int test_ipsec_crypto_caps_aead_verify( void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, struct ipsec_test_data *td_in); +void test_ipsec_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct ipsec_test_flags *flags, + struct ipsec_test_data *td_array, + int nb_td); + +void test_ipsec_td_update(struct ipsec_test_data td_inb[], + const struct ipsec_test_data td_outb[], + int nb_td, + const struct ipsec_test_flags *flags); + +void test_ipsec_display_alg(const struct crypto_param *param1, + const struct crypto_param *param2); + int test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, - struct ipsec_test_data *res_d, bool silent); + struct ipsec_test_data *res_d, bool silent, + const struct ipsec_test_flags *flags); int test_ipsec_status_check(struct rte_crypto_op *op, + const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir); #endif From patchwork Fri Sep 3 04:46:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 97860 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EB085A0C53; Fri, 3 Sep 2021 06:47:44 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D4EE140E78; Fri, 3 Sep 2021 06:47:44 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 90C9E40E78 for ; Fri, 3 Sep 2021 06:47:43 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 182K6nkn013951; Thu, 2 Sep 2021 21:47:42 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=5hz5GpFx0SfaoKqRwQ+reIsPKdWjUMuJzxkYCqSPHis=; b=IFYtMEwRzWlGvoPprIvn3dgxLaPVt0Xy2l61qahT2aoKEQYGOgIWb3u4HYfsDZV02MjL VB/T7eOyycBGbVEzC+RcXiPcr2GQpxJS+ElCN6WMDgkKKIh2H8T0xGKvQyktXTf/nngi 6hbHZoJvskQ2etg82HbbPYpKY9mQvHP/t4S6sGT74GblJKs02xayJ9tfSQPPbX8t/qGr jJgrQvqOPudY1D9FKRiCAg0pU8v+bV+YKNiY2V9a/wKmouyuWdELYgHhzM8/q7LT/Dqr ENAXyjEJNz68izNVi3xWNd4lTtrJNpVGDHbt5S+mLezgNK2vK2mVnrUL639ZAZ1zGwPj iQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3au5c31maj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 02 Sep 2021 21:47:42 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 21:47:41 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 21:47:41 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id 38B865B6942; Thu, 2 Sep 2021 21:47:35 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Tejasree Kondoj , Jerin Jacob , Archana Muniganti , Hemant Agrawal , Radu Nicolau , Ciara Power , Gagandeep Singh , , Anoob Joseph Date: Fri, 3 Sep 2021 10:16:57 +0530 Message-ID: <1630644420-1256-4-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1630644420-1256-1-git-send-email-anoobj@marvell.com> References: <1628675138-17300-1-git-send-email-anoobj@marvell.com> <1630644420-1256-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: X6ZGMbMNF-FPRjD0Kr971cyo1YqPvZqu X-Proofpoint-ORIG-GUID: X6ZGMbMNF-FPRjD0Kr971cyo1YqPvZqu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-03_01,2021-09-03_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 3/5] test/crypto: add lookaside IPsec ICV corrupt test case X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Adding lookaside IPsec ICV corrupt test case. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj --- app/test/test_cryptodev.c | 16 ++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 30 ++++++++++++++++++++---------- app/test/test_cryptodev_security_ipsec.h | 1 + 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index d89307d..488daed 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9082,6 +9082,18 @@ test_ipsec_proto_display_list(const void *data __rte_unused) } static int +test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.icv_corrupt = true; + + return test_ipsec_proto_all(&flags); +} + +static int test_PDCP_PROTO_all(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -13991,6 +14003,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_ipsec_proto_display_list), + TEST_CASE_NAMED_ST( + "Negative test: ICV corruption", + ut_setup_security, ut_teardown, + test_ipsec_proto_err_icv_corrupt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index d08e093..aebbe66 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -175,9 +175,12 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data, td_outb[i].input_text.len); td_inb[i].output_text.len = td_outb->input_text.len; - } - RTE_SET_USED(flags); + if (flags->icv_corrupt) { + int icv_pos = td_inb[i].input_text.len - 4; + td_inb[i].input_text.data[icv_pos] += 1; + } + } } void @@ -217,6 +220,11 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip, len = rte_pktmbuf_pkt_len(m); + /* For negative tests, no need to do verification */ + if (flags->icv_corrupt && + td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + return TEST_SUCCESS; + if (len != td->output_text.len) { printf("Output length (%d) not matching with expected (%d)\n", len, td->output_text.len); @@ -241,8 +249,6 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, return TEST_FAILED; } - RTE_SET_USED(flags); - return TEST_SUCCESS; } @@ -299,13 +305,17 @@ test_ipsec_status_check(struct rte_crypto_op *op, { int ret = TEST_SUCCESS; - if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { - printf("Security op processing failed\n"); - ret = TEST_FAILED; + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) { + if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { + printf("ICV corruption test case failed\n"); + ret = TEST_FAILED; + } + } else { + if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + printf("Security op processing failed\n"); + ret = TEST_FAILED; + } } - RTE_SET_USED(flags); - RTE_SET_USED(dir); - return ret; } diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index cbb3ee4..134fc3a 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -49,6 +49,7 @@ struct ipsec_test_data { struct ipsec_test_flags { bool display_alg; + bool icv_corrupt; }; struct crypto_param { From patchwork Fri Sep 3 04:46:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 97861 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 35F2DA0C53; Fri, 3 Sep 2021 06:47:54 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2386840E2D; Fri, 3 Sep 2021 06:47:54 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 02FE040E09 for ; Fri, 3 Sep 2021 06:47:51 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 182K6ngs013955; Thu, 2 Sep 2021 21:47:51 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=0u4srASNFN/oz06VzQt+H3iAb1+P3zboLK86ZQI0p/k=; b=ZmHMgSLrfXPfyBKQQiyy9aXh2uJMTLRkFWU45qALG/9aOt91Q1o6kitfBVbktk1EZJg6 DRTj/KsqI/PH8NmmvCs98Oqj2AtKvkGdUGFLaImhl9xCPnsp/ceonEgQPuyyzHA9W2tv 8qFWshJZWCBbhbTEOSQuJbBCSoQntK50srVmuSSi43KiUT2lWEhAeK+PLBBju0Wx8FvW 2LW85Bjlg+3Ey3punc853NvS7GrB5ZHXyC4y9f0YLGcXYcIM5MM5Henxkq98TN3ih/Em v1Nh1tj8U9qbK/ok6qlz0OhNhcbYqHaPCvqfYyKuA2TLcWbUzQEDOEdm4HtxfvsZSbGA Eg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3au5c31mbp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 02 Sep 2021 21:47:51 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 21:47:49 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 21:47:49 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id 12FA55B6942; Thu, 2 Sep 2021 21:47:42 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Tejasree Kondoj , Jerin Jacob , Archana Muniganti , Hemant Agrawal , Radu Nicolau , Ciara Power , Gagandeep Singh , , Anoob Joseph Date: Fri, 3 Sep 2021 10:16:58 +0530 Message-ID: <1630644420-1256-5-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1630644420-1256-1-git-send-email-anoobj@marvell.com> References: <1628675138-17300-1-git-send-email-anoobj@marvell.com> <1630644420-1256-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 0bitxSE7Pzn_xmOBXxsck2c3JCm4zlKz X-Proofpoint-ORIG-GUID: 0bitxSE7Pzn_xmOBXxsck2c3JCm4zlKz X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-03_01,2021-09-03_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 4/5] test/crypto: add IV gen tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Add test cases to verify IV generated by PMD. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj --- app/test/test_cryptodev.c | 19 ++++++++++++ app/test/test_cryptodev_security_ipsec.c | 52 ++++++++++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.h | 1 + 3 files changed, 72 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 488daed..71e6c1a 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9032,6 +9032,9 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; + if (flags->iv_gen) + nb_pkts = IPSEC_TEST_PACKETS_MAX; + for (i = 0; i < RTE_DIM(aead_list); i++) { test_ipsec_td_prepare(&aead_list[i], NULL, @@ -9082,6 +9085,18 @@ test_ipsec_proto_display_list(const void *data __rte_unused) } static int +test_ipsec_proto_iv_gen(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.iv_gen = true; + + return test_ipsec_proto_all(&flags); +} + +static int test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) { struct ipsec_test_flags flags; @@ -14004,6 +14019,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_display_list), TEST_CASE_NAMED_ST( + "IV generation", + ut_setup_security, ut_teardown, + test_ipsec_proto_iv_gen), + TEST_CASE_NAMED_ST( "Negative test: ICV corruption", ut_setup_security, ut_teardown, test_ipsec_proto_err_icv_corrupt), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index aebbe66..78c7f3a 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -4,12 +4,15 @@ #include #include +#include #include #include #include "test.h" #include "test_cryptodev_security_ipsec.h" +#define IV_LEN_MAX 16 + extern struct ipsec_test_data pkt_aes_256_gcm; int @@ -214,6 +217,46 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) } static int +test_ipsec_iv_verify_push(struct rte_mbuf *m, const struct ipsec_test_data *td) +{ + static uint8_t iv_queue[IV_LEN_MAX * IPSEC_TEST_PACKETS_MAX]; + uint8_t *iv_tmp, *output_text = rte_pktmbuf_mtod(m, uint8_t *); + int i, iv_pos, iv_len; + static int index; + + if (td->aead) + iv_len = td->xform.aead.aead.iv.length - td->salt.len; + else + iv_len = td->xform.chain.cipher.cipher.iv.length; + + iv_pos = test_ipsec_tunnel_hdr_len_get(td) + sizeof(struct rte_esp_hdr); + output_text += iv_pos; + + TEST_ASSERT(iv_len <= IV_LEN_MAX, "IV length greater than supported"); + + /* Compare against previous values */ + for (i = 0; i < index; i++) { + iv_tmp = &iv_queue[i * IV_LEN_MAX]; + + if (memcmp(output_text, iv_tmp, iv_len) == 0) { + printf("IV repeated"); + return TEST_FAILED; + } + } + + /* Save IV for future comparisons */ + + iv_tmp = &iv_queue[index * IV_LEN_MAX]; + memcpy(iv_tmp, output_text, iv_len); + index++; + + if (index == IPSEC_TEST_PACKETS_MAX) + index = 0; + + return TEST_SUCCESS; +} + +static int test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, bool silent, const struct ipsec_test_flags *flags) { @@ -279,6 +322,15 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, struct ipsec_test_data *res_d, bool silent, const struct ipsec_test_flags *flags) { + int ret; + + if (flags->iv_gen && + td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + ret = test_ipsec_iv_verify_push(m, td); + if (ret != TEST_SUCCESS) + return ret; + } + /* * In case of known vector tests & all inbound tests, res_d provided * would be NULL and output data need to be validated against expected. diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 134fc3a..d2ec63f 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -50,6 +50,7 @@ struct ipsec_test_data { struct ipsec_test_flags { bool display_alg; bool icv_corrupt; + bool iv_gen; }; struct crypto_param { From patchwork Fri Sep 3 04:46:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 97862 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5F9C9A0C53; Fri, 3 Sep 2021 06:47:59 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4B0D5410E9; Fri, 3 Sep 2021 06:47:59 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 07873410D8 for ; Fri, 3 Sep 2021 06:47:57 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 182K75l0014114; Thu, 2 Sep 2021 21:47:57 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Rzp1gve42HvBQn1cI463cN0YlZvLLsrkNQcsD4OHKpA=; b=OIkNb4aWX3MZEA6og5N4h0L314f6m0UGLIWpr6QvJOdJYn85lbj72nS77dhtE8sWxmgJ EoT8Jc5NzPkwoLD5l4ijorC6EehFB9Ih6XBGawaSz7mQJoVO1EFIQJUUgmli4x27EYd7 f10mlwMYUcUxtiZ6e+mE//UjOrfKsj2RzPP5aXwD21NWUzeJrNaLc1e8xa0ju3G9+6+/ VXV0MOUP7yRmnoApbpku7yFSNnfyl/KkZlQ6MHPle2oEYReVbUygqWxiJQXwKg9qs6sJ VFd90lepsCRuRrpatrLXsKr09Kyk59PXwNlZa60gDWLXO1wXU+a//FqT0vAavLDnlt+H sg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3au5c31mc4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 02 Sep 2021 21:47:57 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 21:47:55 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 21:47:55 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id 255985B6942; Thu, 2 Sep 2021 21:47:50 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Tejasree Kondoj , Jerin Jacob , Archana Muniganti , Hemant Agrawal , Radu Nicolau , Ciara Power , Gagandeep Singh , Date: Fri, 3 Sep 2021 10:16:59 +0530 Message-ID: <1630644420-1256-6-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1630644420-1256-1-git-send-email-anoobj@marvell.com> References: <1628675138-17300-1-git-send-email-anoobj@marvell.com> <1630644420-1256-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: xlNqGFhyMvEkkV8OrpIRdy_yHpR_b4E_ X-Proofpoint-ORIG-GUID: xlNqGFhyMvEkkV8OrpIRdy_yHpR_b4E_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-03_01,2021-09-03_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 5/5] test/crypto: add UDP encapsulation test cases X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Adding UDP encapsulation test cases. Signed-off-by: Tejasree Kondoj --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 28 ++++++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.h | 1 + 3 files changed, 48 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 71e6c1a..b7c5270 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8898,6 +8898,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], sec_cap_idx.ipsec.mode = ipsec_xform.mode; sec_cap_idx.ipsec.direction = ipsec_xform.direction; + if (flags->udp_encap) + ipsec_xform.options.udp_encap = 1; + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); if (sec_cap == NULL) return TEST_SKIPPED; @@ -9109,6 +9112,18 @@ test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) } static int +test_ipsec_proto_udp_encap(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.udp_encap = true; + + return test_ipsec_proto_all(&flags); +} + +static int test_PDCP_PROTO_all(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -14023,6 +14038,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_iv_gen), TEST_CASE_NAMED_ST( + "UDP encapsulation", + ut_setup_security, ut_teardown, + test_ipsec_proto_udp_encap), + TEST_CASE_NAMED_ST( "Negative test: ICV corruption", ut_setup_security, ut_teardown, test_ipsec_proto_err_icv_corrupt), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 78c7f3a..5b54996 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -7,6 +7,7 @@ #include #include #include +#include #include "test.h" #include "test_cryptodev_security_ipsec.h" @@ -183,6 +184,9 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], int icv_pos = td_inb[i].input_text.len - 4; td_inb[i].input_text.data[icv_pos] += 1; } + + if (flags->udp_encap) + td_inb[i].ipsec_xform.options.udp_encap = 1; } } @@ -268,6 +272,30 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) return TEST_SUCCESS; + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + flags->udp_encap) { + const struct rte_ipv4_hdr *iph4; + const struct rte_ipv6_hdr *iph6; + + if (td->ipsec_xform.tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + iph4 = (const struct rte_ipv4_hdr *)output_text; + if (iph4->next_proto_id != IPPROTO_UDP) { + printf("UDP header is not found\n"); + return TEST_FAILED; + } + } else { + iph6 = (const struct rte_ipv6_hdr *)output_text; + if (iph6->proto != IPPROTO_UDP) { + printf("UDP header is not found\n"); + return TEST_FAILED; + } + } + + len -= sizeof(struct rte_udp_hdr); + output_text += sizeof(struct rte_udp_hdr); + } + if (len != td->output_text.len) { printf("Output length (%d) not matching with expected (%d)\n", len, td->output_text.len); diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index d2ec63f..e1645f4 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -51,6 +51,7 @@ struct ipsec_test_flags { bool display_alg; bool icv_corrupt; bool iv_gen; + bool udp_encap; }; struct crypto_param {