mbox series

[21.11,0/3] Add lookaside IPsec tests

Message ID 1627555402-4789-1-git-send-email-anoobj@marvell.com (mailing list archive)
Headers show
Series Add lookaside IPsec tests | expand

Message

Anoob Joseph July 29, 2021, 10:43 a.m. UTC
Add lookaside IPsec functional tests. Known vector tests and
combined mode framework is added.

Known vector tests for outbound operations would use predefined IV and
sequence number as 1. So plain packet would get encrypted to generate the
IPsec packet. Tests would compare against known vector.

Known vector tests for inbound operation would generate test vectors by
reversing outbound known vectors. The input_text would become encrypted
packet and output_text would be the plain packet. Tests would then validate
the operation by comparing against plain packet.

Combined mode tests are used to test all IPsec features against all ciphers
supported by the hardware. The framework is introduced to avoid testing
with any specific algo, thereby making it mandatory to be supported. Also,
testing with all supported combinations will help with increasing coverage
as well.

Two test cases use combined mode,
1. Display algo coverage and basic in + out tests
2. Negative test for ICV corruption

Known vectors are based on
https://datatracker.ietf.org/doc/html/draft-mcgrew-gcm-test-01

The vectors are updated to have sequence number as 1 & L4 checksum
computed correctly. And they have following properties,
1. ESP
2. Tunnel mode
3. IPv4
4. IPv4 tunnel

This series is targetted for DPDK 21.11.

Upcoming additions,
1. AES-CBC-SHA1-HMAC known vectors & combined mode
2. IPv6
3. UDP encapsulation
4. Transport
5. Mixed mode (IPv4-in-IPv6 etc, all combinations)

Tested with following PMDs
1. crypto_octeontx2
2. crypto_cn10k

Anoob Joseph (2):
  test/crypto: add lookaside IPsec tests
  test/crypto: add combined mode tests

Tejasree Kondoj (1):
  test/crypto: add lookaside IPsec ICV corrupt test case

 app/test/meson.build                               |   1 +
 app/test/test.h                                    |   6 +
 app/test/test_cryptodev.c                          | 330 +++++++++++++++++++++
 app/test/test_cryptodev_security_ipsec.c           | 311 +++++++++++++++++++
 app/test/test_cryptodev_security_ipsec.h           | 115 +++++++
 .../test_cryptodev_security_ipsec_test_vectors.h   | 321 ++++++++++++++++++++
 6 files changed, 1084 insertions(+)
 create mode 100644 app/test/test_cryptodev_security_ipsec.c
 create mode 100644 app/test/test_cryptodev_security_ipsec.h
 create mode 100644 app/test/test_cryptodev_security_ipsec_test_vectors.h