From patchwork Fri Apr  8 10:16:23 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Archana Muniganti <marchana@marvell.com>
X-Patchwork-Id: 109509
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 0520FA0501;
	Fri,  8 Apr 2022 12:16:52 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id A716E40E5A;
	Fri,  8 Apr 2022 12:16:50 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 5FD1240E5A
 for <dev@dpdk.org>; Fri,  8 Apr 2022 12:16:49 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id
 238614jF024820;
 Fri, 8 Apr 2022 03:16:48 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=VGudKRg7K4BGOw7kUp7vtdkalcKTfNoisSOwBVg4mMY=;
 b=doet1hWhJnd2eD4tfO0AR3BTmDmFtatto5wHz3ZC/hCnM0EmElYFXcu9NtChi/viAzSY
 NFtyaI3uwIxUKUUdSC5ctMkF0za0Hq8Sf5HBkznTACHtb0HMcNJ0YR2skG7Iz+HwNK5i
 QpPGRdkDcfZb/1UujDtvddljWJfg7+X0KbbZdskvTVeYrrOQxBT9dZeMiNIPe+3Uyo+g
 UIb0gmKxldkbF7hkA4zkUO8A+aUQLbEQH1q/nA5vvgU4YkUSfaVaxQLcY76EYw7X/fCH
 cWdOsj4yoHSGHKBNwUnFgk336HOPAOouWNsIZZ50p5EeW9VBGORsqNPDoar5HNBVOrTH cQ==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3f9r5wfv2q-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Fri, 08 Apr 2022 03:16:48 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
 Fri, 8 Apr 2022 03:16:47 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend
 Transport; Fri, 8 Apr 2022 03:16:47 -0700
Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15])
 by maili.marvell.com (Postfix) with ESMTP id 8A7C83F704D;
 Fri,  8 Apr 2022 03:16:43 -0700 (PDT)
From: Archana Muniganti <marchana@marvell.com>
To: <gakhil@marvell.com>, <radu.nicolau@intel.com>, <roy.fan.zhang@intel.com>,
 <hemant.agrawal@nxp.com>, <konstantin.ananyev@intel.com>
CC: Archana Muniganti <marchana@marvell.com>, <anoobj@marvell.com>,
 <ktejasree@marvell.com>, <adwivedi@marvell.com>, <jerinj@marvell.com>,
 <dev@dpdk.org>
Subject: [PATCH 1/3] test/crypto: add AH under combined mode UT
Date: Fri, 8 Apr 2022 15:46:23 +0530
Message-ID: <20220408101625.12020-2-marchana@marvell.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20220408101625.12020-1-marchana@marvell.com>
References: <20220408101625.12020-1-marchana@marvell.com>
MIME-Version: 1.0
X-Proofpoint-GUID: 5ssRHvGEiOva2W_fmUGKUhR6Ybc7s52e
X-Proofpoint-ORIG-GUID: 5ssRHvGEiOva2W_fmUGKUhR6Ybc7s52e
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.425,FMLib:17.11.64.514
 definitions=2022-04-08_03,2022-04-08_01,2022-02-23_01
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Added auth only and null cipher + auth under combined mode
for following combinations.
1. Tunnel IPv4
2. Transport IPv4

Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
 app/test/test_cryptodev.c                | 97 ++++++++++++++++++++++++
 app/test/test_cryptodev_security_ipsec.c | 74 +++++++++++++++---
 app/test/test_cryptodev_security_ipsec.h |  8 ++
 doc/guides/rel_notes/release_22_03.rst   |  3 +
 4 files changed, 172 insertions(+), 10 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index a0c8926776..eda4a5b6f1 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -845,6 +845,7 @@ ipsec_proto_testsuite_setup(void)
 	}
 
 	test_ipsec_alg_list_populate();
+	test_ipsec_ah_alg_list_populate();
 
 	/*
 	 * Stop the device. Device would be started again by individual test
@@ -9238,6 +9239,19 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 					"Crypto capabilities not supported\n");
 			return TEST_SKIPPED;
 		}
+	} else if (td[0].auth_only) {
+		memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth,
+		       sizeof(ut_params->auth_xform));
+		ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
+
+		if (test_ipsec_crypto_caps_auth_verify(
+				sec_cap,
+				&ut_params->auth_xform) != 0) {
+			if (!silent)
+				RTE_LOG(INFO, USER1,
+					"Auth crypto capabilities not supported\n");
+			return TEST_SKIPPED;
+		}
 	} else {
 		memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher,
 		       sizeof(ut_params->cipher_xform));
@@ -9281,6 +9295,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 		memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
 		sess_conf.ipsec = ipsec_xform;
 		sess_conf.crypto_xform = &ut_params->aead_xform;
+	} else if (td[0].auth_only) {
+		sess_conf.ipsec = ipsec_xform;
+		sess_conf.crypto_xform = &ut_params->auth_xform;
 	} else {
 		sess_conf.ipsec = ipsec_xform;
 		if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
@@ -9526,6 +9543,52 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 		return TEST_SKIPPED;
 }
 
+static int
+test_ipsec_ah_proto_all(const struct ipsec_test_flags *flags)
+{
+	struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
+	struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX];
+	unsigned int i, nb_pkts = 1, pass_cnt = 0;
+	int ret;
+
+	for (i = 0; i < RTE_DIM(ah_alg_list); i++) {
+		test_ipsec_td_prepare(ah_alg_list[i].param1,
+				      ah_alg_list[i].param2,
+				      flags,
+				      td_outb,
+				      nb_pkts);
+
+		ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
+					       flags);
+		if (ret == TEST_SKIPPED)
+			continue;
+
+		if (ret == TEST_FAILED)
+			return TEST_FAILED;
+
+		test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags);
+
+		ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true,
+					       flags);
+		if (ret == TEST_SKIPPED)
+			continue;
+
+		if (ret == TEST_FAILED)
+			return TEST_FAILED;
+
+		if (flags->display_alg)
+			test_ipsec_display_alg(ah_alg_list[i].param1,
+					       ah_alg_list[i].param2);
+
+		pass_cnt++;
+	}
+
+	if (pass_cnt > 0)
+		return TEST_SUCCESS;
+	else
+		return TEST_SKIPPED;
+}
+
 static int
 test_ipsec_proto_display_list(const void *data __rte_unused)
 {
@@ -9538,6 +9601,32 @@ test_ipsec_proto_display_list(const void *data __rte_unused)
 	return test_ipsec_proto_all(&flags);
 }
 
+static int
+test_ipsec_proto_ah_tunnel_ipv4(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.ah = true;
+	flags.display_alg = true;
+
+	return test_ipsec_ah_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ah_transport_ipv4(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.ah = true;
+	flags.transport = true;
+
+	return test_ipsec_ah_proto_all(&flags);
+}
+
 static int
 test_ipsec_proto_iv_gen(const void *data __rte_unused)
 {
@@ -15047,6 +15136,10 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Combined test alg list",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_display_list),
+		TEST_CASE_NAMED_ST(
+			"Combined test alg list (AH)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_ah_tunnel_ipv4),
 		TEST_CASE_NAMED_ST(
 			"IV generation",
 			ut_setup_security, ut_teardown,
@@ -15107,6 +15200,10 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Transport IPv4",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_transport_v4),
+		TEST_CASE_NAMED_ST(
+			"AH transport IPv4",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_ah_transport_ipv4),
 		TEST_CASE_NAMED_ST(
 			"Transport l4 checksum",
 			ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index f66360f4c4..6098c3edc3 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -21,6 +21,8 @@ struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
 				  (RTE_DIM(cipher_list) *
 				   RTE_DIM(auth_list))];
 
+struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)];
+
 static bool
 is_valid_ipv4_pkt(const struct rte_ipv4_hdr *pkt)
 {
@@ -75,6 +77,26 @@ test_ipsec_alg_list_populate(void)
 	}
 }
 
+void
+test_ipsec_ah_alg_list_populate(void)
+{
+	unsigned long i, index = 0;
+
+	for (i = 1; i < RTE_DIM(auth_list); i++) {
+		ah_alg_list[index].param1 = &auth_list[i];
+		ah_alg_list[index].param2 = NULL;
+		index++;
+	}
+
+	for (i = 1; i < RTE_DIM(auth_list); i++) {
+		/* NULL cipher */
+		ah_alg_list[index].param1 = &cipher_list[0];
+
+		ah_alg_list[index].param2 = &auth_list[i];
+		index++;
+	}
+}
+
 int
 test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 			   const struct rte_security_capability *sec_cap,
@@ -381,17 +403,34 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
 					sizeof(*td));
 
 			td->aead = false;
-			td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
-			td->xform.chain.cipher.cipher.key.length =
-					param1->key_length;
-			td->xform.chain.cipher.cipher.iv.length =
-					param1->iv_length;
-			td->xform.chain.auth.auth.algo = param2->alg.auth;
-			td->xform.chain.auth.auth.key.length =
-					param2->key_length;
-			td->xform.chain.auth.auth.digest_length =
-					param2->digest_length;
 
+			if (param1->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+				td->xform.chain.auth.auth.algo =
+						param1->alg.auth;
+				td->xform.chain.auth.auth.key.length =
+						param1->key_length;
+				td->xform.chain.auth.auth.digest_length =
+						param1->digest_length;
+				td->auth_only = true;
+			} else {
+				td->xform.chain.cipher.cipher.algo =
+						param1->alg.cipher;
+				td->xform.chain.cipher.cipher.key.length =
+						param1->key_length;
+				td->xform.chain.cipher.cipher.iv.length =
+						param1->iv_length;
+				td->xform.chain.auth.auth.algo =
+						param2->alg.auth;
+				td->xform.chain.auth.auth.key.length =
+						param2->key_length;
+				td->xform.chain.auth.auth.digest_length =
+						param2->digest_length;
+			}
+		}
+
+		if (flags->ah) {
+			td->ipsec_xform.proto =
+					RTE_SECURITY_IPSEC_SA_PROTO_AH;
 		}
 
 		if (flags->iv_gen)
@@ -499,6 +538,11 @@ test_ipsec_display_alg(const struct crypto_param *param1,
 		printf("\t%s [%d]",
 		       rte_crypto_aead_algorithm_strings[param1->alg.aead],
 		       param1->key_length * 8);
+	} else if (param1->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+		printf("\t%s",
+		       rte_crypto_auth_algorithm_strings[param1->alg.auth]);
+		if (param1->alg.auth != RTE_CRYPTO_AUTH_NULL)
+			printf(" [%dB ICV]", param1->digest_length);
 	} else {
 		printf("\t%s",
 		       rte_crypto_cipher_algorithm_strings[param1->alg.cipher]);
@@ -832,6 +876,11 @@ test_ipsec_iph4_hdr_validate(const struct rte_ipv4_hdr *iph4,
 		return -1;
 	}
 
+	if (flags->ah && iph4->next_proto_id != IPPROTO_AH) {
+		printf("Tunnel outer header proto is not AH\n");
+		return -1;
+	}
+
 	f_off = rte_be_to_cpu_16(iph4->fragment_offset);
 	if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
 	    flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
@@ -934,6 +983,11 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 					printf("Transport packet is not IPv4\n");
 					return TEST_FAILED;
 				}
+
+				if (flags->ah && iph4->next_proto_id != IPPROTO_AH) {
+					printf("Transport IPv4 header proto is not AH\n");
+					return -1;
+				}
 			}
 		} else {
 			if (td->ipsec_xform.tunnel.type ==
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 7529d2ae50..fa7bb06022 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -40,6 +40,9 @@ struct ipsec_test_data {
 	struct rte_security_ipsec_xform ipsec_xform;
 
 	bool aead;
+
+	bool auth_only;
+
 	/* Antireplay packet */
 	bool ar_packet;
 
@@ -88,6 +91,7 @@ struct ipsec_test_flags {
 	enum df_flags df;
 	enum dscp_flags dscp;
 	bool dec_ttl_or_hop_limit;
+	bool ah;
 };
 
 struct crypto_param {
@@ -198,8 +202,12 @@ extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
 					 (RTE_DIM(cipher_list) *
 					  RTE_DIM(auth_list))];
 
+extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)];
+
 void test_ipsec_alg_list_populate(void);
 
+void test_ipsec_ah_alg_list_populate(void);
+
 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 			       const struct rte_security_capability *sec_cap,
 			       bool silent);
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index 0923707cb8..9eaf9919ca 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -190,6 +190,9 @@ New Features
   Crypto producer mode helps to measure performance of OP_NEW and OP_FORWARD
   modes of event crypto adapter.
 
+* **Updated lookaside protocol (IPsec) tests in dpdk-test.**
+
+  * Added tests to verify IPSec AH in combined mode.
 
 Removed Items
 -------------