From patchwork Fri Sep 17 13:15:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99143 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CBF16A0C46; Fri, 17 Sep 2021 15:15:48 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B6495410EC; Fri, 17 Sep 2021 15:15:48 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 1BED9410EB for ; Fri, 17 Sep 2021 15:15:46 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18HCkjbH018025; Fri, 17 Sep 2021 06:15:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=3Q0Zy4GeZhK4SXtFtkN7fcEwhoIaY7nPK8B8iFZSd9w=; b=DFD+tRl7q/X6sqMCPvQIFC2hSj9f71s2KmdS7rGJlhkoP01rnNZyRnwES3e2wXeVl06f 0TR34r1aKXDazUbuzasOrsgaeHbhixdQTWXTF+CDBClo5dsp+KBUnFOJZ1GkHvuD+0Lx qvVvAIHR625H1c7jUEapXatMmMuahpytbuMrpOIrfRXmKc9OczlUXBZAE4pqySGl/U9O 0YYSyUsBIoGbDLHbKuH9BCM4ed+GmpXKnnQ+O96PkVFylcBZcCIsfQP17+v6KDxFIovG XGEcYduFzVFJxC2MdqhR30jcwwzn3O9e1gz3hzTknnDiRM01W6tLB+uVbhHYe3paTFFH VQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3b4uasg2vf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 17 Sep 2021 06:15:46 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Fri, 17 Sep 2021 06:15:44 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Fri, 17 Sep 2021 06:15:44 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 2AF103F704F; Fri, 17 Sep 2021 06:15:38 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Fri, 17 Sep 2021 18:45:19 +0530 Message-ID: <1631884523-836-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1631884523-836-1-git-send-email-anoobj@marvell.com> References: <1630644420-1256-1-git-send-email-anoobj@marvell.com> <1631884523-836-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: wokghY7SMWNrdwT7Uxhg2PpU1zNL07ga X-Proofpoint-ORIG-GUID: wokghY7SMWNrdwT7Uxhg2PpU1zNL07ga X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-17_05,2021-09-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH v4 1/5] test/crypto: add lookaside IPsec tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Added test case for lookaside IPsec. Inbound known vector tests are added. Cipher list: AES-GCM 128, 192 & 256 Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj Acked-by: Akhil Goyal Acked-by: Hemant Agrawal --- app/test/meson.build | 1 + app/test/test.h | 6 + app/test/test_cryptodev.c | 232 +++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 212 ++++++++++++++ app/test/test_cryptodev_security_ipsec.h | 66 +++++ .../test_cryptodev_security_ipsec_test_vectors.h | 321 +++++++++++++++++++++ 6 files changed, 838 insertions(+) create mode 100644 app/test/test_cryptodev_security_ipsec.c create mode 100644 app/test/test_cryptodev_security_ipsec.h create mode 100644 app/test/test_cryptodev_security_ipsec_test_vectors.h diff --git a/app/test/meson.build b/app/test/meson.build index a761168..f144d8b 100644 --- a/app/test/meson.build +++ b/app/test/meson.build @@ -38,6 +38,7 @@ test_sources = files( 'test_cryptodev.c', 'test_cryptodev_asym.c', 'test_cryptodev_blockcipher.c', + 'test_cryptodev_security_ipsec.c', 'test_cryptodev_security_pdcp.c', 'test_cycles.c', 'test_debug.c', diff --git a/app/test/test.h b/app/test/test.h index c3b2a87..7115edf 100644 --- a/app/test/test.h +++ b/app/test/test.h @@ -124,6 +124,12 @@ struct unit_test_case { #define TEST_CASE_WITH_DATA(setup, teardown, testcase, data) \ { setup, teardown, NULL, testcase, #testcase, 1, data } +#define TEST_CASE_NAMED_ST(name, setup, teardown, testcase) \ + { setup, teardown, NULL, testcase, name, 1, NULL } + +#define TEST_CASE_NAMED_WITH_DATA(name, setup, teardown, testcase, data) \ + { setup, teardown, NULL, testcase, name, 1, data } + #define TEST_CASE_DISABLED(fn) { NULL, NULL, fn, NULL, #fn, 0, NULL } #define TEST_CASE_ST_DISABLED(setup, teardown, testcase) \ diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 16d770a..9c7875c 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -16,6 +16,7 @@ #include #include +#include #include #ifdef RTE_CRYPTO_SCHEDULER @@ -41,6 +42,8 @@ #include "test_cryptodev_hmac_test_vectors.h" #include "test_cryptodev_mixed_test_vectors.h" #ifdef RTE_LIB_SECURITY +#include "test_cryptodev_security_ipsec.h" +#include "test_cryptodev_security_ipsec_test_vectors.h" #include "test_cryptodev_security_pdcp_test_vectors.h" #include "test_cryptodev_security_pdcp_sdap_test_vectors.h" #include "test_cryptodev_security_pdcp_test_func.h" @@ -123,6 +126,13 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess, const uint8_t *digest, const uint8_t *iv); +static int +security_proto_supported(enum rte_security_session_action_type action, + enum rte_security_session_protocol proto); + +static int +dev_configure_and_start(uint64_t ff_disable); + static struct rte_mbuf * setup_test_string(struct rte_mempool *mpool, const char *string, size_t len, uint8_t blocksize) @@ -753,6 +763,43 @@ crypto_gen_testsuite_setup(void) #ifdef RTE_LIB_SECURITY static int +ipsec_proto_testsuite_setup(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + struct rte_cryptodev_info dev_info; + int ret = 0; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) { + RTE_LOG(INFO, USER1, "Feature flag requirements for IPsec Proto " + "testsuite not met\n"); + return TEST_SKIPPED; + } + + /* Reconfigure to enable security */ + dev_configure_and_start(RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | + RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO); + + /* Set action type */ + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + if (security_proto_supported( + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + RTE_SECURITY_PROTOCOL_IPSEC) < 0) { + RTE_LOG(INFO, USER1, "Capability requirements for IPsec Proto " + "test not met\n"); + ret = TEST_SKIPPED; + } + + /* Stop the device */ + rte_cryptodev_stop(ts_params->valid_devs[0]); + + return ret; +} + +static int pdcp_proto_testsuite_setup(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -8854,6 +8901,170 @@ test_PDCP_SDAP_PROTO_decap_all(void) } static int +test_ipsec_proto_process(const struct ipsec_test_data td[], + struct ipsec_test_data res_d[], + int nb_td, + bool silent) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + struct rte_security_ipsec_xform ipsec_xform; + uint8_t dev_id = ts_params->valid_devs[0]; + enum rte_security_ipsec_sa_direction dir; + struct ipsec_test_data *res_d_tmp = NULL; + uint32_t src = RTE_IPV4(192, 168, 1, 0); + uint32_t dst = RTE_IPV4(192, 168, 1, 1); + int salt_len, i, ret = TEST_SUCCESS; + struct rte_security_ctx *ctx; + uint8_t *input_text; + + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + gbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + /* Use first test data to create session */ + + /* Copy IPsec xform */ + memcpy(&ipsec_xform, &td[0].ipsec_xform, sizeof(ipsec_xform)); + + memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src)); + memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst)); + + dir = ipsec_xform.direction; + + ctx = rte_cryptodev_get_sec_ctx(dev_id); + + sec_cap_idx.action = ut_params->type; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_IPSEC; + sec_cap_idx.ipsec.proto = ipsec_xform.proto; + sec_cap_idx.ipsec.mode = ipsec_xform.mode; + sec_cap_idx.ipsec.direction = ipsec_xform.direction; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) + return TEST_SKIPPED; + + /* Copy cipher session parameters */ + if (td[0].aead) { + memcpy(&ut_params->aead_xform, &td[0].xform.aead, + sizeof(ut_params->aead_xform)); + ut_params->aead_xform.aead.key.data = td[0].key.data; + ut_params->aead_xform.aead.iv.offset = IV_OFFSET; + + /* Verify crypto capabilities */ + if (test_ipsec_crypto_caps_aead_verify( + sec_cap, + &ut_params->aead_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, + "Crypto capabilities not supported\n"); + return TEST_SKIPPED; + } + } else { + /* Only AEAD supported now */ + return TEST_SKIPPED; + } + + if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0) + return TEST_SKIPPED; + + salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len); + memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len); + + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = ipsec_xform, + .crypto_xform = &ut_params->aead_xform, + }; + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_mpool, + ts_params->session_priv_mpool); + + if (ut_params->sec_session == NULL) + return TEST_SKIPPED; + + for (i = 0; i < nb_td; i++) { + /* Setup source mbuf payload */ + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + input_text = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + td[i].input_text.len); + + memcpy(input_text, td[i].input_text.data, + td[i].input_text.len); + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, + RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (!ut_params->op) { + printf("TestCase %s line %d: %s\n", + __func__, __LINE__, + "failed to allocate crypto op"); + ret = TEST_FAILED; + goto crypto_op_free; + } + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, + ut_params->sec_session); + + /* Set crypto operation mbufs */ + ut_params->op->sym->m_src = ut_params->ibuf; + ut_params->op->sym->m_dst = NULL; + + /* Process crypto operation */ + process_crypto_request(dev_id, ut_params->op); + + ret = test_ipsec_status_check(ut_params->op, dir); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + if (res_d != NULL) + res_d_tmp = &res_d[i]; + + ret = test_ipsec_post_process(ut_params->ibuf, &td[i], + res_d_tmp, silent); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + } + +crypto_op_free: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + return ret; +} + +static int +test_ipsec_proto_known_vec_inb(const void *td_outb) +{ + struct ipsec_test_data td_inb; + + test_ipsec_td_in_from_out(td_outb, &td_inb); + + return test_ipsec_proto_process(&td_inb, NULL, 1, false); +} + +static int test_PDCP_PROTO_all(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -13744,6 +13955,26 @@ static struct unit_test_suite end_testsuite = { }; #ifdef RTE_LIB_SECURITY +static struct unit_test_suite ipsec_proto_testsuite = { + .suite_name = "IPsec Proto Unit Test Suite", + .setup = ipsec_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_192_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm), + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + static struct unit_test_suite pdcp_proto_testsuite = { .suite_name = "PDCP Proto Unit Test Suite", .setup = pdcp_proto_testsuite_setup, @@ -14534,6 +14765,7 @@ run_cryptodev_testsuite(const char *pmd_name) &cryptodev_negative_hmac_sha1_testsuite, &cryptodev_gen_testsuite, #ifdef RTE_LIB_SECURITY + &ipsec_proto_testsuite, &pdcp_proto_testsuite, &docsis_proto_testsuite, #endif diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c new file mode 100644 index 0000000..2431fcb --- /dev/null +++ b/app/test/test_cryptodev_security_ipsec.c @@ -0,0 +1,212 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#include +#include +#include +#include + +#include "test.h" +#include "test_cryptodev_security_ipsec.h" + +int +test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, + const struct rte_security_capability *sec_cap, + bool silent) +{ + /* Verify security capabilities */ + + if (ipsec_xform->options.esn == 1 && sec_cap->ipsec.options.esn == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "ESN is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.udp_encap == 1 && + sec_cap->ipsec.options.udp_encap == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "UDP encapsulation is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.copy_dscp == 1 && + sec_cap->ipsec.options.copy_dscp == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Copy DSCP is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.copy_flabel == 1 && + sec_cap->ipsec.options.copy_flabel == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Copy Flow Label is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.copy_df == 1 && + sec_cap->ipsec.options.copy_df == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Copy DP bit is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.dec_ttl == 1 && + sec_cap->ipsec.options.dec_ttl == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Decrement TTL is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.ecn == 1 && sec_cap->ipsec.options.ecn == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "ECN is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.stats == 1 && + sec_cap->ipsec.options.stats == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Stats is not supported\n"); + return -ENOTSUP; + } + + return 0; +} + +int +test_ipsec_crypto_caps_aead_verify( + const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *aead) +{ + const struct rte_cryptodev_symmetric_capability *sym_cap; + const struct rte_cryptodev_capabilities *crypto_cap; + int j = 0; + + while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + crypto_cap->sym.xform_type == aead->type && + crypto_cap->sym.aead.algo == aead->aead.algo) { + sym_cap = &crypto_cap->sym; + if (rte_cryptodev_sym_capability_check_aead(sym_cap, + aead->aead.key.length, + aead->aead.digest_length, + aead->aead.aad_length, + aead->aead.iv.length) == 0) + return 0; + } + } + + return -ENOTSUP; +} + +void +test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, + struct ipsec_test_data *td_in) +{ + memcpy(td_in, td_out, sizeof(*td_in)); + + /* Populate output text of td_in with input text of td_out */ + memcpy(td_in->output_text.data, td_out->input_text.data, + td_out->input_text.len); + td_in->output_text.len = td_out->input_text.len; + + /* Populate input text of td_in with output text of td_out */ + memcpy(td_in->input_text.data, td_out->output_text.data, + td_out->output_text.len); + td_in->input_text.len = td_out->output_text.len; + + td_in->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; + + if (td_in->aead) { + td_in->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; + } else { + td_in->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; + td_in->xform.chain.cipher.cipher.op = + RTE_CRYPTO_CIPHER_OP_DECRYPT; + } +} + +static int +test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) +{ + int len = 0; + + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (td->ipsec_xform.tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV4) + len += sizeof(struct rte_ipv4_hdr); + else + len += sizeof(struct rte_ipv6_hdr); + } + } + + return len; +} + +static int +test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, + bool silent) +{ + uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); + uint32_t skip, len = rte_pktmbuf_pkt_len(m); + + if (len != td->output_text.len) { + printf("Output length (%d) not matching with expected (%d)\n", + len, td->output_text.len); + return TEST_FAILED; + } + + skip = test_ipsec_tunnel_hdr_len_get(td); + + len -= skip; + output_text += skip; + + if (memcmp(output_text, td->output_text.data + skip, len)) { + if (silent) + return TEST_FAILED; + + printf("TestCase %s line %d: %s\n", __func__, __LINE__, + "output text not as expected\n"); + + rte_hexdump(stdout, "expected", td->output_text.data + skip, + len); + rte_hexdump(stdout, "actual", output_text, len); + return TEST_FAILED; + } + + return TEST_SUCCESS; +} + +int +test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, + struct ipsec_test_data *res_d, bool silent) +{ + /* + * In case of known vector tests & all inbound tests, res_d provided + * would be NULL and output data need to be validated against expected. + * For inbound, output_text would be plain packet and for outbound + * output_text would IPsec packet. Validate by comparing against + * known vectors. + */ + RTE_SET_USED(res_d); + return test_ipsec_td_verify(m, td, silent); +} + +int +test_ipsec_status_check(struct rte_crypto_op *op, + enum rte_security_ipsec_sa_direction dir) +{ + int ret = TEST_SUCCESS; + + if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + printf("Security op processing failed\n"); + ret = TEST_FAILED; + } + + RTE_SET_USED(dir); + + return ret; +} diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h new file mode 100644 index 0000000..5f1b46d --- /dev/null +++ b/app/test/test_cryptodev_security_ipsec.h @@ -0,0 +1,66 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_ +#define _TEST_CRYPTODEV_SECURITY_IPSEC_H_ + +#include +#include + +struct ipsec_test_data { + struct { + uint8_t data[32]; + } key; + + struct { + uint8_t data[1024]; + unsigned int len; + } input_text; + + struct { + uint8_t data[1024]; + unsigned int len; + } output_text; + + struct { + uint8_t data[4]; + unsigned int len; + } salt; + + struct { + uint8_t data[16]; + } iv; + + struct rte_security_ipsec_xform ipsec_xform; + + bool aead; + + union { + struct { + struct rte_crypto_sym_xform cipher; + struct rte_crypto_sym_xform auth; + } chain; + struct rte_crypto_sym_xform aead; + } xform; +}; + +int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, + const struct rte_security_capability *sec_cap, + bool silent); + +int test_ipsec_crypto_caps_aead_verify( + const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *aead); + +void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, + struct ipsec_test_data *td_in); + +int test_ipsec_post_process(struct rte_mbuf *m, + const struct ipsec_test_data *td, + struct ipsec_test_data *res_d, bool silent); + +int test_ipsec_status_check(struct rte_crypto_op *op, + enum rte_security_ipsec_sa_direction dir); + +#endif diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h new file mode 100644 index 0000000..ae9cd24 --- /dev/null +++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h @@ -0,0 +1,321 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2021 Marvell + */ + +#ifndef TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ +#define TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ + +#include +#include + +#include "test_cryptodev_security_ipsec.h" + +/* + * Known vectors + * + * AES-GCM vectors are based on : + * https://datatracker.ietf.org/doc/html/draft-mcgrew-gcm-test-01 + * + * Vectors are updated to have corrected L4 checksum and sequence number 1. + */ + +struct ipsec_test_data pkt_aes_128_gcm = { + .key = { + .data = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x3e, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x11, 0x4d, 0xcc, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* UDP */ + 0x0a, 0x98, 0x00, 0x35, 0x00, 0x2a, 0x23, 0x43, + 0xb2, 0xd0, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x03, 0x73, 0x69, 0x70, + 0x09, 0x63, 0x79, 0x62, 0x65, 0x72, 0x63, 0x69, + 0x74, 0x79, 0x02, 0x64, 0x6b, 0x00, 0x00, 0x01, + 0x00, 0x01, + }, + .len = 62, + }, + .output_text = { + .data = { + /* IP - outer header */ + 0x45, 0x00, 0x00, 0x74, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x32, 0x4d, 0x75, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* ESP */ + 0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + + /* Data */ + 0xde, 0xb2, 0x2c, 0xd9, 0xb0, 0x7c, 0x72, 0xc1, + 0x6e, 0x3a, 0x65, 0xbe, 0xeb, 0x8d, 0xf3, 0x04, + 0xa5, 0xa5, 0x89, 0x7d, 0x33, 0xae, 0x53, 0x0f, + 0x1b, 0xa7, 0x6d, 0x5d, 0x11, 0x4d, 0x2a, 0x5c, + 0x3d, 0xe8, 0x18, 0x27, 0xc1, 0x0e, 0x9a, 0x4f, + 0x51, 0x33, 0x0d, 0x0e, 0xec, 0x41, 0x66, 0x42, + 0xcf, 0xbb, 0x85, 0xa5, 0xb4, 0x7e, 0x48, 0xa4, + 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd4, + 0x29, 0xc7, 0x37, 0x57, 0x9f, 0xf1, 0x9e, 0x58, + 0xcf, 0xfc, 0x60, 0x7a, 0x3b, 0xce, 0x89, 0x94, + + }, + .len = 116, + }, + .salt = { + .data = { + 0xca, 0xfe, 0xba, 0xbe + }, + .len = 4, + }, + + .iv = { + .data = { + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 + }, + }, + + .ipsec_xform = { + .spi = 0xa5f8, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .esn_soft_limit = 0, + .replay_win_sz = 0, + }, + + .aead = true, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 12, + }, + }, + }, +}; + +struct ipsec_test_data pkt_aes_192_gcm = { + .key = { + .data = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x28, 0xa4, 0xad, 0x40, 0x00, + 0x40, 0x06, 0x78, 0x80, 0x0a, 0x01, 0x03, 0x8f, + 0x0a, 0x01, 0x06, 0x12, + + /* TCP */ + 0x80, 0x23, 0x06, 0xb8, 0xcb, 0x71, 0x26, 0x02, + 0xdd, 0x6b, 0xb0, 0x3e, 0x50, 0x10, 0x16, 0xd0, + 0x75, 0x67, 0x00, 0x01 + }, + .len = 40, + }, + .output_text = { + .data = { + /* IP - outer header */ + 0x45, 0x00, 0x00, 0x60, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x32, 0x4d, 0x89, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* ESP */ + 0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + + /* Data */ + 0xa5, 0xb1, 0xf8, 0x06, 0x60, 0x29, 0xae, 0xa4, + 0x0e, 0x59, 0x8b, 0x81, 0x22, 0xde, 0x02, 0x42, + 0x09, 0x38, 0xb3, 0xab, 0x33, 0xf8, 0x28, 0xe6, + 0x87, 0xb8, 0x85, 0x8b, 0x5b, 0xfb, 0xdb, 0xd0, + 0x31, 0x5b, 0x27, 0x45, 0x21, 0x4b, 0xcc, 0x77, + 0x82, 0xac, 0x91, 0x38, 0xf2, 0xbb, 0xbe, 0xe4, + 0xcf, 0x03, 0x36, 0x89, 0xdd, 0x40, 0xd3, 0x6e, + 0x54, 0x05, 0x22, 0x22, + }, + .len = 96, + }, + .salt = { + .data = { + 0xca, 0xfe, 0xba, 0xbe + }, + .len = 4, + }, + + .iv = { + .data = { + 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 + }, + }, + + .ipsec_xform = { + .spi = 0xa5f8, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .esn_soft_limit = 0, + .replay_win_sz = 0, + }, + + .aead = true, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 24, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 12, + }, + }, + }, +}; + +struct ipsec_test_data pkt_aes_256_gcm = { + .key = { + .data = { + 0xab, 0xbc, 0xcd, 0xde, 0xf0, 0x01, 0x12, 0x23, + 0x34, 0x45, 0x56, 0x67, 0x78, 0x89, 0x9a, 0xab, + 0xab, 0xbc, 0xcd, 0xde, 0xf0, 0x01, 0x12, 0x23, + 0x34, 0x45, 0x56, 0x67, 0x78, 0x89, 0x9a, 0xab, + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x30, 0x69, 0xa6, 0x40, 0x00, + 0x80, 0x06, 0x26, 0x90, 0xc0, 0xa8, 0x01, 0x02, + 0x93, 0x89, 0x15, 0x5e, + + /* TCP */ + 0x0a, 0x9e, 0x00, 0x8b, 0x2d, 0xc5, 0x7e, 0xe0, + 0x00, 0x00, 0x00, 0x00, 0x70, 0x02, 0x40, 0x00, + 0x20, 0xbf, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4, + 0x01, 0x01, 0x04, 0x02, + }, + .len = 48, + }, + .output_text = { + .data = { + /* IP - outer header */ + 0x45, 0x00, 0x00, 0x68, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x32, 0x4d, 0x81, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* ESP */ + 0x4a, 0x2c, 0xbf, 0xe3, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + + /* Data */ + 0xff, 0x42, 0x5c, 0x9b, 0x72, 0x45, 0x99, 0xdf, + 0x7a, 0x3b, 0xcd, 0x51, 0x01, 0x94, 0xe0, 0x0d, + 0x6a, 0x78, 0x10, 0x7f, 0x1b, 0x0b, 0x1c, 0xbf, + 0x06, 0xef, 0xae, 0x9d, 0x65, 0xa5, 0xd7, 0x63, + 0x74, 0x8a, 0x63, 0x79, 0x85, 0x77, 0x1d, 0x34, + 0x7f, 0x05, 0x45, 0x65, 0x9f, 0x14, 0xe9, 0x9d, + 0xef, 0x84, 0x2d, 0x8b, 0x00, 0x14, 0x4a, 0x1f, + 0xec, 0x6a, 0xdf, 0x0c, 0x9a, 0x92, 0x7f, 0xee, + 0xa6, 0xc5, 0x11, 0x60, + }, + .len = 104, + }, + .salt = { + .data = { + 0x11, 0x22, 0x33, 0x44 + }, + .len = 4, + }, + + .iv = { + .data = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 + }, + }, + + .ipsec_xform = { + .spi = 0x4a2cbfe3, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .esn_soft_limit = 0, + .replay_win_sz = 0, + }, + + .aead = true, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 32, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 12, + }, + }, + }, +}; + +#endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */ From patchwork Fri Sep 17 13:15:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99144 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D98DEA0C46; Fri, 17 Sep 2021 15:15:55 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C8FF6410E3; Fri, 17 Sep 2021 15:15:55 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 1AF6B40689 for ; Fri, 17 Sep 2021 15:15:53 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18HCkeif017969; Fri, 17 Sep 2021 06:15:53 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=m2w/10XQrW/QqHkQ4D0tx6FF7HOh21jqcj2PSn1FXoU=; b=kX5twA5pxKWW6ItCe0G/J8BvHQmxDIfos3+ohmcHznizcIDe3+VVj85Ulsajk/q1DJHg UAsP4VjEhVFd2mEGYjFTDpchPS2AbUmxE6vez7sAFOevWyoOh8bcE3kA6D5ZViZzT3GT /YgqkI1TuMdOCT2Phfis4vZtUX2n8YWvySg4cVRGobsKbFRThq5B5ETPbEIGwqZhD2ZP 34/dOxmA3Eq0oK83rUFZOcnbJuXh6uISn+ba+W2qavL+30ZsFdAz7ch0mACRyZG9SKdN v9734CBHUSFiflVr2V3yattSlT6VuxO08u1I/h/tyyJBuHGhNNrN6CGaAgf+Yl1noMdw qg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3b4uasg2w7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 17 Sep 2021 06:15:53 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Fri, 17 Sep 2021 06:15:51 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Fri, 17 Sep 2021 06:15:51 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 658765B6941; Fri, 17 Sep 2021 06:15:46 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Fri, 17 Sep 2021 18:45:20 +0530 Message-ID: <1631884523-836-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1631884523-836-1-git-send-email-anoobj@marvell.com> References: <1630644420-1256-1-git-send-email-anoobj@marvell.com> <1631884523-836-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: zjP8AMnUlO2fg5thXkbIBHvCAVbaNICm X-Proofpoint-ORIG-GUID: zjP8AMnUlO2fg5thXkbIBHvCAVbaNICm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-17_05,2021-09-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH v4 2/5] test/crypto: add combined mode tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add framework to test IPsec features with all supported combinations of ciphers. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj Acked-by: Akhil Goyal --- app/test/test_cryptodev.c | 73 +++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.c | 107 +++++++++++++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.h | 52 ++++++++++++++- 3 files changed, 223 insertions(+), 9 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9c7875c..7fd246e 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8904,7 +8904,8 @@ static int test_ipsec_proto_process(const struct ipsec_test_data td[], struct ipsec_test_data res_d[], int nb_td, - bool silent) + bool silent, + const struct ipsec_test_flags *flags) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; @@ -9021,7 +9022,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); - ret = test_ipsec_status_check(ut_params->op, dir); + ret = test_ipsec_status_check(ut_params->op, flags, dir); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -9029,7 +9030,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], res_d_tmp = &res_d[i]; ret = test_ipsec_post_process(ut_params->ibuf, &td[i], - res_d_tmp, silent); + res_d_tmp, silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -9057,11 +9058,71 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], static int test_ipsec_proto_known_vec_inb(const void *td_outb) { + struct ipsec_test_flags flags; struct ipsec_test_data td_inb; + memset(&flags, 0, sizeof(flags)); + test_ipsec_td_in_from_out(td_outb, &td_inb); - return test_ipsec_proto_process(&td_inb, NULL, 1, false); + return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags); +} + +static int +test_ipsec_proto_all(const struct ipsec_test_flags *flags) +{ + struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + unsigned int i, nb_pkts = 1, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(aead_list); i++) { + test_ipsec_td_prepare(&aead_list[i], + NULL, + flags, + td_outb, + nb_pkts); + + ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags); + + ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_ipsec_display_alg(&aead_list[i], NULL); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_ipsec_proto_display_list(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + + return test_ipsec_proto_all(&flags); } static int @@ -13971,6 +14032,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm), + TEST_CASE_NAMED_ST( + "Combined test alg list", + ut_setup_security, ut_teardown, + test_ipsec_proto_display_list), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 2431fcb..d08e093 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -10,6 +10,8 @@ #include "test.h" #include "test_cryptodev_security_ipsec.h" +extern struct ipsec_test_data pkt_aes_256_gcm; + int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, @@ -128,6 +130,68 @@ test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, } } +void +test_ipsec_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct ipsec_test_flags *flags, + struct ipsec_test_data *td_array, + int nb_td) + +{ + struct ipsec_test_data *td; + int i; + + memset(td_array, 0, nb_td * sizeof(*td)); + + for (i = 0; i < nb_td; i++) { + td = &td_array[i]; + /* Copy template for packet & key fields */ + memcpy(td, &pkt_aes_256_gcm, sizeof(*td)); + + /* Override fields based on param */ + + if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) + td->aead = true; + else + td->aead = false; + + td->xform.aead.aead.algo = param1->alg.aead; + td->xform.aead.aead.key.length = param1->key_length; + } + + RTE_SET_USED(flags); + RTE_SET_USED(param2); +} + +void +test_ipsec_td_update(struct ipsec_test_data td_inb[], + const struct ipsec_test_data td_outb[], + int nb_td, + const struct ipsec_test_flags *flags) +{ + int i; + + for (i = 0; i < nb_td; i++) { + memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data, + td_outb[i].input_text.len); + td_inb[i].output_text.len = td_outb->input_text.len; + } + + RTE_SET_USED(flags); +} + +void +test_ipsec_display_alg(const struct crypto_param *param1, + const struct crypto_param *param2) +{ + if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) + printf("\t%s [%d]\n", + rte_crypto_aead_algorithm_strings[param1->alg.aead], + param1->key_length); + + RTE_SET_USED(param2); +} + static int test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) { @@ -148,7 +212,7 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) static int test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, - bool silent) + bool silent, const struct ipsec_test_flags *flags) { uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip, len = rte_pktmbuf_pkt_len(m); @@ -177,12 +241,37 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, return TEST_FAILED; } + RTE_SET_USED(flags); + + return TEST_SUCCESS; +} + +static int +test_ipsec_res_d_prepare(struct rte_mbuf *m, const struct ipsec_test_data *td, + struct ipsec_test_data *res_d) +{ + uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); + uint32_t len = rte_pktmbuf_pkt_len(m); + + memcpy(res_d, td, sizeof(*res_d)); + memcpy(res_d->input_text.data, output_text, len); + res_d->input_text.len = len; + + res_d->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; + if (res_d->aead) { + res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; + } else { + printf("Only AEAD supported\n"); + return TEST_SKIPPED; + } + return TEST_SUCCESS; } int test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, - struct ipsec_test_data *res_d, bool silent) + struct ipsec_test_data *res_d, bool silent, + const struct ipsec_test_flags *flags) { /* * In case of known vector tests & all inbound tests, res_d provided @@ -190,13 +279,22 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, * For inbound, output_text would be plain packet and for outbound * output_text would IPsec packet. Validate by comparing against * known vectors. + * + * In case of combined mode tests, the output_text from outbound + * operation (ie, IPsec packet) would need to be inbound processed to + * obtain the plain text. Copy output_text to result data, 'res_d', so + * that inbound processing can be done. */ - RTE_SET_USED(res_d); - return test_ipsec_td_verify(m, td, silent); + + if (res_d == NULL) + return test_ipsec_td_verify(m, td, silent, flags); + else + return test_ipsec_res_d_prepare(m, td, res_d); } int test_ipsec_status_check(struct rte_crypto_op *op, + const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir) { int ret = TEST_SUCCESS; @@ -206,6 +304,7 @@ test_ipsec_status_check(struct rte_crypto_op *op, ret = TEST_FAILED; } + RTE_SET_USED(flags); RTE_SET_USED(dir); return ret; diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 5f1b46d..cbb3ee4 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -8,6 +8,8 @@ #include #include +#define IPSEC_TEST_PACKETS_MAX 32 + struct ipsec_test_data { struct { uint8_t data[32]; @@ -45,6 +47,38 @@ struct ipsec_test_data { } xform; }; +struct ipsec_test_flags { + bool display_alg; +}; + +struct crypto_param { + enum rte_crypto_sym_xform_type type; + union { + enum rte_crypto_cipher_algorithm cipher; + enum rte_crypto_auth_algorithm auth; + enum rte_crypto_aead_algorithm aead; + } alg; + uint16_t key_length; +}; + +static const struct crypto_param aead_list[] = { + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 16, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 24, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 32 + }, +}; + int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, bool silent); @@ -56,11 +90,27 @@ int test_ipsec_crypto_caps_aead_verify( void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, struct ipsec_test_data *td_in); +void test_ipsec_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct ipsec_test_flags *flags, + struct ipsec_test_data *td_array, + int nb_td); + +void test_ipsec_td_update(struct ipsec_test_data td_inb[], + const struct ipsec_test_data td_outb[], + int nb_td, + const struct ipsec_test_flags *flags); + +void test_ipsec_display_alg(const struct crypto_param *param1, + const struct crypto_param *param2); + int test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, - struct ipsec_test_data *res_d, bool silent); + struct ipsec_test_data *res_d, bool silent, + const struct ipsec_test_flags *flags); int test_ipsec_status_check(struct rte_crypto_op *op, + const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir); #endif From patchwork Fri Sep 17 13:15:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99145 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CE6B8A0C46; Fri, 17 Sep 2021 15:16:03 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4EF11410EF; Fri, 17 Sep 2021 15:16:01 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 5F0A2410ED for ; Fri, 17 Sep 2021 15:16:00 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18HCl9Nh018630; Fri, 17 Sep 2021 06:15:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=a4/dOgDkHofinBvBUWltTzjJnIypwZ/lzGTZ6N0Zljw=; b=PaQ1Fl7ffSrX1mlNaws8xIBGdiuSn0q/rlarHBLrdkMjxpQKzRveO0wMFSGgMdI2Zl06 F8vhOnYbey/veVIMG4Km3lTaQB1qovgUY1OXgii7rh9Wx2UqTwLO/5X11UG5fsnUHQ7b rEHdvzXUQYRIjinIKH2MqUq++cR2sscPkjDqqj+l2Iu/1l6QM/jPPHrWYqH+M0otZnum VurZWHXROSuxVn/CB0uxpS9zWj7cNN1ZgqRRk+Aj93k52EuhnzFz2tVDjGHJDyBq2D9x zwOy4EYdO/9jn/AuYOZLkzqrcbq0oTyAtHmcjQd9TVDdKPffnBjUjK4nrSXiJ6lCY1uy og== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3b4uasg2ws-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 17 Sep 2021 06:15:59 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Fri, 17 Sep 2021 06:15:58 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Fri, 17 Sep 2021 06:15:58 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 18C413F703F; Fri, 17 Sep 2021 06:15:52 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Tejasree Kondoj , Jerin Jacob , Archana Muniganti , Hemant Agrawal , Radu Nicolau , Ciara Power , Gagandeep Singh , , Anoob Joseph Date: Fri, 17 Sep 2021 18:45:21 +0530 Message-ID: <1631884523-836-4-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1631884523-836-1-git-send-email-anoobj@marvell.com> References: <1630644420-1256-1-git-send-email-anoobj@marvell.com> <1631884523-836-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: HLwSg7q1C_xuEGrQOxgOP3PZpzdIu1KL X-Proofpoint-ORIG-GUID: HLwSg7q1C_xuEGrQOxgOP3PZpzdIu1KL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-17_05,2021-09-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH v4 3/5] test/crypto: add lookaside IPsec ICV corrupt test case X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Adding lookaside IPsec ICV corrupt test case. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj Acked-by: Akhil Goyal Acked-by: Hemant Agrawal --- app/test/test_cryptodev.c | 16 ++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 30 ++++++++++++++++++++---------- app/test/test_cryptodev_security_ipsec.h | 1 + 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 7fd246e..19694f8 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9126,6 +9126,18 @@ test_ipsec_proto_display_list(const void *data __rte_unused) } static int +test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.icv_corrupt = true; + + return test_ipsec_proto_all(&flags); +} + +static int test_PDCP_PROTO_all(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -14036,6 +14048,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_ipsec_proto_display_list), + TEST_CASE_NAMED_ST( + "Negative test: ICV corruption", + ut_setup_security, ut_teardown, + test_ipsec_proto_err_icv_corrupt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index d08e093..aebbe66 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -175,9 +175,12 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data, td_outb[i].input_text.len); td_inb[i].output_text.len = td_outb->input_text.len; - } - RTE_SET_USED(flags); + if (flags->icv_corrupt) { + int icv_pos = td_inb[i].input_text.len - 4; + td_inb[i].input_text.data[icv_pos] += 1; + } + } } void @@ -217,6 +220,11 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip, len = rte_pktmbuf_pkt_len(m); + /* For negative tests, no need to do verification */ + if (flags->icv_corrupt && + td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + return TEST_SUCCESS; + if (len != td->output_text.len) { printf("Output length (%d) not matching with expected (%d)\n", len, td->output_text.len); @@ -241,8 +249,6 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, return TEST_FAILED; } - RTE_SET_USED(flags); - return TEST_SUCCESS; } @@ -299,13 +305,17 @@ test_ipsec_status_check(struct rte_crypto_op *op, { int ret = TEST_SUCCESS; - if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { - printf("Security op processing failed\n"); - ret = TEST_FAILED; + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) { + if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { + printf("ICV corruption test case failed\n"); + ret = TEST_FAILED; + } + } else { + if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + printf("Security op processing failed\n"); + ret = TEST_FAILED; + } } - RTE_SET_USED(flags); - RTE_SET_USED(dir); - return ret; } diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index cbb3ee4..134fc3a 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -49,6 +49,7 @@ struct ipsec_test_data { struct ipsec_test_flags { bool display_alg; + bool icv_corrupt; }; struct crypto_param { From patchwork Fri Sep 17 13:15:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99146 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 92D2AA0C46; Fri, 17 Sep 2021 15:16:10 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8297B410ED; Fri, 17 Sep 2021 15:16:10 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 75E7B407FF for ; Fri, 17 Sep 2021 15:16:08 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18HCl9Nj018630; Fri, 17 Sep 2021 06:16:07 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=4YzDz4SfvOw4cPMS+XryunTEOUqd89Nzyt8TCQdsBEI=; b=dD/XcR0QMMX/XB+nNhtgCUQS5tJja+Y9U2HdZGRRL1GEFlo9xgC2rgIabz2ryGp9VQ5+ i+SB5ox4SLPJURM6ujzz8aztQcmH/pt4dMrv70TASLawklb3k40HpNPBwJnO0eKemvBB y7K8OcFJ6sHevodS71f51GaD0VW3sGrr7+hPfIK36MOgsB+RkQrBlJvsrsg3Z7I1kkty unlX1AEpMl8QU1UqEPMgq+GhLfNeArPLl/P1UaAKSWYmp03x4nK1f4RT303PBaVN1ZCm 3dmUGYt4NPgKoupwGZqB7fBmvOkkkWJ4g85P6owxJcqSk4zN8Sj95QgtRjPCX+1jpWfT Iw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3b4uasg2xf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 17 Sep 2021 06:16:07 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Fri, 17 Sep 2021 06:16:06 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Fri, 17 Sep 2021 06:16:06 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 5E38C3F704E; Fri, 17 Sep 2021 06:15:59 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Tejasree Kondoj , Jerin Jacob , Archana Muniganti , Hemant Agrawal , Radu Nicolau , Ciara Power , Gagandeep Singh , , Anoob Joseph Date: Fri, 17 Sep 2021 18:45:22 +0530 Message-ID: <1631884523-836-5-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1631884523-836-1-git-send-email-anoobj@marvell.com> References: <1630644420-1256-1-git-send-email-anoobj@marvell.com> <1631884523-836-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: GL1JKupPdJRFgdSC6rU2o3U2ydb3UEzk X-Proofpoint-ORIG-GUID: GL1JKupPdJRFgdSC6rU2o3U2ydb3UEzk X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-17_05,2021-09-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH v4 4/5] test/crypto: add IV gen tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Add test cases to verify IV generated by PMD. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj Acked-by: Akhil Goyal --- app/test/test_cryptodev.c | 19 ++++++++++++ app/test/test_cryptodev_security_ipsec.c | 52 ++++++++++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.h | 1 + 3 files changed, 72 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 19694f8..0422ff3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9076,6 +9076,9 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; + if (flags->iv_gen) + nb_pkts = IPSEC_TEST_PACKETS_MAX; + for (i = 0; i < RTE_DIM(aead_list); i++) { test_ipsec_td_prepare(&aead_list[i], NULL, @@ -9126,6 +9129,18 @@ test_ipsec_proto_display_list(const void *data __rte_unused) } static int +test_ipsec_proto_iv_gen(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.iv_gen = true; + + return test_ipsec_proto_all(&flags); +} + +static int test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) { struct ipsec_test_flags flags; @@ -14049,6 +14064,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_display_list), TEST_CASE_NAMED_ST( + "IV generation", + ut_setup_security, ut_teardown, + test_ipsec_proto_iv_gen), + TEST_CASE_NAMED_ST( "Negative test: ICV corruption", ut_setup_security, ut_teardown, test_ipsec_proto_err_icv_corrupt), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index aebbe66..78c7f3a 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -4,12 +4,15 @@ #include #include +#include #include #include #include "test.h" #include "test_cryptodev_security_ipsec.h" +#define IV_LEN_MAX 16 + extern struct ipsec_test_data pkt_aes_256_gcm; int @@ -214,6 +217,46 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) } static int +test_ipsec_iv_verify_push(struct rte_mbuf *m, const struct ipsec_test_data *td) +{ + static uint8_t iv_queue[IV_LEN_MAX * IPSEC_TEST_PACKETS_MAX]; + uint8_t *iv_tmp, *output_text = rte_pktmbuf_mtod(m, uint8_t *); + int i, iv_pos, iv_len; + static int index; + + if (td->aead) + iv_len = td->xform.aead.aead.iv.length - td->salt.len; + else + iv_len = td->xform.chain.cipher.cipher.iv.length; + + iv_pos = test_ipsec_tunnel_hdr_len_get(td) + sizeof(struct rte_esp_hdr); + output_text += iv_pos; + + TEST_ASSERT(iv_len <= IV_LEN_MAX, "IV length greater than supported"); + + /* Compare against previous values */ + for (i = 0; i < index; i++) { + iv_tmp = &iv_queue[i * IV_LEN_MAX]; + + if (memcmp(output_text, iv_tmp, iv_len) == 0) { + printf("IV repeated"); + return TEST_FAILED; + } + } + + /* Save IV for future comparisons */ + + iv_tmp = &iv_queue[index * IV_LEN_MAX]; + memcpy(iv_tmp, output_text, iv_len); + index++; + + if (index == IPSEC_TEST_PACKETS_MAX) + index = 0; + + return TEST_SUCCESS; +} + +static int test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, bool silent, const struct ipsec_test_flags *flags) { @@ -279,6 +322,15 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, struct ipsec_test_data *res_d, bool silent, const struct ipsec_test_flags *flags) { + int ret; + + if (flags->iv_gen && + td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + ret = test_ipsec_iv_verify_push(m, td); + if (ret != TEST_SUCCESS) + return ret; + } + /* * In case of known vector tests & all inbound tests, res_d provided * would be NULL and output data need to be validated against expected. diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 134fc3a..d2ec63f 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -50,6 +50,7 @@ struct ipsec_test_data { struct ipsec_test_flags { bool display_alg; bool icv_corrupt; + bool iv_gen; }; struct crypto_param { From patchwork Fri Sep 17 13:15:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99147 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B69C4A0C46; Fri, 17 Sep 2021 15:16:17 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A355140E0F; Fri, 17 Sep 2021 15:16:17 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 9772E407FF for ; Fri, 17 Sep 2021 15:16:15 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18HCklmw018038; Fri, 17 Sep 2021 06:16:14 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=SGgbIXN/F1CgyfsiJj9/E44KxEundmKtxadOohOo+ug=; b=TMdA85/bLeRrjo8NQHv9kLa95Q6LZz4jF+gaCnW4DSlzOYA6u1m9D2pL7F1tH3xH3qr+ 93VL502yfYl87ohRURpRd7B6Craz30fqCxTdvgPCL0bmtBRrlQkfR08ubAti6qfSPNqX LHRJ31vfOTaaaUNTPkRiuTRQF1ZE5JS6US/m5GTNSTOHqL+iWmeu3mKKTq6PilqVbt8g Zwl6w1IxtYmK8pWrAuWe79USXzlOVyHaHGgSWAfUb6F2FY/aGWtE69Mi0LbP+k2onYKq 9tiq6U+jmf86549i+0ahF1vcSa217+LWcDAE5rnD0YjUdz1DTE675kSMCBg5DsN1f3h7 iA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3b4uasg2y0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 17 Sep 2021 06:16:14 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Fri, 17 Sep 2021 06:16:13 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Fri, 17 Sep 2021 06:16:12 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id A8AD53F704E; Fri, 17 Sep 2021 06:16:08 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Tejasree Kondoj , Jerin Jacob , Archana Muniganti , Hemant Agrawal , Radu Nicolau , Ciara Power , Gagandeep Singh , Date: Fri, 17 Sep 2021 18:45:23 +0530 Message-ID: <1631884523-836-6-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1631884523-836-1-git-send-email-anoobj@marvell.com> References: <1630644420-1256-1-git-send-email-anoobj@marvell.com> <1631884523-836-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: nOXdLD8EXKkkMFoLuwGtdXw3SoBZYvRz X-Proofpoint-ORIG-GUID: nOXdLD8EXKkkMFoLuwGtdXw3SoBZYvRz X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-17_05,2021-09-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH v4 5/5] test/crypto: add UDP encapsulation test cases X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Adding UDP encapsulation test cases. Signed-off-by: Tejasree Kondoj Acked-by: Akhil Goyal --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 28 ++++++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.h | 1 + doc/guides/rel_notes/release_21_11.rst | 7 +++++++ 4 files changed, 55 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 0422ff3..b05e2ef 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8942,6 +8942,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], sec_cap_idx.ipsec.mode = ipsec_xform.mode; sec_cap_idx.ipsec.direction = ipsec_xform.direction; + if (flags->udp_encap) + ipsec_xform.options.udp_encap = 1; + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); if (sec_cap == NULL) return TEST_SKIPPED; @@ -9153,6 +9156,18 @@ test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) } static int +test_ipsec_proto_udp_encap(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.udp_encap = true; + + return test_ipsec_proto_all(&flags); +} + +static int test_PDCP_PROTO_all(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -14068,6 +14083,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_iv_gen), TEST_CASE_NAMED_ST( + "UDP encapsulation", + ut_setup_security, ut_teardown, + test_ipsec_proto_udp_encap), + TEST_CASE_NAMED_ST( "Negative test: ICV corruption", ut_setup_security, ut_teardown, test_ipsec_proto_err_icv_corrupt), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 78c7f3a..5b54996 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -7,6 +7,7 @@ #include #include #include +#include #include "test.h" #include "test_cryptodev_security_ipsec.h" @@ -183,6 +184,9 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], int icv_pos = td_inb[i].input_text.len - 4; td_inb[i].input_text.data[icv_pos] += 1; } + + if (flags->udp_encap) + td_inb[i].ipsec_xform.options.udp_encap = 1; } } @@ -268,6 +272,30 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) return TEST_SUCCESS; + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + flags->udp_encap) { + const struct rte_ipv4_hdr *iph4; + const struct rte_ipv6_hdr *iph6; + + if (td->ipsec_xform.tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + iph4 = (const struct rte_ipv4_hdr *)output_text; + if (iph4->next_proto_id != IPPROTO_UDP) { + printf("UDP header is not found\n"); + return TEST_FAILED; + } + } else { + iph6 = (const struct rte_ipv6_hdr *)output_text; + if (iph6->proto != IPPROTO_UDP) { + printf("UDP header is not found\n"); + return TEST_FAILED; + } + } + + len -= sizeof(struct rte_udp_hdr); + output_text += sizeof(struct rte_udp_hdr); + } + if (len != td->output_text.len) { printf("Output length (%d) not matching with expected (%d)\n", len, td->output_text.len); diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index d2ec63f..e1645f4 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -51,6 +51,7 @@ struct ipsec_test_flags { bool display_alg; bool icv_corrupt; bool iv_gen; + bool udp_encap; }; struct crypto_param { diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 43d367b..30c9ccf 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -87,6 +87,13 @@ New Features Added command-line options to specify total number of processes and current process ID. Each process owns subset of Rx and Tx queues. +* **Added lookaside protocol (IPsec) tests in dpdk-test.** + + * Added known vector tests (AES-GCM 128, 192, 256). + * Added tests to verify error reporting with ICV corruption. + * Added tests to verify IV generation. + * Added tests to verify UDP encapsulation. + Removed Items -------------