From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
Declan Doherty <declan.doherty@intel.com>,
Fan Zhang <roy.fan.zhang@intel.com>,
"Konstantin Ananyev" <konstantin.ananyev@intel.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
"Ankur Dwivedi" <adwivedi@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH 21.11 2/3] test/crypto: add combined mode tests
Date: Thu, 29 Jul 2021 16:13:21 +0530 [thread overview]
Message-ID: <1627555402-4789-3-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1627555402-4789-1-git-send-email-anoobj@marvell.com>
Add framework to test IPsec features with all supported
combinations of ciphers.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
app/test/test_cryptodev.c | 74 +++++++++++++++++++--
app/test/test_cryptodev_security_ipsec.c | 107 +++++++++++++++++++++++++++++--
app/test/test_cryptodev_security_ipsec.h | 50 ++++++++++++++-
3 files changed, 221 insertions(+), 10 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 6e5bd69..ad9f372 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -8863,7 +8863,8 @@ static int
test_ipsec_proto_process(const struct ipsec_test_data td[],
struct ipsec_test_data res_d[],
int nb_td,
- bool silent)
+ bool silent,
+ const struct ipsec_test_flags *flags)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -8986,12 +8987,12 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
/* Process crypto operation */
process_crypto_request(dev_id, ut_params->op);
- ret = test_ipsec_status_check(ut_params->op, dir);
+ ret = test_ipsec_status_check(ut_params->op, flags, dir);
if (ret != TEST_SUCCESS)
goto crypto_op_free;
ret = test_ipsec_post_process(ut_params->ibuf, &td[i],
- &res_d[i], silent);
+ &res_d[i], silent, flags);
rte_crypto_op_free(ut_params->op);
ut_params->op = NULL;
@@ -9017,17 +9018,76 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
static int
test_ipsec_proto_known_vec(const void *test_data)
{
- return test_ipsec_proto_process(test_data, NULL, 1, false);
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ return test_ipsec_proto_process(test_data, NULL, 1, false, &flags);
}
static int
test_ipsec_proto_known_vec_inb(const void *td_outb)
{
+ struct ipsec_test_flags flags;
struct ipsec_test_data td_inb;
+ memset(&flags, 0, sizeof(flags));
+
test_ipsec_td_in_from_out(td_outb, &td_inb);
- return test_ipsec_proto_process(&td_inb, NULL, 1, false);
+ return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags);
+}
+
+static int
+test_ipsec_proto_all(const struct ipsec_test_flags *flags)
+{
+ struct ipsec_test_data td_outb[1];
+ struct ipsec_test_data td_inb[1];
+ unsigned int i, pass_cnt = 0;
+ int ret;
+
+ for (i = 0; i < RTE_DIM(aead_list); i++) {
+ test_ipsec_td_prepare(&aead_list[i],
+ NULL,
+ flags,
+ td_outb,
+ RTE_DIM(td_outb));
+
+ ret = test_ipsec_proto_process(td_outb, td_inb, 1, true, flags);
+ if (ret != TEST_SUCCESS)
+ continue;
+
+ test_ipsec_td_update(td_inb, td_outb, RTE_DIM(td_inb), flags);
+
+ ret = test_ipsec_proto_process(td_inb, NULL, 1, true, flags);
+ if (ret == TEST_SKIPPED)
+ continue;
+
+ if (ret == TEST_FAILED)
+ return TEST_FAILED;
+
+ if (flags->display_alg)
+ test_ipsec_display_alg(&aead_list[i], NULL);
+
+ pass_cnt++;
+ }
+
+ if (pass_cnt > 0)
+ return TEST_SUCCESS;
+ else
+ return TEST_SKIPPED;
+}
+
+static int
+test_ipsec_proto_display_list(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.display_alg = true;
+
+ return test_ipsec_proto_all(&flags);
}
static int
@@ -13948,6 +14008,10 @@ static struct unit_test_suite ipsec_proto_testsuite = {
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),
+ TEST_CASE_NAMED_ST(
+ "Combined test alg list",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_display_list),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 789d39c..5351556 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -10,6 +10,8 @@
#include "test.h"
#include "test_cryptodev_security_ipsec.h"
+extern struct ipsec_test_data pkt_aes_256_gcm;
+
int
test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
const struct rte_security_capability *sec_cap,
@@ -128,9 +130,71 @@ test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
}
}
+void
+test_ipsec_td_prepare(const struct crypto_param *param1,
+ const struct crypto_param *param2,
+ const struct ipsec_test_flags *flags,
+ struct ipsec_test_data *td_array,
+ int nb_td)
+
+{
+ struct ipsec_test_data *td;
+ int i;
+
+ memset(td_array, 0, nb_td * sizeof(*td));
+
+ for (i = 0; i < nb_td; i++) {
+ td = &td_array[i];
+ /* Copy template for packet & key fields */
+ memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
+
+ /* Override fields based on param */
+
+ if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ td->aead = true;
+ else
+ td->aead = false;
+
+ td->xform.aead.aead.algo = param1->alg.aead;
+ td->xform.aead.aead.key.length = param1->key_length;
+ }
+
+ RTE_SET_USED(flags);
+ RTE_SET_USED(param2);
+}
+
+void
+test_ipsec_td_update(struct ipsec_test_data td_inb[],
+ const struct ipsec_test_data td_outb[],
+ int nb_td,
+ const struct ipsec_test_flags *flags)
+{
+ int i;
+
+ for (i = 0; i < nb_td; i++) {
+ memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
+ td_outb[i].input_text.len);
+ td_inb[i].output_text.len = td_outb->input_text.len;
+ }
+
+ RTE_SET_USED(flags);
+}
+
+void
+test_ipsec_display_alg(const struct crypto_param *param1,
+ const struct crypto_param *param2)
+{
+ if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ printf("\t%s [%d]\n",
+ rte_crypto_aead_algorithm_strings[param1->alg.aead],
+ param1->key_length);
+
+ RTE_SET_USED(param2);
+}
+
static int
test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
- bool silent)
+ bool silent, const struct ipsec_test_flags *flags)
{
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
uint32_t skip = 0, len = rte_pktmbuf_pkt_len(m);
@@ -167,12 +231,37 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
return TEST_FAILED;
}
+ RTE_SET_USED(flags);
+
+ return TEST_SUCCESS;
+}
+
+static int
+test_ipsec_res_d_prepare(struct rte_mbuf *m, const struct ipsec_test_data *td,
+ struct ipsec_test_data *res_d)
+{
+ uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
+ uint32_t len = rte_pktmbuf_pkt_len(m);
+
+ memcpy(res_d, td, sizeof(*res_d));
+ memcpy(res_d->input_text.data, output_text, len);
+ res_d->input_text.len = len;
+
+ res_d->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
+ if (res_d->aead) {
+ res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
+ } else {
+ printf("Only AEAD supported\n");
+ return TEST_SKIPPED;
+ }
+
return TEST_SUCCESS;
}
int
test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
- struct ipsec_test_data *res_d, bool silent)
+ struct ipsec_test_data *res_d, bool silent,
+ const struct ipsec_test_flags *flags)
{
/*
* In case of known vector tests & all inbound tests, res_d provided
@@ -180,13 +269,22 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
* For inbound, output_text would be plain packet and for outbound
* output_text would IPsec packet. Validate by comparing against
* known vectors.
+ *
+ * In case of combined mode tests, the output_text from outbound
+ * operation (ie, IPsec packet) would need to be inbound processed to
+ * obtain the plain text. Copy output_text to result data, 'res_d', so
+ * that inbound processing can be done.
*/
- RTE_SET_USED(res_d);
- return test_ipsec_td_verify(m, td, silent);
+
+ if (res_d == NULL)
+ return test_ipsec_td_verify(m, td, silent, flags);
+ else
+ return test_ipsec_res_d_prepare(m, td, res_d);
}
int
test_ipsec_status_check(struct rte_crypto_op *op,
+ const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir)
{
int ret = TEST_SUCCESS;
@@ -196,6 +294,7 @@ test_ipsec_status_check(struct rte_crypto_op *op,
ret = TEST_FAILED;
}
+ RTE_SET_USED(flags);
RTE_SET_USED(dir);
return ret;
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 5f1b46d..97f3f86 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -45,6 +45,38 @@ struct ipsec_test_data {
} xform;
};
+struct ipsec_test_flags {
+ bool display_alg;
+};
+
+struct crypto_param {
+ enum rte_crypto_sym_xform_type type;
+ union {
+ enum rte_crypto_cipher_algorithm cipher;
+ enum rte_crypto_auth_algorithm auth;
+ enum rte_crypto_aead_algorithm aead;
+ } alg;
+ uint16_t key_length;
+};
+
+static const struct crypto_param aead_list[] = {
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+ .key_length = 16,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+ .key_length = 24,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+ .key_length = 32
+ },
+};
+
int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
const struct rte_security_capability *sec_cap,
bool silent);
@@ -56,11 +88,27 @@ int test_ipsec_crypto_caps_aead_verify(
void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
struct ipsec_test_data *td_in);
+void test_ipsec_td_prepare(const struct crypto_param *param1,
+ const struct crypto_param *param2,
+ const struct ipsec_test_flags *flags,
+ struct ipsec_test_data *td_array,
+ int nb_td);
+
+void test_ipsec_td_update(struct ipsec_test_data td_inb[],
+ const struct ipsec_test_data td_outb[],
+ int nb_td,
+ const struct ipsec_test_flags *flags);
+
+void test_ipsec_display_alg(const struct crypto_param *param1,
+ const struct crypto_param *param2);
+
int test_ipsec_post_process(struct rte_mbuf *m,
const struct ipsec_test_data *td,
- struct ipsec_test_data *res_d, bool silent);
+ struct ipsec_test_data *res_d, bool silent,
+ const struct ipsec_test_flags *flags);
int test_ipsec_status_check(struct rte_crypto_op *op,
+ const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir);
#endif
--
2.7.4
next prev parent reply other threads:[~2021-07-29 10:43 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-29 10:43 [dpdk-dev] [PATCH 21.11 0/3] Add lookaside IPsec tests Anoob Joseph
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 1/3] test/crypto: add " Anoob Joseph
2021-07-29 10:43 ` Anoob Joseph [this message]
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 3/3] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 0/4] Add lookaside IPsec tests Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 1/4] test/crypto: add " Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 2/4] test/crypto: add combined mode tests Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 3/4] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 4/4] test/crypto: add IV gen tests Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 0/5] Add lookaside IPsec tests Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 1/5] test/crypto: add " Anoob Joseph
2021-09-03 9:38 ` Power, Ciara
2021-09-03 9:46 ` Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 2/5] test/crypto: add combined mode tests Anoob Joseph
2021-09-03 9:42 ` Power, Ciara
2021-09-03 10:04 ` Anoob Joseph
2021-09-03 15:04 ` Power, Ciara
2021-09-03 16:14 ` Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 4/5] test/crypto: add IV gen tests Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 5/5] test/crypto: add UDP encapsulation test cases Anoob Joseph
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 0/5] Add lookaside IPsec tests Anoob Joseph
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 1/5] test/crypto: add " Anoob Joseph
2021-09-21 16:08 ` Akhil Goyal
2021-09-23 4:48 ` Anoob Joseph
2021-09-23 10:39 ` Power, Ciara
2021-09-23 11:08 ` Anoob Joseph
2021-09-23 11:26 ` Power, Ciara
2021-09-23 11:30 ` Anoob Joseph
2021-09-24 8:42 ` Hemant Agrawal
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 2/5] test/crypto: add combined mode tests Anoob Joseph
2021-09-21 16:22 ` Akhil Goyal
2021-09-24 7:23 ` Hemant Agrawal
2021-09-24 8:12 ` [dpdk-dev] [EXT] " Anoob Joseph
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-21 16:25 ` Akhil Goyal
2021-09-24 8:43 ` Hemant Agrawal
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 4/5] test/crypto: add IV gen tests Anoob Joseph
2021-09-21 16:31 ` Akhil Goyal
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 5/5] test/crypto: add UDP encapsulation test cases Anoob Joseph
2021-09-21 16:35 ` Akhil Goyal
2021-09-23 13:34 ` [dpdk-dev] [PATCH v4 0/5] Add lookaside IPsec tests Power, Ciara
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 " Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 1/5] test/crypto: add lookaside IPsec cases Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 2/5] test/crypto: add combined mode " Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 4/5] test/crypto: add IV gen cases for IPsec Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 5/5] test/crypto: add UDP encapsulated IPsec test cases Anoob Joseph
2021-09-28 7:49 ` [dpdk-dev] [PATCH v5 0/5] Add lookaside IPsec tests Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1627555402-4789-3-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=adwivedi@marvell.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=konstantin.ananyev@intel.com \
--cc=ktejasree@marvell.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).