From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2D5A8A0C40; Thu, 29 Jul 2021 12:43:54 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C1015410FB; Thu, 29 Jul 2021 12:43:52 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id ED566410EF for ; Thu, 29 Jul 2021 12:43:50 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16TAe9YD002238; Thu, 29 Jul 2021 03:43:49 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=sNk8cELn8dOzk9BdDn88QftrhATaAA15V1HUAh+nReM=; b=jY/ZujUK7rxNY1nQcKxsA4P6PgwrxTgepI9gH3NgOtwPfL9Tc6MtFR1j533ev23PxJ8Q 7pkQrerWid7SUU/n4QDsuuzEaW494pFhCLRlzRGqx844cmP/vbx3/5aZV1pH/a4EScbN +xyC8/GQlu5is7WafcpDp3SaG5xjXM9f/FZufZ6DVWd24hgynMGk8WCOhrbnMmYCDcWI XV5LOyzaMRNfINzT7w+V5jrodwxVUDPkUehGWlisGKQi0RAG/cR5bWaQWvIiozvUh8FI NY60dwUmCFMtotExLnMib+RqWjwI1xdoXLE9i8nRO5+f2bIQhsSVvFtuS/hdFlq8TBpZ BQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3a35pr4arc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 29 Jul 2021 03:43:49 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 29 Jul 2021 03:43:47 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 29 Jul 2021 03:43:47 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 80D3E3F7061; Thu, 29 Jul 2021 03:43:43 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , "Ankur Dwivedi" , Tejasree Kondoj , Date: Thu, 29 Jul 2021 16:13:21 +0530 Message-ID: <1627555402-4789-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1627555402-4789-1-git-send-email-anoobj@marvell.com> References: <1627555402-4789-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: w4gWONrm0yMJ5c85sM8ub-ycYHL_a6NH X-Proofpoint-GUID: w4gWONrm0yMJ5c85sM8ub-ycYHL_a6NH X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-29_09:2021-07-29, 2021-07-29 signatures=0 Subject: [dpdk-dev] [PATCH 21.11 2/3] test/crypto: add combined mode tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add framework to test IPsec features with all supported combinations of ciphers. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj --- app/test/test_cryptodev.c | 74 +++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.c | 107 +++++++++++++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.h | 50 ++++++++++++++- 3 files changed, 221 insertions(+), 10 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 6e5bd69..ad9f372 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8863,7 +8863,8 @@ static int test_ipsec_proto_process(const struct ipsec_test_data td[], struct ipsec_test_data res_d[], int nb_td, - bool silent) + bool silent, + const struct ipsec_test_flags *flags) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; @@ -8986,12 +8987,12 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); - ret = test_ipsec_status_check(ut_params->op, dir); + ret = test_ipsec_status_check(ut_params->op, flags, dir); if (ret != TEST_SUCCESS) goto crypto_op_free; ret = test_ipsec_post_process(ut_params->ibuf, &td[i], - &res_d[i], silent); + &res_d[i], silent, flags); rte_crypto_op_free(ut_params->op); ut_params->op = NULL; @@ -9017,17 +9018,76 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], static int test_ipsec_proto_known_vec(const void *test_data) { - return test_ipsec_proto_process(test_data, NULL, 1, false); + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + return test_ipsec_proto_process(test_data, NULL, 1, false, &flags); } static int test_ipsec_proto_known_vec_inb(const void *td_outb) { + struct ipsec_test_flags flags; struct ipsec_test_data td_inb; + memset(&flags, 0, sizeof(flags)); + test_ipsec_td_in_from_out(td_outb, &td_inb); - return test_ipsec_proto_process(&td_inb, NULL, 1, false); + return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags); +} + +static int +test_ipsec_proto_all(const struct ipsec_test_flags *flags) +{ + struct ipsec_test_data td_outb[1]; + struct ipsec_test_data td_inb[1]; + unsigned int i, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(aead_list); i++) { + test_ipsec_td_prepare(&aead_list[i], + NULL, + flags, + td_outb, + RTE_DIM(td_outb)); + + ret = test_ipsec_proto_process(td_outb, td_inb, 1, true, flags); + if (ret != TEST_SUCCESS) + continue; + + test_ipsec_td_update(td_inb, td_outb, RTE_DIM(td_inb), flags); + + ret = test_ipsec_proto_process(td_inb, NULL, 1, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_ipsec_display_alg(&aead_list[i], NULL); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_ipsec_proto_display_list(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + + return test_ipsec_proto_all(&flags); } static int @@ -13948,6 +14008,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm), + TEST_CASE_NAMED_ST( + "Combined test alg list", + ut_setup_security, ut_teardown, + test_ipsec_proto_display_list), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 789d39c..5351556 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -10,6 +10,8 @@ #include "test.h" #include "test_cryptodev_security_ipsec.h" +extern struct ipsec_test_data pkt_aes_256_gcm; + int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, @@ -128,9 +130,71 @@ test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, } } +void +test_ipsec_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct ipsec_test_flags *flags, + struct ipsec_test_data *td_array, + int nb_td) + +{ + struct ipsec_test_data *td; + int i; + + memset(td_array, 0, nb_td * sizeof(*td)); + + for (i = 0; i < nb_td; i++) { + td = &td_array[i]; + /* Copy template for packet & key fields */ + memcpy(td, &pkt_aes_256_gcm, sizeof(*td)); + + /* Override fields based on param */ + + if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) + td->aead = true; + else + td->aead = false; + + td->xform.aead.aead.algo = param1->alg.aead; + td->xform.aead.aead.key.length = param1->key_length; + } + + RTE_SET_USED(flags); + RTE_SET_USED(param2); +} + +void +test_ipsec_td_update(struct ipsec_test_data td_inb[], + const struct ipsec_test_data td_outb[], + int nb_td, + const struct ipsec_test_flags *flags) +{ + int i; + + for (i = 0; i < nb_td; i++) { + memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data, + td_outb[i].input_text.len); + td_inb[i].output_text.len = td_outb->input_text.len; + } + + RTE_SET_USED(flags); +} + +void +test_ipsec_display_alg(const struct crypto_param *param1, + const struct crypto_param *param2) +{ + if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) + printf("\t%s [%d]\n", + rte_crypto_aead_algorithm_strings[param1->alg.aead], + param1->key_length); + + RTE_SET_USED(param2); +} + static int test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, - bool silent) + bool silent, const struct ipsec_test_flags *flags) { uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip = 0, len = rte_pktmbuf_pkt_len(m); @@ -167,12 +231,37 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, return TEST_FAILED; } + RTE_SET_USED(flags); + + return TEST_SUCCESS; +} + +static int +test_ipsec_res_d_prepare(struct rte_mbuf *m, const struct ipsec_test_data *td, + struct ipsec_test_data *res_d) +{ + uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); + uint32_t len = rte_pktmbuf_pkt_len(m); + + memcpy(res_d, td, sizeof(*res_d)); + memcpy(res_d->input_text.data, output_text, len); + res_d->input_text.len = len; + + res_d->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; + if (res_d->aead) { + res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; + } else { + printf("Only AEAD supported\n"); + return TEST_SKIPPED; + } + return TEST_SUCCESS; } int test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, - struct ipsec_test_data *res_d, bool silent) + struct ipsec_test_data *res_d, bool silent, + const struct ipsec_test_flags *flags) { /* * In case of known vector tests & all inbound tests, res_d provided @@ -180,13 +269,22 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, * For inbound, output_text would be plain packet and for outbound * output_text would IPsec packet. Validate by comparing against * known vectors. + * + * In case of combined mode tests, the output_text from outbound + * operation (ie, IPsec packet) would need to be inbound processed to + * obtain the plain text. Copy output_text to result data, 'res_d', so + * that inbound processing can be done. */ - RTE_SET_USED(res_d); - return test_ipsec_td_verify(m, td, silent); + + if (res_d == NULL) + return test_ipsec_td_verify(m, td, silent, flags); + else + return test_ipsec_res_d_prepare(m, td, res_d); } int test_ipsec_status_check(struct rte_crypto_op *op, + const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir) { int ret = TEST_SUCCESS; @@ -196,6 +294,7 @@ test_ipsec_status_check(struct rte_crypto_op *op, ret = TEST_FAILED; } + RTE_SET_USED(flags); RTE_SET_USED(dir); return ret; diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 5f1b46d..97f3f86 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -45,6 +45,38 @@ struct ipsec_test_data { } xform; }; +struct ipsec_test_flags { + bool display_alg; +}; + +struct crypto_param { + enum rte_crypto_sym_xform_type type; + union { + enum rte_crypto_cipher_algorithm cipher; + enum rte_crypto_auth_algorithm auth; + enum rte_crypto_aead_algorithm aead; + } alg; + uint16_t key_length; +}; + +static const struct crypto_param aead_list[] = { + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 16, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 24, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 32 + }, +}; + int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, bool silent); @@ -56,11 +88,27 @@ int test_ipsec_crypto_caps_aead_verify( void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, struct ipsec_test_data *td_in); +void test_ipsec_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct ipsec_test_flags *flags, + struct ipsec_test_data *td_array, + int nb_td); + +void test_ipsec_td_update(struct ipsec_test_data td_inb[], + const struct ipsec_test_data td_outb[], + int nb_td, + const struct ipsec_test_flags *flags); + +void test_ipsec_display_alg(const struct crypto_param *param1, + const struct crypto_param *param2); + int test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, - struct ipsec_test_data *res_d, bool silent); + struct ipsec_test_data *res_d, bool silent, + const struct ipsec_test_flags *flags); int test_ipsec_status_check(struct rte_crypto_op *op, + const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir); #endif -- 2.7.4