From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B6014A0547; Wed, 29 Sep 2021 13:24:14 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9D5CD410F7; Wed, 29 Sep 2021 13:24:14 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 0F46B410F8 for ; Wed, 29 Sep 2021 13:24:12 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18T8dfBI008084; Wed, 29 Sep 2021 04:24:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=FdEnFPh1jabWDLp//loxy4A7f2lBk1IlbWQSr79SAOA=; b=gy1Xdi3pk83gsjS1ItTPtX8vgotpqjMPJcXbVC2LNn4CS93cB7f9g82p18+jKMzX07Z3 t9GQ7DNHwMh6aoF+UCJOGGPSNl4nJz9NukpuDHzorNfkaifXZUOzr1oybHFeCc0J8j2J 5oHibm4g8rCgXUmMHzdC2MxHzZdsz6g+gFejipcSfMLpO2h8nEOwzu95P+IZRmimhomm 0eyqLU0zRZWJG8l8ZXdvY8Q45IV50Z+YOFmwLjKSMvOczoF54d7KgGpEgWoomn16Fgvy sz7n+xof1YnQfwrlRIE194ro9JOaIex8phmAyCHp763/IRY9doCtx8uFgUEs7usW25zm 3A== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3bcfd49tw0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 29 Sep 2021 04:24:12 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 29 Sep 2021 04:24:10 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 29 Sep 2021 04:24:09 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 2CBC63F7085; Wed, 29 Sep 2021 04:24:01 -0700 (PDT) From: Archana Muniganti To: , , , , CC: Archana Muniganti , , , , , Date: Wed, 29 Sep 2021 16:53:25 +0530 Message-ID: <20210929112325.28662-4-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210929112325.28662-1-marchana@marvell.com> References: <20210929112325.28662-1-marchana@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: lu4vEdcmrmkpGhc__iFspRiXSo5fK_FF X-Proofpoint-ORIG-GUID: lu4vEdcmrmkpGhc__iFspRiXSo5fK_FF X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-29_04,2021-09-29_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 3/3] test/crypto: add inner checksum cases X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds tests for inner IP and inner L4 checksum in IPsec mode. Signed-off-by: Archana Muniganti --- app/test/test_cryptodev.c | 34 +++ app/test/test_cryptodev_security_ipsec.c | 195 ++++++++++++++++++ app/test/test_cryptodev_security_ipsec.h | 2 + ...st_cryptodev_security_ipsec_test_vectors.h | 6 + doc/guides/rel_notes/release_21_11.rst | 1 + 5 files changed, 238 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 5f0d023451..c127e6bc04 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -18,6 +18,8 @@ #include #include #include +#include +#include #ifdef RTE_CRYPTO_SCHEDULER #include @@ -9275,6 +9277,30 @@ test_ipsec_proto_udp_ports_verify(const void *data __rte_unused) return test_ipsec_proto_all(&flags); } +static int +test_ipsec_proto_inner_ip_csum(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ip_csum = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_inner_l4_csum(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.l4_csum = true; + + return test_ipsec_proto_all(&flags); +} + static int test_PDCP_PROTO_all(void) { @@ -14231,6 +14257,14 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Tunnel src and dst addr verification", ut_setup_security, ut_teardown, test_ipsec_proto_tunnel_src_dst_addr_verify), + TEST_CASE_NAMED_ST( + "Inner IP checksum", + ut_setup_security, ut_teardown, + test_ipsec_proto_inner_ip_csum), + TEST_CASE_NAMED_ST( + "Inner L4 checksum", + ut_setup_security, ut_teardown, + test_ipsec_proto_inner_l4_csum), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 764e77bbff..bcd9746c98 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include "test.h" @@ -103,6 +104,22 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, return -ENOTSUP; } + if (ipsec_xform->options.ip_csum_enable == 1 && + sec_cap->ipsec.options.ip_csum_enable == 0) { + if (!silent) + RTE_LOG(INFO, USER1, + "Inner IP checksum is not supported\n"); + return -ENOTSUP; + } + + if (ipsec_xform->options.l4_csum_enable == 1 && + sec_cap->ipsec.options.l4_csum_enable == 0) { + if (!silent) + RTE_LOG(INFO, USER1, + "Inner L4 checksum is not supported\n"); + return -ENOTSUP; + } + return 0; } @@ -160,6 +177,56 @@ test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, } } +static bool +is_ipv4(void *ip) +{ + struct rte_ipv4_hdr *ipv4 = ip; + uint8_t ip_ver; + + ip_ver = (ipv4->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER; + if (ip_ver == IPVERSION) + return true; + else + return false; +} + +static void +test_ipsec_csum_init(void *ip, bool l3, bool l4) +{ + struct rte_ipv4_hdr *ipv4; + struct rte_tcp_hdr *tcp; + struct rte_udp_hdr *udp; + uint8_t next_proto; + uint8_t size; + + if (is_ipv4(ip)) { + ipv4 = ip; + size = sizeof(struct rte_ipv4_hdr); + next_proto = ipv4->next_proto_id; + + if (l3) + ipv4->hdr_checksum = 0; + } else { + size = sizeof(struct rte_ipv6_hdr); + next_proto = ((struct rte_ipv6_hdr *)ip)->proto; + } + + if (l4) { + switch (next_proto) { + case IPPROTO_TCP: + tcp = (struct rte_tcp_hdr *)RTE_PTR_ADD(ip, size); + tcp->cksum = 0; + break; + case IPPROTO_UDP: + udp = (struct rte_udp_hdr *)RTE_PTR_ADD(ip, size); + udp->dgram_cksum = 0; + break; + default: + return; + } + } +} + void test_ipsec_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, @@ -194,6 +261,17 @@ test_ipsec_td_prepare(const struct crypto_param *param1, if (flags->sa_expiry_pkts_soft) td->ipsec_xform.life.packets_soft_limit = IPSEC_TEST_PACKETS_MAX - 1; + + if (flags->ip_csum) { + td->ipsec_xform.options.ip_csum_enable = 1; + test_ipsec_csum_init(&td->input_text.data, true, false); + } + + if (flags->l4_csum) { + td->ipsec_xform.options.l4_csum_enable = 1; + test_ipsec_csum_init(&td->input_text.data, false, true); + } + } RTE_SET_USED(param2); @@ -230,6 +308,12 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], td_inb[i].ipsec_xform.options.tunnel_hdr_verify = flags->tunnel_hdr_verify; + if (flags->ip_csum) + td_inb[i].ipsec_xform.options.ip_csum_enable = 1; + + if (flags->l4_csum) + td_inb[i].ipsec_xform.options.l4_csum_enable = 1; + /* Clear outbound specific flags */ td_inb[i].ipsec_xform.options.iv_gen_disable = 0; } @@ -305,12 +389,96 @@ test_ipsec_iv_verify_push(struct rte_mbuf *m, const struct ipsec_test_data *td) return TEST_SUCCESS; } +static int +test_ipsec_l3_csum_verify(struct rte_mbuf *m) +{ + uint16_t actual_cksum, expected_cksum; + struct rte_ipv4_hdr *ip; + + ip = rte_pktmbuf_mtod(m, struct rte_ipv4_hdr *); + + if (!is_ipv4((void *)ip)) + return TEST_SKIPPED; + + actual_cksum = ip->hdr_checksum; + + ip->hdr_checksum = 0; + + expected_cksum = rte_ipv4_cksum(ip); + + if (actual_cksum != expected_cksum) + return TEST_FAILED; + + return TEST_SUCCESS; +} + +static int +test_ipsec_l4_csum_verify(struct rte_mbuf *m) +{ + uint16_t actual_cksum = 0, expected_cksum = 0; + struct rte_ipv4_hdr *ipv4; + struct rte_ipv6_hdr *ipv6; + struct rte_tcp_hdr *tcp; + struct rte_udp_hdr *udp; + void *ip, *l4; + + ip = rte_pktmbuf_mtod(m, void *); + + if (is_ipv4(ip)) { + ipv4 = ip; + l4 = RTE_PTR_ADD(ipv4, sizeof(struct rte_ipv4_hdr)); + + switch (ipv4->next_proto_id) { + case IPPROTO_TCP: + tcp = (struct rte_tcp_hdr *)l4; + actual_cksum = tcp->cksum; + tcp->cksum = 0; + expected_cksum = rte_ipv4_udptcp_cksum(ipv4, l4); + break; + case IPPROTO_UDP: + udp = (struct rte_udp_hdr *)l4; + actual_cksum = udp->dgram_cksum; + udp->dgram_cksum = 0; + expected_cksum = rte_ipv4_udptcp_cksum(ipv4, l4); + break; + default: + break; + } + } else { + ipv6 = ip; + l4 = RTE_PTR_ADD(ipv6, sizeof(struct rte_ipv6_hdr)); + + switch (ipv6->proto) { + case IPPROTO_TCP: + tcp = (struct rte_tcp_hdr *)l4; + actual_cksum = tcp->cksum; + tcp->cksum = 0; + expected_cksum = rte_ipv6_udptcp_cksum(ipv6, l4); + break; + case IPPROTO_UDP: + udp = (struct rte_udp_hdr *)l4; + actual_cksum = udp->dgram_cksum; + udp->dgram_cksum = 0; + expected_cksum = rte_ipv6_udptcp_cksum(ipv6, l4); + break; + default: + break; + } + } + + if (actual_cksum != expected_cksum) + return TEST_FAILED; + + return TEST_SUCCESS; +} + static int test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, bool silent, const struct ipsec_test_flags *flags) { uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip, len = rte_pktmbuf_pkt_len(m); + int ret; /* For tests with status as error for test success, skip verification */ if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && @@ -354,6 +522,33 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, len -= skip; output_text += skip; + if ((td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && + flags->ip_csum) { + if (m->ol_flags & PKT_RX_IP_CKSUM_GOOD) + ret = test_ipsec_l3_csum_verify(m); + else + ret = TEST_FAILED; + + if (ret == TEST_FAILED) + printf("Inner IP checksum test failed\n"); + + return ret; + } + + if ((td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && + flags->l4_csum) { + if (m->ol_flags & PKT_RX_L4_CKSUM_GOOD) + ret = test_ipsec_l4_csum_verify(m); + else + ret = TEST_FAILED; + + if (ret == TEST_FAILED) + printf("Inner L4 checksum test failed\n"); + + return ret; + } + + if (memcmp(output_text, td->output_text.data + skip, len)) { if (silent) return TEST_FAILED; diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 0416005520..7628d0c42a 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -56,6 +56,8 @@ struct ipsec_test_flags { uint32_t tunnel_hdr_verify; bool udp_encap; bool udp_ports_verify; + bool ip_csum; + bool l4_csum; }; struct crypto_param { diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h index 4e147ec19c..bb95d00641 100644 --- a/app/test/test_cryptodev_security_ipsec_test_vectors.h +++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h @@ -95,6 +95,8 @@ struct ipsec_test_data pkt_aes_128_gcm = { .options.ecn = 0, .options.stats = 0, .options.tunnel_hdr_verify = 0, + .options.ip_csum_enable = 0, + .options.l4_csum_enable = 0, .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, @@ -192,6 +194,8 @@ struct ipsec_test_data pkt_aes_192_gcm = { .options.ecn = 0, .options.stats = 0, .options.tunnel_hdr_verify = 0, + .options.ip_csum_enable = 0, + .options.l4_csum_enable = 0, .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, @@ -292,6 +296,8 @@ struct ipsec_test_data pkt_aes_256_gcm = { .options.ecn = 0, .options.stats = 0, .options.tunnel_hdr_verify = 0, + .options.ip_csum_enable = 0, + .options.l4_csum_enable = 0, .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 163cdaa800..e2e1e1547f 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -106,6 +106,7 @@ New Features * Added tests to validate packets soft expiry. * Added tests to validate packets hard expiry. * Added tests to verify tunnel header verification in IPsec inbound. + * Added tests to verify inner checksum. Removed Items -- 2.22.0