From: Volodymyr Fialko <vfialko@marvell.com>
To: <dev@dpdk.org>, Akhil Goyal <gakhil@marvell.com>,
Fan Zhang <fanzhang.oss@gmail.com>
Cc: <jerinj@marvell.com>, <anoobj@marvell.com>,
<hemant.agrawal@nxp.com>, <kai.ji@intel.com>,
<ciara.power@intel.com>, Volodymyr Fialko <vfialko@marvell.com>
Subject: [PATCH v4] test: add cryptodev crosscheck suite
Date: Tue, 14 Mar 2023 14:32:51 +0100 [thread overview]
Message-ID: <20230314133251.3023193-1-vfialko@marvell.com> (raw)
In-Reply-To: <20230209143419.2181384-1-vfialko@marvell.com>
Add a validation test suite that helps in verifying that the output
generated by two different cryptodevs match for a wide range of input
parameter combinations.
Crypto autotest performs a comprehensive testing of the cryptodev but since
it performs verification by comparing against known vectors, the extend to
which various parameters (like packet size) can be tested is limited. This
test suite attempts to simulate various cases by running same test case on
different cryptodevs and compares the output generated. The test suite
relies on capabilities to determine the combinations of tests to be
attempted.
A typical use case would be to compare outputs generated from a standard
driver such as openSSL PMD and a new cryptodev PMD. This test suite is to
compliment the testing coverage that crypto autotest provides.
Currently supported symmetric xforms(cipher, auth, aead) without chaining.
Example commands:
DPDK_TEST=cryptodev_crosscheck ./dpdk-test \
--vdev "crypto_openssl0" --vdev "crypto_openssl1"
DPDK_TEST=cryptodev_crosscheck ./dpdk-test \
-a <cryptodev> --vdev "crypto_openssl"
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
---
V2:
- Updated commit message.
V3:
- Removed usage of deprecated crypto strings API.
V4:
- Reworked cryptodev capabilities scan procedure
- Moved AAD and digest from rte_mbuf to separated memory
- Released allocated memory
app/test/meson.build | 1 +
app/test/test_cryptodev_crosscheck.c | 1050 ++++++++++++++++++++++++++
2 files changed, 1051 insertions(+)
create mode 100644 app/test/test_cryptodev_crosscheck.c
diff --git a/app/test/meson.build b/app/test/meson.build
index 1b9ce355f8..f0bcf99fb1 100644
--- a/app/test/meson.build
+++ b/app/test/meson.build
@@ -33,6 +33,7 @@ test_sources = files(
'test_cryptodev.c',
'test_cryptodev_asym.c',
'test_cryptodev_blockcipher.c',
+ 'test_cryptodev_crosscheck.c',
'test_cryptodev_security_ipsec.c',
'test_cryptodev_security_pdcp.c',
'test_cycles.c',
diff --git a/app/test/test_cryptodev_crosscheck.c b/app/test/test_cryptodev_crosscheck.c
new file mode 100644
index 0000000000..f031c86fdd
--- /dev/null
+++ b/app/test/test_cryptodev_crosscheck.c
@@ -0,0 +1,1050 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+#include <rte_cryptodev.h>
+#include <rte_malloc.h>
+
+#include "test.h"
+#include "test_cryptodev.h"
+
+#define MAX_NB_SESSIONS 1
+#define MAX_TEST_STRING_LEN 256
+
+/*
+ * The test suite will iterate through the capabilities of each probed cryptodev to identify the
+ * common ones. Once the common capabilities are determined, the test suite will generate potential
+ * valid inputs and crosscheck (compare) the output results from all cryptodevs.
+ */
+static struct rte_cryptodev_symmetric_capability *common_symm_capas;
+static uint16_t nb_common_sym_caps;
+
+/* Policies of capabilities selection */
+enum capability_select_type {
+ CAPABILITY_TYPE_MIN,
+ CAPABILITY_TYPE_MAX,
+ CAPABILITY_TYPE_LAST,
+};
+
+static const char * const capability_select_strings[] = {
+ [CAPABILITY_TYPE_MIN] = "MIN",
+ [CAPABILITY_TYPE_MAX] = "MAX",
+};
+
+/* Length of input text to be encrypted */
+static size_t input_length[] = { 64, 256, 512 };
+
+/* Calculate number of test cases(combinations) per algorithm */
+#define NB_TEST_CASES_PER_ALGO (CAPABILITY_TYPE_LAST * RTE_DIM(input_length))
+
+enum crypto_op_type {
+ OP_ENCRYPT,
+ OP_DECRYPT,
+};
+
+struct crosscheck_test_profile {
+ char name[MAX_TEST_STRING_LEN];
+ size_t input_buf_len;
+ enum rte_crypto_sym_xform_type xform_type;
+ int algo;
+ uint16_t block_size;
+ uint16_t key_size;
+ uint16_t iv_size;
+ uint16_t digest_size;
+ uint16_t aad_size;
+ uint32_t dataunit_set;
+};
+
+struct meta_test_suite {
+ char suite_name[MAX_TEST_STRING_LEN];
+ struct crosscheck_test_profile profile[NB_TEST_CASES_PER_ALGO];
+};
+
+struct memory_segment {
+ uint8_t *mem;
+ uint16_t len;
+};
+
+struct crosscheck_testsuite_params {
+ struct rte_mempool *mbuf_pool;
+ struct rte_mempool *op_mpool;
+ struct rte_mempool *session_mpool;
+ struct rte_cryptodev_config conf;
+ struct rte_cryptodev_qp_conf qp_conf;
+
+ uint8_t valid_devs[RTE_CRYPTO_MAX_DEVS];
+ uint8_t valid_dev_count;
+
+ struct memory_segment key;
+ struct memory_segment digest;
+ struct memory_segment aad;
+ struct memory_segment iv;
+
+ struct memory_segment expected_digest;
+ struct memory_segment expected_aad;
+};
+
+static struct crosscheck_testsuite_params testsuite_params;
+
+static const char*
+algo_name_get(const struct rte_cryptodev_symmetric_capability *capa)
+{
+ switch (capa->xform_type) {
+ case RTE_CRYPTO_SYM_XFORM_AUTH:
+ return rte_cryptodev_get_auth_algo_string(capa->auth.algo);
+ case RTE_CRYPTO_SYM_XFORM_CIPHER:
+ return rte_cryptodev_get_cipher_algo_string(capa->cipher.algo);
+ case RTE_CRYPTO_SYM_XFORM_AEAD:
+ return rte_cryptodev_get_aead_algo_string(capa->aead.algo);
+ default:
+ return NULL;
+ }
+}
+
+static void
+incrementing_generate(uint8_t *dst, uint8_t start, uint16_t size)
+{
+ int i;
+
+ for (i = 0; i < size; i++)
+ dst[i] = start + i;
+}
+
+static void
+pattern_fill(uint8_t *input, const char *pattern, uint16_t size)
+{
+ size_t pattern_len = strlen(pattern);
+ size_t filled_len = 0, to_fill;
+
+ while (filled_len < size) {
+ to_fill = RTE_MIN(pattern_len, size - filled_len);
+ rte_memcpy(input, pattern, to_fill);
+ filled_len += to_fill;
+ input += to_fill;
+ }
+}
+
+static struct crosscheck_test_profile
+profile_create(const struct rte_cryptodev_symmetric_capability *capa,
+ enum capability_select_type capability_type, size_t input_len)
+{
+ struct crosscheck_test_profile profile;
+
+ memset(&profile, 0, sizeof(profile));
+ profile.xform_type = capa->xform_type;
+
+ switch (capa->xform_type) {
+ case RTE_CRYPTO_SYM_XFORM_AUTH:
+ profile.block_size = capa->auth.block_size;
+ profile.algo = capa->auth.algo;
+
+ switch (capability_type) {
+ case CAPABILITY_TYPE_MIN:
+ profile.key_size = capa->auth.key_size.min;
+ profile.iv_size = capa->auth.iv_size.min;
+ profile.digest_size = capa->auth.digest_size.min;
+ profile.aad_size = capa->auth.aad_size.min;
+ break;
+ case CAPABILITY_TYPE_MAX:
+ profile.key_size = capa->auth.key_size.max;
+ profile.iv_size = capa->auth.iv_size.max;
+ profile.digest_size = capa->auth.digest_size.max;
+ profile.aad_size = capa->auth.aad_size.max;
+ break;
+ default:
+ rte_panic("Wrong capability profile type: %i\n", capability_type);
+ break;
+ }
+ break;
+ case RTE_CRYPTO_SYM_XFORM_CIPHER:
+ profile.block_size = capa->cipher.block_size;
+ profile.algo = capa->cipher.algo;
+ profile.dataunit_set = capa->cipher.dataunit_set;
+
+ switch (capability_type) {
+ case CAPABILITY_TYPE_MIN:
+ profile.key_size = capa->cipher.key_size.min;
+ profile.iv_size = capa->cipher.iv_size.min;
+ break;
+ case CAPABILITY_TYPE_MAX:
+ profile.key_size = capa->cipher.key_size.max;
+ profile.iv_size = capa->cipher.iv_size.max;
+ break;
+ default:
+ rte_panic("Wrong capability profile type: %i\n", capability_type);
+ break;
+ }
+ break;
+ case RTE_CRYPTO_SYM_XFORM_AEAD:
+ profile.block_size = capa->aead.block_size;
+ profile.algo = capa->aead.algo;
+
+ switch (capability_type) {
+ case CAPABILITY_TYPE_MIN:
+ profile.key_size = capa->aead.key_size.min;
+ profile.iv_size = capa->aead.iv_size.min;
+ profile.digest_size = capa->aead.digest_size.min;
+ profile.aad_size = capa->aead.aad_size.min;
+ break;
+ case CAPABILITY_TYPE_MAX:
+ profile.key_size = capa->aead.key_size.max;
+ profile.iv_size = capa->aead.iv_size.max;
+ profile.digest_size = capa->aead.digest_size.max;
+ profile.aad_size = capa->aead.aad_size.max;
+ break;
+ default:
+ rte_panic("Wrong capability profile type: %i\n", capability_type);
+ break;
+ }
+ break;
+ default:
+ rte_panic("Wrong xform profile type: %i\n", capa->xform_type);
+ break;
+ }
+
+ profile.input_buf_len = RTE_ALIGN_CEIL(input_len, profile.block_size);
+
+ snprintf(profile.name, MAX_TEST_STRING_LEN,
+ "'%s' - capabilities: '%s', input len: '%zu'",
+ algo_name_get(capa), capability_select_strings[capability_type],
+ input_len);
+
+ return profile;
+}
+
+static inline int
+common_range_set(struct rte_crypto_param_range *dst, const struct rte_crypto_param_range *src)
+{
+ /* Check if ranges overlaps */
+ if ((dst->min > src->max) && (dst->max < src->min))
+ return -1;
+ dst->min = RTE_MAX(dst->min, src->min);
+ dst->max = RTE_MIN(dst->max, src->max);
+
+ return 0;
+}
+
+static uint16_t
+nb_sym_capabilities_get(const struct rte_cryptodev_capabilities *cap)
+{
+ uint16_t nb_caps = 0;
+
+ for (; cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; cap++) {
+ if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+ nb_caps += 1;
+ }
+
+ return nb_caps;
+}
+
+static struct rte_cryptodev_sym_capability_idx
+sym_capability_to_idx(const struct rte_cryptodev_symmetric_capability *cap)
+{
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+
+ cap_idx.type = cap->xform_type;
+ switch (cap_idx.type) {
+ case RTE_CRYPTO_SYM_XFORM_CIPHER:
+ cap_idx.algo.auth = cap->auth.algo;
+ break;
+ case RTE_CRYPTO_SYM_XFORM_AUTH:
+ cap_idx.algo.cipher = cap->cipher.algo;
+ break;
+ case RTE_CRYPTO_SYM_XFORM_AEAD:
+ cap_idx.algo.aead = cap->aead.algo;
+ break;
+ default:
+ rte_panic("Wrong capability profile type: %i\n", cap_idx.type);
+ break;
+ }
+
+ return cap_idx;
+}
+
+/* Set the biggest common range for all capability fields */
+static int
+commmon_capability_set(struct rte_cryptodev_symmetric_capability *dst,
+ const struct rte_cryptodev_symmetric_capability *src)
+{
+ switch (src->xform_type) {
+ case RTE_CRYPTO_SYM_XFORM_AUTH:
+ if (dst->auth.algo != src->auth.algo)
+ return -ENOENT;
+ if (dst->auth.block_size != src->auth.block_size)
+ return -ENOENT;
+ if (common_range_set(&dst->auth.key_size, &src->auth.key_size))
+ return -ENOENT;
+ if (common_range_set(&dst->auth.digest_size, &src->auth.digest_size))
+ return -ENOENT;
+ if (common_range_set(&dst->auth.aad_size, &src->auth.aad_size))
+ return -ENOENT;
+ if (common_range_set(&dst->auth.iv_size, &src->auth.iv_size))
+ return -ENOENT;
+ break;
+ case RTE_CRYPTO_SYM_XFORM_CIPHER:
+ if (dst->cipher.algo != src->cipher.algo)
+ return -ENOENT;
+ if (dst->cipher.block_size != src->cipher.block_size)
+ return -ENOENT;
+ if (common_range_set(&dst->cipher.key_size, &src->cipher.key_size))
+ return -ENOENT;
+ if (common_range_set(&dst->cipher.iv_size, &src->cipher.iv_size))
+ return -ENOENT;
+ if (dst->cipher.dataunit_set != src->cipher.dataunit_set)
+ return -ENOENT;
+ break;
+ case RTE_CRYPTO_SYM_XFORM_AEAD:
+ if (dst->aead.algo != src->aead.algo)
+ return -ENOENT;
+ if (dst->aead.block_size != src->aead.block_size)
+ return -ENOENT;
+ if (common_range_set(&dst->aead.key_size, &src->aead.key_size))
+ return -ENOENT;
+ if (common_range_set(&dst->aead.digest_size, &src->aead.digest_size))
+ return -ENOENT;
+ if (common_range_set(&dst->aead.aad_size, &src->aead.aad_size))
+ return -ENOENT;
+ if (common_range_set(&dst->aead.iv_size, &src->aead.iv_size))
+ return -ENOENT;
+ break;
+ default:
+ RTE_LOG(ERR, USER1, "Unsupported xform_type!\n");
+ return -ENOENT;
+ }
+
+ return 0;
+}
+
+static int
+capabilities_inspect(void)
+{
+ struct crosscheck_testsuite_params *ts_params = &testsuite_params;
+ const struct rte_cryptodev_symmetric_capability *next_dev_cap;
+ struct rte_cryptodev_symmetric_capability common_cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ const struct rte_cryptodev_capabilities *cap;
+ struct rte_cryptodev_info dev_info;
+ uint16_t nb_caps, cap_i = 0;
+ uint8_t cdev_id, i;
+
+ /* Get list of capabilities of first device */
+ cdev_id = ts_params->valid_devs[0];
+ rte_cryptodev_info_get(cdev_id, &dev_info);
+ cap = dev_info.capabilities;
+ nb_caps = nb_sym_capabilities_get(cap);
+ common_symm_capas = rte_calloc(NULL, nb_caps,
+ sizeof(struct rte_cryptodev_symmetric_capability), 0);
+ if (common_symm_capas == NULL)
+ return -ENOMEM;
+
+ for (; cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; cap++) {
+ /* Skip non symmetric capabilities */
+ if (cap->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+ continue;
+ /* AES_CCM requires special handling due to api requirements, skip now */
+ if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD &&
+ cap->sym.aead.algo == RTE_CRYPTO_AEAD_AES_CCM)
+ continue;
+
+ cap_idx = sym_capability_to_idx(&cap->sym);
+ common_cap = cap->sym;
+ for (i = 1; i < ts_params->valid_dev_count; i++) {
+ cdev_id = ts_params->valid_devs[i];
+ next_dev_cap = rte_cryptodev_sym_capability_get(cdev_id, &cap_idx);
+ /* Capability not supported by one of devs, skip */
+ if (next_dev_cap == NULL)
+ goto skip;
+ /* Check if capabilities have a common range of values */
+ if (commmon_capability_set(&common_cap, next_dev_cap) != 0)
+ goto skip;
+ }
+
+ /* If capability reach this point - it's support by all cryptodevs */
+ common_symm_capas[cap_i++] = common_cap;
+skip:;
+ }
+ nb_common_sym_caps = cap_i;
+
+ return 0;
+}
+
+static int
+crosscheck_init(void)
+{
+ struct crosscheck_testsuite_params *ts_params = &testsuite_params;
+ const struct rte_cryptodev_symmetric_capability *cap;
+ const uint32_t nb_queue_pairs = 1;
+ struct rte_cryptodev_info info;
+ uint32_t session_priv_size = 0;
+ uint32_t nb_devs, dev_id;
+ uint8_t i;
+
+ memset(ts_params, 0, sizeof(*ts_params));
+
+ /* Create list of valid crypto devs */
+ nb_devs = rte_cryptodev_count();
+ for (dev_id = 0; dev_id < nb_devs; dev_id++) {
+ rte_cryptodev_info_get(dev_id, &info);
+
+ if (info.sym.max_nb_sessions != 0 && info.sym.max_nb_sessions < MAX_NB_SESSIONS)
+ continue;
+ if (info.max_nb_queue_pairs < nb_queue_pairs)
+ continue;
+ ts_params->valid_devs[ts_params->valid_dev_count++] = dev_id;
+ /* Obtaining configuration parameters, that will satisfy all cryptodevs */
+ session_priv_size = RTE_MAX(session_priv_size,
+ rte_cryptodev_sym_get_private_session_size(dev_id));
+ }
+
+ if (ts_params->valid_dev_count < 2) {
+ RTE_LOG(WARNING, USER1, "Min number of cryptodevs for test is 2, found (%d)\n",
+ ts_params->valid_dev_count);
+ return TEST_SKIPPED;
+ }
+
+ /* Create pools for mbufs, crypto operations and sessions */
+ ts_params->mbuf_pool = rte_pktmbuf_pool_create("CRYPTO_MBUFPOOL", NUM_MBUFS,
+ MBUF_CACHE_SIZE, 0, MBUF_SIZE, rte_socket_id());
+ if (ts_params->mbuf_pool == NULL) {
+ RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
+ return TEST_FAILED;
+ }
+
+ ts_params->op_mpool = rte_crypto_op_pool_create("MBUF_CRYPTO_SYM_OP_POOL",
+ RTE_CRYPTO_OP_TYPE_SYMMETRIC, NUM_MBUFS, MBUF_CACHE_SIZE,
+ DEFAULT_NUM_XFORMS * sizeof(struct rte_crypto_sym_xform) +
+ MAXIMUM_IV_LENGTH, rte_socket_id());
+
+ if (ts_params->op_mpool == NULL) {
+ RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
+ return TEST_FAILED;
+ }
+
+ ts_params->session_mpool = rte_cryptodev_sym_session_pool_create("test_sess_mp",
+ MAX_NB_SESSIONS, session_priv_size, 0, 0, SOCKET_ID_ANY);
+ TEST_ASSERT_NOT_NULL(ts_params->session_mpool, "session mempool allocation failed");
+
+ /* Setup queue pair conf params */
+ ts_params->conf.nb_queue_pairs = nb_queue_pairs;
+ ts_params->conf.socket_id = SOCKET_ID_ANY;
+ ts_params->conf.ff_disable = RTE_CRYPTODEV_FF_SECURITY;
+ ts_params->qp_conf.nb_descriptors = MAX_NUM_OPS_INFLIGHT;
+ ts_params->qp_conf.mp_session = ts_params->session_mpool;
+
+ if (capabilities_inspect() != 0)
+ return TEST_FAILED;
+
+ /* Allocate memory based on max supported capabilities */
+ for (i = 0; i < nb_common_sym_caps; i++) {
+ cap = &common_symm_capas[i];
+ switch (cap->xform_type) {
+ case RTE_CRYPTO_SYM_XFORM_AUTH:
+ ts_params->key.len = RTE_MAX(ts_params->key.len, cap->auth.key_size.max);
+ ts_params->digest.len = RTE_MAX(ts_params->digest.len,
+ cap->auth.digest_size.max);
+ ts_params->aad.len = RTE_MAX(ts_params->aad.len, cap->auth.aad_size.max);
+ ts_params->iv.len = RTE_MAX(ts_params->iv.len, cap->auth.iv_size.max);
+ break;
+ case RTE_CRYPTO_SYM_XFORM_CIPHER:
+ ts_params->key.len = RTE_MAX(ts_params->key.len, cap->cipher.key_size.max);
+ ts_params->iv.len = RTE_MAX(ts_params->iv.len, cap->cipher.iv_size.max);
+ break;
+ case RTE_CRYPTO_SYM_XFORM_AEAD:
+ ts_params->key.len = RTE_MAX(ts_params->key.len, cap->aead.key_size.max);
+ ts_params->digest.len = RTE_MAX(ts_params->digest.len,
+ cap->aead.digest_size.max);
+ ts_params->aad.len = RTE_MAX(ts_params->aad.len, cap->aead.aad_size.max);
+ ts_params->iv.len = RTE_MAX(ts_params->iv.len, cap->aead.iv_size.max);
+ break;
+ default:
+ rte_panic("Wrong capability profile type: %i\n", cap->xform_type);
+ break;
+ }
+ }
+
+ if (ts_params->key.len) {
+ ts_params->key.mem = rte_zmalloc(NULL, ts_params->key.len, 0);
+ TEST_ASSERT_NOT_NULL(ts_params->key.mem, "Key mem allocation failed\n");
+ pattern_fill(ts_params->key.mem, "*Secret key*", ts_params->key.len);
+ }
+ if (ts_params->digest.len) {
+ ts_params->digest.mem = rte_zmalloc(NULL, ts_params->digest.len, 16);
+ TEST_ASSERT_NOT_NULL(ts_params->digest.mem, "digest mem allocation failed\n");
+ ts_params->expected_digest.len = ts_params->digest.len;
+ ts_params->expected_digest.mem = rte_zmalloc(NULL, ts_params->digest.len, 0);
+ TEST_ASSERT_NOT_NULL(ts_params->expected_digest.mem,
+ "Expected digest allocation failed\n");
+ }
+ if (ts_params->aad.len) {
+ ts_params->aad.mem = rte_zmalloc(NULL, ts_params->aad.len, 16);
+ TEST_ASSERT_NOT_NULL(ts_params->aad.mem, "aad mem allocation failed\n");
+ ts_params->expected_aad.len = ts_params->aad.len;
+ ts_params->expected_aad.mem = rte_zmalloc(NULL, ts_params->expected_aad.len, 0);
+ TEST_ASSERT_NOT_NULL(ts_params->expected_aad.mem,
+ "Expected aad allocation failed\n");
+ }
+ if (ts_params->iv.len) {
+ ts_params->iv.mem = rte_zmalloc(NULL, ts_params->iv.len, 0);
+ TEST_ASSERT_NOT_NULL(ts_params->iv.mem, "iv mem allocation failed\n");
+ pattern_fill(ts_params->iv.mem, "IV", ts_params->iv.len);
+ }
+
+ return TEST_SUCCESS;
+}
+
+static void
+crosscheck_fini(void)
+{
+ struct crosscheck_testsuite_params *ts_params = &testsuite_params;
+
+ rte_mempool_free(ts_params->mbuf_pool);
+ rte_mempool_free(ts_params->op_mpool);
+ rte_mempool_free(ts_params->session_mpool);
+ rte_free(ts_params->key.mem);
+ rte_free(ts_params->digest.mem);
+ rte_free(ts_params->aad.mem);
+ rte_free(ts_params->iv.mem);
+}
+
+static int
+dev_configure_and_start(uint64_t ff_disable)
+{
+ struct crosscheck_testsuite_params *ts_params = &testsuite_params;
+ uint8_t i, dev_id;
+ uint16_t qp_id;
+
+ /* Reconfigure device to default parameters */
+ ts_params->conf.ff_disable = ff_disable;
+
+ /* Configure cryptodevs */
+ for (i = 0; i < ts_params->valid_dev_count; i++) {
+ dev_id = ts_params->valid_devs[i];
+ TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id, &ts_params->conf),
+ "Failed to configure cryptodev %u with %u qps",
+ dev_id, ts_params->conf.nb_queue_pairs);
+
+ for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs; qp_id++) {
+ TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
+ dev_id, qp_id, &ts_params->qp_conf,
+ rte_cryptodev_socket_id(dev_id)),
+ "Failed to setup queue pair %u on cryptodev %u",
+ qp_id, dev_id);
+ }
+ rte_cryptodev_stats_reset(dev_id);
+
+ /* Start the device */
+ TEST_ASSERT_SUCCESS(rte_cryptodev_start(dev_id), "Failed to start cryptodev %u",
+ dev_id);
+ }
+
+ return TEST_SUCCESS;
+}
+
+static int
+crosscheck_suite_setup(void)
+{
+ dev_configure_and_start(RTE_CRYPTODEV_FF_SECURITY);
+
+ return 0;
+}
+
+static void
+crosscheck_suite_teardown(void)
+{
+ struct crosscheck_testsuite_params *ts_params = &testsuite_params;
+ uint8_t i, dev_id;
+
+ for (i = 0; i < ts_params->valid_dev_count; i++) {
+ dev_id = ts_params->valid_devs[i];
+ rte_cryptodev_stop(dev_id);
+ }
+}
+
+static struct rte_crypto_op *
+crypto_request_process(uint8_t dev_id, struct rte_crypto_op *op)
+{
+ struct rte_crypto_op *res = NULL;
+
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ RTE_LOG(ERR, USER1, "Error sending packet for encryption\n");
+ return NULL;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &res, 1) == 0)
+ rte_pause();
+
+ if (res->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+ RTE_LOG(ERR, USER1, "Operation status %d\n", res->status);
+ return NULL;
+ }
+
+ if (res != op) {
+ RTE_LOG(ERR, USER1, "Unexpected operation received!\n");
+ rte_crypto_op_free(res);
+ return NULL;
+ }
+
+ return res;
+}
+
+static struct rte_cryptodev_sym_session*
+session_create(const struct crosscheck_test_profile *profile, uint8_t dev_id,
+ enum crypto_op_type op_type)
+{
+ struct crosscheck_testsuite_params *ts_params = &testsuite_params;
+ struct rte_cryptodev_sym_session *session;
+ struct rte_crypto_sym_xform xform;
+
+ memset(&xform, 0, sizeof(xform));
+
+ switch (profile->xform_type) {
+ case RTE_CRYPTO_SYM_XFORM_AUTH:
+ xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+ xform.next = NULL;
+ xform.auth.algo = profile->algo;
+ xform.auth.op = op_type == OP_ENCRYPT ? RTE_CRYPTO_AUTH_OP_GENERATE :
+ RTE_CRYPTO_AUTH_OP_VERIFY;
+ xform.auth.digest_length = profile->digest_size;
+ xform.auth.key.length = profile->key_size;
+ xform.auth.key.data = ts_params->key.mem;
+ xform.auth.iv.length = profile->iv_size;
+ xform.auth.iv.offset = IV_OFFSET;
+ break;
+ case RTE_CRYPTO_SYM_XFORM_CIPHER:
+ xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ xform.next = NULL;
+ xform.cipher.algo = profile->algo;
+ xform.cipher.op = op_type == OP_ENCRYPT ? RTE_CRYPTO_CIPHER_OP_ENCRYPT :
+ RTE_CRYPTO_CIPHER_OP_DECRYPT;
+ xform.cipher.key.length = profile->key_size;
+ xform.cipher.key.data = ts_params->key.mem;
+ xform.cipher.iv.length = profile->iv_size;
+ xform.cipher.iv.offset = IV_OFFSET;
+ break;
+ case RTE_CRYPTO_SYM_XFORM_AEAD:
+ xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+ xform.next = NULL;
+ xform.aead.algo = profile->algo;
+ xform.aead.op = op_type == OP_ENCRYPT ? RTE_CRYPTO_AEAD_OP_ENCRYPT :
+ RTE_CRYPTO_AEAD_OP_DECRYPT;
+ xform.aead.digest_length = profile->digest_size;
+ xform.aead.key.length = profile->key_size;
+ xform.aead.key.data = ts_params->key.mem;
+ xform.aead.iv.length = profile->iv_size;
+ xform.aead.iv.offset = IV_OFFSET;
+ xform.aead.aad_length = profile->aad_size;
+ break;
+ default:
+ return NULL;
+ }
+
+ session = rte_cryptodev_sym_session_create(dev_id, &xform, testsuite_params.session_mpool);
+
+ return session;
+}
+
+static struct rte_mbuf*
+mbuf_create(const uint8_t *input_buf, uint16_t input_len)
+{
+ struct rte_mbuf *pkt;
+ uint8_t *pkt_data;
+
+ pkt = rte_pktmbuf_alloc(testsuite_params.mbuf_pool);
+ if (pkt == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to allocate input buffer in mempool");
+ return NULL;
+ }
+
+ /* zeroing tailroom */
+ memset(rte_pktmbuf_mtod(pkt, uint8_t *), 0, rte_pktmbuf_tailroom(pkt));
+
+ pkt_data = (uint8_t *)rte_pktmbuf_append(pkt, input_len);
+ if (pkt_data == NULL) {
+ RTE_LOG(ERR, USER1, "no room to append data, len: %d", input_len);
+ goto error;
+ }
+ rte_memcpy(pkt_data, input_buf, input_len);
+
+ return pkt;
+error:
+ rte_pktmbuf_free(pkt);
+ return NULL;
+}
+
+static struct rte_crypto_op*
+operation_create(const struct crosscheck_test_profile *profile,
+ struct rte_mbuf *ibuf, enum crypto_op_type op_type)
+{
+ struct crosscheck_testsuite_params *ts_params = &testsuite_params;
+ uint8_t *digest_data = NULL, *aad_data = NULL, *iv_ptr = NULL;
+ uint16_t aad_size, digest_size, plaintext_len;
+ struct rte_crypto_sym_op *sym_op;
+ struct rte_crypto_op *op;
+
+ op = rte_crypto_op_alloc(ts_params->op_mpool, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+ if (op == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to allocate symmetric crypto operation struct");
+ return NULL;
+ }
+
+ plaintext_len = profile->input_buf_len;
+ aad_size = profile->aad_size;
+ digest_size = profile->digest_size;
+
+ if (aad_size) {
+ aad_data = ts_params->aad.mem;
+ if (op_type == OP_ENCRYPT)
+ pattern_fill(aad_data, "This is an aad.", aad_size);
+ }
+
+ if (digest_size) {
+ digest_data = ts_params->digest.mem;
+ if (op_type == OP_ENCRYPT)
+ memset(digest_data, 0, sizeof(digest_size));
+ }
+
+ sym_op = op->sym;
+ memset(sym_op, 0, sizeof(*sym_op));
+
+ iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET);
+ rte_memcpy(iv_ptr, ts_params->iv.mem, profile->iv_size);
+
+ switch (profile->xform_type) {
+ case RTE_CRYPTO_SYM_XFORM_AUTH:
+ sym_op->auth.digest.data = digest_data;
+ sym_op->auth.digest.phys_addr = rte_malloc_virt2iova(sym_op->auth.digest.data);
+ sym_op->auth.data.length = plaintext_len;
+ break;
+ case RTE_CRYPTO_SYM_XFORM_CIPHER:
+ sym_op->cipher.data.length = plaintext_len;
+ break;
+ case RTE_CRYPTO_SYM_XFORM_AEAD:
+ sym_op->aead.aad.data = aad_data;
+ sym_op->aead.aad.phys_addr = rte_malloc_virt2iova(sym_op->aead.aad.data);
+ sym_op->aead.digest.data = digest_data;
+ sym_op->aead.digest.phys_addr = rte_malloc_virt2iova(sym_op->aead.digest.data);
+ sym_op->aead.data.offset = 0;
+ sym_op->aead.data.length = plaintext_len;
+ break;
+ default:
+ goto error;
+ }
+
+ sym_op->m_src = ibuf;
+
+ return op;
+
+error:
+ rte_crypto_op_free(op);
+ return NULL;
+}
+
+static void
+mbuf_to_buf_copy(const struct rte_mbuf *m, uint8_t *res_buf, uint16_t *len)
+{
+ const uint8_t *out;
+
+ *len = m->pkt_len;
+ out = rte_pktmbuf_read(m, 0, *len, res_buf);
+ /* Single segment buffer */
+ if (out != res_buf)
+ memcpy(res_buf, out, *len);
+}
+
+static int
+single_dev_process(const struct crosscheck_test_profile *profile, uint16_t dev_id, enum
+ crypto_op_type op_type, const uint8_t *input_buf, uint16_t input_len,
+ uint8_t *output_buf, uint16_t *output_len)
+{
+ struct rte_cryptodev_sym_session *session = NULL;
+ struct rte_mbuf *ibuf = NULL, *obuf = NULL;
+ struct rte_crypto_op *op = NULL;
+ int ret = -1;
+
+ session = session_create(profile, dev_id, op_type);
+ if (session == NULL)
+ goto error;
+
+ ibuf = mbuf_create(input_buf, input_len);
+ if (ibuf == NULL)
+ goto error;
+
+ op = operation_create(profile, ibuf, op_type);
+ if (op == NULL)
+ goto error;
+
+ debug_hexdump(stdout, "Input:", rte_pktmbuf_mtod(ibuf, uint8_t*), ibuf->pkt_len);
+
+ rte_crypto_op_attach_sym_session(op, session);
+
+ struct rte_crypto_op *res = crypto_request_process(dev_id, op);
+ if (res == NULL)
+ goto error;
+
+ obuf = op->sym->m_src;
+ if (obuf == NULL) {
+ RTE_LOG(ERR, USER1, "Invalid packet received\n");
+ goto error;
+ }
+ mbuf_to_buf_copy(obuf, output_buf, output_len);
+
+ ret = 0;
+
+error:
+ if (session != NULL) {
+ int sret;
+ sret = rte_cryptodev_sym_session_free(dev_id, session);
+ RTE_VERIFY(sret == 0);
+ }
+ rte_pktmbuf_free(ibuf);
+ rte_crypto_op_free(op);
+ return ret;
+}
+
+static int
+buffers_compare(const uint8_t *expected, uint16_t expected_len,
+ const uint8_t *received, uint16_t received_len)
+{
+ TEST_ASSERT_EQUAL(expected_len, received_len, "Length mismatch %d != %d !\n",
+ expected_len, received_len);
+
+ if (memcmp(expected, received, expected_len)) {
+ rte_hexdump(rte_log_get_stream(), "expected", expected, expected_len);
+ rte_hexdump(rte_log_get_stream(), "received", received, expected_len);
+ return TEST_FAILED;
+ }
+
+ return TEST_SUCCESS;
+}
+
+static int
+crosscheck_all_devices(const struct crosscheck_test_profile *profile, enum crypto_op_type op_type,
+ const uint8_t *input_text, uint16_t input_len, uint8_t *output_text,
+ uint16_t *output_len)
+{
+ struct crosscheck_testsuite_params *ts_params = &testsuite_params;
+ uint16_t len = 0, expected_len = 0;
+ uint8_t expected_text[MBUF_SIZE];
+ uint8_t i, dev_id;
+ int status;
+
+
+ for (i = 0; i < ts_params->valid_dev_count; i++) {
+ dev_id = ts_params->valid_devs[i];
+ status = single_dev_process(profile, dev_id, op_type, input_text, input_len,
+ output_text, &len);
+ TEST_ASSERT_SUCCESS(status, "Error occurred during processing");
+
+ if (i == 0) {
+ /* First device, copy data for future comparisons */
+ memcpy(expected_text, output_text, len);
+ memcpy(ts_params->expected_digest.mem, ts_params->digest.mem,
+ profile->digest_size);
+ memcpy(ts_params->expected_aad.mem, ts_params->aad.mem, profile->aad_size);
+ expected_len = len;
+ } else {
+ /* Compare output against expected(first) output */
+ TEST_ASSERT_SUCCESS(buffers_compare(expected_text, expected_len,
+ output_text, len),
+ "Text mismatch occurred on dev %i\n", dev_id);
+ TEST_ASSERT_SUCCESS(buffers_compare(ts_params->expected_digest.mem,
+ profile->digest_size, ts_params->digest.mem,
+ profile->digest_size),
+ "Digest mismatch occurred on dev %i\n", dev_id);
+ TEST_ASSERT_SUCCESS(buffers_compare(ts_params->expected_aad.mem,
+ profile->aad_size, ts_params->aad.mem, profile->aad_size),
+ "AAD mismatch occurred on dev %i\n", dev_id);
+ }
+
+ RTE_LOG(DEBUG, USER1, "DEV ID: %u finished processing\n", dev_id);
+ debug_hexdump(stdout, "Output: ", output_text, len);
+ if (profile->digest_size)
+ debug_hexdump(stdout, "Digest: ", ts_params->digest.mem,
+ profile->digest_size);
+ }
+
+ *output_len = len;
+
+ return TEST_SUCCESS;
+}
+
+static int
+check_negative_all_devices(const struct crosscheck_test_profile *profile,
+ enum crypto_op_type op_type, const uint8_t *input_text,
+ uint16_t input_len)
+{
+ struct crosscheck_testsuite_params *ts_params = &testsuite_params;
+
+ uint8_t output_text[MBUF_SIZE];
+ uint8_t i, dev_id;
+ uint16_t len;
+ int status;
+
+ for (i = 0; i < ts_params->valid_dev_count; i++) {
+ dev_id = ts_params->valid_devs[i];
+ status = single_dev_process(profile, dev_id, op_type, input_text, input_len,
+ output_text, &len);
+ TEST_ASSERT_FAIL(status, "Error occurred during processing negative case");
+
+ }
+
+ return TEST_SUCCESS;
+}
+
+static int
+crosscheck_with_profile_run(const struct crosscheck_test_profile *profile)
+{
+ struct crosscheck_testsuite_params *ts_params = &testsuite_params;
+ uint8_t input_text[profile->input_buf_len];
+ uint16_t output_len, encrypted_len;
+ uint8_t encrypted_text[MBUF_SIZE];
+ uint8_t output_text[MBUF_SIZE];
+ int status;
+
+ memset(ts_params->digest.mem, 0, ts_params->digest.len);
+ memset(ts_params->aad.mem, 0, ts_params->aad.len);
+
+ /* Encrypt Stage */
+ RTE_LOG(DEBUG, USER1, "Executing encrypt stage\n");
+ /* Fill input with incrementing pattern */
+ incrementing_generate(input_text, 'a', profile->input_buf_len);
+ status = crosscheck_all_devices(profile, OP_ENCRYPT, input_text, profile->input_buf_len,
+ output_text, &output_len);
+ TEST_ASSERT_SUCCESS(status, "Error occurred during encryption");
+
+ /* Decrypt Stage */
+ RTE_LOG(DEBUG, USER1, "Executing decrypt stage\n");
+ /* Set up encrypted data as input */
+ encrypted_len = output_len;
+ memcpy(encrypted_text, output_text, output_len);
+ status = crosscheck_all_devices(profile, OP_DECRYPT, encrypted_text, encrypted_len,
+ output_text, &output_len);
+ TEST_ASSERT_SUCCESS(status, "Error occurred during decryption");
+
+ /* Negative Stage */
+ RTE_LOG(DEBUG, USER1, "Executing negative stage\n");
+ if (profile->digest_size) {
+ /* Corrupting one byte of digest */
+ ts_params->digest.mem[profile->digest_size - 1] += 1;
+ status = check_negative_all_devices(profile, OP_DECRYPT, encrypted_text,
+ encrypted_len);
+ TEST_ASSERT_SUCCESS(status, "Error occurred during decryption");
+ }
+
+
+ return TEST_SUCCESS;
+}
+
+static int
+test_crosscheck_unit(const void *ptr)
+{
+ const struct crosscheck_test_profile *profile = ptr;
+
+ if (profile->xform_type == RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED)
+ return TEST_SKIPPED;
+
+ return crosscheck_with_profile_run(profile);
+}
+
+static struct unit_test_suite*
+sym_unit_test_suite_create(const struct rte_cryptodev_symmetric_capability *capa)
+{
+ size_t uts_size, total_size, input_sz;
+ struct meta_test_suite *meta_ts;
+ const char *suite_prefix = NULL;
+ const char *algo_name = NULL;
+ struct unit_test_suite *uts;
+ uint64_t test_case_idx = 0;
+ struct unit_test_case *utc;
+ int cap_type;
+ char *mem;
+
+ const char * const suite_prefix_strings[] = {
+ [RTE_CRYPTO_SYM_XFORM_AUTH] = "Algo AUTH ",
+ [RTE_CRYPTO_SYM_XFORM_CIPHER] = "Algo CIPHER ",
+ [RTE_CRYPTO_SYM_XFORM_AEAD] = "Algo AEAD ",
+ };
+
+ suite_prefix = suite_prefix_strings[capa->xform_type];
+ algo_name = algo_name_get(capa);
+
+ /* Calculate size for test suite with all test cases +1 NULL case */
+ uts_size = sizeof(struct unit_test_suite) +
+ (NB_TEST_CASES_PER_ALGO + 1) * sizeof(struct unit_test_case);
+
+ /* Also allocate memory for suite meta data */
+ total_size = uts_size + sizeof(struct meta_test_suite);
+ mem = rte_zmalloc(NULL, total_size, 0);
+ if (mem == NULL)
+ return NULL;
+ uts = (struct unit_test_suite *) mem;
+ meta_ts = (struct meta_test_suite *) (mem + uts_size);
+
+ /* Initialize test suite */
+ snprintf(meta_ts->suite_name, MAX_TEST_STRING_LEN, "%s '%s'", suite_prefix, algo_name);
+ uts->suite_name = meta_ts->suite_name;
+
+ /* Initialize test cases */
+ for (cap_type = 0; cap_type < CAPABILITY_TYPE_LAST; cap_type++) {
+ for (input_sz = 0; input_sz < RTE_DIM(input_length); input_sz++) {
+ meta_ts->profile[test_case_idx] = profile_create(
+ capa, cap_type, input_length[input_sz]);
+ utc = &uts->unit_test_cases[test_case_idx];
+ utc->name = meta_ts->profile[test_case_idx].name;
+ utc->data = (const void *) &meta_ts->profile[test_case_idx];
+ utc->testcase_with_data = test_crosscheck_unit;
+ utc->enabled = true;
+
+ test_case_idx += 1;
+ RTE_VERIFY(test_case_idx <= NB_TEST_CASES_PER_ALGO);
+ }
+ }
+
+ return uts;
+}
+
+static int
+test_crosscheck(void)
+{
+ struct unit_test_suite **test_suites = NULL;
+ int ret, i;
+
+ static struct unit_test_suite ts = {
+ .suite_name = "Crosscheck Unit Test Suite",
+ .setup = crosscheck_suite_setup,
+ .teardown = crosscheck_suite_teardown,
+ .unit_test_cases = {TEST_CASES_END()}
+ };
+
+ ret = crosscheck_init();
+ if (ret)
+ goto exit;
+
+ if (nb_common_sym_caps == 0) {
+ RTE_LOG(WARNING, USER1, "Cryptodevs don't have common capabilities\n");
+ ret = TEST_SKIPPED;
+ goto exit;
+ }
+
+ /* + 1 for NULL-end suite */
+ test_suites = rte_calloc(NULL, nb_common_sym_caps + 1, sizeof(struct unit_test_suite *), 0);
+ TEST_ASSERT_NOT_NULL(test_suites, "test_suites allocation failed");
+
+ /* Create test suite for each supported algorithm */
+ ts.unit_test_suites = test_suites;
+ for (i = 0; i < nb_common_sym_caps; i++)
+ ts.unit_test_suites[i] = sym_unit_test_suite_create(&common_symm_capas[i]);
+
+ ret = unit_test_suite_runner(&ts);
+
+ for (i = 0; i < nb_common_sym_caps; i++)
+ rte_free(ts.unit_test_suites[i]);
+
+ rte_free(test_suites);
+
+exit:
+ crosscheck_fini();
+
+ return ret;
+}
+
+REGISTER_TEST_COMMAND(cryptodev_crosscheck, test_crosscheck);
--
2.34.1
next prev parent reply other threads:[~2023-03-14 13:33 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-21 11:08 [PATCH] " Volodymyr Fialko
2023-02-09 12:34 ` [PATCH v2] " Volodymyr Fialko
2023-02-09 14:34 ` [PATCH v3] " Volodymyr Fialko
2023-03-14 13:32 ` Volodymyr Fialko [this message]
2023-03-14 13:56 ` [PATCH v5] " Volodymyr Fialko
2023-03-16 9:44 ` Akhil Goyal
2023-03-16 15:46 ` Power, Ciara
2023-03-16 18:35 ` Akhil Goyal
2023-03-08 17:30 ` [PATCH v2] " Power, Ciara
2023-03-14 13:33 ` Volodymyr Fialko
2023-03-08 18:03 ` Power, Ciara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230314133251.3023193-1-vfialko@marvell.com \
--to=vfialko@marvell.com \
--cc=anoobj@marvell.com \
--cc=ciara.power@intel.com \
--cc=dev@dpdk.org \
--cc=fanzhang.oss@gmail.com \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=kai.ji@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).