DPDK patches and discussions
 help / color / mirror / Atom feed
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
	Declan Doherty <declan.doherty@intel.com>,
	Fan Zhang <roy.fan.zhang@intel.com>,
	"Konstantin Ananyev" <konstantin.ananyev@intel.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
	Jerin Jacob <jerinj@marvell.com>,
	Archana Muniganti <marchana@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>,
	Hemant Agrawal <hemant.agrawal@nxp.com>,
	"Radu Nicolau" <radu.nicolau@intel.com>,
	Ciara Power <ciara.power@intel.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH v2 2/4] test/crypto: add combined mode tests
Date: Wed, 11 Aug 2021 15:15:35 +0530	[thread overview]
Message-ID: <1628675138-17300-3-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1628675138-17300-1-git-send-email-anoobj@marvell.com>

Add framework to test IPsec features with all supported
combinations of ciphers.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 app/test/test_cryptodev.c                |  73 +++++++++++++++++++--
 app/test/test_cryptodev_security_ipsec.c | 107 +++++++++++++++++++++++++++++--
 app/test/test_cryptodev_security_ipsec.h |  52 ++++++++++++++-
 3 files changed, 223 insertions(+), 9 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 73923f1..d89307d 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -8860,7 +8860,8 @@ static int
 test_ipsec_proto_process(const struct ipsec_test_data td[],
 			 struct ipsec_test_data res_d[],
 			 int nb_td,
-			 bool silent)
+			 bool silent,
+			 const struct ipsec_test_flags *flags)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -8977,7 +8978,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 		/* Process crypto operation */
 		process_crypto_request(dev_id, ut_params->op);
 
-		ret = test_ipsec_status_check(ut_params->op, dir);
+		ret = test_ipsec_status_check(ut_params->op, flags, dir);
 		if (ret != TEST_SUCCESS)
 			goto crypto_op_free;
 
@@ -8985,7 +8986,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 			res_d_tmp = &res_d[i];
 
 		ret = test_ipsec_post_process(ut_params->ibuf, &td[i],
-					      res_d_tmp, silent);
+					      res_d_tmp, silent, flags);
 		if (ret != TEST_SUCCESS)
 			goto crypto_op_free;
 
@@ -9013,11 +9014,71 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 static int
 test_ipsec_proto_known_vec_inb(const void *td_outb)
 {
+	struct ipsec_test_flags flags;
 	struct ipsec_test_data td_inb;
 
+	memset(&flags, 0, sizeof(flags));
+
 	test_ipsec_td_in_from_out(td_outb, &td_inb);
 
-	return test_ipsec_proto_process(&td_inb, NULL, 1, false);
+	return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags);
+}
+
+static int
+test_ipsec_proto_all(const struct ipsec_test_flags *flags)
+{
+	struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
+	struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX];
+	unsigned int i, nb_pkts = 1, pass_cnt = 0;
+	int ret;
+
+	for (i = 0; i < RTE_DIM(aead_list); i++) {
+		test_ipsec_td_prepare(&aead_list[i],
+				      NULL,
+				      flags,
+				      td_outb,
+				      nb_pkts);
+
+		ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
+					       flags);
+		if (ret == TEST_SKIPPED)
+			continue;
+
+		if (ret == TEST_FAILED)
+			return TEST_FAILED;
+
+		test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags);
+
+		ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true,
+					       flags);
+		if (ret == TEST_SKIPPED)
+			continue;
+
+		if (ret == TEST_FAILED)
+			return TEST_FAILED;
+
+		if (flags->display_alg)
+			test_ipsec_display_alg(&aead_list[i], NULL);
+
+		pass_cnt++;
+	}
+
+	if (pass_cnt > 0)
+		return TEST_SUCCESS;
+	else
+		return TEST_SKIPPED;
+}
+
+static int
+test_ipsec_proto_display_list(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.display_alg = true;
+
+	return test_ipsec_proto_all(&flags);
 }
 
 static int
@@ -13926,6 +13987,10 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),
+		TEST_CASE_NAMED_ST(
+			"Combined test alg list",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_display_list),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 2431fcb..d08e093 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -10,6 +10,8 @@
 #include "test.h"
 #include "test_cryptodev_security_ipsec.h"
 
+extern struct ipsec_test_data pkt_aes_256_gcm;
+
 int
 test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 			   const struct rte_security_capability *sec_cap,
@@ -128,6 +130,68 @@ test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 	}
 }
 
+void
+test_ipsec_td_prepare(const struct crypto_param *param1,
+		      const struct crypto_param *param2,
+		      const struct ipsec_test_flags *flags,
+		      struct ipsec_test_data *td_array,
+		      int nb_td)
+
+{
+	struct ipsec_test_data *td;
+	int i;
+
+	memset(td_array, 0, nb_td * sizeof(*td));
+
+	for (i = 0; i < nb_td; i++) {
+		td = &td_array[i];
+		/* Copy template for packet & key fields */
+		memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
+
+		/* Override fields based on param */
+
+		if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			td->aead = true;
+		else
+			td->aead = false;
+
+		td->xform.aead.aead.algo = param1->alg.aead;
+		td->xform.aead.aead.key.length = param1->key_length;
+	}
+
+	RTE_SET_USED(flags);
+	RTE_SET_USED(param2);
+}
+
+void
+test_ipsec_td_update(struct ipsec_test_data td_inb[],
+		     const struct ipsec_test_data td_outb[],
+		     int nb_td,
+		     const struct ipsec_test_flags *flags)
+{
+	int i;
+
+	for (i = 0; i < nb_td; i++) {
+		memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
+		       td_outb[i].input_text.len);
+		td_inb[i].output_text.len = td_outb->input_text.len;
+	}
+
+	RTE_SET_USED(flags);
+}
+
+void
+test_ipsec_display_alg(const struct crypto_param *param1,
+		       const struct crypto_param *param2)
+{
+	if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+		printf("\t%s [%d]\n",
+		       rte_crypto_aead_algorithm_strings[param1->alg.aead],
+		       param1->key_length);
+
+	RTE_SET_USED(param2);
+}
+
 static int
 test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
 {
@@ -148,7 +212,7 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
 
 static int
 test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
-		     bool silent)
+		     bool silent, const struct ipsec_test_flags *flags)
 {
 	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
 	uint32_t skip, len = rte_pktmbuf_pkt_len(m);
@@ -177,12 +241,37 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		return TEST_FAILED;
 	}
 
+	RTE_SET_USED(flags);
+
+	return TEST_SUCCESS;
+}
+
+static int
+test_ipsec_res_d_prepare(struct rte_mbuf *m, const struct ipsec_test_data *td,
+		   struct ipsec_test_data *res_d)
+{
+	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
+	uint32_t len = rte_pktmbuf_pkt_len(m);
+
+	memcpy(res_d, td, sizeof(*res_d));
+	memcpy(res_d->input_text.data, output_text, len);
+	res_d->input_text.len = len;
+
+	res_d->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
+	if (res_d->aead) {
+		res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
+	} else {
+		printf("Only AEAD supported\n");
+		return TEST_SKIPPED;
+	}
+
 	return TEST_SUCCESS;
 }
 
 int
 test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
-			struct ipsec_test_data *res_d, bool silent)
+			struct ipsec_test_data *res_d, bool silent,
+			const struct ipsec_test_flags *flags)
 {
 	/*
 	 * In case of known vector tests & all inbound tests, res_d provided
@@ -190,13 +279,22 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 	 * For inbound, output_text would be plain packet and for outbound
 	 * output_text would IPsec packet. Validate by comparing against
 	 * known vectors.
+	 *
+	 * In case of combined mode tests, the output_text from outbound
+	 * operation (ie, IPsec packet) would need to be inbound processed to
+	 * obtain the plain text. Copy output_text to result data, 'res_d', so
+	 * that inbound processing can be done.
 	 */
-	RTE_SET_USED(res_d);
-	return test_ipsec_td_verify(m, td, silent);
+
+	if (res_d == NULL)
+		return test_ipsec_td_verify(m, td, silent, flags);
+	else
+		return test_ipsec_res_d_prepare(m, td, res_d);
 }
 
 int
 test_ipsec_status_check(struct rte_crypto_op *op,
+			const struct ipsec_test_flags *flags,
 			enum rte_security_ipsec_sa_direction dir)
 {
 	int ret = TEST_SUCCESS;
@@ -206,6 +304,7 @@ test_ipsec_status_check(struct rte_crypto_op *op,
 		ret = TEST_FAILED;
 	}
 
+	RTE_SET_USED(flags);
 	RTE_SET_USED(dir);
 
 	return ret;
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 5f1b46d..cbb3ee4 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -8,6 +8,8 @@
 #include <rte_cryptodev.h>
 #include <rte_security.h>
 
+#define IPSEC_TEST_PACKETS_MAX 32
+
 struct ipsec_test_data {
 	struct {
 		uint8_t data[32];
@@ -45,6 +47,38 @@ struct ipsec_test_data {
 	} xform;
 };
 
+struct ipsec_test_flags {
+	bool display_alg;
+};
+
+struct crypto_param {
+	enum rte_crypto_sym_xform_type type;
+	union {
+		enum rte_crypto_cipher_algorithm cipher;
+		enum rte_crypto_auth_algorithm auth;
+		enum rte_crypto_aead_algorithm aead;
+	} alg;
+	uint16_t key_length;
+};
+
+static const struct crypto_param aead_list[] = {
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+		.alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
+		.key_length = 16,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+		.key_length = 24,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+		.key_length = 32
+	},
+};
+
 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 			       const struct rte_security_capability *sec_cap,
 			       bool silent);
@@ -56,11 +90,27 @@ int test_ipsec_crypto_caps_aead_verify(
 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 			       struct ipsec_test_data *td_in);
 
+void test_ipsec_td_prepare(const struct crypto_param *param1,
+			   const struct crypto_param *param2,
+			   const struct ipsec_test_flags *flags,
+			   struct ipsec_test_data *td_array,
+			   int nb_td);
+
+void test_ipsec_td_update(struct ipsec_test_data td_inb[],
+			  const struct ipsec_test_data td_outb[],
+			  int nb_td,
+			  const struct ipsec_test_flags *flags);
+
+void test_ipsec_display_alg(const struct crypto_param *param1,
+			    const struct crypto_param *param2);
+
 int test_ipsec_post_process(struct rte_mbuf *m,
 			    const struct ipsec_test_data *td,
-			    struct ipsec_test_data *res_d, bool silent);
+			    struct ipsec_test_data *res_d, bool silent,
+			    const struct ipsec_test_flags *flags);
 
 int test_ipsec_status_check(struct rte_crypto_op *op,
+			    const struct ipsec_test_flags *flags,
 			    enum rte_security_ipsec_sa_direction dir);
 
 #endif
-- 
2.7.4


  parent reply	other threads:[~2021-08-11  9:47 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-29 10:43 [dpdk-dev] [PATCH 21.11 0/3] Add lookaside IPsec tests Anoob Joseph
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 1/3] test/crypto: add " Anoob Joseph
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 2/3] test/crypto: add combined mode tests Anoob Joseph
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 3/3] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-08-11  9:45 ` [dpdk-dev] [PATCH v2 0/4] Add lookaside IPsec tests Anoob Joseph
2021-08-11  9:45   ` [dpdk-dev] [PATCH v2 1/4] test/crypto: add " Anoob Joseph
2021-08-11  9:45   ` Anoob Joseph [this message]
2021-08-11  9:45   ` [dpdk-dev] [PATCH v2 3/4] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-08-11  9:45   ` [dpdk-dev] [PATCH v2 4/4] test/crypto: add IV gen tests Anoob Joseph
2021-09-03  4:46   ` [dpdk-dev] [PATCH v3 0/5] Add lookaside IPsec tests Anoob Joseph
2021-09-03  4:46     ` [dpdk-dev] [PATCH v3 1/5] test/crypto: add " Anoob Joseph
2021-09-03  9:38       ` Power, Ciara
2021-09-03  9:46         ` Anoob Joseph
2021-09-03  4:46     ` [dpdk-dev] [PATCH v3 2/5] test/crypto: add combined mode tests Anoob Joseph
2021-09-03  9:42       ` Power, Ciara
2021-09-03 10:04         ` Anoob Joseph
2021-09-03 15:04           ` Power, Ciara
2021-09-03 16:14             ` Anoob Joseph
2021-09-03  4:46     ` [dpdk-dev] [PATCH v3 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-03  4:46     ` [dpdk-dev] [PATCH v3 4/5] test/crypto: add IV gen tests Anoob Joseph
2021-09-03  4:46     ` [dpdk-dev] [PATCH v3 5/5] test/crypto: add UDP encapsulation test cases Anoob Joseph
2021-09-17 13:15     ` [dpdk-dev] [PATCH v4 0/5] Add lookaside IPsec tests Anoob Joseph
2021-09-17 13:15       ` [dpdk-dev] [PATCH v4 1/5] test/crypto: add " Anoob Joseph
2021-09-21 16:08         ` Akhil Goyal
2021-09-23  4:48           ` Anoob Joseph
2021-09-23 10:39         ` Power, Ciara
2021-09-23 11:08           ` Anoob Joseph
2021-09-23 11:26             ` Power, Ciara
2021-09-23 11:30               ` Anoob Joseph
2021-09-24  8:42         ` Hemant Agrawal
2021-09-17 13:15       ` [dpdk-dev] [PATCH v4 2/5] test/crypto: add combined mode tests Anoob Joseph
2021-09-21 16:22         ` Akhil Goyal
2021-09-24  7:23         ` Hemant Agrawal
2021-09-24  8:12           ` [dpdk-dev] [EXT] " Anoob Joseph
2021-09-17 13:15       ` [dpdk-dev] [PATCH v4 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-21 16:25         ` Akhil Goyal
2021-09-24  8:43           ` Hemant Agrawal
2021-09-17 13:15       ` [dpdk-dev] [PATCH v4 4/5] test/crypto: add IV gen tests Anoob Joseph
2021-09-21 16:31         ` Akhil Goyal
2021-09-17 13:15       ` [dpdk-dev] [PATCH v4 5/5] test/crypto: add UDP encapsulation test cases Anoob Joseph
2021-09-21 16:35         ` Akhil Goyal
2021-09-23 13:34       ` [dpdk-dev] [PATCH v4 0/5] Add lookaside IPsec tests Power, Ciara
2021-09-25 15:35       ` [dpdk-dev] [PATCH v5 " Anoob Joseph
2021-09-25 15:35         ` [dpdk-dev] [PATCH v5 1/5] test/crypto: add lookaside IPsec cases Anoob Joseph
2021-09-25 15:35         ` [dpdk-dev] [PATCH v5 2/5] test/crypto: add combined mode " Anoob Joseph
2021-09-25 15:35         ` [dpdk-dev] [PATCH v5 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-25 15:35         ` [dpdk-dev] [PATCH v5 4/5] test/crypto: add IV gen cases for IPsec Anoob Joseph
2021-09-25 15:35         ` [dpdk-dev] [PATCH v5 5/5] test/crypto: add UDP encapsulated IPsec test cases Anoob Joseph
2021-09-28  7:49         ` [dpdk-dev] [PATCH v5 0/5] Add lookaside IPsec tests Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1628675138-17300-3-git-send-email-anoobj@marvell.com \
    --to=anoobj@marvell.com \
    --cc=ciara.power@intel.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=hemant.agrawal@nxp.com \
    --cc=jerinj@marvell.com \
    --cc=konstantin.ananyev@intel.com \
    --cc=ktejasree@marvell.com \
    --cc=marchana@marvell.com \
    --cc=radu.nicolau@intel.com \
    --cc=roy.fan.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).