From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
Declan Doherty <declan.doherty@intel.com>,
Fan Zhang <roy.fan.zhang@intel.com>,
"Konstantin Ananyev" <konstantin.ananyev@intel.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Archana Muniganti <marchana@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
"Radu Nicolau" <radu.nicolau@intel.com>,
Ciara Power <ciara.power@intel.com>,
Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH v5 2/5] test/crypto: add combined mode IPsec cases
Date: Sat, 25 Sep 2021 21:05:29 +0530 [thread overview]
Message-ID: <1632584132-289-3-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1632584132-289-1-git-send-email-anoobj@marvell.com>
Add framework to test IPsec features with all supported
combinations of ciphers.
Combined mode tests are used to test all IPsec features against all
ciphers supported by the PMD. The framework is introduced to avoid
testing with any specific algo, thereby making it mandatory to be
supported. Also, testing with all supported combinations will help with
increasing coverage as well.
The tests would first do IPsec encapsulation and do sanity checks. Based
on flags, packet would be updated or additional checks are done,
followed by IPsec decapsulation. Since the encrypted packet is generated
by the test, known vectors are not required.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
---
app/test/test_cryptodev.c | 73 +++++++++++++++++++--
app/test/test_cryptodev_security_ipsec.c | 107 +++++++++++++++++++++++++++++--
app/test/test_cryptodev_security_ipsec.h | 52 ++++++++++++++-
3 files changed, 223 insertions(+), 9 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f7d429b..3eacc66 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -8908,7 +8908,8 @@ static int
test_ipsec_proto_process(const struct ipsec_test_data td[],
struct ipsec_test_data res_d[],
int nb_td,
- bool silent)
+ bool silent,
+ const struct ipsec_test_flags *flags)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -9025,7 +9026,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
/* Process crypto operation */
process_crypto_request(dev_id, ut_params->op);
- ret = test_ipsec_status_check(ut_params->op, dir);
+ ret = test_ipsec_status_check(ut_params->op, flags, dir);
if (ret != TEST_SUCCESS)
goto crypto_op_free;
@@ -9033,7 +9034,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
res_d_tmp = &res_d[i];
ret = test_ipsec_post_process(ut_params->ibuf, &td[i],
- res_d_tmp, silent);
+ res_d_tmp, silent, flags);
if (ret != TEST_SUCCESS)
goto crypto_op_free;
@@ -9061,11 +9062,71 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
static int
test_ipsec_proto_known_vec_inb(const void *td_outb)
{
+ struct ipsec_test_flags flags;
struct ipsec_test_data td_inb;
+ memset(&flags, 0, sizeof(flags));
+
test_ipsec_td_in_from_out(td_outb, &td_inb);
- return test_ipsec_proto_process(&td_inb, NULL, 1, false);
+ return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags);
+}
+
+static int
+test_ipsec_proto_all(const struct ipsec_test_flags *flags)
+{
+ struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
+ struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX];
+ unsigned int i, nb_pkts = 1, pass_cnt = 0;
+ int ret;
+
+ for (i = 0; i < RTE_DIM(aead_list); i++) {
+ test_ipsec_td_prepare(&aead_list[i],
+ NULL,
+ flags,
+ td_outb,
+ nb_pkts);
+
+ ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
+ flags);
+ if (ret == TEST_SKIPPED)
+ continue;
+
+ if (ret == TEST_FAILED)
+ return TEST_FAILED;
+
+ test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags);
+
+ ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true,
+ flags);
+ if (ret == TEST_SKIPPED)
+ continue;
+
+ if (ret == TEST_FAILED)
+ return TEST_FAILED;
+
+ if (flags->display_alg)
+ test_ipsec_display_alg(&aead_list[i], NULL);
+
+ pass_cnt++;
+ }
+
+ if (pass_cnt > 0)
+ return TEST_SUCCESS;
+ else
+ return TEST_SKIPPED;
+}
+
+static int
+test_ipsec_proto_display_list(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.display_alg = true;
+
+ return test_ipsec_proto_all(&flags);
}
static int
@@ -13976,6 +14037,10 @@ static struct unit_test_suite ipsec_proto_testsuite = {
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),
+ TEST_CASE_NAMED_ST(
+ "Combined test alg list",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_display_list),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 2431fcb..d08e093 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -10,6 +10,8 @@
#include "test.h"
#include "test_cryptodev_security_ipsec.h"
+extern struct ipsec_test_data pkt_aes_256_gcm;
+
int
test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
const struct rte_security_capability *sec_cap,
@@ -128,6 +130,68 @@ test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
}
}
+void
+test_ipsec_td_prepare(const struct crypto_param *param1,
+ const struct crypto_param *param2,
+ const struct ipsec_test_flags *flags,
+ struct ipsec_test_data *td_array,
+ int nb_td)
+
+{
+ struct ipsec_test_data *td;
+ int i;
+
+ memset(td_array, 0, nb_td * sizeof(*td));
+
+ for (i = 0; i < nb_td; i++) {
+ td = &td_array[i];
+ /* Copy template for packet & key fields */
+ memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
+
+ /* Override fields based on param */
+
+ if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ td->aead = true;
+ else
+ td->aead = false;
+
+ td->xform.aead.aead.algo = param1->alg.aead;
+ td->xform.aead.aead.key.length = param1->key_length;
+ }
+
+ RTE_SET_USED(flags);
+ RTE_SET_USED(param2);
+}
+
+void
+test_ipsec_td_update(struct ipsec_test_data td_inb[],
+ const struct ipsec_test_data td_outb[],
+ int nb_td,
+ const struct ipsec_test_flags *flags)
+{
+ int i;
+
+ for (i = 0; i < nb_td; i++) {
+ memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
+ td_outb[i].input_text.len);
+ td_inb[i].output_text.len = td_outb->input_text.len;
+ }
+
+ RTE_SET_USED(flags);
+}
+
+void
+test_ipsec_display_alg(const struct crypto_param *param1,
+ const struct crypto_param *param2)
+{
+ if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ printf("\t%s [%d]\n",
+ rte_crypto_aead_algorithm_strings[param1->alg.aead],
+ param1->key_length);
+
+ RTE_SET_USED(param2);
+}
+
static int
test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
{
@@ -148,7 +212,7 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
static int
test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
- bool silent)
+ bool silent, const struct ipsec_test_flags *flags)
{
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
uint32_t skip, len = rte_pktmbuf_pkt_len(m);
@@ -177,12 +241,37 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
return TEST_FAILED;
}
+ RTE_SET_USED(flags);
+
+ return TEST_SUCCESS;
+}
+
+static int
+test_ipsec_res_d_prepare(struct rte_mbuf *m, const struct ipsec_test_data *td,
+ struct ipsec_test_data *res_d)
+{
+ uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
+ uint32_t len = rte_pktmbuf_pkt_len(m);
+
+ memcpy(res_d, td, sizeof(*res_d));
+ memcpy(res_d->input_text.data, output_text, len);
+ res_d->input_text.len = len;
+
+ res_d->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
+ if (res_d->aead) {
+ res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
+ } else {
+ printf("Only AEAD supported\n");
+ return TEST_SKIPPED;
+ }
+
return TEST_SUCCESS;
}
int
test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
- struct ipsec_test_data *res_d, bool silent)
+ struct ipsec_test_data *res_d, bool silent,
+ const struct ipsec_test_flags *flags)
{
/*
* In case of known vector tests & all inbound tests, res_d provided
@@ -190,13 +279,22 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
* For inbound, output_text would be plain packet and for outbound
* output_text would IPsec packet. Validate by comparing against
* known vectors.
+ *
+ * In case of combined mode tests, the output_text from outbound
+ * operation (ie, IPsec packet) would need to be inbound processed to
+ * obtain the plain text. Copy output_text to result data, 'res_d', so
+ * that inbound processing can be done.
*/
- RTE_SET_USED(res_d);
- return test_ipsec_td_verify(m, td, silent);
+
+ if (res_d == NULL)
+ return test_ipsec_td_verify(m, td, silent, flags);
+ else
+ return test_ipsec_res_d_prepare(m, td, res_d);
}
int
test_ipsec_status_check(struct rte_crypto_op *op,
+ const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir)
{
int ret = TEST_SUCCESS;
@@ -206,6 +304,7 @@ test_ipsec_status_check(struct rte_crypto_op *op,
ret = TEST_FAILED;
}
+ RTE_SET_USED(flags);
RTE_SET_USED(dir);
return ret;
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 5f1b46d..cbb3ee4 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -8,6 +8,8 @@
#include <rte_cryptodev.h>
#include <rte_security.h>
+#define IPSEC_TEST_PACKETS_MAX 32
+
struct ipsec_test_data {
struct {
uint8_t data[32];
@@ -45,6 +47,38 @@ struct ipsec_test_data {
} xform;
};
+struct ipsec_test_flags {
+ bool display_alg;
+};
+
+struct crypto_param {
+ enum rte_crypto_sym_xform_type type;
+ union {
+ enum rte_crypto_cipher_algorithm cipher;
+ enum rte_crypto_auth_algorithm auth;
+ enum rte_crypto_aead_algorithm aead;
+ } alg;
+ uint16_t key_length;
+};
+
+static const struct crypto_param aead_list[] = {
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+ .key_length = 16,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+ .key_length = 24,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+ .key_length = 32
+ },
+};
+
int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
const struct rte_security_capability *sec_cap,
bool silent);
@@ -56,11 +90,27 @@ int test_ipsec_crypto_caps_aead_verify(
void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
struct ipsec_test_data *td_in);
+void test_ipsec_td_prepare(const struct crypto_param *param1,
+ const struct crypto_param *param2,
+ const struct ipsec_test_flags *flags,
+ struct ipsec_test_data *td_array,
+ int nb_td);
+
+void test_ipsec_td_update(struct ipsec_test_data td_inb[],
+ const struct ipsec_test_data td_outb[],
+ int nb_td,
+ const struct ipsec_test_flags *flags);
+
+void test_ipsec_display_alg(const struct crypto_param *param1,
+ const struct crypto_param *param2);
+
int test_ipsec_post_process(struct rte_mbuf *m,
const struct ipsec_test_data *td,
- struct ipsec_test_data *res_d, bool silent);
+ struct ipsec_test_data *res_d, bool silent,
+ const struct ipsec_test_flags *flags);
int test_ipsec_status_check(struct rte_crypto_op *op,
+ const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir);
#endif
--
2.7.4
next prev parent reply other threads:[~2021-09-25 15:36 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-29 10:43 [dpdk-dev] [PATCH 21.11 0/3] Add lookaside IPsec tests Anoob Joseph
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 1/3] test/crypto: add " Anoob Joseph
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 2/3] test/crypto: add combined mode tests Anoob Joseph
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 3/3] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 0/4] Add lookaside IPsec tests Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 1/4] test/crypto: add " Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 2/4] test/crypto: add combined mode tests Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 3/4] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 4/4] test/crypto: add IV gen tests Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 0/5] Add lookaside IPsec tests Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 1/5] test/crypto: add " Anoob Joseph
2021-09-03 9:38 ` Power, Ciara
2021-09-03 9:46 ` Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 2/5] test/crypto: add combined mode tests Anoob Joseph
2021-09-03 9:42 ` Power, Ciara
2021-09-03 10:04 ` Anoob Joseph
2021-09-03 15:04 ` Power, Ciara
2021-09-03 16:14 ` Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 4/5] test/crypto: add IV gen tests Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 5/5] test/crypto: add UDP encapsulation test cases Anoob Joseph
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 0/5] Add lookaside IPsec tests Anoob Joseph
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 1/5] test/crypto: add " Anoob Joseph
2021-09-21 16:08 ` Akhil Goyal
2021-09-23 4:48 ` Anoob Joseph
2021-09-23 10:39 ` Power, Ciara
2021-09-23 11:08 ` Anoob Joseph
2021-09-23 11:26 ` Power, Ciara
2021-09-23 11:30 ` Anoob Joseph
2021-09-24 8:42 ` Hemant Agrawal
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 2/5] test/crypto: add combined mode tests Anoob Joseph
2021-09-21 16:22 ` Akhil Goyal
2021-09-24 7:23 ` Hemant Agrawal
2021-09-24 8:12 ` [dpdk-dev] [EXT] " Anoob Joseph
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-21 16:25 ` Akhil Goyal
2021-09-24 8:43 ` Hemant Agrawal
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 4/5] test/crypto: add IV gen tests Anoob Joseph
2021-09-21 16:31 ` Akhil Goyal
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 5/5] test/crypto: add UDP encapsulation test cases Anoob Joseph
2021-09-21 16:35 ` Akhil Goyal
2021-09-23 13:34 ` [dpdk-dev] [PATCH v4 0/5] Add lookaside IPsec tests Power, Ciara
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 " Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 1/5] test/crypto: add lookaside IPsec cases Anoob Joseph
2021-09-25 15:35 ` Anoob Joseph [this message]
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 4/5] test/crypto: add IV gen cases for IPsec Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 5/5] test/crypto: add UDP encapsulated IPsec test cases Anoob Joseph
2021-09-28 7:49 ` [dpdk-dev] [PATCH v5 0/5] Add lookaside IPsec tests Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1632584132-289-3-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=ciara.power@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=g.singh@nxp.com \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.ananyev@intel.com \
--cc=ktejasree@marvell.com \
--cc=marchana@marvell.com \
--cc=radu.nicolau@intel.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).