From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>
Cc: Harry van Haaren <harry.van.haaren@intel.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>,
<dev@dpdk.org>, Vidya Sagar Velumuri <vvelumuri@marvell.com>
Subject: [PATCH 01/14] test/crypto: move security caps checks to separate file
Date: Thu, 7 Dec 2023 18:32:03 +0530 [thread overview]
Message-ID: <20231207130216.140-2-anoobj@marvell.com> (raw)
In-Reply-To: <20231207130216.140-1-anoobj@marvell.com>
Move routines performing security caps verifications to a separate file
to allow the usage of same for other protocol tests such as TLS record.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
app/test-security-perf/meson.build | 1 +
app/test-security-perf/test_security_perf.c | 17 ++---
app/test/meson.build | 1 +
app/test/test_cryptodev.c | 17 ++---
app/test/test_cryptodev_security_ipsec.c | 78 -------------------
app/test/test_cryptodev_security_ipsec.h | 12 ---
app/test/test_security_inline_proto.c | 12 +--
app/test/test_security_proto.c | 83 +++++++++++++++++++++
app/test/test_security_proto.h | 20 +++++
9 files changed, 121 insertions(+), 120 deletions(-)
create mode 100644 app/test/test_security_proto.c
create mode 100644 app/test/test_security_proto.h
diff --git a/app/test-security-perf/meson.build b/app/test-security-perf/meson.build
index 076999022e..547de9c908 100644
--- a/app/test-security-perf/meson.build
+++ b/app/test-security-perf/meson.build
@@ -10,5 +10,6 @@ endif
sources = files(
'test_security_perf.c',
'../test/test_cryptodev_security_ipsec.c',
+ '../test/test_security_proto.c',
)
deps += ['security', 'cmdline']
diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c
index 4dfaca4800..c64f20e76c 100644
--- a/app/test-security-perf/test_security_perf.c
+++ b/app/test-security-perf/test_security_perf.c
@@ -16,6 +16,7 @@
#include <app/test/test_cryptodev.h>
#include <app/test/test_cryptodev_security_ipsec.h>
#include <app/test/test_cryptodev_security_ipsec_test_vectors.h>
+#include <app/test/test_security_proto.h>
#define NB_DESC 4096
#define DEF_NB_SESSIONS (16 * 10 * 1024) /* 16 * 10K tunnels */
@@ -258,9 +259,7 @@ sec_conf_init(struct lcore_conf *conf,
conf->aead_xform.aead.iv.offset = IV_OFFSET;
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_aead_verify(
- sec_cap,
- &conf->aead_xform) != 0) {
+ if (test_sec_crypto_caps_aead_verify(sec_cap, &conf->aead_xform) != 0) {
RTE_LOG(ERR, USER1,
"Crypto capabilities not supported\n");
return -1;
@@ -270,9 +269,7 @@ sec_conf_init(struct lcore_conf *conf,
sizeof(conf->auth_xform));
conf->auth_xform.auth.key.data = td[0].auth_key.data;
- if (test_ipsec_crypto_caps_auth_verify(
- sec_cap,
- &conf->auth_xform) != 0) {
+ if (test_sec_crypto_caps_auth_verify(sec_cap, &conf->auth_xform) != 0) {
RTE_LOG(INFO, USER1,
"Auth crypto capabilities not supported\n");
return -1;
@@ -288,17 +285,13 @@ sec_conf_init(struct lcore_conf *conf,
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_cipher_verify(
- sec_cap,
- &conf->cipher_xform) != 0) {
+ if (test_sec_crypto_caps_cipher_verify(sec_cap, &conf->cipher_xform) != 0) {
RTE_LOG(ERR, USER1,
"Cipher crypto capabilities not supported\n");
return -1;
}
- if (test_ipsec_crypto_caps_auth_verify(
- sec_cap,
- &conf->auth_xform) != 0) {
+ if (test_sec_crypto_caps_auth_verify(sec_cap, &conf->auth_xform) != 0) {
RTE_LOG(ERR, USER1,
"Auth crypto capabilities not supported\n");
return -1;
diff --git a/app/test/meson.build b/app/test/meson.build
index dcc93f4a43..58e120a6ab 100644
--- a/app/test/meson.build
+++ b/app/test/meson.build
@@ -169,6 +169,7 @@ source_file_deps = {
'test_security.c': ['net', 'security'],
'test_security_inline_macsec.c': ['ethdev', 'security'],
'test_security_inline_proto.c': ['ethdev', 'security', 'eventdev'] + test_cryptodev_deps,
+ 'test_security_proto.c' : ['cryptodev', 'security'],
'test_seqlock.c': [],
'test_service_cores.c': [],
'test_spinlock.c': [],
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 58561ededf..9644566acc 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -53,6 +53,7 @@
#include "test_cryptodev_security_pdcp_sdap_test_vectors.h"
#include "test_cryptodev_security_pdcp_test_func.h"
#include "test_cryptodev_security_docsis_test_vectors.h"
+#include "test_security_proto.h"
#define SDAP_DISABLED 0
#define SDAP_ENABLED 1
@@ -10229,9 +10230,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
ut_params->aead_xform.aead.iv.offset = IV_OFFSET;
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_aead_verify(
- sec_cap,
- &ut_params->aead_xform) != 0) {
+ if (test_sec_crypto_caps_aead_verify(sec_cap, &ut_params->aead_xform) != 0) {
if (!silent)
RTE_LOG(INFO, USER1,
"Crypto capabilities not supported\n");
@@ -10242,9 +10241,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
sizeof(ut_params->auth_xform));
ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
- if (test_ipsec_crypto_caps_auth_verify(
- sec_cap,
- &ut_params->auth_xform) != 0) {
+ if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) {
if (!silent)
RTE_LOG(INFO, USER1,
"Auth crypto capabilities not supported\n");
@@ -10261,18 +10258,14 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_cipher_verify(
- sec_cap,
- &ut_params->cipher_xform) != 0) {
+ if (test_sec_crypto_caps_cipher_verify(sec_cap, &ut_params->cipher_xform) != 0) {
if (!silent)
RTE_LOG(INFO, USER1,
"Cipher crypto capabilities not supported\n");
return TEST_SKIPPED;
}
- if (test_ipsec_crypto_caps_auth_verify(
- sec_cap,
- &ut_params->auth_xform) != 0) {
+ if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) {
if (!silent)
RTE_LOG(INFO, USER1,
"Auth crypto capabilities not supported\n");
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 205714b270..01e0a45ffd 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -224,84 +224,6 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
return 0;
}
-int
-test_ipsec_crypto_caps_aead_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *aead)
-{
- const struct rte_cryptodev_symmetric_capability *sym_cap;
- const struct rte_cryptodev_capabilities *crypto_cap;
- int j = 0;
-
- while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op !=
- RTE_CRYPTO_OP_TYPE_UNDEFINED) {
- if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
- crypto_cap->sym.xform_type == aead->type &&
- crypto_cap->sym.aead.algo == aead->aead.algo) {
- sym_cap = &crypto_cap->sym;
- if (rte_cryptodev_sym_capability_check_aead(sym_cap,
- aead->aead.key.length,
- aead->aead.digest_length,
- aead->aead.aad_length,
- aead->aead.iv.length) == 0)
- return 0;
- }
- }
-
- return -ENOTSUP;
-}
-
-int
-test_ipsec_crypto_caps_cipher_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *cipher)
-{
- const struct rte_cryptodev_symmetric_capability *sym_cap;
- const struct rte_cryptodev_capabilities *cap;
- int j = 0;
-
- while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
- RTE_CRYPTO_OP_TYPE_UNDEFINED) {
- if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
- cap->sym.xform_type == cipher->type &&
- cap->sym.cipher.algo == cipher->cipher.algo) {
- sym_cap = &cap->sym;
- if (rte_cryptodev_sym_capability_check_cipher(sym_cap,
- cipher->cipher.key.length,
- cipher->cipher.iv.length) == 0)
- return 0;
- }
- }
-
- return -ENOTSUP;
-}
-
-int
-test_ipsec_crypto_caps_auth_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *auth)
-{
- const struct rte_cryptodev_symmetric_capability *sym_cap;
- const struct rte_cryptodev_capabilities *cap;
- int j = 0;
-
- while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
- RTE_CRYPTO_OP_TYPE_UNDEFINED) {
- if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
- cap->sym.xform_type == auth->type &&
- cap->sym.auth.algo == auth->auth.algo) {
- sym_cap = &cap->sym;
- if (rte_cryptodev_sym_capability_check_auth(sym_cap,
- auth->auth.key.length,
- auth->auth.digest_length,
- auth->auth.iv.length) == 0)
- return 0;
- }
- }
-
- return -ENOTSUP;
-}
-
void
test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
struct ipsec_test_data *td_in)
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index d7fc562751..dc1b4c4a80 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -263,18 +263,6 @@ int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
const struct rte_security_capability *sec_cap,
bool silent);
-int test_ipsec_crypto_caps_aead_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *aead);
-
-int test_ipsec_crypto_caps_cipher_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *cipher);
-
-int test_ipsec_crypto_caps_auth_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *auth);
-
void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
struct ipsec_test_data *td_in);
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 78a2064b65..9644a3c39c 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -12,6 +12,7 @@
#include "test.h"
#include "test_security_inline_proto_vectors.h"
+#include "test_security_proto.h"
#ifdef RTE_EXEC_ENV_WINDOWS
static int
@@ -248,8 +249,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
sizeof(struct rte_crypto_sym_xform));
sess_conf->crypto_xform->aead.key.data = sa->key.data;
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_aead_verify(sec_cap,
- sess_conf->crypto_xform) != 0) {
+ if (test_sec_crypto_caps_aead_verify(sec_cap, sess_conf->crypto_xform) != 0) {
RTE_LOG(INFO, USER1,
"Crypto capabilities not supported\n");
return TEST_SKIPPED;
@@ -268,14 +268,14 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
sess_conf->crypto_xform->next->auth.key.data =
sa->auth_key.data;
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_cipher_verify(sec_cap,
+ if (test_sec_crypto_caps_cipher_verify(sec_cap,
sess_conf->crypto_xform) != 0) {
RTE_LOG(INFO, USER1,
"Cipher crypto capabilities not supported\n");
return TEST_SKIPPED;
}
- if (test_ipsec_crypto_caps_auth_verify(sec_cap,
+ if (test_sec_crypto_caps_auth_verify(sec_cap,
sess_conf->crypto_xform->next) != 0) {
RTE_LOG(INFO, USER1,
"Auth crypto capabilities not supported\n");
@@ -294,14 +294,14 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
sa->key.data;
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_cipher_verify(sec_cap,
+ if (test_sec_crypto_caps_cipher_verify(sec_cap,
sess_conf->crypto_xform->next) != 0) {
RTE_LOG(INFO, USER1,
"Cipher crypto capabilities not supported\n");
return TEST_SKIPPED;
}
- if (test_ipsec_crypto_caps_auth_verify(sec_cap,
+ if (test_sec_crypto_caps_auth_verify(sec_cap,
sess_conf->crypto_xform) != 0) {
RTE_LOG(INFO, USER1,
"Auth crypto capabilities not supported\n");
diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c
new file mode 100644
index 0000000000..bc4c5e11d2
--- /dev/null
+++ b/app/test/test_security_proto.c
@@ -0,0 +1,83 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#include <rte_cryptodev.h>
+#include <rte_security.h>
+
+#include "test_security_proto.h"
+
+int
+test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *aead)
+{
+ const struct rte_cryptodev_symmetric_capability *sym_cap;
+ const struct rte_cryptodev_capabilities *crypto_cap;
+ int j = 0;
+
+ while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op !=
+ RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+ if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
+ crypto_cap->sym.xform_type == aead->type &&
+ crypto_cap->sym.aead.algo == aead->aead.algo) {
+ sym_cap = &crypto_cap->sym;
+ if (rte_cryptodev_sym_capability_check_aead(sym_cap,
+ aead->aead.key.length,
+ aead->aead.digest_length,
+ aead->aead.aad_length,
+ aead->aead.iv.length) == 0)
+ return 0;
+ }
+ }
+
+ return -ENOTSUP;
+}
+
+int
+test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *cipher)
+{
+ const struct rte_cryptodev_symmetric_capability *sym_cap;
+ const struct rte_cryptodev_capabilities *cap;
+ int j = 0;
+
+ while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
+ RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+ if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
+ cap->sym.xform_type == cipher->type &&
+ cap->sym.cipher.algo == cipher->cipher.algo) {
+ sym_cap = &cap->sym;
+ if (rte_cryptodev_sym_capability_check_cipher(sym_cap,
+ cipher->cipher.key.length,
+ cipher->cipher.iv.length) == 0)
+ return 0;
+ }
+ }
+
+ return -ENOTSUP;
+}
+
+int
+test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *auth)
+{
+ const struct rte_cryptodev_symmetric_capability *sym_cap;
+ const struct rte_cryptodev_capabilities *cap;
+ int j = 0;
+
+ while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
+ RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+ if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
+ cap->sym.xform_type == auth->type &&
+ cap->sym.auth.algo == auth->auth.algo) {
+ sym_cap = &cap->sym;
+ if (rte_cryptodev_sym_capability_check_auth(sym_cap,
+ auth->auth.key.length,
+ auth->auth.digest_length,
+ auth->auth.iv.length) == 0)
+ return 0;
+ }
+ }
+
+ return -ENOTSUP;
+}
diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h
new file mode 100644
index 0000000000..b91181384b
--- /dev/null
+++ b/app/test/test_security_proto.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#ifndef _TEST_SECURITY_PROTO_H_
+#define _TEST_SECURITY_PROTO_H_
+
+#include <rte_cryptodev.h>
+#include <rte_security.h>
+
+int test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *aead);
+
+int test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *cipher);
+
+int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *auth);
+
+#endif
--
2.25.1
next prev parent reply other threads:[~2023-12-07 13:02 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 13:02 [PATCH 00/14] Add TLS record test suite Anoob Joseph
2023-12-07 13:02 ` Anoob Joseph [this message]
2023-12-07 13:02 ` [PATCH 02/14] test/crypto: move algorithm list to common Anoob Joseph
2023-12-07 13:02 ` [PATCH 03/14] test/crypto: move algorithm display routines " Anoob Joseph
2023-12-07 13:02 ` [PATCH 04/14] test/security: add sha1-hmac to auth list Anoob Joseph
2023-12-07 13:02 ` [PATCH 05/14] test/crypto: move algorithm framework to common Anoob Joseph
2023-12-07 13:02 ` [PATCH 06/14] test/crypto: add TLS record tests Anoob Joseph
2023-12-07 13:02 ` [PATCH 07/14] test/crypto: add AES-GCM 128 TLS 1.2 vector Anoob Joseph
2023-12-07 13:02 ` [PATCH 08/14] test/crypto: add TLS1.2 vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 09/14] test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 10/14] test/crypto: add combined mode cases Anoob Joseph
2023-12-07 13:02 ` [PATCH 11/14] test/crypto: add verification of TLS headers Anoob Joseph
2023-12-07 13:02 ` [PATCH 12/14] test/security: add more algos to combined tests Anoob Joseph
2023-12-07 13:02 ` [PATCH 13/14] test/security: add TLS 1.2 and DTLS 1.2 vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 14/14] test/crypto: add multi segmented cases Anoob Joseph
2024-01-16 9:02 ` [PATCH 00/14] Add TLS record test suite Akhil Goyal
2024-01-19 8:55 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231207130216.140-2-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=harry.van.haaren@intel.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).