[PATCH 00/14] Add TLS record test suite

[PATCH 00/14] Add TLS record test suite

[Anoob Joseph]

Add TLS record test suite in cryptodev autotest framework. The test
suite would run based on capabilities exposed by the cryptodev.

The test suite framework is similar to the framework used in case of
IPsec tests. To avoid duplication of code, protocol independent code
is moved to common files and the functions are renamed accordingly.

TLS record test suite has known vector tests as well as combined mode
tests. Known vector tests leverages vectors generated with kTLS and
gnuTLS utilities. The test suite supports testing both operations (read
or decrypt, write or encrypt) with a single vector. Write or encrypt
test would get skipped if cryptodev doesn't support disabling of IV
generation. Combined mode tests are targetted at testing protocol
features with all combinations of cipher-authentication algorithms. 

Combined mode performs record write operation first and feeds that back
to record read operation. Individual test cases may update the input to
record write operation based on the test case and the test framework
validates the output obtained (not complete text, but protocol specific
fields such as TLS header). Once it is validated, the output will be
submitted for record read operation which would give back the original
data. Currently this framework supports testing of multi-segmented mbuf
as input with TLS record. The same would be enhanced to support more
cases such as ICV corruption, incorrect padding etc.

Enhancements planned for future,
- Add TLS 1.3 suite
- Add negative tests such as ICV corruption and incorrect padding
- Add session expiry tests
- Add anti-replay tests with DTLS

 Sample output with crypto_cn10k:

 + ------------------------------------------------------- +                                                                                [67/18944]
 + ------------------------------------------------------- +
 + Test Suite : TLS 1.2 Record Protocol Unit Test Suite
 + ------------------------------------------------------- +
 + TestCase [ 0] : Write record known vector AES-GCM-128 (vector 1) succeeded
 + TestCase [ 1] : Write record known vector AES-GCM-128 (vector 2) succeeded
 + TestCase [ 2] : Write record known vector AES-GCM-256 succeeded
 + TestCase [ 3] : Write record known vector AES-CBC-128-SHA1 succeeded
 + TestCase [ 4] : Write record known vector AES-128-CBC-SHA256 succeeded
 + TestCase [ 5] : Write record known vector AES-256-CBC-SHA1 succeeded
 + TestCase [ 6] : Write record known vector AES-256-CBC-SHA256 succeeded
 + TestCase [ 7] : Write record known vector 3DES-CBC-SHA1-HMAC succeeded
USER1: Cipher crypto capabilities not supported
 + TestCase [ 8] : Write record known vector NULL-SHA1-HMAC skipped
USER1: Crypto capabilities not supported
 + TestCase [ 9] : Write record known vector CHACHA20-POLY1305 skipped
 + TestCase [10] : Read record known vector AES-GCM-128 (vector 1) succeeded
 + TestCase [11] : Read record known vector AES-GCM-128 (vector 2) succeeded
 + TestCase [12] : Read record known vector AES-GCM-256 succeeded
 + TestCase [13] : Read record known vector AES-128-CBC-SHA1 succeeded
 + TestCase [14] : Read record known vector AES-128-CBC-SHA256 succeeded
 + TestCase [15] : Read record known vector AES-256-CBC-SHA1 succeeded
 + TestCase [16] : Read record known vector AES-256-CBC-SHA256 succeeded
 + TestCase [17] : Read record known vector 3DES-CBC-SHA1-HMAC succeeded
USER1: Cipher crypto capabilities not supported
 + TestCase [18] : Read record known vector NULL-SHA1-HMAC skipped
USER1: Crypto capabilities not supported
 + TestCase [19] : Read record known vector CHACHA20-POLY1305 skipped
        3des-cbc [192] sha1-hmac [20B ICV]
        aes-cbc [128] sha1-hmac [20B ICV]
        aes-cbc [128] sha2-256-hmac [32B ICV]
        aes-cbc [256] sha1-hmac [20B ICV]
        aes-cbc [256] sha2-256-hmac [32B ICV]
 + TestCase [20] : Combined test alg list succeeded
 + TestCase [21] : Multi-segmented mode succeeded
 + ------------------------------------------------------- +
 + Test Suite Summary : TLS 1.2 Record Protocol Unit Test Suite
 + ------------------------------------------------------- +
 + Tests Total :       22
 + Tests Skipped :      4
 + Tests Executed :    22
 + Tests Unsupported:   0
 + Tests Passed :      18
 + Tests Failed :       0
 + ------------------------------------------------------- +
 + ------------------------------------------------------- +
 + Test Suite : DTLS 1.2 Record Protocol Unit Test Suite
 + ------------------------------------------------------- +
 + TestCase [ 0] : Write record known vector AES-GCM-128 succeeded
 + TestCase [ 1] : Write record known vector AES-GCM-256 succeeded
 + TestCase [ 2] : Write record known vector AES-128-CBC-SHA1 succeeded
 + TestCase [ 3] : Write record known vector AES-128-CBC-SHA256 succeeded
 + TestCase [ 4] : Write record known vector AES-256-CBC-SHA1 succeeded
 + TestCase [ 5] : Write record known vector AES-256-CBC-SHA256 succeeded
 + TestCase [ 6] : Write record known vector 3DES-CBC-SHA1-HMAC succeeded
USER1: Cipher crypto capabilities not supported
 + TestCase [ 7] : Write record known vector NULL-SHA1-HMAC skipped
USER1: Crypto capabilities not supported
 + TestCase [ 8] : Write record known vector CHACHA20-POLY1305 skipped
 + TestCase [ 9] : Read record known vector AES-GCM-128 succeeded
 + TestCase [10] : Read record known vector AES-GCM-256 succeeded
 + TestCase [11] : Read record known vector AES-128-CBC-SHA1 succeeded
 + TestCase [12] : Read record known vector AES-128-CBC-SHA256 succeeded
 + TestCase [13] : Read record known vector AES-256-CBC-SHA1 succeeded
 + TestCase [14] : Read record known vector AES-256-CBC-SHA256 succeeded
 + TestCase [15] : Read record known vector 3DES-CBC-SHA1-HMAC succeeded
USER1: Cipher crypto capabilities not supported
 + TestCase [16] : Read record known vector NULL-SHA1-HMAC skipped
USER1: Crypto capabilities not supported
 + TestCase [17] : Read record known vector CHACHA20-POLY1305 skipped
        3des-cbc [192] sha1-hmac [20B ICV]
        aes-cbc [128] sha1-hmac [20B ICV]
        aes-cbc [128] sha2-256-hmac [32B ICV]
        aes-cbc [256] sha1-hmac [20B ICV]
        aes-cbc [256] sha2-256-hmac [32B ICV]
 + TestCase [18] : Combined test alg list succeeded
 + TestCase [19] : Multi-segmented mode succeeded
 + ------------------------------------------------------- +
 + Test Suite Summary : DTLS 1.2 Record Protocol Unit Test Suite
 + ------------------------------------------------------- +
 + Tests Total :       20
 + Tests Skipped :      4
 + Tests Executed :    20
 + Tests Unsupported:   0
 + Tests Passed :      16
 + Tests Failed :       0
 + ------------------------------------------------------- +

Akhil Goyal (3):
  test/crypto: add TLS1.2 vectors
  test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors
  test/security: add TLS 1.2 and DTLS 1.2 vectors

Anoob Joseph (5):
  test/crypto: move security caps checks to separate file
  test/crypto: move algorithm display routines to common
  test/security: add sha1-hmac to auth list
  test/crypto: add TLS record tests
  test/crypto: add verification of TLS headers

Tejasree Kondoj (2):
  test/crypto: add AES-GCM 128 TLS 1.2 vector
  test/crypto: add multi segmented cases

Vidya Sagar Velumuri (4):
  test/crypto: move algorithm list to common
  test/crypto: move algorithm framework to common
  test/crypto: add combined mode cases
  test/security: add more algos to combined tests

 app/test-security-perf/meson.build            |    1 +
 app/test-security-perf/test_security_perf.c   |   35 +-
 app/test/meson.build                          |    2 +
 app/test/test_cryptodev.c                     |  596 ++++++-
 app/test/test_cryptodev.h                     |    2 +
 app/test/test_cryptodev_security_ipsec.c      |  164 +-
 app/test/test_cryptodev_security_ipsec.h      |  157 +-
 app/test/test_cryptodev_security_tls_record.c |  327 ++++
 app/test/test_cryptodev_security_tls_record.h |  101 ++
 ...yptodev_security_tls_record_test_vectors.h | 1584 +++++++++++++++++
 app/test/test_security_inline_proto.c         |   42 +-
 app/test/test_security_proto.c                |  154 ++
 app/test/test_security_proto.h                |  186 ++
 doc/guides/rel_notes/release_24_03.rst        |    4 +
 14 files changed, 2960 insertions(+), 395 deletions(-)
 create mode 100644 app/test/test_cryptodev_security_tls_record.c
 create mode 100644 app/test/test_cryptodev_security_tls_record.h
 create mode 100644 app/test/test_cryptodev_security_tls_record_test_vectors.h
 create mode 100644 app/test/test_security_proto.c
 create mode 100644 app/test/test_security_proto.h

-- 
2.25.1

[PATCH 01/14] test/crypto: move security caps checks to separate file

[Anoob Joseph]

Move routines performing security caps verifications to a separate file
to allow the usage of same for other protocol tests such as TLS record.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test-security-perf/meson.build          |  1 +
 app/test-security-perf/test_security_perf.c | 17 ++---
 app/test/meson.build                        |  1 +
 app/test/test_cryptodev.c                   | 17 ++---
 app/test/test_cryptodev_security_ipsec.c    | 78 -------------------
 app/test/test_cryptodev_security_ipsec.h    | 12 ---
 app/test/test_security_inline_proto.c       | 12 +--
 app/test/test_security_proto.c              | 83 +++++++++++++++++++++
 app/test/test_security_proto.h              | 20 +++++
 9 files changed, 121 insertions(+), 120 deletions(-)
 create mode 100644 app/test/test_security_proto.c
 create mode 100644 app/test/test_security_proto.h

diff --git a/app/test-security-perf/meson.build b/app/test-security-perf/meson.build
index 076999022e..547de9c908 100644
--- a/app/test-security-perf/meson.build
+++ b/app/test-security-perf/meson.build
@@ -10,5 +10,6 @@ endif
 sources = files(
         'test_security_perf.c',
         '../test/test_cryptodev_security_ipsec.c',
+        '../test/test_security_proto.c',
 )
 deps += ['security', 'cmdline']
diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c
index 4dfaca4800..c64f20e76c 100644
--- a/app/test-security-perf/test_security_perf.c
+++ b/app/test-security-perf/test_security_perf.c
@@ -16,6 +16,7 @@
 #include <app/test/test_cryptodev.h>
 #include <app/test/test_cryptodev_security_ipsec.h>
 #include <app/test/test_cryptodev_security_ipsec_test_vectors.h>
+#include <app/test/test_security_proto.h>
 
 #define NB_DESC 4096
 #define DEF_NB_SESSIONS (16 * 10 * 1024) /* 16 * 10K tunnels */
@@ -258,9 +259,7 @@ sec_conf_init(struct lcore_conf *conf,
 		conf->aead_xform.aead.iv.offset = IV_OFFSET;
 
 		/* Verify crypto capabilities */
-		if (test_ipsec_crypto_caps_aead_verify(
-				sec_cap,
-				&conf->aead_xform) != 0) {
+		if (test_sec_crypto_caps_aead_verify(sec_cap, &conf->aead_xform) != 0) {
 			RTE_LOG(ERR, USER1,
 				"Crypto capabilities not supported\n");
 			return -1;
@@ -270,9 +269,7 @@ sec_conf_init(struct lcore_conf *conf,
 		       sizeof(conf->auth_xform));
 		conf->auth_xform.auth.key.data = td[0].auth_key.data;
 
-		if (test_ipsec_crypto_caps_auth_verify(
-				sec_cap,
-				&conf->auth_xform) != 0) {
+		if (test_sec_crypto_caps_auth_verify(sec_cap, &conf->auth_xform) != 0) {
 			RTE_LOG(INFO, USER1,
 				"Auth crypto capabilities not supported\n");
 			return -1;
@@ -288,17 +285,13 @@ sec_conf_init(struct lcore_conf *conf,
 
 		/* Verify crypto capabilities */
 
-		if (test_ipsec_crypto_caps_cipher_verify(
-				sec_cap,
-				&conf->cipher_xform) != 0) {
+		if (test_sec_crypto_caps_cipher_verify(sec_cap, &conf->cipher_xform) != 0) {
 			RTE_LOG(ERR, USER1,
 				"Cipher crypto capabilities not supported\n");
 			return -1;
 		}
 
-		if (test_ipsec_crypto_caps_auth_verify(
-				sec_cap,
-				&conf->auth_xform) != 0) {
+		if (test_sec_crypto_caps_auth_verify(sec_cap, &conf->auth_xform) != 0) {
 			RTE_LOG(ERR, USER1,
 				"Auth crypto capabilities not supported\n");
 			return -1;
diff --git a/app/test/meson.build b/app/test/meson.build
index dcc93f4a43..58e120a6ab 100644
--- a/app/test/meson.build
+++ b/app/test/meson.build
@@ -169,6 +169,7 @@ source_file_deps = {
     'test_security.c': ['net', 'security'],
     'test_security_inline_macsec.c': ['ethdev', 'security'],
     'test_security_inline_proto.c': ['ethdev', 'security', 'eventdev'] + test_cryptodev_deps,
+    'test_security_proto.c' : ['cryptodev', 'security'],
     'test_seqlock.c': [],
     'test_service_cores.c': [],
     'test_spinlock.c': [],
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 58561ededf..9644566acc 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -53,6 +53,7 @@
 #include "test_cryptodev_security_pdcp_sdap_test_vectors.h"
 #include "test_cryptodev_security_pdcp_test_func.h"
 #include "test_cryptodev_security_docsis_test_vectors.h"
+#include "test_security_proto.h"
 
 #define SDAP_DISABLED	0
 #define SDAP_ENABLED	1
@@ -10229,9 +10230,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 		ut_params->aead_xform.aead.iv.offset = IV_OFFSET;
 
 		/* Verify crypto capabilities */
-		if (test_ipsec_crypto_caps_aead_verify(
-				sec_cap,
-				&ut_params->aead_xform) != 0) {
+		if (test_sec_crypto_caps_aead_verify(sec_cap, &ut_params->aead_xform) != 0) {
 			if (!silent)
 				RTE_LOG(INFO, USER1,
 					"Crypto capabilities not supported\n");
@@ -10242,9 +10241,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 		       sizeof(ut_params->auth_xform));
 		ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
 
-		if (test_ipsec_crypto_caps_auth_verify(
-				sec_cap,
-				&ut_params->auth_xform) != 0) {
+		if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) {
 			if (!silent)
 				RTE_LOG(INFO, USER1,
 					"Auth crypto capabilities not supported\n");
@@ -10261,18 +10258,14 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 
 		/* Verify crypto capabilities */
 
-		if (test_ipsec_crypto_caps_cipher_verify(
-				sec_cap,
-				&ut_params->cipher_xform) != 0) {
+		if (test_sec_crypto_caps_cipher_verify(sec_cap, &ut_params->cipher_xform) != 0) {
 			if (!silent)
 				RTE_LOG(INFO, USER1,
 					"Cipher crypto capabilities not supported\n");
 			return TEST_SKIPPED;
 		}
 
-		if (test_ipsec_crypto_caps_auth_verify(
-				sec_cap,
-				&ut_params->auth_xform) != 0) {
+		if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) {
 			if (!silent)
 				RTE_LOG(INFO, USER1,
 					"Auth crypto capabilities not supported\n");
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 205714b270..01e0a45ffd 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -224,84 +224,6 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 	return 0;
 }
 
-int
-test_ipsec_crypto_caps_aead_verify(
-		const struct rte_security_capability *sec_cap,
-		struct rte_crypto_sym_xform *aead)
-{
-	const struct rte_cryptodev_symmetric_capability *sym_cap;
-	const struct rte_cryptodev_capabilities *crypto_cap;
-	int j = 0;
-
-	while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op !=
-			RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-		if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
-				crypto_cap->sym.xform_type == aead->type &&
-				crypto_cap->sym.aead.algo == aead->aead.algo) {
-			sym_cap = &crypto_cap->sym;
-			if (rte_cryptodev_sym_capability_check_aead(sym_cap,
-					aead->aead.key.length,
-					aead->aead.digest_length,
-					aead->aead.aad_length,
-					aead->aead.iv.length) == 0)
-				return 0;
-		}
-	}
-
-	return -ENOTSUP;
-}
-
-int
-test_ipsec_crypto_caps_cipher_verify(
-		const struct rte_security_capability *sec_cap,
-		struct rte_crypto_sym_xform *cipher)
-{
-	const struct rte_cryptodev_symmetric_capability *sym_cap;
-	const struct rte_cryptodev_capabilities *cap;
-	int j = 0;
-
-	while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
-			RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-		if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
-				cap->sym.xform_type == cipher->type &&
-				cap->sym.cipher.algo == cipher->cipher.algo) {
-			sym_cap = &cap->sym;
-			if (rte_cryptodev_sym_capability_check_cipher(sym_cap,
-					cipher->cipher.key.length,
-					cipher->cipher.iv.length) == 0)
-				return 0;
-		}
-	}
-
-	return -ENOTSUP;
-}
-
-int
-test_ipsec_crypto_caps_auth_verify(
-		const struct rte_security_capability *sec_cap,
-		struct rte_crypto_sym_xform *auth)
-{
-	const struct rte_cryptodev_symmetric_capability *sym_cap;
-	const struct rte_cryptodev_capabilities *cap;
-	int j = 0;
-
-	while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
-			RTE_CRYPTO_OP_TYPE_UNDEFINED) {
-		if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
-				cap->sym.xform_type == auth->type &&
-				cap->sym.auth.algo == auth->auth.algo) {
-			sym_cap = &cap->sym;
-			if (rte_cryptodev_sym_capability_check_auth(sym_cap,
-					auth->auth.key.length,
-					auth->auth.digest_length,
-					auth->auth.iv.length) == 0)
-				return 0;
-		}
-	}
-
-	return -ENOTSUP;
-}
-
 void
 test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 			  struct ipsec_test_data *td_in)
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index d7fc562751..dc1b4c4a80 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -263,18 +263,6 @@ int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 			       const struct rte_security_capability *sec_cap,
 			       bool silent);
 
-int test_ipsec_crypto_caps_aead_verify(
-		const struct rte_security_capability *sec_cap,
-		struct rte_crypto_sym_xform *aead);
-
-int test_ipsec_crypto_caps_cipher_verify(
-		const struct rte_security_capability *sec_cap,
-		struct rte_crypto_sym_xform *cipher);
-
-int test_ipsec_crypto_caps_auth_verify(
-		const struct rte_security_capability *sec_cap,
-		struct rte_crypto_sym_xform *auth);
-
 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 			       struct ipsec_test_data *td_in);
 
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 78a2064b65..9644a3c39c 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -12,6 +12,7 @@
 
 #include "test.h"
 #include "test_security_inline_proto_vectors.h"
+#include "test_security_proto.h"
 
 #ifdef RTE_EXEC_ENV_WINDOWS
 static int
@@ -248,8 +249,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
 				sizeof(struct rte_crypto_sym_xform));
 		sess_conf->crypto_xform->aead.key.data = sa->key.data;
 		/* Verify crypto capabilities */
-		if (test_ipsec_crypto_caps_aead_verify(sec_cap,
-					sess_conf->crypto_xform) != 0) {
+		if (test_sec_crypto_caps_aead_verify(sec_cap, sess_conf->crypto_xform) != 0) {
 			RTE_LOG(INFO, USER1,
 				"Crypto capabilities not supported\n");
 			return TEST_SKIPPED;
@@ -268,14 +268,14 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
 			sess_conf->crypto_xform->next->auth.key.data =
 							sa->auth_key.data;
 			/* Verify crypto capabilities */
-			if (test_ipsec_crypto_caps_cipher_verify(sec_cap,
+			if (test_sec_crypto_caps_cipher_verify(sec_cap,
 					sess_conf->crypto_xform) != 0) {
 				RTE_LOG(INFO, USER1,
 					"Cipher crypto capabilities not supported\n");
 				return TEST_SKIPPED;
 			}
 
-			if (test_ipsec_crypto_caps_auth_verify(sec_cap,
+			if (test_sec_crypto_caps_auth_verify(sec_cap,
 					sess_conf->crypto_xform->next) != 0) {
 				RTE_LOG(INFO, USER1,
 					"Auth crypto capabilities not supported\n");
@@ -294,14 +294,14 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
 							sa->key.data;
 
 			/* Verify crypto capabilities */
-			if (test_ipsec_crypto_caps_cipher_verify(sec_cap,
+			if (test_sec_crypto_caps_cipher_verify(sec_cap,
 					sess_conf->crypto_xform->next) != 0) {
 				RTE_LOG(INFO, USER1,
 					"Cipher crypto capabilities not supported\n");
 				return TEST_SKIPPED;
 			}
 
-			if (test_ipsec_crypto_caps_auth_verify(sec_cap,
+			if (test_sec_crypto_caps_auth_verify(sec_cap,
 					sess_conf->crypto_xform) != 0) {
 				RTE_LOG(INFO, USER1,
 					"Auth crypto capabilities not supported\n");
diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c
new file mode 100644
index 0000000000..bc4c5e11d2
--- /dev/null
+++ b/app/test/test_security_proto.c
@@ -0,0 +1,83 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#include <rte_cryptodev.h>
+#include <rte_security.h>
+
+#include "test_security_proto.h"
+
+int
+test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap,
+		struct rte_crypto_sym_xform *aead)
+{
+	const struct rte_cryptodev_symmetric_capability *sym_cap;
+	const struct rte_cryptodev_capabilities *crypto_cap;
+	int j = 0;
+
+	while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op !=
+			RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
+				crypto_cap->sym.xform_type == aead->type &&
+				crypto_cap->sym.aead.algo == aead->aead.algo) {
+			sym_cap = &crypto_cap->sym;
+			if (rte_cryptodev_sym_capability_check_aead(sym_cap,
+					aead->aead.key.length,
+					aead->aead.digest_length,
+					aead->aead.aad_length,
+					aead->aead.iv.length) == 0)
+				return 0;
+		}
+	}
+
+	return -ENOTSUP;
+}
+
+int
+test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec_cap,
+		struct rte_crypto_sym_xform *cipher)
+{
+	const struct rte_cryptodev_symmetric_capability *sym_cap;
+	const struct rte_cryptodev_capabilities *cap;
+	int j = 0;
+
+	while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
+			RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
+				cap->sym.xform_type == cipher->type &&
+				cap->sym.cipher.algo == cipher->cipher.algo) {
+			sym_cap = &cap->sym;
+			if (rte_cryptodev_sym_capability_check_cipher(sym_cap,
+					cipher->cipher.key.length,
+					cipher->cipher.iv.length) == 0)
+				return 0;
+		}
+	}
+
+	return -ENOTSUP;
+}
+
+int
+test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap,
+		struct rte_crypto_sym_xform *auth)
+{
+	const struct rte_cryptodev_symmetric_capability *sym_cap;
+	const struct rte_cryptodev_capabilities *cap;
+	int j = 0;
+
+	while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
+			RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
+				cap->sym.xform_type == auth->type &&
+				cap->sym.auth.algo == auth->auth.algo) {
+			sym_cap = &cap->sym;
+			if (rte_cryptodev_sym_capability_check_auth(sym_cap,
+					auth->auth.key.length,
+					auth->auth.digest_length,
+					auth->auth.iv.length) == 0)
+				return 0;
+		}
+	}
+
+	return -ENOTSUP;
+}
diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h
new file mode 100644
index 0000000000..b91181384b
--- /dev/null
+++ b/app/test/test_security_proto.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#ifndef _TEST_SECURITY_PROTO_H_
+#define _TEST_SECURITY_PROTO_H_
+
+#include <rte_cryptodev.h>
+#include <rte_security.h>
+
+int test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap,
+		struct rte_crypto_sym_xform *aead);
+
+int test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec_cap,
+		struct rte_crypto_sym_xform *cipher);
+
+int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap,
+		struct rte_crypto_sym_xform *auth);
+
+#endif
-- 
2.25.1

[PATCH 02/14] test/crypto: move algorithm list to common

[Anoob Joseph]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

The algorithm list and associated structs are used for IPsec combined
mode tests. The same list can be employed for other security protocol
testing as well. Move the same to test_security_proto.h for the same.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev_security_ipsec.h | 126 +----------------------
 app/test/test_security_proto.h           | 124 ++++++++++++++++++++++
 2 files changed, 126 insertions(+), 124 deletions(-)

diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index dc1b4c4a80..77cb5fa7f9 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -8,6 +8,8 @@
 #include <rte_cryptodev.h>
 #include <rte_security.h>
 
+#include "test_security_proto.h"
+
 #define IPSEC_TEST_PACKETS_MAX 32
 #define IPSEC_TEXT_MAX_LEN 16384u
 
@@ -115,130 +117,6 @@ struct ipsec_test_flags {
 	bool rx_inject;
 };
 
-struct crypto_param {
-	enum rte_crypto_sym_xform_type type;
-	union {
-		enum rte_crypto_cipher_algorithm cipher;
-		enum rte_crypto_auth_algorithm auth;
-		enum rte_crypto_aead_algorithm aead;
-	} alg;
-	uint16_t key_length;
-	uint16_t iv_length;
-	uint16_t digest_length;
-};
-
-static const struct crypto_param aead_list[] = {
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
-		.alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
-		.key_length = 16,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
-		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
-		.key_length = 24,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
-		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
-		.key_length = 32,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
-		.alg.aead = RTE_CRYPTO_AEAD_AES_CCM,
-		.key_length = 32
-	},
-};
-
-static const struct crypto_param cipher_list[] = {
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-		.alg.cipher =  RTE_CRYPTO_CIPHER_NULL,
-		.key_length = 0,
-		.iv_length = 0,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-		.alg.cipher =  RTE_CRYPTO_CIPHER_DES_CBC,
-		.key_length = 8,
-		.iv_length = 8,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-		.alg.cipher =  RTE_CRYPTO_CIPHER_3DES_CBC,
-		.key_length = 24,
-		.iv_length = 8,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
-		.key_length = 16,
-		.iv_length = 16,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
-		.key_length = 16,
-		.iv_length = 16,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
-		.key_length = 24,
-		.iv_length = 16,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
-		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
-		.key_length = 32,
-		.iv_length = 16,
-	},
-};
-
-static const struct crypto_param auth_list[] = {
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
-		.alg.auth =  RTE_CRYPTO_AUTH_NULL,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
-		.alg.auth =  RTE_CRYPTO_AUTH_MD5_HMAC,
-		.key_length = 16,
-		.digest_length = 12,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
-		.alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
-		.key_length = 32,
-		.digest_length = 16,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
-		.alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
-		.key_length = 48,
-		.digest_length = 24,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
-		.alg.auth =  RTE_CRYPTO_AUTH_SHA512_HMAC,
-		.key_length = 64,
-		.digest_length = 32,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
-		.alg.auth =  RTE_CRYPTO_AUTH_AES_XCBC_MAC,
-		.key_length = 16,
-		.digest_length = 12,
-	},
-	{
-		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
-		.alg.auth =  RTE_CRYPTO_AUTH_AES_GMAC,
-		.key_length = 16,
-		.digest_length = 16,
-		.iv_length = 12,
-	},
-};
-
 struct crypto_param_comb {
 	const struct crypto_param *param1;
 	const struct crypto_param *param2;
diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h
index b91181384b..e8d6193530 100644
--- a/app/test/test_security_proto.h
+++ b/app/test/test_security_proto.h
@@ -8,6 +8,130 @@
 #include <rte_cryptodev.h>
 #include <rte_security.h>
 
+struct crypto_param {
+	enum rte_crypto_sym_xform_type type;
+	union {
+		enum rte_crypto_cipher_algorithm cipher;
+		enum rte_crypto_auth_algorithm auth;
+		enum rte_crypto_aead_algorithm aead;
+	} alg;
+	uint16_t key_length;
+	uint16_t iv_length;
+	uint16_t digest_length;
+};
+
+static const struct crypto_param aead_list[] = {
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+		.alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
+		.key_length = 16,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+		.key_length = 24,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+		.key_length = 32,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+		.alg.aead = RTE_CRYPTO_AEAD_AES_CCM,
+		.key_length = 32
+	},
+};
+
+static const struct crypto_param cipher_list[] = {
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_NULL,
+		.key_length = 0,
+		.iv_length = 0,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_DES_CBC,
+		.key_length = 8,
+		.iv_length = 8,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_3DES_CBC,
+		.key_length = 24,
+		.iv_length = 8,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
+		.key_length = 16,
+		.iv_length = 16,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
+		.key_length = 16,
+		.iv_length = 16,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
+		.key_length = 24,
+		.iv_length = 16,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
+		.key_length = 32,
+		.iv_length = 16,
+	},
+};
+
+static const struct crypto_param auth_list[] = {
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_NULL,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_MD5_HMAC,
+		.key_length = 16,
+		.digest_length = 12,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
+		.key_length = 32,
+		.digest_length = 16,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
+		.key_length = 48,
+		.digest_length = 24,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_SHA512_HMAC,
+		.key_length = 64,
+		.digest_length = 32,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+		.key_length = 16,
+		.digest_length = 12,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_AES_GMAC,
+		.key_length = 16,
+		.digest_length = 16,
+		.iv_length = 12,
+	},
+};
+
 int test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap,
 		struct rte_crypto_sym_xform *aead);
 
-- 
2.25.1

[PATCH 03/14] test/crypto: move algorithm display routines to common

[Anoob Joseph]

The functions that are used for printing algorithms in case of IPsec can
be moved to the common header, test_security_proto.h. The same could be
used for other security protocol testing.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test-security-perf/test_security_perf.c |  3 +--
 app/test/test_cryptodev.c                   |  6 ++---
 app/test/test_cryptodev_security_ipsec.c    | 26 ---------------------
 app/test/test_cryptodev_security_ipsec.h    |  3 ---
 app/test/test_security_inline_proto.c       |  9 +++----
 app/test/test_security_proto.c              | 25 ++++++++++++++++++++
 app/test/test_security_proto.h              |  2 ++
 7 files changed, 33 insertions(+), 41 deletions(-)

diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c
index c64f20e76c..84726de7b0 100644
--- a/app/test-security-perf/test_security_perf.c
+++ b/app/test-security-perf/test_security_perf.c
@@ -532,8 +532,7 @@ main(int argc, char **argv)
 	for (ctx.td_idx = 0; ctx.td_idx < RTE_DIM(alg_list); ctx.td_idx++) {
 
 		printf("\n\n    Algorithm combination:");
-		test_ipsec_display_alg(alg_list[ctx.td_idx].param1,
-				       alg_list[ctx.td_idx].param2);
+		test_sec_alg_display(alg_list[ctx.td_idx].param1, alg_list[ctx.td_idx].param2);
 		printf("    ----------------------");
 
 		printf("\n%20s%20s%20s%20s%20s%20s\n\n",
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9644566acc..218761f0a9 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -10540,8 +10540,7 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 			return TEST_FAILED;
 
 		if (flags->display_alg)
-			test_ipsec_display_alg(alg_list[i].param1,
-					       alg_list[i].param2);
+			test_sec_alg_display(alg_list[i].param1, alg_list[i].param2);
 
 		pass_cnt++;
 	}
@@ -10586,8 +10585,7 @@ test_ipsec_ah_proto_all(const struct ipsec_test_flags *flags)
 			return TEST_FAILED;
 
 		if (flags->display_alg)
-			test_ipsec_display_alg(ah_alg_list[i].param1,
-					       ah_alg_list[i].param2);
+			test_sec_alg_display(ah_alg_list[i].param1, ah_alg_list[i].param2);
 
 		pass_cnt++;
 	}
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 01e0a45ffd..dafe3244e8 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -549,32 +549,6 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[],
 	}
 }
 
-void
-test_ipsec_display_alg(const struct crypto_param *param1,
-		       const struct crypto_param *param2)
-{
-	if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
-		printf("\t%s [%d]",
-		       rte_cryptodev_get_aead_algo_string(param1->alg.aead),
-		       param1->key_length * 8);
-	} else if (param1->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
-		printf("\t%s",
-		       rte_cryptodev_get_auth_algo_string(param1->alg.auth));
-		if (param1->alg.auth != RTE_CRYPTO_AUTH_NULL)
-			printf(" [%dB ICV]", param1->digest_length);
-	} else {
-		printf("\t%s",
-		       rte_cryptodev_get_cipher_algo_string(param1->alg.cipher));
-		if (param1->alg.cipher != RTE_CRYPTO_CIPHER_NULL)
-			printf(" [%d]", param1->key_length * 8);
-		printf(" %s",
-		       rte_cryptodev_get_auth_algo_string(param2->alg.auth));
-		if (param2->alg.auth != RTE_CRYPTO_AUTH_NULL)
-			printf(" [%dB ICV]", param2->digest_length);
-	}
-	printf("\n");
-}
-
 static int
 test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
 {
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 77cb5fa7f9..41aa865a0f 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -155,9 +155,6 @@ void test_ipsec_td_update(struct ipsec_test_data td_inb[],
 			  int nb_td,
 			  const struct ipsec_test_flags *flags);
 
-void test_ipsec_display_alg(const struct crypto_param *param1,
-			    const struct crypto_param *param2);
-
 int test_ipsec_post_process(const struct rte_mbuf *m,
 			    const struct ipsec_test_data *td,
 			    struct ipsec_test_data *res_d, bool silent,
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 9644a3c39c..6cda9fe7aa 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -1345,8 +1345,7 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags)
 
 		if (ret == TEST_FAILED) {
 			printf("\n TEST FAILED");
-			test_ipsec_display_alg(alg_list[i].param1,
-					       alg_list[i].param2);
+			test_sec_alg_display(alg_list[i].param1, alg_list[i].param2);
 			fail_cnt++;
 			continue;
 		}
@@ -1360,15 +1359,13 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags)
 
 		if (ret == TEST_FAILED) {
 			printf("\n TEST FAILED");
-			test_ipsec_display_alg(alg_list[i].param1,
-					       alg_list[i].param2);
+			test_sec_alg_display(alg_list[i].param1, alg_list[i].param2);
 			fail_cnt++;
 			continue;
 		}
 
 		if (flags->display_alg)
-			test_ipsec_display_alg(alg_list[i].param1,
-					       alg_list[i].param2);
+			test_sec_alg_display(alg_list[i].param1, alg_list[i].param2);
 
 		pass_cnt++;
 	}
diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c
index bc4c5e11d2..d62302a8dd 100644
--- a/app/test/test_security_proto.c
+++ b/app/test/test_security_proto.c
@@ -81,3 +81,28 @@ test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap,
 
 	return -ENOTSUP;
 }
+
+void
+test_sec_alg_display(const struct crypto_param *param1, const struct crypto_param *param2)
+{
+	if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		printf("\t%s [%d]",
+		       rte_cryptodev_get_aead_algo_string(param1->alg.aead),
+		       param1->key_length * 8);
+	} else if (param1->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+		printf("\t%s",
+		       rte_cryptodev_get_auth_algo_string(param1->alg.auth));
+		if (param1->alg.auth != RTE_CRYPTO_AUTH_NULL)
+			printf(" [%dB ICV]", param1->digest_length);
+	} else {
+		printf("\t%s",
+		       rte_cryptodev_get_cipher_algo_string(param1->alg.cipher));
+		if (param1->alg.cipher != RTE_CRYPTO_CIPHER_NULL)
+			printf(" [%d]", param1->key_length * 8);
+		printf(" %s",
+		       rte_cryptodev_get_auth_algo_string(param2->alg.auth));
+		if (param2->alg.auth != RTE_CRYPTO_AUTH_NULL)
+			printf(" [%dB ICV]", param2->digest_length);
+	}
+	printf("\n");
+}
diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h
index e8d6193530..596402fff9 100644
--- a/app/test/test_security_proto.h
+++ b/app/test/test_security_proto.h
@@ -141,4 +141,6 @@ int test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec
 int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap,
 		struct rte_crypto_sym_xform *auth);
 
+void test_sec_alg_display(const struct crypto_param *param1, const struct crypto_param *param2);
+
 #endif
-- 
2.25.1

[PATCH 04/14] test/security: add sha1-hmac to auth list

[Anoob Joseph]

Add SHA1-HMAC with 12B digest to the auth list. This algorithm would be
used in IPsec tests and combined tests would run on devices that support
the capabilities.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_security_proto.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h
index 596402fff9..d6a00018e3 100644
--- a/app/test/test_security_proto.h
+++ b/app/test/test_security_proto.h
@@ -99,6 +99,12 @@ static const struct crypto_param auth_list[] = {
 		.key_length = 16,
 		.digest_length = 12,
 	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_SHA1_HMAC,
+		.key_length = 20,
+		.digest_length = 12,
+	},
 	{
 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
 		.alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
-- 
2.25.1

[PATCH 05/14] test/crypto: move algorithm framework to common

[Anoob Joseph]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Move algorithm list and the associated framework to common files
(test_security_proto.c & .h) to be able to use same framework for other
security offload tests such as TLS record.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test-security-perf/test_security_perf.c | 17 +++---
 app/test/test_cryptodev.c                   | 35 ++++++------
 app/test/test_cryptodev_security_ipsec.c    | 60 +++------------------
 app/test/test_cryptodev_security_ipsec.h    | 16 ------
 app/test/test_security_inline_proto.c       | 27 +++++-----
 app/test/test_security_proto.c              | 46 ++++++++++++++++
 app/test/test_security_proto.h              | 16 ++++++
 7 files changed, 109 insertions(+), 108 deletions(-)

diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c
index 84726de7b0..b0d55cbab0 100644
--- a/app/test-security-perf/test_security_perf.c
+++ b/app/test-security-perf/test_security_perf.c
@@ -474,8 +474,8 @@ args_parse(int argc, char **argv)
 int
 main(int argc, char **argv)
 {
-	struct ipsec_test_data td_outb[RTE_DIM(alg_list)];
-	struct ipsec_test_data td_inb[RTE_DIM(alg_list)];
+	struct ipsec_test_data td_outb[RTE_DIM(sec_alg_list)];
+	struct ipsec_test_data td_inb[RTE_DIM(sec_alg_list)];
 	struct ipsec_test_flags flags;
 	uint32_t lcore_id;
 	uint8_t nb_lcores;
@@ -513,11 +513,11 @@ main(int argc, char **argv)
 	if (ret)
 		goto cryptodev_fini;
 
-	test_ipsec_alg_list_populate();
+	test_sec_alg_list_populate();
 
-	for (i = 0; i < RTE_DIM(alg_list); i++) {
-		test_ipsec_td_prepare(alg_list[i].param1,
-				      alg_list[i].param2,
+	for (i = 0; i < RTE_DIM(sec_alg_list); i++) {
+		test_ipsec_td_prepare(sec_alg_list[i].param1,
+				      sec_alg_list[i].param2,
 				      &flags,
 				      &td_outb[i],
 				      1);
@@ -529,10 +529,11 @@ main(int argc, char **argv)
 	if (ctx.is_inbound)
 		ctx.td = td_inb;
 
-	for (ctx.td_idx = 0; ctx.td_idx < RTE_DIM(alg_list); ctx.td_idx++) {
+	for (ctx.td_idx = 0; ctx.td_idx < RTE_DIM(sec_alg_list); ctx.td_idx++) {
 
 		printf("\n\n    Algorithm combination:");
-		test_sec_alg_display(alg_list[ctx.td_idx].param1, alg_list[ctx.td_idx].param2);
+		test_sec_alg_display(sec_alg_list[ctx.td_idx].param1,
+				     sec_alg_list[ctx.td_idx].param2);
 		printf("    ----------------------");
 
 		printf("\n%20s%20s%20s%20s%20s%20s\n\n",
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 218761f0a9..fbb97d5456 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -838,8 +838,8 @@ ipsec_proto_testsuite_setup(void)
 		ret = TEST_SKIPPED;
 	}
 
-	test_ipsec_alg_list_populate();
-	test_ipsec_ah_alg_list_populate();
+	test_sec_alg_list_populate();
+	test_sec_auth_only_alg_list_populate();
 
 	/*
 	 * Stop the device. Device would be started again by individual test
@@ -10483,19 +10483,19 @@ test_ipsec_proto_known_vec_inb_rx_inject(const void *test_data)
 static int
 test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 {
-	struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
-	struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX];
+	struct ipsec_test_data td_outb[TEST_SEC_PKTS_MAX];
+	struct ipsec_test_data td_inb[TEST_SEC_PKTS_MAX];
 	unsigned int i, nb_pkts = 1, pass_cnt = 0;
 	int ret;
 
 	if (flags->iv_gen ||
 	    flags->sa_expiry_pkts_soft ||
 	    flags->sa_expiry_pkts_hard)
-		nb_pkts = IPSEC_TEST_PACKETS_MAX;
+		nb_pkts = TEST_SEC_PKTS_MAX;
 
-	for (i = 0; i < RTE_DIM(alg_list); i++) {
-		test_ipsec_td_prepare(alg_list[i].param1,
-				      alg_list[i].param2,
+	for (i = 0; i < RTE_DIM(sec_alg_list); i++) {
+		test_ipsec_td_prepare(sec_alg_list[i].param1,
+				      sec_alg_list[i].param2,
 				      flags,
 				      td_outb,
 				      nb_pkts);
@@ -10540,7 +10540,7 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 			return TEST_FAILED;
 
 		if (flags->display_alg)
-			test_sec_alg_display(alg_list[i].param1, alg_list[i].param2);
+			test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2);
 
 		pass_cnt++;
 	}
@@ -10554,14 +10554,14 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 static int
 test_ipsec_ah_proto_all(const struct ipsec_test_flags *flags)
 {
-	struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
-	struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX];
+	struct ipsec_test_data td_outb[TEST_SEC_PKTS_MAX];
+	struct ipsec_test_data td_inb[TEST_SEC_PKTS_MAX];
 	unsigned int i, nb_pkts = 1, pass_cnt = 0;
 	int ret;
 
-	for (i = 0; i < RTE_DIM(ah_alg_list); i++) {
-		test_ipsec_td_prepare(ah_alg_list[i].param1,
-				      ah_alg_list[i].param2,
+	for (i = 0; i < RTE_DIM(sec_auth_only_alg_list); i++) {
+		test_ipsec_td_prepare(sec_auth_only_alg_list[i].param1,
+				      sec_auth_only_alg_list[i].param2,
 				      flags,
 				      td_outb,
 				      nb_pkts);
@@ -10585,7 +10585,8 @@ test_ipsec_ah_proto_all(const struct ipsec_test_flags *flags)
 			return TEST_FAILED;
 
 		if (flags->display_alg)
-			test_sec_alg_display(ah_alg_list[i].param1, ah_alg_list[i].param2);
+			test_sec_alg_display(sec_auth_only_alg_list[i].param1,
+					     sec_auth_only_alg_list[i].param2);
 
 		pass_cnt++;
 	}
@@ -11087,8 +11088,8 @@ test_ipsec_pkt_replay(const void *test_data, const uint64_t esn[],
 		      bool replayed_pkt[], uint32_t nb_pkts, bool esn_en,
 		      uint64_t winsz)
 {
-	struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
-	struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX];
+	struct ipsec_test_data td_outb[TEST_SEC_PKTS_MAX];
+	struct ipsec_test_data td_inb[TEST_SEC_PKTS_MAX];
 	struct ipsec_test_flags flags;
 	uint32_t i = 0, ret = 0;
 
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index dafe3244e8..1aba1ad993 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -21,12 +21,6 @@
 #define IPVERSION 4
 #endif
 
-struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
-				  (RTE_DIM(cipher_list) *
-				   RTE_DIM(auth_list))];
-
-struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)];
-
 static bool
 is_valid_ipv4_pkt(const struct rte_ipv4_hdr *pkt)
 {
@@ -61,46 +55,6 @@ is_valid_ipv6_pkt(const struct rte_ipv6_hdr *pkt)
 	return true;
 }
 
-void
-test_ipsec_alg_list_populate(void)
-{
-	unsigned long i, j, index = 0;
-
-	for (i = 0; i < RTE_DIM(aead_list); i++) {
-		alg_list[index].param1 = &aead_list[i];
-		alg_list[index].param2 = NULL;
-		index++;
-	}
-
-	for (i = 0; i < RTE_DIM(cipher_list); i++) {
-		for (j = 0; j < RTE_DIM(auth_list); j++) {
-			alg_list[index].param1 = &cipher_list[i];
-			alg_list[index].param2 = &auth_list[j];
-			index++;
-		}
-	}
-}
-
-void
-test_ipsec_ah_alg_list_populate(void)
-{
-	unsigned long i, index = 0;
-
-	for (i = 1; i < RTE_DIM(auth_list); i++) {
-		ah_alg_list[index].param1 = &auth_list[i];
-		ah_alg_list[index].param2 = NULL;
-		index++;
-	}
-
-	for (i = 1; i < RTE_DIM(auth_list); i++) {
-		/* NULL cipher */
-		ah_alg_list[index].param1 = &cipher_list[0];
-
-		ah_alg_list[index].param2 = &auth_list[i];
-		index++;
-	}
-}
-
 int
 test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 			   const struct rte_security_capability *sec_cap,
@@ -447,8 +401,7 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
 			td->ipsec_xform.options.iv_gen_disable = 0;
 
 		if (flags->sa_expiry_pkts_soft)
-			td->ipsec_xform.life.packets_soft_limit =
-					IPSEC_TEST_PACKETS_MAX - 1;
+			td->ipsec_xform.life.packets_soft_limit = TEST_SEC_PKTS_MAX - 1;
 
 		if (flags->ip_csum) {
 			td->ipsec_xform.options.ip_csum_enable = 1;
@@ -526,8 +479,7 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[],
 		}
 
 		if (flags->sa_expiry_pkts_hard)
-			td_inb[i].ipsec_xform.life.packets_hard_limit =
-					IPSEC_TEST_PACKETS_MAX - 1;
+			td_inb[i].ipsec_xform.life.packets_hard_limit = TEST_SEC_PKTS_MAX - 1;
 
 		if (flags->udp_encap)
 			td_inb[i].ipsec_xform.options.udp_encap = 1;
@@ -570,7 +522,7 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
 static int
 test_ipsec_iv_verify_push(const uint8_t *output_text, const struct ipsec_test_data *td)
 {
-	static uint8_t iv_queue[IV_LEN_MAX * IPSEC_TEST_PACKETS_MAX];
+	static uint8_t iv_queue[IV_LEN_MAX * TEST_SEC_PKTS_MAX];
 	int i, iv_pos, iv_len;
 	static int index;
 	uint8_t *iv_tmp;
@@ -601,7 +553,7 @@ test_ipsec_iv_verify_push(const uint8_t *output_text, const struct ipsec_test_da
 	memcpy(iv_tmp, output_text, iv_len);
 	index++;
 
-	if (index == IPSEC_TEST_PACKETS_MAX)
+	if (index == TEST_SEC_PKTS_MAX)
 		index = 0;
 
 	return TEST_SUCCESS;
@@ -1101,7 +1053,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td,
 
 	if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&
 	    flags->sa_expiry_pkts_hard &&
-	    pkt_num == IPSEC_TEST_PACKETS_MAX) {
+	    pkt_num == TEST_SEC_PKTS_MAX) {
 		if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) {
 			printf("SA hard expiry (pkts) test failed\n");
 			return TEST_FAILED;
@@ -1133,7 +1085,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td,
 		}
 	}
 
-	if (flags->sa_expiry_pkts_soft && pkt_num == IPSEC_TEST_PACKETS_MAX) {
+	if (flags->sa_expiry_pkts_soft && pkt_num == TEST_SEC_PKTS_MAX) {
 		if (!(op->aux_flags &
 		      RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY)) {
 			printf("SA soft expiry (pkts) test failed\n");
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 41aa865a0f..3c69471099 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -10,7 +10,6 @@
 
 #include "test_security_proto.h"
 
-#define IPSEC_TEST_PACKETS_MAX 32
 #define IPSEC_TEXT_MAX_LEN 16384u
 
 struct ipsec_test_data {
@@ -117,26 +116,11 @@ struct ipsec_test_flags {
 	bool rx_inject;
 };
 
-struct crypto_param_comb {
-	const struct crypto_param *param1;
-	const struct crypto_param *param2;
-};
-
 extern struct ipsec_test_data pkt_aes_256_gcm;
 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
 
-extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
-					 (RTE_DIM(cipher_list) *
-					  RTE_DIM(auth_list))];
-
-extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)];
-
-void test_ipsec_alg_list_populate(void);
-
-void test_ipsec_ah_alg_list_populate(void);
-
 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 			       const struct rte_security_capability *sec_cap,
 			       bool silent);
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 6cda9fe7aa..481382b64e 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -1295,11 +1295,11 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags)
 			flags->sa_expiry_bytes_soft ||
 			flags->sa_expiry_bytes_hard ||
 			flags->sa_expiry_pkts_hard)
-		nb_pkts = IPSEC_TEST_PACKETS_MAX;
+		nb_pkts = TEST_SEC_PKTS_MAX;
 
-	for (i = 0; i < RTE_DIM(alg_list); i++) {
-		test_ipsec_td_prepare(alg_list[i].param1,
-				      alg_list[i].param2,
+	for (i = 0; i < RTE_DIM(sec_alg_list); i++) {
+		test_ipsec_td_prepare(sec_alg_list[i].param1,
+				      sec_alg_list[i].param2,
 				      flags, &td_outb, 1);
 
 		if (!td_outb.aead) {
@@ -1331,8 +1331,7 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags)
 				(((td_outb.output_text.len + RTE_ETHER_HDR_LEN)
 				  * nb_pkts) >> 3) - 1;
 		if (flags->sa_expiry_pkts_hard)
-			td_outb.ipsec_xform.life.packets_hard_limit =
-					IPSEC_TEST_PACKETS_MAX - 1;
+			td_outb.ipsec_xform.life.packets_hard_limit = TEST_SEC_PKTS_MAX - 1;
 		if (flags->sa_expiry_bytes_hard)
 			td_outb.ipsec_xform.life.bytes_hard_limit =
 				(((td_outb.output_text.len + RTE_ETHER_HDR_LEN)
@@ -1345,7 +1344,7 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags)
 
 		if (ret == TEST_FAILED) {
 			printf("\n TEST FAILED");
-			test_sec_alg_display(alg_list[i].param1, alg_list[i].param2);
+			test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2);
 			fail_cnt++;
 			continue;
 		}
@@ -1359,13 +1358,13 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags)
 
 		if (ret == TEST_FAILED) {
 			printf("\n TEST FAILED");
-			test_sec_alg_display(alg_list[i].param1, alg_list[i].param2);
+			test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2);
 			fail_cnt++;
 			continue;
 		}
 
 		if (flags->display_alg)
-			test_sec_alg_display(alg_list[i].param1, alg_list[i].param2);
+			test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2);
 
 		pass_cnt++;
 	}
@@ -1742,7 +1741,8 @@ inline_ipsec_testsuite_setup(void)
 				ret, port_id);
 		return ret;
 	}
-	test_ipsec_alg_list_populate();
+
+	test_sec_alg_list_populate();
 
 	/* Change the plaintext size for tests without Known vectors */
 	if (sg_mode) {
@@ -2003,7 +2003,8 @@ event_inline_ipsec_testsuite_setup(void)
 	}
 
 	event_mode_enabled = true;
-	test_ipsec_alg_list_populate();
+
+	test_sec_alg_list_populate();
 
 	return 0;
 }
@@ -2685,8 +2686,8 @@ test_ipsec_inline_pkt_replay(const void *test_data, const uint64_t esn[],
 		      bool replayed_pkt[], uint32_t nb_pkts, bool esn_en,
 		      uint64_t winsz)
 {
-	struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
-	struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX];
+	struct ipsec_test_data td_outb[TEST_SEC_PKTS_MAX];
+	struct ipsec_test_data td_inb[TEST_SEC_PKTS_MAX];
 	struct ipsec_test_flags flags;
 	uint32_t i, ret = 0;
 
diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c
index d62302a8dd..d242c852af 100644
--- a/app/test/test_security_proto.c
+++ b/app/test/test_security_proto.c
@@ -7,6 +7,52 @@
 
 #include "test_security_proto.h"
 
+struct crypto_param_comb sec_alg_list[RTE_DIM(aead_list) +
+				  (RTE_DIM(cipher_list) *
+				   RTE_DIM(auth_list))];
+
+struct crypto_param_comb sec_auth_only_alg_list[2 * (RTE_DIM(auth_list) - 1)];
+
+void
+test_sec_alg_list_populate(void)
+{
+	unsigned long i, j, index = 0;
+
+	for (i = 0; i < RTE_DIM(aead_list); i++) {
+		sec_alg_list[index].param1 = &aead_list[i];
+		sec_alg_list[index].param2 = NULL;
+		index++;
+	}
+
+	for (i = 0; i < RTE_DIM(cipher_list); i++) {
+		for (j = 0; j < RTE_DIM(auth_list); j++) {
+			sec_alg_list[index].param1 = &cipher_list[i];
+			sec_alg_list[index].param2 = &auth_list[j];
+			index++;
+		}
+	}
+}
+
+void
+test_sec_auth_only_alg_list_populate(void)
+{
+	unsigned long i, index = 0;
+
+	for (i = 1; i < RTE_DIM(auth_list); i++) {
+		sec_auth_only_alg_list[index].param1 = &auth_list[i];
+		sec_auth_only_alg_list[index].param2 = NULL;
+		index++;
+	}
+
+	for (i = 1; i < RTE_DIM(auth_list); i++) {
+		/* NULL cipher */
+		sec_auth_only_alg_list[index].param1 = &cipher_list[0];
+
+		sec_auth_only_alg_list[index].param2 = &auth_list[i];
+		index++;
+	}
+}
+
 int
 test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap,
 		struct rte_crypto_sym_xform *aead)
diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h
index d6a00018e3..6797e8b8c2 100644
--- a/app/test/test_security_proto.h
+++ b/app/test/test_security_proto.h
@@ -8,6 +8,8 @@
 #include <rte_cryptodev.h>
 #include <rte_security.h>
 
+#define TEST_SEC_PKTS_MAX 32
+
 struct crypto_param {
 	enum rte_crypto_sym_xform_type type;
 	union {
@@ -138,6 +140,20 @@ static const struct crypto_param auth_list[] = {
 	},
 };
 
+struct crypto_param_comb {
+	const struct crypto_param *param1;
+	const struct crypto_param *param2;
+};
+
+extern struct crypto_param_comb sec_alg_list[RTE_DIM(aead_list) +
+					     (RTE_DIM(cipher_list) * RTE_DIM(auth_list))];
+
+extern struct crypto_param_comb sec_auth_only_alg_list[2 * (RTE_DIM(auth_list) - 1)];
+
+void test_sec_alg_list_populate(void);
+
+void test_sec_auth_only_alg_list_populate(void);
+
 int test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap,
 		struct rte_crypto_sym_xform *aead);
 
-- 
2.25.1

[PATCH 06/14] test/crypto: add TLS record tests

[Anoob Joseph]

Add framework for testing TLS record cases. The framework supports
testing with known vector tests in both session types (read & write).

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/meson.build                          |   1 +
 app/test/test_cryptodev.c                     | 282 +++++++++++++++++-
 app/test/test_cryptodev.h                     |   2 +
 app/test/test_cryptodev_security_tls_record.c | 151 ++++++++++
 app/test/test_cryptodev_security_tls_record.h |  71 +++++
 ...yptodev_security_tls_record_test_vectors.h |  16 +
 6 files changed, 515 insertions(+), 8 deletions(-)
 create mode 100644 app/test/test_cryptodev_security_tls_record.c
 create mode 100644 app/test/test_cryptodev_security_tls_record.h
 create mode 100644 app/test/test_cryptodev_security_tls_record_test_vectors.h

diff --git a/app/test/meson.build b/app/test/meson.build
index 58e120a6ab..f9e81eda2e 100644
--- a/app/test/meson.build
+++ b/app/test/meson.build
@@ -56,6 +56,7 @@ source_file_deps = {
     'test_cryptodev_crosscheck.c': test_cryptodev_deps,
     'test_cryptodev_security_ipsec.c': test_cryptodev_deps,
     'test_cryptodev_security_pdcp.c': test_cryptodev_deps,
+    'test_cryptodev_security_tls_record.c': ['cryptodev', 'security'],
     'test_cycles.c': [],
     'test_debug.c': [],
     'test_devargs.c': ['kvargs'],
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index fbb97d5456..cd83370790 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -53,6 +53,7 @@
 #include "test_cryptodev_security_pdcp_sdap_test_vectors.h"
 #include "test_cryptodev_security_pdcp_test_func.h"
 #include "test_cryptodev_security_docsis_test_vectors.h"
+#include "test_cryptodev_security_tls_record.h"
 #include "test_security_proto.h"
 
 #define SDAP_DISABLED	0
@@ -807,7 +808,7 @@ crypto_gen_testsuite_setup(void)
 
 #ifdef RTE_LIB_SECURITY
 static int
-ipsec_proto_testsuite_setup(void)
+sec_proto_testsuite_setup(enum rte_security_session_protocol protocol)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -817,8 +818,8 @@ ipsec_proto_testsuite_setup(void)
 	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
 
 	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) {
-		RTE_LOG(INFO, USER1, "Feature flag requirements for IPsec Proto "
-				"testsuite not met\n");
+		RTE_LOG(INFO, USER1,
+			"Feature flag requirements for security protocol testsuite not met\n");
 		return TEST_SKIPPED;
 	}
 
@@ -830,11 +831,9 @@ ipsec_proto_testsuite_setup(void)
 	/* Set action type */
 	ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
 
-	if (security_proto_supported(
-			RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
-			RTE_SECURITY_PROTOCOL_IPSEC) < 0) {
-		RTE_LOG(INFO, USER1, "Capability requirements for IPsec Proto "
-				"test not met\n");
+	if (security_proto_supported(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, protocol) < 0) {
+		RTE_LOG(INFO, USER1,
+			"Capability requirements for security protocol test not met\n");
 		ret = TEST_SKIPPED;
 	}
 
@@ -850,6 +849,18 @@ ipsec_proto_testsuite_setup(void)
 	return ret;
 }
 
+static int
+ipsec_proto_testsuite_setup(void)
+{
+	return sec_proto_testsuite_setup(RTE_SECURITY_PROTOCOL_IPSEC);
+}
+
+static int
+tls_record_proto_testsuite_setup(void)
+{
+	return sec_proto_testsuite_setup(RTE_SECURITY_PROTOCOL_TLS_RECORD);
+}
+
 static int
 pdcp_proto_testsuite_setup(void)
 {
@@ -11654,6 +11665,244 @@ test_docsis_proto_downlink(const void *data)
 
 	return ret;
 }
+
+static void
+test_tls_record_imp_nonce_update(const struct tls_record_test_data *td,
+				 struct rte_security_tls_record_xform *tls_record_xform)
+{
+	unsigned int imp_nonce_len;
+	uint8_t *imp_nonce;
+
+	switch (tls_record_xform->ver) {
+	case RTE_SECURITY_VERSION_TLS_1_2:
+		imp_nonce_len = RTE_SECURITY_TLS_1_2_IMP_NONCE_LEN;
+		imp_nonce = tls_record_xform->tls_1_2.imp_nonce;
+		break;
+	case RTE_SECURITY_VERSION_DTLS_1_2:
+		imp_nonce_len = RTE_SECURITY_DTLS_1_2_IMP_NONCE_LEN;
+		imp_nonce = tls_record_xform->dtls_1_2.imp_nonce;
+		break;
+	case RTE_SECURITY_VERSION_TLS_1_3:
+		imp_nonce_len = RTE_SECURITY_TLS_1_3_IMP_NONCE_LEN;
+		imp_nonce = tls_record_xform->tls_1_3.imp_nonce;
+		break;
+	default:
+		return;
+	}
+
+	imp_nonce_len = RTE_MIN(imp_nonce_len, td[0].imp_nonce.len);
+	memcpy(imp_nonce, td[0].imp_nonce.data, imp_nonce_len);
+}
+
+static int
+test_tls_record_proto_process(const struct tls_record_test_data td[],
+			      struct tls_record_test_data res_d[], int nb_td, bool silent,
+			      const struct tls_record_test_flags *flags)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct crypto_unittest_params *ut_params = &unittest_params;
+	struct rte_security_tls_record_xform tls_record_xform;
+	struct rte_security_capability_idx sec_cap_idx;
+	const struct rte_security_capability *sec_cap;
+	enum rte_security_tls_sess_type sess_type;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_security_ctx *ctx;
+	int i, ret = TEST_SUCCESS;
+
+	ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
+	gbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
+
+	/* Use first test data to create session */
+
+	/* Copy TLS record xform */
+	memcpy(&tls_record_xform, &td[0].tls_record_xform, sizeof(tls_record_xform));
+
+	sess_type = tls_record_xform.type;
+
+	ctx = rte_cryptodev_get_sec_ctx(dev_id);
+
+	sec_cap_idx.action = ut_params->type;
+	sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD;
+	sec_cap_idx.tls_record.type = tls_record_xform.type;
+	sec_cap_idx.tls_record.ver = tls_record_xform.ver;
+
+	sec_cap = rte_security_capability_get(ctx, &sec_cap_idx);
+	if (sec_cap == NULL)
+		return TEST_SKIPPED;
+
+	/* Copy cipher session parameters */
+	if (td[0].aead) {
+		memcpy(&ut_params->aead_xform, &td[0].xform.aead, sizeof(ut_params->aead_xform));
+		ut_params->aead_xform.aead.key.data = td[0].key.data;
+		ut_params->aead_xform.aead.iv.offset = IV_OFFSET;
+
+		/* Verify crypto capabilities */
+		if (test_sec_crypto_caps_aead_verify(sec_cap, &ut_params->aead_xform) != 0) {
+			if (!silent)
+				RTE_LOG(INFO, USER1, "Crypto capabilities not supported\n");
+			return TEST_SKIPPED;
+		}
+	} else {
+		memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher,
+		       sizeof(ut_params->cipher_xform));
+		memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth,
+		       sizeof(ut_params->auth_xform));
+		ut_params->cipher_xform.cipher.key.data = td[0].key.data;
+		ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+		ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
+
+		/* Verify crypto capabilities */
+
+		if (test_sec_crypto_caps_cipher_verify(sec_cap, &ut_params->cipher_xform) != 0) {
+			if (!silent)
+				RTE_LOG(INFO, USER1, "Cipher crypto capabilities not supported\n");
+			return TEST_SKIPPED;
+		}
+
+		if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) {
+			if (!silent)
+				RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n");
+			return TEST_SKIPPED;
+		}
+	}
+
+	if (test_tls_record_sec_caps_verify(&tls_record_xform, sec_cap, silent) != 0)
+		return TEST_SKIPPED;
+
+	struct rte_security_session_conf sess_conf = {
+		.action_type = ut_params->type,
+		.protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD,
+	};
+
+	if (td[0].aead)
+		test_tls_record_imp_nonce_update(&td[0], &tls_record_xform);
+
+	sess_conf.tls_record = tls_record_xform;
+
+	if (td[0].aead) {
+		sess_conf.crypto_xform = &ut_params->aead_xform;
+	} else {
+		if (sess_type == RTE_SECURITY_TLS_SESS_TYPE_READ) {
+			sess_conf.crypto_xform = &ut_params->cipher_xform;
+			ut_params->cipher_xform.next = &ut_params->auth_xform;
+		} else {
+			sess_conf.crypto_xform = &ut_params->auth_xform;
+			ut_params->auth_xform.next = &ut_params->cipher_xform;
+		}
+	}
+
+	/* Create security session */
+	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
+					ts_params->session_mpool);
+	if (ut_params->sec_session == NULL)
+		return TEST_SKIPPED;
+
+	for (i = 0; i < nb_td; i++) {
+		/* Setup source mbuf payload */
+		ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len,
+				1, 0);
+		pktmbuf_write(ut_params->ibuf, 0, td[i].input_text.len, td[i].input_text.data);
+
+		/* Generate crypto op data structure */
+		ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
+						    RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+		if (ut_params->op == NULL) {
+			printf("Could not allocate crypto op");
+			ret = TEST_FAILED;
+			goto crypto_op_free;
+		}
+
+		/* Attach session to operation */
+		rte_security_attach_session(ut_params->op, ut_params->sec_session);
+
+		/* Set crypto operation mbufs */
+		ut_params->op->sym->m_src = ut_params->ibuf;
+		ut_params->op->sym->m_dst = NULL;
+		ut_params->op->param1.tls_record.content_type = td[i].app_type;
+
+		/* Copy IV in crypto operation when IV generation is disabled */
+		if (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE &&
+		    tls_record_xform.options.iv_gen_disable == 1) {
+			uint8_t *iv;
+			int len;
+
+			iv = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET);
+			if (td[i].aead)
+				len = td[i].xform.aead.aead.iv.length - 4;
+			else
+				len = td[i].xform.chain.cipher.cipher.iv.length;
+			memcpy(iv, td[i].iv.data, len);
+		}
+
+		/* Process crypto operation */
+		process_crypto_request(dev_id, ut_params->op);
+
+		ret = test_tls_record_status_check(ut_params->op);
+		if (ret != TEST_SUCCESS)
+			goto crypto_op_free;
+
+		ret = test_tls_record_post_process(ut_params->ibuf, &td[i], NULL, silent);
+		if (ret != TEST_SUCCESS)
+			goto crypto_op_free;
+
+
+		rte_crypto_op_free(ut_params->op);
+		ut_params->op = NULL;
+
+		rte_pktmbuf_free(ut_params->ibuf);
+		ut_params->ibuf = NULL;
+	}
+
+crypto_op_free:
+	rte_crypto_op_free(ut_params->op);
+	ut_params->op = NULL;
+
+	rte_pktmbuf_free(ut_params->ibuf);
+	ut_params->ibuf = NULL;
+
+	if (ut_params->sec_session)
+		rte_security_session_destroy(ctx, ut_params->sec_session);
+	ut_params->sec_session = NULL;
+
+	RTE_SET_USED(res_d);
+	RTE_SET_USED(flags);
+
+	return ret;
+}
+
+static int
+test_tls_record_proto_known_vec(const void *test_data)
+{
+	struct tls_record_test_data td_write;
+	struct tls_record_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	memcpy(&td_write, test_data, sizeof(td_write));
+
+	/* Disable IV gen to be able to test with known vectors */
+	td_write.tls_record_xform.options.iv_gen_disable = 1;
+
+	return test_tls_record_proto_process(&td_write, NULL, 1, false, &flags);
+}
+
+static int
+test_tls_record_proto_known_vec_read(const void *test_data)
+{
+	const struct tls_record_test_data *td = test_data;
+	struct tls_record_test_flags flags;
+	struct tls_record_test_data td_inb;
+
+	memset(&flags, 0, sizeof(flags));
+
+	if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE)
+		test_tls_record_td_read_from_write(td, &td_inb);
+	else
+		memcpy(&td_inb, td, sizeof(td_inb));
+
+	return test_tls_record_proto_process(&td_inb, NULL, 1, false, &flags);
+}
+
 #endif
 
 static int
@@ -16560,6 +16809,22 @@ static struct unit_test_suite pdcp_proto_testsuite  = {
 	}
 };
 
+static struct unit_test_suite tls12_record_proto_testsuite  = {
+	.suite_name = "TLS 1.2 Record Protocol Unit Test Suite",
+	.setup = tls_record_proto_testsuite_setup,
+	.unit_test_cases = {
+		TEST_CASE_NAMED_WITH_DATA(
+			"Known vector TBD",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &tls_test_data1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Known vector TBD",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &tls_test_data1),
+		TEST_CASES_END() /**< NULL terminate unit test array */
+	}
+};
+
 #define ADD_UPLINK_TESTCASE(data)						\
 	TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security,	\
 	ut_teardown, test_docsis_proto_uplink, (const void *) &data),		\
@@ -17567,6 +17832,7 @@ run_cryptodev_testsuite(const char *pmd_name)
 		&ipsec_proto_testsuite,
 		&pdcp_proto_testsuite,
 		&docsis_proto_testsuite,
+		&tls12_record_proto_testsuite,
 #endif
 		&end_testsuite
 	};
diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h
index f2c417a267..f27d9697fd 100644
--- a/app/test/test_cryptodev.h
+++ b/app/test/test_cryptodev.h
@@ -4,6 +4,8 @@
 #ifndef TEST_CRYPTODEV_H_
 #define TEST_CRYPTODEV_H_
 
+#include <rte_cryptodev.h>
+
 #define HEX_DUMP 0
 
 #define FALSE                           0
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
new file mode 100644
index 0000000000..be8f5270cc
--- /dev/null
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -0,0 +1,151 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#include <rte_crypto.h>
+
+#include "test.h"
+#include "test_cryptodev_security_tls_record.h"
+#include "test_cryptodev_security_tls_record_test_vectors.h"
+
+int
+test_tls_record_status_check(struct rte_crypto_op *op)
+{
+	int ret = TEST_SUCCESS;
+
+	if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS)
+		ret = TEST_FAILED;
+
+	return ret;
+}
+
+int
+test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform,
+				const struct rte_security_capability *sec_cap, bool silent)
+{
+	/* Verify security capabilities */
+
+	RTE_SET_USED(tls_record_xform);
+	RTE_SET_USED(sec_cap);
+	RTE_SET_USED(silent);
+
+	return 0;
+}
+
+void
+test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out,
+				   struct tls_record_test_data *td_in)
+{
+	memcpy(td_in, td_out, sizeof(*td_in));
+
+	/* Populate output text of td_in with input text of td_out */
+	memcpy(td_in->output_text.data, td_out->input_text.data, td_out->input_text.len);
+	td_in->output_text.len = td_out->input_text.len;
+
+	/* Populate input text of td_in with output text of td_out */
+	memcpy(td_in->input_text.data, td_out->output_text.data, td_out->output_text.len);
+	td_in->input_text.len = td_out->output_text.len;
+
+	td_in->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ;
+
+	if (td_in->aead) {
+		td_in->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
+	} else {
+		td_in->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
+		td_in->xform.chain.cipher.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
+	}
+}
+
+static int
+test_tls_record_td_verify(uint8_t *output_text, uint32_t len, const struct tls_record_test_data *td,
+			 bool silent)
+{
+	if (len != td->output_text.len) {
+		printf("Output length (%d) not matching with expected (%d)\n",
+			len, td->output_text.len);
+		return TEST_FAILED;
+	}
+
+	if (memcmp(output_text, td->output_text.data, len)) {
+		if (silent)
+			return TEST_FAILED;
+
+		printf("[%s : %d] %s\n", __func__, __LINE__, "Output text not as expected\n");
+
+		rte_hexdump(stdout, "expected", td->output_text.data, len);
+		rte_hexdump(stdout, "actual", output_text, len);
+		return TEST_FAILED;
+	}
+
+	return TEST_SUCCESS;
+}
+
+static int
+test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len,
+			      const struct tls_record_test_data *td,
+			      struct tls_record_test_data *res_d)
+{
+	memcpy(res_d, td, sizeof(*res_d));
+
+	memcpy(&res_d->input_text.data, output_text, len);
+	res_d->input_text.len = len;
+
+	res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ;
+	if (res_d->aead) {
+		res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
+	} else {
+		res_d->xform.chain.cipher.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
+		res_d->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
+	}
+
+	return TEST_SUCCESS;
+}
+
+int
+test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
+			     struct tls_record_test_data *res_d, bool silent)
+{
+	uint32_t len = rte_pktmbuf_pkt_len(m), data_len;
+	uint8_t output_text[TLS_RECORD_MAX_LEN];
+	const struct rte_mbuf *seg;
+	const uint8_t *output;
+
+	memset(output_text, 0, TLS_RECORD_MAX_LEN);
+
+	/*
+	 * Actual data in packet might be less in error cases, hence take minimum of pkt_len and sum
+	 * of data_len. This is done to run through negative test cases.
+	 */
+	data_len = 0;
+	seg = m;
+	while (seg) {
+		data_len += seg->data_len;
+		seg = seg->next;
+	}
+
+	len = RTE_MIN(len, data_len);
+	TEST_ASSERT(len <= TLS_RECORD_MAX_LEN, "Invalid packet length: %u", len);
+
+	/* Copy mbuf payload to continuous buffer */
+	output = rte_pktmbuf_read(m, 0, len, output_text);
+	if (output != output_text) {
+		/* Single segment mbuf, copy manually */
+		memcpy(output_text, output, len);
+	}
+
+	/*
+	 * In case of known vector tests & all record read (decrypt) tests, res_d provided would be
+	 * NULL and output data need to be validated against expected. For record read (decrypt),
+	 * output_text would be plain payload and for record write (encrypt), output_text would TLS
+	 * record. Validate by comparing against known vectors.
+	 *
+	 * In case of combined mode tests, the output_text from TLS write (encrypt) operation (ie,
+	 * TLS record) would need to be decrypted using a TLS read operation to obtain the plain
+	 * text. Copy output_text to result data, 'res_d', so that inbound processing can be done.
+	 */
+
+	if (res_d == NULL)
+		return test_tls_record_td_verify(output_text, len, td, silent);
+	else
+		return test_tls_record_res_d_prepare(output_text, len, td, res_d);
+}
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
new file mode 100644
index 0000000000..9a0cf70218
--- /dev/null
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -0,0 +1,71 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#ifndef _TEST_CRYPTODEV_SECURITY_TLS_RECORD_H_
+#define _TEST_CRYPTODEV_SECURITY_TLS_RECORD_H_
+
+#include <rte_cryptodev.h>
+#include <rte_security.h>
+
+#define TLS_RECORD_MAX_LEN 16384u
+
+struct tls_record_test_data {
+	struct {
+		uint8_t data[32];
+	} key;
+
+	struct {
+		uint8_t data[64];
+	} auth_key;
+
+	struct {
+		uint8_t data[TLS_RECORD_MAX_LEN];
+		unsigned int len;
+	} input_text;
+
+	struct {
+		uint8_t data[TLS_RECORD_MAX_LEN];
+		unsigned int len;
+	} output_text;
+
+	struct {
+		uint8_t data[12];
+		unsigned int len;
+	} imp_nonce;
+
+	struct {
+		uint8_t data[16];
+	} iv;
+
+	union {
+		struct {
+			struct rte_crypto_sym_xform cipher;
+			struct rte_crypto_sym_xform auth;
+		} chain;
+		struct rte_crypto_sym_xform aead;
+	} xform;
+
+	struct rte_security_tls_record_xform tls_record_xform;
+	uint8_t app_type;
+	bool aead;
+};
+
+struct tls_record_test_flags {
+	bool display_alg;
+};
+
+extern struct tls_record_test_data tls_test_data1;
+
+int test_tls_record_status_check(struct rte_crypto_op *op);
+
+int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform,
+				    const struct rte_security_capability *sec_cap, bool silent);
+
+void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out,
+					struct tls_record_test_data *td_in);
+
+int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
+				 struct tls_record_test_data *res_d, bool silent);
+
+#endif
diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h
new file mode 100644
index 0000000000..5aa0d27fda
--- /dev/null
+++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h
@@ -0,0 +1,16 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2023 Marvell
+ */
+
+#ifndef _TEST_CRYPTODEV_SECURITY_TLS_RECORD_TEST_VECTORS_H_
+#define _TEST_CRYPTODEV_SECURITY_TLS_RECORD_TEST_VECTORS_H_
+
+#include <rte_crypto.h>
+#include <rte_security.h>
+
+#include "test_cryptodev.h"
+#include "test_cryptodev_security_tls_record.h"
+
+struct tls_record_test_data tls_test_data1;
+
+#endif
-- 
2.25.1

[PATCH 07/14] test/crypto: add AES-GCM 128 TLS 1.2 vector

[Anoob Joseph]

From: Tejasree Kondoj <ktejasree@marvell.com>

Add AES-GCM-128 test vector generated with kTLS.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     |  8 +--
 app/test/test_cryptodev_security_tls_record.h |  2 +-
 ...yptodev_security_tls_record_test_vectors.h | 67 ++++++++++++++++++-
 3 files changed, 71 insertions(+), 6 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index cd83370790..e7e4b93c20 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -16814,13 +16814,13 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 	.setup = tls_record_proto_testsuite_setup,
 	.unit_test_cases = {
 		TEST_CASE_NAMED_WITH_DATA(
-			"Known vector TBD",
+			"Write record known vector AES-GCM-128 (vector 1)",
 			ut_setup_security, ut_teardown,
-			test_tls_record_proto_known_vec, &tls_test_data1),
+			test_tls_record_proto_known_vec, &tls_test_data_aes_128_gcm_v1),
 		TEST_CASE_NAMED_WITH_DATA(
-			"Known vector TBD",
+			"Read record known vector AES-GCM-128 (vector 1)",
 			ut_setup_security, ut_teardown,
-			test_tls_record_proto_known_vec_read, &tls_test_data1),
+			test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_gcm_v1),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 9a0cf70218..b9cadd5cd4 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -55,7 +55,7 @@ struct tls_record_test_flags {
 	bool display_alg;
 };
 
-extern struct tls_record_test_data tls_test_data1;
+extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;
 
 int test_tls_record_status_check(struct rte_crypto_op *op);
 
diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h
index 5aa0d27fda..52e97e8557 100644
--- a/app/test/test_cryptodev_security_tls_record_test_vectors.h
+++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h
@@ -11,6 +11,71 @@
 #include "test_cryptodev.h"
 #include "test_cryptodev_security_tls_record.h"
 
-struct tls_record_test_data tls_test_data1;
+/* TLS 1.2 AES-GCM 128 vector generated with kTLS. */
+struct tls_record_test_data tls_test_data_aes_128_gcm_v1 = {
+	.key = {
+		.data = {
+			0x77, 0xc4, 0x9b, 0x0c, 0x2b, 0xe2, 0xd2, 0x4e,
+			0xf5, 0x36, 0xb4, 0xea, 0x16, 0xb0, 0xed, 0x1f
+		},
+	},
+	.input_text = {
+		.data = {
+			0x61, 0x62, 0x63, 0x64, 0x31, 0x32, 0x33, 0x34,
+			0x61, 0x62, 0x63, 0x64, 0x31, 0x32, 0x33, 0x34,
+			0xa
+		},
+		.len = 17,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0x03, 0x03, 0x00, 0x29,
+			0x3a, 0xcd, 0x41, 0x5d, 0x42, 0xac, 0xce, 0x36,
+			0xad, 0xd1, 0x83, 0xa0, 0x16, 0x84, 0xce, 0x84,
+			0xfc, 0xc2, 0xa7, 0x6b, 0xa1, 0x89, 0x5d, 0xf2,
+			0xeb,
+			0x9b, 0x90, 0x01, 0x56, 0xf8, 0x9d, 0xac, 0x0c,
+			0xa8, 0x95, 0xba, 0xcc, 0x1f, 0xf3, 0x36, 0x2b
+		},
+		.len = 46,
+	},
+	.imp_nonce = {
+		.data = {
+			0xda, 0xf8, 0x8f, 0x12
+		},
+		.len = 4,
+	},
+
+	.iv = {
+		.data = {
+			0x3a, 0xcd, 0x41, 0x5d, 0x42, 0xac, 0xce, 0x36
+		},
+	},
+
+	.xform = {
+		.aead = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			.aead = {
+				.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.key.length = 16,
+				.iv.length = 12,
+				.iv.offset = IV_OFFSET,
+				.digest_length = 16,
+				.aad_length = 13,
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_TLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.tls_1_2.seq_no = 0x1,
+	},
+
+	.aead = true,
+	.app_type = 0x17,
+};
 
 #endif
-- 
2.25.1

[PATCH 08/14] test/crypto: add TLS1.2 vectors

[Anoob Joseph]

From: Akhil Goyal <gakhil@marvell.com>

Added TLS 1.2 test vectors for AES-128-CBC-SHA1

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_cryptodev.c                     |  8 ++
 app/test/test_cryptodev_security_tls_record.h |  1 +
 ...yptodev_security_tls_record_test_vectors.h | 91 +++++++++++++++++++
 3 files changed, 100 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index e7e4b93c20..a82f971135 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -16817,10 +16817,18 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"Write record known vector AES-GCM-128 (vector 1)",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec, &tls_test_data_aes_128_gcm_v1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-128-CBC-SHA1",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &tls_test_data_aes_128_cbc_sha1_hmac),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Read record known vector AES-GCM-128 (vector 1)",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_gcm_v1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-128-CBC-SHA1",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_cbc_sha1_hmac),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index b9cadd5cd4..3e42db2c03 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -56,6 +56,7 @@ struct tls_record_test_flags {
 };
 
 extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;
+extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac;
 
 int test_tls_record_status_check(struct rte_crypto_op *op);
 
diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h
index 52e97e8557..85ad2df500 100644
--- a/app/test/test_cryptodev_security_tls_record_test_vectors.h
+++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h
@@ -78,4 +78,95 @@ struct tls_record_test_data tls_test_data_aes_128_gcm_v1 = {
 	.app_type = 0x17,
 };
 
+struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac = {
+	.key = {
+		.data = {
+			0xee, 0x2b, 0x2a, 0x59, 0xbf, 0x60, 0x36, 0xba,
+			0xe4, 0xdc, 0x7d, 0x8b, 0xc7, 0x0d, 0xbb, 0x85,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0xcf, 0x4f, 0xc1, 0x7d, 0x6d, 0x4c, 0x0d, 0x13,
+			0x3d, 0x8f, 0x95, 0xb5, 0xdd, 0xb0, 0x85, 0x08,
+			0x38, 0x2c, 0xa1, 0xa0,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* plain text data */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20,
+			0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d,
+			0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, 0x31,
+			0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+			0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x0a,
+		},
+		.len = 48,
+	},
+	.output_text = {
+		.data = {
+			/* TLS header */
+			0x17, 0x03, 0x03, 0x00, 0x60,
+			/* Encrypted data */
+			0x30, 0x76, 0x10, 0x2e, 0xb2, 0xe3, 0xb6, 0x93,
+			0x70, 0xd4, 0xdf, 0x2a, 0x4f, 0x92, 0x1d, 0x3c,
+			0x9a, 0x87, 0x38, 0xb0, 0x8e, 0x82, 0xf1, 0x33,
+			0xa2, 0x5e, 0xce, 0xaf, 0x51, 0xf1, 0x51, 0x17,
+			0x4f, 0x63, 0x55, 0x60, 0xa5, 0x3f, 0xc5, 0x42,
+			0x9a, 0x80, 0x7a, 0x19, 0xb9, 0x77, 0x5b, 0x6f,
+			0x1b, 0x2e, 0x2c, 0x0a, 0xa1, 0xa9, 0xf4, 0xb1,
+			0xc7, 0x12, 0x7d, 0xfc, 0x92, 0x2f, 0xf4, 0xfc,
+			0x20, 0x16, 0x1a, 0xa3, 0x94, 0xc6, 0xfe, 0x64,
+			0x8d, 0x16, 0xd2, 0x52, 0x56, 0x83, 0x75, 0x3f,
+			0x5b, 0x89, 0xf4, 0x29, 0x72, 0x46, 0x19, 0xd2,
+			0xae, 0xea, 0xe3, 0xfc, 0x23, 0xd9, 0x00, 0x6c,
+		},
+		.len = 101,
+	},
+	.iv = {
+		.data = {
+			0x30, 0x76, 0x10, 0x2e, 0xb2, 0xe3, 0xb6, 0x93,
+			0x70, 0xd4, 0xdf, 0x2a, 0x4f, 0x92, 0x1d, 0x3c,
+		},
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+					.key.length = 20,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 20,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+					.key.length = 16,
+					.iv.length = 16,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_TLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.tls_1_2.seq_no = 0x1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
 #endif
-- 
2.25.1

[PATCH 09/14] test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors

[Anoob Joseph]

From: Akhil Goyal <gakhil@marvell.com>

Added test vectors for TLS1.2 and DTLS 1.2 for AES-128-GCM
and AES-256-GCM.

These vectors are generated using GnuTLS server and client applications.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     |  43 ++-
 app/test/test_cryptodev_security_tls_record.h |   4 +
 ...yptodev_security_tls_record_test_vectors.h | 286 ++++++++++++++++++
 3 files changed, 332 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index a82f971135..0360f30bd1 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -16818,13 +16818,29 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec, &tls_test_data_aes_128_gcm_v1),
 		TEST_CASE_NAMED_WITH_DATA(
-			"Write record known vector AES-128-CBC-SHA1",
+			"Write record known vector AES-GCM-128 (vector 2)",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &tls_test_data_aes_128_gcm_v2),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-GCM-256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &tls_test_data_aes_256_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-CBC-128-SHA1",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec, &tls_test_data_aes_128_cbc_sha1_hmac),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Read record known vector AES-GCM-128 (vector 1)",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_gcm_v1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-GCM-128 (vector 2)",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_gcm_v2),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-GCM-256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &tls_test_data_aes_256_gcm),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Read record known vector AES-128-CBC-SHA1",
 			ut_setup_security, ut_teardown,
@@ -16833,6 +16849,30 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 	}
 };
 
+static struct unit_test_suite dtls12_record_proto_testsuite  = {
+	.suite_name = "DTLS 1.2 Record Protocol Unit Test Suite",
+	.setup = tls_record_proto_testsuite_setup,
+	.unit_test_cases = {
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-GCM-128",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &dtls_test_data_aes_128_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-GCM-256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &dtls_test_data_aes_256_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-GCM-128",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &dtls_test_data_aes_128_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-GCM-256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_gcm),
+		TEST_CASES_END() /**< NULL terminate unit test array */
+	}
+};
+
 #define ADD_UPLINK_TESTCASE(data)						\
 	TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security,	\
 	ut_teardown, test_docsis_proto_uplink, (const void *) &data),		\
@@ -17841,6 +17881,7 @@ run_cryptodev_testsuite(const char *pmd_name)
 		&pdcp_proto_testsuite,
 		&docsis_proto_testsuite,
 		&tls12_record_proto_testsuite,
+		&dtls12_record_proto_testsuite,
 #endif
 		&end_testsuite
 	};
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 3e42db2c03..18d689253b 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -56,6 +56,10 @@ struct tls_record_test_flags {
 };
 
 extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;
+extern struct tls_record_test_data tls_test_data_aes_128_gcm_v2;
+extern struct tls_record_test_data tls_test_data_aes_256_gcm;
+extern struct tls_record_test_data dtls_test_data_aes_128_gcm;
+extern struct tls_record_test_data dtls_test_data_aes_256_gcm;
 extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac;
 
 int test_tls_record_status_check(struct rte_crypto_op *op);
diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h
index 85ad2df500..fb060275fb 100644
--- a/app/test/test_cryptodev_security_tls_record_test_vectors.h
+++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h
@@ -78,6 +78,148 @@ struct tls_record_test_data tls_test_data_aes_128_gcm_v1 = {
 	.app_type = 0x17,
 };
 
+/* TLS 1.2 AES-128-GCM */
+struct tls_record_test_data tls_test_data_aes_128_gcm_v2 = {
+	.key = {
+		.data = {
+			0x64, 0xda, 0xc6, 0x34, 0xd4, 0x88, 0x59, 0x57,
+			0x2d, 0x7c, 0xcc, 0x6d, 0xb2, 0x88, 0x40, 0x4c,
+		},
+	},
+	.input_text = {
+		.data = {
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20,
+			0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d,
+			0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d,
+			0x70, 0x6c, 0x65, 0xa,
+		},
+		.len = 36,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0x03, 0x03, 0x00, 0x3c,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+			0xb2, 0x8f, 0x1e, 0x8d, 0xe3, 0x67, 0xfd, 0xfa,
+			0x68, 0x5a, 0xf4, 0x0f, 0x68, 0xdc, 0x5b, 0x6f,
+			0x88, 0xd0, 0x1b, 0x3c, 0x84, 0xad, 0x01, 0xcf,
+			0xd2, 0xab, 0x8b, 0x59, 0xbd, 0x66, 0x93, 0xd2,
+			0x6f, 0xbd, 0xb2, 0xf0, 0xc7, 0xa3, 0x26, 0x78,
+			0x35, 0xda, 0xe1, 0x4b, 0xb3, 0x3b, 0x21, 0x08,
+			0xd2, 0x9b, 0x5c, 0x16,
+		},
+		.len = 65,
+	},
+	.imp_nonce = {
+		.data = {
+			0xdf, 0x13, 0xc5, 0x7c,
+		},
+		.len = 4,
+	},
+	.iv = {
+		.data = {
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+		},
+	},
+
+	.xform = {
+		.aead = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			.aead = {
+				.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.key.length = 16,
+				.iv.length = 12,
+				.iv.offset = IV_OFFSET,
+				.digest_length = 16,
+				.aad_length = 13,
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_TLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.tls_1_2.seq_no = 0x1,
+	},
+
+	.aead = true,
+	.app_type = 0x17,
+};
+
+/* TLS 1.2 AES-256-GCM */
+struct tls_record_test_data tls_test_data_aes_256_gcm = {
+	.key = {
+		.data = {
+			0x14, 0x8d, 0x98, 0x26, 0xc3, 0x9f, 0xae, 0x1a,
+			0x52, 0x38, 0x7c, 0xfe, 0xcd, 0x2e, 0x7f, 0x28,
+			0x1f, 0x11, 0x07, 0x02, 0x83, 0xa0, 0x24, 0x78,
+			0x09, 0x83, 0x65, 0xb9, 0x99, 0x1b, 0x2c, 0x3a,
+		},
+	},
+	.input_text = {
+		.data = {
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d,
+			0x47, 0x43, 0x4d, 0x20, 0x54, 0x4c, 0x53, 0x20,
+			0x31, 0x2e, 0x32, 0x20, 0x65, 0x78, 0x61, 0x6d,
+			0x70, 0x6c, 0x65, 0xa,
+		},
+		.len = 36,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0x03, 0x03, 0x00, 0x3c,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+			0x37, 0xed, 0x76, 0x33, 0xb3, 0xcd, 0x66, 0x76,
+			0x68, 0x2d, 0xc2, 0xb2, 0x83, 0x91, 0x15, 0xdf,
+			0xc3, 0x13, 0x14, 0x83, 0x99, 0x4c, 0x0c, 0xcc,
+			0xc0, 0x41, 0x6f, 0x54, 0x8d, 0xd5, 0x6f, 0xe7,
+			0xe9, 0x7d, 0x9c, 0xed, 0xe8, 0xd6, 0x92, 0xac,
+			0xa5, 0xc2, 0x93, 0xdf, 0xdc, 0xf7, 0x80, 0x3c,
+			0xc6, 0xc3, 0x6e, 0x7f,
+		},
+		.len = 65,
+	},
+	.imp_nonce = {
+		.data = {
+			0xff, 0x9d, 0x56, 0x96,
+		},
+		.len = 4,
+	},
+	.iv = {
+		.data = {
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+		},
+	},
+
+	.xform = {
+		.aead = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			.aead = {
+				.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.key.length = 32,
+				.iv.length = 12,
+				.iv.offset = IV_OFFSET,
+				.digest_length = 16,
+				.aad_length = 13,
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_TLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.tls_1_2.seq_no = 0x1,
+	},
+
+	.aead = true,
+	.app_type = 0x17,
+};
+
 struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac = {
 	.key = {
 		.data = {
@@ -169,4 +311,148 @@ struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac = {
 	.app_type = 0x17,
 };
 
+/* DTLS 1.2 AES-128-GCM */
+struct tls_record_test_data dtls_test_data_aes_128_gcm = {
+	.key = {
+		.data = {
+			0xde, 0x1f, 0xf3, 0x6f, 0x76, 0x9a, 0x99, 0x71,
+			0x19, 0x5f, 0x03, 0x36, 0x64, 0x7d, 0xb2, 0x1e,
+		},
+	},
+	.output_text = {
+		.data = {
+			0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x01, 0x00, 0x3d, 0x00, 0x01, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x01, 0xe8, 0x02, 0xd6,
+			0xa6, 0x78, 0x71, 0x50, 0x8f, 0x26, 0x43, 0x5d,
+			0xf7, 0x50, 0x5a, 0x45, 0x8b, 0xc9, 0x7f, 0xa7,
+			0x12, 0x51, 0x3a, 0x72, 0x0c, 0xfa, 0x21, 0xff,
+			0x8c, 0xc9, 0x3f, 0x25, 0x08, 0xb5, 0xe8, 0x7d,
+			0x5f, 0xbc, 0xa8, 0xb9, 0xd3, 0xe3, 0x15, 0xb0,
+			0x9b, 0xbd, 0x82, 0x9b, 0x77, 0x14, 0x17, 0x2a,
+			0x28, 0xbb,
+		},
+		.len = 74,
+	},
+	.input_text = {
+		.data = {
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32,
+			0x20, 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38,
+			0x2d, 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61,
+			0x6d, 0x70, 0x6c, 0x65, 0xa,
+		},
+		.len = 37,
+	},
+	.imp_nonce = {
+		.data = {
+			0x66, 0xb2, 0x04, 0x1d,
+		},
+		.len = 4,
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+		},
+	},
+
+	.xform = {
+		.aead = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			.aead = {
+				.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.key.length = 16,
+				.iv.length = 12,
+				.iv.offset = IV_OFFSET,
+				.digest_length = 16,
+				.aad_length = 13,
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_DTLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.dtls_1_2.epoch = 1,
+		.dtls_1_2.seq_no = 1,
+	},
+
+	.aead = true,
+	.app_type = 0x17,
+};
+
+/* DTLS 1.2 AES-256-GCM */
+struct tls_record_test_data dtls_test_data_aes_256_gcm = {
+	.key = {
+		.data = {
+			0x9e, 0x0d, 0xe9, 0x57, 0x4d, 0x24, 0xa7, 0x15,
+			0x0d, 0x49, 0xf0, 0x87, 0xa6, 0xf1, 0x3e, 0x33,
+			0x8c, 0xb8, 0x86, 0xb6, 0xbb, 0x72, 0x93, 0xa2,
+			0x5e, 0xcb, 0x31, 0xe3, 0x60, 0xc6, 0x7e, 0x11,
+		},
+	},
+	.output_text = {
+		.data = {
+			0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x01, 0x00, 0x39, 0x00, 0x01, 0x00,
+			0x00, 0x00, 0x00, 0x00, 0x01, 0xf9, 0xed, 0xe7,
+			0xe2, 0x53, 0x97, 0x9a, 0x3c, 0xc7, 0x66, 0x21,
+			0x62, 0xfb, 0x29, 0x27, 0x8d, 0xc6, 0x11, 0xa3,
+			0x69, 0x89, 0xdc, 0x34, 0x50, 0x6d, 0x2f, 0xf7,
+			0x58, 0xd5, 0xc7, 0x71, 0xf4, 0x6d, 0x07, 0xae,
+			0x35, 0x39, 0x7b, 0xa8, 0xc3, 0x38, 0x71, 0xb8,
+			0xee, 0xb0, 0x18, 0xc6, 0xb5, 0x49,
+		},
+		.len = 70,
+	},
+	.input_text = {
+		.data = {
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x44, 0x54, 0x4c, 0x53, 0x20, 0x65, 0x78, 0x61,
+			0x6d, 0x70, 0x6c, 0x65, 0x20, 0x74, 0x65, 0x73,
+			0x74, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa,
+		},
+		.len = 33,
+	},
+	.imp_nonce = {
+		.data = {
+			0x24, 0x58, 0x29, 0x71,
+		},
+		.len = 4,
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+		},
+	},
+
+	.xform = {
+		.aead = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			.aead = {
+				.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.key.length = 32,
+				.iv.length = 12,
+				.iv.offset = IV_OFFSET,
+				.digest_length = 16,
+				.aad_length = 13,
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_DTLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.dtls_1_2.epoch = 1,
+		.dtls_1_2.seq_no = 1,
+	},
+
+	.aead = true,
+	.app_type = 0x17,
+};
+
 #endif
-- 
2.25.1

[PATCH 10/14] test/crypto: add combined mode cases

[Anoob Joseph]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add cases to try TLS record write(encrypt) + read(decrypt) operations.
This is used for testing TLS record features with all algorithms
supported by the security device.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     | 67 ++++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c | 60 +++++++++++++++++
 app/test/test_cryptodev_security_tls_record.h | 11 +++
 3 files changed, 136 insertions(+), 2 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 0360f30bd1..6070e7f336 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11704,6 +11704,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 	struct rte_security_tls_record_xform tls_record_xform;
 	struct rte_security_capability_idx sec_cap_idx;
 	const struct rte_security_capability *sec_cap;
+	struct tls_record_test_data *res_d_tmp = NULL;
 	enum rte_security_tls_sess_type sess_type;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_security_ctx *ctx;
@@ -11841,7 +11842,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 		if (ret != TEST_SUCCESS)
 			goto crypto_op_free;
 
-		ret = test_tls_record_post_process(ut_params->ibuf, &td[i], NULL, silent);
+		if (res_d != NULL)
+			res_d_tmp = &res_d[i];
+
+		ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, silent);
 		if (ret != TEST_SUCCESS)
 			goto crypto_op_free;
 
@@ -11864,7 +11868,6 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 		rte_security_session_destroy(ctx, ut_params->sec_session);
 	ut_params->sec_session = NULL;
 
-	RTE_SET_USED(res_d);
 	RTE_SET_USED(flags);
 
 	return ret;
@@ -11903,6 +11906,58 @@ test_tls_record_proto_known_vec_read(const void *test_data)
 	return test_tls_record_proto_process(&td_inb, NULL, 1, false, &flags);
 }
 
+static int
+test_tls_record_proto_all(const struct tls_record_test_flags *flags)
+{
+	struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX];
+	struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX];
+	unsigned int i, nb_pkts = 1, pass_cnt = 0;
+	int ret;
+
+	for (i = 0; i < RTE_DIM(sec_alg_list); i++) {
+		test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags,
+					   td_outb, nb_pkts);
+
+		ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags);
+		if (ret == TEST_SKIPPED)
+			continue;
+
+		if (ret == TEST_FAILED)
+			return TEST_FAILED;
+
+		test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags);
+
+		ret = test_tls_record_proto_process(td_inb, NULL, nb_pkts, true, flags);
+		if (ret == TEST_SKIPPED)
+			continue;
+
+		if (ret == TEST_FAILED)
+			return TEST_FAILED;
+
+		if (flags->display_alg)
+			test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2);
+
+		pass_cnt++;
+	}
+
+	if (pass_cnt > 0)
+		return TEST_SUCCESS;
+	else
+		return TEST_SKIPPED;
+}
+
+static int
+test_tls_record_proto_display_list(void)
+{
+	struct tls_record_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.display_alg = true;
+
+	return test_tls_record_proto_all(&flags);
+}
+
 #endif
 
 static int
@@ -16845,6 +16900,10 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"Read record known vector AES-128-CBC-SHA1",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_cbc_sha1_hmac),
+		TEST_CASE_NAMED_ST(
+			"Combined test alg list",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_display_list),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
@@ -16869,6 +16928,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite  = {
 			"Read record known vector AES-GCM-256",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_gcm),
+		TEST_CASE_NAMED_ST(
+			"Combined test alg list",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_display_list),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index be8f5270cc..6f106050c2 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -7,6 +7,7 @@
 #include "test.h"
 #include "test_cryptodev_security_tls_record.h"
 #include "test_cryptodev_security_tls_record_test_vectors.h"
+#include "test_security_proto.h"
 
 int
 test_tls_record_status_check(struct rte_crypto_op *op)
@@ -56,6 +57,65 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out,
 	}
 }
 
+void
+test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2,
+			   const struct tls_record_test_flags *flags,
+			   struct tls_record_test_data *td_array, int nb_td)
+{
+	struct tls_record_test_data *td = NULL;
+	int i;
+
+	memset(td_array, 0, nb_td * sizeof(*td));
+
+	for (i = 0; i < nb_td; i++) {
+		td = &td_array[i];
+
+		/* Prepare fields based on param */
+
+		if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+			/* Copy template for packet & key fields */
+			memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td));
+
+			td->aead = true;
+			td->xform.aead.aead.algo = param1->alg.aead;
+			td->xform.aead.aead.key.length = param1->key_length;
+			td->xform.aead.aead.digest_length = param1->digest_length;
+		} else {
+			/* Copy template for packet & key fields */
+			memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td));
+
+			td->aead = false;
+			td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
+			td->xform.chain.cipher.cipher.key.length = param1->key_length;
+			td->xform.chain.cipher.cipher.iv.length = param1->iv_length;
+			td->xform.chain.auth.auth.algo = param2->alg.auth;
+			td->xform.chain.auth.auth.key.length = param2->key_length;
+			td->xform.chain.auth.auth.digest_length = param2->digest_length;
+		}
+	}
+
+	RTE_SET_USED(flags);
+}
+
+void
+test_tls_record_td_update(struct tls_record_test_data td_inb[],
+			  const struct tls_record_test_data td_outb[], int nb_td,
+			  const struct tls_record_test_flags *flags)
+{
+	int i;
+
+	for (i = 0; i < nb_td; i++) {
+		memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
+		       td_outb[i].input_text.len);
+		td_inb[i].output_text.len = td_outb->input_text.len;
+
+		/* Clear outbound specific flags */
+		td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
+	}
+
+	RTE_SET_USED(flags);
+}
+
 static int
 test_tls_record_td_verify(uint8_t *output_text, uint32_t len, const struct tls_record_test_data *td,
 			 bool silent)
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 18d689253b..68dd55fef2 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -8,6 +8,8 @@
 #include <rte_cryptodev.h>
 #include <rte_security.h>
 
+#include "test_security_proto.h"
+
 #define TLS_RECORD_MAX_LEN 16384u
 
 struct tls_record_test_data {
@@ -70,6 +72,15 @@ int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_re
 void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out,
 					struct tls_record_test_data *td_in);
 
+void test_tls_record_td_prepare(const struct crypto_param *param1,
+				const struct crypto_param *param2,
+				const struct tls_record_test_flags *flags,
+				struct tls_record_test_data *td_array, int nb_td);
+
+void test_tls_record_td_update(struct tls_record_test_data td_inb[],
+			       const struct tls_record_test_data td_outb[], int nb_td,
+			       const struct tls_record_test_flags *flags);
+
 int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
 				 struct tls_record_test_data *res_d, bool silent);
 
-- 
2.25.1

[PATCH 11/14] test/crypto: add verification of TLS headers

[Anoob Joseph]

Add verification of TLS headers in protocol offload tests.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev_security_tls_record.c | 118 +++++++++++++++++-
 1 file changed, 117 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 6f106050c2..bcb2eba4ff 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -3,6 +3,8 @@
  */
 
 #include <rte_crypto.h>
+#include <rte_dtls.h>
+#include <rte_tls.h>
 
 #include "test.h"
 #include "test_cryptodev_security_tls_record.h"
@@ -62,8 +64,8 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 			   const struct tls_record_test_flags *flags,
 			   struct tls_record_test_data *td_array, int nb_td)
 {
+	int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0;
 	struct tls_record_test_data *td = NULL;
-	int i;
 
 	memset(td_array, 0, nb_td * sizeof(*td));
 
@@ -94,6 +96,59 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 		}
 	}
 
+	tls_pkt_size = td->input_text.len;
+
+	if (!td->aead) {
+		mac_len = td->xform.chain.auth.auth.digest_length;
+		switch (td->xform.chain.cipher.cipher.algo) {
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
+			roundup_len = 8;
+			exp_nonce_len = 8;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			roundup_len = 16;
+			exp_nonce_len = 16;
+			break;
+		default:
+			roundup_len = 0;
+			exp_nonce_len = 0;
+			break;
+		}
+	} else {
+		mac_len = td->xform.aead.aead.digest_length;
+		exp_nonce_len = 8;
+	}
+
+	switch (td->tls_record_xform.ver) {
+	case RTE_SECURITY_VERSION_TLS_1_2:
+	case RTE_SECURITY_VERSION_TLS_1_3:
+		hdr_len = sizeof(struct rte_tls_hdr);
+		min_padding = 1;
+		break;
+	case RTE_SECURITY_VERSION_DTLS_1_2:
+		hdr_len = sizeof(struct rte_dtls_hdr);
+		min_padding = 0;
+		break;
+	default:
+		hdr_len = 0;
+		min_padding = 0;
+		break;
+	}
+
+	tls_pkt_size += mac_len;
+
+	/* Padding */
+	tls_pkt_size += min_padding;
+	tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len);
+
+	/* Explicit nonce */
+	tls_pkt_size += exp_nonce_len;
+
+	/* Add TLS header */
+	tls_pkt_size += hdr_len;
+
+	td->output_text.len = tls_pkt_size;
+
 	RTE_SET_USED(flags);
 }
 
@@ -160,6 +215,60 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len,
 
 	return TEST_SUCCESS;
 }
+static int
+tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text)
+{
+	uint16_t length, hdr_len;
+	uint8_t content_type;
+
+	if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_2) {
+		const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text;
+		if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) {
+			printf("Incorrect header version [expected - %4x, received - %4x]\n",
+			       RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version));
+			return TEST_FAILED;
+		}
+		content_type = hdr->type;
+		length = rte_be_to_cpu_16(hdr->length);
+		hdr_len = sizeof(struct rte_tls_hdr);
+	} else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) {
+		const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text;
+		if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_3) {
+			printf("Incorrect header version [expected - %4x, received - %4x]\n",
+			       RTE_TLS_VERSION_1_3, rte_be_to_cpu_16(hdr->version));
+			return TEST_FAILED;
+		}
+		content_type = hdr->type;
+		length = rte_be_to_cpu_16(hdr->length);
+		hdr_len = sizeof(struct rte_tls_hdr);
+	} else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_DTLS_1_2) {
+		const struct rte_dtls_hdr *hdr = (const struct rte_dtls_hdr *)output_text;
+		if (rte_be_to_cpu_16(hdr->version) != RTE_DTLS_VERSION_1_2) {
+			printf("Incorrect header version [expected - %4x, received - %4x]\n",
+			       RTE_DTLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version));
+			return TEST_FAILED;
+		}
+		content_type = hdr->type;
+		length = rte_be_to_cpu_16(hdr->length);
+		hdr_len = sizeof(struct rte_dtls_hdr);
+	} else {
+		return TEST_FAILED;
+	}
+
+	if (content_type != td->app_type) {
+		printf("Incorrect content type in packet [expected - %d, received - %d]\n",
+		       td->app_type, content_type);
+		return TEST_FAILED;
+	}
+
+	if (length != td->output_text.len - hdr_len) {
+		printf("Incorrect packet length [expected - %d, received - %d]\n",
+		       td->output_text.len - hdr_len, length);
+		return TEST_FAILED;
+	}
+
+	return TEST_SUCCESS;
+}
 
 int
 test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
@@ -169,6 +278,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t
 	uint8_t output_text[TLS_RECORD_MAX_LEN];
 	const struct rte_mbuf *seg;
 	const uint8_t *output;
+	int ret;
 
 	memset(output_text, 0, TLS_RECORD_MAX_LEN);
 
@@ -193,6 +303,12 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t
 		memcpy(output_text, output, len);
 	}
 
+	if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) {
+		ret = tls_record_hdr_verify(td, output_text);
+		if (ret != TEST_SUCCESS)
+			return ret;
+	}
+
 	/*
 	 * In case of known vector tests & all record read (decrypt) tests, res_d provided would be
 	 * NULL and output data need to be validated against expected. For record read (decrypt),
-- 
2.25.1

[PATCH 12/14] test/security: add more algos to combined tests

[Anoob Joseph]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add following algos to combined mode cases. These are intended primarily
for TLS record combined mode tests.

- AES256-CBC
- SHA256-HMAC
- SHA1-HMAC [20B]

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_security_proto.h | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h
index 6797e8b8c2..efa023b99d 100644
--- a/app/test/test_security_proto.h
+++ b/app/test/test_security_proto.h
@@ -70,6 +70,12 @@ static const struct crypto_param cipher_list[] = {
 		.key_length = 16,
 		.iv_length = 16,
 	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
+		.key_length = 32,
+		.iv_length = 16,
+	},
 	{
 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
@@ -107,12 +113,24 @@ static const struct crypto_param auth_list[] = {
 		.key_length = 20,
 		.digest_length = 12,
 	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_SHA1_HMAC,
+		.key_length = 20,
+		.digest_length = 20,
+	},
 	{
 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
 		.alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
 		.key_length = 32,
 		.digest_length = 16,
 	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
+		.key_length = 32,
+		.digest_length = 32,
+	},
 	{
 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
 		.alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
-- 
2.25.1

[PATCH 13/14] test/security: add TLS 1.2 and DTLS 1.2 vectors

[Anoob Joseph]

From: Akhil Goyal <gakhil@marvell.com>

Add TLS v1.2 vectors generated using gnuTLS for
AES-256, SHA256, 3DES, CHACHA-POLY

Add DTLS v1.2 test vectors generated using gnuTLS for
AES-128-CBC, AES-256-CBC, SHA1, SHA256, 3DES-CBC,
CHACHA20-POLY1305 and NULL cipher

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     |  121 ++
 app/test/test_cryptodev_security_tls_record.h |   13 +
 ...yptodev_security_tls_record_test_vectors.h | 1126 +++++++++++++++++
 3 files changed, 1260 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 6070e7f336..86e2ccd483 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -16884,6 +16884,31 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"Write record known vector AES-CBC-128-SHA1",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec, &tls_test_data_aes_128_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-128-CBC-SHA256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &tls_test_data_aes_128_cbc_sha256_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-256-CBC-SHA1",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-256-CBC-SHA256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha256_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector 3DES-CBC-SHA1-HMAC",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &tls_test_data_3des_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector NULL-SHA1-HMAC",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &tls_test_data_null_cipher_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector CHACHA20-POLY1305",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &tls_test_data_chacha20_poly1305),
+
 		TEST_CASE_NAMED_WITH_DATA(
 			"Read record known vector AES-GCM-128 (vector 1)",
 			ut_setup_security, ut_teardown,
@@ -16900,6 +16925,33 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"Read record known vector AES-128-CBC-SHA1",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-128-CBC-SHA256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read,
+			&tls_test_data_aes_128_cbc_sha256_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-256-CBC-SHA1",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &tls_test_data_aes_256_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-256-CBC-SHA256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read,
+			&tls_test_data_aes_256_cbc_sha256_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector 3DES-CBC-SHA1-HMAC",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &tls_test_data_3des_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector NULL-SHA1-HMAC",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &tls_test_data_null_cipher_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector CHACHA20-POLY1305",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &tls_test_data_chacha20_poly1305),
+
 		TEST_CASE_NAMED_ST(
 			"Combined test alg list",
 			ut_setup_security, ut_teardown,
@@ -16920,6 +16972,40 @@ static struct unit_test_suite dtls12_record_proto_testsuite  = {
 			"Write record known vector AES-GCM-256",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec, &dtls_test_data_aes_256_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-128-CBC-SHA1",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec,
+			&dtls_test_data_aes_128_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-128-CBC-SHA256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec,
+			&dtls_test_data_aes_128_cbc_sha256_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-256-CBC-SHA1",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec,
+			&dtls_test_data_aes_256_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector AES-256-CBC-SHA256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec,
+			&dtls_test_data_aes_256_cbc_sha256_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector 3DES-CBC-SHA1-HMAC",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec,
+			&dtls_test_data_3des_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector NULL-SHA1-HMAC",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec,
+			&dtls_test_data_null_cipher_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Write record known vector CHACHA20-POLY1305",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec, &dtls_test_data_chacha20_poly1305),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Read record known vector AES-GCM-128",
 			ut_setup_security, ut_teardown,
@@ -16928,6 +17014,41 @@ static struct unit_test_suite dtls12_record_proto_testsuite  = {
 			"Read record known vector AES-GCM-256",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-128-CBC-SHA1",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read,
+			&dtls_test_data_aes_128_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-128-CBC-SHA256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read,
+			&dtls_test_data_aes_128_cbc_sha256_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-256-CBC-SHA1",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read,
+			&dtls_test_data_aes_256_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector AES-256-CBC-SHA256",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read,
+			&dtls_test_data_aes_256_cbc_sha256_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector 3DES-CBC-SHA1-HMAC",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read,
+			&dtls_test_data_3des_cbc_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector NULL-SHA1-HMAC",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read,
+			&dtls_test_data_null_cipher_sha1_hmac),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Read record known vector CHACHA20-POLY1305",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_known_vec_read, &dtls_test_data_chacha20_poly1305),
+
 		TEST_CASE_NAMED_ST(
 			"Combined test alg list",
 			ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 68dd55fef2..82a1776265 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -63,6 +63,19 @@ extern struct tls_record_test_data tls_test_data_aes_256_gcm;
 extern struct tls_record_test_data dtls_test_data_aes_128_gcm;
 extern struct tls_record_test_data dtls_test_data_aes_256_gcm;
 extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac;
+extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac;
+extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac;
+extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac;
+extern struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac;
+extern struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac;
+extern struct tls_record_test_data tls_test_data_chacha20_poly1305;
+extern struct tls_record_test_data dtls_test_data_chacha20_poly1305;
+extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac;
+extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac;
+extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac;
+extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac;
+extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac;
+extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac;
 
 int test_tls_record_status_check(struct rte_crypto_op *op);
 
diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h
index fb060275fb..f10f28bb96 100644
--- a/app/test/test_cryptodev_security_tls_record_test_vectors.h
+++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h
@@ -455,4 +455,1130 @@ struct tls_record_test_data dtls_test_data_aes_256_gcm = {
 	.app_type = 0x17,
 };
 
+struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac = {
+	.auth_key = {
+		.data = {
+			0xd7, 0x8c, 0xe2, 0xda, 0x51, 0x2a, 0xd3, 0x9c,
+			0xb4, 0x6c, 0xa1, 0xcf, 0x3f, 0x13, 0xf6, 0x1d,
+			0x9e, 0x40, 0x6f, 0x38,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20,
+			0x4e, 0x55, 0x4c, 0x4c, 0x20, 0x53, 0x48, 0x41,
+			0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+			0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa,
+		},
+		.len = 41,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0x03, 0x03, 0x00, 0x3d,
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20,
+			0x4e, 0x55, 0x4c, 0x4c, 0x20, 0x53, 0x48, 0x41,
+			0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+			0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72,
+			0x0a, 0x80, 0xa3, 0x85, 0x16, 0x85, 0xbf, 0x31,
+			0xca, 0xac, 0x18, 0x8c, 0x4e, 0xd3, 0x02, 0x75,
+			0x4e, 0xc9, 0xeb, 0x26, 0xab,
+		},
+		.len = 66,
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+					.key.length = 20,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 20,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_NULL,
+					.key.length = 0,
+					.iv.length = 0,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_TLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.tls_1_2.seq_no = 0x1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data tls_test_data_chacha20_poly1305 = {
+	.key = {
+		.data = {
+			0xe3, 0x5b, 0x21, 0x49, 0x5d, 0xfa, 0x6d, 0xb5,
+			0x93, 0xbf, 0xd3, 0xde, 0xa0, 0xef, 0x8b, 0xb2,
+			0x86, 0xf3, 0xae, 0x20, 0x7c, 0x4d, 0x98, 0xda,
+			0x20, 0x03, 0x3f, 0x57, 0x9f, 0x45, 0xdc, 0x8f,
+		},
+	},
+	.input_text = {
+		.data = {
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x54, 0x4c, 0x53, 0x31, 0x2e, 0x32, 0x20, 0x43,
+			0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x2d,
+			0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35,
+			0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+			0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x0a,
+		},
+		.len = 48,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0x03, 0x03, 0x00, 0x40,
+			0xdc, 0x3d, 0x81, 0xa1, 0xda, 0x88, 0x24, 0xcf,
+			0xeb, 0xd3, 0x38, 0x99, 0x3d, 0x0f, 0xfa, 0xdc,
+			0xac, 0x17, 0x8f, 0xa4, 0x20, 0xff, 0x08, 0x3a,
+			0x04, 0x70, 0x52, 0xcf, 0x9e, 0x25, 0xf5, 0x98,
+			0xf0, 0x5b, 0x0f, 0x80, 0xb1, 0x77, 0x6d, 0x7a,
+			0x20, 0x73, 0xf6, 0x10, 0x1b, 0x5e, 0xfd, 0xc4,
+			0x3c, 0xe1, 0x40, 0xa1, 0x7c, 0x43, 0xde, 0x13,
+			0x6e, 0x43, 0xe2, 0x81, 0x16, 0x9c, 0xf0, 0x4a,
+		},
+		.len = 69,
+	},
+	.imp_nonce = {
+		.data = {
+			0x2e, 0x86, 0x13, 0x09, 0x34, 0xe8, 0xa7, 0x3f,
+			0xda, 0x87, 0x68, 0xcb
+		},
+		.len = 12,
+	},
+	.iv = {
+		.data = {
+			0xdc, 0x3d, 0x81, 0xa1, 0xda, 0x88, 0x24, 0xcf,
+		},
+	},
+
+	.xform = {
+		.aead = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			.aead = {
+				.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
+				.key.length = 32,
+				.iv.length = 8,
+				.iv.offset = IV_OFFSET,
+				.digest_length = 16,
+				.aad_length = 13,
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_TLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.tls_1_2.seq_no = 0x1,
+	},
+
+	.aead = true,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data dtls_test_data_chacha20_poly1305 = {
+	.key = {
+		.data = {
+			0x11, 0x6b, 0x4e, 0x91, 0x74, 0x57, 0x15, 0x94,
+			0xca, 0x11, 0x2e, 0xe8, 0xb2, 0x48, 0xf1, 0x9b,
+			0x49, 0xbd, 0xbf, 0x91, 0x13, 0x4c, 0x83, 0xd7,
+			0x24, 0xb1, 0xa1, 0x0e, 0xc1, 0x54, 0xe6, 0xe2,
+		},
+	},
+	.input_text = {
+		.data = {
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32,
+			0x20, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32,
+			0x30, 0x2d, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33,
+			0x30, 0x35, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70,
+			0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f,
+			0x72, 0x0a,
+		},
+		.len = 50,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x01, 0x00, 0x42,
+			0xd5, 0x38, 0xd0, 0x1e, 0x7e, 0x9d, 0x69, 0xa1,
+			0xf9, 0x7c, 0x1f, 0xad, 0x64, 0x24, 0xac, 0x07,
+			0x37, 0x3d, 0x7b, 0x8b, 0x63, 0x6e, 0x9d, 0x63,
+			0xa2, 0xd2, 0x05, 0x91, 0x1c, 0xa2, 0x5f, 0xbd,
+			0x3e, 0x5d, 0x82, 0x37, 0xb4, 0x46, 0x8d, 0x7f,
+			0x1c, 0x20, 0xb4, 0x5c, 0xb2, 0x05, 0xdb, 0x84,
+			0x77, 0xad, 0x9c, 0xbd, 0x09, 0x14, 0x50, 0x9e,
+			0xad, 0xc3, 0xc6, 0xfe, 0x2f, 0x13, 0xf6, 0x79,
+			0x65, 0x70,
+		},
+		.len = 79,
+	},
+	.imp_nonce = {
+		.data = {
+			0x5b, 0xb2, 0x29, 0x02, 0x14, 0x1d, 0xf1, 0x86,
+			0x5a, 0xe5, 0x70, 0x3f,
+		},
+		.len = 12,
+	},
+	.iv = {
+		.data = {
+			0xd5, 0x38, 0xd0, 0x1e, 0x7e, 0x9d, 0x69, 0xa1,
+		},
+	},
+
+	.xform = {
+		.aead = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			.aead = {
+				.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,
+				.algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
+				.key.length = 32,
+				.iv.length = 8,
+				.iv.offset = IV_OFFSET,
+				.digest_length = 16,
+				.aad_length = 21,
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_DTLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.dtls_1_2.epoch = 1,
+		.dtls_1_2.seq_no = 1,
+	},
+
+	.aead = true,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac = {
+	.auth_key = {
+		.data = {
+			0xb1, 0x1d, 0x4f, 0x46, 0x23, 0x42, 0x51, 0x51,
+			0xda, 0x91, 0x59, 0x01, 0xde, 0x9e, 0x0c, 0x27,
+			0xe6, 0x8a, 0xdc, 0xf8,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32,
+			0x20, 0x4e, 0x55, 0x4c, 0x4c, 0x20, 0x63, 0x69,
+			0x70, 0x68, 0x65, 0x72, 0x20, 0x53, 0x48, 0x41,
+			0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+			0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x0a,
+		},
+		.len = 49,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x01, 0x00, 0x45,
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32,
+			0x20, 0x4e, 0x55, 0x4c, 0x4c, 0x20, 0x63, 0x69,
+			0x70, 0x68, 0x65, 0x72, 0x20, 0x53, 0x48, 0x41,
+			0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+			0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72,
+			0x0a, 0xfc, 0x24, 0x2f, 0x1c, 0x74, 0xda, 0x3d,
+			0xb3, 0xa9, 0x81, 0x51, 0xcb, 0x9b, 0xb6, 0x7e,
+			0x25, 0xa6, 0x53, 0x04, 0x2f,
+		},
+		.len = 82,
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+					.key.length = 20,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 20,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_NULL,
+					.key.length = 0,
+					.iv.length = 0,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_DTLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.dtls_1_2.epoch = 1,
+		.dtls_1_2.seq_no = 1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac = {
+	.key = {
+		.data = {
+			0x6f, 0x78, 0x95, 0x1f, 0x08, 0xff, 0xd7, 0xa6,
+			0x7f, 0x64, 0x70, 0xa8, 0x10, 0xde, 0xce, 0xca,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x8e, 0x8a, 0xae, 0xa2, 0xe9, 0x8e, 0x4a, 0xa2,
+			0x7a, 0xa7, 0x24, 0x76, 0xf1, 0x48, 0x20, 0x25,
+			0x8b, 0x04, 0xd7, 0x2d,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32,
+			0x20, 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38,
+			0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41,
+			0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+			0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa,
+		},
+		.len = 49,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x01, 0x00, 0x60,
+			0x3a, 0x0f, 0xaf, 0x47, 0x0d, 0x9e, 0x0f, 0x47,
+			0x88, 0x23, 0x4e, 0xa0, 0x05, 0x1e, 0x35, 0x99,
+			0x03, 0xa8, 0x32, 0x8f, 0x3d, 0x5d, 0xd6, 0xb1,
+			0xf1, 0x93, 0x40, 0x16, 0xed, 0x3a, 0xea, 0x0d,
+			0xb0, 0x03, 0xcd, 0x56, 0x8f, 0x96, 0x26, 0x00,
+			0xb3, 0x54, 0xaf, 0x18, 0xbc, 0x95, 0xfe, 0x3e,
+			0x5d, 0xfa, 0x57, 0xa0, 0x8d, 0x95, 0x8f, 0xd2,
+			0xab, 0x2e, 0x58, 0x5c, 0xe8, 0x37, 0xff, 0xc5,
+			0x00, 0x62, 0xfa, 0x19, 0xfd, 0x39, 0x4f, 0xc2,
+			0x10, 0xd3, 0x98, 0x72, 0xec, 0x2f, 0x00, 0x2b,
+			0x1c, 0xb9, 0xf4, 0xe2, 0xf4, 0xd4, 0xbf, 0x5b,
+			0x77, 0x45, 0x42, 0x57, 0x77, 0x26, 0xff, 0x41,
+		},
+		.len = 109,
+	},
+	.iv = {
+		.data = {
+			0x3a, 0x0f, 0xaf, 0x47, 0x0d, 0x9e, 0x0f, 0x47,
+			0x88, 0x23, 0x4e, 0xa0, 0x05, 0x1e, 0x35, 0x99,
+		},
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+					.key.length = 20,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 20,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+					.key.length = 16,
+					.iv.length = 16,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_DTLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.dtls_1_2.epoch = 1,
+		.dtls_1_2.seq_no = 1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac = {
+	.key = {
+		.data = {
+			0x4c, 0x3f, 0x7e, 0x56, 0xdf, 0x60, 0x0e, 0xfa,
+			0x47, 0x8b, 0xb5, 0x44, 0x7f, 0x47, 0xfa, 0x22,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x5b, 0xaa, 0x3c, 0x1a, 0x60, 0x9b, 0x15, 0x04,
+			0x02, 0xda, 0xdb, 0x96, 0x5e, 0xd9, 0x7b, 0x7a,
+			0xa4, 0xca, 0xd6, 0xab, 0x0b, 0x55, 0x87, 0xef,
+			0x20, 0xcd, 0x2e, 0xd5, 0xe4, 0x70, 0xae, 0x36,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32,
+			0x20, 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38,
+			0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41,
+			0x32, 0x35, 0x36, 0x20, 0x65, 0x78, 0x61, 0x6d,
+			0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74,
+			0x6f, 0x72, 0xa,
+		},
+		.len = 51,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x01, 0x00, 0x70,
+			0x9c, 0xfe, 0xdf, 0x4f, 0xaf, 0x86, 0x46, 0xc7,
+			0x97, 0xaa, 0x2e, 0xe4, 0xd8, 0x51, 0xa8, 0xbb,
+			0x22, 0x25, 0x09, 0xa7, 0x25, 0xb1, 0xa1, 0xe1,
+			0xcc, 0xcb, 0x3f, 0x08, 0xae, 0xa9, 0xae, 0xa1,
+			0x43, 0xe0, 0xf5, 0x6b, 0x98, 0xda, 0x98, 0x09,
+			0x99, 0xfa, 0x8c, 0x01, 0xd8, 0x90, 0x0d, 0x42,
+			0xcc, 0x5f, 0x1d, 0x52, 0x48, 0xbe, 0xd2, 0x4e,
+			0x62, 0xf5, 0x64, 0x89, 0x2f, 0x05, 0x91, 0x4e,
+			0x54, 0x3a, 0x58, 0x1c, 0x99, 0xb0, 0xa5, 0x4a,
+			0xc1, 0x42, 0xa1, 0x87, 0xa3, 0x00, 0x17, 0x6f,
+			0xa8, 0xf8, 0x9d, 0xae, 0xaf, 0x40, 0xf8, 0x72,
+			0xbf, 0xad, 0xbe, 0x68, 0x74, 0x20, 0xe5, 0xe9,
+			0x1b, 0x1d, 0x17, 0x28, 0xf7, 0xb2, 0xf8, 0x01,
+			0xc5, 0xcb, 0xca, 0xc5, 0xda, 0x70, 0x1c, 0x7d,
+		},
+		.len = 125,
+	},
+	.iv = {
+		.data = {
+			0x9c, 0xfe, 0xdf, 0x4f, 0xaf, 0x86, 0x46, 0xc7,
+			0x97, 0xaa, 0x2e, 0xe4, 0xd8, 0x51, 0xa8, 0xbb,
+		},
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+					.key.length = 32,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 32,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+					.key.length = 16,
+					.iv.length = 16,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_DTLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.dtls_1_2.epoch = 1,
+		.dtls_1_2.seq_no = 1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac = {
+	.key = {
+		.data = {
+			0xd5, 0x5d, 0xae, 0xb4, 0xb4, 0x6f, 0xef, 0xd9,
+			0x08, 0xbd, 0x61, 0xf7, 0x95, 0x50, 0x72, 0x85,
+			0x4f, 0x4f, 0x3a, 0x1a, 0x55, 0x5b, 0xa9, 0x65,
+			0xcb, 0x54, 0x29, 0xdb, 0xdb, 0xdc, 0xb9, 0x66,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x9f, 0xb0, 0xcb, 0xe1, 0xca, 0xc4, 0x13, 0xa0,
+			0x57, 0xa8, 0x5b, 0xd6, 0x5e, 0xe7, 0x8d, 0xfb,
+			0xe9, 0x99, 0x05, 0x88,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32,
+			0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36,
+			0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41,
+			0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+			0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa,
+		},
+		.len = 49,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x01, 0x00, 0x60,
+			0x55, 0xdd, 0x04, 0x79, 0xa9, 0xc2, 0x62, 0x2c,
+			0xc1, 0x89, 0x8e, 0xc4, 0x0a, 0x3f, 0x80, 0x2c,
+			0x14, 0xcc, 0xa4, 0x01, 0xf3, 0x4f, 0x33, 0x10,
+			0xe0, 0x7a, 0xc1, 0x5b, 0xeb, 0x51, 0xd6, 0x34,
+			0x51, 0xaf, 0x81, 0x6c, 0xeb, 0xce, 0x97, 0xa2,
+			0x27, 0x02, 0x66, 0xb6, 0x35, 0x4c, 0x1c, 0xbd,
+			0x5e, 0x8d, 0x1b, 0x12, 0x42, 0xad, 0xf3, 0x43,
+			0x52, 0x6d, 0x1b, 0xb5, 0x4f, 0x7c, 0x48, 0xd8,
+			0xae, 0xf2, 0x5e, 0xe0, 0xe6, 0x57, 0x3f, 0x61,
+			0xa0, 0x8d, 0x3d, 0x42, 0x3c, 0x33, 0xb9, 0x39,
+			0x84, 0x06, 0x49, 0xd8, 0xd4, 0xfc, 0x7d, 0x0f,
+			0x30, 0x6d, 0x7b, 0x98, 0xee, 0xd3, 0xbd, 0x35,
+		},
+		.len = 109,
+	},
+	.iv = {
+		.data = {
+			0x55, 0xdd, 0x04, 0x79, 0xa9, 0xc2, 0x62, 0x2c,
+			0xc1, 0x89, 0x8e, 0xc4, 0x0a, 0x3f, 0x80, 0x2c,
+		},
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+					.key.length = 20,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 20,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+					.key.length = 32,
+					.iv.length = 16,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_DTLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.dtls_1_2.epoch = 1,
+		.dtls_1_2.seq_no = 1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac = {
+	.key = {
+		.data = {
+			0xaa, 0x18, 0xb6, 0x7b, 0xf1, 0x74, 0xf5, 0x8d,
+			0xab, 0x6e, 0xfc, 0x12, 0x59, 0x5b, 0xab, 0x6f,
+			0xe7, 0x23, 0xc9, 0x80, 0x2e, 0x5d, 0xba, 0x73,
+			0x93, 0xd7, 0xe3, 0xc9, 0x86, 0xd7, 0x9c, 0x8e,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x78, 0x92, 0x52, 0xb3, 0x2a, 0x2f, 0x3e, 0xdf,
+			0xf0, 0xdd, 0x91, 0xd3, 0xf4, 0xeb, 0xd5, 0xdd,
+			0x97, 0x7c, 0x24, 0xb4, 0xec, 0x28, 0xf6, 0xbd,
+			0x8f, 0x7b, 0xdf, 0x97, 0x32, 0xdf, 0x81, 0xde,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32,
+			0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36,
+			0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41,
+			0x32, 0x35, 0x36, 0x20, 0x65, 0x78, 0x61, 0x6d,
+			0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74,
+			0x6f, 0x72, 0xa,
+		},
+		.len = 51,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x01, 0x00, 0x70,
+			0x8f, 0x07, 0x1c, 0x60, 0x41, 0xbd, 0x77, 0x0c,
+			0x0b, 0x42, 0xbe, 0x95, 0x80, 0xc5, 0xdb, 0x1c,
+			0x46, 0xe4, 0x16, 0x83, 0xf7, 0x89, 0xe4, 0x82,
+			0xae, 0xaa, 0x8b, 0xc6, 0x91, 0x1a, 0x34, 0x9c,
+			0x23, 0x48, 0x83, 0x4c, 0x21, 0xf4, 0xed, 0xf8,
+			0x74, 0x1e, 0xd6, 0x9a, 0x76, 0x6d, 0xa3, 0x53,
+			0x56, 0xda, 0x78, 0x22, 0xea, 0x77, 0x87, 0xd0,
+			0xb5, 0x73, 0x7c, 0x53, 0x14, 0xdf, 0xc1, 0x84,
+			0x93, 0x97, 0xa4, 0x1d, 0x32, 0x1c, 0x57, 0x9a,
+			0xdd, 0x29, 0x0d, 0x41, 0x4d, 0x44, 0x4c, 0x7f,
+			0x7c, 0xd7, 0xa2, 0x8b, 0xaf, 0xfd, 0x76, 0x24,
+			0x81, 0x03, 0x11, 0x9e, 0xd0, 0x62, 0xc1, 0xfd,
+			0xc4, 0xe1, 0xf9, 0x88, 0xae, 0xf8, 0x7e, 0x25,
+			0xbf, 0xfb, 0xea, 0xa6, 0xe9, 0x70, 0x33, 0x6a,
+		},
+		.len = 125,
+	},
+	.iv = {
+		.data = {
+			0x8f, 0x07, 0x1c, 0x60, 0x41, 0xbd, 0x77, 0x0c,
+			0x0b, 0x42, 0xbe, 0x95, 0x80, 0xc5, 0xdb, 0x1c,
+		},
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+					.key.length = 32,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 32,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+					.key.length = 32,
+					.iv.length = 16,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_DTLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.dtls_1_2.epoch = 1,
+		.dtls_1_2.seq_no = 1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac = {
+	.key = {
+		.data = {
+			0x2f, 0x60, 0xdc, 0xe6, 0x75, 0x71, 0xaa, 0x11,
+			0xb6, 0x37, 0xc3, 0x8e, 0xc4, 0x72, 0x19, 0xec,
+			0xc7, 0xd5, 0x43, 0x9b, 0x35, 0xe9, 0x5f, 0xc4,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x3e, 0xaa, 0x47, 0xfc, 0x45, 0x1c, 0x49, 0xe0,
+			0xf1, 0x76, 0x82, 0x70, 0xb2, 0xbd, 0x43, 0x49,
+			0xc5, 0x31, 0x2b, 0xf0,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32,
+			0x20, 0x33, 0x44, 0x45, 0x53, 0x2d, 0x43, 0x42,
+			0x43, 0x20, 0x53, 0x48, 0x41, 0x31, 0x20, 0x65,
+			0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x76,
+			0x65, 0x63, 0x74, 0x6f, 0x72, 0xa,
+		},
+		.len = 46,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x01, 0x00, 0x50,
+			0xe1, 0xae, 0x8c, 0x7d, 0x1c, 0x50, 0x3d, 0xb4,
+			0xf6, 0xd0, 0x63, 0xc2, 0x70, 0x4e, 0x01, 0x2d,
+			0x78, 0x0e, 0xbc, 0x88, 0xf3, 0xf6, 0xaa, 0x75,
+			0xf8, 0x72, 0xe3, 0x4b, 0x3f, 0x3e, 0xf7, 0x91,
+			0x5c, 0x20, 0xd9, 0x66, 0x1d, 0x76, 0xa7, 0x4e,
+			0x14, 0x50, 0x51, 0x79, 0x37, 0xc2, 0xbb, 0x7a,
+			0xdb, 0x89, 0x3d, 0xaa, 0x98, 0x68, 0x67, 0x17,
+			0xb2, 0x68, 0x30, 0x25, 0x98, 0xa4, 0x26, 0xa1,
+			0xaf, 0x91, 0x18, 0x16, 0x2e, 0x66, 0x75, 0xb7,
+			0xd5, 0x59, 0x66, 0x13, 0x40, 0xce, 0x5e, 0xe0,
+		},
+		.len = 93,
+	},
+	.iv = {
+		.data = {
+			0xe1, 0xae, 0x8c, 0x7d, 0x1c, 0x50, 0x3d, 0xb4,
+		},
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+					.key.length = 20,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 20,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+					.key.length = 24,
+					.iv.length = 8,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_DTLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.dtls_1_2.epoch = 1,
+		.dtls_1_2.seq_no = 1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac = {
+	.key = {
+		.data = {
+			0x77, 0xe2, 0xad, 0x5f, 0x3a, 0xac, 0xae, 0xaf,
+			0x29, 0x4c, 0x94, 0xe0, 0x27, 0x99, 0x1a, 0x6c,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x1e, 0xbb, 0x70, 0xaf, 0x09, 0x9d, 0x1b, 0xbd,
+			0xd9, 0xce, 0x48, 0x9b, 0x42, 0x52, 0x53, 0x1b,
+			0x16, 0x37, 0xdb, 0xc5, 0x0a, 0x0f, 0x01, 0xa4,
+			0x57, 0x22, 0x84, 0x95, 0xa5, 0xea, 0x33, 0x61,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20,
+			0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d,
+			0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, 0x32,
+			0x35, 0x36, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70,
+			0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f,
+			0x72, 0xa,
+		},
+		.len = 50,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0x03, 0x03, 0x00, 0x70,
+			0xe4, 0xe7, 0xdf, 0x4b, 0x35, 0x8d, 0xcd, 0xc2,
+			0x0c, 0x83, 0x54, 0xb9, 0x7c, 0x11, 0x39, 0xcc,
+			0xb8, 0x52, 0xd8, 0x79, 0x39, 0x0e, 0x5e, 0xe8,
+			0x13, 0x5e, 0xd0, 0x7e, 0x19, 0xd1, 0xbb, 0x5c,
+			0x33, 0xdd, 0x95, 0xc9, 0x71, 0x22, 0xa1, 0xae,
+			0x21, 0x99, 0x89, 0xde, 0x9a, 0x88, 0xdd, 0x53,
+			0x46, 0x7c, 0xa4, 0xdd, 0x21, 0xb6, 0xe1, 0x19,
+			0x41, 0xc9, 0xd2, 0x27, 0xa3, 0xec, 0x3f, 0x9a,
+			0xd5, 0x53, 0x07, 0x0c, 0x1f, 0xb8, 0x3d, 0xdf,
+			0xaf, 0x87, 0xa2, 0x67, 0x97, 0xd0, 0x3f, 0xf5,
+			0x25, 0x9c, 0xfd, 0x9d, 0x40, 0x22, 0x91, 0xb7,
+			0xed, 0xb0, 0xfc, 0x93, 0xd9, 0xa6, 0x1c, 0x04,
+			0x5f, 0xc8, 0x55, 0x4c, 0x32, 0x5f, 0x0b, 0x65,
+			0x87, 0xd1, 0x79, 0x72, 0xc3, 0x44, 0x89, 0x2e,
+		},
+		.len = 117,
+	},
+	.iv = {
+		.data = {
+			0xe4, 0xe7, 0xdf, 0x4b, 0x35, 0x8d, 0xcd, 0xc2,
+			0x0c, 0x83, 0x54, 0xb9, 0x7c, 0x11, 0x39, 0xcc,
+		},
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+					.key.length = 32,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 32,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+					.key.length = 16,
+					.iv.length = 16,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_TLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.tls_1_2.seq_no = 0x1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac = {
+	.key = {
+		.data = {
+			0xa3, 0x43, 0x65, 0xb7, 0xb1, 0x86, 0x96, 0xc9,
+			0xa7, 0x98, 0xe9, 0xcc, 0x3e, 0x97, 0x7b, 0xba,
+			0x52, 0x5f, 0x9c, 0x0d, 0x25, 0x1d, 0x07, 0x1f,
+			0x97, 0xf8, 0xfa, 0x06, 0x1c, 0x1c, 0x23, 0xed,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x8e, 0xec, 0x48, 0x7b, 0xe9, 0xf2, 0xbb, 0x47,
+			0x82, 0x01, 0x49, 0xa3, 0x79, 0x30, 0x47, 0xb8,
+			0xd7, 0x28, 0x94, 0x08,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20,
+			0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d,
+			0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, 0x31,
+			0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0xa,
+		},
+		.len = 41,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0x03, 0x03, 0x00, 0x50,
+			0x7a, 0xc6, 0x7e, 0x16, 0x63, 0x2f, 0x11, 0xd4,
+			0x14, 0x22, 0x8f, 0xfa, 0x0a, 0x60, 0xe1, 0x58,
+			0x11, 0xa3, 0xa3, 0xef, 0x8a, 0x04, 0xab, 0x87,
+			0x20, 0x67, 0xc1, 0x99, 0xde, 0x8a, 0xe9, 0x5a,
+			0x1c, 0xd6, 0xbd, 0x46, 0x99, 0xeb, 0x60, 0xad,
+			0x06, 0xf4, 0xfe, 0x8f, 0x50, 0x5f, 0x18, 0x52,
+			0x0c, 0x70, 0x25, 0xf2, 0xcc, 0x65, 0xff, 0x88,
+			0x17, 0xe9, 0xe6, 0xf9, 0x5e, 0x6f, 0xf8, 0xaa,
+			0x58, 0xf0, 0x49, 0xb5, 0xb3, 0x5c, 0x0f, 0x62,
+			0x06, 0x45, 0x08, 0x4e, 0x98, 0x2e, 0x71, 0x26,
+		},
+		.len = 85,
+	},
+	.iv = {
+		.data = {
+			0x7a, 0xc6, 0x7e, 0x16, 0x63, 0x2f, 0x11, 0xd4,
+			0x14, 0x22, 0x8f, 0xfa, 0x0a, 0x60, 0xe1, 0x58,
+		},
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+					.key.length = 20,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 20,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+					.key.length = 32,
+					.iv.length = 16,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_TLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.tls_1_2.seq_no = 0x1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac = {
+	.key = {
+		.data = {
+			0xed, 0x63, 0xb2, 0xad, 0xa5, 0xb7, 0x95, 0xf1,
+			0xf2, 0x64, 0x83, 0xac, 0xd4, 0xbb, 0x37, 0x31,
+			0xec, 0xf7, 0x8a, 0xa9, 0xdd, 0x19, 0x6d, 0x47,
+			0x12, 0xb4, 0xa0, 0x5b, 0x8f, 0x6f, 0xa7, 0x5d,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0xe3, 0x0f, 0x07, 0x9c, 0xee, 0x5a, 0xe6, 0xdd,
+			0xd1, 0xc5, 0x49, 0x9a, 0x94, 0x22, 0xd3, 0xee,
+			0x13, 0x41, 0x5b, 0x2b, 0x2a, 0x88, 0x89, 0xc9,
+			0xd8, 0xeb, 0xbf, 0x16, 0x4d, 0x89, 0xcb, 0x5a,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20,
+			0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d,
+			0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, 0x32,
+			0x35, 0x36, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70,
+			0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f,
+			0x72, 0xa,
+		},
+		.len = 50,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0x03, 0x03, 0x00, 0x70,
+			0x83, 0x7c, 0x06, 0xa9, 0x9f, 0x57, 0xf3, 0x53,
+			0xc2, 0xca, 0xd5, 0xe0, 0x8d, 0xd0, 0x6d, 0x13,
+			0xe9, 0x09, 0xff, 0xf7, 0x56, 0xd6, 0x9b, 0x73,
+			0xd5, 0xea, 0x43, 0x55, 0xd1, 0xab, 0x25, 0x66,
+			0x6e, 0x06, 0x0a, 0x98, 0xa2, 0x83, 0x4d, 0x91,
+			0xef, 0x36, 0x2c, 0xde, 0x69, 0xf5, 0xbc, 0x7f,
+			0xf6, 0x98, 0x85, 0xab, 0x89, 0x0f, 0x1e, 0xcb,
+			0x54, 0x87, 0xae, 0xab, 0xc6, 0x2e, 0xb9, 0x4c,
+			0xa5, 0x16, 0x7f, 0x04, 0x92, 0x2a, 0x59, 0x61,
+			0x3c, 0x2e, 0x40, 0x6b, 0xb6, 0xb1, 0x2f, 0x04,
+			0x66, 0x55, 0xd1, 0x12, 0x9c, 0x35, 0xb5, 0xbd,
+			0xbc, 0x0e, 0xa1, 0xb1, 0x88, 0xe5, 0x4f, 0xdd,
+			0x11, 0x47, 0x61, 0xed, 0x85, 0xca, 0xbb, 0x3e,
+			0xec, 0xf5, 0xea, 0x49, 0x07, 0x86, 0x1f, 0x2a,
+		},
+		.len = 117,
+	},
+	.iv = {
+		.data = {
+			0x83, 0x7c, 0x06, 0xa9, 0x9f, 0x57, 0xf3, 0x53,
+			0xc2, 0xca, 0xd5, 0xe0, 0x8d, 0xd0, 0x6d, 0x13,
+		},
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+					.key.length = 32,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 32,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+					.key.length = 32,
+					.iv.length = 16,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_TLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.tls_1_2.seq_no = 0x1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
+struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = {
+	.key = {
+		.data = {
+			0x71, 0x61, 0x3c, 0x0f, 0xbd, 0x54, 0x25, 0xea,
+			0x18, 0x1e, 0xae, 0xb8, 0x6d, 0xed, 0xc7, 0xff,
+			0x0e, 0x8d, 0x19, 0x20, 0x9e, 0xba, 0x88, 0xbb,
+		},
+	},
+	.auth_key = {
+		.data = {
+			0x32, 0x06, 0xea, 0x9c, 0xa8, 0x7a, 0xf5, 0x75,
+			0xc5, 0xea, 0xd2, 0x4e, 0x2b, 0x7a, 0xf9, 0x20,
+			0x0b, 0xa5, 0x83, 0x53,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* actual plain text */
+			0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+			0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20,
+			0x33, 0x44, 0x45, 0x53, 0x2d, 0x43, 0x42, 0x43,
+			0x20, 0x53, 0x48, 0x41, 0x31, 0x20, 0x65, 0x78,
+			0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65,
+			0x63, 0x74, 0x6f, 0x72, 0xa,
+		},
+		.len = 45,
+	},
+	.output_text = {
+		.data = {
+			0x17, 0x03, 0x03, 0x00, 0x50,
+			0x6f, 0xcf, 0x77, 0x13, 0xc3, 0xa2, 0x31, 0x30,
+			0x3f, 0xe7, 0x1d, 0x7a, 0xaa, 0xaa, 0x1f, 0x19,
+			0xc1, 0xb7, 0x6b, 0xa3, 0x54, 0x24, 0x9c, 0xa6,
+			0xe6, 0x8c, 0xf3, 0xef, 0xc5, 0xd4, 0x47, 0xde,
+			0x13, 0xe0, 0xf3, 0x2f, 0x91, 0xa1, 0xb9, 0xb0,
+			0x4f, 0x16, 0xd3, 0xa9, 0x45, 0xba, 0xd9, 0x37,
+			0x07, 0x8d, 0xc6, 0x05, 0x83, 0x07, 0x75, 0x8c,
+			0x4b, 0xf5, 0xa4, 0xa0, 0xf8, 0x36, 0xfe, 0x9f,
+			0x18, 0xb5, 0x83, 0xb5, 0x47, 0x33, 0x64, 0xdc,
+			0x2f, 0xac, 0x95, 0x2a, 0x72, 0xa9, 0x3c, 0xc6,
+		},
+		.len = 85,
+	},
+	.iv = {
+		.data = {
+			0x6f, 0xcf, 0x77, 0x13, 0xc3, 0xa2, 0x31, 0x30,
+		},
+	},
+
+	.xform = {
+		.chain = {
+			.auth = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+				.auth = {
+					.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+					.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+					.key.length = 20,
+					.iv.length = 0,
+					.iv.offset = 0,
+					.digest_length = 20,
+				},
+			},
+			.cipher = {
+				.next = NULL,
+				.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+				.cipher = {
+					.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+					.key.length = 24,
+					.iv.length = 8,
+					.iv.offset = IV_OFFSET,
+				},
+			},
+		},
+	},
+
+	.tls_record_xform = {
+		.ver = RTE_SECURITY_VERSION_TLS_1_2,
+		.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+		.tls_1_2.seq_no = 0x1,
+	},
+
+	.aead = false,
+	.app_type = 0x17,
+};
+
 #endif
-- 
2.25.1

[PATCH 14/14] test/crypto: add multi segmented cases

[Anoob Joseph]

From: Tejasree Kondoj <ktejasree@marvell.com>

Add multi segmented buffer test cases in TLS suites.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     | 29 ++++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.h |  1 +
 doc/guides/rel_notes/release_24_03.rst        |  4 +++
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 86e2ccd483..b208cca4e2 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11699,6 +11699,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 			      struct tls_record_test_data res_d[], int nb_td, bool silent,
 			      const struct tls_record_test_flags *flags)
 {
+	int nb_segs = flags->nb_segs_in_mbuf ? flags->nb_segs_in_mbuf : 1;
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct rte_security_tls_record_xform tls_record_xform;
@@ -11801,7 +11802,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 	for (i = 0; i < nb_td; i++) {
 		/* Setup source mbuf payload */
 		ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len,
-				1, 0);
+				nb_segs, 0);
 		pktmbuf_write(ut_params->ibuf, 0, td[i].input_text.len, td[i].input_text.data);
 
 		/* Generate crypto op data structure */
@@ -11958,6 +11959,24 @@ test_tls_record_proto_display_list(void)
 	return test_tls_record_proto_all(&flags);
 }
 
+static int
+test_tls_record_proto_sgl(void)
+{
+	struct tls_record_test_flags flags = {
+		.nb_segs_in_mbuf = 5
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
+		printf("Device doesn't support in-place scatter-gather. Test Skipped.\n");
+		return TEST_SKIPPED;
+	}
+
+	return test_tls_record_proto_all(&flags);
+}
+
 #endif
 
 static int
@@ -16956,6 +16975,10 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"Combined test alg list",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_display_list),
+		TEST_CASE_NAMED_ST(
+			"Multi-segmented mode",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sgl),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
@@ -17053,6 +17076,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite  = {
 			"Combined test alg list",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_display_list),
+		TEST_CASE_NAMED_ST(
+			"Multi-segmented mode",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sgl),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 82a1776265..0bd83f88f0 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -55,6 +55,7 @@ struct tls_record_test_data {
 
 struct tls_record_test_flags {
 	bool display_alg;
+	int nb_segs_in_mbuf;
 };
 
 extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;
diff --git a/doc/guides/rel_notes/release_24_03.rst b/doc/guides/rel_notes/release_24_03.rst
index e9c9717706..0d226e9644 100644
--- a/doc/guides/rel_notes/release_24_03.rst
+++ b/doc/guides/rel_notes/release_24_03.rst
@@ -55,6 +55,10 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Added TLS record test suite.**
+
+  Added a new test suite in cryptodev autotest framework to test TLS record
+  security offload by supported cryptodevs.
 
 Removed Items
 -------------
-- 
2.25.1

RE: [PATCH 00/14] Add TLS record test suite

[Akhil Goyal]

> Subject: [PATCH 00/14] Add TLS record test suite
> 
> Add TLS record test suite in cryptodev autotest framework. The test
> suite would run based on capabilities exposed by the cryptodev.
> 
> The test suite framework is similar to the framework used in case of
> IPsec tests. To avoid duplication of code, protocol independent code
> is moved to common files and the functions are renamed accordingly.
> 
> TLS record test suite has known vector tests as well as combined mode
> tests. Known vector tests leverages vectors generated with kTLS and
> gnuTLS utilities. The test suite supports testing both operations (read
> or decrypt, write or encrypt) with a single vector. Write or encrypt
> test would get skipped if cryptodev doesn't support disabling of IV
> generation. Combined mode tests are targetted at testing protocol
> features with all combinations of cipher-authentication algorithms.
> 
> Combined mode performs record write operation first and feeds that back
> to record read operation. Individual test cases may update the input to
> record write operation based on the test case and the test framework
> validates the output obtained (not complete text, but protocol specific
> fields such as TLS header). Once it is validated, the output will be
> submitted for record read operation which would give back the original
> data. Currently this framework supports testing of multi-segmented mbuf
> as input with TLS record. The same would be enhanced to support more
> cases such as ICV corruption, incorrect padding etc.
> 
> Enhancements planned for future,
> - Add TLS 1.3 suite
> - Add negative tests such as ICV corruption and incorrect padding
> - Add session expiry tests
> - Add anti-replay tests with DTLS
> 
>  Sample output with crypto_cn10k:
> 
>  + ------------------------------------------------------- +
> [67/18944]
>  + ------------------------------------------------------- +
>  + Test Suite : TLS 1.2 Record Protocol Unit Test Suite
>  + ------------------------------------------------------- +
>  + TestCase [ 0] : Write record known vector AES-GCM-128 (vector 1) succeeded
>  + TestCase [ 1] : Write record known vector AES-GCM-128 (vector 2) succeeded
>  + TestCase [ 2] : Write record known vector AES-GCM-256 succeeded
>  + TestCase [ 3] : Write record known vector AES-CBC-128-SHA1 succeeded
>  + TestCase [ 4] : Write record known vector AES-128-CBC-SHA256 succeeded
>  + TestCase [ 5] : Write record known vector AES-256-CBC-SHA1 succeeded
>  + TestCase [ 6] : Write record known vector AES-256-CBC-SHA256 succeeded
>  + TestCase [ 7] : Write record known vector 3DES-CBC-SHA1-HMAC succeeded
> USER1: Cipher crypto capabilities not supported
>  + TestCase [ 8] : Write record known vector NULL-SHA1-HMAC skipped
> USER1: Crypto capabilities not supported
>  + TestCase [ 9] : Write record known vector CHACHA20-POLY1305 skipped
>  + TestCase [10] : Read record known vector AES-GCM-128 (vector 1) succeeded
>  + TestCase [11] : Read record known vector AES-GCM-128 (vector 2) succeeded
>  + TestCase [12] : Read record known vector AES-GCM-256 succeeded
>  + TestCase [13] : Read record known vector AES-128-CBC-SHA1 succeeded
>  + TestCase [14] : Read record known vector AES-128-CBC-SHA256 succeeded
>  + TestCase [15] : Read record known vector AES-256-CBC-SHA1 succeeded
>  + TestCase [16] : Read record known vector AES-256-CBC-SHA256 succeeded
>  + TestCase [17] : Read record known vector 3DES-CBC-SHA1-HMAC succeeded
> USER1: Cipher crypto capabilities not supported
>  + TestCase [18] : Read record known vector NULL-SHA1-HMAC skipped
> USER1: Crypto capabilities not supported
>  + TestCase [19] : Read record known vector CHACHA20-POLY1305 skipped
>         3des-cbc [192] sha1-hmac [20B ICV]
>         aes-cbc [128] sha1-hmac [20B ICV]
>         aes-cbc [128] sha2-256-hmac [32B ICV]
>         aes-cbc [256] sha1-hmac [20B ICV]
>         aes-cbc [256] sha2-256-hmac [32B ICV]
>  + TestCase [20] : Combined test alg list succeeded
>  + TestCase [21] : Multi-segmented mode succeeded
>  + ------------------------------------------------------- +
>  + Test Suite Summary : TLS 1.2 Record Protocol Unit Test Suite
>  + ------------------------------------------------------- +
>  + Tests Total :       22
>  + Tests Skipped :      4
>  + Tests Executed :    22
>  + Tests Unsupported:   0
>  + Tests Passed :      18
>  + Tests Failed :       0
>  + ------------------------------------------------------- +
>  + ------------------------------------------------------- +
>  + Test Suite : DTLS 1.2 Record Protocol Unit Test Suite
>  + ------------------------------------------------------- +
>  + TestCase [ 0] : Write record known vector AES-GCM-128 succeeded
>  + TestCase [ 1] : Write record known vector AES-GCM-256 succeeded
>  + TestCase [ 2] : Write record known vector AES-128-CBC-SHA1 succeeded
>  + TestCase [ 3] : Write record known vector AES-128-CBC-SHA256 succeeded
>  + TestCase [ 4] : Write record known vector AES-256-CBC-SHA1 succeeded
>  + TestCase [ 5] : Write record known vector AES-256-CBC-SHA256 succeeded
>  + TestCase [ 6] : Write record known vector 3DES-CBC-SHA1-HMAC succeeded
> USER1: Cipher crypto capabilities not supported
>  + TestCase [ 7] : Write record known vector NULL-SHA1-HMAC skipped
> USER1: Crypto capabilities not supported
>  + TestCase [ 8] : Write record known vector CHACHA20-POLY1305 skipped
>  + TestCase [ 9] : Read record known vector AES-GCM-128 succeeded
>  + TestCase [10] : Read record known vector AES-GCM-256 succeeded
>  + TestCase [11] : Read record known vector AES-128-CBC-SHA1 succeeded
>  + TestCase [12] : Read record known vector AES-128-CBC-SHA256 succeeded
>  + TestCase [13] : Read record known vector AES-256-CBC-SHA1 succeeded
>  + TestCase [14] : Read record known vector AES-256-CBC-SHA256 succeeded
>  + TestCase [15] : Read record known vector 3DES-CBC-SHA1-HMAC succeeded
> USER1: Cipher crypto capabilities not supported
>  + TestCase [16] : Read record known vector NULL-SHA1-HMAC skipped
> USER1: Crypto capabilities not supported
>  + TestCase [17] : Read record known vector CHACHA20-POLY1305 skipped
>         3des-cbc [192] sha1-hmac [20B ICV]
>         aes-cbc [128] sha1-hmac [20B ICV]
>         aes-cbc [128] sha2-256-hmac [32B ICV]
>         aes-cbc [256] sha1-hmac [20B ICV]
>         aes-cbc [256] sha2-256-hmac [32B ICV]
>  + TestCase [18] : Combined test alg list succeeded
>  + TestCase [19] : Multi-segmented mode succeeded
>  + ------------------------------------------------------- +
>  + Test Suite Summary : DTLS 1.2 Record Protocol Unit Test Suite
>  + ------------------------------------------------------- +
>  + Tests Total :       20
>  + Tests Skipped :      4
>  + Tests Executed :    20
>  + Tests Unsupported:   0
>  + Tests Passed :      16
>  + Tests Failed :       0
>  + ------------------------------------------------------- +
> 
> Akhil Goyal (3):
>   test/crypto: add TLS1.2 vectors
>   test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors
>   test/security: add TLS 1.2 and DTLS 1.2 vectors
> 
> Anoob Joseph (5):
>   test/crypto: move security caps checks to separate file
>   test/crypto: move algorithm display routines to common
>   test/security: add sha1-hmac to auth list
>   test/crypto: add TLS record tests
>   test/crypto: add verification of TLS headers
> 
> Tejasree Kondoj (2):
>   test/crypto: add AES-GCM 128 TLS 1.2 vector
>   test/crypto: add multi segmented cases
> 
> Vidya Sagar Velumuri (4):
>   test/crypto: move algorithm list to common
>   test/crypto: move algorithm framework to common
>   test/crypto: add combined mode cases
>   test/security: add more algos to combined tests
> 
>  app/test-security-perf/meson.build            |    1 +
>  app/test-security-perf/test_security_perf.c   |   35 +-
>  app/test/meson.build                          |    2 +
>  app/test/test_cryptodev.c                     |  596 ++++++-
>  app/test/test_cryptodev.h                     |    2 +
>  app/test/test_cryptodev_security_ipsec.c      |  164 +-
>  app/test/test_cryptodev_security_ipsec.h      |  157 +-
>  app/test/test_cryptodev_security_tls_record.c |  327 ++++
>  app/test/test_cryptodev_security_tls_record.h |  101 ++
>  ...yptodev_security_tls_record_test_vectors.h | 1584 +++++++++++++++++
>  app/test/test_security_inline_proto.c         |   42 +-
>  app/test/test_security_proto.c                |  154 ++
>  app/test/test_security_proto.h                |  186 ++
>  doc/guides/rel_notes/release_24_03.rst        |    4 +
>  14 files changed, 2960 insertions(+), 395 deletions(-)
>  create mode 100644 app/test/test_cryptodev_security_tls_record.c
>  create mode 100644 app/test/test_cryptodev_security_tls_record.h
>  create mode 100644
> app/test/test_cryptodev_security_tls_record_test_vectors.h
>  create mode 100644 app/test/test_security_proto.c
>  create mode 100644 app/test/test_security_proto.h
> 
Series Acked-by: Akhil Goyal <gakhil@marvell.com>

RE: [PATCH 00/14] Add TLS record test suite

[Akhil Goyal]

> Subject: RE: [PATCH 00/14] Add TLS record test suite
> 
> > Subject: [PATCH 00/14] Add TLS record test suite
> >
> > Add TLS record test suite in cryptodev autotest framework. The test
> > suite would run based on capabilities exposed by the cryptodev.
> >
> > The test suite framework is similar to the framework used in case of
> > IPsec tests. To avoid duplication of code, protocol independent code
> > is moved to common files and the functions are renamed accordingly.
> >
> > TLS record test suite has known vector tests as well as combined mode
> > tests. Known vector tests leverages vectors generated with kTLS and
> > gnuTLS utilities. The test suite supports testing both operations (read
> > or decrypt, write or encrypt) with a single vector. Write or encrypt
> > test would get skipped if cryptodev doesn't support disabling of IV
> > generation. Combined mode tests are targetted at testing protocol
> > features with all combinations of cipher-authentication algorithms.
> >
> > Combined mode performs record write operation first and feeds that back
> > to record read operation. Individual test cases may update the input to
> > record write operation based on the test case and the test framework
> > validates the output obtained (not complete text, but protocol specific
> > fields such as TLS header). Once it is validated, the output will be
> > submitted for record read operation which would give back the original
> > data. Currently this framework supports testing of multi-segmented mbuf
> > as input with TLS record. The same would be enhanced to support more
> > cases such as ICV corruption, incorrect padding etc.
> >
> > Enhancements planned for future,
> > - Add TLS 1.3 suite
> > - Add negative tests such as ICV corruption and incorrect padding
> > - Add session expiry tests
> > - Add anti-replay tests with DTLS
> >
> >  Sample output with crypto_cn10k:
> >
> >  + ------------------------------------------------------- +
> > [67/18944]
> >  + ------------------------------------------------------- +
> >  + Test Suite : TLS 1.2 Record Protocol Unit Test Suite
> >  + ------------------------------------------------------- +
> >  + TestCase [ 0] : Write record known vector AES-GCM-128 (vector 1)
> succeeded
> >  + TestCase [ 1] : Write record known vector AES-GCM-128 (vector 2)
> succeeded
> >  + TestCase [ 2] : Write record known vector AES-GCM-256 succeeded
> >  + TestCase [ 3] : Write record known vector AES-CBC-128-SHA1 succeeded
> >  + TestCase [ 4] : Write record known vector AES-128-CBC-SHA256 succeeded
> >  + TestCase [ 5] : Write record known vector AES-256-CBC-SHA1 succeeded
> >  + TestCase [ 6] : Write record known vector AES-256-CBC-SHA256 succeeded
> >  + TestCase [ 7] : Write record known vector 3DES-CBC-SHA1-HMAC
> succeeded
> > USER1: Cipher crypto capabilities not supported
> >  + TestCase [ 8] : Write record known vector NULL-SHA1-HMAC skipped
> > USER1: Crypto capabilities not supported
> >  + TestCase [ 9] : Write record known vector CHACHA20-POLY1305 skipped
> >  + TestCase [10] : Read record known vector AES-GCM-128 (vector 1)
> succeeded
> >  + TestCase [11] : Read record known vector AES-GCM-128 (vector 2)
> succeeded
> >  + TestCase [12] : Read record known vector AES-GCM-256 succeeded
> >  + TestCase [13] : Read record known vector AES-128-CBC-SHA1 succeeded
> >  + TestCase [14] : Read record known vector AES-128-CBC-SHA256 succeeded
> >  + TestCase [15] : Read record known vector AES-256-CBC-SHA1 succeeded
> >  + TestCase [16] : Read record known vector AES-256-CBC-SHA256 succeeded
> >  + TestCase [17] : Read record known vector 3DES-CBC-SHA1-HMAC
> succeeded
> > USER1: Cipher crypto capabilities not supported
> >  + TestCase [18] : Read record known vector NULL-SHA1-HMAC skipped
> > USER1: Crypto capabilities not supported
> >  + TestCase [19] : Read record known vector CHACHA20-POLY1305 skipped
> >         3des-cbc [192] sha1-hmac [20B ICV]
> >         aes-cbc [128] sha1-hmac [20B ICV]
> >         aes-cbc [128] sha2-256-hmac [32B ICV]
> >         aes-cbc [256] sha1-hmac [20B ICV]
> >         aes-cbc [256] sha2-256-hmac [32B ICV]
> >  + TestCase [20] : Combined test alg list succeeded
> >  + TestCase [21] : Multi-segmented mode succeeded
> >  + ------------------------------------------------------- +
> >  + Test Suite Summary : TLS 1.2 Record Protocol Unit Test Suite
> >  + ------------------------------------------------------- +
> >  + Tests Total :       22
> >  + Tests Skipped :      4
> >  + Tests Executed :    22
> >  + Tests Unsupported:   0
> >  + Tests Passed :      18
> >  + Tests Failed :       0
> >  + ------------------------------------------------------- +
> >  + ------------------------------------------------------- +
> >  + Test Suite : DTLS 1.2 Record Protocol Unit Test Suite
> >  + ------------------------------------------------------- +
> >  + TestCase [ 0] : Write record known vector AES-GCM-128 succeeded
> >  + TestCase [ 1] : Write record known vector AES-GCM-256 succeeded
> >  + TestCase [ 2] : Write record known vector AES-128-CBC-SHA1 succeeded
> >  + TestCase [ 3] : Write record known vector AES-128-CBC-SHA256 succeeded
> >  + TestCase [ 4] : Write record known vector AES-256-CBC-SHA1 succeeded
> >  + TestCase [ 5] : Write record known vector AES-256-CBC-SHA256 succeeded
> >  + TestCase [ 6] : Write record known vector 3DES-CBC-SHA1-HMAC
> succeeded
> > USER1: Cipher crypto capabilities not supported
> >  + TestCase [ 7] : Write record known vector NULL-SHA1-HMAC skipped
> > USER1: Crypto capabilities not supported
> >  + TestCase [ 8] : Write record known vector CHACHA20-POLY1305 skipped
> >  + TestCase [ 9] : Read record known vector AES-GCM-128 succeeded
> >  + TestCase [10] : Read record known vector AES-GCM-256 succeeded
> >  + TestCase [11] : Read record known vector AES-128-CBC-SHA1 succeeded
> >  + TestCase [12] : Read record known vector AES-128-CBC-SHA256 succeeded
> >  + TestCase [13] : Read record known vector AES-256-CBC-SHA1 succeeded
> >  + TestCase [14] : Read record known vector AES-256-CBC-SHA256 succeeded
> >  + TestCase [15] : Read record known vector 3DES-CBC-SHA1-HMAC
> succeeded
> > USER1: Cipher crypto capabilities not supported
> >  + TestCase [16] : Read record known vector NULL-SHA1-HMAC skipped
> > USER1: Crypto capabilities not supported
> >  + TestCase [17] : Read record known vector CHACHA20-POLY1305 skipped
> >         3des-cbc [192] sha1-hmac [20B ICV]
> >         aes-cbc [128] sha1-hmac [20B ICV]
> >         aes-cbc [128] sha2-256-hmac [32B ICV]
> >         aes-cbc [256] sha1-hmac [20B ICV]
> >         aes-cbc [256] sha2-256-hmac [32B ICV]
> >  + TestCase [18] : Combined test alg list succeeded
> >  + TestCase [19] : Multi-segmented mode succeeded
> >  + ------------------------------------------------------- +
> >  + Test Suite Summary : DTLS 1.2 Record Protocol Unit Test Suite
> >  + ------------------------------------------------------- +
> >  + Tests Total :       20
> >  + Tests Skipped :      4
> >  + Tests Executed :    20
> >  + Tests Unsupported:   0
> >  + Tests Passed :      16
> >  + Tests Failed :       0
> >  + ------------------------------------------------------- +
> >
> > Akhil Goyal (3):
> >   test/crypto: add TLS1.2 vectors
> >   test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors
> >   test/security: add TLS 1.2 and DTLS 1.2 vectors
> >
> > Anoob Joseph (5):
> >   test/crypto: move security caps checks to separate file
> >   test/crypto: move algorithm display routines to common
> >   test/security: add sha1-hmac to auth list
> >   test/crypto: add TLS record tests
> >   test/crypto: add verification of TLS headers
> >
> > Tejasree Kondoj (2):
> >   test/crypto: add AES-GCM 128 TLS 1.2 vector
> >   test/crypto: add multi segmented cases
> >
> > Vidya Sagar Velumuri (4):
> >   test/crypto: move algorithm list to common
> >   test/crypto: move algorithm framework to common
> >   test/crypto: add combined mode cases
> >   test/security: add more algos to combined tests
> >
> >  app/test-security-perf/meson.build            |    1 +
> >  app/test-security-perf/test_security_perf.c   |   35 +-
> >  app/test/meson.build                          |    2 +
> >  app/test/test_cryptodev.c                     |  596 ++++++-
> >  app/test/test_cryptodev.h                     |    2 +
> >  app/test/test_cryptodev_security_ipsec.c      |  164 +-
> >  app/test/test_cryptodev_security_ipsec.h      |  157 +-
> >  app/test/test_cryptodev_security_tls_record.c |  327 ++++
> >  app/test/test_cryptodev_security_tls_record.h |  101 ++
> >  ...yptodev_security_tls_record_test_vectors.h | 1584 +++++++++++++++++
> >  app/test/test_security_inline_proto.c         |   42 +-
> >  app/test/test_security_proto.c                |  154 ++
> >  app/test/test_security_proto.h                |  186 ++
> >  doc/guides/rel_notes/release_24_03.rst        |    4 +
> >  14 files changed, 2960 insertions(+), 395 deletions(-)
> >  create mode 100644 app/test/test_cryptodev_security_tls_record.c
> >  create mode 100644 app/test/test_cryptodev_security_tls_record.h
> >  create mode 100644
> > app/test/test_cryptodev_security_tls_record_test_vectors.h
> >  create mode 100644 app/test/test_security_proto.c
> >  create mode 100644 app/test/test_security_proto.h
> >
> Series Acked-by: Akhil Goyal <gakhil@marvell.com>

Applied to dpdk-next-crypto
Thanks.