From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 0D91A58CB for ; Thu, 28 Jul 2016 08:50:58 +0200 (CEST) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga101.jf.intel.com with ESMTP; 27 Jul 2016 23:50:58 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,433,1464678000"; d="scan'208";a="855006965" Received: from shvmail01.sh.intel.com ([10.239.29.42]) by orsmga003.jf.intel.com with ESMTP; 27 Jul 2016 23:50:56 -0700 Received: from shecgisg003.sh.intel.com (shecgisg003.sh.intel.com [10.239.29.90]) by shvmail01.sh.intel.com with ESMTP id u6S6osr7026747; Thu, 28 Jul 2016 14:50:54 +0800 Received: from shecgisg003.sh.intel.com (localhost [127.0.0.1]) by shecgisg003.sh.intel.com (8.13.6/8.13.6/SuSE Linux 0.8) with ESMTP id u6S6oqPX011268; Thu, 28 Jul 2016 14:50:54 +0800 Received: (from zhaoyanc@localhost) by shecgisg003.sh.intel.com (8.13.6/8.13.6/Submit) id u6S6oq3U011264; Thu, 28 Jul 2016 14:50:52 +0800 From: "Chen, Zhaoyan" To: dts@dpdk.org Cc: "Chen, Zhaoyan" Date: Thu, 28 Jul 2016 14:50:27 +0800 Message-Id: <1469688627-11232-1-git-send-email-zhaoyan.chen@intel.com> X-Mailer: git-send-email 1.7.4.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: [dts] =?utf-8?q?=5BPATCH_v2=5D_tests=3A_Add_l2fwd=5Fcrypto_test_p?= =?utf-8?q?lan_and_test_suite?= X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2016 06:51:00 -0000 From: "Chen, Zhaoyan" This suite will verify the cryptodev library via dpdk l2fwd, tests will cover all supported PMDs and Algorithms. --- test_plans/l2fwd_crypto_test_plan.rst | 462 ++++++++++++++++++++ tests/TestSuite_l2fwd_crypto.py | 774 ++++++++++++++++++++++++++++++++++ 2 files changed, 1236 insertions(+) create mode 100644 test_plans/l2fwd_crypto_test_plan.rst create mode 100644 tests/TestSuite_l2fwd_crypto.py diff --git a/test_plans/l2fwd_crypto_test_plan.rst b/test_plans/l2fwd_crypto_test_plan.rst new file mode 100644 index 0000000..1492df7 --- /dev/null +++ b/test_plans/l2fwd_crypto_test_plan.rst @@ -0,0 +1,462 @@ +.. Copyright (c) 2010,2011 Intel Corporation + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + - Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + - Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + - Neither the name of Intel Corporation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +============================================== +Testing of CryptoDev in DPDK +============================================== + + +Description +=========== + +This document provides the plan for testing CryptoDev API. CryptoDev API +provides the ability to do encryption/decryption by integrating QAT(Intel® QuickAssist +Technology) into DPDK. The QAT provides poll mode crypto driver support for +Intel® QuickAssist Adapter 8950 hardware accelerator. + +The testing of CrytpoDev API should be tested under either Intel QuickAssist Technology DH895xxC hardware +accelerator or AES-NI library. + +AES-NI algorithm table +The table below contains AES-NI Algorithms with CryptoDev API. +Part of the algorithms are not supported currently. + ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ +|Algorithm| Mode | Detail | +| | | ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ +| AES | CBC | Encrypt/Decrypt;Key size: 128, 192, 256 bits | ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ +| SHA | | SHA-1, SHA-224, SHA-384, SHA-256, SHA-512 | ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ +| HMAC | | Support SHA implementations SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; | +| | | Key Size versus Block size support: Key Size must be <= block size; | +| | | Mac Len Supported SHA-1 10, 12, 16, 20 bytes; | +| | | Mac Len Supported SHA-256 16, 24, 32 bytes; | +| | | Mac Len Supported SHA-384 24,32, 40, 48 bytes; | +| | | Mac Len Supported SHA-512 32, 40, 48, 56, 64 bytes; | ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ + +QAT algorithm table: +The table below contains Cryptographic Algorithm Validation with CryptoDev API. +Part of the algorithms are not supported currently. + ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ +|Algorithm| Mode | Detail | +| | | ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ +| AES | CBC | Encrypt/Decrypt;Key size: 128, 192, 256 bits | ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ +| SHA | | SHA-1, SHA-224, SHA-256, SHA-512 | ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ +| HMAC | | Support SHA implementations SHA-1, SHA-224, SHA-256, SHA-512; | +| | | Key Size versus Block size support: Key Size must be <= block size; | +| | | Mac Len Supported SHA-1 10, 12, 16, 20 bytes; | +| | | Mac Len Supported SHA-224 14,16,20,24,28 bytes; | +| | | Mac Len Supported SHA-256 16, 24, 32 bytes; | +| | | Mac Len Supported SHA-384 24,32, 40, 48 bytes; | +| | | Mac Len Supported SHA-512 32, 40, 48, 56, 64 bytes; | ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ +| GCM | | Key Sizes:128, 192, 256 bits; | +| | | Associated Data Length: 0 ~ 240 bytes; | +| | | Payload Length: 0 ~ (2^32 -1) bytes; | +| | | IV source: external; | +| | | IV Lengths: 96 bits; | +| | | Tag Lengths: 8, 12, 16 bytes; | ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ +| Snow3G | UEA2 | Encrypt/Decrypt; Key size: 128 | ++ +---------+---------+---------+----------+----------+----------+----------+----------+----------+ +| | UIA2 | Encrypt/Decrypt; Key size: 128 | ++---------+---------+---------+---------+----------+----------+----------+----------+----------+----------+ + +Limitations +============= +* Chained mbufs are not supported. +* Hash only is not supported. +* Cipher only is not supported (except Snow3g). +* Only in-place is currently supported (destination address is the same as source address). +* Only supports the session-oriented API implementation by QAT. Support session-oriented and session-less APIs with AES-NI. +* Not performance tuned. + +Prerequisites +============= +To test CryptoDev API, an example l2fwd-crypto is added into DPDK. + +The test commands of l2fwd-crypto is below:: + * ./examples/l2fwd-crypto/build/app/l2fwd-crypto -n 4 -c COREMASK -- -p PORTMASK -q NQ --cdev (AESNI_MB|QAT) --chain (HASH_CIPHER|CIPHER_HASH) --cipher_algo (ALGO) --cipher_op (ENCRYPT|DECRYPT) --cipher_key (key_value) --iv (key_value) --auth_algo (ALGO) --auth_op (GENERATE|VERIFY) --auth_key (key_value) --sessionless + +The operation of l2fwd-crypto are in 2 ways. +* For method CIPHER_HASH, the l2fwd-crypto will encrypt payload in packet first. +Then do authentification for the encrypted data. +* For method HASH_CIPHER, the l2fwd-crypto will authenticate payload in packet first. +Then do encryption for the encrypted data. + +To do the function test, scapy can be used as traffic generator. +To do the performance test, traffic generator can be hardware equipment or +software traffic generator. + +The CryptoDev API supports Fedora or FreeBSD. + +QAT/AES-NI installation +========================== +If CryptoDev needs to use QAT to do encryption/decryption, QAT should be installed +correctly. The steps how to install QAT is described in DPDK code directory +dpdk/doc/guides/cryptodevs/qat.rst. + +Once the driver is loaded, the software versions may be checked for each ‘dh89xxCC_devX’ device as follows: + more /proc/icp_dh895xcc_dev0/version + + +--------------------------------------------------+ + | Hardware and Software versions for device 0 | + +--------------------------------------------------+ + |Hardware Version: A0 SKU4 | + |Firmware Version: 2.3.0 | + |MMP Version: 1.0.0 | + |Driver Version: 2.3.0 | + |Lowest Compatible Driver: 2.3 | + |QuickAssist API CY Version: 1.8 | + |QuickAssist API DC Version: 1.4 | + +--------------------------------------------------+ + +If CryptoDev needs to use AES-NI to do encryption/decryption, AES-NI library should be install +correctly. The steps how to use AES-NI libary is described in DPDK code directory +dpdk/doc/guides/cryptodevs/aesni_mb.rst. + +Test case: Configuration test +==================================================== +CryptoDev API supports different configuration. +This test tests different configuration with CrptoDev API. + +Test case: CrytoDev Unit test +==================================================== +The CrytoDev API has Unit test cases to support basic API level testing. + +Compile Unit test + cd isg_cid-dpdk_org/app/test + make + +Sub-case: AES-NI test case +------------------------------------------------------ +run ./test -c 0xf -n 2 -- -i +>>cryptodev_aesni_autotest + + +Sub-case: QAT test case +------------------------------------------------------ +run ./test -c 0xf -n 2 -- -i +>>cryptodev_qat_autotest + +Test case: CryptoDev Function test +==================================================== +For function test, the DUT forward UDP packets generated by scapy. + +After sending single packet from Scapy, Crytpodev function encrypt/decrypt the +payload in packet by using algorithm setting in command. The l2fwd-crypto +forward the packet back to tester. +Use TCPDump to capture the received packet on tester. Then tester parses the payload +and compare the payload with correct answer pre-stored in scripts. ++----------+ +----------+ +| | | | +| | --------------> | | +| Tester | | DUT | +| | | | +| | <-------------> | | ++----------+ +----------+ + +Sub-case: AES-NI test case +------------------------------------------------------ +Cryptodev AES-NI algorithm validation matrix is showed in table below. ++-------------+-------------+-------------+-------------+-------------+-------------+ +| Method | Cipher_algo | Cipher_op | Cipyer_key | Auth_algo | Auth_op | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA512_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | XCBC_MAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | MD5_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA224_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA512_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | AES_XCMC_MAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA224_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ + +Sub-case: QAT AES test case +------------------------------------------------------ +Cryptodev QAT AES algorithm validation matrix is showed in table below. + ++-------------+-------------+-------------+-------------+-------------+-------------+ +| Method | Cipher_algo | Cipher_op | Cipyer_key | Auth_algo | Auth_op | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA512_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | XCBC_MAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | MD5_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA224_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA512_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | AES_XCMC_MAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA224_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ + +Sub-case: QAT GCM test case +------------------------------------------------------ +Cryptodev GCM algorithm validation matrix is showed in table below. ++-------------+-------------+-------------+-------------+-------------+-------------+ +| Method | Cipher_algo | Cipher_op | Cipyer_key | Auth_algo | Auth_op | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 128 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 128 | SHA512_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 128 | XCBC_MAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | MD5_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA224_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA512_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | AES_XCMC_MAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA224_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ + +Sub-case: AES-NI GCM test case +------------------------------------------------------ +Cryptodev GCM algorithm validation matrix is showed in table below. ++-------------+-------------+-------------+-------------+-------------+-------------+ +| Method | Cipher_algo | Cipher_op | Cipyer_key | Auth_algo | Auth_op | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 128 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 128 | SHA512_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_GCM | ENCRYPT | 128 | XCBC_MAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | MD5_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA224_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA512_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | AES_XCMC_MAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_GCM | ENCRYPT | 128 | SHA224_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ + + +Sub-case: QAT Snow3G test case +------------------------------------------------------ +Cryptodev Snow3G algorithm validation matrix is showed in table below. +Cipher only, hash-only and chaining functionality is supported for Snow3g. ++-------------+-------------+-------------+-------------+ +| Method | Cipher_algo | Cipher_op | Cipyer_key | ++-------------+-------------+-------------+-------------+ +| CIPHER | ECB | ENCRYPT | 128 | ++-------------+-------------+-------------+-------------+ + + +Test case: CryptoDev performance test +======================================= +For performance test, the DUT forward UDP packets generated by traffic generator. +Also, queue and core number should be set into maximun number. ++----------+ +----------+ +| | | | +| | --------------> | | +| IXIA | | DUT | +| | | | +| | <-------------> | | ++----------+ +----------+ + +CryptoDev performance should be measured from different aspects ad below. ++-------+---------+---------+---------+----------+----------+ +| Frame | 1S/1C/1T| 1S/1C/1T| 1S/2C/1T| 1S/2C/2T | 1S/2C/2T | +| Size | | | | | | ++-------+---------+---------+---------+----------+----------+ +| 64 | | | | | | ++-------+---------+---------+---------+----------+----------+ +| 65 | | | | | | ++-------+---------+---------+---------+----------+----------+ +| 128 | | | | | | ++-------+---------+---------+---------+----------+----------+ +| 256 | | | | | | ++-------+---------+---------+---------+----------+----------+ +| 512 | | | | | | ++-------+---------+---------+---------+----------+----------+ +| 1024 | | | | | | ++-------+---------+---------+---------+----------+----------+ +| 1280 | | | | | | ++-------+---------+---------+---------+----------+----------+ +| 1518 | | | | | | ++-------+---------+---------+---------+----------+----------+ + +Sub-case: AES-NI test case +------------------------------------------------------ ++-------------+-------------+-------------+-------------+-------------+-------------+ +| Method | Cipher_algo | Cipher_op | Cipyer_key | Auth_algo | Auth_op | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | MD5_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA224_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA512_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ + +Sub-case: QAT AES test case +------------------------------------------------------ ++-------------+-------------+-------------+-------------+-------------+-------------+ +| Method | Cipher_algo | Cipher_op | Cipyer_key | Auth_algo | Auth_op | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| CIPHER_HASH | AES_CBC | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | MD5_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 192 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 256 | SHA1_HMAC | GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA224_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA256_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA384_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ +| HASH_CIPHER | AES_CBC | ENCRYPT | 128 | SHA512_HMAC| GENERATE | ++-------------+-------------+-------------+-------------+-------------+-------------+ diff --git a/tests/TestSuite_l2fwd_crypto.py b/tests/TestSuite_l2fwd_crypto.py new file mode 100644 index 0000000..0d6a52a --- /dev/null +++ b/tests/TestSuite_l2fwd_crypto.py @@ -0,0 +1,774 @@ +# BSD LICENSE +# +# Copyright(c) 2010-2014 Intel Corporation. All rights reserved. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import dts +import time + +from test_case import TestCase + + +class TestL2fwdCrypto(TestCase): + + def set_up_all(self): + + self.core_config = "1S/4C/1T" + self.number_of_ports = 2 + self.dut_ports = self.dut.get_ports(self.nic) + self.verify(len(self.dut_ports) >= self.number_of_ports, + "Not enough ports for " + self.nic) + self.ports_socket = self.dut.get_numa_id(self.dut_ports[0]) + + self.logger.info("core config = " + self.core_config) + self.logger.info("number of ports = " + str(self.number_of_ports)) + self.logger.info("dut ports = " + str(self.dut_ports)) + self.logger.info("ports_socket = " + str(self.ports_socket)) + + self.core_mask = dts.create_mask(self.dut.get_core_list( + self.core_config, + socket=self.ports_socket)) + self.port_mask = dts.create_mask([self.dut_ports[0], + self.dut_ports[1]]) + + self.tx_port = self.tester.get_local_port(self.dut_ports[0]) + self.rx_port = self.tester.get_local_port(self.dut_ports[1]) + + self.tx_interface = self.tester.get_interface(self.tx_port) + self.rx_interface = self.tester.get_interface(self.rx_port) + + self.logger.info("core mask = " + self.core_mask) + self.logger.info("port mask = " + self.port_mask) + self.logger.info("tx interface = " + self.tx_interface) + self.logger.info("rx interface = " + self.rx_interface) + + # Rebuild the dpdk with cryptodev pmds + self.dut.send_expect("export AESNI_MULTI_BUFFER_LIB_PATH=/root/ipsec_043/code/", "#") + self.dut.send_expect("export LIBSSO_SNOW3G_PATH=/root/libsso_snow3g/snow3g/", "#") + self.dut.send_expect("export LIBSSO_KASUMI_PATH=/root/LibSSO_0_3_1/isg_cid-wireless_libs/ciphers/kasumi/", "#") + self.dut.send_expect("sed -i 's/CONFIG_RTE_LIBRTE_PMD_QAT=n$/CONFIG_RTE_LIBRTE_PMD_QAT=y/' config/common_base", "# ") + self.dut.send_expect("sed -i 's/CONFIG_RTE_LIBRTE_PMD_AESNI_GCM=n$/CONFIG_RTE_LIBRTE_PMD_AESNI_GCM=y/' config/common_base", "# ") + self.dut.send_expect("sed -i 's/CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO=n$/CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO=y/' config/common_base", "# ") + self.dut.send_expect("sed -i 's/CONFIG_RTE_LIBRTE_PMD_SNOW3G=n$/CONFIG_RTE_LIBRTE_PMD_SNOW3G=y/' config/common_base", "# ") + self.dut.send_expect("sed -i 's/CONFIG_RTE_LIBRTE_PMD_KASUMI=n$/CONFIG_RTE_LIBRTE_PMD_KASUMI=y/' config/common_base", "# ") + self.dut.build_install_dpdk(self.dut.target) + + # l2fwd-crypto compile + out = self.dut.build_dpdk_apps("./examples/l2fwd-crypto") + self.verify("Error" not in out, "Compilation error") + self.verify("No such" not in out, "Compilation error") + + # Bind QAT VF devices + out = self.dut.send_expect("lspci -d:443|awk '{print $1}'", "# ", 10) + self.dut.send_expect('echo "8086 0443" > /sys/bus/pci/drivers/igb_uio/new_id', "# ", 10) + for line in out.replace("\r", "\n").replace("\n\n", "\n").split("\n"): + cmd = "echo 0000:{} > /sys/bus/pci/devices/0000\:{}/driver/unbind".format(line, line.replace(":", "\:")) + self.dut.send_expect(cmd, "# ", 10) + cmd = "echo 0000:{} > /sys/bus/pci/drivers/igb_uio/bind".format(line) + self.dut.send_expect(cmd, "# ", 10) + + def set_up(self): + pass + + def test_qat_AES(self): + + result = True + + self.logger.info("Test qat_c_AES_CBC_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "qat_c_AES_CBC_01"): + result = False + + self.logger.info("Test qat_c_AES_CTR_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "qat_c_AES_CTR_01"): + result = False + + self.logger.info("Test qat_c_AES_GCM_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "qat_c_AES_GCM_01"): + result = False + + self.verify(result, True) + + def test_qat_SHA(self): + + result = True + + self.logger.info("Test qat_h_SHA1_HMAC_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "qat_h_SHA1_HMAC_01"): + result = False + + self.logger.info("Test qat_h_SHA256_HMAC_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "qat_h_SHA256_HMAC_01"): + result = False + + self.logger.info("Test qat_h_SHA512_HMAC_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "qat_h_SHA512_HMAC_01"): + result = False + + self.verify(result, True) + + def test_qat_AES_XCBC_MAC(self): + + result = True + + self.logger.info("Test qat_h_AES_XCBC_MAC_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "qat_h_AES_XCBC_MAC_01"): + result = False + + self.verify(result, True) + + def test_qat_SNOW3G(self): + + result = True + + self.logger.info("Test qat_c_UEA2_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "qat_c_UEA2_01"): + result = False + + self.logger.info("Test qat_h_UIA2_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "qat_h_UIA2_01"): + result = False + + self.verify(result, True) + + def test_qat_AES_GCM_AES_GCM(self): + + result = True + + self.logger.info("Test qat_ch_AES_GCM_AES_GCM_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "qat_ch_AES_GCM_AES_GCM_01"): + result = False + + self.verify(result, True) + + def test_aesni_AES_GCM_AES_GCM(self): + + result = True + + self.logger.info("Test aesni_ch_AES_GCM_AES_GCM_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "aesni_ch_AES_GCM_AES_GCM_01"): + result = False + + self.verify(result, True) + + def test_kasumi_KASUMI(self): + + result = True + + self.logger.info("Test kasumi_c_F8_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "kasumi_c_F8_01"): + result = False + + self.logger.info("Test kasumi_h_F9_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "kasumi_h_F9_01"): + result = False + + self.verify(result, True) + + def test_null_NULL(self): + + result = True + + self.logger.info("Test null_c_NULL_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "null_c_NULL_01"): + result = False + + self.verify(result, True) + + def test_snow3g_SNOW3G(self): + + result = True + + self.logger.info("Test snow3g_c_UEA2_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "snow3g_c_UEA2_01"): + result = False + + self.logger.info("Test snow3g_h_UIA2_01") + if not self.__execute_l2fwd_crypto_test( + test_vectors, "snow3g_h_UIA2_01"): + result = False + + self.verify(result, True) + + def __execute_l2fwd_crypto_test(self, test_vectors, test_vector_name): + + if test_vector_name not in test_vectors: + self.logger.warn("SKIP : " + test_vector_name) + return True + + test_vector = test_vectors[test_vector_name] + + result = True + cmd_str = self.__test_vector_to_cmd(test_vector, + core_mask=self.core_mask, + port_mask=self.port_mask) + + self.dut.send_expect(cmd_str, "==", 30) + + self.tester.send_expect("rm -rf %s.pcap" % (self.rx_interface), "#") + self.tester.send_expect("tcpdump -w %s.pcap -i %s &" % (self.rx_interface, self.rx_interface), "#") + # Wait 5 sec for tcpdump stable + time.sleep(5) + + payload = self.__format_hex_to_param(test_vector["input"], "\\x", "\\x") + + PACKET_COUNT = 65 + + self.tester.scapy_foreground() + self.tester.scapy_append('sendp([Ether(src="52:00:00:00:00:00")/IP(src="192.168.1.1",dst="192.168.1.2")/Raw(load=\"%s\")], iface="%s", count=%s)' % (payload, self.tx_interface, PACKET_COUNT)) + + self.tester.scapy_execute() + + time.sleep(5) + + self.tester.send_expect("killall tcpdump", "#") + self.tester.send_expect("^C", "#") + + # Wait 5 secs for tcpdump exit + time.sleep(5) + + self.tester.send_expect("scapy", ">>>") + self.tester.send_expect("p=rdpcap('%s.pcap', count=%s)" % (self.rx_interface, PACKET_COUNT), ">>>") + + hex_list = [] + for i in range(PACKET_COUNT): + cmd = "linehexdump(p[%s],onlyhex=1)" % i + hex_list.append(self.tester.send_expect(cmd, ">>>")) + + # Exit the scapy + self.tester.send_expect("exit()", "#", 60) + + for hex_str in hex_list: + packet_hex = hex_str.split(" ") + # self.logger.info(hex_str) + # self.logger.info(packet_hex) + + cipher_offset = 34 + cipher_length = len(test_vector["output_cipher"])/2 + if cipher_length == 0: + cipher_length = len(test_vector["input"])/2 + cipher_text = "".join(packet_hex[cipher_offset:cipher_offset+cipher_length]) + # self.logger.info("Cipher text in packet = " + cipher_text) + # self.logger.info("Ref Cipher text = " + test_vector["output_cipher"]) + if str.lower(cipher_text) == str.lower(test_vector["output_cipher"]): + self.logger.info("Cipher Matched.") + else: + if test_vector["output_cipher"] != "": + result = False + self.logger.info("Cipher NOT Matched.") + self.logger.info("Cipher text in packet = " + cipher_text) + self.logger.info("Ref Cipher text = " + test_vector["output_cipher"]) + else: + self.logger.info("Skip Cipher, Since no cipher text set") + + hash_offset = cipher_offset + cipher_length + hash_length = len(test_vector["output_hash"])/2 + if hash_length != 0: + hash_text = "".join(packet_hex[hash_offset:hash_offset+hash_length]) + # self.logger.info("Hash text in packet = " + hash_text) + # self.logger.info("Ref Hash text = " + test_vector["output_hash"]) + if str.lower(hash_text) == str.lower(test_vector["output_hash"]): + self.logger.info("Hash Matched") + else: + result = False + self.logger.info("Hash NOT Matched") + self.logger.info("Hash text in packet = " + hash_text) + self.logger.info("Ref Hash text = " + test_vector["output_hash"]) + else: + self.logger.info("Skip Hash, Since no hash text set") + + # Close l2fwd-crypto + # self.dut.send_expect("killall -9 l2fwd-crypto", "# ", 15) + self.dut.send_expect("^C", "# ", 15) + + if result: + self.logger.info("PASSED") + else: + self.logger.info("FAILED") + + return result + + def tear_down(self): + pass + + def tear_down_all(self): + self.dut.send_expect("sed -i 's/CONFIG_RTE_LIBRTE_PMD_QAT=y$/CONFIG_RTE_LIBRTE_PMD_QAT=n/' config/common_base", "# ") + self.dut.send_expect("sed -i 's/CONFIG_RTE_LIBRTE_PMD_AESNI_GCM=y$/CONFIG_RTE_LIBRTE_PMD_AESNI_GCM=n/' config/common_base", "# ") + self.dut.send_expect("sed -i 's/CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO=y$/CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO=n/' config/common_base", "# ") + self.dut.send_expect("sed -i 's/CONFIG_RTE_LIBRTE_PMD_SNOW3G=y$/CONFIG_RTE_LIBRTE_PMD_SNOW3G=n/' config/common_base", "# ") + self.dut.send_expect("sed -i 's/CONFIG_RTE_LIBRTE_PMD_KASUMI=y$/CONFIG_RTE_LIBRTE_PMD_KASUMI=n/' config/common_base", "# ") + + def __test_vector_to_cmd(self, test_vector, core_mask="", port_mask=""): + L2FWD_CRYPTO_APP = "./examples/l2fwd-crypto/build/app/l2fwd-crypto" + EAL_CORE_MASK = " -cf" if core_mask == "" else " -c" + core_mask + EAL_MM_CHANNEL = " -n4" + EAL_SEP = " --" + PORT_MASK = "" if port_mask == "" else " -p" + port_mask + QUEUE_NUM = "" + + vdev = "" + if self.__check_field_in_vector(test_vector, "vdev"): + vdev = " --vdev " + test_vector["vdev"] + + chain = "" + if self.__check_field_in_vector(test_vector, "chain"): + chain = " --chain " + test_vector["chain"] + + cdev_type = "" + if self.__check_field_in_vector(test_vector, "cdev_type"): + cdev_type = " --cdev_type " + test_vector["cdev_type"] + + cipher_algo = "" + if self.__check_field_in_vector(test_vector, "cipher_algo"): + cipher_algo = " --cipher_algo " + test_vector["cipher_algo"] + + cipher_op = "" + if self.__check_field_in_vector(test_vector, "cipher_op"): + cipher_op = " --cipher_op " + test_vector["cipher_op"] + + cipher_key = "" + if self.__check_field_in_vector(test_vector, "cipher_key"): + cipher_key = " --cipher_key " + self.__format_hex_to_param(test_vector["cipher_key"]) + + iv = "" + if self.__check_field_in_vector(test_vector, "iv"): + iv = " --iv " + self.__format_hex_to_param(test_vector["iv"]) + + auth_algo = "" + if self.__check_field_in_vector(test_vector, "auth_algo"): + auth_algo = " --auth_algo " + test_vector["auth_algo"] + + auth_op = "" + if self.__check_field_in_vector(test_vector, "auth_op"): + auth_op = " --auth_op " + test_vector["auth_op"] + + auth_key = "" + if self.__check_field_in_vector(test_vector, "auth_key"): + auth_key = " --auth_key " + self.__format_hex_to_param(test_vector["auth_key"]) + + auth_key_random_size = "" + if self.__check_field_in_vector(test_vector, "auth_key_random_size"): + auth_key_random_size = " --auth_key_random_size " + test_vector["auth_key_random_size"] + + aad = "" + if self.__check_field_in_vector(test_vector, "aad"): + aad = " --aad " + self.__format_hex_to_param(test_vector["aad"]) + + aad_random_size = "" + if self.__check_field_in_vector(test_vector, "aad_random_size"): + aad_random_size = " --aad_random_size " + test_vector["aad_random_size"] + + cmd_str = "".join([L2FWD_CRYPTO_APP, EAL_CORE_MASK, EAL_MM_CHANNEL, vdev, vdev, EAL_SEP, + PORT_MASK, QUEUE_NUM, chain, cdev_type, cipher_algo, cipher_op, cipher_key, + iv, auth_algo, auth_op, auth_key, auth_key_random_size, aad, aad_random_size]) + + return cmd_str + + def __check_field_in_vector(self, test_vector, field_name): + if field_name in test_vector and test_vector[field_name]: + return True + return False + + def __format_hex_to_param(self, hex_str, sep=":", prefix=""): + if not hex_str: + return "" + if len(hex_str) == 1: + return prefix + "0" + hex_str + + result = prefix + hex_str[0:2] + for i in range(2, len(hex_str), 2): + if len(hex_str) < i + 2: + result = result + sep + "0" + hex_str[i:] + else: + result = result + sep + hex_str[i:i+2] + + return result + +test_vectors = { + + "qat_c_AES_CBC_01": { + "vdev": "", + "chain": "CIPHER_ONLY", + "cdev_type": "ANY", + "cipher_algo": "AES_CBC", + "cipher_op": "ENCRYPT", + "cipher_key": "000102030405060708090a0b0c0d0e0f", + "iv": "000102030405060708090a0b0c0d0e0f", + "auth_algo": "", + "auth_op": "", + "auth_key": "", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "96A702D1CC8DD6D625D971915FCE8C40B8C522042B7126D51BB204CECA048C13793B75FF84A4B524370A45534C2BC476", + "output_hash": "", + }, + + "qat_c_AES_CTR_01": { + "vdev": "", + "chain": "CIPHER_ONLY", + "cdev_type": "ANY", + "cipher_algo": "AES_CTR", + "cipher_op": "ENCRYPT", + "cipher_key": "000102030405060708090a0b0c0d0e0f", + "iv": "000102030405060708090a0b0c0d0e0f", + "auth_algo": "", + "auth_op": "", + "auth_key": "", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "1B851AA4507FE154E0D28549D742FB4B1372FD85770963878BCBEC1E5AB51ECD0B3C85A2000DB4E9ACD3D95CDD38FD56", + "output_hash": "", + }, + + "qat_c_AES_GCM_01": { + "vdev": "", + "chain": "CIPHER_ONLY", + "cdev_type": "ANY", + "cipher_algo": "AES_GCM", + "cipher_op": "ENCRYPT", + "cipher_key": "000102030405060708090a0b0c0d0e0f", + "iv": "000102030405060708090a0b0c0d0e0f", + "auth_algo": "", + "auth_op": "", + "auth_key": "", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "1b851aa4507fe154e0d28549d742fb4b1372fd85770963878bcbec1e5ab51ecd0b3c85a2000db4e9acd3d95cdd38fd56", + "output_hash": "", + }, + + "qat_h_SHA1_HMAC_01": { + "vdev": "", + "chain": "HASH_ONLY", + "cdev_type": "ANY", + "cipher_algo": "", + "cipher_op": "", + "cipher_key": "", + "iv": "", + "auth_algo": "SHA1_HMAC", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111100000000000000000000000000000000", + "output_cipher": "", + "output_hash": "12E2EF8B7EBFE556C73307B04E1E46D12BA34884" + }, + + "qat_h_SHA256_HMAC_01": { + "vdev": "", + "chain": "HASH_ONLY", + "cdev_type": "ANY", + "cipher_algo": "", + "cipher_op": "", + "cipher_key": "", + "iv": "", + "auth_algo": "SHA256_HMAC", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111100000000000000000000000000000000", + "output_cipher": "", + "output_hash": "AC9E0BA3A0716F4F4A2734B407BE28D6F276CE0472B827D6EE47B7E518C2BC0D" + }, + + "qat_h_SHA512_HMAC_01": { + "vdev": "", + "chain": "HASH_ONLY", + "cdev_type": "ANY", + "cipher_algo": "", + "cipher_op": "", + "cipher_key": "", + "iv": "", + "auth_algo": "SHA512_HMAC", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "output_cipher": "", + "output_hash": "C8917E7490FC2CFF0CFDD0509C1C0D711CD27FFDFAAEA375E123F25F7532D4FA7D02D95CD52FAC8A27E21B3F5F734241897A37BB8953C52FFADB3B605A864569" + }, + + "qat_h_AES_XCBC_MAC_01": { + "vdev": "", + "chain": "HASH_ONLY", + "cdev_type": "ANY", + "cipher_algo": "", + "cipher_op": "", + "cipher_key": "", + "iv": "", + "auth_algo": "AES_XCBC_MAC", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "", + "output_hash": "A7AD120ED744A9EC0618C0D9" + }, + + "qat_ch_AES_CBC_SHA1_HMAC_01": { + "vdev": "", + "chain": "CIPHER_HASH", + "cdev_type": "ANY", + "cipher_algo": "AES_CBC", + "cipher_op": "ENCRYPT", + "cipher_key": "000102030405060708090a0b0c0d0e0f", + "iv": "000102030405060708090a0b0c0d0e0f", + "auth_algo": "SHA1_HMAC", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "96A702D1CC8DD6D625D971915FCE8C40B8C522042B7126D51BB204CECA048C13793B75FF84A4B524370A45534C2BC476", + "output_hash": "2D6EFD5929812460E2DE34A1BD768F209C985143BA7333E8D59EFED291517EF7" + }, + + "qat_c_UEA2_01": { + "vdev": "", + "chain": "CIPHER_ONLY", + "cdev_type": "ANY", + "cipher_algo": "SNOW3G_UEA2", + "cipher_op": "ENCRYPT", + "cipher_key": "000102030405060708090a0b0c0d0e0f", + "iv": "000102030405060708090a0b0c0d0e0f", + "auth_algo": "", + "auth_op": "", + "auth_key": "", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "fa0d2ff5dbf973e7082b128396fbc2c1ff5721099a1eb82918e66c1fa1b8fd52ce1763963f73859595d89b0b8d3907a8", + "output_hash": "" + }, + + "qat_h_UIA2_01": { + "vdev": "", + "chain": "HASH_ONLY", + "cdev_type": "ANY", + "cipher_algo": "", + "cipher_op": "", + "cipher_key": "", + "iv": "", + "auth_algo": "SNOW3G_UIA2", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + "aad": "000102030405060708090a0b0c0d0e0f", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "", + "output_hash": "741D4316" + }, + + "snow3g_c_UEA2_01": { + "vdev": "cryptodev_snow3g_pmd,socket_id=1,max_nb_sessions=128", + "chain": "CIPHER_ONLY", + "cdev_type": "ANY", + "cipher_algo": "SNOW3G_UEA2", + "cipher_op": "ENCRYPT", + "cipher_key": "000102030405060708090a0b0c0d0e0f", + "iv": "000102030405060708090a0b0c0d0e0f", + "auth_algo": "", + "auth_op": "", + "auth_key": "", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "fa0d2ff5dbf973e7082b128396fbc2c1ff5721099a1eb82918e66c1fa1b8fd52ce1763963f73859595d89b0b8d3907a8", + "output_hash": "" + }, + + "snow3g_h_UIA2_01": { + "vdev": "cryptodev_snow3g_pmd,socket_id=1,max_nb_sessions=128", + "chain": "HASH_ONLY", + "cdev_type": "ANY", + "cipher_algo": "", + "cipher_op": "", + "cipher_key": "", + "iv": "", + "auth_algo": "SNOW3G_UIA2", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + "aad": "000102030405060708090a0b0c0d0e0f", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "", + "output_hash": "741D4316" + }, + + "kasumi_c_F8_01": { + "vdev": "cryptodev_kasumi_pmd,socket_id=1,max_nb_sessions=128", + "chain": "CIPHER_ONLY", + "cdev_type": "ANY", + "cipher_algo": "KASUMI_F8", + "cipher_op": "ENCRYPT", + "cipher_key": "000102030405060708090a0b0c0d0e0f", + "iv": "0001020304050607", + "auth_algo": "", + "auth_op": "", + "auth_key": "", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "ede654ff0caab546b654cd7a3b0a4199e957579214f45bd7e25fcbbda41e38fc885fbbd6195cf8e22905480191b2f861", + "output_hash": "" + }, + + "kasumi_h_F9_01": { + "vdev": "cryptodev_kasumi_pmd,socket_id=1,max_nb_sessions=128", + "chain": "HASH_ONLY", + "cdev_type": "ANY", + "cipher_algo": "", + "cipher_op": "", + "cipher_key": "", + "iv": "", + "auth_algo": "KASUMI_F9", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + # aad length min=8 max=8 + "aad": "0001020304050607", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "", + "output_hash": "D1C2BE1E" + }, + + "null_c_NULL_01": { + "vdev": "cryptodev_null_pmd,socket_id=1,max_nb_sessions=128", + "chain": "CIPHER_ONLY", + "cdev_type": "ANY", + "cipher_algo": "NULL", + "cipher_op": "ENCRYPT", + "cipher_key": "", + "iv": "", + "auth_algo": "", + "auth_op": "", + "auth_key": "", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_hash": "" + }, + + "qat_ch_AES_GCM_AES_GCM_01": { + "vdev": "", + "chain": "CIPHER_HASH", + "cdev_type": "ANY", + "cipher_algo": "AES_GCM", + "cipher_op": "ENCRYPT", + "cipher_key": "000102030405060708090a0b0c0d0e0f", + "iv": "000102030405060708090a0b0c0d0e0f", + "auth_algo": "AES_GCM", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + # aad length min=8 max=12 + "aad": "0001020304050607", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "1372fd85770963878bcbec1e5ab51ecd0b3c85a2000db4e9acd3d95cdd38fd565c1abac3884e8e167332357956a4c21f", + "output_hash": "00A2EBC33A8A1C8C" + }, + + "aesni_ch_AES_GCM_AES_GCM_01": { + "vdev": "cryptodev_aesni_gcm_pmd,socket_id=1,max_nb_sessions=128", + "chain": "CIPHER_HASH", + "cdev_type": "ANY", + "cipher_algo": "AES_GCM", + "cipher_op": "ENCRYPT", + "cipher_key": "000102030405060708090a0b0c0d0e0f", + "iv": "000102030405060708090a0b0c0d0e0f", + "auth_algo": "AES_GCM", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + # aad length min=8 max=12 + "aad": "0001020304050607", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "1372fd85770963878bcbec1e5ab51ecd0b3c85a2000db4e9acd3d95cdd38fd565c1abac3884e8e167332357956a4c21f", + "output_hash": "00A2EBC33A8A1C8C" + }, + + "aesni_ch_AES_CBC_SHA1_HMAC_01": { + "vdev": "cryptodev_aesni_mb_pmd,socket_id=1,max_nb_sessions=128", + "chain": "CIPHER_HASH", + "cdev_type": "ANY", + "cipher_algo": "AES_CBC", + "cipher_op": "ENCRYPT", + "cipher_key": "000102030405060708090a0b0c0d0e0f", + "iv": "000102030405060708090a0b0c0d0e0f", + "auth_algo": "SHA1_HMAC", + "auth_op": "GENERATE", + "auth_key": "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f", + "auth_key_random_size": "", + "aad": "", + "aad_random_size": "", + "input": "111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + "output_cipher": "96A702D1CC8DD6D625D971915FCE8C40B8C522042B7126D51BB204CECA048C13793B75FF84A4B524370A45534C2BC476", + "output_hash": "2D6EFD5929812460E2DE34A1BD768F209C985143BA7333E8D59EFED291517EF7" + }, + +} -- 1.9.3