1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
10 #include <rte_malloc.h>
11 #include <rte_memcpy.h>
12 #include <rte_cycles.h>
13 #include <rte_bus_vdev.h>
16 #include <rte_crypto.h>
17 #include <rte_cryptodev.h>
18 #include <rte_cryptodev_pmd.h>
19 #include <rte_lcore.h>
20 #include <rte_ipsec.h>
21 #include <rte_random.h>
23 #include <rte_security_driver.h>
26 #include "test_cryptodev.h"
28 #define VDEV_ARGS_SIZE 100
29 #define MAX_NB_SESSIONS 200
31 #define REPLAY_WIN_0 0
32 #define REPLAY_WIN_32 32
33 #define REPLAY_WIN_64 64
34 #define REPLAY_WIN_128 128
35 #define REPLAY_WIN_256 256
36 #define DATA_64_BYTES 64
37 #define DATA_80_BYTES 80
38 #define DATA_100_BYTES 100
40 #define ESN_DISABLED 0
42 #define OUTBOUND_SPI 17
44 #define REORDER_PKTS 1
45 #define DEQUEUE_COUNT 1000
48 enum rte_crypto_sym_xform_type auth;
49 enum rte_crypto_sym_xform_type cipher;
50 enum rte_crypto_sym_xform_type aead;
53 char cipher_algo[128];
57 struct ipsec_testsuite_params {
58 struct rte_mempool *mbuf_pool;
59 struct rte_mempool *cop_mpool;
60 struct rte_cryptodev_config conf;
61 struct rte_cryptodev_qp_conf qp_conf;
64 uint8_t valid_dev_found;
67 struct ipsec_unitest_params {
68 struct rte_crypto_sym_xform cipher_xform;
69 struct rte_crypto_sym_xform auth_xform;
70 struct rte_crypto_sym_xform aead_xform;
71 struct rte_crypto_sym_xform *crypto_xforms;
73 struct rte_security_ipsec_xform ipsec_xform;
75 struct rte_ipsec_sa_prm sa_prm;
76 struct rte_ipsec_session ss[MAX_NB_SAS];
78 struct rte_crypto_op *cop[BURST_SIZE];
80 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
86 struct ipsec_test_cfg {
87 uint32_t replay_win_sz;
92 uint32_t reorder_pkts;
95 static const struct ipsec_test_cfg test_cfg[] = {
96 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
97 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, BURST_SIZE, 0},
98 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
100 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
101 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
103 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
104 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
105 DATA_80_BYTES, 1, 0},
106 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
109 static const int num_cfg = RTE_DIM(test_cfg);
110 static struct ipsec_testsuite_params testsuite_params = { NULL };
111 static struct ipsec_unitest_params unittest_params;
112 static struct user_params uparams;
114 struct supported_cipher_algo {
116 enum rte_crypto_cipher_algorithm algo;
122 struct supported_auth_algo {
124 enum rte_crypto_auth_algorithm algo;
130 const struct supported_cipher_algo cipher_algos[] = {
133 .algo = RTE_CRYPTO_CIPHER_NULL,
140 const struct supported_auth_algo auth_algos[] = {
143 .algo = RTE_CRYPTO_AUTH_NULL,
151 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
152 struct rte_security_session *sess, struct rte_mempool *mp)
154 RTE_SET_USED(device);
158 sess->sess_private_data = NULL;
163 dummy_sec_destroy(void *device, struct rte_security_session *sess)
165 RTE_SET_USED(device);
170 static const struct rte_security_ops dummy_sec_ops = {
171 .session_create = dummy_sec_create,
172 .session_destroy = dummy_sec_destroy,
175 static struct rte_security_ctx dummy_sec_ctx = {
176 .ops = &dummy_sec_ops,
179 static const struct supported_cipher_algo *
180 find_match_cipher_algo(const char *cipher_keyword)
184 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
185 const struct supported_cipher_algo *algo =
188 if (strcmp(cipher_keyword, algo->keyword) == 0)
195 static const struct supported_auth_algo *
196 find_match_auth_algo(const char *auth_keyword)
200 for (i = 0; i < RTE_DIM(auth_algos); i++) {
201 const struct supported_auth_algo *algo =
204 if (strcmp(auth_keyword, algo->keyword) == 0)
212 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
213 const struct supported_auth_algo *auth_algo,
214 const struct supported_cipher_algo *cipher_algo)
216 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
217 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
218 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
219 ut_params->auth_xform.auth.algo = auth_algo->algo;
221 if (ut_params->ipsec_xform.direction ==
222 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
223 ut_params->cipher_xform.cipher.op =
224 RTE_CRYPTO_CIPHER_OP_DECRYPT;
225 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
226 ut_params->cipher_xform.next = NULL;
227 ut_params->auth_xform.next = &ut_params->cipher_xform;
228 ut_params->crypto_xforms = &ut_params->auth_xform;
230 ut_params->cipher_xform.cipher.op =
231 RTE_CRYPTO_CIPHER_OP_ENCRYPT;
232 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
233 ut_params->auth_xform.next = NULL;
234 ut_params->cipher_xform.next = &ut_params->auth_xform;
235 ut_params->crypto_xforms = &ut_params->cipher_xform;
240 check_cryptodev_capablity(const struct ipsec_unitest_params *ut,
243 struct rte_cryptodev_sym_capability_idx cap_idx;
244 const struct rte_cryptodev_symmetric_capability *cap;
247 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
248 cap_idx.algo.auth = ut->auth_xform.auth.algo;
249 cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
252 rc = rte_cryptodev_sym_capability_check_auth(cap,
253 ut->auth_xform.auth.key.length,
254 ut->auth_xform.auth.digest_length, 0);
256 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
257 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
258 cap = rte_cryptodev_sym_capability_get(
261 rc = rte_cryptodev_sym_capability_check_cipher(
263 ut->cipher_xform.cipher.key.length,
264 ut->cipher_xform.cipher.iv.length);
272 testsuite_setup(void)
274 struct ipsec_testsuite_params *ts_params = &testsuite_params;
275 struct ipsec_unitest_params *ut_params = &unittest_params;
276 const struct supported_auth_algo *auth_algo;
277 const struct supported_cipher_algo *cipher_algo;
278 struct rte_cryptodev_info info;
279 uint32_t i, nb_devs, dev_id;
283 memset(ts_params, 0, sizeof(*ts_params));
284 memset(ut_params, 0, sizeof(*ut_params));
285 memset(&uparams, 0, sizeof(struct user_params));
287 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
288 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
289 uparams.aead = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED;
290 strcpy(uparams.auth_algo, "null");
291 strcpy(uparams.cipher_algo, "null");
293 auth_algo = find_match_auth_algo(uparams.auth_algo);
294 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
295 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
297 nb_devs = rte_cryptodev_count();
299 RTE_LOG(WARNING, USER1, "No crypto devices found?\n");
303 /* Find first valid crypto device */
304 for (i = 0; i < nb_devs; i++) {
305 rc = check_cryptodev_capablity(ut_params, i);
307 ts_params->valid_dev = i;
308 ts_params->valid_dev_found = 1;
313 if (ts_params->valid_dev_found == 0)
316 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
318 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
320 if (ts_params->mbuf_pool == NULL) {
321 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
325 ts_params->cop_mpool = rte_crypto_op_pool_create(
326 "MBUF_CRYPTO_SYM_OP_POOL",
327 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
328 NUM_MBUFS, MBUF_CACHE_SIZE,
330 sizeof(struct rte_crypto_sym_xform) +
333 if (ts_params->cop_mpool == NULL) {
334 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
338 /* Set up all the qps on the first of the valid devices found */
339 dev_id = ts_params->valid_dev;
341 rte_cryptodev_info_get(dev_id, &info);
343 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
344 ts_params->conf.socket_id = SOCKET_ID_ANY;
345 ts_params->conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
347 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
348 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
351 * Create mempools for sessions
353 if (info.sym.max_nb_sessions != 0 &&
354 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
355 RTE_LOG(ERR, USER1, "Device does not support "
356 "at least %u sessions\n",
361 ts_params->qp_conf.mp_session_private = rte_mempool_create(
365 0, 0, NULL, NULL, NULL,
369 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
370 "private session mempool allocation failed");
372 ts_params->qp_conf.mp_session =
373 rte_cryptodev_sym_session_pool_create("test_sess_mp",
374 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
376 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
377 "session mempool allocation failed");
379 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
381 "Failed to configure cryptodev %u with %u qps",
382 dev_id, ts_params->conf.nb_queue_pairs);
384 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
386 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
387 dev_id, 0, &ts_params->qp_conf,
388 rte_cryptodev_socket_id(dev_id)),
389 "Failed to setup queue pair %u on cryptodev %u",
396 testsuite_teardown(void)
398 struct ipsec_testsuite_params *ts_params = &testsuite_params;
400 if (ts_params->mbuf_pool != NULL) {
401 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
402 rte_mempool_avail_count(ts_params->mbuf_pool));
403 rte_mempool_free(ts_params->mbuf_pool);
404 ts_params->mbuf_pool = NULL;
407 if (ts_params->cop_mpool != NULL) {
408 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
409 rte_mempool_avail_count(ts_params->cop_mpool));
410 rte_mempool_free(ts_params->cop_mpool);
411 ts_params->cop_mpool = NULL;
414 /* Free session mempools */
415 if (ts_params->qp_conf.mp_session != NULL) {
416 rte_mempool_free(ts_params->qp_conf.mp_session);
417 ts_params->qp_conf.mp_session = NULL;
420 if (ts_params->qp_conf.mp_session_private != NULL) {
421 rte_mempool_free(ts_params->qp_conf.mp_session_private);
422 ts_params->qp_conf.mp_session_private = NULL;
429 struct ipsec_testsuite_params *ts_params = &testsuite_params;
430 struct ipsec_unitest_params *ut_params = &unittest_params;
432 /* Clear unit test parameters before running test */
433 memset(ut_params, 0, sizeof(*ut_params));
435 /* Reconfigure device to default parameters */
436 ts_params->conf.socket_id = SOCKET_ID_ANY;
438 /* Start the device */
439 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
440 "Failed to start cryptodev %u",
441 ts_params->valid_dev);
449 struct ipsec_testsuite_params *ts_params = &testsuite_params;
450 struct ipsec_unitest_params *ut_params = &unittest_params;
453 for (i = 0; i < BURST_SIZE; i++) {
454 /* free crypto operation structure */
455 if (ut_params->cop[i]) {
456 rte_crypto_op_free(ut_params->cop[i]);
457 ut_params->cop[i] = NULL;
461 * free mbuf - both obuf and ibuf are usually the same,
462 * so check if they point at the same address is necessary,
463 * to avoid freeing the mbuf twice.
465 if (ut_params->obuf[i]) {
466 rte_pktmbuf_free(ut_params->obuf[i]);
467 if (ut_params->ibuf[i] == ut_params->obuf[i])
468 ut_params->ibuf[i] = NULL;
469 ut_params->obuf[i] = NULL;
471 if (ut_params->ibuf[i]) {
472 rte_pktmbuf_free(ut_params->ibuf[i]);
473 ut_params->ibuf[i] = NULL;
476 if (ut_params->testbuf[i]) {
477 rte_pktmbuf_free(ut_params->testbuf[i]);
478 ut_params->testbuf[i] = NULL;
482 if (ts_params->mbuf_pool != NULL)
483 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
484 rte_mempool_avail_count(ts_params->mbuf_pool));
486 /* Stop the device */
487 rte_cryptodev_stop(ts_params->valid_dev);
490 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
492 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
493 1, 2, 3, 4, 5, 6, 7, 8,
494 9, 10, 11, 12, 13, 14, 15, 16,
495 17, 18, 19, 20, 21, 22, 23, 24,
496 25, 26, 27, 28, 29, 30, 31, 32,
497 33, 34, 35, 36, 37, 38, 39, 40,
498 41, 42, 43, 44, 45, 46, 47, 48,
499 49, 50, 51, 52, 53, 54, 55, 56,
500 57, 58, 59, 60, 61, 62, 63, 64,
501 65, 66, 67, 68, 69, 70, 71, 72,
502 73, 74, 75, 76, 77, 78, 79, 80,
503 81, 82, 83, 84, 85, 86, 87, 88,
504 89, 90, 91, 92, 93, 94, 95, 96,
505 97, 98, 99, 100, 101, 102, 103, 104,
506 105, 106, 107, 108, 109, 110, 111, 112,
507 113, 114, 115, 116, 117, 118, 119, 120,
508 121, 122, 123, 124, 125, 126, 127, 128,
509 129, 130, 131, 132, 133, 134, 135, 136,
510 137, 138, 139, 140, 141, 142, 143, 144,
511 145, 146, 147, 148, 149, 150, 151, 152,
512 153, 154, 155, 156, 157, 158, 159, 160,
513 161, 162, 163, 164, 165, 166, 167, 168,
514 169, 170, 171, 172, 173, 174, 175, 176,
515 177, 178, 179, 180, 181, 182, 183, 184,
516 185, 186, 187, 188, 189, 190, 191, 192,
517 193, 194, 195, 196, 197, 198, 199, 200,
518 201, 202, 203, 204, 205, 206, 207, 208,
519 209, 210, 211, 212, 213, 214, 215, 216,
520 217, 218, 219, 220, 221, 222, 223, 224,
521 225, 226, 227, 228, 229, 230, 231, 232,
522 233, 234, 235, 236, 237, 238, 239, 240,
523 241, 242, 243, 244, 245, 246, 247, 248,
524 249, 250, 251, 252, 253, 254, 255,
527 /* ***** data for tests ***** */
529 const char null_plain_data[] =
530 "Network Security People Have A Strange Sense Of Humor unlike Other "
531 "People who have a normal sense of humour";
533 const char null_encrypted_data[] =
534 "Network Security People Have A Strange Sense Of Humor unlike Other "
535 "People who have a normal sense of humour";
537 struct rte_ipv4_hdr ipv4_outer = {
538 .version_ihl = IPVERSION << 4 |
539 sizeof(ipv4_outer) / RTE_IPV4_IHL_MULTIPLIER,
540 .time_to_live = IPDEFTTL,
541 .next_proto_id = IPPROTO_ESP,
542 .src_addr = RTE_IPV4(192, 168, 1, 100),
543 .dst_addr = RTE_IPV4(192, 168, 2, 100),
546 static struct rte_mbuf *
547 setup_test_string(struct rte_mempool *mpool,
548 const char *string, size_t len, uint8_t blocksize)
550 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
551 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
554 memset(m->buf_addr, 0, m->buf_len);
555 char *dst = rte_pktmbuf_append(m, t_len);
562 rte_memcpy(dst, string, t_len);
564 memset(dst, 0, t_len);
570 static struct rte_mbuf *
571 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
572 size_t len, uint32_t spi, uint32_t seq)
574 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
575 uint32_t hdrlen = sizeof(struct rte_ipv4_hdr) +
576 sizeof(struct rte_esp_hdr);
577 uint32_t taillen = sizeof(struct esp_tail);
578 uint32_t t_len = len + hdrlen + taillen;
581 struct rte_esp_hdr esph = {
582 .spi = rte_cpu_to_be_32(spi),
583 .seq = rte_cpu_to_be_32(seq)
586 padlen = RTE_ALIGN(t_len, 4) - t_len;
589 struct esp_tail espt = {
591 .next_proto = IPPROTO_IPIP,
597 memset(m->buf_addr, 0, m->buf_len);
598 char *dst = rte_pktmbuf_append(m, t_len);
604 /* copy outer IP and ESP header */
605 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
606 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
607 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
608 dst += sizeof(ipv4_outer);
609 m->l3_len = sizeof(ipv4_outer);
610 rte_memcpy(dst, &esph, sizeof(esph));
613 if (string != NULL) {
615 rte_memcpy(dst, string, len);
618 rte_memcpy(dst, esp_pad_bytes, padlen);
620 /* copy ESP tail header */
621 rte_memcpy(dst, &espt, sizeof(espt));
623 memset(dst, 0, t_len);
629 create_dummy_sec_session(struct ipsec_unitest_params *ut,
630 struct rte_cryptodev_qp_conf *qp, uint32_t j)
632 static struct rte_security_session_conf conf;
634 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
635 &conf, qp->mp_session_private);
637 if (ut->ss[j].security.ses == NULL)
640 ut->ss[j].security.ctx = &dummy_sec_ctx;
641 ut->ss[j].security.ol_flags = 0;
646 create_crypto_session(struct ipsec_unitest_params *ut,
647 struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
650 struct rte_cryptodev_sym_session *s;
652 s = rte_cryptodev_sym_session_create(qp->mp_session);
656 /* initiliaze SA crypto session for device */
657 rc = rte_cryptodev_sym_session_init(dev_id, s,
658 ut->crypto_xforms, qp->mp_session_private);
660 ut->ss[j].crypto.ses = s;
663 /* failure, do cleanup */
664 rte_cryptodev_sym_session_clear(dev_id, s);
665 rte_cryptodev_sym_session_free(s);
671 create_session(struct ipsec_unitest_params *ut,
672 struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
674 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
675 return create_crypto_session(ut, qp, crypto_dev, j);
677 return create_dummy_sec_session(ut, qp, j);
681 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
683 struct ipsec_unitest_params *ut_params = &unittest_params;
684 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
685 const struct supported_auth_algo *auth_algo;
686 const struct supported_cipher_algo *cipher_algo;
688 memset(prm, 0, sizeof(*prm));
692 prm->replay_win_sz = replay_win_sz;
694 /* setup ipsec xform */
695 prm->ipsec_xform = ut_params->ipsec_xform;
696 prm->ipsec_xform.salt = (uint32_t)rte_rand();
698 /* setup tunnel related fields */
699 prm->tun.hdr_len = sizeof(ipv4_outer);
700 prm->tun.next_proto = IPPROTO_IPIP;
701 prm->tun.hdr = &ipv4_outer;
703 /* setup crypto section */
704 if (uparams.aead != 0) {
705 /* TODO: will need to fill out with other test cases */
707 if (uparams.auth == 0 && uparams.cipher == 0)
710 auth_algo = find_match_auth_algo(uparams.auth_algo);
711 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
713 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
716 prm->crypto_xform = ut_params->crypto_xforms;
721 create_sa(enum rte_security_session_action_type action_type,
722 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
724 struct ipsec_testsuite_params *ts = &testsuite_params;
725 struct ipsec_unitest_params *ut = &unittest_params;
729 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
731 rc = fill_ipsec_param(replay_win_sz, flags);
735 /* create rte_ipsec_sa*/
736 sz = rte_ipsec_sa_size(&ut->sa_prm);
737 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
739 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
740 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
741 "failed to allocate memory for rte_ipsec_sa\n");
743 ut->ss[j].type = action_type;
744 rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
748 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
749 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
751 rc = rte_ipsec_session_prepare(&ut->ss[j]);
757 crypto_dequeue_burst(uint16_t num_pkts)
759 struct ipsec_testsuite_params *ts_params = &testsuite_params;
760 struct ipsec_unitest_params *ut_params = &unittest_params;
764 for (i = 0, pkt_cnt = 0;
765 i < DEQUEUE_COUNT && pkt_cnt != num_pkts; i++) {
766 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
767 &ut_params->cop[pkt_cnt], num_pkts - pkt_cnt);
772 if (pkt_cnt != num_pkts) {
773 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
780 crypto_ipsec(uint16_t num_pkts)
782 struct ipsec_testsuite_params *ts_params = &testsuite_params;
783 struct ipsec_unitest_params *ut_params = &unittest_params;
785 struct rte_ipsec_group grp[1];
787 /* call crypto prepare */
788 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
789 ut_params->cop, num_pkts);
791 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
795 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
796 ut_params->cop, num_pkts);
798 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
802 if (crypto_dequeue_burst(num_pkts) == TEST_FAILED)
805 ng = rte_ipsec_pkt_crypto_group(
806 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
807 ut_params->obuf, grp, num_pkts);
809 grp[0].m[0] != ut_params->obuf[0] ||
810 grp[0].cnt != num_pkts ||
811 grp[0].id.ptr != &ut_params->ss[0]) {
812 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
816 /* call crypto process */
817 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
819 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
827 lksd_proto_ipsec(uint16_t num_pkts)
829 struct ipsec_unitest_params *ut_params = &unittest_params;
831 struct rte_ipsec_group grp[1];
833 /* call crypto prepare */
834 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
835 ut_params->cop, num_pkts);
837 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
841 /* check crypto ops */
842 for (i = 0; i != num_pkts; i++) {
843 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
844 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
845 "%s: invalid crypto op type for %u-th packet\n",
847 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
848 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
849 "%s: invalid crypto op status for %u-th packet\n",
851 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
852 RTE_CRYPTO_OP_SECURITY_SESSION,
853 "%s: invalid crypto op sess_type for %u-th packet\n",
855 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
857 "%s: invalid crypto op m_src for %u-th packet\n",
861 /* update crypto ops, pretend all finished ok */
862 for (i = 0; i != num_pkts; i++)
863 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
865 ng = rte_ipsec_pkt_crypto_group(
866 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
867 ut_params->obuf, grp, num_pkts);
869 grp[0].m[0] != ut_params->obuf[0] ||
870 grp[0].cnt != num_pkts ||
871 grp[0].id.ptr != &ut_params->ss[0]) {
872 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
876 /* call crypto process */
877 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
879 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
887 dump_grp_pkt(uint32_t i, struct rte_ipsec_group *grp, uint32_t k)
890 "After rte_ipsec_pkt_process grp[%d].cnt=%d k=%d fail\n",
893 "After rte_ipsec_pkt_process grp[%d].m=%p grp[%d].m[%d]=%p\n",
894 i, grp[i].m, i, k, grp[i].m[k]);
896 rte_pktmbuf_dump(stdout, grp[i].m[k], grp[i].m[k]->data_len);
900 crypto_ipsec_2sa(void)
902 struct ipsec_testsuite_params *ts_params = &testsuite_params;
903 struct ipsec_unitest_params *ut_params = &unittest_params;
904 struct rte_ipsec_group grp[BURST_SIZE];
905 uint32_t k, ng, i, r;
907 for (i = 0; i < BURST_SIZE; i++) {
909 /* call crypto prepare */
910 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
911 ut_params->ibuf + i, ut_params->cop + i, 1);
914 "rte_ipsec_pkt_crypto_prepare fail\n");
917 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
918 ut_params->cop + i, 1);
921 "rte_cryptodev_enqueue_burst fail\n");
926 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
929 ng = rte_ipsec_pkt_crypto_group(
930 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
931 ut_params->obuf, grp, BURST_SIZE);
932 if (ng != BURST_SIZE) {
933 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
938 /* call crypto process */
939 for (i = 0; i < ng; i++) {
940 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
941 if (k != grp[i].cnt) {
942 dump_grp_pkt(i, grp, k);
954 crypto_ipsec_4grp(uint32_t pkt_num)
958 /* group packets in 4 different size groups groups, 2 per SA */
961 else if (pkt_num < PKT_12)
963 else if (pkt_num < PKT_21)
972 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
974 struct ipsec_unitest_params *ut_params = &unittest_params;
979 for (i = 0, j = 0; i < PKT_4; i++, j++)
980 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
984 } else if (grp_ind == 1) {
985 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
986 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
991 } else if (grp_ind == 2) {
992 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
993 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
997 } else if (grp_ind == 3) {
998 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
999 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
1010 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
1015 if (grp[grp_ind].cnt != PKT_4)
1017 } else if (grp_ind == 1) {
1018 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
1020 } else if (grp_ind == 2) {
1021 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
1023 } else if (grp_ind == 3) {
1024 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1033 crypto_ipsec_2sa_4grp(void)
1035 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1036 struct ipsec_unitest_params *ut_params = &unittest_params;
1037 struct rte_ipsec_group grp[BURST_SIZE];
1038 uint32_t k, ng, i, j;
1041 for (i = 0; i < BURST_SIZE; i++) {
1042 j = crypto_ipsec_4grp(i);
1044 /* call crypto prepare */
1045 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1046 ut_params->ibuf + i, ut_params->cop + i, 1);
1049 "rte_ipsec_pkt_crypto_prepare fail\n");
1052 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1053 ut_params->cop + i, 1);
1056 "rte_cryptodev_enqueue_burst fail\n");
1061 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
1064 ng = rte_ipsec_pkt_crypto_group(
1065 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1066 ut_params->obuf, grp, BURST_SIZE);
1068 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1073 /* call crypto process */
1074 for (i = 0; i < ng; i++) {
1075 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1076 if (k != grp[i].cnt) {
1077 dump_grp_pkt(i, grp, k);
1080 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1083 "crypto_ipsec_4grp_check_cnt fail\n");
1086 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1089 "crypto_ipsec_4grp_check_mbufs fail\n");
1093 return TEST_SUCCESS;
1097 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1099 struct ipsec_unitest_params *ut_params = &unittest_params;
1100 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1103 /* reorder packets and create gaps in sequence numbers */
1104 static const uint32_t reorder[BURST_SIZE] = {
1105 24, 25, 26, 27, 28, 29, 30, 31,
1106 16, 17, 18, 19, 20, 21, 22, 23,
1107 8, 9, 10, 11, 12, 13, 14, 15,
1108 0, 1, 2, 3, 4, 5, 6, 7,
1111 if (num_pkts != BURST_SIZE)
1114 for (j = 0; j != BURST_SIZE; j++)
1115 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1117 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1121 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1123 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1124 struct ipsec_unitest_params *ut_params = &unittest_params;
1128 for (j = 0; j < num_pkts && rc == 0; j++) {
1129 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1130 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1131 if (ut_params->cop[j] == NULL) {
1133 "Failed to allocate symmetric crypto op\n");
1142 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1144 uint16_t j = ut_params->pkt_index;
1146 printf("\ntest config: num %d\n", i);
1147 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1148 printf(" esn %u\n", test_cfg[i].esn);
1149 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1150 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1151 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1153 if (ut_params->ibuf[j]) {
1154 printf("ibuf[%u] data:\n", j);
1155 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1156 ut_params->ibuf[j]->data_len);
1158 if (ut_params->obuf[j]) {
1159 printf("obuf[%u] data:\n", j);
1160 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1161 ut_params->obuf[j]->data_len);
1163 if (ut_params->testbuf[j]) {
1164 printf("testbuf[%u] data:\n", j);
1165 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1166 ut_params->testbuf[j]->data_len);
1171 destroy_sa(uint32_t j)
1173 struct ipsec_unitest_params *ut = &unittest_params;
1175 rte_ipsec_sa_fini(ut->ss[j].sa);
1176 rte_free(ut->ss[j].sa);
1177 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1178 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1182 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1187 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1188 ut_params->pkt_index = j;
1190 /* compare the data buffers */
1191 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1192 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1194 "input and output data does not match\n");
1195 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1196 ut_params->obuf[j]->pkt_len,
1197 "data_len is not equal to pkt_len");
1198 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1200 "data_len is not equal to input data");
1207 test_ipsec_crypto_inb_burst_null_null(int i)
1209 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1210 struct ipsec_unitest_params *ut_params = &unittest_params;
1211 uint16_t num_pkts = test_cfg[i].num_pkts;
1215 /* create rte_ipsec_sa */
1216 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1217 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1219 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1223 /* Generate test mbuf data */
1224 for (j = 0; j < num_pkts && rc == 0; j++) {
1225 /* packet with sequence number 0 is invalid */
1226 ut_params->ibuf[j] = setup_test_string_tunneled(
1227 ts_params->mbuf_pool, null_encrypted_data,
1228 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1229 if (ut_params->ibuf[j] == NULL)
1234 if (test_cfg[i].reorder_pkts)
1235 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1236 rc = test_ipsec_crypto_op_alloc(num_pkts);
1240 /* call ipsec library api */
1241 rc = crypto_ipsec(num_pkts);
1243 rc = crypto_inb_burst_null_null_check(
1244 ut_params, i, num_pkts);
1246 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1252 if (rc == TEST_FAILED)
1253 test_ipsec_dump_buffers(ut_params, i);
1260 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1264 struct ipsec_unitest_params *ut_params = &unittest_params;
1266 ut_params->ipsec_xform.spi = INBOUND_SPI;
1267 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1268 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1269 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1270 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1272 for (i = 0; i < num_cfg && rc == 0; i++) {
1273 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1274 rc = test_ipsec_crypto_inb_burst_null_null(i);
1281 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1288 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1289 ut_params->pkt_index = j;
1291 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1292 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1293 /* compare the buffer data */
1294 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1295 ut_params->obuf[j]->pkt_len,
1296 "test and output data does not match\n");
1297 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1298 ut_params->testbuf[j]->data_len,
1299 "obuf data_len is not equal to testbuf data_len");
1300 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1301 ut_params->testbuf[j]->pkt_len,
1302 "obuf pkt_len is not equal to testbuf pkt_len");
1309 test_ipsec_crypto_outb_burst_null_null(int i)
1311 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1312 struct ipsec_unitest_params *ut_params = &unittest_params;
1313 uint16_t num_pkts = test_cfg[i].num_pkts;
1317 /* create rte_ipsec_sa*/
1318 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1319 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1321 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1325 /* Generate input mbuf data */
1326 for (j = 0; j < num_pkts && rc == 0; j++) {
1327 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1328 null_plain_data, test_cfg[i].pkt_sz, 0);
1329 if (ut_params->ibuf[j] == NULL)
1332 /* Generate test mbuf data */
1333 /* packet with sequence number 0 is invalid */
1334 ut_params->testbuf[j] = setup_test_string_tunneled(
1335 ts_params->mbuf_pool,
1336 null_plain_data, test_cfg[i].pkt_sz,
1337 OUTBOUND_SPI, j + 1);
1338 if (ut_params->testbuf[j] == NULL)
1344 rc = test_ipsec_crypto_op_alloc(num_pkts);
1347 /* call ipsec library api */
1348 rc = crypto_ipsec(num_pkts);
1350 rc = crypto_outb_burst_null_null_check(ut_params,
1353 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1357 if (rc == TEST_FAILED)
1358 test_ipsec_dump_buffers(ut_params, i);
1365 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1369 struct ipsec_unitest_params *ut_params = &unittest_params;
1371 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1372 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1373 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1374 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1375 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1377 for (i = 0; i < num_cfg && rc == 0; i++) {
1378 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1379 rc = test_ipsec_crypto_outb_burst_null_null(i);
1386 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1393 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1394 ut_params->pkt_index = j;
1396 /* compare the buffer data */
1397 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1398 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1400 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1401 ut_params->ibuf[j]->data_len,
1402 "input and output data does not match\n");
1403 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1404 ut_params->obuf[j]->data_len,
1405 "ibuf data_len is not equal to obuf data_len");
1406 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1407 ut_params->obuf[j]->pkt_len,
1408 "ibuf pkt_len is not equal to obuf pkt_len");
1409 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1411 "data_len is not equal input data");
1417 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1419 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1420 struct ipsec_unitest_params *ut_params = &unittest_params;
1421 uint16_t num_pkts = test_cfg[i].num_pkts;
1426 /* create rte_ipsec_sa*/
1427 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1428 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1430 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1434 /* Generate inbound mbuf data */
1435 for (j = 0; j < num_pkts && rc == 0; j++) {
1436 ut_params->ibuf[j] = setup_test_string_tunneled(
1437 ts_params->mbuf_pool,
1438 null_plain_data, test_cfg[i].pkt_sz,
1439 INBOUND_SPI, j + 1);
1440 if (ut_params->ibuf[j] == NULL)
1443 /* Generate test mbuf data */
1444 ut_params->obuf[j] = setup_test_string(
1445 ts_params->mbuf_pool,
1446 null_plain_data, test_cfg[i].pkt_sz, 0);
1447 if (ut_params->obuf[j] == NULL)
1453 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1456 rc = inline_inb_burst_null_null_check(ut_params, i,
1460 "rte_ipsec_pkt_process failed, cfg %d\n",
1466 if (rc == TEST_FAILED)
1467 test_ipsec_dump_buffers(ut_params, i);
1474 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1478 struct ipsec_unitest_params *ut_params = &unittest_params;
1480 ut_params->ipsec_xform.spi = INBOUND_SPI;
1481 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1482 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1483 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1484 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1486 for (i = 0; i < num_cfg && rc == 0; i++) {
1487 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1488 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1495 test_ipsec_inline_proto_inb_burst_null_null(int i)
1497 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1498 struct ipsec_unitest_params *ut_params = &unittest_params;
1499 uint16_t num_pkts = test_cfg[i].num_pkts;
1504 /* create rte_ipsec_sa*/
1505 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1506 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1508 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1512 /* Generate inbound mbuf data */
1513 for (j = 0; j < num_pkts && rc == 0; j++) {
1514 ut_params->ibuf[j] = setup_test_string(
1515 ts_params->mbuf_pool,
1516 null_plain_data, test_cfg[i].pkt_sz, 0);
1517 if (ut_params->ibuf[j] == NULL)
1520 /* Generate test mbuf data */
1521 ut_params->obuf[j] = setup_test_string(
1522 ts_params->mbuf_pool,
1523 null_plain_data, test_cfg[i].pkt_sz, 0);
1524 if (ut_params->obuf[j] == NULL)
1530 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1533 rc = inline_inb_burst_null_null_check(ut_params, i,
1537 "rte_ipsec_pkt_process failed, cfg %d\n",
1543 if (rc == TEST_FAILED)
1544 test_ipsec_dump_buffers(ut_params, i);
1551 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1555 struct ipsec_unitest_params *ut_params = &unittest_params;
1557 ut_params->ipsec_xform.spi = INBOUND_SPI;
1558 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1559 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1560 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1561 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1563 for (i = 0; i < num_cfg && rc == 0; i++) {
1564 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1565 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1572 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1579 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1580 ut_params->pkt_index = j;
1582 /* compare the buffer data */
1583 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1584 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1585 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1586 ut_params->ibuf[j]->data_len,
1587 "input and output data does not match\n");
1588 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1589 ut_params->obuf[j]->data_len,
1590 "ibuf data_len is not equal to obuf data_len");
1591 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1592 ut_params->obuf[j]->pkt_len,
1593 "ibuf pkt_len is not equal to obuf pkt_len");
1595 /* check mbuf ol_flags */
1596 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1597 "ibuf PKT_TX_SEC_OFFLOAD is not set");
1603 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1605 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1606 struct ipsec_unitest_params *ut_params = &unittest_params;
1607 uint16_t num_pkts = test_cfg[i].num_pkts;
1612 /* create rte_ipsec_sa */
1613 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1614 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1616 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1620 /* Generate test mbuf data */
1621 for (j = 0; j < num_pkts && rc == 0; j++) {
1622 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1623 null_plain_data, test_cfg[i].pkt_sz, 0);
1624 if (ut_params->ibuf[0] == NULL)
1628 /* Generate test tunneled mbuf data for comparison */
1629 ut_params->obuf[j] = setup_test_string_tunneled(
1630 ts_params->mbuf_pool,
1631 null_plain_data, test_cfg[i].pkt_sz,
1632 OUTBOUND_SPI, j + 1);
1633 if (ut_params->obuf[j] == NULL)
1639 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1642 rc = inline_outb_burst_null_null_check(ut_params,
1646 "rte_ipsec_pkt_process failed, cfg %d\n",
1652 if (rc == TEST_FAILED)
1653 test_ipsec_dump_buffers(ut_params, i);
1660 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1664 struct ipsec_unitest_params *ut_params = &unittest_params;
1666 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1667 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1668 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1669 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1670 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1672 for (i = 0; i < num_cfg && rc == 0; i++) {
1673 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1674 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1681 test_ipsec_inline_proto_outb_burst_null_null(int i)
1683 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1684 struct ipsec_unitest_params *ut_params = &unittest_params;
1685 uint16_t num_pkts = test_cfg[i].num_pkts;
1690 /* create rte_ipsec_sa */
1691 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1692 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1694 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1698 /* Generate test mbuf data */
1699 for (j = 0; j < num_pkts && rc == 0; j++) {
1700 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1701 null_plain_data, test_cfg[i].pkt_sz, 0);
1702 if (ut_params->ibuf[0] == NULL)
1706 /* Generate test tunneled mbuf data for comparison */
1707 ut_params->obuf[j] = setup_test_string(
1708 ts_params->mbuf_pool,
1709 null_plain_data, test_cfg[i].pkt_sz, 0);
1710 if (ut_params->obuf[j] == NULL)
1716 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1719 rc = inline_outb_burst_null_null_check(ut_params,
1723 "rte_ipsec_pkt_process failed, cfg %d\n",
1729 if (rc == TEST_FAILED)
1730 test_ipsec_dump_buffers(ut_params, i);
1737 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1741 struct ipsec_unitest_params *ut_params = &unittest_params;
1743 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1744 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1745 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1746 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1747 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1749 for (i = 0; i < num_cfg && rc == 0; i++) {
1750 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1751 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1758 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1760 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1761 struct ipsec_unitest_params *ut_params = &unittest_params;
1762 uint16_t num_pkts = test_cfg[i].num_pkts;
1766 /* create rte_ipsec_sa */
1767 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1768 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1770 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1774 /* Generate test mbuf data */
1775 for (j = 0; j < num_pkts && rc == 0; j++) {
1776 /* packet with sequence number 0 is invalid */
1777 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1778 null_encrypted_data, test_cfg[i].pkt_sz, 0);
1779 if (ut_params->ibuf[j] == NULL)
1784 if (test_cfg[i].reorder_pkts)
1785 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1786 rc = test_ipsec_crypto_op_alloc(num_pkts);
1790 /* call ipsec library api */
1791 rc = lksd_proto_ipsec(num_pkts);
1793 rc = crypto_inb_burst_null_null_check(ut_params, i,
1796 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1802 if (rc == TEST_FAILED)
1803 test_ipsec_dump_buffers(ut_params, i);
1810 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1814 struct ipsec_unitest_params *ut_params = &unittest_params;
1816 ut_params->ipsec_xform.spi = INBOUND_SPI;
1817 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1818 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1819 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1820 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1822 for (i = 0; i < num_cfg && rc == 0; i++) {
1823 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1824 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1831 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1835 struct ipsec_unitest_params *ut_params = &unittest_params;
1837 ut_params->ipsec_xform.spi = INBOUND_SPI;
1838 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1839 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1840 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1841 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1843 for (i = 0; i < num_cfg && rc == 0; i++) {
1844 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1845 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1852 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1857 for (j = 0; j < num_pkts; j++) {
1858 /* compare the buffer data */
1859 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1860 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1862 "input and output data does not match\n");
1864 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1865 ut_params->obuf[j]->pkt_len,
1866 "data_len is not equal to pkt_len");
1873 test_ipsec_replay_inb_inside_null_null(int i)
1875 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1876 struct ipsec_unitest_params *ut_params = &unittest_params;
1879 /* create rte_ipsec_sa*/
1880 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1881 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1883 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1887 /* Generate inbound mbuf data */
1888 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1889 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1890 if (ut_params->ibuf[0] == NULL)
1893 rc = test_ipsec_crypto_op_alloc(1);
1896 /* call ipsec library api */
1897 rc = crypto_ipsec(1);
1899 rc = replay_inb_null_null_check(ut_params, i, 1);
1901 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1907 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1908 /* generate packet with seq number inside the replay window */
1909 if (ut_params->ibuf[0]) {
1910 rte_pktmbuf_free(ut_params->ibuf[0]);
1911 ut_params->ibuf[0] = 0;
1914 ut_params->ibuf[0] = setup_test_string_tunneled(
1915 ts_params->mbuf_pool, null_encrypted_data,
1916 test_cfg[i].pkt_sz, INBOUND_SPI,
1917 test_cfg[i].replay_win_sz);
1918 if (ut_params->ibuf[0] == NULL)
1921 rc = test_ipsec_crypto_op_alloc(1);
1924 /* call ipsec library api */
1925 rc = crypto_ipsec(1);
1927 rc = replay_inb_null_null_check(
1930 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1936 if (rc == TEST_FAILED)
1937 test_ipsec_dump_buffers(ut_params, i);
1945 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1949 struct ipsec_unitest_params *ut_params = &unittest_params;
1951 ut_params->ipsec_xform.spi = INBOUND_SPI;
1952 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1953 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1954 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1955 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1957 for (i = 0; i < num_cfg && rc == 0; i++) {
1958 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1959 rc = test_ipsec_replay_inb_inside_null_null(i);
1966 test_ipsec_replay_inb_outside_null_null(int i)
1968 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1969 struct ipsec_unitest_params *ut_params = &unittest_params;
1972 /* create rte_ipsec_sa */
1973 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1974 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1976 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1980 /* Generate test mbuf data */
1981 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1982 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
1983 test_cfg[i].replay_win_sz + 2);
1984 if (ut_params->ibuf[0] == NULL)
1987 rc = test_ipsec_crypto_op_alloc(1);
1990 /* call ipsec library api */
1991 rc = crypto_ipsec(1);
1993 rc = replay_inb_null_null_check(ut_params, i, 1);
1995 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2001 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2002 /* generate packet with seq number outside the replay window */
2003 if (ut_params->ibuf[0]) {
2004 rte_pktmbuf_free(ut_params->ibuf[0]);
2005 ut_params->ibuf[0] = 0;
2007 ut_params->ibuf[0] = setup_test_string_tunneled(
2008 ts_params->mbuf_pool, null_encrypted_data,
2009 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2010 if (ut_params->ibuf[0] == NULL)
2013 rc = test_ipsec_crypto_op_alloc(1);
2016 /* call ipsec library api */
2017 rc = crypto_ipsec(1);
2019 if (test_cfg[i].esn == 0) {
2021 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2023 test_cfg[i].replay_win_sz + 2,
2029 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2030 i, test_cfg[i].replay_win_sz + 2, 1);
2036 if (rc == TEST_FAILED)
2037 test_ipsec_dump_buffers(ut_params, i);
2045 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2049 struct ipsec_unitest_params *ut_params = &unittest_params;
2051 ut_params->ipsec_xform.spi = INBOUND_SPI;
2052 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2053 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2054 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2055 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2057 for (i = 0; i < num_cfg && rc == 0; i++) {
2058 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2059 rc = test_ipsec_replay_inb_outside_null_null(i);
2066 test_ipsec_replay_inb_repeat_null_null(int i)
2068 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2069 struct ipsec_unitest_params *ut_params = &unittest_params;
2072 /* create rte_ipsec_sa */
2073 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2074 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2076 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2080 /* Generate test mbuf data */
2081 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2082 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2083 if (ut_params->ibuf[0] == NULL)
2086 rc = test_ipsec_crypto_op_alloc(1);
2089 /* call ipsec library api */
2090 rc = crypto_ipsec(1);
2092 rc = replay_inb_null_null_check(ut_params, i, 1);
2094 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2100 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2102 * generate packet with repeat seq number in the replay
2105 if (ut_params->ibuf[0]) {
2106 rte_pktmbuf_free(ut_params->ibuf[0]);
2107 ut_params->ibuf[0] = 0;
2110 ut_params->ibuf[0] = setup_test_string_tunneled(
2111 ts_params->mbuf_pool, null_encrypted_data,
2112 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2113 if (ut_params->ibuf[0] == NULL)
2116 rc = test_ipsec_crypto_op_alloc(1);
2119 /* call ipsec library api */
2120 rc = crypto_ipsec(1);
2123 "packet is not repeated in the replay window, cfg %d seq %u\n",
2128 "packet is repeated in the replay window, cfg %d seq %u\n",
2135 if (rc == TEST_FAILED)
2136 test_ipsec_dump_buffers(ut_params, i);
2144 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2148 struct ipsec_unitest_params *ut_params = &unittest_params;
2150 ut_params->ipsec_xform.spi = INBOUND_SPI;
2151 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2152 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2153 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2154 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2156 for (i = 0; i < num_cfg && rc == 0; i++) {
2157 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2158 rc = test_ipsec_replay_inb_repeat_null_null(i);
2165 test_ipsec_replay_inb_inside_burst_null_null(int i)
2167 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2168 struct ipsec_unitest_params *ut_params = &unittest_params;
2169 uint16_t num_pkts = test_cfg[i].num_pkts;
2173 /* create rte_ipsec_sa*/
2174 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2175 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2177 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2181 /* Generate inbound mbuf data */
2182 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2183 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2184 if (ut_params->ibuf[0] == NULL)
2187 rc = test_ipsec_crypto_op_alloc(1);
2190 /* call ipsec library api */
2191 rc = crypto_ipsec(1);
2193 rc = replay_inb_null_null_check(ut_params, i, 1);
2195 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2201 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2203 * generate packet(s) with seq number(s) inside the
2206 if (ut_params->ibuf[0]) {
2207 rte_pktmbuf_free(ut_params->ibuf[0]);
2208 ut_params->ibuf[0] = 0;
2211 for (j = 0; j < num_pkts && rc == 0; j++) {
2212 /* packet with sequence number 1 already processed */
2213 ut_params->ibuf[j] = setup_test_string_tunneled(
2214 ts_params->mbuf_pool, null_encrypted_data,
2215 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2216 if (ut_params->ibuf[j] == NULL)
2221 if (test_cfg[i].reorder_pkts)
2222 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2223 rc = test_ipsec_crypto_op_alloc(num_pkts);
2227 /* call ipsec library api */
2228 rc = crypto_ipsec(num_pkts);
2230 rc = replay_inb_null_null_check(
2231 ut_params, i, num_pkts);
2233 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2239 if (rc == TEST_FAILED)
2240 test_ipsec_dump_buffers(ut_params, i);
2248 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2252 struct ipsec_unitest_params *ut_params = &unittest_params;
2254 ut_params->ipsec_xform.spi = INBOUND_SPI;
2255 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2256 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2257 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2258 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2260 for (i = 0; i < num_cfg && rc == 0; i++) {
2261 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2262 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2270 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2275 for (j = 0; j < BURST_SIZE; j++) {
2276 ut_params->pkt_index = j;
2278 /* compare the data buffers */
2279 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2280 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2282 "input and output data does not match\n");
2283 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2284 ut_params->obuf[j]->pkt_len,
2285 "data_len is not equal to pkt_len");
2286 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2288 "data_len is not equal to input data");
2295 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2297 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2298 struct ipsec_unitest_params *ut_params = &unittest_params;
2299 uint16_t num_pkts = test_cfg[i].num_pkts;
2303 if (num_pkts != BURST_SIZE)
2306 /* create rte_ipsec_sa */
2307 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2308 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2310 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2314 /* create second rte_ipsec_sa */
2315 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2316 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2317 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2319 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2324 /* Generate test mbuf data */
2325 for (j = 0; j < num_pkts && rc == 0; j++) {
2327 /* packet with sequence number 0 is invalid */
2328 ut_params->ibuf[j] = setup_test_string_tunneled(
2329 ts_params->mbuf_pool, null_encrypted_data,
2330 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2331 if (ut_params->ibuf[j] == NULL)
2336 rc = test_ipsec_crypto_op_alloc(num_pkts);
2339 /* call ipsec library api */
2340 rc = crypto_ipsec_2sa();
2342 rc = crypto_inb_burst_2sa_null_null_check(
2345 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2351 if (rc == TEST_FAILED)
2352 test_ipsec_dump_buffers(ut_params, i);
2360 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2364 struct ipsec_unitest_params *ut_params = &unittest_params;
2366 ut_params->ipsec_xform.spi = INBOUND_SPI;
2367 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2368 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2369 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2370 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2372 for (i = 0; i < num_cfg && rc == 0; i++) {
2373 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2374 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2381 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2383 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2384 struct ipsec_unitest_params *ut_params = &unittest_params;
2385 uint16_t num_pkts = test_cfg[i].num_pkts;
2389 if (num_pkts != BURST_SIZE)
2392 /* create rte_ipsec_sa */
2393 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2394 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2396 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2400 /* create second rte_ipsec_sa */
2401 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2402 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2403 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2405 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2410 /* Generate test mbuf data */
2411 for (j = 0; j < num_pkts && rc == 0; j++) {
2412 k = crypto_ipsec_4grp(j);
2414 /* packet with sequence number 0 is invalid */
2415 ut_params->ibuf[j] = setup_test_string_tunneled(
2416 ts_params->mbuf_pool, null_encrypted_data,
2417 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2418 if (ut_params->ibuf[j] == NULL)
2423 rc = test_ipsec_crypto_op_alloc(num_pkts);
2426 /* call ipsec library api */
2427 rc = crypto_ipsec_2sa_4grp();
2429 rc = crypto_inb_burst_2sa_null_null_check(
2432 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2438 if (rc == TEST_FAILED)
2439 test_ipsec_dump_buffers(ut_params, i);
2447 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2451 struct ipsec_unitest_params *ut_params = &unittest_params;
2453 ut_params->ipsec_xform.spi = INBOUND_SPI;
2454 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2455 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2456 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2457 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2459 for (i = 0; i < num_cfg && rc == 0; i++) {
2460 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2461 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2467 static struct unit_test_suite ipsec_testsuite = {
2468 .suite_name = "IPsec NULL Unit Test Suite",
2469 .setup = testsuite_setup,
2470 .teardown = testsuite_teardown,
2471 .unit_test_cases = {
2472 TEST_CASE_ST(ut_setup, ut_teardown,
2473 test_ipsec_crypto_inb_burst_null_null_wrapper),
2474 TEST_CASE_ST(ut_setup, ut_teardown,
2475 test_ipsec_crypto_outb_burst_null_null_wrapper),
2476 TEST_CASE_ST(ut_setup, ut_teardown,
2477 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2478 TEST_CASE_ST(ut_setup, ut_teardown,
2479 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2480 TEST_CASE_ST(ut_setup, ut_teardown,
2481 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2482 TEST_CASE_ST(ut_setup, ut_teardown,
2483 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2484 TEST_CASE_ST(ut_setup, ut_teardown,
2485 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2486 TEST_CASE_ST(ut_setup, ut_teardown,
2487 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2488 TEST_CASE_ST(ut_setup, ut_teardown,
2489 test_ipsec_replay_inb_inside_null_null_wrapper),
2490 TEST_CASE_ST(ut_setup, ut_teardown,
2491 test_ipsec_replay_inb_outside_null_null_wrapper),
2492 TEST_CASE_ST(ut_setup, ut_teardown,
2493 test_ipsec_replay_inb_repeat_null_null_wrapper),
2494 TEST_CASE_ST(ut_setup, ut_teardown,
2495 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2496 TEST_CASE_ST(ut_setup, ut_teardown,
2497 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2498 TEST_CASE_ST(ut_setup, ut_teardown,
2499 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2500 TEST_CASES_END() /**< NULL terminate unit test array */
2507 return unit_test_suite_runner(&ipsec_testsuite);
2510 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);