1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
10 #include <rte_malloc.h>
11 #include <rte_memcpy.h>
12 #include <rte_cycles.h>
13 #include <rte_bus_vdev.h>
16 #include <rte_crypto.h>
17 #include <rte_cryptodev.h>
18 #include <rte_cryptodev_pmd.h>
19 #include <rte_lcore.h>
20 #include <rte_ipsec.h>
21 #include <rte_random.h>
23 #include <rte_security_driver.h>
26 #include "test_cryptodev.h"
28 #define VDEV_ARGS_SIZE 100
29 #define MAX_NB_SESSIONS 100
31 #define REPLAY_WIN_0 0
32 #define REPLAY_WIN_32 32
33 #define REPLAY_WIN_64 64
34 #define REPLAY_WIN_128 128
35 #define REPLAY_WIN_256 256
36 #define DATA_64_BYTES 64
37 #define DATA_80_BYTES 80
38 #define DATA_100_BYTES 100
40 #define ESN_DISABLED 0
42 #define OUTBOUND_SPI 17
44 #define REORDER_PKTS 1
45 #define DEQUEUE_COUNT 1000
48 enum rte_crypto_sym_xform_type auth;
49 enum rte_crypto_sym_xform_type cipher;
50 enum rte_crypto_sym_xform_type aead;
53 char cipher_algo[128];
57 struct ipsec_testsuite_params {
58 struct rte_mempool *mbuf_pool;
59 struct rte_mempool *cop_mpool;
60 struct rte_cryptodev_config conf;
61 struct rte_cryptodev_qp_conf qp_conf;
64 uint8_t valid_dev_found;
67 struct ipsec_unitest_params {
68 struct rte_crypto_sym_xform cipher_xform;
69 struct rte_crypto_sym_xform auth_xform;
70 struct rte_crypto_sym_xform aead_xform;
71 struct rte_crypto_sym_xform *crypto_xforms;
73 struct rte_security_ipsec_xform ipsec_xform;
75 struct rte_ipsec_sa_prm sa_prm;
76 struct rte_ipsec_session ss[MAX_NB_SAS];
78 struct rte_crypto_op *cop[BURST_SIZE];
80 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
86 struct ipsec_test_cfg {
87 uint32_t replay_win_sz;
92 uint32_t reorder_pkts;
95 static const struct ipsec_test_cfg test_cfg[] = {
97 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
98 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
100 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
101 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
103 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
104 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
105 DATA_80_BYTES, 1, 0},
106 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
109 static const int num_cfg = RTE_DIM(test_cfg);
110 static struct ipsec_testsuite_params testsuite_params = { NULL };
111 static struct ipsec_unitest_params unittest_params;
112 static struct user_params uparams;
114 struct supported_cipher_algo {
116 enum rte_crypto_cipher_algorithm algo;
122 struct supported_auth_algo {
124 enum rte_crypto_auth_algorithm algo;
130 const struct supported_cipher_algo cipher_algos[] = {
133 .algo = RTE_CRYPTO_CIPHER_NULL,
140 const struct supported_auth_algo auth_algos[] = {
143 .algo = RTE_CRYPTO_AUTH_NULL,
151 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
152 struct rte_security_session *sess, struct rte_mempool *mp)
154 RTE_SET_USED(device);
158 sess->sess_private_data = NULL;
163 dummy_sec_destroy(void *device, struct rte_security_session *sess)
165 RTE_SET_USED(device);
170 static const struct rte_security_ops dummy_sec_ops = {
171 .session_create = dummy_sec_create,
172 .session_destroy = dummy_sec_destroy,
175 static struct rte_security_ctx dummy_sec_ctx = {
176 .ops = &dummy_sec_ops,
179 static const struct supported_cipher_algo *
180 find_match_cipher_algo(const char *cipher_keyword)
184 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
185 const struct supported_cipher_algo *algo =
188 if (strcmp(cipher_keyword, algo->keyword) == 0)
195 static const struct supported_auth_algo *
196 find_match_auth_algo(const char *auth_keyword)
200 for (i = 0; i < RTE_DIM(auth_algos); i++) {
201 const struct supported_auth_algo *algo =
204 if (strcmp(auth_keyword, algo->keyword) == 0)
212 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
213 const struct supported_auth_algo *auth_algo,
214 const struct supported_cipher_algo *cipher_algo)
216 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
217 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
218 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
219 ut_params->auth_xform.auth.algo = auth_algo->algo;
221 if (ut_params->ipsec_xform.direction ==
222 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
223 ut_params->cipher_xform.cipher.op =
224 RTE_CRYPTO_CIPHER_OP_DECRYPT;
225 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
226 ut_params->cipher_xform.next = NULL;
227 ut_params->auth_xform.next = &ut_params->cipher_xform;
228 ut_params->crypto_xforms = &ut_params->auth_xform;
230 ut_params->cipher_xform.cipher.op =
231 RTE_CRYPTO_CIPHER_OP_ENCRYPT;
232 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
233 ut_params->auth_xform.next = NULL;
234 ut_params->cipher_xform.next = &ut_params->auth_xform;
235 ut_params->crypto_xforms = &ut_params->cipher_xform;
240 check_cryptodev_capablity(const struct ipsec_unitest_params *ut,
243 struct rte_cryptodev_sym_capability_idx cap_idx;
244 const struct rte_cryptodev_symmetric_capability *cap;
247 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
248 cap_idx.algo.auth = ut->auth_xform.auth.algo;
249 cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
252 rc = rte_cryptodev_sym_capability_check_auth(cap,
253 ut->auth_xform.auth.key.length,
254 ut->auth_xform.auth.digest_length, 0);
256 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
257 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
258 cap = rte_cryptodev_sym_capability_get(
261 rc = rte_cryptodev_sym_capability_check_cipher(
263 ut->cipher_xform.cipher.key.length,
264 ut->cipher_xform.cipher.iv.length);
272 testsuite_setup(void)
274 struct ipsec_testsuite_params *ts_params = &testsuite_params;
275 struct ipsec_unitest_params *ut_params = &unittest_params;
276 const struct supported_auth_algo *auth_algo;
277 const struct supported_cipher_algo *cipher_algo;
278 struct rte_cryptodev_info info;
279 uint32_t i, nb_devs, dev_id;
283 memset(ts_params, 0, sizeof(*ts_params));
284 memset(ut_params, 0, sizeof(*ut_params));
285 memset(&uparams, 0, sizeof(struct user_params));
287 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
288 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
289 uparams.aead = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED;
290 strcpy(uparams.auth_algo, "null");
291 strcpy(uparams.cipher_algo, "null");
293 auth_algo = find_match_auth_algo(uparams.auth_algo);
294 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
295 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
297 nb_devs = rte_cryptodev_count();
299 RTE_LOG(WARNING, USER1, "No crypto devices found?\n");
303 /* Find first valid crypto device */
304 for (i = 0; i < nb_devs; i++) {
305 rc = check_cryptodev_capablity(ut_params, i);
307 ts_params->valid_dev = i;
308 ts_params->valid_dev_found = 1;
313 if (ts_params->valid_dev_found == 0)
316 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
318 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
320 if (ts_params->mbuf_pool == NULL) {
321 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
325 ts_params->cop_mpool = rte_crypto_op_pool_create(
326 "MBUF_CRYPTO_SYM_OP_POOL",
327 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
328 NUM_MBUFS, MBUF_CACHE_SIZE,
330 sizeof(struct rte_crypto_sym_xform) +
333 if (ts_params->cop_mpool == NULL) {
334 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
338 /* Set up all the qps on the first of the valid devices found */
339 dev_id = ts_params->valid_dev;
341 rte_cryptodev_info_get(dev_id, &info);
343 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
344 ts_params->conf.socket_id = SOCKET_ID_ANY;
345 ts_params->conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
347 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
348 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
351 * Create mempools for sessions
353 if (info.sym.max_nb_sessions != 0 &&
354 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
355 RTE_LOG(ERR, USER1, "Device does not support "
356 "at least %u sessions\n",
361 ts_params->qp_conf.mp_session_private = rte_mempool_create(
365 0, 0, NULL, NULL, NULL,
369 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
370 "private session mempool allocation failed");
372 ts_params->qp_conf.mp_session =
373 rte_cryptodev_sym_session_pool_create("test_sess_mp",
374 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
376 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
377 "session mempool allocation failed");
379 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
381 "Failed to configure cryptodev %u with %u qps",
382 dev_id, ts_params->conf.nb_queue_pairs);
384 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
386 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
387 dev_id, 0, &ts_params->qp_conf,
388 rte_cryptodev_socket_id(dev_id)),
389 "Failed to setup queue pair %u on cryptodev %u",
396 testsuite_teardown(void)
398 struct ipsec_testsuite_params *ts_params = &testsuite_params;
400 if (ts_params->mbuf_pool != NULL) {
401 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
402 rte_mempool_avail_count(ts_params->mbuf_pool));
403 rte_mempool_free(ts_params->mbuf_pool);
404 ts_params->mbuf_pool = NULL;
407 if (ts_params->cop_mpool != NULL) {
408 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
409 rte_mempool_avail_count(ts_params->cop_mpool));
410 rte_mempool_free(ts_params->cop_mpool);
411 ts_params->cop_mpool = NULL;
414 /* Free session mempools */
415 if (ts_params->qp_conf.mp_session != NULL) {
416 rte_mempool_free(ts_params->qp_conf.mp_session);
417 ts_params->qp_conf.mp_session = NULL;
420 if (ts_params->qp_conf.mp_session_private != NULL) {
421 rte_mempool_free(ts_params->qp_conf.mp_session_private);
422 ts_params->qp_conf.mp_session_private = NULL;
429 struct ipsec_testsuite_params *ts_params = &testsuite_params;
430 struct ipsec_unitest_params *ut_params = &unittest_params;
432 /* Clear unit test parameters before running test */
433 memset(ut_params, 0, sizeof(*ut_params));
435 /* Reconfigure device to default parameters */
436 ts_params->conf.socket_id = SOCKET_ID_ANY;
438 /* Start the device */
439 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
440 "Failed to start cryptodev %u",
441 ts_params->valid_dev);
449 struct ipsec_testsuite_params *ts_params = &testsuite_params;
450 struct ipsec_unitest_params *ut_params = &unittest_params;
453 for (i = 0; i < BURST_SIZE; i++) {
454 /* free crypto operation structure */
455 if (ut_params->cop[i])
456 rte_crypto_op_free(ut_params->cop[i]);
459 * free mbuf - both obuf and ibuf are usually the same,
460 * so check if they point at the same address is necessary,
461 * to avoid freeing the mbuf twice.
463 if (ut_params->obuf[i]) {
464 rte_pktmbuf_free(ut_params->obuf[i]);
465 if (ut_params->ibuf[i] == ut_params->obuf[i])
466 ut_params->ibuf[i] = 0;
467 ut_params->obuf[i] = 0;
469 if (ut_params->ibuf[i]) {
470 rte_pktmbuf_free(ut_params->ibuf[i]);
471 ut_params->ibuf[i] = 0;
474 if (ut_params->testbuf[i]) {
475 rte_pktmbuf_free(ut_params->testbuf[i]);
476 ut_params->testbuf[i] = 0;
480 if (ts_params->mbuf_pool != NULL)
481 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
482 rte_mempool_avail_count(ts_params->mbuf_pool));
484 /* Stop the device */
485 rte_cryptodev_stop(ts_params->valid_dev);
488 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
490 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
491 1, 2, 3, 4, 5, 6, 7, 8,
492 9, 10, 11, 12, 13, 14, 15, 16,
493 17, 18, 19, 20, 21, 22, 23, 24,
494 25, 26, 27, 28, 29, 30, 31, 32,
495 33, 34, 35, 36, 37, 38, 39, 40,
496 41, 42, 43, 44, 45, 46, 47, 48,
497 49, 50, 51, 52, 53, 54, 55, 56,
498 57, 58, 59, 60, 61, 62, 63, 64,
499 65, 66, 67, 68, 69, 70, 71, 72,
500 73, 74, 75, 76, 77, 78, 79, 80,
501 81, 82, 83, 84, 85, 86, 87, 88,
502 89, 90, 91, 92, 93, 94, 95, 96,
503 97, 98, 99, 100, 101, 102, 103, 104,
504 105, 106, 107, 108, 109, 110, 111, 112,
505 113, 114, 115, 116, 117, 118, 119, 120,
506 121, 122, 123, 124, 125, 126, 127, 128,
507 129, 130, 131, 132, 133, 134, 135, 136,
508 137, 138, 139, 140, 141, 142, 143, 144,
509 145, 146, 147, 148, 149, 150, 151, 152,
510 153, 154, 155, 156, 157, 158, 159, 160,
511 161, 162, 163, 164, 165, 166, 167, 168,
512 169, 170, 171, 172, 173, 174, 175, 176,
513 177, 178, 179, 180, 181, 182, 183, 184,
514 185, 186, 187, 188, 189, 190, 191, 192,
515 193, 194, 195, 196, 197, 198, 199, 200,
516 201, 202, 203, 204, 205, 206, 207, 208,
517 209, 210, 211, 212, 213, 214, 215, 216,
518 217, 218, 219, 220, 221, 222, 223, 224,
519 225, 226, 227, 228, 229, 230, 231, 232,
520 233, 234, 235, 236, 237, 238, 239, 240,
521 241, 242, 243, 244, 245, 246, 247, 248,
522 249, 250, 251, 252, 253, 254, 255,
525 /* ***** data for tests ***** */
527 const char null_plain_data[] =
528 "Network Security People Have A Strange Sense Of Humor unlike Other "
529 "People who have a normal sense of humour";
531 const char null_encrypted_data[] =
532 "Network Security People Have A Strange Sense Of Humor unlike Other "
533 "People who have a normal sense of humour";
535 struct rte_ipv4_hdr ipv4_outer = {
536 .version_ihl = IPVERSION << 4 |
537 sizeof(ipv4_outer) / RTE_IPV4_IHL_MULTIPLIER,
538 .time_to_live = IPDEFTTL,
539 .next_proto_id = IPPROTO_ESP,
540 .src_addr = RTE_IPV4(192, 168, 1, 100),
541 .dst_addr = RTE_IPV4(192, 168, 2, 100),
544 static struct rte_mbuf *
545 setup_test_string(struct rte_mempool *mpool,
546 const char *string, size_t len, uint8_t blocksize)
548 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
549 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
552 memset(m->buf_addr, 0, m->buf_len);
553 char *dst = rte_pktmbuf_append(m, t_len);
560 rte_memcpy(dst, string, t_len);
562 memset(dst, 0, t_len);
568 static struct rte_mbuf *
569 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
570 size_t len, uint32_t spi, uint32_t seq)
572 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
573 uint32_t hdrlen = sizeof(struct rte_ipv4_hdr) +
574 sizeof(struct rte_esp_hdr);
575 uint32_t taillen = sizeof(struct esp_tail);
576 uint32_t t_len = len + hdrlen + taillen;
579 struct rte_esp_hdr esph = {
580 .spi = rte_cpu_to_be_32(spi),
581 .seq = rte_cpu_to_be_32(seq)
584 padlen = RTE_ALIGN(t_len, 4) - t_len;
587 struct esp_tail espt = {
589 .next_proto = IPPROTO_IPIP,
595 memset(m->buf_addr, 0, m->buf_len);
596 char *dst = rte_pktmbuf_append(m, t_len);
602 /* copy outer IP and ESP header */
603 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
604 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
605 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
606 dst += sizeof(ipv4_outer);
607 m->l3_len = sizeof(ipv4_outer);
608 rte_memcpy(dst, &esph, sizeof(esph));
611 if (string != NULL) {
613 rte_memcpy(dst, string, len);
616 rte_memcpy(dst, esp_pad_bytes, padlen);
618 /* copy ESP tail header */
619 rte_memcpy(dst, &espt, sizeof(espt));
621 memset(dst, 0, t_len);
627 create_dummy_sec_session(struct ipsec_unitest_params *ut,
628 struct rte_cryptodev_qp_conf *qp, uint32_t j)
630 static struct rte_security_session_conf conf;
632 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
633 &conf, qp->mp_session_private);
635 if (ut->ss[j].security.ses == NULL)
638 ut->ss[j].security.ctx = &dummy_sec_ctx;
639 ut->ss[j].security.ol_flags = 0;
644 create_crypto_session(struct ipsec_unitest_params *ut,
645 struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
648 struct rte_cryptodev_sym_session *s;
650 s = rte_cryptodev_sym_session_create(qp->mp_session);
654 /* initiliaze SA crypto session for device */
655 rc = rte_cryptodev_sym_session_init(dev_id, s,
656 ut->crypto_xforms, qp->mp_session_private);
658 ut->ss[j].crypto.ses = s;
661 /* failure, do cleanup */
662 rte_cryptodev_sym_session_clear(dev_id, s);
663 rte_cryptodev_sym_session_free(s);
669 create_session(struct ipsec_unitest_params *ut,
670 struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
672 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
673 return create_crypto_session(ut, qp, crypto_dev, j);
675 return create_dummy_sec_session(ut, qp, j);
679 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
681 struct ipsec_unitest_params *ut_params = &unittest_params;
682 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
683 const struct supported_auth_algo *auth_algo;
684 const struct supported_cipher_algo *cipher_algo;
686 memset(prm, 0, sizeof(*prm));
690 prm->replay_win_sz = replay_win_sz;
692 /* setup ipsec xform */
693 prm->ipsec_xform = ut_params->ipsec_xform;
694 prm->ipsec_xform.salt = (uint32_t)rte_rand();
696 /* setup tunnel related fields */
697 prm->tun.hdr_len = sizeof(ipv4_outer);
698 prm->tun.next_proto = IPPROTO_IPIP;
699 prm->tun.hdr = &ipv4_outer;
701 /* setup crypto section */
702 if (uparams.aead != 0) {
703 /* TODO: will need to fill out with other test cases */
705 if (uparams.auth == 0 && uparams.cipher == 0)
708 auth_algo = find_match_auth_algo(uparams.auth_algo);
709 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
711 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
714 prm->crypto_xform = ut_params->crypto_xforms;
719 create_sa(enum rte_security_session_action_type action_type,
720 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
722 struct ipsec_testsuite_params *ts = &testsuite_params;
723 struct ipsec_unitest_params *ut = &unittest_params;
727 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
729 rc = fill_ipsec_param(replay_win_sz, flags);
733 /* create rte_ipsec_sa*/
734 sz = rte_ipsec_sa_size(&ut->sa_prm);
735 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
737 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
738 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
739 "failed to allocate memory for rte_ipsec_sa\n");
741 ut->ss[j].type = action_type;
742 rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
746 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
747 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
749 rc = rte_ipsec_session_prepare(&ut->ss[j]);
755 crypto_dequeue_burst(uint16_t num_pkts)
757 struct ipsec_testsuite_params *ts_params = &testsuite_params;
758 struct ipsec_unitest_params *ut_params = &unittest_params;
762 for (i = 0, pkt_cnt = 0;
763 i < DEQUEUE_COUNT && pkt_cnt != num_pkts; i++) {
764 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
765 &ut_params->cop[pkt_cnt], num_pkts - pkt_cnt);
770 if (pkt_cnt != num_pkts) {
771 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
778 crypto_ipsec(uint16_t num_pkts)
780 struct ipsec_testsuite_params *ts_params = &testsuite_params;
781 struct ipsec_unitest_params *ut_params = &unittest_params;
783 struct rte_ipsec_group grp[1];
785 /* call crypto prepare */
786 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
787 ut_params->cop, num_pkts);
789 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
793 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
794 ut_params->cop, num_pkts);
796 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
800 if (crypto_dequeue_burst(num_pkts) == TEST_FAILED)
803 ng = rte_ipsec_pkt_crypto_group(
804 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
805 ut_params->obuf, grp, num_pkts);
807 grp[0].m[0] != ut_params->obuf[0] ||
808 grp[0].cnt != num_pkts ||
809 grp[0].id.ptr != &ut_params->ss[0]) {
810 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
814 /* call crypto process */
815 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
817 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
825 lksd_proto_ipsec(uint16_t num_pkts)
827 struct ipsec_unitest_params *ut_params = &unittest_params;
829 struct rte_ipsec_group grp[1];
831 /* call crypto prepare */
832 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
833 ut_params->cop, num_pkts);
835 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
839 /* check crypto ops */
840 for (i = 0; i != num_pkts; i++) {
841 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
842 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
843 "%s: invalid crypto op type for %u-th packet\n",
845 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
846 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
847 "%s: invalid crypto op status for %u-th packet\n",
849 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
850 RTE_CRYPTO_OP_SECURITY_SESSION,
851 "%s: invalid crypto op sess_type for %u-th packet\n",
853 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
855 "%s: invalid crypto op m_src for %u-th packet\n",
859 /* update crypto ops, pretend all finished ok */
860 for (i = 0; i != num_pkts; i++)
861 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
863 ng = rte_ipsec_pkt_crypto_group(
864 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
865 ut_params->obuf, grp, num_pkts);
867 grp[0].m[0] != ut_params->obuf[0] ||
868 grp[0].cnt != num_pkts ||
869 grp[0].id.ptr != &ut_params->ss[0]) {
870 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
874 /* call crypto process */
875 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
877 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
885 crypto_ipsec_2sa(void)
887 struct ipsec_testsuite_params *ts_params = &testsuite_params;
888 struct ipsec_unitest_params *ut_params = &unittest_params;
889 struct rte_ipsec_group grp[BURST_SIZE];
890 uint32_t k, ng, i, r;
892 for (i = 0; i < BURST_SIZE; i++) {
894 /* call crypto prepare */
895 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
896 ut_params->ibuf + i, ut_params->cop + i, 1);
899 "rte_ipsec_pkt_crypto_prepare fail\n");
902 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
903 ut_params->cop + i, 1);
906 "rte_cryptodev_enqueue_burst fail\n");
911 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
914 ng = rte_ipsec_pkt_crypto_group(
915 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
916 ut_params->obuf, grp, BURST_SIZE);
917 if (ng != BURST_SIZE) {
918 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
923 /* call crypto process */
924 for (i = 0; i < ng; i++) {
925 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
926 if (k != grp[i].cnt) {
927 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
939 crypto_ipsec_4grp(uint32_t pkt_num)
943 /* group packets in 4 different size groups groups, 2 per SA */
946 else if (pkt_num < PKT_12)
948 else if (pkt_num < PKT_21)
957 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
959 struct ipsec_unitest_params *ut_params = &unittest_params;
964 for (i = 0, j = 0; i < PKT_4; i++, j++)
965 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
969 } else if (grp_ind == 1) {
970 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
971 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
976 } else if (grp_ind == 2) {
977 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
978 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
982 } else if (grp_ind == 3) {
983 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
984 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
995 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
1000 if (grp[grp_ind].cnt != PKT_4)
1002 } else if (grp_ind == 1) {
1003 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
1005 } else if (grp_ind == 2) {
1006 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
1008 } else if (grp_ind == 3) {
1009 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1018 crypto_ipsec_2sa_4grp(void)
1020 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1021 struct ipsec_unitest_params *ut_params = &unittest_params;
1022 struct rte_ipsec_group grp[BURST_SIZE];
1023 uint32_t k, ng, i, j;
1026 for (i = 0; i < BURST_SIZE; i++) {
1027 j = crypto_ipsec_4grp(i);
1029 /* call crypto prepare */
1030 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1031 ut_params->ibuf + i, ut_params->cop + i, 1);
1034 "rte_ipsec_pkt_crypto_prepare fail\n");
1037 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1038 ut_params->cop + i, 1);
1041 "rte_cryptodev_enqueue_burst fail\n");
1046 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
1049 ng = rte_ipsec_pkt_crypto_group(
1050 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1051 ut_params->obuf, grp, BURST_SIZE);
1053 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1058 /* call crypto process */
1059 for (i = 0; i < ng; i++) {
1060 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1061 if (k != grp[i].cnt) {
1062 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
1065 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1068 "crypto_ipsec_4grp_check_cnt fail\n");
1071 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1074 "crypto_ipsec_4grp_check_mbufs fail\n");
1078 return TEST_SUCCESS;
1082 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1084 struct ipsec_unitest_params *ut_params = &unittest_params;
1085 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1088 /* reorder packets and create gaps in sequence numbers */
1089 static const uint32_t reorder[BURST_SIZE] = {
1090 24, 25, 26, 27, 28, 29, 30, 31,
1091 16, 17, 18, 19, 20, 21, 22, 23,
1092 8, 9, 10, 11, 12, 13, 14, 15,
1093 0, 1, 2, 3, 4, 5, 6, 7,
1096 if (num_pkts != BURST_SIZE)
1099 for (j = 0; j != BURST_SIZE; j++)
1100 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1102 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1106 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1108 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1109 struct ipsec_unitest_params *ut_params = &unittest_params;
1113 for (j = 0; j < num_pkts && rc == 0; j++) {
1114 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1115 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1116 if (ut_params->cop[j] == NULL) {
1118 "Failed to allocate symmetric crypto op\n");
1127 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1129 uint16_t j = ut_params->pkt_index;
1131 printf("\ntest config: num %d\n", i);
1132 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1133 printf(" esn %u\n", test_cfg[i].esn);
1134 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1135 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1136 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1138 if (ut_params->ibuf[j]) {
1139 printf("ibuf[%u] data:\n", j);
1140 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1141 ut_params->ibuf[j]->data_len);
1143 if (ut_params->obuf[j]) {
1144 printf("obuf[%u] data:\n", j);
1145 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1146 ut_params->obuf[j]->data_len);
1148 if (ut_params->testbuf[j]) {
1149 printf("testbuf[%u] data:\n", j);
1150 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1151 ut_params->testbuf[j]->data_len);
1156 destroy_sa(uint32_t j)
1158 struct ipsec_unitest_params *ut = &unittest_params;
1160 rte_ipsec_sa_fini(ut->ss[j].sa);
1161 rte_free(ut->ss[j].sa);
1162 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1163 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1167 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1172 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1173 ut_params->pkt_index = j;
1175 /* compare the data buffers */
1176 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1177 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1179 "input and output data does not match\n");
1180 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1181 ut_params->obuf[j]->pkt_len,
1182 "data_len is not equal to pkt_len");
1183 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1185 "data_len is not equal to input data");
1192 test_ipsec_crypto_inb_burst_null_null(int i)
1194 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1195 struct ipsec_unitest_params *ut_params = &unittest_params;
1196 uint16_t num_pkts = test_cfg[i].num_pkts;
1200 /* create rte_ipsec_sa */
1201 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1202 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1204 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1209 /* Generate test mbuf data */
1210 for (j = 0; j < num_pkts && rc == 0; j++) {
1211 /* packet with sequence number 0 is invalid */
1212 ut_params->ibuf[j] = setup_test_string_tunneled(
1213 ts_params->mbuf_pool, null_encrypted_data,
1214 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1215 if (ut_params->ibuf[j] == NULL)
1220 if (test_cfg[i].reorder_pkts)
1221 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1222 rc = test_ipsec_crypto_op_alloc(num_pkts);
1226 /* call ipsec library api */
1227 rc = crypto_ipsec(num_pkts);
1229 rc = crypto_inb_burst_null_null_check(
1230 ut_params, i, num_pkts);
1232 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1238 if (rc == TEST_FAILED)
1239 test_ipsec_dump_buffers(ut_params, i);
1246 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1250 struct ipsec_unitest_params *ut_params = &unittest_params;
1252 ut_params->ipsec_xform.spi = INBOUND_SPI;
1253 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1254 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1255 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1256 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1258 for (i = 0; i < num_cfg && rc == 0; i++) {
1259 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1260 rc = test_ipsec_crypto_inb_burst_null_null(i);
1267 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1274 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1275 ut_params->pkt_index = j;
1277 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1278 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1279 /* compare the buffer data */
1280 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1281 ut_params->obuf[j]->pkt_len,
1282 "test and output data does not match\n");
1283 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1284 ut_params->testbuf[j]->data_len,
1285 "obuf data_len is not equal to testbuf data_len");
1286 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1287 ut_params->testbuf[j]->pkt_len,
1288 "obuf pkt_len is not equal to testbuf pkt_len");
1295 test_ipsec_crypto_outb_burst_null_null(int i)
1297 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1298 struct ipsec_unitest_params *ut_params = &unittest_params;
1299 uint16_t num_pkts = test_cfg[i].num_pkts;
1303 /* create rte_ipsec_sa*/
1304 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1305 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1307 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1312 /* Generate input mbuf data */
1313 for (j = 0; j < num_pkts && rc == 0; j++) {
1314 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1315 null_plain_data, test_cfg[i].pkt_sz, 0);
1316 if (ut_params->ibuf[j] == NULL)
1319 /* Generate test mbuf data */
1320 /* packet with sequence number 0 is invalid */
1321 ut_params->testbuf[j] = setup_test_string_tunneled(
1322 ts_params->mbuf_pool,
1323 null_plain_data, test_cfg[i].pkt_sz,
1324 OUTBOUND_SPI, j + 1);
1325 if (ut_params->testbuf[j] == NULL)
1331 rc = test_ipsec_crypto_op_alloc(num_pkts);
1334 /* call ipsec library api */
1335 rc = crypto_ipsec(num_pkts);
1337 rc = crypto_outb_burst_null_null_check(ut_params,
1340 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1344 if (rc == TEST_FAILED)
1345 test_ipsec_dump_buffers(ut_params, i);
1352 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1356 struct ipsec_unitest_params *ut_params = &unittest_params;
1358 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1359 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1360 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1361 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1362 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1364 for (i = 0; i < num_cfg && rc == 0; i++) {
1365 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1366 rc = test_ipsec_crypto_outb_burst_null_null(i);
1373 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1380 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1381 ut_params->pkt_index = j;
1383 /* compare the buffer data */
1384 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1385 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1387 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1388 ut_params->ibuf[j]->data_len,
1389 "input and output data does not match\n");
1390 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1391 ut_params->obuf[j]->data_len,
1392 "ibuf data_len is not equal to obuf data_len");
1393 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1394 ut_params->obuf[j]->pkt_len,
1395 "ibuf pkt_len is not equal to obuf pkt_len");
1396 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1398 "data_len is not equal input data");
1404 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1406 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1407 struct ipsec_unitest_params *ut_params = &unittest_params;
1408 uint16_t num_pkts = test_cfg[i].num_pkts;
1413 /* create rte_ipsec_sa*/
1414 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1415 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1417 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1422 /* Generate inbound mbuf data */
1423 for (j = 0; j < num_pkts && rc == 0; j++) {
1424 ut_params->ibuf[j] = setup_test_string_tunneled(
1425 ts_params->mbuf_pool,
1426 null_plain_data, test_cfg[i].pkt_sz,
1427 INBOUND_SPI, j + 1);
1428 if (ut_params->ibuf[j] == NULL)
1431 /* Generate test mbuf data */
1432 ut_params->obuf[j] = setup_test_string(
1433 ts_params->mbuf_pool,
1434 null_plain_data, test_cfg[i].pkt_sz, 0);
1435 if (ut_params->obuf[j] == NULL)
1441 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1444 rc = inline_inb_burst_null_null_check(ut_params, i,
1448 "rte_ipsec_pkt_process failed, cfg %d\n",
1454 if (rc == TEST_FAILED)
1455 test_ipsec_dump_buffers(ut_params, i);
1462 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1466 struct ipsec_unitest_params *ut_params = &unittest_params;
1468 ut_params->ipsec_xform.spi = INBOUND_SPI;
1469 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1470 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1471 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1472 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1474 for (i = 0; i < num_cfg && rc == 0; i++) {
1475 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1476 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1483 test_ipsec_inline_proto_inb_burst_null_null(int i)
1485 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1486 struct ipsec_unitest_params *ut_params = &unittest_params;
1487 uint16_t num_pkts = test_cfg[i].num_pkts;
1492 /* create rte_ipsec_sa*/
1493 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1494 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1496 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1501 /* Generate inbound mbuf data */
1502 for (j = 0; j < num_pkts && rc == 0; j++) {
1503 ut_params->ibuf[j] = setup_test_string(
1504 ts_params->mbuf_pool,
1505 null_plain_data, test_cfg[i].pkt_sz, 0);
1506 if (ut_params->ibuf[j] == NULL)
1509 /* Generate test mbuf data */
1510 ut_params->obuf[j] = setup_test_string(
1511 ts_params->mbuf_pool,
1512 null_plain_data, test_cfg[i].pkt_sz, 0);
1513 if (ut_params->obuf[j] == NULL)
1519 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1522 rc = inline_inb_burst_null_null_check(ut_params, i,
1526 "rte_ipsec_pkt_process failed, cfg %d\n",
1532 if (rc == TEST_FAILED)
1533 test_ipsec_dump_buffers(ut_params, i);
1540 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1544 struct ipsec_unitest_params *ut_params = &unittest_params;
1546 ut_params->ipsec_xform.spi = INBOUND_SPI;
1547 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1548 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1549 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1550 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1552 for (i = 0; i < num_cfg && rc == 0; i++) {
1553 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1554 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1561 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1568 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1569 ut_params->pkt_index = j;
1571 /* compare the buffer data */
1572 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1573 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1574 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1575 ut_params->ibuf[j]->data_len,
1576 "input and output data does not match\n");
1577 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1578 ut_params->obuf[j]->data_len,
1579 "ibuf data_len is not equal to obuf data_len");
1580 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1581 ut_params->obuf[j]->pkt_len,
1582 "ibuf pkt_len is not equal to obuf pkt_len");
1584 /* check mbuf ol_flags */
1585 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1586 "ibuf PKT_TX_SEC_OFFLOAD is not set");
1592 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1594 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1595 struct ipsec_unitest_params *ut_params = &unittest_params;
1596 uint16_t num_pkts = test_cfg[i].num_pkts;
1601 /* create rte_ipsec_sa */
1602 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1603 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1605 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1610 /* Generate test mbuf data */
1611 for (j = 0; j < num_pkts && rc == 0; j++) {
1612 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1613 null_plain_data, test_cfg[i].pkt_sz, 0);
1614 if (ut_params->ibuf[0] == NULL)
1618 /* Generate test tunneled mbuf data for comparison */
1619 ut_params->obuf[j] = setup_test_string_tunneled(
1620 ts_params->mbuf_pool,
1621 null_plain_data, test_cfg[i].pkt_sz,
1622 OUTBOUND_SPI, j + 1);
1623 if (ut_params->obuf[j] == NULL)
1629 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1632 rc = inline_outb_burst_null_null_check(ut_params,
1636 "rte_ipsec_pkt_process failed, cfg %d\n",
1642 if (rc == TEST_FAILED)
1643 test_ipsec_dump_buffers(ut_params, i);
1650 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1654 struct ipsec_unitest_params *ut_params = &unittest_params;
1656 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1657 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1658 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1659 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1660 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1662 for (i = 0; i < num_cfg && rc == 0; i++) {
1663 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1664 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1671 test_ipsec_inline_proto_outb_burst_null_null(int i)
1673 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1674 struct ipsec_unitest_params *ut_params = &unittest_params;
1675 uint16_t num_pkts = test_cfg[i].num_pkts;
1680 /* create rte_ipsec_sa */
1681 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1682 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1684 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1689 /* Generate test mbuf data */
1690 for (j = 0; j < num_pkts && rc == 0; j++) {
1691 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1692 null_plain_data, test_cfg[i].pkt_sz, 0);
1693 if (ut_params->ibuf[0] == NULL)
1697 /* Generate test tunneled mbuf data for comparison */
1698 ut_params->obuf[j] = setup_test_string(
1699 ts_params->mbuf_pool,
1700 null_plain_data, test_cfg[i].pkt_sz, 0);
1701 if (ut_params->obuf[j] == NULL)
1707 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1710 rc = inline_outb_burst_null_null_check(ut_params,
1714 "rte_ipsec_pkt_process failed, cfg %d\n",
1720 if (rc == TEST_FAILED)
1721 test_ipsec_dump_buffers(ut_params, i);
1728 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1732 struct ipsec_unitest_params *ut_params = &unittest_params;
1734 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1735 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1736 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1737 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1738 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1740 for (i = 0; i < num_cfg && rc == 0; i++) {
1741 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1742 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1749 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1751 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1752 struct ipsec_unitest_params *ut_params = &unittest_params;
1753 uint16_t num_pkts = test_cfg[i].num_pkts;
1757 /* create rte_ipsec_sa */
1758 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1759 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1761 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1766 /* Generate test mbuf data */
1767 for (j = 0; j < num_pkts && rc == 0; j++) {
1768 /* packet with sequence number 0 is invalid */
1769 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1770 null_encrypted_data, test_cfg[i].pkt_sz, 0);
1771 if (ut_params->ibuf[j] == NULL)
1776 if (test_cfg[i].reorder_pkts)
1777 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1778 rc = test_ipsec_crypto_op_alloc(num_pkts);
1782 /* call ipsec library api */
1783 rc = lksd_proto_ipsec(num_pkts);
1785 rc = crypto_inb_burst_null_null_check(ut_params, i,
1788 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1794 if (rc == TEST_FAILED)
1795 test_ipsec_dump_buffers(ut_params, i);
1802 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1806 struct ipsec_unitest_params *ut_params = &unittest_params;
1808 ut_params->ipsec_xform.spi = INBOUND_SPI;
1809 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1810 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1811 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1812 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1814 for (i = 0; i < num_cfg && rc == 0; i++) {
1815 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1816 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1823 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1827 struct ipsec_unitest_params *ut_params = &unittest_params;
1829 ut_params->ipsec_xform.spi = INBOUND_SPI;
1830 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1831 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1832 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1833 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1835 for (i = 0; i < num_cfg && rc == 0; i++) {
1836 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1837 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1844 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1849 for (j = 0; j < num_pkts; j++) {
1850 /* compare the buffer data */
1851 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1852 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1854 "input and output data does not match\n");
1856 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1857 ut_params->obuf[j]->pkt_len,
1858 "data_len is not equal to pkt_len");
1865 test_ipsec_replay_inb_inside_null_null(int i)
1867 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1868 struct ipsec_unitest_params *ut_params = &unittest_params;
1871 /* create rte_ipsec_sa*/
1872 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1873 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1875 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1880 /* Generate inbound mbuf data */
1881 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1882 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1883 if (ut_params->ibuf[0] == NULL)
1886 rc = test_ipsec_crypto_op_alloc(1);
1889 /* call ipsec library api */
1890 rc = crypto_ipsec(1);
1892 rc = replay_inb_null_null_check(ut_params, i, 1);
1894 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1900 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1901 /* generate packet with seq number inside the replay window */
1902 if (ut_params->ibuf[0]) {
1903 rte_pktmbuf_free(ut_params->ibuf[0]);
1904 ut_params->ibuf[0] = 0;
1907 ut_params->ibuf[0] = setup_test_string_tunneled(
1908 ts_params->mbuf_pool, null_encrypted_data,
1909 test_cfg[i].pkt_sz, INBOUND_SPI,
1910 test_cfg[i].replay_win_sz);
1911 if (ut_params->ibuf[0] == NULL)
1914 rc = test_ipsec_crypto_op_alloc(1);
1917 /* call ipsec library api */
1918 rc = crypto_ipsec(1);
1920 rc = replay_inb_null_null_check(
1923 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1929 if (rc == TEST_FAILED)
1930 test_ipsec_dump_buffers(ut_params, i);
1938 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1942 struct ipsec_unitest_params *ut_params = &unittest_params;
1944 ut_params->ipsec_xform.spi = INBOUND_SPI;
1945 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1946 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1947 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1948 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1950 for (i = 0; i < num_cfg && rc == 0; i++) {
1951 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1952 rc = test_ipsec_replay_inb_inside_null_null(i);
1959 test_ipsec_replay_inb_outside_null_null(int i)
1961 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1962 struct ipsec_unitest_params *ut_params = &unittest_params;
1965 /* create rte_ipsec_sa */
1966 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1967 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1969 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1974 /* Generate test mbuf data */
1975 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1976 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
1977 test_cfg[i].replay_win_sz + 2);
1978 if (ut_params->ibuf[0] == NULL)
1981 rc = test_ipsec_crypto_op_alloc(1);
1984 /* call ipsec library api */
1985 rc = crypto_ipsec(1);
1987 rc = replay_inb_null_null_check(ut_params, i, 1);
1989 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1995 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1996 /* generate packet with seq number outside the replay window */
1997 if (ut_params->ibuf[0]) {
1998 rte_pktmbuf_free(ut_params->ibuf[0]);
1999 ut_params->ibuf[0] = 0;
2001 ut_params->ibuf[0] = setup_test_string_tunneled(
2002 ts_params->mbuf_pool, null_encrypted_data,
2003 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2004 if (ut_params->ibuf[0] == NULL)
2007 rc = test_ipsec_crypto_op_alloc(1);
2010 /* call ipsec library api */
2011 rc = crypto_ipsec(1);
2013 if (test_cfg[i].esn == 0) {
2015 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2017 test_cfg[i].replay_win_sz + 2,
2023 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2024 i, test_cfg[i].replay_win_sz + 2, 1);
2030 if (rc == TEST_FAILED)
2031 test_ipsec_dump_buffers(ut_params, i);
2039 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2043 struct ipsec_unitest_params *ut_params = &unittest_params;
2045 ut_params->ipsec_xform.spi = INBOUND_SPI;
2046 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2047 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2048 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2049 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2051 for (i = 0; i < num_cfg && rc == 0; i++) {
2052 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2053 rc = test_ipsec_replay_inb_outside_null_null(i);
2060 test_ipsec_replay_inb_repeat_null_null(int i)
2062 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2063 struct ipsec_unitest_params *ut_params = &unittest_params;
2066 /* create rte_ipsec_sa */
2067 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2068 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2070 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n", i);
2074 /* Generate test mbuf data */
2075 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2076 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2077 if (ut_params->ibuf[0] == NULL)
2080 rc = test_ipsec_crypto_op_alloc(1);
2083 /* call ipsec library api */
2084 rc = crypto_ipsec(1);
2086 rc = replay_inb_null_null_check(ut_params, i, 1);
2088 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2094 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2096 * generate packet with repeat seq number in the replay
2099 if (ut_params->ibuf[0]) {
2100 rte_pktmbuf_free(ut_params->ibuf[0]);
2101 ut_params->ibuf[0] = 0;
2104 ut_params->ibuf[0] = setup_test_string_tunneled(
2105 ts_params->mbuf_pool, null_encrypted_data,
2106 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2107 if (ut_params->ibuf[0] == NULL)
2110 rc = test_ipsec_crypto_op_alloc(1);
2113 /* call ipsec library api */
2114 rc = crypto_ipsec(1);
2117 "packet is not repeated in the replay window, cfg %d seq %u\n",
2122 "packet is repeated in the replay window, cfg %d seq %u\n",
2129 if (rc == TEST_FAILED)
2130 test_ipsec_dump_buffers(ut_params, i);
2138 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2142 struct ipsec_unitest_params *ut_params = &unittest_params;
2144 ut_params->ipsec_xform.spi = INBOUND_SPI;
2145 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2146 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2147 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2148 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2150 for (i = 0; i < num_cfg && rc == 0; i++) {
2151 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2152 rc = test_ipsec_replay_inb_repeat_null_null(i);
2159 test_ipsec_replay_inb_inside_burst_null_null(int i)
2161 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2162 struct ipsec_unitest_params *ut_params = &unittest_params;
2163 uint16_t num_pkts = test_cfg[i].num_pkts;
2167 /* create rte_ipsec_sa*/
2168 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2169 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2171 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2176 /* Generate inbound mbuf data */
2177 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2178 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2179 if (ut_params->ibuf[0] == NULL)
2182 rc = test_ipsec_crypto_op_alloc(1);
2185 /* call ipsec library api */
2186 rc = crypto_ipsec(1);
2188 rc = replay_inb_null_null_check(ut_params, i, 1);
2190 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2196 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2198 * generate packet(s) with seq number(s) inside the
2201 if (ut_params->ibuf[0]) {
2202 rte_pktmbuf_free(ut_params->ibuf[0]);
2203 ut_params->ibuf[0] = 0;
2206 for (j = 0; j < num_pkts && rc == 0; j++) {
2207 /* packet with sequence number 1 already processed */
2208 ut_params->ibuf[j] = setup_test_string_tunneled(
2209 ts_params->mbuf_pool, null_encrypted_data,
2210 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2211 if (ut_params->ibuf[j] == NULL)
2216 if (test_cfg[i].reorder_pkts)
2217 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2218 rc = test_ipsec_crypto_op_alloc(num_pkts);
2222 /* call ipsec library api */
2223 rc = crypto_ipsec(num_pkts);
2225 rc = replay_inb_null_null_check(
2226 ut_params, i, num_pkts);
2228 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2234 if (rc == TEST_FAILED)
2235 test_ipsec_dump_buffers(ut_params, i);
2243 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2247 struct ipsec_unitest_params *ut_params = &unittest_params;
2249 ut_params->ipsec_xform.spi = INBOUND_SPI;
2250 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2251 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2252 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2253 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2255 for (i = 0; i < num_cfg && rc == 0; i++) {
2256 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2257 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2265 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2270 for (j = 0; j < BURST_SIZE; j++) {
2271 ut_params->pkt_index = j;
2273 /* compare the data buffers */
2274 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2275 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2277 "input and output data does not match\n");
2278 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2279 ut_params->obuf[j]->pkt_len,
2280 "data_len is not equal to pkt_len");
2281 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2283 "data_len is not equal to input data");
2290 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2292 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2293 struct ipsec_unitest_params *ut_params = &unittest_params;
2294 uint16_t num_pkts = test_cfg[i].num_pkts;
2298 if (num_pkts != BURST_SIZE)
2301 /* create rte_ipsec_sa */
2302 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2303 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2305 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2310 /* create second rte_ipsec_sa */
2311 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2312 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2313 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2315 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2321 /* Generate test mbuf data */
2322 for (j = 0; j < num_pkts && rc == 0; j++) {
2324 /* packet with sequence number 0 is invalid */
2325 ut_params->ibuf[j] = setup_test_string_tunneled(
2326 ts_params->mbuf_pool, null_encrypted_data,
2327 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2328 if (ut_params->ibuf[j] == NULL)
2333 rc = test_ipsec_crypto_op_alloc(num_pkts);
2336 /* call ipsec library api */
2337 rc = crypto_ipsec_2sa();
2339 rc = crypto_inb_burst_2sa_null_null_check(
2342 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2348 if (rc == TEST_FAILED)
2349 test_ipsec_dump_buffers(ut_params, i);
2357 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2361 struct ipsec_unitest_params *ut_params = &unittest_params;
2363 ut_params->ipsec_xform.spi = INBOUND_SPI;
2364 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2365 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2366 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2367 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2369 for (i = 0; i < num_cfg && rc == 0; i++) {
2370 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2371 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2378 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2380 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2381 struct ipsec_unitest_params *ut_params = &unittest_params;
2382 uint16_t num_pkts = test_cfg[i].num_pkts;
2386 if (num_pkts != BURST_SIZE)
2389 /* create rte_ipsec_sa */
2390 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2391 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2393 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2398 /* create second rte_ipsec_sa */
2399 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2400 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2401 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2403 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2409 /* Generate test mbuf data */
2410 for (j = 0; j < num_pkts && rc == 0; j++) {
2411 k = crypto_ipsec_4grp(j);
2413 /* packet with sequence number 0 is invalid */
2414 ut_params->ibuf[j] = setup_test_string_tunneled(
2415 ts_params->mbuf_pool, null_encrypted_data,
2416 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2417 if (ut_params->ibuf[j] == NULL)
2422 rc = test_ipsec_crypto_op_alloc(num_pkts);
2425 /* call ipsec library api */
2426 rc = crypto_ipsec_2sa_4grp();
2428 rc = crypto_inb_burst_2sa_null_null_check(
2431 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2437 if (rc == TEST_FAILED)
2438 test_ipsec_dump_buffers(ut_params, i);
2446 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2450 struct ipsec_unitest_params *ut_params = &unittest_params;
2452 ut_params->ipsec_xform.spi = INBOUND_SPI;
2453 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2454 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2455 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2456 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2458 for (i = 0; i < num_cfg && rc == 0; i++) {
2459 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2460 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2466 static struct unit_test_suite ipsec_testsuite = {
2467 .suite_name = "IPsec NULL Unit Test Suite",
2468 .setup = testsuite_setup,
2469 .teardown = testsuite_teardown,
2470 .unit_test_cases = {
2471 TEST_CASE_ST(ut_setup, ut_teardown,
2472 test_ipsec_crypto_inb_burst_null_null_wrapper),
2473 TEST_CASE_ST(ut_setup, ut_teardown,
2474 test_ipsec_crypto_outb_burst_null_null_wrapper),
2475 TEST_CASE_ST(ut_setup, ut_teardown,
2476 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2477 TEST_CASE_ST(ut_setup, ut_teardown,
2478 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2479 TEST_CASE_ST(ut_setup, ut_teardown,
2480 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2481 TEST_CASE_ST(ut_setup, ut_teardown,
2482 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2483 TEST_CASE_ST(ut_setup, ut_teardown,
2484 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2485 TEST_CASE_ST(ut_setup, ut_teardown,
2486 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2487 TEST_CASE_ST(ut_setup, ut_teardown,
2488 test_ipsec_replay_inb_inside_null_null_wrapper),
2489 TEST_CASE_ST(ut_setup, ut_teardown,
2490 test_ipsec_replay_inb_outside_null_null_wrapper),
2491 TEST_CASE_ST(ut_setup, ut_teardown,
2492 test_ipsec_replay_inb_repeat_null_null_wrapper),
2493 TEST_CASE_ST(ut_setup, ut_teardown,
2494 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2495 TEST_CASE_ST(ut_setup, ut_teardown,
2496 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2497 TEST_CASE_ST(ut_setup, ut_teardown,
2498 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2499 TEST_CASES_END() /**< NULL terminate unit test array */
2506 return unit_test_suite_runner(&ipsec_testsuite);
2509 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);
git.droids-corp.org / dpdk.git / blob