1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
10 #include <rte_malloc.h>
11 #include <rte_memcpy.h>
12 #include <rte_cycles.h>
13 #include <rte_bus_vdev.h>
16 #include <rte_crypto.h>
17 #include <rte_cryptodev.h>
18 #include <rte_cryptodev_pmd.h>
19 #include <rte_lcore.h>
20 #include <rte_ipsec.h>
21 #include <rte_random.h>
23 #include <rte_security_driver.h>
26 #include "test_cryptodev.h"
28 #define VDEV_ARGS_SIZE 100
29 #define MAX_NB_SESSIONS 100
31 #define REPLAY_WIN_0 0
32 #define REPLAY_WIN_32 32
33 #define REPLAY_WIN_64 64
34 #define REPLAY_WIN_128 128
35 #define REPLAY_WIN_256 256
36 #define DATA_64_BYTES 64
37 #define DATA_80_BYTES 80
38 #define DATA_100_BYTES 100
40 #define ESN_DISABLED 0
42 #define OUTBOUND_SPI 17
44 #define REORDER_PKTS 1
45 #define DEQUEUE_COUNT 1000
48 enum rte_crypto_sym_xform_type auth;
49 enum rte_crypto_sym_xform_type cipher;
50 enum rte_crypto_sym_xform_type aead;
53 char cipher_algo[128];
57 struct ipsec_testsuite_params {
58 struct rte_mempool *mbuf_pool;
59 struct rte_mempool *cop_mpool;
60 struct rte_cryptodev_config conf;
61 struct rte_cryptodev_qp_conf qp_conf;
64 uint8_t valid_dev_found;
67 struct ipsec_unitest_params {
68 struct rte_crypto_sym_xform cipher_xform;
69 struct rte_crypto_sym_xform auth_xform;
70 struct rte_crypto_sym_xform aead_xform;
71 struct rte_crypto_sym_xform *crypto_xforms;
73 struct rte_security_ipsec_xform ipsec_xform;
75 struct rte_ipsec_sa_prm sa_prm;
76 struct rte_ipsec_session ss[MAX_NB_SAS];
78 struct rte_crypto_op *cop[BURST_SIZE];
80 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
86 struct ipsec_test_cfg {
87 uint32_t replay_win_sz;
92 uint32_t reorder_pkts;
95 static const struct ipsec_test_cfg test_cfg[] = {
97 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
98 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
100 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
101 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
103 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
104 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
105 DATA_80_BYTES, 1, 0},
106 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
109 static const int num_cfg = RTE_DIM(test_cfg);
110 static struct ipsec_testsuite_params testsuite_params = { NULL };
111 static struct ipsec_unitest_params unittest_params;
112 static struct user_params uparams;
114 struct supported_cipher_algo {
116 enum rte_crypto_cipher_algorithm algo;
122 struct supported_auth_algo {
124 enum rte_crypto_auth_algorithm algo;
130 const struct supported_cipher_algo cipher_algos[] = {
133 .algo = RTE_CRYPTO_CIPHER_NULL,
140 const struct supported_auth_algo auth_algos[] = {
143 .algo = RTE_CRYPTO_AUTH_NULL,
151 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
152 struct rte_security_session *sess, struct rte_mempool *mp)
154 RTE_SET_USED(device);
158 sess->sess_private_data = NULL;
163 dummy_sec_destroy(void *device, struct rte_security_session *sess)
165 RTE_SET_USED(device);
170 static const struct rte_security_ops dummy_sec_ops = {
171 .session_create = dummy_sec_create,
172 .session_destroy = dummy_sec_destroy,
175 static struct rte_security_ctx dummy_sec_ctx = {
176 .ops = &dummy_sec_ops,
179 static const struct supported_cipher_algo *
180 find_match_cipher_algo(const char *cipher_keyword)
184 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
185 const struct supported_cipher_algo *algo =
188 if (strcmp(cipher_keyword, algo->keyword) == 0)
195 static const struct supported_auth_algo *
196 find_match_auth_algo(const char *auth_keyword)
200 for (i = 0; i < RTE_DIM(auth_algos); i++) {
201 const struct supported_auth_algo *algo =
204 if (strcmp(auth_keyword, algo->keyword) == 0)
212 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
213 const struct supported_auth_algo *auth_algo,
214 const struct supported_cipher_algo *cipher_algo)
216 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
217 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
218 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
219 ut_params->auth_xform.auth.algo = auth_algo->algo;
221 if (ut_params->ipsec_xform.direction ==
222 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
223 ut_params->cipher_xform.cipher.op =
224 RTE_CRYPTO_CIPHER_OP_DECRYPT;
225 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
226 ut_params->cipher_xform.next = NULL;
227 ut_params->auth_xform.next = &ut_params->cipher_xform;
228 ut_params->crypto_xforms = &ut_params->auth_xform;
230 ut_params->cipher_xform.cipher.op =
231 RTE_CRYPTO_CIPHER_OP_ENCRYPT;
232 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
233 ut_params->auth_xform.next = NULL;
234 ut_params->cipher_xform.next = &ut_params->auth_xform;
235 ut_params->crypto_xforms = &ut_params->cipher_xform;
240 check_cryptodev_capablity(const struct ipsec_unitest_params *ut,
243 struct rte_cryptodev_sym_capability_idx cap_idx;
244 const struct rte_cryptodev_symmetric_capability *cap;
247 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
248 cap_idx.algo.auth = ut->auth_xform.auth.algo;
249 cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
252 rc = rte_cryptodev_sym_capability_check_auth(cap,
253 ut->auth_xform.auth.key.length,
254 ut->auth_xform.auth.digest_length, 0);
256 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
257 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
258 cap = rte_cryptodev_sym_capability_get(
261 rc = rte_cryptodev_sym_capability_check_cipher(
263 ut->cipher_xform.cipher.key.length,
264 ut->cipher_xform.cipher.iv.length);
272 testsuite_setup(void)
274 struct ipsec_testsuite_params *ts_params = &testsuite_params;
275 struct ipsec_unitest_params *ut_params = &unittest_params;
276 const struct supported_auth_algo *auth_algo;
277 const struct supported_cipher_algo *cipher_algo;
278 struct rte_cryptodev_info info;
279 uint32_t i, nb_devs, dev_id;
283 memset(ts_params, 0, sizeof(*ts_params));
284 memset(ut_params, 0, sizeof(*ut_params));
285 memset(&uparams, 0, sizeof(struct user_params));
287 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
288 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
289 uparams.aead = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED;
290 strcpy(uparams.auth_algo, "null");
291 strcpy(uparams.cipher_algo, "null");
293 auth_algo = find_match_auth_algo(uparams.auth_algo);
294 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
295 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
297 nb_devs = rte_cryptodev_count();
299 RTE_LOG(ERR, USER1, "No crypto devices found?\n");
303 /* Find first valid crypto device */
304 for (i = 0; i < nb_devs; i++) {
305 rc = check_cryptodev_capablity(ut_params, i);
307 ts_params->valid_dev = i;
308 ts_params->valid_dev_found = 1;
313 if (ts_params->valid_dev_found == 0)
316 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
318 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
320 if (ts_params->mbuf_pool == NULL) {
321 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
325 ts_params->cop_mpool = rte_crypto_op_pool_create(
326 "MBUF_CRYPTO_SYM_OP_POOL",
327 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
328 NUM_MBUFS, MBUF_CACHE_SIZE,
330 sizeof(struct rte_crypto_sym_xform) +
333 if (ts_params->cop_mpool == NULL) {
334 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
338 /* Set up all the qps on the first of the valid devices found */
339 dev_id = ts_params->valid_dev;
341 rte_cryptodev_info_get(dev_id, &info);
343 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
344 ts_params->conf.socket_id = SOCKET_ID_ANY;
346 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
347 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
350 * Create mempools for sessions
352 if (info.sym.max_nb_sessions != 0 &&
353 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
354 RTE_LOG(ERR, USER1, "Device does not support "
355 "at least %u sessions\n",
360 ts_params->qp_conf.mp_session_private = rte_mempool_create(
364 0, 0, NULL, NULL, NULL,
368 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
369 "private session mempool allocation failed");
371 ts_params->qp_conf.mp_session =
372 rte_cryptodev_sym_session_pool_create("test_sess_mp",
373 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
375 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
376 "session mempool allocation failed");
378 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
380 "Failed to configure cryptodev %u with %u qps",
381 dev_id, ts_params->conf.nb_queue_pairs);
383 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
385 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
386 dev_id, 0, &ts_params->qp_conf,
387 rte_cryptodev_socket_id(dev_id)),
388 "Failed to setup queue pair %u on cryptodev %u",
395 testsuite_teardown(void)
397 struct ipsec_testsuite_params *ts_params = &testsuite_params;
399 if (ts_params->mbuf_pool != NULL) {
400 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
401 rte_mempool_avail_count(ts_params->mbuf_pool));
402 rte_mempool_free(ts_params->mbuf_pool);
403 ts_params->mbuf_pool = NULL;
406 if (ts_params->cop_mpool != NULL) {
407 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
408 rte_mempool_avail_count(ts_params->cop_mpool));
409 rte_mempool_free(ts_params->cop_mpool);
410 ts_params->cop_mpool = NULL;
413 /* Free session mempools */
414 if (ts_params->qp_conf.mp_session != NULL) {
415 rte_mempool_free(ts_params->qp_conf.mp_session);
416 ts_params->qp_conf.mp_session = NULL;
419 if (ts_params->qp_conf.mp_session_private != NULL) {
420 rte_mempool_free(ts_params->qp_conf.mp_session_private);
421 ts_params->qp_conf.mp_session_private = NULL;
428 struct ipsec_testsuite_params *ts_params = &testsuite_params;
429 struct ipsec_unitest_params *ut_params = &unittest_params;
431 /* Clear unit test parameters before running test */
432 memset(ut_params, 0, sizeof(*ut_params));
434 /* Reconfigure device to default parameters */
435 ts_params->conf.socket_id = SOCKET_ID_ANY;
437 /* Start the device */
438 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
439 "Failed to start cryptodev %u",
440 ts_params->valid_dev);
448 struct ipsec_testsuite_params *ts_params = &testsuite_params;
449 struct ipsec_unitest_params *ut_params = &unittest_params;
452 for (i = 0; i < BURST_SIZE; i++) {
453 /* free crypto operation structure */
454 if (ut_params->cop[i])
455 rte_crypto_op_free(ut_params->cop[i]);
458 * free mbuf - both obuf and ibuf are usually the same,
459 * so check if they point at the same address is necessary,
460 * to avoid freeing the mbuf twice.
462 if (ut_params->obuf[i]) {
463 rte_pktmbuf_free(ut_params->obuf[i]);
464 if (ut_params->ibuf[i] == ut_params->obuf[i])
465 ut_params->ibuf[i] = 0;
466 ut_params->obuf[i] = 0;
468 if (ut_params->ibuf[i]) {
469 rte_pktmbuf_free(ut_params->ibuf[i]);
470 ut_params->ibuf[i] = 0;
473 if (ut_params->testbuf[i]) {
474 rte_pktmbuf_free(ut_params->testbuf[i]);
475 ut_params->testbuf[i] = 0;
479 if (ts_params->mbuf_pool != NULL)
480 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
481 rte_mempool_avail_count(ts_params->mbuf_pool));
483 /* Stop the device */
484 rte_cryptodev_stop(ts_params->valid_dev);
487 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
489 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
490 1, 2, 3, 4, 5, 6, 7, 8,
491 9, 10, 11, 12, 13, 14, 15, 16,
492 17, 18, 19, 20, 21, 22, 23, 24,
493 25, 26, 27, 28, 29, 30, 31, 32,
494 33, 34, 35, 36, 37, 38, 39, 40,
495 41, 42, 43, 44, 45, 46, 47, 48,
496 49, 50, 51, 52, 53, 54, 55, 56,
497 57, 58, 59, 60, 61, 62, 63, 64,
498 65, 66, 67, 68, 69, 70, 71, 72,
499 73, 74, 75, 76, 77, 78, 79, 80,
500 81, 82, 83, 84, 85, 86, 87, 88,
501 89, 90, 91, 92, 93, 94, 95, 96,
502 97, 98, 99, 100, 101, 102, 103, 104,
503 105, 106, 107, 108, 109, 110, 111, 112,
504 113, 114, 115, 116, 117, 118, 119, 120,
505 121, 122, 123, 124, 125, 126, 127, 128,
506 129, 130, 131, 132, 133, 134, 135, 136,
507 137, 138, 139, 140, 141, 142, 143, 144,
508 145, 146, 147, 148, 149, 150, 151, 152,
509 153, 154, 155, 156, 157, 158, 159, 160,
510 161, 162, 163, 164, 165, 166, 167, 168,
511 169, 170, 171, 172, 173, 174, 175, 176,
512 177, 178, 179, 180, 181, 182, 183, 184,
513 185, 186, 187, 188, 189, 190, 191, 192,
514 193, 194, 195, 196, 197, 198, 199, 200,
515 201, 202, 203, 204, 205, 206, 207, 208,
516 209, 210, 211, 212, 213, 214, 215, 216,
517 217, 218, 219, 220, 221, 222, 223, 224,
518 225, 226, 227, 228, 229, 230, 231, 232,
519 233, 234, 235, 236, 237, 238, 239, 240,
520 241, 242, 243, 244, 245, 246, 247, 248,
521 249, 250, 251, 252, 253, 254, 255,
524 /* ***** data for tests ***** */
526 const char null_plain_data[] =
527 "Network Security People Have A Strange Sense Of Humor unlike Other "
528 "People who have a normal sense of humour";
530 const char null_encrypted_data[] =
531 "Network Security People Have A Strange Sense Of Humor unlike Other "
532 "People who have a normal sense of humour";
534 struct ipv4_hdr ipv4_outer = {
535 .version_ihl = IPVERSION << 4 |
536 sizeof(ipv4_outer) / IPV4_IHL_MULTIPLIER,
537 .time_to_live = IPDEFTTL,
538 .next_proto_id = IPPROTO_ESP,
539 .src_addr = IPv4(192, 168, 1, 100),
540 .dst_addr = IPv4(192, 168, 2, 100),
543 static struct rte_mbuf *
544 setup_test_string(struct rte_mempool *mpool,
545 const char *string, size_t len, uint8_t blocksize)
547 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
548 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
551 memset(m->buf_addr, 0, m->buf_len);
552 char *dst = rte_pktmbuf_append(m, t_len);
559 rte_memcpy(dst, string, t_len);
561 memset(dst, 0, t_len);
567 static struct rte_mbuf *
568 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
569 size_t len, uint32_t spi, uint32_t seq)
571 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
572 uint32_t hdrlen = sizeof(struct ipv4_hdr) + sizeof(struct rte_esp_hdr);
573 uint32_t taillen = sizeof(struct esp_tail);
574 uint32_t t_len = len + hdrlen + taillen;
577 struct rte_esp_hdr esph = {
578 .spi = rte_cpu_to_be_32(spi),
579 .seq = rte_cpu_to_be_32(seq)
582 padlen = RTE_ALIGN(t_len, 4) - t_len;
585 struct esp_tail espt = {
587 .next_proto = IPPROTO_IPIP,
593 memset(m->buf_addr, 0, m->buf_len);
594 char *dst = rte_pktmbuf_append(m, t_len);
600 /* copy outer IP and ESP header */
601 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
602 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
603 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
604 dst += sizeof(ipv4_outer);
605 m->l3_len = sizeof(ipv4_outer);
606 rte_memcpy(dst, &esph, sizeof(esph));
609 if (string != NULL) {
611 rte_memcpy(dst, string, len);
614 rte_memcpy(dst, esp_pad_bytes, padlen);
616 /* copy ESP tail header */
617 rte_memcpy(dst, &espt, sizeof(espt));
619 memset(dst, 0, t_len);
625 create_dummy_sec_session(struct ipsec_unitest_params *ut,
626 struct rte_cryptodev_qp_conf *qp, uint32_t j)
628 static struct rte_security_session_conf conf;
630 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
631 &conf, qp->mp_session_private);
633 if (ut->ss[j].security.ses == NULL)
636 ut->ss[j].security.ctx = &dummy_sec_ctx;
637 ut->ss[j].security.ol_flags = 0;
642 create_crypto_session(struct ipsec_unitest_params *ut,
643 struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
646 struct rte_cryptodev_sym_session *s;
648 s = rte_cryptodev_sym_session_create(qp->mp_session);
652 /* initiliaze SA crypto session for device */
653 rc = rte_cryptodev_sym_session_init(dev_id, s,
654 ut->crypto_xforms, qp->mp_session_private);
656 ut->ss[j].crypto.ses = s;
659 /* failure, do cleanup */
660 rte_cryptodev_sym_session_clear(dev_id, s);
661 rte_cryptodev_sym_session_free(s);
667 create_session(struct ipsec_unitest_params *ut,
668 struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
670 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
671 return create_crypto_session(ut, qp, crypto_dev, j);
673 return create_dummy_sec_session(ut, qp, j);
677 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
679 struct ipsec_unitest_params *ut_params = &unittest_params;
680 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
681 const struct supported_auth_algo *auth_algo;
682 const struct supported_cipher_algo *cipher_algo;
684 memset(prm, 0, sizeof(*prm));
688 prm->replay_win_sz = replay_win_sz;
690 /* setup ipsec xform */
691 prm->ipsec_xform = ut_params->ipsec_xform;
692 prm->ipsec_xform.salt = (uint32_t)rte_rand();
694 /* setup tunnel related fields */
695 prm->tun.hdr_len = sizeof(ipv4_outer);
696 prm->tun.next_proto = IPPROTO_IPIP;
697 prm->tun.hdr = &ipv4_outer;
699 /* setup crypto section */
700 if (uparams.aead != 0) {
701 /* TODO: will need to fill out with other test cases */
703 if (uparams.auth == 0 && uparams.cipher == 0)
706 auth_algo = find_match_auth_algo(uparams.auth_algo);
707 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
709 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
712 prm->crypto_xform = ut_params->crypto_xforms;
717 create_sa(enum rte_security_session_action_type action_type,
718 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
720 struct ipsec_testsuite_params *ts = &testsuite_params;
721 struct ipsec_unitest_params *ut = &unittest_params;
725 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
727 rc = fill_ipsec_param(replay_win_sz, flags);
731 /* create rte_ipsec_sa*/
732 sz = rte_ipsec_sa_size(&ut->sa_prm);
733 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
735 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
736 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
737 "failed to allocate memory for rte_ipsec_sa\n");
739 ut->ss[j].type = action_type;
740 rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
744 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
745 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
747 rc = rte_ipsec_session_prepare(&ut->ss[j]);
753 crypto_dequeue_burst(uint16_t num_pkts)
755 struct ipsec_testsuite_params *ts_params = &testsuite_params;
756 struct ipsec_unitest_params *ut_params = &unittest_params;
760 for (i = 0, pkt_cnt = 0;
761 i < DEQUEUE_COUNT && pkt_cnt != num_pkts; i++) {
762 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
763 &ut_params->cop[pkt_cnt], num_pkts - pkt_cnt);
768 if (pkt_cnt != num_pkts) {
769 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
776 crypto_ipsec(uint16_t num_pkts)
778 struct ipsec_testsuite_params *ts_params = &testsuite_params;
779 struct ipsec_unitest_params *ut_params = &unittest_params;
781 struct rte_ipsec_group grp[1];
783 /* call crypto prepare */
784 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
785 ut_params->cop, num_pkts);
787 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
791 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
792 ut_params->cop, num_pkts);
794 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
798 if (crypto_dequeue_burst(num_pkts) == TEST_FAILED)
801 ng = rte_ipsec_pkt_crypto_group(
802 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
803 ut_params->obuf, grp, num_pkts);
805 grp[0].m[0] != ut_params->obuf[0] ||
806 grp[0].cnt != num_pkts ||
807 grp[0].id.ptr != &ut_params->ss[0]) {
808 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
812 /* call crypto process */
813 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
815 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
823 lksd_proto_ipsec(uint16_t num_pkts)
825 struct ipsec_unitest_params *ut_params = &unittest_params;
827 struct rte_ipsec_group grp[1];
829 /* call crypto prepare */
830 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
831 ut_params->cop, num_pkts);
833 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
837 /* check crypto ops */
838 for (i = 0; i != num_pkts; i++) {
839 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
840 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
841 "%s: invalid crypto op type for %u-th packet\n",
843 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
844 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
845 "%s: invalid crypto op status for %u-th packet\n",
847 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
848 RTE_CRYPTO_OP_SECURITY_SESSION,
849 "%s: invalid crypto op sess_type for %u-th packet\n",
851 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
853 "%s: invalid crypto op m_src for %u-th packet\n",
857 /* update crypto ops, pretend all finished ok */
858 for (i = 0; i != num_pkts; i++)
859 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
861 ng = rte_ipsec_pkt_crypto_group(
862 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
863 ut_params->obuf, grp, num_pkts);
865 grp[0].m[0] != ut_params->obuf[0] ||
866 grp[0].cnt != num_pkts ||
867 grp[0].id.ptr != &ut_params->ss[0]) {
868 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
872 /* call crypto process */
873 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
875 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
883 crypto_ipsec_2sa(void)
885 struct ipsec_testsuite_params *ts_params = &testsuite_params;
886 struct ipsec_unitest_params *ut_params = &unittest_params;
887 struct rte_ipsec_group grp[BURST_SIZE];
888 uint32_t k, ng, i, r;
890 for (i = 0; i < BURST_SIZE; i++) {
892 /* call crypto prepare */
893 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
894 ut_params->ibuf + i, ut_params->cop + i, 1);
897 "rte_ipsec_pkt_crypto_prepare fail\n");
900 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
901 ut_params->cop + i, 1);
904 "rte_cryptodev_enqueue_burst fail\n");
909 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
912 ng = rte_ipsec_pkt_crypto_group(
913 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
914 ut_params->obuf, grp, BURST_SIZE);
915 if (ng != BURST_SIZE) {
916 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
921 /* call crypto process */
922 for (i = 0; i < ng; i++) {
923 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
924 if (k != grp[i].cnt) {
925 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
937 crypto_ipsec_4grp(uint32_t pkt_num)
941 /* group packets in 4 different size groups groups, 2 per SA */
944 else if (pkt_num < PKT_12)
946 else if (pkt_num < PKT_21)
955 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
957 struct ipsec_unitest_params *ut_params = &unittest_params;
962 for (i = 0, j = 0; i < PKT_4; i++, j++)
963 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
967 } else if (grp_ind == 1) {
968 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
969 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
974 } else if (grp_ind == 2) {
975 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
976 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
980 } else if (grp_ind == 3) {
981 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
982 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
993 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
998 if (grp[grp_ind].cnt != PKT_4)
1000 } else if (grp_ind == 1) {
1001 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
1003 } else if (grp_ind == 2) {
1004 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
1006 } else if (grp_ind == 3) {
1007 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1016 crypto_ipsec_2sa_4grp(void)
1018 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1019 struct ipsec_unitest_params *ut_params = &unittest_params;
1020 struct rte_ipsec_group grp[BURST_SIZE];
1021 uint32_t k, ng, i, j;
1024 for (i = 0; i < BURST_SIZE; i++) {
1025 j = crypto_ipsec_4grp(i);
1027 /* call crypto prepare */
1028 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1029 ut_params->ibuf + i, ut_params->cop + i, 1);
1032 "rte_ipsec_pkt_crypto_prepare fail\n");
1035 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1036 ut_params->cop + i, 1);
1039 "rte_cryptodev_enqueue_burst fail\n");
1044 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
1047 ng = rte_ipsec_pkt_crypto_group(
1048 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1049 ut_params->obuf, grp, BURST_SIZE);
1051 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1056 /* call crypto process */
1057 for (i = 0; i < ng; i++) {
1058 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1059 if (k != grp[i].cnt) {
1060 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
1063 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1066 "crypto_ipsec_4grp_check_cnt fail\n");
1069 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1072 "crypto_ipsec_4grp_check_mbufs fail\n");
1076 return TEST_SUCCESS;
1080 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1082 struct ipsec_unitest_params *ut_params = &unittest_params;
1083 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1086 /* reorder packets and create gaps in sequence numbers */
1087 static const uint32_t reorder[BURST_SIZE] = {
1088 24, 25, 26, 27, 28, 29, 30, 31,
1089 16, 17, 18, 19, 20, 21, 22, 23,
1090 8, 9, 10, 11, 12, 13, 14, 15,
1091 0, 1, 2, 3, 4, 5, 6, 7,
1094 if (num_pkts != BURST_SIZE)
1097 for (j = 0; j != BURST_SIZE; j++)
1098 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1100 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1104 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1106 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1107 struct ipsec_unitest_params *ut_params = &unittest_params;
1111 for (j = 0; j < num_pkts && rc == 0; j++) {
1112 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1113 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1114 if (ut_params->cop[j] == NULL) {
1116 "Failed to allocate symmetric crypto op\n");
1125 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1127 uint16_t j = ut_params->pkt_index;
1129 printf("\ntest config: num %d\n", i);
1130 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1131 printf(" esn %u\n", test_cfg[i].esn);
1132 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1133 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1134 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1136 if (ut_params->ibuf[j]) {
1137 printf("ibuf[%u] data:\n", j);
1138 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1139 ut_params->ibuf[j]->data_len);
1141 if (ut_params->obuf[j]) {
1142 printf("obuf[%u] data:\n", j);
1143 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1144 ut_params->obuf[j]->data_len);
1146 if (ut_params->testbuf[j]) {
1147 printf("testbuf[%u] data:\n", j);
1148 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1149 ut_params->testbuf[j]->data_len);
1154 destroy_sa(uint32_t j)
1156 struct ipsec_unitest_params *ut = &unittest_params;
1158 rte_ipsec_sa_fini(ut->ss[j].sa);
1159 rte_free(ut->ss[j].sa);
1160 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1161 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1165 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1170 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1171 ut_params->pkt_index = j;
1173 /* compare the data buffers */
1174 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1175 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1177 "input and output data does not match\n");
1178 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1179 ut_params->obuf[j]->pkt_len,
1180 "data_len is not equal to pkt_len");
1181 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1183 "data_len is not equal to input data");
1190 test_ipsec_crypto_inb_burst_null_null(int i)
1192 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1193 struct ipsec_unitest_params *ut_params = &unittest_params;
1194 uint16_t num_pkts = test_cfg[i].num_pkts;
1198 /* create rte_ipsec_sa */
1199 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1200 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1202 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1207 /* Generate test mbuf data */
1208 for (j = 0; j < num_pkts && rc == 0; j++) {
1209 /* packet with sequence number 0 is invalid */
1210 ut_params->ibuf[j] = setup_test_string_tunneled(
1211 ts_params->mbuf_pool, null_encrypted_data,
1212 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1213 if (ut_params->ibuf[j] == NULL)
1218 if (test_cfg[i].reorder_pkts)
1219 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1220 rc = test_ipsec_crypto_op_alloc(num_pkts);
1224 /* call ipsec library api */
1225 rc = crypto_ipsec(num_pkts);
1227 rc = crypto_inb_burst_null_null_check(
1228 ut_params, i, num_pkts);
1230 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1236 if (rc == TEST_FAILED)
1237 test_ipsec_dump_buffers(ut_params, i);
1244 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1248 struct ipsec_unitest_params *ut_params = &unittest_params;
1250 ut_params->ipsec_xform.spi = INBOUND_SPI;
1251 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1252 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1253 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1254 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1256 for (i = 0; i < num_cfg && rc == 0; i++) {
1257 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1258 rc = test_ipsec_crypto_inb_burst_null_null(i);
1265 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1272 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1273 ut_params->pkt_index = j;
1275 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1276 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1277 /* compare the buffer data */
1278 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1279 ut_params->obuf[j]->pkt_len,
1280 "test and output data does not match\n");
1281 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1282 ut_params->testbuf[j]->data_len,
1283 "obuf data_len is not equal to testbuf data_len");
1284 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1285 ut_params->testbuf[j]->pkt_len,
1286 "obuf pkt_len is not equal to testbuf pkt_len");
1293 test_ipsec_crypto_outb_burst_null_null(int i)
1295 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1296 struct ipsec_unitest_params *ut_params = &unittest_params;
1297 uint16_t num_pkts = test_cfg[i].num_pkts;
1301 /* create rte_ipsec_sa*/
1302 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1303 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1305 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1310 /* Generate input mbuf data */
1311 for (j = 0; j < num_pkts && rc == 0; j++) {
1312 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1313 null_plain_data, test_cfg[i].pkt_sz, 0);
1314 if (ut_params->ibuf[j] == NULL)
1317 /* Generate test mbuf data */
1318 /* packet with sequence number 0 is invalid */
1319 ut_params->testbuf[j] = setup_test_string_tunneled(
1320 ts_params->mbuf_pool,
1321 null_plain_data, test_cfg[i].pkt_sz,
1322 OUTBOUND_SPI, j + 1);
1323 if (ut_params->testbuf[j] == NULL)
1329 rc = test_ipsec_crypto_op_alloc(num_pkts);
1332 /* call ipsec library api */
1333 rc = crypto_ipsec(num_pkts);
1335 rc = crypto_outb_burst_null_null_check(ut_params,
1338 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1342 if (rc == TEST_FAILED)
1343 test_ipsec_dump_buffers(ut_params, i);
1350 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1354 struct ipsec_unitest_params *ut_params = &unittest_params;
1356 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1357 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1358 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1359 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1360 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1362 for (i = 0; i < num_cfg && rc == 0; i++) {
1363 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1364 rc = test_ipsec_crypto_outb_burst_null_null(i);
1371 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1378 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1379 ut_params->pkt_index = j;
1381 /* compare the buffer data */
1382 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1383 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1385 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1386 ut_params->ibuf[j]->data_len,
1387 "input and output data does not match\n");
1388 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1389 ut_params->obuf[j]->data_len,
1390 "ibuf data_len is not equal to obuf data_len");
1391 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1392 ut_params->obuf[j]->pkt_len,
1393 "ibuf pkt_len is not equal to obuf pkt_len");
1394 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1396 "data_len is not equal input data");
1402 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1404 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1405 struct ipsec_unitest_params *ut_params = &unittest_params;
1406 uint16_t num_pkts = test_cfg[i].num_pkts;
1411 /* create rte_ipsec_sa*/
1412 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1413 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1415 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1420 /* Generate inbound mbuf data */
1421 for (j = 0; j < num_pkts && rc == 0; j++) {
1422 ut_params->ibuf[j] = setup_test_string_tunneled(
1423 ts_params->mbuf_pool,
1424 null_plain_data, test_cfg[i].pkt_sz,
1425 INBOUND_SPI, j + 1);
1426 if (ut_params->ibuf[j] == NULL)
1429 /* Generate test mbuf data */
1430 ut_params->obuf[j] = setup_test_string(
1431 ts_params->mbuf_pool,
1432 null_plain_data, test_cfg[i].pkt_sz, 0);
1433 if (ut_params->obuf[j] == NULL)
1439 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1442 rc = inline_inb_burst_null_null_check(ut_params, i,
1446 "rte_ipsec_pkt_process failed, cfg %d\n",
1452 if (rc == TEST_FAILED)
1453 test_ipsec_dump_buffers(ut_params, i);
1460 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1464 struct ipsec_unitest_params *ut_params = &unittest_params;
1466 ut_params->ipsec_xform.spi = INBOUND_SPI;
1467 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1468 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1469 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1470 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1472 for (i = 0; i < num_cfg && rc == 0; i++) {
1473 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1474 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1481 test_ipsec_inline_proto_inb_burst_null_null(int i)
1483 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1484 struct ipsec_unitest_params *ut_params = &unittest_params;
1485 uint16_t num_pkts = test_cfg[i].num_pkts;
1490 /* create rte_ipsec_sa*/
1491 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1492 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1494 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1499 /* Generate inbound mbuf data */
1500 for (j = 0; j < num_pkts && rc == 0; j++) {
1501 ut_params->ibuf[j] = setup_test_string(
1502 ts_params->mbuf_pool,
1503 null_plain_data, test_cfg[i].pkt_sz, 0);
1504 if (ut_params->ibuf[j] == NULL)
1507 /* Generate test mbuf data */
1508 ut_params->obuf[j] = setup_test_string(
1509 ts_params->mbuf_pool,
1510 null_plain_data, test_cfg[i].pkt_sz, 0);
1511 if (ut_params->obuf[j] == NULL)
1517 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1520 rc = inline_inb_burst_null_null_check(ut_params, i,
1524 "rte_ipsec_pkt_process failed, cfg %d\n",
1530 if (rc == TEST_FAILED)
1531 test_ipsec_dump_buffers(ut_params, i);
1538 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1542 struct ipsec_unitest_params *ut_params = &unittest_params;
1544 ut_params->ipsec_xform.spi = INBOUND_SPI;
1545 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1546 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1547 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1548 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1550 for (i = 0; i < num_cfg && rc == 0; i++) {
1551 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1552 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1559 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1566 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1567 ut_params->pkt_index = j;
1569 /* compare the buffer data */
1570 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1571 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1572 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1573 ut_params->ibuf[j]->data_len,
1574 "input and output data does not match\n");
1575 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1576 ut_params->obuf[j]->data_len,
1577 "ibuf data_len is not equal to obuf data_len");
1578 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1579 ut_params->obuf[j]->pkt_len,
1580 "ibuf pkt_len is not equal to obuf pkt_len");
1582 /* check mbuf ol_flags */
1583 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1584 "ibuf PKT_TX_SEC_OFFLOAD is not set");
1590 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1592 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1593 struct ipsec_unitest_params *ut_params = &unittest_params;
1594 uint16_t num_pkts = test_cfg[i].num_pkts;
1599 /* create rte_ipsec_sa */
1600 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1601 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1603 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1608 /* Generate test mbuf data */
1609 for (j = 0; j < num_pkts && rc == 0; j++) {
1610 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1611 null_plain_data, test_cfg[i].pkt_sz, 0);
1612 if (ut_params->ibuf[0] == NULL)
1616 /* Generate test tunneled mbuf data for comparison */
1617 ut_params->obuf[j] = setup_test_string_tunneled(
1618 ts_params->mbuf_pool,
1619 null_plain_data, test_cfg[i].pkt_sz,
1620 OUTBOUND_SPI, j + 1);
1621 if (ut_params->obuf[j] == NULL)
1627 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1630 rc = inline_outb_burst_null_null_check(ut_params,
1634 "rte_ipsec_pkt_process failed, cfg %d\n",
1640 if (rc == TEST_FAILED)
1641 test_ipsec_dump_buffers(ut_params, i);
1648 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1652 struct ipsec_unitest_params *ut_params = &unittest_params;
1654 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1655 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1656 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1657 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1658 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1660 for (i = 0; i < num_cfg && rc == 0; i++) {
1661 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1662 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1669 test_ipsec_inline_proto_outb_burst_null_null(int i)
1671 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1672 struct ipsec_unitest_params *ut_params = &unittest_params;
1673 uint16_t num_pkts = test_cfg[i].num_pkts;
1678 /* create rte_ipsec_sa */
1679 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1680 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1682 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1687 /* Generate test mbuf data */
1688 for (j = 0; j < num_pkts && rc == 0; j++) {
1689 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1690 null_plain_data, test_cfg[i].pkt_sz, 0);
1691 if (ut_params->ibuf[0] == NULL)
1695 /* Generate test tunneled mbuf data for comparison */
1696 ut_params->obuf[j] = setup_test_string(
1697 ts_params->mbuf_pool,
1698 null_plain_data, test_cfg[i].pkt_sz, 0);
1699 if (ut_params->obuf[j] == NULL)
1705 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1708 rc = inline_outb_burst_null_null_check(ut_params,
1712 "rte_ipsec_pkt_process failed, cfg %d\n",
1718 if (rc == TEST_FAILED)
1719 test_ipsec_dump_buffers(ut_params, i);
1726 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1730 struct ipsec_unitest_params *ut_params = &unittest_params;
1732 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1733 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1734 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1735 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1736 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1738 for (i = 0; i < num_cfg && rc == 0; i++) {
1739 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1740 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1747 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1749 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1750 struct ipsec_unitest_params *ut_params = &unittest_params;
1751 uint16_t num_pkts = test_cfg[i].num_pkts;
1755 /* create rte_ipsec_sa */
1756 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1757 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1759 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1764 /* Generate test mbuf data */
1765 for (j = 0; j < num_pkts && rc == 0; j++) {
1766 /* packet with sequence number 0 is invalid */
1767 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1768 null_encrypted_data, test_cfg[i].pkt_sz, 0);
1769 if (ut_params->ibuf[j] == NULL)
1774 if (test_cfg[i].reorder_pkts)
1775 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1776 rc = test_ipsec_crypto_op_alloc(num_pkts);
1780 /* call ipsec library api */
1781 rc = lksd_proto_ipsec(num_pkts);
1783 rc = crypto_inb_burst_null_null_check(ut_params, i,
1786 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1792 if (rc == TEST_FAILED)
1793 test_ipsec_dump_buffers(ut_params, i);
1800 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1804 struct ipsec_unitest_params *ut_params = &unittest_params;
1806 ut_params->ipsec_xform.spi = INBOUND_SPI;
1807 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1808 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1809 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1810 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1812 for (i = 0; i < num_cfg && rc == 0; i++) {
1813 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1814 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1821 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1825 struct ipsec_unitest_params *ut_params = &unittest_params;
1827 ut_params->ipsec_xform.spi = INBOUND_SPI;
1828 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1829 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1830 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1831 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1833 for (i = 0; i < num_cfg && rc == 0; i++) {
1834 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1835 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1842 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1847 for (j = 0; j < num_pkts; j++) {
1848 /* compare the buffer data */
1849 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1850 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1852 "input and output data does not match\n");
1854 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1855 ut_params->obuf[j]->pkt_len,
1856 "data_len is not equal to pkt_len");
1863 test_ipsec_replay_inb_inside_null_null(int i)
1865 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1866 struct ipsec_unitest_params *ut_params = &unittest_params;
1869 /* create rte_ipsec_sa*/
1870 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1871 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1873 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1878 /* Generate inbound mbuf data */
1879 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1880 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1881 if (ut_params->ibuf[0] == NULL)
1884 rc = test_ipsec_crypto_op_alloc(1);
1887 /* call ipsec library api */
1888 rc = crypto_ipsec(1);
1890 rc = replay_inb_null_null_check(ut_params, i, 1);
1892 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1898 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1899 /* generate packet with seq number inside the replay window */
1900 if (ut_params->ibuf[0]) {
1901 rte_pktmbuf_free(ut_params->ibuf[0]);
1902 ut_params->ibuf[0] = 0;
1905 ut_params->ibuf[0] = setup_test_string_tunneled(
1906 ts_params->mbuf_pool, null_encrypted_data,
1907 test_cfg[i].pkt_sz, INBOUND_SPI,
1908 test_cfg[i].replay_win_sz);
1909 if (ut_params->ibuf[0] == NULL)
1912 rc = test_ipsec_crypto_op_alloc(1);
1915 /* call ipsec library api */
1916 rc = crypto_ipsec(1);
1918 rc = replay_inb_null_null_check(
1921 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1927 if (rc == TEST_FAILED)
1928 test_ipsec_dump_buffers(ut_params, i);
1936 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1940 struct ipsec_unitest_params *ut_params = &unittest_params;
1942 ut_params->ipsec_xform.spi = INBOUND_SPI;
1943 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1944 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1945 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1946 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1948 for (i = 0; i < num_cfg && rc == 0; i++) {
1949 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1950 rc = test_ipsec_replay_inb_inside_null_null(i);
1957 test_ipsec_replay_inb_outside_null_null(int i)
1959 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1960 struct ipsec_unitest_params *ut_params = &unittest_params;
1963 /* create rte_ipsec_sa */
1964 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1965 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1967 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1972 /* Generate test mbuf data */
1973 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1974 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
1975 test_cfg[i].replay_win_sz + 2);
1976 if (ut_params->ibuf[0] == NULL)
1979 rc = test_ipsec_crypto_op_alloc(1);
1982 /* call ipsec library api */
1983 rc = crypto_ipsec(1);
1985 rc = replay_inb_null_null_check(ut_params, i, 1);
1987 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1993 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1994 /* generate packet with seq number outside the replay window */
1995 if (ut_params->ibuf[0]) {
1996 rte_pktmbuf_free(ut_params->ibuf[0]);
1997 ut_params->ibuf[0] = 0;
1999 ut_params->ibuf[0] = setup_test_string_tunneled(
2000 ts_params->mbuf_pool, null_encrypted_data,
2001 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2002 if (ut_params->ibuf[0] == NULL)
2005 rc = test_ipsec_crypto_op_alloc(1);
2008 /* call ipsec library api */
2009 rc = crypto_ipsec(1);
2011 if (test_cfg[i].esn == 0) {
2013 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2015 test_cfg[i].replay_win_sz + 2,
2021 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2022 i, test_cfg[i].replay_win_sz + 2, 1);
2028 if (rc == TEST_FAILED)
2029 test_ipsec_dump_buffers(ut_params, i);
2037 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2041 struct ipsec_unitest_params *ut_params = &unittest_params;
2043 ut_params->ipsec_xform.spi = INBOUND_SPI;
2044 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2045 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2046 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2047 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2049 for (i = 0; i < num_cfg && rc == 0; i++) {
2050 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2051 rc = test_ipsec_replay_inb_outside_null_null(i);
2058 test_ipsec_replay_inb_repeat_null_null(int i)
2060 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2061 struct ipsec_unitest_params *ut_params = &unittest_params;
2064 /* create rte_ipsec_sa */
2065 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2066 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2068 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n", i);
2072 /* Generate test mbuf data */
2073 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2074 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2075 if (ut_params->ibuf[0] == NULL)
2078 rc = test_ipsec_crypto_op_alloc(1);
2081 /* call ipsec library api */
2082 rc = crypto_ipsec(1);
2084 rc = replay_inb_null_null_check(ut_params, i, 1);
2086 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2092 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2094 * generate packet with repeat seq number in the replay
2097 if (ut_params->ibuf[0]) {
2098 rte_pktmbuf_free(ut_params->ibuf[0]);
2099 ut_params->ibuf[0] = 0;
2102 ut_params->ibuf[0] = setup_test_string_tunneled(
2103 ts_params->mbuf_pool, null_encrypted_data,
2104 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2105 if (ut_params->ibuf[0] == NULL)
2108 rc = test_ipsec_crypto_op_alloc(1);
2111 /* call ipsec library api */
2112 rc = crypto_ipsec(1);
2115 "packet is not repeated in the replay window, cfg %d seq %u\n",
2120 "packet is repeated in the replay window, cfg %d seq %u\n",
2127 if (rc == TEST_FAILED)
2128 test_ipsec_dump_buffers(ut_params, i);
2136 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2140 struct ipsec_unitest_params *ut_params = &unittest_params;
2142 ut_params->ipsec_xform.spi = INBOUND_SPI;
2143 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2144 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2145 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2146 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2148 for (i = 0; i < num_cfg && rc == 0; i++) {
2149 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2150 rc = test_ipsec_replay_inb_repeat_null_null(i);
2157 test_ipsec_replay_inb_inside_burst_null_null(int i)
2159 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2160 struct ipsec_unitest_params *ut_params = &unittest_params;
2161 uint16_t num_pkts = test_cfg[i].num_pkts;
2165 /* create rte_ipsec_sa*/
2166 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2167 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2169 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2174 /* Generate inbound mbuf data */
2175 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2176 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2177 if (ut_params->ibuf[0] == NULL)
2180 rc = test_ipsec_crypto_op_alloc(1);
2183 /* call ipsec library api */
2184 rc = crypto_ipsec(1);
2186 rc = replay_inb_null_null_check(ut_params, i, 1);
2188 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2194 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2196 * generate packet(s) with seq number(s) inside the
2199 if (ut_params->ibuf[0]) {
2200 rte_pktmbuf_free(ut_params->ibuf[0]);
2201 ut_params->ibuf[0] = 0;
2204 for (j = 0; j < num_pkts && rc == 0; j++) {
2205 /* packet with sequence number 1 already processed */
2206 ut_params->ibuf[j] = setup_test_string_tunneled(
2207 ts_params->mbuf_pool, null_encrypted_data,
2208 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2209 if (ut_params->ibuf[j] == NULL)
2214 if (test_cfg[i].reorder_pkts)
2215 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2216 rc = test_ipsec_crypto_op_alloc(num_pkts);
2220 /* call ipsec library api */
2221 rc = crypto_ipsec(num_pkts);
2223 rc = replay_inb_null_null_check(
2224 ut_params, i, num_pkts);
2226 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2232 if (rc == TEST_FAILED)
2233 test_ipsec_dump_buffers(ut_params, i);
2241 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2245 struct ipsec_unitest_params *ut_params = &unittest_params;
2247 ut_params->ipsec_xform.spi = INBOUND_SPI;
2248 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2249 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2250 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2251 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2253 for (i = 0; i < num_cfg && rc == 0; i++) {
2254 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2255 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2263 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2268 for (j = 0; j < BURST_SIZE; j++) {
2269 ut_params->pkt_index = j;
2271 /* compare the data buffers */
2272 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2273 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2275 "input and output data does not match\n");
2276 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2277 ut_params->obuf[j]->pkt_len,
2278 "data_len is not equal to pkt_len");
2279 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2281 "data_len is not equal to input data");
2288 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2290 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2291 struct ipsec_unitest_params *ut_params = &unittest_params;
2292 uint16_t num_pkts = test_cfg[i].num_pkts;
2296 if (num_pkts != BURST_SIZE)
2299 /* create rte_ipsec_sa */
2300 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2301 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2303 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2308 /* create second rte_ipsec_sa */
2309 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2310 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2311 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2313 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2319 /* Generate test mbuf data */
2320 for (j = 0; j < num_pkts && rc == 0; j++) {
2322 /* packet with sequence number 0 is invalid */
2323 ut_params->ibuf[j] = setup_test_string_tunneled(
2324 ts_params->mbuf_pool, null_encrypted_data,
2325 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2326 if (ut_params->ibuf[j] == NULL)
2331 rc = test_ipsec_crypto_op_alloc(num_pkts);
2334 /* call ipsec library api */
2335 rc = crypto_ipsec_2sa();
2337 rc = crypto_inb_burst_2sa_null_null_check(
2340 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2346 if (rc == TEST_FAILED)
2347 test_ipsec_dump_buffers(ut_params, i);
2355 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2359 struct ipsec_unitest_params *ut_params = &unittest_params;
2361 ut_params->ipsec_xform.spi = INBOUND_SPI;
2362 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2363 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2364 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2365 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2367 for (i = 0; i < num_cfg && rc == 0; i++) {
2368 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2369 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2376 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2378 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2379 struct ipsec_unitest_params *ut_params = &unittest_params;
2380 uint16_t num_pkts = test_cfg[i].num_pkts;
2384 if (num_pkts != BURST_SIZE)
2387 /* create rte_ipsec_sa */
2388 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2389 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2391 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2396 /* create second rte_ipsec_sa */
2397 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2398 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2399 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2401 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2407 /* Generate test mbuf data */
2408 for (j = 0; j < num_pkts && rc == 0; j++) {
2409 k = crypto_ipsec_4grp(j);
2411 /* packet with sequence number 0 is invalid */
2412 ut_params->ibuf[j] = setup_test_string_tunneled(
2413 ts_params->mbuf_pool, null_encrypted_data,
2414 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2415 if (ut_params->ibuf[j] == NULL)
2420 rc = test_ipsec_crypto_op_alloc(num_pkts);
2423 /* call ipsec library api */
2424 rc = crypto_ipsec_2sa_4grp();
2426 rc = crypto_inb_burst_2sa_null_null_check(
2429 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2435 if (rc == TEST_FAILED)
2436 test_ipsec_dump_buffers(ut_params, i);
2444 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2448 struct ipsec_unitest_params *ut_params = &unittest_params;
2450 ut_params->ipsec_xform.spi = INBOUND_SPI;
2451 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2452 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2453 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2454 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2456 for (i = 0; i < num_cfg && rc == 0; i++) {
2457 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2458 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2464 static struct unit_test_suite ipsec_testsuite = {
2465 .suite_name = "IPsec NULL Unit Test Suite",
2466 .setup = testsuite_setup,
2467 .teardown = testsuite_teardown,
2468 .unit_test_cases = {
2469 TEST_CASE_ST(ut_setup, ut_teardown,
2470 test_ipsec_crypto_inb_burst_null_null_wrapper),
2471 TEST_CASE_ST(ut_setup, ut_teardown,
2472 test_ipsec_crypto_outb_burst_null_null_wrapper),
2473 TEST_CASE_ST(ut_setup, ut_teardown,
2474 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2475 TEST_CASE_ST(ut_setup, ut_teardown,
2476 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2477 TEST_CASE_ST(ut_setup, ut_teardown,
2478 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2479 TEST_CASE_ST(ut_setup, ut_teardown,
2480 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2481 TEST_CASE_ST(ut_setup, ut_teardown,
2482 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2483 TEST_CASE_ST(ut_setup, ut_teardown,
2484 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2485 TEST_CASE_ST(ut_setup, ut_teardown,
2486 test_ipsec_replay_inb_inside_null_null_wrapper),
2487 TEST_CASE_ST(ut_setup, ut_teardown,
2488 test_ipsec_replay_inb_outside_null_null_wrapper),
2489 TEST_CASE_ST(ut_setup, ut_teardown,
2490 test_ipsec_replay_inb_repeat_null_null_wrapper),
2491 TEST_CASE_ST(ut_setup, ut_teardown,
2492 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2493 TEST_CASE_ST(ut_setup, ut_teardown,
2494 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2495 TEST_CASE_ST(ut_setup, ut_teardown,
2496 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2497 TEST_CASES_END() /**< NULL terminate unit test array */
2504 return unit_test_suite_runner(&ipsec_testsuite);
2507 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);
git.droids-corp.org / dpdk.git / blob