1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
10 #include <rte_malloc.h>
11 #include <rte_memcpy.h>
12 #include <rte_cycles.h>
13 #include <rte_bus_vdev.h>
16 #include <rte_crypto.h>
17 #include <rte_cryptodev.h>
18 #include <rte_cryptodev_pmd.h>
19 #include <rte_lcore.h>
20 #include <rte_ipsec.h>
21 #include <rte_random.h>
23 #include <rte_security_driver.h>
26 #include "test_cryptodev.h"
28 #define VDEV_ARGS_SIZE 100
29 #define MAX_NB_SESSIONS 100
31 #define REPLAY_WIN_0 0
32 #define REPLAY_WIN_32 32
33 #define REPLAY_WIN_64 64
34 #define REPLAY_WIN_128 128
35 #define REPLAY_WIN_256 256
36 #define DATA_64_BYTES 64
37 #define DATA_80_BYTES 80
38 #define DATA_100_BYTES 100
40 #define ESN_DISABLED 0
42 #define OUTBOUND_SPI 17
44 #define REORDER_PKTS 1
45 #define DEQUEUE_COUNT 1000
48 enum rte_crypto_sym_xform_type auth;
49 enum rte_crypto_sym_xform_type cipher;
50 enum rte_crypto_sym_xform_type aead;
53 char cipher_algo[128];
57 struct ipsec_testsuite_params {
58 struct rte_mempool *mbuf_pool;
59 struct rte_mempool *cop_mpool;
60 struct rte_cryptodev_config conf;
61 struct rte_cryptodev_qp_conf qp_conf;
64 uint8_t valid_dev_found;
67 struct ipsec_unitest_params {
68 struct rte_crypto_sym_xform cipher_xform;
69 struct rte_crypto_sym_xform auth_xform;
70 struct rte_crypto_sym_xform aead_xform;
71 struct rte_crypto_sym_xform *crypto_xforms;
73 struct rte_security_ipsec_xform ipsec_xform;
75 struct rte_ipsec_sa_prm sa_prm;
76 struct rte_ipsec_session ss[MAX_NB_SAS];
78 struct rte_crypto_op *cop[BURST_SIZE];
80 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
86 struct ipsec_test_cfg {
87 uint32_t replay_win_sz;
92 uint32_t reorder_pkts;
95 static const struct ipsec_test_cfg test_cfg[] = {
97 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
98 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
100 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
101 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
103 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
104 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
105 DATA_80_BYTES, 1, 0},
106 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
109 static const int num_cfg = RTE_DIM(test_cfg);
110 static struct ipsec_testsuite_params testsuite_params = { NULL };
111 static struct ipsec_unitest_params unittest_params;
112 static struct user_params uparams;
114 struct supported_cipher_algo {
116 enum rte_crypto_cipher_algorithm algo;
122 struct supported_auth_algo {
124 enum rte_crypto_auth_algorithm algo;
130 const struct supported_cipher_algo cipher_algos[] = {
133 .algo = RTE_CRYPTO_CIPHER_NULL,
140 const struct supported_auth_algo auth_algos[] = {
143 .algo = RTE_CRYPTO_AUTH_NULL,
151 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
152 struct rte_security_session *sess, struct rte_mempool *mp)
154 RTE_SET_USED(device);
158 sess->sess_private_data = NULL;
163 dummy_sec_destroy(void *device, struct rte_security_session *sess)
165 RTE_SET_USED(device);
170 static const struct rte_security_ops dummy_sec_ops = {
171 .session_create = dummy_sec_create,
172 .session_destroy = dummy_sec_destroy,
175 static struct rte_security_ctx dummy_sec_ctx = {
176 .ops = &dummy_sec_ops,
179 static const struct supported_cipher_algo *
180 find_match_cipher_algo(const char *cipher_keyword)
184 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
185 const struct supported_cipher_algo *algo =
188 if (strcmp(cipher_keyword, algo->keyword) == 0)
195 static const struct supported_auth_algo *
196 find_match_auth_algo(const char *auth_keyword)
200 for (i = 0; i < RTE_DIM(auth_algos); i++) {
201 const struct supported_auth_algo *algo =
204 if (strcmp(auth_keyword, algo->keyword) == 0)
212 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
213 const struct supported_auth_algo *auth_algo,
214 const struct supported_cipher_algo *cipher_algo)
216 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
217 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
218 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
219 ut_params->auth_xform.auth.algo = auth_algo->algo;
221 if (ut_params->ipsec_xform.direction ==
222 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
223 ut_params->cipher_xform.cipher.op =
224 RTE_CRYPTO_CIPHER_OP_DECRYPT;
225 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
226 ut_params->cipher_xform.next = NULL;
227 ut_params->auth_xform.next = &ut_params->cipher_xform;
228 ut_params->crypto_xforms = &ut_params->auth_xform;
230 ut_params->cipher_xform.cipher.op =
231 RTE_CRYPTO_CIPHER_OP_ENCRYPT;
232 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
233 ut_params->auth_xform.next = NULL;
234 ut_params->cipher_xform.next = &ut_params->auth_xform;
235 ut_params->crypto_xforms = &ut_params->cipher_xform;
240 check_cryptodev_capablity(const struct ipsec_unitest_params *ut,
243 struct rte_cryptodev_sym_capability_idx cap_idx;
244 const struct rte_cryptodev_symmetric_capability *cap;
247 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
248 cap_idx.algo.auth = ut->auth_xform.auth.algo;
249 cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
252 rc = rte_cryptodev_sym_capability_check_auth(cap,
253 ut->auth_xform.auth.key.length,
254 ut->auth_xform.auth.digest_length, 0);
256 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
257 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
258 cap = rte_cryptodev_sym_capability_get(
261 rc = rte_cryptodev_sym_capability_check_cipher(
263 ut->cipher_xform.cipher.key.length,
264 ut->cipher_xform.cipher.iv.length);
272 testsuite_setup(void)
274 struct ipsec_testsuite_params *ts_params = &testsuite_params;
275 struct ipsec_unitest_params *ut_params = &unittest_params;
276 const struct supported_auth_algo *auth_algo;
277 const struct supported_cipher_algo *cipher_algo;
278 struct rte_cryptodev_info info;
279 uint32_t i, nb_devs, dev_id;
283 memset(ts_params, 0, sizeof(*ts_params));
284 memset(ut_params, 0, sizeof(*ut_params));
285 memset(&uparams, 0, sizeof(struct user_params));
287 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
288 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
289 uparams.aead = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED;
290 strcpy(uparams.auth_algo, "null");
291 strcpy(uparams.cipher_algo, "null");
293 auth_algo = find_match_auth_algo(uparams.auth_algo);
294 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
295 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
297 nb_devs = rte_cryptodev_count();
299 RTE_LOG(ERR, USER1, "No crypto devices found?\n");
303 /* Find first valid crypto device */
304 for (i = 0; i < nb_devs; i++) {
305 rc = check_cryptodev_capablity(ut_params, i);
307 ts_params->valid_dev = i;
308 ts_params->valid_dev_found = 1;
313 if (ts_params->valid_dev_found == 0)
316 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
318 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
320 if (ts_params->mbuf_pool == NULL) {
321 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
325 ts_params->cop_mpool = rte_crypto_op_pool_create(
326 "MBUF_CRYPTO_SYM_OP_POOL",
327 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
328 NUM_MBUFS, MBUF_CACHE_SIZE,
330 sizeof(struct rte_crypto_sym_xform) +
333 if (ts_params->cop_mpool == NULL) {
334 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
338 /* Set up all the qps on the first of the valid devices found */
339 dev_id = ts_params->valid_dev;
341 rte_cryptodev_info_get(dev_id, &info);
343 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
344 ts_params->conf.socket_id = SOCKET_ID_ANY;
346 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
347 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
350 * Create mempools for sessions
352 if (info.sym.max_nb_sessions != 0 &&
353 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
354 RTE_LOG(ERR, USER1, "Device does not support "
355 "at least %u sessions\n",
360 ts_params->qp_conf.mp_session_private = rte_mempool_create(
364 0, 0, NULL, NULL, NULL,
368 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
369 "private session mempool allocation failed");
371 ts_params->qp_conf.mp_session =
372 rte_cryptodev_sym_session_pool_create("test_sess_mp",
373 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
375 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
376 "session mempool allocation failed");
378 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
380 "Failed to configure cryptodev %u with %u qps",
381 dev_id, ts_params->conf.nb_queue_pairs);
383 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
385 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
386 dev_id, 0, &ts_params->qp_conf,
387 rte_cryptodev_socket_id(dev_id)),
388 "Failed to setup queue pair %u on cryptodev %u",
395 testsuite_teardown(void)
397 struct ipsec_testsuite_params *ts_params = &testsuite_params;
399 if (ts_params->mbuf_pool != NULL) {
400 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
401 rte_mempool_avail_count(ts_params->mbuf_pool));
402 rte_mempool_free(ts_params->mbuf_pool);
403 ts_params->mbuf_pool = NULL;
406 if (ts_params->cop_mpool != NULL) {
407 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
408 rte_mempool_avail_count(ts_params->cop_mpool));
409 rte_mempool_free(ts_params->cop_mpool);
410 ts_params->cop_mpool = NULL;
413 /* Free session mempools */
414 if (ts_params->qp_conf.mp_session != NULL) {
415 rte_mempool_free(ts_params->qp_conf.mp_session);
416 ts_params->qp_conf.mp_session = NULL;
419 if (ts_params->qp_conf.mp_session_private != NULL) {
420 rte_mempool_free(ts_params->qp_conf.mp_session_private);
421 ts_params->qp_conf.mp_session_private = NULL;
428 struct ipsec_testsuite_params *ts_params = &testsuite_params;
429 struct ipsec_unitest_params *ut_params = &unittest_params;
431 /* Clear unit test parameters before running test */
432 memset(ut_params, 0, sizeof(*ut_params));
434 /* Reconfigure device to default parameters */
435 ts_params->conf.socket_id = SOCKET_ID_ANY;
437 /* Start the device */
438 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
439 "Failed to start cryptodev %u",
440 ts_params->valid_dev);
448 struct ipsec_testsuite_params *ts_params = &testsuite_params;
449 struct ipsec_unitest_params *ut_params = &unittest_params;
452 for (i = 0; i < BURST_SIZE; i++) {
453 /* free crypto operation structure */
454 if (ut_params->cop[i])
455 rte_crypto_op_free(ut_params->cop[i]);
458 * free mbuf - both obuf and ibuf are usually the same,
459 * so check if they point at the same address is necessary,
460 * to avoid freeing the mbuf twice.
462 if (ut_params->obuf[i]) {
463 rte_pktmbuf_free(ut_params->obuf[i]);
464 if (ut_params->ibuf[i] == ut_params->obuf[i])
465 ut_params->ibuf[i] = 0;
466 ut_params->obuf[i] = 0;
468 if (ut_params->ibuf[i]) {
469 rte_pktmbuf_free(ut_params->ibuf[i]);
470 ut_params->ibuf[i] = 0;
473 if (ut_params->testbuf[i]) {
474 rte_pktmbuf_free(ut_params->testbuf[i]);
475 ut_params->testbuf[i] = 0;
479 if (ts_params->mbuf_pool != NULL)
480 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
481 rte_mempool_avail_count(ts_params->mbuf_pool));
483 /* Stop the device */
484 rte_cryptodev_stop(ts_params->valid_dev);
487 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
489 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
490 1, 2, 3, 4, 5, 6, 7, 8,
491 9, 10, 11, 12, 13, 14, 15, 16,
492 17, 18, 19, 20, 21, 22, 23, 24,
493 25, 26, 27, 28, 29, 30, 31, 32,
494 33, 34, 35, 36, 37, 38, 39, 40,
495 41, 42, 43, 44, 45, 46, 47, 48,
496 49, 50, 51, 52, 53, 54, 55, 56,
497 57, 58, 59, 60, 61, 62, 63, 64,
498 65, 66, 67, 68, 69, 70, 71, 72,
499 73, 74, 75, 76, 77, 78, 79, 80,
500 81, 82, 83, 84, 85, 86, 87, 88,
501 89, 90, 91, 92, 93, 94, 95, 96,
502 97, 98, 99, 100, 101, 102, 103, 104,
503 105, 106, 107, 108, 109, 110, 111, 112,
504 113, 114, 115, 116, 117, 118, 119, 120,
505 121, 122, 123, 124, 125, 126, 127, 128,
506 129, 130, 131, 132, 133, 134, 135, 136,
507 137, 138, 139, 140, 141, 142, 143, 144,
508 145, 146, 147, 148, 149, 150, 151, 152,
509 153, 154, 155, 156, 157, 158, 159, 160,
510 161, 162, 163, 164, 165, 166, 167, 168,
511 169, 170, 171, 172, 173, 174, 175, 176,
512 177, 178, 179, 180, 181, 182, 183, 184,
513 185, 186, 187, 188, 189, 190, 191, 192,
514 193, 194, 195, 196, 197, 198, 199, 200,
515 201, 202, 203, 204, 205, 206, 207, 208,
516 209, 210, 211, 212, 213, 214, 215, 216,
517 217, 218, 219, 220, 221, 222, 223, 224,
518 225, 226, 227, 228, 229, 230, 231, 232,
519 233, 234, 235, 236, 237, 238, 239, 240,
520 241, 242, 243, 244, 245, 246, 247, 248,
521 249, 250, 251, 252, 253, 254, 255,
524 /* ***** data for tests ***** */
526 const char null_plain_data[] =
527 "Network Security People Have A Strange Sense Of Humor unlike Other "
528 "People who have a normal sense of humour";
530 const char null_encrypted_data[] =
531 "Network Security People Have A Strange Sense Of Humor unlike Other "
532 "People who have a normal sense of humour";
534 struct rte_ipv4_hdr ipv4_outer = {
535 .version_ihl = IPVERSION << 4 |
536 sizeof(ipv4_outer) / RTE_IPV4_IHL_MULTIPLIER,
537 .time_to_live = IPDEFTTL,
538 .next_proto_id = IPPROTO_ESP,
539 .src_addr = RTE_IPv4(192, 168, 1, 100),
540 .dst_addr = RTE_IPv4(192, 168, 2, 100),
543 static struct rte_mbuf *
544 setup_test_string(struct rte_mempool *mpool,
545 const char *string, size_t len, uint8_t blocksize)
547 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
548 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
551 memset(m->buf_addr, 0, m->buf_len);
552 char *dst = rte_pktmbuf_append(m, t_len);
559 rte_memcpy(dst, string, t_len);
561 memset(dst, 0, t_len);
567 static struct rte_mbuf *
568 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
569 size_t len, uint32_t spi, uint32_t seq)
571 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
572 uint32_t hdrlen = sizeof(struct rte_ipv4_hdr) +
573 sizeof(struct rte_esp_hdr);
574 uint32_t taillen = sizeof(struct esp_tail);
575 uint32_t t_len = len + hdrlen + taillen;
578 struct rte_esp_hdr esph = {
579 .spi = rte_cpu_to_be_32(spi),
580 .seq = rte_cpu_to_be_32(seq)
583 padlen = RTE_ALIGN(t_len, 4) - t_len;
586 struct esp_tail espt = {
588 .next_proto = IPPROTO_IPIP,
594 memset(m->buf_addr, 0, m->buf_len);
595 char *dst = rte_pktmbuf_append(m, t_len);
601 /* copy outer IP and ESP header */
602 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
603 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
604 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
605 dst += sizeof(ipv4_outer);
606 m->l3_len = sizeof(ipv4_outer);
607 rte_memcpy(dst, &esph, sizeof(esph));
610 if (string != NULL) {
612 rte_memcpy(dst, string, len);
615 rte_memcpy(dst, esp_pad_bytes, padlen);
617 /* copy ESP tail header */
618 rte_memcpy(dst, &espt, sizeof(espt));
620 memset(dst, 0, t_len);
626 create_dummy_sec_session(struct ipsec_unitest_params *ut,
627 struct rte_cryptodev_qp_conf *qp, uint32_t j)
629 static struct rte_security_session_conf conf;
631 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
632 &conf, qp->mp_session_private);
634 if (ut->ss[j].security.ses == NULL)
637 ut->ss[j].security.ctx = &dummy_sec_ctx;
638 ut->ss[j].security.ol_flags = 0;
643 create_crypto_session(struct ipsec_unitest_params *ut,
644 struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
647 struct rte_cryptodev_sym_session *s;
649 s = rte_cryptodev_sym_session_create(qp->mp_session);
653 /* initiliaze SA crypto session for device */
654 rc = rte_cryptodev_sym_session_init(dev_id, s,
655 ut->crypto_xforms, qp->mp_session_private);
657 ut->ss[j].crypto.ses = s;
660 /* failure, do cleanup */
661 rte_cryptodev_sym_session_clear(dev_id, s);
662 rte_cryptodev_sym_session_free(s);
668 create_session(struct ipsec_unitest_params *ut,
669 struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
671 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
672 return create_crypto_session(ut, qp, crypto_dev, j);
674 return create_dummy_sec_session(ut, qp, j);
678 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
680 struct ipsec_unitest_params *ut_params = &unittest_params;
681 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
682 const struct supported_auth_algo *auth_algo;
683 const struct supported_cipher_algo *cipher_algo;
685 memset(prm, 0, sizeof(*prm));
689 prm->replay_win_sz = replay_win_sz;
691 /* setup ipsec xform */
692 prm->ipsec_xform = ut_params->ipsec_xform;
693 prm->ipsec_xform.salt = (uint32_t)rte_rand();
695 /* setup tunnel related fields */
696 prm->tun.hdr_len = sizeof(ipv4_outer);
697 prm->tun.next_proto = IPPROTO_IPIP;
698 prm->tun.hdr = &ipv4_outer;
700 /* setup crypto section */
701 if (uparams.aead != 0) {
702 /* TODO: will need to fill out with other test cases */
704 if (uparams.auth == 0 && uparams.cipher == 0)
707 auth_algo = find_match_auth_algo(uparams.auth_algo);
708 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
710 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
713 prm->crypto_xform = ut_params->crypto_xforms;
718 create_sa(enum rte_security_session_action_type action_type,
719 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
721 struct ipsec_testsuite_params *ts = &testsuite_params;
722 struct ipsec_unitest_params *ut = &unittest_params;
726 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
728 rc = fill_ipsec_param(replay_win_sz, flags);
732 /* create rte_ipsec_sa*/
733 sz = rte_ipsec_sa_size(&ut->sa_prm);
734 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
736 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
737 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
738 "failed to allocate memory for rte_ipsec_sa\n");
740 ut->ss[j].type = action_type;
741 rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
745 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
746 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
748 rc = rte_ipsec_session_prepare(&ut->ss[j]);
754 crypto_dequeue_burst(uint16_t num_pkts)
756 struct ipsec_testsuite_params *ts_params = &testsuite_params;
757 struct ipsec_unitest_params *ut_params = &unittest_params;
761 for (i = 0, pkt_cnt = 0;
762 i < DEQUEUE_COUNT && pkt_cnt != num_pkts; i++) {
763 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
764 &ut_params->cop[pkt_cnt], num_pkts - pkt_cnt);
769 if (pkt_cnt != num_pkts) {
770 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
777 crypto_ipsec(uint16_t num_pkts)
779 struct ipsec_testsuite_params *ts_params = &testsuite_params;
780 struct ipsec_unitest_params *ut_params = &unittest_params;
782 struct rte_ipsec_group grp[1];
784 /* call crypto prepare */
785 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
786 ut_params->cop, num_pkts);
788 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
792 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
793 ut_params->cop, num_pkts);
795 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
799 if (crypto_dequeue_burst(num_pkts) == TEST_FAILED)
802 ng = rte_ipsec_pkt_crypto_group(
803 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
804 ut_params->obuf, grp, num_pkts);
806 grp[0].m[0] != ut_params->obuf[0] ||
807 grp[0].cnt != num_pkts ||
808 grp[0].id.ptr != &ut_params->ss[0]) {
809 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
813 /* call crypto process */
814 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
816 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
824 lksd_proto_ipsec(uint16_t num_pkts)
826 struct ipsec_unitest_params *ut_params = &unittest_params;
828 struct rte_ipsec_group grp[1];
830 /* call crypto prepare */
831 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
832 ut_params->cop, num_pkts);
834 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
838 /* check crypto ops */
839 for (i = 0; i != num_pkts; i++) {
840 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
841 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
842 "%s: invalid crypto op type for %u-th packet\n",
844 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
845 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
846 "%s: invalid crypto op status for %u-th packet\n",
848 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
849 RTE_CRYPTO_OP_SECURITY_SESSION,
850 "%s: invalid crypto op sess_type for %u-th packet\n",
852 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
854 "%s: invalid crypto op m_src for %u-th packet\n",
858 /* update crypto ops, pretend all finished ok */
859 for (i = 0; i != num_pkts; i++)
860 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
862 ng = rte_ipsec_pkt_crypto_group(
863 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
864 ut_params->obuf, grp, num_pkts);
866 grp[0].m[0] != ut_params->obuf[0] ||
867 grp[0].cnt != num_pkts ||
868 grp[0].id.ptr != &ut_params->ss[0]) {
869 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
873 /* call crypto process */
874 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
876 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
884 crypto_ipsec_2sa(void)
886 struct ipsec_testsuite_params *ts_params = &testsuite_params;
887 struct ipsec_unitest_params *ut_params = &unittest_params;
888 struct rte_ipsec_group grp[BURST_SIZE];
889 uint32_t k, ng, i, r;
891 for (i = 0; i < BURST_SIZE; i++) {
893 /* call crypto prepare */
894 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
895 ut_params->ibuf + i, ut_params->cop + i, 1);
898 "rte_ipsec_pkt_crypto_prepare fail\n");
901 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
902 ut_params->cop + i, 1);
905 "rte_cryptodev_enqueue_burst fail\n");
910 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
913 ng = rte_ipsec_pkt_crypto_group(
914 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
915 ut_params->obuf, grp, BURST_SIZE);
916 if (ng != BURST_SIZE) {
917 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
922 /* call crypto process */
923 for (i = 0; i < ng; i++) {
924 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
925 if (k != grp[i].cnt) {
926 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
938 crypto_ipsec_4grp(uint32_t pkt_num)
942 /* group packets in 4 different size groups groups, 2 per SA */
945 else if (pkt_num < PKT_12)
947 else if (pkt_num < PKT_21)
956 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
958 struct ipsec_unitest_params *ut_params = &unittest_params;
963 for (i = 0, j = 0; i < PKT_4; i++, j++)
964 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
968 } else if (grp_ind == 1) {
969 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
970 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
975 } else if (grp_ind == 2) {
976 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
977 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
981 } else if (grp_ind == 3) {
982 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
983 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
994 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
999 if (grp[grp_ind].cnt != PKT_4)
1001 } else if (grp_ind == 1) {
1002 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
1004 } else if (grp_ind == 2) {
1005 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
1007 } else if (grp_ind == 3) {
1008 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1017 crypto_ipsec_2sa_4grp(void)
1019 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1020 struct ipsec_unitest_params *ut_params = &unittest_params;
1021 struct rte_ipsec_group grp[BURST_SIZE];
1022 uint32_t k, ng, i, j;
1025 for (i = 0; i < BURST_SIZE; i++) {
1026 j = crypto_ipsec_4grp(i);
1028 /* call crypto prepare */
1029 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1030 ut_params->ibuf + i, ut_params->cop + i, 1);
1033 "rte_ipsec_pkt_crypto_prepare fail\n");
1036 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1037 ut_params->cop + i, 1);
1040 "rte_cryptodev_enqueue_burst fail\n");
1045 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
1048 ng = rte_ipsec_pkt_crypto_group(
1049 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1050 ut_params->obuf, grp, BURST_SIZE);
1052 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1057 /* call crypto process */
1058 for (i = 0; i < ng; i++) {
1059 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1060 if (k != grp[i].cnt) {
1061 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
1064 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1067 "crypto_ipsec_4grp_check_cnt fail\n");
1070 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1073 "crypto_ipsec_4grp_check_mbufs fail\n");
1077 return TEST_SUCCESS;
1081 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1083 struct ipsec_unitest_params *ut_params = &unittest_params;
1084 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1087 /* reorder packets and create gaps in sequence numbers */
1088 static const uint32_t reorder[BURST_SIZE] = {
1089 24, 25, 26, 27, 28, 29, 30, 31,
1090 16, 17, 18, 19, 20, 21, 22, 23,
1091 8, 9, 10, 11, 12, 13, 14, 15,
1092 0, 1, 2, 3, 4, 5, 6, 7,
1095 if (num_pkts != BURST_SIZE)
1098 for (j = 0; j != BURST_SIZE; j++)
1099 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1101 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1105 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1107 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1108 struct ipsec_unitest_params *ut_params = &unittest_params;
1112 for (j = 0; j < num_pkts && rc == 0; j++) {
1113 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1114 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1115 if (ut_params->cop[j] == NULL) {
1117 "Failed to allocate symmetric crypto op\n");
1126 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1128 uint16_t j = ut_params->pkt_index;
1130 printf("\ntest config: num %d\n", i);
1131 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1132 printf(" esn %u\n", test_cfg[i].esn);
1133 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1134 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1135 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1137 if (ut_params->ibuf[j]) {
1138 printf("ibuf[%u] data:\n", j);
1139 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1140 ut_params->ibuf[j]->data_len);
1142 if (ut_params->obuf[j]) {
1143 printf("obuf[%u] data:\n", j);
1144 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1145 ut_params->obuf[j]->data_len);
1147 if (ut_params->testbuf[j]) {
1148 printf("testbuf[%u] data:\n", j);
1149 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1150 ut_params->testbuf[j]->data_len);
1155 destroy_sa(uint32_t j)
1157 struct ipsec_unitest_params *ut = &unittest_params;
1159 rte_ipsec_sa_fini(ut->ss[j].sa);
1160 rte_free(ut->ss[j].sa);
1161 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1162 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1166 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1171 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1172 ut_params->pkt_index = j;
1174 /* compare the data buffers */
1175 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1176 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1178 "input and output data does not match\n");
1179 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1180 ut_params->obuf[j]->pkt_len,
1181 "data_len is not equal to pkt_len");
1182 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1184 "data_len is not equal to input data");
1191 test_ipsec_crypto_inb_burst_null_null(int i)
1193 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1194 struct ipsec_unitest_params *ut_params = &unittest_params;
1195 uint16_t num_pkts = test_cfg[i].num_pkts;
1199 /* create rte_ipsec_sa */
1200 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1201 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1203 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1208 /* Generate test mbuf data */
1209 for (j = 0; j < num_pkts && rc == 0; j++) {
1210 /* packet with sequence number 0 is invalid */
1211 ut_params->ibuf[j] = setup_test_string_tunneled(
1212 ts_params->mbuf_pool, null_encrypted_data,
1213 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1214 if (ut_params->ibuf[j] == NULL)
1219 if (test_cfg[i].reorder_pkts)
1220 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1221 rc = test_ipsec_crypto_op_alloc(num_pkts);
1225 /* call ipsec library api */
1226 rc = crypto_ipsec(num_pkts);
1228 rc = crypto_inb_burst_null_null_check(
1229 ut_params, i, num_pkts);
1231 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1237 if (rc == TEST_FAILED)
1238 test_ipsec_dump_buffers(ut_params, i);
1245 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1249 struct ipsec_unitest_params *ut_params = &unittest_params;
1251 ut_params->ipsec_xform.spi = INBOUND_SPI;
1252 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1253 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1254 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1255 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1257 for (i = 0; i < num_cfg && rc == 0; i++) {
1258 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1259 rc = test_ipsec_crypto_inb_burst_null_null(i);
1266 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1273 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1274 ut_params->pkt_index = j;
1276 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1277 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1278 /* compare the buffer data */
1279 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1280 ut_params->obuf[j]->pkt_len,
1281 "test and output data does not match\n");
1282 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1283 ut_params->testbuf[j]->data_len,
1284 "obuf data_len is not equal to testbuf data_len");
1285 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1286 ut_params->testbuf[j]->pkt_len,
1287 "obuf pkt_len is not equal to testbuf pkt_len");
1294 test_ipsec_crypto_outb_burst_null_null(int i)
1296 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1297 struct ipsec_unitest_params *ut_params = &unittest_params;
1298 uint16_t num_pkts = test_cfg[i].num_pkts;
1302 /* create rte_ipsec_sa*/
1303 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1304 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1306 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1311 /* Generate input mbuf data */
1312 for (j = 0; j < num_pkts && rc == 0; j++) {
1313 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1314 null_plain_data, test_cfg[i].pkt_sz, 0);
1315 if (ut_params->ibuf[j] == NULL)
1318 /* Generate test mbuf data */
1319 /* packet with sequence number 0 is invalid */
1320 ut_params->testbuf[j] = setup_test_string_tunneled(
1321 ts_params->mbuf_pool,
1322 null_plain_data, test_cfg[i].pkt_sz,
1323 OUTBOUND_SPI, j + 1);
1324 if (ut_params->testbuf[j] == NULL)
1330 rc = test_ipsec_crypto_op_alloc(num_pkts);
1333 /* call ipsec library api */
1334 rc = crypto_ipsec(num_pkts);
1336 rc = crypto_outb_burst_null_null_check(ut_params,
1339 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1343 if (rc == TEST_FAILED)
1344 test_ipsec_dump_buffers(ut_params, i);
1351 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1355 struct ipsec_unitest_params *ut_params = &unittest_params;
1357 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1358 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1359 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1360 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1361 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1363 for (i = 0; i < num_cfg && rc == 0; i++) {
1364 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1365 rc = test_ipsec_crypto_outb_burst_null_null(i);
1372 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1379 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1380 ut_params->pkt_index = j;
1382 /* compare the buffer data */
1383 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1384 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1386 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1387 ut_params->ibuf[j]->data_len,
1388 "input and output data does not match\n");
1389 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1390 ut_params->obuf[j]->data_len,
1391 "ibuf data_len is not equal to obuf data_len");
1392 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1393 ut_params->obuf[j]->pkt_len,
1394 "ibuf pkt_len is not equal to obuf pkt_len");
1395 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1397 "data_len is not equal input data");
1403 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1405 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1406 struct ipsec_unitest_params *ut_params = &unittest_params;
1407 uint16_t num_pkts = test_cfg[i].num_pkts;
1412 /* create rte_ipsec_sa*/
1413 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1414 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1416 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1421 /* Generate inbound mbuf data */
1422 for (j = 0; j < num_pkts && rc == 0; j++) {
1423 ut_params->ibuf[j] = setup_test_string_tunneled(
1424 ts_params->mbuf_pool,
1425 null_plain_data, test_cfg[i].pkt_sz,
1426 INBOUND_SPI, j + 1);
1427 if (ut_params->ibuf[j] == NULL)
1430 /* Generate test mbuf data */
1431 ut_params->obuf[j] = setup_test_string(
1432 ts_params->mbuf_pool,
1433 null_plain_data, test_cfg[i].pkt_sz, 0);
1434 if (ut_params->obuf[j] == NULL)
1440 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1443 rc = inline_inb_burst_null_null_check(ut_params, i,
1447 "rte_ipsec_pkt_process failed, cfg %d\n",
1453 if (rc == TEST_FAILED)
1454 test_ipsec_dump_buffers(ut_params, i);
1461 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1465 struct ipsec_unitest_params *ut_params = &unittest_params;
1467 ut_params->ipsec_xform.spi = INBOUND_SPI;
1468 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1469 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1470 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1471 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1473 for (i = 0; i < num_cfg && rc == 0; i++) {
1474 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1475 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1482 test_ipsec_inline_proto_inb_burst_null_null(int i)
1484 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1485 struct ipsec_unitest_params *ut_params = &unittest_params;
1486 uint16_t num_pkts = test_cfg[i].num_pkts;
1491 /* create rte_ipsec_sa*/
1492 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1493 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1495 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1500 /* Generate inbound mbuf data */
1501 for (j = 0; j < num_pkts && rc == 0; j++) {
1502 ut_params->ibuf[j] = setup_test_string(
1503 ts_params->mbuf_pool,
1504 null_plain_data, test_cfg[i].pkt_sz, 0);
1505 if (ut_params->ibuf[j] == NULL)
1508 /* Generate test mbuf data */
1509 ut_params->obuf[j] = setup_test_string(
1510 ts_params->mbuf_pool,
1511 null_plain_data, test_cfg[i].pkt_sz, 0);
1512 if (ut_params->obuf[j] == NULL)
1518 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1521 rc = inline_inb_burst_null_null_check(ut_params, i,
1525 "rte_ipsec_pkt_process failed, cfg %d\n",
1531 if (rc == TEST_FAILED)
1532 test_ipsec_dump_buffers(ut_params, i);
1539 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1543 struct ipsec_unitest_params *ut_params = &unittest_params;
1545 ut_params->ipsec_xform.spi = INBOUND_SPI;
1546 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1547 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1548 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1549 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1551 for (i = 0; i < num_cfg && rc == 0; i++) {
1552 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1553 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1560 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1567 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1568 ut_params->pkt_index = j;
1570 /* compare the buffer data */
1571 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1572 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1573 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1574 ut_params->ibuf[j]->data_len,
1575 "input and output data does not match\n");
1576 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1577 ut_params->obuf[j]->data_len,
1578 "ibuf data_len is not equal to obuf data_len");
1579 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1580 ut_params->obuf[j]->pkt_len,
1581 "ibuf pkt_len is not equal to obuf pkt_len");
1583 /* check mbuf ol_flags */
1584 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1585 "ibuf PKT_TX_SEC_OFFLOAD is not set");
1591 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1593 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1594 struct ipsec_unitest_params *ut_params = &unittest_params;
1595 uint16_t num_pkts = test_cfg[i].num_pkts;
1600 /* create rte_ipsec_sa */
1601 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1602 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1604 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1609 /* Generate test mbuf data */
1610 for (j = 0; j < num_pkts && rc == 0; j++) {
1611 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1612 null_plain_data, test_cfg[i].pkt_sz, 0);
1613 if (ut_params->ibuf[0] == NULL)
1617 /* Generate test tunneled mbuf data for comparison */
1618 ut_params->obuf[j] = setup_test_string_tunneled(
1619 ts_params->mbuf_pool,
1620 null_plain_data, test_cfg[i].pkt_sz,
1621 OUTBOUND_SPI, j + 1);
1622 if (ut_params->obuf[j] == NULL)
1628 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1631 rc = inline_outb_burst_null_null_check(ut_params,
1635 "rte_ipsec_pkt_process failed, cfg %d\n",
1641 if (rc == TEST_FAILED)
1642 test_ipsec_dump_buffers(ut_params, i);
1649 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1653 struct ipsec_unitest_params *ut_params = &unittest_params;
1655 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1656 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1657 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1658 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1659 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1661 for (i = 0; i < num_cfg && rc == 0; i++) {
1662 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1663 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1670 test_ipsec_inline_proto_outb_burst_null_null(int i)
1672 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1673 struct ipsec_unitest_params *ut_params = &unittest_params;
1674 uint16_t num_pkts = test_cfg[i].num_pkts;
1679 /* create rte_ipsec_sa */
1680 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1681 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1683 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1688 /* Generate test mbuf data */
1689 for (j = 0; j < num_pkts && rc == 0; j++) {
1690 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1691 null_plain_data, test_cfg[i].pkt_sz, 0);
1692 if (ut_params->ibuf[0] == NULL)
1696 /* Generate test tunneled mbuf data for comparison */
1697 ut_params->obuf[j] = setup_test_string(
1698 ts_params->mbuf_pool,
1699 null_plain_data, test_cfg[i].pkt_sz, 0);
1700 if (ut_params->obuf[j] == NULL)
1706 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1709 rc = inline_outb_burst_null_null_check(ut_params,
1713 "rte_ipsec_pkt_process failed, cfg %d\n",
1719 if (rc == TEST_FAILED)
1720 test_ipsec_dump_buffers(ut_params, i);
1727 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1731 struct ipsec_unitest_params *ut_params = &unittest_params;
1733 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1734 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1735 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1736 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1737 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1739 for (i = 0; i < num_cfg && rc == 0; i++) {
1740 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1741 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1748 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1750 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1751 struct ipsec_unitest_params *ut_params = &unittest_params;
1752 uint16_t num_pkts = test_cfg[i].num_pkts;
1756 /* create rte_ipsec_sa */
1757 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1758 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1760 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1765 /* Generate test mbuf data */
1766 for (j = 0; j < num_pkts && rc == 0; j++) {
1767 /* packet with sequence number 0 is invalid */
1768 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1769 null_encrypted_data, test_cfg[i].pkt_sz, 0);
1770 if (ut_params->ibuf[j] == NULL)
1775 if (test_cfg[i].reorder_pkts)
1776 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1777 rc = test_ipsec_crypto_op_alloc(num_pkts);
1781 /* call ipsec library api */
1782 rc = lksd_proto_ipsec(num_pkts);
1784 rc = crypto_inb_burst_null_null_check(ut_params, i,
1787 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1793 if (rc == TEST_FAILED)
1794 test_ipsec_dump_buffers(ut_params, i);
1801 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1805 struct ipsec_unitest_params *ut_params = &unittest_params;
1807 ut_params->ipsec_xform.spi = INBOUND_SPI;
1808 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1809 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1810 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1811 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1813 for (i = 0; i < num_cfg && rc == 0; i++) {
1814 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1815 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1822 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1826 struct ipsec_unitest_params *ut_params = &unittest_params;
1828 ut_params->ipsec_xform.spi = INBOUND_SPI;
1829 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1830 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1831 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1832 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1834 for (i = 0; i < num_cfg && rc == 0; i++) {
1835 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1836 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1843 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1848 for (j = 0; j < num_pkts; j++) {
1849 /* compare the buffer data */
1850 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1851 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1853 "input and output data does not match\n");
1855 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1856 ut_params->obuf[j]->pkt_len,
1857 "data_len is not equal to pkt_len");
1864 test_ipsec_replay_inb_inside_null_null(int i)
1866 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1867 struct ipsec_unitest_params *ut_params = &unittest_params;
1870 /* create rte_ipsec_sa*/
1871 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1872 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1874 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1879 /* Generate inbound mbuf data */
1880 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1881 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1882 if (ut_params->ibuf[0] == NULL)
1885 rc = test_ipsec_crypto_op_alloc(1);
1888 /* call ipsec library api */
1889 rc = crypto_ipsec(1);
1891 rc = replay_inb_null_null_check(ut_params, i, 1);
1893 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1899 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1900 /* generate packet with seq number inside the replay window */
1901 if (ut_params->ibuf[0]) {
1902 rte_pktmbuf_free(ut_params->ibuf[0]);
1903 ut_params->ibuf[0] = 0;
1906 ut_params->ibuf[0] = setup_test_string_tunneled(
1907 ts_params->mbuf_pool, null_encrypted_data,
1908 test_cfg[i].pkt_sz, INBOUND_SPI,
1909 test_cfg[i].replay_win_sz);
1910 if (ut_params->ibuf[0] == NULL)
1913 rc = test_ipsec_crypto_op_alloc(1);
1916 /* call ipsec library api */
1917 rc = crypto_ipsec(1);
1919 rc = replay_inb_null_null_check(
1922 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1928 if (rc == TEST_FAILED)
1929 test_ipsec_dump_buffers(ut_params, i);
1937 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1941 struct ipsec_unitest_params *ut_params = &unittest_params;
1943 ut_params->ipsec_xform.spi = INBOUND_SPI;
1944 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1945 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1946 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1947 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1949 for (i = 0; i < num_cfg && rc == 0; i++) {
1950 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1951 rc = test_ipsec_replay_inb_inside_null_null(i);
1958 test_ipsec_replay_inb_outside_null_null(int i)
1960 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1961 struct ipsec_unitest_params *ut_params = &unittest_params;
1964 /* create rte_ipsec_sa */
1965 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1966 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1968 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1973 /* Generate test mbuf data */
1974 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1975 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
1976 test_cfg[i].replay_win_sz + 2);
1977 if (ut_params->ibuf[0] == NULL)
1980 rc = test_ipsec_crypto_op_alloc(1);
1983 /* call ipsec library api */
1984 rc = crypto_ipsec(1);
1986 rc = replay_inb_null_null_check(ut_params, i, 1);
1988 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1994 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1995 /* generate packet with seq number outside the replay window */
1996 if (ut_params->ibuf[0]) {
1997 rte_pktmbuf_free(ut_params->ibuf[0]);
1998 ut_params->ibuf[0] = 0;
2000 ut_params->ibuf[0] = setup_test_string_tunneled(
2001 ts_params->mbuf_pool, null_encrypted_data,
2002 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2003 if (ut_params->ibuf[0] == NULL)
2006 rc = test_ipsec_crypto_op_alloc(1);
2009 /* call ipsec library api */
2010 rc = crypto_ipsec(1);
2012 if (test_cfg[i].esn == 0) {
2014 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2016 test_cfg[i].replay_win_sz + 2,
2022 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2023 i, test_cfg[i].replay_win_sz + 2, 1);
2029 if (rc == TEST_FAILED)
2030 test_ipsec_dump_buffers(ut_params, i);
2038 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2042 struct ipsec_unitest_params *ut_params = &unittest_params;
2044 ut_params->ipsec_xform.spi = INBOUND_SPI;
2045 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2046 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2047 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2048 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2050 for (i = 0; i < num_cfg && rc == 0; i++) {
2051 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2052 rc = test_ipsec_replay_inb_outside_null_null(i);
2059 test_ipsec_replay_inb_repeat_null_null(int i)
2061 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2062 struct ipsec_unitest_params *ut_params = &unittest_params;
2065 /* create rte_ipsec_sa */
2066 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2067 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2069 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n", i);
2073 /* Generate test mbuf data */
2074 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2075 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2076 if (ut_params->ibuf[0] == NULL)
2079 rc = test_ipsec_crypto_op_alloc(1);
2082 /* call ipsec library api */
2083 rc = crypto_ipsec(1);
2085 rc = replay_inb_null_null_check(ut_params, i, 1);
2087 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2093 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2095 * generate packet with repeat seq number in the replay
2098 if (ut_params->ibuf[0]) {
2099 rte_pktmbuf_free(ut_params->ibuf[0]);
2100 ut_params->ibuf[0] = 0;
2103 ut_params->ibuf[0] = setup_test_string_tunneled(
2104 ts_params->mbuf_pool, null_encrypted_data,
2105 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2106 if (ut_params->ibuf[0] == NULL)
2109 rc = test_ipsec_crypto_op_alloc(1);
2112 /* call ipsec library api */
2113 rc = crypto_ipsec(1);
2116 "packet is not repeated in the replay window, cfg %d seq %u\n",
2121 "packet is repeated in the replay window, cfg %d seq %u\n",
2128 if (rc == TEST_FAILED)
2129 test_ipsec_dump_buffers(ut_params, i);
2137 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2141 struct ipsec_unitest_params *ut_params = &unittest_params;
2143 ut_params->ipsec_xform.spi = INBOUND_SPI;
2144 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2145 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2146 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2147 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2149 for (i = 0; i < num_cfg && rc == 0; i++) {
2150 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2151 rc = test_ipsec_replay_inb_repeat_null_null(i);
2158 test_ipsec_replay_inb_inside_burst_null_null(int i)
2160 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2161 struct ipsec_unitest_params *ut_params = &unittest_params;
2162 uint16_t num_pkts = test_cfg[i].num_pkts;
2166 /* create rte_ipsec_sa*/
2167 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2168 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2170 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2175 /* Generate inbound mbuf data */
2176 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2177 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2178 if (ut_params->ibuf[0] == NULL)
2181 rc = test_ipsec_crypto_op_alloc(1);
2184 /* call ipsec library api */
2185 rc = crypto_ipsec(1);
2187 rc = replay_inb_null_null_check(ut_params, i, 1);
2189 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2195 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2197 * generate packet(s) with seq number(s) inside the
2200 if (ut_params->ibuf[0]) {
2201 rte_pktmbuf_free(ut_params->ibuf[0]);
2202 ut_params->ibuf[0] = 0;
2205 for (j = 0; j < num_pkts && rc == 0; j++) {
2206 /* packet with sequence number 1 already processed */
2207 ut_params->ibuf[j] = setup_test_string_tunneled(
2208 ts_params->mbuf_pool, null_encrypted_data,
2209 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2210 if (ut_params->ibuf[j] == NULL)
2215 if (test_cfg[i].reorder_pkts)
2216 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2217 rc = test_ipsec_crypto_op_alloc(num_pkts);
2221 /* call ipsec library api */
2222 rc = crypto_ipsec(num_pkts);
2224 rc = replay_inb_null_null_check(
2225 ut_params, i, num_pkts);
2227 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2233 if (rc == TEST_FAILED)
2234 test_ipsec_dump_buffers(ut_params, i);
2242 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2246 struct ipsec_unitest_params *ut_params = &unittest_params;
2248 ut_params->ipsec_xform.spi = INBOUND_SPI;
2249 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2250 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2251 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2252 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2254 for (i = 0; i < num_cfg && rc == 0; i++) {
2255 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2256 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2264 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2269 for (j = 0; j < BURST_SIZE; j++) {
2270 ut_params->pkt_index = j;
2272 /* compare the data buffers */
2273 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2274 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2276 "input and output data does not match\n");
2277 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2278 ut_params->obuf[j]->pkt_len,
2279 "data_len is not equal to pkt_len");
2280 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2282 "data_len is not equal to input data");
2289 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2291 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2292 struct ipsec_unitest_params *ut_params = &unittest_params;
2293 uint16_t num_pkts = test_cfg[i].num_pkts;
2297 if (num_pkts != BURST_SIZE)
2300 /* create rte_ipsec_sa */
2301 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2302 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2304 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2309 /* create second rte_ipsec_sa */
2310 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2311 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2312 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2314 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2320 /* Generate test mbuf data */
2321 for (j = 0; j < num_pkts && rc == 0; j++) {
2323 /* packet with sequence number 0 is invalid */
2324 ut_params->ibuf[j] = setup_test_string_tunneled(
2325 ts_params->mbuf_pool, null_encrypted_data,
2326 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2327 if (ut_params->ibuf[j] == NULL)
2332 rc = test_ipsec_crypto_op_alloc(num_pkts);
2335 /* call ipsec library api */
2336 rc = crypto_ipsec_2sa();
2338 rc = crypto_inb_burst_2sa_null_null_check(
2341 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2347 if (rc == TEST_FAILED)
2348 test_ipsec_dump_buffers(ut_params, i);
2356 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2360 struct ipsec_unitest_params *ut_params = &unittest_params;
2362 ut_params->ipsec_xform.spi = INBOUND_SPI;
2363 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2364 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2365 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2366 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2368 for (i = 0; i < num_cfg && rc == 0; i++) {
2369 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2370 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2377 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2379 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2380 struct ipsec_unitest_params *ut_params = &unittest_params;
2381 uint16_t num_pkts = test_cfg[i].num_pkts;
2385 if (num_pkts != BURST_SIZE)
2388 /* create rte_ipsec_sa */
2389 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2390 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2392 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2397 /* create second rte_ipsec_sa */
2398 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2399 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2400 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2402 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2408 /* Generate test mbuf data */
2409 for (j = 0; j < num_pkts && rc == 0; j++) {
2410 k = crypto_ipsec_4grp(j);
2412 /* packet with sequence number 0 is invalid */
2413 ut_params->ibuf[j] = setup_test_string_tunneled(
2414 ts_params->mbuf_pool, null_encrypted_data,
2415 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2416 if (ut_params->ibuf[j] == NULL)
2421 rc = test_ipsec_crypto_op_alloc(num_pkts);
2424 /* call ipsec library api */
2425 rc = crypto_ipsec_2sa_4grp();
2427 rc = crypto_inb_burst_2sa_null_null_check(
2430 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2436 if (rc == TEST_FAILED)
2437 test_ipsec_dump_buffers(ut_params, i);
2445 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2449 struct ipsec_unitest_params *ut_params = &unittest_params;
2451 ut_params->ipsec_xform.spi = INBOUND_SPI;
2452 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2453 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2454 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2455 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2457 for (i = 0; i < num_cfg && rc == 0; i++) {
2458 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2459 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2465 static struct unit_test_suite ipsec_testsuite = {
2466 .suite_name = "IPsec NULL Unit Test Suite",
2467 .setup = testsuite_setup,
2468 .teardown = testsuite_teardown,
2469 .unit_test_cases = {
2470 TEST_CASE_ST(ut_setup, ut_teardown,
2471 test_ipsec_crypto_inb_burst_null_null_wrapper),
2472 TEST_CASE_ST(ut_setup, ut_teardown,
2473 test_ipsec_crypto_outb_burst_null_null_wrapper),
2474 TEST_CASE_ST(ut_setup, ut_teardown,
2475 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2476 TEST_CASE_ST(ut_setup, ut_teardown,
2477 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2478 TEST_CASE_ST(ut_setup, ut_teardown,
2479 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2480 TEST_CASE_ST(ut_setup, ut_teardown,
2481 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2482 TEST_CASE_ST(ut_setup, ut_teardown,
2483 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2484 TEST_CASE_ST(ut_setup, ut_teardown,
2485 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2486 TEST_CASE_ST(ut_setup, ut_teardown,
2487 test_ipsec_replay_inb_inside_null_null_wrapper),
2488 TEST_CASE_ST(ut_setup, ut_teardown,
2489 test_ipsec_replay_inb_outside_null_null_wrapper),
2490 TEST_CASE_ST(ut_setup, ut_teardown,
2491 test_ipsec_replay_inb_repeat_null_null_wrapper),
2492 TEST_CASE_ST(ut_setup, ut_teardown,
2493 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2494 TEST_CASE_ST(ut_setup, ut_teardown,
2495 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2496 TEST_CASE_ST(ut_setup, ut_teardown,
2497 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2498 TEST_CASES_END() /**< NULL terminate unit test array */
2505 return unit_test_suite_runner(&ipsec_testsuite);
2508 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);
git.droids-corp.org / dpdk.git / blob