1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2015-2017 Intel Corporation
5 #include <rte_common.h>
6 #include <rte_hexdump.h>
8 #include <rte_malloc.h>
9 #include <rte_memcpy.h>
10 #include <rte_pause.h>
12 #include <rte_crypto.h>
13 #include <rte_cryptodev.h>
14 #include <rte_cryptodev_pmd.h>
17 #include "test_cryptodev.h"
18 #include "test_cryptodev_blockcipher.h"
19 #include "test_cryptodev_aes_test_vectors.h"
20 #include "test_cryptodev_des_test_vectors.h"
21 #include "test_cryptodev_hash_test_vectors.h"
24 verify_algo_support(const struct blockcipher_test_case *t,
25 const uint8_t dev_id, const uint32_t digest_len)
28 const struct blockcipher_test_data *tdata = t->test_data;
29 struct rte_cryptodev_sym_capability_idx cap_idx;
30 const struct rte_cryptodev_symmetric_capability *capability;
32 if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER) {
33 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
34 cap_idx.algo.cipher = tdata->crypto_algo;
35 capability = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
36 if (capability == NULL)
39 if (cap_idx.algo.cipher != RTE_CRYPTO_CIPHER_NULL &&
40 !(t->test_data->wrapped_key))
41 ret = rte_cryptodev_sym_capability_check_cipher(capability,
42 tdata->cipher_key.len,
48 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH) {
49 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
50 cap_idx.algo.auth = tdata->auth_algo;
51 capability = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
52 if (capability == NULL)
55 if (cap_idx.algo.auth != RTE_CRYPTO_AUTH_NULL)
56 ret = rte_cryptodev_sym_capability_check_auth(capability,
68 test_blockcipher_one_case(const struct blockcipher_test_case *t,
69 struct rte_mempool *mbuf_pool,
70 struct rte_mempool *op_mpool,
71 struct rte_mempool *sess_mpool,
72 struct rte_mempool *sess_priv_mpool,
76 struct rte_mbuf *ibuf = NULL;
77 struct rte_mbuf *obuf = NULL;
78 struct rte_mbuf *iobuf;
79 struct rte_crypto_sym_xform *cipher_xform = NULL;
80 struct rte_crypto_sym_xform *auth_xform = NULL;
81 struct rte_crypto_sym_xform *init_xform = NULL;
82 struct rte_crypto_sym_op *sym_op = NULL;
83 struct rte_crypto_op *op = NULL;
84 struct rte_cryptodev_info dev_info;
85 struct rte_cryptodev_sym_session *sess = NULL;
87 int status = TEST_SUCCESS;
88 const struct blockcipher_test_data *tdata = t->test_data;
89 uint8_t cipher_key[tdata->cipher_key.len];
90 uint8_t auth_key[tdata->auth_key.len];
91 uint32_t buf_len = tdata->ciphertext.len;
92 uint32_t digest_len = tdata->digest.len;
94 uint8_t src_pattern = 0xa5;
95 uint8_t dst_pattern = 0xb6;
96 uint8_t tmp_src_buf[MBUF_SIZE];
97 uint8_t tmp_dst_buf[MBUF_SIZE];
101 uint32_t nb_iterates = 0;
103 rte_cryptodev_info_get(dev_id, &dev_info);
104 uint64_t feat_flags = dev_info.feature_flags;
106 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
107 if (!(feat_flags & RTE_CRYPTODEV_FF_SYM_SESSIONLESS)) {
108 printf("Device doesn't support sessionless operations "
110 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
115 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED) {
116 if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
117 printf("Device doesn't support encrypted digest "
119 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
124 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SG) {
125 uint64_t oop_flag = RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT;
127 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_OOP) {
128 if (!(feat_flags & oop_flag)) {
129 printf("Device doesn't support out-of-place "
130 "scatter-gather in input mbuf. "
132 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
137 if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
138 printf("Device doesn't support in-place "
139 "scatter-gather mbufs. "
141 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
149 if (!!(feat_flags & RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY) ^
150 tdata->wrapped_key) {
151 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
156 if (global_api_test_type == CRYPTODEV_RAW_API_TEST &&
157 !(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP)) {
158 printf("Device doesn't support raw data-path APIs. "
160 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "SKIPPED");
164 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_OOP) {
165 uint64_t oop_flags = RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
166 RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
167 RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
168 RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT;
169 if (!(feat_flags & oop_flags)) {
170 printf("Device doesn't support out-of-place operations."
172 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
176 if (global_api_test_type == CRYPTODEV_RAW_API_TEST) {
177 printf("Raw Data Path APIs do not support OOP, "
179 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "SKIPPED");
180 status = TEST_SKIPPED;
185 if (tdata->cipher_key.len)
186 memcpy(cipher_key, tdata->cipher_key.data,
187 tdata->cipher_key.len);
188 if (tdata->auth_key.len)
189 memcpy(auth_key, tdata->auth_key.data,
190 tdata->auth_key.len);
192 /* Check if PMD is capable of performing that test */
193 if (verify_algo_support(t, dev_id, digest_len) < 0) {
194 RTE_LOG(DEBUG, USER1,
195 "Device does not support this algorithm."
197 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "SKIPPED");
202 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH)
203 buf_len += digest_len;
205 pad_len = RTE_ALIGN(buf_len, 16) - buf_len;
206 if (t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED)
209 /* for contiguous mbuf, nb_segs is 1 */
210 ibuf = create_segmented_mbuf(mbuf_pool,
211 tdata->ciphertext.len, nb_segs, src_pattern);
213 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
214 "line %u FAILED: %s",
215 __LINE__, "Cannot create source mbuf");
216 status = TEST_FAILED;
220 /* only encryption requires plaintext.data input,
221 * decryption/(digest gen)/(digest verify) use ciphertext.data
224 if (t->op_mask & BLOCKCIPHER_TEST_OP_ENCRYPT)
225 pktmbuf_write(ibuf, 0, tdata->plaintext.len,
226 tdata->plaintext.data);
228 pktmbuf_write(ibuf, 0, tdata->ciphertext.len,
229 tdata->ciphertext.data);
231 buf_p = rte_pktmbuf_append(ibuf, digest_len);
232 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
233 if (t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED)
235 tdata->ciphertext.data + tdata->ciphertext.len,
238 rte_memcpy(buf_p, tdata->digest.data, digest_len);
240 memset(buf_p, 0, digest_len);
241 if (t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED) {
242 buf_p = rte_pktmbuf_append(ibuf, pad_len);
244 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
245 "FAILED: %s", __LINE__,
246 "No room to append mbuf");
247 status = TEST_FAILED;
250 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY) {
251 const uint8_t *temp_p = tdata->ciphertext.data +
252 tdata->ciphertext.len +
254 rte_memcpy(buf_p, temp_p, pad_len);
256 memset(buf_p, 0xa5, pad_len);
259 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_OOP) {
260 obuf = rte_pktmbuf_alloc(mbuf_pool);
262 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
263 "FAILED: %s", __LINE__,
264 "Allocation of rte_mbuf failed");
265 status = TEST_FAILED;
268 memset(obuf->buf_addr, dst_pattern, obuf->buf_len);
270 buf_p = rte_pktmbuf_append(obuf, buf_len + pad_len);
272 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
273 "FAILED: %s", __LINE__,
274 "No room to append mbuf");
275 status = TEST_FAILED;
278 memset(buf_p, 0, buf_len);
281 /* Generate Crypto op data structure */
282 op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
284 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
285 "line %u FAILED: %s",
286 __LINE__, "Failed to allocate symmetric crypto "
288 status = TEST_FAILED;
296 struct rte_mbuf *tmp_buf = ibuf;
301 rte_pktmbuf_reset(ibuf);
302 rte_pktmbuf_reset(obuf);
304 rte_pktmbuf_append(ibuf, tdata->ciphertext.len);
306 /* only encryption requires plaintext.data input,
307 * decryption/(digest gen)/(digest verify) use ciphertext.data
310 if (t->op_mask & BLOCKCIPHER_TEST_OP_ENCRYPT)
311 pktmbuf_write(ibuf, 0, tdata->plaintext.len,
312 tdata->plaintext.data);
314 pktmbuf_write(ibuf, 0, tdata->ciphertext.len,
315 tdata->ciphertext.data);
317 buf_p = rte_pktmbuf_append(ibuf, digest_len);
318 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY)
319 rte_memcpy(buf_p, tdata->digest.data, digest_len);
321 memset(buf_p, 0, digest_len);
323 memset(obuf->buf_addr, dst_pattern, obuf->buf_len);
325 buf_p = rte_pktmbuf_append(obuf, buf_len);
327 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
328 "FAILED: %s", __LINE__,
329 "No room to append mbuf");
330 status = TEST_FAILED;
333 memset(buf_p, 0, buf_len);
336 sym_op->m_src = ibuf;
338 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_OOP) {
339 sym_op->m_dst = obuf;
342 sym_op->m_dst = NULL;
346 /* sessionless op requires allocate xform using
347 * rte_crypto_op_sym_xforms_alloc(), otherwise rte_zmalloc()
350 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
351 uint32_t n_xforms = 0;
353 if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER)
355 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH)
358 if (rte_crypto_op_sym_xforms_alloc(op, n_xforms)
360 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
361 "FAILED: %s", __LINE__, "Failed to "
362 "allocate space for crypto transforms");
363 status = TEST_FAILED;
367 cipher_xform = rte_zmalloc(NULL,
368 sizeof(struct rte_crypto_sym_xform), 0);
370 auth_xform = rte_zmalloc(NULL,
371 sizeof(struct rte_crypto_sym_xform), 0);
373 if (!cipher_xform || !auth_xform) {
374 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
375 "FAILED: %s", __LINE__, "Failed to "
376 "allocate memory for crypto transforms");
377 status = TEST_FAILED;
382 /* preparing xform, for sessioned op, init_xform is initialized
383 * here and later as param in rte_cryptodev_sym_session_create() call
385 if (t->op_mask == BLOCKCIPHER_TEST_OP_ENC_AUTH_GEN) {
386 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
387 cipher_xform = op->sym->xform;
388 auth_xform = cipher_xform->next;
389 auth_xform->next = NULL;
391 cipher_xform->next = auth_xform;
392 auth_xform->next = NULL;
393 init_xform = cipher_xform;
395 } else if (t->op_mask == BLOCKCIPHER_TEST_OP_AUTH_VERIFY_DEC) {
396 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
397 auth_xform = op->sym->xform;
398 cipher_xform = auth_xform->next;
399 cipher_xform->next = NULL;
401 auth_xform->next = cipher_xform;
402 cipher_xform->next = NULL;
403 init_xform = auth_xform;
405 } else if (t->op_mask == BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC) {
406 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
407 auth_xform = op->sym->xform;
408 cipher_xform = auth_xform->next;
409 cipher_xform->next = NULL;
411 auth_xform->next = cipher_xform;
412 cipher_xform->next = NULL;
413 init_xform = auth_xform;
415 } else if (t->op_mask == BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY) {
416 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) {
417 cipher_xform = op->sym->xform;
418 auth_xform = cipher_xform->next;
419 auth_xform->next = NULL;
421 cipher_xform->next = auth_xform;
422 auth_xform->next = NULL;
423 init_xform = cipher_xform;
425 } else if ((t->op_mask == BLOCKCIPHER_TEST_OP_ENCRYPT) ||
426 (t->op_mask == BLOCKCIPHER_TEST_OP_DECRYPT)) {
427 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)
428 cipher_xform = op->sym->xform;
430 init_xform = cipher_xform;
431 cipher_xform->next = NULL;
432 } else if ((t->op_mask == BLOCKCIPHER_TEST_OP_AUTH_GEN) ||
433 (t->op_mask == BLOCKCIPHER_TEST_OP_AUTH_VERIFY)) {
434 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)
435 auth_xform = op->sym->xform;
437 init_xform = auth_xform;
438 auth_xform->next = NULL;
440 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
441 "line %u FAILED: %s",
442 __LINE__, "Unrecognized operation");
443 status = TEST_FAILED;
447 /*configure xforms & sym_op cipher and auth data*/
448 if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER) {
449 cipher_xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
450 cipher_xform->cipher.algo = tdata->crypto_algo;
451 if (t->op_mask & BLOCKCIPHER_TEST_OP_ENCRYPT)
452 cipher_xform->cipher.op =
453 RTE_CRYPTO_CIPHER_OP_ENCRYPT;
455 cipher_xform->cipher.op =
456 RTE_CRYPTO_CIPHER_OP_DECRYPT;
457 cipher_xform->cipher.key.data = cipher_key;
458 cipher_xform->cipher.key.length = tdata->cipher_key.len;
459 cipher_xform->cipher.iv.offset = IV_OFFSET;
460 cipher_xform->cipher.dataunit_len = tdata->xts_dataunit_len;
462 if (tdata->crypto_algo == RTE_CRYPTO_CIPHER_NULL)
463 cipher_xform->cipher.iv.length = 0;
465 cipher_xform->cipher.iv.length = tdata->iv.len;
467 sym_op->cipher.data.offset = tdata->cipher_offset;
468 sym_op->cipher.data.length = tdata->ciphertext.len -
469 tdata->cipher_offset;
470 if (t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED) {
471 sym_op->cipher.data.length += tdata->digest.len;
472 sym_op->cipher.data.length += pad_len;
474 rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
479 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH) {
480 uint32_t digest_offset = tdata->ciphertext.len;
482 auth_xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
483 auth_xform->auth.algo = tdata->auth_algo;
484 auth_xform->auth.key.length = tdata->auth_key.len;
485 auth_xform->auth.key.data = auth_key;
486 auth_xform->auth.digest_length = digest_len;
488 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
489 auth_xform->auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
490 sym_op->auth.digest.data = pktmbuf_mtod_offset
491 (iobuf, digest_offset);
492 sym_op->auth.digest.phys_addr =
493 pktmbuf_iova_offset(iobuf,
496 auth_xform->auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
497 sym_op->auth.digest.data = pktmbuf_mtod_offset
498 (sym_op->m_src, digest_offset);
499 sym_op->auth.digest.phys_addr =
500 pktmbuf_iova_offset(sym_op->m_src,
504 sym_op->auth.data.offset = tdata->auth_offset;
505 sym_op->auth.data.length = tdata->ciphertext.len -
510 * Create session for sessioned op. For mbuf iteration test,
511 * skip the session creation for the second iteration.
513 if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS) &&
515 sess = rte_cryptodev_sym_session_create(sess_mpool);
517 status = rte_cryptodev_sym_session_init(dev_id, sess,
518 init_xform, sess_priv_mpool);
519 if (status == -ENOTSUP) {
520 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "UNSUPPORTED");
521 status = TEST_SKIPPED;
524 if (!sess || status < 0) {
525 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
526 "FAILED: %s", __LINE__,
527 "Session creation failed");
528 status = TEST_FAILED;
532 /* attach symmetric crypto session to crypto operations */
533 rte_crypto_op_attach_sym_session(op, sess);
536 debug_hexdump(stdout, "m_src(before):",
537 sym_op->m_src->buf_addr, sym_op->m_src->buf_len);
538 rte_memcpy(tmp_src_buf, sym_op->m_src->buf_addr,
539 sym_op->m_src->buf_len);
540 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_OOP) {
541 debug_hexdump(stdout, "m_dst(before):",
542 sym_op->m_dst->buf_addr, sym_op->m_dst->buf_len);
543 rte_memcpy(tmp_dst_buf, sym_op->m_dst->buf_addr,
544 sym_op->m_dst->buf_len);
547 /* Process crypto operation */
548 if (global_api_test_type == CRYPTODEV_RAW_API_TEST) {
549 uint8_t is_cipher = 0, is_auth = 0;
550 if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER)
552 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH)
555 process_sym_raw_dp_op(dev_id, 0, op, is_cipher, is_auth, 0,
558 if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
559 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
560 "line %u FAILED: %s",
561 __LINE__, "Error sending packet for encryption");
562 status = TEST_FAILED;
568 while (rte_cryptodev_dequeue_burst(dev_id, 0, &op, 1) == 0)
572 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
573 "line %u FAILED: %s",
574 __LINE__, "Failed to process sym crypto op");
575 status = TEST_FAILED;
580 debug_hexdump(stdout, "m_src(after):",
581 sym_op->m_src->buf_addr, sym_op->m_src->buf_len);
582 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_OOP)
583 debug_hexdump(stdout, "m_dst(after):",
584 sym_op->m_dst->buf_addr, sym_op->m_dst->buf_len);
587 if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
588 if ((t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_VERIFY) &&
589 (op->status == RTE_CRYPTO_OP_STATUS_AUTH_FAILED))
590 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
591 "FAILED: Digest verification failed "
592 "(0x%X)", __LINE__, op->status);
594 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
595 "FAILED: Operation failed "
596 "(0x%X)", __LINE__, op->status);
597 status = TEST_FAILED;
601 if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER) {
602 uint8_t buffer[2048];
603 const uint8_t *compare_ref;
604 uint32_t compare_len;
606 if (t->op_mask & BLOCKCIPHER_TEST_OP_ENCRYPT) {
607 compare_ref = tdata->ciphertext.data +
608 tdata->cipher_offset;
609 compare_len = tdata->ciphertext.len -
610 tdata->cipher_offset;
611 if (t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED)
612 compare_len += tdata->digest.len;
614 compare_ref = tdata->plaintext.data +
615 tdata->cipher_offset;
616 compare_len = tdata->plaintext.len -
617 tdata->cipher_offset;
620 if (memcmp(rte_pktmbuf_read(iobuf, tdata->cipher_offset,
621 compare_len, buffer), compare_ref,
623 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
624 "FAILED: %s", __LINE__,
625 "Crypto data not as expected");
626 status = TEST_FAILED;
631 /* Check digest data only in enc-then-auth_gen case.
632 * In auth_gen-then-enc case, cipher text contains both encrypted
633 * plain text and encrypted digest value. If cipher text is correct,
634 * it implies digest is also generated properly.
636 if (!(t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED))
637 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
638 uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
639 tdata->ciphertext.len);
641 if (memcmp(auth_res, tdata->digest.data, digest_len)) {
642 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
643 "FAILED: %s", __LINE__, "Generated "
644 "digest data not as expected");
645 status = TEST_FAILED;
650 /* The only parts that should have changed in the buffer are
651 * plaintext/ciphertext and digest.
652 * In OOP only the dest buffer should change.
654 if (t->feature_mask & BLOCKCIPHER_TEST_FEATURE_OOP) {
655 struct rte_mbuf *mbuf;
657 uint32_t head_unchanged_len, changed_len = 0;
659 uint32_t hdroom_used = 0, tlroom_used = 0;
662 mbuf = sym_op->m_src;
664 * Crypto PMDs specify the headroom & tailroom it would use
665 * when processing the crypto operation. PMD is free to modify
666 * this space, and so the verification check should skip that
669 hdroom_used = dev_info.min_mbuf_headroom_req;
670 tlroom_used = dev_info.min_mbuf_tailroom_req;
673 hdroom = rte_pktmbuf_headroom(mbuf);
675 head_unchanged_len = mbuf->buf_len;
677 for (i = 0; i < mbuf->buf_len; i++) {
679 /* Skip headroom used by PMD */
680 if (i == hdroom - hdroom_used)
683 /* Skip tailroom used by PMD */
684 if (i == (hdroom + mbuf->data_len))
687 value = *((uint8_t *)(mbuf->buf_addr)+i);
688 if (value != tmp_src_buf[i]) {
689 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
690 "line %u FAILED: OOP src outer mbuf data (0x%x) not as expected (0x%x)",
691 __LINE__, value, tmp_src_buf[i]);
692 status = TEST_FAILED;
697 mbuf = sym_op->m_dst;
698 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH) {
699 head_unchanged_len = hdroom + sym_op->auth.data.offset;
700 changed_len = sym_op->auth.data.length;
701 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
702 changed_len += digest_len;
705 head_unchanged_len = hdroom +
706 sym_op->cipher.data.offset;
707 changed_len = sym_op->cipher.data.length;
710 if (t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED)
711 changed_len = sym_op->cipher.data.length +
712 digest_len + pad_len;
714 for (i = 0; i < mbuf->buf_len; i++) {
715 if (i == head_unchanged_len)
717 value = *((uint8_t *)(mbuf->buf_addr)+i);
718 if (value != tmp_dst_buf[i]) {
719 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
720 "line %u FAILED: OOP dst outer mbuf data "
721 "(0x%x) not as expected (0x%x)",
722 __LINE__, value, tmp_dst_buf[i]);
723 status = TEST_FAILED;
733 /* In-place operation */
734 struct rte_mbuf *mbuf;
736 uint32_t head_unchanged_len = 0, changed_len = 0;
738 uint32_t hdroom_used = 0, tlroom_used = 0;
742 * Crypto PMDs specify the headroom & tailroom it would use
743 * when processing the crypto operation. PMD is free to modify
744 * this space, and so the verification check should skip that
747 hdroom_used = dev_info.min_mbuf_headroom_req;
748 tlroom_used = dev_info.min_mbuf_tailroom_req;
750 mbuf = sym_op->m_src;
753 hdroom = rte_pktmbuf_headroom(mbuf);
755 if (t->op_mask & BLOCKCIPHER_TEST_OP_CIPHER) {
756 head_unchanged_len = hdroom +
757 sym_op->cipher.data.offset;
758 changed_len = sym_op->cipher.data.length;
761 head_unchanged_len = hdroom +
762 sym_op->auth.data.offset +
763 sym_op->auth.data.length;
767 if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN)
768 changed_len += digest_len;
770 if (t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED)
771 changed_len = sym_op->cipher.data.length;
773 for (i = 0; i < mbuf->buf_len; i++) {
775 /* Skip headroom used by PMD */
776 if (i == hdroom - hdroom_used)
779 if (i == head_unchanged_len)
782 /* Skip tailroom used by PMD */
783 if (i == (hdroom + mbuf->data_len))
786 value = *((uint8_t *)(mbuf->buf_addr)+i);
787 if (value != tmp_src_buf[i]) {
788 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
789 "line %u FAILED: outer mbuf data (0x%x) "
790 "not as expected (0x%x)",
791 __LINE__, value, tmp_src_buf[i]);
792 status = TEST_FAILED;
798 snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "PASS");
801 if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)) {
803 rte_cryptodev_sym_session_clear(dev_id, sess);
804 rte_cryptodev_sym_session_free(sess);
807 rte_free(cipher_xform);
809 rte_free(auth_xform);
813 rte_crypto_op_free(op);
816 rte_pktmbuf_free(obuf);
819 rte_pktmbuf_free(ibuf);
825 blockcipher_test_case_run(const void *data)
827 const struct blockcipher_test_case *tc_data = data;
829 char test_msg[BLOCKCIPHER_TEST_MSG_LEN + 1];
831 status = test_blockcipher_one_case(tc_data,
832 p_testsuite_params->mbuf_pool,
833 p_testsuite_params->op_mpool,
834 p_testsuite_params->session_mpool,
835 p_testsuite_params->session_priv_mpool,
836 p_testsuite_params->valid_devs[0],
842 aes_chain_setup(void)
844 uint8_t dev_id = p_testsuite_params->valid_devs[0];
845 struct rte_cryptodev_info dev_info;
847 const enum rte_crypto_cipher_algorithm ciphers[] = {
848 RTE_CRYPTO_CIPHER_NULL,
849 RTE_CRYPTO_CIPHER_AES_CTR,
850 RTE_CRYPTO_CIPHER_AES_CBC
852 const enum rte_crypto_auth_algorithm auths[] = {
853 RTE_CRYPTO_AUTH_NULL,
854 RTE_CRYPTO_AUTH_SHA1_HMAC,
855 RTE_CRYPTO_AUTH_AES_XCBC_MAC,
856 RTE_CRYPTO_AUTH_SHA256_HMAC,
857 RTE_CRYPTO_AUTH_SHA512_HMAC,
858 RTE_CRYPTO_AUTH_SHA224_HMAC,
859 RTE_CRYPTO_AUTH_SHA384_HMAC
862 rte_cryptodev_info_get(dev_id, &dev_info);
863 feat_flags = dev_info.feature_flags;
865 if (!(feat_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
866 ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
867 !(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
868 RTE_LOG(INFO, USER1, "Feature flag requirements for AES Chain "
869 "testsuite not met\n");
873 if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0
874 && check_auth_capabilities_supported(auths,
875 RTE_DIM(auths)) != 0) {
876 RTE_LOG(INFO, USER1, "Capability requirements for AES Chain "
877 "testsuite not met\n");
885 aes_cipheronly_setup(void)
887 uint8_t dev_id = p_testsuite_params->valid_devs[0];
888 struct rte_cryptodev_info dev_info;
890 const enum rte_crypto_cipher_algorithm ciphers[] = {
891 RTE_CRYPTO_CIPHER_NULL,
892 RTE_CRYPTO_CIPHER_AES_CTR,
893 RTE_CRYPTO_CIPHER_AES_CBC,
894 RTE_CRYPTO_CIPHER_AES_ECB,
895 RTE_CRYPTO_CIPHER_AES_XTS
897 const enum rte_crypto_auth_algorithm auths[] = {
898 RTE_CRYPTO_AUTH_NULL,
899 RTE_CRYPTO_AUTH_SHA1_HMAC,
900 RTE_CRYPTO_AUTH_AES_XCBC_MAC
903 rte_cryptodev_info_get(dev_id, &dev_info);
904 feat_flags = dev_info.feature_flags;
906 if (!(feat_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
907 ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
908 !(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
909 RTE_LOG(INFO, USER1, "Feature flag requirements for AES Cipheronly "
910 "testsuite not met\n");
914 if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0
915 && check_auth_capabilities_supported(auths,
916 RTE_DIM(auths)) != 0) {
917 RTE_LOG(INFO, USER1, "Capability requirements for AES Cipheronly "
918 "testsuite not met\n");
926 aes_docsis_setup(void)
928 uint8_t dev_id = p_testsuite_params->valid_devs[0];
929 struct rte_cryptodev_info dev_info;
931 const enum rte_crypto_cipher_algorithm ciphers[] = {
932 RTE_CRYPTO_CIPHER_AES_DOCSISBPI
935 rte_cryptodev_info_get(dev_id, &dev_info);
936 feat_flags = dev_info.feature_flags;
938 /* Data-path service does not support DOCSIS yet */
939 if (!(feat_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
940 (global_api_test_type == CRYPTODEV_RAW_API_TEST)) {
941 RTE_LOG(INFO, USER1, "Feature flag requirements for AES Docsis "
942 "testsuite not met\n");
946 if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0) {
947 RTE_LOG(INFO, USER1, "Capability requirements for AES Docsis "
948 "testsuite not met\n");
956 triple_des_chain_setup(void)
958 uint8_t dev_id = p_testsuite_params->valid_devs[0];
959 struct rte_cryptodev_info dev_info;
961 const enum rte_crypto_cipher_algorithm ciphers[] = {
962 RTE_CRYPTO_CIPHER_3DES_CTR,
963 RTE_CRYPTO_CIPHER_3DES_CBC
965 const enum rte_crypto_auth_algorithm auths[] = {
966 RTE_CRYPTO_AUTH_SHA1_HMAC,
970 rte_cryptodev_info_get(dev_id, &dev_info);
971 feat_flags = dev_info.feature_flags;
973 if (!(feat_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
974 ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
975 !(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
976 RTE_LOG(INFO, USER1, "Feature flag requirements for 3DES Chain "
977 "testsuite not met\n");
981 if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0
982 && check_auth_capabilities_supported(auths,
983 RTE_DIM(auths)) != 0) {
984 RTE_LOG(INFO, USER1, "Capability requirements for 3DES Chain "
985 "testsuite not met\n");
993 triple_des_cipheronly_setup(void)
995 uint8_t dev_id = p_testsuite_params->valid_devs[0];
996 struct rte_cryptodev_info dev_info;
998 const enum rte_crypto_cipher_algorithm ciphers[] = {
999 RTE_CRYPTO_CIPHER_3DES_CTR,
1000 RTE_CRYPTO_CIPHER_3DES_CBC
1003 rte_cryptodev_info_get(dev_id, &dev_info);
1004 feat_flags = dev_info.feature_flags;
1006 if (!(feat_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
1007 ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
1008 !(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
1009 RTE_LOG(INFO, USER1, "Feature flag requirements for 3DES "
1010 "Cipheronly testsuite not met\n");
1011 return TEST_SKIPPED;
1014 if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0) {
1015 RTE_LOG(INFO, USER1, "Capability requirements for 3DES "
1016 "Cipheronly testsuite not met\n");
1017 return TEST_SKIPPED;
1024 des_cipheronly_setup(void)
1026 uint8_t dev_id = p_testsuite_params->valid_devs[0];
1027 struct rte_cryptodev_info dev_info;
1028 uint64_t feat_flags;
1029 const enum rte_crypto_cipher_algorithm ciphers[] = {
1030 RTE_CRYPTO_CIPHER_DES_CBC
1033 rte_cryptodev_info_get(dev_id, &dev_info);
1034 feat_flags = dev_info.feature_flags;
1036 if (!(feat_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
1037 ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
1038 !(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
1039 RTE_LOG(INFO, USER1, "Feature flag requirements for DES "
1040 "Cipheronly testsuite not met\n");
1041 return TEST_SKIPPED;
1044 if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0) {
1045 RTE_LOG(INFO, USER1, "Capability requirements for DES "
1046 "Cipheronly testsuite not met\n");
1047 return TEST_SKIPPED;
1054 des_docsis_setup(void)
1056 uint8_t dev_id = p_testsuite_params->valid_devs[0];
1057 struct rte_cryptodev_info dev_info;
1058 uint64_t feat_flags;
1059 const enum rte_crypto_cipher_algorithm ciphers[] = {
1060 RTE_CRYPTO_CIPHER_DES_DOCSISBPI
1063 rte_cryptodev_info_get(dev_id, &dev_info);
1064 feat_flags = dev_info.feature_flags;
1066 /* Data-path service does not support DOCSIS yet */
1067 if (!(feat_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
1068 (global_api_test_type == CRYPTODEV_RAW_API_TEST)) {
1069 RTE_LOG(INFO, USER1, "Feature flag requirements for DES Docsis "
1070 "testsuite not met\n");
1071 return TEST_SKIPPED;
1074 if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0) {
1075 RTE_LOG(INFO, USER1, "Capability requirements for DES Docsis "
1076 "testsuite not met\n");
1077 return TEST_SKIPPED;
1084 authonly_setup(void)
1086 uint8_t dev_id = p_testsuite_params->valid_devs[0];
1087 struct rte_cryptodev_info dev_info;
1088 uint64_t feat_flags;
1089 const enum rte_crypto_auth_algorithm auths[] = {
1090 RTE_CRYPTO_AUTH_MD5,
1091 RTE_CRYPTO_AUTH_MD5_HMAC,
1092 RTE_CRYPTO_AUTH_SHA1,
1093 RTE_CRYPTO_AUTH_SHA1_HMAC,
1094 RTE_CRYPTO_AUTH_SHA224,
1095 RTE_CRYPTO_AUTH_SHA224_HMAC,
1096 RTE_CRYPTO_AUTH_SHA256,
1097 RTE_CRYPTO_AUTH_SHA256_HMAC,
1098 RTE_CRYPTO_AUTH_SHA384,
1099 RTE_CRYPTO_AUTH_SHA384_HMAC,
1100 RTE_CRYPTO_AUTH_SHA512,
1101 RTE_CRYPTO_AUTH_SHA512_HMAC,
1102 RTE_CRYPTO_AUTH_AES_CMAC,
1103 RTE_CRYPTO_AUTH_NULL,
1104 RTE_CRYPTO_AUTH_AES_XCBC_MAC
1107 rte_cryptodev_info_get(dev_id, &dev_info);
1108 feat_flags = dev_info.feature_flags;
1110 if (!(feat_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
1111 ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
1112 !(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
1113 RTE_LOG(INFO, USER1, "Feature flag requirements for Auth Only "
1114 "testsuite not met\n");
1115 return TEST_SKIPPED;
1118 if (check_auth_capabilities_supported(auths, RTE_DIM(auths)) != 0) {
1119 RTE_LOG(INFO, USER1, "Capability requirements for Auth Only "
1120 "testsuite not met\n");
1121 return TEST_SKIPPED;
1127 struct unit_test_suite *
1128 build_blockcipher_test_suite(enum blockcipher_test_type test_type)
1130 int i, n_test_cases = 0;
1131 struct unit_test_suite *ts;
1132 const char *ts_name = NULL;
1133 const struct blockcipher_test_case *blk_tcs;
1134 struct unit_test_case *tc;
1135 int (*ts_setup)(void) = NULL;
1137 switch (test_type) {
1138 case BLKCIPHER_AES_CHAIN_TYPE:
1139 n_test_cases = RTE_DIM(aes_chain_test_cases);
1140 blk_tcs = aes_chain_test_cases;
1141 ts_name = "AES Chain";
1142 ts_setup = aes_chain_setup;
1144 case BLKCIPHER_AES_CIPHERONLY_TYPE:
1145 n_test_cases = RTE_DIM(aes_cipheronly_test_cases);
1146 blk_tcs = aes_cipheronly_test_cases;
1147 ts_name = "AES Cipher Only";
1148 ts_setup = aes_cipheronly_setup;
1150 case BLKCIPHER_AES_DOCSIS_TYPE:
1151 n_test_cases = RTE_DIM(aes_docsis_test_cases);
1152 blk_tcs = aes_docsis_test_cases;
1153 ts_name = "AES Docsis";
1154 ts_setup = aes_docsis_setup;
1156 case BLKCIPHER_3DES_CHAIN_TYPE:
1157 n_test_cases = RTE_DIM(triple_des_chain_test_cases);
1158 blk_tcs = triple_des_chain_test_cases;
1159 ts_name = "3DES Chain";
1160 ts_setup = triple_des_chain_setup;
1162 case BLKCIPHER_3DES_CIPHERONLY_TYPE:
1163 n_test_cases = RTE_DIM(triple_des_cipheronly_test_cases);
1164 blk_tcs = triple_des_cipheronly_test_cases;
1165 ts_name = "3DES Cipher Only";
1166 ts_setup = triple_des_cipheronly_setup;
1168 case BLKCIPHER_DES_CIPHERONLY_TYPE:
1169 n_test_cases = RTE_DIM(des_cipheronly_test_cases);
1170 blk_tcs = des_cipheronly_test_cases;
1171 ts_name = "DES Cipher Only";
1172 ts_setup = des_cipheronly_setup;
1174 case BLKCIPHER_DES_DOCSIS_TYPE:
1175 n_test_cases = RTE_DIM(des_docsis_test_cases);
1176 blk_tcs = des_docsis_test_cases;
1177 ts_name = "DES Docsis";
1178 ts_setup = des_docsis_setup;
1180 case BLKCIPHER_AUTHONLY_TYPE:
1181 n_test_cases = RTE_DIM(hash_test_cases);
1182 blk_tcs = hash_test_cases;
1183 ts_name = "Auth Only";
1184 ts_setup = authonly_setup;
1190 ts = calloc(1, sizeof(struct unit_test_suite) +
1191 (sizeof(struct unit_test_case) * (n_test_cases + 1)));
1192 ts->suite_name = ts_name;
1193 ts->setup = ts_setup;
1195 for (i = 0; i < n_test_cases; i++) {
1196 tc = &ts->unit_test_cases[i];
1197 tc->name = blk_tcs[i].test_descr;
1199 tc->setup = ut_setup;
1200 tc->teardown = ut_teardown;
1201 tc->testcase = NULL;
1202 tc->testcase_with_data = blockcipher_test_case_run;
1203 tc->data = &blk_tcs[i];
1205 tc = &ts->unit_test_cases[i];
1209 tc->teardown = NULL;
1210 tc->testcase = NULL;
1211 tc->testcase_with_data = NULL;
1218 free_blockcipher_test_suite(struct unit_test_suite *ts)