1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
10 #include <rte_malloc.h>
11 #include <rte_memcpy.h>
12 #include <rte_cycles.h>
13 #include <rte_bus_vdev.h>
16 #include <rte_crypto.h>
17 #include <rte_cryptodev.h>
18 #include <rte_cryptodev_pmd.h>
19 #include <rte_lcore.h>
20 #include <rte_ipsec.h>
21 #include <rte_random.h>
23 #include <rte_security_driver.h>
26 #include "test_cryptodev.h"
28 #define VDEV_ARGS_SIZE 100
29 #define MAX_NB_SESSIONS 200
31 #define REPLAY_WIN_0 0
32 #define REPLAY_WIN_32 32
33 #define REPLAY_WIN_64 64
34 #define REPLAY_WIN_128 128
35 #define REPLAY_WIN_256 256
36 #define DATA_64_BYTES 64
37 #define DATA_80_BYTES 80
38 #define DATA_100_BYTES 100
40 #define ESN_DISABLED 0
42 #define OUTBOUND_SPI 17
44 #define REORDER_PKTS 1
45 #define DEQUEUE_COUNT 1000
48 enum rte_crypto_sym_xform_type auth;
49 enum rte_crypto_sym_xform_type cipher;
50 enum rte_crypto_sym_xform_type aead;
53 char cipher_algo[128];
57 struct ipsec_testsuite_params {
58 struct rte_mempool *mbuf_pool;
59 struct rte_mempool *cop_mpool;
60 struct rte_cryptodev_config conf;
61 struct rte_cryptodev_qp_conf qp_conf;
64 uint8_t valid_dev_found;
67 struct ipsec_unitest_params {
68 struct rte_crypto_sym_xform cipher_xform;
69 struct rte_crypto_sym_xform auth_xform;
70 struct rte_crypto_sym_xform aead_xform;
71 struct rte_crypto_sym_xform *crypto_xforms;
73 struct rte_security_ipsec_xform ipsec_xform;
75 struct rte_ipsec_sa_prm sa_prm;
76 struct rte_ipsec_session ss[MAX_NB_SAS];
78 struct rte_crypto_op *cop[BURST_SIZE];
80 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
86 struct ipsec_test_cfg {
87 uint32_t replay_win_sz;
92 uint32_t reorder_pkts;
95 static const struct ipsec_test_cfg test_cfg[] = {
96 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
97 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, BURST_SIZE, 0},
98 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
100 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
101 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
103 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
104 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
105 DATA_80_BYTES, 1, 0},
106 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
109 static const int num_cfg = RTE_DIM(test_cfg);
110 static struct ipsec_testsuite_params testsuite_params = { NULL };
111 static struct ipsec_unitest_params unittest_params;
112 static struct user_params uparams;
114 struct supported_cipher_algo {
116 enum rte_crypto_cipher_algorithm algo;
122 struct supported_auth_algo {
124 enum rte_crypto_auth_algorithm algo;
130 const struct supported_cipher_algo cipher_algos[] = {
133 .algo = RTE_CRYPTO_CIPHER_NULL,
140 const struct supported_auth_algo auth_algos[] = {
143 .algo = RTE_CRYPTO_AUTH_NULL,
151 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
152 struct rte_security_session *sess, struct rte_mempool *mp)
154 RTE_SET_USED(device);
158 sess->sess_private_data = NULL;
163 dummy_sec_destroy(void *device, struct rte_security_session *sess)
165 RTE_SET_USED(device);
170 static const struct rte_security_ops dummy_sec_ops = {
171 .session_create = dummy_sec_create,
172 .session_destroy = dummy_sec_destroy,
175 static struct rte_security_ctx dummy_sec_ctx = {
176 .ops = &dummy_sec_ops,
179 static const struct supported_cipher_algo *
180 find_match_cipher_algo(const char *cipher_keyword)
184 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
185 const struct supported_cipher_algo *algo =
188 if (strcmp(cipher_keyword, algo->keyword) == 0)
195 static const struct supported_auth_algo *
196 find_match_auth_algo(const char *auth_keyword)
200 for (i = 0; i < RTE_DIM(auth_algos); i++) {
201 const struct supported_auth_algo *algo =
204 if (strcmp(auth_keyword, algo->keyword) == 0)
212 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
213 const struct supported_auth_algo *auth_algo,
214 const struct supported_cipher_algo *cipher_algo)
216 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
217 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
218 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
219 ut_params->auth_xform.auth.algo = auth_algo->algo;
221 if (ut_params->ipsec_xform.direction ==
222 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
223 ut_params->cipher_xform.cipher.op =
224 RTE_CRYPTO_CIPHER_OP_DECRYPT;
225 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
226 ut_params->cipher_xform.next = NULL;
227 ut_params->auth_xform.next = &ut_params->cipher_xform;
228 ut_params->crypto_xforms = &ut_params->auth_xform;
230 ut_params->cipher_xform.cipher.op =
231 RTE_CRYPTO_CIPHER_OP_ENCRYPT;
232 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
233 ut_params->auth_xform.next = NULL;
234 ut_params->cipher_xform.next = &ut_params->auth_xform;
235 ut_params->crypto_xforms = &ut_params->cipher_xform;
240 check_cryptodev_capablity(const struct ipsec_unitest_params *ut,
243 struct rte_cryptodev_sym_capability_idx cap_idx;
244 const struct rte_cryptodev_symmetric_capability *cap;
247 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
248 cap_idx.algo.auth = ut->auth_xform.auth.algo;
249 cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
252 rc = rte_cryptodev_sym_capability_check_auth(cap,
253 ut->auth_xform.auth.key.length,
254 ut->auth_xform.auth.digest_length, 0);
256 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
257 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
258 cap = rte_cryptodev_sym_capability_get(
261 rc = rte_cryptodev_sym_capability_check_cipher(
263 ut->cipher_xform.cipher.key.length,
264 ut->cipher_xform.cipher.iv.length);
272 testsuite_setup(void)
274 struct ipsec_testsuite_params *ts_params = &testsuite_params;
275 struct ipsec_unitest_params *ut_params = &unittest_params;
276 const struct supported_auth_algo *auth_algo;
277 const struct supported_cipher_algo *cipher_algo;
278 struct rte_cryptodev_info info;
279 uint32_t i, nb_devs, dev_id;
283 memset(ts_params, 0, sizeof(*ts_params));
284 memset(ut_params, 0, sizeof(*ut_params));
285 memset(&uparams, 0, sizeof(struct user_params));
287 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
288 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
289 uparams.aead = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED;
290 strcpy(uparams.auth_algo, "null");
291 strcpy(uparams.cipher_algo, "null");
293 auth_algo = find_match_auth_algo(uparams.auth_algo);
294 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
295 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
297 nb_devs = rte_cryptodev_count();
299 RTE_LOG(WARNING, USER1, "No crypto devices found?\n");
303 /* Find first valid crypto device */
304 for (i = 0; i < nb_devs; i++) {
305 rc = check_cryptodev_capablity(ut_params, i);
307 ts_params->valid_dev = i;
308 ts_params->valid_dev_found = 1;
313 if (ts_params->valid_dev_found == 0)
316 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
318 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
320 if (ts_params->mbuf_pool == NULL) {
321 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
325 ts_params->cop_mpool = rte_crypto_op_pool_create(
326 "MBUF_CRYPTO_SYM_OP_POOL",
327 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
328 NUM_MBUFS, MBUF_CACHE_SIZE,
330 sizeof(struct rte_crypto_sym_xform) +
333 if (ts_params->cop_mpool == NULL) {
334 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
338 /* Set up all the qps on the first of the valid devices found */
339 dev_id = ts_params->valid_dev;
341 rte_cryptodev_info_get(dev_id, &info);
343 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
344 ts_params->conf.socket_id = SOCKET_ID_ANY;
345 ts_params->conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
347 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
348 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
351 * Create mempools for sessions
353 if (info.sym.max_nb_sessions != 0 &&
354 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
355 RTE_LOG(ERR, USER1, "Device does not support "
356 "at least %u sessions\n",
361 ts_params->qp_conf.mp_session_private = rte_mempool_create(
365 0, 0, NULL, NULL, NULL,
369 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
370 "private session mempool allocation failed");
372 ts_params->qp_conf.mp_session =
373 rte_cryptodev_sym_session_pool_create("test_sess_mp",
374 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
376 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
377 "session mempool allocation failed");
379 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
381 "Failed to configure cryptodev %u with %u qps",
382 dev_id, ts_params->conf.nb_queue_pairs);
384 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
386 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
387 dev_id, 0, &ts_params->qp_conf,
388 rte_cryptodev_socket_id(dev_id)),
389 "Failed to setup queue pair %u on cryptodev %u",
396 testsuite_teardown(void)
398 struct ipsec_testsuite_params *ts_params = &testsuite_params;
400 if (ts_params->mbuf_pool != NULL) {
401 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
402 rte_mempool_avail_count(ts_params->mbuf_pool));
403 rte_mempool_free(ts_params->mbuf_pool);
404 ts_params->mbuf_pool = NULL;
407 if (ts_params->cop_mpool != NULL) {
408 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
409 rte_mempool_avail_count(ts_params->cop_mpool));
410 rte_mempool_free(ts_params->cop_mpool);
411 ts_params->cop_mpool = NULL;
414 /* Free session mempools */
415 if (ts_params->qp_conf.mp_session != NULL) {
416 rte_mempool_free(ts_params->qp_conf.mp_session);
417 ts_params->qp_conf.mp_session = NULL;
420 if (ts_params->qp_conf.mp_session_private != NULL) {
421 rte_mempool_free(ts_params->qp_conf.mp_session_private);
422 ts_params->qp_conf.mp_session_private = NULL;
429 struct ipsec_testsuite_params *ts_params = &testsuite_params;
430 struct ipsec_unitest_params *ut_params = &unittest_params;
432 /* Clear unit test parameters before running test */
433 memset(ut_params, 0, sizeof(*ut_params));
435 /* Reconfigure device to default parameters */
436 ts_params->conf.socket_id = SOCKET_ID_ANY;
438 /* Start the device */
439 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
440 "Failed to start cryptodev %u",
441 ts_params->valid_dev);
449 struct ipsec_testsuite_params *ts_params = &testsuite_params;
450 struct ipsec_unitest_params *ut_params = &unittest_params;
453 for (i = 0; i < BURST_SIZE; i++) {
454 /* free crypto operation structure */
455 if (ut_params->cop[i])
456 rte_crypto_op_free(ut_params->cop[i]);
459 * free mbuf - both obuf and ibuf are usually the same,
460 * so check if they point at the same address is necessary,
461 * to avoid freeing the mbuf twice.
463 if (ut_params->obuf[i]) {
464 rte_pktmbuf_free(ut_params->obuf[i]);
465 if (ut_params->ibuf[i] == ut_params->obuf[i])
466 ut_params->ibuf[i] = 0;
467 ut_params->obuf[i] = 0;
469 if (ut_params->ibuf[i]) {
470 rte_pktmbuf_free(ut_params->ibuf[i]);
471 ut_params->ibuf[i] = 0;
474 if (ut_params->testbuf[i]) {
475 rte_pktmbuf_free(ut_params->testbuf[i]);
476 ut_params->testbuf[i] = 0;
480 if (ts_params->mbuf_pool != NULL)
481 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
482 rte_mempool_avail_count(ts_params->mbuf_pool));
484 /* Stop the device */
485 rte_cryptodev_stop(ts_params->valid_dev);
488 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
490 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
491 1, 2, 3, 4, 5, 6, 7, 8,
492 9, 10, 11, 12, 13, 14, 15, 16,
493 17, 18, 19, 20, 21, 22, 23, 24,
494 25, 26, 27, 28, 29, 30, 31, 32,
495 33, 34, 35, 36, 37, 38, 39, 40,
496 41, 42, 43, 44, 45, 46, 47, 48,
497 49, 50, 51, 52, 53, 54, 55, 56,
498 57, 58, 59, 60, 61, 62, 63, 64,
499 65, 66, 67, 68, 69, 70, 71, 72,
500 73, 74, 75, 76, 77, 78, 79, 80,
501 81, 82, 83, 84, 85, 86, 87, 88,
502 89, 90, 91, 92, 93, 94, 95, 96,
503 97, 98, 99, 100, 101, 102, 103, 104,
504 105, 106, 107, 108, 109, 110, 111, 112,
505 113, 114, 115, 116, 117, 118, 119, 120,
506 121, 122, 123, 124, 125, 126, 127, 128,
507 129, 130, 131, 132, 133, 134, 135, 136,
508 137, 138, 139, 140, 141, 142, 143, 144,
509 145, 146, 147, 148, 149, 150, 151, 152,
510 153, 154, 155, 156, 157, 158, 159, 160,
511 161, 162, 163, 164, 165, 166, 167, 168,
512 169, 170, 171, 172, 173, 174, 175, 176,
513 177, 178, 179, 180, 181, 182, 183, 184,
514 185, 186, 187, 188, 189, 190, 191, 192,
515 193, 194, 195, 196, 197, 198, 199, 200,
516 201, 202, 203, 204, 205, 206, 207, 208,
517 209, 210, 211, 212, 213, 214, 215, 216,
518 217, 218, 219, 220, 221, 222, 223, 224,
519 225, 226, 227, 228, 229, 230, 231, 232,
520 233, 234, 235, 236, 237, 238, 239, 240,
521 241, 242, 243, 244, 245, 246, 247, 248,
522 249, 250, 251, 252, 253, 254, 255,
525 /* ***** data for tests ***** */
527 const char null_plain_data[] =
528 "Network Security People Have A Strange Sense Of Humor unlike Other "
529 "People who have a normal sense of humour";
531 const char null_encrypted_data[] =
532 "Network Security People Have A Strange Sense Of Humor unlike Other "
533 "People who have a normal sense of humour";
535 struct rte_ipv4_hdr ipv4_outer = {
536 .version_ihl = IPVERSION << 4 |
537 sizeof(ipv4_outer) / RTE_IPV4_IHL_MULTIPLIER,
538 .time_to_live = IPDEFTTL,
539 .next_proto_id = IPPROTO_ESP,
540 .src_addr = RTE_IPV4(192, 168, 1, 100),
541 .dst_addr = RTE_IPV4(192, 168, 2, 100),
544 static struct rte_mbuf *
545 setup_test_string(struct rte_mempool *mpool,
546 const char *string, size_t len, uint8_t blocksize)
548 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
549 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
552 memset(m->buf_addr, 0, m->buf_len);
553 char *dst = rte_pktmbuf_append(m, t_len);
560 rte_memcpy(dst, string, t_len);
562 memset(dst, 0, t_len);
568 static struct rte_mbuf *
569 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
570 size_t len, uint32_t spi, uint32_t seq)
572 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
573 uint32_t hdrlen = sizeof(struct rte_ipv4_hdr) +
574 sizeof(struct rte_esp_hdr);
575 uint32_t taillen = sizeof(struct esp_tail);
576 uint32_t t_len = len + hdrlen + taillen;
579 struct rte_esp_hdr esph = {
580 .spi = rte_cpu_to_be_32(spi),
581 .seq = rte_cpu_to_be_32(seq)
584 padlen = RTE_ALIGN(t_len, 4) - t_len;
587 struct esp_tail espt = {
589 .next_proto = IPPROTO_IPIP,
595 memset(m->buf_addr, 0, m->buf_len);
596 char *dst = rte_pktmbuf_append(m, t_len);
602 /* copy outer IP and ESP header */
603 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
604 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
605 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
606 dst += sizeof(ipv4_outer);
607 m->l3_len = sizeof(ipv4_outer);
608 rte_memcpy(dst, &esph, sizeof(esph));
611 if (string != NULL) {
613 rte_memcpy(dst, string, len);
616 rte_memcpy(dst, esp_pad_bytes, padlen);
618 /* copy ESP tail header */
619 rte_memcpy(dst, &espt, sizeof(espt));
621 memset(dst, 0, t_len);
627 create_dummy_sec_session(struct ipsec_unitest_params *ut,
628 struct rte_cryptodev_qp_conf *qp, uint32_t j)
630 static struct rte_security_session_conf conf;
632 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
633 &conf, qp->mp_session_private);
635 if (ut->ss[j].security.ses == NULL)
638 ut->ss[j].security.ctx = &dummy_sec_ctx;
639 ut->ss[j].security.ol_flags = 0;
644 create_crypto_session(struct ipsec_unitest_params *ut,
645 struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
648 struct rte_cryptodev_sym_session *s;
650 s = rte_cryptodev_sym_session_create(qp->mp_session);
654 /* initiliaze SA crypto session for device */
655 rc = rte_cryptodev_sym_session_init(dev_id, s,
656 ut->crypto_xforms, qp->mp_session_private);
658 ut->ss[j].crypto.ses = s;
661 /* failure, do cleanup */
662 rte_cryptodev_sym_session_clear(dev_id, s);
663 rte_cryptodev_sym_session_free(s);
669 create_session(struct ipsec_unitest_params *ut,
670 struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
672 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
673 return create_crypto_session(ut, qp, crypto_dev, j);
675 return create_dummy_sec_session(ut, qp, j);
679 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
681 struct ipsec_unitest_params *ut_params = &unittest_params;
682 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
683 const struct supported_auth_algo *auth_algo;
684 const struct supported_cipher_algo *cipher_algo;
686 memset(prm, 0, sizeof(*prm));
690 prm->replay_win_sz = replay_win_sz;
692 /* setup ipsec xform */
693 prm->ipsec_xform = ut_params->ipsec_xform;
694 prm->ipsec_xform.salt = (uint32_t)rte_rand();
696 /* setup tunnel related fields */
697 prm->tun.hdr_len = sizeof(ipv4_outer);
698 prm->tun.next_proto = IPPROTO_IPIP;
699 prm->tun.hdr = &ipv4_outer;
701 /* setup crypto section */
702 if (uparams.aead != 0) {
703 /* TODO: will need to fill out with other test cases */
705 if (uparams.auth == 0 && uparams.cipher == 0)
708 auth_algo = find_match_auth_algo(uparams.auth_algo);
709 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
711 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
714 prm->crypto_xform = ut_params->crypto_xforms;
719 create_sa(enum rte_security_session_action_type action_type,
720 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
722 struct ipsec_testsuite_params *ts = &testsuite_params;
723 struct ipsec_unitest_params *ut = &unittest_params;
727 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
729 rc = fill_ipsec_param(replay_win_sz, flags);
733 /* create rte_ipsec_sa*/
734 sz = rte_ipsec_sa_size(&ut->sa_prm);
735 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
737 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
738 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
739 "failed to allocate memory for rte_ipsec_sa\n");
741 ut->ss[j].type = action_type;
742 rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
746 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
747 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
749 rc = rte_ipsec_session_prepare(&ut->ss[j]);
755 crypto_dequeue_burst(uint16_t num_pkts)
757 struct ipsec_testsuite_params *ts_params = &testsuite_params;
758 struct ipsec_unitest_params *ut_params = &unittest_params;
762 for (i = 0, pkt_cnt = 0;
763 i < DEQUEUE_COUNT && pkt_cnt != num_pkts; i++) {
764 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
765 &ut_params->cop[pkt_cnt], num_pkts - pkt_cnt);
770 if (pkt_cnt != num_pkts) {
771 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
778 crypto_ipsec(uint16_t num_pkts)
780 struct ipsec_testsuite_params *ts_params = &testsuite_params;
781 struct ipsec_unitest_params *ut_params = &unittest_params;
783 struct rte_ipsec_group grp[1];
785 /* call crypto prepare */
786 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
787 ut_params->cop, num_pkts);
789 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
793 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
794 ut_params->cop, num_pkts);
796 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
800 if (crypto_dequeue_burst(num_pkts) == TEST_FAILED)
803 ng = rte_ipsec_pkt_crypto_group(
804 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
805 ut_params->obuf, grp, num_pkts);
807 grp[0].m[0] != ut_params->obuf[0] ||
808 grp[0].cnt != num_pkts ||
809 grp[0].id.ptr != &ut_params->ss[0]) {
810 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
814 /* call crypto process */
815 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
817 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
825 lksd_proto_ipsec(uint16_t num_pkts)
827 struct ipsec_unitest_params *ut_params = &unittest_params;
829 struct rte_ipsec_group grp[1];
831 /* call crypto prepare */
832 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
833 ut_params->cop, num_pkts);
835 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
839 /* check crypto ops */
840 for (i = 0; i != num_pkts; i++) {
841 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
842 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
843 "%s: invalid crypto op type for %u-th packet\n",
845 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
846 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
847 "%s: invalid crypto op status for %u-th packet\n",
849 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
850 RTE_CRYPTO_OP_SECURITY_SESSION,
851 "%s: invalid crypto op sess_type for %u-th packet\n",
853 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
855 "%s: invalid crypto op m_src for %u-th packet\n",
859 /* update crypto ops, pretend all finished ok */
860 for (i = 0; i != num_pkts; i++)
861 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
863 ng = rte_ipsec_pkt_crypto_group(
864 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
865 ut_params->obuf, grp, num_pkts);
867 grp[0].m[0] != ut_params->obuf[0] ||
868 grp[0].cnt != num_pkts ||
869 grp[0].id.ptr != &ut_params->ss[0]) {
870 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
874 /* call crypto process */
875 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
877 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
885 dump_grp_pkt(uint32_t i, struct rte_ipsec_group *grp, uint32_t k)
888 "After rte_ipsec_pkt_process grp[%d].cnt=%d k=%d fail\n",
891 "After rte_ipsec_pkt_process grp[%d].m=%p grp[%d].m[%d]=%p\n",
892 i, grp[i].m, i, k, grp[i].m[k]);
894 rte_pktmbuf_dump(stdout, grp[i].m[k], grp[i].m[k]->data_len);
898 crypto_ipsec_2sa(void)
900 struct ipsec_testsuite_params *ts_params = &testsuite_params;
901 struct ipsec_unitest_params *ut_params = &unittest_params;
902 struct rte_ipsec_group grp[BURST_SIZE];
903 uint32_t k, ng, i, r;
905 for (i = 0; i < BURST_SIZE; i++) {
907 /* call crypto prepare */
908 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
909 ut_params->ibuf + i, ut_params->cop + i, 1);
912 "rte_ipsec_pkt_crypto_prepare fail\n");
915 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
916 ut_params->cop + i, 1);
919 "rte_cryptodev_enqueue_burst fail\n");
924 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
927 ng = rte_ipsec_pkt_crypto_group(
928 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
929 ut_params->obuf, grp, BURST_SIZE);
930 if (ng != BURST_SIZE) {
931 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
936 /* call crypto process */
937 for (i = 0; i < ng; i++) {
938 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
939 if (k != grp[i].cnt) {
940 dump_grp_pkt(i, grp, k);
952 crypto_ipsec_4grp(uint32_t pkt_num)
956 /* group packets in 4 different size groups groups, 2 per SA */
959 else if (pkt_num < PKT_12)
961 else if (pkt_num < PKT_21)
970 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
972 struct ipsec_unitest_params *ut_params = &unittest_params;
977 for (i = 0, j = 0; i < PKT_4; i++, j++)
978 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
982 } else if (grp_ind == 1) {
983 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
984 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
989 } else if (grp_ind == 2) {
990 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
991 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
995 } else if (grp_ind == 3) {
996 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
997 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
1008 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
1013 if (grp[grp_ind].cnt != PKT_4)
1015 } else if (grp_ind == 1) {
1016 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
1018 } else if (grp_ind == 2) {
1019 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
1021 } else if (grp_ind == 3) {
1022 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1031 crypto_ipsec_2sa_4grp(void)
1033 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1034 struct ipsec_unitest_params *ut_params = &unittest_params;
1035 struct rte_ipsec_group grp[BURST_SIZE];
1036 uint32_t k, ng, i, j;
1039 for (i = 0; i < BURST_SIZE; i++) {
1040 j = crypto_ipsec_4grp(i);
1042 /* call crypto prepare */
1043 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1044 ut_params->ibuf + i, ut_params->cop + i, 1);
1047 "rte_ipsec_pkt_crypto_prepare fail\n");
1050 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1051 ut_params->cop + i, 1);
1054 "rte_cryptodev_enqueue_burst fail\n");
1059 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
1062 ng = rte_ipsec_pkt_crypto_group(
1063 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1064 ut_params->obuf, grp, BURST_SIZE);
1066 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1071 /* call crypto process */
1072 for (i = 0; i < ng; i++) {
1073 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1074 if (k != grp[i].cnt) {
1075 dump_grp_pkt(i, grp, k);
1078 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1081 "crypto_ipsec_4grp_check_cnt fail\n");
1084 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1087 "crypto_ipsec_4grp_check_mbufs fail\n");
1091 return TEST_SUCCESS;
1095 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1097 struct ipsec_unitest_params *ut_params = &unittest_params;
1098 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1101 /* reorder packets and create gaps in sequence numbers */
1102 static const uint32_t reorder[BURST_SIZE] = {
1103 24, 25, 26, 27, 28, 29, 30, 31,
1104 16, 17, 18, 19, 20, 21, 22, 23,
1105 8, 9, 10, 11, 12, 13, 14, 15,
1106 0, 1, 2, 3, 4, 5, 6, 7,
1109 if (num_pkts != BURST_SIZE)
1112 for (j = 0; j != BURST_SIZE; j++)
1113 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1115 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1119 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1121 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1122 struct ipsec_unitest_params *ut_params = &unittest_params;
1126 for (j = 0; j < num_pkts && rc == 0; j++) {
1127 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1128 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1129 if (ut_params->cop[j] == NULL) {
1131 "Failed to allocate symmetric crypto op\n");
1140 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1142 uint16_t j = ut_params->pkt_index;
1144 printf("\ntest config: num %d\n", i);
1145 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1146 printf(" esn %u\n", test_cfg[i].esn);
1147 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1148 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1149 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1151 if (ut_params->ibuf[j]) {
1152 printf("ibuf[%u] data:\n", j);
1153 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1154 ut_params->ibuf[j]->data_len);
1156 if (ut_params->obuf[j]) {
1157 printf("obuf[%u] data:\n", j);
1158 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1159 ut_params->obuf[j]->data_len);
1161 if (ut_params->testbuf[j]) {
1162 printf("testbuf[%u] data:\n", j);
1163 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1164 ut_params->testbuf[j]->data_len);
1169 destroy_sa(uint32_t j)
1171 struct ipsec_unitest_params *ut = &unittest_params;
1173 rte_ipsec_sa_fini(ut->ss[j].sa);
1174 rte_free(ut->ss[j].sa);
1175 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1176 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1180 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1185 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1186 ut_params->pkt_index = j;
1188 /* compare the data buffers */
1189 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1190 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1192 "input and output data does not match\n");
1193 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1194 ut_params->obuf[j]->pkt_len,
1195 "data_len is not equal to pkt_len");
1196 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1198 "data_len is not equal to input data");
1205 test_ipsec_crypto_inb_burst_null_null(int i)
1207 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1208 struct ipsec_unitest_params *ut_params = &unittest_params;
1209 uint16_t num_pkts = test_cfg[i].num_pkts;
1213 /* create rte_ipsec_sa */
1214 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1215 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1217 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1221 /* Generate test mbuf data */
1222 for (j = 0; j < num_pkts && rc == 0; j++) {
1223 /* packet with sequence number 0 is invalid */
1224 ut_params->ibuf[j] = setup_test_string_tunneled(
1225 ts_params->mbuf_pool, null_encrypted_data,
1226 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1227 if (ut_params->ibuf[j] == NULL)
1232 if (test_cfg[i].reorder_pkts)
1233 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1234 rc = test_ipsec_crypto_op_alloc(num_pkts);
1238 /* call ipsec library api */
1239 rc = crypto_ipsec(num_pkts);
1241 rc = crypto_inb_burst_null_null_check(
1242 ut_params, i, num_pkts);
1244 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1250 if (rc == TEST_FAILED)
1251 test_ipsec_dump_buffers(ut_params, i);
1258 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1262 struct ipsec_unitest_params *ut_params = &unittest_params;
1264 ut_params->ipsec_xform.spi = INBOUND_SPI;
1265 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1266 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1267 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1268 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1270 for (i = 0; i < num_cfg && rc == 0; i++) {
1271 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1272 rc = test_ipsec_crypto_inb_burst_null_null(i);
1279 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1286 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1287 ut_params->pkt_index = j;
1289 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1290 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1291 /* compare the buffer data */
1292 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1293 ut_params->obuf[j]->pkt_len,
1294 "test and output data does not match\n");
1295 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1296 ut_params->testbuf[j]->data_len,
1297 "obuf data_len is not equal to testbuf data_len");
1298 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1299 ut_params->testbuf[j]->pkt_len,
1300 "obuf pkt_len is not equal to testbuf pkt_len");
1307 test_ipsec_crypto_outb_burst_null_null(int i)
1309 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1310 struct ipsec_unitest_params *ut_params = &unittest_params;
1311 uint16_t num_pkts = test_cfg[i].num_pkts;
1315 /* create rte_ipsec_sa*/
1316 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1317 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1319 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1323 /* Generate input mbuf data */
1324 for (j = 0; j < num_pkts && rc == 0; j++) {
1325 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1326 null_plain_data, test_cfg[i].pkt_sz, 0);
1327 if (ut_params->ibuf[j] == NULL)
1330 /* Generate test mbuf data */
1331 /* packet with sequence number 0 is invalid */
1332 ut_params->testbuf[j] = setup_test_string_tunneled(
1333 ts_params->mbuf_pool,
1334 null_plain_data, test_cfg[i].pkt_sz,
1335 OUTBOUND_SPI, j + 1);
1336 if (ut_params->testbuf[j] == NULL)
1342 rc = test_ipsec_crypto_op_alloc(num_pkts);
1345 /* call ipsec library api */
1346 rc = crypto_ipsec(num_pkts);
1348 rc = crypto_outb_burst_null_null_check(ut_params,
1351 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1355 if (rc == TEST_FAILED)
1356 test_ipsec_dump_buffers(ut_params, i);
1363 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1367 struct ipsec_unitest_params *ut_params = &unittest_params;
1369 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1370 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1371 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1372 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1373 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1375 for (i = 0; i < num_cfg && rc == 0; i++) {
1376 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1377 rc = test_ipsec_crypto_outb_burst_null_null(i);
1384 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1391 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1392 ut_params->pkt_index = j;
1394 /* compare the buffer data */
1395 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1396 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1398 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1399 ut_params->ibuf[j]->data_len,
1400 "input and output data does not match\n");
1401 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1402 ut_params->obuf[j]->data_len,
1403 "ibuf data_len is not equal to obuf data_len");
1404 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1405 ut_params->obuf[j]->pkt_len,
1406 "ibuf pkt_len is not equal to obuf pkt_len");
1407 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1409 "data_len is not equal input data");
1415 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1417 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1418 struct ipsec_unitest_params *ut_params = &unittest_params;
1419 uint16_t num_pkts = test_cfg[i].num_pkts;
1424 /* create rte_ipsec_sa*/
1425 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1426 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1428 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1432 /* Generate inbound mbuf data */
1433 for (j = 0; j < num_pkts && rc == 0; j++) {
1434 ut_params->ibuf[j] = setup_test_string_tunneled(
1435 ts_params->mbuf_pool,
1436 null_plain_data, test_cfg[i].pkt_sz,
1437 INBOUND_SPI, j + 1);
1438 if (ut_params->ibuf[j] == NULL)
1441 /* Generate test mbuf data */
1442 ut_params->obuf[j] = setup_test_string(
1443 ts_params->mbuf_pool,
1444 null_plain_data, test_cfg[i].pkt_sz, 0);
1445 if (ut_params->obuf[j] == NULL)
1451 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1454 rc = inline_inb_burst_null_null_check(ut_params, i,
1458 "rte_ipsec_pkt_process failed, cfg %d\n",
1464 if (rc == TEST_FAILED)
1465 test_ipsec_dump_buffers(ut_params, i);
1472 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1476 struct ipsec_unitest_params *ut_params = &unittest_params;
1478 ut_params->ipsec_xform.spi = INBOUND_SPI;
1479 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1480 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1481 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1482 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1484 for (i = 0; i < num_cfg && rc == 0; i++) {
1485 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1486 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1493 test_ipsec_inline_proto_inb_burst_null_null(int i)
1495 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1496 struct ipsec_unitest_params *ut_params = &unittest_params;
1497 uint16_t num_pkts = test_cfg[i].num_pkts;
1502 /* create rte_ipsec_sa*/
1503 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1504 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1506 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1510 /* Generate inbound mbuf data */
1511 for (j = 0; j < num_pkts && rc == 0; j++) {
1512 ut_params->ibuf[j] = setup_test_string(
1513 ts_params->mbuf_pool,
1514 null_plain_data, test_cfg[i].pkt_sz, 0);
1515 if (ut_params->ibuf[j] == NULL)
1518 /* Generate test mbuf data */
1519 ut_params->obuf[j] = setup_test_string(
1520 ts_params->mbuf_pool,
1521 null_plain_data, test_cfg[i].pkt_sz, 0);
1522 if (ut_params->obuf[j] == NULL)
1528 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1531 rc = inline_inb_burst_null_null_check(ut_params, i,
1535 "rte_ipsec_pkt_process failed, cfg %d\n",
1541 if (rc == TEST_FAILED)
1542 test_ipsec_dump_buffers(ut_params, i);
1549 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1553 struct ipsec_unitest_params *ut_params = &unittest_params;
1555 ut_params->ipsec_xform.spi = INBOUND_SPI;
1556 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1557 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1558 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1559 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1561 for (i = 0; i < num_cfg && rc == 0; i++) {
1562 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1563 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1570 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1577 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1578 ut_params->pkt_index = j;
1580 /* compare the buffer data */
1581 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1582 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1583 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1584 ut_params->ibuf[j]->data_len,
1585 "input and output data does not match\n");
1586 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1587 ut_params->obuf[j]->data_len,
1588 "ibuf data_len is not equal to obuf data_len");
1589 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1590 ut_params->obuf[j]->pkt_len,
1591 "ibuf pkt_len is not equal to obuf pkt_len");
1593 /* check mbuf ol_flags */
1594 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1595 "ibuf PKT_TX_SEC_OFFLOAD is not set");
1601 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1603 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1604 struct ipsec_unitest_params *ut_params = &unittest_params;
1605 uint16_t num_pkts = test_cfg[i].num_pkts;
1610 /* create rte_ipsec_sa */
1611 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1612 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1614 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1618 /* Generate test mbuf data */
1619 for (j = 0; j < num_pkts && rc == 0; j++) {
1620 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1621 null_plain_data, test_cfg[i].pkt_sz, 0);
1622 if (ut_params->ibuf[0] == NULL)
1626 /* Generate test tunneled mbuf data for comparison */
1627 ut_params->obuf[j] = setup_test_string_tunneled(
1628 ts_params->mbuf_pool,
1629 null_plain_data, test_cfg[i].pkt_sz,
1630 OUTBOUND_SPI, j + 1);
1631 if (ut_params->obuf[j] == NULL)
1637 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1640 rc = inline_outb_burst_null_null_check(ut_params,
1644 "rte_ipsec_pkt_process failed, cfg %d\n",
1650 if (rc == TEST_FAILED)
1651 test_ipsec_dump_buffers(ut_params, i);
1658 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1662 struct ipsec_unitest_params *ut_params = &unittest_params;
1664 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1665 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1666 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1667 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1668 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1670 for (i = 0; i < num_cfg && rc == 0; i++) {
1671 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1672 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1679 test_ipsec_inline_proto_outb_burst_null_null(int i)
1681 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1682 struct ipsec_unitest_params *ut_params = &unittest_params;
1683 uint16_t num_pkts = test_cfg[i].num_pkts;
1688 /* create rte_ipsec_sa */
1689 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1690 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1692 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1696 /* Generate test mbuf data */
1697 for (j = 0; j < num_pkts && rc == 0; j++) {
1698 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1699 null_plain_data, test_cfg[i].pkt_sz, 0);
1700 if (ut_params->ibuf[0] == NULL)
1704 /* Generate test tunneled mbuf data for comparison */
1705 ut_params->obuf[j] = setup_test_string(
1706 ts_params->mbuf_pool,
1707 null_plain_data, test_cfg[i].pkt_sz, 0);
1708 if (ut_params->obuf[j] == NULL)
1714 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1717 rc = inline_outb_burst_null_null_check(ut_params,
1721 "rte_ipsec_pkt_process failed, cfg %d\n",
1727 if (rc == TEST_FAILED)
1728 test_ipsec_dump_buffers(ut_params, i);
1735 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1739 struct ipsec_unitest_params *ut_params = &unittest_params;
1741 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1742 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1743 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1744 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1745 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1747 for (i = 0; i < num_cfg && rc == 0; i++) {
1748 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1749 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1756 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1758 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1759 struct ipsec_unitest_params *ut_params = &unittest_params;
1760 uint16_t num_pkts = test_cfg[i].num_pkts;
1764 /* create rte_ipsec_sa */
1765 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1766 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1768 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1772 /* Generate test mbuf data */
1773 for (j = 0; j < num_pkts && rc == 0; j++) {
1774 /* packet with sequence number 0 is invalid */
1775 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1776 null_encrypted_data, test_cfg[i].pkt_sz, 0);
1777 if (ut_params->ibuf[j] == NULL)
1782 if (test_cfg[i].reorder_pkts)
1783 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1784 rc = test_ipsec_crypto_op_alloc(num_pkts);
1788 /* call ipsec library api */
1789 rc = lksd_proto_ipsec(num_pkts);
1791 rc = crypto_inb_burst_null_null_check(ut_params, i,
1794 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1800 if (rc == TEST_FAILED)
1801 test_ipsec_dump_buffers(ut_params, i);
1808 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1812 struct ipsec_unitest_params *ut_params = &unittest_params;
1814 ut_params->ipsec_xform.spi = INBOUND_SPI;
1815 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1816 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1817 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1818 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1820 for (i = 0; i < num_cfg && rc == 0; i++) {
1821 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1822 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1829 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1833 struct ipsec_unitest_params *ut_params = &unittest_params;
1835 ut_params->ipsec_xform.spi = INBOUND_SPI;
1836 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1837 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1838 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1839 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1841 for (i = 0; i < num_cfg && rc == 0; i++) {
1842 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1843 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1850 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1855 for (j = 0; j < num_pkts; j++) {
1856 /* compare the buffer data */
1857 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1858 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1860 "input and output data does not match\n");
1862 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1863 ut_params->obuf[j]->pkt_len,
1864 "data_len is not equal to pkt_len");
1871 test_ipsec_replay_inb_inside_null_null(int i)
1873 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1874 struct ipsec_unitest_params *ut_params = &unittest_params;
1877 /* create rte_ipsec_sa*/
1878 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1879 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1881 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1885 /* Generate inbound mbuf data */
1886 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1887 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1888 if (ut_params->ibuf[0] == NULL)
1891 rc = test_ipsec_crypto_op_alloc(1);
1894 /* call ipsec library api */
1895 rc = crypto_ipsec(1);
1897 rc = replay_inb_null_null_check(ut_params, i, 1);
1899 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1905 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1906 /* generate packet with seq number inside the replay window */
1907 if (ut_params->ibuf[0]) {
1908 rte_pktmbuf_free(ut_params->ibuf[0]);
1909 ut_params->ibuf[0] = 0;
1912 ut_params->ibuf[0] = setup_test_string_tunneled(
1913 ts_params->mbuf_pool, null_encrypted_data,
1914 test_cfg[i].pkt_sz, INBOUND_SPI,
1915 test_cfg[i].replay_win_sz);
1916 if (ut_params->ibuf[0] == NULL)
1919 rc = test_ipsec_crypto_op_alloc(1);
1922 /* call ipsec library api */
1923 rc = crypto_ipsec(1);
1925 rc = replay_inb_null_null_check(
1928 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1934 if (rc == TEST_FAILED)
1935 test_ipsec_dump_buffers(ut_params, i);
1943 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1947 struct ipsec_unitest_params *ut_params = &unittest_params;
1949 ut_params->ipsec_xform.spi = INBOUND_SPI;
1950 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1951 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1952 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1953 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1955 for (i = 0; i < num_cfg && rc == 0; i++) {
1956 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1957 rc = test_ipsec_replay_inb_inside_null_null(i);
1964 test_ipsec_replay_inb_outside_null_null(int i)
1966 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1967 struct ipsec_unitest_params *ut_params = &unittest_params;
1970 /* create rte_ipsec_sa */
1971 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1972 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1974 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1978 /* Generate test mbuf data */
1979 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1980 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
1981 test_cfg[i].replay_win_sz + 2);
1982 if (ut_params->ibuf[0] == NULL)
1985 rc = test_ipsec_crypto_op_alloc(1);
1988 /* call ipsec library api */
1989 rc = crypto_ipsec(1);
1991 rc = replay_inb_null_null_check(ut_params, i, 1);
1993 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1999 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2000 /* generate packet with seq number outside the replay window */
2001 if (ut_params->ibuf[0]) {
2002 rte_pktmbuf_free(ut_params->ibuf[0]);
2003 ut_params->ibuf[0] = 0;
2005 ut_params->ibuf[0] = setup_test_string_tunneled(
2006 ts_params->mbuf_pool, null_encrypted_data,
2007 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2008 if (ut_params->ibuf[0] == NULL)
2011 rc = test_ipsec_crypto_op_alloc(1);
2014 /* call ipsec library api */
2015 rc = crypto_ipsec(1);
2017 if (test_cfg[i].esn == 0) {
2019 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2021 test_cfg[i].replay_win_sz + 2,
2027 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2028 i, test_cfg[i].replay_win_sz + 2, 1);
2034 if (rc == TEST_FAILED)
2035 test_ipsec_dump_buffers(ut_params, i);
2043 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2047 struct ipsec_unitest_params *ut_params = &unittest_params;
2049 ut_params->ipsec_xform.spi = INBOUND_SPI;
2050 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2051 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2052 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2053 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2055 for (i = 0; i < num_cfg && rc == 0; i++) {
2056 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2057 rc = test_ipsec_replay_inb_outside_null_null(i);
2064 test_ipsec_replay_inb_repeat_null_null(int i)
2066 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2067 struct ipsec_unitest_params *ut_params = &unittest_params;
2070 /* create rte_ipsec_sa */
2071 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2072 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2074 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2078 /* Generate test mbuf data */
2079 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2080 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2081 if (ut_params->ibuf[0] == NULL)
2084 rc = test_ipsec_crypto_op_alloc(1);
2087 /* call ipsec library api */
2088 rc = crypto_ipsec(1);
2090 rc = replay_inb_null_null_check(ut_params, i, 1);
2092 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2098 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2100 * generate packet with repeat seq number in the replay
2103 if (ut_params->ibuf[0]) {
2104 rte_pktmbuf_free(ut_params->ibuf[0]);
2105 ut_params->ibuf[0] = 0;
2108 ut_params->ibuf[0] = setup_test_string_tunneled(
2109 ts_params->mbuf_pool, null_encrypted_data,
2110 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2111 if (ut_params->ibuf[0] == NULL)
2114 rc = test_ipsec_crypto_op_alloc(1);
2117 /* call ipsec library api */
2118 rc = crypto_ipsec(1);
2121 "packet is not repeated in the replay window, cfg %d seq %u\n",
2126 "packet is repeated in the replay window, cfg %d seq %u\n",
2133 if (rc == TEST_FAILED)
2134 test_ipsec_dump_buffers(ut_params, i);
2142 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2146 struct ipsec_unitest_params *ut_params = &unittest_params;
2148 ut_params->ipsec_xform.spi = INBOUND_SPI;
2149 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2150 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2151 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2152 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2154 for (i = 0; i < num_cfg && rc == 0; i++) {
2155 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2156 rc = test_ipsec_replay_inb_repeat_null_null(i);
2163 test_ipsec_replay_inb_inside_burst_null_null(int i)
2165 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2166 struct ipsec_unitest_params *ut_params = &unittest_params;
2167 uint16_t num_pkts = test_cfg[i].num_pkts;
2171 /* create rte_ipsec_sa*/
2172 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2173 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2175 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2179 /* Generate inbound mbuf data */
2180 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2181 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2182 if (ut_params->ibuf[0] == NULL)
2185 rc = test_ipsec_crypto_op_alloc(1);
2188 /* call ipsec library api */
2189 rc = crypto_ipsec(1);
2191 rc = replay_inb_null_null_check(ut_params, i, 1);
2193 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2199 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2201 * generate packet(s) with seq number(s) inside the
2204 if (ut_params->ibuf[0]) {
2205 rte_pktmbuf_free(ut_params->ibuf[0]);
2206 ut_params->ibuf[0] = 0;
2209 for (j = 0; j < num_pkts && rc == 0; j++) {
2210 /* packet with sequence number 1 already processed */
2211 ut_params->ibuf[j] = setup_test_string_tunneled(
2212 ts_params->mbuf_pool, null_encrypted_data,
2213 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2214 if (ut_params->ibuf[j] == NULL)
2219 if (test_cfg[i].reorder_pkts)
2220 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2221 rc = test_ipsec_crypto_op_alloc(num_pkts);
2225 /* call ipsec library api */
2226 rc = crypto_ipsec(num_pkts);
2228 rc = replay_inb_null_null_check(
2229 ut_params, i, num_pkts);
2231 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2237 if (rc == TEST_FAILED)
2238 test_ipsec_dump_buffers(ut_params, i);
2246 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2250 struct ipsec_unitest_params *ut_params = &unittest_params;
2252 ut_params->ipsec_xform.spi = INBOUND_SPI;
2253 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2254 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2255 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2256 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2258 for (i = 0; i < num_cfg && rc == 0; i++) {
2259 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2260 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2268 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2273 for (j = 0; j < BURST_SIZE; j++) {
2274 ut_params->pkt_index = j;
2276 /* compare the data buffers */
2277 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2278 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2280 "input and output data does not match\n");
2281 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2282 ut_params->obuf[j]->pkt_len,
2283 "data_len is not equal to pkt_len");
2284 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2286 "data_len is not equal to input data");
2293 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2295 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2296 struct ipsec_unitest_params *ut_params = &unittest_params;
2297 uint16_t num_pkts = test_cfg[i].num_pkts;
2301 if (num_pkts != BURST_SIZE)
2304 /* create rte_ipsec_sa */
2305 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2306 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2308 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2312 /* create second rte_ipsec_sa */
2313 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2314 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2315 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2317 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2322 /* Generate test mbuf data */
2323 for (j = 0; j < num_pkts && rc == 0; j++) {
2325 /* packet with sequence number 0 is invalid */
2326 ut_params->ibuf[j] = setup_test_string_tunneled(
2327 ts_params->mbuf_pool, null_encrypted_data,
2328 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2329 if (ut_params->ibuf[j] == NULL)
2334 rc = test_ipsec_crypto_op_alloc(num_pkts);
2337 /* call ipsec library api */
2338 rc = crypto_ipsec_2sa();
2340 rc = crypto_inb_burst_2sa_null_null_check(
2343 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2349 if (rc == TEST_FAILED)
2350 test_ipsec_dump_buffers(ut_params, i);
2358 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2362 struct ipsec_unitest_params *ut_params = &unittest_params;
2364 ut_params->ipsec_xform.spi = INBOUND_SPI;
2365 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2366 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2367 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2368 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2370 for (i = 0; i < num_cfg && rc == 0; i++) {
2371 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2372 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2379 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2381 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2382 struct ipsec_unitest_params *ut_params = &unittest_params;
2383 uint16_t num_pkts = test_cfg[i].num_pkts;
2387 if (num_pkts != BURST_SIZE)
2390 /* create rte_ipsec_sa */
2391 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2392 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2394 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2398 /* create second rte_ipsec_sa */
2399 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2400 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2401 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2403 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2408 /* Generate test mbuf data */
2409 for (j = 0; j < num_pkts && rc == 0; j++) {
2410 k = crypto_ipsec_4grp(j);
2412 /* packet with sequence number 0 is invalid */
2413 ut_params->ibuf[j] = setup_test_string_tunneled(
2414 ts_params->mbuf_pool, null_encrypted_data,
2415 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2416 if (ut_params->ibuf[j] == NULL)
2421 rc = test_ipsec_crypto_op_alloc(num_pkts);
2424 /* call ipsec library api */
2425 rc = crypto_ipsec_2sa_4grp();
2427 rc = crypto_inb_burst_2sa_null_null_check(
2430 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2436 if (rc == TEST_FAILED)
2437 test_ipsec_dump_buffers(ut_params, i);
2445 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2449 struct ipsec_unitest_params *ut_params = &unittest_params;
2451 ut_params->ipsec_xform.spi = INBOUND_SPI;
2452 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2453 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2454 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2455 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2457 for (i = 0; i < num_cfg && rc == 0; i++) {
2458 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2459 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2465 static struct unit_test_suite ipsec_testsuite = {
2466 .suite_name = "IPsec NULL Unit Test Suite",
2467 .setup = testsuite_setup,
2468 .teardown = testsuite_teardown,
2469 .unit_test_cases = {
2470 TEST_CASE_ST(ut_setup, ut_teardown,
2471 test_ipsec_crypto_inb_burst_null_null_wrapper),
2472 TEST_CASE_ST(ut_setup, ut_teardown,
2473 test_ipsec_crypto_outb_burst_null_null_wrapper),
2474 TEST_CASE_ST(ut_setup, ut_teardown,
2475 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2476 TEST_CASE_ST(ut_setup, ut_teardown,
2477 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2478 TEST_CASE_ST(ut_setup, ut_teardown,
2479 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2480 TEST_CASE_ST(ut_setup, ut_teardown,
2481 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2482 TEST_CASE_ST(ut_setup, ut_teardown,
2483 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2484 TEST_CASE_ST(ut_setup, ut_teardown,
2485 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2486 TEST_CASE_ST(ut_setup, ut_teardown,
2487 test_ipsec_replay_inb_inside_null_null_wrapper),
2488 TEST_CASE_ST(ut_setup, ut_teardown,
2489 test_ipsec_replay_inb_outside_null_null_wrapper),
2490 TEST_CASE_ST(ut_setup, ut_teardown,
2491 test_ipsec_replay_inb_repeat_null_null_wrapper),
2492 TEST_CASE_ST(ut_setup, ut_teardown,
2493 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2494 TEST_CASE_ST(ut_setup, ut_teardown,
2495 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2496 TEST_CASE_ST(ut_setup, ut_teardown,
2497 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2498 TEST_CASES_END() /**< NULL terminate unit test array */
2505 return unit_test_suite_runner(&ipsec_testsuite);
2508 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);