1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
9 #include <rte_common.h>
10 #include <rte_hexdump.h>
12 #include <rte_malloc.h>
13 #include <rte_memcpy.h>
14 #include <rte_cycles.h>
15 #include <rte_bus_vdev.h>
17 #include <rte_crypto.h>
18 #include <rte_cryptodev.h>
19 #include <rte_lcore.h>
21 #ifdef RTE_EXEC_ENV_WINDOWS
25 printf("ipsec not supported on Windows, skipping test\n");
31 #include <rte_ipsec.h>
32 #include <rte_random.h>
34 #include <rte_security_driver.h>
36 #include "test_cryptodev.h"
38 #define VDEV_ARGS_SIZE 100
39 #define MAX_NB_SESSIONS 200
41 #define REPLAY_WIN_0 0
42 #define REPLAY_WIN_32 32
43 #define REPLAY_WIN_64 64
44 #define REPLAY_WIN_128 128
45 #define REPLAY_WIN_256 256
46 #define DATA_64_BYTES 64
47 #define DATA_80_BYTES 80
48 #define DATA_100_BYTES 100
50 #define ESN_DISABLED 0
52 #define OUTBOUND_SPI 17
54 #define REORDER_PKTS 1
55 #define DEQUEUE_COUNT 1000
58 enum rte_crypto_sym_xform_type auth;
59 enum rte_crypto_sym_xform_type cipher;
60 enum rte_crypto_sym_xform_type aead;
63 char cipher_algo[128];
67 struct ipsec_testsuite_params {
68 struct rte_mempool *mbuf_pool;
69 struct rte_mempool *cop_mpool;
70 struct rte_cryptodev_config conf;
71 struct rte_cryptodev_qp_conf qp_conf;
74 uint8_t valid_dev_found;
77 struct ipsec_unitest_params {
78 struct rte_crypto_sym_xform cipher_xform;
79 struct rte_crypto_sym_xform auth_xform;
80 struct rte_crypto_sym_xform aead_xform;
81 struct rte_crypto_sym_xform *crypto_xforms;
83 struct rte_security_ipsec_xform ipsec_xform;
85 struct rte_ipsec_sa_prm sa_prm;
86 struct rte_ipsec_session ss[MAX_NB_SAS];
88 struct rte_crypto_op *cop[BURST_SIZE];
90 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
96 struct ipsec_test_cfg {
97 uint32_t replay_win_sz;
102 uint32_t reorder_pkts;
105 static const struct ipsec_test_cfg test_cfg[] = {
106 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
107 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, BURST_SIZE, 0},
108 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
110 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
111 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
113 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
114 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
115 DATA_80_BYTES, 1, 0},
116 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
119 static const int num_cfg = RTE_DIM(test_cfg);
120 static struct ipsec_testsuite_params testsuite_params = { NULL };
121 static struct ipsec_unitest_params unittest_params;
122 static struct user_params uparams;
124 struct supported_cipher_algo {
126 enum rte_crypto_cipher_algorithm algo;
132 struct supported_auth_algo {
134 enum rte_crypto_auth_algorithm algo;
140 const struct supported_cipher_algo cipher_algos[] = {
143 .algo = RTE_CRYPTO_CIPHER_NULL,
150 const struct supported_auth_algo auth_algos[] = {
153 .algo = RTE_CRYPTO_AUTH_NULL,
161 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
162 struct rte_security_session *sess, struct rte_mempool *mp)
164 RTE_SET_USED(device);
168 sess->sess_private_data = NULL;
173 dummy_sec_destroy(void *device, struct rte_security_session *sess)
175 RTE_SET_USED(device);
180 static const struct rte_security_ops dummy_sec_ops = {
181 .session_create = dummy_sec_create,
182 .session_destroy = dummy_sec_destroy,
185 static struct rte_security_ctx dummy_sec_ctx = {
186 .ops = &dummy_sec_ops,
189 static const struct supported_cipher_algo *
190 find_match_cipher_algo(const char *cipher_keyword)
194 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
195 const struct supported_cipher_algo *algo =
198 if (strcmp(cipher_keyword, algo->keyword) == 0)
205 static const struct supported_auth_algo *
206 find_match_auth_algo(const char *auth_keyword)
210 for (i = 0; i < RTE_DIM(auth_algos); i++) {
211 const struct supported_auth_algo *algo =
214 if (strcmp(auth_keyword, algo->keyword) == 0)
222 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
223 const struct supported_auth_algo *auth_algo,
224 const struct supported_cipher_algo *cipher_algo)
226 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
227 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
228 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
229 ut_params->auth_xform.auth.algo = auth_algo->algo;
231 if (ut_params->ipsec_xform.direction ==
232 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
233 ut_params->cipher_xform.cipher.op =
234 RTE_CRYPTO_CIPHER_OP_DECRYPT;
235 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
236 ut_params->cipher_xform.next = NULL;
237 ut_params->auth_xform.next = &ut_params->cipher_xform;
238 ut_params->crypto_xforms = &ut_params->auth_xform;
240 ut_params->cipher_xform.cipher.op =
241 RTE_CRYPTO_CIPHER_OP_ENCRYPT;
242 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
243 ut_params->auth_xform.next = NULL;
244 ut_params->cipher_xform.next = &ut_params->auth_xform;
245 ut_params->crypto_xforms = &ut_params->cipher_xform;
250 check_cryptodev_capability(const struct ipsec_unitest_params *ut,
253 struct rte_cryptodev_sym_capability_idx cap_idx;
254 const struct rte_cryptodev_symmetric_capability *cap;
257 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
258 cap_idx.algo.auth = ut->auth_xform.auth.algo;
259 cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
262 rc = rte_cryptodev_sym_capability_check_auth(cap,
263 ut->auth_xform.auth.key.length,
264 ut->auth_xform.auth.digest_length, 0);
266 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
267 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
268 cap = rte_cryptodev_sym_capability_get(
271 rc = rte_cryptodev_sym_capability_check_cipher(
273 ut->cipher_xform.cipher.key.length,
274 ut->cipher_xform.cipher.iv.length);
282 testsuite_setup(void)
284 struct ipsec_testsuite_params *ts_params = &testsuite_params;
285 struct ipsec_unitest_params *ut_params = &unittest_params;
286 const struct supported_auth_algo *auth_algo;
287 const struct supported_cipher_algo *cipher_algo;
288 struct rte_cryptodev_info info;
289 uint32_t i, nb_devs, dev_id;
293 memset(ts_params, 0, sizeof(*ts_params));
294 memset(ut_params, 0, sizeof(*ut_params));
295 memset(&uparams, 0, sizeof(struct user_params));
297 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
298 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
299 uparams.aead = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED;
300 strcpy(uparams.auth_algo, "null");
301 strcpy(uparams.cipher_algo, "null");
303 auth_algo = find_match_auth_algo(uparams.auth_algo);
304 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
305 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
307 nb_devs = rte_cryptodev_count();
309 RTE_LOG(WARNING, USER1, "No crypto devices found?\n");
313 /* Find first valid crypto device */
314 for (i = 0; i < nb_devs; i++) {
315 rc = check_cryptodev_capability(ut_params, i);
317 ts_params->valid_dev = i;
318 ts_params->valid_dev_found = 1;
323 if (ts_params->valid_dev_found == 0)
326 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
328 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
330 if (ts_params->mbuf_pool == NULL) {
331 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
335 ts_params->cop_mpool = rte_crypto_op_pool_create(
336 "MBUF_CRYPTO_SYM_OP_POOL",
337 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
338 NUM_MBUFS, MBUF_CACHE_SIZE,
340 sizeof(struct rte_crypto_sym_xform) +
343 if (ts_params->cop_mpool == NULL) {
344 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
348 /* Set up all the qps on the first of the valid devices found */
349 dev_id = ts_params->valid_dev;
351 rte_cryptodev_info_get(dev_id, &info);
353 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
354 ts_params->conf.socket_id = SOCKET_ID_ANY;
355 ts_params->conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
357 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
358 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
361 * Create mempools for sessions
363 if (info.sym.max_nb_sessions != 0 &&
364 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
365 RTE_LOG(ERR, USER1, "Device does not support "
366 "at least %u sessions\n",
371 ts_params->qp_conf.mp_session_private = rte_mempool_create(
375 0, 0, NULL, NULL, NULL,
379 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
380 "private session mempool allocation failed");
382 ts_params->qp_conf.mp_session =
383 rte_cryptodev_sym_session_pool_create("test_sess_mp",
384 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
386 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
387 "session mempool allocation failed");
389 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
391 "Failed to configure cryptodev %u with %u qps",
392 dev_id, ts_params->conf.nb_queue_pairs);
394 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
396 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
397 dev_id, 0, &ts_params->qp_conf,
398 rte_cryptodev_socket_id(dev_id)),
399 "Failed to setup queue pair %u on cryptodev %u",
406 testsuite_teardown(void)
408 struct ipsec_testsuite_params *ts_params = &testsuite_params;
410 if (ts_params->mbuf_pool != NULL) {
411 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
412 rte_mempool_avail_count(ts_params->mbuf_pool));
413 rte_mempool_free(ts_params->mbuf_pool);
414 ts_params->mbuf_pool = NULL;
417 if (ts_params->cop_mpool != NULL) {
418 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
419 rte_mempool_avail_count(ts_params->cop_mpool));
420 rte_mempool_free(ts_params->cop_mpool);
421 ts_params->cop_mpool = NULL;
424 /* Free session mempools */
425 if (ts_params->qp_conf.mp_session != NULL) {
426 rte_mempool_free(ts_params->qp_conf.mp_session);
427 ts_params->qp_conf.mp_session = NULL;
430 if (ts_params->qp_conf.mp_session_private != NULL) {
431 rte_mempool_free(ts_params->qp_conf.mp_session_private);
432 ts_params->qp_conf.mp_session_private = NULL;
439 struct ipsec_testsuite_params *ts_params = &testsuite_params;
440 struct ipsec_unitest_params *ut_params = &unittest_params;
442 /* Clear unit test parameters before running test */
443 memset(ut_params, 0, sizeof(*ut_params));
445 /* Reconfigure device to default parameters */
446 ts_params->conf.socket_id = SOCKET_ID_ANY;
448 /* Start the device */
449 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
450 "Failed to start cryptodev %u",
451 ts_params->valid_dev);
457 ut_teardown_ipsec(void)
459 struct ipsec_testsuite_params *ts_params = &testsuite_params;
460 struct ipsec_unitest_params *ut_params = &unittest_params;
463 for (i = 0; i < BURST_SIZE; i++) {
464 /* free crypto operation structure */
465 if (ut_params->cop[i]) {
466 rte_crypto_op_free(ut_params->cop[i]);
467 ut_params->cop[i] = NULL;
471 * free mbuf - both obuf and ibuf are usually the same,
472 * so check if they point at the same address is necessary,
473 * to avoid freeing the mbuf twice.
475 if (ut_params->obuf[i]) {
476 rte_pktmbuf_free(ut_params->obuf[i]);
477 if (ut_params->ibuf[i] == ut_params->obuf[i])
478 ut_params->ibuf[i] = NULL;
479 ut_params->obuf[i] = NULL;
481 if (ut_params->ibuf[i]) {
482 rte_pktmbuf_free(ut_params->ibuf[i]);
483 ut_params->ibuf[i] = NULL;
486 if (ut_params->testbuf[i]) {
487 rte_pktmbuf_free(ut_params->testbuf[i]);
488 ut_params->testbuf[i] = NULL;
492 if (ts_params->mbuf_pool != NULL)
493 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
494 rte_mempool_avail_count(ts_params->mbuf_pool));
496 /* Stop the device */
497 rte_cryptodev_stop(ts_params->valid_dev);
500 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
502 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
503 1, 2, 3, 4, 5, 6, 7, 8,
504 9, 10, 11, 12, 13, 14, 15, 16,
505 17, 18, 19, 20, 21, 22, 23, 24,
506 25, 26, 27, 28, 29, 30, 31, 32,
507 33, 34, 35, 36, 37, 38, 39, 40,
508 41, 42, 43, 44, 45, 46, 47, 48,
509 49, 50, 51, 52, 53, 54, 55, 56,
510 57, 58, 59, 60, 61, 62, 63, 64,
511 65, 66, 67, 68, 69, 70, 71, 72,
512 73, 74, 75, 76, 77, 78, 79, 80,
513 81, 82, 83, 84, 85, 86, 87, 88,
514 89, 90, 91, 92, 93, 94, 95, 96,
515 97, 98, 99, 100, 101, 102, 103, 104,
516 105, 106, 107, 108, 109, 110, 111, 112,
517 113, 114, 115, 116, 117, 118, 119, 120,
518 121, 122, 123, 124, 125, 126, 127, 128,
519 129, 130, 131, 132, 133, 134, 135, 136,
520 137, 138, 139, 140, 141, 142, 143, 144,
521 145, 146, 147, 148, 149, 150, 151, 152,
522 153, 154, 155, 156, 157, 158, 159, 160,
523 161, 162, 163, 164, 165, 166, 167, 168,
524 169, 170, 171, 172, 173, 174, 175, 176,
525 177, 178, 179, 180, 181, 182, 183, 184,
526 185, 186, 187, 188, 189, 190, 191, 192,
527 193, 194, 195, 196, 197, 198, 199, 200,
528 201, 202, 203, 204, 205, 206, 207, 208,
529 209, 210, 211, 212, 213, 214, 215, 216,
530 217, 218, 219, 220, 221, 222, 223, 224,
531 225, 226, 227, 228, 229, 230, 231, 232,
532 233, 234, 235, 236, 237, 238, 239, 240,
533 241, 242, 243, 244, 245, 246, 247, 248,
534 249, 250, 251, 252, 253, 254, 255,
537 /* ***** data for tests ***** */
539 const char null_plain_data[] =
540 "Network Security People Have A Strange Sense Of Humor unlike Other "
541 "People who have a normal sense of humour";
543 const char null_encrypted_data[] =
544 "Network Security People Have A Strange Sense Of Humor unlike Other "
545 "People who have a normal sense of humour";
547 struct rte_ipv4_hdr ipv4_outer = {
548 .version_ihl = IPVERSION << 4 |
549 sizeof(ipv4_outer) / RTE_IPV4_IHL_MULTIPLIER,
550 .time_to_live = IPDEFTTL,
551 .next_proto_id = IPPROTO_ESP,
552 .src_addr = RTE_IPV4(192, 168, 1, 100),
553 .dst_addr = RTE_IPV4(192, 168, 2, 100),
556 static struct rte_mbuf *
557 setup_test_string(struct rte_mempool *mpool, const char *string,
558 size_t string_len, size_t len, uint8_t blocksize)
560 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
561 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
563 RTE_VERIFY(len <= string_len);
566 memset(m->buf_addr, 0, m->buf_len);
567 char *dst = rte_pktmbuf_append(m, t_len);
574 rte_memcpy(dst, string, t_len);
576 memset(dst, 0, t_len);
582 static struct rte_mbuf *
583 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
584 size_t len, uint32_t spi, uint32_t seq)
586 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
587 uint32_t hdrlen = sizeof(struct rte_ipv4_hdr) +
588 sizeof(struct rte_esp_hdr);
589 uint32_t taillen = sizeof(struct rte_esp_tail);
590 uint32_t t_len = len + hdrlen + taillen;
593 struct rte_esp_hdr esph = {
594 .spi = rte_cpu_to_be_32(spi),
595 .seq = rte_cpu_to_be_32(seq)
598 padlen = RTE_ALIGN(t_len, 4) - t_len;
601 struct rte_esp_tail espt = {
603 .next_proto = IPPROTO_IPIP,
609 memset(m->buf_addr, 0, m->buf_len);
610 char *dst = rte_pktmbuf_append(m, t_len);
616 /* copy outer IP and ESP header */
617 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
618 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
619 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
620 dst += sizeof(ipv4_outer);
621 m->l3_len = sizeof(ipv4_outer);
622 rte_memcpy(dst, &esph, sizeof(esph));
625 if (string != NULL) {
627 rte_memcpy(dst, string, len);
630 rte_memcpy(dst, esp_pad_bytes, padlen);
632 /* copy ESP tail header */
633 rte_memcpy(dst, &espt, sizeof(espt));
635 memset(dst, 0, t_len);
641 create_dummy_sec_session(struct ipsec_unitest_params *ut,
642 struct rte_cryptodev_qp_conf *qp, uint32_t j)
644 static struct rte_security_session_conf conf;
646 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
647 &conf, qp->mp_session,
648 qp->mp_session_private);
650 if (ut->ss[j].security.ses == NULL)
653 ut->ss[j].security.ctx = &dummy_sec_ctx;
654 ut->ss[j].security.ol_flags = 0;
659 create_crypto_session(struct ipsec_unitest_params *ut,
660 struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
663 struct rte_cryptodev_sym_session *s;
665 s = rte_cryptodev_sym_session_create(qp->mp_session);
669 /* initialize SA crypto session for device */
670 rc = rte_cryptodev_sym_session_init(dev_id, s,
671 ut->crypto_xforms, qp->mp_session_private);
673 ut->ss[j].crypto.ses = s;
676 /* failure, do cleanup */
677 rte_cryptodev_sym_session_clear(dev_id, s);
678 rte_cryptodev_sym_session_free(s);
684 create_session(struct ipsec_unitest_params *ut,
685 struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
687 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
688 return create_crypto_session(ut, qp, crypto_dev, j);
690 return create_dummy_sec_session(ut, qp, j);
694 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
696 struct ipsec_unitest_params *ut_params = &unittest_params;
697 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
698 const struct supported_auth_algo *auth_algo;
699 const struct supported_cipher_algo *cipher_algo;
701 memset(prm, 0, sizeof(*prm));
706 /* setup ipsec xform */
707 prm->ipsec_xform = ut_params->ipsec_xform;
708 prm->ipsec_xform.salt = (uint32_t)rte_rand();
709 prm->ipsec_xform.replay_win_sz = replay_win_sz;
711 /* setup tunnel related fields */
712 prm->tun.hdr_len = sizeof(ipv4_outer);
713 prm->tun.next_proto = IPPROTO_IPIP;
714 prm->tun.hdr = &ipv4_outer;
716 /* setup crypto section */
717 if (uparams.aead != 0) {
718 /* TODO: will need to fill out with other test cases */
720 if (uparams.auth == 0 && uparams.cipher == 0)
723 auth_algo = find_match_auth_algo(uparams.auth_algo);
724 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
726 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
729 prm->crypto_xform = ut_params->crypto_xforms;
734 create_sa(enum rte_security_session_action_type action_type,
735 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
737 struct ipsec_testsuite_params *ts = &testsuite_params;
738 struct ipsec_unitest_params *ut = &unittest_params;
742 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
744 rc = fill_ipsec_param(replay_win_sz, flags);
748 /* create rte_ipsec_sa*/
749 sz = rte_ipsec_sa_size(&ut->sa_prm);
750 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
752 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
753 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
754 "failed to allocate memory for rte_ipsec_sa\n");
756 ut->ss[j].type = action_type;
757 rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
761 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
762 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
764 rc = rte_ipsec_session_prepare(&ut->ss[j]);
770 crypto_dequeue_burst(uint16_t num_pkts)
772 struct ipsec_testsuite_params *ts_params = &testsuite_params;
773 struct ipsec_unitest_params *ut_params = &unittest_params;
777 for (i = 0, pkt_cnt = 0;
778 i < DEQUEUE_COUNT && pkt_cnt != num_pkts; i++) {
779 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
780 &ut_params->cop[pkt_cnt], num_pkts - pkt_cnt);
785 if (pkt_cnt != num_pkts) {
786 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
793 crypto_ipsec(uint16_t num_pkts)
795 struct ipsec_testsuite_params *ts_params = &testsuite_params;
796 struct ipsec_unitest_params *ut_params = &unittest_params;
798 struct rte_ipsec_group grp[1];
800 /* call crypto prepare */
801 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
802 ut_params->cop, num_pkts);
804 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
808 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
809 ut_params->cop, num_pkts);
811 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
815 if (crypto_dequeue_burst(num_pkts) == TEST_FAILED)
818 ng = rte_ipsec_pkt_crypto_group(
819 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
820 ut_params->obuf, grp, num_pkts);
822 grp[0].m[0] != ut_params->obuf[0] ||
823 grp[0].cnt != num_pkts ||
824 grp[0].id.ptr != &ut_params->ss[0]) {
825 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
829 /* call crypto process */
830 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
832 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
840 lksd_proto_ipsec(uint16_t num_pkts)
842 struct ipsec_unitest_params *ut_params = &unittest_params;
844 struct rte_ipsec_group grp[1];
846 /* call crypto prepare */
847 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
848 ut_params->cop, num_pkts);
850 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
854 /* check crypto ops */
855 for (i = 0; i != num_pkts; i++) {
856 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
857 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
858 "%s: invalid crypto op type for %u-th packet\n",
860 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
861 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
862 "%s: invalid crypto op status for %u-th packet\n",
864 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
865 RTE_CRYPTO_OP_SECURITY_SESSION,
866 "%s: invalid crypto op sess_type for %u-th packet\n",
868 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
870 "%s: invalid crypto op m_src for %u-th packet\n",
874 /* update crypto ops, pretend all finished ok */
875 for (i = 0; i != num_pkts; i++)
876 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
878 ng = rte_ipsec_pkt_crypto_group(
879 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
880 ut_params->obuf, grp, num_pkts);
882 grp[0].m[0] != ut_params->obuf[0] ||
883 grp[0].cnt != num_pkts ||
884 grp[0].id.ptr != &ut_params->ss[0]) {
885 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
889 /* call crypto process */
890 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
892 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
900 dump_grp_pkt(uint32_t i, struct rte_ipsec_group *grp, uint32_t k)
903 "After rte_ipsec_pkt_process grp[%d].cnt=%d k=%d fail\n",
906 "After rte_ipsec_pkt_process grp[%d].m=%p grp[%d].m[%d]=%p\n",
907 i, grp[i].m, i, k, grp[i].m[k]);
909 rte_pktmbuf_dump(stdout, grp[i].m[k], grp[i].m[k]->data_len);
913 crypto_ipsec_2sa(void)
915 struct ipsec_testsuite_params *ts_params = &testsuite_params;
916 struct ipsec_unitest_params *ut_params = &unittest_params;
917 struct rte_ipsec_group grp[BURST_SIZE];
918 uint32_t k, ng, i, r;
920 for (i = 0; i < BURST_SIZE; i++) {
922 /* call crypto prepare */
923 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
924 ut_params->ibuf + i, ut_params->cop + i, 1);
927 "rte_ipsec_pkt_crypto_prepare fail\n");
930 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
931 ut_params->cop + i, 1);
934 "rte_cryptodev_enqueue_burst fail\n");
939 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
942 ng = rte_ipsec_pkt_crypto_group(
943 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
944 ut_params->obuf, grp, BURST_SIZE);
945 if (ng != BURST_SIZE) {
946 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
951 /* call crypto process */
952 for (i = 0; i < ng; i++) {
953 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
954 if (k != grp[i].cnt) {
955 dump_grp_pkt(i, grp, k);
967 crypto_ipsec_4grp(uint32_t pkt_num)
971 /* group packets in 4 different size groups groups, 2 per SA */
974 else if (pkt_num < PKT_12)
976 else if (pkt_num < PKT_21)
985 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
987 struct ipsec_unitest_params *ut_params = &unittest_params;
992 for (i = 0, j = 0; i < PKT_4; i++, j++)
993 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
997 } else if (grp_ind == 1) {
998 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
999 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
1004 } else if (grp_ind == 2) {
1005 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
1006 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
1010 } else if (grp_ind == 3) {
1011 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
1012 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
1023 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
1028 if (grp[grp_ind].cnt != PKT_4)
1030 } else if (grp_ind == 1) {
1031 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
1033 } else if (grp_ind == 2) {
1034 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
1036 } else if (grp_ind == 3) {
1037 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1046 crypto_ipsec_2sa_4grp(void)
1048 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1049 struct ipsec_unitest_params *ut_params = &unittest_params;
1050 struct rte_ipsec_group grp[BURST_SIZE];
1051 uint32_t k, ng, i, j;
1054 for (i = 0; i < BURST_SIZE; i++) {
1055 j = crypto_ipsec_4grp(i);
1057 /* call crypto prepare */
1058 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1059 ut_params->ibuf + i, ut_params->cop + i, 1);
1062 "rte_ipsec_pkt_crypto_prepare fail\n");
1065 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1066 ut_params->cop + i, 1);
1069 "rte_cryptodev_enqueue_burst fail\n");
1074 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
1077 ng = rte_ipsec_pkt_crypto_group(
1078 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1079 ut_params->obuf, grp, BURST_SIZE);
1081 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1086 /* call crypto process */
1087 for (i = 0; i < ng; i++) {
1088 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1089 if (k != grp[i].cnt) {
1090 dump_grp_pkt(i, grp, k);
1093 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1096 "crypto_ipsec_4grp_check_cnt fail\n");
1099 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1102 "crypto_ipsec_4grp_check_mbufs fail\n");
1106 return TEST_SUCCESS;
1110 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1112 struct ipsec_unitest_params *ut_params = &unittest_params;
1113 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1116 /* reorder packets and create gaps in sequence numbers */
1117 static const uint32_t reorder[BURST_SIZE] = {
1118 24, 25, 26, 27, 28, 29, 30, 31,
1119 16, 17, 18, 19, 20, 21, 22, 23,
1120 8, 9, 10, 11, 12, 13, 14, 15,
1121 0, 1, 2, 3, 4, 5, 6, 7,
1124 if (num_pkts != BURST_SIZE)
1127 for (j = 0; j != BURST_SIZE; j++)
1128 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1130 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1134 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1136 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1137 struct ipsec_unitest_params *ut_params = &unittest_params;
1141 for (j = 0; j < num_pkts && rc == 0; j++) {
1142 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1143 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1144 if (ut_params->cop[j] == NULL) {
1146 "Failed to allocate symmetric crypto op\n");
1155 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1157 uint16_t j = ut_params->pkt_index;
1159 printf("\ntest config: num %d\n", i);
1160 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1161 printf(" esn %u\n", test_cfg[i].esn);
1162 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1163 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1164 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1166 if (ut_params->ibuf[j]) {
1167 printf("ibuf[%u] data:\n", j);
1168 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1169 ut_params->ibuf[j]->data_len);
1171 if (ut_params->obuf[j]) {
1172 printf("obuf[%u] data:\n", j);
1173 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1174 ut_params->obuf[j]->data_len);
1176 if (ut_params->testbuf[j]) {
1177 printf("testbuf[%u] data:\n", j);
1178 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1179 ut_params->testbuf[j]->data_len);
1184 destroy_dummy_sec_session(struct ipsec_unitest_params *ut,
1187 rte_security_session_destroy(&dummy_sec_ctx,
1188 ut->ss[j].security.ses);
1189 ut->ss[j].security.ctx = NULL;
1193 destroy_crypto_session(struct ipsec_unitest_params *ut,
1194 uint8_t crypto_dev, uint32_t j)
1196 rte_cryptodev_sym_session_clear(crypto_dev, ut->ss[j].crypto.ses);
1197 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1198 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1202 destroy_session(struct ipsec_unitest_params *ut,
1203 uint8_t crypto_dev, uint32_t j)
1205 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
1206 return destroy_crypto_session(ut, crypto_dev, j);
1208 return destroy_dummy_sec_session(ut, j);
1212 destroy_sa(uint32_t j)
1214 struct ipsec_unitest_params *ut = &unittest_params;
1215 struct ipsec_testsuite_params *ts = &testsuite_params;
1217 rte_ipsec_sa_fini(ut->ss[j].sa);
1218 rte_free(ut->ss[j].sa);
1220 destroy_session(ut, ts->valid_dev, j);
1224 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1229 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1230 ut_params->pkt_index = j;
1232 /* compare the data buffers */
1233 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1234 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1236 "input and output data does not match\n");
1237 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1238 ut_params->obuf[j]->pkt_len,
1239 "data_len is not equal to pkt_len");
1240 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1242 "data_len is not equal to input data");
1249 test_ipsec_crypto_inb_burst_null_null(int i)
1251 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1252 struct ipsec_unitest_params *ut_params = &unittest_params;
1253 uint16_t num_pkts = test_cfg[i].num_pkts;
1257 /* create rte_ipsec_sa */
1258 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1259 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1261 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1265 /* Generate test mbuf data */
1266 for (j = 0; j < num_pkts && rc == 0; j++) {
1267 /* packet with sequence number 0 is invalid */
1268 ut_params->ibuf[j] = setup_test_string_tunneled(
1269 ts_params->mbuf_pool, null_encrypted_data,
1270 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1271 if (ut_params->ibuf[j] == NULL)
1276 if (test_cfg[i].reorder_pkts)
1277 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1278 rc = test_ipsec_crypto_op_alloc(num_pkts);
1282 /* call ipsec library api */
1283 rc = crypto_ipsec(num_pkts);
1285 rc = crypto_inb_burst_null_null_check(
1286 ut_params, i, num_pkts);
1288 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1294 if (rc == TEST_FAILED)
1295 test_ipsec_dump_buffers(ut_params, i);
1302 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1306 struct ipsec_unitest_params *ut_params = &unittest_params;
1308 ut_params->ipsec_xform.spi = INBOUND_SPI;
1309 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1310 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1311 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1312 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1314 for (i = 0; i < num_cfg && rc == 0; i++) {
1315 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1316 rc = test_ipsec_crypto_inb_burst_null_null(i);
1323 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1330 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1331 ut_params->pkt_index = j;
1333 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1334 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1335 /* compare the buffer data */
1336 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1337 ut_params->obuf[j]->pkt_len,
1338 "test and output data does not match\n");
1339 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1340 ut_params->testbuf[j]->data_len,
1341 "obuf data_len is not equal to testbuf data_len");
1342 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1343 ut_params->testbuf[j]->pkt_len,
1344 "obuf pkt_len is not equal to testbuf pkt_len");
1351 test_ipsec_crypto_outb_burst_null_null(int i)
1353 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1354 struct ipsec_unitest_params *ut_params = &unittest_params;
1355 uint16_t num_pkts = test_cfg[i].num_pkts;
1359 /* create rte_ipsec_sa*/
1360 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1361 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1363 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1367 /* Generate input mbuf data */
1368 for (j = 0; j < num_pkts && rc == 0; j++) {
1369 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1370 null_plain_data, sizeof(null_plain_data),
1371 test_cfg[i].pkt_sz, 0);
1372 if (ut_params->ibuf[j] == NULL)
1375 /* Generate test mbuf data */
1376 /* packet with sequence number 0 is invalid */
1377 ut_params->testbuf[j] = setup_test_string_tunneled(
1378 ts_params->mbuf_pool,
1379 null_plain_data, test_cfg[i].pkt_sz,
1380 OUTBOUND_SPI, j + 1);
1381 if (ut_params->testbuf[j] == NULL)
1387 rc = test_ipsec_crypto_op_alloc(num_pkts);
1390 /* call ipsec library api */
1391 rc = crypto_ipsec(num_pkts);
1393 rc = crypto_outb_burst_null_null_check(ut_params,
1396 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1400 if (rc == TEST_FAILED)
1401 test_ipsec_dump_buffers(ut_params, i);
1408 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1412 struct ipsec_unitest_params *ut_params = &unittest_params;
1414 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1415 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1416 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1417 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1418 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1420 for (i = 0; i < num_cfg && rc == 0; i++) {
1421 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1422 rc = test_ipsec_crypto_outb_burst_null_null(i);
1429 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1436 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1437 ut_params->pkt_index = j;
1439 /* compare the buffer data */
1440 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1441 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1443 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1444 ut_params->ibuf[j]->data_len,
1445 "input and output data does not match\n");
1446 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1447 ut_params->obuf[j]->data_len,
1448 "ibuf data_len is not equal to obuf data_len");
1449 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1450 ut_params->obuf[j]->pkt_len,
1451 "ibuf pkt_len is not equal to obuf pkt_len");
1452 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1454 "data_len is not equal input data");
1460 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1462 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1463 struct ipsec_unitest_params *ut_params = &unittest_params;
1464 uint16_t num_pkts = test_cfg[i].num_pkts;
1469 /* create rte_ipsec_sa*/
1470 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1471 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1473 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1477 /* Generate inbound mbuf data */
1478 for (j = 0; j < num_pkts && rc == 0; j++) {
1479 ut_params->ibuf[j] = setup_test_string_tunneled(
1480 ts_params->mbuf_pool,
1481 null_plain_data, test_cfg[i].pkt_sz,
1482 INBOUND_SPI, j + 1);
1483 if (ut_params->ibuf[j] == NULL)
1486 /* Generate test mbuf data */
1487 ut_params->obuf[j] = setup_test_string(
1488 ts_params->mbuf_pool,
1489 null_plain_data, sizeof(null_plain_data),
1490 test_cfg[i].pkt_sz, 0);
1491 if (ut_params->obuf[j] == NULL)
1497 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1500 rc = inline_inb_burst_null_null_check(ut_params, i,
1504 "rte_ipsec_pkt_process failed, cfg %d\n",
1510 if (rc == TEST_FAILED)
1511 test_ipsec_dump_buffers(ut_params, i);
1518 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1522 struct ipsec_unitest_params *ut_params = &unittest_params;
1524 ut_params->ipsec_xform.spi = INBOUND_SPI;
1525 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1526 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1527 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1528 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1530 for (i = 0; i < num_cfg && rc == 0; i++) {
1531 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1532 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1539 test_ipsec_inline_proto_inb_burst_null_null(int i)
1541 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1542 struct ipsec_unitest_params *ut_params = &unittest_params;
1543 uint16_t num_pkts = test_cfg[i].num_pkts;
1548 /* create rte_ipsec_sa*/
1549 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1550 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1552 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1556 /* Generate inbound mbuf data */
1557 for (j = 0; j < num_pkts && rc == 0; j++) {
1558 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1559 null_plain_data, sizeof(null_plain_data),
1560 test_cfg[i].pkt_sz, 0);
1561 if (ut_params->ibuf[j] == NULL)
1564 /* Generate test mbuf data */
1565 ut_params->obuf[j] = setup_test_string(
1566 ts_params->mbuf_pool,
1567 null_plain_data, sizeof(null_plain_data),
1568 test_cfg[i].pkt_sz, 0);
1569 if (ut_params->obuf[j] == NULL)
1575 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1578 rc = inline_inb_burst_null_null_check(ut_params, i,
1582 "rte_ipsec_pkt_process failed, cfg %d\n",
1588 if (rc == TEST_FAILED)
1589 test_ipsec_dump_buffers(ut_params, i);
1596 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1600 struct ipsec_unitest_params *ut_params = &unittest_params;
1602 ut_params->ipsec_xform.spi = INBOUND_SPI;
1603 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1604 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1605 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1606 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1608 for (i = 0; i < num_cfg && rc == 0; i++) {
1609 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1610 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1617 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1624 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1625 ut_params->pkt_index = j;
1627 /* compare the buffer data */
1628 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1629 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1630 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1631 ut_params->ibuf[j]->data_len,
1632 "input and output data does not match\n");
1633 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1634 ut_params->obuf[j]->data_len,
1635 "ibuf data_len is not equal to obuf data_len");
1636 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1637 ut_params->obuf[j]->pkt_len,
1638 "ibuf pkt_len is not equal to obuf pkt_len");
1640 /* check mbuf ol_flags */
1641 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & RTE_MBUF_F_TX_SEC_OFFLOAD,
1642 "ibuf RTE_MBUF_F_TX_SEC_OFFLOAD is not set");
1648 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1650 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1651 struct ipsec_unitest_params *ut_params = &unittest_params;
1652 uint16_t num_pkts = test_cfg[i].num_pkts;
1657 /* create rte_ipsec_sa */
1658 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1659 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1661 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1665 /* Generate test mbuf data */
1666 for (j = 0; j < num_pkts && rc == 0; j++) {
1667 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1668 null_plain_data, sizeof(null_plain_data),
1669 test_cfg[i].pkt_sz, 0);
1670 if (ut_params->ibuf[0] == NULL)
1674 /* Generate test tunneled mbuf data for comparison */
1675 ut_params->obuf[j] = setup_test_string_tunneled(
1676 ts_params->mbuf_pool,
1677 null_plain_data, test_cfg[i].pkt_sz,
1678 OUTBOUND_SPI, j + 1);
1679 if (ut_params->obuf[j] == NULL)
1685 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1688 rc = inline_outb_burst_null_null_check(ut_params,
1692 "rte_ipsec_pkt_process failed, cfg %d\n",
1698 if (rc == TEST_FAILED)
1699 test_ipsec_dump_buffers(ut_params, i);
1706 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1710 struct ipsec_unitest_params *ut_params = &unittest_params;
1712 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1713 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1714 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1715 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1716 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1718 for (i = 0; i < num_cfg && rc == 0; i++) {
1719 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1720 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1727 test_ipsec_inline_proto_outb_burst_null_null(int i)
1729 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1730 struct ipsec_unitest_params *ut_params = &unittest_params;
1731 uint16_t num_pkts = test_cfg[i].num_pkts;
1736 /* create rte_ipsec_sa */
1737 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1738 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1740 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1744 /* Generate test mbuf data */
1745 for (j = 0; j < num_pkts && rc == 0; j++) {
1746 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1747 null_plain_data, sizeof(null_plain_data),
1748 test_cfg[i].pkt_sz, 0);
1749 if (ut_params->ibuf[0] == NULL)
1753 /* Generate test tunneled mbuf data for comparison */
1754 ut_params->obuf[j] = setup_test_string(
1755 ts_params->mbuf_pool, null_plain_data,
1756 sizeof(null_plain_data), test_cfg[i].pkt_sz,
1758 if (ut_params->obuf[j] == NULL)
1764 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1767 rc = inline_outb_burst_null_null_check(ut_params,
1771 "rte_ipsec_pkt_process failed, cfg %d\n",
1777 if (rc == TEST_FAILED)
1778 test_ipsec_dump_buffers(ut_params, i);
1785 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1789 struct ipsec_unitest_params *ut_params = &unittest_params;
1791 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1792 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1793 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1794 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1795 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1797 for (i = 0; i < num_cfg && rc == 0; i++) {
1798 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1799 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1806 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1808 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1809 struct ipsec_unitest_params *ut_params = &unittest_params;
1810 uint16_t num_pkts = test_cfg[i].num_pkts;
1814 /* create rte_ipsec_sa */
1815 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1816 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1818 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1822 /* Generate test mbuf data */
1823 for (j = 0; j < num_pkts && rc == 0; j++) {
1824 /* packet with sequence number 0 is invalid */
1825 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1826 null_encrypted_data, sizeof(null_encrypted_data),
1827 test_cfg[i].pkt_sz, 0);
1828 if (ut_params->ibuf[j] == NULL)
1833 if (test_cfg[i].reorder_pkts)
1834 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1835 rc = test_ipsec_crypto_op_alloc(num_pkts);
1839 /* call ipsec library api */
1840 rc = lksd_proto_ipsec(num_pkts);
1842 rc = crypto_inb_burst_null_null_check(ut_params, i,
1845 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1851 if (rc == TEST_FAILED)
1852 test_ipsec_dump_buffers(ut_params, i);
1859 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1863 struct ipsec_unitest_params *ut_params = &unittest_params;
1865 ut_params->ipsec_xform.spi = INBOUND_SPI;
1866 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1867 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1868 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1869 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1871 for (i = 0; i < num_cfg && rc == 0; i++) {
1872 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1873 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1880 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1884 struct ipsec_unitest_params *ut_params = &unittest_params;
1886 ut_params->ipsec_xform.spi = INBOUND_SPI;
1887 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1888 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1889 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1890 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1892 for (i = 0; i < num_cfg && rc == 0; i++) {
1893 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1894 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1901 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1906 for (j = 0; j < num_pkts; j++) {
1907 /* compare the buffer data */
1908 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1909 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1911 "input and output data does not match\n");
1913 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1914 ut_params->obuf[j]->pkt_len,
1915 "data_len is not equal to pkt_len");
1922 test_ipsec_replay_inb_inside_null_null(int i)
1924 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1925 struct ipsec_unitest_params *ut_params = &unittest_params;
1928 /* create rte_ipsec_sa*/
1929 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1930 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1932 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1936 /* Generate inbound mbuf data */
1937 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1938 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1939 if (ut_params->ibuf[0] == NULL)
1942 rc = test_ipsec_crypto_op_alloc(1);
1945 /* call ipsec library api */
1946 rc = crypto_ipsec(1);
1948 rc = replay_inb_null_null_check(ut_params, i, 1);
1950 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1956 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1957 /* generate packet with seq number inside the replay window */
1958 if (ut_params->ibuf[0]) {
1959 rte_pktmbuf_free(ut_params->ibuf[0]);
1960 ut_params->ibuf[0] = 0;
1963 ut_params->ibuf[0] = setup_test_string_tunneled(
1964 ts_params->mbuf_pool, null_encrypted_data,
1965 test_cfg[i].pkt_sz, INBOUND_SPI,
1966 test_cfg[i].replay_win_sz);
1967 if (ut_params->ibuf[0] == NULL)
1970 rc = test_ipsec_crypto_op_alloc(1);
1973 /* call ipsec library api */
1974 rc = crypto_ipsec(1);
1976 rc = replay_inb_null_null_check(
1979 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1985 if (rc == TEST_FAILED)
1986 test_ipsec_dump_buffers(ut_params, i);
1994 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1998 struct ipsec_unitest_params *ut_params = &unittest_params;
2000 ut_params->ipsec_xform.spi = INBOUND_SPI;
2001 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2002 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2003 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2004 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2006 for (i = 0; i < num_cfg && rc == 0; i++) {
2007 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2008 rc = test_ipsec_replay_inb_inside_null_null(i);
2015 test_ipsec_replay_inb_outside_null_null(int i)
2017 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2018 struct ipsec_unitest_params *ut_params = &unittest_params;
2021 /* create rte_ipsec_sa */
2022 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2023 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2025 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2029 /* Generate test mbuf data */
2030 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2031 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
2032 test_cfg[i].replay_win_sz + 2);
2033 if (ut_params->ibuf[0] == NULL)
2036 rc = test_ipsec_crypto_op_alloc(1);
2039 /* call ipsec library api */
2040 rc = crypto_ipsec(1);
2042 rc = replay_inb_null_null_check(ut_params, i, 1);
2044 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2050 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2051 /* generate packet with seq number outside the replay window */
2052 if (ut_params->ibuf[0]) {
2053 rte_pktmbuf_free(ut_params->ibuf[0]);
2054 ut_params->ibuf[0] = 0;
2056 ut_params->ibuf[0] = setup_test_string_tunneled(
2057 ts_params->mbuf_pool, null_encrypted_data,
2058 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2059 if (ut_params->ibuf[0] == NULL)
2062 rc = test_ipsec_crypto_op_alloc(1);
2065 /* call ipsec library api */
2066 rc = crypto_ipsec(1);
2068 if (test_cfg[i].esn == 0) {
2070 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2072 test_cfg[i].replay_win_sz + 2,
2078 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2079 i, test_cfg[i].replay_win_sz + 2, 1);
2085 if (rc == TEST_FAILED)
2086 test_ipsec_dump_buffers(ut_params, i);
2094 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2098 struct ipsec_unitest_params *ut_params = &unittest_params;
2100 ut_params->ipsec_xform.spi = INBOUND_SPI;
2101 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2102 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2103 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2104 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2106 for (i = 0; i < num_cfg && rc == 0; i++) {
2107 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2108 rc = test_ipsec_replay_inb_outside_null_null(i);
2115 test_ipsec_replay_inb_repeat_null_null(int i)
2117 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2118 struct ipsec_unitest_params *ut_params = &unittest_params;
2121 /* create rte_ipsec_sa */
2122 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2123 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2125 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2129 /* Generate test mbuf data */
2130 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2131 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2132 if (ut_params->ibuf[0] == NULL)
2135 rc = test_ipsec_crypto_op_alloc(1);
2138 /* call ipsec library api */
2139 rc = crypto_ipsec(1);
2141 rc = replay_inb_null_null_check(ut_params, i, 1);
2143 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2149 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2151 * generate packet with repeat seq number in the replay
2154 if (ut_params->ibuf[0]) {
2155 rte_pktmbuf_free(ut_params->ibuf[0]);
2156 ut_params->ibuf[0] = 0;
2159 ut_params->ibuf[0] = setup_test_string_tunneled(
2160 ts_params->mbuf_pool, null_encrypted_data,
2161 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2162 if (ut_params->ibuf[0] == NULL)
2165 rc = test_ipsec_crypto_op_alloc(1);
2168 /* call ipsec library api */
2169 rc = crypto_ipsec(1);
2172 "packet is not repeated in the replay window, cfg %d seq %u\n",
2177 "packet is repeated in the replay window, cfg %d seq %u\n",
2184 if (rc == TEST_FAILED)
2185 test_ipsec_dump_buffers(ut_params, i);
2193 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2197 struct ipsec_unitest_params *ut_params = &unittest_params;
2199 ut_params->ipsec_xform.spi = INBOUND_SPI;
2200 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2201 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2202 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2203 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2205 for (i = 0; i < num_cfg && rc == 0; i++) {
2206 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2207 rc = test_ipsec_replay_inb_repeat_null_null(i);
2214 test_ipsec_replay_inb_inside_burst_null_null(int i)
2216 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2217 struct ipsec_unitest_params *ut_params = &unittest_params;
2218 uint16_t num_pkts = test_cfg[i].num_pkts;
2222 /* create rte_ipsec_sa*/
2223 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2224 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2226 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2230 /* Generate inbound mbuf data */
2231 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2232 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2233 if (ut_params->ibuf[0] == NULL)
2236 rc = test_ipsec_crypto_op_alloc(1);
2239 /* call ipsec library api */
2240 rc = crypto_ipsec(1);
2242 rc = replay_inb_null_null_check(ut_params, i, 1);
2244 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2250 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2252 * generate packet(s) with seq number(s) inside the
2255 if (ut_params->ibuf[0]) {
2256 rte_pktmbuf_free(ut_params->ibuf[0]);
2257 ut_params->ibuf[0] = 0;
2260 for (j = 0; j < num_pkts && rc == 0; j++) {
2261 /* packet with sequence number 1 already processed */
2262 ut_params->ibuf[j] = setup_test_string_tunneled(
2263 ts_params->mbuf_pool, null_encrypted_data,
2264 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2265 if (ut_params->ibuf[j] == NULL)
2270 if (test_cfg[i].reorder_pkts)
2271 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2272 rc = test_ipsec_crypto_op_alloc(num_pkts);
2276 /* call ipsec library api */
2277 rc = crypto_ipsec(num_pkts);
2279 rc = replay_inb_null_null_check(
2280 ut_params, i, num_pkts);
2282 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2288 if (rc == TEST_FAILED)
2289 test_ipsec_dump_buffers(ut_params, i);
2297 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2301 struct ipsec_unitest_params *ut_params = &unittest_params;
2303 ut_params->ipsec_xform.spi = INBOUND_SPI;
2304 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2305 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2306 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2307 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2309 for (i = 0; i < num_cfg && rc == 0; i++) {
2310 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2311 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2319 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2324 for (j = 0; j < BURST_SIZE; j++) {
2325 ut_params->pkt_index = j;
2327 /* compare the data buffers */
2328 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2329 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2331 "input and output data does not match\n");
2332 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2333 ut_params->obuf[j]->pkt_len,
2334 "data_len is not equal to pkt_len");
2335 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2337 "data_len is not equal to input data");
2344 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2346 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2347 struct ipsec_unitest_params *ut_params = &unittest_params;
2348 uint16_t num_pkts = test_cfg[i].num_pkts;
2352 if (num_pkts != BURST_SIZE)
2355 /* create rte_ipsec_sa */
2356 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2357 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2359 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2363 /* create second rte_ipsec_sa */
2364 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2365 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2366 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2368 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2373 /* Generate test mbuf data */
2374 for (j = 0; j < num_pkts && rc == 0; j++) {
2376 /* packet with sequence number 0 is invalid */
2377 ut_params->ibuf[j] = setup_test_string_tunneled(
2378 ts_params->mbuf_pool, null_encrypted_data,
2379 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2380 if (ut_params->ibuf[j] == NULL)
2385 rc = test_ipsec_crypto_op_alloc(num_pkts);
2388 /* call ipsec library api */
2389 rc = crypto_ipsec_2sa();
2391 rc = crypto_inb_burst_2sa_null_null_check(
2394 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2400 if (rc == TEST_FAILED)
2401 test_ipsec_dump_buffers(ut_params, i);
2409 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2413 struct ipsec_unitest_params *ut_params = &unittest_params;
2415 ut_params->ipsec_xform.spi = INBOUND_SPI;
2416 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2417 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2418 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2419 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2421 for (i = 0; i < num_cfg && rc == 0; i++) {
2422 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2423 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2430 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2432 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2433 struct ipsec_unitest_params *ut_params = &unittest_params;
2434 uint16_t num_pkts = test_cfg[i].num_pkts;
2438 if (num_pkts != BURST_SIZE)
2441 /* create rte_ipsec_sa */
2442 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2443 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2445 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2449 /* create second rte_ipsec_sa */
2450 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2451 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2452 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2454 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2459 /* Generate test mbuf data */
2460 for (j = 0; j < num_pkts && rc == 0; j++) {
2461 k = crypto_ipsec_4grp(j);
2463 /* packet with sequence number 0 is invalid */
2464 ut_params->ibuf[j] = setup_test_string_tunneled(
2465 ts_params->mbuf_pool, null_encrypted_data,
2466 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2467 if (ut_params->ibuf[j] == NULL)
2472 rc = test_ipsec_crypto_op_alloc(num_pkts);
2475 /* call ipsec library api */
2476 rc = crypto_ipsec_2sa_4grp();
2478 rc = crypto_inb_burst_2sa_null_null_check(
2481 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2487 if (rc == TEST_FAILED)
2488 test_ipsec_dump_buffers(ut_params, i);
2496 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2500 struct ipsec_unitest_params *ut_params = &unittest_params;
2502 ut_params->ipsec_xform.spi = INBOUND_SPI;
2503 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2504 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2505 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2506 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2508 for (i = 0; i < num_cfg && rc == 0; i++) {
2509 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2510 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2516 static struct unit_test_suite ipsec_testsuite = {
2517 .suite_name = "IPsec NULL Unit Test Suite",
2518 .setup = testsuite_setup,
2519 .teardown = testsuite_teardown,
2520 .unit_test_cases = {
2521 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2522 test_ipsec_crypto_inb_burst_null_null_wrapper),
2523 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2524 test_ipsec_crypto_outb_burst_null_null_wrapper),
2525 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2526 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2527 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2528 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2529 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2530 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2531 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2532 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2533 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2534 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2535 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2536 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2537 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2538 test_ipsec_replay_inb_inside_null_null_wrapper),
2539 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2540 test_ipsec_replay_inb_outside_null_null_wrapper),
2541 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2542 test_ipsec_replay_inb_repeat_null_null_wrapper),
2543 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2544 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2545 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2546 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2547 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2548 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2549 TEST_CASES_END() /**< NULL terminate unit test array */
2556 return unit_test_suite_runner(&ipsec_testsuite);
2559 #endif /* !RTE_EXEC_ENV_WINDOWS */
2561 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);