build: remove makefiles
[dpdk.git] / app / test / test_ipsec.c
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(c) 2018 Intel Corporation
3  */
4
5 #include <time.h>
6
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
9 #include <rte_mbuf.h>
10 #include <rte_malloc.h>
11 #include <rte_memcpy.h>
12 #include <rte_cycles.h>
13 #include <rte_bus_vdev.h>
14 #include <rte_ip.h>
15
16 #include <rte_crypto.h>
17 #include <rte_cryptodev.h>
18 #include <rte_cryptodev_pmd.h>
19 #include <rte_lcore.h>
20 #include <rte_ipsec.h>
21 #include <rte_random.h>
22 #include <rte_esp.h>
23 #include <rte_security_driver.h>
24
25 #include "test.h"
26 #include "test_cryptodev.h"
27
28 #define VDEV_ARGS_SIZE  100
29 #define MAX_NB_SESSIONS 200
30 #define MAX_NB_SAS              2
31 #define REPLAY_WIN_0    0
32 #define REPLAY_WIN_32   32
33 #define REPLAY_WIN_64   64
34 #define REPLAY_WIN_128  128
35 #define REPLAY_WIN_256  256
36 #define DATA_64_BYTES   64
37 #define DATA_80_BYTES   80
38 #define DATA_100_BYTES  100
39 #define ESN_ENABLED             1
40 #define ESN_DISABLED    0
41 #define INBOUND_SPI             7
42 #define OUTBOUND_SPI    17
43 #define BURST_SIZE              32
44 #define REORDER_PKTS    1
45 #define DEQUEUE_COUNT   1000
46
47 struct user_params {
48         enum rte_crypto_sym_xform_type auth;
49         enum rte_crypto_sym_xform_type cipher;
50         enum rte_crypto_sym_xform_type aead;
51
52         char auth_algo[128];
53         char cipher_algo[128];
54         char aead_algo[128];
55 };
56
57 struct ipsec_testsuite_params {
58         struct rte_mempool *mbuf_pool;
59         struct rte_mempool *cop_mpool;
60         struct rte_cryptodev_config conf;
61         struct rte_cryptodev_qp_conf qp_conf;
62
63         uint8_t valid_dev;
64         uint8_t valid_dev_found;
65 };
66
67 struct ipsec_unitest_params {
68         struct rte_crypto_sym_xform cipher_xform;
69         struct rte_crypto_sym_xform auth_xform;
70         struct rte_crypto_sym_xform aead_xform;
71         struct rte_crypto_sym_xform *crypto_xforms;
72
73         struct rte_security_ipsec_xform ipsec_xform;
74
75         struct rte_ipsec_sa_prm sa_prm;
76         struct rte_ipsec_session ss[MAX_NB_SAS];
77
78         struct rte_crypto_op *cop[BURST_SIZE];
79
80         struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
81                 *testbuf[BURST_SIZE];
82
83         uint16_t pkt_index;
84 };
85
86 struct ipsec_test_cfg {
87         uint32_t replay_win_sz;
88         uint32_t esn;
89         uint64_t flags;
90         size_t pkt_sz;
91         uint16_t num_pkts;
92         uint32_t reorder_pkts;
93 };
94
95 static const struct ipsec_test_cfg test_cfg[] = {
96         {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
97         {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, BURST_SIZE, 0},
98         {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
99                 REORDER_PKTS},
100         {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
101         {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
102                 REORDER_PKTS},
103         {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
104         {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
105                 DATA_80_BYTES, 1, 0},
106         {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
107 };
108
109 static const int num_cfg = RTE_DIM(test_cfg);
110 static struct ipsec_testsuite_params testsuite_params = { NULL };
111 static struct ipsec_unitest_params unittest_params;
112 static struct user_params uparams;
113
114 struct supported_cipher_algo {
115         const char *keyword;
116         enum rte_crypto_cipher_algorithm algo;
117         uint16_t iv_len;
118         uint16_t block_size;
119         uint16_t key_len;
120 };
121
122 struct supported_auth_algo {
123         const char *keyword;
124         enum rte_crypto_auth_algorithm algo;
125         uint16_t digest_len;
126         uint16_t key_len;
127         uint8_t key_not_req;
128 };
129
130 const struct supported_cipher_algo cipher_algos[] = {
131         {
132                 .keyword = "null",
133                 .algo = RTE_CRYPTO_CIPHER_NULL,
134                 .iv_len = 0,
135                 .block_size = 4,
136                 .key_len = 0
137         },
138 };
139
140 const struct supported_auth_algo auth_algos[] = {
141         {
142                 .keyword = "null",
143                 .algo = RTE_CRYPTO_AUTH_NULL,
144                 .digest_len = 0,
145                 .key_len = 0,
146                 .key_not_req = 1
147         },
148 };
149
150 static int
151 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
152         struct rte_security_session *sess, struct rte_mempool *mp)
153 {
154         RTE_SET_USED(device);
155         RTE_SET_USED(conf);
156         RTE_SET_USED(mp);
157
158         sess->sess_private_data = NULL;
159         return 0;
160 }
161
162 static int
163 dummy_sec_destroy(void *device, struct rte_security_session *sess)
164 {
165         RTE_SET_USED(device);
166         RTE_SET_USED(sess);
167         return 0;
168 }
169
170 static const struct rte_security_ops dummy_sec_ops = {
171         .session_create = dummy_sec_create,
172         .session_destroy = dummy_sec_destroy,
173 };
174
175 static struct rte_security_ctx dummy_sec_ctx = {
176         .ops = &dummy_sec_ops,
177 };
178
179 static const struct supported_cipher_algo *
180 find_match_cipher_algo(const char *cipher_keyword)
181 {
182         size_t i;
183
184         for (i = 0; i < RTE_DIM(cipher_algos); i++) {
185                 const struct supported_cipher_algo *algo =
186                         &cipher_algos[i];
187
188                 if (strcmp(cipher_keyword, algo->keyword) == 0)
189                         return algo;
190         }
191
192         return NULL;
193 }
194
195 static const struct supported_auth_algo *
196 find_match_auth_algo(const char *auth_keyword)
197 {
198         size_t i;
199
200         for (i = 0; i < RTE_DIM(auth_algos); i++) {
201                 const struct supported_auth_algo *algo =
202                         &auth_algos[i];
203
204                 if (strcmp(auth_keyword, algo->keyword) == 0)
205                         return algo;
206         }
207
208         return NULL;
209 }
210
211 static void
212 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
213         const struct supported_auth_algo *auth_algo,
214         const struct supported_cipher_algo *cipher_algo)
215 {
216         ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
217         ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
218         ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
219         ut_params->auth_xform.auth.algo = auth_algo->algo;
220
221         if (ut_params->ipsec_xform.direction ==
222                         RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
223                 ut_params->cipher_xform.cipher.op =
224                         RTE_CRYPTO_CIPHER_OP_DECRYPT;
225                 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
226                 ut_params->cipher_xform.next = NULL;
227                 ut_params->auth_xform.next = &ut_params->cipher_xform;
228                 ut_params->crypto_xforms = &ut_params->auth_xform;
229         } else {
230                 ut_params->cipher_xform.cipher.op =
231                         RTE_CRYPTO_CIPHER_OP_ENCRYPT;
232                 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
233                 ut_params->auth_xform.next = NULL;
234                 ut_params->cipher_xform.next = &ut_params->auth_xform;
235                 ut_params->crypto_xforms = &ut_params->cipher_xform;
236         }
237 }
238
239 static int
240 check_cryptodev_capability(const struct ipsec_unitest_params *ut,
241                 uint8_t dev_id)
242 {
243         struct rte_cryptodev_sym_capability_idx cap_idx;
244         const struct rte_cryptodev_symmetric_capability *cap;
245         int rc = -1;
246
247         cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
248         cap_idx.algo.auth = ut->auth_xform.auth.algo;
249         cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
250
251         if (cap != NULL) {
252                 rc = rte_cryptodev_sym_capability_check_auth(cap,
253                                 ut->auth_xform.auth.key.length,
254                                 ut->auth_xform.auth.digest_length, 0);
255                 if (rc == 0) {
256                         cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
257                         cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
258                         cap = rte_cryptodev_sym_capability_get(
259                                         dev_id, &cap_idx);
260                         if (cap != NULL)
261                                 rc = rte_cryptodev_sym_capability_check_cipher(
262                                         cap,
263                                         ut->cipher_xform.cipher.key.length,
264                                         ut->cipher_xform.cipher.iv.length);
265                 }
266         }
267
268         return rc;
269 }
270
271 static int
272 testsuite_setup(void)
273 {
274         struct ipsec_testsuite_params *ts_params = &testsuite_params;
275         struct ipsec_unitest_params *ut_params = &unittest_params;
276         const struct supported_auth_algo *auth_algo;
277         const struct supported_cipher_algo *cipher_algo;
278         struct rte_cryptodev_info info;
279         uint32_t i, nb_devs, dev_id;
280         size_t sess_sz;
281         int rc;
282
283         memset(ts_params, 0, sizeof(*ts_params));
284         memset(ut_params, 0, sizeof(*ut_params));
285         memset(&uparams, 0, sizeof(struct user_params));
286
287         uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
288         uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
289         uparams.aead = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED;
290         strcpy(uparams.auth_algo, "null");
291         strcpy(uparams.cipher_algo, "null");
292
293         auth_algo = find_match_auth_algo(uparams.auth_algo);
294         cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
295         fill_crypto_xform(ut_params, auth_algo, cipher_algo);
296
297         nb_devs = rte_cryptodev_count();
298         if (nb_devs < 1) {
299                 RTE_LOG(WARNING, USER1, "No crypto devices found?\n");
300                 return TEST_SKIPPED;
301         }
302
303         /* Find first valid crypto device */
304         for (i = 0; i < nb_devs; i++) {
305                 rc = check_cryptodev_capability(ut_params, i);
306                 if (rc == 0) {
307                         ts_params->valid_dev = i;
308                         ts_params->valid_dev_found = 1;
309                         break;
310                 }
311         }
312
313         if (ts_params->valid_dev_found == 0)
314                 return TEST_FAILED;
315
316         ts_params->mbuf_pool = rte_pktmbuf_pool_create(
317                         "CRYPTO_MBUFPOOL",
318                         NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
319                         rte_socket_id());
320         if (ts_params->mbuf_pool == NULL) {
321                 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
322                 return TEST_FAILED;
323         }
324
325         ts_params->cop_mpool = rte_crypto_op_pool_create(
326                         "MBUF_CRYPTO_SYM_OP_POOL",
327                         RTE_CRYPTO_OP_TYPE_SYMMETRIC,
328                         NUM_MBUFS, MBUF_CACHE_SIZE,
329                         DEFAULT_NUM_XFORMS *
330                         sizeof(struct rte_crypto_sym_xform) +
331                         MAXIMUM_IV_LENGTH,
332                         rte_socket_id());
333         if (ts_params->cop_mpool == NULL) {
334                 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
335                 return TEST_FAILED;
336         }
337
338         /* Set up all the qps on the first of the valid devices found */
339         dev_id = ts_params->valid_dev;
340
341         rte_cryptodev_info_get(dev_id, &info);
342
343         ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
344         ts_params->conf.socket_id = SOCKET_ID_ANY;
345         ts_params->conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
346
347         sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
348         sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
349
350         /*
351          * Create mempools for sessions
352          */
353         if (info.sym.max_nb_sessions != 0 &&
354                         info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
355                 RTE_LOG(ERR, USER1, "Device does not support "
356                                 "at least %u sessions\n",
357                                 MAX_NB_SESSIONS);
358                 return TEST_FAILED;
359         }
360
361         ts_params->qp_conf.mp_session_private = rte_mempool_create(
362                                 "test_priv_sess_mp",
363                                 MAX_NB_SESSIONS,
364                                 sess_sz,
365                                 0, 0, NULL, NULL, NULL,
366                                 NULL, SOCKET_ID_ANY,
367                                 0);
368
369         TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
370                         "private session mempool allocation failed");
371
372         ts_params->qp_conf.mp_session =
373                 rte_cryptodev_sym_session_pool_create("test_sess_mp",
374                         MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
375
376         TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
377                         "session mempool allocation failed");
378
379         TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
380                         &ts_params->conf),
381                         "Failed to configure cryptodev %u with %u qps",
382                         dev_id, ts_params->conf.nb_queue_pairs);
383
384         ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
385
386         TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
387                 dev_id, 0, &ts_params->qp_conf,
388                 rte_cryptodev_socket_id(dev_id)),
389                 "Failed to setup queue pair %u on cryptodev %u",
390                 0, dev_id);
391
392         return TEST_SUCCESS;
393 }
394
395 static void
396 testsuite_teardown(void)
397 {
398         struct ipsec_testsuite_params *ts_params = &testsuite_params;
399
400         if (ts_params->mbuf_pool != NULL) {
401                 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
402                 rte_mempool_avail_count(ts_params->mbuf_pool));
403                 rte_mempool_free(ts_params->mbuf_pool);
404                 ts_params->mbuf_pool = NULL;
405         }
406
407         if (ts_params->cop_mpool != NULL) {
408                 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
409                 rte_mempool_avail_count(ts_params->cop_mpool));
410                 rte_mempool_free(ts_params->cop_mpool);
411                 ts_params->cop_mpool = NULL;
412         }
413
414         /* Free session mempools */
415         if (ts_params->qp_conf.mp_session != NULL) {
416                 rte_mempool_free(ts_params->qp_conf.mp_session);
417                 ts_params->qp_conf.mp_session = NULL;
418         }
419
420         if (ts_params->qp_conf.mp_session_private != NULL) {
421                 rte_mempool_free(ts_params->qp_conf.mp_session_private);
422                 ts_params->qp_conf.mp_session_private = NULL;
423         }
424 }
425
426 static int
427 ut_setup(void)
428 {
429         struct ipsec_testsuite_params *ts_params = &testsuite_params;
430         struct ipsec_unitest_params *ut_params = &unittest_params;
431
432         /* Clear unit test parameters before running test */
433         memset(ut_params, 0, sizeof(*ut_params));
434
435         /* Reconfigure device to default parameters */
436         ts_params->conf.socket_id = SOCKET_ID_ANY;
437
438         /* Start the device */
439         TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
440                         "Failed to start cryptodev %u",
441                         ts_params->valid_dev);
442
443         return TEST_SUCCESS;
444 }
445
446 static void
447 ut_teardown(void)
448 {
449         struct ipsec_testsuite_params *ts_params = &testsuite_params;
450         struct ipsec_unitest_params *ut_params = &unittest_params;
451         int i;
452
453         for (i = 0; i < BURST_SIZE; i++) {
454                 /* free crypto operation structure */
455                 if (ut_params->cop[i]) {
456                         rte_crypto_op_free(ut_params->cop[i]);
457                         ut_params->cop[i] = NULL;
458                 }
459
460                 /*
461                  * free mbuf - both obuf and ibuf are usually the same,
462                  * so check if they point at the same address is necessary,
463                  * to avoid freeing the mbuf twice.
464                  */
465                 if (ut_params->obuf[i]) {
466                         rte_pktmbuf_free(ut_params->obuf[i]);
467                         if (ut_params->ibuf[i] == ut_params->obuf[i])
468                                 ut_params->ibuf[i] = NULL;
469                         ut_params->obuf[i] = NULL;
470                 }
471                 if (ut_params->ibuf[i]) {
472                         rte_pktmbuf_free(ut_params->ibuf[i]);
473                         ut_params->ibuf[i] = NULL;
474                 }
475
476                 if (ut_params->testbuf[i]) {
477                         rte_pktmbuf_free(ut_params->testbuf[i]);
478                         ut_params->testbuf[i] = NULL;
479                 }
480         }
481
482         if (ts_params->mbuf_pool != NULL)
483                 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
484                         rte_mempool_avail_count(ts_params->mbuf_pool));
485
486         /* Stop the device */
487         rte_cryptodev_stop(ts_params->valid_dev);
488 }
489
490 #define IPSEC_MAX_PAD_SIZE      UINT8_MAX
491
492 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
493         1, 2, 3, 4, 5, 6, 7, 8,
494         9, 10, 11, 12, 13, 14, 15, 16,
495         17, 18, 19, 20, 21, 22, 23, 24,
496         25, 26, 27, 28, 29, 30, 31, 32,
497         33, 34, 35, 36, 37, 38, 39, 40,
498         41, 42, 43, 44, 45, 46, 47, 48,
499         49, 50, 51, 52, 53, 54, 55, 56,
500         57, 58, 59, 60, 61, 62, 63, 64,
501         65, 66, 67, 68, 69, 70, 71, 72,
502         73, 74, 75, 76, 77, 78, 79, 80,
503         81, 82, 83, 84, 85, 86, 87, 88,
504         89, 90, 91, 92, 93, 94, 95, 96,
505         97, 98, 99, 100, 101, 102, 103, 104,
506         105, 106, 107, 108, 109, 110, 111, 112,
507         113, 114, 115, 116, 117, 118, 119, 120,
508         121, 122, 123, 124, 125, 126, 127, 128,
509         129, 130, 131, 132, 133, 134, 135, 136,
510         137, 138, 139, 140, 141, 142, 143, 144,
511         145, 146, 147, 148, 149, 150, 151, 152,
512         153, 154, 155, 156, 157, 158, 159, 160,
513         161, 162, 163, 164, 165, 166, 167, 168,
514         169, 170, 171, 172, 173, 174, 175, 176,
515         177, 178, 179, 180, 181, 182, 183, 184,
516         185, 186, 187, 188, 189, 190, 191, 192,
517         193, 194, 195, 196, 197, 198, 199, 200,
518         201, 202, 203, 204, 205, 206, 207, 208,
519         209, 210, 211, 212, 213, 214, 215, 216,
520         217, 218, 219, 220, 221, 222, 223, 224,
521         225, 226, 227, 228, 229, 230, 231, 232,
522         233, 234, 235, 236, 237, 238, 239, 240,
523         241, 242, 243, 244, 245, 246, 247, 248,
524         249, 250, 251, 252, 253, 254, 255,
525 };
526
527 /* ***** data for tests ***** */
528
529 const char null_plain_data[] =
530         "Network Security People Have A Strange Sense Of Humor unlike Other "
531         "People who have a normal sense of humour";
532
533 const char null_encrypted_data[] =
534         "Network Security People Have A Strange Sense Of Humor unlike Other "
535         "People who have a normal sense of humour";
536
537 struct rte_ipv4_hdr ipv4_outer  = {
538         .version_ihl = IPVERSION << 4 |
539                 sizeof(ipv4_outer) / RTE_IPV4_IHL_MULTIPLIER,
540         .time_to_live = IPDEFTTL,
541         .next_proto_id = IPPROTO_ESP,
542         .src_addr = RTE_IPV4(192, 168, 1, 100),
543         .dst_addr = RTE_IPV4(192, 168, 2, 100),
544 };
545
546 static struct rte_mbuf *
547 setup_test_string(struct rte_mempool *mpool,
548                 const char *string, size_t len, uint8_t blocksize)
549 {
550         struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
551         size_t t_len = len - (blocksize ? (len % blocksize) : 0);
552
553         if (m) {
554                 memset(m->buf_addr, 0, m->buf_len);
555                 char *dst = rte_pktmbuf_append(m, t_len);
556
557                 if (!dst) {
558                         rte_pktmbuf_free(m);
559                         return NULL;
560                 }
561                 if (string != NULL)
562                         rte_memcpy(dst, string, t_len);
563                 else
564                         memset(dst, 0, t_len);
565         }
566
567         return m;
568 }
569
570 static struct rte_mbuf *
571 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
572         size_t len, uint32_t spi, uint32_t seq)
573 {
574         struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
575         uint32_t hdrlen = sizeof(struct rte_ipv4_hdr) +
576                 sizeof(struct rte_esp_hdr);
577         uint32_t taillen = sizeof(struct rte_esp_tail);
578         uint32_t t_len = len + hdrlen + taillen;
579         uint32_t padlen;
580
581         struct rte_esp_hdr esph  = {
582                 .spi = rte_cpu_to_be_32(spi),
583                 .seq = rte_cpu_to_be_32(seq)
584         };
585
586         padlen = RTE_ALIGN(t_len, 4) - t_len;
587         t_len += padlen;
588
589         struct rte_esp_tail espt = {
590                 .pad_len = padlen,
591                 .next_proto = IPPROTO_IPIP,
592         };
593
594         if (m == NULL)
595                 return NULL;
596
597         memset(m->buf_addr, 0, m->buf_len);
598         char *dst = rte_pktmbuf_append(m, t_len);
599
600         if (!dst) {
601                 rte_pktmbuf_free(m);
602                 return NULL;
603         }
604         /* copy outer IP and ESP header */
605         ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
606         ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
607         rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
608         dst += sizeof(ipv4_outer);
609         m->l3_len = sizeof(ipv4_outer);
610         rte_memcpy(dst, &esph, sizeof(esph));
611         dst += sizeof(esph);
612
613         if (string != NULL) {
614                 /* copy payload */
615                 rte_memcpy(dst, string, len);
616                 dst += len;
617                 /* copy pad bytes */
618                 rte_memcpy(dst, esp_pad_bytes, padlen);
619                 dst += padlen;
620                 /* copy ESP tail header */
621                 rte_memcpy(dst, &espt, sizeof(espt));
622         } else
623                 memset(dst, 0, t_len);
624
625         return m;
626 }
627
628 static int
629 create_dummy_sec_session(struct ipsec_unitest_params *ut,
630         struct rte_cryptodev_qp_conf *qp, uint32_t j)
631 {
632         static struct rte_security_session_conf conf;
633
634         ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
635                                         &conf, qp->mp_session_private);
636
637         if (ut->ss[j].security.ses == NULL)
638                 return -ENOMEM;
639
640         ut->ss[j].security.ctx = &dummy_sec_ctx;
641         ut->ss[j].security.ol_flags = 0;
642         return 0;
643 }
644
645 static int
646 create_crypto_session(struct ipsec_unitest_params *ut,
647         struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
648 {
649         int32_t rc;
650         struct rte_cryptodev_sym_session *s;
651
652         s = rte_cryptodev_sym_session_create(qp->mp_session);
653         if (s == NULL)
654                 return -ENOMEM;
655
656         /* initiliaze SA crypto session for device */
657         rc = rte_cryptodev_sym_session_init(dev_id, s,
658                         ut->crypto_xforms, qp->mp_session_private);
659         if (rc == 0) {
660                 ut->ss[j].crypto.ses = s;
661                 return 0;
662         } else {
663                 /* failure, do cleanup */
664                 rte_cryptodev_sym_session_clear(dev_id, s);
665                 rte_cryptodev_sym_session_free(s);
666                 return rc;
667         }
668 }
669
670 static int
671 create_session(struct ipsec_unitest_params *ut,
672         struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
673 {
674         if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
675                 return create_crypto_session(ut, qp, crypto_dev, j);
676         else
677                 return create_dummy_sec_session(ut, qp, j);
678 }
679
680 static int
681 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
682 {
683         struct ipsec_unitest_params *ut_params = &unittest_params;
684         struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
685         const struct supported_auth_algo *auth_algo;
686         const struct supported_cipher_algo *cipher_algo;
687
688         memset(prm, 0, sizeof(*prm));
689
690         prm->userdata = 1;
691         prm->flags = flags;
692
693         /* setup ipsec xform */
694         prm->ipsec_xform = ut_params->ipsec_xform;
695         prm->ipsec_xform.salt = (uint32_t)rte_rand();
696         prm->ipsec_xform.replay_win_sz = replay_win_sz;
697
698         /* setup tunnel related fields */
699         prm->tun.hdr_len = sizeof(ipv4_outer);
700         prm->tun.next_proto = IPPROTO_IPIP;
701         prm->tun.hdr = &ipv4_outer;
702
703         /* setup crypto section */
704         if (uparams.aead != 0) {
705                 /* TODO: will need to fill out with other test cases */
706         } else {
707                 if (uparams.auth == 0 && uparams.cipher == 0)
708                         return TEST_FAILED;
709
710                 auth_algo = find_match_auth_algo(uparams.auth_algo);
711                 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
712
713                 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
714         }
715
716         prm->crypto_xform = ut_params->crypto_xforms;
717         return TEST_SUCCESS;
718 }
719
720 static int
721 create_sa(enum rte_security_session_action_type action_type,
722                 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
723 {
724         struct ipsec_testsuite_params *ts = &testsuite_params;
725         struct ipsec_unitest_params *ut = &unittest_params;
726         size_t sz;
727         int rc;
728
729         memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
730
731         rc = fill_ipsec_param(replay_win_sz, flags);
732         if (rc != 0)
733                 return TEST_FAILED;
734
735         /* create rte_ipsec_sa*/
736         sz = rte_ipsec_sa_size(&ut->sa_prm);
737         TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
738
739         ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
740         TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
741                 "failed to allocate memory for rte_ipsec_sa\n");
742
743         ut->ss[j].type = action_type;
744         rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
745         if (rc != 0)
746                 return TEST_FAILED;
747
748         rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
749         rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
750         if (rc == 0)
751                 rc = rte_ipsec_session_prepare(&ut->ss[j]);
752
753         return rc;
754 }
755
756 static int
757 crypto_dequeue_burst(uint16_t num_pkts)
758 {
759         struct ipsec_testsuite_params *ts_params = &testsuite_params;
760         struct ipsec_unitest_params *ut_params = &unittest_params;
761         uint32_t pkt_cnt, k;
762         int i;
763
764         for (i = 0, pkt_cnt = 0;
765                 i < DEQUEUE_COUNT && pkt_cnt != num_pkts; i++) {
766                 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
767                         &ut_params->cop[pkt_cnt], num_pkts - pkt_cnt);
768                 pkt_cnt += k;
769                 rte_delay_us(1);
770         }
771
772         if (pkt_cnt != num_pkts) {
773                 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
774                 return TEST_FAILED;
775         }
776         return TEST_SUCCESS;
777 }
778
779 static int
780 crypto_ipsec(uint16_t num_pkts)
781 {
782         struct ipsec_testsuite_params *ts_params = &testsuite_params;
783         struct ipsec_unitest_params *ut_params = &unittest_params;
784         uint32_t k, ng;
785         struct rte_ipsec_group grp[1];
786
787         /* call crypto prepare */
788         k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
789                 ut_params->cop, num_pkts);
790         if (k != num_pkts) {
791                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
792                 return TEST_FAILED;
793         }
794
795         k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
796                 ut_params->cop, num_pkts);
797         if (k != num_pkts) {
798                 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
799                 return TEST_FAILED;
800         }
801
802         if (crypto_dequeue_burst(num_pkts) == TEST_FAILED)
803                 return TEST_FAILED;
804
805         ng = rte_ipsec_pkt_crypto_group(
806                 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
807                 ut_params->obuf, grp, num_pkts);
808         if (ng != 1 ||
809                 grp[0].m[0] != ut_params->obuf[0] ||
810                 grp[0].cnt != num_pkts ||
811                 grp[0].id.ptr != &ut_params->ss[0]) {
812                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
813                 return TEST_FAILED;
814         }
815
816         /* call crypto process */
817         k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
818         if (k != num_pkts) {
819                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
820                 return TEST_FAILED;
821         }
822
823         return TEST_SUCCESS;
824 }
825
826 static int
827 lksd_proto_ipsec(uint16_t num_pkts)
828 {
829         struct ipsec_unitest_params *ut_params = &unittest_params;
830         uint32_t i, k, ng;
831         struct rte_ipsec_group grp[1];
832
833         /* call crypto prepare */
834         k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
835                 ut_params->cop, num_pkts);
836         if (k != num_pkts) {
837                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
838                 return TEST_FAILED;
839         }
840
841         /* check crypto ops */
842         for (i = 0; i != num_pkts; i++) {
843                 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
844                         RTE_CRYPTO_OP_TYPE_SYMMETRIC,
845                         "%s: invalid crypto op type for %u-th packet\n",
846                         __func__, i);
847                 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
848                         RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
849                         "%s: invalid crypto op status for %u-th packet\n",
850                         __func__, i);
851                 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
852                         RTE_CRYPTO_OP_SECURITY_SESSION,
853                         "%s: invalid crypto op sess_type for %u-th packet\n",
854                         __func__, i);
855                 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
856                         ut_params->ibuf[i],
857                         "%s: invalid crypto op m_src for %u-th packet\n",
858                         __func__, i);
859         }
860
861         /* update crypto ops, pretend all finished ok */
862         for (i = 0; i != num_pkts; i++)
863                 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
864
865         ng = rte_ipsec_pkt_crypto_group(
866                 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
867                 ut_params->obuf, grp, num_pkts);
868         if (ng != 1 ||
869                 grp[0].m[0] != ut_params->obuf[0] ||
870                 grp[0].cnt != num_pkts ||
871                 grp[0].id.ptr != &ut_params->ss[0]) {
872                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
873                 return TEST_FAILED;
874         }
875
876         /* call crypto process */
877         k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
878         if (k != num_pkts) {
879                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
880                 return TEST_FAILED;
881         }
882
883         return TEST_SUCCESS;
884 }
885
886 static void
887 dump_grp_pkt(uint32_t i, struct rte_ipsec_group *grp, uint32_t k)
888 {
889         RTE_LOG(ERR, USER1,
890                 "After rte_ipsec_pkt_process grp[%d].cnt=%d k=%d fail\n",
891                 i, grp[i].cnt, k);
892         RTE_LOG(ERR, USER1,
893                 "After rte_ipsec_pkt_process grp[%d].m=%p grp[%d].m[%d]=%p\n",
894                 i, grp[i].m, i, k, grp[i].m[k]);
895
896         rte_pktmbuf_dump(stdout, grp[i].m[k], grp[i].m[k]->data_len);
897 }
898
899 static int
900 crypto_ipsec_2sa(void)
901 {
902         struct ipsec_testsuite_params *ts_params = &testsuite_params;
903         struct ipsec_unitest_params *ut_params = &unittest_params;
904         struct rte_ipsec_group grp[BURST_SIZE];
905         uint32_t k, ng, i, r;
906
907         for (i = 0; i < BURST_SIZE; i++) {
908                 r = i % 2;
909                 /* call crypto prepare */
910                 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
911                                 ut_params->ibuf + i, ut_params->cop + i, 1);
912                 if (k != 1) {
913                         RTE_LOG(ERR, USER1,
914                                 "rte_ipsec_pkt_crypto_prepare fail\n");
915                         return TEST_FAILED;
916                 }
917                 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
918                                 ut_params->cop + i, 1);
919                 if (k != 1) {
920                         RTE_LOG(ERR, USER1,
921                                 "rte_cryptodev_enqueue_burst fail\n");
922                         return TEST_FAILED;
923                 }
924         }
925
926         if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
927                 return TEST_FAILED;
928
929         ng = rte_ipsec_pkt_crypto_group(
930                 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
931                 ut_params->obuf, grp, BURST_SIZE);
932         if (ng != BURST_SIZE) {
933                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
934                         ng);
935                 return TEST_FAILED;
936         }
937
938         /* call crypto process */
939         for (i = 0; i < ng; i++) {
940                 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
941                 if (k != grp[i].cnt) {
942                         dump_grp_pkt(i, grp, k);
943                         return TEST_FAILED;
944                 }
945         }
946         return TEST_SUCCESS;
947 }
948
949 #define PKT_4   4
950 #define PKT_12  12
951 #define PKT_21  21
952
953 static uint32_t
954 crypto_ipsec_4grp(uint32_t pkt_num)
955 {
956         uint32_t sa_ind;
957
958         /* group packets in 4 different size groups groups, 2 per SA */
959         if (pkt_num < PKT_4)
960                 sa_ind = 0;
961         else if (pkt_num < PKT_12)
962                 sa_ind = 1;
963         else if (pkt_num < PKT_21)
964                 sa_ind = 0;
965         else
966                 sa_ind = 1;
967
968         return sa_ind;
969 }
970
971 static uint32_t
972 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
973 {
974         struct ipsec_unitest_params *ut_params = &unittest_params;
975         uint32_t i, j;
976         uint32_t rc = 0;
977
978         if (grp_ind == 0) {
979                 for (i = 0, j = 0; i < PKT_4; i++, j++)
980                         if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
981                                 rc = TEST_FAILED;
982                                 break;
983                         }
984         } else if (grp_ind == 1) {
985                 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
986                         if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
987                                 rc = TEST_FAILED;
988                                 break;
989                         }
990                 }
991         } else if (grp_ind == 2) {
992                 for (i = 0, j =  PKT_12; i < (PKT_21 - PKT_12); i++, j++)
993                         if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
994                                 rc = TEST_FAILED;
995                                 break;
996                         }
997         } else if (grp_ind == 3) {
998                 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
999                         if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
1000                                 rc = TEST_FAILED;
1001                                 break;
1002                         }
1003         } else
1004                 rc = TEST_FAILED;
1005
1006         return rc;
1007 }
1008
1009 static uint32_t
1010 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
1011 {
1012         uint32_t rc = 0;
1013
1014         if (grp_ind == 0) {
1015                 if (grp[grp_ind].cnt != PKT_4)
1016                         rc = TEST_FAILED;
1017         } else if (grp_ind == 1) {
1018                 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
1019                         rc = TEST_FAILED;
1020         } else if (grp_ind == 2) {
1021                 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
1022                         rc = TEST_FAILED;
1023         } else if (grp_ind == 3) {
1024                 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1025                         rc = TEST_FAILED;
1026         } else
1027                 rc = TEST_FAILED;
1028
1029         return rc;
1030 }
1031
1032 static int
1033 crypto_ipsec_2sa_4grp(void)
1034 {
1035         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1036         struct ipsec_unitest_params *ut_params = &unittest_params;
1037         struct rte_ipsec_group grp[BURST_SIZE];
1038         uint32_t k, ng, i, j;
1039         uint32_t rc = 0;
1040
1041         for (i = 0; i < BURST_SIZE; i++) {
1042                 j = crypto_ipsec_4grp(i);
1043
1044                 /* call crypto prepare */
1045                 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1046                                 ut_params->ibuf + i, ut_params->cop + i, 1);
1047                 if (k != 1) {
1048                         RTE_LOG(ERR, USER1,
1049                                 "rte_ipsec_pkt_crypto_prepare fail\n");
1050                         return TEST_FAILED;
1051                 }
1052                 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1053                                 ut_params->cop + i, 1);
1054                 if (k != 1) {
1055                         RTE_LOG(ERR, USER1,
1056                                 "rte_cryptodev_enqueue_burst fail\n");
1057                         return TEST_FAILED;
1058                 }
1059         }
1060
1061         if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
1062                 return TEST_FAILED;
1063
1064         ng = rte_ipsec_pkt_crypto_group(
1065                 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1066                 ut_params->obuf, grp, BURST_SIZE);
1067         if (ng != 4) {
1068                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1069                         ng);
1070                 return TEST_FAILED;
1071         }
1072
1073         /* call crypto process */
1074         for (i = 0; i < ng; i++) {
1075                 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1076                 if (k != grp[i].cnt) {
1077                         dump_grp_pkt(i, grp, k);
1078                         return TEST_FAILED;
1079                 }
1080                 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1081                 if (rc != 0) {
1082                         RTE_LOG(ERR, USER1,
1083                                 "crypto_ipsec_4grp_check_cnt fail\n");
1084                         return TEST_FAILED;
1085                 }
1086                 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1087                 if (rc != 0) {
1088                         RTE_LOG(ERR, USER1,
1089                                 "crypto_ipsec_4grp_check_mbufs fail\n");
1090                         return TEST_FAILED;
1091                 }
1092         }
1093         return TEST_SUCCESS;
1094 }
1095
1096 static void
1097 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1098 {
1099         struct ipsec_unitest_params *ut_params = &unittest_params;
1100         struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1101         uint16_t j;
1102
1103         /* reorder packets and create gaps in sequence numbers */
1104         static const uint32_t reorder[BURST_SIZE] = {
1105                         24, 25, 26, 27, 28, 29, 30, 31,
1106                         16, 17, 18, 19, 20, 21, 22, 23,
1107                         8, 9, 10, 11, 12, 13, 14, 15,
1108                         0, 1, 2, 3, 4, 5, 6, 7,
1109         };
1110
1111         if (num_pkts != BURST_SIZE)
1112                 return;
1113
1114         for (j = 0; j != BURST_SIZE; j++)
1115                 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1116
1117         memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1118 }
1119
1120 static int
1121 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1122 {
1123         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1124         struct ipsec_unitest_params *ut_params = &unittest_params;
1125         int rc = 0;
1126         uint16_t j;
1127
1128         for (j = 0; j < num_pkts && rc == 0; j++) {
1129                 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1130                                 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1131                 if (ut_params->cop[j] == NULL) {
1132                         RTE_LOG(ERR, USER1,
1133                                 "Failed to allocate symmetric crypto op\n");
1134                         rc = TEST_FAILED;
1135                 }
1136         }
1137
1138         return rc;
1139 }
1140
1141 static void
1142 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1143 {
1144         uint16_t j = ut_params->pkt_index;
1145
1146         printf("\ntest config: num %d\n", i);
1147         printf("        replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1148         printf("        esn %u\n", test_cfg[i].esn);
1149         printf("        flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1150         printf("        pkt_sz %zu\n", test_cfg[i].pkt_sz);
1151         printf("        num_pkts %u\n\n", test_cfg[i].num_pkts);
1152
1153         if (ut_params->ibuf[j]) {
1154                 printf("ibuf[%u] data:\n", j);
1155                 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1156                         ut_params->ibuf[j]->data_len);
1157         }
1158         if (ut_params->obuf[j]) {
1159                 printf("obuf[%u] data:\n", j);
1160                 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1161                         ut_params->obuf[j]->data_len);
1162         }
1163         if (ut_params->testbuf[j]) {
1164                 printf("testbuf[%u] data:\n", j);
1165                 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1166                         ut_params->testbuf[j]->data_len);
1167         }
1168 }
1169
1170 static void
1171 destroy_dummy_sec_session(struct ipsec_unitest_params *ut,
1172         uint32_t j)
1173 {
1174         rte_security_session_destroy(&dummy_sec_ctx,
1175                                         ut->ss[j].security.ses);
1176         ut->ss[j].security.ctx = NULL;
1177 }
1178
1179 static void
1180 destroy_crypto_session(struct ipsec_unitest_params *ut,
1181         uint8_t crypto_dev, uint32_t j)
1182 {
1183         rte_cryptodev_sym_session_clear(crypto_dev, ut->ss[j].crypto.ses);
1184         rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1185         memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1186 }
1187
1188 static void
1189 destroy_session(struct ipsec_unitest_params *ut,
1190         uint8_t crypto_dev, uint32_t j)
1191 {
1192         if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
1193                 return destroy_crypto_session(ut, crypto_dev, j);
1194         else
1195                 return destroy_dummy_sec_session(ut, j);
1196 }
1197
1198 static void
1199 destroy_sa(uint32_t j)
1200 {
1201         struct ipsec_unitest_params *ut = &unittest_params;
1202         struct ipsec_testsuite_params *ts = &testsuite_params;
1203
1204         rte_ipsec_sa_fini(ut->ss[j].sa);
1205         rte_free(ut->ss[j].sa);
1206
1207         destroy_session(ut, ts->valid_dev, j);
1208 }
1209
1210 static int
1211 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1212                 uint16_t num_pkts)
1213 {
1214         uint16_t j;
1215
1216         for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1217                 ut_params->pkt_index = j;
1218
1219                 /* compare the data buffers */
1220                 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1221                         rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1222                         test_cfg[i].pkt_sz,
1223                         "input and output data does not match\n");
1224                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1225                         ut_params->obuf[j]->pkt_len,
1226                         "data_len is not equal to pkt_len");
1227                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1228                         test_cfg[i].pkt_sz,
1229                         "data_len is not equal to input data");
1230         }
1231
1232         return 0;
1233 }
1234
1235 static int
1236 test_ipsec_crypto_inb_burst_null_null(int i)
1237 {
1238         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1239         struct ipsec_unitest_params *ut_params = &unittest_params;
1240         uint16_t num_pkts = test_cfg[i].num_pkts;
1241         uint16_t j;
1242         int rc;
1243
1244         /* create rte_ipsec_sa */
1245         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1246                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1247         if (rc != 0) {
1248                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1249                 return TEST_FAILED;
1250         }
1251
1252         /* Generate test mbuf data */
1253         for (j = 0; j < num_pkts && rc == 0; j++) {
1254                 /* packet with sequence number 0 is invalid */
1255                 ut_params->ibuf[j] = setup_test_string_tunneled(
1256                         ts_params->mbuf_pool, null_encrypted_data,
1257                         test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1258                 if (ut_params->ibuf[j] == NULL)
1259                         rc = TEST_FAILED;
1260         }
1261
1262         if (rc == 0) {
1263                 if (test_cfg[i].reorder_pkts)
1264                         test_ipsec_reorder_inb_pkt_burst(num_pkts);
1265                 rc = test_ipsec_crypto_op_alloc(num_pkts);
1266         }
1267
1268         if (rc == 0) {
1269                 /* call ipsec library api */
1270                 rc = crypto_ipsec(num_pkts);
1271                 if (rc == 0)
1272                         rc = crypto_inb_burst_null_null_check(
1273                                         ut_params, i, num_pkts);
1274                 else {
1275                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1276                                 i);
1277                         rc = TEST_FAILED;
1278                 }
1279         }
1280
1281         if (rc == TEST_FAILED)
1282                 test_ipsec_dump_buffers(ut_params, i);
1283
1284         destroy_sa(0);
1285         return rc;
1286 }
1287
1288 static int
1289 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1290 {
1291         int i;
1292         int rc = 0;
1293         struct ipsec_unitest_params *ut_params = &unittest_params;
1294
1295         ut_params->ipsec_xform.spi = INBOUND_SPI;
1296         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1297         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1298         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1299         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1300
1301         for (i = 0; i < num_cfg && rc == 0; i++) {
1302                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1303                 rc = test_ipsec_crypto_inb_burst_null_null(i);
1304         }
1305
1306         return rc;
1307 }
1308
1309 static int
1310 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1311         uint16_t num_pkts)
1312 {
1313         void *obuf_data;
1314         void *testbuf_data;
1315         uint16_t j;
1316
1317         for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1318                 ut_params->pkt_index = j;
1319
1320                 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1321                 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1322                 /* compare the buffer data */
1323                 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1324                         ut_params->obuf[j]->pkt_len,
1325                         "test and output data does not match\n");
1326                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1327                         ut_params->testbuf[j]->data_len,
1328                         "obuf data_len is not equal to testbuf data_len");
1329                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1330                         ut_params->testbuf[j]->pkt_len,
1331                         "obuf pkt_len is not equal to testbuf pkt_len");
1332         }
1333
1334         return 0;
1335 }
1336
1337 static int
1338 test_ipsec_crypto_outb_burst_null_null(int i)
1339 {
1340         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1341         struct ipsec_unitest_params *ut_params = &unittest_params;
1342         uint16_t num_pkts = test_cfg[i].num_pkts;
1343         uint16_t j;
1344         int32_t rc;
1345
1346         /* create rte_ipsec_sa*/
1347         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1348                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1349         if (rc != 0) {
1350                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1351                 return TEST_FAILED;
1352         }
1353
1354         /* Generate input mbuf data */
1355         for (j = 0; j < num_pkts && rc == 0; j++) {
1356                 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1357                         null_plain_data, test_cfg[i].pkt_sz, 0);
1358                 if (ut_params->ibuf[j] == NULL)
1359                         rc = TEST_FAILED;
1360                 else {
1361                         /* Generate test mbuf data */
1362                         /* packet with sequence number 0 is invalid */
1363                         ut_params->testbuf[j] = setup_test_string_tunneled(
1364                                         ts_params->mbuf_pool,
1365                                         null_plain_data, test_cfg[i].pkt_sz,
1366                                         OUTBOUND_SPI, j + 1);
1367                         if (ut_params->testbuf[j] == NULL)
1368                                 rc = TEST_FAILED;
1369                 }
1370         }
1371
1372         if (rc == 0)
1373                 rc = test_ipsec_crypto_op_alloc(num_pkts);
1374
1375         if (rc == 0) {
1376                 /* call ipsec library api */
1377                 rc = crypto_ipsec(num_pkts);
1378                 if (rc == 0)
1379                         rc = crypto_outb_burst_null_null_check(ut_params,
1380                                         num_pkts);
1381                 else
1382                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1383                                 i);
1384         }
1385
1386         if (rc == TEST_FAILED)
1387                 test_ipsec_dump_buffers(ut_params, i);
1388
1389         destroy_sa(0);
1390         return rc;
1391 }
1392
1393 static int
1394 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1395 {
1396         int i;
1397         int rc = 0;
1398         struct ipsec_unitest_params *ut_params = &unittest_params;
1399
1400         ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1401         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1402         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1403         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1404         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1405
1406         for (i = 0; i < num_cfg && rc == 0; i++) {
1407                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1408                 rc = test_ipsec_crypto_outb_burst_null_null(i);
1409         }
1410
1411         return rc;
1412 }
1413
1414 static int
1415 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1416         uint16_t num_pkts)
1417 {
1418         void *ibuf_data;
1419         void *obuf_data;
1420         uint16_t j;
1421
1422         for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1423                 ut_params->pkt_index = j;
1424
1425                 /* compare the buffer data */
1426                 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1427                 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1428
1429                 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1430                         ut_params->ibuf[j]->data_len,
1431                         "input and output data does not match\n");
1432                 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1433                         ut_params->obuf[j]->data_len,
1434                         "ibuf data_len is not equal to obuf data_len");
1435                 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1436                         ut_params->obuf[j]->pkt_len,
1437                         "ibuf pkt_len is not equal to obuf pkt_len");
1438                 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1439                         test_cfg[i].pkt_sz,
1440                         "data_len is not equal input data");
1441         }
1442         return 0;
1443 }
1444
1445 static int
1446 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1447 {
1448         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1449         struct ipsec_unitest_params *ut_params = &unittest_params;
1450         uint16_t num_pkts = test_cfg[i].num_pkts;
1451         uint16_t j;
1452         int32_t rc;
1453         uint32_t n;
1454
1455         /* create rte_ipsec_sa*/
1456         rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1457                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1458         if (rc != 0) {
1459                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1460                 return TEST_FAILED;
1461         }
1462
1463         /* Generate inbound mbuf data */
1464         for (j = 0; j < num_pkts && rc == 0; j++) {
1465                 ut_params->ibuf[j] = setup_test_string_tunneled(
1466                         ts_params->mbuf_pool,
1467                         null_plain_data, test_cfg[i].pkt_sz,
1468                         INBOUND_SPI, j + 1);
1469                 if (ut_params->ibuf[j] == NULL)
1470                         rc = TEST_FAILED;
1471                 else {
1472                         /* Generate test mbuf data */
1473                         ut_params->obuf[j] = setup_test_string(
1474                                 ts_params->mbuf_pool,
1475                                 null_plain_data, test_cfg[i].pkt_sz, 0);
1476                         if (ut_params->obuf[j] == NULL)
1477                                 rc = TEST_FAILED;
1478                 }
1479         }
1480
1481         if (rc == 0) {
1482                 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1483                                 num_pkts);
1484                 if (n == num_pkts)
1485                         rc = inline_inb_burst_null_null_check(ut_params, i,
1486                                         num_pkts);
1487                 else {
1488                         RTE_LOG(ERR, USER1,
1489                                 "rte_ipsec_pkt_process failed, cfg %d\n",
1490                                 i);
1491                         rc = TEST_FAILED;
1492                 }
1493         }
1494
1495         if (rc == TEST_FAILED)
1496                 test_ipsec_dump_buffers(ut_params, i);
1497
1498         destroy_sa(0);
1499         return rc;
1500 }
1501
1502 static int
1503 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1504 {
1505         int i;
1506         int rc = 0;
1507         struct ipsec_unitest_params *ut_params = &unittest_params;
1508
1509         ut_params->ipsec_xform.spi = INBOUND_SPI;
1510         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1511         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1512         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1513         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1514
1515         for (i = 0; i < num_cfg && rc == 0; i++) {
1516                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1517                 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1518         }
1519
1520         return rc;
1521 }
1522
1523 static int
1524 test_ipsec_inline_proto_inb_burst_null_null(int i)
1525 {
1526         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1527         struct ipsec_unitest_params *ut_params = &unittest_params;
1528         uint16_t num_pkts = test_cfg[i].num_pkts;
1529         uint16_t j;
1530         int32_t rc;
1531         uint32_t n;
1532
1533         /* create rte_ipsec_sa*/
1534         rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1535                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1536         if (rc != 0) {
1537                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1538                 return TEST_FAILED;
1539         }
1540
1541         /* Generate inbound mbuf data */
1542         for (j = 0; j < num_pkts && rc == 0; j++) {
1543                 ut_params->ibuf[j] = setup_test_string(
1544                         ts_params->mbuf_pool,
1545                         null_plain_data, test_cfg[i].pkt_sz, 0);
1546                 if (ut_params->ibuf[j] == NULL)
1547                         rc = TEST_FAILED;
1548                 else {
1549                         /* Generate test mbuf data */
1550                         ut_params->obuf[j] = setup_test_string(
1551                                 ts_params->mbuf_pool,
1552                                 null_plain_data, test_cfg[i].pkt_sz, 0);
1553                         if (ut_params->obuf[j] == NULL)
1554                                 rc = TEST_FAILED;
1555                 }
1556         }
1557
1558         if (rc == 0) {
1559                 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1560                                 num_pkts);
1561                 if (n == num_pkts)
1562                         rc = inline_inb_burst_null_null_check(ut_params, i,
1563                                         num_pkts);
1564                 else {
1565                         RTE_LOG(ERR, USER1,
1566                                 "rte_ipsec_pkt_process failed, cfg %d\n",
1567                                 i);
1568                         rc = TEST_FAILED;
1569                 }
1570         }
1571
1572         if (rc == TEST_FAILED)
1573                 test_ipsec_dump_buffers(ut_params, i);
1574
1575         destroy_sa(0);
1576         return rc;
1577 }
1578
1579 static int
1580 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1581 {
1582         int i;
1583         int rc = 0;
1584         struct ipsec_unitest_params *ut_params = &unittest_params;
1585
1586         ut_params->ipsec_xform.spi = INBOUND_SPI;
1587         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1588         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1589         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1590         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1591
1592         for (i = 0; i < num_cfg && rc == 0; i++) {
1593                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1594                 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1595         }
1596
1597         return rc;
1598 }
1599
1600 static int
1601 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1602         uint16_t num_pkts)
1603 {
1604         void *obuf_data;
1605         void *ibuf_data;
1606         uint16_t j;
1607
1608         for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1609                 ut_params->pkt_index = j;
1610
1611                 /* compare the buffer data */
1612                 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1613                 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1614                 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1615                         ut_params->ibuf[j]->data_len,
1616                         "input and output data does not match\n");
1617                 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1618                         ut_params->obuf[j]->data_len,
1619                         "ibuf data_len is not equal to obuf data_len");
1620                 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1621                         ut_params->obuf[j]->pkt_len,
1622                         "ibuf pkt_len is not equal to obuf pkt_len");
1623
1624                 /* check mbuf ol_flags */
1625                 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1626                         "ibuf PKT_TX_SEC_OFFLOAD is not set");
1627         }
1628         return 0;
1629 }
1630
1631 static int
1632 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1633 {
1634         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1635         struct ipsec_unitest_params *ut_params = &unittest_params;
1636         uint16_t num_pkts = test_cfg[i].num_pkts;
1637         uint16_t j;
1638         int32_t rc;
1639         uint32_t n;
1640
1641         /* create rte_ipsec_sa */
1642         rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1643                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1644         if (rc != 0) {
1645                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1646                 return TEST_FAILED;
1647         }
1648
1649         /* Generate test mbuf data */
1650         for (j = 0; j < num_pkts && rc == 0; j++) {
1651                 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1652                         null_plain_data, test_cfg[i].pkt_sz, 0);
1653                 if (ut_params->ibuf[0] == NULL)
1654                         rc = TEST_FAILED;
1655
1656                 if (rc == 0) {
1657                         /* Generate test tunneled mbuf data for comparison */
1658                         ut_params->obuf[j] = setup_test_string_tunneled(
1659                                         ts_params->mbuf_pool,
1660                                         null_plain_data, test_cfg[i].pkt_sz,
1661                                         OUTBOUND_SPI, j + 1);
1662                         if (ut_params->obuf[j] == NULL)
1663                                 rc = TEST_FAILED;
1664                 }
1665         }
1666
1667         if (rc == 0) {
1668                 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1669                                 num_pkts);
1670                 if (n == num_pkts)
1671                         rc = inline_outb_burst_null_null_check(ut_params,
1672                                         num_pkts);
1673                 else {
1674                         RTE_LOG(ERR, USER1,
1675                                 "rte_ipsec_pkt_process failed, cfg %d\n",
1676                                 i);
1677                         rc = TEST_FAILED;
1678                 }
1679         }
1680
1681         if (rc == TEST_FAILED)
1682                 test_ipsec_dump_buffers(ut_params, i);
1683
1684         destroy_sa(0);
1685         return rc;
1686 }
1687
1688 static int
1689 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1690 {
1691         int i;
1692         int rc = 0;
1693         struct ipsec_unitest_params *ut_params = &unittest_params;
1694
1695         ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1696         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1697         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1698         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1699         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1700
1701         for (i = 0; i < num_cfg && rc == 0; i++) {
1702                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1703                 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1704         }
1705
1706         return rc;
1707 }
1708
1709 static int
1710 test_ipsec_inline_proto_outb_burst_null_null(int i)
1711 {
1712         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1713         struct ipsec_unitest_params *ut_params = &unittest_params;
1714         uint16_t num_pkts = test_cfg[i].num_pkts;
1715         uint16_t j;
1716         int32_t rc;
1717         uint32_t n;
1718
1719         /* create rte_ipsec_sa */
1720         rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1721                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1722         if (rc != 0) {
1723                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1724                 return TEST_FAILED;
1725         }
1726
1727         /* Generate test mbuf data */
1728         for (j = 0; j < num_pkts && rc == 0; j++) {
1729                 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1730                         null_plain_data, test_cfg[i].pkt_sz, 0);
1731                 if (ut_params->ibuf[0] == NULL)
1732                         rc = TEST_FAILED;
1733
1734                 if (rc == 0) {
1735                         /* Generate test tunneled mbuf data for comparison */
1736                         ut_params->obuf[j] = setup_test_string(
1737                                         ts_params->mbuf_pool,
1738                                         null_plain_data, test_cfg[i].pkt_sz, 0);
1739                         if (ut_params->obuf[j] == NULL)
1740                                 rc = TEST_FAILED;
1741                 }
1742         }
1743
1744         if (rc == 0) {
1745                 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1746                                 num_pkts);
1747                 if (n == num_pkts)
1748                         rc = inline_outb_burst_null_null_check(ut_params,
1749                                         num_pkts);
1750                 else {
1751                         RTE_LOG(ERR, USER1,
1752                                 "rte_ipsec_pkt_process failed, cfg %d\n",
1753                                 i);
1754                         rc = TEST_FAILED;
1755                 }
1756         }
1757
1758         if (rc == TEST_FAILED)
1759                 test_ipsec_dump_buffers(ut_params, i);
1760
1761         destroy_sa(0);
1762         return rc;
1763 }
1764
1765 static int
1766 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1767 {
1768         int i;
1769         int rc = 0;
1770         struct ipsec_unitest_params *ut_params = &unittest_params;
1771
1772         ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1773         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1774         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1775         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1776         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1777
1778         for (i = 0; i < num_cfg && rc == 0; i++) {
1779                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1780                 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1781         }
1782
1783         return rc;
1784 }
1785
1786 static int
1787 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1788 {
1789         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1790         struct ipsec_unitest_params *ut_params = &unittest_params;
1791         uint16_t num_pkts = test_cfg[i].num_pkts;
1792         uint16_t j;
1793         int rc;
1794
1795         /* create rte_ipsec_sa */
1796         rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1797                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1798         if (rc != 0) {
1799                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1800                 return TEST_FAILED;
1801         }
1802
1803         /* Generate test mbuf data */
1804         for (j = 0; j < num_pkts && rc == 0; j++) {
1805                 /* packet with sequence number 0 is invalid */
1806                 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1807                         null_encrypted_data, test_cfg[i].pkt_sz, 0);
1808                 if (ut_params->ibuf[j] == NULL)
1809                         rc = TEST_FAILED;
1810         }
1811
1812         if (rc == 0) {
1813                 if (test_cfg[i].reorder_pkts)
1814                         test_ipsec_reorder_inb_pkt_burst(num_pkts);
1815                 rc = test_ipsec_crypto_op_alloc(num_pkts);
1816         }
1817
1818         if (rc == 0) {
1819                 /* call ipsec library api */
1820                 rc = lksd_proto_ipsec(num_pkts);
1821                 if (rc == 0)
1822                         rc = crypto_inb_burst_null_null_check(ut_params, i,
1823                                         num_pkts);
1824                 else {
1825                         RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1826                                 __func__, i);
1827                         rc = TEST_FAILED;
1828                 }
1829         }
1830
1831         if (rc == TEST_FAILED)
1832                 test_ipsec_dump_buffers(ut_params, i);
1833
1834         destroy_sa(0);
1835         return rc;
1836 }
1837
1838 static int
1839 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1840 {
1841         int i;
1842         int rc = 0;
1843         struct ipsec_unitest_params *ut_params = &unittest_params;
1844
1845         ut_params->ipsec_xform.spi = INBOUND_SPI;
1846         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1847         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1848         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1849         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1850
1851         for (i = 0; i < num_cfg && rc == 0; i++) {
1852                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1853                 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1854         }
1855
1856         return rc;
1857 }
1858
1859 static int
1860 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1861 {
1862         int i;
1863         int rc = 0;
1864         struct ipsec_unitest_params *ut_params = &unittest_params;
1865
1866         ut_params->ipsec_xform.spi = INBOUND_SPI;
1867         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1868         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1869         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1870         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1871
1872         for (i = 0; i < num_cfg && rc == 0; i++) {
1873                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1874                 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1875         }
1876
1877         return rc;
1878 }
1879
1880 static int
1881 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1882         int num_pkts)
1883 {
1884         uint16_t j;
1885
1886         for (j = 0; j < num_pkts; j++) {
1887                 /* compare the buffer data */
1888                 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1889                         rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1890                         test_cfg[i].pkt_sz,
1891                         "input and output data does not match\n");
1892
1893                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1894                         ut_params->obuf[j]->pkt_len,
1895                         "data_len is not equal to pkt_len");
1896         }
1897
1898         return 0;
1899 }
1900
1901 static int
1902 test_ipsec_replay_inb_inside_null_null(int i)
1903 {
1904         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1905         struct ipsec_unitest_params *ut_params = &unittest_params;
1906         int rc;
1907
1908         /* create rte_ipsec_sa*/
1909         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1910                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1911         if (rc != 0) {
1912                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1913                 return TEST_FAILED;
1914         }
1915
1916         /* Generate inbound mbuf data */
1917         ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1918                 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1919         if (ut_params->ibuf[0] == NULL)
1920                 rc = TEST_FAILED;
1921         else
1922                 rc = test_ipsec_crypto_op_alloc(1);
1923
1924         if (rc == 0) {
1925                 /* call ipsec library api */
1926                 rc = crypto_ipsec(1);
1927                 if (rc == 0)
1928                         rc = replay_inb_null_null_check(ut_params, i, 1);
1929                 else {
1930                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1931                                         i);
1932                         rc = TEST_FAILED;
1933                 }
1934         }
1935
1936         if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1937                 /* generate packet with seq number inside the replay window */
1938                 if (ut_params->ibuf[0]) {
1939                         rte_pktmbuf_free(ut_params->ibuf[0]);
1940                         ut_params->ibuf[0] = 0;
1941                 }
1942
1943                 ut_params->ibuf[0] = setup_test_string_tunneled(
1944                         ts_params->mbuf_pool, null_encrypted_data,
1945                         test_cfg[i].pkt_sz, INBOUND_SPI,
1946                         test_cfg[i].replay_win_sz);
1947                 if (ut_params->ibuf[0] == NULL)
1948                         rc = TEST_FAILED;
1949                 else
1950                         rc = test_ipsec_crypto_op_alloc(1);
1951
1952                 if (rc == 0) {
1953                         /* call ipsec library api */
1954                         rc = crypto_ipsec(1);
1955                         if (rc == 0)
1956                                 rc = replay_inb_null_null_check(
1957                                                 ut_params, i, 1);
1958                         else {
1959                                 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1960                                 rc = TEST_FAILED;
1961                         }
1962                 }
1963         }
1964
1965         if (rc == TEST_FAILED)
1966                 test_ipsec_dump_buffers(ut_params, i);
1967
1968         destroy_sa(0);
1969
1970         return rc;
1971 }
1972
1973 static int
1974 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1975 {
1976         int i;
1977         int rc = 0;
1978         struct ipsec_unitest_params *ut_params = &unittest_params;
1979
1980         ut_params->ipsec_xform.spi = INBOUND_SPI;
1981         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1982         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1983         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1984         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1985
1986         for (i = 0; i < num_cfg && rc == 0; i++) {
1987                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1988                 rc = test_ipsec_replay_inb_inside_null_null(i);
1989         }
1990
1991         return rc;
1992 }
1993
1994 static int
1995 test_ipsec_replay_inb_outside_null_null(int i)
1996 {
1997         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1998         struct ipsec_unitest_params *ut_params = &unittest_params;
1999         int rc;
2000
2001         /* create rte_ipsec_sa */
2002         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2003                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2004         if (rc != 0) {
2005                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2006                 return TEST_FAILED;
2007         }
2008
2009         /* Generate test mbuf data */
2010         ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2011                 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
2012                 test_cfg[i].replay_win_sz + 2);
2013         if (ut_params->ibuf[0] == NULL)
2014                 rc = TEST_FAILED;
2015         else
2016                 rc = test_ipsec_crypto_op_alloc(1);
2017
2018         if (rc == 0) {
2019                 /* call ipsec library api */
2020                 rc = crypto_ipsec(1);
2021                 if (rc == 0)
2022                         rc = replay_inb_null_null_check(ut_params, i, 1);
2023                 else {
2024                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2025                                         i);
2026                         rc = TEST_FAILED;
2027                 }
2028         }
2029
2030         if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2031                 /* generate packet with seq number outside the replay window */
2032                 if (ut_params->ibuf[0]) {
2033                         rte_pktmbuf_free(ut_params->ibuf[0]);
2034                         ut_params->ibuf[0] = 0;
2035                 }
2036                 ut_params->ibuf[0] = setup_test_string_tunneled(
2037                         ts_params->mbuf_pool, null_encrypted_data,
2038                         test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2039                 if (ut_params->ibuf[0] == NULL)
2040                         rc = TEST_FAILED;
2041                 else
2042                         rc = test_ipsec_crypto_op_alloc(1);
2043
2044                 if (rc == 0) {
2045                         /* call ipsec library api */
2046                         rc = crypto_ipsec(1);
2047                         if (rc == 0) {
2048                                 if (test_cfg[i].esn == 0) {
2049                                         RTE_LOG(ERR, USER1,
2050                                                 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2051                                                 i,
2052                                                 test_cfg[i].replay_win_sz + 2,
2053                                                 1);
2054                                         rc = TEST_FAILED;
2055                                 }
2056                         } else {
2057                                 RTE_LOG(ERR, USER1,
2058                                         "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2059                                         i, test_cfg[i].replay_win_sz + 2, 1);
2060                                 rc = 0;
2061                         }
2062                 }
2063         }
2064
2065         if (rc == TEST_FAILED)
2066                 test_ipsec_dump_buffers(ut_params, i);
2067
2068         destroy_sa(0);
2069
2070         return rc;
2071 }
2072
2073 static int
2074 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2075 {
2076         int i;
2077         int rc = 0;
2078         struct ipsec_unitest_params *ut_params = &unittest_params;
2079
2080         ut_params->ipsec_xform.spi = INBOUND_SPI;
2081         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2082         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2083         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2084         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2085
2086         for (i = 0; i < num_cfg && rc == 0; i++) {
2087                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2088                 rc = test_ipsec_replay_inb_outside_null_null(i);
2089         }
2090
2091         return rc;
2092 }
2093
2094 static int
2095 test_ipsec_replay_inb_repeat_null_null(int i)
2096 {
2097         struct ipsec_testsuite_params *ts_params = &testsuite_params;
2098         struct ipsec_unitest_params *ut_params = &unittest_params;
2099         int rc;
2100
2101         /* create rte_ipsec_sa */
2102         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2103                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2104         if (rc != 0) {
2105                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2106                 return TEST_FAILED;
2107         }
2108
2109         /* Generate test mbuf data */
2110         ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2111                 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2112         if (ut_params->ibuf[0] == NULL)
2113                 rc = TEST_FAILED;
2114         else
2115                 rc = test_ipsec_crypto_op_alloc(1);
2116
2117         if (rc == 0) {
2118                 /* call ipsec library api */
2119                 rc = crypto_ipsec(1);
2120                 if (rc == 0)
2121                         rc = replay_inb_null_null_check(ut_params, i, 1);
2122                 else {
2123                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2124                                         i);
2125                         rc = TEST_FAILED;
2126                 }
2127         }
2128
2129         if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2130                 /*
2131                  * generate packet with repeat seq number in the replay
2132                  * window
2133                  */
2134                 if (ut_params->ibuf[0]) {
2135                         rte_pktmbuf_free(ut_params->ibuf[0]);
2136                         ut_params->ibuf[0] = 0;
2137                 }
2138
2139                 ut_params->ibuf[0] = setup_test_string_tunneled(
2140                         ts_params->mbuf_pool, null_encrypted_data,
2141                         test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2142                 if (ut_params->ibuf[0] == NULL)
2143                         rc = TEST_FAILED;
2144                 else
2145                         rc = test_ipsec_crypto_op_alloc(1);
2146
2147                 if (rc == 0) {
2148                         /* call ipsec library api */
2149                         rc = crypto_ipsec(1);
2150                         if (rc == 0) {
2151                                 RTE_LOG(ERR, USER1,
2152                                         "packet is not repeated in the replay window, cfg %d seq %u\n",
2153                                         i, 1);
2154                                 rc = TEST_FAILED;
2155                         } else {
2156                                 RTE_LOG(ERR, USER1,
2157                                         "packet is repeated in the replay window, cfg %d seq %u\n",
2158                                         i, 1);
2159                                 rc = 0;
2160                         }
2161                 }
2162         }
2163
2164         if (rc == TEST_FAILED)
2165                 test_ipsec_dump_buffers(ut_params, i);
2166
2167         destroy_sa(0);
2168
2169         return rc;
2170 }
2171
2172 static int
2173 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2174 {
2175         int i;
2176         int rc = 0;
2177         struct ipsec_unitest_params *ut_params = &unittest_params;
2178
2179         ut_params->ipsec_xform.spi = INBOUND_SPI;
2180         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2181         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2182         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2183         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2184
2185         for (i = 0; i < num_cfg && rc == 0; i++) {
2186                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2187                 rc = test_ipsec_replay_inb_repeat_null_null(i);
2188         }
2189
2190         return rc;
2191 }
2192
2193 static int
2194 test_ipsec_replay_inb_inside_burst_null_null(int i)
2195 {
2196         struct ipsec_testsuite_params *ts_params = &testsuite_params;
2197         struct ipsec_unitest_params *ut_params = &unittest_params;
2198         uint16_t num_pkts = test_cfg[i].num_pkts;
2199         int rc;
2200         int j;
2201
2202         /* create rte_ipsec_sa*/
2203         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2204                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2205         if (rc != 0) {
2206                 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2207                 return TEST_FAILED;
2208         }
2209
2210         /* Generate inbound mbuf data */
2211         ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2212                 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2213         if (ut_params->ibuf[0] == NULL)
2214                 rc = TEST_FAILED;
2215         else
2216                 rc = test_ipsec_crypto_op_alloc(1);
2217
2218         if (rc == 0) {
2219                 /* call ipsec library api */
2220                 rc = crypto_ipsec(1);
2221                 if (rc == 0)
2222                         rc = replay_inb_null_null_check(ut_params, i, 1);
2223                 else {
2224                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2225                                         i);
2226                         rc = TEST_FAILED;
2227                 }
2228         }
2229
2230         if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2231                 /*
2232                  *  generate packet(s) with seq number(s) inside the
2233                  *  replay window
2234                  */
2235                 if (ut_params->ibuf[0]) {
2236                         rte_pktmbuf_free(ut_params->ibuf[0]);
2237                         ut_params->ibuf[0] = 0;
2238                 }
2239
2240                 for (j = 0; j < num_pkts && rc == 0; j++) {
2241                         /* packet with sequence number 1 already processed */
2242                         ut_params->ibuf[j] = setup_test_string_tunneled(
2243                                 ts_params->mbuf_pool, null_encrypted_data,
2244                                 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2245                         if (ut_params->ibuf[j] == NULL)
2246                                 rc = TEST_FAILED;
2247                 }
2248
2249                 if (rc == 0) {
2250                         if (test_cfg[i].reorder_pkts)
2251                                 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2252                         rc = test_ipsec_crypto_op_alloc(num_pkts);
2253                 }
2254
2255                 if (rc == 0) {
2256                         /* call ipsec library api */
2257                         rc = crypto_ipsec(num_pkts);
2258                         if (rc == 0)
2259                                 rc = replay_inb_null_null_check(
2260                                                 ut_params, i, num_pkts);
2261                         else {
2262                                 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2263                                 rc = TEST_FAILED;
2264                         }
2265                 }
2266         }
2267
2268         if (rc == TEST_FAILED)
2269                 test_ipsec_dump_buffers(ut_params, i);
2270
2271         destroy_sa(0);
2272
2273         return rc;
2274 }
2275
2276 static int
2277 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2278 {
2279         int i;
2280         int rc = 0;
2281         struct ipsec_unitest_params *ut_params = &unittest_params;
2282
2283         ut_params->ipsec_xform.spi = INBOUND_SPI;
2284         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2285         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2286         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2287         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2288
2289         for (i = 0; i < num_cfg && rc == 0; i++) {
2290                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2291                 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2292         }
2293
2294         return rc;
2295 }
2296
2297
2298 static int
2299 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2300                 int i)
2301 {
2302         uint16_t j;
2303
2304         for (j = 0; j < BURST_SIZE; j++) {
2305                 ut_params->pkt_index = j;
2306
2307                 /* compare the data buffers */
2308                 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2309                         rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2310                         test_cfg[i].pkt_sz,
2311                         "input and output data does not match\n");
2312                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2313                         ut_params->obuf[j]->pkt_len,
2314                         "data_len is not equal to pkt_len");
2315                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2316                         test_cfg[i].pkt_sz,
2317                         "data_len is not equal to input data");
2318         }
2319
2320         return 0;
2321 }
2322
2323 static int
2324 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2325 {
2326         struct ipsec_testsuite_params *ts_params = &testsuite_params;
2327         struct ipsec_unitest_params *ut_params = &unittest_params;
2328         uint16_t num_pkts = test_cfg[i].num_pkts;
2329         uint16_t j, r;
2330         int rc = 0;
2331
2332         if (num_pkts != BURST_SIZE)
2333                 return rc;
2334
2335         /* create rte_ipsec_sa */
2336         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2337                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2338         if (rc != 0) {
2339                 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2340                 return TEST_FAILED;
2341         }
2342
2343         /* create second rte_ipsec_sa */
2344         ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2345         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2346                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2347         if (rc != 0) {
2348                 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2349                 destroy_sa(0);
2350                 return TEST_FAILED;
2351         }
2352
2353         /* Generate test mbuf data */
2354         for (j = 0; j < num_pkts && rc == 0; j++) {
2355                 r = j % 2;
2356                 /* packet with sequence number 0 is invalid */
2357                 ut_params->ibuf[j] = setup_test_string_tunneled(
2358                         ts_params->mbuf_pool, null_encrypted_data,
2359                         test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2360                 if (ut_params->ibuf[j] == NULL)
2361                         rc = TEST_FAILED;
2362         }
2363
2364         if (rc == 0)
2365                 rc = test_ipsec_crypto_op_alloc(num_pkts);
2366
2367         if (rc == 0) {
2368                 /* call ipsec library api */
2369                 rc = crypto_ipsec_2sa();
2370                 if (rc == 0)
2371                         rc = crypto_inb_burst_2sa_null_null_check(
2372                                         ut_params, i);
2373                 else {
2374                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2375                                 i);
2376                         rc = TEST_FAILED;
2377                 }
2378         }
2379
2380         if (rc == TEST_FAILED)
2381                 test_ipsec_dump_buffers(ut_params, i);
2382
2383         destroy_sa(0);
2384         destroy_sa(1);
2385         return rc;
2386 }
2387
2388 static int
2389 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2390 {
2391         int i;
2392         int rc = 0;
2393         struct ipsec_unitest_params *ut_params = &unittest_params;
2394
2395         ut_params->ipsec_xform.spi = INBOUND_SPI;
2396         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2397         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2398         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2399         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2400
2401         for (i = 0; i < num_cfg && rc == 0; i++) {
2402                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2403                 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2404         }
2405
2406         return rc;
2407 }
2408
2409 static int
2410 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2411 {
2412         struct ipsec_testsuite_params *ts_params = &testsuite_params;
2413         struct ipsec_unitest_params *ut_params = &unittest_params;
2414         uint16_t num_pkts = test_cfg[i].num_pkts;
2415         uint16_t j, k;
2416         int rc = 0;
2417
2418         if (num_pkts != BURST_SIZE)
2419                 return rc;
2420
2421         /* create rte_ipsec_sa */
2422         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2423                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2424         if (rc != 0) {
2425                 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2426                 return TEST_FAILED;
2427         }
2428
2429         /* create second rte_ipsec_sa */
2430         ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2431         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2432                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2433         if (rc != 0) {
2434                 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2435                 destroy_sa(0);
2436                 return TEST_FAILED;
2437         }
2438
2439         /* Generate test mbuf data */
2440         for (j = 0; j < num_pkts && rc == 0; j++) {
2441                 k = crypto_ipsec_4grp(j);
2442
2443                 /* packet with sequence number 0 is invalid */
2444                 ut_params->ibuf[j] = setup_test_string_tunneled(
2445                         ts_params->mbuf_pool, null_encrypted_data,
2446                         test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2447                 if (ut_params->ibuf[j] == NULL)
2448                         rc = TEST_FAILED;
2449         }
2450
2451         if (rc == 0)
2452                 rc = test_ipsec_crypto_op_alloc(num_pkts);
2453
2454         if (rc == 0) {
2455                 /* call ipsec library api */
2456                 rc = crypto_ipsec_2sa_4grp();
2457                 if (rc == 0)
2458                         rc = crypto_inb_burst_2sa_null_null_check(
2459                                         ut_params, i);
2460                 else {
2461                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2462                                 i);
2463                         rc = TEST_FAILED;
2464                 }
2465         }
2466
2467         if (rc == TEST_FAILED)
2468                 test_ipsec_dump_buffers(ut_params, i);
2469
2470         destroy_sa(0);
2471         destroy_sa(1);
2472         return rc;
2473 }
2474
2475 static int
2476 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2477 {
2478         int i;
2479         int rc = 0;
2480         struct ipsec_unitest_params *ut_params = &unittest_params;
2481
2482         ut_params->ipsec_xform.spi = INBOUND_SPI;
2483         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2484         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2485         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2486         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2487
2488         for (i = 0; i < num_cfg && rc == 0; i++) {
2489                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2490                 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2491         }
2492
2493         return rc;
2494 }
2495
2496 static struct unit_test_suite ipsec_testsuite  = {
2497         .suite_name = "IPsec NULL Unit Test Suite",
2498         .setup = testsuite_setup,
2499         .teardown = testsuite_teardown,
2500         .unit_test_cases = {
2501                 TEST_CASE_ST(ut_setup, ut_teardown,
2502                         test_ipsec_crypto_inb_burst_null_null_wrapper),
2503                 TEST_CASE_ST(ut_setup, ut_teardown,
2504                         test_ipsec_crypto_outb_burst_null_null_wrapper),
2505                 TEST_CASE_ST(ut_setup, ut_teardown,
2506                         test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2507                 TEST_CASE_ST(ut_setup, ut_teardown,
2508                         test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2509                 TEST_CASE_ST(ut_setup, ut_teardown,
2510                         test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2511                 TEST_CASE_ST(ut_setup, ut_teardown,
2512                         test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2513                 TEST_CASE_ST(ut_setup, ut_teardown,
2514                         test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2515                 TEST_CASE_ST(ut_setup, ut_teardown,
2516                         test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2517                 TEST_CASE_ST(ut_setup, ut_teardown,
2518                         test_ipsec_replay_inb_inside_null_null_wrapper),
2519                 TEST_CASE_ST(ut_setup, ut_teardown,
2520                         test_ipsec_replay_inb_outside_null_null_wrapper),
2521                 TEST_CASE_ST(ut_setup, ut_teardown,
2522                         test_ipsec_replay_inb_repeat_null_null_wrapper),
2523                 TEST_CASE_ST(ut_setup, ut_teardown,
2524                         test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2525                 TEST_CASE_ST(ut_setup, ut_teardown,
2526                         test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2527                 TEST_CASE_ST(ut_setup, ut_teardown,
2528                         test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2529                 TEST_CASES_END() /**< NULL terminate unit test array */
2530         }
2531 };
2532
2533 static int
2534 test_ipsec(void)
2535 {
2536         return unit_test_suite_runner(&ipsec_testsuite);
2537 }
2538
2539 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);