1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
9 #include <rte_common.h>
10 #include <rte_hexdump.h>
12 #include <rte_malloc.h>
13 #include <rte_memcpy.h>
14 #include <rte_cycles.h>
15 #include <rte_bus_vdev.h>
17 #include <rte_crypto.h>
18 #include <rte_cryptodev.h>
19 #include <rte_lcore.h>
21 #ifdef RTE_EXEC_ENV_WINDOWS
25 printf("ipsec not supported on Windows, skipping test\n");
31 #include <rte_ipsec.h>
32 #include <rte_random.h>
34 #include <rte_security_driver.h>
36 #include "test_cryptodev.h"
38 #define VDEV_ARGS_SIZE 100
39 #define MAX_NB_SESSIONS 200
41 #define REPLAY_WIN_0 0
42 #define REPLAY_WIN_32 32
43 #define REPLAY_WIN_64 64
44 #define REPLAY_WIN_128 128
45 #define REPLAY_WIN_256 256
46 #define DATA_64_BYTES 64
47 #define DATA_80_BYTES 80
48 #define DATA_100_BYTES 100
50 #define ESN_DISABLED 0
52 #define OUTBOUND_SPI 17
54 #define REORDER_PKTS 1
55 #define DEQUEUE_COUNT 1000
58 enum rte_crypto_sym_xform_type auth;
59 enum rte_crypto_sym_xform_type cipher;
60 enum rte_crypto_sym_xform_type aead;
63 char cipher_algo[128];
67 struct ipsec_testsuite_params {
68 struct rte_mempool *mbuf_pool;
69 struct rte_mempool *cop_mpool;
70 struct rte_cryptodev_config conf;
71 struct rte_cryptodev_qp_conf qp_conf;
74 uint8_t valid_dev_found;
77 struct ipsec_unitest_params {
78 struct rte_crypto_sym_xform cipher_xform;
79 struct rte_crypto_sym_xform auth_xform;
80 struct rte_crypto_sym_xform aead_xform;
81 struct rte_crypto_sym_xform *crypto_xforms;
83 struct rte_security_ipsec_xform ipsec_xform;
85 struct rte_ipsec_sa_prm sa_prm;
86 struct rte_ipsec_session ss[MAX_NB_SAS];
88 struct rte_crypto_op *cop[BURST_SIZE];
90 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
96 struct ipsec_test_cfg {
97 uint32_t replay_win_sz;
102 uint32_t reorder_pkts;
105 static const struct ipsec_test_cfg test_cfg[] = {
106 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
107 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, BURST_SIZE, 0},
108 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
110 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
111 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
113 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
114 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
115 DATA_80_BYTES, 1, 0},
116 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
119 static const int num_cfg = RTE_DIM(test_cfg);
120 static struct ipsec_testsuite_params testsuite_params = { NULL };
121 static struct ipsec_unitest_params unittest_params;
122 static struct user_params uparams;
124 struct supported_cipher_algo {
126 enum rte_crypto_cipher_algorithm algo;
132 struct supported_auth_algo {
134 enum rte_crypto_auth_algorithm algo;
140 const struct supported_cipher_algo cipher_algos[] = {
143 .algo = RTE_CRYPTO_CIPHER_NULL,
150 const struct supported_auth_algo auth_algos[] = {
153 .algo = RTE_CRYPTO_AUTH_NULL,
161 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
162 struct rte_security_session *sess, struct rte_mempool *mp)
164 RTE_SET_USED(device);
168 sess->sess_private_data = NULL;
173 dummy_sec_destroy(void *device, struct rte_security_session *sess)
175 RTE_SET_USED(device);
180 static const struct rte_security_ops dummy_sec_ops = {
181 .session_create = dummy_sec_create,
182 .session_destroy = dummy_sec_destroy,
185 static struct rte_security_ctx dummy_sec_ctx = {
186 .ops = &dummy_sec_ops,
189 static const struct supported_cipher_algo *
190 find_match_cipher_algo(const char *cipher_keyword)
194 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
195 const struct supported_cipher_algo *algo =
198 if (strcmp(cipher_keyword, algo->keyword) == 0)
205 static const struct supported_auth_algo *
206 find_match_auth_algo(const char *auth_keyword)
210 for (i = 0; i < RTE_DIM(auth_algos); i++) {
211 const struct supported_auth_algo *algo =
214 if (strcmp(auth_keyword, algo->keyword) == 0)
222 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
223 const struct supported_auth_algo *auth_algo,
224 const struct supported_cipher_algo *cipher_algo)
226 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
227 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
228 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
229 ut_params->auth_xform.auth.algo = auth_algo->algo;
231 if (ut_params->ipsec_xform.direction ==
232 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
233 ut_params->cipher_xform.cipher.op =
234 RTE_CRYPTO_CIPHER_OP_DECRYPT;
235 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
236 ut_params->cipher_xform.next = NULL;
237 ut_params->auth_xform.next = &ut_params->cipher_xform;
238 ut_params->crypto_xforms = &ut_params->auth_xform;
240 ut_params->cipher_xform.cipher.op =
241 RTE_CRYPTO_CIPHER_OP_ENCRYPT;
242 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
243 ut_params->auth_xform.next = NULL;
244 ut_params->cipher_xform.next = &ut_params->auth_xform;
245 ut_params->crypto_xforms = &ut_params->cipher_xform;
250 check_cryptodev_capability(const struct ipsec_unitest_params *ut,
253 struct rte_cryptodev_sym_capability_idx cap_idx;
254 const struct rte_cryptodev_symmetric_capability *cap;
257 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
258 cap_idx.algo.auth = ut->auth_xform.auth.algo;
259 cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
262 rc = rte_cryptodev_sym_capability_check_auth(cap,
263 ut->auth_xform.auth.key.length,
264 ut->auth_xform.auth.digest_length, 0);
266 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
267 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
268 cap = rte_cryptodev_sym_capability_get(
271 rc = rte_cryptodev_sym_capability_check_cipher(
273 ut->cipher_xform.cipher.key.length,
274 ut->cipher_xform.cipher.iv.length);
282 testsuite_setup(void)
284 struct ipsec_testsuite_params *ts_params = &testsuite_params;
285 struct ipsec_unitest_params *ut_params = &unittest_params;
286 const struct supported_auth_algo *auth_algo;
287 const struct supported_cipher_algo *cipher_algo;
288 struct rte_cryptodev_info info;
289 uint32_t i, nb_devs, dev_id;
293 memset(ts_params, 0, sizeof(*ts_params));
294 memset(ut_params, 0, sizeof(*ut_params));
295 memset(&uparams, 0, sizeof(struct user_params));
297 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
298 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
299 uparams.aead = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED;
300 strcpy(uparams.auth_algo, "null");
301 strcpy(uparams.cipher_algo, "null");
303 auth_algo = find_match_auth_algo(uparams.auth_algo);
304 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
305 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
307 nb_devs = rte_cryptodev_count();
309 RTE_LOG(WARNING, USER1, "No crypto devices found?\n");
313 /* Find first valid crypto device */
314 for (i = 0; i < nb_devs; i++) {
315 rc = check_cryptodev_capability(ut_params, i);
317 ts_params->valid_dev = i;
318 ts_params->valid_dev_found = 1;
323 if (ts_params->valid_dev_found == 0)
326 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
328 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
330 if (ts_params->mbuf_pool == NULL) {
331 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
335 ts_params->cop_mpool = rte_crypto_op_pool_create(
336 "MBUF_CRYPTO_SYM_OP_POOL",
337 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
338 NUM_MBUFS, MBUF_CACHE_SIZE,
340 sizeof(struct rte_crypto_sym_xform) +
343 if (ts_params->cop_mpool == NULL) {
344 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
348 /* Set up all the qps on the first of the valid devices found */
349 dev_id = ts_params->valid_dev;
351 rte_cryptodev_info_get(dev_id, &info);
353 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
354 ts_params->conf.socket_id = SOCKET_ID_ANY;
355 ts_params->conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
357 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
358 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
361 * Create mempools for sessions
363 if (info.sym.max_nb_sessions != 0 &&
364 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
365 RTE_LOG(ERR, USER1, "Device does not support "
366 "at least %u sessions\n",
371 ts_params->qp_conf.mp_session_private = rte_mempool_create(
375 0, 0, NULL, NULL, NULL,
379 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
380 "private session mempool allocation failed");
382 ts_params->qp_conf.mp_session =
383 rte_cryptodev_sym_session_pool_create("test_sess_mp",
384 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
386 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
387 "session mempool allocation failed");
389 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
391 "Failed to configure cryptodev %u with %u qps",
392 dev_id, ts_params->conf.nb_queue_pairs);
394 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
396 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
397 dev_id, 0, &ts_params->qp_conf,
398 rte_cryptodev_socket_id(dev_id)),
399 "Failed to setup queue pair %u on cryptodev %u",
406 testsuite_teardown(void)
408 struct ipsec_testsuite_params *ts_params = &testsuite_params;
410 if (ts_params->mbuf_pool != NULL) {
411 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
412 rte_mempool_avail_count(ts_params->mbuf_pool));
413 rte_mempool_free(ts_params->mbuf_pool);
414 ts_params->mbuf_pool = NULL;
417 if (ts_params->cop_mpool != NULL) {
418 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
419 rte_mempool_avail_count(ts_params->cop_mpool));
420 rte_mempool_free(ts_params->cop_mpool);
421 ts_params->cop_mpool = NULL;
424 /* Free session mempools */
425 if (ts_params->qp_conf.mp_session != NULL) {
426 rte_mempool_free(ts_params->qp_conf.mp_session);
427 ts_params->qp_conf.mp_session = NULL;
430 if (ts_params->qp_conf.mp_session_private != NULL) {
431 rte_mempool_free(ts_params->qp_conf.mp_session_private);
432 ts_params->qp_conf.mp_session_private = NULL;
439 struct ipsec_testsuite_params *ts_params = &testsuite_params;
440 struct ipsec_unitest_params *ut_params = &unittest_params;
442 /* Clear unit test parameters before running test */
443 memset(ut_params, 0, sizeof(*ut_params));
445 /* Reconfigure device to default parameters */
446 ts_params->conf.socket_id = SOCKET_ID_ANY;
448 /* Start the device */
449 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
450 "Failed to start cryptodev %u",
451 ts_params->valid_dev);
457 ut_teardown_ipsec(void)
459 struct ipsec_testsuite_params *ts_params = &testsuite_params;
460 struct ipsec_unitest_params *ut_params = &unittest_params;
463 for (i = 0; i < BURST_SIZE; i++) {
464 /* free crypto operation structure */
465 if (ut_params->cop[i]) {
466 rte_crypto_op_free(ut_params->cop[i]);
467 ut_params->cop[i] = NULL;
471 * free mbuf - both obuf and ibuf are usually the same,
472 * so check if they point at the same address is necessary,
473 * to avoid freeing the mbuf twice.
475 if (ut_params->obuf[i]) {
476 rte_pktmbuf_free(ut_params->obuf[i]);
477 if (ut_params->ibuf[i] == ut_params->obuf[i])
478 ut_params->ibuf[i] = NULL;
479 ut_params->obuf[i] = NULL;
481 if (ut_params->ibuf[i]) {
482 rte_pktmbuf_free(ut_params->ibuf[i]);
483 ut_params->ibuf[i] = NULL;
486 if (ut_params->testbuf[i]) {
487 rte_pktmbuf_free(ut_params->testbuf[i]);
488 ut_params->testbuf[i] = NULL;
492 if (ts_params->mbuf_pool != NULL)
493 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
494 rte_mempool_avail_count(ts_params->mbuf_pool));
496 /* Stop the device */
497 rte_cryptodev_stop(ts_params->valid_dev);
500 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
502 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
503 1, 2, 3, 4, 5, 6, 7, 8,
504 9, 10, 11, 12, 13, 14, 15, 16,
505 17, 18, 19, 20, 21, 22, 23, 24,
506 25, 26, 27, 28, 29, 30, 31, 32,
507 33, 34, 35, 36, 37, 38, 39, 40,
508 41, 42, 43, 44, 45, 46, 47, 48,
509 49, 50, 51, 52, 53, 54, 55, 56,
510 57, 58, 59, 60, 61, 62, 63, 64,
511 65, 66, 67, 68, 69, 70, 71, 72,
512 73, 74, 75, 76, 77, 78, 79, 80,
513 81, 82, 83, 84, 85, 86, 87, 88,
514 89, 90, 91, 92, 93, 94, 95, 96,
515 97, 98, 99, 100, 101, 102, 103, 104,
516 105, 106, 107, 108, 109, 110, 111, 112,
517 113, 114, 115, 116, 117, 118, 119, 120,
518 121, 122, 123, 124, 125, 126, 127, 128,
519 129, 130, 131, 132, 133, 134, 135, 136,
520 137, 138, 139, 140, 141, 142, 143, 144,
521 145, 146, 147, 148, 149, 150, 151, 152,
522 153, 154, 155, 156, 157, 158, 159, 160,
523 161, 162, 163, 164, 165, 166, 167, 168,
524 169, 170, 171, 172, 173, 174, 175, 176,
525 177, 178, 179, 180, 181, 182, 183, 184,
526 185, 186, 187, 188, 189, 190, 191, 192,
527 193, 194, 195, 196, 197, 198, 199, 200,
528 201, 202, 203, 204, 205, 206, 207, 208,
529 209, 210, 211, 212, 213, 214, 215, 216,
530 217, 218, 219, 220, 221, 222, 223, 224,
531 225, 226, 227, 228, 229, 230, 231, 232,
532 233, 234, 235, 236, 237, 238, 239, 240,
533 241, 242, 243, 244, 245, 246, 247, 248,
534 249, 250, 251, 252, 253, 254, 255,
537 /* ***** data for tests ***** */
539 const char null_plain_data[] =
540 "Network Security People Have A Strange Sense Of Humor unlike Other "
541 "People who have a normal sense of humour";
543 const char null_encrypted_data[] =
544 "Network Security People Have A Strange Sense Of Humor unlike Other "
545 "People who have a normal sense of humour";
547 struct rte_ipv4_hdr ipv4_outer = {
548 .version_ihl = IPVERSION << 4 |
549 sizeof(ipv4_outer) / RTE_IPV4_IHL_MULTIPLIER,
550 .time_to_live = IPDEFTTL,
551 .next_proto_id = IPPROTO_ESP,
552 .src_addr = RTE_IPV4(192, 168, 1, 100),
553 .dst_addr = RTE_IPV4(192, 168, 2, 100),
556 static struct rte_mbuf *
557 setup_test_string(struct rte_mempool *mpool,
558 const char *string, size_t len, uint8_t blocksize)
560 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
561 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
564 memset(m->buf_addr, 0, m->buf_len);
565 char *dst = rte_pktmbuf_append(m, t_len);
572 rte_memcpy(dst, string, t_len);
574 memset(dst, 0, t_len);
580 static struct rte_mbuf *
581 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
582 size_t len, uint32_t spi, uint32_t seq)
584 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
585 uint32_t hdrlen = sizeof(struct rte_ipv4_hdr) +
586 sizeof(struct rte_esp_hdr);
587 uint32_t taillen = sizeof(struct rte_esp_tail);
588 uint32_t t_len = len + hdrlen + taillen;
591 struct rte_esp_hdr esph = {
592 .spi = rte_cpu_to_be_32(spi),
593 .seq = rte_cpu_to_be_32(seq)
596 padlen = RTE_ALIGN(t_len, 4) - t_len;
599 struct rte_esp_tail espt = {
601 .next_proto = IPPROTO_IPIP,
607 memset(m->buf_addr, 0, m->buf_len);
608 char *dst = rte_pktmbuf_append(m, t_len);
614 /* copy outer IP and ESP header */
615 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
616 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
617 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
618 dst += sizeof(ipv4_outer);
619 m->l3_len = sizeof(ipv4_outer);
620 rte_memcpy(dst, &esph, sizeof(esph));
623 if (string != NULL) {
625 rte_memcpy(dst, string, len);
628 rte_memcpy(dst, esp_pad_bytes, padlen);
630 /* copy ESP tail header */
631 rte_memcpy(dst, &espt, sizeof(espt));
633 memset(dst, 0, t_len);
639 create_dummy_sec_session(struct ipsec_unitest_params *ut,
640 struct rte_cryptodev_qp_conf *qp, uint32_t j)
642 static struct rte_security_session_conf conf;
644 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
645 &conf, qp->mp_session,
646 qp->mp_session_private);
648 if (ut->ss[j].security.ses == NULL)
651 ut->ss[j].security.ctx = &dummy_sec_ctx;
652 ut->ss[j].security.ol_flags = 0;
657 create_crypto_session(struct ipsec_unitest_params *ut,
658 struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
661 struct rte_cryptodev_sym_session *s;
663 s = rte_cryptodev_sym_session_create(qp->mp_session);
667 /* initialize SA crypto session for device */
668 rc = rte_cryptodev_sym_session_init(dev_id, s,
669 ut->crypto_xforms, qp->mp_session_private);
671 ut->ss[j].crypto.ses = s;
674 /* failure, do cleanup */
675 rte_cryptodev_sym_session_clear(dev_id, s);
676 rte_cryptodev_sym_session_free(s);
682 create_session(struct ipsec_unitest_params *ut,
683 struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
685 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
686 return create_crypto_session(ut, qp, crypto_dev, j);
688 return create_dummy_sec_session(ut, qp, j);
692 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
694 struct ipsec_unitest_params *ut_params = &unittest_params;
695 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
696 const struct supported_auth_algo *auth_algo;
697 const struct supported_cipher_algo *cipher_algo;
699 memset(prm, 0, sizeof(*prm));
704 /* setup ipsec xform */
705 prm->ipsec_xform = ut_params->ipsec_xform;
706 prm->ipsec_xform.salt = (uint32_t)rte_rand();
707 prm->ipsec_xform.replay_win_sz = replay_win_sz;
709 /* setup tunnel related fields */
710 prm->tun.hdr_len = sizeof(ipv4_outer);
711 prm->tun.next_proto = IPPROTO_IPIP;
712 prm->tun.hdr = &ipv4_outer;
714 /* setup crypto section */
715 if (uparams.aead != 0) {
716 /* TODO: will need to fill out with other test cases */
718 if (uparams.auth == 0 && uparams.cipher == 0)
721 auth_algo = find_match_auth_algo(uparams.auth_algo);
722 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
724 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
727 prm->crypto_xform = ut_params->crypto_xforms;
732 create_sa(enum rte_security_session_action_type action_type,
733 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
735 struct ipsec_testsuite_params *ts = &testsuite_params;
736 struct ipsec_unitest_params *ut = &unittest_params;
740 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
742 rc = fill_ipsec_param(replay_win_sz, flags);
746 /* create rte_ipsec_sa*/
747 sz = rte_ipsec_sa_size(&ut->sa_prm);
748 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
750 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
751 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
752 "failed to allocate memory for rte_ipsec_sa\n");
754 ut->ss[j].type = action_type;
755 rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
759 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
760 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
762 rc = rte_ipsec_session_prepare(&ut->ss[j]);
768 crypto_dequeue_burst(uint16_t num_pkts)
770 struct ipsec_testsuite_params *ts_params = &testsuite_params;
771 struct ipsec_unitest_params *ut_params = &unittest_params;
775 for (i = 0, pkt_cnt = 0;
776 i < DEQUEUE_COUNT && pkt_cnt != num_pkts; i++) {
777 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
778 &ut_params->cop[pkt_cnt], num_pkts - pkt_cnt);
783 if (pkt_cnt != num_pkts) {
784 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
791 crypto_ipsec(uint16_t num_pkts)
793 struct ipsec_testsuite_params *ts_params = &testsuite_params;
794 struct ipsec_unitest_params *ut_params = &unittest_params;
796 struct rte_ipsec_group grp[1];
798 /* call crypto prepare */
799 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
800 ut_params->cop, num_pkts);
802 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
806 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
807 ut_params->cop, num_pkts);
809 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
813 if (crypto_dequeue_burst(num_pkts) == TEST_FAILED)
816 ng = rte_ipsec_pkt_crypto_group(
817 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
818 ut_params->obuf, grp, num_pkts);
820 grp[0].m[0] != ut_params->obuf[0] ||
821 grp[0].cnt != num_pkts ||
822 grp[0].id.ptr != &ut_params->ss[0]) {
823 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
827 /* call crypto process */
828 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
830 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
838 lksd_proto_ipsec(uint16_t num_pkts)
840 struct ipsec_unitest_params *ut_params = &unittest_params;
842 struct rte_ipsec_group grp[1];
844 /* call crypto prepare */
845 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
846 ut_params->cop, num_pkts);
848 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
852 /* check crypto ops */
853 for (i = 0; i != num_pkts; i++) {
854 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
855 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
856 "%s: invalid crypto op type for %u-th packet\n",
858 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
859 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
860 "%s: invalid crypto op status for %u-th packet\n",
862 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
863 RTE_CRYPTO_OP_SECURITY_SESSION,
864 "%s: invalid crypto op sess_type for %u-th packet\n",
866 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
868 "%s: invalid crypto op m_src for %u-th packet\n",
872 /* update crypto ops, pretend all finished ok */
873 for (i = 0; i != num_pkts; i++)
874 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
876 ng = rte_ipsec_pkt_crypto_group(
877 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
878 ut_params->obuf, grp, num_pkts);
880 grp[0].m[0] != ut_params->obuf[0] ||
881 grp[0].cnt != num_pkts ||
882 grp[0].id.ptr != &ut_params->ss[0]) {
883 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
887 /* call crypto process */
888 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
890 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
898 dump_grp_pkt(uint32_t i, struct rte_ipsec_group *grp, uint32_t k)
901 "After rte_ipsec_pkt_process grp[%d].cnt=%d k=%d fail\n",
904 "After rte_ipsec_pkt_process grp[%d].m=%p grp[%d].m[%d]=%p\n",
905 i, grp[i].m, i, k, grp[i].m[k]);
907 rte_pktmbuf_dump(stdout, grp[i].m[k], grp[i].m[k]->data_len);
911 crypto_ipsec_2sa(void)
913 struct ipsec_testsuite_params *ts_params = &testsuite_params;
914 struct ipsec_unitest_params *ut_params = &unittest_params;
915 struct rte_ipsec_group grp[BURST_SIZE];
916 uint32_t k, ng, i, r;
918 for (i = 0; i < BURST_SIZE; i++) {
920 /* call crypto prepare */
921 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
922 ut_params->ibuf + i, ut_params->cop + i, 1);
925 "rte_ipsec_pkt_crypto_prepare fail\n");
928 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
929 ut_params->cop + i, 1);
932 "rte_cryptodev_enqueue_burst fail\n");
937 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
940 ng = rte_ipsec_pkt_crypto_group(
941 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
942 ut_params->obuf, grp, BURST_SIZE);
943 if (ng != BURST_SIZE) {
944 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
949 /* call crypto process */
950 for (i = 0; i < ng; i++) {
951 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
952 if (k != grp[i].cnt) {
953 dump_grp_pkt(i, grp, k);
965 crypto_ipsec_4grp(uint32_t pkt_num)
969 /* group packets in 4 different size groups groups, 2 per SA */
972 else if (pkt_num < PKT_12)
974 else if (pkt_num < PKT_21)
983 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
985 struct ipsec_unitest_params *ut_params = &unittest_params;
990 for (i = 0, j = 0; i < PKT_4; i++, j++)
991 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
995 } else if (grp_ind == 1) {
996 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
997 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
1002 } else if (grp_ind == 2) {
1003 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
1004 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
1008 } else if (grp_ind == 3) {
1009 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
1010 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
1021 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
1026 if (grp[grp_ind].cnt != PKT_4)
1028 } else if (grp_ind == 1) {
1029 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
1031 } else if (grp_ind == 2) {
1032 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
1034 } else if (grp_ind == 3) {
1035 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1044 crypto_ipsec_2sa_4grp(void)
1046 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1047 struct ipsec_unitest_params *ut_params = &unittest_params;
1048 struct rte_ipsec_group grp[BURST_SIZE];
1049 uint32_t k, ng, i, j;
1052 for (i = 0; i < BURST_SIZE; i++) {
1053 j = crypto_ipsec_4grp(i);
1055 /* call crypto prepare */
1056 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1057 ut_params->ibuf + i, ut_params->cop + i, 1);
1060 "rte_ipsec_pkt_crypto_prepare fail\n");
1063 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1064 ut_params->cop + i, 1);
1067 "rte_cryptodev_enqueue_burst fail\n");
1072 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
1075 ng = rte_ipsec_pkt_crypto_group(
1076 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1077 ut_params->obuf, grp, BURST_SIZE);
1079 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1084 /* call crypto process */
1085 for (i = 0; i < ng; i++) {
1086 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1087 if (k != grp[i].cnt) {
1088 dump_grp_pkt(i, grp, k);
1091 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1094 "crypto_ipsec_4grp_check_cnt fail\n");
1097 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1100 "crypto_ipsec_4grp_check_mbufs fail\n");
1104 return TEST_SUCCESS;
1108 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1110 struct ipsec_unitest_params *ut_params = &unittest_params;
1111 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1114 /* reorder packets and create gaps in sequence numbers */
1115 static const uint32_t reorder[BURST_SIZE] = {
1116 24, 25, 26, 27, 28, 29, 30, 31,
1117 16, 17, 18, 19, 20, 21, 22, 23,
1118 8, 9, 10, 11, 12, 13, 14, 15,
1119 0, 1, 2, 3, 4, 5, 6, 7,
1122 if (num_pkts != BURST_SIZE)
1125 for (j = 0; j != BURST_SIZE; j++)
1126 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1128 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1132 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1134 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1135 struct ipsec_unitest_params *ut_params = &unittest_params;
1139 for (j = 0; j < num_pkts && rc == 0; j++) {
1140 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1141 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1142 if (ut_params->cop[j] == NULL) {
1144 "Failed to allocate symmetric crypto op\n");
1153 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1155 uint16_t j = ut_params->pkt_index;
1157 printf("\ntest config: num %d\n", i);
1158 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1159 printf(" esn %u\n", test_cfg[i].esn);
1160 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1161 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1162 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1164 if (ut_params->ibuf[j]) {
1165 printf("ibuf[%u] data:\n", j);
1166 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1167 ut_params->ibuf[j]->data_len);
1169 if (ut_params->obuf[j]) {
1170 printf("obuf[%u] data:\n", j);
1171 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1172 ut_params->obuf[j]->data_len);
1174 if (ut_params->testbuf[j]) {
1175 printf("testbuf[%u] data:\n", j);
1176 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1177 ut_params->testbuf[j]->data_len);
1182 destroy_dummy_sec_session(struct ipsec_unitest_params *ut,
1185 rte_security_session_destroy(&dummy_sec_ctx,
1186 ut->ss[j].security.ses);
1187 ut->ss[j].security.ctx = NULL;
1191 destroy_crypto_session(struct ipsec_unitest_params *ut,
1192 uint8_t crypto_dev, uint32_t j)
1194 rte_cryptodev_sym_session_clear(crypto_dev, ut->ss[j].crypto.ses);
1195 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1196 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1200 destroy_session(struct ipsec_unitest_params *ut,
1201 uint8_t crypto_dev, uint32_t j)
1203 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
1204 return destroy_crypto_session(ut, crypto_dev, j);
1206 return destroy_dummy_sec_session(ut, j);
1210 destroy_sa(uint32_t j)
1212 struct ipsec_unitest_params *ut = &unittest_params;
1213 struct ipsec_testsuite_params *ts = &testsuite_params;
1215 rte_ipsec_sa_fini(ut->ss[j].sa);
1216 rte_free(ut->ss[j].sa);
1218 destroy_session(ut, ts->valid_dev, j);
1222 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1227 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1228 ut_params->pkt_index = j;
1230 /* compare the data buffers */
1231 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1232 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1234 "input and output data does not match\n");
1235 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1236 ut_params->obuf[j]->pkt_len,
1237 "data_len is not equal to pkt_len");
1238 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1240 "data_len is not equal to input data");
1247 test_ipsec_crypto_inb_burst_null_null(int i)
1249 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1250 struct ipsec_unitest_params *ut_params = &unittest_params;
1251 uint16_t num_pkts = test_cfg[i].num_pkts;
1255 /* create rte_ipsec_sa */
1256 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1257 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1259 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1263 /* Generate test mbuf data */
1264 for (j = 0; j < num_pkts && rc == 0; j++) {
1265 /* packet with sequence number 0 is invalid */
1266 ut_params->ibuf[j] = setup_test_string_tunneled(
1267 ts_params->mbuf_pool, null_encrypted_data,
1268 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1269 if (ut_params->ibuf[j] == NULL)
1274 if (test_cfg[i].reorder_pkts)
1275 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1276 rc = test_ipsec_crypto_op_alloc(num_pkts);
1280 /* call ipsec library api */
1281 rc = crypto_ipsec(num_pkts);
1283 rc = crypto_inb_burst_null_null_check(
1284 ut_params, i, num_pkts);
1286 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1292 if (rc == TEST_FAILED)
1293 test_ipsec_dump_buffers(ut_params, i);
1300 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1304 struct ipsec_unitest_params *ut_params = &unittest_params;
1306 ut_params->ipsec_xform.spi = INBOUND_SPI;
1307 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1308 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1309 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1310 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1312 for (i = 0; i < num_cfg && rc == 0; i++) {
1313 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1314 rc = test_ipsec_crypto_inb_burst_null_null(i);
1321 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1328 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1329 ut_params->pkt_index = j;
1331 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1332 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1333 /* compare the buffer data */
1334 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1335 ut_params->obuf[j]->pkt_len,
1336 "test and output data does not match\n");
1337 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1338 ut_params->testbuf[j]->data_len,
1339 "obuf data_len is not equal to testbuf data_len");
1340 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1341 ut_params->testbuf[j]->pkt_len,
1342 "obuf pkt_len is not equal to testbuf pkt_len");
1349 test_ipsec_crypto_outb_burst_null_null(int i)
1351 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1352 struct ipsec_unitest_params *ut_params = &unittest_params;
1353 uint16_t num_pkts = test_cfg[i].num_pkts;
1357 /* create rte_ipsec_sa*/
1358 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1359 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1361 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1365 /* Generate input mbuf data */
1366 for (j = 0; j < num_pkts && rc == 0; j++) {
1367 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1368 null_plain_data, test_cfg[i].pkt_sz, 0);
1369 if (ut_params->ibuf[j] == NULL)
1372 /* Generate test mbuf data */
1373 /* packet with sequence number 0 is invalid */
1374 ut_params->testbuf[j] = setup_test_string_tunneled(
1375 ts_params->mbuf_pool,
1376 null_plain_data, test_cfg[i].pkt_sz,
1377 OUTBOUND_SPI, j + 1);
1378 if (ut_params->testbuf[j] == NULL)
1384 rc = test_ipsec_crypto_op_alloc(num_pkts);
1387 /* call ipsec library api */
1388 rc = crypto_ipsec(num_pkts);
1390 rc = crypto_outb_burst_null_null_check(ut_params,
1393 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1397 if (rc == TEST_FAILED)
1398 test_ipsec_dump_buffers(ut_params, i);
1405 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1409 struct ipsec_unitest_params *ut_params = &unittest_params;
1411 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1412 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1413 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1414 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1415 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1417 for (i = 0; i < num_cfg && rc == 0; i++) {
1418 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1419 rc = test_ipsec_crypto_outb_burst_null_null(i);
1426 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1433 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1434 ut_params->pkt_index = j;
1436 /* compare the buffer data */
1437 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1438 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1440 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1441 ut_params->ibuf[j]->data_len,
1442 "input and output data does not match\n");
1443 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1444 ut_params->obuf[j]->data_len,
1445 "ibuf data_len is not equal to obuf data_len");
1446 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1447 ut_params->obuf[j]->pkt_len,
1448 "ibuf pkt_len is not equal to obuf pkt_len");
1449 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1451 "data_len is not equal input data");
1457 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1459 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1460 struct ipsec_unitest_params *ut_params = &unittest_params;
1461 uint16_t num_pkts = test_cfg[i].num_pkts;
1466 /* create rte_ipsec_sa*/
1467 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1468 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1470 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1474 /* Generate inbound mbuf data */
1475 for (j = 0; j < num_pkts && rc == 0; j++) {
1476 ut_params->ibuf[j] = setup_test_string_tunneled(
1477 ts_params->mbuf_pool,
1478 null_plain_data, test_cfg[i].pkt_sz,
1479 INBOUND_SPI, j + 1);
1480 if (ut_params->ibuf[j] == NULL)
1483 /* Generate test mbuf data */
1484 ut_params->obuf[j] = setup_test_string(
1485 ts_params->mbuf_pool,
1486 null_plain_data, test_cfg[i].pkt_sz, 0);
1487 if (ut_params->obuf[j] == NULL)
1493 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1496 rc = inline_inb_burst_null_null_check(ut_params, i,
1500 "rte_ipsec_pkt_process failed, cfg %d\n",
1506 if (rc == TEST_FAILED)
1507 test_ipsec_dump_buffers(ut_params, i);
1514 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1518 struct ipsec_unitest_params *ut_params = &unittest_params;
1520 ut_params->ipsec_xform.spi = INBOUND_SPI;
1521 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1522 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1523 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1524 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1526 for (i = 0; i < num_cfg && rc == 0; i++) {
1527 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1528 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1535 test_ipsec_inline_proto_inb_burst_null_null(int i)
1537 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1538 struct ipsec_unitest_params *ut_params = &unittest_params;
1539 uint16_t num_pkts = test_cfg[i].num_pkts;
1544 /* create rte_ipsec_sa*/
1545 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1546 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1548 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1552 /* Generate inbound mbuf data */
1553 for (j = 0; j < num_pkts && rc == 0; j++) {
1554 ut_params->ibuf[j] = setup_test_string(
1555 ts_params->mbuf_pool,
1556 null_plain_data, test_cfg[i].pkt_sz, 0);
1557 if (ut_params->ibuf[j] == NULL)
1560 /* Generate test mbuf data */
1561 ut_params->obuf[j] = setup_test_string(
1562 ts_params->mbuf_pool,
1563 null_plain_data, test_cfg[i].pkt_sz, 0);
1564 if (ut_params->obuf[j] == NULL)
1570 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1573 rc = inline_inb_burst_null_null_check(ut_params, i,
1577 "rte_ipsec_pkt_process failed, cfg %d\n",
1583 if (rc == TEST_FAILED)
1584 test_ipsec_dump_buffers(ut_params, i);
1591 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1595 struct ipsec_unitest_params *ut_params = &unittest_params;
1597 ut_params->ipsec_xform.spi = INBOUND_SPI;
1598 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1599 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1600 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1601 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1603 for (i = 0; i < num_cfg && rc == 0; i++) {
1604 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1605 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1612 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1619 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1620 ut_params->pkt_index = j;
1622 /* compare the buffer data */
1623 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1624 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1625 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1626 ut_params->ibuf[j]->data_len,
1627 "input and output data does not match\n");
1628 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1629 ut_params->obuf[j]->data_len,
1630 "ibuf data_len is not equal to obuf data_len");
1631 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1632 ut_params->obuf[j]->pkt_len,
1633 "ibuf pkt_len is not equal to obuf pkt_len");
1635 /* check mbuf ol_flags */
1636 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & RTE_MBUF_F_TX_SEC_OFFLOAD,
1637 "ibuf RTE_MBUF_F_TX_SEC_OFFLOAD is not set");
1643 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1645 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1646 struct ipsec_unitest_params *ut_params = &unittest_params;
1647 uint16_t num_pkts = test_cfg[i].num_pkts;
1652 /* create rte_ipsec_sa */
1653 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1654 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1656 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1660 /* Generate test mbuf data */
1661 for (j = 0; j < num_pkts && rc == 0; j++) {
1662 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1663 null_plain_data, test_cfg[i].pkt_sz, 0);
1664 if (ut_params->ibuf[0] == NULL)
1668 /* Generate test tunneled mbuf data for comparison */
1669 ut_params->obuf[j] = setup_test_string_tunneled(
1670 ts_params->mbuf_pool,
1671 null_plain_data, test_cfg[i].pkt_sz,
1672 OUTBOUND_SPI, j + 1);
1673 if (ut_params->obuf[j] == NULL)
1679 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1682 rc = inline_outb_burst_null_null_check(ut_params,
1686 "rte_ipsec_pkt_process failed, cfg %d\n",
1692 if (rc == TEST_FAILED)
1693 test_ipsec_dump_buffers(ut_params, i);
1700 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1704 struct ipsec_unitest_params *ut_params = &unittest_params;
1706 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1707 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1708 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1709 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1710 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1712 for (i = 0; i < num_cfg && rc == 0; i++) {
1713 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1714 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1721 test_ipsec_inline_proto_outb_burst_null_null(int i)
1723 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1724 struct ipsec_unitest_params *ut_params = &unittest_params;
1725 uint16_t num_pkts = test_cfg[i].num_pkts;
1730 /* create rte_ipsec_sa */
1731 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1732 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1734 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1738 /* Generate test mbuf data */
1739 for (j = 0; j < num_pkts && rc == 0; j++) {
1740 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1741 null_plain_data, test_cfg[i].pkt_sz, 0);
1742 if (ut_params->ibuf[0] == NULL)
1746 /* Generate test tunneled mbuf data for comparison */
1747 ut_params->obuf[j] = setup_test_string(
1748 ts_params->mbuf_pool,
1749 null_plain_data, test_cfg[i].pkt_sz, 0);
1750 if (ut_params->obuf[j] == NULL)
1756 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1759 rc = inline_outb_burst_null_null_check(ut_params,
1763 "rte_ipsec_pkt_process failed, cfg %d\n",
1769 if (rc == TEST_FAILED)
1770 test_ipsec_dump_buffers(ut_params, i);
1777 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1781 struct ipsec_unitest_params *ut_params = &unittest_params;
1783 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1784 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1785 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1786 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1787 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1789 for (i = 0; i < num_cfg && rc == 0; i++) {
1790 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1791 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1798 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1800 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1801 struct ipsec_unitest_params *ut_params = &unittest_params;
1802 uint16_t num_pkts = test_cfg[i].num_pkts;
1806 /* create rte_ipsec_sa */
1807 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1808 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1810 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1814 /* Generate test mbuf data */
1815 for (j = 0; j < num_pkts && rc == 0; j++) {
1816 /* packet with sequence number 0 is invalid */
1817 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1818 null_encrypted_data, test_cfg[i].pkt_sz, 0);
1819 if (ut_params->ibuf[j] == NULL)
1824 if (test_cfg[i].reorder_pkts)
1825 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1826 rc = test_ipsec_crypto_op_alloc(num_pkts);
1830 /* call ipsec library api */
1831 rc = lksd_proto_ipsec(num_pkts);
1833 rc = crypto_inb_burst_null_null_check(ut_params, i,
1836 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1842 if (rc == TEST_FAILED)
1843 test_ipsec_dump_buffers(ut_params, i);
1850 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1854 struct ipsec_unitest_params *ut_params = &unittest_params;
1856 ut_params->ipsec_xform.spi = INBOUND_SPI;
1857 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1858 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1859 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1860 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1862 for (i = 0; i < num_cfg && rc == 0; i++) {
1863 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1864 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1871 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1875 struct ipsec_unitest_params *ut_params = &unittest_params;
1877 ut_params->ipsec_xform.spi = INBOUND_SPI;
1878 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1879 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1880 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1881 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1883 for (i = 0; i < num_cfg && rc == 0; i++) {
1884 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1885 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1892 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1897 for (j = 0; j < num_pkts; j++) {
1898 /* compare the buffer data */
1899 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1900 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1902 "input and output data does not match\n");
1904 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1905 ut_params->obuf[j]->pkt_len,
1906 "data_len is not equal to pkt_len");
1913 test_ipsec_replay_inb_inside_null_null(int i)
1915 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1916 struct ipsec_unitest_params *ut_params = &unittest_params;
1919 /* create rte_ipsec_sa*/
1920 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1921 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1923 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1927 /* Generate inbound mbuf data */
1928 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1929 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1930 if (ut_params->ibuf[0] == NULL)
1933 rc = test_ipsec_crypto_op_alloc(1);
1936 /* call ipsec library api */
1937 rc = crypto_ipsec(1);
1939 rc = replay_inb_null_null_check(ut_params, i, 1);
1941 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1947 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1948 /* generate packet with seq number inside the replay window */
1949 if (ut_params->ibuf[0]) {
1950 rte_pktmbuf_free(ut_params->ibuf[0]);
1951 ut_params->ibuf[0] = 0;
1954 ut_params->ibuf[0] = setup_test_string_tunneled(
1955 ts_params->mbuf_pool, null_encrypted_data,
1956 test_cfg[i].pkt_sz, INBOUND_SPI,
1957 test_cfg[i].replay_win_sz);
1958 if (ut_params->ibuf[0] == NULL)
1961 rc = test_ipsec_crypto_op_alloc(1);
1964 /* call ipsec library api */
1965 rc = crypto_ipsec(1);
1967 rc = replay_inb_null_null_check(
1970 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1976 if (rc == TEST_FAILED)
1977 test_ipsec_dump_buffers(ut_params, i);
1985 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1989 struct ipsec_unitest_params *ut_params = &unittest_params;
1991 ut_params->ipsec_xform.spi = INBOUND_SPI;
1992 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1993 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1994 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1995 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1997 for (i = 0; i < num_cfg && rc == 0; i++) {
1998 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1999 rc = test_ipsec_replay_inb_inside_null_null(i);
2006 test_ipsec_replay_inb_outside_null_null(int i)
2008 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2009 struct ipsec_unitest_params *ut_params = &unittest_params;
2012 /* create rte_ipsec_sa */
2013 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2014 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2016 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2020 /* Generate test mbuf data */
2021 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2022 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
2023 test_cfg[i].replay_win_sz + 2);
2024 if (ut_params->ibuf[0] == NULL)
2027 rc = test_ipsec_crypto_op_alloc(1);
2030 /* call ipsec library api */
2031 rc = crypto_ipsec(1);
2033 rc = replay_inb_null_null_check(ut_params, i, 1);
2035 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2041 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2042 /* generate packet with seq number outside the replay window */
2043 if (ut_params->ibuf[0]) {
2044 rte_pktmbuf_free(ut_params->ibuf[0]);
2045 ut_params->ibuf[0] = 0;
2047 ut_params->ibuf[0] = setup_test_string_tunneled(
2048 ts_params->mbuf_pool, null_encrypted_data,
2049 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2050 if (ut_params->ibuf[0] == NULL)
2053 rc = test_ipsec_crypto_op_alloc(1);
2056 /* call ipsec library api */
2057 rc = crypto_ipsec(1);
2059 if (test_cfg[i].esn == 0) {
2061 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2063 test_cfg[i].replay_win_sz + 2,
2069 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2070 i, test_cfg[i].replay_win_sz + 2, 1);
2076 if (rc == TEST_FAILED)
2077 test_ipsec_dump_buffers(ut_params, i);
2085 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2089 struct ipsec_unitest_params *ut_params = &unittest_params;
2091 ut_params->ipsec_xform.spi = INBOUND_SPI;
2092 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2093 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2094 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2095 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2097 for (i = 0; i < num_cfg && rc == 0; i++) {
2098 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2099 rc = test_ipsec_replay_inb_outside_null_null(i);
2106 test_ipsec_replay_inb_repeat_null_null(int i)
2108 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2109 struct ipsec_unitest_params *ut_params = &unittest_params;
2112 /* create rte_ipsec_sa */
2113 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2114 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2116 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2120 /* Generate test mbuf data */
2121 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2122 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2123 if (ut_params->ibuf[0] == NULL)
2126 rc = test_ipsec_crypto_op_alloc(1);
2129 /* call ipsec library api */
2130 rc = crypto_ipsec(1);
2132 rc = replay_inb_null_null_check(ut_params, i, 1);
2134 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2140 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2142 * generate packet with repeat seq number in the replay
2145 if (ut_params->ibuf[0]) {
2146 rte_pktmbuf_free(ut_params->ibuf[0]);
2147 ut_params->ibuf[0] = 0;
2150 ut_params->ibuf[0] = setup_test_string_tunneled(
2151 ts_params->mbuf_pool, null_encrypted_data,
2152 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2153 if (ut_params->ibuf[0] == NULL)
2156 rc = test_ipsec_crypto_op_alloc(1);
2159 /* call ipsec library api */
2160 rc = crypto_ipsec(1);
2163 "packet is not repeated in the replay window, cfg %d seq %u\n",
2168 "packet is repeated in the replay window, cfg %d seq %u\n",
2175 if (rc == TEST_FAILED)
2176 test_ipsec_dump_buffers(ut_params, i);
2184 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2188 struct ipsec_unitest_params *ut_params = &unittest_params;
2190 ut_params->ipsec_xform.spi = INBOUND_SPI;
2191 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2192 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2193 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2194 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2196 for (i = 0; i < num_cfg && rc == 0; i++) {
2197 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2198 rc = test_ipsec_replay_inb_repeat_null_null(i);
2205 test_ipsec_replay_inb_inside_burst_null_null(int i)
2207 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2208 struct ipsec_unitest_params *ut_params = &unittest_params;
2209 uint16_t num_pkts = test_cfg[i].num_pkts;
2213 /* create rte_ipsec_sa*/
2214 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2215 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2217 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2221 /* Generate inbound mbuf data */
2222 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2223 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2224 if (ut_params->ibuf[0] == NULL)
2227 rc = test_ipsec_crypto_op_alloc(1);
2230 /* call ipsec library api */
2231 rc = crypto_ipsec(1);
2233 rc = replay_inb_null_null_check(ut_params, i, 1);
2235 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2241 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2243 * generate packet(s) with seq number(s) inside the
2246 if (ut_params->ibuf[0]) {
2247 rte_pktmbuf_free(ut_params->ibuf[0]);
2248 ut_params->ibuf[0] = 0;
2251 for (j = 0; j < num_pkts && rc == 0; j++) {
2252 /* packet with sequence number 1 already processed */
2253 ut_params->ibuf[j] = setup_test_string_tunneled(
2254 ts_params->mbuf_pool, null_encrypted_data,
2255 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2256 if (ut_params->ibuf[j] == NULL)
2261 if (test_cfg[i].reorder_pkts)
2262 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2263 rc = test_ipsec_crypto_op_alloc(num_pkts);
2267 /* call ipsec library api */
2268 rc = crypto_ipsec(num_pkts);
2270 rc = replay_inb_null_null_check(
2271 ut_params, i, num_pkts);
2273 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2279 if (rc == TEST_FAILED)
2280 test_ipsec_dump_buffers(ut_params, i);
2288 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2292 struct ipsec_unitest_params *ut_params = &unittest_params;
2294 ut_params->ipsec_xform.spi = INBOUND_SPI;
2295 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2296 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2297 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2298 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2300 for (i = 0; i < num_cfg && rc == 0; i++) {
2301 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2302 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2310 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2315 for (j = 0; j < BURST_SIZE; j++) {
2316 ut_params->pkt_index = j;
2318 /* compare the data buffers */
2319 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2320 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2322 "input and output data does not match\n");
2323 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2324 ut_params->obuf[j]->pkt_len,
2325 "data_len is not equal to pkt_len");
2326 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2328 "data_len is not equal to input data");
2335 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2337 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2338 struct ipsec_unitest_params *ut_params = &unittest_params;
2339 uint16_t num_pkts = test_cfg[i].num_pkts;
2343 if (num_pkts != BURST_SIZE)
2346 /* create rte_ipsec_sa */
2347 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2348 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2350 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2354 /* create second rte_ipsec_sa */
2355 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2356 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2357 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2359 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2364 /* Generate test mbuf data */
2365 for (j = 0; j < num_pkts && rc == 0; j++) {
2367 /* packet with sequence number 0 is invalid */
2368 ut_params->ibuf[j] = setup_test_string_tunneled(
2369 ts_params->mbuf_pool, null_encrypted_data,
2370 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2371 if (ut_params->ibuf[j] == NULL)
2376 rc = test_ipsec_crypto_op_alloc(num_pkts);
2379 /* call ipsec library api */
2380 rc = crypto_ipsec_2sa();
2382 rc = crypto_inb_burst_2sa_null_null_check(
2385 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2391 if (rc == TEST_FAILED)
2392 test_ipsec_dump_buffers(ut_params, i);
2400 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2404 struct ipsec_unitest_params *ut_params = &unittest_params;
2406 ut_params->ipsec_xform.spi = INBOUND_SPI;
2407 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2408 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2409 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2410 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2412 for (i = 0; i < num_cfg && rc == 0; i++) {
2413 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2414 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2421 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2423 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2424 struct ipsec_unitest_params *ut_params = &unittest_params;
2425 uint16_t num_pkts = test_cfg[i].num_pkts;
2429 if (num_pkts != BURST_SIZE)
2432 /* create rte_ipsec_sa */
2433 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2434 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2436 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2440 /* create second rte_ipsec_sa */
2441 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2442 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2443 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2445 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2450 /* Generate test mbuf data */
2451 for (j = 0; j < num_pkts && rc == 0; j++) {
2452 k = crypto_ipsec_4grp(j);
2454 /* packet with sequence number 0 is invalid */
2455 ut_params->ibuf[j] = setup_test_string_tunneled(
2456 ts_params->mbuf_pool, null_encrypted_data,
2457 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2458 if (ut_params->ibuf[j] == NULL)
2463 rc = test_ipsec_crypto_op_alloc(num_pkts);
2466 /* call ipsec library api */
2467 rc = crypto_ipsec_2sa_4grp();
2469 rc = crypto_inb_burst_2sa_null_null_check(
2472 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2478 if (rc == TEST_FAILED)
2479 test_ipsec_dump_buffers(ut_params, i);
2487 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2491 struct ipsec_unitest_params *ut_params = &unittest_params;
2493 ut_params->ipsec_xform.spi = INBOUND_SPI;
2494 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2495 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2496 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2497 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2499 for (i = 0; i < num_cfg && rc == 0; i++) {
2500 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2501 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2507 static struct unit_test_suite ipsec_testsuite = {
2508 .suite_name = "IPsec NULL Unit Test Suite",
2509 .setup = testsuite_setup,
2510 .teardown = testsuite_teardown,
2511 .unit_test_cases = {
2512 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2513 test_ipsec_crypto_inb_burst_null_null_wrapper),
2514 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2515 test_ipsec_crypto_outb_burst_null_null_wrapper),
2516 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2517 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2518 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2519 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2520 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2521 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2522 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2523 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2524 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2525 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2526 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2527 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2528 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2529 test_ipsec_replay_inb_inside_null_null_wrapper),
2530 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2531 test_ipsec_replay_inb_outside_null_null_wrapper),
2532 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2533 test_ipsec_replay_inb_repeat_null_null_wrapper),
2534 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2535 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2536 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2537 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2538 TEST_CASE_ST(ut_setup_ipsec, ut_teardown_ipsec,
2539 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2540 TEST_CASES_END() /**< NULL terminate unit test array */
2547 return unit_test_suite_runner(&ipsec_testsuite);
2550 #endif /* !RTE_EXEC_ENV_WINDOWS */
2552 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);