1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
10 #include <rte_malloc.h>
11 #include <rte_memcpy.h>
12 #include <rte_pause.h>
13 #include <rte_bus_vdev.h>
16 #include <rte_crypto.h>
17 #include <rte_cryptodev.h>
18 #include <rte_cryptodev_pmd.h>
19 #include <rte_lcore.h>
20 #include <rte_ipsec.h>
21 #include <rte_random.h>
23 #include <rte_security_driver.h>
26 #include "test_cryptodev.h"
28 #define VDEV_ARGS_SIZE 100
29 #define MAX_NB_SESSIONS 100
31 #define REPLAY_WIN_0 0
32 #define REPLAY_WIN_32 32
33 #define REPLAY_WIN_64 64
34 #define REPLAY_WIN_128 128
35 #define REPLAY_WIN_256 256
36 #define DATA_64_BYTES 64
37 #define DATA_80_BYTES 80
38 #define DATA_100_BYTES 100
40 #define ESN_DISABLED 0
42 #define OUTBOUND_SPI 17
44 #define REORDER_PKTS 1
47 enum rte_crypto_sym_xform_type auth;
48 enum rte_crypto_sym_xform_type cipher;
49 enum rte_crypto_sym_xform_type aead;
52 char cipher_algo[128];
56 struct ipsec_testsuite_params {
57 struct rte_mempool *mbuf_pool;
58 struct rte_mempool *cop_mpool;
59 struct rte_cryptodev_config conf;
60 struct rte_cryptodev_qp_conf qp_conf;
63 uint8_t valid_dev_found;
66 struct ipsec_unitest_params {
67 struct rte_crypto_sym_xform cipher_xform;
68 struct rte_crypto_sym_xform auth_xform;
69 struct rte_crypto_sym_xform aead_xform;
70 struct rte_crypto_sym_xform *crypto_xforms;
72 struct rte_security_ipsec_xform ipsec_xform;
74 struct rte_ipsec_sa_prm sa_prm;
75 struct rte_ipsec_session ss[MAX_NB_SAS];
77 struct rte_crypto_op *cop[BURST_SIZE];
79 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
86 struct ipsec_test_cfg {
87 uint32_t replay_win_sz;
92 uint32_t reorder_pkts;
95 static const struct ipsec_test_cfg test_cfg[] = {
97 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
98 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
100 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
101 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
103 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
104 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
105 DATA_80_BYTES, 1, 0},
106 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
109 static const int num_cfg = RTE_DIM(test_cfg);
110 static struct ipsec_testsuite_params testsuite_params = { NULL };
111 static struct ipsec_unitest_params unittest_params;
112 static struct user_params uparams;
114 static uint8_t global_key[128] = { 0 };
116 struct supported_cipher_algo {
118 enum rte_crypto_cipher_algorithm algo;
124 struct supported_auth_algo {
126 enum rte_crypto_auth_algorithm algo;
132 const struct supported_cipher_algo cipher_algos[] = {
135 .algo = RTE_CRYPTO_CIPHER_NULL,
142 const struct supported_auth_algo auth_algos[] = {
145 .algo = RTE_CRYPTO_AUTH_NULL,
153 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
154 struct rte_security_session *sess, struct rte_mempool *mp)
156 RTE_SET_USED(device);
160 sess->sess_private_data = NULL;
165 dummy_sec_destroy(void *device, struct rte_security_session *sess)
167 RTE_SET_USED(device);
172 static const struct rte_security_ops dummy_sec_ops = {
173 .session_create = dummy_sec_create,
174 .session_destroy = dummy_sec_destroy,
177 static struct rte_security_ctx dummy_sec_ctx = {
178 .ops = &dummy_sec_ops,
181 static const struct supported_cipher_algo *
182 find_match_cipher_algo(const char *cipher_keyword)
186 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
187 const struct supported_cipher_algo *algo =
190 if (strcmp(cipher_keyword, algo->keyword) == 0)
197 static const struct supported_auth_algo *
198 find_match_auth_algo(const char *auth_keyword)
202 for (i = 0; i < RTE_DIM(auth_algos); i++) {
203 const struct supported_auth_algo *algo =
206 if (strcmp(auth_keyword, algo->keyword) == 0)
214 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
215 const struct supported_auth_algo *auth_algo,
216 const struct supported_cipher_algo *cipher_algo)
218 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
219 ut_params->auth_xform.auth.algo = auth_algo->algo;
220 ut_params->auth_xform.auth.key.data = global_key;
221 ut_params->auth_xform.auth.key.length = auth_algo->key_len;
222 ut_params->auth_xform.auth.digest_length = auth_algo->digest_len;
223 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
225 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
226 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
227 ut_params->cipher_xform.cipher.key.data = global_key;
228 ut_params->cipher_xform.cipher.key.length = cipher_algo->key_len;
229 ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
230 ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
231 ut_params->cipher_xform.cipher.iv.length = cipher_algo->iv_len;
233 if (ut_params->ipsec_xform.direction ==
234 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
235 ut_params->crypto_xforms = &ut_params->auth_xform;
236 ut_params->auth_xform.next = &ut_params->cipher_xform;
237 ut_params->cipher_xform.next = NULL;
239 ut_params->crypto_xforms = &ut_params->cipher_xform;
240 ut_params->cipher_xform.next = &ut_params->auth_xform;
241 ut_params->auth_xform.next = NULL;
246 check_cryptodev_capablity(const struct ipsec_unitest_params *ut,
249 struct rte_cryptodev_sym_capability_idx cap_idx;
250 const struct rte_cryptodev_symmetric_capability *cap;
253 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
254 cap_idx.algo.auth = ut->auth_xform.auth.algo;
255 cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
258 rc = rte_cryptodev_sym_capability_check_auth(cap,
259 ut->auth_xform.auth.key.length,
260 ut->auth_xform.auth.digest_length, 0);
262 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
263 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
264 cap = rte_cryptodev_sym_capability_get(
267 rc = rte_cryptodev_sym_capability_check_cipher(
269 ut->cipher_xform.cipher.key.length,
270 ut->cipher_xform.cipher.iv.length);
278 testsuite_setup(void)
280 struct ipsec_testsuite_params *ts_params = &testsuite_params;
281 struct ipsec_unitest_params *ut_params = &unittest_params;
282 const struct supported_auth_algo *auth_algo;
283 const struct supported_cipher_algo *cipher_algo;
284 struct rte_cryptodev_info info;
285 uint32_t i, nb_devs, dev_id;
289 memset(ts_params, 0, sizeof(*ts_params));
291 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
292 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
293 strcpy(uparams.auth_algo, "null");
294 strcpy(uparams.cipher_algo, "null");
296 auth_algo = find_match_auth_algo(uparams.auth_algo);
297 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
298 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
300 nb_devs = rte_cryptodev_count();
302 RTE_LOG(ERR, USER1, "No crypto devices found?\n");
306 /* Find first valid crypto device */
307 for (i = 0; i < nb_devs; i++) {
308 rc = check_cryptodev_capablity(ut_params, i);
310 ts_params->valid_dev = i;
311 ts_params->valid_dev_found = 1;
316 if (ts_params->valid_dev_found == 0)
319 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
321 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
323 if (ts_params->mbuf_pool == NULL) {
324 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
328 ts_params->cop_mpool = rte_crypto_op_pool_create(
329 "MBUF_CRYPTO_SYM_OP_POOL",
330 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
331 NUM_MBUFS, MBUF_CACHE_SIZE,
333 sizeof(struct rte_crypto_sym_xform) +
336 if (ts_params->cop_mpool == NULL) {
337 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
341 /* Set up all the qps on the first of the valid devices found */
342 dev_id = ts_params->valid_dev;
344 rte_cryptodev_info_get(dev_id, &info);
346 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
347 ts_params->conf.socket_id = SOCKET_ID_ANY;
349 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
350 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
353 * Create mempools for sessions
355 if (info.sym.max_nb_sessions != 0 &&
356 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
357 RTE_LOG(ERR, USER1, "Device does not support "
358 "at least %u sessions\n",
363 ts_params->qp_conf.mp_session_private = rte_mempool_create(
367 0, 0, NULL, NULL, NULL,
371 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
372 "private session mempool allocation failed");
374 ts_params->qp_conf.mp_session =
375 rte_cryptodev_sym_session_pool_create("test_sess_mp",
376 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
378 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
379 "session mempool allocation failed");
381 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
383 "Failed to configure cryptodev %u with %u qps",
384 dev_id, ts_params->conf.nb_queue_pairs);
386 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
388 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
389 dev_id, 0, &ts_params->qp_conf,
390 rte_cryptodev_socket_id(dev_id)),
391 "Failed to setup queue pair %u on cryptodev %u",
398 testsuite_teardown(void)
400 struct ipsec_testsuite_params *ts_params = &testsuite_params;
402 if (ts_params->mbuf_pool != NULL) {
403 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
404 rte_mempool_avail_count(ts_params->mbuf_pool));
405 rte_mempool_free(ts_params->mbuf_pool);
406 ts_params->mbuf_pool = NULL;
409 if (ts_params->cop_mpool != NULL) {
410 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
411 rte_mempool_avail_count(ts_params->cop_mpool));
412 rte_mempool_free(ts_params->cop_mpool);
413 ts_params->cop_mpool = NULL;
416 /* Free session mempools */
417 if (ts_params->qp_conf.mp_session != NULL) {
418 rte_mempool_free(ts_params->qp_conf.mp_session);
419 ts_params->qp_conf.mp_session = NULL;
422 if (ts_params->qp_conf.mp_session_private != NULL) {
423 rte_mempool_free(ts_params->qp_conf.mp_session_private);
424 ts_params->qp_conf.mp_session_private = NULL;
431 struct ipsec_testsuite_params *ts_params = &testsuite_params;
432 struct ipsec_unitest_params *ut_params = &unittest_params;
434 /* Clear unit test parameters before running test */
435 memset(ut_params, 0, sizeof(*ut_params));
437 /* Reconfigure device to default parameters */
438 ts_params->conf.socket_id = SOCKET_ID_ANY;
440 /* Start the device */
441 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
442 "Failed to start cryptodev %u",
443 ts_params->valid_dev);
451 struct ipsec_testsuite_params *ts_params = &testsuite_params;
452 struct ipsec_unitest_params *ut_params = &unittest_params;
455 for (i = 0; i < BURST_SIZE; i++) {
456 /* free crypto operation structure */
457 if (ut_params->cop[i])
458 rte_crypto_op_free(ut_params->cop[i]);
461 * free mbuf - both obuf and ibuf are usually the same,
462 * so check if they point at the same address is necessary,
463 * to avoid freeing the mbuf twice.
465 if (ut_params->obuf[i]) {
466 rte_pktmbuf_free(ut_params->obuf[i]);
467 if (ut_params->ibuf[i] == ut_params->obuf[i])
468 ut_params->ibuf[i] = 0;
469 ut_params->obuf[i] = 0;
471 if (ut_params->ibuf[i]) {
472 rte_pktmbuf_free(ut_params->ibuf[i]);
473 ut_params->ibuf[i] = 0;
476 if (ut_params->testbuf[i]) {
477 rte_pktmbuf_free(ut_params->testbuf[i]);
478 ut_params->testbuf[i] = 0;
482 if (ts_params->mbuf_pool != NULL)
483 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
484 rte_mempool_avail_count(ts_params->mbuf_pool));
486 /* Stop the device */
487 rte_cryptodev_stop(ts_params->valid_dev);
490 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
492 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
493 1, 2, 3, 4, 5, 6, 7, 8,
494 9, 10, 11, 12, 13, 14, 15, 16,
495 17, 18, 19, 20, 21, 22, 23, 24,
496 25, 26, 27, 28, 29, 30, 31, 32,
497 33, 34, 35, 36, 37, 38, 39, 40,
498 41, 42, 43, 44, 45, 46, 47, 48,
499 49, 50, 51, 52, 53, 54, 55, 56,
500 57, 58, 59, 60, 61, 62, 63, 64,
501 65, 66, 67, 68, 69, 70, 71, 72,
502 73, 74, 75, 76, 77, 78, 79, 80,
503 81, 82, 83, 84, 85, 86, 87, 88,
504 89, 90, 91, 92, 93, 94, 95, 96,
505 97, 98, 99, 100, 101, 102, 103, 104,
506 105, 106, 107, 108, 109, 110, 111, 112,
507 113, 114, 115, 116, 117, 118, 119, 120,
508 121, 122, 123, 124, 125, 126, 127, 128,
509 129, 130, 131, 132, 133, 134, 135, 136,
510 137, 138, 139, 140, 141, 142, 143, 144,
511 145, 146, 147, 148, 149, 150, 151, 152,
512 153, 154, 155, 156, 157, 158, 159, 160,
513 161, 162, 163, 164, 165, 166, 167, 168,
514 169, 170, 171, 172, 173, 174, 175, 176,
515 177, 178, 179, 180, 181, 182, 183, 184,
516 185, 186, 187, 188, 189, 190, 191, 192,
517 193, 194, 195, 196, 197, 198, 199, 200,
518 201, 202, 203, 204, 205, 206, 207, 208,
519 209, 210, 211, 212, 213, 214, 215, 216,
520 217, 218, 219, 220, 221, 222, 223, 224,
521 225, 226, 227, 228, 229, 230, 231, 232,
522 233, 234, 235, 236, 237, 238, 239, 240,
523 241, 242, 243, 244, 245, 246, 247, 248,
524 249, 250, 251, 252, 253, 254, 255,
527 /* ***** data for tests ***** */
529 const char null_plain_data[] =
530 "Network Security People Have A Strange Sense Of Humor unlike Other "
531 "People who have a normal sense of humour";
533 const char null_encrypted_data[] =
534 "Network Security People Have A Strange Sense Of Humor unlike Other "
535 "People who have a normal sense of humour";
537 struct ipv4_hdr ipv4_outer = {
538 .version_ihl = IPVERSION << 4 |
539 sizeof(ipv4_outer) / IPV4_IHL_MULTIPLIER,
540 .time_to_live = IPDEFTTL,
541 .next_proto_id = IPPROTO_ESP,
542 .src_addr = IPv4(192, 168, 1, 100),
543 .dst_addr = IPv4(192, 168, 2, 100),
546 static struct rte_mbuf *
547 setup_test_string(struct rte_mempool *mpool,
548 const char *string, size_t len, uint8_t blocksize)
550 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
551 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
554 memset(m->buf_addr, 0, m->buf_len);
555 char *dst = rte_pktmbuf_append(m, t_len);
562 rte_memcpy(dst, string, t_len);
564 memset(dst, 0, t_len);
570 static struct rte_mbuf *
571 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
572 size_t len, uint32_t spi, uint32_t seq)
574 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
575 uint32_t hdrlen = sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr);
576 uint32_t taillen = sizeof(struct esp_tail);
577 uint32_t t_len = len + hdrlen + taillen;
580 struct esp_hdr esph = {
581 .spi = rte_cpu_to_be_32(spi),
582 .seq = rte_cpu_to_be_32(seq)
585 padlen = RTE_ALIGN(t_len, 4) - t_len;
588 struct esp_tail espt = {
590 .next_proto = IPPROTO_IPIP,
596 memset(m->buf_addr, 0, m->buf_len);
597 char *dst = rte_pktmbuf_append(m, t_len);
603 /* copy outer IP and ESP header */
604 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
605 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
606 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
607 dst += sizeof(ipv4_outer);
608 m->l3_len = sizeof(ipv4_outer);
609 rte_memcpy(dst, &esph, sizeof(esph));
612 if (string != NULL) {
614 rte_memcpy(dst, string, len);
617 rte_memcpy(dst, esp_pad_bytes, padlen);
619 /* copy ESP tail header */
620 rte_memcpy(dst, &espt, sizeof(espt));
622 memset(dst, 0, t_len);
628 create_dummy_sec_session(struct ipsec_unitest_params *ut,
629 struct rte_cryptodev_qp_conf *qp, uint32_t j)
631 static struct rte_security_session_conf conf;
633 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
634 &conf, qp->mp_session_private);
636 if (ut->ss[j].security.ses == NULL)
639 ut->ss[j].security.ctx = &dummy_sec_ctx;
640 ut->ss[j].security.ol_flags = 0;
645 create_crypto_session(struct ipsec_unitest_params *ut,
646 struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
649 struct rte_cryptodev_sym_session *s;
651 s = rte_cryptodev_sym_session_create(qp->mp_session);
655 /* initiliaze SA crypto session for device */
656 rc = rte_cryptodev_sym_session_init(dev_id, s,
657 ut->crypto_xforms, qp->mp_session_private);
659 ut->ss[j].crypto.ses = s;
662 /* failure, do cleanup */
663 rte_cryptodev_sym_session_clear(dev_id, s);
664 rte_cryptodev_sym_session_free(s);
670 create_session(struct ipsec_unitest_params *ut,
671 struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
673 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
674 return create_crypto_session(ut, qp, crypto_dev, j);
676 return create_dummy_sec_session(ut, qp, j);
680 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
682 struct ipsec_unitest_params *ut_params = &unittest_params;
683 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
684 const struct supported_auth_algo *auth_algo;
685 const struct supported_cipher_algo *cipher_algo;
687 memset(prm, 0, sizeof(*prm));
691 prm->replay_win_sz = replay_win_sz;
693 /* setup ipsec xform */
694 prm->ipsec_xform = ut_params->ipsec_xform;
695 prm->ipsec_xform.salt = (uint32_t)rte_rand();
697 /* setup tunnel related fields */
698 prm->tun.hdr_len = sizeof(ipv4_outer);
699 prm->tun.next_proto = IPPROTO_IPIP;
700 prm->tun.hdr = &ipv4_outer;
702 /* setup crypto section */
703 if (uparams.aead != 0) {
704 /* TODO: will need to fill out with other test cases */
706 if (uparams.auth == 0 && uparams.cipher == 0)
709 auth_algo = find_match_auth_algo(uparams.auth_algo);
710 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
712 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
715 prm->crypto_xform = ut_params->crypto_xforms;
720 create_sa(enum rte_security_session_action_type action_type,
721 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
723 struct ipsec_testsuite_params *ts = &testsuite_params;
724 struct ipsec_unitest_params *ut = &unittest_params;
728 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
730 rc = fill_ipsec_param(replay_win_sz, flags);
734 /* create rte_ipsec_sa*/
735 sz = rte_ipsec_sa_size(&ut->sa_prm);
736 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
738 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
739 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
740 "failed to allocate memory for rte_ipsec_sa\n");
742 ut->ss[j].type = action_type;
743 rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
747 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
748 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
750 rc = rte_ipsec_session_prepare(&ut->ss[j]);
756 crypto_ipsec(uint16_t num_pkts)
758 struct ipsec_testsuite_params *ts_params = &testsuite_params;
759 struct ipsec_unitest_params *ut_params = &unittest_params;
761 struct rte_ipsec_group grp[1];
763 /* call crypto prepare */
764 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
765 ut_params->cop, num_pkts);
767 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
770 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
771 ut_params->cop, num_pkts);
773 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
777 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
778 ut_params->cop, num_pkts);
780 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
784 ng = rte_ipsec_pkt_crypto_group(
785 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
786 ut_params->obuf, grp, num_pkts);
788 grp[0].m[0] != ut_params->obuf[0] ||
789 grp[0].cnt != num_pkts ||
790 grp[0].id.ptr != &ut_params->ss[0]) {
791 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
795 /* call crypto process */
796 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
798 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
806 lksd_proto_ipsec(uint16_t num_pkts)
808 struct ipsec_unitest_params *ut_params = &unittest_params;
810 struct rte_ipsec_group grp[1];
812 /* call crypto prepare */
813 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
814 ut_params->cop, num_pkts);
816 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
820 /* check crypto ops */
821 for (i = 0; i != num_pkts; i++) {
822 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
823 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
824 "%s: invalid crypto op type for %u-th packet\n",
826 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
827 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
828 "%s: invalid crypto op status for %u-th packet\n",
830 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
831 RTE_CRYPTO_OP_SECURITY_SESSION,
832 "%s: invalid crypto op sess_type for %u-th packet\n",
834 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
836 "%s: invalid crypto op m_src for %u-th packet\n",
840 /* update crypto ops, pretend all finished ok */
841 for (i = 0; i != num_pkts; i++)
842 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
844 ng = rte_ipsec_pkt_crypto_group(
845 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
846 ut_params->obuf, grp, num_pkts);
848 grp[0].m[0] != ut_params->obuf[0] ||
849 grp[0].cnt != num_pkts ||
850 grp[0].id.ptr != &ut_params->ss[0]) {
851 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
855 /* call crypto process */
856 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
858 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
866 crypto_ipsec_2sa(void)
868 struct ipsec_testsuite_params *ts_params = &testsuite_params;
869 struct ipsec_unitest_params *ut_params = &unittest_params;
870 struct rte_ipsec_group grp[BURST_SIZE];
872 uint32_t k, ng, i, r;
874 for (i = 0; i < BURST_SIZE; i++) {
876 /* call crypto prepare */
877 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
878 ut_params->ibuf + i, ut_params->cop + i, 1);
881 "rte_ipsec_pkt_crypto_prepare fail\n");
884 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
885 ut_params->cop + i, 1);
888 "rte_cryptodev_enqueue_burst fail\n");
893 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
894 ut_params->cop, BURST_SIZE);
895 if (k != BURST_SIZE) {
896 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
900 ng = rte_ipsec_pkt_crypto_group(
901 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
902 ut_params->obuf, grp, BURST_SIZE);
903 if (ng != BURST_SIZE) {
904 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
909 /* call crypto process */
910 for (i = 0; i < ng; i++) {
911 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
912 if (k != grp[i].cnt) {
913 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
925 crypto_ipsec_4grp(uint32_t pkt_num)
929 /* group packets in 4 different size groups groups, 2 per SA */
932 else if (pkt_num < PKT_12)
934 else if (pkt_num < PKT_21)
943 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
945 struct ipsec_unitest_params *ut_params = &unittest_params;
950 for (i = 0, j = 0; i < PKT_4; i++, j++)
951 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
955 } else if (grp_ind == 1) {
956 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
957 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
962 } else if (grp_ind == 2) {
963 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
964 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
968 } else if (grp_ind == 3) {
969 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
970 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
981 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
986 if (grp[grp_ind].cnt != PKT_4)
988 } else if (grp_ind == 1) {
989 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
991 } else if (grp_ind == 2) {
992 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
994 } else if (grp_ind == 3) {
995 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1004 crypto_ipsec_2sa_4grp(void)
1006 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1007 struct ipsec_unitest_params *ut_params = &unittest_params;
1008 struct rte_ipsec_group grp[BURST_SIZE];
1009 uint32_t k, ng, i, j;
1012 for (i = 0; i < BURST_SIZE; i++) {
1013 j = crypto_ipsec_4grp(i);
1015 /* call crypto prepare */
1016 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1017 ut_params->ibuf + i, ut_params->cop + i, 1);
1020 "rte_ipsec_pkt_crypto_prepare fail\n");
1023 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1024 ut_params->cop + i, 1);
1027 "rte_cryptodev_enqueue_burst fail\n");
1032 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
1033 ut_params->cop, BURST_SIZE);
1034 if (k != BURST_SIZE) {
1035 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
1039 ng = rte_ipsec_pkt_crypto_group(
1040 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1041 ut_params->obuf, grp, BURST_SIZE);
1043 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1048 /* call crypto process */
1049 for (i = 0; i < ng; i++) {
1050 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1051 if (k != grp[i].cnt) {
1052 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
1055 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1058 "crypto_ipsec_4grp_check_cnt fail\n");
1061 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1064 "crypto_ipsec_4grp_check_mbufs fail\n");
1068 return TEST_SUCCESS;
1072 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1074 struct ipsec_unitest_params *ut_params = &unittest_params;
1075 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1078 /* reorder packets and create gaps in sequence numbers */
1079 static const uint32_t reorder[BURST_SIZE] = {
1080 24, 25, 26, 27, 28, 29, 30, 31,
1081 16, 17, 18, 19, 20, 21, 22, 23,
1082 8, 9, 10, 11, 12, 13, 14, 15,
1083 0, 1, 2, 3, 4, 5, 6, 7,
1086 if (num_pkts != BURST_SIZE)
1089 for (j = 0; j != BURST_SIZE; j++)
1090 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1092 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1096 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1098 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1099 struct ipsec_unitest_params *ut_params = &unittest_params;
1103 for (j = 0; j < num_pkts && rc == 0; j++) {
1104 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1105 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1106 if (ut_params->cop[j] == NULL) {
1108 "Failed to allocate symmetric crypto op\n");
1117 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1119 uint16_t j = ut_params->pkt_index;
1121 printf("\ntest config: num %d\n", i);
1122 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1123 printf(" esn %u\n", test_cfg[i].esn);
1124 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1125 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1126 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1128 if (ut_params->ibuf[j]) {
1129 printf("ibuf[%u] data:\n", j);
1130 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1131 ut_params->ibuf[j]->data_len);
1133 if (ut_params->obuf[j]) {
1134 printf("obuf[%u] data:\n", j);
1135 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1136 ut_params->obuf[j]->data_len);
1138 if (ut_params->testbuf[j]) {
1139 printf("testbuf[%u] data:\n", j);
1140 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1141 ut_params->testbuf[j]->data_len);
1146 destroy_sa(uint32_t j)
1148 struct ipsec_unitest_params *ut = &unittest_params;
1150 rte_ipsec_sa_fini(ut->ss[j].sa);
1151 rte_free(ut->ss[j].sa);
1152 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1153 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1157 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1162 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1163 ut_params->pkt_index = j;
1165 /* compare the data buffers */
1166 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1167 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1169 "input and output data does not match\n");
1170 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1171 ut_params->obuf[j]->pkt_len,
1172 "data_len is not equal to pkt_len");
1173 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1175 "data_len is not equal to input data");
1182 test_ipsec_crypto_inb_burst_null_null(int i)
1184 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1185 struct ipsec_unitest_params *ut_params = &unittest_params;
1186 uint16_t num_pkts = test_cfg[i].num_pkts;
1190 /* create rte_ipsec_sa */
1191 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1192 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1194 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1199 /* Generate test mbuf data */
1200 for (j = 0; j < num_pkts && rc == 0; j++) {
1201 /* packet with sequence number 0 is invalid */
1202 ut_params->ibuf[j] = setup_test_string_tunneled(
1203 ts_params->mbuf_pool, null_encrypted_data,
1204 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1205 if (ut_params->ibuf[j] == NULL)
1210 if (test_cfg[i].reorder_pkts)
1211 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1212 rc = test_ipsec_crypto_op_alloc(num_pkts);
1216 /* call ipsec library api */
1217 rc = crypto_ipsec(num_pkts);
1219 rc = crypto_inb_burst_null_null_check(
1220 ut_params, i, num_pkts);
1222 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1228 if (rc == TEST_FAILED)
1229 test_ipsec_dump_buffers(ut_params, i);
1236 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1240 struct ipsec_unitest_params *ut_params = &unittest_params;
1242 ut_params->ipsec_xform.spi = INBOUND_SPI;
1243 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1244 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1245 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1246 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1248 for (i = 0; i < num_cfg && rc == 0; i++) {
1249 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1250 rc = test_ipsec_crypto_inb_burst_null_null(i);
1257 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1264 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1265 ut_params->pkt_index = j;
1267 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1268 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1269 /* compare the buffer data */
1270 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1271 ut_params->obuf[j]->pkt_len,
1272 "test and output data does not match\n");
1273 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1274 ut_params->testbuf[j]->data_len,
1275 "obuf data_len is not equal to testbuf data_len");
1276 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1277 ut_params->testbuf[j]->pkt_len,
1278 "obuf pkt_len is not equal to testbuf pkt_len");
1285 test_ipsec_crypto_outb_burst_null_null(int i)
1287 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1288 struct ipsec_unitest_params *ut_params = &unittest_params;
1289 uint16_t num_pkts = test_cfg[i].num_pkts;
1293 /* create rte_ipsec_sa*/
1294 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1295 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1297 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1302 /* Generate input mbuf data */
1303 for (j = 0; j < num_pkts && rc == 0; j++) {
1304 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1305 null_plain_data, test_cfg[i].pkt_sz, 0);
1306 if (ut_params->ibuf[j] == NULL)
1309 /* Generate test mbuf data */
1310 /* packet with sequence number 0 is invalid */
1311 ut_params->testbuf[j] = setup_test_string_tunneled(
1312 ts_params->mbuf_pool,
1313 null_plain_data, test_cfg[i].pkt_sz,
1314 OUTBOUND_SPI, j + 1);
1315 if (ut_params->testbuf[j] == NULL)
1321 rc = test_ipsec_crypto_op_alloc(num_pkts);
1324 /* call ipsec library api */
1325 rc = crypto_ipsec(num_pkts);
1327 rc = crypto_outb_burst_null_null_check(ut_params,
1330 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1334 if (rc == TEST_FAILED)
1335 test_ipsec_dump_buffers(ut_params, i);
1342 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1346 struct ipsec_unitest_params *ut_params = &unittest_params;
1348 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1349 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1350 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1351 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1352 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1354 for (i = 0; i < num_cfg && rc == 0; i++) {
1355 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1356 rc = test_ipsec_crypto_outb_burst_null_null(i);
1363 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1370 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1371 ut_params->pkt_index = j;
1373 /* compare the buffer data */
1374 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1375 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1377 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1378 ut_params->ibuf[j]->data_len,
1379 "input and output data does not match\n");
1380 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1381 ut_params->obuf[j]->data_len,
1382 "ibuf data_len is not equal to obuf data_len");
1383 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1384 ut_params->obuf[j]->pkt_len,
1385 "ibuf pkt_len is not equal to obuf pkt_len");
1386 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1388 "data_len is not equal input data");
1394 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1396 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1397 struct ipsec_unitest_params *ut_params = &unittest_params;
1398 uint16_t num_pkts = test_cfg[i].num_pkts;
1403 /* create rte_ipsec_sa*/
1404 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1405 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1407 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1412 /* Generate inbound mbuf data */
1413 for (j = 0; j < num_pkts && rc == 0; j++) {
1414 ut_params->ibuf[j] = setup_test_string_tunneled(
1415 ts_params->mbuf_pool,
1416 null_plain_data, test_cfg[i].pkt_sz,
1417 INBOUND_SPI, j + 1);
1418 if (ut_params->ibuf[j] == NULL)
1421 /* Generate test mbuf data */
1422 ut_params->obuf[j] = setup_test_string(
1423 ts_params->mbuf_pool,
1424 null_plain_data, test_cfg[i].pkt_sz, 0);
1425 if (ut_params->obuf[j] == NULL)
1431 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1434 rc = inline_inb_burst_null_null_check(ut_params, i,
1438 "rte_ipsec_pkt_process failed, cfg %d\n",
1444 if (rc == TEST_FAILED)
1445 test_ipsec_dump_buffers(ut_params, i);
1452 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1456 struct ipsec_unitest_params *ut_params = &unittest_params;
1458 ut_params->ipsec_xform.spi = INBOUND_SPI;
1459 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1460 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1461 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1462 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1464 for (i = 0; i < num_cfg && rc == 0; i++) {
1465 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1466 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1473 test_ipsec_inline_proto_inb_burst_null_null(int i)
1475 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1476 struct ipsec_unitest_params *ut_params = &unittest_params;
1477 uint16_t num_pkts = test_cfg[i].num_pkts;
1482 /* create rte_ipsec_sa*/
1483 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1484 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1486 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1491 /* Generate inbound mbuf data */
1492 for (j = 0; j < num_pkts && rc == 0; j++) {
1493 ut_params->ibuf[j] = setup_test_string(
1494 ts_params->mbuf_pool,
1495 null_plain_data, test_cfg[i].pkt_sz, 0);
1496 if (ut_params->ibuf[j] == NULL)
1499 /* Generate test mbuf data */
1500 ut_params->obuf[j] = setup_test_string(
1501 ts_params->mbuf_pool,
1502 null_plain_data, test_cfg[i].pkt_sz, 0);
1503 if (ut_params->obuf[j] == NULL)
1509 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1512 rc = inline_inb_burst_null_null_check(ut_params, i,
1516 "rte_ipsec_pkt_process failed, cfg %d\n",
1522 if (rc == TEST_FAILED)
1523 test_ipsec_dump_buffers(ut_params, i);
1530 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1534 struct ipsec_unitest_params *ut_params = &unittest_params;
1536 ut_params->ipsec_xform.spi = INBOUND_SPI;
1537 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1538 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1539 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1540 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1542 for (i = 0; i < num_cfg && rc == 0; i++) {
1543 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1544 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1551 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1558 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1559 ut_params->pkt_index = j;
1561 /* compare the buffer data */
1562 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1563 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1564 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1565 ut_params->ibuf[j]->data_len,
1566 "input and output data does not match\n");
1567 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1568 ut_params->obuf[j]->data_len,
1569 "ibuf data_len is not equal to obuf data_len");
1570 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1571 ut_params->obuf[j]->pkt_len,
1572 "ibuf pkt_len is not equal to obuf pkt_len");
1574 /* check mbuf ol_flags */
1575 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1576 "ibuf PKT_TX_SEC_OFFLOAD is not set");
1582 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1584 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1585 struct ipsec_unitest_params *ut_params = &unittest_params;
1586 uint16_t num_pkts = test_cfg[i].num_pkts;
1591 /* create rte_ipsec_sa */
1592 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1593 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1595 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1600 /* Generate test mbuf data */
1601 for (j = 0; j < num_pkts && rc == 0; j++) {
1602 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1603 null_plain_data, test_cfg[i].pkt_sz, 0);
1604 if (ut_params->ibuf[0] == NULL)
1608 /* Generate test tunneled mbuf data for comparison */
1609 ut_params->obuf[j] = setup_test_string_tunneled(
1610 ts_params->mbuf_pool,
1611 null_plain_data, test_cfg[i].pkt_sz,
1612 OUTBOUND_SPI, j + 1);
1613 if (ut_params->obuf[j] == NULL)
1619 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1622 rc = inline_outb_burst_null_null_check(ut_params,
1626 "rte_ipsec_pkt_process failed, cfg %d\n",
1632 if (rc == TEST_FAILED)
1633 test_ipsec_dump_buffers(ut_params, i);
1640 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1644 struct ipsec_unitest_params *ut_params = &unittest_params;
1646 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1647 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1648 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1649 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1650 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1652 for (i = 0; i < num_cfg && rc == 0; i++) {
1653 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1654 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1661 test_ipsec_inline_proto_outb_burst_null_null(int i)
1663 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1664 struct ipsec_unitest_params *ut_params = &unittest_params;
1665 uint16_t num_pkts = test_cfg[i].num_pkts;
1670 /* create rte_ipsec_sa */
1671 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1672 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1674 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1679 /* Generate test mbuf data */
1680 for (j = 0; j < num_pkts && rc == 0; j++) {
1681 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1682 null_plain_data, test_cfg[i].pkt_sz, 0);
1683 if (ut_params->ibuf[0] == NULL)
1687 /* Generate test tunneled mbuf data for comparison */
1688 ut_params->obuf[j] = setup_test_string(
1689 ts_params->mbuf_pool,
1690 null_plain_data, test_cfg[i].pkt_sz, 0);
1691 if (ut_params->obuf[j] == NULL)
1697 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1700 rc = inline_outb_burst_null_null_check(ut_params,
1704 "rte_ipsec_pkt_process failed, cfg %d\n",
1710 if (rc == TEST_FAILED)
1711 test_ipsec_dump_buffers(ut_params, i);
1718 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1722 struct ipsec_unitest_params *ut_params = &unittest_params;
1724 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1725 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1726 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1727 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1728 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1730 for (i = 0; i < num_cfg && rc == 0; i++) {
1731 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1732 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1739 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1741 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1742 struct ipsec_unitest_params *ut_params = &unittest_params;
1743 uint16_t num_pkts = test_cfg[i].num_pkts;
1747 /* create rte_ipsec_sa */
1748 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1749 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1751 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1756 /* Generate test mbuf data */
1757 for (j = 0; j < num_pkts && rc == 0; j++) {
1758 /* packet with sequence number 0 is invalid */
1759 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1760 null_encrypted_data, test_cfg[i].pkt_sz, 0);
1761 if (ut_params->ibuf[j] == NULL)
1766 if (test_cfg[i].reorder_pkts)
1767 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1768 rc = test_ipsec_crypto_op_alloc(num_pkts);
1772 /* call ipsec library api */
1773 rc = lksd_proto_ipsec(num_pkts);
1775 rc = crypto_inb_burst_null_null_check(ut_params, i,
1778 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1784 if (rc == TEST_FAILED)
1785 test_ipsec_dump_buffers(ut_params, i);
1792 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1796 struct ipsec_unitest_params *ut_params = &unittest_params;
1798 ut_params->ipsec_xform.spi = INBOUND_SPI;
1799 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1800 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1801 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1802 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1804 for (i = 0; i < num_cfg && rc == 0; i++) {
1805 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1806 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1813 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1817 struct ipsec_unitest_params *ut_params = &unittest_params;
1819 ut_params->ipsec_xform.spi = INBOUND_SPI;
1820 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1821 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1822 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1823 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1825 for (i = 0; i < num_cfg && rc == 0; i++) {
1826 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1827 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1834 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1839 for (j = 0; j < num_pkts; j++) {
1840 /* compare the buffer data */
1841 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1842 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1844 "input and output data does not match\n");
1846 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1847 ut_params->obuf[j]->pkt_len,
1848 "data_len is not equal to pkt_len");
1855 test_ipsec_replay_inb_inside_null_null(int i)
1857 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1858 struct ipsec_unitest_params *ut_params = &unittest_params;
1861 /* create rte_ipsec_sa*/
1862 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1863 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1865 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1870 /* Generate inbound mbuf data */
1871 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1872 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1873 if (ut_params->ibuf[0] == NULL)
1876 rc = test_ipsec_crypto_op_alloc(1);
1879 /* call ipsec library api */
1880 rc = crypto_ipsec(1);
1882 rc = replay_inb_null_null_check(ut_params, i, 1);
1884 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1890 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1891 /* generate packet with seq number inside the replay window */
1892 if (ut_params->ibuf[0]) {
1893 rte_pktmbuf_free(ut_params->ibuf[0]);
1894 ut_params->ibuf[0] = 0;
1897 ut_params->ibuf[0] = setup_test_string_tunneled(
1898 ts_params->mbuf_pool, null_encrypted_data,
1899 test_cfg[i].pkt_sz, INBOUND_SPI,
1900 test_cfg[i].replay_win_sz);
1901 if (ut_params->ibuf[0] == NULL)
1904 rc = test_ipsec_crypto_op_alloc(1);
1907 /* call ipsec library api */
1908 rc = crypto_ipsec(1);
1910 rc = replay_inb_null_null_check(
1913 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1919 if (rc == TEST_FAILED)
1920 test_ipsec_dump_buffers(ut_params, i);
1928 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1932 struct ipsec_unitest_params *ut_params = &unittest_params;
1934 ut_params->ipsec_xform.spi = INBOUND_SPI;
1935 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1936 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1937 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1938 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1940 for (i = 0; i < num_cfg && rc == 0; i++) {
1941 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1942 rc = test_ipsec_replay_inb_inside_null_null(i);
1949 test_ipsec_replay_inb_outside_null_null(int i)
1951 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1952 struct ipsec_unitest_params *ut_params = &unittest_params;
1955 /* create rte_ipsec_sa */
1956 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1957 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1959 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1964 /* Generate test mbuf data */
1965 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1966 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
1967 test_cfg[i].replay_win_sz + 2);
1968 if (ut_params->ibuf[0] == NULL)
1971 rc = test_ipsec_crypto_op_alloc(1);
1974 /* call ipsec library api */
1975 rc = crypto_ipsec(1);
1977 rc = replay_inb_null_null_check(ut_params, i, 1);
1979 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1985 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1986 /* generate packet with seq number outside the replay window */
1987 if (ut_params->ibuf[0]) {
1988 rte_pktmbuf_free(ut_params->ibuf[0]);
1989 ut_params->ibuf[0] = 0;
1991 ut_params->ibuf[0] = setup_test_string_tunneled(
1992 ts_params->mbuf_pool, null_encrypted_data,
1993 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1994 if (ut_params->ibuf[0] == NULL)
1997 rc = test_ipsec_crypto_op_alloc(1);
2000 /* call ipsec library api */
2001 rc = crypto_ipsec(1);
2003 if (test_cfg[i].esn == 0) {
2005 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2007 test_cfg[i].replay_win_sz + 2,
2013 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2014 i, test_cfg[i].replay_win_sz + 2, 1);
2020 if (rc == TEST_FAILED)
2021 test_ipsec_dump_buffers(ut_params, i);
2029 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2033 struct ipsec_unitest_params *ut_params = &unittest_params;
2035 ut_params->ipsec_xform.spi = INBOUND_SPI;
2036 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2037 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2038 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2039 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2041 for (i = 0; i < num_cfg && rc == 0; i++) {
2042 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2043 rc = test_ipsec_replay_inb_outside_null_null(i);
2050 test_ipsec_replay_inb_repeat_null_null(int i)
2052 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2053 struct ipsec_unitest_params *ut_params = &unittest_params;
2056 /* create rte_ipsec_sa */
2057 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2058 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2060 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n", i);
2064 /* Generate test mbuf data */
2065 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2066 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2067 if (ut_params->ibuf[0] == NULL)
2070 rc = test_ipsec_crypto_op_alloc(1);
2073 /* call ipsec library api */
2074 rc = crypto_ipsec(1);
2076 rc = replay_inb_null_null_check(ut_params, i, 1);
2078 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2084 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2086 * generate packet with repeat seq number in the replay
2089 if (ut_params->ibuf[0]) {
2090 rte_pktmbuf_free(ut_params->ibuf[0]);
2091 ut_params->ibuf[0] = 0;
2094 ut_params->ibuf[0] = setup_test_string_tunneled(
2095 ts_params->mbuf_pool, null_encrypted_data,
2096 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2097 if (ut_params->ibuf[0] == NULL)
2100 rc = test_ipsec_crypto_op_alloc(1);
2103 /* call ipsec library api */
2104 rc = crypto_ipsec(1);
2107 "packet is not repeated in the replay window, cfg %d seq %u\n",
2112 "packet is repeated in the replay window, cfg %d seq %u\n",
2119 if (rc == TEST_FAILED)
2120 test_ipsec_dump_buffers(ut_params, i);
2128 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2132 struct ipsec_unitest_params *ut_params = &unittest_params;
2134 ut_params->ipsec_xform.spi = INBOUND_SPI;
2135 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2136 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2137 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2138 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2140 for (i = 0; i < num_cfg && rc == 0; i++) {
2141 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2142 rc = test_ipsec_replay_inb_repeat_null_null(i);
2149 test_ipsec_replay_inb_inside_burst_null_null(int i)
2151 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2152 struct ipsec_unitest_params *ut_params = &unittest_params;
2153 uint16_t num_pkts = test_cfg[i].num_pkts;
2157 /* create rte_ipsec_sa*/
2158 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2159 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2161 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2166 /* Generate inbound mbuf data */
2167 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2168 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2169 if (ut_params->ibuf[0] == NULL)
2172 rc = test_ipsec_crypto_op_alloc(1);
2175 /* call ipsec library api */
2176 rc = crypto_ipsec(1);
2178 rc = replay_inb_null_null_check(ut_params, i, 1);
2180 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2186 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2188 * generate packet(s) with seq number(s) inside the
2191 if (ut_params->ibuf[0]) {
2192 rte_pktmbuf_free(ut_params->ibuf[0]);
2193 ut_params->ibuf[0] = 0;
2196 for (j = 0; j < num_pkts && rc == 0; j++) {
2197 /* packet with sequence number 1 already processed */
2198 ut_params->ibuf[j] = setup_test_string_tunneled(
2199 ts_params->mbuf_pool, null_encrypted_data,
2200 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2201 if (ut_params->ibuf[j] == NULL)
2206 if (test_cfg[i].reorder_pkts)
2207 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2208 rc = test_ipsec_crypto_op_alloc(num_pkts);
2212 /* call ipsec library api */
2213 rc = crypto_ipsec(num_pkts);
2215 rc = replay_inb_null_null_check(
2216 ut_params, i, num_pkts);
2218 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2224 if (rc == TEST_FAILED)
2225 test_ipsec_dump_buffers(ut_params, i);
2233 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2237 struct ipsec_unitest_params *ut_params = &unittest_params;
2239 ut_params->ipsec_xform.spi = INBOUND_SPI;
2240 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2241 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2242 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2243 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2245 for (i = 0; i < num_cfg && rc == 0; i++) {
2246 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2247 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2255 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2260 for (j = 0; j < BURST_SIZE; j++) {
2261 ut_params->pkt_index = j;
2263 /* compare the data buffers */
2264 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2265 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2267 "input and output data does not match\n");
2268 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2269 ut_params->obuf[j]->pkt_len,
2270 "data_len is not equal to pkt_len");
2271 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2273 "data_len is not equal to input data");
2280 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2282 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2283 struct ipsec_unitest_params *ut_params = &unittest_params;
2284 uint16_t num_pkts = test_cfg[i].num_pkts;
2288 if (num_pkts != BURST_SIZE)
2291 /* create rte_ipsec_sa */
2292 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2293 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2295 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2300 /* create second rte_ipsec_sa */
2301 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2302 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2303 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2305 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2311 /* Generate test mbuf data */
2312 for (j = 0; j < num_pkts && rc == 0; j++) {
2314 /* packet with sequence number 0 is invalid */
2315 ut_params->ibuf[j] = setup_test_string_tunneled(
2316 ts_params->mbuf_pool, null_encrypted_data,
2317 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2318 if (ut_params->ibuf[j] == NULL)
2323 rc = test_ipsec_crypto_op_alloc(num_pkts);
2326 /* call ipsec library api */
2327 rc = crypto_ipsec_2sa();
2329 rc = crypto_inb_burst_2sa_null_null_check(
2332 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2338 if (rc == TEST_FAILED)
2339 test_ipsec_dump_buffers(ut_params, i);
2347 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2351 struct ipsec_unitest_params *ut_params = &unittest_params;
2353 ut_params->ipsec_xform.spi = INBOUND_SPI;
2354 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2355 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2356 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2357 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2359 for (i = 0; i < num_cfg && rc == 0; i++) {
2360 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2361 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2368 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2370 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2371 struct ipsec_unitest_params *ut_params = &unittest_params;
2372 uint16_t num_pkts = test_cfg[i].num_pkts;
2376 if (num_pkts != BURST_SIZE)
2379 /* create rte_ipsec_sa */
2380 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2381 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2383 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2388 /* create second rte_ipsec_sa */
2389 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2390 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2391 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2393 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2399 /* Generate test mbuf data */
2400 for (j = 0; j < num_pkts && rc == 0; j++) {
2401 k = crypto_ipsec_4grp(j);
2403 /* packet with sequence number 0 is invalid */
2404 ut_params->ibuf[j] = setup_test_string_tunneled(
2405 ts_params->mbuf_pool, null_encrypted_data,
2406 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2407 if (ut_params->ibuf[j] == NULL)
2412 rc = test_ipsec_crypto_op_alloc(num_pkts);
2415 /* call ipsec library api */
2416 rc = crypto_ipsec_2sa_4grp();
2418 rc = crypto_inb_burst_2sa_null_null_check(
2421 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2427 if (rc == TEST_FAILED)
2428 test_ipsec_dump_buffers(ut_params, i);
2436 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2440 struct ipsec_unitest_params *ut_params = &unittest_params;
2442 ut_params->ipsec_xform.spi = INBOUND_SPI;
2443 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2444 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2445 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2446 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2448 for (i = 0; i < num_cfg && rc == 0; i++) {
2449 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2450 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2456 static struct unit_test_suite ipsec_testsuite = {
2457 .suite_name = "IPsec NULL Unit Test Suite",
2458 .setup = testsuite_setup,
2459 .teardown = testsuite_teardown,
2460 .unit_test_cases = {
2461 TEST_CASE_ST(ut_setup, ut_teardown,
2462 test_ipsec_crypto_inb_burst_null_null_wrapper),
2463 TEST_CASE_ST(ut_setup, ut_teardown,
2464 test_ipsec_crypto_outb_burst_null_null_wrapper),
2465 TEST_CASE_ST(ut_setup, ut_teardown,
2466 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2467 TEST_CASE_ST(ut_setup, ut_teardown,
2468 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2469 TEST_CASE_ST(ut_setup, ut_teardown,
2470 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2471 TEST_CASE_ST(ut_setup, ut_teardown,
2472 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2473 TEST_CASE_ST(ut_setup, ut_teardown,
2474 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2475 TEST_CASE_ST(ut_setup, ut_teardown,
2476 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2477 TEST_CASE_ST(ut_setup, ut_teardown,
2478 test_ipsec_replay_inb_inside_null_null_wrapper),
2479 TEST_CASE_ST(ut_setup, ut_teardown,
2480 test_ipsec_replay_inb_outside_null_null_wrapper),
2481 TEST_CASE_ST(ut_setup, ut_teardown,
2482 test_ipsec_replay_inb_repeat_null_null_wrapper),
2483 TEST_CASE_ST(ut_setup, ut_teardown,
2484 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2485 TEST_CASE_ST(ut_setup, ut_teardown,
2486 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2487 TEST_CASE_ST(ut_setup, ut_teardown,
2488 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2489 TEST_CASES_END() /**< NULL terminate unit test array */
2496 return unit_test_suite_runner(&ipsec_testsuite);
2499 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);
git.droids-corp.org / dpdk.git / blob