1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
7 #include <netinet/in.h>
8 #include <netinet/ip.h>
10 #include <rte_common.h>
11 #include <rte_hexdump.h>
13 #include <rte_malloc.h>
14 #include <rte_memcpy.h>
15 #include <rte_pause.h>
16 #include <rte_bus_vdev.h>
19 #include <rte_crypto.h>
20 #include <rte_cryptodev.h>
21 #include <rte_cryptodev_pmd.h>
22 #include <rte_lcore.h>
23 #include <rte_ipsec.h>
24 #include <rte_random.h>
26 #include <rte_security_driver.h>
29 #include "test_cryptodev.h"
31 #define VDEV_ARGS_SIZE 100
32 #define MAX_NB_SESSIONS 100
34 #define REPLAY_WIN_0 0
35 #define REPLAY_WIN_32 32
36 #define REPLAY_WIN_64 64
37 #define REPLAY_WIN_128 128
38 #define REPLAY_WIN_256 256
39 #define DATA_64_BYTES 64
40 #define DATA_80_BYTES 80
41 #define DATA_100_BYTES 100
43 #define ESN_DISABLED 0
45 #define OUTBOUND_SPI 17
47 #define REORDER_PKTS 1
50 enum rte_crypto_sym_xform_type auth;
51 enum rte_crypto_sym_xform_type cipher;
52 enum rte_crypto_sym_xform_type aead;
55 char cipher_algo[128];
59 struct ipsec_testsuite_params {
60 struct rte_mempool *mbuf_pool;
61 struct rte_mempool *cop_mpool;
62 struct rte_cryptodev_config conf;
63 struct rte_cryptodev_qp_conf qp_conf;
65 uint8_t valid_devs[RTE_CRYPTO_MAX_DEVS];
66 uint8_t valid_dev_count;
69 struct ipsec_unitest_params {
70 struct rte_crypto_sym_xform cipher_xform;
71 struct rte_crypto_sym_xform auth_xform;
72 struct rte_crypto_sym_xform aead_xform;
73 struct rte_crypto_sym_xform *crypto_xforms;
75 struct rte_security_ipsec_xform ipsec_xform;
77 struct rte_ipsec_sa_prm sa_prm;
78 struct rte_ipsec_session ss[MAX_NB_SAS];
80 struct rte_crypto_op *cop[BURST_SIZE];
82 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
89 struct ipsec_test_cfg {
90 uint32_t replay_win_sz;
95 uint32_t reorder_pkts;
98 static const struct ipsec_test_cfg test_cfg[] = {
100 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
101 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
103 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
104 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
106 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
107 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
108 DATA_80_BYTES, 1, 0},
109 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
112 static const int num_cfg = RTE_DIM(test_cfg);
113 static struct ipsec_testsuite_params testsuite_params = { NULL };
114 static struct ipsec_unitest_params unittest_params;
115 static struct user_params uparams;
117 static uint8_t global_key[128] = { 0 };
119 struct supported_cipher_algo {
121 enum rte_crypto_cipher_algorithm algo;
127 struct supported_auth_algo {
129 enum rte_crypto_auth_algorithm algo;
135 const struct supported_cipher_algo cipher_algos[] = {
138 .algo = RTE_CRYPTO_CIPHER_NULL,
145 const struct supported_auth_algo auth_algos[] = {
148 .algo = RTE_CRYPTO_AUTH_NULL,
156 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
157 struct rte_security_session *sess, struct rte_mempool *mp)
159 RTE_SET_USED(device);
163 sess->sess_private_data = NULL;
168 dummy_sec_destroy(void *device, struct rte_security_session *sess)
170 RTE_SET_USED(device);
175 static const struct rte_security_ops dummy_sec_ops = {
176 .session_create = dummy_sec_create,
177 .session_destroy = dummy_sec_destroy,
180 static struct rte_security_ctx dummy_sec_ctx = {
181 .ops = &dummy_sec_ops,
184 static const struct supported_cipher_algo *
185 find_match_cipher_algo(const char *cipher_keyword)
189 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
190 const struct supported_cipher_algo *algo =
193 if (strcmp(cipher_keyword, algo->keyword) == 0)
200 static const struct supported_auth_algo *
201 find_match_auth_algo(const char *auth_keyword)
205 for (i = 0; i < RTE_DIM(auth_algos); i++) {
206 const struct supported_auth_algo *algo =
209 if (strcmp(auth_keyword, algo->keyword) == 0)
217 testsuite_setup(void)
219 struct ipsec_testsuite_params *ts_params = &testsuite_params;
220 struct rte_cryptodev_info info;
221 uint32_t nb_devs, dev_id;
224 memset(ts_params, 0, sizeof(*ts_params));
226 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
228 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
230 if (ts_params->mbuf_pool == NULL) {
231 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
235 ts_params->cop_mpool = rte_crypto_op_pool_create(
236 "MBUF_CRYPTO_SYM_OP_POOL",
237 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
238 NUM_MBUFS, MBUF_CACHE_SIZE,
240 sizeof(struct rte_crypto_sym_xform) +
243 if (ts_params->cop_mpool == NULL) {
244 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
248 nb_devs = rte_cryptodev_count();
250 RTE_LOG(ERR, USER1, "No crypto devices found?\n");
254 ts_params->valid_devs[ts_params->valid_dev_count++] = 0;
256 /* Set up all the qps on the first of the valid devices found */
257 dev_id = ts_params->valid_devs[0];
259 rte_cryptodev_info_get(dev_id, &info);
261 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
262 ts_params->conf.socket_id = SOCKET_ID_ANY;
264 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
265 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
268 * Create mempools for sessions
270 if (info.sym.max_nb_sessions != 0 &&
271 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
272 RTE_LOG(ERR, USER1, "Device does not support "
273 "at least %u sessions\n",
278 ts_params->qp_conf.mp_session_private = rte_mempool_create(
282 0, 0, NULL, NULL, NULL,
286 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
287 "private session mempool allocation failed");
289 ts_params->qp_conf.mp_session =
290 rte_cryptodev_sym_session_pool_create("test_sess_mp",
291 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
293 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
294 "session mempool allocation failed");
296 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
298 "Failed to configure cryptodev %u with %u qps",
299 dev_id, ts_params->conf.nb_queue_pairs);
301 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
303 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
304 dev_id, 0, &ts_params->qp_conf,
305 rte_cryptodev_socket_id(dev_id)),
306 "Failed to setup queue pair %u on cryptodev %u",
313 testsuite_teardown(void)
315 struct ipsec_testsuite_params *ts_params = &testsuite_params;
317 if (ts_params->mbuf_pool != NULL) {
318 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
319 rte_mempool_avail_count(ts_params->mbuf_pool));
320 rte_mempool_free(ts_params->mbuf_pool);
321 ts_params->mbuf_pool = NULL;
324 if (ts_params->cop_mpool != NULL) {
325 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
326 rte_mempool_avail_count(ts_params->cop_mpool));
327 rte_mempool_free(ts_params->cop_mpool);
328 ts_params->cop_mpool = NULL;
331 /* Free session mempools */
332 if (ts_params->qp_conf.mp_session != NULL) {
333 rte_mempool_free(ts_params->qp_conf.mp_session);
334 ts_params->qp_conf.mp_session = NULL;
337 if (ts_params->qp_conf.mp_session_private != NULL) {
338 rte_mempool_free(ts_params->qp_conf.mp_session_private);
339 ts_params->qp_conf.mp_session_private = NULL;
346 struct ipsec_testsuite_params *ts_params = &testsuite_params;
347 struct ipsec_unitest_params *ut_params = &unittest_params;
349 /* Clear unit test parameters before running test */
350 memset(ut_params, 0, sizeof(*ut_params));
352 /* Reconfigure device to default parameters */
353 ts_params->conf.socket_id = SOCKET_ID_ANY;
355 /* Start the device */
356 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_devs[0]),
357 "Failed to start cryptodev %u",
358 ts_params->valid_devs[0]);
366 struct ipsec_testsuite_params *ts_params = &testsuite_params;
367 struct ipsec_unitest_params *ut_params = &unittest_params;
370 for (i = 0; i < BURST_SIZE; i++) {
371 /* free crypto operation structure */
372 if (ut_params->cop[i])
373 rte_crypto_op_free(ut_params->cop[i]);
376 * free mbuf - both obuf and ibuf are usually the same,
377 * so check if they point at the same address is necessary,
378 * to avoid freeing the mbuf twice.
380 if (ut_params->obuf[i]) {
381 rte_pktmbuf_free(ut_params->obuf[i]);
382 if (ut_params->ibuf[i] == ut_params->obuf[i])
383 ut_params->ibuf[i] = 0;
384 ut_params->obuf[i] = 0;
386 if (ut_params->ibuf[i]) {
387 rte_pktmbuf_free(ut_params->ibuf[i]);
388 ut_params->ibuf[i] = 0;
391 if (ut_params->testbuf[i]) {
392 rte_pktmbuf_free(ut_params->testbuf[i]);
393 ut_params->testbuf[i] = 0;
397 if (ts_params->mbuf_pool != NULL)
398 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
399 rte_mempool_avail_count(ts_params->mbuf_pool));
401 /* Stop the device */
402 rte_cryptodev_stop(ts_params->valid_devs[0]);
405 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
407 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
408 1, 2, 3, 4, 5, 6, 7, 8,
409 9, 10, 11, 12, 13, 14, 15, 16,
410 17, 18, 19, 20, 21, 22, 23, 24,
411 25, 26, 27, 28, 29, 30, 31, 32,
412 33, 34, 35, 36, 37, 38, 39, 40,
413 41, 42, 43, 44, 45, 46, 47, 48,
414 49, 50, 51, 52, 53, 54, 55, 56,
415 57, 58, 59, 60, 61, 62, 63, 64,
416 65, 66, 67, 68, 69, 70, 71, 72,
417 73, 74, 75, 76, 77, 78, 79, 80,
418 81, 82, 83, 84, 85, 86, 87, 88,
419 89, 90, 91, 92, 93, 94, 95, 96,
420 97, 98, 99, 100, 101, 102, 103, 104,
421 105, 106, 107, 108, 109, 110, 111, 112,
422 113, 114, 115, 116, 117, 118, 119, 120,
423 121, 122, 123, 124, 125, 126, 127, 128,
424 129, 130, 131, 132, 133, 134, 135, 136,
425 137, 138, 139, 140, 141, 142, 143, 144,
426 145, 146, 147, 148, 149, 150, 151, 152,
427 153, 154, 155, 156, 157, 158, 159, 160,
428 161, 162, 163, 164, 165, 166, 167, 168,
429 169, 170, 171, 172, 173, 174, 175, 176,
430 177, 178, 179, 180, 181, 182, 183, 184,
431 185, 186, 187, 188, 189, 190, 191, 192,
432 193, 194, 195, 196, 197, 198, 199, 200,
433 201, 202, 203, 204, 205, 206, 207, 208,
434 209, 210, 211, 212, 213, 214, 215, 216,
435 217, 218, 219, 220, 221, 222, 223, 224,
436 225, 226, 227, 228, 229, 230, 231, 232,
437 233, 234, 235, 236, 237, 238, 239, 240,
438 241, 242, 243, 244, 245, 246, 247, 248,
439 249, 250, 251, 252, 253, 254, 255,
442 /* ***** data for tests ***** */
444 const char null_plain_data[] =
445 "Network Security People Have A Strange Sense Of Humor unlike Other "
446 "People who have a normal sense of humour";
448 const char null_encrypted_data[] =
449 "Network Security People Have A Strange Sense Of Humor unlike Other "
450 "People who have a normal sense of humour";
452 struct ipv4_hdr ipv4_outer = {
453 .version_ihl = IPVERSION << 4 |
454 sizeof(ipv4_outer) / IPV4_IHL_MULTIPLIER,
455 .time_to_live = IPDEFTTL,
456 .next_proto_id = IPPROTO_ESP,
457 .src_addr = IPv4(192, 168, 1, 100),
458 .dst_addr = IPv4(192, 168, 2, 100),
461 static struct rte_mbuf *
462 setup_test_string(struct rte_mempool *mpool,
463 const char *string, size_t len, uint8_t blocksize)
465 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
466 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
469 memset(m->buf_addr, 0, m->buf_len);
470 char *dst = rte_pktmbuf_append(m, t_len);
477 rte_memcpy(dst, string, t_len);
479 memset(dst, 0, t_len);
485 static struct rte_mbuf *
486 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
487 size_t len, uint32_t spi, uint32_t seq)
489 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
490 uint32_t hdrlen = sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr);
491 uint32_t taillen = sizeof(struct esp_tail);
492 uint32_t t_len = len + hdrlen + taillen;
495 struct esp_hdr esph = {
496 .spi = rte_cpu_to_be_32(spi),
497 .seq = rte_cpu_to_be_32(seq)
500 padlen = RTE_ALIGN(t_len, 4) - t_len;
503 struct esp_tail espt = {
505 .next_proto = IPPROTO_IPIP,
511 memset(m->buf_addr, 0, m->buf_len);
512 char *dst = rte_pktmbuf_append(m, t_len);
518 /* copy outer IP and ESP header */
519 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
520 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
521 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
522 dst += sizeof(ipv4_outer);
523 m->l3_len = sizeof(ipv4_outer);
524 rte_memcpy(dst, &esph, sizeof(esph));
527 if (string != NULL) {
529 rte_memcpy(dst, string, len);
532 rte_memcpy(dst, esp_pad_bytes, padlen);
534 /* copy ESP tail header */
535 rte_memcpy(dst, &espt, sizeof(espt));
537 memset(dst, 0, t_len);
543 check_cryptodev_capablity(const struct ipsec_unitest_params *ut,
546 struct rte_cryptodev_sym_capability_idx cap_idx;
547 const struct rte_cryptodev_symmetric_capability *cap;
550 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
551 cap_idx.algo.auth = ut->auth_xform.auth.algo;
552 cap = rte_cryptodev_sym_capability_get(devid, &cap_idx);
555 rc = rte_cryptodev_sym_capability_check_auth(cap,
556 ut->auth_xform.auth.key.length,
557 ut->auth_xform.auth.digest_length, 0);
559 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
560 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
561 cap = rte_cryptodev_sym_capability_get(devid, &cap_idx);
563 rc = rte_cryptodev_sym_capability_check_cipher(
565 ut->cipher_xform.cipher.key.length,
566 ut->cipher_xform.cipher.iv.length);
574 create_dummy_sec_session(struct ipsec_unitest_params *ut,
575 struct rte_cryptodev_qp_conf *qp, uint32_t j)
577 static struct rte_security_session_conf conf;
579 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
580 &conf, qp->mp_session_private);
582 if (ut->ss[j].security.ses == NULL)
585 ut->ss[j].security.ctx = &dummy_sec_ctx;
586 ut->ss[j].security.ol_flags = 0;
591 create_crypto_session(struct ipsec_unitest_params *ut,
592 struct rte_cryptodev_qp_conf *qp, const uint8_t crypto_dev[],
593 uint32_t crypto_dev_num, uint32_t j)
597 struct rte_cryptodev_sym_session *s;
598 uint8_t devid[RTE_CRYPTO_MAX_DEVS];
600 /* check which cryptodevs support SA */
602 for (i = 0; i < crypto_dev_num; i++) {
603 if (check_cryptodev_capablity(ut, crypto_dev[i]) == 0)
604 devid[devnum++] = crypto_dev[i];
610 s = rte_cryptodev_sym_session_create(qp->mp_session);
614 /* initiliaze SA crypto session for all supported devices */
615 for (i = 0; i != devnum; i++) {
616 rc = rte_cryptodev_sym_session_init(devid[i], s,
617 ut->crypto_xforms, qp->mp_session_private);
623 ut->ss[j].crypto.ses = s;
627 /* failure, do cleanup */
629 rte_cryptodev_sym_session_clear(devid[i], s);
631 rte_cryptodev_sym_session_free(s);
636 create_session(struct ipsec_unitest_params *ut,
637 struct rte_cryptodev_qp_conf *qp, const uint8_t crypto_dev[],
638 uint32_t crypto_dev_num, uint32_t j)
640 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
641 return create_crypto_session(ut, qp, crypto_dev,
644 return create_dummy_sec_session(ut, qp, j);
648 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
649 const struct supported_auth_algo *auth_algo,
650 const struct supported_cipher_algo *cipher_algo)
652 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
653 ut_params->auth_xform.auth.algo = auth_algo->algo;
654 ut_params->auth_xform.auth.key.data = global_key;
655 ut_params->auth_xform.auth.key.length = auth_algo->key_len;
656 ut_params->auth_xform.auth.digest_length = auth_algo->digest_len;
657 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
659 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
660 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
661 ut_params->cipher_xform.cipher.key.data = global_key;
662 ut_params->cipher_xform.cipher.key.length = cipher_algo->key_len;
663 ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
664 ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
665 ut_params->cipher_xform.cipher.iv.length = cipher_algo->iv_len;
667 if (ut_params->ipsec_xform.direction ==
668 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
669 ut_params->crypto_xforms = &ut_params->auth_xform;
670 ut_params->auth_xform.next = &ut_params->cipher_xform;
671 ut_params->cipher_xform.next = NULL;
673 ut_params->crypto_xforms = &ut_params->cipher_xform;
674 ut_params->cipher_xform.next = &ut_params->auth_xform;
675 ut_params->auth_xform.next = NULL;
680 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
682 struct ipsec_unitest_params *ut_params = &unittest_params;
683 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
684 const struct supported_auth_algo *auth_algo;
685 const struct supported_cipher_algo *cipher_algo;
687 memset(prm, 0, sizeof(*prm));
691 prm->replay_win_sz = replay_win_sz;
693 /* setup ipsec xform */
694 prm->ipsec_xform = ut_params->ipsec_xform;
695 prm->ipsec_xform.salt = (uint32_t)rte_rand();
697 /* setup tunnel related fields */
698 prm->tun.hdr_len = sizeof(ipv4_outer);
699 prm->tun.next_proto = IPPROTO_IPIP;
700 prm->tun.hdr = &ipv4_outer;
702 /* setup crypto section */
703 if (uparams.aead != 0) {
704 /* TODO: will need to fill out with other test cases */
706 if (uparams.auth == 0 && uparams.cipher == 0)
709 auth_algo = find_match_auth_algo(uparams.auth_algo);
710 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
712 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
715 prm->crypto_xform = ut_params->crypto_xforms;
720 create_sa(enum rte_security_session_action_type action_type,
721 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
723 struct ipsec_testsuite_params *ts = &testsuite_params;
724 struct ipsec_unitest_params *ut = &unittest_params;
728 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
730 rc = fill_ipsec_param(replay_win_sz, flags);
734 /* create rte_ipsec_sa*/
735 sz = rte_ipsec_sa_size(&ut->sa_prm);
736 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
738 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
739 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
740 "failed to allocate memory for rte_ipsec_sa\n");
742 ut->ss[j].type = action_type;
743 rc = create_session(ut, &ts->qp_conf, ts->valid_devs,
744 ts->valid_dev_count, j);
748 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
749 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
751 rc = rte_ipsec_session_prepare(&ut->ss[j]);
757 crypto_ipsec(uint16_t num_pkts)
759 struct ipsec_testsuite_params *ts_params = &testsuite_params;
760 struct ipsec_unitest_params *ut_params = &unittest_params;
762 struct rte_ipsec_group grp[1];
764 /* call crypto prepare */
765 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
766 ut_params->cop, num_pkts);
768 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
771 k = rte_cryptodev_enqueue_burst(ts_params->valid_devs[0], 0,
772 ut_params->cop, num_pkts);
774 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
778 k = rte_cryptodev_dequeue_burst(ts_params->valid_devs[0], 0,
779 ut_params->cop, num_pkts);
781 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
785 ng = rte_ipsec_pkt_crypto_group(
786 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
787 ut_params->obuf, grp, num_pkts);
789 grp[0].m[0] != ut_params->obuf[0] ||
790 grp[0].cnt != num_pkts ||
791 grp[0].id.ptr != &ut_params->ss[0]) {
792 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
796 /* call crypto process */
797 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
799 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
807 lksd_proto_ipsec(uint16_t num_pkts)
809 struct ipsec_unitest_params *ut_params = &unittest_params;
811 struct rte_ipsec_group grp[1];
813 /* call crypto prepare */
814 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
815 ut_params->cop, num_pkts);
817 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
821 /* check crypto ops */
822 for (i = 0; i != num_pkts; i++) {
823 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
824 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
825 "%s: invalid crypto op type for %u-th packet\n",
827 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
828 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
829 "%s: invalid crypto op status for %u-th packet\n",
831 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
832 RTE_CRYPTO_OP_SECURITY_SESSION,
833 "%s: invalid crypto op sess_type for %u-th packet\n",
835 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
837 "%s: invalid crypto op m_src for %u-th packet\n",
841 /* update crypto ops, pretend all finished ok */
842 for (i = 0; i != num_pkts; i++)
843 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
845 ng = rte_ipsec_pkt_crypto_group(
846 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
847 ut_params->obuf, grp, num_pkts);
849 grp[0].m[0] != ut_params->obuf[0] ||
850 grp[0].cnt != num_pkts ||
851 grp[0].id.ptr != &ut_params->ss[0]) {
852 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
856 /* call crypto process */
857 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
859 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
867 crypto_ipsec_2sa(void)
869 struct ipsec_testsuite_params *ts_params = &testsuite_params;
870 struct ipsec_unitest_params *ut_params = &unittest_params;
871 struct rte_ipsec_group grp[BURST_SIZE];
873 uint32_t k, ng, i, r;
875 for (i = 0; i < BURST_SIZE; i++) {
877 /* call crypto prepare */
878 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
879 ut_params->ibuf + i, ut_params->cop + i, 1);
882 "rte_ipsec_pkt_crypto_prepare fail\n");
885 k = rte_cryptodev_enqueue_burst(ts_params->valid_devs[0], 0,
886 ut_params->cop + i, 1);
889 "rte_cryptodev_enqueue_burst fail\n");
894 k = rte_cryptodev_dequeue_burst(ts_params->valid_devs[0], 0,
895 ut_params->cop, BURST_SIZE);
896 if (k != BURST_SIZE) {
897 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
901 ng = rte_ipsec_pkt_crypto_group(
902 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
903 ut_params->obuf, grp, BURST_SIZE);
904 if (ng != BURST_SIZE) {
905 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
910 /* call crypto process */
911 for (i = 0; i < ng; i++) {
912 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
913 if (k != grp[i].cnt) {
914 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
926 crypto_ipsec_4grp(uint32_t pkt_num)
930 /* group packets in 4 different size groups groups, 2 per SA */
933 else if (pkt_num < PKT_12)
935 else if (pkt_num < PKT_21)
944 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
946 struct ipsec_unitest_params *ut_params = &unittest_params;
951 for (i = 0, j = 0; i < PKT_4; i++, j++)
952 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
956 } else if (grp_ind == 1) {
957 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
958 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
963 } else if (grp_ind == 2) {
964 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
965 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
969 } else if (grp_ind == 3) {
970 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
971 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
982 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
987 if (grp[grp_ind].cnt != PKT_4)
989 } else if (grp_ind == 1) {
990 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
992 } else if (grp_ind == 2) {
993 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
995 } else if (grp_ind == 3) {
996 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1005 crypto_ipsec_2sa_4grp(void)
1007 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1008 struct ipsec_unitest_params *ut_params = &unittest_params;
1009 struct rte_ipsec_group grp[BURST_SIZE];
1010 uint32_t k, ng, i, j;
1013 for (i = 0; i < BURST_SIZE; i++) {
1014 j = crypto_ipsec_4grp(i);
1016 /* call crypto prepare */
1017 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1018 ut_params->ibuf + i, ut_params->cop + i, 1);
1021 "rte_ipsec_pkt_crypto_prepare fail\n");
1024 k = rte_cryptodev_enqueue_burst(ts_params->valid_devs[0], 0,
1025 ut_params->cop + i, 1);
1028 "rte_cryptodev_enqueue_burst fail\n");
1033 k = rte_cryptodev_dequeue_burst(ts_params->valid_devs[0], 0,
1034 ut_params->cop, BURST_SIZE);
1035 if (k != BURST_SIZE) {
1036 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
1040 ng = rte_ipsec_pkt_crypto_group(
1041 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1042 ut_params->obuf, grp, BURST_SIZE);
1044 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1049 /* call crypto process */
1050 for (i = 0; i < ng; i++) {
1051 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1052 if (k != grp[i].cnt) {
1053 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
1056 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1059 "crypto_ipsec_4grp_check_cnt fail\n");
1062 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1065 "crypto_ipsec_4grp_check_mbufs fail\n");
1069 return TEST_SUCCESS;
1073 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1075 struct ipsec_unitest_params *ut_params = &unittest_params;
1076 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1079 /* reorder packets and create gaps in sequence numbers */
1080 static const uint32_t reorder[BURST_SIZE] = {
1081 24, 25, 26, 27, 28, 29, 30, 31,
1082 16, 17, 18, 19, 20, 21, 22, 23,
1083 8, 9, 10, 11, 12, 13, 14, 15,
1084 0, 1, 2, 3, 4, 5, 6, 7,
1087 if (num_pkts != BURST_SIZE)
1090 for (j = 0; j != BURST_SIZE; j++)
1091 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1093 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1097 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1099 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1100 struct ipsec_unitest_params *ut_params = &unittest_params;
1104 for (j = 0; j < num_pkts && rc == 0; j++) {
1105 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1106 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1107 if (ut_params->cop[j] == NULL) {
1109 "Failed to allocate symmetric crypto op\n");
1118 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1120 uint16_t j = ut_params->pkt_index;
1122 printf("\ntest config: num %d\n", i);
1123 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1124 printf(" esn %u\n", test_cfg[i].esn);
1125 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1126 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1127 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1129 if (ut_params->ibuf[j]) {
1130 printf("ibuf[%u] data:\n", j);
1131 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1132 ut_params->ibuf[j]->data_len);
1134 if (ut_params->obuf[j]) {
1135 printf("obuf[%u] data:\n", j);
1136 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1137 ut_params->obuf[j]->data_len);
1139 if (ut_params->testbuf[j]) {
1140 printf("testbuf[%u] data:\n", j);
1141 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1142 ut_params->testbuf[j]->data_len);
1147 destroy_sa(uint32_t j)
1149 struct ipsec_unitest_params *ut = &unittest_params;
1151 rte_ipsec_sa_fini(ut->ss[j].sa);
1152 rte_free(ut->ss[j].sa);
1153 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1154 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1158 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1163 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1164 ut_params->pkt_index = j;
1166 /* compare the data buffers */
1167 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1168 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1170 "input and output data does not match\n");
1171 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1172 ut_params->obuf[j]->pkt_len,
1173 "data_len is not equal to pkt_len");
1174 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1176 "data_len is not equal to input data");
1183 test_ipsec_crypto_inb_burst_null_null(int i)
1185 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1186 struct ipsec_unitest_params *ut_params = &unittest_params;
1187 uint16_t num_pkts = test_cfg[i].num_pkts;
1191 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1192 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1193 strcpy(uparams.auth_algo, "null");
1194 strcpy(uparams.cipher_algo, "null");
1196 /* create rte_ipsec_sa */
1197 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1198 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1200 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1205 /* Generate test mbuf data */
1206 for (j = 0; j < num_pkts && rc == 0; j++) {
1207 /* packet with sequence number 0 is invalid */
1208 ut_params->ibuf[j] = setup_test_string_tunneled(
1209 ts_params->mbuf_pool, null_encrypted_data,
1210 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1211 if (ut_params->ibuf[j] == NULL)
1216 if (test_cfg[i].reorder_pkts)
1217 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1218 rc = test_ipsec_crypto_op_alloc(num_pkts);
1222 /* call ipsec library api */
1223 rc = crypto_ipsec(num_pkts);
1225 rc = crypto_inb_burst_null_null_check(
1226 ut_params, i, num_pkts);
1228 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1234 if (rc == TEST_FAILED)
1235 test_ipsec_dump_buffers(ut_params, i);
1242 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1246 struct ipsec_unitest_params *ut_params = &unittest_params;
1248 ut_params->ipsec_xform.spi = INBOUND_SPI;
1249 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1250 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1251 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1252 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1254 for (i = 0; i < num_cfg && rc == 0; i++) {
1255 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1256 rc = test_ipsec_crypto_inb_burst_null_null(i);
1263 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1270 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1271 ut_params->pkt_index = j;
1273 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1274 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1275 /* compare the buffer data */
1276 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1277 ut_params->obuf[j]->pkt_len,
1278 "test and output data does not match\n");
1279 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1280 ut_params->testbuf[j]->data_len,
1281 "obuf data_len is not equal to testbuf data_len");
1282 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1283 ut_params->testbuf[j]->pkt_len,
1284 "obuf pkt_len is not equal to testbuf pkt_len");
1291 test_ipsec_crypto_outb_burst_null_null(int i)
1293 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1294 struct ipsec_unitest_params *ut_params = &unittest_params;
1295 uint16_t num_pkts = test_cfg[i].num_pkts;
1299 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1300 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1301 strcpy(uparams.auth_algo, "null");
1302 strcpy(uparams.cipher_algo, "null");
1304 /* create rte_ipsec_sa*/
1305 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1306 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1308 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1313 /* Generate input mbuf data */
1314 for (j = 0; j < num_pkts && rc == 0; j++) {
1315 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1316 null_plain_data, test_cfg[i].pkt_sz, 0);
1317 if (ut_params->ibuf[j] == NULL)
1320 /* Generate test mbuf data */
1321 /* packet with sequence number 0 is invalid */
1322 ut_params->testbuf[j] = setup_test_string_tunneled(
1323 ts_params->mbuf_pool,
1324 null_plain_data, test_cfg[i].pkt_sz,
1325 OUTBOUND_SPI, j + 1);
1326 if (ut_params->testbuf[j] == NULL)
1332 rc = test_ipsec_crypto_op_alloc(num_pkts);
1335 /* call ipsec library api */
1336 rc = crypto_ipsec(num_pkts);
1338 rc = crypto_outb_burst_null_null_check(ut_params,
1341 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1345 if (rc == TEST_FAILED)
1346 test_ipsec_dump_buffers(ut_params, i);
1353 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1357 struct ipsec_unitest_params *ut_params = &unittest_params;
1359 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1360 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1361 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1362 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1363 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1365 for (i = 0; i < num_cfg && rc == 0; i++) {
1366 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1367 rc = test_ipsec_crypto_outb_burst_null_null(i);
1374 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1381 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1382 ut_params->pkt_index = j;
1384 /* compare the buffer data */
1385 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1386 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1388 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1389 ut_params->ibuf[j]->data_len,
1390 "input and output data does not match\n");
1391 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1392 ut_params->obuf[j]->data_len,
1393 "ibuf data_len is not equal to obuf data_len");
1394 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1395 ut_params->obuf[j]->pkt_len,
1396 "ibuf pkt_len is not equal to obuf pkt_len");
1397 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1399 "data_len is not equal input data");
1405 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1407 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1408 struct ipsec_unitest_params *ut_params = &unittest_params;
1409 uint16_t num_pkts = test_cfg[i].num_pkts;
1414 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1415 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1416 strcpy(uparams.auth_algo, "null");
1417 strcpy(uparams.cipher_algo, "null");
1419 /* create rte_ipsec_sa*/
1420 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1421 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1423 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1428 /* Generate inbound mbuf data */
1429 for (j = 0; j < num_pkts && rc == 0; j++) {
1430 ut_params->ibuf[j] = setup_test_string_tunneled(
1431 ts_params->mbuf_pool,
1432 null_plain_data, test_cfg[i].pkt_sz,
1433 INBOUND_SPI, j + 1);
1434 if (ut_params->ibuf[j] == NULL)
1437 /* Generate test mbuf data */
1438 ut_params->obuf[j] = setup_test_string(
1439 ts_params->mbuf_pool,
1440 null_plain_data, test_cfg[i].pkt_sz, 0);
1441 if (ut_params->obuf[j] == NULL)
1447 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1450 rc = inline_inb_burst_null_null_check(ut_params, i,
1454 "rte_ipsec_pkt_process failed, cfg %d\n",
1460 if (rc == TEST_FAILED)
1461 test_ipsec_dump_buffers(ut_params, i);
1468 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1472 struct ipsec_unitest_params *ut_params = &unittest_params;
1474 ut_params->ipsec_xform.spi = INBOUND_SPI;
1475 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1476 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1477 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1478 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1480 for (i = 0; i < num_cfg && rc == 0; i++) {
1481 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1482 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1489 test_ipsec_inline_proto_inb_burst_null_null(int i)
1491 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1492 struct ipsec_unitest_params *ut_params = &unittest_params;
1493 uint16_t num_pkts = test_cfg[i].num_pkts;
1498 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1499 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1500 strcpy(uparams.auth_algo, "null");
1501 strcpy(uparams.cipher_algo, "null");
1503 /* create rte_ipsec_sa*/
1504 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1505 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1507 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1512 /* Generate inbound mbuf data */
1513 for (j = 0; j < num_pkts && rc == 0; j++) {
1514 ut_params->ibuf[j] = setup_test_string(
1515 ts_params->mbuf_pool,
1516 null_plain_data, test_cfg[i].pkt_sz, 0);
1517 if (ut_params->ibuf[j] == NULL)
1520 /* Generate test mbuf data */
1521 ut_params->obuf[j] = setup_test_string(
1522 ts_params->mbuf_pool,
1523 null_plain_data, test_cfg[i].pkt_sz, 0);
1524 if (ut_params->obuf[j] == NULL)
1530 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1533 rc = inline_inb_burst_null_null_check(ut_params, i,
1537 "rte_ipsec_pkt_process failed, cfg %d\n",
1543 if (rc == TEST_FAILED)
1544 test_ipsec_dump_buffers(ut_params, i);
1551 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1555 struct ipsec_unitest_params *ut_params = &unittest_params;
1557 ut_params->ipsec_xform.spi = INBOUND_SPI;
1558 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1559 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1560 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1561 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1563 for (i = 0; i < num_cfg && rc == 0; i++) {
1564 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1565 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1572 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1579 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1580 ut_params->pkt_index = j;
1582 /* compare the buffer data */
1583 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1584 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1585 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1586 ut_params->ibuf[j]->data_len,
1587 "input and output data does not match\n");
1588 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1589 ut_params->obuf[j]->data_len,
1590 "ibuf data_len is not equal to obuf data_len");
1591 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1592 ut_params->obuf[j]->pkt_len,
1593 "ibuf pkt_len is not equal to obuf pkt_len");
1595 /* check mbuf ol_flags */
1596 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1597 "ibuf PKT_TX_SEC_OFFLOAD is not set");
1603 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1605 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1606 struct ipsec_unitest_params *ut_params = &unittest_params;
1607 uint16_t num_pkts = test_cfg[i].num_pkts;
1612 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1613 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1614 strcpy(uparams.auth_algo, "null");
1615 strcpy(uparams.cipher_algo, "null");
1617 /* create rte_ipsec_sa */
1618 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1619 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1621 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1626 /* Generate test mbuf data */
1627 for (j = 0; j < num_pkts && rc == 0; j++) {
1628 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1629 null_plain_data, test_cfg[i].pkt_sz, 0);
1630 if (ut_params->ibuf[0] == NULL)
1634 /* Generate test tunneled mbuf data for comparison */
1635 ut_params->obuf[j] = setup_test_string_tunneled(
1636 ts_params->mbuf_pool,
1637 null_plain_data, test_cfg[i].pkt_sz,
1638 OUTBOUND_SPI, j + 1);
1639 if (ut_params->obuf[j] == NULL)
1645 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1648 rc = inline_outb_burst_null_null_check(ut_params,
1652 "rte_ipsec_pkt_process failed, cfg %d\n",
1658 if (rc == TEST_FAILED)
1659 test_ipsec_dump_buffers(ut_params, i);
1666 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1670 struct ipsec_unitest_params *ut_params = &unittest_params;
1672 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1673 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1674 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1675 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1676 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1678 for (i = 0; i < num_cfg && rc == 0; i++) {
1679 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1680 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1687 test_ipsec_inline_proto_outb_burst_null_null(int i)
1689 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1690 struct ipsec_unitest_params *ut_params = &unittest_params;
1691 uint16_t num_pkts = test_cfg[i].num_pkts;
1696 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1697 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1698 strcpy(uparams.auth_algo, "null");
1699 strcpy(uparams.cipher_algo, "null");
1701 /* create rte_ipsec_sa */
1702 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1703 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1705 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1710 /* Generate test mbuf data */
1711 for (j = 0; j < num_pkts && rc == 0; j++) {
1712 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1713 null_plain_data, test_cfg[i].pkt_sz, 0);
1714 if (ut_params->ibuf[0] == NULL)
1718 /* Generate test tunneled mbuf data for comparison */
1719 ut_params->obuf[j] = setup_test_string(
1720 ts_params->mbuf_pool,
1721 null_plain_data, test_cfg[i].pkt_sz, 0);
1722 if (ut_params->obuf[j] == NULL)
1728 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1731 rc = inline_outb_burst_null_null_check(ut_params,
1735 "rte_ipsec_pkt_process failed, cfg %d\n",
1741 if (rc == TEST_FAILED)
1742 test_ipsec_dump_buffers(ut_params, i);
1749 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1753 struct ipsec_unitest_params *ut_params = &unittest_params;
1755 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1756 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1757 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1758 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1759 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1761 for (i = 0; i < num_cfg && rc == 0; i++) {
1762 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1763 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1770 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1772 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1773 struct ipsec_unitest_params *ut_params = &unittest_params;
1774 uint16_t num_pkts = test_cfg[i].num_pkts;
1778 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1779 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1780 strcpy(uparams.auth_algo, "null");
1781 strcpy(uparams.cipher_algo, "null");
1783 /* create rte_ipsec_sa */
1784 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1785 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1787 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1792 /* Generate test mbuf data */
1793 for (j = 0; j < num_pkts && rc == 0; j++) {
1794 /* packet with sequence number 0 is invalid */
1795 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1796 null_encrypted_data, test_cfg[i].pkt_sz, 0);
1797 if (ut_params->ibuf[j] == NULL)
1802 if (test_cfg[i].reorder_pkts)
1803 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1804 rc = test_ipsec_crypto_op_alloc(num_pkts);
1808 /* call ipsec library api */
1809 rc = lksd_proto_ipsec(num_pkts);
1811 rc = crypto_inb_burst_null_null_check(ut_params, i,
1814 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1820 if (rc == TEST_FAILED)
1821 test_ipsec_dump_buffers(ut_params, i);
1828 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1832 struct ipsec_unitest_params *ut_params = &unittest_params;
1834 ut_params->ipsec_xform.spi = INBOUND_SPI;
1835 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1836 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1837 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1838 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1840 for (i = 0; i < num_cfg && rc == 0; i++) {
1841 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1842 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1849 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1853 struct ipsec_unitest_params *ut_params = &unittest_params;
1855 ut_params->ipsec_xform.spi = INBOUND_SPI;
1856 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1857 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1858 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1859 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1861 for (i = 0; i < num_cfg && rc == 0; i++) {
1862 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1863 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1870 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1875 for (j = 0; j < num_pkts; j++) {
1876 /* compare the buffer data */
1877 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1878 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1880 "input and output data does not match\n");
1882 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1883 ut_params->obuf[j]->pkt_len,
1884 "data_len is not equal to pkt_len");
1891 test_ipsec_replay_inb_inside_null_null(int i)
1893 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1894 struct ipsec_unitest_params *ut_params = &unittest_params;
1897 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1898 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1899 strcpy(uparams.auth_algo, "null");
1900 strcpy(uparams.cipher_algo, "null");
1902 /* create rte_ipsec_sa*/
1903 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1904 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1906 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1911 /* Generate inbound mbuf data */
1912 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1913 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1914 if (ut_params->ibuf[0] == NULL)
1917 rc = test_ipsec_crypto_op_alloc(1);
1920 /* call ipsec library api */
1921 rc = crypto_ipsec(1);
1923 rc = replay_inb_null_null_check(ut_params, i, 1);
1925 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1931 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1932 /* generate packet with seq number inside the replay window */
1933 if (ut_params->ibuf[0]) {
1934 rte_pktmbuf_free(ut_params->ibuf[0]);
1935 ut_params->ibuf[0] = 0;
1938 ut_params->ibuf[0] = setup_test_string_tunneled(
1939 ts_params->mbuf_pool, null_encrypted_data,
1940 test_cfg[i].pkt_sz, INBOUND_SPI,
1941 test_cfg[i].replay_win_sz);
1942 if (ut_params->ibuf[0] == NULL)
1945 rc = test_ipsec_crypto_op_alloc(1);
1948 /* call ipsec library api */
1949 rc = crypto_ipsec(1);
1951 rc = replay_inb_null_null_check(
1954 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1960 if (rc == TEST_FAILED)
1961 test_ipsec_dump_buffers(ut_params, i);
1969 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1973 struct ipsec_unitest_params *ut_params = &unittest_params;
1975 ut_params->ipsec_xform.spi = INBOUND_SPI;
1976 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1977 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1978 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1979 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1981 for (i = 0; i < num_cfg && rc == 0; i++) {
1982 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1983 rc = test_ipsec_replay_inb_inside_null_null(i);
1990 test_ipsec_replay_inb_outside_null_null(int i)
1992 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1993 struct ipsec_unitest_params *ut_params = &unittest_params;
1996 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1997 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1998 strcpy(uparams.auth_algo, "null");
1999 strcpy(uparams.cipher_algo, "null");
2001 /* create rte_ipsec_sa */
2002 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2003 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2005 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2010 /* Generate test mbuf data */
2011 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2012 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
2013 test_cfg[i].replay_win_sz + 2);
2014 if (ut_params->ibuf[0] == NULL)
2017 rc = test_ipsec_crypto_op_alloc(1);
2020 /* call ipsec library api */
2021 rc = crypto_ipsec(1);
2023 rc = replay_inb_null_null_check(ut_params, i, 1);
2025 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2031 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2032 /* generate packet with seq number outside the replay window */
2033 if (ut_params->ibuf[0]) {
2034 rte_pktmbuf_free(ut_params->ibuf[0]);
2035 ut_params->ibuf[0] = 0;
2037 ut_params->ibuf[0] = setup_test_string_tunneled(
2038 ts_params->mbuf_pool, null_encrypted_data,
2039 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2040 if (ut_params->ibuf[0] == NULL)
2043 rc = test_ipsec_crypto_op_alloc(1);
2046 /* call ipsec library api */
2047 rc = crypto_ipsec(1);
2049 if (test_cfg[i].esn == 0) {
2051 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2053 test_cfg[i].replay_win_sz + 2,
2059 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2060 i, test_cfg[i].replay_win_sz + 2, 1);
2066 if (rc == TEST_FAILED)
2067 test_ipsec_dump_buffers(ut_params, i);
2075 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2079 struct ipsec_unitest_params *ut_params = &unittest_params;
2081 ut_params->ipsec_xform.spi = INBOUND_SPI;
2082 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2083 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2084 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2085 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2087 for (i = 0; i < num_cfg && rc == 0; i++) {
2088 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2089 rc = test_ipsec_replay_inb_outside_null_null(i);
2096 test_ipsec_replay_inb_repeat_null_null(int i)
2098 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2099 struct ipsec_unitest_params *ut_params = &unittest_params;
2102 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
2103 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
2104 strcpy(uparams.auth_algo, "null");
2105 strcpy(uparams.cipher_algo, "null");
2107 /* create rte_ipsec_sa */
2108 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2109 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2111 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n", i);
2115 /* Generate test mbuf data */
2116 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2117 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2118 if (ut_params->ibuf[0] == NULL)
2121 rc = test_ipsec_crypto_op_alloc(1);
2124 /* call ipsec library api */
2125 rc = crypto_ipsec(1);
2127 rc = replay_inb_null_null_check(ut_params, i, 1);
2129 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2135 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2137 * generate packet with repeat seq number in the replay
2140 if (ut_params->ibuf[0]) {
2141 rte_pktmbuf_free(ut_params->ibuf[0]);
2142 ut_params->ibuf[0] = 0;
2145 ut_params->ibuf[0] = setup_test_string_tunneled(
2146 ts_params->mbuf_pool, null_encrypted_data,
2147 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2148 if (ut_params->ibuf[0] == NULL)
2151 rc = test_ipsec_crypto_op_alloc(1);
2154 /* call ipsec library api */
2155 rc = crypto_ipsec(1);
2158 "packet is not repeated in the replay window, cfg %d seq %u\n",
2163 "packet is repeated in the replay window, cfg %d seq %u\n",
2170 if (rc == TEST_FAILED)
2171 test_ipsec_dump_buffers(ut_params, i);
2179 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2183 struct ipsec_unitest_params *ut_params = &unittest_params;
2185 ut_params->ipsec_xform.spi = INBOUND_SPI;
2186 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2187 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2188 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2189 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2191 for (i = 0; i < num_cfg && rc == 0; i++) {
2192 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2193 rc = test_ipsec_replay_inb_repeat_null_null(i);
2200 test_ipsec_replay_inb_inside_burst_null_null(int i)
2202 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2203 struct ipsec_unitest_params *ut_params = &unittest_params;
2204 uint16_t num_pkts = test_cfg[i].num_pkts;
2208 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
2209 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
2210 strcpy(uparams.auth_algo, "null");
2211 strcpy(uparams.cipher_algo, "null");
2213 /* create rte_ipsec_sa*/
2214 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2215 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2217 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2222 /* Generate inbound mbuf data */
2223 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2224 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2225 if (ut_params->ibuf[0] == NULL)
2228 rc = test_ipsec_crypto_op_alloc(1);
2231 /* call ipsec library api */
2232 rc = crypto_ipsec(1);
2234 rc = replay_inb_null_null_check(ut_params, i, 1);
2236 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2242 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2244 * generate packet(s) with seq number(s) inside the
2247 if (ut_params->ibuf[0]) {
2248 rte_pktmbuf_free(ut_params->ibuf[0]);
2249 ut_params->ibuf[0] = 0;
2252 for (j = 0; j < num_pkts && rc == 0; j++) {
2253 /* packet with sequence number 1 already processed */
2254 ut_params->ibuf[j] = setup_test_string_tunneled(
2255 ts_params->mbuf_pool, null_encrypted_data,
2256 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2257 if (ut_params->ibuf[j] == NULL)
2262 if (test_cfg[i].reorder_pkts)
2263 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2264 rc = test_ipsec_crypto_op_alloc(num_pkts);
2268 /* call ipsec library api */
2269 rc = crypto_ipsec(num_pkts);
2271 rc = replay_inb_null_null_check(
2272 ut_params, i, num_pkts);
2274 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2280 if (rc == TEST_FAILED)
2281 test_ipsec_dump_buffers(ut_params, i);
2289 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2293 struct ipsec_unitest_params *ut_params = &unittest_params;
2295 ut_params->ipsec_xform.spi = INBOUND_SPI;
2296 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2297 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2298 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2299 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2301 for (i = 0; i < num_cfg && rc == 0; i++) {
2302 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2303 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2311 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2316 for (j = 0; j < BURST_SIZE; j++) {
2317 ut_params->pkt_index = j;
2319 /* compare the data buffers */
2320 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2321 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2323 "input and output data does not match\n");
2324 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2325 ut_params->obuf[j]->pkt_len,
2326 "data_len is not equal to pkt_len");
2327 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2329 "data_len is not equal to input data");
2336 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2338 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2339 struct ipsec_unitest_params *ut_params = &unittest_params;
2340 uint16_t num_pkts = test_cfg[i].num_pkts;
2344 if (num_pkts != BURST_SIZE)
2347 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
2348 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
2349 strcpy(uparams.auth_algo, "null");
2350 strcpy(uparams.cipher_algo, "null");
2352 /* create rte_ipsec_sa */
2353 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2354 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2356 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2361 /* create second rte_ipsec_sa */
2362 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2363 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2364 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2366 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2372 /* Generate test mbuf data */
2373 for (j = 0; j < num_pkts && rc == 0; j++) {
2375 /* packet with sequence number 0 is invalid */
2376 ut_params->ibuf[j] = setup_test_string_tunneled(
2377 ts_params->mbuf_pool, null_encrypted_data,
2378 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2379 if (ut_params->ibuf[j] == NULL)
2384 rc = test_ipsec_crypto_op_alloc(num_pkts);
2387 /* call ipsec library api */
2388 rc = crypto_ipsec_2sa();
2390 rc = crypto_inb_burst_2sa_null_null_check(
2393 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2399 if (rc == TEST_FAILED)
2400 test_ipsec_dump_buffers(ut_params, i);
2408 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2412 struct ipsec_unitest_params *ut_params = &unittest_params;
2414 ut_params->ipsec_xform.spi = INBOUND_SPI;
2415 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2416 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2417 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2418 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2420 for (i = 0; i < num_cfg && rc == 0; i++) {
2421 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2422 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2429 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2431 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2432 struct ipsec_unitest_params *ut_params = &unittest_params;
2433 uint16_t num_pkts = test_cfg[i].num_pkts;
2437 if (num_pkts != BURST_SIZE)
2440 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
2441 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
2442 strcpy(uparams.auth_algo, "null");
2443 strcpy(uparams.cipher_algo, "null");
2445 /* create rte_ipsec_sa */
2446 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2447 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2449 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2454 /* create second rte_ipsec_sa */
2455 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2456 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2457 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2459 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2465 /* Generate test mbuf data */
2466 for (j = 0; j < num_pkts && rc == 0; j++) {
2467 k = crypto_ipsec_4grp(j);
2469 /* packet with sequence number 0 is invalid */
2470 ut_params->ibuf[j] = setup_test_string_tunneled(
2471 ts_params->mbuf_pool, null_encrypted_data,
2472 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2473 if (ut_params->ibuf[j] == NULL)
2478 rc = test_ipsec_crypto_op_alloc(num_pkts);
2481 /* call ipsec library api */
2482 rc = crypto_ipsec_2sa_4grp();
2484 rc = crypto_inb_burst_2sa_null_null_check(
2487 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2493 if (rc == TEST_FAILED)
2494 test_ipsec_dump_buffers(ut_params, i);
2502 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2506 struct ipsec_unitest_params *ut_params = &unittest_params;
2508 ut_params->ipsec_xform.spi = INBOUND_SPI;
2509 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2510 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2511 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2512 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2514 for (i = 0; i < num_cfg && rc == 0; i++) {
2515 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2516 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2522 static struct unit_test_suite ipsec_testsuite = {
2523 .suite_name = "IPsec NULL Unit Test Suite",
2524 .setup = testsuite_setup,
2525 .teardown = testsuite_teardown,
2526 .unit_test_cases = {
2527 TEST_CASE_ST(ut_setup, ut_teardown,
2528 test_ipsec_crypto_inb_burst_null_null_wrapper),
2529 TEST_CASE_ST(ut_setup, ut_teardown,
2530 test_ipsec_crypto_outb_burst_null_null_wrapper),
2531 TEST_CASE_ST(ut_setup, ut_teardown,
2532 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2533 TEST_CASE_ST(ut_setup, ut_teardown,
2534 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2535 TEST_CASE_ST(ut_setup, ut_teardown,
2536 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2537 TEST_CASE_ST(ut_setup, ut_teardown,
2538 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2539 TEST_CASE_ST(ut_setup, ut_teardown,
2540 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2541 TEST_CASE_ST(ut_setup, ut_teardown,
2542 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2543 TEST_CASE_ST(ut_setup, ut_teardown,
2544 test_ipsec_replay_inb_inside_null_null_wrapper),
2545 TEST_CASE_ST(ut_setup, ut_teardown,
2546 test_ipsec_replay_inb_outside_null_null_wrapper),
2547 TEST_CASE_ST(ut_setup, ut_teardown,
2548 test_ipsec_replay_inb_repeat_null_null_wrapper),
2549 TEST_CASE_ST(ut_setup, ut_teardown,
2550 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2551 TEST_CASE_ST(ut_setup, ut_teardown,
2552 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2553 TEST_CASE_ST(ut_setup, ut_teardown,
2554 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2555 TEST_CASES_END() /**< NULL terminate unit test array */
2562 return unit_test_suite_runner(&ipsec_testsuite);
2565 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);