test/ipsec: fix test suite setup
[dpdk.git] / test / test / test_ipsec.c
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(c) 2018 Intel Corporation
3  */
4
5 #include <time.h>
6
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
9 #include <rte_mbuf.h>
10 #include <rte_malloc.h>
11 #include <rte_memcpy.h>
12 #include <rte_pause.h>
13 #include <rte_bus_vdev.h>
14 #include <rte_ip.h>
15
16 #include <rte_crypto.h>
17 #include <rte_cryptodev.h>
18 #include <rte_cryptodev_pmd.h>
19 #include <rte_lcore.h>
20 #include <rte_ipsec.h>
21 #include <rte_random.h>
22 #include <rte_esp.h>
23 #include <rte_security_driver.h>
24
25 #include "test.h"
26 #include "test_cryptodev.h"
27
28 #define VDEV_ARGS_SIZE  100
29 #define MAX_NB_SESSIONS 100
30 #define MAX_NB_SAS              2
31 #define REPLAY_WIN_0    0
32 #define REPLAY_WIN_32   32
33 #define REPLAY_WIN_64   64
34 #define REPLAY_WIN_128  128
35 #define REPLAY_WIN_256  256
36 #define DATA_64_BYTES   64
37 #define DATA_80_BYTES   80
38 #define DATA_100_BYTES  100
39 #define ESN_ENABLED             1
40 #define ESN_DISABLED    0
41 #define INBOUND_SPI             7
42 #define OUTBOUND_SPI    17
43 #define BURST_SIZE              32
44 #define REORDER_PKTS    1
45
46 struct user_params {
47         enum rte_crypto_sym_xform_type auth;
48         enum rte_crypto_sym_xform_type cipher;
49         enum rte_crypto_sym_xform_type aead;
50
51         char auth_algo[128];
52         char cipher_algo[128];
53         char aead_algo[128];
54 };
55
56 struct ipsec_testsuite_params {
57         struct rte_mempool *mbuf_pool;
58         struct rte_mempool *cop_mpool;
59         struct rte_cryptodev_config conf;
60         struct rte_cryptodev_qp_conf qp_conf;
61
62         uint8_t valid_dev;
63         uint8_t valid_dev_found;
64 };
65
66 struct ipsec_unitest_params {
67         struct rte_crypto_sym_xform cipher_xform;
68         struct rte_crypto_sym_xform auth_xform;
69         struct rte_crypto_sym_xform aead_xform;
70         struct rte_crypto_sym_xform *crypto_xforms;
71
72         struct rte_security_ipsec_xform ipsec_xform;
73
74         struct rte_ipsec_sa_prm sa_prm;
75         struct rte_ipsec_session ss[MAX_NB_SAS];
76
77         struct rte_crypto_op *cop[BURST_SIZE];
78
79         struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
80                 *testbuf[BURST_SIZE];
81
82         uint8_t *digest;
83         uint16_t pkt_index;
84 };
85
86 struct ipsec_test_cfg {
87         uint32_t replay_win_sz;
88         uint32_t esn;
89         uint64_t flags;
90         size_t pkt_sz;
91         uint16_t num_pkts;
92         uint32_t reorder_pkts;
93 };
94
95 static const struct ipsec_test_cfg test_cfg[] = {
96
97         {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
98         {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
99                 REORDER_PKTS},
100         {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
101         {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
102                 REORDER_PKTS},
103         {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
104         {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
105                 DATA_80_BYTES, 1, 0},
106         {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
107 };
108
109 static const int num_cfg = RTE_DIM(test_cfg);
110 static struct ipsec_testsuite_params testsuite_params = { NULL };
111 static struct ipsec_unitest_params unittest_params;
112 static struct user_params uparams;
113
114 static uint8_t global_key[128] = { 0 };
115
116 struct supported_cipher_algo {
117         const char *keyword;
118         enum rte_crypto_cipher_algorithm algo;
119         uint16_t iv_len;
120         uint16_t block_size;
121         uint16_t key_len;
122 };
123
124 struct supported_auth_algo {
125         const char *keyword;
126         enum rte_crypto_auth_algorithm algo;
127         uint16_t digest_len;
128         uint16_t key_len;
129         uint8_t key_not_req;
130 };
131
132 const struct supported_cipher_algo cipher_algos[] = {
133         {
134                 .keyword = "null",
135                 .algo = RTE_CRYPTO_CIPHER_NULL,
136                 .iv_len = 0,
137                 .block_size = 4,
138                 .key_len = 0
139         },
140 };
141
142 const struct supported_auth_algo auth_algos[] = {
143         {
144                 .keyword = "null",
145                 .algo = RTE_CRYPTO_AUTH_NULL,
146                 .digest_len = 0,
147                 .key_len = 0,
148                 .key_not_req = 1
149         },
150 };
151
152 static int
153 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
154         struct rte_security_session *sess, struct rte_mempool *mp)
155 {
156         RTE_SET_USED(device);
157         RTE_SET_USED(conf);
158         RTE_SET_USED(mp);
159
160         sess->sess_private_data = NULL;
161         return 0;
162 }
163
164 static int
165 dummy_sec_destroy(void *device, struct rte_security_session *sess)
166 {
167         RTE_SET_USED(device);
168         RTE_SET_USED(sess);
169         return 0;
170 }
171
172 static const struct rte_security_ops dummy_sec_ops = {
173         .session_create = dummy_sec_create,
174         .session_destroy = dummy_sec_destroy,
175 };
176
177 static struct rte_security_ctx dummy_sec_ctx = {
178         .ops = &dummy_sec_ops,
179 };
180
181 static const struct supported_cipher_algo *
182 find_match_cipher_algo(const char *cipher_keyword)
183 {
184         size_t i;
185
186         for (i = 0; i < RTE_DIM(cipher_algos); i++) {
187                 const struct supported_cipher_algo *algo =
188                         &cipher_algos[i];
189
190                 if (strcmp(cipher_keyword, algo->keyword) == 0)
191                         return algo;
192         }
193
194         return NULL;
195 }
196
197 static const struct supported_auth_algo *
198 find_match_auth_algo(const char *auth_keyword)
199 {
200         size_t i;
201
202         for (i = 0; i < RTE_DIM(auth_algos); i++) {
203                 const struct supported_auth_algo *algo =
204                         &auth_algos[i];
205
206                 if (strcmp(auth_keyword, algo->keyword) == 0)
207                         return algo;
208         }
209
210         return NULL;
211 }
212
213 static void
214 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
215         const struct supported_auth_algo *auth_algo,
216         const struct supported_cipher_algo *cipher_algo)
217 {
218         ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
219         ut_params->auth_xform.auth.algo = auth_algo->algo;
220         ut_params->auth_xform.auth.key.data = global_key;
221         ut_params->auth_xform.auth.key.length = auth_algo->key_len;
222         ut_params->auth_xform.auth.digest_length = auth_algo->digest_len;
223         ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
224
225         ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
226         ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
227         ut_params->cipher_xform.cipher.key.data = global_key;
228         ut_params->cipher_xform.cipher.key.length = cipher_algo->key_len;
229         ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
230         ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
231         ut_params->cipher_xform.cipher.iv.length = cipher_algo->iv_len;
232
233         if (ut_params->ipsec_xform.direction ==
234                         RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
235                 ut_params->crypto_xforms = &ut_params->auth_xform;
236                 ut_params->auth_xform.next = &ut_params->cipher_xform;
237                 ut_params->cipher_xform.next = NULL;
238         } else {
239                 ut_params->crypto_xforms = &ut_params->cipher_xform;
240                 ut_params->cipher_xform.next = &ut_params->auth_xform;
241                 ut_params->auth_xform.next = NULL;
242         }
243 }
244
245 static int
246 check_cryptodev_capablity(const struct ipsec_unitest_params *ut,
247                 uint8_t dev_id)
248 {
249         struct rte_cryptodev_sym_capability_idx cap_idx;
250         const struct rte_cryptodev_symmetric_capability *cap;
251         int rc = -1;
252
253         cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
254         cap_idx.algo.auth = ut->auth_xform.auth.algo;
255         cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
256
257         if (cap != NULL) {
258                 rc = rte_cryptodev_sym_capability_check_auth(cap,
259                                 ut->auth_xform.auth.key.length,
260                                 ut->auth_xform.auth.digest_length, 0);
261                 if (rc == 0) {
262                         cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
263                         cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
264                         cap = rte_cryptodev_sym_capability_get(
265                                         dev_id, &cap_idx);
266                         if (cap != NULL)
267                                 rc = rte_cryptodev_sym_capability_check_cipher(
268                                         cap,
269                                         ut->cipher_xform.cipher.key.length,
270                                         ut->cipher_xform.cipher.iv.length);
271                 }
272         }
273
274         return rc;
275 }
276
277 static int
278 testsuite_setup(void)
279 {
280         struct ipsec_testsuite_params *ts_params = &testsuite_params;
281         struct ipsec_unitest_params *ut_params = &unittest_params;
282         const struct supported_auth_algo *auth_algo;
283         const struct supported_cipher_algo *cipher_algo;
284         struct rte_cryptodev_info info;
285         uint32_t i, nb_devs, dev_id;
286         size_t sess_sz;
287         int rc;
288
289         memset(ts_params, 0, sizeof(*ts_params));
290
291         uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
292         uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
293         strcpy(uparams.auth_algo, "null");
294         strcpy(uparams.cipher_algo, "null");
295
296         auth_algo = find_match_auth_algo(uparams.auth_algo);
297         cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
298         fill_crypto_xform(ut_params, auth_algo, cipher_algo);
299
300         nb_devs = rte_cryptodev_count();
301         if (nb_devs < 1) {
302                 RTE_LOG(ERR, USER1, "No crypto devices found?\n");
303                 return TEST_FAILED;
304         }
305
306         /* Find first valid crypto device */
307         for (i = 0; i < nb_devs; i++) {
308                 rc = check_cryptodev_capablity(ut_params, i);
309                 if (rc == 0) {
310                         ts_params->valid_dev = i;
311                         ts_params->valid_dev_found = 1;
312                         break;
313                 }
314         }
315
316         if (ts_params->valid_dev_found == 0)
317                 return TEST_FAILED;
318
319         ts_params->mbuf_pool = rte_pktmbuf_pool_create(
320                         "CRYPTO_MBUFPOOL",
321                         NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
322                         rte_socket_id());
323         if (ts_params->mbuf_pool == NULL) {
324                 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
325                 return TEST_FAILED;
326         }
327
328         ts_params->cop_mpool = rte_crypto_op_pool_create(
329                         "MBUF_CRYPTO_SYM_OP_POOL",
330                         RTE_CRYPTO_OP_TYPE_SYMMETRIC,
331                         NUM_MBUFS, MBUF_CACHE_SIZE,
332                         DEFAULT_NUM_XFORMS *
333                         sizeof(struct rte_crypto_sym_xform) +
334                         MAXIMUM_IV_LENGTH,
335                         rte_socket_id());
336         if (ts_params->cop_mpool == NULL) {
337                 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
338                 return TEST_FAILED;
339         }
340
341         /* Set up all the qps on the first of the valid devices found */
342         dev_id = ts_params->valid_dev;
343
344         rte_cryptodev_info_get(dev_id, &info);
345
346         ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
347         ts_params->conf.socket_id = SOCKET_ID_ANY;
348
349         sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
350         sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
351
352         /*
353          * Create mempools for sessions
354          */
355         if (info.sym.max_nb_sessions != 0 &&
356                         info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
357                 RTE_LOG(ERR, USER1, "Device does not support "
358                                 "at least %u sessions\n",
359                                 MAX_NB_SESSIONS);
360                 return TEST_FAILED;
361         }
362
363         ts_params->qp_conf.mp_session_private = rte_mempool_create(
364                                 "test_priv_sess_mp",
365                                 MAX_NB_SESSIONS,
366                                 sess_sz,
367                                 0, 0, NULL, NULL, NULL,
368                                 NULL, SOCKET_ID_ANY,
369                                 0);
370
371         TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
372                         "private session mempool allocation failed");
373
374         ts_params->qp_conf.mp_session =
375                 rte_cryptodev_sym_session_pool_create("test_sess_mp",
376                         MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
377
378         TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
379                         "session mempool allocation failed");
380
381         TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
382                         &ts_params->conf),
383                         "Failed to configure cryptodev %u with %u qps",
384                         dev_id, ts_params->conf.nb_queue_pairs);
385
386         ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
387
388         TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
389                 dev_id, 0, &ts_params->qp_conf,
390                 rte_cryptodev_socket_id(dev_id)),
391                 "Failed to setup queue pair %u on cryptodev %u",
392                 0, dev_id);
393
394         return TEST_SUCCESS;
395 }
396
397 static void
398 testsuite_teardown(void)
399 {
400         struct ipsec_testsuite_params *ts_params = &testsuite_params;
401
402         if (ts_params->mbuf_pool != NULL) {
403                 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
404                 rte_mempool_avail_count(ts_params->mbuf_pool));
405                 rte_mempool_free(ts_params->mbuf_pool);
406                 ts_params->mbuf_pool = NULL;
407         }
408
409         if (ts_params->cop_mpool != NULL) {
410                 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
411                 rte_mempool_avail_count(ts_params->cop_mpool));
412                 rte_mempool_free(ts_params->cop_mpool);
413                 ts_params->cop_mpool = NULL;
414         }
415
416         /* Free session mempools */
417         if (ts_params->qp_conf.mp_session != NULL) {
418                 rte_mempool_free(ts_params->qp_conf.mp_session);
419                 ts_params->qp_conf.mp_session = NULL;
420         }
421
422         if (ts_params->qp_conf.mp_session_private != NULL) {
423                 rte_mempool_free(ts_params->qp_conf.mp_session_private);
424                 ts_params->qp_conf.mp_session_private = NULL;
425         }
426 }
427
428 static int
429 ut_setup(void)
430 {
431         struct ipsec_testsuite_params *ts_params = &testsuite_params;
432         struct ipsec_unitest_params *ut_params = &unittest_params;
433
434         /* Clear unit test parameters before running test */
435         memset(ut_params, 0, sizeof(*ut_params));
436
437         /* Reconfigure device to default parameters */
438         ts_params->conf.socket_id = SOCKET_ID_ANY;
439
440         /* Start the device */
441         TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
442                         "Failed to start cryptodev %u",
443                         ts_params->valid_dev);
444
445         return TEST_SUCCESS;
446 }
447
448 static void
449 ut_teardown(void)
450 {
451         struct ipsec_testsuite_params *ts_params = &testsuite_params;
452         struct ipsec_unitest_params *ut_params = &unittest_params;
453         int i;
454
455         for (i = 0; i < BURST_SIZE; i++) {
456                 /* free crypto operation structure */
457                 if (ut_params->cop[i])
458                         rte_crypto_op_free(ut_params->cop[i]);
459
460                 /*
461                  * free mbuf - both obuf and ibuf are usually the same,
462                  * so check if they point at the same address is necessary,
463                  * to avoid freeing the mbuf twice.
464                  */
465                 if (ut_params->obuf[i]) {
466                         rte_pktmbuf_free(ut_params->obuf[i]);
467                         if (ut_params->ibuf[i] == ut_params->obuf[i])
468                                 ut_params->ibuf[i] = 0;
469                         ut_params->obuf[i] = 0;
470                 }
471                 if (ut_params->ibuf[i]) {
472                         rte_pktmbuf_free(ut_params->ibuf[i]);
473                         ut_params->ibuf[i] = 0;
474                 }
475
476                 if (ut_params->testbuf[i]) {
477                         rte_pktmbuf_free(ut_params->testbuf[i]);
478                         ut_params->testbuf[i] = 0;
479                 }
480         }
481
482         if (ts_params->mbuf_pool != NULL)
483                 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
484                         rte_mempool_avail_count(ts_params->mbuf_pool));
485
486         /* Stop the device */
487         rte_cryptodev_stop(ts_params->valid_dev);
488 }
489
490 #define IPSEC_MAX_PAD_SIZE      UINT8_MAX
491
492 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
493         1, 2, 3, 4, 5, 6, 7, 8,
494         9, 10, 11, 12, 13, 14, 15, 16,
495         17, 18, 19, 20, 21, 22, 23, 24,
496         25, 26, 27, 28, 29, 30, 31, 32,
497         33, 34, 35, 36, 37, 38, 39, 40,
498         41, 42, 43, 44, 45, 46, 47, 48,
499         49, 50, 51, 52, 53, 54, 55, 56,
500         57, 58, 59, 60, 61, 62, 63, 64,
501         65, 66, 67, 68, 69, 70, 71, 72,
502         73, 74, 75, 76, 77, 78, 79, 80,
503         81, 82, 83, 84, 85, 86, 87, 88,
504         89, 90, 91, 92, 93, 94, 95, 96,
505         97, 98, 99, 100, 101, 102, 103, 104,
506         105, 106, 107, 108, 109, 110, 111, 112,
507         113, 114, 115, 116, 117, 118, 119, 120,
508         121, 122, 123, 124, 125, 126, 127, 128,
509         129, 130, 131, 132, 133, 134, 135, 136,
510         137, 138, 139, 140, 141, 142, 143, 144,
511         145, 146, 147, 148, 149, 150, 151, 152,
512         153, 154, 155, 156, 157, 158, 159, 160,
513         161, 162, 163, 164, 165, 166, 167, 168,
514         169, 170, 171, 172, 173, 174, 175, 176,
515         177, 178, 179, 180, 181, 182, 183, 184,
516         185, 186, 187, 188, 189, 190, 191, 192,
517         193, 194, 195, 196, 197, 198, 199, 200,
518         201, 202, 203, 204, 205, 206, 207, 208,
519         209, 210, 211, 212, 213, 214, 215, 216,
520         217, 218, 219, 220, 221, 222, 223, 224,
521         225, 226, 227, 228, 229, 230, 231, 232,
522         233, 234, 235, 236, 237, 238, 239, 240,
523         241, 242, 243, 244, 245, 246, 247, 248,
524         249, 250, 251, 252, 253, 254, 255,
525 };
526
527 /* ***** data for tests ***** */
528
529 const char null_plain_data[] =
530         "Network Security People Have A Strange Sense Of Humor unlike Other "
531         "People who have a normal sense of humour";
532
533 const char null_encrypted_data[] =
534         "Network Security People Have A Strange Sense Of Humor unlike Other "
535         "People who have a normal sense of humour";
536
537 struct ipv4_hdr ipv4_outer  = {
538         .version_ihl = IPVERSION << 4 |
539                 sizeof(ipv4_outer) / IPV4_IHL_MULTIPLIER,
540         .time_to_live = IPDEFTTL,
541         .next_proto_id = IPPROTO_ESP,
542         .src_addr = IPv4(192, 168, 1, 100),
543         .dst_addr = IPv4(192, 168, 2, 100),
544 };
545
546 static struct rte_mbuf *
547 setup_test_string(struct rte_mempool *mpool,
548                 const char *string, size_t len, uint8_t blocksize)
549 {
550         struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
551         size_t t_len = len - (blocksize ? (len % blocksize) : 0);
552
553         if (m) {
554                 memset(m->buf_addr, 0, m->buf_len);
555                 char *dst = rte_pktmbuf_append(m, t_len);
556
557                 if (!dst) {
558                         rte_pktmbuf_free(m);
559                         return NULL;
560                 }
561                 if (string != NULL)
562                         rte_memcpy(dst, string, t_len);
563                 else
564                         memset(dst, 0, t_len);
565         }
566
567         return m;
568 }
569
570 static struct rte_mbuf *
571 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
572         size_t len, uint32_t spi, uint32_t seq)
573 {
574         struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
575         uint32_t hdrlen = sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr);
576         uint32_t taillen = sizeof(struct esp_tail);
577         uint32_t t_len = len + hdrlen + taillen;
578         uint32_t padlen;
579
580         struct esp_hdr esph  = {
581                 .spi = rte_cpu_to_be_32(spi),
582                 .seq = rte_cpu_to_be_32(seq)
583         };
584
585         padlen = RTE_ALIGN(t_len, 4) - t_len;
586         t_len += padlen;
587
588         struct esp_tail espt  = {
589                 .pad_len = padlen,
590                 .next_proto = IPPROTO_IPIP,
591         };
592
593         if (m == NULL)
594                 return NULL;
595
596         memset(m->buf_addr, 0, m->buf_len);
597         char *dst = rte_pktmbuf_append(m, t_len);
598
599         if (!dst) {
600                 rte_pktmbuf_free(m);
601                 return NULL;
602         }
603         /* copy outer IP and ESP header */
604         ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
605         ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
606         rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
607         dst += sizeof(ipv4_outer);
608         m->l3_len = sizeof(ipv4_outer);
609         rte_memcpy(dst, &esph, sizeof(esph));
610         dst += sizeof(esph);
611
612         if (string != NULL) {
613                 /* copy payload */
614                 rte_memcpy(dst, string, len);
615                 dst += len;
616                 /* copy pad bytes */
617                 rte_memcpy(dst, esp_pad_bytes, padlen);
618                 dst += padlen;
619                 /* copy ESP tail header */
620                 rte_memcpy(dst, &espt, sizeof(espt));
621         } else
622                 memset(dst, 0, t_len);
623
624         return m;
625 }
626
627 static int
628 create_dummy_sec_session(struct ipsec_unitest_params *ut,
629         struct rte_cryptodev_qp_conf *qp, uint32_t j)
630 {
631         static struct rte_security_session_conf conf;
632
633         ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
634                                         &conf, qp->mp_session_private);
635
636         if (ut->ss[j].security.ses == NULL)
637                 return -ENOMEM;
638
639         ut->ss[j].security.ctx = &dummy_sec_ctx;
640         ut->ss[j].security.ol_flags = 0;
641         return 0;
642 }
643
644 static int
645 create_crypto_session(struct ipsec_unitest_params *ut,
646         struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
647 {
648         int32_t rc;
649         struct rte_cryptodev_sym_session *s;
650
651         s = rte_cryptodev_sym_session_create(qp->mp_session);
652         if (s == NULL)
653                 return -ENOMEM;
654
655         /* initiliaze SA crypto session for device */
656         rc = rte_cryptodev_sym_session_init(dev_id, s,
657                         ut->crypto_xforms, qp->mp_session_private);
658         if (rc == 0) {
659                 ut->ss[j].crypto.ses = s;
660                 return 0;
661         } else {
662                 /* failure, do cleanup */
663                 rte_cryptodev_sym_session_clear(dev_id, s);
664                 rte_cryptodev_sym_session_free(s);
665                 return rc;
666         }
667 }
668
669 static int
670 create_session(struct ipsec_unitest_params *ut,
671         struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
672 {
673         if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
674                 return create_crypto_session(ut, qp, crypto_dev, j);
675         else
676                 return create_dummy_sec_session(ut, qp, j);
677 }
678
679 static int
680 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
681 {
682         struct ipsec_unitest_params *ut_params = &unittest_params;
683         struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
684         const struct supported_auth_algo *auth_algo;
685         const struct supported_cipher_algo *cipher_algo;
686
687         memset(prm, 0, sizeof(*prm));
688
689         prm->userdata = 1;
690         prm->flags = flags;
691         prm->replay_win_sz = replay_win_sz;
692
693         /* setup ipsec xform */
694         prm->ipsec_xform = ut_params->ipsec_xform;
695         prm->ipsec_xform.salt = (uint32_t)rte_rand();
696
697         /* setup tunnel related fields */
698         prm->tun.hdr_len = sizeof(ipv4_outer);
699         prm->tun.next_proto = IPPROTO_IPIP;
700         prm->tun.hdr = &ipv4_outer;
701
702         /* setup crypto section */
703         if (uparams.aead != 0) {
704                 /* TODO: will need to fill out with other test cases */
705         } else {
706                 if (uparams.auth == 0 && uparams.cipher == 0)
707                         return TEST_FAILED;
708
709                 auth_algo = find_match_auth_algo(uparams.auth_algo);
710                 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
711
712                 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
713         }
714
715         prm->crypto_xform = ut_params->crypto_xforms;
716         return TEST_SUCCESS;
717 }
718
719 static int
720 create_sa(enum rte_security_session_action_type action_type,
721                 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
722 {
723         struct ipsec_testsuite_params *ts = &testsuite_params;
724         struct ipsec_unitest_params *ut = &unittest_params;
725         size_t sz;
726         int rc;
727
728         memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
729
730         rc = fill_ipsec_param(replay_win_sz, flags);
731         if (rc != 0)
732                 return TEST_FAILED;
733
734         /* create rte_ipsec_sa*/
735         sz = rte_ipsec_sa_size(&ut->sa_prm);
736         TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
737
738         ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
739         TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
740                 "failed to allocate memory for rte_ipsec_sa\n");
741
742         ut->ss[j].type = action_type;
743         rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
744         if (rc != 0)
745                 return TEST_FAILED;
746
747         rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
748         rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
749         if (rc == 0)
750                 rc = rte_ipsec_session_prepare(&ut->ss[j]);
751
752         return rc;
753 }
754
755 static int
756 crypto_ipsec(uint16_t num_pkts)
757 {
758         struct ipsec_testsuite_params *ts_params = &testsuite_params;
759         struct ipsec_unitest_params *ut_params = &unittest_params;
760         uint32_t k, ng;
761         struct rte_ipsec_group grp[1];
762
763         /* call crypto prepare */
764         k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
765                 ut_params->cop, num_pkts);
766         if (k != num_pkts) {
767                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
768                 return TEST_FAILED;
769         }
770         k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
771                 ut_params->cop, num_pkts);
772         if (k != num_pkts) {
773                 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
774                 return TEST_FAILED;
775         }
776
777         k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
778                 ut_params->cop, num_pkts);
779         if (k != num_pkts) {
780                 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
781                 return TEST_FAILED;
782         }
783
784         ng = rte_ipsec_pkt_crypto_group(
785                 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
786                 ut_params->obuf, grp, num_pkts);
787         if (ng != 1 ||
788                 grp[0].m[0] != ut_params->obuf[0] ||
789                 grp[0].cnt != num_pkts ||
790                 grp[0].id.ptr != &ut_params->ss[0]) {
791                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
792                 return TEST_FAILED;
793         }
794
795         /* call crypto process */
796         k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
797         if (k != num_pkts) {
798                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
799                 return TEST_FAILED;
800         }
801
802         return TEST_SUCCESS;
803 }
804
805 static int
806 lksd_proto_ipsec(uint16_t num_pkts)
807 {
808         struct ipsec_unitest_params *ut_params = &unittest_params;
809         uint32_t i, k, ng;
810         struct rte_ipsec_group grp[1];
811
812         /* call crypto prepare */
813         k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
814                 ut_params->cop, num_pkts);
815         if (k != num_pkts) {
816                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
817                 return TEST_FAILED;
818         }
819
820         /* check crypto ops */
821         for (i = 0; i != num_pkts; i++) {
822                 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
823                         RTE_CRYPTO_OP_TYPE_SYMMETRIC,
824                         "%s: invalid crypto op type for %u-th packet\n",
825                         __func__, i);
826                 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
827                         RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
828                         "%s: invalid crypto op status for %u-th packet\n",
829                         __func__, i);
830                 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
831                         RTE_CRYPTO_OP_SECURITY_SESSION,
832                         "%s: invalid crypto op sess_type for %u-th packet\n",
833                         __func__, i);
834                 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
835                         ut_params->ibuf[i],
836                         "%s: invalid crypto op m_src for %u-th packet\n",
837                         __func__, i);
838         }
839
840         /* update crypto ops, pretend all finished ok */
841         for (i = 0; i != num_pkts; i++)
842                 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
843
844         ng = rte_ipsec_pkt_crypto_group(
845                 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
846                 ut_params->obuf, grp, num_pkts);
847         if (ng != 1 ||
848                 grp[0].m[0] != ut_params->obuf[0] ||
849                 grp[0].cnt != num_pkts ||
850                 grp[0].id.ptr != &ut_params->ss[0]) {
851                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
852                 return TEST_FAILED;
853         }
854
855         /* call crypto process */
856         k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
857         if (k != num_pkts) {
858                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
859                 return TEST_FAILED;
860         }
861
862         return TEST_SUCCESS;
863 }
864
865 static int
866 crypto_ipsec_2sa(void)
867 {
868         struct ipsec_testsuite_params *ts_params = &testsuite_params;
869         struct ipsec_unitest_params *ut_params = &unittest_params;
870         struct rte_ipsec_group grp[BURST_SIZE];
871
872         uint32_t k, ng, i, r;
873
874         for (i = 0; i < BURST_SIZE; i++) {
875                 r = i % 2;
876                 /* call crypto prepare */
877                 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
878                                 ut_params->ibuf + i, ut_params->cop + i, 1);
879                 if (k != 1) {
880                         RTE_LOG(ERR, USER1,
881                                 "rte_ipsec_pkt_crypto_prepare fail\n");
882                         return TEST_FAILED;
883                 }
884                 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
885                                 ut_params->cop + i, 1);
886                 if (k != 1) {
887                         RTE_LOG(ERR, USER1,
888                                 "rte_cryptodev_enqueue_burst fail\n");
889                         return TEST_FAILED;
890                 }
891         }
892
893         k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
894                 ut_params->cop, BURST_SIZE);
895         if (k != BURST_SIZE) {
896                 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
897                 return TEST_FAILED;
898         }
899
900         ng = rte_ipsec_pkt_crypto_group(
901                 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
902                 ut_params->obuf, grp, BURST_SIZE);
903         if (ng != BURST_SIZE) {
904                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
905                                 ng);
906                 return TEST_FAILED;
907         }
908
909         /* call crypto process */
910         for (i = 0; i < ng; i++) {
911                 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
912                 if (k != grp[i].cnt) {
913                         RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
914                         return TEST_FAILED;
915                 }
916         }
917         return TEST_SUCCESS;
918 }
919
920 #define PKT_4   4
921 #define PKT_12  12
922 #define PKT_21  21
923
924 static uint32_t
925 crypto_ipsec_4grp(uint32_t pkt_num)
926 {
927         uint32_t sa_ind;
928
929         /* group packets in 4 different size groups groups, 2 per SA */
930         if (pkt_num < PKT_4)
931                 sa_ind = 0;
932         else if (pkt_num < PKT_12)
933                 sa_ind = 1;
934         else if (pkt_num < PKT_21)
935                 sa_ind = 0;
936         else
937                 sa_ind = 1;
938
939         return sa_ind;
940 }
941
942 static uint32_t
943 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
944 {
945         struct ipsec_unitest_params *ut_params = &unittest_params;
946         uint32_t i, j;
947         uint32_t rc = 0;
948
949         if (grp_ind == 0) {
950                 for (i = 0, j = 0; i < PKT_4; i++, j++)
951                         if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
952                                 rc = TEST_FAILED;
953                                 break;
954                         }
955         } else if (grp_ind == 1) {
956                 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
957                         if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
958                                 rc = TEST_FAILED;
959                                 break;
960                         }
961                 }
962         } else if (grp_ind == 2) {
963                 for (i = 0, j =  PKT_12; i < (PKT_21 - PKT_12); i++, j++)
964                         if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
965                                 rc = TEST_FAILED;
966                                 break;
967                         }
968         } else if (grp_ind == 3) {
969                 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
970                         if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
971                                 rc = TEST_FAILED;
972                                 break;
973                         }
974         } else
975                 rc = TEST_FAILED;
976
977         return rc;
978 }
979
980 static uint32_t
981 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
982 {
983         uint32_t rc = 0;
984
985         if (grp_ind == 0) {
986                 if (grp[grp_ind].cnt != PKT_4)
987                         rc = TEST_FAILED;
988         } else if (grp_ind == 1) {
989                 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
990                         rc = TEST_FAILED;
991         } else if (grp_ind == 2) {
992                 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
993                         rc = TEST_FAILED;
994         } else if (grp_ind == 3) {
995                 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
996                         rc = TEST_FAILED;
997         } else
998                 rc = TEST_FAILED;
999
1000         return rc;
1001 }
1002
1003 static int
1004 crypto_ipsec_2sa_4grp(void)
1005 {
1006         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1007         struct ipsec_unitest_params *ut_params = &unittest_params;
1008         struct rte_ipsec_group grp[BURST_SIZE];
1009         uint32_t k, ng, i, j;
1010         uint32_t rc = 0;
1011
1012         for (i = 0; i < BURST_SIZE; i++) {
1013                 j = crypto_ipsec_4grp(i);
1014
1015                 /* call crypto prepare */
1016                 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1017                                 ut_params->ibuf + i, ut_params->cop + i, 1);
1018                 if (k != 1) {
1019                         RTE_LOG(ERR, USER1,
1020                                 "rte_ipsec_pkt_crypto_prepare fail\n");
1021                         return TEST_FAILED;
1022                 }
1023                 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1024                                 ut_params->cop + i, 1);
1025                 if (k != 1) {
1026                         RTE_LOG(ERR, USER1,
1027                                 "rte_cryptodev_enqueue_burst fail\n");
1028                         return TEST_FAILED;
1029                 }
1030         }
1031
1032         k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
1033                 ut_params->cop, BURST_SIZE);
1034         if (k != BURST_SIZE) {
1035                 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
1036                 return TEST_FAILED;
1037         }
1038
1039         ng = rte_ipsec_pkt_crypto_group(
1040                 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1041                 ut_params->obuf, grp, BURST_SIZE);
1042         if (ng != 4) {
1043                 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1044                         ng);
1045                 return TEST_FAILED;
1046         }
1047
1048         /* call crypto process */
1049         for (i = 0; i < ng; i++) {
1050                 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1051                 if (k != grp[i].cnt) {
1052                         RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
1053                         return TEST_FAILED;
1054                 }
1055                 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1056                 if (rc != 0) {
1057                         RTE_LOG(ERR, USER1,
1058                                 "crypto_ipsec_4grp_check_cnt fail\n");
1059                         return TEST_FAILED;
1060                 }
1061                 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1062                 if (rc != 0) {
1063                         RTE_LOG(ERR, USER1,
1064                                 "crypto_ipsec_4grp_check_mbufs fail\n");
1065                         return TEST_FAILED;
1066                 }
1067         }
1068         return TEST_SUCCESS;
1069 }
1070
1071 static void
1072 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1073 {
1074         struct ipsec_unitest_params *ut_params = &unittest_params;
1075         struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1076         uint16_t j;
1077
1078         /* reorder packets and create gaps in sequence numbers */
1079         static const uint32_t reorder[BURST_SIZE] = {
1080                         24, 25, 26, 27, 28, 29, 30, 31,
1081                         16, 17, 18, 19, 20, 21, 22, 23,
1082                         8, 9, 10, 11, 12, 13, 14, 15,
1083                         0, 1, 2, 3, 4, 5, 6, 7,
1084         };
1085
1086         if (num_pkts != BURST_SIZE)
1087                 return;
1088
1089         for (j = 0; j != BURST_SIZE; j++)
1090                 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1091
1092         memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1093 }
1094
1095 static int
1096 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1097 {
1098         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1099         struct ipsec_unitest_params *ut_params = &unittest_params;
1100         int rc = 0;
1101         uint16_t j;
1102
1103         for (j = 0; j < num_pkts && rc == 0; j++) {
1104                 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1105                                 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1106                 if (ut_params->cop[j] == NULL) {
1107                         RTE_LOG(ERR, USER1,
1108                                 "Failed to allocate symmetric crypto op\n");
1109                         rc = TEST_FAILED;
1110                 }
1111         }
1112
1113         return rc;
1114 }
1115
1116 static void
1117 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1118 {
1119         uint16_t j = ut_params->pkt_index;
1120
1121         printf("\ntest config: num %d\n", i);
1122         printf("        replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1123         printf("        esn %u\n", test_cfg[i].esn);
1124         printf("        flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1125         printf("        pkt_sz %zu\n", test_cfg[i].pkt_sz);
1126         printf("        num_pkts %u\n\n", test_cfg[i].num_pkts);
1127
1128         if (ut_params->ibuf[j]) {
1129                 printf("ibuf[%u] data:\n", j);
1130                 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1131                         ut_params->ibuf[j]->data_len);
1132         }
1133         if (ut_params->obuf[j]) {
1134                 printf("obuf[%u] data:\n", j);
1135                 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1136                         ut_params->obuf[j]->data_len);
1137         }
1138         if (ut_params->testbuf[j]) {
1139                 printf("testbuf[%u] data:\n", j);
1140                 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1141                         ut_params->testbuf[j]->data_len);
1142         }
1143 }
1144
1145 static void
1146 destroy_sa(uint32_t j)
1147 {
1148         struct ipsec_unitest_params *ut = &unittest_params;
1149
1150         rte_ipsec_sa_fini(ut->ss[j].sa);
1151         rte_free(ut->ss[j].sa);
1152         rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1153         memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1154 }
1155
1156 static int
1157 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1158                 uint16_t num_pkts)
1159 {
1160         uint16_t j;
1161
1162         for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1163                 ut_params->pkt_index = j;
1164
1165                 /* compare the data buffers */
1166                 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1167                         rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1168                         test_cfg[i].pkt_sz,
1169                         "input and output data does not match\n");
1170                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1171                         ut_params->obuf[j]->pkt_len,
1172                         "data_len is not equal to pkt_len");
1173                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1174                         test_cfg[i].pkt_sz,
1175                         "data_len is not equal to input data");
1176         }
1177
1178         return 0;
1179 }
1180
1181 static int
1182 test_ipsec_crypto_inb_burst_null_null(int i)
1183 {
1184         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1185         struct ipsec_unitest_params *ut_params = &unittest_params;
1186         uint16_t num_pkts = test_cfg[i].num_pkts;
1187         uint16_t j;
1188         int rc;
1189
1190         /* create rte_ipsec_sa */
1191         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1192                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1193         if (rc != 0) {
1194                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1195                         i);
1196                 return TEST_FAILED;
1197         }
1198
1199         /* Generate test mbuf data */
1200         for (j = 0; j < num_pkts && rc == 0; j++) {
1201                 /* packet with sequence number 0 is invalid */
1202                 ut_params->ibuf[j] = setup_test_string_tunneled(
1203                         ts_params->mbuf_pool, null_encrypted_data,
1204                         test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1205                 if (ut_params->ibuf[j] == NULL)
1206                         rc = TEST_FAILED;
1207         }
1208
1209         if (rc == 0) {
1210                 if (test_cfg[i].reorder_pkts)
1211                         test_ipsec_reorder_inb_pkt_burst(num_pkts);
1212                 rc = test_ipsec_crypto_op_alloc(num_pkts);
1213         }
1214
1215         if (rc == 0) {
1216                 /* call ipsec library api */
1217                 rc = crypto_ipsec(num_pkts);
1218                 if (rc == 0)
1219                         rc = crypto_inb_burst_null_null_check(
1220                                         ut_params, i, num_pkts);
1221                 else {
1222                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1223                                 i);
1224                         rc = TEST_FAILED;
1225                 }
1226         }
1227
1228         if (rc == TEST_FAILED)
1229                 test_ipsec_dump_buffers(ut_params, i);
1230
1231         destroy_sa(0);
1232         return rc;
1233 }
1234
1235 static int
1236 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1237 {
1238         int i;
1239         int rc = 0;
1240         struct ipsec_unitest_params *ut_params = &unittest_params;
1241
1242         ut_params->ipsec_xform.spi = INBOUND_SPI;
1243         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1244         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1245         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1246         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1247
1248         for (i = 0; i < num_cfg && rc == 0; i++) {
1249                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1250                 rc = test_ipsec_crypto_inb_burst_null_null(i);
1251         }
1252
1253         return rc;
1254 }
1255
1256 static int
1257 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1258         uint16_t num_pkts)
1259 {
1260         void *obuf_data;
1261         void *testbuf_data;
1262         uint16_t j;
1263
1264         for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1265                 ut_params->pkt_index = j;
1266
1267                 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1268                 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1269                 /* compare the buffer data */
1270                 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1271                         ut_params->obuf[j]->pkt_len,
1272                         "test and output data does not match\n");
1273                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1274                         ut_params->testbuf[j]->data_len,
1275                         "obuf data_len is not equal to testbuf data_len");
1276                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1277                         ut_params->testbuf[j]->pkt_len,
1278                         "obuf pkt_len is not equal to testbuf pkt_len");
1279         }
1280
1281         return 0;
1282 }
1283
1284 static int
1285 test_ipsec_crypto_outb_burst_null_null(int i)
1286 {
1287         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1288         struct ipsec_unitest_params *ut_params = &unittest_params;
1289         uint16_t num_pkts = test_cfg[i].num_pkts;
1290         uint16_t j;
1291         int32_t rc;
1292
1293         /* create rte_ipsec_sa*/
1294         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1295                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1296         if (rc != 0) {
1297                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1298                         i);
1299                 return TEST_FAILED;
1300         }
1301
1302         /* Generate input mbuf data */
1303         for (j = 0; j < num_pkts && rc == 0; j++) {
1304                 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1305                         null_plain_data, test_cfg[i].pkt_sz, 0);
1306                 if (ut_params->ibuf[j] == NULL)
1307                         rc = TEST_FAILED;
1308                 else {
1309                         /* Generate test mbuf data */
1310                         /* packet with sequence number 0 is invalid */
1311                         ut_params->testbuf[j] = setup_test_string_tunneled(
1312                                         ts_params->mbuf_pool,
1313                                         null_plain_data, test_cfg[i].pkt_sz,
1314                                         OUTBOUND_SPI, j + 1);
1315                         if (ut_params->testbuf[j] == NULL)
1316                                 rc = TEST_FAILED;
1317                 }
1318         }
1319
1320         if (rc == 0)
1321                 rc = test_ipsec_crypto_op_alloc(num_pkts);
1322
1323         if (rc == 0) {
1324                 /* call ipsec library api */
1325                 rc = crypto_ipsec(num_pkts);
1326                 if (rc == 0)
1327                         rc = crypto_outb_burst_null_null_check(ut_params,
1328                                         num_pkts);
1329                 else
1330                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1331                                 i);
1332         }
1333
1334         if (rc == TEST_FAILED)
1335                 test_ipsec_dump_buffers(ut_params, i);
1336
1337         destroy_sa(0);
1338         return rc;
1339 }
1340
1341 static int
1342 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1343 {
1344         int i;
1345         int rc = 0;
1346         struct ipsec_unitest_params *ut_params = &unittest_params;
1347
1348         ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1349         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1350         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1351         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1352         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1353
1354         for (i = 0; i < num_cfg && rc == 0; i++) {
1355                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1356                 rc = test_ipsec_crypto_outb_burst_null_null(i);
1357         }
1358
1359         return rc;
1360 }
1361
1362 static int
1363 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1364         uint16_t num_pkts)
1365 {
1366         void *ibuf_data;
1367         void *obuf_data;
1368         uint16_t j;
1369
1370         for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1371                 ut_params->pkt_index = j;
1372
1373                 /* compare the buffer data */
1374                 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1375                 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1376
1377                 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1378                         ut_params->ibuf[j]->data_len,
1379                         "input and output data does not match\n");
1380                 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1381                         ut_params->obuf[j]->data_len,
1382                         "ibuf data_len is not equal to obuf data_len");
1383                 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1384                         ut_params->obuf[j]->pkt_len,
1385                         "ibuf pkt_len is not equal to obuf pkt_len");
1386                 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1387                         test_cfg[i].pkt_sz,
1388                         "data_len is not equal input data");
1389         }
1390         return 0;
1391 }
1392
1393 static int
1394 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1395 {
1396         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1397         struct ipsec_unitest_params *ut_params = &unittest_params;
1398         uint16_t num_pkts = test_cfg[i].num_pkts;
1399         uint16_t j;
1400         int32_t rc;
1401         uint32_t n;
1402
1403         /* create rte_ipsec_sa*/
1404         rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1405                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1406         if (rc != 0) {
1407                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1408                         i);
1409                 return TEST_FAILED;
1410         }
1411
1412         /* Generate inbound mbuf data */
1413         for (j = 0; j < num_pkts && rc == 0; j++) {
1414                 ut_params->ibuf[j] = setup_test_string_tunneled(
1415                         ts_params->mbuf_pool,
1416                         null_plain_data, test_cfg[i].pkt_sz,
1417                         INBOUND_SPI, j + 1);
1418                 if (ut_params->ibuf[j] == NULL)
1419                         rc = TEST_FAILED;
1420                 else {
1421                         /* Generate test mbuf data */
1422                         ut_params->obuf[j] = setup_test_string(
1423                                 ts_params->mbuf_pool,
1424                                 null_plain_data, test_cfg[i].pkt_sz, 0);
1425                         if (ut_params->obuf[j] == NULL)
1426                                 rc = TEST_FAILED;
1427                 }
1428         }
1429
1430         if (rc == 0) {
1431                 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1432                                 num_pkts);
1433                 if (n == num_pkts)
1434                         rc = inline_inb_burst_null_null_check(ut_params, i,
1435                                         num_pkts);
1436                 else {
1437                         RTE_LOG(ERR, USER1,
1438                                 "rte_ipsec_pkt_process failed, cfg %d\n",
1439                                 i);
1440                         rc = TEST_FAILED;
1441                 }
1442         }
1443
1444         if (rc == TEST_FAILED)
1445                 test_ipsec_dump_buffers(ut_params, i);
1446
1447         destroy_sa(0);
1448         return rc;
1449 }
1450
1451 static int
1452 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1453 {
1454         int i;
1455         int rc = 0;
1456         struct ipsec_unitest_params *ut_params = &unittest_params;
1457
1458         ut_params->ipsec_xform.spi = INBOUND_SPI;
1459         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1460         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1461         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1462         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1463
1464         for (i = 0; i < num_cfg && rc == 0; i++) {
1465                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1466                 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1467         }
1468
1469         return rc;
1470 }
1471
1472 static int
1473 test_ipsec_inline_proto_inb_burst_null_null(int i)
1474 {
1475         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1476         struct ipsec_unitest_params *ut_params = &unittest_params;
1477         uint16_t num_pkts = test_cfg[i].num_pkts;
1478         uint16_t j;
1479         int32_t rc;
1480         uint32_t n;
1481
1482         /* create rte_ipsec_sa*/
1483         rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1484                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1485         if (rc != 0) {
1486                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1487                         i);
1488                 return TEST_FAILED;
1489         }
1490
1491         /* Generate inbound mbuf data */
1492         for (j = 0; j < num_pkts && rc == 0; j++) {
1493                 ut_params->ibuf[j] = setup_test_string(
1494                         ts_params->mbuf_pool,
1495                         null_plain_data, test_cfg[i].pkt_sz, 0);
1496                 if (ut_params->ibuf[j] == NULL)
1497                         rc = TEST_FAILED;
1498                 else {
1499                         /* Generate test mbuf data */
1500                         ut_params->obuf[j] = setup_test_string(
1501                                 ts_params->mbuf_pool,
1502                                 null_plain_data, test_cfg[i].pkt_sz, 0);
1503                         if (ut_params->obuf[j] == NULL)
1504                                 rc = TEST_FAILED;
1505                 }
1506         }
1507
1508         if (rc == 0) {
1509                 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1510                                 num_pkts);
1511                 if (n == num_pkts)
1512                         rc = inline_inb_burst_null_null_check(ut_params, i,
1513                                         num_pkts);
1514                 else {
1515                         RTE_LOG(ERR, USER1,
1516                                 "rte_ipsec_pkt_process failed, cfg %d\n",
1517                                 i);
1518                         rc = TEST_FAILED;
1519                 }
1520         }
1521
1522         if (rc == TEST_FAILED)
1523                 test_ipsec_dump_buffers(ut_params, i);
1524
1525         destroy_sa(0);
1526         return rc;
1527 }
1528
1529 static int
1530 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1531 {
1532         int i;
1533         int rc = 0;
1534         struct ipsec_unitest_params *ut_params = &unittest_params;
1535
1536         ut_params->ipsec_xform.spi = INBOUND_SPI;
1537         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1538         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1539         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1540         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1541
1542         for (i = 0; i < num_cfg && rc == 0; i++) {
1543                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1544                 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1545         }
1546
1547         return rc;
1548 }
1549
1550 static int
1551 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1552         uint16_t num_pkts)
1553 {
1554         void *obuf_data;
1555         void *ibuf_data;
1556         uint16_t j;
1557
1558         for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1559                 ut_params->pkt_index = j;
1560
1561                 /* compare the buffer data */
1562                 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1563                 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1564                 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1565                         ut_params->ibuf[j]->data_len,
1566                         "input and output data does not match\n");
1567                 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1568                         ut_params->obuf[j]->data_len,
1569                         "ibuf data_len is not equal to obuf data_len");
1570                 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1571                         ut_params->obuf[j]->pkt_len,
1572                         "ibuf pkt_len is not equal to obuf pkt_len");
1573
1574                 /* check mbuf ol_flags */
1575                 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1576                         "ibuf PKT_TX_SEC_OFFLOAD is not set");
1577         }
1578         return 0;
1579 }
1580
1581 static int
1582 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1583 {
1584         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1585         struct ipsec_unitest_params *ut_params = &unittest_params;
1586         uint16_t num_pkts = test_cfg[i].num_pkts;
1587         uint16_t j;
1588         int32_t rc;
1589         uint32_t n;
1590
1591         /* create rte_ipsec_sa */
1592         rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1593                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1594         if (rc != 0) {
1595                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1596                         i);
1597                 return TEST_FAILED;
1598         }
1599
1600         /* Generate test mbuf data */
1601         for (j = 0; j < num_pkts && rc == 0; j++) {
1602                 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1603                         null_plain_data, test_cfg[i].pkt_sz, 0);
1604                 if (ut_params->ibuf[0] == NULL)
1605                         rc = TEST_FAILED;
1606
1607                 if (rc == 0) {
1608                         /* Generate test tunneled mbuf data for comparison */
1609                         ut_params->obuf[j] = setup_test_string_tunneled(
1610                                         ts_params->mbuf_pool,
1611                                         null_plain_data, test_cfg[i].pkt_sz,
1612                                         OUTBOUND_SPI, j + 1);
1613                         if (ut_params->obuf[j] == NULL)
1614                                 rc = TEST_FAILED;
1615                 }
1616         }
1617
1618         if (rc == 0) {
1619                 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1620                                 num_pkts);
1621                 if (n == num_pkts)
1622                         rc = inline_outb_burst_null_null_check(ut_params,
1623                                         num_pkts);
1624                 else {
1625                         RTE_LOG(ERR, USER1,
1626                                 "rte_ipsec_pkt_process failed, cfg %d\n",
1627                                 i);
1628                         rc = TEST_FAILED;
1629                 }
1630         }
1631
1632         if (rc == TEST_FAILED)
1633                 test_ipsec_dump_buffers(ut_params, i);
1634
1635         destroy_sa(0);
1636         return rc;
1637 }
1638
1639 static int
1640 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1641 {
1642         int i;
1643         int rc = 0;
1644         struct ipsec_unitest_params *ut_params = &unittest_params;
1645
1646         ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1647         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1648         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1649         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1650         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1651
1652         for (i = 0; i < num_cfg && rc == 0; i++) {
1653                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1654                 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1655         }
1656
1657         return rc;
1658 }
1659
1660 static int
1661 test_ipsec_inline_proto_outb_burst_null_null(int i)
1662 {
1663         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1664         struct ipsec_unitest_params *ut_params = &unittest_params;
1665         uint16_t num_pkts = test_cfg[i].num_pkts;
1666         uint16_t j;
1667         int32_t rc;
1668         uint32_t n;
1669
1670         /* create rte_ipsec_sa */
1671         rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1672                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1673         if (rc != 0) {
1674                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1675                         i);
1676                 return TEST_FAILED;
1677         }
1678
1679         /* Generate test mbuf data */
1680         for (j = 0; j < num_pkts && rc == 0; j++) {
1681                 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1682                         null_plain_data, test_cfg[i].pkt_sz, 0);
1683                 if (ut_params->ibuf[0] == NULL)
1684                         rc = TEST_FAILED;
1685
1686                 if (rc == 0) {
1687                         /* Generate test tunneled mbuf data for comparison */
1688                         ut_params->obuf[j] = setup_test_string(
1689                                         ts_params->mbuf_pool,
1690                                         null_plain_data, test_cfg[i].pkt_sz, 0);
1691                         if (ut_params->obuf[j] == NULL)
1692                                 rc = TEST_FAILED;
1693                 }
1694         }
1695
1696         if (rc == 0) {
1697                 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1698                                 num_pkts);
1699                 if (n == num_pkts)
1700                         rc = inline_outb_burst_null_null_check(ut_params,
1701                                         num_pkts);
1702                 else {
1703                         RTE_LOG(ERR, USER1,
1704                                 "rte_ipsec_pkt_process failed, cfg %d\n",
1705                                 i);
1706                         rc = TEST_FAILED;
1707                 }
1708         }
1709
1710         if (rc == TEST_FAILED)
1711                 test_ipsec_dump_buffers(ut_params, i);
1712
1713         destroy_sa(0);
1714         return rc;
1715 }
1716
1717 static int
1718 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1719 {
1720         int i;
1721         int rc = 0;
1722         struct ipsec_unitest_params *ut_params = &unittest_params;
1723
1724         ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1725         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1726         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1727         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1728         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1729
1730         for (i = 0; i < num_cfg && rc == 0; i++) {
1731                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1732                 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1733         }
1734
1735         return rc;
1736 }
1737
1738 static int
1739 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1740 {
1741         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1742         struct ipsec_unitest_params *ut_params = &unittest_params;
1743         uint16_t num_pkts = test_cfg[i].num_pkts;
1744         uint16_t j;
1745         int rc;
1746
1747         /* create rte_ipsec_sa */
1748         rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1749                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1750         if (rc != 0) {
1751                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1752                         i);
1753                 return TEST_FAILED;
1754         }
1755
1756         /* Generate test mbuf data */
1757         for (j = 0; j < num_pkts && rc == 0; j++) {
1758                 /* packet with sequence number 0 is invalid */
1759                 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1760                         null_encrypted_data, test_cfg[i].pkt_sz, 0);
1761                 if (ut_params->ibuf[j] == NULL)
1762                         rc = TEST_FAILED;
1763         }
1764
1765         if (rc == 0) {
1766                 if (test_cfg[i].reorder_pkts)
1767                         test_ipsec_reorder_inb_pkt_burst(num_pkts);
1768                 rc = test_ipsec_crypto_op_alloc(num_pkts);
1769         }
1770
1771         if (rc == 0) {
1772                 /* call ipsec library api */
1773                 rc = lksd_proto_ipsec(num_pkts);
1774                 if (rc == 0)
1775                         rc = crypto_inb_burst_null_null_check(ut_params, i,
1776                                         num_pkts);
1777                 else {
1778                         RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1779                                 __func__, i);
1780                         rc = TEST_FAILED;
1781                 }
1782         }
1783
1784         if (rc == TEST_FAILED)
1785                 test_ipsec_dump_buffers(ut_params, i);
1786
1787         destroy_sa(0);
1788         return rc;
1789 }
1790
1791 static int
1792 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1793 {
1794         int i;
1795         int rc = 0;
1796         struct ipsec_unitest_params *ut_params = &unittest_params;
1797
1798         ut_params->ipsec_xform.spi = INBOUND_SPI;
1799         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1800         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1801         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1802         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1803
1804         for (i = 0; i < num_cfg && rc == 0; i++) {
1805                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1806                 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1807         }
1808
1809         return rc;
1810 }
1811
1812 static int
1813 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1814 {
1815         int i;
1816         int rc = 0;
1817         struct ipsec_unitest_params *ut_params = &unittest_params;
1818
1819         ut_params->ipsec_xform.spi = INBOUND_SPI;
1820         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1821         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1822         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1823         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1824
1825         for (i = 0; i < num_cfg && rc == 0; i++) {
1826                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1827                 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1828         }
1829
1830         return rc;
1831 }
1832
1833 static int
1834 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1835         int num_pkts)
1836 {
1837         uint16_t j;
1838
1839         for (j = 0; j < num_pkts; j++) {
1840                 /* compare the buffer data */
1841                 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1842                         rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1843                         test_cfg[i].pkt_sz,
1844                         "input and output data does not match\n");
1845
1846                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1847                         ut_params->obuf[j]->pkt_len,
1848                         "data_len is not equal to pkt_len");
1849         }
1850
1851         return 0;
1852 }
1853
1854 static int
1855 test_ipsec_replay_inb_inside_null_null(int i)
1856 {
1857         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1858         struct ipsec_unitest_params *ut_params = &unittest_params;
1859         int rc;
1860
1861         /* create rte_ipsec_sa*/
1862         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1863                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1864         if (rc != 0) {
1865                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1866                         i);
1867                 return TEST_FAILED;
1868         }
1869
1870         /* Generate inbound mbuf data */
1871         ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1872                 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1873         if (ut_params->ibuf[0] == NULL)
1874                 rc = TEST_FAILED;
1875         else
1876                 rc = test_ipsec_crypto_op_alloc(1);
1877
1878         if (rc == 0) {
1879                 /* call ipsec library api */
1880                 rc = crypto_ipsec(1);
1881                 if (rc == 0)
1882                         rc = replay_inb_null_null_check(ut_params, i, 1);
1883                 else {
1884                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1885                                         i);
1886                         rc = TEST_FAILED;
1887                 }
1888         }
1889
1890         if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1891                 /* generate packet with seq number inside the replay window */
1892                 if (ut_params->ibuf[0]) {
1893                         rte_pktmbuf_free(ut_params->ibuf[0]);
1894                         ut_params->ibuf[0] = 0;
1895                 }
1896
1897                 ut_params->ibuf[0] = setup_test_string_tunneled(
1898                         ts_params->mbuf_pool, null_encrypted_data,
1899                         test_cfg[i].pkt_sz, INBOUND_SPI,
1900                         test_cfg[i].replay_win_sz);
1901                 if (ut_params->ibuf[0] == NULL)
1902                         rc = TEST_FAILED;
1903                 else
1904                         rc = test_ipsec_crypto_op_alloc(1);
1905
1906                 if (rc == 0) {
1907                         /* call ipsec library api */
1908                         rc = crypto_ipsec(1);
1909                         if (rc == 0)
1910                                 rc = replay_inb_null_null_check(
1911                                                 ut_params, i, 1);
1912                         else {
1913                                 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1914                                 rc = TEST_FAILED;
1915                         }
1916                 }
1917         }
1918
1919         if (rc == TEST_FAILED)
1920                 test_ipsec_dump_buffers(ut_params, i);
1921
1922         destroy_sa(0);
1923
1924         return rc;
1925 }
1926
1927 static int
1928 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1929 {
1930         int i;
1931         int rc = 0;
1932         struct ipsec_unitest_params *ut_params = &unittest_params;
1933
1934         ut_params->ipsec_xform.spi = INBOUND_SPI;
1935         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1936         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1937         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1938         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1939
1940         for (i = 0; i < num_cfg && rc == 0; i++) {
1941                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1942                 rc = test_ipsec_replay_inb_inside_null_null(i);
1943         }
1944
1945         return rc;
1946 }
1947
1948 static int
1949 test_ipsec_replay_inb_outside_null_null(int i)
1950 {
1951         struct ipsec_testsuite_params *ts_params = &testsuite_params;
1952         struct ipsec_unitest_params *ut_params = &unittest_params;
1953         int rc;
1954
1955         /* create rte_ipsec_sa */
1956         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1957                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1958         if (rc != 0) {
1959                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1960                         i);
1961                 return TEST_FAILED;
1962         }
1963
1964         /* Generate test mbuf data */
1965         ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1966                 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
1967                 test_cfg[i].replay_win_sz + 2);
1968         if (ut_params->ibuf[0] == NULL)
1969                 rc = TEST_FAILED;
1970         else
1971                 rc = test_ipsec_crypto_op_alloc(1);
1972
1973         if (rc == 0) {
1974                 /* call ipsec library api */
1975                 rc = crypto_ipsec(1);
1976                 if (rc == 0)
1977                         rc = replay_inb_null_null_check(ut_params, i, 1);
1978                 else {
1979                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1980                                         i);
1981                         rc = TEST_FAILED;
1982                 }
1983         }
1984
1985         if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1986                 /* generate packet with seq number outside the replay window */
1987                 if (ut_params->ibuf[0]) {
1988                         rte_pktmbuf_free(ut_params->ibuf[0]);
1989                         ut_params->ibuf[0] = 0;
1990                 }
1991                 ut_params->ibuf[0] = setup_test_string_tunneled(
1992                         ts_params->mbuf_pool, null_encrypted_data,
1993                         test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1994                 if (ut_params->ibuf[0] == NULL)
1995                         rc = TEST_FAILED;
1996                 else
1997                         rc = test_ipsec_crypto_op_alloc(1);
1998
1999                 if (rc == 0) {
2000                         /* call ipsec library api */
2001                         rc = crypto_ipsec(1);
2002                         if (rc == 0) {
2003                                 if (test_cfg[i].esn == 0) {
2004                                         RTE_LOG(ERR, USER1,
2005                                                 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2006                                                 i,
2007                                                 test_cfg[i].replay_win_sz + 2,
2008                                                 1);
2009                                         rc = TEST_FAILED;
2010                                 }
2011                         } else {
2012                                 RTE_LOG(ERR, USER1,
2013                                         "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2014                                         i, test_cfg[i].replay_win_sz + 2, 1);
2015                                 rc = 0;
2016                         }
2017                 }
2018         }
2019
2020         if (rc == TEST_FAILED)
2021                 test_ipsec_dump_buffers(ut_params, i);
2022
2023         destroy_sa(0);
2024
2025         return rc;
2026 }
2027
2028 static int
2029 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2030 {
2031         int i;
2032         int rc = 0;
2033         struct ipsec_unitest_params *ut_params = &unittest_params;
2034
2035         ut_params->ipsec_xform.spi = INBOUND_SPI;
2036         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2037         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2038         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2039         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2040
2041         for (i = 0; i < num_cfg && rc == 0; i++) {
2042                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2043                 rc = test_ipsec_replay_inb_outside_null_null(i);
2044         }
2045
2046         return rc;
2047 }
2048
2049 static int
2050 test_ipsec_replay_inb_repeat_null_null(int i)
2051 {
2052         struct ipsec_testsuite_params *ts_params = &testsuite_params;
2053         struct ipsec_unitest_params *ut_params = &unittest_params;
2054         int rc;
2055
2056         /* create rte_ipsec_sa */
2057         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2058                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2059         if (rc != 0) {
2060                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n", i);
2061                 return TEST_FAILED;
2062         }
2063
2064         /* Generate test mbuf data */
2065         ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2066                 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2067         if (ut_params->ibuf[0] == NULL)
2068                 rc = TEST_FAILED;
2069         else
2070                 rc = test_ipsec_crypto_op_alloc(1);
2071
2072         if (rc == 0) {
2073                 /* call ipsec library api */
2074                 rc = crypto_ipsec(1);
2075                 if (rc == 0)
2076                         rc = replay_inb_null_null_check(ut_params, i, 1);
2077                 else {
2078                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2079                                         i);
2080                         rc = TEST_FAILED;
2081                 }
2082         }
2083
2084         if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2085                 /*
2086                  * generate packet with repeat seq number in the replay
2087                  * window
2088                  */
2089                 if (ut_params->ibuf[0]) {
2090                         rte_pktmbuf_free(ut_params->ibuf[0]);
2091                         ut_params->ibuf[0] = 0;
2092                 }
2093
2094                 ut_params->ibuf[0] = setup_test_string_tunneled(
2095                         ts_params->mbuf_pool, null_encrypted_data,
2096                         test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2097                 if (ut_params->ibuf[0] == NULL)
2098                         rc = TEST_FAILED;
2099                 else
2100                         rc = test_ipsec_crypto_op_alloc(1);
2101
2102                 if (rc == 0) {
2103                         /* call ipsec library api */
2104                         rc = crypto_ipsec(1);
2105                         if (rc == 0) {
2106                                 RTE_LOG(ERR, USER1,
2107                                         "packet is not repeated in the replay window, cfg %d seq %u\n",
2108                                         i, 1);
2109                                 rc = TEST_FAILED;
2110                         } else {
2111                                 RTE_LOG(ERR, USER1,
2112                                         "packet is repeated in the replay window, cfg %d seq %u\n",
2113                                         i, 1);
2114                                 rc = 0;
2115                         }
2116                 }
2117         }
2118
2119         if (rc == TEST_FAILED)
2120                 test_ipsec_dump_buffers(ut_params, i);
2121
2122         destroy_sa(0);
2123
2124         return rc;
2125 }
2126
2127 static int
2128 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2129 {
2130         int i;
2131         int rc = 0;
2132         struct ipsec_unitest_params *ut_params = &unittest_params;
2133
2134         ut_params->ipsec_xform.spi = INBOUND_SPI;
2135         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2136         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2137         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2138         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2139
2140         for (i = 0; i < num_cfg && rc == 0; i++) {
2141                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2142                 rc = test_ipsec_replay_inb_repeat_null_null(i);
2143         }
2144
2145         return rc;
2146 }
2147
2148 static int
2149 test_ipsec_replay_inb_inside_burst_null_null(int i)
2150 {
2151         struct ipsec_testsuite_params *ts_params = &testsuite_params;
2152         struct ipsec_unitest_params *ut_params = &unittest_params;
2153         uint16_t num_pkts = test_cfg[i].num_pkts;
2154         int rc;
2155         int j;
2156
2157         /* create rte_ipsec_sa*/
2158         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2159                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2160         if (rc != 0) {
2161                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2162                         i);
2163                 return TEST_FAILED;
2164         }
2165
2166         /* Generate inbound mbuf data */
2167         ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2168                 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2169         if (ut_params->ibuf[0] == NULL)
2170                 rc = TEST_FAILED;
2171         else
2172                 rc = test_ipsec_crypto_op_alloc(1);
2173
2174         if (rc == 0) {
2175                 /* call ipsec library api */
2176                 rc = crypto_ipsec(1);
2177                 if (rc == 0)
2178                         rc = replay_inb_null_null_check(ut_params, i, 1);
2179                 else {
2180                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2181                                         i);
2182                         rc = TEST_FAILED;
2183                 }
2184         }
2185
2186         if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2187                 /*
2188                  *  generate packet(s) with seq number(s) inside the
2189                  *  replay window
2190                  */
2191                 if (ut_params->ibuf[0]) {
2192                         rte_pktmbuf_free(ut_params->ibuf[0]);
2193                         ut_params->ibuf[0] = 0;
2194                 }
2195
2196                 for (j = 0; j < num_pkts && rc == 0; j++) {
2197                         /* packet with sequence number 1 already processed */
2198                         ut_params->ibuf[j] = setup_test_string_tunneled(
2199                                 ts_params->mbuf_pool, null_encrypted_data,
2200                                 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2201                         if (ut_params->ibuf[j] == NULL)
2202                                 rc = TEST_FAILED;
2203                 }
2204
2205                 if (rc == 0) {
2206                         if (test_cfg[i].reorder_pkts)
2207                                 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2208                         rc = test_ipsec_crypto_op_alloc(num_pkts);
2209                 }
2210
2211                 if (rc == 0) {
2212                         /* call ipsec library api */
2213                         rc = crypto_ipsec(num_pkts);
2214                         if (rc == 0)
2215                                 rc = replay_inb_null_null_check(
2216                                                 ut_params, i, num_pkts);
2217                         else {
2218                                 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2219                                 rc = TEST_FAILED;
2220                         }
2221                 }
2222         }
2223
2224         if (rc == TEST_FAILED)
2225                 test_ipsec_dump_buffers(ut_params, i);
2226
2227         destroy_sa(0);
2228
2229         return rc;
2230 }
2231
2232 static int
2233 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2234 {
2235         int i;
2236         int rc = 0;
2237         struct ipsec_unitest_params *ut_params = &unittest_params;
2238
2239         ut_params->ipsec_xform.spi = INBOUND_SPI;
2240         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2241         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2242         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2243         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2244
2245         for (i = 0; i < num_cfg && rc == 0; i++) {
2246                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2247                 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2248         }
2249
2250         return rc;
2251 }
2252
2253
2254 static int
2255 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2256                 int i)
2257 {
2258         uint16_t j;
2259
2260         for (j = 0; j < BURST_SIZE; j++) {
2261                 ut_params->pkt_index = j;
2262
2263                 /* compare the data buffers */
2264                 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2265                         rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2266                         test_cfg[i].pkt_sz,
2267                         "input and output data does not match\n");
2268                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2269                         ut_params->obuf[j]->pkt_len,
2270                         "data_len is not equal to pkt_len");
2271                 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2272                         test_cfg[i].pkt_sz,
2273                         "data_len is not equal to input data");
2274         }
2275
2276         return 0;
2277 }
2278
2279 static int
2280 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2281 {
2282         struct ipsec_testsuite_params *ts_params = &testsuite_params;
2283         struct ipsec_unitest_params *ut_params = &unittest_params;
2284         uint16_t num_pkts = test_cfg[i].num_pkts;
2285         uint16_t j, r;
2286         int rc = 0;
2287
2288         if (num_pkts != BURST_SIZE)
2289                 return rc;
2290
2291         /* create rte_ipsec_sa */
2292         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2293                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2294         if (rc != 0) {
2295                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2296                         i);
2297                 return TEST_FAILED;
2298         }
2299
2300         /* create second rte_ipsec_sa */
2301         ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2302         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2303                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2304         if (rc != 0) {
2305                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2306                         i);
2307                 destroy_sa(0);
2308                 return TEST_FAILED;
2309         }
2310
2311         /* Generate test mbuf data */
2312         for (j = 0; j < num_pkts && rc == 0; j++) {
2313                 r = j % 2;
2314                 /* packet with sequence number 0 is invalid */
2315                 ut_params->ibuf[j] = setup_test_string_tunneled(
2316                         ts_params->mbuf_pool, null_encrypted_data,
2317                         test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2318                 if (ut_params->ibuf[j] == NULL)
2319                         rc = TEST_FAILED;
2320         }
2321
2322         if (rc == 0)
2323                 rc = test_ipsec_crypto_op_alloc(num_pkts);
2324
2325         if (rc == 0) {
2326                 /* call ipsec library api */
2327                 rc = crypto_ipsec_2sa();
2328                 if (rc == 0)
2329                         rc = crypto_inb_burst_2sa_null_null_check(
2330                                         ut_params, i);
2331                 else {
2332                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2333                                 i);
2334                         rc = TEST_FAILED;
2335                 }
2336         }
2337
2338         if (rc == TEST_FAILED)
2339                 test_ipsec_dump_buffers(ut_params, i);
2340
2341         destroy_sa(0);
2342         destroy_sa(1);
2343         return rc;
2344 }
2345
2346 static int
2347 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2348 {
2349         int i;
2350         int rc = 0;
2351         struct ipsec_unitest_params *ut_params = &unittest_params;
2352
2353         ut_params->ipsec_xform.spi = INBOUND_SPI;
2354         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2355         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2356         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2357         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2358
2359         for (i = 0; i < num_cfg && rc == 0; i++) {
2360                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2361                 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2362         }
2363
2364         return rc;
2365 }
2366
2367 static int
2368 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2369 {
2370         struct ipsec_testsuite_params *ts_params = &testsuite_params;
2371         struct ipsec_unitest_params *ut_params = &unittest_params;
2372         uint16_t num_pkts = test_cfg[i].num_pkts;
2373         uint16_t j, k;
2374         int rc = 0;
2375
2376         if (num_pkts != BURST_SIZE)
2377                 return rc;
2378
2379         /* create rte_ipsec_sa */
2380         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2381                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2382         if (rc != 0) {
2383                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2384                         i);
2385                 return TEST_FAILED;
2386         }
2387
2388         /* create second rte_ipsec_sa */
2389         ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2390         rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2391                         test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2392         if (rc != 0) {
2393                 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2394                         i);
2395                 destroy_sa(0);
2396                 return TEST_FAILED;
2397         }
2398
2399         /* Generate test mbuf data */
2400         for (j = 0; j < num_pkts && rc == 0; j++) {
2401                 k = crypto_ipsec_4grp(j);
2402
2403                 /* packet with sequence number 0 is invalid */
2404                 ut_params->ibuf[j] = setup_test_string_tunneled(
2405                         ts_params->mbuf_pool, null_encrypted_data,
2406                         test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2407                 if (ut_params->ibuf[j] == NULL)
2408                         rc = TEST_FAILED;
2409         }
2410
2411         if (rc == 0)
2412                 rc = test_ipsec_crypto_op_alloc(num_pkts);
2413
2414         if (rc == 0) {
2415                 /* call ipsec library api */
2416                 rc = crypto_ipsec_2sa_4grp();
2417                 if (rc == 0)
2418                         rc = crypto_inb_burst_2sa_null_null_check(
2419                                         ut_params, i);
2420                 else {
2421                         RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2422                                 i);
2423                         rc = TEST_FAILED;
2424                 }
2425         }
2426
2427         if (rc == TEST_FAILED)
2428                 test_ipsec_dump_buffers(ut_params, i);
2429
2430         destroy_sa(0);
2431         destroy_sa(1);
2432         return rc;
2433 }
2434
2435 static int
2436 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2437 {
2438         int i;
2439         int rc = 0;
2440         struct ipsec_unitest_params *ut_params = &unittest_params;
2441
2442         ut_params->ipsec_xform.spi = INBOUND_SPI;
2443         ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2444         ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2445         ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2446         ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2447
2448         for (i = 0; i < num_cfg && rc == 0; i++) {
2449                 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2450                 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2451         }
2452
2453         return rc;
2454 }
2455
2456 static struct unit_test_suite ipsec_testsuite  = {
2457         .suite_name = "IPsec NULL Unit Test Suite",
2458         .setup = testsuite_setup,
2459         .teardown = testsuite_teardown,
2460         .unit_test_cases = {
2461                 TEST_CASE_ST(ut_setup, ut_teardown,
2462                         test_ipsec_crypto_inb_burst_null_null_wrapper),
2463                 TEST_CASE_ST(ut_setup, ut_teardown,
2464                         test_ipsec_crypto_outb_burst_null_null_wrapper),
2465                 TEST_CASE_ST(ut_setup, ut_teardown,
2466                         test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2467                 TEST_CASE_ST(ut_setup, ut_teardown,
2468                         test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2469                 TEST_CASE_ST(ut_setup, ut_teardown,
2470                         test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2471                 TEST_CASE_ST(ut_setup, ut_teardown,
2472                         test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2473                 TEST_CASE_ST(ut_setup, ut_teardown,
2474                         test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2475                 TEST_CASE_ST(ut_setup, ut_teardown,
2476                         test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2477                 TEST_CASE_ST(ut_setup, ut_teardown,
2478                         test_ipsec_replay_inb_inside_null_null_wrapper),
2479                 TEST_CASE_ST(ut_setup, ut_teardown,
2480                         test_ipsec_replay_inb_outside_null_null_wrapper),
2481                 TEST_CASE_ST(ut_setup, ut_teardown,
2482                         test_ipsec_replay_inb_repeat_null_null_wrapper),
2483                 TEST_CASE_ST(ut_setup, ut_teardown,
2484                         test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2485                 TEST_CASE_ST(ut_setup, ut_teardown,
2486                         test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2487                 TEST_CASE_ST(ut_setup, ut_teardown,
2488                         test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2489                 TEST_CASES_END() /**< NULL terminate unit test array */
2490         }
2491 };
2492
2493 static int
2494 test_ipsec(void)
2495 {
2496         return unit_test_suite_runner(&ipsec_testsuite);
2497 }
2498
2499 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);