1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
10 #include <rte_malloc.h>
11 #include <rte_memcpy.h>
12 #include <rte_pause.h>
13 #include <rte_bus_vdev.h>
16 #include <rte_crypto.h>
17 #include <rte_cryptodev.h>
18 #include <rte_cryptodev_pmd.h>
19 #include <rte_lcore.h>
20 #include <rte_ipsec.h>
21 #include <rte_random.h>
23 #include <rte_security_driver.h>
26 #include "test_cryptodev.h"
28 #define VDEV_ARGS_SIZE 100
29 #define MAX_NB_SESSIONS 100
31 #define REPLAY_WIN_0 0
32 #define REPLAY_WIN_32 32
33 #define REPLAY_WIN_64 64
34 #define REPLAY_WIN_128 128
35 #define REPLAY_WIN_256 256
36 #define DATA_64_BYTES 64
37 #define DATA_80_BYTES 80
38 #define DATA_100_BYTES 100
40 #define ESN_DISABLED 0
42 #define OUTBOUND_SPI 17
44 #define REORDER_PKTS 1
47 enum rte_crypto_sym_xform_type auth;
48 enum rte_crypto_sym_xform_type cipher;
49 enum rte_crypto_sym_xform_type aead;
52 char cipher_algo[128];
56 struct ipsec_testsuite_params {
57 struct rte_mempool *mbuf_pool;
58 struct rte_mempool *cop_mpool;
59 struct rte_cryptodev_config conf;
60 struct rte_cryptodev_qp_conf qp_conf;
62 uint8_t valid_devs[RTE_CRYPTO_MAX_DEVS];
63 uint8_t valid_dev_count;
66 struct ipsec_unitest_params {
67 struct rte_crypto_sym_xform cipher_xform;
68 struct rte_crypto_sym_xform auth_xform;
69 struct rte_crypto_sym_xform aead_xform;
70 struct rte_crypto_sym_xform *crypto_xforms;
72 struct rte_security_ipsec_xform ipsec_xform;
74 struct rte_ipsec_sa_prm sa_prm;
75 struct rte_ipsec_session ss[MAX_NB_SAS];
77 struct rte_crypto_op *cop[BURST_SIZE];
79 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
86 struct ipsec_test_cfg {
87 uint32_t replay_win_sz;
92 uint32_t reorder_pkts;
95 static const struct ipsec_test_cfg test_cfg[] = {
97 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
98 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
100 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
101 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
103 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
104 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
105 DATA_80_BYTES, 1, 0},
106 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
109 static const int num_cfg = RTE_DIM(test_cfg);
110 static struct ipsec_testsuite_params testsuite_params = { NULL };
111 static struct ipsec_unitest_params unittest_params;
112 static struct user_params uparams;
114 static uint8_t global_key[128] = { 0 };
116 struct supported_cipher_algo {
118 enum rte_crypto_cipher_algorithm algo;
124 struct supported_auth_algo {
126 enum rte_crypto_auth_algorithm algo;
132 const struct supported_cipher_algo cipher_algos[] = {
135 .algo = RTE_CRYPTO_CIPHER_NULL,
142 const struct supported_auth_algo auth_algos[] = {
145 .algo = RTE_CRYPTO_AUTH_NULL,
153 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
154 struct rte_security_session *sess, struct rte_mempool *mp)
156 RTE_SET_USED(device);
160 sess->sess_private_data = NULL;
165 dummy_sec_destroy(void *device, struct rte_security_session *sess)
167 RTE_SET_USED(device);
172 static const struct rte_security_ops dummy_sec_ops = {
173 .session_create = dummy_sec_create,
174 .session_destroy = dummy_sec_destroy,
177 static struct rte_security_ctx dummy_sec_ctx = {
178 .ops = &dummy_sec_ops,
181 static const struct supported_cipher_algo *
182 find_match_cipher_algo(const char *cipher_keyword)
186 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
187 const struct supported_cipher_algo *algo =
190 if (strcmp(cipher_keyword, algo->keyword) == 0)
197 static const struct supported_auth_algo *
198 find_match_auth_algo(const char *auth_keyword)
202 for (i = 0; i < RTE_DIM(auth_algos); i++) {
203 const struct supported_auth_algo *algo =
206 if (strcmp(auth_keyword, algo->keyword) == 0)
214 testsuite_setup(void)
216 struct ipsec_testsuite_params *ts_params = &testsuite_params;
217 struct rte_cryptodev_info info;
218 uint32_t nb_devs, dev_id;
221 memset(ts_params, 0, sizeof(*ts_params));
223 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
225 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
227 if (ts_params->mbuf_pool == NULL) {
228 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
232 ts_params->cop_mpool = rte_crypto_op_pool_create(
233 "MBUF_CRYPTO_SYM_OP_POOL",
234 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
235 NUM_MBUFS, MBUF_CACHE_SIZE,
237 sizeof(struct rte_crypto_sym_xform) +
240 if (ts_params->cop_mpool == NULL) {
241 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
245 nb_devs = rte_cryptodev_count();
247 RTE_LOG(ERR, USER1, "No crypto devices found?\n");
251 ts_params->valid_devs[ts_params->valid_dev_count++] = 0;
253 /* Set up all the qps on the first of the valid devices found */
254 dev_id = ts_params->valid_devs[0];
256 rte_cryptodev_info_get(dev_id, &info);
258 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
259 ts_params->conf.socket_id = SOCKET_ID_ANY;
261 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
262 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
265 * Create mempools for sessions
267 if (info.sym.max_nb_sessions != 0 &&
268 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
269 RTE_LOG(ERR, USER1, "Device does not support "
270 "at least %u sessions\n",
275 ts_params->qp_conf.mp_session_private = rte_mempool_create(
279 0, 0, NULL, NULL, NULL,
283 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
284 "private session mempool allocation failed");
286 ts_params->qp_conf.mp_session =
287 rte_cryptodev_sym_session_pool_create("test_sess_mp",
288 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
290 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
291 "session mempool allocation failed");
293 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
295 "Failed to configure cryptodev %u with %u qps",
296 dev_id, ts_params->conf.nb_queue_pairs);
298 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
300 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
301 dev_id, 0, &ts_params->qp_conf,
302 rte_cryptodev_socket_id(dev_id)),
303 "Failed to setup queue pair %u on cryptodev %u",
310 testsuite_teardown(void)
312 struct ipsec_testsuite_params *ts_params = &testsuite_params;
314 if (ts_params->mbuf_pool != NULL) {
315 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
316 rte_mempool_avail_count(ts_params->mbuf_pool));
317 rte_mempool_free(ts_params->mbuf_pool);
318 ts_params->mbuf_pool = NULL;
321 if (ts_params->cop_mpool != NULL) {
322 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
323 rte_mempool_avail_count(ts_params->cop_mpool));
324 rte_mempool_free(ts_params->cop_mpool);
325 ts_params->cop_mpool = NULL;
328 /* Free session mempools */
329 if (ts_params->qp_conf.mp_session != NULL) {
330 rte_mempool_free(ts_params->qp_conf.mp_session);
331 ts_params->qp_conf.mp_session = NULL;
334 if (ts_params->qp_conf.mp_session_private != NULL) {
335 rte_mempool_free(ts_params->qp_conf.mp_session_private);
336 ts_params->qp_conf.mp_session_private = NULL;
343 struct ipsec_testsuite_params *ts_params = &testsuite_params;
344 struct ipsec_unitest_params *ut_params = &unittest_params;
346 /* Clear unit test parameters before running test */
347 memset(ut_params, 0, sizeof(*ut_params));
349 /* Reconfigure device to default parameters */
350 ts_params->conf.socket_id = SOCKET_ID_ANY;
352 /* Start the device */
353 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_devs[0]),
354 "Failed to start cryptodev %u",
355 ts_params->valid_devs[0]);
363 struct ipsec_testsuite_params *ts_params = &testsuite_params;
364 struct ipsec_unitest_params *ut_params = &unittest_params;
367 for (i = 0; i < BURST_SIZE; i++) {
368 /* free crypto operation structure */
369 if (ut_params->cop[i])
370 rte_crypto_op_free(ut_params->cop[i]);
373 * free mbuf - both obuf and ibuf are usually the same,
374 * so check if they point at the same address is necessary,
375 * to avoid freeing the mbuf twice.
377 if (ut_params->obuf[i]) {
378 rte_pktmbuf_free(ut_params->obuf[i]);
379 if (ut_params->ibuf[i] == ut_params->obuf[i])
380 ut_params->ibuf[i] = 0;
381 ut_params->obuf[i] = 0;
383 if (ut_params->ibuf[i]) {
384 rte_pktmbuf_free(ut_params->ibuf[i]);
385 ut_params->ibuf[i] = 0;
388 if (ut_params->testbuf[i]) {
389 rte_pktmbuf_free(ut_params->testbuf[i]);
390 ut_params->testbuf[i] = 0;
394 if (ts_params->mbuf_pool != NULL)
395 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
396 rte_mempool_avail_count(ts_params->mbuf_pool));
398 /* Stop the device */
399 rte_cryptodev_stop(ts_params->valid_devs[0]);
402 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
404 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
405 1, 2, 3, 4, 5, 6, 7, 8,
406 9, 10, 11, 12, 13, 14, 15, 16,
407 17, 18, 19, 20, 21, 22, 23, 24,
408 25, 26, 27, 28, 29, 30, 31, 32,
409 33, 34, 35, 36, 37, 38, 39, 40,
410 41, 42, 43, 44, 45, 46, 47, 48,
411 49, 50, 51, 52, 53, 54, 55, 56,
412 57, 58, 59, 60, 61, 62, 63, 64,
413 65, 66, 67, 68, 69, 70, 71, 72,
414 73, 74, 75, 76, 77, 78, 79, 80,
415 81, 82, 83, 84, 85, 86, 87, 88,
416 89, 90, 91, 92, 93, 94, 95, 96,
417 97, 98, 99, 100, 101, 102, 103, 104,
418 105, 106, 107, 108, 109, 110, 111, 112,
419 113, 114, 115, 116, 117, 118, 119, 120,
420 121, 122, 123, 124, 125, 126, 127, 128,
421 129, 130, 131, 132, 133, 134, 135, 136,
422 137, 138, 139, 140, 141, 142, 143, 144,
423 145, 146, 147, 148, 149, 150, 151, 152,
424 153, 154, 155, 156, 157, 158, 159, 160,
425 161, 162, 163, 164, 165, 166, 167, 168,
426 169, 170, 171, 172, 173, 174, 175, 176,
427 177, 178, 179, 180, 181, 182, 183, 184,
428 185, 186, 187, 188, 189, 190, 191, 192,
429 193, 194, 195, 196, 197, 198, 199, 200,
430 201, 202, 203, 204, 205, 206, 207, 208,
431 209, 210, 211, 212, 213, 214, 215, 216,
432 217, 218, 219, 220, 221, 222, 223, 224,
433 225, 226, 227, 228, 229, 230, 231, 232,
434 233, 234, 235, 236, 237, 238, 239, 240,
435 241, 242, 243, 244, 245, 246, 247, 248,
436 249, 250, 251, 252, 253, 254, 255,
439 /* ***** data for tests ***** */
441 const char null_plain_data[] =
442 "Network Security People Have A Strange Sense Of Humor unlike Other "
443 "People who have a normal sense of humour";
445 const char null_encrypted_data[] =
446 "Network Security People Have A Strange Sense Of Humor unlike Other "
447 "People who have a normal sense of humour";
449 struct ipv4_hdr ipv4_outer = {
450 .version_ihl = IPVERSION << 4 |
451 sizeof(ipv4_outer) / IPV4_IHL_MULTIPLIER,
452 .time_to_live = IPDEFTTL,
453 .next_proto_id = IPPROTO_ESP,
454 .src_addr = IPv4(192, 168, 1, 100),
455 .dst_addr = IPv4(192, 168, 2, 100),
458 static struct rte_mbuf *
459 setup_test_string(struct rte_mempool *mpool,
460 const char *string, size_t len, uint8_t blocksize)
462 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
463 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
466 memset(m->buf_addr, 0, m->buf_len);
467 char *dst = rte_pktmbuf_append(m, t_len);
474 rte_memcpy(dst, string, t_len);
476 memset(dst, 0, t_len);
482 static struct rte_mbuf *
483 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
484 size_t len, uint32_t spi, uint32_t seq)
486 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
487 uint32_t hdrlen = sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr);
488 uint32_t taillen = sizeof(struct esp_tail);
489 uint32_t t_len = len + hdrlen + taillen;
492 struct esp_hdr esph = {
493 .spi = rte_cpu_to_be_32(spi),
494 .seq = rte_cpu_to_be_32(seq)
497 padlen = RTE_ALIGN(t_len, 4) - t_len;
500 struct esp_tail espt = {
502 .next_proto = IPPROTO_IPIP,
508 memset(m->buf_addr, 0, m->buf_len);
509 char *dst = rte_pktmbuf_append(m, t_len);
515 /* copy outer IP and ESP header */
516 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
517 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
518 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
519 dst += sizeof(ipv4_outer);
520 m->l3_len = sizeof(ipv4_outer);
521 rte_memcpy(dst, &esph, sizeof(esph));
524 if (string != NULL) {
526 rte_memcpy(dst, string, len);
529 rte_memcpy(dst, esp_pad_bytes, padlen);
531 /* copy ESP tail header */
532 rte_memcpy(dst, &espt, sizeof(espt));
534 memset(dst, 0, t_len);
540 check_cryptodev_capablity(const struct ipsec_unitest_params *ut,
543 struct rte_cryptodev_sym_capability_idx cap_idx;
544 const struct rte_cryptodev_symmetric_capability *cap;
547 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
548 cap_idx.algo.auth = ut->auth_xform.auth.algo;
549 cap = rte_cryptodev_sym_capability_get(devid, &cap_idx);
552 rc = rte_cryptodev_sym_capability_check_auth(cap,
553 ut->auth_xform.auth.key.length,
554 ut->auth_xform.auth.digest_length, 0);
556 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
557 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
558 cap = rte_cryptodev_sym_capability_get(devid, &cap_idx);
560 rc = rte_cryptodev_sym_capability_check_cipher(
562 ut->cipher_xform.cipher.key.length,
563 ut->cipher_xform.cipher.iv.length);
571 create_dummy_sec_session(struct ipsec_unitest_params *ut,
572 struct rte_cryptodev_qp_conf *qp, uint32_t j)
574 static struct rte_security_session_conf conf;
576 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
577 &conf, qp->mp_session_private);
579 if (ut->ss[j].security.ses == NULL)
582 ut->ss[j].security.ctx = &dummy_sec_ctx;
583 ut->ss[j].security.ol_flags = 0;
588 create_crypto_session(struct ipsec_unitest_params *ut,
589 struct rte_cryptodev_qp_conf *qp, const uint8_t crypto_dev[],
590 uint32_t crypto_dev_num, uint32_t j)
594 struct rte_cryptodev_sym_session *s;
595 uint8_t devid[RTE_CRYPTO_MAX_DEVS];
597 /* check which cryptodevs support SA */
599 for (i = 0; i < crypto_dev_num; i++) {
600 if (check_cryptodev_capablity(ut, crypto_dev[i]) == 0)
601 devid[devnum++] = crypto_dev[i];
607 s = rte_cryptodev_sym_session_create(qp->mp_session);
611 /* initiliaze SA crypto session for all supported devices */
612 for (i = 0; i != devnum; i++) {
613 rc = rte_cryptodev_sym_session_init(devid[i], s,
614 ut->crypto_xforms, qp->mp_session_private);
620 ut->ss[j].crypto.ses = s;
624 /* failure, do cleanup */
626 rte_cryptodev_sym_session_clear(devid[i], s);
628 rte_cryptodev_sym_session_free(s);
633 create_session(struct ipsec_unitest_params *ut,
634 struct rte_cryptodev_qp_conf *qp, const uint8_t crypto_dev[],
635 uint32_t crypto_dev_num, uint32_t j)
637 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
638 return create_crypto_session(ut, qp, crypto_dev,
641 return create_dummy_sec_session(ut, qp, j);
645 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
646 const struct supported_auth_algo *auth_algo,
647 const struct supported_cipher_algo *cipher_algo)
649 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
650 ut_params->auth_xform.auth.algo = auth_algo->algo;
651 ut_params->auth_xform.auth.key.data = global_key;
652 ut_params->auth_xform.auth.key.length = auth_algo->key_len;
653 ut_params->auth_xform.auth.digest_length = auth_algo->digest_len;
654 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
656 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
657 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
658 ut_params->cipher_xform.cipher.key.data = global_key;
659 ut_params->cipher_xform.cipher.key.length = cipher_algo->key_len;
660 ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
661 ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
662 ut_params->cipher_xform.cipher.iv.length = cipher_algo->iv_len;
664 if (ut_params->ipsec_xform.direction ==
665 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
666 ut_params->crypto_xforms = &ut_params->auth_xform;
667 ut_params->auth_xform.next = &ut_params->cipher_xform;
668 ut_params->cipher_xform.next = NULL;
670 ut_params->crypto_xforms = &ut_params->cipher_xform;
671 ut_params->cipher_xform.next = &ut_params->auth_xform;
672 ut_params->auth_xform.next = NULL;
677 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
679 struct ipsec_unitest_params *ut_params = &unittest_params;
680 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
681 const struct supported_auth_algo *auth_algo;
682 const struct supported_cipher_algo *cipher_algo;
684 memset(prm, 0, sizeof(*prm));
688 prm->replay_win_sz = replay_win_sz;
690 /* setup ipsec xform */
691 prm->ipsec_xform = ut_params->ipsec_xform;
692 prm->ipsec_xform.salt = (uint32_t)rte_rand();
694 /* setup tunnel related fields */
695 prm->tun.hdr_len = sizeof(ipv4_outer);
696 prm->tun.next_proto = IPPROTO_IPIP;
697 prm->tun.hdr = &ipv4_outer;
699 /* setup crypto section */
700 if (uparams.aead != 0) {
701 /* TODO: will need to fill out with other test cases */
703 if (uparams.auth == 0 && uparams.cipher == 0)
706 auth_algo = find_match_auth_algo(uparams.auth_algo);
707 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
709 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
712 prm->crypto_xform = ut_params->crypto_xforms;
717 create_sa(enum rte_security_session_action_type action_type,
718 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
720 struct ipsec_testsuite_params *ts = &testsuite_params;
721 struct ipsec_unitest_params *ut = &unittest_params;
725 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
727 rc = fill_ipsec_param(replay_win_sz, flags);
731 /* create rte_ipsec_sa*/
732 sz = rte_ipsec_sa_size(&ut->sa_prm);
733 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
735 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
736 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
737 "failed to allocate memory for rte_ipsec_sa\n");
739 ut->ss[j].type = action_type;
740 rc = create_session(ut, &ts->qp_conf, ts->valid_devs,
741 ts->valid_dev_count, j);
745 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
746 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
748 rc = rte_ipsec_session_prepare(&ut->ss[j]);
754 crypto_ipsec(uint16_t num_pkts)
756 struct ipsec_testsuite_params *ts_params = &testsuite_params;
757 struct ipsec_unitest_params *ut_params = &unittest_params;
759 struct rte_ipsec_group grp[1];
761 /* call crypto prepare */
762 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
763 ut_params->cop, num_pkts);
765 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
768 k = rte_cryptodev_enqueue_burst(ts_params->valid_devs[0], 0,
769 ut_params->cop, num_pkts);
771 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
775 k = rte_cryptodev_dequeue_burst(ts_params->valid_devs[0], 0,
776 ut_params->cop, num_pkts);
778 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
782 ng = rte_ipsec_pkt_crypto_group(
783 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
784 ut_params->obuf, grp, num_pkts);
786 grp[0].m[0] != ut_params->obuf[0] ||
787 grp[0].cnt != num_pkts ||
788 grp[0].id.ptr != &ut_params->ss[0]) {
789 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
793 /* call crypto process */
794 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
796 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
804 lksd_proto_ipsec(uint16_t num_pkts)
806 struct ipsec_unitest_params *ut_params = &unittest_params;
808 struct rte_ipsec_group grp[1];
810 /* call crypto prepare */
811 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
812 ut_params->cop, num_pkts);
814 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
818 /* check crypto ops */
819 for (i = 0; i != num_pkts; i++) {
820 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
821 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
822 "%s: invalid crypto op type for %u-th packet\n",
824 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
825 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
826 "%s: invalid crypto op status for %u-th packet\n",
828 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
829 RTE_CRYPTO_OP_SECURITY_SESSION,
830 "%s: invalid crypto op sess_type for %u-th packet\n",
832 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
834 "%s: invalid crypto op m_src for %u-th packet\n",
838 /* update crypto ops, pretend all finished ok */
839 for (i = 0; i != num_pkts; i++)
840 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
842 ng = rte_ipsec_pkt_crypto_group(
843 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
844 ut_params->obuf, grp, num_pkts);
846 grp[0].m[0] != ut_params->obuf[0] ||
847 grp[0].cnt != num_pkts ||
848 grp[0].id.ptr != &ut_params->ss[0]) {
849 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
853 /* call crypto process */
854 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
856 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
864 crypto_ipsec_2sa(void)
866 struct ipsec_testsuite_params *ts_params = &testsuite_params;
867 struct ipsec_unitest_params *ut_params = &unittest_params;
868 struct rte_ipsec_group grp[BURST_SIZE];
870 uint32_t k, ng, i, r;
872 for (i = 0; i < BURST_SIZE; i++) {
874 /* call crypto prepare */
875 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
876 ut_params->ibuf + i, ut_params->cop + i, 1);
879 "rte_ipsec_pkt_crypto_prepare fail\n");
882 k = rte_cryptodev_enqueue_burst(ts_params->valid_devs[0], 0,
883 ut_params->cop + i, 1);
886 "rte_cryptodev_enqueue_burst fail\n");
891 k = rte_cryptodev_dequeue_burst(ts_params->valid_devs[0], 0,
892 ut_params->cop, BURST_SIZE);
893 if (k != BURST_SIZE) {
894 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
898 ng = rte_ipsec_pkt_crypto_group(
899 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
900 ut_params->obuf, grp, BURST_SIZE);
901 if (ng != BURST_SIZE) {
902 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
907 /* call crypto process */
908 for (i = 0; i < ng; i++) {
909 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
910 if (k != grp[i].cnt) {
911 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
923 crypto_ipsec_4grp(uint32_t pkt_num)
927 /* group packets in 4 different size groups groups, 2 per SA */
930 else if (pkt_num < PKT_12)
932 else if (pkt_num < PKT_21)
941 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
943 struct ipsec_unitest_params *ut_params = &unittest_params;
948 for (i = 0, j = 0; i < PKT_4; i++, j++)
949 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
953 } else if (grp_ind == 1) {
954 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
955 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
960 } else if (grp_ind == 2) {
961 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
962 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
966 } else if (grp_ind == 3) {
967 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
968 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
979 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
984 if (grp[grp_ind].cnt != PKT_4)
986 } else if (grp_ind == 1) {
987 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
989 } else if (grp_ind == 2) {
990 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
992 } else if (grp_ind == 3) {
993 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1002 crypto_ipsec_2sa_4grp(void)
1004 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1005 struct ipsec_unitest_params *ut_params = &unittest_params;
1006 struct rte_ipsec_group grp[BURST_SIZE];
1007 uint32_t k, ng, i, j;
1010 for (i = 0; i < BURST_SIZE; i++) {
1011 j = crypto_ipsec_4grp(i);
1013 /* call crypto prepare */
1014 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1015 ut_params->ibuf + i, ut_params->cop + i, 1);
1018 "rte_ipsec_pkt_crypto_prepare fail\n");
1021 k = rte_cryptodev_enqueue_burst(ts_params->valid_devs[0], 0,
1022 ut_params->cop + i, 1);
1025 "rte_cryptodev_enqueue_burst fail\n");
1030 k = rte_cryptodev_dequeue_burst(ts_params->valid_devs[0], 0,
1031 ut_params->cop, BURST_SIZE);
1032 if (k != BURST_SIZE) {
1033 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
1037 ng = rte_ipsec_pkt_crypto_group(
1038 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1039 ut_params->obuf, grp, BURST_SIZE);
1041 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1046 /* call crypto process */
1047 for (i = 0; i < ng; i++) {
1048 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1049 if (k != grp[i].cnt) {
1050 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
1053 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1056 "crypto_ipsec_4grp_check_cnt fail\n");
1059 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1062 "crypto_ipsec_4grp_check_mbufs fail\n");
1066 return TEST_SUCCESS;
1070 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1072 struct ipsec_unitest_params *ut_params = &unittest_params;
1073 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1076 /* reorder packets and create gaps in sequence numbers */
1077 static const uint32_t reorder[BURST_SIZE] = {
1078 24, 25, 26, 27, 28, 29, 30, 31,
1079 16, 17, 18, 19, 20, 21, 22, 23,
1080 8, 9, 10, 11, 12, 13, 14, 15,
1081 0, 1, 2, 3, 4, 5, 6, 7,
1084 if (num_pkts != BURST_SIZE)
1087 for (j = 0; j != BURST_SIZE; j++)
1088 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1090 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1094 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1096 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1097 struct ipsec_unitest_params *ut_params = &unittest_params;
1101 for (j = 0; j < num_pkts && rc == 0; j++) {
1102 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1103 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1104 if (ut_params->cop[j] == NULL) {
1106 "Failed to allocate symmetric crypto op\n");
1115 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1117 uint16_t j = ut_params->pkt_index;
1119 printf("\ntest config: num %d\n", i);
1120 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1121 printf(" esn %u\n", test_cfg[i].esn);
1122 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1123 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1124 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1126 if (ut_params->ibuf[j]) {
1127 printf("ibuf[%u] data:\n", j);
1128 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1129 ut_params->ibuf[j]->data_len);
1131 if (ut_params->obuf[j]) {
1132 printf("obuf[%u] data:\n", j);
1133 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1134 ut_params->obuf[j]->data_len);
1136 if (ut_params->testbuf[j]) {
1137 printf("testbuf[%u] data:\n", j);
1138 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1139 ut_params->testbuf[j]->data_len);
1144 destroy_sa(uint32_t j)
1146 struct ipsec_unitest_params *ut = &unittest_params;
1148 rte_ipsec_sa_fini(ut->ss[j].sa);
1149 rte_free(ut->ss[j].sa);
1150 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1151 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1155 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1160 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1161 ut_params->pkt_index = j;
1163 /* compare the data buffers */
1164 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1165 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1167 "input and output data does not match\n");
1168 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1169 ut_params->obuf[j]->pkt_len,
1170 "data_len is not equal to pkt_len");
1171 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1173 "data_len is not equal to input data");
1180 test_ipsec_crypto_inb_burst_null_null(int i)
1182 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1183 struct ipsec_unitest_params *ut_params = &unittest_params;
1184 uint16_t num_pkts = test_cfg[i].num_pkts;
1188 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1189 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1190 strcpy(uparams.auth_algo, "null");
1191 strcpy(uparams.cipher_algo, "null");
1193 /* create rte_ipsec_sa */
1194 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1195 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1197 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1202 /* Generate test mbuf data */
1203 for (j = 0; j < num_pkts && rc == 0; j++) {
1204 /* packet with sequence number 0 is invalid */
1205 ut_params->ibuf[j] = setup_test_string_tunneled(
1206 ts_params->mbuf_pool, null_encrypted_data,
1207 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1208 if (ut_params->ibuf[j] == NULL)
1213 if (test_cfg[i].reorder_pkts)
1214 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1215 rc = test_ipsec_crypto_op_alloc(num_pkts);
1219 /* call ipsec library api */
1220 rc = crypto_ipsec(num_pkts);
1222 rc = crypto_inb_burst_null_null_check(
1223 ut_params, i, num_pkts);
1225 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1231 if (rc == TEST_FAILED)
1232 test_ipsec_dump_buffers(ut_params, i);
1239 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1243 struct ipsec_unitest_params *ut_params = &unittest_params;
1245 ut_params->ipsec_xform.spi = INBOUND_SPI;
1246 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1247 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1248 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1249 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1251 for (i = 0; i < num_cfg && rc == 0; i++) {
1252 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1253 rc = test_ipsec_crypto_inb_burst_null_null(i);
1260 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1267 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1268 ut_params->pkt_index = j;
1270 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1271 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1272 /* compare the buffer data */
1273 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1274 ut_params->obuf[j]->pkt_len,
1275 "test and output data does not match\n");
1276 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1277 ut_params->testbuf[j]->data_len,
1278 "obuf data_len is not equal to testbuf data_len");
1279 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1280 ut_params->testbuf[j]->pkt_len,
1281 "obuf pkt_len is not equal to testbuf pkt_len");
1288 test_ipsec_crypto_outb_burst_null_null(int i)
1290 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1291 struct ipsec_unitest_params *ut_params = &unittest_params;
1292 uint16_t num_pkts = test_cfg[i].num_pkts;
1296 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1297 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1298 strcpy(uparams.auth_algo, "null");
1299 strcpy(uparams.cipher_algo, "null");
1301 /* create rte_ipsec_sa*/
1302 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1303 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1305 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1310 /* Generate input mbuf data */
1311 for (j = 0; j < num_pkts && rc == 0; j++) {
1312 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1313 null_plain_data, test_cfg[i].pkt_sz, 0);
1314 if (ut_params->ibuf[j] == NULL)
1317 /* Generate test mbuf data */
1318 /* packet with sequence number 0 is invalid */
1319 ut_params->testbuf[j] = setup_test_string_tunneled(
1320 ts_params->mbuf_pool,
1321 null_plain_data, test_cfg[i].pkt_sz,
1322 OUTBOUND_SPI, j + 1);
1323 if (ut_params->testbuf[j] == NULL)
1329 rc = test_ipsec_crypto_op_alloc(num_pkts);
1332 /* call ipsec library api */
1333 rc = crypto_ipsec(num_pkts);
1335 rc = crypto_outb_burst_null_null_check(ut_params,
1338 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1342 if (rc == TEST_FAILED)
1343 test_ipsec_dump_buffers(ut_params, i);
1350 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1354 struct ipsec_unitest_params *ut_params = &unittest_params;
1356 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1357 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1358 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1359 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1360 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1362 for (i = 0; i < num_cfg && rc == 0; i++) {
1363 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1364 rc = test_ipsec_crypto_outb_burst_null_null(i);
1371 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1378 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1379 ut_params->pkt_index = j;
1381 /* compare the buffer data */
1382 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1383 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1385 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1386 ut_params->ibuf[j]->data_len,
1387 "input and output data does not match\n");
1388 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1389 ut_params->obuf[j]->data_len,
1390 "ibuf data_len is not equal to obuf data_len");
1391 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1392 ut_params->obuf[j]->pkt_len,
1393 "ibuf pkt_len is not equal to obuf pkt_len");
1394 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1396 "data_len is not equal input data");
1402 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1404 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1405 struct ipsec_unitest_params *ut_params = &unittest_params;
1406 uint16_t num_pkts = test_cfg[i].num_pkts;
1411 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1412 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1413 strcpy(uparams.auth_algo, "null");
1414 strcpy(uparams.cipher_algo, "null");
1416 /* create rte_ipsec_sa*/
1417 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1418 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1420 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1425 /* Generate inbound mbuf data */
1426 for (j = 0; j < num_pkts && rc == 0; j++) {
1427 ut_params->ibuf[j] = setup_test_string_tunneled(
1428 ts_params->mbuf_pool,
1429 null_plain_data, test_cfg[i].pkt_sz,
1430 INBOUND_SPI, j + 1);
1431 if (ut_params->ibuf[j] == NULL)
1434 /* Generate test mbuf data */
1435 ut_params->obuf[j] = setup_test_string(
1436 ts_params->mbuf_pool,
1437 null_plain_data, test_cfg[i].pkt_sz, 0);
1438 if (ut_params->obuf[j] == NULL)
1444 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1447 rc = inline_inb_burst_null_null_check(ut_params, i,
1451 "rte_ipsec_pkt_process failed, cfg %d\n",
1457 if (rc == TEST_FAILED)
1458 test_ipsec_dump_buffers(ut_params, i);
1465 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1469 struct ipsec_unitest_params *ut_params = &unittest_params;
1471 ut_params->ipsec_xform.spi = INBOUND_SPI;
1472 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1473 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1474 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1475 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1477 for (i = 0; i < num_cfg && rc == 0; i++) {
1478 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1479 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1486 test_ipsec_inline_proto_inb_burst_null_null(int i)
1488 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1489 struct ipsec_unitest_params *ut_params = &unittest_params;
1490 uint16_t num_pkts = test_cfg[i].num_pkts;
1495 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1496 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1497 strcpy(uparams.auth_algo, "null");
1498 strcpy(uparams.cipher_algo, "null");
1500 /* create rte_ipsec_sa*/
1501 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1502 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1504 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1509 /* Generate inbound mbuf data */
1510 for (j = 0; j < num_pkts && rc == 0; j++) {
1511 ut_params->ibuf[j] = setup_test_string(
1512 ts_params->mbuf_pool,
1513 null_plain_data, test_cfg[i].pkt_sz, 0);
1514 if (ut_params->ibuf[j] == NULL)
1517 /* Generate test mbuf data */
1518 ut_params->obuf[j] = setup_test_string(
1519 ts_params->mbuf_pool,
1520 null_plain_data, test_cfg[i].pkt_sz, 0);
1521 if (ut_params->obuf[j] == NULL)
1527 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1530 rc = inline_inb_burst_null_null_check(ut_params, i,
1534 "rte_ipsec_pkt_process failed, cfg %d\n",
1540 if (rc == TEST_FAILED)
1541 test_ipsec_dump_buffers(ut_params, i);
1548 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1552 struct ipsec_unitest_params *ut_params = &unittest_params;
1554 ut_params->ipsec_xform.spi = INBOUND_SPI;
1555 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1556 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1557 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1558 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1560 for (i = 0; i < num_cfg && rc == 0; i++) {
1561 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1562 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1569 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1576 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1577 ut_params->pkt_index = j;
1579 /* compare the buffer data */
1580 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1581 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1582 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1583 ut_params->ibuf[j]->data_len,
1584 "input and output data does not match\n");
1585 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1586 ut_params->obuf[j]->data_len,
1587 "ibuf data_len is not equal to obuf data_len");
1588 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1589 ut_params->obuf[j]->pkt_len,
1590 "ibuf pkt_len is not equal to obuf pkt_len");
1592 /* check mbuf ol_flags */
1593 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1594 "ibuf PKT_TX_SEC_OFFLOAD is not set");
1600 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1602 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1603 struct ipsec_unitest_params *ut_params = &unittest_params;
1604 uint16_t num_pkts = test_cfg[i].num_pkts;
1609 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1610 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1611 strcpy(uparams.auth_algo, "null");
1612 strcpy(uparams.cipher_algo, "null");
1614 /* create rte_ipsec_sa */
1615 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1616 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1618 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1623 /* Generate test mbuf data */
1624 for (j = 0; j < num_pkts && rc == 0; j++) {
1625 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1626 null_plain_data, test_cfg[i].pkt_sz, 0);
1627 if (ut_params->ibuf[0] == NULL)
1631 /* Generate test tunneled mbuf data for comparison */
1632 ut_params->obuf[j] = setup_test_string_tunneled(
1633 ts_params->mbuf_pool,
1634 null_plain_data, test_cfg[i].pkt_sz,
1635 OUTBOUND_SPI, j + 1);
1636 if (ut_params->obuf[j] == NULL)
1642 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1645 rc = inline_outb_burst_null_null_check(ut_params,
1649 "rte_ipsec_pkt_process failed, cfg %d\n",
1655 if (rc == TEST_FAILED)
1656 test_ipsec_dump_buffers(ut_params, i);
1663 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1667 struct ipsec_unitest_params *ut_params = &unittest_params;
1669 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1670 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1671 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1672 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1673 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1675 for (i = 0; i < num_cfg && rc == 0; i++) {
1676 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1677 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1684 test_ipsec_inline_proto_outb_burst_null_null(int i)
1686 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1687 struct ipsec_unitest_params *ut_params = &unittest_params;
1688 uint16_t num_pkts = test_cfg[i].num_pkts;
1693 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1694 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1695 strcpy(uparams.auth_algo, "null");
1696 strcpy(uparams.cipher_algo, "null");
1698 /* create rte_ipsec_sa */
1699 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1700 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1702 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1707 /* Generate test mbuf data */
1708 for (j = 0; j < num_pkts && rc == 0; j++) {
1709 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1710 null_plain_data, test_cfg[i].pkt_sz, 0);
1711 if (ut_params->ibuf[0] == NULL)
1715 /* Generate test tunneled mbuf data for comparison */
1716 ut_params->obuf[j] = setup_test_string(
1717 ts_params->mbuf_pool,
1718 null_plain_data, test_cfg[i].pkt_sz, 0);
1719 if (ut_params->obuf[j] == NULL)
1725 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1728 rc = inline_outb_burst_null_null_check(ut_params,
1732 "rte_ipsec_pkt_process failed, cfg %d\n",
1738 if (rc == TEST_FAILED)
1739 test_ipsec_dump_buffers(ut_params, i);
1746 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1750 struct ipsec_unitest_params *ut_params = &unittest_params;
1752 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1753 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1754 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1755 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1756 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1758 for (i = 0; i < num_cfg && rc == 0; i++) {
1759 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1760 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1767 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1769 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1770 struct ipsec_unitest_params *ut_params = &unittest_params;
1771 uint16_t num_pkts = test_cfg[i].num_pkts;
1775 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1776 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1777 strcpy(uparams.auth_algo, "null");
1778 strcpy(uparams.cipher_algo, "null");
1780 /* create rte_ipsec_sa */
1781 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1782 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1784 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1789 /* Generate test mbuf data */
1790 for (j = 0; j < num_pkts && rc == 0; j++) {
1791 /* packet with sequence number 0 is invalid */
1792 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1793 null_encrypted_data, test_cfg[i].pkt_sz, 0);
1794 if (ut_params->ibuf[j] == NULL)
1799 if (test_cfg[i].reorder_pkts)
1800 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1801 rc = test_ipsec_crypto_op_alloc(num_pkts);
1805 /* call ipsec library api */
1806 rc = lksd_proto_ipsec(num_pkts);
1808 rc = crypto_inb_burst_null_null_check(ut_params, i,
1811 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1817 if (rc == TEST_FAILED)
1818 test_ipsec_dump_buffers(ut_params, i);
1825 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1829 struct ipsec_unitest_params *ut_params = &unittest_params;
1831 ut_params->ipsec_xform.spi = INBOUND_SPI;
1832 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1833 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1834 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1835 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1837 for (i = 0; i < num_cfg && rc == 0; i++) {
1838 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1839 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1846 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1850 struct ipsec_unitest_params *ut_params = &unittest_params;
1852 ut_params->ipsec_xform.spi = INBOUND_SPI;
1853 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1854 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1855 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1856 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1858 for (i = 0; i < num_cfg && rc == 0; i++) {
1859 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1860 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1867 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1872 for (j = 0; j < num_pkts; j++) {
1873 /* compare the buffer data */
1874 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1875 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1877 "input and output data does not match\n");
1879 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1880 ut_params->obuf[j]->pkt_len,
1881 "data_len is not equal to pkt_len");
1888 test_ipsec_replay_inb_inside_null_null(int i)
1890 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1891 struct ipsec_unitest_params *ut_params = &unittest_params;
1894 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1895 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1896 strcpy(uparams.auth_algo, "null");
1897 strcpy(uparams.cipher_algo, "null");
1899 /* create rte_ipsec_sa*/
1900 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1901 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1903 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
1908 /* Generate inbound mbuf data */
1909 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1910 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1911 if (ut_params->ibuf[0] == NULL)
1914 rc = test_ipsec_crypto_op_alloc(1);
1917 /* call ipsec library api */
1918 rc = crypto_ipsec(1);
1920 rc = replay_inb_null_null_check(ut_params, i, 1);
1922 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1928 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1929 /* generate packet with seq number inside the replay window */
1930 if (ut_params->ibuf[0]) {
1931 rte_pktmbuf_free(ut_params->ibuf[0]);
1932 ut_params->ibuf[0] = 0;
1935 ut_params->ibuf[0] = setup_test_string_tunneled(
1936 ts_params->mbuf_pool, null_encrypted_data,
1937 test_cfg[i].pkt_sz, INBOUND_SPI,
1938 test_cfg[i].replay_win_sz);
1939 if (ut_params->ibuf[0] == NULL)
1942 rc = test_ipsec_crypto_op_alloc(1);
1945 /* call ipsec library api */
1946 rc = crypto_ipsec(1);
1948 rc = replay_inb_null_null_check(
1951 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1957 if (rc == TEST_FAILED)
1958 test_ipsec_dump_buffers(ut_params, i);
1966 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1970 struct ipsec_unitest_params *ut_params = &unittest_params;
1972 ut_params->ipsec_xform.spi = INBOUND_SPI;
1973 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1974 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1975 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1976 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1978 for (i = 0; i < num_cfg && rc == 0; i++) {
1979 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1980 rc = test_ipsec_replay_inb_inside_null_null(i);
1987 test_ipsec_replay_inb_outside_null_null(int i)
1989 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1990 struct ipsec_unitest_params *ut_params = &unittest_params;
1993 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
1994 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
1995 strcpy(uparams.auth_algo, "null");
1996 strcpy(uparams.cipher_algo, "null");
1998 /* create rte_ipsec_sa */
1999 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2000 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2002 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2007 /* Generate test mbuf data */
2008 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2009 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
2010 test_cfg[i].replay_win_sz + 2);
2011 if (ut_params->ibuf[0] == NULL)
2014 rc = test_ipsec_crypto_op_alloc(1);
2017 /* call ipsec library api */
2018 rc = crypto_ipsec(1);
2020 rc = replay_inb_null_null_check(ut_params, i, 1);
2022 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2028 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2029 /* generate packet with seq number outside the replay window */
2030 if (ut_params->ibuf[0]) {
2031 rte_pktmbuf_free(ut_params->ibuf[0]);
2032 ut_params->ibuf[0] = 0;
2034 ut_params->ibuf[0] = setup_test_string_tunneled(
2035 ts_params->mbuf_pool, null_encrypted_data,
2036 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2037 if (ut_params->ibuf[0] == NULL)
2040 rc = test_ipsec_crypto_op_alloc(1);
2043 /* call ipsec library api */
2044 rc = crypto_ipsec(1);
2046 if (test_cfg[i].esn == 0) {
2048 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2050 test_cfg[i].replay_win_sz + 2,
2056 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2057 i, test_cfg[i].replay_win_sz + 2, 1);
2063 if (rc == TEST_FAILED)
2064 test_ipsec_dump_buffers(ut_params, i);
2072 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2076 struct ipsec_unitest_params *ut_params = &unittest_params;
2078 ut_params->ipsec_xform.spi = INBOUND_SPI;
2079 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2080 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2081 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2082 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2084 for (i = 0; i < num_cfg && rc == 0; i++) {
2085 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2086 rc = test_ipsec_replay_inb_outside_null_null(i);
2093 test_ipsec_replay_inb_repeat_null_null(int i)
2095 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2096 struct ipsec_unitest_params *ut_params = &unittest_params;
2099 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
2100 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
2101 strcpy(uparams.auth_algo, "null");
2102 strcpy(uparams.cipher_algo, "null");
2104 /* create rte_ipsec_sa */
2105 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2106 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2108 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n", i);
2112 /* Generate test mbuf data */
2113 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2114 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2115 if (ut_params->ibuf[0] == NULL)
2118 rc = test_ipsec_crypto_op_alloc(1);
2121 /* call ipsec library api */
2122 rc = crypto_ipsec(1);
2124 rc = replay_inb_null_null_check(ut_params, i, 1);
2126 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2132 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2134 * generate packet with repeat seq number in the replay
2137 if (ut_params->ibuf[0]) {
2138 rte_pktmbuf_free(ut_params->ibuf[0]);
2139 ut_params->ibuf[0] = 0;
2142 ut_params->ibuf[0] = setup_test_string_tunneled(
2143 ts_params->mbuf_pool, null_encrypted_data,
2144 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2145 if (ut_params->ibuf[0] == NULL)
2148 rc = test_ipsec_crypto_op_alloc(1);
2151 /* call ipsec library api */
2152 rc = crypto_ipsec(1);
2155 "packet is not repeated in the replay window, cfg %d seq %u\n",
2160 "packet is repeated in the replay window, cfg %d seq %u\n",
2167 if (rc == TEST_FAILED)
2168 test_ipsec_dump_buffers(ut_params, i);
2176 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2180 struct ipsec_unitest_params *ut_params = &unittest_params;
2182 ut_params->ipsec_xform.spi = INBOUND_SPI;
2183 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2184 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2185 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2186 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2188 for (i = 0; i < num_cfg && rc == 0; i++) {
2189 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2190 rc = test_ipsec_replay_inb_repeat_null_null(i);
2197 test_ipsec_replay_inb_inside_burst_null_null(int i)
2199 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2200 struct ipsec_unitest_params *ut_params = &unittest_params;
2201 uint16_t num_pkts = test_cfg[i].num_pkts;
2205 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
2206 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
2207 strcpy(uparams.auth_algo, "null");
2208 strcpy(uparams.cipher_algo, "null");
2210 /* create rte_ipsec_sa*/
2211 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2212 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2214 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2219 /* Generate inbound mbuf data */
2220 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2221 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2222 if (ut_params->ibuf[0] == NULL)
2225 rc = test_ipsec_crypto_op_alloc(1);
2228 /* call ipsec library api */
2229 rc = crypto_ipsec(1);
2231 rc = replay_inb_null_null_check(ut_params, i, 1);
2233 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2239 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2241 * generate packet(s) with seq number(s) inside the
2244 if (ut_params->ibuf[0]) {
2245 rte_pktmbuf_free(ut_params->ibuf[0]);
2246 ut_params->ibuf[0] = 0;
2249 for (j = 0; j < num_pkts && rc == 0; j++) {
2250 /* packet with sequence number 1 already processed */
2251 ut_params->ibuf[j] = setup_test_string_tunneled(
2252 ts_params->mbuf_pool, null_encrypted_data,
2253 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2254 if (ut_params->ibuf[j] == NULL)
2259 if (test_cfg[i].reorder_pkts)
2260 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2261 rc = test_ipsec_crypto_op_alloc(num_pkts);
2265 /* call ipsec library api */
2266 rc = crypto_ipsec(num_pkts);
2268 rc = replay_inb_null_null_check(
2269 ut_params, i, num_pkts);
2271 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2277 if (rc == TEST_FAILED)
2278 test_ipsec_dump_buffers(ut_params, i);
2286 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2290 struct ipsec_unitest_params *ut_params = &unittest_params;
2292 ut_params->ipsec_xform.spi = INBOUND_SPI;
2293 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2294 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2295 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2296 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2298 for (i = 0; i < num_cfg && rc == 0; i++) {
2299 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2300 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2308 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2313 for (j = 0; j < BURST_SIZE; j++) {
2314 ut_params->pkt_index = j;
2316 /* compare the data buffers */
2317 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2318 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2320 "input and output data does not match\n");
2321 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2322 ut_params->obuf[j]->pkt_len,
2323 "data_len is not equal to pkt_len");
2324 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2326 "data_len is not equal to input data");
2333 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2335 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2336 struct ipsec_unitest_params *ut_params = &unittest_params;
2337 uint16_t num_pkts = test_cfg[i].num_pkts;
2341 if (num_pkts != BURST_SIZE)
2344 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
2345 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
2346 strcpy(uparams.auth_algo, "null");
2347 strcpy(uparams.cipher_algo, "null");
2349 /* create rte_ipsec_sa */
2350 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2351 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2353 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2358 /* create second rte_ipsec_sa */
2359 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2360 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2361 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2363 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2369 /* Generate test mbuf data */
2370 for (j = 0; j < num_pkts && rc == 0; j++) {
2372 /* packet with sequence number 0 is invalid */
2373 ut_params->ibuf[j] = setup_test_string_tunneled(
2374 ts_params->mbuf_pool, null_encrypted_data,
2375 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2376 if (ut_params->ibuf[j] == NULL)
2381 rc = test_ipsec_crypto_op_alloc(num_pkts);
2384 /* call ipsec library api */
2385 rc = crypto_ipsec_2sa();
2387 rc = crypto_inb_burst_2sa_null_null_check(
2390 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2396 if (rc == TEST_FAILED)
2397 test_ipsec_dump_buffers(ut_params, i);
2405 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2409 struct ipsec_unitest_params *ut_params = &unittest_params;
2411 ut_params->ipsec_xform.spi = INBOUND_SPI;
2412 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2413 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2414 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2415 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2417 for (i = 0; i < num_cfg && rc == 0; i++) {
2418 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2419 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2426 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2428 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2429 struct ipsec_unitest_params *ut_params = &unittest_params;
2430 uint16_t num_pkts = test_cfg[i].num_pkts;
2434 if (num_pkts != BURST_SIZE)
2437 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
2438 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
2439 strcpy(uparams.auth_algo, "null");
2440 strcpy(uparams.cipher_algo, "null");
2442 /* create rte_ipsec_sa */
2443 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2444 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2446 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2451 /* create second rte_ipsec_sa */
2452 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2453 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2454 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2456 RTE_LOG(ERR, USER1, "rte_ipsec_sa_init failed, cfg %d\n",
2462 /* Generate test mbuf data */
2463 for (j = 0; j < num_pkts && rc == 0; j++) {
2464 k = crypto_ipsec_4grp(j);
2466 /* packet with sequence number 0 is invalid */
2467 ut_params->ibuf[j] = setup_test_string_tunneled(
2468 ts_params->mbuf_pool, null_encrypted_data,
2469 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2470 if (ut_params->ibuf[j] == NULL)
2475 rc = test_ipsec_crypto_op_alloc(num_pkts);
2478 /* call ipsec library api */
2479 rc = crypto_ipsec_2sa_4grp();
2481 rc = crypto_inb_burst_2sa_null_null_check(
2484 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2490 if (rc == TEST_FAILED)
2491 test_ipsec_dump_buffers(ut_params, i);
2499 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2503 struct ipsec_unitest_params *ut_params = &unittest_params;
2505 ut_params->ipsec_xform.spi = INBOUND_SPI;
2506 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2507 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2508 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2509 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2511 for (i = 0; i < num_cfg && rc == 0; i++) {
2512 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2513 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2519 static struct unit_test_suite ipsec_testsuite = {
2520 .suite_name = "IPsec NULL Unit Test Suite",
2521 .setup = testsuite_setup,
2522 .teardown = testsuite_teardown,
2523 .unit_test_cases = {
2524 TEST_CASE_ST(ut_setup, ut_teardown,
2525 test_ipsec_crypto_inb_burst_null_null_wrapper),
2526 TEST_CASE_ST(ut_setup, ut_teardown,
2527 test_ipsec_crypto_outb_burst_null_null_wrapper),
2528 TEST_CASE_ST(ut_setup, ut_teardown,
2529 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2530 TEST_CASE_ST(ut_setup, ut_teardown,
2531 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2532 TEST_CASE_ST(ut_setup, ut_teardown,
2533 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2534 TEST_CASE_ST(ut_setup, ut_teardown,
2535 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2536 TEST_CASE_ST(ut_setup, ut_teardown,
2537 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2538 TEST_CASE_ST(ut_setup, ut_teardown,
2539 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2540 TEST_CASE_ST(ut_setup, ut_teardown,
2541 test_ipsec_replay_inb_inside_null_null_wrapper),
2542 TEST_CASE_ST(ut_setup, ut_teardown,
2543 test_ipsec_replay_inb_outside_null_null_wrapper),
2544 TEST_CASE_ST(ut_setup, ut_teardown,
2545 test_ipsec_replay_inb_repeat_null_null_wrapper),
2546 TEST_CASE_ST(ut_setup, ut_teardown,
2547 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2548 TEST_CASE_ST(ut_setup, ut_teardown,
2549 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2550 TEST_CASE_ST(ut_setup, ut_teardown,
2551 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2552 TEST_CASES_END() /**< NULL terminate unit test array */
2559 return unit_test_suite_runner(&ipsec_testsuite);
2562 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);