ret = TEST_SKIPPED;
}
+ test_ipsec_alg_list_populate();
+
/*
* Stop the device. Device would be started again by individual test
* case setup routine.
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
- struct rte_cryptodev_stats stats;
/* free crypto session structure */
#ifdef RTE_LIB_SECURITY
RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
rte_mempool_avail_count(ts_params->mbuf_pool));
- rte_cryptodev_stats_get(ts_params->valid_devs[0], &stats);
-
/* Stop the device */
rte_cryptodev_stop(ts_params->valid_devs[0]);
}
}
/*
- * Function prepare data for hash veryfication test case.
+ * Function prepare data for hash verification test case.
* Digest is allocated in 4 last bytes in plaintext, pattern.
*/
snow3g_hash_test_vector_setup(&snow3g_test_case_7, &snow3g_hash_data);
bool silent,
const struct ipsec_test_flags *flags)
{
+ uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000,
+ 0x0000, 0x001a};
+ uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174,
+ 0xe82c, 0x4887};
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
struct rte_security_capability_idx sec_cap_idx;
dst += 1;
}
- memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
- memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
+ if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src,
+ sizeof(src));
+ memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
+ sizeof(dst));
+ } else {
+ memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+ sizeof(v6_src));
+ memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+ sizeof(v6_dst));
+ }
+ }
ctx = rte_cryptodev_get_sec_ctx(dev_id);
return TEST_SKIPPED;
}
} else {
- /* Only AEAD supported now */
- return TEST_SKIPPED;
+ memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher,
+ sizeof(ut_params->cipher_xform));
+ memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth,
+ sizeof(ut_params->auth_xform));
+ ut_params->cipher_xform.cipher.key.data = td[0].key.data;
+ ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+ ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
+
+ /* Verify crypto capabilities */
+
+ if (test_ipsec_crypto_caps_cipher_verify(
+ sec_cap,
+ &ut_params->cipher_xform) != 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Cipher crypto capabilities not supported\n");
+ return TEST_SKIPPED;
+ }
+
+ if (test_ipsec_crypto_caps_auth_verify(
+ sec_cap,
+ &ut_params->auth_xform) != 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Auth crypto capabilities not supported\n");
+ return TEST_SKIPPED;
+ }
}
if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0)
return TEST_SKIPPED;
- salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
- memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
-
struct rte_security_session_conf sess_conf = {
.action_type = ut_params->type,
.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
- .ipsec = ipsec_xform,
- .crypto_xform = &ut_params->aead_xform,
};
+ if (td[0].aead) {
+ salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
+ memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
+ sess_conf.ipsec = ipsec_xform;
+ sess_conf.crypto_xform = &ut_params->aead_xform;
+ } else {
+ sess_conf.ipsec = ipsec_xform;
+ if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ sess_conf.crypto_xform = &ut_params->cipher_xform;
+ ut_params->cipher_xform.next = &ut_params->auth_xform;
+ } else {
+ sess_conf.crypto_xform = &ut_params->auth_xform;
+ ut_params->auth_xform.next = &ut_params->cipher_xform;
+ }
+ }
+
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
ts_params->session_mpool,
}
static int
-test_ipsec_proto_known_vec_inb(const void *td_outb)
+test_ipsec_proto_known_vec_inb(const void *test_data)
{
+ const struct ipsec_test_data *td = test_data;
struct ipsec_test_flags flags;
struct ipsec_test_data td_inb;
memset(&flags, 0, sizeof(flags));
- test_ipsec_td_in_from_out(td_outb, &td_inb);
+ if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+ test_ipsec_td_in_from_out(td, &td_inb);
+ else
+ memcpy(&td_inb, td, sizeof(td_inb));
return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags);
}
+static int
+test_ipsec_proto_known_vec_fragmented(const void *test_data)
+{
+ struct ipsec_test_data td_outb;
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+ flags.fragment = true;
+
+ memcpy(&td_outb, test_data, sizeof(td_outb));
+
+ /* Disable IV gen to be able to test with known vectors */
+ td_outb.ipsec_xform.options.iv_gen_disable = 1;
+
+ return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
+}
+
static int
test_ipsec_proto_all(const struct ipsec_test_flags *flags)
{
flags->sa_expiry_pkts_hard)
nb_pkts = IPSEC_TEST_PACKETS_MAX;
- for (i = 0; i < RTE_DIM(aead_list); i++) {
- test_ipsec_td_prepare(&aead_list[i],
- NULL,
+ for (i = 0; i < RTE_DIM(alg_list); i++) {
+ test_ipsec_td_prepare(alg_list[i].param1,
+ alg_list[i].param2,
flags,
td_outb,
nb_pkts);
return TEST_FAILED;
if (flags->display_alg)
- test_ipsec_display_alg(&aead_list[i], NULL);
+ test_ipsec_display_alg(alg_list[i].param1,
+ alg_list[i].param2);
pass_cnt++;
}
return test_ipsec_proto_all(&flags);
}
+static int
+test_ipsec_proto_tunnel_v4_in_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.tunnel_ipv6 = false;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v6(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v4_in_v6(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.tunnel_ipv6 = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = false;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_transport_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.transport = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
static int
test_PDCP_PROTO_all(void)
{
"Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec, &pkt_aes_256_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound fragmented packet",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_fragmented,
+ &pkt_aes_128_gcm_frag),
TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
ut_setup_security, ut_teardown,
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_null),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_ST(
"Combined test alg list",
ut_setup_security, ut_teardown,
"Inner L4 checksum",
ut_setup_security, ut_teardown,
test_ipsec_proto_inner_l4_csum),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv4 in IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v4_in_v4),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv6 in IPv6",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v6_in_v6),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv4 in IPv6",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v4_in_v6),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv6 in IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v6_in_v4),
+ TEST_CASE_NAMED_ST(
+ "Transport IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_transport_v4),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_OCTEONTX_SYM_PMD));
}
-static int
-test_cryptodev_octeontx2(void)
-{
- return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_OCTEONTX2_PMD));
-}
-
static int
test_cryptodev_caam_jr(void)
{
REGISTER_TEST_COMMAND(cryptodev_ccp_autotest, test_cryptodev_ccp);
REGISTER_TEST_COMMAND(cryptodev_virtio_autotest, test_cryptodev_virtio);
REGISTER_TEST_COMMAND(cryptodev_octeontx_autotest, test_cryptodev_octeontx);
-REGISTER_TEST_COMMAND(cryptodev_octeontx2_autotest, test_cryptodev_octeontx2);
REGISTER_TEST_COMMAND(cryptodev_caam_jr_autotest, test_cryptodev_caam_jr);
REGISTER_TEST_COMMAND(cryptodev_nitrox_autotest, test_cryptodev_nitrox);
REGISTER_TEST_COMMAND(cryptodev_bcmfs_autotest, test_cryptodev_bcmfs);