* Copyright 2020 NXP
*/
+#ifndef RTE_EXEC_ENV_WINDOWS
+
#include <time.h>
#include <rte_common.h>
#include <rte_crypto.h>
#include <rte_cryptodev.h>
-#include <rte_cryptodev_pmd.h>
+#include <rte_ip.h>
#include <rte_string_fns.h>
+#include <rte_tcp.h>
+#include <rte_udp.h>
#ifdef RTE_CRYPTO_SCHEDULER
#include <rte_cryptodev_scheduler.h>
#include "test_cryptodev_hmac_test_vectors.h"
#include "test_cryptodev_mixed_test_vectors.h"
#ifdef RTE_LIB_SECURITY
+#include "test_cryptodev_security_ipsec.h"
+#include "test_cryptodev_security_ipsec_test_vectors.h"
#include "test_cryptodev_security_pdcp_test_vectors.h"
#include "test_cryptodev_security_pdcp_sdap_test_vectors.h"
#include "test_cryptodev_security_pdcp_test_func.h"
#define IN_PLACE 0
#define OUT_OF_PLACE 1
-#ifndef ARRAY_SIZE
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
-#endif
-
static int gbl_driver_id;
static enum rte_security_session_action_type gbl_action_type =
const uint8_t *digest,
const uint8_t *iv);
+static int
+security_proto_supported(enum rte_security_session_action_type action,
+ enum rte_security_session_protocol proto);
+
+static int
+dev_configure_and_start(uint64_t ff_disable);
+
static struct rte_mbuf *
setup_test_string(struct rte_mempool *mpool,
const char *string, size_t len, uint8_t blocksize)
RTE_CRYPTO_OP_STATUS_ERROR;
}
+static struct crypto_testsuite_params testsuite_params = { NULL };
+struct crypto_testsuite_params *p_testsuite_params = &testsuite_params;
+static struct crypto_unittest_params unittest_params;
+
void
process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id,
struct rte_crypto_op *op, uint8_t is_cipher, uint8_t is_auth,
{
struct rte_crypto_sym_op *sop = op->sym;
struct rte_crypto_op *ret_op = NULL;
- struct rte_crypto_vec data_vec[UINT8_MAX];
+ struct rte_crypto_vec data_vec[UINT8_MAX], dest_data_vec[UINT8_MAX];
struct rte_crypto_va_iova_ptr cipher_iv, digest, aad_auth_iv;
union rte_crypto_sym_ofs ofs;
struct rte_crypto_sym_vec vec;
- struct rte_crypto_sgl sgl;
+ struct rte_crypto_sgl sgl, dest_sgl;
uint32_t max_len;
union rte_cryptodev_session_ctx sess;
+ uint64_t auth_end_iova;
uint32_t count = 0;
struct rte_crypto_raw_dp_ctx *ctx;
uint32_t cipher_offset = 0, cipher_len = 0, auth_offset = 0,
int ctx_service_size;
int32_t status = 0;
int enqueue_status, dequeue_status;
+ struct crypto_unittest_params *ut_params = &unittest_params;
+ int is_sgl = sop->m_src->nb_segs > 1;
+ int is_oop = 0;
ctx_service_size = rte_cryptodev_get_raw_dp_ctx_size(dev_id);
if (ctx_service_size < 0) {
digest.va = NULL;
sgl.vec = data_vec;
vec.num = 1;
- vec.sgl = &sgl;
+ vec.src_sgl = &sgl;
vec.iv = &cipher_iv;
vec.digest = &digest;
vec.aad = &aad_auth_iv;
ofs.raw = 0;
+ if ((sop->m_dst != NULL) && (sop->m_dst != sop->m_src))
+ is_oop = 1;
+
if (is_cipher && is_auth) {
cipher_offset = sop->cipher.data.offset;
cipher_len = sop->cipher.data.length;
digest.va = (void *)sop->auth.digest.data;
digest.iova = sop->auth.digest.phys_addr;
+ if (is_sgl) {
+ uint32_t remaining_off = auth_offset + auth_len;
+ struct rte_mbuf *sgl_buf = sop->m_src;
+ if (is_oop)
+ sgl_buf = sop->m_dst;
+
+ while (remaining_off >= rte_pktmbuf_data_len(sgl_buf)
+ && sgl_buf->next != NULL) {
+ remaining_off -= rte_pktmbuf_data_len(sgl_buf);
+ sgl_buf = sgl_buf->next;
+ }
+
+ auth_end_iova = (uint64_t)rte_pktmbuf_iova_offset(
+ sgl_buf, remaining_off);
+ } else {
+ auth_end_iova = rte_pktmbuf_iova(op->sym->m_src) +
+ auth_offset + auth_len;
+ }
+ /* Then check if digest-encrypted conditions are met */
+ if ((auth_offset + auth_len < cipher_offset + cipher_len) &&
+ (digest.iova == auth_end_iova) && is_sgl)
+ max_len = RTE_MAX(max_len,
+ auth_offset + auth_len +
+ ut_params->auth_xform.auth.digest_length);
+
} else if (is_cipher) {
cipher_offset = sop->cipher.data.offset;
cipher_len = sop->cipher.data.length;
}
sgl.num = n;
+ /* Out of place */
+ if (is_oop) {
+ dest_sgl.vec = dest_data_vec;
+ vec.dest_sgl = &dest_sgl;
+ n = rte_crypto_mbuf_to_vec(sop->m_dst, 0, max_len,
+ dest_data_vec, RTE_DIM(dest_data_vec));
+ if (n < 0 || n > sop->m_dst->nb_segs) {
+ op->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ goto exit;
+ }
+ dest_sgl.num = n;
+ } else
+ vec.dest_sgl = NULL;
if (rte_cryptodev_raw_enqueue_burst(ctx, &vec, ofs, (void **)&op,
&enqueue_status) < 1) {
}
op->status = (count == MAX_RAW_DEQUEUE_COUNT + 1 || ret_op != op ||
+ ret_op->status == RTE_CRYPTO_OP_STATUS_ERROR ||
n_success < 1) ? RTE_CRYPTO_OP_STATUS_ERROR :
RTE_CRYPTO_OP_STATUS_SUCCESS;
sgl.vec = vec;
sgl.num = n;
- symvec.sgl = &sgl;
+ symvec.src_sgl = &sgl;
symvec.iv = &iv_ptr;
symvec.digest = &digest_ptr;
symvec.aad = &aad_ptr;
sgl.vec = vec;
sgl.num = n;
- symvec.sgl = &sgl;
+ symvec.src_sgl = &sgl;
symvec.iv = &iv_ptr;
symvec.digest = &digest_ptr;
symvec.status = &st;
return op;
}
-static struct crypto_testsuite_params testsuite_params = { NULL };
-struct crypto_testsuite_params *p_testsuite_params = &testsuite_params;
-static struct crypto_unittest_params unittest_params;
-
static int
testsuite_setup(void)
{
}
#ifdef RTE_LIB_SECURITY
+static int
+ipsec_proto_testsuite_setup(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct crypto_unittest_params *ut_params = &unittest_params;
+ struct rte_cryptodev_info dev_info;
+ int ret = 0;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+ if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) {
+ RTE_LOG(INFO, USER1, "Feature flag requirements for IPsec Proto "
+ "testsuite not met\n");
+ return TEST_SKIPPED;
+ }
+
+ /* Reconfigure to enable security */
+ ret = dev_configure_and_start(0);
+ if (ret != TEST_SUCCESS)
+ return ret;
+
+ /* Set action type */
+ ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
+
+ if (security_proto_supported(
+ RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ RTE_SECURITY_PROTOCOL_IPSEC) < 0) {
+ RTE_LOG(INFO, USER1, "Capability requirements for IPsec Proto "
+ "test not met\n");
+ ret = TEST_SKIPPED;
+ }
+
+ test_ipsec_alg_list_populate();
+ test_ipsec_ah_alg_list_populate();
+
+ /*
+ * Stop the device. Device would be started again by individual test
+ * case setup routine.
+ */
+ rte_cryptodev_stop(ts_params->valid_devs[0]);
+
+ return ret;
+}
+
static int
pdcp_proto_testsuite_setup(void)
{
if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
!(dev_info.feature_flags &
RTE_CRYPTODEV_FF_SECURITY)) {
- RTE_LOG(INFO, USER1, "Feature flag requirements for Docsis "
+ RTE_LOG(INFO, USER1, "Feature flag requirements for DOCSIS "
"Proto testsuite not met\n");
return TEST_SKIPPED;
}
if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0) {
- RTE_LOG(INFO, USER1, "Capability requirements for Docsis Proto "
+ RTE_LOG(INFO, USER1, "Capability requirements for DOCSIS Proto "
"testsuite not met\n");
return TEST_SKIPPED;
}
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
- struct rte_cryptodev_stats stats;
/* free crypto session structure */
#ifdef RTE_LIB_SECURITY
RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
rte_mempool_avail_count(ts_params->mbuf_pool));
- rte_cryptodev_stats_get(ts_params->valid_devs[0], &stats);
-
/* Stop the device */
rte_cryptodev_stop(ts_params->valid_devs[0]);
}
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
+ int status;
/* Verify the capabilities */
struct rte_cryptodev_sym_capability_idx cap_idx;
ut_params->sess = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
/* Create crypto session*/
- rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+ status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
ut_params->sess, &ut_params->cipher_xform,
ts_params->session_priv_mpool);
- TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+
+ if (status == -ENOTSUP)
+ return TEST_SKIPPED;
+
+ TEST_ASSERT_EQUAL(status, 0, "Session init failed");
/* Generate crypto op data structure */
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
&ut_params->auth_xform,
ts_params->session_priv_mpool);
+ if (status == -ENOTSUP)
+ return TEST_SKIPPED;
+
TEST_ASSERT_EQUAL(status, 0, "session init failed");
TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
return 0;
status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
&ut_params->cipher_xform,
ts_params->session_priv_mpool);
+ if (status == -ENOTSUP)
+ return TEST_SKIPPED;
+
TEST_ASSERT_EQUAL(status, 0, "session init failed");
TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
return 0;
/* Create KASUMI operation */
retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data,
- tdata->cipher_iv.len,
- tdata->ciphertext.len,
- tdata->validCipherOffsetInBits.len);
+ tdata->cipher_iv.len,
+ RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8),
+ tdata->validCipherOffsetInBits.len);
if (retval < 0)
return retval;
int retval;
unsigned plaintext_pad_len;
unsigned plaintext_len;
+ struct rte_cryptodev_info dev_info;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+ uint64_t feat_flags = dev_info.feature_flags;
+
+ if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+ (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+ printf("Device does not support RAW data-path APIs.\n");
+ return -ENOTSUP;
+ }
/* Verify the capabilities */
struct rte_cryptodev_sym_capability_idx cap_idx;
if (retval < 0)
return retval;
- ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+ if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+ process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+ ut_params->op, 1, 0, 1, tdata->cipher_iv.len);
+ else
+ ut_params->op = process_crypto_request(ts_params->valid_devs[0],
ut_params->op);
TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
return TEST_SKIPPED;
}
+ if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+ (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+ printf("Device does not support RAW data-path APIs.\n");
+ return -ENOTSUP;
+ }
+
/* Create SNOW 3G session */
retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
RTE_CRYPTO_CIPHER_OP_ENCRYPT,
if (retval < 0)
return retval;
- ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+ if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+ process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+ ut_params->op, 1, 0, 1, tdata->cipher_iv.len);
+ else
+ ut_params->op = process_crypto_request(ts_params->valid_devs[0],
ut_params->op);
TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
if (retval < 0)
return retval;
- ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+ if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+ process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+ ut_params->op, 1, 0, 1, tdata->cipher_iv.len);
+ else
+ ut_params->op = process_crypto_request(ts_params->valid_devs[0],
ut_params->op);
TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
uint8_t *plaintext, *ciphertext;
unsigned ciphertext_pad_len;
unsigned ciphertext_len;
+ struct rte_cryptodev_info dev_info;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+ uint64_t feat_flags = dev_info.feature_flags;
+ if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+ (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+ printf("Device does not support RAW data-path APIs.\n");
+ return -ENOTSUP;
+ }
/* Verify the capabilities */
struct rte_cryptodev_sym_capability_idx cap_idx;
cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
if (retval < 0)
return retval;
- ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+ if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+ process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+ ut_params->op, 1, 0, 1, tdata->cipher_iv.len);
+ else
+ ut_params->op = process_crypto_request(ts_params->valid_devs[0],
ut_params->op);
TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
ut_params->obuf = ut_params->op->sym->m_dst;
return 0;
}
+static int
+check_cipher_capability(const struct crypto_testsuite_params *ts_params,
+ const enum rte_crypto_cipher_algorithm cipher_algo,
+ const uint16_t key_size, const uint16_t iv_size)
+{
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ const struct rte_cryptodev_symmetric_capability *cap;
+
+ /* Check if device supports the algorithm */
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ cap_idx.algo.cipher = cipher_algo;
+
+ cap = rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
+ &cap_idx);
+
+ if (cap == NULL)
+ return -1;
+
+ /* Check if device supports key size and IV size */
+ if (rte_cryptodev_sym_capability_check_cipher(cap, key_size,
+ iv_size) < 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+check_auth_capability(const struct crypto_testsuite_params *ts_params,
+ const enum rte_crypto_auth_algorithm auth_algo,
+ const uint16_t key_size, const uint16_t iv_size,
+ const uint16_t tag_size)
+{
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ const struct rte_cryptodev_symmetric_capability *cap;
+
+ /* Check if device supports the algorithm */
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+ cap_idx.algo.auth = auth_algo;
+
+ cap = rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
+ &cap_idx);
+
+ if (cap == NULL)
+ return -1;
+
+ /* Check if device supports key size and IV size */
+ if (rte_cryptodev_sym_capability_check_auth(cap, key_size,
+ tag_size, iv_size) < 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
static int
test_zuc_encryption(const struct wireless_test_data *tdata)
{
if (gbl_action_type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO)
return TEST_SKIPPED;
- struct rte_cryptodev_sym_capability_idx cap_idx;
-
/* Check if device supports ZUC EEA3 */
- cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_ZUC_EEA3;
-
- if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
- &cap_idx) == NULL)
+ if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3,
+ tdata->key.len, tdata->cipher_iv.len) < 0)
return TEST_SKIPPED;
/* Create ZUC session */
RTE_CRYPTO_CIPHER_ZUC_EEA3,
tdata->key.data, tdata->key.len,
tdata->cipher_iv.len);
- if (retval < 0)
+ if (retval != 0)
return retval;
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
uint8_t ciphertext_buffer[2048];
struct rte_cryptodev_info dev_info;
- struct rte_cryptodev_sym_capability_idx cap_idx;
-
/* Check if device supports ZUC EEA3 */
- cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_ZUC_EEA3;
-
- if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
- &cap_idx) == NULL)
+ if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3,
+ tdata->key.len, tdata->cipher_iv.len) < 0)
return TEST_SKIPPED;
if (gbl_action_type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO)
unsigned plaintext_len;
uint8_t *plaintext;
- struct rte_cryptodev_sym_capability_idx cap_idx;
struct rte_cryptodev_info dev_info;
rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
return TEST_SKIPPED;
/* Check if device supports ZUC EIA3 */
- cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- cap_idx.algo.auth = RTE_CRYPTO_AUTH_ZUC_EIA3;
-
- if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
- &cap_idx) == NULL)
+ if (check_auth_capability(ts_params, RTE_CRYPTO_AUTH_ZUC_EIA3,
+ tdata->key.len, tdata->auth_iv.len,
+ tdata->digest.len) < 0)
return TEST_SKIPPED;
/* Create ZUC session */
tdata->auth_iv.len, tdata->digest.len,
RTE_CRYPTO_AUTH_OP_GENERATE,
RTE_CRYPTO_AUTH_ZUC_EIA3);
- if (retval < 0)
+ if (retval != 0)
return retval;
/* alloc mbuf and set payload */
else
ut_params->op = process_crypto_request(ts_params->valid_devs[0],
ut_params->op);
- ut_params->obuf = ut_params->op->sym->m_src;
TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
+ ut_params->obuf = ut_params->op->sym->m_src;
ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
+ plaintext_pad_len;
unsigned int ciphertext_len;
struct rte_cryptodev_info dev_info;
- struct rte_cryptodev_sym_capability_idx cap_idx;
- /* Check if device supports ZUC EIA3 */
- cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- cap_idx.algo.auth = RTE_CRYPTO_AUTH_ZUC_EIA3;
+ /* Check if device supports ZUC EEA3 */
+ if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3,
+ tdata->key.len, tdata->cipher_iv.len) < 0)
+ return TEST_SKIPPED;
- if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
- &cap_idx) == NULL)
+ /* Check if device supports ZUC EIA3 */
+ if (check_auth_capability(ts_params, RTE_CRYPTO_AUTH_ZUC_EIA3,
+ tdata->key.len, tdata->auth_iv.len,
+ tdata->digest.len) < 0)
return TEST_SKIPPED;
rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
ciphertext_pad_len);
memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
- if (op_mode == OUT_OF_PLACE)
- rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
debug_hexdump(stdout, "ciphertext:", ciphertext,
ciphertext_len);
} else {
+ /* make sure enough space to cover partial digest verify case */
plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
- plaintext_pad_len);
+ ciphertext_pad_len);
memcpy(plaintext, tdata->plaintext.data, plaintext_len);
- if (op_mode == OUT_OF_PLACE)
- rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
debug_hexdump(stdout, "plaintext:", plaintext,
plaintext_len);
}
+ if (op_mode == OUT_OF_PLACE)
+ rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+
/* Create ZUC operation */
retval = create_wireless_algo_auth_cipher_operation(
tdata->digest.data, tdata->digest.len,
uint8_t digest_buffer[10000];
struct rte_cryptodev_info dev_info;
- struct rte_cryptodev_sym_capability_idx cap_idx;
- /* Check if device supports ZUC EIA3 */
- cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- cap_idx.algo.auth = RTE_CRYPTO_AUTH_ZUC_EIA3;
+ /* Check if device supports ZUC EEA3 */
+ if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3,
+ tdata->key.len, tdata->cipher_iv.len) < 0)
+ return TEST_SKIPPED;
- if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
- &cap_idx) == NULL)
+ /* Check if device supports ZUC EIA3 */
+ if (check_auth_capability(ts_params, RTE_CRYPTO_AUTH_ZUC_EIA3,
+ tdata->key.len, tdata->auth_iv.len,
+ tdata->digest.len) < 0)
return TEST_SKIPPED;
rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
}
/*
- * Function prepare data for hash veryfication test case.
+ * Function prepare data for hash verification test case.
* Digest is allocated in 4 last bytes in plaintext, pattern.
*/
snow3g_hash_test_vector_setup(&snow3g_test_case_7, &snow3g_hash_data);
return test_zuc_authentication(&zuc_test_case_auth_584b);
}
+static int
+test_zuc_hash_generate_test_case_9(void)
+{
+ return test_zuc_authentication(&zuc_test_case_auth_4000b_mac_32b);
+}
+
+static int
+test_zuc_hash_generate_test_case_10(void)
+{
+ return test_zuc_authentication(&zuc_test_case_auth_4000b_mac_64b);
+}
+
+static int
+test_zuc_hash_generate_test_case_11(void)
+{
+ return test_zuc_authentication(&zuc_test_case_auth_4000b_mac_128b);
+}
+
static int
test_zuc_cipher_auth_test_case_1(void)
{
&zuc_auth_cipher_test_case_1, OUT_OF_PLACE, 1);
}
+static int
+test_zuc256_encryption_test_case_1(void)
+{
+ return test_zuc_encryption(&zuc256_test_case_cipher_1);
+}
+
+static int
+test_zuc256_encryption_test_case_2(void)
+{
+ return test_zuc_encryption(&zuc256_test_case_cipher_2);
+}
+
+static int
+test_zuc256_authentication_test_case_1(void)
+{
+ return test_zuc_authentication(&zuc256_test_case_auth_1);
+}
+
+static int
+test_zuc256_authentication_test_case_2(void)
+{
+ return test_zuc_authentication(&zuc256_test_case_auth_2);
+}
+
static int
test_mixed_check_if_unsupported(const struct mixed_cipher_auth_test_data *tdata)
{
ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
ciphertext_pad_len);
memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
- if (op_mode == OUT_OF_PLACE)
- rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
debug_hexdump(stdout, "ciphertext:", ciphertext,
ciphertext_len);
} else {
+ /* make sure enough space to cover partial digest verify case */
plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
- plaintext_pad_len);
+ ciphertext_pad_len);
memcpy(plaintext, tdata->plaintext.data, plaintext_len);
- if (op_mode == OUT_OF_PLACE)
- rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
}
+ if (op_mode == OUT_OF_PLACE)
+ rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+
/* Create the operation */
retval = create_wireless_algo_auth_cipher_operation(
tdata->digest_enc.data, tdata->digest_enc.len,
tdata->digest_enc.len);
}
- /* Validate obuf */
- if (verify) {
- TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
- plaintext,
- tdata->plaintext.data,
- tdata->plaintext.len_bits >> 3,
- "Plaintext data not as expected");
- } else {
- TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
- ciphertext,
- tdata->ciphertext.data,
- tdata->validDataLen.len_bits,
- "Ciphertext data not as expected");
-
+ if (!verify) {
TEST_ASSERT_BUFFERS_ARE_EQUAL(
ut_params->digest,
tdata->digest_enc.data,
- DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
+ tdata->digest_enc.len,
"Generated auth tag not as expected");
}
+ if (tdata->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
+ if (verify) {
+ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+ plaintext,
+ tdata->plaintext.data,
+ tdata->plaintext.len_bits >> 3,
+ "Plaintext data not as expected");
+ } else {
+ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+ ciphertext,
+ tdata->ciphertext.data,
+ tdata->validDataLen.len_bits,
+ "Ciphertext data not as expected");
+ }
+ }
+
TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
"crypto op processing failed");
tdata->digest_enc.data, tdata->digest_enc.len);
}
- /* Validate obuf */
- if (verify) {
- TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
- plaintext,
- tdata->plaintext.data,
- tdata->plaintext.len_bits >> 3,
- "Plaintext data not as expected");
- } else {
- TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
- ciphertext,
- tdata->ciphertext.data,
- tdata->validDataLen.len_bits,
- "Ciphertext data not as expected");
+ if (!verify) {
TEST_ASSERT_BUFFERS_ARE_EQUAL(
digest,
tdata->digest_enc.data,
"Generated auth tag not as expected");
}
- TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
+ if (tdata->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
+ if (verify) {
+ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+ plaintext,
+ tdata->plaintext.data,
+ tdata->plaintext.len_bits >> 3,
+ "Plaintext data not as expected");
+ } else {
+ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+ ciphertext,
+ tdata->ciphertext.data,
+ tdata->validDataLen.len_bits,
+ "Ciphertext data not as expected");
+ }
+ }
+
+ TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
"crypto op processing failed");
return 0;
uint8_t iv_len)
{
uint8_t aead_key[key_len];
+ int status;
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
/* Create Crypto session*/
ut_params->sess = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
- rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+ status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
&ut_params->aead_xform,
ts_params->session_priv_mpool);
- TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
- return 0;
+ return status;
}
static int
int to_trn_tbl[16];
int segs = 1;
unsigned int trn_data = 0;
+ struct rte_cryptodev_info dev_info;
+ uint64_t feat_flags;
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ts_params->valid_devs[0]);
+ struct rte_mbuf *temp_mbuf;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+ feat_flags = dev_info.feature_flags;
+ if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+ (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+ printf("Device does not support RAW data-path APIs.\n");
+ return -ENOTSUP;
+ }
/* Verify the capabilities */
struct rte_security_capability_idx sec_cap_idx;
ut_params->op->sym->m_dst = ut_params->obuf;
/* Process crypto operation */
- if (process_crypto_request(ts_params->valid_devs[0], ut_params->op)
- == NULL) {
+ temp_mbuf = ut_params->op->sym->m_src;
+ if (global_api_test_type == CRYPTODEV_RAW_API_TEST) {
+ /* filling lengths */
+ while (temp_mbuf) {
+ ut_params->op->sym->cipher.data.length
+ += temp_mbuf->pkt_len;
+ ut_params->op->sym->auth.data.length
+ += temp_mbuf->pkt_len;
+ temp_mbuf = temp_mbuf->next;
+ }
+ process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+ ut_params->op, 1, 1, 0, 0);
+ } else {
+ ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+ ut_params->op);
+ }
+ if (ut_params->op == NULL) {
printf("TestCase %s()-%d line %d failed %s: ",
__func__, i, __LINE__,
"failed to process sym crypto op");
int err, all_err = TEST_SUCCESS;
const struct pdcp_sdap_test *cur_test;
- size = ARRAY_SIZE(list_pdcp_sdap_tests);
+ size = RTE_DIM(list_pdcp_sdap_tests);
for (i = 0; i < size; i++) {
cur_test = &list_pdcp_sdap_tests[i];
return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED;
}
+static int
+test_PDCP_PROTO_short_mac(void)
+{
+ int i = 0, size = 0;
+ int err, all_err = TEST_SUCCESS;
+ const struct pdcp_short_mac_test *cur_test;
+
+ size = RTE_DIM(list_pdcp_smac_tests);
+
+ for (i = 0; i < size; i++) {
+ cur_test = &list_pdcp_smac_tests[i];
+ err = test_pdcp_proto(
+ i, 0, RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ RTE_CRYPTO_AUTH_OP_GENERATE, cur_test->data_in,
+ cur_test->in_len, cur_test->data_out,
+ cur_test->in_len + ((cur_test->auth_key) ? 4 : 0),
+ RTE_CRYPTO_CIPHER_NULL, NULL,
+ 0, cur_test->param.auth_alg,
+ cur_test->auth_key, cur_test->param.auth_key_len,
+ 0, cur_test->param.domain, 0, 0,
+ 0, 0, 0);
+ if (err) {
+ printf("\t%d) %s: Short MAC test failed\n",
+ cur_test->test_idx,
+ cur_test->param.name);
+ err = TEST_FAILED;
+ } else {
+ printf("\t%d) %s: Short MAC test PASS\n",
+ cur_test->test_idx,
+ cur_test->param.name);
+ rte_hexdump(stdout, "MAC I",
+ cur_test->data_out + cur_test->in_len + 2,
+ 2);
+ err = TEST_SUCCESS;
+ }
+ all_err += err;
+ }
+
+ printf("Success: %d, Failure: %d\n", size + all_err, -all_err);
+
+ return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED;
+
+}
+
static int
test_PDCP_SDAP_PROTO_decap_all(void)
{
int err, all_err = TEST_SUCCESS;
const struct pdcp_sdap_test *cur_test;
- size = ARRAY_SIZE(list_pdcp_sdap_tests);
+ size = RTE_DIM(list_pdcp_sdap_tests);
for (i = 0; i < size; i++) {
cur_test = &list_pdcp_sdap_tests[i];
}
static int
-test_PDCP_PROTO_all(void)
+test_ipsec_proto_process(const struct ipsec_test_data td[],
+ struct ipsec_test_data res_d[],
+ int nb_td,
+ bool silent,
+ const struct ipsec_test_flags *flags)
{
+ uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000,
+ 0x0000, 0x001a};
+ uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174,
+ 0xe82c, 0x4887};
+ const struct rte_ipv4_hdr *ipv4 =
+ (const struct rte_ipv4_hdr *)td[0].output_text.data;
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
- struct rte_cryptodev_info dev_info;
- int status;
+ struct rte_security_capability_idx sec_cap_idx;
+ const struct rte_security_capability *sec_cap;
+ struct rte_security_ipsec_xform ipsec_xform;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ enum rte_security_ipsec_sa_direction dir;
+ struct ipsec_test_data *res_d_tmp = NULL;
+ int salt_len, i, ret = TEST_SUCCESS;
+ struct rte_security_ctx *ctx;
+ uint8_t *input_text;
+ uint32_t src, dst;
+ uint32_t verify;
- rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
- uint64_t feat_flags = dev_info.feature_flags;
+ ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
+ gbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
- if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY))
+ /* Use first test data to create session */
+
+ /* Copy IPsec xform */
+ memcpy(&ipsec_xform, &td[0].ipsec_xform, sizeof(ipsec_xform));
+
+ dir = ipsec_xform.direction;
+ verify = flags->tunnel_hdr_verify;
+
+ memcpy(&src, &ipv4->src_addr, sizeof(ipv4->src_addr));
+ memcpy(&dst, &ipv4->dst_addr, sizeof(ipv4->dst_addr));
+
+ if ((dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && verify) {
+ if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR)
+ src += 1;
+ else if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR)
+ dst += 1;
+ }
+
+ if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src,
+ sizeof(src));
+ memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
+ sizeof(dst));
+
+ if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+ ipsec_xform.tunnel.ipv4.df = 0;
+
+ if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0)
+ ipsec_xform.tunnel.ipv4.df = 1;
+
+ if (flags->dscp == TEST_IPSEC_SET_DSCP_0_INNER_1)
+ ipsec_xform.tunnel.ipv4.dscp = 0;
+
+ if (flags->dscp == TEST_IPSEC_SET_DSCP_1_INNER_0)
+ ipsec_xform.tunnel.ipv4.dscp =
+ TEST_IPSEC_DSCP_VAL;
+
+ } else {
+ if (flags->dscp == TEST_IPSEC_SET_DSCP_0_INNER_1)
+ ipsec_xform.tunnel.ipv6.dscp = 0;
+
+ if (flags->dscp == TEST_IPSEC_SET_DSCP_1_INNER_0)
+ ipsec_xform.tunnel.ipv6.dscp =
+ TEST_IPSEC_DSCP_VAL;
+
+ memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+ sizeof(v6_src));
+ memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+ sizeof(v6_dst));
+ }
+ }
+
+ ctx = rte_cryptodev_get_sec_ctx(dev_id);
+
+ sec_cap_idx.action = ut_params->type;
+ sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_IPSEC;
+ sec_cap_idx.ipsec.proto = ipsec_xform.proto;
+ sec_cap_idx.ipsec.mode = ipsec_xform.mode;
+ sec_cap_idx.ipsec.direction = ipsec_xform.direction;
+
+ if (flags->udp_encap)
+ ipsec_xform.options.udp_encap = 1;
+
+ sec_cap = rte_security_capability_get(ctx, &sec_cap_idx);
+ if (sec_cap == NULL)
return TEST_SKIPPED;
- /* Set action type */
- ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ?
- RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL :
- gbl_action_type;
+ /* Copy cipher session parameters */
+ if (td[0].aead) {
+ memcpy(&ut_params->aead_xform, &td[0].xform.aead,
+ sizeof(ut_params->aead_xform));
+ ut_params->aead_xform.aead.key.data = td[0].key.data;
+ ut_params->aead_xform.aead.iv.offset = IV_OFFSET;
+
+ /* Verify crypto capabilities */
+ if (test_ipsec_crypto_caps_aead_verify(
+ sec_cap,
+ &ut_params->aead_xform) != 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Crypto capabilities not supported\n");
+ return TEST_SKIPPED;
+ }
+ } else if (td[0].auth_only) {
+ memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth,
+ sizeof(ut_params->auth_xform));
+ ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
+
+ if (test_ipsec_crypto_caps_auth_verify(
+ sec_cap,
+ &ut_params->auth_xform) != 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Auth crypto capabilities not supported\n");
+ return TEST_SKIPPED;
+ }
+ } else {
+ memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher,
+ sizeof(ut_params->cipher_xform));
+ memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth,
+ sizeof(ut_params->auth_xform));
+ ut_params->cipher_xform.cipher.key.data = td[0].key.data;
+ ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+ ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
- if (security_proto_supported(ut_params->type,
- RTE_SECURITY_PROTOCOL_PDCP) < 0)
+ /* Verify crypto capabilities */
+
+ if (test_ipsec_crypto_caps_cipher_verify(
+ sec_cap,
+ &ut_params->cipher_xform) != 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Cipher crypto capabilities not supported\n");
+ return TEST_SKIPPED;
+ }
+
+ if (test_ipsec_crypto_caps_auth_verify(
+ sec_cap,
+ &ut_params->auth_xform) != 0) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Auth crypto capabilities not supported\n");
+ return TEST_SKIPPED;
+ }
+ }
+
+ if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0)
return TEST_SKIPPED;
- status = test_PDCP_PROTO_cplane_encap_all();
- status += test_PDCP_PROTO_cplane_decap_all();
- status += test_PDCP_PROTO_uplane_encap_all();
- status += test_PDCP_PROTO_uplane_decap_all();
- status += test_PDCP_PROTO_SGL_in_place_32B();
- status += test_PDCP_PROTO_SGL_oop_32B_128B();
- status += test_PDCP_PROTO_SGL_oop_32B_40B();
- status += test_PDCP_PROTO_SGL_oop_128B_32B();
- status += test_PDCP_SDAP_PROTO_encap_all();
- status += test_PDCP_SDAP_PROTO_decap_all();
+ struct rte_security_session_conf sess_conf = {
+ .action_type = ut_params->type,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ };
- if (status)
- return TEST_FAILED;
+ if (td[0].aead || td[0].aes_gmac) {
+ salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
+ memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
+ }
+
+ if (td[0].aead) {
+ sess_conf.ipsec = ipsec_xform;
+ sess_conf.crypto_xform = &ut_params->aead_xform;
+ } else if (td[0].auth_only) {
+ sess_conf.ipsec = ipsec_xform;
+ sess_conf.crypto_xform = &ut_params->auth_xform;
+ } else {
+ sess_conf.ipsec = ipsec_xform;
+ if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ sess_conf.crypto_xform = &ut_params->cipher_xform;
+ ut_params->cipher_xform.next = &ut_params->auth_xform;
+ } else {
+ sess_conf.crypto_xform = &ut_params->auth_xform;
+ ut_params->auth_xform.next = &ut_params->cipher_xform;
+ }
+ }
+
+ /* Create security session */
+ ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
+ ts_params->session_mpool,
+ ts_params->session_priv_mpool);
+
+ if (ut_params->sec_session == NULL)
+ return TEST_SKIPPED;
+
+ for (i = 0; i < nb_td; i++) {
+ if (flags->antireplay &&
+ (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)) {
+ sess_conf.ipsec.esn.value = td[i].ipsec_xform.esn.value;
+ ret = rte_security_session_update(ctx,
+ ut_params->sec_session, &sess_conf);
+ if (ret) {
+ printf("Could not update sequence number in "
+ "session\n");
+ return TEST_SKIPPED;
+ }
+ }
+
+ /* Setup source mbuf payload */
+ ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+ memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
+ rte_pktmbuf_tailroom(ut_params->ibuf));
+
+ input_text = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+ td[i].input_text.len);
+
+ memcpy(input_text, td[i].input_text.data,
+ td[i].input_text.len);
+
+ if (test_ipsec_pkt_update(input_text, flags))
+ return TEST_FAILED;
+
+ /* Generate crypto op data structure */
+ ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
+ RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+ if (!ut_params->op) {
+ printf("TestCase %s line %d: %s\n",
+ __func__, __LINE__,
+ "failed to allocate crypto op");
+ ret = TEST_FAILED;
+ goto crypto_op_free;
+ }
+
+ /* Attach session to operation */
+ rte_security_attach_session(ut_params->op,
+ ut_params->sec_session);
+
+ /* Set crypto operation mbufs */
+ ut_params->op->sym->m_src = ut_params->ibuf;
+ ut_params->op->sym->m_dst = NULL;
+
+ /* Copy IV in crypto operation when IV generation is disabled */
+ if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+ ipsec_xform.options.iv_gen_disable == 1) {
+ uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op,
+ uint8_t *,
+ IV_OFFSET);
+ int len;
+
+ if (td[i].aead)
+ len = td[i].xform.aead.aead.iv.length;
+ else if (td[i].aes_gmac)
+ len = td[i].xform.chain.auth.auth.iv.length;
+ else
+ len = td[i].xform.chain.cipher.cipher.iv.length;
+
+ memcpy(iv, td[i].iv.data, len);
+ }
+
+ /* Process crypto operation */
+ process_crypto_request(dev_id, ut_params->op);
+
+ ret = test_ipsec_status_check(&td[i], ut_params->op, flags, dir,
+ i + 1);
+ if (ret != TEST_SUCCESS)
+ goto crypto_op_free;
+
+ if (res_d != NULL)
+ res_d_tmp = &res_d[i];
+
+ ret = test_ipsec_post_process(ut_params->ibuf, &td[i],
+ res_d_tmp, silent, flags);
+ if (ret != TEST_SUCCESS)
+ goto crypto_op_free;
+
+ ret = test_ipsec_stats_verify(ctx, ut_params->sec_session,
+ flags, dir);
+ if (ret != TEST_SUCCESS)
+ goto crypto_op_free;
+
+ rte_crypto_op_free(ut_params->op);
+ ut_params->op = NULL;
+
+ rte_pktmbuf_free(ut_params->ibuf);
+ ut_params->ibuf = NULL;
+ }
+
+crypto_op_free:
+ rte_crypto_op_free(ut_params->op);
+ ut_params->op = NULL;
+
+ rte_pktmbuf_free(ut_params->ibuf);
+ ut_params->ibuf = NULL;
+
+ if (ut_params->sec_session)
+ rte_security_session_destroy(ctx, ut_params->sec_session);
+ ut_params->sec_session = NULL;
+
+ return ret;
+}
+
+static int
+test_ipsec_proto_known_vec(const void *test_data)
+{
+ struct ipsec_test_data td_outb;
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ memcpy(&td_outb, test_data, sizeof(td_outb));
+
+ if (td_outb.aes_gmac || td_outb.aead ||
+ ((td_outb.ipsec_xform.proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) &&
+ (td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL))) {
+ /* Disable IV gen to be able to test with known vectors */
+ td_outb.ipsec_xform.options.iv_gen_disable = 1;
+ }
+
+ return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
+}
+
+static int
+test_ipsec_proto_known_vec_inb(const void *test_data)
+{
+ const struct ipsec_test_data *td = test_data;
+ struct ipsec_test_flags flags;
+ struct ipsec_test_data td_inb;
+
+ memset(&flags, 0, sizeof(flags));
+
+ if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+ test_ipsec_td_in_from_out(td, &td_inb);
+ else
+ memcpy(&td_inb, td, sizeof(td_inb));
+
+ return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags);
+}
+
+static int
+test_ipsec_proto_known_vec_fragmented(const void *test_data)
+{
+ struct ipsec_test_data td_outb;
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+ flags.fragment = true;
+
+ memcpy(&td_outb, test_data, sizeof(td_outb));
+
+ /* Disable IV gen to be able to test with known vectors */
+ td_outb.ipsec_xform.options.iv_gen_disable = 1;
+
+ return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
+}
+
+static int
+test_ipsec_proto_all(const struct ipsec_test_flags *flags)
+{
+ struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
+ struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX];
+ unsigned int i, nb_pkts = 1, pass_cnt = 0;
+ int ret;
+
+ if (flags->iv_gen ||
+ flags->sa_expiry_pkts_soft ||
+ flags->sa_expiry_pkts_hard)
+ nb_pkts = IPSEC_TEST_PACKETS_MAX;
+
+ for (i = 0; i < RTE_DIM(alg_list); i++) {
+ test_ipsec_td_prepare(alg_list[i].param1,
+ alg_list[i].param2,
+ flags,
+ td_outb,
+ nb_pkts);
+
+ if (!td_outb->aead) {
+ enum rte_crypto_cipher_algorithm cipher_alg;
+ enum rte_crypto_auth_algorithm auth_alg;
+
+ cipher_alg = td_outb->xform.chain.cipher.cipher.algo;
+ auth_alg = td_outb->xform.chain.auth.auth.algo;
+
+ if (td_outb->aes_gmac && cipher_alg != RTE_CRYPTO_CIPHER_NULL)
+ continue;
+
+ /* ICV is not applicable for NULL auth */
+ if (flags->icv_corrupt &&
+ auth_alg == RTE_CRYPTO_AUTH_NULL)
+ continue;
+
+ /* IV is not applicable for NULL cipher */
+ if (flags->iv_gen &&
+ cipher_alg == RTE_CRYPTO_CIPHER_NULL)
+ continue;
+ }
+
+ ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
+ flags);
+ if (ret == TEST_SKIPPED)
+ continue;
+
+ if (ret == TEST_FAILED)
+ return TEST_FAILED;
+
+ test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags);
+
+ ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true,
+ flags);
+ if (ret == TEST_SKIPPED)
+ continue;
+
+ if (ret == TEST_FAILED)
+ return TEST_FAILED;
+
+ if (flags->display_alg)
+ test_ipsec_display_alg(alg_list[i].param1,
+ alg_list[i].param2);
+
+ pass_cnt++;
+ }
+
+ if (pass_cnt > 0)
+ return TEST_SUCCESS;
else
+ return TEST_SKIPPED;
+}
+
+static int
+test_ipsec_ah_proto_all(const struct ipsec_test_flags *flags)
+{
+ struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
+ struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX];
+ unsigned int i, nb_pkts = 1, pass_cnt = 0;
+ int ret;
+
+ for (i = 0; i < RTE_DIM(ah_alg_list); i++) {
+ test_ipsec_td_prepare(ah_alg_list[i].param1,
+ ah_alg_list[i].param2,
+ flags,
+ td_outb,
+ nb_pkts);
+
+ ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
+ flags);
+ if (ret == TEST_SKIPPED)
+ continue;
+
+ if (ret == TEST_FAILED)
+ return TEST_FAILED;
+
+ test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags);
+
+ ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true,
+ flags);
+ if (ret == TEST_SKIPPED)
+ continue;
+
+ if (ret == TEST_FAILED)
+ return TEST_FAILED;
+
+ if (flags->display_alg)
+ test_ipsec_display_alg(ah_alg_list[i].param1,
+ ah_alg_list[i].param2);
+
+ pass_cnt++;
+ }
+
+ if (pass_cnt > 0)
return TEST_SUCCESS;
+ else
+ return TEST_SKIPPED;
+}
+
+static int
+test_ipsec_proto_display_list(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.display_alg = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ah_tunnel_ipv4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ah = true;
+ flags.display_alg = true;
+
+ return test_ipsec_ah_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ah_transport_ipv4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ah = true;
+ flags.transport = true;
+
+ return test_ipsec_ah_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_iv_gen(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.iv_gen = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.sa_expiry_pkts_soft = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_sa_exp_pkts_hard(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.sa_expiry_pkts_hard = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.icv_corrupt = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_udp_encap(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.udp_encap = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_src_dst_addr_verify(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_dst_addr_verify(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_udp_ports_verify(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.udp_encap = true;
+ flags.udp_ports_verify = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_inner_ip_csum(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ip_csum = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_inner_l4_csum(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.l4_csum = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v4_in_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.tunnel_ipv6 = false;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v6(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v4_in_v6(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.tunnel_ipv6 = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = false;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_transport_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.transport = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_transport_l4_csum(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags = {
+ .l4_csum = true,
+ .transport = true,
+ };
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_stats(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.stats_success = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_pkt_fragment(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.fragment = true;
+
+ return test_ipsec_proto_all(&flags);
+
+}
+
+static int
+test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_COPY_DF_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_0_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.df = TEST_IPSEC_SET_DF_1_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv4_copy_dscp_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv4_copy_dscp_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv4_set_dscp_0_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ if (gbl_driver_id == rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_CN9K_PMD)))
+ return TEST_SKIPPED;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.dscp = TEST_IPSEC_SET_DSCP_0_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv4_set_dscp_1_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ if (gbl_driver_id == rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_CN9K_PMD)))
+ return TEST_SKIPPED;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.dscp = TEST_IPSEC_SET_DSCP_1_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv6_copy_dscp_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = true;
+ flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv6_copy_dscp_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = true;
+ flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv6_set_dscp_0_inner_1(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ if (gbl_driver_id == rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_CN9K_PMD)))
+ return TEST_SKIPPED;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = true;
+ flags.dscp = TEST_IPSEC_SET_DSCP_0_INNER_1;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv6_set_dscp_1_inner_0(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ if (gbl_driver_id == rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_CN9K_PMD)))
+ return TEST_SKIPPED;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = true;
+ flags.dscp = TEST_IPSEC_SET_DSCP_1_INNER_0;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_pkt_replay(const void *test_data, const uint64_t esn[],
+ bool replayed_pkt[], uint32_t nb_pkts, bool esn_en,
+ uint64_t winsz)
+{
+ struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX];
+ struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX];
+ struct ipsec_test_flags flags;
+ uint32_t i = 0, ret = 0;
+
+ memset(&flags, 0, sizeof(flags));
+ flags.antireplay = true;
+
+ for (i = 0; i < nb_pkts; i++) {
+ memcpy(&td_outb[i], test_data, sizeof(td_outb[i]));
+ td_outb[i].ipsec_xform.options.iv_gen_disable = 1;
+ td_outb[i].ipsec_xform.replay_win_sz = winsz;
+ td_outb[i].ipsec_xform.options.esn = esn_en;
+ }
+
+ for (i = 0; i < nb_pkts; i++)
+ td_outb[i].ipsec_xform.esn.value = esn[i];
+
+ ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
+ &flags);
+ if (ret != TEST_SUCCESS)
+ return ret;
+
+ test_ipsec_td_update(td_inb, td_outb, nb_pkts, &flags);
+
+ for (i = 0; i < nb_pkts; i++) {
+ td_inb[i].ipsec_xform.options.esn = esn_en;
+ /* Set antireplay flag for packets to be dropped */
+ td_inb[i].ar_packet = replayed_pkt[i];
+ }
+
+ ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true,
+ &flags);
+
+ return ret;
+}
+
+static int
+test_ipsec_proto_pkt_antireplay(const void *test_data, uint64_t winsz)
+{
+
+ uint32_t nb_pkts = 5;
+ bool replayed_pkt[5];
+ uint64_t esn[5];
+
+ /* 1. Advance the TOP of the window to WS * 2 */
+ esn[0] = winsz * 2;
+ /* 2. Test sequence number within the new window(WS + 1) */
+ esn[1] = winsz + 1;
+ /* 3. Test sequence number less than the window BOTTOM */
+ esn[2] = winsz;
+ /* 4. Test sequence number in the middle of the window */
+ esn[3] = winsz + (winsz / 2);
+ /* 5. Test replay of the packet in the middle of the window */
+ esn[4] = winsz + (winsz / 2);
+
+ replayed_pkt[0] = false;
+ replayed_pkt[1] = false;
+ replayed_pkt[2] = true;
+ replayed_pkt[3] = false;
+ replayed_pkt[4] = true;
+
+ return test_ipsec_pkt_replay(test_data, esn, replayed_pkt, nb_pkts,
+ false, winsz);
+}
+
+static int
+test_ipsec_proto_pkt_antireplay1024(const void *test_data)
+{
+ return test_ipsec_proto_pkt_antireplay(test_data, 1024);
+}
+
+static int
+test_ipsec_proto_pkt_antireplay2048(const void *test_data)
+{
+ return test_ipsec_proto_pkt_antireplay(test_data, 2048);
+}
+
+static int
+test_ipsec_proto_pkt_antireplay4096(const void *test_data)
+{
+ return test_ipsec_proto_pkt_antireplay(test_data, 4096);
+}
+
+static int
+test_ipsec_proto_pkt_esn_antireplay(const void *test_data, uint64_t winsz)
+{
+
+ uint32_t nb_pkts = 7;
+ bool replayed_pkt[7];
+ uint64_t esn[7];
+
+ /* Set the initial sequence number */
+ esn[0] = (uint64_t)(0xFFFFFFFF - winsz);
+ /* 1. Advance the TOP of the window to (1<<32 + WS/2) */
+ esn[1] = (uint64_t)((1ULL << 32) + (winsz / 2));
+ /* 2. Test sequence number within new window (1<<32 + WS/2 + 1) */
+ esn[2] = (uint64_t)((1ULL << 32) - (winsz / 2) + 1);
+ /* 3. Test with sequence number within window (1<<32 - 1) */
+ esn[3] = (uint64_t)((1ULL << 32) - 1);
+ /* 4. Test with sequence number within window (1<<32 - 1) */
+ esn[4] = (uint64_t)(1ULL << 32);
+ /* 5. Test with duplicate sequence number within
+ * new window (1<<32 - 1)
+ */
+ esn[5] = (uint64_t)((1ULL << 32) - 1);
+ /* 6. Test with duplicate sequence number within new window (1<<32) */
+ esn[6] = (uint64_t)(1ULL << 32);
+
+ replayed_pkt[0] = false;
+ replayed_pkt[1] = false;
+ replayed_pkt[2] = false;
+ replayed_pkt[3] = false;
+ replayed_pkt[4] = false;
+ replayed_pkt[5] = true;
+ replayed_pkt[6] = true;
+
+ return test_ipsec_pkt_replay(test_data, esn, replayed_pkt, nb_pkts,
+ true, winsz);
+}
+
+static int
+test_ipsec_proto_pkt_esn_antireplay1024(const void *test_data)
+{
+ return test_ipsec_proto_pkt_esn_antireplay(test_data, 1024);
+}
+
+static int
+test_ipsec_proto_pkt_esn_antireplay2048(const void *test_data)
+{
+ return test_ipsec_proto_pkt_esn_antireplay(test_data, 2048);
+}
+
+static int
+test_ipsec_proto_pkt_esn_antireplay4096(const void *test_data)
+{
+ return test_ipsec_proto_pkt_esn_antireplay(test_data, 4096);
+}
+
+static int
+test_PDCP_PROTO_all(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct crypto_unittest_params *ut_params = &unittest_params;
+ struct rte_cryptodev_info dev_info;
+ int status;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+ uint64_t feat_flags = dev_info.feature_flags;
+
+ if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY))
+ return TEST_SKIPPED;
+
+ /* Set action type */
+ ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ?
+ RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL :
+ gbl_action_type;
+
+ if (security_proto_supported(ut_params->type,
+ RTE_SECURITY_PROTOCOL_PDCP) < 0)
+ return TEST_SKIPPED;
+
+ status = test_PDCP_PROTO_cplane_encap_all();
+ status += test_PDCP_PROTO_cplane_decap_all();
+ status += test_PDCP_PROTO_uplane_encap_all();
+ status += test_PDCP_PROTO_uplane_decap_all();
+ status += test_PDCP_PROTO_SGL_in_place_32B();
+ status += test_PDCP_PROTO_SGL_oop_32B_128B();
+ status += test_PDCP_PROTO_SGL_oop_32B_40B();
+ status += test_PDCP_PROTO_SGL_oop_128B_32B();
+ status += test_PDCP_SDAP_PROTO_encap_all();
+ status += test_PDCP_SDAP_PROTO_decap_all();
+ status += test_PDCP_PROTO_short_mac();
+
+ if (status)
+ return TEST_FAILED;
+ else
+ return TEST_SUCCESS;
+}
+
+static int
+test_ipsec_proto_ipv4_ttl_decrement(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags = {
+ .dec_ttl_or_hop_limit = true
+ };
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_ipv6_hop_limit_decrement(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags = {
+ .ipv6 = true,
+ .dec_ttl_or_hop_limit = true
+ };
+
+ return test_ipsec_proto_all(&flags);
}
static int
-test_docsis_proto_uplink(int i, struct docsis_test_data *d_td)
+test_docsis_proto_uplink(const void *data)
{
+ const struct docsis_test_data *d_td = data;
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
- uint8_t *plaintext, *ciphertext;
+ uint8_t *plaintext = NULL;
+ uint8_t *ciphertext = NULL;
uint8_t *iv_ptr;
int32_t cipher_len, crc_len;
uint32_t crc_data_len;
const struct rte_cryptodev_symmetric_capability *sym_cap;
int j = 0;
+ /* Set action type */
+ ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ?
+ RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL :
+ gbl_action_type;
+
+ if (security_proto_supported(ut_params->type,
+ RTE_SECURITY_PROTOCOL_DOCSIS) < 0)
+ return TEST_SKIPPED;
+
sec_cap_idx.action = ut_params->type;
sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS;
sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_UPLINK;
ts_params->session_priv_mpool);
if (!ut_params->sec_session) {
- printf("TestCase %s(%d) line %d: %s\n",
- __func__, i, __LINE__, "failed to allocate session");
+ printf("Test function %s line %u: failed to allocate session\n",
+ __func__, __LINE__);
ret = TEST_FAILED;
goto on_err;
}
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC);
if (!ut_params->op) {
- printf("TestCase %s(%d) line %d: %s\n",
- __func__, i, __LINE__,
- "failed to allocate symmetric crypto operation");
+ printf("Test function %s line %u: failed to allocate symmetric "
+ "crypto operation\n", __func__, __LINE__);
ret = TEST_FAILED;
goto on_err;
}
/* Process crypto operation */
if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) ==
NULL) {
- printf("TestCase %s(%d) line %d: %s\n",
- __func__, i, __LINE__,
- "failed to process security crypto op");
+ printf("Test function %s line %u: failed to process security "
+ "crypto op\n", __func__, __LINE__);
ret = TEST_FAILED;
goto on_err;
}
if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
- printf("TestCase %s(%d) line %d: %s\n",
- __func__, i, __LINE__, "crypto op processing failed");
+ printf("Test function %s line %u: failed to process crypto op\n",
+ __func__, __LINE__);
ret = TEST_FAILED;
goto on_err;
}
if (memcmp(plaintext, d_td->plaintext.data,
d_td->plaintext.len - crc_data_len)) {
- printf("TestCase %s(%d) line %d: %s\n",
- __func__, i, __LINE__, "plaintext not as expected\n");
+ printf("Test function %s line %u: plaintext not as expected\n",
+ __func__, __LINE__);
rte_hexdump(stdout, "expected", d_td->plaintext.data,
d_td->plaintext.len);
rte_hexdump(stdout, "actual", plaintext, d_td->plaintext.len);
}
static int
-test_docsis_proto_downlink(int i, struct docsis_test_data *d_td)
+test_docsis_proto_downlink(const void *data)
{
+ const struct docsis_test_data *d_td = data;
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
- uint8_t *plaintext, *ciphertext;
+ uint8_t *plaintext = NULL;
+ uint8_t *ciphertext = NULL;
uint8_t *iv_ptr;
int32_t cipher_len, crc_len;
int ret = TEST_SUCCESS;
const struct rte_cryptodev_symmetric_capability *sym_cap;
int j = 0;
+ /* Set action type */
+ ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ?
+ RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL :
+ gbl_action_type;
+
+ if (security_proto_supported(ut_params->type,
+ RTE_SECURITY_PROTOCOL_DOCSIS) < 0)
+ return TEST_SKIPPED;
+
sec_cap_idx.action = ut_params->type;
sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS;
sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_DOWNLINK;
ts_params->session_priv_mpool);
if (!ut_params->sec_session) {
- printf("TestCase %s(%d) line %d: %s\n",
- __func__, i, __LINE__, "failed to allocate session");
+ printf("Test function %s line %u: failed to allocate session\n",
+ __func__, __LINE__);
ret = TEST_FAILED;
goto on_err;
}
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC);
if (!ut_params->op) {
- printf("TestCase %s(%d) line %d: %s\n",
- __func__, i, __LINE__,
- "failed to allocate security crypto operation");
+ printf("Test function %s line %u: failed to allocate symmetric "
+ "crypto operation\n", __func__, __LINE__);
ret = TEST_FAILED;
goto on_err;
}
/* Process crypto operation */
if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) ==
NULL) {
- printf("TestCase %s(%d) line %d: %s\n",
- __func__, i, __LINE__,
- "failed to process security crypto op");
+ printf("Test function %s line %u: failed to process crypto op\n",
+ __func__, __LINE__);
ret = TEST_FAILED;
goto on_err;
}
if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
- printf("TestCase %s(%d) line %d: %s\n",
- __func__, i, __LINE__, "crypto op processing failed");
+ printf("Test function %s line %u: crypto op processing failed\n",
+ __func__, __LINE__);
ret = TEST_FAILED;
goto on_err;
}
ciphertext = plaintext;
if (memcmp(ciphertext, d_td->ciphertext.data, d_td->ciphertext.len)) {
- printf("TestCase %s(%d) line %d: %s\n",
- __func__, i, __LINE__, "ciphertext not as expected\n");
+ printf("Test function %s line %u: plaintext not as expected\n",
+ __func__, __LINE__);
rte_hexdump(stdout, "expected", d_td->ciphertext.data,
d_td->ciphertext.len);
rte_hexdump(stdout, "actual", ciphertext, d_td->ciphertext.len);
return ret;
}
-
-#define TEST_DOCSIS_COUNT(func) do { \
- int ret = func; \
- if (ret == TEST_SUCCESS) { \
- printf("\t%2d)", n++); \
- printf("+++++ PASSED:" #func"\n"); \
- p++; \
- } else if (ret == TEST_SKIPPED) { \
- printf("\t%2d)", n++); \
- printf("~~~~~ SKIPPED:" #func"\n"); \
- s++; \
- } else { \
- printf("\t%2d)", n++); \
- printf("----- FAILED:" #func"\n"); \
- f++; \
- } \
-} while (0)
-
-static int
-test_DOCSIS_PROTO_uplink_all(void)
-{
- int p = 0, s = 0, f = 0, n = 0;
-
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(1, &docsis_test_case_1));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(2, &docsis_test_case_2));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(3, &docsis_test_case_3));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(4, &docsis_test_case_4));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(5, &docsis_test_case_5));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(6, &docsis_test_case_6));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(7, &docsis_test_case_7));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(8, &docsis_test_case_8));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(9, &docsis_test_case_9));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(10, &docsis_test_case_10));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(11, &docsis_test_case_11));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(12, &docsis_test_case_12));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(13, &docsis_test_case_13));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(14, &docsis_test_case_14));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(15, &docsis_test_case_15));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(16, &docsis_test_case_16));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(17, &docsis_test_case_17));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(18, &docsis_test_case_18));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(19, &docsis_test_case_19));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(20, &docsis_test_case_20));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(21, &docsis_test_case_21));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(22, &docsis_test_case_22));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(23, &docsis_test_case_23));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(24, &docsis_test_case_24));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(25, &docsis_test_case_25));
- TEST_DOCSIS_COUNT(test_docsis_proto_uplink(26, &docsis_test_case_26));
-
- if (f)
- printf("## %s: %d passed out of %d (%d skipped)\n",
- __func__, p, n, s);
-
- return f;
-};
-
-static int
-test_DOCSIS_PROTO_downlink_all(void)
-{
- int p = 0, s = 0, f = 0, n = 0;
-
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(1, &docsis_test_case_1));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(2, &docsis_test_case_2));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(3, &docsis_test_case_3));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(4, &docsis_test_case_4));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(5, &docsis_test_case_5));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(6, &docsis_test_case_6));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(7, &docsis_test_case_7));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(8, &docsis_test_case_8));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(9, &docsis_test_case_9));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(10, &docsis_test_case_10));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(11, &docsis_test_case_11));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(12, &docsis_test_case_12));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(13, &docsis_test_case_13));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(14, &docsis_test_case_14));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(15, &docsis_test_case_15));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(16, &docsis_test_case_16));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(17, &docsis_test_case_17));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(18, &docsis_test_case_18));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(19, &docsis_test_case_19));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(20, &docsis_test_case_20));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(21, &docsis_test_case_21));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(22, &docsis_test_case_22));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(23, &docsis_test_case_23));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(24, &docsis_test_case_24));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(25, &docsis_test_case_25));
- TEST_DOCSIS_COUNT(test_docsis_proto_downlink(26, &docsis_test_case_26));
-
- if (f)
- printf("## %s: %d passed out of %d (%d skipped)\n",
- __func__, p, n, s);
-
- return f;
-};
-
-static int
-test_DOCSIS_PROTO_all(void)
-{
- struct crypto_testsuite_params *ts_params = &testsuite_params;
- struct crypto_unittest_params *ut_params = &unittest_params;
- struct rte_cryptodev_info dev_info;
- int status;
-
- rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
- uint64_t feat_flags = dev_info.feature_flags;
-
- if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY))
- return TEST_SKIPPED;
-
- /* Set action type */
- ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ?
- RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL :
- gbl_action_type;
-
- if (security_proto_supported(ut_params->type,
- RTE_SECURITY_PROTOCOL_DOCSIS) < 0)
- return TEST_SKIPPED;
-
- status = test_DOCSIS_PROTO_uplink_all();
- status += test_DOCSIS_PROTO_downlink_all();
-
- if (status)
- return TEST_FAILED;
- else
- return TEST_SUCCESS;
-}
#endif
static int
int retval;
uint8_t *ciphertext, *auth_tag;
uint16_t plaintext_pad_len;
+ struct rte_cryptodev_info dev_info;
/* Verify the capabilities */
struct rte_cryptodev_sym_capability_idx cap_idx;
&cap_idx) == NULL)
return TEST_SKIPPED;
- if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+ uint64_t feat_flags = dev_info.feature_flags;
+
+ if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+ (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP)))
return TEST_SKIPPED;
/* not supported with CPU crypto */
ut_params->op->sym->m_dst = ut_params->obuf;
/* Process crypto operation */
- TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
+ if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+ process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+ ut_params->op, 0, 0, 0, 0);
+ else
+ TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
ut_params->op), "failed to process sym crypto op");
TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
int retval;
uint8_t *plaintext;
+ struct rte_cryptodev_info dev_info;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+ uint64_t feat_flags = dev_info.feature_flags;
/* Verify the capabilities */
struct rte_cryptodev_sym_capability_idx cap_idx;
global_api_test_type == CRYPTODEV_RAW_API_TEST)
return TEST_SKIPPED;
+ if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+ (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+ printf("Device does not support RAW data-path APIs.\n");
+ return TEST_SKIPPED;
+ }
+
/* Create AEAD session */
retval = create_aead_session(ts_params->valid_devs[0],
tdata->algo,
ut_params->op->sym->m_dst = ut_params->obuf;
/* Process crypto operation */
- TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
+ if (global_api_test_type == CRYPTODEV_RAW_API_TEST)
+ process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+ ut_params->op, 0, 0, 0, 0);
+ else
+ TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0],
ut_params->op), "failed to process sym crypto op");
TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
const struct HMAC_MD5_vector *test_case)
{
uint8_t key[64];
+ int status;
memcpy(key, test_case->key.data, test_case->key.len);
ut_params->sess = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+ if (ut_params->sess == NULL)
+ return TEST_FAILED;
- rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+ status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
ut_params->sess, &ut_params->auth_xform,
ts_params->session_priv_mpool);
-
- if (ut_params->sess == NULL)
- return TEST_FAILED;
+ if (status == -ENOTSUP)
+ return TEST_SKIPPED;
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
struct rte_cryptodev_sym_session **sessions;
uint16_t i;
+ int status;
/* Verify the capabilities */
struct rte_cryptodev_sym_capability_idx cap_idx;
sessions[i] = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
-
- rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
- sessions[i], &ut_params->auth_xform,
- ts_params->session_priv_mpool);
TEST_ASSERT_NOT_NULL(sessions[i],
"Session creation failed at session number %u",
i);
+ status = rte_cryptodev_sym_session_init(
+ ts_params->valid_devs[0],
+ sessions[i], &ut_params->auth_xform,
+ ts_params->session_priv_mpool);
+ if (status == -ENOTSUP)
+ return TEST_SKIPPED;
+
/* Attempt to send a request on each session */
TEST_ASSERT_SUCCESS( test_AES_CBC_HMAC_SHA512_decrypt_perform(
sessions[i],
},
};
+ int status;
/* Verify the capabilities */
struct rte_cryptodev_sym_capability_idx cap_idx;
for (i = 0; i < MB_SESSION_NUMBER; i++) {
sessions[i] = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(sessions[i],
+ "Session creation failed at session number %u",
+ i);
rte_memcpy(&ut_paramz[i].ut_params, &unittest_params,
sizeof(struct crypto_unittest_params));
ut_paramz[i].cipher_key, ut_paramz[i].hmac_key);
/* Create multiple crypto sessions*/
- rte_cryptodev_sym_session_init(
+ status = rte_cryptodev_sym_session_init(
ts_params->valid_devs[0],
sessions[i],
&ut_paramz[i].ut_params.auth_xform,
ts_params->session_priv_mpool);
- TEST_ASSERT_NOT_NULL(sessions[i],
- "Session creation failed at session number %u",
- i);
+ if (status == -ENOTSUP)
+ return TEST_SKIPPED;
+ TEST_ASSERT_EQUAL(status, 0, "Session init failed");
}
srand(time(NULL));
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
+ int status;
unsigned i, burst_len = NULL_BURST_LENGTH;
ut_params->sess = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
/* Create Crypto session*/
- rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+ status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
ut_params->sess, &ut_params->cipher_xform,
ts_params->session_priv_mpool);
- TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+
+ if (status == -ENOTSUP)
+ return TEST_SKIPPED;
+
+ TEST_ASSERT_EQUAL(status, 0, "Session init failed");
TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, burst, burst_len),
enum rte_crypto_auth_operation auth_op)
{
uint8_t auth_key[tdata->key.len];
+ int status;
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
ut_params->sess = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
- rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+ status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
&ut_params->auth_xform,
ts_params->session_priv_mpool);
- TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
- return 0;
+ return status;
}
static int
retval = create_gmac_session(ts_params->valid_devs[0],
tdata, RTE_CRYPTO_AUTH_OP_GENERATE);
+ if (retval == -ENOTSUP)
+ return TEST_SKIPPED;
if (retval < 0)
return retval;
retval = create_gmac_session(ts_params->valid_devs[0],
tdata, RTE_CRYPTO_AUTH_OP_VERIFY);
+ if (retval == -ENOTSUP)
+ return TEST_SKIPPED;
if (retval < 0)
return retval;
retval = create_gmac_session(ts_params->valid_devs[0],
tdata, RTE_CRYPTO_AUTH_OP_GENERATE);
+ if (retval == -ENOTSUP)
+ return TEST_SKIPPED;
if (retval < 0)
return retval;
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
uint8_t auth_key[reference->auth_key.len + 1];
+ int status;
memcpy(auth_key, reference->auth_key.data, reference->auth_key.len);
/* Create Crypto session*/
ut_params->sess = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
- rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+ status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
&ut_params->auth_xform,
ts_params->session_priv_mpool);
- TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
- return 0;
+ return status;
}
static int
struct crypto_testsuite_params *ts_params = &testsuite_params;
uint8_t cipher_key[reference->cipher_key.len + 1];
uint8_t auth_key[reference->auth_key.len + 1];
+ int status;
memcpy(cipher_key, reference->cipher_key.data,
reference->cipher_key.len);
/* Create Crypto session*/
ut_params->sess = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
- rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
+ status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess,
&ut_params->auth_xform,
ts_params->session_priv_mpool);
- TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
-
- return 0;
+ return status;
}
static int
ts_params->valid_devs[0],
reference,
RTE_CRYPTO_AUTH_OP_VERIFY);
+
+ if (retval == -ENOTSUP)
+ return TEST_SKIPPED;
if (retval < 0)
return retval;
else {
ut_params->op = process_crypto_request(ts_params->valid_devs[0],
ut_params->op);
- TEST_ASSERT_NULL(ut_params->op, "authentication not failed");
}
+ if (ut_params->op == NULL)
+ return 0;
+ else if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS)
+ return 0;
- return 0;
+ return -1;
}
static int
reference,
RTE_CRYPTO_AUTH_OP_VERIFY,
RTE_CRYPTO_CIPHER_OP_DECRYPT);
+
+ if (retval == -ENOTSUP)
+ return TEST_SKIPPED;
if (retval < 0)
return retval;
}
static int
-test_authenticated_encryt_with_esn(
+test_authenticated_encrypt_with_esn(
struct crypto_testsuite_params *ts_params,
struct crypto_unittest_params *ut_params,
const struct test_crypto_vector *reference)
uint8_t cipher_key[reference->cipher_key.len + 1];
uint8_t auth_key[reference->auth_key.len + 1];
struct rte_cryptodev_info dev_info;
+ int status;
rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
uint64_t feat_flags = dev_info.feature_flags;
/* Create Crypto session*/
ut_params->sess = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
- rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+ status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
ut_params->sess,
&ut_params->cipher_xform,
ts_params->session_priv_mpool);
- TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+ if (status == -ENOTSUP)
+ return TEST_SKIPPED;
+
+ TEST_ASSERT_EQUAL(status, 0, "Session init failed");
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
TEST_ASSERT_NOT_NULL(ut_params->ibuf,
/* Create Crypto session*/
ut_params->sess = rte_cryptodev_sym_session_create(
ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
- rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+ retval = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
ut_params->sess,
&ut_params->auth_xform,
ts_params->session_priv_mpool);
- TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+ if (retval == -ENOTSUP)
+ return TEST_SKIPPED;
+
+ TEST_ASSERT_EQUAL(retval, 0, "Session init failed");
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
TEST_ASSERT_NOT_NULL(ut_params->ibuf,
static int
auth_encrypt_AES128CBC_HMAC_SHA1_esn_check(void)
{
- return test_authenticated_encryt_with_esn(
+ return test_authenticated_encrypt_with_esn(
&testsuite_params,
&unittest_params,
&aes128cbc_hmac_sha1_aad_test_vector);
return test_authenticated_decryption(&chacha20_poly1305_case_rfc8439);
}
+static int
+test_chacha20_poly1305_encrypt_SGL_out_of_place(void)
+{
+ return test_authenticated_encryption_SGL(
+ &chacha20_poly1305_case_2, OUT_OF_PLACE, 32,
+ chacha20_poly1305_case_2.plaintext.len);
+}
+
#ifdef RTE_CRYPTO_SCHEDULER
/* global AESNI worker IDs for the scheduler test */
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
uint8_t sched_id = ts_params->valid_devs[0];
- uint32_t nb_devs, i, nb_devs_attached = 0;
+ uint32_t i, nb_devs_attached = 0;
int ret;
char vdev_name[32];
+ unsigned int count = rte_cryptodev_count();
- /* create 2 AESNI_MB if necessary */
- nb_devs = rte_cryptodev_device_count_by_driver(
- rte_cryptodev_driver_id_get(
- RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)));
- if (nb_devs < 2) {
- for (i = nb_devs; i < 2; i++) {
- snprintf(vdev_name, sizeof(vdev_name), "%s_%u",
- RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD),
- i);
- ret = rte_vdev_init(vdev_name, NULL);
+ /* create 2 AESNI_MB vdevs on top of existing devices */
+ for (i = count; i < count + 2; i++) {
+ snprintf(vdev_name, sizeof(vdev_name), "%s_%u",
+ RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD),
+ i);
+ ret = rte_vdev_init(vdev_name, NULL);
- TEST_ASSERT(ret == 0,
- "Failed to create instance %u of"
- " pmd : %s",
- i, RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD));
+ TEST_ASSERT(ret == 0,
+ "Failed to create instance %u of"
+ " pmd : %s",
+ i, RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD));
+
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1,
+ "Failed to create 2 AESNI MB PMDs.\n");
+ return TEST_SKIPPED;
}
}
/* attach 2 AESNI_MB cdevs */
- for (i = 0; i < rte_cryptodev_count() && nb_devs_attached < 2;
- i++) {
+ for (i = count; i < count + 2; i++) {
struct rte_cryptodev_info info;
unsigned int session_size;
};
#ifdef RTE_LIB_SECURITY
+static struct unit_test_suite ipsec_proto_testsuite = {
+ .suite_name = "IPsec Proto Unit Test Suite",
+ .setup = ipsec_proto_testsuite_setup,
+ .unit_test_cases = {
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec, &pkt_aes_128_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec, &pkt_aes_192_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec, &pkt_aes_256_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_null_aes_xcbc),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (AH tunnel mode IPv4 HMAC-SHA256)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_ah_tunnel_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (AH transport mode IPv4 HMAC-SHA256)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_ah_transport_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (AH transport mode IPv4 AES-GMAC 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_ah_ipv4_aes_gmac_128),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound fragmented packet",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_fragmented,
+ &pkt_aes_128_gcm_frag),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 192)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_aes_192_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_null),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_null_aes_xcbc),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (AH tunnel mode IPv4 HMAC-SHA256)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_ah_tunnel_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (AH transport mode IPv4 HMAC-SHA256)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_ah_transport_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (AH transport mode IPv4 AES-GMAC 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_ah_ipv4_aes_gmac_128),
+ TEST_CASE_NAMED_ST(
+ "Combined test alg list",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_display_list),
+ TEST_CASE_NAMED_ST(
+ "Combined test alg list (AH)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ah_tunnel_ipv4),
+ TEST_CASE_NAMED_ST(
+ "IV generation",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_iv_gen),
+ TEST_CASE_NAMED_ST(
+ "UDP encapsulation",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_udp_encap),
+ TEST_CASE_NAMED_ST(
+ "UDP encapsulation ports verification test",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_udp_ports_verify),
+ TEST_CASE_NAMED_ST(
+ "SA expiry packets soft",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_sa_exp_pkts_soft),
+ TEST_CASE_NAMED_ST(
+ "SA expiry packets hard",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_sa_exp_pkts_hard),
+ TEST_CASE_NAMED_ST(
+ "Negative test: ICV corruption",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_err_icv_corrupt),
+ TEST_CASE_NAMED_ST(
+ "Tunnel dst addr verification",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_dst_addr_verify),
+ TEST_CASE_NAMED_ST(
+ "Tunnel src and dst addr verification",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_src_dst_addr_verify),
+ TEST_CASE_NAMED_ST(
+ "Inner IP checksum",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_inner_ip_csum),
+ TEST_CASE_NAMED_ST(
+ "Inner L4 checksum",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_inner_l4_csum),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv4 in IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v4_in_v4),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv6 in IPv6",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v6_in_v6),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv4 in IPv6",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v4_in_v6),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv6 in IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v6_in_v4),
+ TEST_CASE_NAMED_ST(
+ "Transport IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_transport_v4),
+ TEST_CASE_NAMED_ST(
+ "AH transport IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ah_transport_ipv4),
+ TEST_CASE_NAMED_ST(
+ "Transport l4 checksum",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_transport_l4_csum),
+ TEST_CASE_NAMED_ST(
+ "Statistics: success",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_stats),
+ TEST_CASE_NAMED_ST(
+ "Fragmented packet",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_pkt_fragment),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header copy DF (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_copy_df_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 0 (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_0_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header set DF 1 (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_set_df_1_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv4 copy DSCP (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv4_copy_dscp_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv4 copy DSCP (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv4_copy_dscp_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv4 set DSCP 0 (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv4_set_dscp_0_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv4 set DSCP 1 (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv4_set_dscp_1_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv6 copy DSCP (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv6_copy_dscp_inner_0),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv6 copy DSCP (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv6_copy_dscp_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv6 set DSCP 0 (inner 1)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv6_set_dscp_0_inner_1),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv6 set DSCP 1 (inner 0)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv6_set_dscp_1_inner_0),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Antireplay with window size 1024",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_pkt_antireplay1024, &pkt_aes_128_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Antireplay with window size 2048",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_pkt_antireplay2048, &pkt_aes_128_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Antireplay with window size 4096",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_pkt_antireplay4096, &pkt_aes_128_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "ESN and Antireplay with window size 1024",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_pkt_esn_antireplay1024,
+ &pkt_aes_128_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "ESN and Antireplay with window size 2048",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_pkt_esn_antireplay2048,
+ &pkt_aes_128_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "ESN and Antireplay with window size 4096",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_pkt_esn_antireplay4096,
+ &pkt_aes_128_gcm),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv4 decrement inner TTL",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv4_ttl_decrement),
+ TEST_CASE_NAMED_ST(
+ "Tunnel header IPv6 decrement inner hop limit",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_ipv6_hop_limit_decrement),
+ TEST_CASES_END() /**< NULL terminate unit test array */
+ }
+};
+
static struct unit_test_suite pdcp_proto_testsuite = {
.suite_name = "PDCP Proto Unit Test Suite",
.setup = pdcp_proto_testsuite_setup,
}
};
+#define ADD_UPLINK_TESTCASE(data) \
+ TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security, \
+ ut_teardown, test_docsis_proto_uplink, (const void *) &data), \
+
+#define ADD_DOWNLINK_TESTCASE(data) \
+ TEST_CASE_NAMED_WITH_DATA(data.test_descr_downlink, ut_setup_security, \
+ ut_teardown, test_docsis_proto_downlink, (const void *) &data), \
+
static struct unit_test_suite docsis_proto_testsuite = {
- .suite_name = "Docsis Proto Unit Test Suite",
+ .suite_name = "DOCSIS Proto Unit Test Suite",
.setup = docsis_proto_testsuite_setup,
.unit_test_cases = {
- TEST_CASE_ST(ut_setup_security, ut_teardown,
- test_DOCSIS_PROTO_all),
+ /* Uplink */
+ ADD_UPLINK_TESTCASE(docsis_test_case_1)
+ ADD_UPLINK_TESTCASE(docsis_test_case_2)
+ ADD_UPLINK_TESTCASE(docsis_test_case_3)
+ ADD_UPLINK_TESTCASE(docsis_test_case_4)
+ ADD_UPLINK_TESTCASE(docsis_test_case_5)
+ ADD_UPLINK_TESTCASE(docsis_test_case_6)
+ ADD_UPLINK_TESTCASE(docsis_test_case_7)
+ ADD_UPLINK_TESTCASE(docsis_test_case_8)
+ ADD_UPLINK_TESTCASE(docsis_test_case_9)
+ ADD_UPLINK_TESTCASE(docsis_test_case_10)
+ ADD_UPLINK_TESTCASE(docsis_test_case_11)
+ ADD_UPLINK_TESTCASE(docsis_test_case_12)
+ ADD_UPLINK_TESTCASE(docsis_test_case_13)
+ ADD_UPLINK_TESTCASE(docsis_test_case_14)
+ ADD_UPLINK_TESTCASE(docsis_test_case_15)
+ ADD_UPLINK_TESTCASE(docsis_test_case_16)
+ ADD_UPLINK_TESTCASE(docsis_test_case_17)
+ ADD_UPLINK_TESTCASE(docsis_test_case_18)
+ ADD_UPLINK_TESTCASE(docsis_test_case_19)
+ ADD_UPLINK_TESTCASE(docsis_test_case_20)
+ ADD_UPLINK_TESTCASE(docsis_test_case_21)
+ ADD_UPLINK_TESTCASE(docsis_test_case_22)
+ ADD_UPLINK_TESTCASE(docsis_test_case_23)
+ ADD_UPLINK_TESTCASE(docsis_test_case_24)
+ ADD_UPLINK_TESTCASE(docsis_test_case_25)
+ ADD_UPLINK_TESTCASE(docsis_test_case_26)
+ /* Downlink */
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_1)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_2)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_3)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_4)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_5)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_6)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_7)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_8)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_9)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_10)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_11)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_12)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_13)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_14)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_15)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_16)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_17)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_18)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_19)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_20)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_21)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_22)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_23)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_24)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_25)
+ ADD_DOWNLINK_TESTCASE(docsis_test_case_26)
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
test_chacha20_poly1305_encrypt_test_case_rfc8439),
TEST_CASE_ST(ut_setup, ut_teardown,
test_chacha20_poly1305_decrypt_test_case_rfc8439),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_chacha20_poly1305_encrypt_SGL_out_of_place),
TEST_CASES_END()
}
};
test_zuc_hash_generate_test_case_7),
TEST_CASE_ST(ut_setup, ut_teardown,
test_zuc_hash_generate_test_case_8),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_zuc_hash_generate_test_case_9),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_zuc_hash_generate_test_case_10),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_zuc_hash_generate_test_case_11),
+
/** ZUC alg-chain (EEA3/EIA3) */
TEST_CASE_ST(ut_setup, ut_teardown,
test_zuc_auth_cipher_verify_test_case_1_sgl),
TEST_CASE_ST(ut_setup, ut_teardown,
test_zuc_auth_cipher_verify_test_case_1_oop_sgl),
+
+ /** ZUC-256 encrypt only **/
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_zuc256_encryption_test_case_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_zuc256_encryption_test_case_2),
+
+ /** ZUC-256 authentication only **/
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_zuc256_authentication_test_case_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_zuc256_authentication_test_case_2),
+
TEST_CASES_END()
}
};
test_kasumi_decryption_test_case_5),
TEST_CASE_ST(ut_setup, ut_teardown,
test_kasumi_decryption_test_case_1_oop),
-
TEST_CASE_ST(ut_setup, ut_teardown,
test_kasumi_cipher_auth_test_case_1),
&cryptodev_negative_hmac_sha1_testsuite,
&cryptodev_gen_testsuite,
#ifdef RTE_LIB_SECURITY
+ &ipsec_proto_testsuite,
&pdcp_proto_testsuite,
&docsis_proto_testsuite,
#endif
return ret;
}
+static int
+require_feature_flag(const char *pmd_name, uint64_t flag, const char *flag_name)
+{
+ struct rte_cryptodev_info dev_info;
+ uint8_t i, nb_devs;
+ int driver_id;
+
+ driver_id = rte_cryptodev_driver_id_get(pmd_name);
+ if (driver_id == -1) {
+ RTE_LOG(WARNING, USER1, "%s PMD must be loaded.\n", pmd_name);
+ return TEST_SKIPPED;
+ }
+
+ nb_devs = rte_cryptodev_count();
+ if (nb_devs < 1) {
+ RTE_LOG(WARNING, USER1, "No crypto devices found?\n");
+ return TEST_SKIPPED;
+ }
+
+ for (i = 0; i < nb_devs; i++) {
+ rte_cryptodev_info_get(i, &dev_info);
+ if (dev_info.driver_id == driver_id) {
+ if (!(dev_info.feature_flags & flag)) {
+ RTE_LOG(INFO, USER1, "%s not supported\n",
+ flag_name);
+ return TEST_SKIPPED;
+ }
+ return 0; /* found */
+ }
+ }
+
+ RTE_LOG(INFO, USER1, "%s not supported\n", flag_name);
+ return TEST_SKIPPED;
+}
+
static int
test_cryptodev_qat(void)
{
return rc;
}
+static int
+test_cryptodev_chacha_poly_mb(void)
+{
+ int32_t rc;
+ enum rte_security_session_action_type at = gbl_action_type;
+ rc = run_cryptodev_testsuite(
+ RTE_STR(CRYPTODEV_NAME_CHACHA20_POLY1305_PMD));
+ gbl_action_type = at;
+ return rc;
+}
+
static int
test_cryptodev_openssl(void)
{
return rc;
}
+static int
+test_cryptodev_mlx5(void)
+{
+ return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_MLX5_PMD));
+}
+
static int
test_cryptodev_null(void)
{
return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_OCTEONTX_SYM_PMD));
}
-static int
-test_cryptodev_octeontx2(void)
-{
- return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_OCTEONTX2_PMD));
-}
-
static int
test_cryptodev_caam_jr(void)
{
static int
test_cryptodev_qat_raw_api(void)
{
+ static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_QAT_SYM_PMD);
int ret;
+ ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP,
+ "RAW API");
+ if (ret)
+ return ret;
+
global_api_test_type = CRYPTODEV_RAW_API_TEST;
- ret = run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_QAT_SYM_PMD));
+ ret = run_cryptodev_testsuite(pmd_name);
global_api_test_type = CRYPTODEV_API_TEST;
return ret;
return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_CN10K_PMD));
}
+static int
+test_cryptodev_dpaa2_sec_raw_api(void)
+{
+ static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD);
+ int ret;
+
+ ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP,
+ "RAW API");
+ if (ret)
+ return ret;
+
+ global_api_test_type = CRYPTODEV_RAW_API_TEST;
+ ret = run_cryptodev_testsuite(pmd_name);
+ global_api_test_type = CRYPTODEV_API_TEST;
+
+ return ret;
+}
+
+static int
+test_cryptodev_dpaa_sec_raw_api(void)
+{
+ static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD);
+ int ret;
+
+ ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP,
+ "RAW API");
+ if (ret)
+ return ret;
+
+ global_api_test_type = CRYPTODEV_RAW_API_TEST;
+ ret = run_cryptodev_testsuite(pmd_name);
+ global_api_test_type = CRYPTODEV_API_TEST;
+
+ return ret;
+}
+
+REGISTER_TEST_COMMAND(cryptodev_dpaa2_sec_raw_api_autotest,
+ test_cryptodev_dpaa2_sec_raw_api);
+REGISTER_TEST_COMMAND(cryptodev_dpaa_sec_raw_api_autotest,
+ test_cryptodev_dpaa_sec_raw_api);
REGISTER_TEST_COMMAND(cryptodev_qat_raw_api_autotest,
test_cryptodev_qat_raw_api);
REGISTER_TEST_COMMAND(cryptodev_qat_autotest, test_cryptodev_qat);
REGISTER_TEST_COMMAND(cryptodev_aesni_mb_autotest, test_cryptodev_aesni_mb);
REGISTER_TEST_COMMAND(cryptodev_cpu_aesni_mb_autotest,
test_cryptodev_cpu_aesni_mb);
+REGISTER_TEST_COMMAND(cryptodev_chacha_poly_mb_autotest,
+ test_cryptodev_chacha_poly_mb);
REGISTER_TEST_COMMAND(cryptodev_openssl_autotest, test_cryptodev_openssl);
REGISTER_TEST_COMMAND(cryptodev_aesni_gcm_autotest, test_cryptodev_aesni_gcm);
REGISTER_TEST_COMMAND(cryptodev_cpu_aesni_gcm_autotest,
test_cryptodev_cpu_aesni_gcm);
+REGISTER_TEST_COMMAND(cryptodev_mlx5_autotest, test_cryptodev_mlx5);
REGISTER_TEST_COMMAND(cryptodev_null_autotest, test_cryptodev_null);
REGISTER_TEST_COMMAND(cryptodev_sw_snow3g_autotest, test_cryptodev_sw_snow3g);
REGISTER_TEST_COMMAND(cryptodev_sw_kasumi_autotest, test_cryptodev_sw_kasumi);
REGISTER_TEST_COMMAND(cryptodev_ccp_autotest, test_cryptodev_ccp);
REGISTER_TEST_COMMAND(cryptodev_virtio_autotest, test_cryptodev_virtio);
REGISTER_TEST_COMMAND(cryptodev_octeontx_autotest, test_cryptodev_octeontx);
-REGISTER_TEST_COMMAND(cryptodev_octeontx2_autotest, test_cryptodev_octeontx2);
REGISTER_TEST_COMMAND(cryptodev_caam_jr_autotest, test_cryptodev_caam_jr);
REGISTER_TEST_COMMAND(cryptodev_nitrox_autotest, test_cryptodev_nitrox);
REGISTER_TEST_COMMAND(cryptodev_bcmfs_autotest, test_cryptodev_bcmfs);
REGISTER_TEST_COMMAND(cryptodev_cn9k_autotest, test_cryptodev_cn9k);
REGISTER_TEST_COMMAND(cryptodev_cn10k_autotest, test_cryptodev_cn10k);
+
+#endif /* !RTE_EXEC_ENV_WINDOWS */