X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=app%2Ftest%2Ftest_cryptodev.c;h=01af4cfbd21b9b58fd956ebf2cac63b94742a189;hb=f0243339496d48e6f5d76e6ef6741d6986b965d0;hp=e4c440b4c30bfb97764e65d2b4965d440abb413f;hpb=e68012f0fdbeba2f8726b51983c4c9d051a8d1ea;p=dpdk.git diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index e4c440b4c3..01af4cfbd2 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -16,8 +16,10 @@ #include #include -#include +#include #include +#include +#include #ifdef RTE_CRYPTO_SCHEDULER #include @@ -42,6 +44,8 @@ #include "test_cryptodev_hmac_test_vectors.h" #include "test_cryptodev_mixed_test_vectors.h" #ifdef RTE_LIB_SECURITY +#include "test_cryptodev_security_ipsec.h" +#include "test_cryptodev_security_ipsec_test_vectors.h" #include "test_cryptodev_security_pdcp_test_vectors.h" #include "test_cryptodev_security_pdcp_sdap_test_vectors.h" #include "test_cryptodev_security_pdcp_test_func.h" @@ -61,10 +65,6 @@ #define IN_PLACE 0 #define OUT_OF_PLACE 1 -#ifndef ARRAY_SIZE -#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) -#endif - static int gbl_driver_id; static enum rte_security_session_action_type gbl_action_type = @@ -72,19 +72,6 @@ static enum rte_security_session_action_type gbl_action_type = enum cryptodev_api_test_type global_api_test_type = CRYPTODEV_API_TEST; -struct crypto_testsuite_params { - struct rte_mempool *mbuf_pool; - struct rte_mempool *large_mbuf_pool; - struct rte_mempool *op_mpool; - struct rte_mempool *session_mpool; - struct rte_mempool *session_priv_mpool; - struct rte_cryptodev_config conf; - struct rte_cryptodev_qp_conf qp_conf; - - uint8_t valid_devs[RTE_CRYPTO_MAX_DEVS]; - uint8_t valid_dev_count; -}; - struct crypto_unittest_params { struct rte_crypto_sym_xform cipher_xform; struct rte_crypto_sym_xform auth_xform; @@ -116,6 +103,15 @@ struct crypto_unittest_params { for (j = 0; j < num_child_ts; index++, j++) \ parent_ts.unit_test_suites[index] = child_ts[j] +#define ADD_BLOCKCIPHER_TESTSUITE(index, parent_ts, blk_types, num_blk_types) \ + for (j = 0; j < num_blk_types; index++, j++) \ + parent_ts.unit_test_suites[index] = \ + build_blockcipher_test_suite(blk_types[j]) + +#define FREE_BLOCKCIPHER_TESTSUITE(index, parent_ts, num_blk_types) \ + for (j = index; j < index + num_blk_types; j++) \ + free_blockcipher_test_suite(parent_ts.unit_test_suites[j]) + /* * Forward declarations. */ @@ -132,6 +128,13 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess, const uint8_t *digest, const uint8_t *iv); +static int +security_proto_supported(enum rte_security_session_action_type action, + enum rte_security_session_protocol proto); + +static int +dev_configure_and_start(uint64_t ff_disable); + static struct rte_mbuf * setup_test_string(struct rte_mempool *mpool, const char *string, size_t len, uint8_t blocksize) @@ -139,10 +142,11 @@ setup_test_string(struct rte_mempool *mpool, struct rte_mbuf *m = rte_pktmbuf_alloc(mpool); size_t t_len = len - (blocksize ? (len % blocksize) : 0); - memset(m->buf_addr, 0, m->buf_len); if (m) { - char *dst = rte_pktmbuf_append(m, t_len); + char *dst; + memset(m->buf_addr, 0, m->buf_len); + dst = rte_pktmbuf_append(m, t_len); if (!dst) { rte_pktmbuf_free(m); return NULL; @@ -182,11 +186,11 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, { struct rte_crypto_sym_op *sop = op->sym; struct rte_crypto_op *ret_op = NULL; - struct rte_crypto_vec data_vec[UINT8_MAX]; + struct rte_crypto_vec data_vec[UINT8_MAX], dest_data_vec[UINT8_MAX]; struct rte_crypto_va_iova_ptr cipher_iv, digest, aad_auth_iv; union rte_crypto_sym_ofs ofs; struct rte_crypto_sym_vec vec; - struct rte_crypto_sgl sgl; + struct rte_crypto_sgl sgl, dest_sgl; uint32_t max_len; union rte_cryptodev_session_ctx sess; uint32_t count = 0; @@ -228,7 +232,7 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, digest.va = NULL; sgl.vec = data_vec; vec.num = 1; - vec.sgl = &sgl; + vec.src_sgl = &sgl; vec.iv = &cipher_iv; vec.digest = &digest; vec.aad = &aad_auth_iv; @@ -322,6 +326,19 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, } sgl.num = n; + /* Out of place */ + if (sop->m_dst != NULL) { + dest_sgl.vec = dest_data_vec; + vec.dest_sgl = &dest_sgl; + n = rte_crypto_mbuf_to_vec(sop->m_dst, 0, max_len, + dest_data_vec, RTE_DIM(dest_data_vec)); + if (n < 0 || n > sop->m_dst->nb_segs) { + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + goto exit; + } + dest_sgl.num = n; + } else + vec.dest_sgl = NULL; if (rte_cryptodev_raw_enqueue_burst(ctx, &vec, ofs, (void **)&op, &enqueue_status) < 1) { @@ -362,6 +379,7 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, } op->status = (count == MAX_RAW_DEQUEUE_COUNT + 1 || ret_op != op || + ret_op->status == RTE_CRYPTO_OP_STATUS_ERROR || n_success < 1) ? RTE_CRYPTO_OP_STATUS_ERROR : RTE_CRYPTO_OP_STATUS_SUCCESS; @@ -392,7 +410,7 @@ process_cpu_aead_op(uint8_t dev_id, struct rte_crypto_op *op) sgl.vec = vec; sgl.num = n; - symvec.sgl = &sgl; + symvec.src_sgl = &sgl; symvec.iv = &iv_ptr; symvec.digest = &digest_ptr; symvec.aad = &aad_ptr; @@ -438,7 +456,7 @@ process_cpu_crypt_auth_op(uint8_t dev_id, struct rte_crypto_op *op) sgl.vec = vec; sgl.num = n; - symvec.sgl = &sgl; + symvec.src_sgl = &sgl; symvec.iv = &iv_ptr; symvec.digest = &digest_ptr; symvec.status = &st; @@ -486,6 +504,7 @@ process_crypto_request(uint8_t dev_id, struct rte_crypto_op *op) } static struct crypto_testsuite_params testsuite_params = { NULL }; +struct crypto_testsuite_params *p_testsuite_params = &testsuite_params; static struct crypto_unittest_params unittest_params; static int @@ -759,6 +778,47 @@ crypto_gen_testsuite_setup(void) } #ifdef RTE_LIB_SECURITY +static int +ipsec_proto_testsuite_setup(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + struct rte_cryptodev_info dev_info; + int ret = 0; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) { + RTE_LOG(INFO, USER1, "Feature flag requirements for IPsec Proto " + "testsuite not met\n"); + return TEST_SKIPPED; + } + + /* Reconfigure to enable security */ + ret = dev_configure_and_start(0); + if (ret != TEST_SUCCESS) + return ret; + + /* Set action type */ + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + if (security_proto_supported( + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + RTE_SECURITY_PROTOCOL_IPSEC) < 0) { + RTE_LOG(INFO, USER1, "Capability requirements for IPsec Proto " + "test not met\n"); + ret = TEST_SKIPPED; + } + + /* + * Stop the device. Device would be started again by individual test + * case setup routine. + */ + rte_cryptodev_stop(ts_params->valid_devs[0]); + + return ret; +} + static int pdcp_proto_testsuite_setup(void) { @@ -1313,7 +1373,7 @@ dev_configure_and_start(uint64_t ff_disable) return TEST_SUCCESS; } -static int +int ut_setup(void) { /* Configure and start the device with security feature disabled */ @@ -1327,7 +1387,7 @@ ut_setup_security(void) return dev_configure_and_start(0); } -static void +void ut_teardown(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -2324,80 +2384,6 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess, return TEST_SUCCESS; } -static int -test_blockcipher(enum blockcipher_test_type test_type) -{ - struct crypto_testsuite_params *ts_params = &testsuite_params; - int status; - - status = test_blockcipher_all_tests(ts_params->mbuf_pool, - ts_params->op_mpool, - ts_params->session_mpool, ts_params->session_priv_mpool, - ts_params->valid_devs[0], - test_type); - - if (status == -ENOTSUP) - return status; - - TEST_ASSERT_EQUAL(status, 0, "Test failed"); - - return TEST_SUCCESS; -} - -static int -test_AES_cipheronly_all(void) -{ - return test_blockcipher(BLKCIPHER_AES_CIPHERONLY_TYPE); -} - -static int -test_AES_docsis_all(void) -{ - /* Data-path service does not support DOCSIS yet */ - if (global_api_test_type == CRYPTODEV_RAW_API_TEST) - return TEST_SKIPPED; - return test_blockcipher(BLKCIPHER_AES_DOCSIS_TYPE); -} - -static int -test_DES_docsis_all(void) -{ - /* Data-path service does not support DOCSIS yet */ - if (global_api_test_type == CRYPTODEV_RAW_API_TEST) - return TEST_SKIPPED; - return test_blockcipher(BLKCIPHER_DES_DOCSIS_TYPE); -} - -static int -test_DES_cipheronly_all(void) -{ - return test_blockcipher(BLKCIPHER_DES_CIPHERONLY_TYPE); -} - -static int -test_authonly_all(void) -{ - return test_blockcipher(BLKCIPHER_AUTHONLY_TYPE); -} - -static int -test_AES_chain_all(void) -{ - return test_blockcipher(BLKCIPHER_AES_CHAIN_TYPE); -} - -static int -test_3DES_chain_all(void) -{ - return test_blockcipher(BLKCIPHER_3DES_CHAIN_TYPE); -} - -static int -test_3DES_cipheronly_all(void) -{ - return test_blockcipher(BLKCIPHER_3DES_CIPHERONLY_TYPE); -} - /* ***** SNOW 3G Tests ***** */ static int create_wireless_algo_hash_session(uint8_t dev_id, @@ -2433,6 +2419,9 @@ create_wireless_algo_hash_session(uint8_t dev_id, status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess, &ut_params->auth_xform, ts_params->session_priv_mpool); + if (status == -ENOTSUP) + return TEST_SKIPPED; + TEST_ASSERT_EQUAL(status, 0, "session init failed"); TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); return 0; @@ -2472,6 +2461,9 @@ create_wireless_algo_cipher_session(uint8_t dev_id, status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess, &ut_params->cipher_xform, ts_params->session_priv_mpool); + if (status == -ENOTSUP) + return TEST_SKIPPED; + TEST_ASSERT_EQUAL(status, 0, "session init failed"); TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); return 0; @@ -4219,6 +4211,16 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata) int retval; unsigned plaintext_pad_len; unsigned plaintext_len; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; + + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return -ENOTSUP; + } /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; @@ -4274,7 +4276,11 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata) if (retval < 0) return retval; - ut_params->op = process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 0, 1, tdata->cipher_iv.len); + else + ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); @@ -4334,6 +4340,12 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata) return TEST_SKIPPED; } + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return -ENOTSUP; + } + /* Create SNOW 3G session */ retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0], RTE_CRYPTO_CIPHER_OP_ENCRYPT, @@ -4368,7 +4380,11 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata) if (retval < 0) return retval; - ut_params->op = process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 0, 1, tdata->cipher_iv.len); + else + ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); @@ -4495,7 +4511,11 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata) if (retval < 0) return retval; - ut_params->op = process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 0, 1, tdata->cipher_iv.len); + else + ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); @@ -4626,7 +4646,16 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata) uint8_t *plaintext, *ciphertext; unsigned ciphertext_pad_len; unsigned ciphertext_len; + struct rte_cryptodev_info dev_info; + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; + + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return -ENOTSUP; + } /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER; @@ -4684,7 +4713,11 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata) if (retval < 0) return retval; - ut_params->op = process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 0, 1, tdata->cipher_iv.len); + else + ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); ut_params->obuf = ut_params->op->sym->m_dst; @@ -5889,7 +5922,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata) RTE_CRYPTO_CIPHER_ZUC_EEA3, tdata->key.data, tdata->key.len, tdata->cipher_iv.len); - if (retval < 0) + if (retval != 0) return retval; ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); @@ -6091,7 +6124,7 @@ test_zuc_authentication(const struct wireless_test_data *tdata) tdata->auth_iv.len, tdata->digest.len, RTE_CRYPTO_AUTH_OP_GENERATE, RTE_CRYPTO_AUTH_ZUC_EIA3); - if (retval < 0) + if (retval != 0) return retval; /* alloc mbuf and set payload */ @@ -7037,6 +7070,12 @@ test_zuc_encryption_test_case_6_sgl(void) return test_zuc_encryption_sgl(&zuc_test_case_cipher_193b); } +static int +test_zuc_encryption_test_case_7(void) +{ + return test_zuc_encryption(&zuc_test_case_cipher_800b_key_256b); +} + static int test_zuc_hash_generate_test_case_1(void) { @@ -7085,6 +7124,18 @@ test_zuc_hash_generate_test_case_8(void) return test_zuc_authentication(&zuc_test_case_auth_584b); } +static int +test_zuc_hash_generate_test_case_9(void) +{ + return test_zuc_authentication(&zuc_test_case_auth_584b_mac_64b); +} + +static int +test_zuc_hash_generate_test_case_10(void) +{ + return test_zuc_authentication(&zuc_test_case_auth_2080b_mac_128b); +} + static int test_zuc_cipher_auth_test_case_1(void) { @@ -8385,10 +8436,21 @@ test_pdcp_proto_SGL(int i, int oop, int to_trn_tbl[16]; int segs = 1; unsigned int trn_data = 0; + struct rte_cryptodev_info dev_info; + uint64_t feat_flags; struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx( ts_params->valid_devs[0]); + struct rte_mbuf *temp_mbuf; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + feat_flags = dev_info.feature_flags; + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return -ENOTSUP; + } /* Verify the capabilities */ struct rte_security_capability_idx sec_cap_idx; @@ -8572,8 +8634,23 @@ test_pdcp_proto_SGL(int i, int oop, ut_params->op->sym->m_dst = ut_params->obuf; /* Process crypto operation */ - if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) - == NULL) { + temp_mbuf = ut_params->op->sym->m_src; + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) { + /* filling lengths */ + while (temp_mbuf) { + ut_params->op->sym->cipher.data.length + += temp_mbuf->pkt_len; + ut_params->op->sym->auth.data.length + += temp_mbuf->pkt_len; + temp_mbuf = temp_mbuf->next; + } + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 1, 0, 0); + } else { + ut_params->op = process_crypto_request(ts_params->valid_devs[0], + ut_params->op); + } + if (ut_params->op == NULL) { printf("TestCase %s()-%d line %d failed %s: ", __func__, i, __LINE__, "failed to process sym crypto op"); @@ -8813,7 +8890,7 @@ test_PDCP_SDAP_PROTO_encap_all(void) int err, all_err = TEST_SUCCESS; const struct pdcp_sdap_test *cur_test; - size = ARRAY_SIZE(list_pdcp_sdap_tests); + size = RTE_DIM(list_pdcp_sdap_tests); for (i = 0; i < size; i++) { cur_test = &list_pdcp_sdap_tests[i]; @@ -8848,6 +8925,50 @@ test_PDCP_SDAP_PROTO_encap_all(void) return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED; } +static int +test_PDCP_PROTO_short_mac(void) +{ + int i = 0, size = 0; + int err, all_err = TEST_SUCCESS; + const struct pdcp_short_mac_test *cur_test; + + size = RTE_DIM(list_pdcp_smac_tests); + + for (i = 0; i < size; i++) { + cur_test = &list_pdcp_smac_tests[i]; + err = test_pdcp_proto( + i, 0, RTE_CRYPTO_CIPHER_OP_ENCRYPT, + RTE_CRYPTO_AUTH_OP_GENERATE, cur_test->data_in, + cur_test->in_len, cur_test->data_out, + cur_test->in_len + ((cur_test->auth_key) ? 4 : 0), + RTE_CRYPTO_CIPHER_NULL, NULL, + 0, cur_test->param.auth_alg, + cur_test->auth_key, cur_test->param.auth_key_len, + 0, cur_test->param.domain, 0, 0, + 0, 0, 0); + if (err) { + printf("\t%d) %s: Short MAC test failed\n", + cur_test->test_idx, + cur_test->param.name); + err = TEST_FAILED; + } else { + printf("\t%d) %s: Short MAC test PASS\n", + cur_test->test_idx, + cur_test->param.name); + rte_hexdump(stdout, "MAC I", + cur_test->data_out + cur_test->in_len + 2, + 2); + err = TEST_SUCCESS; + } + all_err += err; + } + + printf("Success: %d, Failure: %d\n", size + all_err, -all_err); + + return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED; + +} + static int test_PDCP_SDAP_PROTO_decap_all(void) { @@ -8855,7 +8976,7 @@ test_PDCP_SDAP_PROTO_decap_all(void) int err, all_err = TEST_SUCCESS; const struct pdcp_sdap_test *cur_test; - size = ARRAY_SIZE(list_pdcp_sdap_tests); + size = RTE_DIM(list_pdcp_sdap_tests); for (i = 0; i < size; i++) { cur_test = &list_pdcp_sdap_tests[i]; @@ -8890,6 +9011,401 @@ test_PDCP_SDAP_PROTO_decap_all(void) return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED; } +static int +test_ipsec_proto_process(const struct ipsec_test_data td[], + struct ipsec_test_data res_d[], + int nb_td, + bool silent, + const struct ipsec_test_flags *flags) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + struct rte_security_ipsec_xform ipsec_xform; + uint8_t dev_id = ts_params->valid_devs[0]; + enum rte_security_ipsec_sa_direction dir; + struct ipsec_test_data *res_d_tmp = NULL; + uint32_t src = RTE_IPV4(192, 168, 1, 0); + uint32_t dst = RTE_IPV4(192, 168, 1, 1); + int salt_len, i, ret = TEST_SUCCESS; + struct rte_security_ctx *ctx; + uint8_t *input_text; + uint32_t verify; + + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + gbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + /* Use first test data to create session */ + + /* Copy IPsec xform */ + memcpy(&ipsec_xform, &td[0].ipsec_xform, sizeof(ipsec_xform)); + + dir = ipsec_xform.direction; + verify = flags->tunnel_hdr_verify; + + if ((dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && verify) { + if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR) + src += 1; + else if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR) + dst += 1; + } + + memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src)); + memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst)); + + ctx = rte_cryptodev_get_sec_ctx(dev_id); + + sec_cap_idx.action = ut_params->type; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_IPSEC; + sec_cap_idx.ipsec.proto = ipsec_xform.proto; + sec_cap_idx.ipsec.mode = ipsec_xform.mode; + sec_cap_idx.ipsec.direction = ipsec_xform.direction; + + if (flags->udp_encap) + ipsec_xform.options.udp_encap = 1; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) + return TEST_SKIPPED; + + /* Copy cipher session parameters */ + if (td[0].aead) { + memcpy(&ut_params->aead_xform, &td[0].xform.aead, + sizeof(ut_params->aead_xform)); + ut_params->aead_xform.aead.key.data = td[0].key.data; + ut_params->aead_xform.aead.iv.offset = IV_OFFSET; + + /* Verify crypto capabilities */ + if (test_ipsec_crypto_caps_aead_verify( + sec_cap, + &ut_params->aead_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, + "Crypto capabilities not supported\n"); + return TEST_SKIPPED; + } + } else { + /* Only AEAD supported now */ + return TEST_SKIPPED; + } + + if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0) + return TEST_SKIPPED; + + salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len); + memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len); + + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = ipsec_xform, + .crypto_xform = &ut_params->aead_xform, + }; + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_mpool, + ts_params->session_priv_mpool); + + if (ut_params->sec_session == NULL) + return TEST_SKIPPED; + + for (i = 0; i < nb_td; i++) { + /* Setup source mbuf payload */ + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + input_text = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + td[i].input_text.len); + + memcpy(input_text, td[i].input_text.data, + td[i].input_text.len); + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, + RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (!ut_params->op) { + printf("TestCase %s line %d: %s\n", + __func__, __LINE__, + "failed to allocate crypto op"); + ret = TEST_FAILED; + goto crypto_op_free; + } + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, + ut_params->sec_session); + + /* Set crypto operation mbufs */ + ut_params->op->sym->m_src = ut_params->ibuf; + ut_params->op->sym->m_dst = NULL; + + /* Copy IV in crypto operation when IV generation is disabled */ + if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + ipsec_xform.options.iv_gen_disable == 1) { + uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op, + uint8_t *, + IV_OFFSET); + int len; + + if (td[i].aead) + len = td[i].xform.aead.aead.iv.length; + else + len = td[i].xform.chain.cipher.cipher.iv.length; + + memcpy(iv, td[i].iv.data, len); + } + + /* Process crypto operation */ + process_crypto_request(dev_id, ut_params->op); + + ret = test_ipsec_status_check(ut_params->op, flags, dir, i + 1); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + if (res_d != NULL) + res_d_tmp = &res_d[i]; + + ret = test_ipsec_post_process(ut_params->ibuf, &td[i], + res_d_tmp, silent, flags); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + } + +crypto_op_free: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + return ret; +} + +static int +test_ipsec_proto_known_vec(const void *test_data) +{ + struct ipsec_test_data td_outb; + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + memcpy(&td_outb, test_data, sizeof(td_outb)); + + /* Disable IV gen to be able to test with known vectors */ + td_outb.ipsec_xform.options.iv_gen_disable = 1; + + return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags); +} + +static int +test_ipsec_proto_known_vec_inb(const void *td_outb) +{ + struct ipsec_test_flags flags; + struct ipsec_test_data td_inb; + + memset(&flags, 0, sizeof(flags)); + + test_ipsec_td_in_from_out(td_outb, &td_inb); + + return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags); +} + +static int +test_ipsec_proto_all(const struct ipsec_test_flags *flags) +{ + struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + unsigned int i, nb_pkts = 1, pass_cnt = 0; + int ret; + + if (flags->iv_gen || + flags->sa_expiry_pkts_soft || + flags->sa_expiry_pkts_hard) + nb_pkts = IPSEC_TEST_PACKETS_MAX; + + for (i = 0; i < RTE_DIM(aead_list); i++) { + test_ipsec_td_prepare(&aead_list[i], + NULL, + flags, + td_outb, + nb_pkts); + + ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags); + + ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_ipsec_display_alg(&aead_list[i], NULL); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_ipsec_proto_display_list(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_iv_gen(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.iv_gen = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.sa_expiry_pkts_soft = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_sa_exp_pkts_hard(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.sa_expiry_pkts_hard = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.icv_corrupt = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_udp_encap(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.udp_encap = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_src_dst_addr_verify(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_dst_addr_verify(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_udp_ports_verify(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.udp_encap = true; + flags.udp_ports_verify = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_inner_ip_csum(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ip_csum = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_inner_l4_csum(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.l4_csum = true; + + return test_ipsec_proto_all(&flags); +} + static int test_PDCP_PROTO_all(void) { @@ -8923,6 +9439,7 @@ test_PDCP_PROTO_all(void) status += test_PDCP_PROTO_SGL_oop_128B_32B(); status += test_PDCP_SDAP_PROTO_encap_all(); status += test_PDCP_SDAP_PROTO_decap_all(); + status += test_PDCP_PROTO_short_mac(); if (status) return TEST_FAILED; @@ -10014,6 +10531,7 @@ test_authenticated_encryption_oop(const struct aead_test_data *tdata) int retval; uint8_t *ciphertext, *auth_tag; uint16_t plaintext_pad_len; + struct rte_cryptodev_info dev_info; /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; @@ -10023,7 +10541,11 @@ test_authenticated_encryption_oop(const struct aead_test_data *tdata) &cap_idx) == NULL) return TEST_SKIPPED; - if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; + + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) return TEST_SKIPPED; /* not supported with CPU crypto */ @@ -10060,7 +10582,11 @@ test_authenticated_encryption_oop(const struct aead_test_data *tdata) ut_params->op->sym->m_dst = ut_params->obuf; /* Process crypto operation */ - TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 0, 0, 0, 0); + else + TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0], ut_params->op), "failed to process sym crypto op"); TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS, @@ -10106,6 +10632,10 @@ test_authenticated_decryption_oop(const struct aead_test_data *tdata) int retval; uint8_t *plaintext; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; @@ -10120,6 +10650,12 @@ test_authenticated_decryption_oop(const struct aead_test_data *tdata) global_api_test_type == CRYPTODEV_RAW_API_TEST) return TEST_SKIPPED; + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return TEST_SKIPPED; + } + /* Create AEAD session */ retval = create_aead_session(ts_params->valid_devs[0], tdata->algo, @@ -10150,7 +10686,11 @@ test_authenticated_decryption_oop(const struct aead_test_data *tdata) ut_params->op->sym->m_dst = ut_params->obuf; /* Process crypto operation */ - TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 0, 0, 0, 0); + else + TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0], ut_params->op), "failed to process sym crypto op"); TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS, @@ -10825,8 +11365,8 @@ test_multi_session(void) rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); sessions = rte_malloc(NULL, - (sizeof(struct rte_cryptodev_sym_session *) * - MAX_NB_SESSIONS) + 1, 0); + sizeof(struct rte_cryptodev_sym_session *) * + (MAX_NB_SESSIONS + 1), 0); /* Create multiple crypto sessions*/ for (i = 0; i < MAX_NB_SESSIONS; i++) { @@ -10871,6 +11411,7 @@ test_multi_session(void) } } + sessions[i] = NULL; /* Next session create should fail */ rte_cryptodev_sym_session_init(ts_params->valid_devs[0], sessions[i], &ut_params->auth_xform, @@ -12498,10 +13039,13 @@ test_authentication_verify_fail_when_data_corruption( else { ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); - TEST_ASSERT_NULL(ut_params->op, "authentication not failed"); } + if (ut_params->op == NULL) + return 0; + else if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) + return 0; - return 0; + return -1; } static int @@ -12677,7 +13221,7 @@ test_authenticated_decryption_fail_when_corruption( } static int -test_authenticated_encryt_with_esn( +test_authenticated_encrypt_with_esn( struct crypto_testsuite_params *ts_params, struct crypto_unittest_params *ut_params, const struct test_crypto_vector *reference) @@ -13464,7 +14008,7 @@ auth_decryption_AES128CBC_HMAC_SHA1_fail_tag_corrupt(void) static int auth_encrypt_AES128CBC_HMAC_SHA1_esn_check(void) { - return test_authenticated_encryt_with_esn( + return test_authenticated_encrypt_with_esn( &testsuite_params, &unittest_params, &aes128cbc_hmac_sha1_aad_test_vector); @@ -13550,35 +14094,36 @@ scheduler_testsuite_setup(void) } static int -test_scheduler_attach_slave_op(void) +test_scheduler_attach_worker_op(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; uint8_t sched_id = ts_params->valid_devs[0]; - uint32_t nb_devs, i, nb_devs_attached = 0; + uint32_t i, nb_devs_attached = 0; int ret; char vdev_name[32]; + unsigned int count = rte_cryptodev_count(); - /* create 2 AESNI_MB if necessary */ - nb_devs = rte_cryptodev_device_count_by_driver( - rte_cryptodev_driver_id_get( - RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD))); - if (nb_devs < 2) { - for (i = nb_devs; i < 2; i++) { - snprintf(vdev_name, sizeof(vdev_name), "%s_%u", - RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD), - i); - ret = rte_vdev_init(vdev_name, NULL); + /* create 2 AESNI_MB vdevs on top of existing devices */ + for (i = count; i < count + 2; i++) { + snprintf(vdev_name, sizeof(vdev_name), "%s_%u", + RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD), + i); + ret = rte_vdev_init(vdev_name, NULL); - TEST_ASSERT(ret == 0, - "Failed to create instance %u of" - " pmd : %s", - i, RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)); + TEST_ASSERT(ret == 0, + "Failed to create instance %u of" + " pmd : %s", + i, RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)); + + if (ret < 0) { + RTE_LOG(ERR, USER1, + "Failed to create 2 AESNI MB PMDs.\n"); + return TEST_SKIPPED; } } /* attach 2 AESNI_MB cdevs */ - for (i = 0; i < rte_cryptodev_count() && nb_devs_attached < 2; - i++) { + for (i = count; i < count + 2; i++) { struct rte_cryptodev_info info; unsigned int session_size; @@ -13660,7 +14205,7 @@ test_scheduler_attach_slave_op(void) } static int -test_scheduler_detach_slave_op(void) +test_scheduler_detach_worker_op(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; uint8_t sched_id = ts_params->valid_devs[0]; @@ -13726,7 +14271,7 @@ test_scheduler_mode_pkt_size_distr_op(void) static int scheduler_multicore_testsuite_setup(void) { - if (test_scheduler_attach_slave_op() < 0) + if (test_scheduler_attach_worker_op() < 0) return TEST_SKIPPED; if (test_scheduler_mode_op(CDEV_SCHED_MODE_MULTICORE) < 0) return TEST_SKIPPED; @@ -13736,7 +14281,7 @@ scheduler_multicore_testsuite_setup(void) static int scheduler_roundrobin_testsuite_setup(void) { - if (test_scheduler_attach_slave_op() < 0) + if (test_scheduler_attach_worker_op() < 0) return TEST_SKIPPED; if (test_scheduler_mode_op(CDEV_SCHED_MODE_ROUNDROBIN) < 0) return TEST_SKIPPED; @@ -13746,7 +14291,7 @@ scheduler_roundrobin_testsuite_setup(void) static int scheduler_failover_testsuite_setup(void) { - if (test_scheduler_attach_slave_op() < 0) + if (test_scheduler_attach_worker_op() < 0) return TEST_SKIPPED; if (test_scheduler_mode_op(CDEV_SCHED_MODE_FAILOVER) < 0) return TEST_SKIPPED; @@ -13756,7 +14301,7 @@ scheduler_failover_testsuite_setup(void) static int scheduler_pkt_size_distr_testsuite_setup(void) { - if (test_scheduler_attach_slave_op() < 0) + if (test_scheduler_attach_worker_op() < 0) return TEST_SKIPPED; if (test_scheduler_mode_op(CDEV_SCHED_MODE_PKT_SIZE_DISTR) < 0) return TEST_SKIPPED; @@ -13766,7 +14311,7 @@ scheduler_pkt_size_distr_testsuite_setup(void) static void scheduler_mode_testsuite_teardown(void) { - test_scheduler_detach_slave_op(); + test_scheduler_detach_worker_op(); } #endif /* RTE_CRYPTO_SCHEDULER */ @@ -13779,6 +14324,82 @@ static struct unit_test_suite end_testsuite = { }; #ifdef RTE_LIB_SECURITY +static struct unit_test_suite ipsec_proto_testsuite = { + .suite_name = "IPsec Proto Unit Test Suite", + .setup = ipsec_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_192_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_192_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm), + TEST_CASE_NAMED_ST( + "Combined test alg list", + ut_setup_security, ut_teardown, + test_ipsec_proto_display_list), + TEST_CASE_NAMED_ST( + "IV generation", + ut_setup_security, ut_teardown, + test_ipsec_proto_iv_gen), + TEST_CASE_NAMED_ST( + "UDP encapsulation", + ut_setup_security, ut_teardown, + test_ipsec_proto_udp_encap), + TEST_CASE_NAMED_ST( + "UDP encapsulation ports verification test", + ut_setup_security, ut_teardown, + test_ipsec_proto_udp_ports_verify), + TEST_CASE_NAMED_ST( + "SA expiry packets soft", + ut_setup_security, ut_teardown, + test_ipsec_proto_sa_exp_pkts_soft), + TEST_CASE_NAMED_ST( + "SA expiry packets hard", + ut_setup_security, ut_teardown, + test_ipsec_proto_sa_exp_pkts_hard), + TEST_CASE_NAMED_ST( + "Negative test: ICV corruption", + ut_setup_security, ut_teardown, + test_ipsec_proto_err_icv_corrupt), + TEST_CASE_NAMED_ST( + "Tunnel dst addr verification", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_dst_addr_verify), + TEST_CASE_NAMED_ST( + "Tunnel src and dst addr verification", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_src_dst_addr_verify), + TEST_CASE_NAMED_ST( + "Inner IP checksum", + ut_setup_security, ut_teardown, + test_ipsec_proto_inner_ip_csum), + TEST_CASE_NAMED_ST( + "Inner L4 checksum", + ut_setup_security, ut_teardown, + test_ipsec_proto_inner_l4_csum), + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + static struct unit_test_suite pdcp_proto_testsuite = { .suite_name = "PDCP Proto Unit Test Suite", .setup = pdcp_proto_testsuite_setup, @@ -13810,14 +14431,6 @@ static struct unit_test_suite cryptodev_gen_testsuite = { test_queue_pair_descriptor_setup), TEST_CASE_ST(ut_setup, ut_teardown, test_device_configure_invalid_queue_pair_ids), - TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_3DES_chain_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_3DES_cipheronly_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_DES_cipheronly_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_AES_docsis_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_DES_docsis_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_all), TEST_CASE_ST(ut_setup, ut_teardown, test_stats), TEST_CASE_ST(ut_setup, ut_teardown, test_enq_callback_setup), TEST_CASE_ST(ut_setup, ut_teardown, test_deq_callback_setup), @@ -14241,6 +14854,8 @@ static struct unit_test_suite cryptodev_zuc_testsuite = { test_zuc_encryption_test_case_5), TEST_CASE_ST(ut_setup, ut_teardown, test_zuc_encryption_test_case_6_sgl), + TEST_CASE_ST(ut_setup, ut_teardown, + test_zuc_encryption_test_case_7), /** ZUC authenticate (EIA3) */ TEST_CASE_ST(ut_setup, ut_teardown, @@ -14259,6 +14874,11 @@ static struct unit_test_suite cryptodev_zuc_testsuite = { test_zuc_hash_generate_test_case_7), TEST_CASE_ST(ut_setup, ut_teardown, test_zuc_hash_generate_test_case_8), + TEST_CASE_ST(ut_setup, ut_teardown, + test_zuc_hash_generate_test_case_9), + TEST_CASE_ST(ut_setup, ut_teardown, + test_zuc_hash_generate_test_case_10), + /** ZUC alg-chain (EEA3/EIA3) */ TEST_CASE_ST(ut_setup, ut_teardown, @@ -14365,7 +14985,6 @@ static struct unit_test_suite cryptodev_kasumi_testsuite = { test_kasumi_decryption_test_case_5), TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_decryption_test_case_1_oop), - TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_cipher_auth_test_case_1), @@ -14545,7 +15164,16 @@ static struct unit_test_suite cryptodev_mixed_cipher_hash_testsuite = { static int run_cryptodev_testsuite(const char *pmd_name) { - uint8_t ret, j, i = 0; + uint8_t ret, j, i = 0, blk_start_idx = 0; + const enum blockcipher_test_type blk_suites[] = { + BLKCIPHER_AES_CHAIN_TYPE, + BLKCIPHER_AES_CIPHERONLY_TYPE, + BLKCIPHER_AES_DOCSIS_TYPE, + BLKCIPHER_3DES_CHAIN_TYPE, + BLKCIPHER_3DES_CIPHERONLY_TYPE, + BLKCIPHER_DES_CIPHERONLY_TYPE, + BLKCIPHER_DES_DOCSIS_TYPE, + BLKCIPHER_AUTHONLY_TYPE}; struct unit_test_suite *static_suites[] = { &cryptodev_multi_session_testsuite, &cryptodev_null_testsuite, @@ -14564,6 +15192,7 @@ run_cryptodev_testsuite(const char *pmd_name) &cryptodev_negative_hmac_sha1_testsuite, &cryptodev_gen_testsuite, #ifdef RTE_LIB_SECURITY + &ipsec_proto_testsuite, &pdcp_proto_testsuite, &docsis_proto_testsuite, #endif @@ -14580,33 +15209,70 @@ run_cryptodev_testsuite(const char *pmd_name) if (gbl_driver_id == -1) { RTE_LOG(ERR, USER1, "%s PMD must be loaded.\n", pmd_name); - return TEST_FAILED; + return TEST_SKIPPED; } ts.unit_test_suites = malloc(sizeof(struct unit_test_suite *) * - RTE_DIM(static_suites)); + (RTE_DIM(blk_suites) + RTE_DIM(static_suites))); + ADD_BLOCKCIPHER_TESTSUITE(i, ts, blk_suites, RTE_DIM(blk_suites)); ADD_STATIC_TESTSUITE(i, ts, static_suites, RTE_DIM(static_suites)); ret = unit_test_suite_runner(&ts); + FREE_BLOCKCIPHER_TESTSUITE(blk_start_idx, ts, RTE_DIM(blk_suites)); free(ts.unit_test_suites); return ret; } static int -test_cryptodev_qat(void /*argv __rte_unused, int argc __rte_unused*/) +require_feature_flag(const char *pmd_name, uint64_t flag, const char *flag_name) +{ + struct rte_cryptodev_info dev_info; + uint8_t i, nb_devs; + int driver_id; + + driver_id = rte_cryptodev_driver_id_get(pmd_name); + if (driver_id == -1) { + RTE_LOG(WARNING, USER1, "%s PMD must be loaded.\n", pmd_name); + return TEST_SKIPPED; + } + + nb_devs = rte_cryptodev_count(); + if (nb_devs < 1) { + RTE_LOG(WARNING, USER1, "No crypto devices found?\n"); + return TEST_SKIPPED; + } + + for (i = 0; i < nb_devs; i++) { + rte_cryptodev_info_get(i, &dev_info); + if (dev_info.driver_id == driver_id) { + if (!(dev_info.feature_flags & flag)) { + RTE_LOG(INFO, USER1, "%s not supported\n", + flag_name); + return TEST_SKIPPED; + } + return 0; /* found */ + } + } + + RTE_LOG(INFO, USER1, "%s not supported\n", flag_name); + return TEST_SKIPPED; +} + +static int +test_cryptodev_qat(void) { return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_QAT_SYM_PMD)); } static int -test_cryptodev_virtio(void /*argv __rte_unused, int argc __rte_unused*/) +test_cryptodev_virtio(void) { return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_VIRTIO_PMD)); } static int -test_cryptodev_aesni_mb(void /*argv __rte_unused, int argc __rte_unused*/) +test_cryptodev_aesni_mb(void) { return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)); } @@ -14645,6 +15311,12 @@ test_cryptodev_cpu_aesni_gcm(void) return rc; } +static int +test_cryptodev_mlx5(void) +{ + return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_MLX5_PMD)); +} + static int test_cryptodev_null(void) { @@ -14652,19 +15324,19 @@ test_cryptodev_null(void) } static int -test_cryptodev_sw_snow3g(void /*argv __rte_unused, int argc __rte_unused*/) +test_cryptodev_sw_snow3g(void) { return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_SNOW3G_PMD)); } static int -test_cryptodev_sw_kasumi(void /*argv __rte_unused, int argc __rte_unused*/) +test_cryptodev_sw_kasumi(void) { return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_KASUMI_PMD)); } static int -test_cryptodev_sw_zuc(void /*argv __rte_unused, int argc __rte_unused*/) +test_cryptodev_sw_zuc(void) { return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_ZUC_PMD)); } @@ -14684,56 +15356,37 @@ test_cryptodev_mrvl(void) #ifdef RTE_CRYPTO_SCHEDULER static int -test_cryptodev_scheduler(void /*argv __rte_unused, int argc __rte_unused*/) +test_cryptodev_scheduler(void) { - uint8_t ret, j, i = 0; + uint8_t ret, sched_i, j, i = 0, blk_start_idx = 0; + const enum blockcipher_test_type blk_suites[] = { + BLKCIPHER_AES_CHAIN_TYPE, + BLKCIPHER_AES_CIPHERONLY_TYPE, + BLKCIPHER_AUTHONLY_TYPE + }; static struct unit_test_suite scheduler_multicore = { .suite_name = "Scheduler Multicore Unit Test Suite", .setup = scheduler_multicore_testsuite_setup, .teardown = scheduler_mode_testsuite_teardown, - .unit_test_cases = { - TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_all), - TEST_CASE_ST(ut_setup, ut_teardown, - test_AES_cipheronly_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_all), - TEST_CASES_END() - } + .unit_test_cases = {TEST_CASES_END()} }; static struct unit_test_suite scheduler_round_robin = { .suite_name = "Scheduler Round Robin Unit Test Suite", .setup = scheduler_roundrobin_testsuite_setup, .teardown = scheduler_mode_testsuite_teardown, - .unit_test_cases = { - TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_all), - TEST_CASE_ST(ut_setup, ut_teardown, - test_AES_cipheronly_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_all), - TEST_CASES_END() - } + .unit_test_cases = {TEST_CASES_END()} }; static struct unit_test_suite scheduler_failover = { .suite_name = "Scheduler Failover Unit Test Suite", .setup = scheduler_failover_testsuite_setup, .teardown = scheduler_mode_testsuite_teardown, - .unit_test_cases = { - TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_all), - TEST_CASE_ST(ut_setup, ut_teardown, - test_AES_cipheronly_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_all), - TEST_CASES_END() - } + .unit_test_cases = {TEST_CASES_END()} }; static struct unit_test_suite scheduler_pkt_size_distr = { .suite_name = "Scheduler Pkt Size Distr Unit Test Suite", .setup = scheduler_pkt_size_distr_testsuite_setup, .teardown = scheduler_mode_testsuite_teardown, - .unit_test_cases = { - TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_all), - TEST_CASE_ST(ut_setup, ut_teardown, - test_AES_cipheronly_all), - TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_all), - TEST_CASES_END() - } + .unit_test_cases = {TEST_CASES_END()} }; struct unit_test_suite *sched_mode_suites[] = { &scheduler_multicore, @@ -14744,12 +15397,12 @@ test_cryptodev_scheduler(void /*argv __rte_unused, int argc __rte_unused*/) static struct unit_test_suite scheduler_config = { .suite_name = "Crypto Device Scheduler Config Unit Test Suite", .unit_test_cases = { - TEST_CASE(test_scheduler_attach_slave_op), + TEST_CASE(test_scheduler_attach_worker_op), TEST_CASE(test_scheduler_mode_multicore_op), TEST_CASE(test_scheduler_mode_roundrobin_op), TEST_CASE(test_scheduler_mode_failover_op), TEST_CASE(test_scheduler_mode_pkt_size_distr_op), - TEST_CASE(test_scheduler_detach_slave_op), + TEST_CASE(test_scheduler_detach_worker_op), TEST_CASES_END() /**< NULL terminate array */ } @@ -14779,6 +15432,16 @@ test_cryptodev_scheduler(void /*argv __rte_unused, int argc __rte_unused*/) return TEST_SKIPPED; } + for (sched_i = 0; sched_i < RTE_DIM(sched_mode_suites); sched_i++) { + uint8_t blk_i = 0; + sched_mode_suites[sched_i]->unit_test_suites = malloc(sizeof + (struct unit_test_suite *) * + (RTE_DIM(blk_suites) + 1)); + ADD_BLOCKCIPHER_TESTSUITE(blk_i, (*sched_mode_suites[sched_i]), + blk_suites, RTE_DIM(blk_suites)); + sched_mode_suites[sched_i]->unit_test_suites[blk_i] = &end_testsuite; + } + ts.unit_test_suites = malloc(sizeof(struct unit_test_suite *) * (RTE_DIM(static_suites) + RTE_DIM(sched_mode_suites))); ADD_STATIC_TESTSUITE(i, ts, sched_mode_suites, @@ -14786,6 +15449,12 @@ test_cryptodev_scheduler(void /*argv __rte_unused, int argc __rte_unused*/) ADD_STATIC_TESTSUITE(i, ts, static_suites, RTE_DIM(static_suites)); ret = unit_test_suite_runner(&ts); + for (sched_i = 0; sched_i < RTE_DIM(sched_mode_suites); sched_i++) { + FREE_BLOCKCIPHER_TESTSUITE(blk_start_idx, + (*sched_mode_suites[sched_i]), + RTE_DIM(blk_suites)); + free(sched_mode_suites[sched_i]->unit_test_suites); + } free(ts.unit_test_suites); return ret; } @@ -14795,13 +15464,13 @@ REGISTER_TEST_COMMAND(cryptodev_scheduler_autotest, test_cryptodev_scheduler); #endif static int -test_cryptodev_dpaa2_sec(void /*argv __rte_unused, int argc __rte_unused*/) +test_cryptodev_dpaa2_sec(void) { return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD)); } static int -test_cryptodev_dpaa_sec(void /*argv __rte_unused, int argc __rte_unused*/) +test_cryptodev_dpaa_sec(void) { return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_DPAA_SEC_PMD)); } @@ -14825,7 +15494,7 @@ test_cryptodev_octeontx2(void) } static int -test_cryptodev_caam_jr(void /*argv __rte_unused, int argc __rte_unused*/) +test_cryptodev_caam_jr(void) { return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_CAAM_JR_PMD)); } @@ -14843,17 +15512,75 @@ test_cryptodev_bcmfs(void) } static int -test_cryptodev_qat_raw_api(void /*argv __rte_unused, int argc __rte_unused*/) +test_cryptodev_qat_raw_api(void) { + static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_QAT_SYM_PMD); int ret; + ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP, + "RAW API"); + if (ret) + return ret; + + global_api_test_type = CRYPTODEV_RAW_API_TEST; + ret = run_cryptodev_testsuite(pmd_name); + global_api_test_type = CRYPTODEV_API_TEST; + + return ret; +} + +static int +test_cryptodev_cn9k(void) +{ + return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_CN9K_PMD)); +} + +static int +test_cryptodev_cn10k(void) +{ + return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_CN10K_PMD)); +} + +static int +test_cryptodev_dpaa2_sec_raw_api(void) +{ + static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD); + int ret; + + ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP, + "RAW API"); + if (ret) + return ret; + + global_api_test_type = CRYPTODEV_RAW_API_TEST; + ret = run_cryptodev_testsuite(pmd_name); + global_api_test_type = CRYPTODEV_API_TEST; + + return ret; +} + +static int +test_cryptodev_dpaa_sec_raw_api(void) +{ + static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD); + int ret; + + ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP, + "RAW API"); + if (ret) + return ret; + global_api_test_type = CRYPTODEV_RAW_API_TEST; - ret = run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_QAT_SYM_PMD)); + ret = run_cryptodev_testsuite(pmd_name); global_api_test_type = CRYPTODEV_API_TEST; return ret; } +REGISTER_TEST_COMMAND(cryptodev_dpaa2_sec_raw_api_autotest, + test_cryptodev_dpaa2_sec_raw_api); +REGISTER_TEST_COMMAND(cryptodev_dpaa_sec_raw_api_autotest, + test_cryptodev_dpaa_sec_raw_api); REGISTER_TEST_COMMAND(cryptodev_qat_raw_api_autotest, test_cryptodev_qat_raw_api); REGISTER_TEST_COMMAND(cryptodev_qat_autotest, test_cryptodev_qat); @@ -14864,6 +15591,7 @@ REGISTER_TEST_COMMAND(cryptodev_openssl_autotest, test_cryptodev_openssl); REGISTER_TEST_COMMAND(cryptodev_aesni_gcm_autotest, test_cryptodev_aesni_gcm); REGISTER_TEST_COMMAND(cryptodev_cpu_aesni_gcm_autotest, test_cryptodev_cpu_aesni_gcm); +REGISTER_TEST_COMMAND(cryptodev_mlx5_autotest, test_cryptodev_mlx5); REGISTER_TEST_COMMAND(cryptodev_null_autotest, test_cryptodev_null); REGISTER_TEST_COMMAND(cryptodev_sw_snow3g_autotest, test_cryptodev_sw_snow3g); REGISTER_TEST_COMMAND(cryptodev_sw_kasumi_autotest, test_cryptodev_sw_kasumi); @@ -14879,3 +15607,5 @@ REGISTER_TEST_COMMAND(cryptodev_octeontx2_autotest, test_cryptodev_octeontx2); REGISTER_TEST_COMMAND(cryptodev_caam_jr_autotest, test_cryptodev_caam_jr); REGISTER_TEST_COMMAND(cryptodev_nitrox_autotest, test_cryptodev_nitrox); REGISTER_TEST_COMMAND(cryptodev_bcmfs_autotest, test_cryptodev_bcmfs); +REGISTER_TEST_COMMAND(cryptodev_cn9k_autotest, test_cryptodev_cn9k); +REGISTER_TEST_COMMAND(cryptodev_cn10k_autotest, test_cryptodev_cn10k);