X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=app%2Ftest%2Ftest_cryptodev.c;h=524019ce0edec1bcd4305afd251ae61920709a8d;hb=b4f94d758f9eadf45e3fbefcc8dc5701ab73bfca;hp=c752c1e8f21ccba9850b1cb985bcc7b111c627a7;hpb=40e91195d5079b32725a383263243565143c028e;p=dpdk.git diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index c752c1e8f2..524019ce0e 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -3,6 +3,8 @@ * Copyright 2020 NXP */ +#ifndef RTE_EXEC_ENV_WINDOWS + #include #include @@ -16,8 +18,10 @@ #include #include -#include +#include #include +#include +#include #ifdef RTE_CRYPTO_SCHEDULER #include @@ -42,6 +46,8 @@ #include "test_cryptodev_hmac_test_vectors.h" #include "test_cryptodev_mixed_test_vectors.h" #ifdef RTE_LIB_SECURITY +#include "test_cryptodev_security_ipsec.h" +#include "test_cryptodev_security_ipsec_test_vectors.h" #include "test_cryptodev_security_pdcp_test_vectors.h" #include "test_cryptodev_security_pdcp_sdap_test_vectors.h" #include "test_cryptodev_security_pdcp_test_func.h" @@ -124,6 +130,13 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess, const uint8_t *digest, const uint8_t *iv); +static int +security_proto_supported(enum rte_security_session_action_type action, + enum rte_security_session_protocol proto); + +static int +dev_configure_and_start(uint64_t ff_disable); + static struct rte_mbuf * setup_test_string(struct rte_mempool *mpool, const char *string, size_t len, uint8_t blocksize) @@ -168,6 +181,10 @@ post_process_raw_dp_op(void *user_data, uint32_t index __rte_unused, RTE_CRYPTO_OP_STATUS_ERROR; } +static struct crypto_testsuite_params testsuite_params = { NULL }; +struct crypto_testsuite_params *p_testsuite_params = &testsuite_params; +static struct crypto_unittest_params unittest_params; + void process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, struct rte_crypto_op *op, uint8_t is_cipher, uint8_t is_auth, @@ -175,13 +192,14 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, { struct rte_crypto_sym_op *sop = op->sym; struct rte_crypto_op *ret_op = NULL; - struct rte_crypto_vec data_vec[UINT8_MAX]; + struct rte_crypto_vec data_vec[UINT8_MAX], dest_data_vec[UINT8_MAX]; struct rte_crypto_va_iova_ptr cipher_iv, digest, aad_auth_iv; union rte_crypto_sym_ofs ofs; struct rte_crypto_sym_vec vec; - struct rte_crypto_sgl sgl; + struct rte_crypto_sgl sgl, dest_sgl; uint32_t max_len; union rte_cryptodev_session_ctx sess; + uint64_t auth_end_iova; uint32_t count = 0; struct rte_crypto_raw_dp_ctx *ctx; uint32_t cipher_offset = 0, cipher_len = 0, auth_offset = 0, @@ -191,6 +209,9 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, int ctx_service_size; int32_t status = 0; int enqueue_status, dequeue_status; + struct crypto_unittest_params *ut_params = &unittest_params; + int is_sgl = sop->m_src->nb_segs > 1; + int is_oop = 0; ctx_service_size = rte_cryptodev_get_raw_dp_ctx_size(dev_id); if (ctx_service_size < 0) { @@ -221,7 +242,7 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, digest.va = NULL; sgl.vec = data_vec; vec.num = 1; - vec.sgl = &sgl; + vec.src_sgl = &sgl; vec.iv = &cipher_iv; vec.digest = &digest; vec.aad = &aad_auth_iv; @@ -229,6 +250,9 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, ofs.raw = 0; + if ((sop->m_dst != NULL) && (sop->m_dst != sop->m_src)) + is_oop = 1; + if (is_cipher && is_auth) { cipher_offset = sop->cipher.data.offset; cipher_len = sop->cipher.data.length; @@ -256,6 +280,31 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, digest.va = (void *)sop->auth.digest.data; digest.iova = sop->auth.digest.phys_addr; + if (is_sgl) { + uint32_t remaining_off = auth_offset + auth_len; + struct rte_mbuf *sgl_buf = sop->m_src; + if (is_oop) + sgl_buf = sop->m_dst; + + while (remaining_off >= rte_pktmbuf_data_len(sgl_buf) + && sgl_buf->next != NULL) { + remaining_off -= rte_pktmbuf_data_len(sgl_buf); + sgl_buf = sgl_buf->next; + } + + auth_end_iova = (uint64_t)rte_pktmbuf_iova_offset( + sgl_buf, remaining_off); + } else { + auth_end_iova = rte_pktmbuf_iova(op->sym->m_src) + + auth_offset + auth_len; + } + /* Then check if digest-encrypted conditions are met */ + if ((auth_offset + auth_len < cipher_offset + cipher_len) && + (digest.iova == auth_end_iova) && is_sgl) + max_len = RTE_MAX(max_len, + auth_offset + auth_len + + ut_params->auth_xform.auth.digest_length); + } else if (is_cipher) { cipher_offset = sop->cipher.data.offset; cipher_len = sop->cipher.data.length; @@ -315,6 +364,19 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, } sgl.num = n; + /* Out of place */ + if (is_oop) { + dest_sgl.vec = dest_data_vec; + vec.dest_sgl = &dest_sgl; + n = rte_crypto_mbuf_to_vec(sop->m_dst, 0, max_len, + dest_data_vec, RTE_DIM(dest_data_vec)); + if (n < 0 || n > sop->m_dst->nb_segs) { + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + goto exit; + } + dest_sgl.num = n; + } else + vec.dest_sgl = NULL; if (rte_cryptodev_raw_enqueue_burst(ctx, &vec, ofs, (void **)&op, &enqueue_status) < 1) { @@ -355,6 +417,7 @@ process_sym_raw_dp_op(uint8_t dev_id, uint16_t qp_id, } op->status = (count == MAX_RAW_DEQUEUE_COUNT + 1 || ret_op != op || + ret_op->status == RTE_CRYPTO_OP_STATUS_ERROR || n_success < 1) ? RTE_CRYPTO_OP_STATUS_ERROR : RTE_CRYPTO_OP_STATUS_SUCCESS; @@ -385,7 +448,7 @@ process_cpu_aead_op(uint8_t dev_id, struct rte_crypto_op *op) sgl.vec = vec; sgl.num = n; - symvec.sgl = &sgl; + symvec.src_sgl = &sgl; symvec.iv = &iv_ptr; symvec.digest = &digest_ptr; symvec.aad = &aad_ptr; @@ -431,7 +494,7 @@ process_cpu_crypt_auth_op(uint8_t dev_id, struct rte_crypto_op *op) sgl.vec = vec; sgl.num = n; - symvec.sgl = &sgl; + symvec.src_sgl = &sgl; symvec.iv = &iv_ptr; symvec.digest = &digest_ptr; symvec.status = &st; @@ -478,10 +541,6 @@ process_crypto_request(uint8_t dev_id, struct rte_crypto_op *op) return op; } -static struct crypto_testsuite_params testsuite_params = { NULL }; -struct crypto_testsuite_params *p_testsuite_params = &testsuite_params; -static struct crypto_unittest_params unittest_params; - static int testsuite_setup(void) { @@ -753,6 +812,50 @@ crypto_gen_testsuite_setup(void) } #ifdef RTE_LIB_SECURITY +static int +ipsec_proto_testsuite_setup(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + struct rte_cryptodev_info dev_info; + int ret = 0; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) { + RTE_LOG(INFO, USER1, "Feature flag requirements for IPsec Proto " + "testsuite not met\n"); + return TEST_SKIPPED; + } + + /* Reconfigure to enable security */ + ret = dev_configure_and_start(0); + if (ret != TEST_SUCCESS) + return ret; + + /* Set action type */ + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + if (security_proto_supported( + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + RTE_SECURITY_PROTOCOL_IPSEC) < 0) { + RTE_LOG(INFO, USER1, "Capability requirements for IPsec Proto " + "test not met\n"); + ret = TEST_SKIPPED; + } + + test_ipsec_alg_list_populate(); + test_ipsec_ah_alg_list_populate(); + + /* + * Stop the device. Device would be started again by individual test + * case setup routine. + */ + rte_cryptodev_stop(ts_params->valid_devs[0]); + + return ret; +} + static int pdcp_proto_testsuite_setup(void) { @@ -808,13 +911,13 @@ docsis_proto_testsuite_setup(void) if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) || !(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) { - RTE_LOG(INFO, USER1, "Feature flag requirements for Docsis " + RTE_LOG(INFO, USER1, "Feature flag requirements for DOCSIS " "Proto testsuite not met\n"); return TEST_SKIPPED; } if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0) { - RTE_LOG(INFO, USER1, "Capability requirements for Docsis Proto " + RTE_LOG(INFO, USER1, "Capability requirements for DOCSIS Proto " "testsuite not met\n"); return TEST_SKIPPED; } @@ -1326,7 +1429,6 @@ ut_teardown(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; - struct rte_cryptodev_stats stats; /* free crypto session structure */ #ifdef RTE_LIB_SECURITY @@ -1373,8 +1475,6 @@ ut_teardown(void) RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n", rte_mempool_avail_count(ts_params->mbuf_pool)); - rte_cryptodev_stats_get(ts_params->valid_devs[0], &stats); - /* Stop the device */ rte_cryptodev_stop(ts_params->valid_devs[0]); } @@ -2047,6 +2147,7 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; + int status; /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; @@ -2093,12 +2194,17 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void) ut_params->sess = rte_cryptodev_sym_session_create( ts_params->session_mpool); + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); /* Create crypto session*/ - rte_cryptodev_sym_session_init(ts_params->valid_devs[0], + status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0], ut_params->sess, &ut_params->cipher_xform, ts_params->session_priv_mpool); - TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); + + if (status == -ENOTSUP) + return TEST_SKIPPED; + + TEST_ASSERT_EQUAL(status, 0, "Session init failed"); /* Generate crypto op data structure */ ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, @@ -2353,6 +2459,9 @@ create_wireless_algo_hash_session(uint8_t dev_id, status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess, &ut_params->auth_xform, ts_params->session_priv_mpool); + if (status == -ENOTSUP) + return TEST_SKIPPED; + TEST_ASSERT_EQUAL(status, 0, "session init failed"); TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); return 0; @@ -2392,6 +2501,9 @@ create_wireless_algo_cipher_session(uint8_t dev_id, status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess, &ut_params->cipher_xform, ts_params->session_priv_mpool); + if (status == -ENOTSUP) + return TEST_SKIPPED; + TEST_ASSERT_EQUAL(status, 0, "session init failed"); TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); return 0; @@ -4005,9 +4117,9 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->ciphertext.len, - tdata->validCipherOffsetInBits.len); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -4139,6 +4251,16 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata) int retval; unsigned plaintext_pad_len; unsigned plaintext_len; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; + + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return -ENOTSUP; + } /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; @@ -4194,7 +4316,11 @@ test_snow3g_encryption_oop(const struct snow3g_test_data *tdata) if (retval < 0) return retval; - ut_params->op = process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 0, 1, tdata->cipher_iv.len); + else + ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); @@ -4254,6 +4380,12 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata) return TEST_SKIPPED; } + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return -ENOTSUP; + } + /* Create SNOW 3G session */ retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0], RTE_CRYPTO_CIPHER_OP_ENCRYPT, @@ -4288,7 +4420,11 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata) if (retval < 0) return retval; - ut_params->op = process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 0, 1, tdata->cipher_iv.len); + else + ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); @@ -4415,7 +4551,11 @@ test_snow3g_encryption_offset_oop(const struct snow3g_test_data *tdata) if (retval < 0) return retval; - ut_params->op = process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 0, 1, tdata->cipher_iv.len); + else + ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); @@ -4546,7 +4686,16 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata) uint8_t *plaintext, *ciphertext; unsigned ciphertext_pad_len; unsigned ciphertext_len; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return -ENOTSUP; + } /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER; @@ -4604,7 +4753,11 @@ static int test_snow3g_decryption_oop(const struct snow3g_test_data *tdata) if (retval < 0) return retval; - ut_params->op = process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 0, 1, tdata->cipher_iv.len); + else + ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); ut_params->obuf = ut_params->op->sym->m_dst; @@ -5769,6 +5922,61 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata) return 0; } +static int +check_cipher_capability(const struct crypto_testsuite_params *ts_params, + const enum rte_crypto_cipher_algorithm cipher_algo, + const uint16_t key_size, const uint16_t iv_size) +{ + struct rte_cryptodev_sym_capability_idx cap_idx; + const struct rte_cryptodev_symmetric_capability *cap; + + /* Check if device supports the algorithm */ + cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + cap_idx.algo.cipher = cipher_algo; + + cap = rte_cryptodev_sym_capability_get(ts_params->valid_devs[0], + &cap_idx); + + if (cap == NULL) + return -1; + + /* Check if device supports key size and IV size */ + if (rte_cryptodev_sym_capability_check_cipher(cap, key_size, + iv_size) < 0) { + return -1; + } + + return 0; +} + +static int +check_auth_capability(const struct crypto_testsuite_params *ts_params, + const enum rte_crypto_auth_algorithm auth_algo, + const uint16_t key_size, const uint16_t iv_size, + const uint16_t tag_size) +{ + struct rte_cryptodev_sym_capability_idx cap_idx; + const struct rte_cryptodev_symmetric_capability *cap; + + /* Check if device supports the algorithm */ + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; + cap_idx.algo.auth = auth_algo; + + cap = rte_cryptodev_sym_capability_get(ts_params->valid_devs[0], + &cap_idx); + + if (cap == NULL) + return -1; + + /* Check if device supports key size and IV size */ + if (rte_cryptodev_sym_capability_check_auth(cap, key_size, + tag_size, iv_size) < 0) { + return -1; + } + + return 0; +} + static int test_zuc_encryption(const struct wireless_test_data *tdata) { @@ -5793,14 +6001,9 @@ test_zuc_encryption(const struct wireless_test_data *tdata) if (gbl_action_type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) return TEST_SKIPPED; - struct rte_cryptodev_sym_capability_idx cap_idx; - /* Check if device supports ZUC EEA3 */ - cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER; - cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_ZUC_EEA3; - - if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0], - &cap_idx) == NULL) + if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3, + tdata->key.len, tdata->cipher_iv.len) < 0) return TEST_SKIPPED; /* Create ZUC session */ @@ -5809,7 +6012,7 @@ test_zuc_encryption(const struct wireless_test_data *tdata) RTE_CRYPTO_CIPHER_ZUC_EEA3, tdata->key.data, tdata->key.len, tdata->cipher_iv.len); - if (retval < 0) + if (retval != 0) return retval; ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); @@ -5875,14 +6078,9 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata) uint8_t ciphertext_buffer[2048]; struct rte_cryptodev_info dev_info; - struct rte_cryptodev_sym_capability_idx cap_idx; - /* Check if device supports ZUC EEA3 */ - cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER; - cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_ZUC_EEA3; - - if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0], - &cap_idx) == NULL) + if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3, + tdata->key.len, tdata->cipher_iv.len) < 0) return TEST_SKIPPED; if (gbl_action_type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) @@ -5976,7 +6174,6 @@ test_zuc_authentication(const struct wireless_test_data *tdata) unsigned plaintext_len; uint8_t *plaintext; - struct rte_cryptodev_sym_capability_idx cap_idx; struct rte_cryptodev_info dev_info; rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); @@ -5998,11 +6195,9 @@ test_zuc_authentication(const struct wireless_test_data *tdata) return TEST_SKIPPED; /* Check if device supports ZUC EIA3 */ - cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; - cap_idx.algo.auth = RTE_CRYPTO_AUTH_ZUC_EIA3; - - if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0], - &cap_idx) == NULL) + if (check_auth_capability(ts_params, RTE_CRYPTO_AUTH_ZUC_EIA3, + tdata->key.len, tdata->auth_iv.len, + tdata->digest.len) < 0) return TEST_SKIPPED; /* Create ZUC session */ @@ -6011,7 +6206,7 @@ test_zuc_authentication(const struct wireless_test_data *tdata) tdata->auth_iv.len, tdata->digest.len, RTE_CRYPTO_AUTH_OP_GENERATE, RTE_CRYPTO_AUTH_ZUC_EIA3); - if (retval < 0) + if (retval != 0) return retval; /* alloc mbuf and set payload */ @@ -6043,8 +6238,8 @@ test_zuc_authentication(const struct wireless_test_data *tdata) else ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); - ut_params->obuf = ut_params->op->sym->m_src; TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); + ut_params->obuf = ut_params->op->sym->m_src; ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *) + plaintext_pad_len; @@ -6074,14 +6269,16 @@ test_zuc_auth_cipher(const struct wireless_test_data *tdata, unsigned int ciphertext_len; struct rte_cryptodev_info dev_info; - struct rte_cryptodev_sym_capability_idx cap_idx; - /* Check if device supports ZUC EIA3 */ - cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; - cap_idx.algo.auth = RTE_CRYPTO_AUTH_ZUC_EIA3; + /* Check if device supports ZUC EEA3 */ + if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3, + tdata->key.len, tdata->cipher_iv.len) < 0) + return TEST_SKIPPED; - if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0], - &cap_idx) == NULL) + /* Check if device supports ZUC EIA3 */ + if (check_auth_capability(ts_params, RTE_CRYPTO_AUTH_ZUC_EIA3, + tdata->key.len, tdata->auth_iv.len, + tdata->digest.len) < 0) return TEST_SKIPPED; rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); @@ -6150,20 +6347,20 @@ test_zuc_auth_cipher(const struct wireless_test_data *tdata, ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, ciphertext_pad_len); memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len); - if (op_mode == OUT_OF_PLACE) - rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len); debug_hexdump(stdout, "ciphertext:", ciphertext, ciphertext_len); } else { + /* make sure enough space to cover partial digest verify case */ plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, - plaintext_pad_len); + ciphertext_pad_len); memcpy(plaintext, tdata->plaintext.data, plaintext_len); - if (op_mode == OUT_OF_PLACE) - rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len); debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len); } + if (op_mode == OUT_OF_PLACE) + rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len); + /* Create ZUC operation */ retval = create_wireless_algo_auth_cipher_operation( tdata->digest.data, tdata->digest.len, @@ -6272,14 +6469,16 @@ test_zuc_auth_cipher_sgl(const struct wireless_test_data *tdata, uint8_t digest_buffer[10000]; struct rte_cryptodev_info dev_info; - struct rte_cryptodev_sym_capability_idx cap_idx; - /* Check if device supports ZUC EIA3 */ - cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; - cap_idx.algo.auth = RTE_CRYPTO_AUTH_ZUC_EIA3; + /* Check if device supports ZUC EEA3 */ + if (check_cipher_capability(ts_params, RTE_CRYPTO_CIPHER_ZUC_EEA3, + tdata->key.len, tdata->cipher_iv.len) < 0) + return TEST_SKIPPED; - if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0], - &cap_idx) == NULL) + /* Check if device supports ZUC EIA3 */ + if (check_auth_capability(ts_params, RTE_CRYPTO_AUTH_ZUC_EIA3, + tdata->key.len, tdata->auth_iv.len, + tdata->digest.len) < 0) return TEST_SKIPPED; rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); @@ -6683,7 +6882,7 @@ test_snow3g_decryption_with_digest_test_case_1(void) } /* - * Function prepare data for hash veryfication test case. + * Function prepare data for hash verification test case. * Digest is allocated in 4 last bytes in plaintext, pattern. */ snow3g_hash_test_vector_setup(&snow3g_test_case_7, &snow3g_hash_data); @@ -7005,6 +7204,24 @@ test_zuc_hash_generate_test_case_8(void) return test_zuc_authentication(&zuc_test_case_auth_584b); } +static int +test_zuc_hash_generate_test_case_9(void) +{ + return test_zuc_authentication(&zuc_test_case_auth_4000b_mac_32b); +} + +static int +test_zuc_hash_generate_test_case_10(void) +{ + return test_zuc_authentication(&zuc_test_case_auth_4000b_mac_64b); +} + +static int +test_zuc_hash_generate_test_case_11(void) +{ + return test_zuc_authentication(&zuc_test_case_auth_4000b_mac_128b); +} + static int test_zuc_cipher_auth_test_case_1(void) { @@ -7073,6 +7290,30 @@ test_zuc_auth_cipher_verify_test_case_1_oop_sgl(void) &zuc_auth_cipher_test_case_1, OUT_OF_PLACE, 1); } +static int +test_zuc256_encryption_test_case_1(void) +{ + return test_zuc_encryption(&zuc256_test_case_cipher_1); +} + +static int +test_zuc256_encryption_test_case_2(void) +{ + return test_zuc_encryption(&zuc256_test_case_cipher_2); +} + +static int +test_zuc256_authentication_test_case_1(void) +{ + return test_zuc_authentication(&zuc256_test_case_auth_1); +} + +static int +test_zuc256_authentication_test_case_2(void) +{ + return test_zuc_authentication(&zuc256_test_case_auth_2); +} + static int test_mixed_check_if_unsupported(const struct mixed_cipher_auth_test_data *tdata) { @@ -7174,19 +7415,19 @@ test_mixed_auth_cipher(const struct mixed_cipher_auth_test_data *tdata, ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, ciphertext_pad_len); memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len); - if (op_mode == OUT_OF_PLACE) - rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len); debug_hexdump(stdout, "ciphertext:", ciphertext, ciphertext_len); } else { + /* make sure enough space to cover partial digest verify case */ plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, - plaintext_pad_len); + ciphertext_pad_len); memcpy(plaintext, tdata->plaintext.data, plaintext_len); - if (op_mode == OUT_OF_PLACE) - rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len); debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len); } + if (op_mode == OUT_OF_PLACE) + rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len); + /* Create the operation */ retval = create_wireless_algo_auth_cipher_operation( tdata->digest_enc.data, tdata->digest_enc.len, @@ -7258,27 +7499,30 @@ test_mixed_auth_cipher(const struct mixed_cipher_auth_test_data *tdata, tdata->digest_enc.len); } - /* Validate obuf */ - if (verify) { - TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( - plaintext, - tdata->plaintext.data, - tdata->plaintext.len_bits >> 3, - "Plaintext data not as expected"); - } else { - TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( - ciphertext, - tdata->ciphertext.data, - tdata->validDataLen.len_bits, - "Ciphertext data not as expected"); - + if (!verify) { TEST_ASSERT_BUFFERS_ARE_EQUAL( ut_params->digest, tdata->digest_enc.data, - DIGEST_BYTE_LENGTH_SNOW3G_UIA2, + tdata->digest_enc.len, "Generated auth tag not as expected"); } + if (tdata->cipher_algo != RTE_CRYPTO_CIPHER_NULL) { + if (verify) { + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( + plaintext, + tdata->plaintext.data, + tdata->plaintext.len_bits >> 3, + "Plaintext data not as expected"); + } else { + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( + ciphertext, + tdata->ciphertext.data, + tdata->validDataLen.len_bits, + "Ciphertext data not as expected"); + } + } + TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS, "crypto op processing failed"); @@ -7475,19 +7719,7 @@ test_mixed_auth_cipher_sgl(const struct mixed_cipher_auth_test_data *tdata, tdata->digest_enc.data, tdata->digest_enc.len); } - /* Validate obuf */ - if (verify) { - TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( - plaintext, - tdata->plaintext.data, - tdata->plaintext.len_bits >> 3, - "Plaintext data not as expected"); - } else { - TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( - ciphertext, - tdata->ciphertext.data, - tdata->validDataLen.len_bits, - "Ciphertext data not as expected"); + if (!verify) { TEST_ASSERT_BUFFERS_ARE_EQUAL( digest, tdata->digest_enc.data, @@ -7495,9 +7727,25 @@ test_mixed_auth_cipher_sgl(const struct mixed_cipher_auth_test_data *tdata, "Generated auth tag not as expected"); } - TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS, - "crypto op processing failed"); - + if (tdata->cipher_algo != RTE_CRYPTO_CIPHER_NULL) { + if (verify) { + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( + plaintext, + tdata->plaintext.data, + tdata->plaintext.len_bits >> 3, + "Plaintext data not as expected"); + } else { + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( + ciphertext, + tdata->ciphertext.data, + tdata->validDataLen.len_bits, + "Ciphertext data not as expected"); + } + } + + TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS, + "crypto op processing failed"); + return 0; } @@ -7739,6 +7987,7 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo, uint8_t iv_len) { uint8_t aead_key[key_len]; + int status; struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; @@ -7762,14 +8011,13 @@ create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo, /* Create Crypto session*/ ut_params->sess = rte_cryptodev_sym_session_create( ts_params->session_mpool); + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); - rte_cryptodev_sym_session_init(dev_id, ut_params->sess, + status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess, &ut_params->aead_xform, ts_params->session_priv_mpool); - TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); - - return 0; + return status; } static int @@ -8122,6 +8370,11 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc, struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx( ts_params->valid_devs[0]); + struct rte_cryptodev_info dev_info; + uint64_t feat_flags; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + feat_flags = dev_info.feature_flags; /* Verify the capabilities */ struct rte_security_capability_idx sec_cap_idx; @@ -8143,6 +8396,11 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc, input_vec_len); memcpy(plaintext, input_vec, input_vec_len); + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return TEST_SKIPPED; + } /* Out of place support */ if (oop) { /* @@ -8235,8 +8493,16 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc, ut_params->op->sym->m_dst = ut_params->obuf; /* Process crypto operation */ - if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) - == NULL) { + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) { + /* filling lengths */ + ut_params->op->sym->cipher.data.length = ut_params->op->sym->m_src->pkt_len; + ut_params->op->sym->auth.data.length = ut_params->op->sym->m_src->pkt_len; + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 1, 0, 0); + } else { + ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); + } + if (ut_params->op == NULL) { printf("TestCase %s()-%d line %d failed %s: ", __func__, i, __LINE__, "failed to process sym crypto op"); @@ -8305,10 +8571,21 @@ test_pdcp_proto_SGL(int i, int oop, int to_trn_tbl[16]; int segs = 1; unsigned int trn_data = 0; + struct rte_cryptodev_info dev_info; + uint64_t feat_flags; struct rte_security_ctx *ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx( ts_params->valid_devs[0]); + struct rte_mbuf *temp_mbuf; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + feat_flags = dev_info.feature_flags; + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return -ENOTSUP; + } /* Verify the capabilities */ struct rte_security_capability_idx sec_cap_idx; @@ -8492,8 +8769,23 @@ test_pdcp_proto_SGL(int i, int oop, ut_params->op->sym->m_dst = ut_params->obuf; /* Process crypto operation */ - if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) - == NULL) { + temp_mbuf = ut_params->op->sym->m_src; + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) { + /* filling lengths */ + while (temp_mbuf) { + ut_params->op->sym->cipher.data.length + += temp_mbuf->pkt_len; + ut_params->op->sym->auth.data.length + += temp_mbuf->pkt_len; + temp_mbuf = temp_mbuf->next; + } + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 1, 1, 0, 0); + } else { + ut_params->op = process_crypto_request(ts_params->valid_devs[0], + ut_params->op); + } + if (ut_params->op == NULL) { printf("TestCase %s()-%d line %d failed %s: ", __func__, i, __LINE__, "failed to process sym crypto op"); @@ -8768,6 +9060,50 @@ test_PDCP_SDAP_PROTO_encap_all(void) return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED; } +static int +test_PDCP_PROTO_short_mac(void) +{ + int i = 0, size = 0; + int err, all_err = TEST_SUCCESS; + const struct pdcp_short_mac_test *cur_test; + + size = RTE_DIM(list_pdcp_smac_tests); + + for (i = 0; i < size; i++) { + cur_test = &list_pdcp_smac_tests[i]; + err = test_pdcp_proto( + i, 0, RTE_CRYPTO_CIPHER_OP_ENCRYPT, + RTE_CRYPTO_AUTH_OP_GENERATE, cur_test->data_in, + cur_test->in_len, cur_test->data_out, + cur_test->in_len + ((cur_test->auth_key) ? 4 : 0), + RTE_CRYPTO_CIPHER_NULL, NULL, + 0, cur_test->param.auth_alg, + cur_test->auth_key, cur_test->param.auth_key_len, + 0, cur_test->param.domain, 0, 0, + 0, 0, 0); + if (err) { + printf("\t%d) %s: Short MAC test failed\n", + cur_test->test_idx, + cur_test->param.name); + err = TEST_FAILED; + } else { + printf("\t%d) %s: Short MAC test PASS\n", + cur_test->test_idx, + cur_test->param.name); + rte_hexdump(stdout, "MAC I", + cur_test->data_out + cur_test->in_len + 2, + 2); + err = TEST_SUCCESS; + } + all_err += err; + } + + printf("Success: %d, Failure: %d\n", size + all_err, -all_err); + + return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED; + +} + static int test_PDCP_SDAP_PROTO_decap_all(void) { @@ -8811,51 +9147,1121 @@ test_PDCP_SDAP_PROTO_decap_all(void) } static int -test_PDCP_PROTO_all(void) +test_ipsec_proto_process(const struct ipsec_test_data td[], + struct ipsec_test_data res_d[], + int nb_td, + bool silent, + const struct ipsec_test_flags *flags) { + uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000, + 0x0000, 0x001a}; + uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174, + 0xe82c, 0x4887}; + const struct rte_ipv4_hdr *ipv4 = + (const struct rte_ipv4_hdr *)td[0].output_text.data; struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; - struct rte_cryptodev_info dev_info; - int status; + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + struct rte_security_ipsec_xform ipsec_xform; + uint8_t dev_id = ts_params->valid_devs[0]; + enum rte_security_ipsec_sa_direction dir; + struct ipsec_test_data *res_d_tmp = NULL; + int salt_len, i, ret = TEST_SUCCESS; + struct rte_security_ctx *ctx; + uint8_t *input_text; + uint32_t src, dst; + uint32_t verify; - rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); - uint64_t feat_flags = dev_info.feature_flags; + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + gbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; - if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY)) + /* Use first test data to create session */ + + /* Copy IPsec xform */ + memcpy(&ipsec_xform, &td[0].ipsec_xform, sizeof(ipsec_xform)); + + dir = ipsec_xform.direction; + verify = flags->tunnel_hdr_verify; + + memcpy(&src, &ipv4->src_addr, sizeof(ipv4->src_addr)); + memcpy(&dst, &ipv4->dst_addr, sizeof(ipv4->dst_addr)); + + if ((dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && verify) { + if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR) + src += 1; + else if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR) + dst += 1; + } + + if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (td->ipsec_xform.tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, + sizeof(src)); + memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, + sizeof(dst)); + + if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1) + ipsec_xform.tunnel.ipv4.df = 0; + + if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0) + ipsec_xform.tunnel.ipv4.df = 1; + + if (flags->dscp == TEST_IPSEC_SET_DSCP_0_INNER_1) + ipsec_xform.tunnel.ipv4.dscp = 0; + + if (flags->dscp == TEST_IPSEC_SET_DSCP_1_INNER_0) + ipsec_xform.tunnel.ipv4.dscp = + TEST_IPSEC_DSCP_VAL; + + } else { + if (flags->dscp == TEST_IPSEC_SET_DSCP_0_INNER_1) + ipsec_xform.tunnel.ipv6.dscp = 0; + + if (flags->dscp == TEST_IPSEC_SET_DSCP_1_INNER_0) + ipsec_xform.tunnel.ipv6.dscp = + TEST_IPSEC_DSCP_VAL; + + memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src, + sizeof(v6_src)); + memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst, + sizeof(v6_dst)); + } + } + + ctx = rte_cryptodev_get_sec_ctx(dev_id); + + sec_cap_idx.action = ut_params->type; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_IPSEC; + sec_cap_idx.ipsec.proto = ipsec_xform.proto; + sec_cap_idx.ipsec.mode = ipsec_xform.mode; + sec_cap_idx.ipsec.direction = ipsec_xform.direction; + + if (flags->udp_encap) + ipsec_xform.options.udp_encap = 1; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) return TEST_SKIPPED; - /* Set action type */ - ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ? - RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL : - gbl_action_type; + /* Copy cipher session parameters */ + if (td[0].aead) { + memcpy(&ut_params->aead_xform, &td[0].xform.aead, + sizeof(ut_params->aead_xform)); + ut_params->aead_xform.aead.key.data = td[0].key.data; + ut_params->aead_xform.aead.iv.offset = IV_OFFSET; + + /* Verify crypto capabilities */ + if (test_ipsec_crypto_caps_aead_verify( + sec_cap, + &ut_params->aead_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, + "Crypto capabilities not supported\n"); + return TEST_SKIPPED; + } + } else if (td[0].auth_only) { + memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth, + sizeof(ut_params->auth_xform)); + ut_params->auth_xform.auth.key.data = td[0].auth_key.data; + + if (test_ipsec_crypto_caps_auth_verify( + sec_cap, + &ut_params->auth_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, + "Auth crypto capabilities not supported\n"); + return TEST_SKIPPED; + } + } else { + memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher, + sizeof(ut_params->cipher_xform)); + memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth, + sizeof(ut_params->auth_xform)); + ut_params->cipher_xform.cipher.key.data = td[0].key.data; + ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET; + ut_params->auth_xform.auth.key.data = td[0].auth_key.data; - if (security_proto_supported(ut_params->type, - RTE_SECURITY_PROTOCOL_PDCP) < 0) + /* Verify crypto capabilities */ + + if (test_ipsec_crypto_caps_cipher_verify( + sec_cap, + &ut_params->cipher_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, + "Cipher crypto capabilities not supported\n"); + return TEST_SKIPPED; + } + + if (test_ipsec_crypto_caps_auth_verify( + sec_cap, + &ut_params->auth_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, + "Auth crypto capabilities not supported\n"); + return TEST_SKIPPED; + } + } + + if (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0) return TEST_SKIPPED; - status = test_PDCP_PROTO_cplane_encap_all(); - status += test_PDCP_PROTO_cplane_decap_all(); - status += test_PDCP_PROTO_uplane_encap_all(); - status += test_PDCP_PROTO_uplane_decap_all(); - status += test_PDCP_PROTO_SGL_in_place_32B(); - status += test_PDCP_PROTO_SGL_oop_32B_128B(); - status += test_PDCP_PROTO_SGL_oop_32B_40B(); - status += test_PDCP_PROTO_SGL_oop_128B_32B(); - status += test_PDCP_SDAP_PROTO_encap_all(); - status += test_PDCP_SDAP_PROTO_decap_all(); + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + }; + + if (td[0].aead || td[0].aes_gmac) { + salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len); + memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len); + } + + if (td[0].aead) { + sess_conf.ipsec = ipsec_xform; + sess_conf.crypto_xform = &ut_params->aead_xform; + } else if (td[0].auth_only) { + sess_conf.ipsec = ipsec_xform; + sess_conf.crypto_xform = &ut_params->auth_xform; + } else { + sess_conf.ipsec = ipsec_xform; + if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + sess_conf.crypto_xform = &ut_params->cipher_xform; + ut_params->cipher_xform.next = &ut_params->auth_xform; + } else { + sess_conf.crypto_xform = &ut_params->auth_xform; + ut_params->auth_xform.next = &ut_params->cipher_xform; + } + } + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_mpool, + ts_params->session_priv_mpool); + + if (ut_params->sec_session == NULL) + return TEST_SKIPPED; + + for (i = 0; i < nb_td; i++) { + if (flags->antireplay && + (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)) { + sess_conf.ipsec.esn.value = td[i].ipsec_xform.esn.value; + ret = rte_security_session_update(ctx, + ut_params->sec_session, &sess_conf); + if (ret) { + printf("Could not update sequence number in " + "session\n"); + return TEST_SKIPPED; + } + } + + /* Setup source mbuf payload */ + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + input_text = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + td[i].input_text.len); + + memcpy(input_text, td[i].input_text.data, + td[i].input_text.len); + + if (test_ipsec_pkt_update(input_text, flags)) + return TEST_FAILED; + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, + RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (!ut_params->op) { + printf("TestCase %s line %d: %s\n", + __func__, __LINE__, + "failed to allocate crypto op"); + ret = TEST_FAILED; + goto crypto_op_free; + } + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, + ut_params->sec_session); + + /* Set crypto operation mbufs */ + ut_params->op->sym->m_src = ut_params->ibuf; + ut_params->op->sym->m_dst = NULL; + + /* Copy IV in crypto operation when IV generation is disabled */ + if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + ipsec_xform.options.iv_gen_disable == 1) { + uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op, + uint8_t *, + IV_OFFSET); + int len; + + if (td[i].aead) + len = td[i].xform.aead.aead.iv.length; + else if (td[i].aes_gmac) + len = td[i].xform.chain.auth.auth.iv.length; + else + len = td[i].xform.chain.cipher.cipher.iv.length; + + memcpy(iv, td[i].iv.data, len); + } + + /* Process crypto operation */ + process_crypto_request(dev_id, ut_params->op); + + ret = test_ipsec_status_check(&td[i], ut_params->op, flags, dir, + i + 1); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + if (res_d != NULL) + res_d_tmp = &res_d[i]; + + ret = test_ipsec_post_process(ut_params->ibuf, &td[i], + res_d_tmp, silent, flags); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + ret = test_ipsec_stats_verify(ctx, ut_params->sec_session, + flags, dir); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + } + +crypto_op_free: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + return ret; +} + +static int +test_ipsec_proto_known_vec(const void *test_data) +{ + struct ipsec_test_data td_outb; + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + memcpy(&td_outb, test_data, sizeof(td_outb)); + + if (td_outb.aes_gmac || td_outb.aead || + ((td_outb.ipsec_xform.proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) && + (td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL))) { + /* Disable IV gen to be able to test with known vectors */ + td_outb.ipsec_xform.options.iv_gen_disable = 1; + } + + return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags); +} + +static int +test_ipsec_proto_known_vec_inb(const void *test_data) +{ + const struct ipsec_test_data *td = test_data; + struct ipsec_test_flags flags; + struct ipsec_test_data td_inb; + + memset(&flags, 0, sizeof(flags)); + + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) + test_ipsec_td_in_from_out(td, &td_inb); + else + memcpy(&td_inb, td, sizeof(td_inb)); + + return test_ipsec_proto_process(&td_inb, NULL, 1, false, &flags); +} + +static int +test_ipsec_proto_known_vec_fragmented(const void *test_data) +{ + struct ipsec_test_data td_outb; + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + flags.fragment = true; + + memcpy(&td_outb, test_data, sizeof(td_outb)); + + /* Disable IV gen to be able to test with known vectors */ + td_outb.ipsec_xform.options.iv_gen_disable = 1; + + return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags); +} + +static int +test_ipsec_proto_all(const struct ipsec_test_flags *flags) +{ + struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + unsigned int i, nb_pkts = 1, pass_cnt = 0; + int ret; + + if (flags->iv_gen || + flags->sa_expiry_pkts_soft || + flags->sa_expiry_pkts_hard) + nb_pkts = IPSEC_TEST_PACKETS_MAX; + + for (i = 0; i < RTE_DIM(alg_list); i++) { + test_ipsec_td_prepare(alg_list[i].param1, + alg_list[i].param2, + flags, + td_outb, + nb_pkts); + + if (!td_outb->aead) { + enum rte_crypto_cipher_algorithm cipher_alg; + enum rte_crypto_auth_algorithm auth_alg; + + cipher_alg = td_outb->xform.chain.cipher.cipher.algo; + auth_alg = td_outb->xform.chain.auth.auth.algo; + + if (td_outb->aes_gmac && cipher_alg != RTE_CRYPTO_CIPHER_NULL) + continue; + + /* ICV is not applicable for NULL auth */ + if (flags->icv_corrupt && + auth_alg == RTE_CRYPTO_AUTH_NULL) + continue; + + /* IV is not applicable for NULL cipher */ + if (flags->iv_gen && + cipher_alg == RTE_CRYPTO_CIPHER_NULL) + continue; + } + + ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags); + + ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_ipsec_display_alg(alg_list[i].param1, + alg_list[i].param2); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_ipsec_ah_proto_all(const struct ipsec_test_flags *flags) +{ + struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + unsigned int i, nb_pkts = 1, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(ah_alg_list); i++) { + test_ipsec_td_prepare(ah_alg_list[i].param1, + ah_alg_list[i].param2, + flags, + td_outb, + nb_pkts); + + ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags); + + ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_ipsec_display_alg(ah_alg_list[i].param1, + ah_alg_list[i].param2); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_ipsec_proto_display_list(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_ah_tunnel_ipv4(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ah = true; + flags.display_alg = true; + + return test_ipsec_ah_proto_all(&flags); +} + +static int +test_ipsec_proto_ah_transport_ipv4(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ah = true; + flags.transport = true; + + return test_ipsec_ah_proto_all(&flags); +} + +static int +test_ipsec_proto_iv_gen(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.iv_gen = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.sa_expiry_pkts_soft = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_sa_exp_pkts_hard(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.sa_expiry_pkts_hard = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.icv_corrupt = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_udp_encap(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.udp_encap = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_src_dst_addr_verify(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_dst_addr_verify(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.tunnel_hdr_verify = RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_udp_ports_verify(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.udp_encap = true; + flags.udp_ports_verify = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_inner_ip_csum(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ip_csum = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_inner_l4_csum(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.l4_csum = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_v4_in_v4(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = false; + flags.tunnel_ipv6 = false; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_v6_in_v6(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = true; + flags.tunnel_ipv6 = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_v4_in_v6(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = false; + flags.tunnel_ipv6 = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = true; + flags.tunnel_ipv6 = false; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_transport_v4(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = false; + flags.transport = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_transport_l4_csum(const void *data __rte_unused) +{ + struct ipsec_test_flags flags = { + .l4_csum = true, + .transport = true, + }; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_stats(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.stats_success = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_pkt_fragment(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.fragment = true; + + return test_ipsec_proto_all(&flags); + +} + +static int +test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_COPY_DF_INNER_0; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_COPY_DF_INNER_1; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_SET_DF_0_INNER_1; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.df = TEST_IPSEC_SET_DF_1_INNER_0; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_ipv4_copy_dscp_inner_0(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_0; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_ipv4_copy_dscp_inner_1(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_1; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_ipv4_set_dscp_0_inner_1(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + if (gbl_driver_id == rte_cryptodev_driver_id_get( + RTE_STR(CRYPTODEV_NAME_CN9K_PMD))) + return TEST_SKIPPED; + + memset(&flags, 0, sizeof(flags)); + + flags.dscp = TEST_IPSEC_SET_DSCP_0_INNER_1; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_ipv4_set_dscp_1_inner_0(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + if (gbl_driver_id == rte_cryptodev_driver_id_get( + RTE_STR(CRYPTODEV_NAME_CN9K_PMD))) + return TEST_SKIPPED; + + memset(&flags, 0, sizeof(flags)); + + flags.dscp = TEST_IPSEC_SET_DSCP_1_INNER_0; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_ipv6_copy_dscp_inner_0(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = true; + flags.tunnel_ipv6 = true; + flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_0; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_ipv6_copy_dscp_inner_1(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = true; + flags.tunnel_ipv6 = true; + flags.dscp = TEST_IPSEC_COPY_DSCP_INNER_1; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_ipv6_set_dscp_0_inner_1(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + if (gbl_driver_id == rte_cryptodev_driver_id_get( + RTE_STR(CRYPTODEV_NAME_CN9K_PMD))) + return TEST_SKIPPED; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = true; + flags.tunnel_ipv6 = true; + flags.dscp = TEST_IPSEC_SET_DSCP_0_INNER_1; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_ipv6_set_dscp_1_inner_0(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + if (gbl_driver_id == rte_cryptodev_driver_id_get( + RTE_STR(CRYPTODEV_NAME_CN9K_PMD))) + return TEST_SKIPPED; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = true; + flags.tunnel_ipv6 = true; + flags.dscp = TEST_IPSEC_SET_DSCP_1_INNER_0; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_pkt_replay(const void *test_data, const uint64_t esn[], + bool replayed_pkt[], uint32_t nb_pkts, bool esn_en, + uint64_t winsz) +{ + struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_flags flags; + uint32_t i = 0, ret = 0; + + memset(&flags, 0, sizeof(flags)); + flags.antireplay = true; + + for (i = 0; i < nb_pkts; i++) { + memcpy(&td_outb[i], test_data, sizeof(td_outb[i])); + td_outb[i].ipsec_xform.options.iv_gen_disable = 1; + td_outb[i].ipsec_xform.replay_win_sz = winsz; + td_outb[i].ipsec_xform.options.esn = esn_en; + } + + for (i = 0; i < nb_pkts; i++) + td_outb[i].ipsec_xform.esn.value = esn[i]; + + ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, + &flags); + if (ret != TEST_SUCCESS) + return ret; + + test_ipsec_td_update(td_inb, td_outb, nb_pkts, &flags); + + for (i = 0; i < nb_pkts; i++) { + td_inb[i].ipsec_xform.options.esn = esn_en; + /* Set antireplay flag for packets to be dropped */ + td_inb[i].ar_packet = replayed_pkt[i]; + } + + ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true, + &flags); + + return ret; +} + +static int +test_ipsec_proto_pkt_antireplay(const void *test_data, uint64_t winsz) +{ + + uint32_t nb_pkts = 5; + bool replayed_pkt[5]; + uint64_t esn[5]; + + /* 1. Advance the TOP of the window to WS * 2 */ + esn[0] = winsz * 2; + /* 2. Test sequence number within the new window(WS + 1) */ + esn[1] = winsz + 1; + /* 3. Test sequence number less than the window BOTTOM */ + esn[2] = winsz; + /* 4. Test sequence number in the middle of the window */ + esn[3] = winsz + (winsz / 2); + /* 5. Test replay of the packet in the middle of the window */ + esn[4] = winsz + (winsz / 2); + + replayed_pkt[0] = false; + replayed_pkt[1] = false; + replayed_pkt[2] = true; + replayed_pkt[3] = false; + replayed_pkt[4] = true; + + return test_ipsec_pkt_replay(test_data, esn, replayed_pkt, nb_pkts, + false, winsz); +} + +static int +test_ipsec_proto_pkt_antireplay1024(const void *test_data) +{ + return test_ipsec_proto_pkt_antireplay(test_data, 1024); +} + +static int +test_ipsec_proto_pkt_antireplay2048(const void *test_data) +{ + return test_ipsec_proto_pkt_antireplay(test_data, 2048); +} + +static int +test_ipsec_proto_pkt_antireplay4096(const void *test_data) +{ + return test_ipsec_proto_pkt_antireplay(test_data, 4096); +} + +static int +test_ipsec_proto_pkt_esn_antireplay(const void *test_data, uint64_t winsz) +{ + + uint32_t nb_pkts = 7; + bool replayed_pkt[7]; + uint64_t esn[7]; + + /* Set the initial sequence number */ + esn[0] = (uint64_t)(0xFFFFFFFF - winsz); + /* 1. Advance the TOP of the window to (1<<32 + WS/2) */ + esn[1] = (uint64_t)((1ULL << 32) + (winsz / 2)); + /* 2. Test sequence number within new window (1<<32 + WS/2 + 1) */ + esn[2] = (uint64_t)((1ULL << 32) - (winsz / 2) + 1); + /* 3. Test with sequence number within window (1<<32 - 1) */ + esn[3] = (uint64_t)((1ULL << 32) - 1); + /* 4. Test with sequence number within window (1<<32 - 1) */ + esn[4] = (uint64_t)(1ULL << 32); + /* 5. Test with duplicate sequence number within + * new window (1<<32 - 1) + */ + esn[5] = (uint64_t)((1ULL << 32) - 1); + /* 6. Test with duplicate sequence number within new window (1<<32) */ + esn[6] = (uint64_t)(1ULL << 32); + + replayed_pkt[0] = false; + replayed_pkt[1] = false; + replayed_pkt[2] = false; + replayed_pkt[3] = false; + replayed_pkt[4] = false; + replayed_pkt[5] = true; + replayed_pkt[6] = true; + + return test_ipsec_pkt_replay(test_data, esn, replayed_pkt, nb_pkts, + true, winsz); +} + +static int +test_ipsec_proto_pkt_esn_antireplay1024(const void *test_data) +{ + return test_ipsec_proto_pkt_esn_antireplay(test_data, 1024); +} + +static int +test_ipsec_proto_pkt_esn_antireplay2048(const void *test_data) +{ + return test_ipsec_proto_pkt_esn_antireplay(test_data, 2048); +} + +static int +test_ipsec_proto_pkt_esn_antireplay4096(const void *test_data) +{ + return test_ipsec_proto_pkt_esn_antireplay(test_data, 4096); +} + +static int +test_PDCP_PROTO_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + struct rte_cryptodev_info dev_info; + int status; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; + + if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY)) + return TEST_SKIPPED; + + /* Set action type */ + ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ? + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL : + gbl_action_type; + + if (security_proto_supported(ut_params->type, + RTE_SECURITY_PROTOCOL_PDCP) < 0) + return TEST_SKIPPED; + + status = test_PDCP_PROTO_cplane_encap_all(); + status += test_PDCP_PROTO_cplane_decap_all(); + status += test_PDCP_PROTO_uplane_encap_all(); + status += test_PDCP_PROTO_uplane_decap_all(); + status += test_PDCP_PROTO_SGL_in_place_32B(); + status += test_PDCP_PROTO_SGL_oop_32B_128B(); + status += test_PDCP_PROTO_SGL_oop_32B_40B(); + status += test_PDCP_PROTO_SGL_oop_128B_32B(); + status += test_PDCP_SDAP_PROTO_encap_all(); + status += test_PDCP_SDAP_PROTO_decap_all(); + status += test_PDCP_PROTO_short_mac(); + + if (status) + return TEST_FAILED; + else + return TEST_SUCCESS; +} + +static int +test_ipsec_proto_ipv4_ttl_decrement(const void *data __rte_unused) +{ + struct ipsec_test_flags flags = { + .dec_ttl_or_hop_limit = true + }; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_ipv6_hop_limit_decrement(const void *data __rte_unused) +{ + struct ipsec_test_flags flags = { + .ipv6 = true, + .dec_ttl_or_hop_limit = true + }; - if (status) - return TEST_FAILED; - else - return TEST_SUCCESS; + return test_ipsec_proto_all(&flags); } static int -test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) +test_docsis_proto_uplink(const void *data) { + const struct docsis_test_data *d_td = data; struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; - uint8_t *plaintext, *ciphertext; + uint8_t *plaintext = NULL; + uint8_t *ciphertext = NULL; uint8_t *iv_ptr; int32_t cipher_len, crc_len; uint32_t crc_data_len; @@ -8872,6 +10278,15 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) const struct rte_cryptodev_symmetric_capability *sym_cap; int j = 0; + /* Set action type */ + ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ? + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL : + gbl_action_type; + + if (security_proto_supported(ut_params->type, + RTE_SECURITY_PROTOCOL_DOCSIS) < 0) + return TEST_SKIPPED; + sec_cap_idx.action = ut_params->type; sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS; sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_UPLINK; @@ -8934,8 +10349,8 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) ts_params->session_priv_mpool); if (!ut_params->sec_session) { - printf("TestCase %s(%d) line %d: %s\n", - __func__, i, __LINE__, "failed to allocate session"); + printf("Test function %s line %u: failed to allocate session\n", + __func__, __LINE__); ret = TEST_FAILED; goto on_err; } @@ -8944,9 +10359,8 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, RTE_CRYPTO_OP_TYPE_SYMMETRIC); if (!ut_params->op) { - printf("TestCase %s(%d) line %d: %s\n", - __func__, i, __LINE__, - "failed to allocate symmetric crypto operation"); + printf("Test function %s line %u: failed to allocate symmetric " + "crypto operation\n", __func__, __LINE__); ret = TEST_FAILED; goto on_err; } @@ -8985,16 +10399,15 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) /* Process crypto operation */ if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) == NULL) { - printf("TestCase %s(%d) line %d: %s\n", - __func__, i, __LINE__, - "failed to process security crypto op"); + printf("Test function %s line %u: failed to process security " + "crypto op\n", __func__, __LINE__); ret = TEST_FAILED; goto on_err; } if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { - printf("TestCase %s(%d) line %d: %s\n", - __func__, i, __LINE__, "crypto op processing failed"); + printf("Test function %s line %u: failed to process crypto op\n", + __func__, __LINE__); ret = TEST_FAILED; goto on_err; } @@ -9004,8 +10417,8 @@ test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) if (memcmp(plaintext, d_td->plaintext.data, d_td->plaintext.len - crc_data_len)) { - printf("TestCase %s(%d) line %d: %s\n", - __func__, i, __LINE__, "plaintext not as expected\n"); + printf("Test function %s line %u: plaintext not as expected\n", + __func__, __LINE__); rte_hexdump(stdout, "expected", d_td->plaintext.data, d_td->plaintext.len); rte_hexdump(stdout, "actual", plaintext, d_td->plaintext.len); @@ -9028,11 +10441,13 @@ on_err: } static int -test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) +test_docsis_proto_downlink(const void *data) { + const struct docsis_test_data *d_td = data; struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; - uint8_t *plaintext, *ciphertext; + uint8_t *plaintext = NULL; + uint8_t *ciphertext = NULL; uint8_t *iv_ptr; int32_t cipher_len, crc_len; int ret = TEST_SUCCESS; @@ -9048,6 +10463,15 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) const struct rte_cryptodev_symmetric_capability *sym_cap; int j = 0; + /* Set action type */ + ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ? + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL : + gbl_action_type; + + if (security_proto_supported(ut_params->type, + RTE_SECURITY_PROTOCOL_DOCSIS) < 0) + return TEST_SKIPPED; + sec_cap_idx.action = ut_params->type; sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS; sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_DOWNLINK; @@ -9110,8 +10534,8 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) ts_params->session_priv_mpool); if (!ut_params->sec_session) { - printf("TestCase %s(%d) line %d: %s\n", - __func__, i, __LINE__, "failed to allocate session"); + printf("Test function %s line %u: failed to allocate session\n", + __func__, __LINE__); ret = TEST_FAILED; goto on_err; } @@ -9120,9 +10544,8 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, RTE_CRYPTO_OP_TYPE_SYMMETRIC); if (!ut_params->op) { - printf("TestCase %s(%d) line %d: %s\n", - __func__, i, __LINE__, - "failed to allocate security crypto operation"); + printf("Test function %s line %u: failed to allocate symmetric " + "crypto operation\n", __func__, __LINE__); ret = TEST_FAILED; goto on_err; } @@ -9160,16 +10583,15 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) /* Process crypto operation */ if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) == NULL) { - printf("TestCase %s(%d) line %d: %s\n", - __func__, i, __LINE__, - "failed to process security crypto op"); + printf("Test function %s line %u: failed to process crypto op\n", + __func__, __LINE__); ret = TEST_FAILED; goto on_err; } if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { - printf("TestCase %s(%d) line %d: %s\n", - __func__, i, __LINE__, "crypto op processing failed"); + printf("Test function %s line %u: crypto op processing failed\n", + __func__, __LINE__); ret = TEST_FAILED; goto on_err; } @@ -9178,8 +10600,8 @@ test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) ciphertext = plaintext; if (memcmp(ciphertext, d_td->ciphertext.data, d_td->ciphertext.len)) { - printf("TestCase %s(%d) line %d: %s\n", - __func__, i, __LINE__, "ciphertext not as expected\n"); + printf("Test function %s line %u: plaintext not as expected\n", + __func__, __LINE__); rte_hexdump(stdout, "expected", d_td->ciphertext.data, d_td->ciphertext.len); rte_hexdump(stdout, "actual", ciphertext, d_td->ciphertext.len); @@ -9200,133 +10622,6 @@ on_err: return ret; } - -#define TEST_DOCSIS_COUNT(func) do { \ - int ret = func; \ - if (ret == TEST_SUCCESS) { \ - printf("\t%2d)", n++); \ - printf("+++++ PASSED:" #func"\n"); \ - p++; \ - } else if (ret == TEST_SKIPPED) { \ - printf("\t%2d)", n++); \ - printf("~~~~~ SKIPPED:" #func"\n"); \ - s++; \ - } else { \ - printf("\t%2d)", n++); \ - printf("----- FAILED:" #func"\n"); \ - f++; \ - } \ -} while (0) - -static int -test_DOCSIS_PROTO_uplink_all(void) -{ - int p = 0, s = 0, f = 0, n = 0; - - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(1, &docsis_test_case_1)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(2, &docsis_test_case_2)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(3, &docsis_test_case_3)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(4, &docsis_test_case_4)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(5, &docsis_test_case_5)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(6, &docsis_test_case_6)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(7, &docsis_test_case_7)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(8, &docsis_test_case_8)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(9, &docsis_test_case_9)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(10, &docsis_test_case_10)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(11, &docsis_test_case_11)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(12, &docsis_test_case_12)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(13, &docsis_test_case_13)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(14, &docsis_test_case_14)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(15, &docsis_test_case_15)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(16, &docsis_test_case_16)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(17, &docsis_test_case_17)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(18, &docsis_test_case_18)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(19, &docsis_test_case_19)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(20, &docsis_test_case_20)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(21, &docsis_test_case_21)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(22, &docsis_test_case_22)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(23, &docsis_test_case_23)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(24, &docsis_test_case_24)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(25, &docsis_test_case_25)); - TEST_DOCSIS_COUNT(test_docsis_proto_uplink(26, &docsis_test_case_26)); - - if (f) - printf("## %s: %d passed out of %d (%d skipped)\n", - __func__, p, n, s); - - return f; -}; - -static int -test_DOCSIS_PROTO_downlink_all(void) -{ - int p = 0, s = 0, f = 0, n = 0; - - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(1, &docsis_test_case_1)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(2, &docsis_test_case_2)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(3, &docsis_test_case_3)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(4, &docsis_test_case_4)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(5, &docsis_test_case_5)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(6, &docsis_test_case_6)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(7, &docsis_test_case_7)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(8, &docsis_test_case_8)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(9, &docsis_test_case_9)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(10, &docsis_test_case_10)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(11, &docsis_test_case_11)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(12, &docsis_test_case_12)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(13, &docsis_test_case_13)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(14, &docsis_test_case_14)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(15, &docsis_test_case_15)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(16, &docsis_test_case_16)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(17, &docsis_test_case_17)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(18, &docsis_test_case_18)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(19, &docsis_test_case_19)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(20, &docsis_test_case_20)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(21, &docsis_test_case_21)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(22, &docsis_test_case_22)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(23, &docsis_test_case_23)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(24, &docsis_test_case_24)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(25, &docsis_test_case_25)); - TEST_DOCSIS_COUNT(test_docsis_proto_downlink(26, &docsis_test_case_26)); - - if (f) - printf("## %s: %d passed out of %d (%d skipped)\n", - __func__, p, n, s); - - return f; -}; - -static int -test_DOCSIS_PROTO_all(void) -{ - struct crypto_testsuite_params *ts_params = &testsuite_params; - struct crypto_unittest_params *ut_params = &unittest_params; - struct rte_cryptodev_info dev_info; - int status; - - rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); - uint64_t feat_flags = dev_info.feature_flags; - - if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY)) - return TEST_SKIPPED; - - /* Set action type */ - ut_params->type = gbl_action_type == RTE_SECURITY_ACTION_TYPE_NONE ? - RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL : - gbl_action_type; - - if (security_proto_supported(ut_params->type, - RTE_SECURITY_PROTOCOL_DOCSIS) < 0) - return TEST_SKIPPED; - - status = test_DOCSIS_PROTO_uplink_all(); - status += test_DOCSIS_PROTO_downlink_all(); - - if (status) - return TEST_FAILED; - else - return TEST_SUCCESS; -} #endif static int @@ -9934,6 +11229,7 @@ test_authenticated_encryption_oop(const struct aead_test_data *tdata) int retval; uint8_t *ciphertext, *auth_tag; uint16_t plaintext_pad_len; + struct rte_cryptodev_info dev_info; /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; @@ -9943,7 +11239,11 @@ test_authenticated_encryption_oop(const struct aead_test_data *tdata) &cap_idx) == NULL) return TEST_SKIPPED; - if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; + + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) return TEST_SKIPPED; /* not supported with CPU crypto */ @@ -9980,7 +11280,11 @@ test_authenticated_encryption_oop(const struct aead_test_data *tdata) ut_params->op->sym->m_dst = ut_params->obuf; /* Process crypto operation */ - TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 0, 0, 0, 0); + else + TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0], ut_params->op), "failed to process sym crypto op"); TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS, @@ -10026,6 +11330,10 @@ test_authenticated_decryption_oop(const struct aead_test_data *tdata) int retval; uint8_t *plaintext; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; @@ -10040,6 +11348,12 @@ test_authenticated_decryption_oop(const struct aead_test_data *tdata) global_api_test_type == CRYPTODEV_RAW_API_TEST) return TEST_SKIPPED; + if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) && + (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) { + printf("Device does not support RAW data-path APIs.\n"); + return TEST_SKIPPED; + } + /* Create AEAD session */ retval = create_aead_session(ts_params->valid_devs[0], tdata->algo, @@ -10070,7 +11384,11 @@ test_authenticated_decryption_oop(const struct aead_test_data *tdata) ut_params->op->sym->m_dst = ut_params->obuf; /* Process crypto operation */ - TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0], + if (global_api_test_type == CRYPTODEV_RAW_API_TEST) + process_sym_raw_dp_op(ts_params->valid_devs[0], 0, + ut_params->op, 0, 0, 0, 0); + else + TEST_ASSERT_NOT_NULL(process_crypto_request(ts_params->valid_devs[0], ut_params->op), "failed to process sym crypto op"); TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS, @@ -10490,6 +11808,7 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params, const struct HMAC_MD5_vector *test_case) { uint8_t key[64]; + int status; memcpy(key, test_case->key.data, test_case->key.len); @@ -10505,13 +11824,15 @@ static int MD5_HMAC_create_session(struct crypto_testsuite_params *ts_params, ut_params->sess = rte_cryptodev_sym_session_create( ts_params->session_mpool); + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); + if (ut_params->sess == NULL) + return TEST_FAILED; - rte_cryptodev_sym_session_init(ts_params->valid_devs[0], + status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0], ut_params->sess, &ut_params->auth_xform, ts_params->session_priv_mpool); - - if (ut_params->sess == NULL) - return TEST_FAILED; + if (status == -ENOTSUP) + return TEST_SKIPPED; ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); @@ -10724,6 +12045,7 @@ test_multi_session(void) struct rte_cryptodev_sym_session **sessions; uint16_t i; + int status; /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; @@ -10753,14 +12075,17 @@ test_multi_session(void) sessions[i] = rte_cryptodev_sym_session_create( ts_params->session_mpool); - - rte_cryptodev_sym_session_init(ts_params->valid_devs[0], - sessions[i], &ut_params->auth_xform, - ts_params->session_priv_mpool); TEST_ASSERT_NOT_NULL(sessions[i], "Session creation failed at session number %u", i); + status = rte_cryptodev_sym_session_init( + ts_params->valid_devs[0], + sessions[i], &ut_params->auth_xform, + ts_params->session_priv_mpool); + if (status == -ENOTSUP) + return TEST_SKIPPED; + /* Attempt to send a request on each session */ TEST_ASSERT_SUCCESS( test_AES_CBC_HMAC_SHA512_decrypt_perform( sessions[i], @@ -10853,6 +12178,7 @@ test_multi_session_random_usage(void) }, }; + int status; /* Verify the capabilities */ struct rte_cryptodev_sym_capability_idx cap_idx; @@ -10876,6 +12202,9 @@ test_multi_session_random_usage(void) for (i = 0; i < MB_SESSION_NUMBER; i++) { sessions[i] = rte_cryptodev_sym_session_create( ts_params->session_mpool); + TEST_ASSERT_NOT_NULL(sessions[i], + "Session creation failed at session number %u", + i); rte_memcpy(&ut_paramz[i].ut_params, &unittest_params, sizeof(struct crypto_unittest_params)); @@ -10885,16 +12214,16 @@ test_multi_session_random_usage(void) ut_paramz[i].cipher_key, ut_paramz[i].hmac_key); /* Create multiple crypto sessions*/ - rte_cryptodev_sym_session_init( + status = rte_cryptodev_sym_session_init( ts_params->valid_devs[0], sessions[i], &ut_paramz[i].ut_params.auth_xform, ts_params->session_priv_mpool); - TEST_ASSERT_NOT_NULL(sessions[i], - "Session creation failed at session number %u", - i); + if (status == -ENOTSUP) + return TEST_SKIPPED; + TEST_ASSERT_EQUAL(status, 0, "Session init failed"); } srand(time(NULL)); @@ -11006,6 +12335,7 @@ test_null_burst_operation(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; + int status; unsigned i, burst_len = NULL_BURST_LENGTH; @@ -11033,12 +12363,17 @@ test_null_burst_operation(void) ut_params->sess = rte_cryptodev_sym_session_create( ts_params->session_mpool); + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); /* Create Crypto session*/ - rte_cryptodev_sym_session_init(ts_params->valid_devs[0], + status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0], ut_params->sess, &ut_params->cipher_xform, ts_params->session_priv_mpool); - TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); + + if (status == -ENOTSUP) + return TEST_SKIPPED; + + TEST_ASSERT_EQUAL(status, 0, "Session init failed"); TEST_ASSERT_EQUAL(rte_crypto_op_bulk_alloc(ts_params->op_mpool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, burst, burst_len), @@ -11436,6 +12771,7 @@ static int create_gmac_session(uint8_t dev_id, enum rte_crypto_auth_operation auth_op) { uint8_t auth_key[tdata->key.len]; + int status; struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; @@ -11456,14 +12792,13 @@ static int create_gmac_session(uint8_t dev_id, ut_params->sess = rte_cryptodev_sym_session_create( ts_params->session_mpool); + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); - rte_cryptodev_sym_session_init(dev_id, ut_params->sess, + status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess, &ut_params->auth_xform, ts_params->session_priv_mpool); - TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); - - return 0; + return status; } static int @@ -11501,6 +12836,8 @@ test_AES_GMAC_authentication(const struct gmac_test_data *tdata) retval = create_gmac_session(ts_params->valid_devs[0], tdata, RTE_CRYPTO_AUTH_OP_GENERATE); + if (retval == -ENOTSUP) + return TEST_SKIPPED; if (retval < 0) return retval; @@ -11630,6 +12967,8 @@ test_AES_GMAC_authentication_verify(const struct gmac_test_data *tdata) retval = create_gmac_session(ts_params->valid_devs[0], tdata, RTE_CRYPTO_AUTH_OP_VERIFY); + if (retval == -ENOTSUP) + return TEST_SKIPPED; if (retval < 0) return retval; @@ -11757,6 +13096,8 @@ test_AES_GMAC_authentication_SGL(const struct gmac_test_data *tdata, retval = create_gmac_session(ts_params->valid_devs[0], tdata, RTE_CRYPTO_AUTH_OP_GENERATE); + if (retval == -ENOTSUP) + return TEST_SKIPPED; if (retval < 0) return retval; @@ -12086,6 +13427,7 @@ create_auth_session(struct crypto_unittest_params *ut_params, { struct crypto_testsuite_params *ts_params = &testsuite_params; uint8_t auth_key[reference->auth_key.len + 1]; + int status; memcpy(auth_key, reference->auth_key.data, reference->auth_key.len); @@ -12101,14 +13443,13 @@ create_auth_session(struct crypto_unittest_params *ut_params, /* Create Crypto session*/ ut_params->sess = rte_cryptodev_sym_session_create( ts_params->session_mpool); + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); - rte_cryptodev_sym_session_init(dev_id, ut_params->sess, + status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess, &ut_params->auth_xform, ts_params->session_priv_mpool); - TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); - - return 0; + return status; } static int @@ -12121,6 +13462,7 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params, struct crypto_testsuite_params *ts_params = &testsuite_params; uint8_t cipher_key[reference->cipher_key.len + 1]; uint8_t auth_key[reference->auth_key.len + 1]; + int status; memcpy(cipher_key, reference->cipher_key.data, reference->cipher_key.len); @@ -12154,14 +13496,13 @@ create_auth_cipher_session(struct crypto_unittest_params *ut_params, /* Create Crypto session*/ ut_params->sess = rte_cryptodev_sym_session_create( ts_params->session_mpool); + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); - rte_cryptodev_sym_session_init(dev_id, ut_params->sess, + status = rte_cryptodev_sym_session_init(dev_id, ut_params->sess, &ut_params->auth_xform, ts_params->session_priv_mpool); - TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); - - return 0; + return status; } static int @@ -12377,6 +13718,9 @@ test_authentication_verify_fail_when_data_corruption( ts_params->valid_devs[0], reference, RTE_CRYPTO_AUTH_OP_VERIFY); + + if (retval == -ENOTSUP) + return TEST_SKIPPED; if (retval < 0) return retval; @@ -12419,10 +13763,13 @@ test_authentication_verify_fail_when_data_corruption( else { ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); - TEST_ASSERT_NULL(ut_params->op, "authentication not failed"); } + if (ut_params->op == NULL) + return 0; + else if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) + return 0; - return 0; + return -1; } static int @@ -12549,6 +13896,9 @@ test_authenticated_decryption_fail_when_corruption( reference, RTE_CRYPTO_AUTH_OP_VERIFY, RTE_CRYPTO_CIPHER_OP_DECRYPT); + + if (retval == -ENOTSUP) + return TEST_SKIPPED; if (retval < 0) return retval; @@ -12610,6 +13960,7 @@ test_authenticated_encrypt_with_esn( uint8_t cipher_key[reference->cipher_key.len + 1]; uint8_t auth_key[reference->auth_key.len + 1]; struct rte_cryptodev_info dev_info; + int status; rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); uint64_t feat_flags = dev_info.feature_flags; @@ -12661,13 +14012,17 @@ test_authenticated_encrypt_with_esn( /* Create Crypto session*/ ut_params->sess = rte_cryptodev_sym_session_create( ts_params->session_mpool); + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); - rte_cryptodev_sym_session_init(ts_params->valid_devs[0], + status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0], ut_params->sess, &ut_params->cipher_xform, ts_params->session_priv_mpool); - TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); + if (status == -ENOTSUP) + return TEST_SKIPPED; + + TEST_ASSERT_EQUAL(status, 0, "Session init failed"); ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); TEST_ASSERT_NOT_NULL(ut_params->ibuf, @@ -12793,13 +14148,17 @@ test_authenticated_decrypt_with_esn( /* Create Crypto session*/ ut_params->sess = rte_cryptodev_sym_session_create( ts_params->session_mpool); + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); - rte_cryptodev_sym_session_init(ts_params->valid_devs[0], + retval = rte_cryptodev_sym_session_init(ts_params->valid_devs[0], ut_params->sess, &ut_params->auth_xform, ts_params->session_priv_mpool); - TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); + if (retval == -ENOTSUP) + return TEST_SKIPPED; + + TEST_ASSERT_EQUAL(retval, 0, "Session init failed"); ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); TEST_ASSERT_NOT_NULL(ut_params->ibuf, @@ -13412,6 +14771,14 @@ test_chacha20_poly1305_decrypt_test_case_rfc8439(void) return test_authenticated_decryption(&chacha20_poly1305_case_rfc8439); } +static int +test_chacha20_poly1305_encrypt_SGL_out_of_place(void) +{ + return test_authenticated_encryption_SGL( + &chacha20_poly1305_case_2, OUT_OF_PLACE, 32, + chacha20_poly1305_case_2.plaintext.len); +} + #ifdef RTE_CRYPTO_SCHEDULER /* global AESNI worker IDs for the scheduler test */ @@ -13475,31 +14842,32 @@ test_scheduler_attach_worker_op(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; uint8_t sched_id = ts_params->valid_devs[0]; - uint32_t nb_devs, i, nb_devs_attached = 0; + uint32_t i, nb_devs_attached = 0; int ret; char vdev_name[32]; + unsigned int count = rte_cryptodev_count(); - /* create 2 AESNI_MB if necessary */ - nb_devs = rte_cryptodev_device_count_by_driver( - rte_cryptodev_driver_id_get( - RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD))); - if (nb_devs < 2) { - for (i = nb_devs; i < 2; i++) { - snprintf(vdev_name, sizeof(vdev_name), "%s_%u", - RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD), - i); - ret = rte_vdev_init(vdev_name, NULL); + /* create 2 AESNI_MB vdevs on top of existing devices */ + for (i = count; i < count + 2; i++) { + snprintf(vdev_name, sizeof(vdev_name), "%s_%u", + RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD), + i); + ret = rte_vdev_init(vdev_name, NULL); - TEST_ASSERT(ret == 0, - "Failed to create instance %u of" - " pmd : %s", - i, RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)); + TEST_ASSERT(ret == 0, + "Failed to create instance %u of" + " pmd : %s", + i, RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)); + + if (ret < 0) { + RTE_LOG(ERR, USER1, + "Failed to create 2 AESNI MB PMDs.\n"); + return TEST_SKIPPED; } } /* attach 2 AESNI_MB cdevs */ - for (i = 0; i < rte_cryptodev_count() && nb_devs_attached < 2; - i++) { + for (i = count; i < count + 2; i++) { struct rte_cryptodev_info info; unsigned int session_size; @@ -13700,6 +15068,302 @@ static struct unit_test_suite end_testsuite = { }; #ifdef RTE_LIB_SECURITY +static struct unit_test_suite ipsec_proto_testsuite = { + .suite_name = "IPsec Proto Unit Test Suite", + .setup = ipsec_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_192_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_aes_128_cbc_hmac_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_aes_128_cbc_hmac_sha384), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_aes_128_cbc_hmac_sha512), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_aes_128_cbc_hmac_sha256_v6), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_null_aes_xcbc), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (AH tunnel mode IPv4 HMAC-SHA256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_ah_tunnel_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (AH transport mode IPv4 HMAC-SHA256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_ah_transport_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (AH transport mode IPv4 AES-GMAC 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_ah_ipv4_aes_gmac_128), + TEST_CASE_NAMED_WITH_DATA( + "Outbound fragmented packet", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_fragmented, + &pkt_aes_128_gcm_frag), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_192_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_null), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_aes_128_cbc_hmac_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA384 [24B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_aes_128_cbc_hmac_sha384), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA512 [32B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_aes_128_cbc_hmac_sha512), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm_v6), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_aes_128_cbc_hmac_sha256_v6), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_null_aes_xcbc), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (AH tunnel mode IPv4 HMAC-SHA256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_ah_tunnel_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (AH transport mode IPv4 HMAC-SHA256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_ah_transport_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (AH transport mode IPv4 AES-GMAC 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_ah_ipv4_aes_gmac_128), + TEST_CASE_NAMED_ST( + "Combined test alg list", + ut_setup_security, ut_teardown, + test_ipsec_proto_display_list), + TEST_CASE_NAMED_ST( + "Combined test alg list (AH)", + ut_setup_security, ut_teardown, + test_ipsec_proto_ah_tunnel_ipv4), + TEST_CASE_NAMED_ST( + "IV generation", + ut_setup_security, ut_teardown, + test_ipsec_proto_iv_gen), + TEST_CASE_NAMED_ST( + "UDP encapsulation", + ut_setup_security, ut_teardown, + test_ipsec_proto_udp_encap), + TEST_CASE_NAMED_ST( + "UDP encapsulation ports verification test", + ut_setup_security, ut_teardown, + test_ipsec_proto_udp_ports_verify), + TEST_CASE_NAMED_ST( + "SA expiry packets soft", + ut_setup_security, ut_teardown, + test_ipsec_proto_sa_exp_pkts_soft), + TEST_CASE_NAMED_ST( + "SA expiry packets hard", + ut_setup_security, ut_teardown, + test_ipsec_proto_sa_exp_pkts_hard), + TEST_CASE_NAMED_ST( + "Negative test: ICV corruption", + ut_setup_security, ut_teardown, + test_ipsec_proto_err_icv_corrupt), + TEST_CASE_NAMED_ST( + "Tunnel dst addr verification", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_dst_addr_verify), + TEST_CASE_NAMED_ST( + "Tunnel src and dst addr verification", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_src_dst_addr_verify), + TEST_CASE_NAMED_ST( + "Inner IP checksum", + ut_setup_security, ut_teardown, + test_ipsec_proto_inner_ip_csum), + TEST_CASE_NAMED_ST( + "Inner L4 checksum", + ut_setup_security, ut_teardown, + test_ipsec_proto_inner_l4_csum), + TEST_CASE_NAMED_ST( + "Tunnel IPv4 in IPv4", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_v4_in_v4), + TEST_CASE_NAMED_ST( + "Tunnel IPv6 in IPv6", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_v6_in_v6), + TEST_CASE_NAMED_ST( + "Tunnel IPv4 in IPv6", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_v4_in_v6), + TEST_CASE_NAMED_ST( + "Tunnel IPv6 in IPv4", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_v6_in_v4), + TEST_CASE_NAMED_ST( + "Transport IPv4", + ut_setup_security, ut_teardown, + test_ipsec_proto_transport_v4), + TEST_CASE_NAMED_ST( + "AH transport IPv4", + ut_setup_security, ut_teardown, + test_ipsec_proto_ah_transport_ipv4), + TEST_CASE_NAMED_ST( + "Transport l4 checksum", + ut_setup_security, ut_teardown, + test_ipsec_proto_transport_l4_csum), + TEST_CASE_NAMED_ST( + "Statistics: success", + ut_setup_security, ut_teardown, + test_ipsec_proto_stats), + TEST_CASE_NAMED_ST( + "Fragmented packet", + ut_setup_security, ut_teardown, + test_ipsec_proto_pkt_fragment), + TEST_CASE_NAMED_ST( + "Tunnel header copy DF (inner 0)", + ut_setup_security, ut_teardown, + test_ipsec_proto_copy_df_inner_0), + TEST_CASE_NAMED_ST( + "Tunnel header copy DF (inner 1)", + ut_setup_security, ut_teardown, + test_ipsec_proto_copy_df_inner_1), + TEST_CASE_NAMED_ST( + "Tunnel header set DF 0 (inner 1)", + ut_setup_security, ut_teardown, + test_ipsec_proto_set_df_0_inner_1), + TEST_CASE_NAMED_ST( + "Tunnel header set DF 1 (inner 0)", + ut_setup_security, ut_teardown, + test_ipsec_proto_set_df_1_inner_0), + TEST_CASE_NAMED_ST( + "Tunnel header IPv4 copy DSCP (inner 0)", + ut_setup_security, ut_teardown, + test_ipsec_proto_ipv4_copy_dscp_inner_0), + TEST_CASE_NAMED_ST( + "Tunnel header IPv4 copy DSCP (inner 1)", + ut_setup_security, ut_teardown, + test_ipsec_proto_ipv4_copy_dscp_inner_1), + TEST_CASE_NAMED_ST( + "Tunnel header IPv4 set DSCP 0 (inner 1)", + ut_setup_security, ut_teardown, + test_ipsec_proto_ipv4_set_dscp_0_inner_1), + TEST_CASE_NAMED_ST( + "Tunnel header IPv4 set DSCP 1 (inner 0)", + ut_setup_security, ut_teardown, + test_ipsec_proto_ipv4_set_dscp_1_inner_0), + TEST_CASE_NAMED_ST( + "Tunnel header IPv6 copy DSCP (inner 0)", + ut_setup_security, ut_teardown, + test_ipsec_proto_ipv6_copy_dscp_inner_0), + TEST_CASE_NAMED_ST( + "Tunnel header IPv6 copy DSCP (inner 1)", + ut_setup_security, ut_teardown, + test_ipsec_proto_ipv6_copy_dscp_inner_1), + TEST_CASE_NAMED_ST( + "Tunnel header IPv6 set DSCP 0 (inner 1)", + ut_setup_security, ut_teardown, + test_ipsec_proto_ipv6_set_dscp_0_inner_1), + TEST_CASE_NAMED_ST( + "Tunnel header IPv6 set DSCP 1 (inner 0)", + ut_setup_security, ut_teardown, + test_ipsec_proto_ipv6_set_dscp_1_inner_0), + TEST_CASE_NAMED_WITH_DATA( + "Antireplay with window size 1024", + ut_setup_security, ut_teardown, + test_ipsec_proto_pkt_antireplay1024, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Antireplay with window size 2048", + ut_setup_security, ut_teardown, + test_ipsec_proto_pkt_antireplay2048, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Antireplay with window size 4096", + ut_setup_security, ut_teardown, + test_ipsec_proto_pkt_antireplay4096, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "ESN and Antireplay with window size 1024", + ut_setup_security, ut_teardown, + test_ipsec_proto_pkt_esn_antireplay1024, + &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "ESN and Antireplay with window size 2048", + ut_setup_security, ut_teardown, + test_ipsec_proto_pkt_esn_antireplay2048, + &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "ESN and Antireplay with window size 4096", + ut_setup_security, ut_teardown, + test_ipsec_proto_pkt_esn_antireplay4096, + &pkt_aes_128_gcm), + TEST_CASE_NAMED_ST( + "Tunnel header IPv4 decrement inner TTL", + ut_setup_security, ut_teardown, + test_ipsec_proto_ipv4_ttl_decrement), + TEST_CASE_NAMED_ST( + "Tunnel header IPv6 decrement inner hop limit", + ut_setup_security, ut_teardown, + test_ipsec_proto_ipv6_hop_limit_decrement), + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + static struct unit_test_suite pdcp_proto_testsuite = { .suite_name = "PDCP Proto Unit Test Suite", .setup = pdcp_proto_testsuite_setup, @@ -13710,12 +15374,72 @@ static struct unit_test_suite pdcp_proto_testsuite = { } }; +#define ADD_UPLINK_TESTCASE(data) \ + TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security, \ + ut_teardown, test_docsis_proto_uplink, (const void *) &data), \ + +#define ADD_DOWNLINK_TESTCASE(data) \ + TEST_CASE_NAMED_WITH_DATA(data.test_descr_downlink, ut_setup_security, \ + ut_teardown, test_docsis_proto_downlink, (const void *) &data), \ + static struct unit_test_suite docsis_proto_testsuite = { - .suite_name = "Docsis Proto Unit Test Suite", + .suite_name = "DOCSIS Proto Unit Test Suite", .setup = docsis_proto_testsuite_setup, .unit_test_cases = { - TEST_CASE_ST(ut_setup_security, ut_teardown, - test_DOCSIS_PROTO_all), + /* Uplink */ + ADD_UPLINK_TESTCASE(docsis_test_case_1) + ADD_UPLINK_TESTCASE(docsis_test_case_2) + ADD_UPLINK_TESTCASE(docsis_test_case_3) + ADD_UPLINK_TESTCASE(docsis_test_case_4) + ADD_UPLINK_TESTCASE(docsis_test_case_5) + ADD_UPLINK_TESTCASE(docsis_test_case_6) + ADD_UPLINK_TESTCASE(docsis_test_case_7) + ADD_UPLINK_TESTCASE(docsis_test_case_8) + ADD_UPLINK_TESTCASE(docsis_test_case_9) + ADD_UPLINK_TESTCASE(docsis_test_case_10) + ADD_UPLINK_TESTCASE(docsis_test_case_11) + ADD_UPLINK_TESTCASE(docsis_test_case_12) + ADD_UPLINK_TESTCASE(docsis_test_case_13) + ADD_UPLINK_TESTCASE(docsis_test_case_14) + ADD_UPLINK_TESTCASE(docsis_test_case_15) + ADD_UPLINK_TESTCASE(docsis_test_case_16) + ADD_UPLINK_TESTCASE(docsis_test_case_17) + ADD_UPLINK_TESTCASE(docsis_test_case_18) + ADD_UPLINK_TESTCASE(docsis_test_case_19) + ADD_UPLINK_TESTCASE(docsis_test_case_20) + ADD_UPLINK_TESTCASE(docsis_test_case_21) + ADD_UPLINK_TESTCASE(docsis_test_case_22) + ADD_UPLINK_TESTCASE(docsis_test_case_23) + ADD_UPLINK_TESTCASE(docsis_test_case_24) + ADD_UPLINK_TESTCASE(docsis_test_case_25) + ADD_UPLINK_TESTCASE(docsis_test_case_26) + /* Downlink */ + ADD_DOWNLINK_TESTCASE(docsis_test_case_1) + ADD_DOWNLINK_TESTCASE(docsis_test_case_2) + ADD_DOWNLINK_TESTCASE(docsis_test_case_3) + ADD_DOWNLINK_TESTCASE(docsis_test_case_4) + ADD_DOWNLINK_TESTCASE(docsis_test_case_5) + ADD_DOWNLINK_TESTCASE(docsis_test_case_6) + ADD_DOWNLINK_TESTCASE(docsis_test_case_7) + ADD_DOWNLINK_TESTCASE(docsis_test_case_8) + ADD_DOWNLINK_TESTCASE(docsis_test_case_9) + ADD_DOWNLINK_TESTCASE(docsis_test_case_10) + ADD_DOWNLINK_TESTCASE(docsis_test_case_11) + ADD_DOWNLINK_TESTCASE(docsis_test_case_12) + ADD_DOWNLINK_TESTCASE(docsis_test_case_13) + ADD_DOWNLINK_TESTCASE(docsis_test_case_14) + ADD_DOWNLINK_TESTCASE(docsis_test_case_15) + ADD_DOWNLINK_TESTCASE(docsis_test_case_16) + ADD_DOWNLINK_TESTCASE(docsis_test_case_17) + ADD_DOWNLINK_TESTCASE(docsis_test_case_18) + ADD_DOWNLINK_TESTCASE(docsis_test_case_19) + ADD_DOWNLINK_TESTCASE(docsis_test_case_20) + ADD_DOWNLINK_TESTCASE(docsis_test_case_21) + ADD_DOWNLINK_TESTCASE(docsis_test_case_22) + ADD_DOWNLINK_TESTCASE(docsis_test_case_23) + ADD_DOWNLINK_TESTCASE(docsis_test_case_24) + ADD_DOWNLINK_TESTCASE(docsis_test_case_25) + ADD_DOWNLINK_TESTCASE(docsis_test_case_26) TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -14019,6 +15743,8 @@ static struct unit_test_suite cryptodev_chacha20_poly1305_testsuite = { test_chacha20_poly1305_encrypt_test_case_rfc8439), TEST_CASE_ST(ut_setup, ut_teardown, test_chacha20_poly1305_decrypt_test_case_rfc8439), + TEST_CASE_ST(ut_setup, ut_teardown, + test_chacha20_poly1305_encrypt_SGL_out_of_place), TEST_CASES_END() } }; @@ -14172,6 +15898,13 @@ static struct unit_test_suite cryptodev_zuc_testsuite = { test_zuc_hash_generate_test_case_7), TEST_CASE_ST(ut_setup, ut_teardown, test_zuc_hash_generate_test_case_8), + TEST_CASE_ST(ut_setup, ut_teardown, + test_zuc_hash_generate_test_case_9), + TEST_CASE_ST(ut_setup, ut_teardown, + test_zuc_hash_generate_test_case_10), + TEST_CASE_ST(ut_setup, ut_teardown, + test_zuc_hash_generate_test_case_11), + /** ZUC alg-chain (EEA3/EIA3) */ TEST_CASE_ST(ut_setup, ut_teardown, @@ -14198,6 +15931,19 @@ static struct unit_test_suite cryptodev_zuc_testsuite = { test_zuc_auth_cipher_verify_test_case_1_sgl), TEST_CASE_ST(ut_setup, ut_teardown, test_zuc_auth_cipher_verify_test_case_1_oop_sgl), + + /** ZUC-256 encrypt only **/ + TEST_CASE_ST(ut_setup, ut_teardown, + test_zuc256_encryption_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_zuc256_encryption_test_case_2), + + /** ZUC-256 authentication only **/ + TEST_CASE_ST(ut_setup, ut_teardown, + test_zuc256_authentication_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_zuc256_authentication_test_case_2), + TEST_CASES_END() } }; @@ -14278,7 +16024,6 @@ static struct unit_test_suite cryptodev_kasumi_testsuite = { test_kasumi_decryption_test_case_5), TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_decryption_test_case_1_oop), - TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_cipher_auth_test_case_1), @@ -14486,6 +16231,7 @@ run_cryptodev_testsuite(const char *pmd_name) &cryptodev_negative_hmac_sha1_testsuite, &cryptodev_gen_testsuite, #ifdef RTE_LIB_SECURITY + &ipsec_proto_testsuite, &pdcp_proto_testsuite, &docsis_proto_testsuite, #endif @@ -14517,6 +16263,41 @@ run_cryptodev_testsuite(const char *pmd_name) return ret; } +static int +require_feature_flag(const char *pmd_name, uint64_t flag, const char *flag_name) +{ + struct rte_cryptodev_info dev_info; + uint8_t i, nb_devs; + int driver_id; + + driver_id = rte_cryptodev_driver_id_get(pmd_name); + if (driver_id == -1) { + RTE_LOG(WARNING, USER1, "%s PMD must be loaded.\n", pmd_name); + return TEST_SKIPPED; + } + + nb_devs = rte_cryptodev_count(); + if (nb_devs < 1) { + RTE_LOG(WARNING, USER1, "No crypto devices found?\n"); + return TEST_SKIPPED; + } + + for (i = 0; i < nb_devs; i++) { + rte_cryptodev_info_get(i, &dev_info); + if (dev_info.driver_id == driver_id) { + if (!(dev_info.feature_flags & flag)) { + RTE_LOG(INFO, USER1, "%s not supported\n", + flag_name); + return TEST_SKIPPED; + } + return 0; /* found */ + } + } + + RTE_LOG(INFO, USER1, "%s not supported\n", flag_name); + return TEST_SKIPPED; +} + static int test_cryptodev_qat(void) { @@ -14546,6 +16327,17 @@ test_cryptodev_cpu_aesni_mb(void) return rc; } +static int +test_cryptodev_chacha_poly_mb(void) +{ + int32_t rc; + enum rte_security_session_action_type at = gbl_action_type; + rc = run_cryptodev_testsuite( + RTE_STR(CRYPTODEV_NAME_CHACHA20_POLY1305_PMD)); + gbl_action_type = at; + return rc; +} + static int test_cryptodev_openssl(void) { @@ -14745,12 +16537,6 @@ test_cryptodev_octeontx(void) return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_OCTEONTX_SYM_PMD)); } -static int -test_cryptodev_octeontx2(void) -{ - return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_OCTEONTX2_PMD)); -} - static int test_cryptodev_caam_jr(void) { @@ -14772,10 +16558,16 @@ test_cryptodev_bcmfs(void) static int test_cryptodev_qat_raw_api(void) { + static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_QAT_SYM_PMD); int ret; + ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP, + "RAW API"); + if (ret) + return ret; + global_api_test_type = CRYPTODEV_RAW_API_TEST; - ret = run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_QAT_SYM_PMD)); + ret = run_cryptodev_testsuite(pmd_name); global_api_test_type = CRYPTODEV_API_TEST; return ret; @@ -14793,12 +16585,54 @@ test_cryptodev_cn10k(void) return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_CN10K_PMD)); } +static int +test_cryptodev_dpaa2_sec_raw_api(void) +{ + static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD); + int ret; + + ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP, + "RAW API"); + if (ret) + return ret; + + global_api_test_type = CRYPTODEV_RAW_API_TEST; + ret = run_cryptodev_testsuite(pmd_name); + global_api_test_type = CRYPTODEV_API_TEST; + + return ret; +} + +static int +test_cryptodev_dpaa_sec_raw_api(void) +{ + static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA_SEC_PMD); + int ret; + + ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP, + "RAW API"); + if (ret) + return ret; + + global_api_test_type = CRYPTODEV_RAW_API_TEST; + ret = run_cryptodev_testsuite(pmd_name); + global_api_test_type = CRYPTODEV_API_TEST; + + return ret; +} + +REGISTER_TEST_COMMAND(cryptodev_dpaa2_sec_raw_api_autotest, + test_cryptodev_dpaa2_sec_raw_api); +REGISTER_TEST_COMMAND(cryptodev_dpaa_sec_raw_api_autotest, + test_cryptodev_dpaa_sec_raw_api); REGISTER_TEST_COMMAND(cryptodev_qat_raw_api_autotest, test_cryptodev_qat_raw_api); REGISTER_TEST_COMMAND(cryptodev_qat_autotest, test_cryptodev_qat); REGISTER_TEST_COMMAND(cryptodev_aesni_mb_autotest, test_cryptodev_aesni_mb); REGISTER_TEST_COMMAND(cryptodev_cpu_aesni_mb_autotest, test_cryptodev_cpu_aesni_mb); +REGISTER_TEST_COMMAND(cryptodev_chacha_poly_mb_autotest, + test_cryptodev_chacha_poly_mb); REGISTER_TEST_COMMAND(cryptodev_openssl_autotest, test_cryptodev_openssl); REGISTER_TEST_COMMAND(cryptodev_aesni_gcm_autotest, test_cryptodev_aesni_gcm); REGISTER_TEST_COMMAND(cryptodev_cpu_aesni_gcm_autotest, @@ -14815,9 +16649,10 @@ REGISTER_TEST_COMMAND(cryptodev_dpaa_sec_autotest, test_cryptodev_dpaa_sec); REGISTER_TEST_COMMAND(cryptodev_ccp_autotest, test_cryptodev_ccp); REGISTER_TEST_COMMAND(cryptodev_virtio_autotest, test_cryptodev_virtio); REGISTER_TEST_COMMAND(cryptodev_octeontx_autotest, test_cryptodev_octeontx); -REGISTER_TEST_COMMAND(cryptodev_octeontx2_autotest, test_cryptodev_octeontx2); REGISTER_TEST_COMMAND(cryptodev_caam_jr_autotest, test_cryptodev_caam_jr); REGISTER_TEST_COMMAND(cryptodev_nitrox_autotest, test_cryptodev_nitrox); REGISTER_TEST_COMMAND(cryptodev_bcmfs_autotest, test_cryptodev_bcmfs); REGISTER_TEST_COMMAND(cryptodev_cn9k_autotest, test_cryptodev_cn9k); REGISTER_TEST_COMMAND(cryptodev_cn10k_autotest, test_cryptodev_cn10k); + +#endif /* !RTE_EXEC_ENV_WINDOWS */