From: Tejasree Kondoj Date: Sat, 25 Sep 2021 15:35:31 +0000 (+0530) Subject: test/crypto: add IV gen cases for IPsec X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=cd928003d8a3d58e6bb29b448d094113a8e4b2e2;p=dpdk.git test/crypto: add IV gen cases for IPsec Added cases to verify IV generated by PMD for lookaside IPsec. The tests compare IV generated for a batch of packets and ensures that IV is not getting repeated in the batch. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj Acked-by: Akhil Goyal Acked-by: Ciara Power --- diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index bfaca1de62..956541ee1c 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9080,6 +9080,9 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; + if (flags->iv_gen) + nb_pkts = IPSEC_TEST_PACKETS_MAX; + for (i = 0; i < RTE_DIM(aead_list); i++) { test_ipsec_td_prepare(&aead_list[i], NULL, @@ -9129,6 +9132,18 @@ test_ipsec_proto_display_list(const void *data __rte_unused) return test_ipsec_proto_all(&flags); } +static int +test_ipsec_proto_iv_gen(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.iv_gen = true; + + return test_ipsec_proto_all(&flags); +} + static int test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) { @@ -14053,6 +14068,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_ipsec_proto_display_list), + TEST_CASE_NAMED_ST( + "IV generation", + ut_setup_security, ut_teardown, + test_ipsec_proto_iv_gen), TEST_CASE_NAMED_ST( "Negative test: ICV corruption", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index aebbe66639..78c7f3a72b 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -4,12 +4,15 @@ #include #include +#include #include #include #include "test.h" #include "test_cryptodev_security_ipsec.h" +#define IV_LEN_MAX 16 + extern struct ipsec_test_data pkt_aes_256_gcm; int @@ -213,6 +216,46 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) return len; } +static int +test_ipsec_iv_verify_push(struct rte_mbuf *m, const struct ipsec_test_data *td) +{ + static uint8_t iv_queue[IV_LEN_MAX * IPSEC_TEST_PACKETS_MAX]; + uint8_t *iv_tmp, *output_text = rte_pktmbuf_mtod(m, uint8_t *); + int i, iv_pos, iv_len; + static int index; + + if (td->aead) + iv_len = td->xform.aead.aead.iv.length - td->salt.len; + else + iv_len = td->xform.chain.cipher.cipher.iv.length; + + iv_pos = test_ipsec_tunnel_hdr_len_get(td) + sizeof(struct rte_esp_hdr); + output_text += iv_pos; + + TEST_ASSERT(iv_len <= IV_LEN_MAX, "IV length greater than supported"); + + /* Compare against previous values */ + for (i = 0; i < index; i++) { + iv_tmp = &iv_queue[i * IV_LEN_MAX]; + + if (memcmp(output_text, iv_tmp, iv_len) == 0) { + printf("IV repeated"); + return TEST_FAILED; + } + } + + /* Save IV for future comparisons */ + + iv_tmp = &iv_queue[index * IV_LEN_MAX]; + memcpy(iv_tmp, output_text, iv_len); + index++; + + if (index == IPSEC_TEST_PACKETS_MAX) + index = 0; + + return TEST_SUCCESS; +} + static int test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, bool silent, const struct ipsec_test_flags *flags) @@ -279,6 +322,15 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, struct ipsec_test_data *res_d, bool silent, const struct ipsec_test_flags *flags) { + int ret; + + if (flags->iv_gen && + td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + ret = test_ipsec_iv_verify_push(m, td); + if (ret != TEST_SUCCESS) + return ret; + } + /* * In case of known vector tests & all inbound tests, res_d provided * would be NULL and output data need to be validated against expected. diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 134fc3aa1c..d2ec63f66a 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -50,6 +50,7 @@ struct ipsec_test_data { struct ipsec_test_flags { bool display_alg; bool icv_corrupt; + bool iv_gen; }; struct crypto_param { diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 22b9865f31..a0998ff2fb 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -100,6 +100,7 @@ New Features * Added known vector tests (AES-GCM 128, 192, 256). * Added tests to verify error reporting with ICV corruption. + * Added tests to verify IV generation. Removed Items