From 8d2905236c3f4c35ad568f07d275f6da507e7a21 Mon Sep 17 00:00:00 2001
From: Anoob Joseph <anoobj@marvell.com>
Date: Mon, 6 Dec 2021 16:37:50 +0530
Subject: [PATCH] test/crypto: add chained operations in combined cases

Extend lookaside IPsec combined mode cases to cover chained
operations also.

Currently covering combinations of Ciphers(AES-128-CBC)
and Auth(NULL, SHA2-256 [16B ICV]).

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_cryptodev.c                | 11 ++--
 app/test/test_cryptodev_security_ipsec.c | 77 ++++++++++++++++++------
 app/test/test_cryptodev_security_ipsec.h | 36 +++++++++++
 3 files changed, 103 insertions(+), 21 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 2cbe371840..b86441433b 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -835,6 +835,8 @@ ipsec_proto_testsuite_setup(void)
 		ret = TEST_SKIPPED;
 	}
 
+	test_ipsec_alg_list_populate();
+
 	/*
 	 * Stop the device. Device would be started again by individual test
 	 * case setup routine.
@@ -9381,9 +9383,9 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 	    flags->sa_expiry_pkts_hard)
 		nb_pkts = IPSEC_TEST_PACKETS_MAX;
 
-	for (i = 0; i < RTE_DIM(aead_list); i++) {
-		test_ipsec_td_prepare(&aead_list[i],
-				      NULL,
+	for (i = 0; i < RTE_DIM(alg_list); i++) {
+		test_ipsec_td_prepare(alg_list[i].param1,
+				      alg_list[i].param2,
 				      flags,
 				      td_outb,
 				      nb_pkts);
@@ -9407,7 +9409,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 			return TEST_FAILED;
 
 		if (flags->display_alg)
-			test_ipsec_display_alg(&aead_list[i], NULL);
+			test_ipsec_display_alg(alg_list[i].param1,
+					       alg_list[i].param2);
 
 		pass_cnt++;
 	}
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 45960bf2a0..5f67dc0aa5 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -15,7 +15,29 @@
 
 #define IV_LEN_MAX 16
 
-extern struct ipsec_test_data pkt_aes_256_gcm;
+struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
+				  (RTE_DIM(cipher_list) *
+				   RTE_DIM(auth_list))];
+
+void
+test_ipsec_alg_list_populate(void)
+{
+	unsigned long i, j, index = 0;
+
+	for (i = 0; i < RTE_DIM(aead_list); i++) {
+		alg_list[index].param1 = &aead_list[i];
+		alg_list[index].param2 = NULL;
+		index++;
+	}
+
+	for (i = 0; i < RTE_DIM(cipher_list); i++) {
+		for (j = 0; j < RTE_DIM(auth_list); j++) {
+			alg_list[index].param1 = &cipher_list[i];
+			alg_list[index].param2 = &auth_list[j];
+			index++;
+		}
+	}
+}
 
 int
 test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
@@ -293,18 +315,31 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
 
 	for (i = 0; i < nb_td; i++) {
 		td = &td_array[i];
-		/* Copy template for packet & key fields */
-		memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
 
-		/* Override fields based on param */
+		/* Prepare fields based on param */
+
+		if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+			/* Copy template for packet & key fields */
+			memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
 
-		if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
 			td->aead = true;
-		else
+			td->xform.aead.aead.algo = param1->alg.aead;
+			td->xform.aead.aead.key.length = param1->key_length;
+		} else {
+			/* Copy template for packet & key fields */
+			memcpy(td, &pkt_aes_128_cbc_hmac_sha256, sizeof(*td));
+
 			td->aead = false;
+			td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
+			td->xform.chain.cipher.cipher.key.length =
+					param1->key_length;
+			td->xform.chain.auth.auth.algo = param2->alg.auth;
+			td->xform.chain.auth.auth.key.length =
+					param2->key_length;
+			td->xform.chain.auth.auth.digest_length =
+					param2->digest_length;
 
-		td->xform.aead.aead.algo = param1->alg.aead;
-		td->xform.aead.aead.key.length = param1->key_length;
+		}
 
 		if (flags->iv_gen)
 			td->ipsec_xform.options.iv_gen_disable = 0;
@@ -324,8 +359,6 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
 		}
 
 	}
-
-	RTE_SET_USED(param2);
 }
 
 void
@@ -374,12 +407,21 @@ void
 test_ipsec_display_alg(const struct crypto_param *param1,
 		       const struct crypto_param *param2)
 {
-	if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
-		printf("\t%s [%d]\n",
+	if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		printf("\t%s [%d]",
 		       rte_crypto_aead_algorithm_strings[param1->alg.aead],
-		       param1->key_length);
-
-	RTE_SET_USED(param2);
+		       param1->key_length * 8);
+	} else {
+		printf("\t%s",
+		       rte_crypto_cipher_algorithm_strings[param1->alg.cipher]);
+		if (param1->alg.cipher != RTE_CRYPTO_CIPHER_NULL)
+			printf(" [%d]", param1->key_length * 8);
+		printf(" %s",
+		       rte_crypto_auth_algorithm_strings[param2->alg.auth]);
+		if (param2->alg.auth != RTE_CRYPTO_AUTH_NULL)
+			printf(" [%dB ICV]", param2->digest_length);
+	}
+	printf("\n");
 }
 
 static int
@@ -631,8 +673,9 @@ test_ipsec_res_d_prepare(struct rte_mbuf *m, const struct ipsec_test_data *td,
 	if (res_d->aead) {
 		res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
 	} else {
-		printf("Only AEAD supported\n");
-		return TEST_SKIPPED;
+		res_d->xform.chain.cipher.cipher.op =
+				RTE_CRYPTO_CIPHER_OP_DECRYPT;
+		res_d->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
 	}
 
 	return TEST_SUCCESS;
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 70a264aa8c..b1f0ff8843 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -71,6 +71,7 @@ struct crypto_param {
 		enum rte_crypto_aead_algorithm aead;
 	} alg;
 	uint16_t key_length;
+	uint16_t digest_length;
 };
 
 static const struct crypto_param aead_list[] = {
@@ -91,6 +92,41 @@ static const struct crypto_param aead_list[] = {
 	},
 };
 
+static const struct crypto_param cipher_list[] = {
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
+		.key_length = 16,
+	},
+};
+
+static const struct crypto_param auth_list[] = {
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_NULL,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
+		.key_length = 32,
+		.digest_length = 16,
+	},
+};
+
+struct crypto_param_comb {
+	const struct crypto_param *param1;
+	const struct crypto_param *param2;
+};
+
+extern struct ipsec_test_data pkt_aes_256_gcm;
+extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
+
+extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
+					 (RTE_DIM(cipher_list) *
+					  RTE_DIM(auth_list))];
+
+void test_ipsec_alg_list_populate(void);
+
 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 			       const struct rte_security_capability *sec_cap,
 			       bool silent);
-- 
2.20.1