1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
3 */
4
5 #include <time.h>
6
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
9 #include <rte_mbuf.h>
10 #include <rte_malloc.h>
11 #include <rte_memcpy.h>
12 #include <rte_cycles.h>
13 #include <rte_bus_vdev.h>
14 #include <rte_ip.h>
15
16 #include <rte_crypto.h>
17 #include <rte_cryptodev.h>
18 #include <rte_cryptodev_pmd.h>
19 #include <rte_lcore.h>
20 #include <rte_ipsec.h>
21 #include <rte_random.h>
22 #include <rte_esp.h>
23 #include <rte_security_driver.h>
24
25 #include "test.h"
26 #include "test_cryptodev.h"
27
28 #define VDEV_ARGS_SIZE 100
29 #define MAX_NB_SESSIONS 200
30 #define MAX_NB_SAS 2
31 #define REPLAY_WIN_0 0
32 #define REPLAY_WIN_32 32
33 #define REPLAY_WIN_64 64
34 #define REPLAY_WIN_128 128
35 #define REPLAY_WIN_256 256
36 #define DATA_64_BYTES 64
37 #define DATA_80_BYTES 80
38 #define DATA_100_BYTES 100
39 #define ESN_ENABLED 1
40 #define ESN_DISABLED 0
41 #define INBOUND_SPI 7
42 #define OUTBOUND_SPI 17
43 #define BURST_SIZE 32
44 #define REORDER_PKTS 1
45 #define DEQUEUE_COUNT 1000
46
47 struct user_params {
48 enum rte_crypto_sym_xform_type auth;
49 enum rte_crypto_sym_xform_type cipher;
50 enum rte_crypto_sym_xform_type aead;
51
52 char auth_algo[128];
53 char cipher_algo[128];
54 char aead_algo[128];
55 };
56
57 struct ipsec_testsuite_params {
58 struct rte_mempool *mbuf_pool;
59 struct rte_mempool *cop_mpool;
60 struct rte_cryptodev_config conf;
61 struct rte_cryptodev_qp_conf qp_conf;
62
63 uint8_t valid_dev;
64 uint8_t valid_dev_found;
65 };
66
67 struct ipsec_unitest_params {
68 struct rte_crypto_sym_xform cipher_xform;
69 struct rte_crypto_sym_xform auth_xform;
70 struct rte_crypto_sym_xform aead_xform;
71 struct rte_crypto_sym_xform *crypto_xforms;
72
73 struct rte_security_ipsec_xform ipsec_xform;
74
75 struct rte_ipsec_sa_prm sa_prm;
76 struct rte_ipsec_session ss[MAX_NB_SAS];
77
78 struct rte_crypto_op *cop[BURST_SIZE];
79
80 struct rte_mbuf *obuf[BURST_SIZE], *ibuf[BURST_SIZE],
81 *testbuf[BURST_SIZE];
82
83 uint16_t pkt_index;
84 };
85
86 struct ipsec_test_cfg {
87 uint32_t replay_win_sz;
88 uint32_t esn;
89 uint64_t flags;
90 size_t pkt_sz;
91 uint16_t num_pkts;
92 uint32_t reorder_pkts;
93 };
94
95 static const struct ipsec_test_cfg test_cfg[] = {
96 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, 1, 0},
97 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_64_BYTES, BURST_SIZE, 0},
98 {REPLAY_WIN_0, ESN_DISABLED, 0, DATA_80_BYTES, BURST_SIZE,
99 REORDER_PKTS},
100 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, 1, 0},
101 {REPLAY_WIN_32, ESN_ENABLED, 0, DATA_100_BYTES, BURST_SIZE,
102 REORDER_PKTS},
103 {REPLAY_WIN_64, ESN_ENABLED, 0, DATA_64_BYTES, 1, 0},
104 {REPLAY_WIN_128, ESN_ENABLED, RTE_IPSEC_SAFLAG_SQN_ATOM,
105 DATA_80_BYTES, 1, 0},
106 {REPLAY_WIN_256, ESN_DISABLED, 0, DATA_100_BYTES, 1, 0},
107 };
108
109 static const int num_cfg = RTE_DIM(test_cfg);
110 static struct ipsec_testsuite_params testsuite_params = { NULL };
111 static struct ipsec_unitest_params unittest_params;
112 static struct user_params uparams;
113
114 struct supported_cipher_algo {
115 const char *keyword;
116 enum rte_crypto_cipher_algorithm algo;
117 uint16_t iv_len;
118 uint16_t block_size;
119 uint16_t key_len;
120 };
121
122 struct supported_auth_algo {
123 const char *keyword;
124 enum rte_crypto_auth_algorithm algo;
125 uint16_t digest_len;
126 uint16_t key_len;
127 uint8_t key_not_req;
128 };
129
130 const struct supported_cipher_algo cipher_algos[] = {
131 {
132 .keyword = "null",
133 .algo = RTE_CRYPTO_CIPHER_NULL,
134 .iv_len = 0,
135 .block_size = 4,
136 .key_len = 0
137 },
138 };
139
140 const struct supported_auth_algo auth_algos[] = {
141 {
142 .keyword = "null",
143 .algo = RTE_CRYPTO_AUTH_NULL,
144 .digest_len = 0,
145 .key_len = 0,
146 .key_not_req = 1
147 },
148 };
149
150 static int
dummy_sec_create(void * device,struct rte_security_session_conf * conf,struct rte_security_session * sess,struct rte_mempool * mp)151 dummy_sec_create(void *device, struct rte_security_session_conf *conf,
152 struct rte_security_session *sess, struct rte_mempool *mp)
153 {
154 RTE_SET_USED(device);
155 RTE_SET_USED(conf);
156 RTE_SET_USED(mp);
157
158 sess->sess_private_data = NULL;
159 return 0;
160 }
161
162 static int
dummy_sec_destroy(void * device,struct rte_security_session * sess)163 dummy_sec_destroy(void *device, struct rte_security_session *sess)
164 {
165 RTE_SET_USED(device);
166 RTE_SET_USED(sess);
167 return 0;
168 }
169
170 static const struct rte_security_ops dummy_sec_ops = {
171 .session_create = dummy_sec_create,
172 .session_destroy = dummy_sec_destroy,
173 };
174
175 static struct rte_security_ctx dummy_sec_ctx = {
176 .ops = &dummy_sec_ops,
177 };
178
179 static const struct supported_cipher_algo *
find_match_cipher_algo(const char * cipher_keyword)180 find_match_cipher_algo(const char *cipher_keyword)
181 {
182 size_t i;
183
184 for (i = 0; i < RTE_DIM(cipher_algos); i++) {
185 const struct supported_cipher_algo *algo =
186 &cipher_algos[i];
187
188 if (strcmp(cipher_keyword, algo->keyword) == 0)
189 return algo;
190 }
191
192 return NULL;
193 }
194
195 static const struct supported_auth_algo *
find_match_auth_algo(const char * auth_keyword)196 find_match_auth_algo(const char *auth_keyword)
197 {
198 size_t i;
199
200 for (i = 0; i < RTE_DIM(auth_algos); i++) {
201 const struct supported_auth_algo *algo =
202 &auth_algos[i];
203
204 if (strcmp(auth_keyword, algo->keyword) == 0)
205 return algo;
206 }
207
208 return NULL;
209 }
210
211 static void
fill_crypto_xform(struct ipsec_unitest_params * ut_params,const struct supported_auth_algo * auth_algo,const struct supported_cipher_algo * cipher_algo)212 fill_crypto_xform(struct ipsec_unitest_params *ut_params,
213 const struct supported_auth_algo *auth_algo,
214 const struct supported_cipher_algo *cipher_algo)
215 {
216 ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
217 ut_params->cipher_xform.cipher.algo = cipher_algo->algo;
218 ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
219 ut_params->auth_xform.auth.algo = auth_algo->algo;
220
221 if (ut_params->ipsec_xform.direction ==
222 RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
223 ut_params->cipher_xform.cipher.op =
224 RTE_CRYPTO_CIPHER_OP_DECRYPT;
225 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
226 ut_params->cipher_xform.next = NULL;
227 ut_params->auth_xform.next = &ut_params->cipher_xform;
228 ut_params->crypto_xforms = &ut_params->auth_xform;
229 } else {
230 ut_params->cipher_xform.cipher.op =
231 RTE_CRYPTO_CIPHER_OP_ENCRYPT;
232 ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
233 ut_params->auth_xform.next = NULL;
234 ut_params->cipher_xform.next = &ut_params->auth_xform;
235 ut_params->crypto_xforms = &ut_params->cipher_xform;
236 }
237 }
238
239 static int
check_cryptodev_capability(const struct ipsec_unitest_params * ut,uint8_t dev_id)240 check_cryptodev_capability(const struct ipsec_unitest_params *ut,
241 uint8_t dev_id)
242 {
243 struct rte_cryptodev_sym_capability_idx cap_idx;
244 const struct rte_cryptodev_symmetric_capability *cap;
245 int rc = -1;
246
247 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
248 cap_idx.algo.auth = ut->auth_xform.auth.algo;
249 cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);
250
251 if (cap != NULL) {
252 rc = rte_cryptodev_sym_capability_check_auth(cap,
253 ut->auth_xform.auth.key.length,
254 ut->auth_xform.auth.digest_length, 0);
255 if (rc == 0) {
256 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
257 cap_idx.algo.cipher = ut->cipher_xform.cipher.algo;
258 cap = rte_cryptodev_sym_capability_get(
259 dev_id, &cap_idx);
260 if (cap != NULL)
261 rc = rte_cryptodev_sym_capability_check_cipher(
262 cap,
263 ut->cipher_xform.cipher.key.length,
264 ut->cipher_xform.cipher.iv.length);
265 }
266 }
267
268 return rc;
269 }
270
271 static int
testsuite_setup(void)272 testsuite_setup(void)
273 {
274 struct ipsec_testsuite_params *ts_params = &testsuite_params;
275 struct ipsec_unitest_params *ut_params = &unittest_params;
276 const struct supported_auth_algo *auth_algo;
277 const struct supported_cipher_algo *cipher_algo;
278 struct rte_cryptodev_info info;
279 uint32_t i, nb_devs, dev_id;
280 size_t sess_sz;
281 int rc;
282
283 memset(ts_params, 0, sizeof(*ts_params));
284 memset(ut_params, 0, sizeof(*ut_params));
285 memset(&uparams, 0, sizeof(struct user_params));
286
287 uparams.auth = RTE_CRYPTO_SYM_XFORM_AUTH;
288 uparams.cipher = RTE_CRYPTO_SYM_XFORM_CIPHER;
289 uparams.aead = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED;
290 strcpy(uparams.auth_algo, "null");
291 strcpy(uparams.cipher_algo, "null");
292
293 auth_algo = find_match_auth_algo(uparams.auth_algo);
294 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
295 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
296
297 nb_devs = rte_cryptodev_count();
298 if (nb_devs < 1) {
299 RTE_LOG(WARNING, USER1, "No crypto devices found?\n");
300 return TEST_SKIPPED;
301 }
302
303 /* Find first valid crypto device */
304 for (i = 0; i < nb_devs; i++) {
305 rc = check_cryptodev_capability(ut_params, i);
306 if (rc == 0) {
307 ts_params->valid_dev = i;
308 ts_params->valid_dev_found = 1;
309 break;
310 }
311 }
312
313 if (ts_params->valid_dev_found == 0)
314 return TEST_FAILED;
315
316 ts_params->mbuf_pool = rte_pktmbuf_pool_create(
317 "CRYPTO_MBUFPOOL",
318 NUM_MBUFS, MBUF_CACHE_SIZE, 0, MBUF_SIZE,
319 rte_socket_id());
320 if (ts_params->mbuf_pool == NULL) {
321 RTE_LOG(ERR, USER1, "Can't create CRYPTO_MBUFPOOL\n");
322 return TEST_FAILED;
323 }
324
325 ts_params->cop_mpool = rte_crypto_op_pool_create(
326 "MBUF_CRYPTO_SYM_OP_POOL",
327 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
328 NUM_MBUFS, MBUF_CACHE_SIZE,
329 DEFAULT_NUM_XFORMS *
330 sizeof(struct rte_crypto_sym_xform) +
331 MAXIMUM_IV_LENGTH,
332 rte_socket_id());
333 if (ts_params->cop_mpool == NULL) {
334 RTE_LOG(ERR, USER1, "Can't create CRYPTO_OP_POOL\n");
335 return TEST_FAILED;
336 }
337
338 /* Set up all the qps on the first of the valid devices found */
339 dev_id = ts_params->valid_dev;
340
341 rte_cryptodev_info_get(dev_id, &info);
342
343 ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
344 ts_params->conf.socket_id = SOCKET_ID_ANY;
345 ts_params->conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
346
347 sess_sz = rte_cryptodev_sym_get_private_session_size(dev_id);
348 sess_sz = RTE_MAX(sess_sz, sizeof(struct rte_security_session));
349
350 /*
351 * Create mempools for sessions
352 */
353 if (info.sym.max_nb_sessions != 0 &&
354 info.sym.max_nb_sessions < MAX_NB_SESSIONS) {
355 RTE_LOG(ERR, USER1, "Device does not support "
356 "at least %u sessions\n",
357 MAX_NB_SESSIONS);
358 return TEST_FAILED;
359 }
360
361 ts_params->qp_conf.mp_session_private = rte_mempool_create(
362 "test_priv_sess_mp",
363 MAX_NB_SESSIONS,
364 sess_sz,
365 0, 0, NULL, NULL, NULL,
366 NULL, SOCKET_ID_ANY,
367 0);
368
369 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session_private,
370 "private session mempool allocation failed");
371
372 ts_params->qp_conf.mp_session =
373 rte_cryptodev_sym_session_pool_create("test_sess_mp",
374 MAX_NB_SESSIONS, 0, 0, 0, SOCKET_ID_ANY);
375
376 TEST_ASSERT_NOT_NULL(ts_params->qp_conf.mp_session,
377 "session mempool allocation failed");
378
379 TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
380 &ts_params->conf),
381 "Failed to configure cryptodev %u with %u qps",
382 dev_id, ts_params->conf.nb_queue_pairs);
383
384 ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
385
386 TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
387 dev_id, 0, &ts_params->qp_conf,
388 rte_cryptodev_socket_id(dev_id)),
389 "Failed to setup queue pair %u on cryptodev %u",
390 0, dev_id);
391
392 return TEST_SUCCESS;
393 }
394
395 static void
testsuite_teardown(void)396 testsuite_teardown(void)
397 {
398 struct ipsec_testsuite_params *ts_params = &testsuite_params;
399
400 if (ts_params->mbuf_pool != NULL) {
401 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
402 rte_mempool_avail_count(ts_params->mbuf_pool));
403 rte_mempool_free(ts_params->mbuf_pool);
404 ts_params->mbuf_pool = NULL;
405 }
406
407 if (ts_params->cop_mpool != NULL) {
408 RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
409 rte_mempool_avail_count(ts_params->cop_mpool));
410 rte_mempool_free(ts_params->cop_mpool);
411 ts_params->cop_mpool = NULL;
412 }
413
414 /* Free session mempools */
415 if (ts_params->qp_conf.mp_session != NULL) {
416 rte_mempool_free(ts_params->qp_conf.mp_session);
417 ts_params->qp_conf.mp_session = NULL;
418 }
419
420 if (ts_params->qp_conf.mp_session_private != NULL) {
421 rte_mempool_free(ts_params->qp_conf.mp_session_private);
422 ts_params->qp_conf.mp_session_private = NULL;
423 }
424 }
425
426 static int
ut_setup(void)427 ut_setup(void)
428 {
429 struct ipsec_testsuite_params *ts_params = &testsuite_params;
430 struct ipsec_unitest_params *ut_params = &unittest_params;
431
432 /* Clear unit test parameters before running test */
433 memset(ut_params, 0, sizeof(*ut_params));
434
435 /* Reconfigure device to default parameters */
436 ts_params->conf.socket_id = SOCKET_ID_ANY;
437
438 /* Start the device */
439 TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_dev),
440 "Failed to start cryptodev %u",
441 ts_params->valid_dev);
442
443 return TEST_SUCCESS;
444 }
445
446 static void
ut_teardown(void)447 ut_teardown(void)
448 {
449 struct ipsec_testsuite_params *ts_params = &testsuite_params;
450 struct ipsec_unitest_params *ut_params = &unittest_params;
451 int i;
452
453 for (i = 0; i < BURST_SIZE; i++) {
454 /* free crypto operation structure */
455 if (ut_params->cop[i]) {
456 rte_crypto_op_free(ut_params->cop[i]);
457 ut_params->cop[i] = NULL;
458 }
459
460 /*
461 * free mbuf - both obuf and ibuf are usually the same,
462 * so check if they point at the same address is necessary,
463 * to avoid freeing the mbuf twice.
464 */
465 if (ut_params->obuf[i]) {
466 rte_pktmbuf_free(ut_params->obuf[i]);
467 if (ut_params->ibuf[i] == ut_params->obuf[i])
468 ut_params->ibuf[i] = NULL;
469 ut_params->obuf[i] = NULL;
470 }
471 if (ut_params->ibuf[i]) {
472 rte_pktmbuf_free(ut_params->ibuf[i]);
473 ut_params->ibuf[i] = NULL;
474 }
475
476 if (ut_params->testbuf[i]) {
477 rte_pktmbuf_free(ut_params->testbuf[i]);
478 ut_params->testbuf[i] = NULL;
479 }
480 }
481
482 if (ts_params->mbuf_pool != NULL)
483 RTE_LOG(DEBUG, USER1, "CRYPTO_MBUFPOOL count %u\n",
484 rte_mempool_avail_count(ts_params->mbuf_pool));
485
486 /* Stop the device */
487 rte_cryptodev_stop(ts_params->valid_dev);
488 }
489
490 #define IPSEC_MAX_PAD_SIZE UINT8_MAX
491
492 static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
493 1, 2, 3, 4, 5, 6, 7, 8,
494 9, 10, 11, 12, 13, 14, 15, 16,
495 17, 18, 19, 20, 21, 22, 23, 24,
496 25, 26, 27, 28, 29, 30, 31, 32,
497 33, 34, 35, 36, 37, 38, 39, 40,
498 41, 42, 43, 44, 45, 46, 47, 48,
499 49, 50, 51, 52, 53, 54, 55, 56,
500 57, 58, 59, 60, 61, 62, 63, 64,
501 65, 66, 67, 68, 69, 70, 71, 72,
502 73, 74, 75, 76, 77, 78, 79, 80,
503 81, 82, 83, 84, 85, 86, 87, 88,
504 89, 90, 91, 92, 93, 94, 95, 96,
505 97, 98, 99, 100, 101, 102, 103, 104,
506 105, 106, 107, 108, 109, 110, 111, 112,
507 113, 114, 115, 116, 117, 118, 119, 120,
508 121, 122, 123, 124, 125, 126, 127, 128,
509 129, 130, 131, 132, 133, 134, 135, 136,
510 137, 138, 139, 140, 141, 142, 143, 144,
511 145, 146, 147, 148, 149, 150, 151, 152,
512 153, 154, 155, 156, 157, 158, 159, 160,
513 161, 162, 163, 164, 165, 166, 167, 168,
514 169, 170, 171, 172, 173, 174, 175, 176,
515 177, 178, 179, 180, 181, 182, 183, 184,
516 185, 186, 187, 188, 189, 190, 191, 192,
517 193, 194, 195, 196, 197, 198, 199, 200,
518 201, 202, 203, 204, 205, 206, 207, 208,
519 209, 210, 211, 212, 213, 214, 215, 216,
520 217, 218, 219, 220, 221, 222, 223, 224,
521 225, 226, 227, 228, 229, 230, 231, 232,
522 233, 234, 235, 236, 237, 238, 239, 240,
523 241, 242, 243, 244, 245, 246, 247, 248,
524 249, 250, 251, 252, 253, 254, 255,
525 };
526
527 /* ***** data for tests ***** */
528
529 const char null_plain_data[] =
530 "Network Security People Have A Strange Sense Of Humor unlike Other "
531 "People who have a normal sense of humour";
532
533 const char null_encrypted_data[] =
534 "Network Security People Have A Strange Sense Of Humor unlike Other "
535 "People who have a normal sense of humour";
536
537 struct rte_ipv4_hdr ipv4_outer = {
538 .version_ihl = IPVERSION << 4 |
539 sizeof(ipv4_outer) / RTE_IPV4_IHL_MULTIPLIER,
540 .time_to_live = IPDEFTTL,
541 .next_proto_id = IPPROTO_ESP,
542 .src_addr = RTE_IPV4(192, 168, 1, 100),
543 .dst_addr = RTE_IPV4(192, 168, 2, 100),
544 };
545
546 static struct rte_mbuf *
setup_test_string(struct rte_mempool * mpool,const char * string,size_t len,uint8_t blocksize)547 setup_test_string(struct rte_mempool *mpool,
548 const char *string, size_t len, uint8_t blocksize)
549 {
550 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
551 size_t t_len = len - (blocksize ? (len % blocksize) : 0);
552
553 if (m) {
554 memset(m->buf_addr, 0, m->buf_len);
555 char *dst = rte_pktmbuf_append(m, t_len);
556
557 if (!dst) {
558 rte_pktmbuf_free(m);
559 return NULL;
560 }
561 if (string != NULL)
562 rte_memcpy(dst, string, t_len);
563 else
564 memset(dst, 0, t_len);
565 }
566
567 return m;
568 }
569
570 static struct rte_mbuf *
setup_test_string_tunneled(struct rte_mempool * mpool,const char * string,size_t len,uint32_t spi,uint32_t seq)571 setup_test_string_tunneled(struct rte_mempool *mpool, const char *string,
572 size_t len, uint32_t spi, uint32_t seq)
573 {
574 struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
575 uint32_t hdrlen = sizeof(struct rte_ipv4_hdr) +
576 sizeof(struct rte_esp_hdr);
577 uint32_t taillen = sizeof(struct rte_esp_tail);
578 uint32_t t_len = len + hdrlen + taillen;
579 uint32_t padlen;
580
581 struct rte_esp_hdr esph = {
582 .spi = rte_cpu_to_be_32(spi),
583 .seq = rte_cpu_to_be_32(seq)
584 };
585
586 padlen = RTE_ALIGN(t_len, 4) - t_len;
587 t_len += padlen;
588
589 struct rte_esp_tail espt = {
590 .pad_len = padlen,
591 .next_proto = IPPROTO_IPIP,
592 };
593
594 if (m == NULL)
595 return NULL;
596
597 memset(m->buf_addr, 0, m->buf_len);
598 char *dst = rte_pktmbuf_append(m, t_len);
599
600 if (!dst) {
601 rte_pktmbuf_free(m);
602 return NULL;
603 }
604 /* copy outer IP and ESP header */
605 ipv4_outer.total_length = rte_cpu_to_be_16(t_len);
606 ipv4_outer.packet_id = rte_cpu_to_be_16(seq);
607 rte_memcpy(dst, &ipv4_outer, sizeof(ipv4_outer));
608 dst += sizeof(ipv4_outer);
609 m->l3_len = sizeof(ipv4_outer);
610 rte_memcpy(dst, &esph, sizeof(esph));
611 dst += sizeof(esph);
612
613 if (string != NULL) {
614 /* copy payload */
615 rte_memcpy(dst, string, len);
616 dst += len;
617 /* copy pad bytes */
618 rte_memcpy(dst, esp_pad_bytes, padlen);
619 dst += padlen;
620 /* copy ESP tail header */
621 rte_memcpy(dst, &espt, sizeof(espt));
622 } else
623 memset(dst, 0, t_len);
624
625 return m;
626 }
627
628 static int
create_dummy_sec_session(struct ipsec_unitest_params * ut,struct rte_cryptodev_qp_conf * qp,uint32_t j)629 create_dummy_sec_session(struct ipsec_unitest_params *ut,
630 struct rte_cryptodev_qp_conf *qp, uint32_t j)
631 {
632 static struct rte_security_session_conf conf;
633
634 ut->ss[j].security.ses = rte_security_session_create(&dummy_sec_ctx,
635 &conf, qp->mp_session,
636 qp->mp_session_private);
637
638 if (ut->ss[j].security.ses == NULL)
639 return -ENOMEM;
640
641 ut->ss[j].security.ctx = &dummy_sec_ctx;
642 ut->ss[j].security.ol_flags = 0;
643 return 0;
644 }
645
646 static int
create_crypto_session(struct ipsec_unitest_params * ut,struct rte_cryptodev_qp_conf * qp,uint8_t dev_id,uint32_t j)647 create_crypto_session(struct ipsec_unitest_params *ut,
648 struct rte_cryptodev_qp_conf *qp, uint8_t dev_id, uint32_t j)
649 {
650 int32_t rc;
651 struct rte_cryptodev_sym_session *s;
652
653 s = rte_cryptodev_sym_session_create(qp->mp_session);
654 if (s == NULL)
655 return -ENOMEM;
656
657 /* initiliaze SA crypto session for device */
658 rc = rte_cryptodev_sym_session_init(dev_id, s,
659 ut->crypto_xforms, qp->mp_session_private);
660 if (rc == 0) {
661 ut->ss[j].crypto.ses = s;
662 return 0;
663 } else {
664 /* failure, do cleanup */
665 rte_cryptodev_sym_session_clear(dev_id, s);
666 rte_cryptodev_sym_session_free(s);
667 return rc;
668 }
669 }
670
671 static int
create_session(struct ipsec_unitest_params * ut,struct rte_cryptodev_qp_conf * qp,uint8_t crypto_dev,uint32_t j)672 create_session(struct ipsec_unitest_params *ut,
673 struct rte_cryptodev_qp_conf *qp, uint8_t crypto_dev, uint32_t j)
674 {
675 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
676 return create_crypto_session(ut, qp, crypto_dev, j);
677 else
678 return create_dummy_sec_session(ut, qp, j);
679 }
680
681 static int
fill_ipsec_param(uint32_t replay_win_sz,uint64_t flags)682 fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
683 {
684 struct ipsec_unitest_params *ut_params = &unittest_params;
685 struct rte_ipsec_sa_prm *prm = &ut_params->sa_prm;
686 const struct supported_auth_algo *auth_algo;
687 const struct supported_cipher_algo *cipher_algo;
688
689 memset(prm, 0, sizeof(*prm));
690
691 prm->userdata = 1;
692 prm->flags = flags;
693
694 /* setup ipsec xform */
695 prm->ipsec_xform = ut_params->ipsec_xform;
696 prm->ipsec_xform.salt = (uint32_t)rte_rand();
697 prm->ipsec_xform.replay_win_sz = replay_win_sz;
698
699 /* setup tunnel related fields */
700 prm->tun.hdr_len = sizeof(ipv4_outer);
701 prm->tun.next_proto = IPPROTO_IPIP;
702 prm->tun.hdr = &ipv4_outer;
703
704 /* setup crypto section */
705 if (uparams.aead != 0) {
706 /* TODO: will need to fill out with other test cases */
707 } else {
708 if (uparams.auth == 0 && uparams.cipher == 0)
709 return TEST_FAILED;
710
711 auth_algo = find_match_auth_algo(uparams.auth_algo);
712 cipher_algo = find_match_cipher_algo(uparams.cipher_algo);
713
714 fill_crypto_xform(ut_params, auth_algo, cipher_algo);
715 }
716
717 prm->crypto_xform = ut_params->crypto_xforms;
718 return TEST_SUCCESS;
719 }
720
721 static int
create_sa(enum rte_security_session_action_type action_type,uint32_t replay_win_sz,uint64_t flags,uint32_t j)722 create_sa(enum rte_security_session_action_type action_type,
723 uint32_t replay_win_sz, uint64_t flags, uint32_t j)
724 {
725 struct ipsec_testsuite_params *ts = &testsuite_params;
726 struct ipsec_unitest_params *ut = &unittest_params;
727 size_t sz;
728 int rc;
729
730 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
731
732 rc = fill_ipsec_param(replay_win_sz, flags);
733 if (rc != 0)
734 return TEST_FAILED;
735
736 /* create rte_ipsec_sa*/
737 sz = rte_ipsec_sa_size(&ut->sa_prm);
738 TEST_ASSERT(sz > 0, "rte_ipsec_sa_size() failed\n");
739
740 ut->ss[j].sa = rte_zmalloc(NULL, sz, RTE_CACHE_LINE_SIZE);
741 TEST_ASSERT_NOT_NULL(ut->ss[j].sa,
742 "failed to allocate memory for rte_ipsec_sa\n");
743
744 ut->ss[j].type = action_type;
745 rc = create_session(ut, &ts->qp_conf, ts->valid_dev, j);
746 if (rc != 0)
747 return TEST_FAILED;
748
749 rc = rte_ipsec_sa_init(ut->ss[j].sa, &ut->sa_prm, sz);
750 rc = (rc > 0 && (uint32_t)rc <= sz) ? 0 : -EINVAL;
751 if (rc == 0)
752 rc = rte_ipsec_session_prepare(&ut->ss[j]);
753
754 return rc;
755 }
756
757 static int
crypto_dequeue_burst(uint16_t num_pkts)758 crypto_dequeue_burst(uint16_t num_pkts)
759 {
760 struct ipsec_testsuite_params *ts_params = &testsuite_params;
761 struct ipsec_unitest_params *ut_params = &unittest_params;
762 uint32_t pkt_cnt, k;
763 int i;
764
765 for (i = 0, pkt_cnt = 0;
766 i < DEQUEUE_COUNT && pkt_cnt != num_pkts; i++) {
767 k = rte_cryptodev_dequeue_burst(ts_params->valid_dev, 0,
768 &ut_params->cop[pkt_cnt], num_pkts - pkt_cnt);
769 pkt_cnt += k;
770 rte_delay_us(1);
771 }
772
773 if (pkt_cnt != num_pkts) {
774 RTE_LOG(ERR, USER1, "rte_cryptodev_dequeue_burst fail\n");
775 return TEST_FAILED;
776 }
777 return TEST_SUCCESS;
778 }
779
780 static int
crypto_ipsec(uint16_t num_pkts)781 crypto_ipsec(uint16_t num_pkts)
782 {
783 struct ipsec_testsuite_params *ts_params = &testsuite_params;
784 struct ipsec_unitest_params *ut_params = &unittest_params;
785 uint32_t k, ng;
786 struct rte_ipsec_group grp[1];
787
788 /* call crypto prepare */
789 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
790 ut_params->cop, num_pkts);
791 if (k != num_pkts) {
792 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
793 return TEST_FAILED;
794 }
795
796 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
797 ut_params->cop, num_pkts);
798 if (k != num_pkts) {
799 RTE_LOG(ERR, USER1, "rte_cryptodev_enqueue_burst fail\n");
800 return TEST_FAILED;
801 }
802
803 if (crypto_dequeue_burst(num_pkts) == TEST_FAILED)
804 return TEST_FAILED;
805
806 ng = rte_ipsec_pkt_crypto_group(
807 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
808 ut_params->obuf, grp, num_pkts);
809 if (ng != 1 ||
810 grp[0].m[0] != ut_params->obuf[0] ||
811 grp[0].cnt != num_pkts ||
812 grp[0].id.ptr != &ut_params->ss[0]) {
813 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
814 return TEST_FAILED;
815 }
816
817 /* call crypto process */
818 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
819 if (k != num_pkts) {
820 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
821 return TEST_FAILED;
822 }
823
824 return TEST_SUCCESS;
825 }
826
827 static int
lksd_proto_ipsec(uint16_t num_pkts)828 lksd_proto_ipsec(uint16_t num_pkts)
829 {
830 struct ipsec_unitest_params *ut_params = &unittest_params;
831 uint32_t i, k, ng;
832 struct rte_ipsec_group grp[1];
833
834 /* call crypto prepare */
835 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[0], ut_params->ibuf,
836 ut_params->cop, num_pkts);
837 if (k != num_pkts) {
838 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_prepare fail\n");
839 return TEST_FAILED;
840 }
841
842 /* check crypto ops */
843 for (i = 0; i != num_pkts; i++) {
844 TEST_ASSERT_EQUAL(ut_params->cop[i]->type,
845 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
846 "%s: invalid crypto op type for %u-th packet\n",
847 __func__, i);
848 TEST_ASSERT_EQUAL(ut_params->cop[i]->status,
849 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
850 "%s: invalid crypto op status for %u-th packet\n",
851 __func__, i);
852 TEST_ASSERT_EQUAL(ut_params->cop[i]->sess_type,
853 RTE_CRYPTO_OP_SECURITY_SESSION,
854 "%s: invalid crypto op sess_type for %u-th packet\n",
855 __func__, i);
856 TEST_ASSERT_EQUAL(ut_params->cop[i]->sym->m_src,
857 ut_params->ibuf[i],
858 "%s: invalid crypto op m_src for %u-th packet\n",
859 __func__, i);
860 }
861
862 /* update crypto ops, pretend all finished ok */
863 for (i = 0; i != num_pkts; i++)
864 ut_params->cop[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
865
866 ng = rte_ipsec_pkt_crypto_group(
867 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
868 ut_params->obuf, grp, num_pkts);
869 if (ng != 1 ||
870 grp[0].m[0] != ut_params->obuf[0] ||
871 grp[0].cnt != num_pkts ||
872 grp[0].id.ptr != &ut_params->ss[0]) {
873 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail\n");
874 return TEST_FAILED;
875 }
876
877 /* call crypto process */
878 k = rte_ipsec_pkt_process(grp[0].id.ptr, grp[0].m, grp[0].cnt);
879 if (k != num_pkts) {
880 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_process fail\n");
881 return TEST_FAILED;
882 }
883
884 return TEST_SUCCESS;
885 }
886
887 static void
dump_grp_pkt(uint32_t i,struct rte_ipsec_group * grp,uint32_t k)888 dump_grp_pkt(uint32_t i, struct rte_ipsec_group *grp, uint32_t k)
889 {
890 RTE_LOG(ERR, USER1,
891 "After rte_ipsec_pkt_process grp[%d].cnt=%d k=%d fail\n",
892 i, grp[i].cnt, k);
893 RTE_LOG(ERR, USER1,
894 "After rte_ipsec_pkt_process grp[%d].m=%p grp[%d].m[%d]=%p\n",
895 i, grp[i].m, i, k, grp[i].m[k]);
896
897 rte_pktmbuf_dump(stdout, grp[i].m[k], grp[i].m[k]->data_len);
898 }
899
900 static int
crypto_ipsec_2sa(void)901 crypto_ipsec_2sa(void)
902 {
903 struct ipsec_testsuite_params *ts_params = &testsuite_params;
904 struct ipsec_unitest_params *ut_params = &unittest_params;
905 struct rte_ipsec_group grp[BURST_SIZE];
906 uint32_t k, ng, i, r;
907
908 for (i = 0; i < BURST_SIZE; i++) {
909 r = i % 2;
910 /* call crypto prepare */
911 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[r],
912 ut_params->ibuf + i, ut_params->cop + i, 1);
913 if (k != 1) {
914 RTE_LOG(ERR, USER1,
915 "rte_ipsec_pkt_crypto_prepare fail\n");
916 return TEST_FAILED;
917 }
918 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
919 ut_params->cop + i, 1);
920 if (k != 1) {
921 RTE_LOG(ERR, USER1,
922 "rte_cryptodev_enqueue_burst fail\n");
923 return TEST_FAILED;
924 }
925 }
926
927 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
928 return TEST_FAILED;
929
930 ng = rte_ipsec_pkt_crypto_group(
931 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
932 ut_params->obuf, grp, BURST_SIZE);
933 if (ng != BURST_SIZE) {
934 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
935 ng);
936 return TEST_FAILED;
937 }
938
939 /* call crypto process */
940 for (i = 0; i < ng; i++) {
941 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
942 if (k != grp[i].cnt) {
943 dump_grp_pkt(i, grp, k);
944 return TEST_FAILED;
945 }
946 }
947 return TEST_SUCCESS;
948 }
949
950 #define PKT_4 4
951 #define PKT_12 12
952 #define PKT_21 21
953
954 static uint32_t
crypto_ipsec_4grp(uint32_t pkt_num)955 crypto_ipsec_4grp(uint32_t pkt_num)
956 {
957 uint32_t sa_ind;
958
959 /* group packets in 4 different size groups groups, 2 per SA */
960 if (pkt_num < PKT_4)
961 sa_ind = 0;
962 else if (pkt_num < PKT_12)
963 sa_ind = 1;
964 else if (pkt_num < PKT_21)
965 sa_ind = 0;
966 else
967 sa_ind = 1;
968
969 return sa_ind;
970 }
971
972 static uint32_t
crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind,struct rte_ipsec_group * grp)973 crypto_ipsec_4grp_check_mbufs(uint32_t grp_ind, struct rte_ipsec_group *grp)
974 {
975 struct ipsec_unitest_params *ut_params = &unittest_params;
976 uint32_t i, j;
977 uint32_t rc = 0;
978
979 if (grp_ind == 0) {
980 for (i = 0, j = 0; i < PKT_4; i++, j++)
981 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
982 rc = TEST_FAILED;
983 break;
984 }
985 } else if (grp_ind == 1) {
986 for (i = 0, j = PKT_4; i < (PKT_12 - PKT_4); i++, j++) {
987 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
988 rc = TEST_FAILED;
989 break;
990 }
991 }
992 } else if (grp_ind == 2) {
993 for (i = 0, j = PKT_12; i < (PKT_21 - PKT_12); i++, j++)
994 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
995 rc = TEST_FAILED;
996 break;
997 }
998 } else if (grp_ind == 3) {
999 for (i = 0, j = PKT_21; i < (BURST_SIZE - PKT_21); i++, j++)
1000 if (grp[grp_ind].m[i] != ut_params->obuf[j]) {
1001 rc = TEST_FAILED;
1002 break;
1003 }
1004 } else
1005 rc = TEST_FAILED;
1006
1007 return rc;
1008 }
1009
1010 static uint32_t
crypto_ipsec_4grp_check_cnt(uint32_t grp_ind,struct rte_ipsec_group * grp)1011 crypto_ipsec_4grp_check_cnt(uint32_t grp_ind, struct rte_ipsec_group *grp)
1012 {
1013 uint32_t rc = 0;
1014
1015 if (grp_ind == 0) {
1016 if (grp[grp_ind].cnt != PKT_4)
1017 rc = TEST_FAILED;
1018 } else if (grp_ind == 1) {
1019 if (grp[grp_ind].cnt != PKT_12 - PKT_4)
1020 rc = TEST_FAILED;
1021 } else if (grp_ind == 2) {
1022 if (grp[grp_ind].cnt != PKT_21 - PKT_12)
1023 rc = TEST_FAILED;
1024 } else if (grp_ind == 3) {
1025 if (grp[grp_ind].cnt != BURST_SIZE - PKT_21)
1026 rc = TEST_FAILED;
1027 } else
1028 rc = TEST_FAILED;
1029
1030 return rc;
1031 }
1032
1033 static int
crypto_ipsec_2sa_4grp(void)1034 crypto_ipsec_2sa_4grp(void)
1035 {
1036 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1037 struct ipsec_unitest_params *ut_params = &unittest_params;
1038 struct rte_ipsec_group grp[BURST_SIZE];
1039 uint32_t k, ng, i, j;
1040 uint32_t rc = 0;
1041
1042 for (i = 0; i < BURST_SIZE; i++) {
1043 j = crypto_ipsec_4grp(i);
1044
1045 /* call crypto prepare */
1046 k = rte_ipsec_pkt_crypto_prepare(&ut_params->ss[j],
1047 ut_params->ibuf + i, ut_params->cop + i, 1);
1048 if (k != 1) {
1049 RTE_LOG(ERR, USER1,
1050 "rte_ipsec_pkt_crypto_prepare fail\n");
1051 return TEST_FAILED;
1052 }
1053 k = rte_cryptodev_enqueue_burst(ts_params->valid_dev, 0,
1054 ut_params->cop + i, 1);
1055 if (k != 1) {
1056 RTE_LOG(ERR, USER1,
1057 "rte_cryptodev_enqueue_burst fail\n");
1058 return TEST_FAILED;
1059 }
1060 }
1061
1062 if (crypto_dequeue_burst(BURST_SIZE) == TEST_FAILED)
1063 return TEST_FAILED;
1064
1065 ng = rte_ipsec_pkt_crypto_group(
1066 (const struct rte_crypto_op **)(uintptr_t)ut_params->cop,
1067 ut_params->obuf, grp, BURST_SIZE);
1068 if (ng != 4) {
1069 RTE_LOG(ERR, USER1, "rte_ipsec_pkt_crypto_group fail ng=%d\n",
1070 ng);
1071 return TEST_FAILED;
1072 }
1073
1074 /* call crypto process */
1075 for (i = 0; i < ng; i++) {
1076 k = rte_ipsec_pkt_process(grp[i].id.ptr, grp[i].m, grp[i].cnt);
1077 if (k != grp[i].cnt) {
1078 dump_grp_pkt(i, grp, k);
1079 return TEST_FAILED;
1080 }
1081 rc = crypto_ipsec_4grp_check_cnt(i, grp);
1082 if (rc != 0) {
1083 RTE_LOG(ERR, USER1,
1084 "crypto_ipsec_4grp_check_cnt fail\n");
1085 return TEST_FAILED;
1086 }
1087 rc = crypto_ipsec_4grp_check_mbufs(i, grp);
1088 if (rc != 0) {
1089 RTE_LOG(ERR, USER1,
1090 "crypto_ipsec_4grp_check_mbufs fail\n");
1091 return TEST_FAILED;
1092 }
1093 }
1094 return TEST_SUCCESS;
1095 }
1096
1097 static void
test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)1098 test_ipsec_reorder_inb_pkt_burst(uint16_t num_pkts)
1099 {
1100 struct ipsec_unitest_params *ut_params = &unittest_params;
1101 struct rte_mbuf *ibuf_tmp[BURST_SIZE];
1102 uint16_t j;
1103
1104 /* reorder packets and create gaps in sequence numbers */
1105 static const uint32_t reorder[BURST_SIZE] = {
1106 24, 25, 26, 27, 28, 29, 30, 31,
1107 16, 17, 18, 19, 20, 21, 22, 23,
1108 8, 9, 10, 11, 12, 13, 14, 15,
1109 0, 1, 2, 3, 4, 5, 6, 7,
1110 };
1111
1112 if (num_pkts != BURST_SIZE)
1113 return;
1114
1115 for (j = 0; j != BURST_SIZE; j++)
1116 ibuf_tmp[j] = ut_params->ibuf[reorder[j]];
1117
1118 memcpy(ut_params->ibuf, ibuf_tmp, sizeof(ut_params->ibuf));
1119 }
1120
1121 static int
test_ipsec_crypto_op_alloc(uint16_t num_pkts)1122 test_ipsec_crypto_op_alloc(uint16_t num_pkts)
1123 {
1124 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1125 struct ipsec_unitest_params *ut_params = &unittest_params;
1126 int rc = 0;
1127 uint16_t j;
1128
1129 for (j = 0; j < num_pkts && rc == 0; j++) {
1130 ut_params->cop[j] = rte_crypto_op_alloc(ts_params->cop_mpool,
1131 RTE_CRYPTO_OP_TYPE_SYMMETRIC);
1132 if (ut_params->cop[j] == NULL) {
1133 RTE_LOG(ERR, USER1,
1134 "Failed to allocate symmetric crypto op\n");
1135 rc = TEST_FAILED;
1136 }
1137 }
1138
1139 return rc;
1140 }
1141
1142 static void
test_ipsec_dump_buffers(struct ipsec_unitest_params * ut_params,int i)1143 test_ipsec_dump_buffers(struct ipsec_unitest_params *ut_params, int i)
1144 {
1145 uint16_t j = ut_params->pkt_index;
1146
1147 printf("\ntest config: num %d\n", i);
1148 printf(" replay_win_sz %u\n", test_cfg[i].replay_win_sz);
1149 printf(" esn %u\n", test_cfg[i].esn);
1150 printf(" flags 0x%" PRIx64 "\n", test_cfg[i].flags);
1151 printf(" pkt_sz %zu\n", test_cfg[i].pkt_sz);
1152 printf(" num_pkts %u\n\n", test_cfg[i].num_pkts);
1153
1154 if (ut_params->ibuf[j]) {
1155 printf("ibuf[%u] data:\n", j);
1156 rte_pktmbuf_dump(stdout, ut_params->ibuf[j],
1157 ut_params->ibuf[j]->data_len);
1158 }
1159 if (ut_params->obuf[j]) {
1160 printf("obuf[%u] data:\n", j);
1161 rte_pktmbuf_dump(stdout, ut_params->obuf[j],
1162 ut_params->obuf[j]->data_len);
1163 }
1164 if (ut_params->testbuf[j]) {
1165 printf("testbuf[%u] data:\n", j);
1166 rte_pktmbuf_dump(stdout, ut_params->testbuf[j],
1167 ut_params->testbuf[j]->data_len);
1168 }
1169 }
1170
1171 static void
destroy_dummy_sec_session(struct ipsec_unitest_params * ut,uint32_t j)1172 destroy_dummy_sec_session(struct ipsec_unitest_params *ut,
1173 uint32_t j)
1174 {
1175 rte_security_session_destroy(&dummy_sec_ctx,
1176 ut->ss[j].security.ses);
1177 ut->ss[j].security.ctx = NULL;
1178 }
1179
1180 static void
destroy_crypto_session(struct ipsec_unitest_params * ut,uint8_t crypto_dev,uint32_t j)1181 destroy_crypto_session(struct ipsec_unitest_params *ut,
1182 uint8_t crypto_dev, uint32_t j)
1183 {
1184 rte_cryptodev_sym_session_clear(crypto_dev, ut->ss[j].crypto.ses);
1185 rte_cryptodev_sym_session_free(ut->ss[j].crypto.ses);
1186 memset(&ut->ss[j], 0, sizeof(ut->ss[j]));
1187 }
1188
1189 static void
destroy_session(struct ipsec_unitest_params * ut,uint8_t crypto_dev,uint32_t j)1190 destroy_session(struct ipsec_unitest_params *ut,
1191 uint8_t crypto_dev, uint32_t j)
1192 {
1193 if (ut->ss[j].type == RTE_SECURITY_ACTION_TYPE_NONE)
1194 return destroy_crypto_session(ut, crypto_dev, j);
1195 else
1196 return destroy_dummy_sec_session(ut, j);
1197 }
1198
1199 static void
destroy_sa(uint32_t j)1200 destroy_sa(uint32_t j)
1201 {
1202 struct ipsec_unitest_params *ut = &unittest_params;
1203 struct ipsec_testsuite_params *ts = &testsuite_params;
1204
1205 rte_ipsec_sa_fini(ut->ss[j].sa);
1206 rte_free(ut->ss[j].sa);
1207
1208 destroy_session(ut, ts->valid_dev, j);
1209 }
1210
1211 static int
crypto_inb_burst_null_null_check(struct ipsec_unitest_params * ut_params,int i,uint16_t num_pkts)1212 crypto_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1213 uint16_t num_pkts)
1214 {
1215 uint16_t j;
1216
1217 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1218 ut_params->pkt_index = j;
1219
1220 /* compare the data buffers */
1221 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1222 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1223 test_cfg[i].pkt_sz,
1224 "input and output data does not match\n");
1225 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1226 ut_params->obuf[j]->pkt_len,
1227 "data_len is not equal to pkt_len");
1228 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1229 test_cfg[i].pkt_sz,
1230 "data_len is not equal to input data");
1231 }
1232
1233 return 0;
1234 }
1235
1236 static int
test_ipsec_crypto_inb_burst_null_null(int i)1237 test_ipsec_crypto_inb_burst_null_null(int i)
1238 {
1239 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1240 struct ipsec_unitest_params *ut_params = &unittest_params;
1241 uint16_t num_pkts = test_cfg[i].num_pkts;
1242 uint16_t j;
1243 int rc;
1244
1245 /* create rte_ipsec_sa */
1246 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1247 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1248 if (rc != 0) {
1249 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1250 return TEST_FAILED;
1251 }
1252
1253 /* Generate test mbuf data */
1254 for (j = 0; j < num_pkts && rc == 0; j++) {
1255 /* packet with sequence number 0 is invalid */
1256 ut_params->ibuf[j] = setup_test_string_tunneled(
1257 ts_params->mbuf_pool, null_encrypted_data,
1258 test_cfg[i].pkt_sz, INBOUND_SPI, j + 1);
1259 if (ut_params->ibuf[j] == NULL)
1260 rc = TEST_FAILED;
1261 }
1262
1263 if (rc == 0) {
1264 if (test_cfg[i].reorder_pkts)
1265 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1266 rc = test_ipsec_crypto_op_alloc(num_pkts);
1267 }
1268
1269 if (rc == 0) {
1270 /* call ipsec library api */
1271 rc = crypto_ipsec(num_pkts);
1272 if (rc == 0)
1273 rc = crypto_inb_burst_null_null_check(
1274 ut_params, i, num_pkts);
1275 else {
1276 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1277 i);
1278 rc = TEST_FAILED;
1279 }
1280 }
1281
1282 if (rc == TEST_FAILED)
1283 test_ipsec_dump_buffers(ut_params, i);
1284
1285 destroy_sa(0);
1286 return rc;
1287 }
1288
1289 static int
test_ipsec_crypto_inb_burst_null_null_wrapper(void)1290 test_ipsec_crypto_inb_burst_null_null_wrapper(void)
1291 {
1292 int i;
1293 int rc = 0;
1294 struct ipsec_unitest_params *ut_params = &unittest_params;
1295
1296 ut_params->ipsec_xform.spi = INBOUND_SPI;
1297 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1298 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1299 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1300 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1301
1302 for (i = 0; i < num_cfg && rc == 0; i++) {
1303 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1304 rc = test_ipsec_crypto_inb_burst_null_null(i);
1305 }
1306
1307 return rc;
1308 }
1309
1310 static int
crypto_outb_burst_null_null_check(struct ipsec_unitest_params * ut_params,uint16_t num_pkts)1311 crypto_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1312 uint16_t num_pkts)
1313 {
1314 void *obuf_data;
1315 void *testbuf_data;
1316 uint16_t j;
1317
1318 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1319 ut_params->pkt_index = j;
1320
1321 testbuf_data = rte_pktmbuf_mtod(ut_params->testbuf[j], void *);
1322 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1323 /* compare the buffer data */
1324 TEST_ASSERT_BUFFERS_ARE_EQUAL(testbuf_data, obuf_data,
1325 ut_params->obuf[j]->pkt_len,
1326 "test and output data does not match\n");
1327 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1328 ut_params->testbuf[j]->data_len,
1329 "obuf data_len is not equal to testbuf data_len");
1330 TEST_ASSERT_EQUAL(ut_params->obuf[j]->pkt_len,
1331 ut_params->testbuf[j]->pkt_len,
1332 "obuf pkt_len is not equal to testbuf pkt_len");
1333 }
1334
1335 return 0;
1336 }
1337
1338 static int
test_ipsec_crypto_outb_burst_null_null(int i)1339 test_ipsec_crypto_outb_burst_null_null(int i)
1340 {
1341 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1342 struct ipsec_unitest_params *ut_params = &unittest_params;
1343 uint16_t num_pkts = test_cfg[i].num_pkts;
1344 uint16_t j;
1345 int32_t rc;
1346
1347 /* create rte_ipsec_sa*/
1348 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1349 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1350 if (rc != 0) {
1351 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1352 return TEST_FAILED;
1353 }
1354
1355 /* Generate input mbuf data */
1356 for (j = 0; j < num_pkts && rc == 0; j++) {
1357 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1358 null_plain_data, test_cfg[i].pkt_sz, 0);
1359 if (ut_params->ibuf[j] == NULL)
1360 rc = TEST_FAILED;
1361 else {
1362 /* Generate test mbuf data */
1363 /* packet with sequence number 0 is invalid */
1364 ut_params->testbuf[j] = setup_test_string_tunneled(
1365 ts_params->mbuf_pool,
1366 null_plain_data, test_cfg[i].pkt_sz,
1367 OUTBOUND_SPI, j + 1);
1368 if (ut_params->testbuf[j] == NULL)
1369 rc = TEST_FAILED;
1370 }
1371 }
1372
1373 if (rc == 0)
1374 rc = test_ipsec_crypto_op_alloc(num_pkts);
1375
1376 if (rc == 0) {
1377 /* call ipsec library api */
1378 rc = crypto_ipsec(num_pkts);
1379 if (rc == 0)
1380 rc = crypto_outb_burst_null_null_check(ut_params,
1381 num_pkts);
1382 else
1383 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1384 i);
1385 }
1386
1387 if (rc == TEST_FAILED)
1388 test_ipsec_dump_buffers(ut_params, i);
1389
1390 destroy_sa(0);
1391 return rc;
1392 }
1393
1394 static int
test_ipsec_crypto_outb_burst_null_null_wrapper(void)1395 test_ipsec_crypto_outb_burst_null_null_wrapper(void)
1396 {
1397 int i;
1398 int rc = 0;
1399 struct ipsec_unitest_params *ut_params = &unittest_params;
1400
1401 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1402 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1403 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1404 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1405 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1406
1407 for (i = 0; i < num_cfg && rc == 0; i++) {
1408 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1409 rc = test_ipsec_crypto_outb_burst_null_null(i);
1410 }
1411
1412 return rc;
1413 }
1414
1415 static int
inline_inb_burst_null_null_check(struct ipsec_unitest_params * ut_params,int i,uint16_t num_pkts)1416 inline_inb_burst_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1417 uint16_t num_pkts)
1418 {
1419 void *ibuf_data;
1420 void *obuf_data;
1421 uint16_t j;
1422
1423 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1424 ut_params->pkt_index = j;
1425
1426 /* compare the buffer data */
1427 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1428 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1429
1430 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1431 ut_params->ibuf[j]->data_len,
1432 "input and output data does not match\n");
1433 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1434 ut_params->obuf[j]->data_len,
1435 "ibuf data_len is not equal to obuf data_len");
1436 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1437 ut_params->obuf[j]->pkt_len,
1438 "ibuf pkt_len is not equal to obuf pkt_len");
1439 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1440 test_cfg[i].pkt_sz,
1441 "data_len is not equal input data");
1442 }
1443 return 0;
1444 }
1445
1446 static int
test_ipsec_inline_crypto_inb_burst_null_null(int i)1447 test_ipsec_inline_crypto_inb_burst_null_null(int i)
1448 {
1449 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1450 struct ipsec_unitest_params *ut_params = &unittest_params;
1451 uint16_t num_pkts = test_cfg[i].num_pkts;
1452 uint16_t j;
1453 int32_t rc;
1454 uint32_t n;
1455
1456 /* create rte_ipsec_sa*/
1457 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1458 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1459 if (rc != 0) {
1460 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1461 return TEST_FAILED;
1462 }
1463
1464 /* Generate inbound mbuf data */
1465 for (j = 0; j < num_pkts && rc == 0; j++) {
1466 ut_params->ibuf[j] = setup_test_string_tunneled(
1467 ts_params->mbuf_pool,
1468 null_plain_data, test_cfg[i].pkt_sz,
1469 INBOUND_SPI, j + 1);
1470 if (ut_params->ibuf[j] == NULL)
1471 rc = TEST_FAILED;
1472 else {
1473 /* Generate test mbuf data */
1474 ut_params->obuf[j] = setup_test_string(
1475 ts_params->mbuf_pool,
1476 null_plain_data, test_cfg[i].pkt_sz, 0);
1477 if (ut_params->obuf[j] == NULL)
1478 rc = TEST_FAILED;
1479 }
1480 }
1481
1482 if (rc == 0) {
1483 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1484 num_pkts);
1485 if (n == num_pkts)
1486 rc = inline_inb_burst_null_null_check(ut_params, i,
1487 num_pkts);
1488 else {
1489 RTE_LOG(ERR, USER1,
1490 "rte_ipsec_pkt_process failed, cfg %d\n",
1491 i);
1492 rc = TEST_FAILED;
1493 }
1494 }
1495
1496 if (rc == TEST_FAILED)
1497 test_ipsec_dump_buffers(ut_params, i);
1498
1499 destroy_sa(0);
1500 return rc;
1501 }
1502
1503 static int
test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)1504 test_ipsec_inline_crypto_inb_burst_null_null_wrapper(void)
1505 {
1506 int i;
1507 int rc = 0;
1508 struct ipsec_unitest_params *ut_params = &unittest_params;
1509
1510 ut_params->ipsec_xform.spi = INBOUND_SPI;
1511 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1512 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1513 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1514 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1515
1516 for (i = 0; i < num_cfg && rc == 0; i++) {
1517 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1518 rc = test_ipsec_inline_crypto_inb_burst_null_null(i);
1519 }
1520
1521 return rc;
1522 }
1523
1524 static int
test_ipsec_inline_proto_inb_burst_null_null(int i)1525 test_ipsec_inline_proto_inb_burst_null_null(int i)
1526 {
1527 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1528 struct ipsec_unitest_params *ut_params = &unittest_params;
1529 uint16_t num_pkts = test_cfg[i].num_pkts;
1530 uint16_t j;
1531 int32_t rc;
1532 uint32_t n;
1533
1534 /* create rte_ipsec_sa*/
1535 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1536 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1537 if (rc != 0) {
1538 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1539 return TEST_FAILED;
1540 }
1541
1542 /* Generate inbound mbuf data */
1543 for (j = 0; j < num_pkts && rc == 0; j++) {
1544 ut_params->ibuf[j] = setup_test_string(
1545 ts_params->mbuf_pool,
1546 null_plain_data, test_cfg[i].pkt_sz, 0);
1547 if (ut_params->ibuf[j] == NULL)
1548 rc = TEST_FAILED;
1549 else {
1550 /* Generate test mbuf data */
1551 ut_params->obuf[j] = setup_test_string(
1552 ts_params->mbuf_pool,
1553 null_plain_data, test_cfg[i].pkt_sz, 0);
1554 if (ut_params->obuf[j] == NULL)
1555 rc = TEST_FAILED;
1556 }
1557 }
1558
1559 if (rc == 0) {
1560 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1561 num_pkts);
1562 if (n == num_pkts)
1563 rc = inline_inb_burst_null_null_check(ut_params, i,
1564 num_pkts);
1565 else {
1566 RTE_LOG(ERR, USER1,
1567 "rte_ipsec_pkt_process failed, cfg %d\n",
1568 i);
1569 rc = TEST_FAILED;
1570 }
1571 }
1572
1573 if (rc == TEST_FAILED)
1574 test_ipsec_dump_buffers(ut_params, i);
1575
1576 destroy_sa(0);
1577 return rc;
1578 }
1579
1580 static int
test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)1581 test_ipsec_inline_proto_inb_burst_null_null_wrapper(void)
1582 {
1583 int i;
1584 int rc = 0;
1585 struct ipsec_unitest_params *ut_params = &unittest_params;
1586
1587 ut_params->ipsec_xform.spi = INBOUND_SPI;
1588 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1589 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1590 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1591 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1592
1593 for (i = 0; i < num_cfg && rc == 0; i++) {
1594 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1595 rc = test_ipsec_inline_proto_inb_burst_null_null(i);
1596 }
1597
1598 return rc;
1599 }
1600
1601 static int
inline_outb_burst_null_null_check(struct ipsec_unitest_params * ut_params,uint16_t num_pkts)1602 inline_outb_burst_null_null_check(struct ipsec_unitest_params *ut_params,
1603 uint16_t num_pkts)
1604 {
1605 void *obuf_data;
1606 void *ibuf_data;
1607 uint16_t j;
1608
1609 for (j = 0; j < num_pkts && num_pkts <= BURST_SIZE; j++) {
1610 ut_params->pkt_index = j;
1611
1612 /* compare the buffer data */
1613 ibuf_data = rte_pktmbuf_mtod(ut_params->ibuf[j], void *);
1614 obuf_data = rte_pktmbuf_mtod(ut_params->obuf[j], void *);
1615 TEST_ASSERT_BUFFERS_ARE_EQUAL(ibuf_data, obuf_data,
1616 ut_params->ibuf[j]->data_len,
1617 "input and output data does not match\n");
1618 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->data_len,
1619 ut_params->obuf[j]->data_len,
1620 "ibuf data_len is not equal to obuf data_len");
1621 TEST_ASSERT_EQUAL(ut_params->ibuf[j]->pkt_len,
1622 ut_params->obuf[j]->pkt_len,
1623 "ibuf pkt_len is not equal to obuf pkt_len");
1624
1625 /* check mbuf ol_flags */
1626 TEST_ASSERT(ut_params->ibuf[j]->ol_flags & PKT_TX_SEC_OFFLOAD,
1627 "ibuf PKT_TX_SEC_OFFLOAD is not set");
1628 }
1629 return 0;
1630 }
1631
1632 static int
test_ipsec_inline_crypto_outb_burst_null_null(int i)1633 test_ipsec_inline_crypto_outb_burst_null_null(int i)
1634 {
1635 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1636 struct ipsec_unitest_params *ut_params = &unittest_params;
1637 uint16_t num_pkts = test_cfg[i].num_pkts;
1638 uint16_t j;
1639 int32_t rc;
1640 uint32_t n;
1641
1642 /* create rte_ipsec_sa */
1643 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
1644 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1645 if (rc != 0) {
1646 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1647 return TEST_FAILED;
1648 }
1649
1650 /* Generate test mbuf data */
1651 for (j = 0; j < num_pkts && rc == 0; j++) {
1652 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1653 null_plain_data, test_cfg[i].pkt_sz, 0);
1654 if (ut_params->ibuf[0] == NULL)
1655 rc = TEST_FAILED;
1656
1657 if (rc == 0) {
1658 /* Generate test tunneled mbuf data for comparison */
1659 ut_params->obuf[j] = setup_test_string_tunneled(
1660 ts_params->mbuf_pool,
1661 null_plain_data, test_cfg[i].pkt_sz,
1662 OUTBOUND_SPI, j + 1);
1663 if (ut_params->obuf[j] == NULL)
1664 rc = TEST_FAILED;
1665 }
1666 }
1667
1668 if (rc == 0) {
1669 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1670 num_pkts);
1671 if (n == num_pkts)
1672 rc = inline_outb_burst_null_null_check(ut_params,
1673 num_pkts);
1674 else {
1675 RTE_LOG(ERR, USER1,
1676 "rte_ipsec_pkt_process failed, cfg %d\n",
1677 i);
1678 rc = TEST_FAILED;
1679 }
1680 }
1681
1682 if (rc == TEST_FAILED)
1683 test_ipsec_dump_buffers(ut_params, i);
1684
1685 destroy_sa(0);
1686 return rc;
1687 }
1688
1689 static int
test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)1690 test_ipsec_inline_crypto_outb_burst_null_null_wrapper(void)
1691 {
1692 int i;
1693 int rc = 0;
1694 struct ipsec_unitest_params *ut_params = &unittest_params;
1695
1696 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1697 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1698 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1699 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1700 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1701
1702 for (i = 0; i < num_cfg && rc == 0; i++) {
1703 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1704 rc = test_ipsec_inline_crypto_outb_burst_null_null(i);
1705 }
1706
1707 return rc;
1708 }
1709
1710 static int
test_ipsec_inline_proto_outb_burst_null_null(int i)1711 test_ipsec_inline_proto_outb_burst_null_null(int i)
1712 {
1713 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1714 struct ipsec_unitest_params *ut_params = &unittest_params;
1715 uint16_t num_pkts = test_cfg[i].num_pkts;
1716 uint16_t j;
1717 int32_t rc;
1718 uint32_t n;
1719
1720 /* create rte_ipsec_sa */
1721 rc = create_sa(RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
1722 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1723 if (rc != 0) {
1724 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1725 return TEST_FAILED;
1726 }
1727
1728 /* Generate test mbuf data */
1729 for (j = 0; j < num_pkts && rc == 0; j++) {
1730 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1731 null_plain_data, test_cfg[i].pkt_sz, 0);
1732 if (ut_params->ibuf[0] == NULL)
1733 rc = TEST_FAILED;
1734
1735 if (rc == 0) {
1736 /* Generate test tunneled mbuf data for comparison */
1737 ut_params->obuf[j] = setup_test_string(
1738 ts_params->mbuf_pool,
1739 null_plain_data, test_cfg[i].pkt_sz, 0);
1740 if (ut_params->obuf[j] == NULL)
1741 rc = TEST_FAILED;
1742 }
1743 }
1744
1745 if (rc == 0) {
1746 n = rte_ipsec_pkt_process(&ut_params->ss[0], ut_params->ibuf,
1747 num_pkts);
1748 if (n == num_pkts)
1749 rc = inline_outb_burst_null_null_check(ut_params,
1750 num_pkts);
1751 else {
1752 RTE_LOG(ERR, USER1,
1753 "rte_ipsec_pkt_process failed, cfg %d\n",
1754 i);
1755 rc = TEST_FAILED;
1756 }
1757 }
1758
1759 if (rc == TEST_FAILED)
1760 test_ipsec_dump_buffers(ut_params, i);
1761
1762 destroy_sa(0);
1763 return rc;
1764 }
1765
1766 static int
test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)1767 test_ipsec_inline_proto_outb_burst_null_null_wrapper(void)
1768 {
1769 int i;
1770 int rc = 0;
1771 struct ipsec_unitest_params *ut_params = &unittest_params;
1772
1773 ut_params->ipsec_xform.spi = OUTBOUND_SPI;
1774 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1775 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1776 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1777 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1778
1779 for (i = 0; i < num_cfg && rc == 0; i++) {
1780 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1781 rc = test_ipsec_inline_proto_outb_burst_null_null(i);
1782 }
1783
1784 return rc;
1785 }
1786
1787 static int
test_ipsec_lksd_proto_inb_burst_null_null(int i)1788 test_ipsec_lksd_proto_inb_burst_null_null(int i)
1789 {
1790 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1791 struct ipsec_unitest_params *ut_params = &unittest_params;
1792 uint16_t num_pkts = test_cfg[i].num_pkts;
1793 uint16_t j;
1794 int rc;
1795
1796 /* create rte_ipsec_sa */
1797 rc = create_sa(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1798 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1799 if (rc != 0) {
1800 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1801 return TEST_FAILED;
1802 }
1803
1804 /* Generate test mbuf data */
1805 for (j = 0; j < num_pkts && rc == 0; j++) {
1806 /* packet with sequence number 0 is invalid */
1807 ut_params->ibuf[j] = setup_test_string(ts_params->mbuf_pool,
1808 null_encrypted_data, test_cfg[i].pkt_sz, 0);
1809 if (ut_params->ibuf[j] == NULL)
1810 rc = TEST_FAILED;
1811 }
1812
1813 if (rc == 0) {
1814 if (test_cfg[i].reorder_pkts)
1815 test_ipsec_reorder_inb_pkt_burst(num_pkts);
1816 rc = test_ipsec_crypto_op_alloc(num_pkts);
1817 }
1818
1819 if (rc == 0) {
1820 /* call ipsec library api */
1821 rc = lksd_proto_ipsec(num_pkts);
1822 if (rc == 0)
1823 rc = crypto_inb_burst_null_null_check(ut_params, i,
1824 num_pkts);
1825 else {
1826 RTE_LOG(ERR, USER1, "%s failed, cfg %d\n",
1827 __func__, i);
1828 rc = TEST_FAILED;
1829 }
1830 }
1831
1832 if (rc == TEST_FAILED)
1833 test_ipsec_dump_buffers(ut_params, i);
1834
1835 destroy_sa(0);
1836 return rc;
1837 }
1838
1839 static int
test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)1840 test_ipsec_lksd_proto_inb_burst_null_null_wrapper(void)
1841 {
1842 int i;
1843 int rc = 0;
1844 struct ipsec_unitest_params *ut_params = &unittest_params;
1845
1846 ut_params->ipsec_xform.spi = INBOUND_SPI;
1847 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1848 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1849 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1850 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1851
1852 for (i = 0; i < num_cfg && rc == 0; i++) {
1853 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1854 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1855 }
1856
1857 return rc;
1858 }
1859
1860 static int
test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)1861 test_ipsec_lksd_proto_outb_burst_null_null_wrapper(void)
1862 {
1863 int i;
1864 int rc = 0;
1865 struct ipsec_unitest_params *ut_params = &unittest_params;
1866
1867 ut_params->ipsec_xform.spi = INBOUND_SPI;
1868 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
1869 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1870 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1871 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1872
1873 for (i = 0; i < num_cfg && rc == 0; i++) {
1874 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1875 rc = test_ipsec_lksd_proto_inb_burst_null_null(i);
1876 }
1877
1878 return rc;
1879 }
1880
1881 static int
replay_inb_null_null_check(struct ipsec_unitest_params * ut_params,int i,int num_pkts)1882 replay_inb_null_null_check(struct ipsec_unitest_params *ut_params, int i,
1883 int num_pkts)
1884 {
1885 uint16_t j;
1886
1887 for (j = 0; j < num_pkts; j++) {
1888 /* compare the buffer data */
1889 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
1890 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
1891 test_cfg[i].pkt_sz,
1892 "input and output data does not match\n");
1893
1894 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
1895 ut_params->obuf[j]->pkt_len,
1896 "data_len is not equal to pkt_len");
1897 }
1898
1899 return 0;
1900 }
1901
1902 static int
test_ipsec_replay_inb_inside_null_null(int i)1903 test_ipsec_replay_inb_inside_null_null(int i)
1904 {
1905 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1906 struct ipsec_unitest_params *ut_params = &unittest_params;
1907 int rc;
1908
1909 /* create rte_ipsec_sa*/
1910 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
1911 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
1912 if (rc != 0) {
1913 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
1914 return TEST_FAILED;
1915 }
1916
1917 /* Generate inbound mbuf data */
1918 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
1919 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
1920 if (ut_params->ibuf[0] == NULL)
1921 rc = TEST_FAILED;
1922 else
1923 rc = test_ipsec_crypto_op_alloc(1);
1924
1925 if (rc == 0) {
1926 /* call ipsec library api */
1927 rc = crypto_ipsec(1);
1928 if (rc == 0)
1929 rc = replay_inb_null_null_check(ut_params, i, 1);
1930 else {
1931 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
1932 i);
1933 rc = TEST_FAILED;
1934 }
1935 }
1936
1937 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
1938 /* generate packet with seq number inside the replay window */
1939 if (ut_params->ibuf[0]) {
1940 rte_pktmbuf_free(ut_params->ibuf[0]);
1941 ut_params->ibuf[0] = 0;
1942 }
1943
1944 ut_params->ibuf[0] = setup_test_string_tunneled(
1945 ts_params->mbuf_pool, null_encrypted_data,
1946 test_cfg[i].pkt_sz, INBOUND_SPI,
1947 test_cfg[i].replay_win_sz);
1948 if (ut_params->ibuf[0] == NULL)
1949 rc = TEST_FAILED;
1950 else
1951 rc = test_ipsec_crypto_op_alloc(1);
1952
1953 if (rc == 0) {
1954 /* call ipsec library api */
1955 rc = crypto_ipsec(1);
1956 if (rc == 0)
1957 rc = replay_inb_null_null_check(
1958 ut_params, i, 1);
1959 else {
1960 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
1961 rc = TEST_FAILED;
1962 }
1963 }
1964 }
1965
1966 if (rc == TEST_FAILED)
1967 test_ipsec_dump_buffers(ut_params, i);
1968
1969 destroy_sa(0);
1970
1971 return rc;
1972 }
1973
1974 static int
test_ipsec_replay_inb_inside_null_null_wrapper(void)1975 test_ipsec_replay_inb_inside_null_null_wrapper(void)
1976 {
1977 int i;
1978 int rc = 0;
1979 struct ipsec_unitest_params *ut_params = &unittest_params;
1980
1981 ut_params->ipsec_xform.spi = INBOUND_SPI;
1982 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
1983 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
1984 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
1985 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
1986
1987 for (i = 0; i < num_cfg && rc == 0; i++) {
1988 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
1989 rc = test_ipsec_replay_inb_inside_null_null(i);
1990 }
1991
1992 return rc;
1993 }
1994
1995 static int
test_ipsec_replay_inb_outside_null_null(int i)1996 test_ipsec_replay_inb_outside_null_null(int i)
1997 {
1998 struct ipsec_testsuite_params *ts_params = &testsuite_params;
1999 struct ipsec_unitest_params *ut_params = &unittest_params;
2000 int rc;
2001
2002 /* create rte_ipsec_sa */
2003 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2004 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2005 if (rc != 0) {
2006 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2007 return TEST_FAILED;
2008 }
2009
2010 /* Generate test mbuf data */
2011 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2012 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI,
2013 test_cfg[i].replay_win_sz + 2);
2014 if (ut_params->ibuf[0] == NULL)
2015 rc = TEST_FAILED;
2016 else
2017 rc = test_ipsec_crypto_op_alloc(1);
2018
2019 if (rc == 0) {
2020 /* call ipsec library api */
2021 rc = crypto_ipsec(1);
2022 if (rc == 0)
2023 rc = replay_inb_null_null_check(ut_params, i, 1);
2024 else {
2025 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2026 i);
2027 rc = TEST_FAILED;
2028 }
2029 }
2030
2031 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2032 /* generate packet with seq number outside the replay window */
2033 if (ut_params->ibuf[0]) {
2034 rte_pktmbuf_free(ut_params->ibuf[0]);
2035 ut_params->ibuf[0] = 0;
2036 }
2037 ut_params->ibuf[0] = setup_test_string_tunneled(
2038 ts_params->mbuf_pool, null_encrypted_data,
2039 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2040 if (ut_params->ibuf[0] == NULL)
2041 rc = TEST_FAILED;
2042 else
2043 rc = test_ipsec_crypto_op_alloc(1);
2044
2045 if (rc == 0) {
2046 /* call ipsec library api */
2047 rc = crypto_ipsec(1);
2048 if (rc == 0) {
2049 if (test_cfg[i].esn == 0) {
2050 RTE_LOG(ERR, USER1,
2051 "packet is not outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2052 i,
2053 test_cfg[i].replay_win_sz + 2,
2054 1);
2055 rc = TEST_FAILED;
2056 }
2057 } else {
2058 RTE_LOG(ERR, USER1,
2059 "packet is outside the replay window, cfg %d pkt0_seq %u pkt1_seq %u\n",
2060 i, test_cfg[i].replay_win_sz + 2, 1);
2061 rc = 0;
2062 }
2063 }
2064 }
2065
2066 if (rc == TEST_FAILED)
2067 test_ipsec_dump_buffers(ut_params, i);
2068
2069 destroy_sa(0);
2070
2071 return rc;
2072 }
2073
2074 static int
test_ipsec_replay_inb_outside_null_null_wrapper(void)2075 test_ipsec_replay_inb_outside_null_null_wrapper(void)
2076 {
2077 int i;
2078 int rc = 0;
2079 struct ipsec_unitest_params *ut_params = &unittest_params;
2080
2081 ut_params->ipsec_xform.spi = INBOUND_SPI;
2082 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2083 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2084 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2085 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2086
2087 for (i = 0; i < num_cfg && rc == 0; i++) {
2088 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2089 rc = test_ipsec_replay_inb_outside_null_null(i);
2090 }
2091
2092 return rc;
2093 }
2094
2095 static int
test_ipsec_replay_inb_repeat_null_null(int i)2096 test_ipsec_replay_inb_repeat_null_null(int i)
2097 {
2098 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2099 struct ipsec_unitest_params *ut_params = &unittest_params;
2100 int rc;
2101
2102 /* create rte_ipsec_sa */
2103 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2104 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2105 if (rc != 0) {
2106 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2107 return TEST_FAILED;
2108 }
2109
2110 /* Generate test mbuf data */
2111 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2112 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2113 if (ut_params->ibuf[0] == NULL)
2114 rc = TEST_FAILED;
2115 else
2116 rc = test_ipsec_crypto_op_alloc(1);
2117
2118 if (rc == 0) {
2119 /* call ipsec library api */
2120 rc = crypto_ipsec(1);
2121 if (rc == 0)
2122 rc = replay_inb_null_null_check(ut_params, i, 1);
2123 else {
2124 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2125 i);
2126 rc = TEST_FAILED;
2127 }
2128 }
2129
2130 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2131 /*
2132 * generate packet with repeat seq number in the replay
2133 * window
2134 */
2135 if (ut_params->ibuf[0]) {
2136 rte_pktmbuf_free(ut_params->ibuf[0]);
2137 ut_params->ibuf[0] = 0;
2138 }
2139
2140 ut_params->ibuf[0] = setup_test_string_tunneled(
2141 ts_params->mbuf_pool, null_encrypted_data,
2142 test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2143 if (ut_params->ibuf[0] == NULL)
2144 rc = TEST_FAILED;
2145 else
2146 rc = test_ipsec_crypto_op_alloc(1);
2147
2148 if (rc == 0) {
2149 /* call ipsec library api */
2150 rc = crypto_ipsec(1);
2151 if (rc == 0) {
2152 RTE_LOG(ERR, USER1,
2153 "packet is not repeated in the replay window, cfg %d seq %u\n",
2154 i, 1);
2155 rc = TEST_FAILED;
2156 } else {
2157 RTE_LOG(ERR, USER1,
2158 "packet is repeated in the replay window, cfg %d seq %u\n",
2159 i, 1);
2160 rc = 0;
2161 }
2162 }
2163 }
2164
2165 if (rc == TEST_FAILED)
2166 test_ipsec_dump_buffers(ut_params, i);
2167
2168 destroy_sa(0);
2169
2170 return rc;
2171 }
2172
2173 static int
test_ipsec_replay_inb_repeat_null_null_wrapper(void)2174 test_ipsec_replay_inb_repeat_null_null_wrapper(void)
2175 {
2176 int i;
2177 int rc = 0;
2178 struct ipsec_unitest_params *ut_params = &unittest_params;
2179
2180 ut_params->ipsec_xform.spi = INBOUND_SPI;
2181 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2182 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2183 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2184 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2185
2186 for (i = 0; i < num_cfg && rc == 0; i++) {
2187 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2188 rc = test_ipsec_replay_inb_repeat_null_null(i);
2189 }
2190
2191 return rc;
2192 }
2193
2194 static int
test_ipsec_replay_inb_inside_burst_null_null(int i)2195 test_ipsec_replay_inb_inside_burst_null_null(int i)
2196 {
2197 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2198 struct ipsec_unitest_params *ut_params = &unittest_params;
2199 uint16_t num_pkts = test_cfg[i].num_pkts;
2200 int rc;
2201 int j;
2202
2203 /* create rte_ipsec_sa*/
2204 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2205 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2206 if (rc != 0) {
2207 RTE_LOG(ERR, USER1, "create_sa failed, cfg %d\n", i);
2208 return TEST_FAILED;
2209 }
2210
2211 /* Generate inbound mbuf data */
2212 ut_params->ibuf[0] = setup_test_string_tunneled(ts_params->mbuf_pool,
2213 null_encrypted_data, test_cfg[i].pkt_sz, INBOUND_SPI, 1);
2214 if (ut_params->ibuf[0] == NULL)
2215 rc = TEST_FAILED;
2216 else
2217 rc = test_ipsec_crypto_op_alloc(1);
2218
2219 if (rc == 0) {
2220 /* call ipsec library api */
2221 rc = crypto_ipsec(1);
2222 if (rc == 0)
2223 rc = replay_inb_null_null_check(ut_params, i, 1);
2224 else {
2225 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2226 i);
2227 rc = TEST_FAILED;
2228 }
2229 }
2230
2231 if ((rc == 0) && (test_cfg[i].replay_win_sz != 0)) {
2232 /*
2233 * generate packet(s) with seq number(s) inside the
2234 * replay window
2235 */
2236 if (ut_params->ibuf[0]) {
2237 rte_pktmbuf_free(ut_params->ibuf[0]);
2238 ut_params->ibuf[0] = 0;
2239 }
2240
2241 for (j = 0; j < num_pkts && rc == 0; j++) {
2242 /* packet with sequence number 1 already processed */
2243 ut_params->ibuf[j] = setup_test_string_tunneled(
2244 ts_params->mbuf_pool, null_encrypted_data,
2245 test_cfg[i].pkt_sz, INBOUND_SPI, j + 2);
2246 if (ut_params->ibuf[j] == NULL)
2247 rc = TEST_FAILED;
2248 }
2249
2250 if (rc == 0) {
2251 if (test_cfg[i].reorder_pkts)
2252 test_ipsec_reorder_inb_pkt_burst(num_pkts);
2253 rc = test_ipsec_crypto_op_alloc(num_pkts);
2254 }
2255
2256 if (rc == 0) {
2257 /* call ipsec library api */
2258 rc = crypto_ipsec(num_pkts);
2259 if (rc == 0)
2260 rc = replay_inb_null_null_check(
2261 ut_params, i, num_pkts);
2262 else {
2263 RTE_LOG(ERR, USER1, "crypto_ipsec failed\n");
2264 rc = TEST_FAILED;
2265 }
2266 }
2267 }
2268
2269 if (rc == TEST_FAILED)
2270 test_ipsec_dump_buffers(ut_params, i);
2271
2272 destroy_sa(0);
2273
2274 return rc;
2275 }
2276
2277 static int
test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)2278 test_ipsec_replay_inb_inside_burst_null_null_wrapper(void)
2279 {
2280 int i;
2281 int rc = 0;
2282 struct ipsec_unitest_params *ut_params = &unittest_params;
2283
2284 ut_params->ipsec_xform.spi = INBOUND_SPI;
2285 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2286 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2287 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2288 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2289
2290 for (i = 0; i < num_cfg && rc == 0; i++) {
2291 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2292 rc = test_ipsec_replay_inb_inside_burst_null_null(i);
2293 }
2294
2295 return rc;
2296 }
2297
2298
2299 static int
crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params * ut_params,int i)2300 crypto_inb_burst_2sa_null_null_check(struct ipsec_unitest_params *ut_params,
2301 int i)
2302 {
2303 uint16_t j;
2304
2305 for (j = 0; j < BURST_SIZE; j++) {
2306 ut_params->pkt_index = j;
2307
2308 /* compare the data buffers */
2309 TEST_ASSERT_BUFFERS_ARE_EQUAL(null_plain_data,
2310 rte_pktmbuf_mtod(ut_params->obuf[j], void *),
2311 test_cfg[i].pkt_sz,
2312 "input and output data does not match\n");
2313 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2314 ut_params->obuf[j]->pkt_len,
2315 "data_len is not equal to pkt_len");
2316 TEST_ASSERT_EQUAL(ut_params->obuf[j]->data_len,
2317 test_cfg[i].pkt_sz,
2318 "data_len is not equal to input data");
2319 }
2320
2321 return 0;
2322 }
2323
2324 static int
test_ipsec_crypto_inb_burst_2sa_null_null(int i)2325 test_ipsec_crypto_inb_burst_2sa_null_null(int i)
2326 {
2327 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2328 struct ipsec_unitest_params *ut_params = &unittest_params;
2329 uint16_t num_pkts = test_cfg[i].num_pkts;
2330 uint16_t j, r;
2331 int rc = 0;
2332
2333 if (num_pkts != BURST_SIZE)
2334 return rc;
2335
2336 /* create rte_ipsec_sa */
2337 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2338 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2339 if (rc != 0) {
2340 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2341 return TEST_FAILED;
2342 }
2343
2344 /* create second rte_ipsec_sa */
2345 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2346 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2347 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2348 if (rc != 0) {
2349 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2350 destroy_sa(0);
2351 return TEST_FAILED;
2352 }
2353
2354 /* Generate test mbuf data */
2355 for (j = 0; j < num_pkts && rc == 0; j++) {
2356 r = j % 2;
2357 /* packet with sequence number 0 is invalid */
2358 ut_params->ibuf[j] = setup_test_string_tunneled(
2359 ts_params->mbuf_pool, null_encrypted_data,
2360 test_cfg[i].pkt_sz, INBOUND_SPI + r, j + 1);
2361 if (ut_params->ibuf[j] == NULL)
2362 rc = TEST_FAILED;
2363 }
2364
2365 if (rc == 0)
2366 rc = test_ipsec_crypto_op_alloc(num_pkts);
2367
2368 if (rc == 0) {
2369 /* call ipsec library api */
2370 rc = crypto_ipsec_2sa();
2371 if (rc == 0)
2372 rc = crypto_inb_burst_2sa_null_null_check(
2373 ut_params, i);
2374 else {
2375 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2376 i);
2377 rc = TEST_FAILED;
2378 }
2379 }
2380
2381 if (rc == TEST_FAILED)
2382 test_ipsec_dump_buffers(ut_params, i);
2383
2384 destroy_sa(0);
2385 destroy_sa(1);
2386 return rc;
2387 }
2388
2389 static int
test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)2390 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper(void)
2391 {
2392 int i;
2393 int rc = 0;
2394 struct ipsec_unitest_params *ut_params = &unittest_params;
2395
2396 ut_params->ipsec_xform.spi = INBOUND_SPI;
2397 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2398 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2399 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2400 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2401
2402 for (i = 0; i < num_cfg && rc == 0; i++) {
2403 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2404 rc = test_ipsec_crypto_inb_burst_2sa_null_null(i);
2405 }
2406
2407 return rc;
2408 }
2409
2410 static int
test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)2411 test_ipsec_crypto_inb_burst_2sa_4grp_null_null(int i)
2412 {
2413 struct ipsec_testsuite_params *ts_params = &testsuite_params;
2414 struct ipsec_unitest_params *ut_params = &unittest_params;
2415 uint16_t num_pkts = test_cfg[i].num_pkts;
2416 uint16_t j, k;
2417 int rc = 0;
2418
2419 if (num_pkts != BURST_SIZE)
2420 return rc;
2421
2422 /* create rte_ipsec_sa */
2423 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2424 test_cfg[i].replay_win_sz, test_cfg[i].flags, 0);
2425 if (rc != 0) {
2426 RTE_LOG(ERR, USER1, "create_sa 0 failed, cfg %d\n", i);
2427 return TEST_FAILED;
2428 }
2429
2430 /* create second rte_ipsec_sa */
2431 ut_params->ipsec_xform.spi = INBOUND_SPI + 1;
2432 rc = create_sa(RTE_SECURITY_ACTION_TYPE_NONE,
2433 test_cfg[i].replay_win_sz, test_cfg[i].flags, 1);
2434 if (rc != 0) {
2435 RTE_LOG(ERR, USER1, "create_sa 1 failed, cfg %d\n", i);
2436 destroy_sa(0);
2437 return TEST_FAILED;
2438 }
2439
2440 /* Generate test mbuf data */
2441 for (j = 0; j < num_pkts && rc == 0; j++) {
2442 k = crypto_ipsec_4grp(j);
2443
2444 /* packet with sequence number 0 is invalid */
2445 ut_params->ibuf[j] = setup_test_string_tunneled(
2446 ts_params->mbuf_pool, null_encrypted_data,
2447 test_cfg[i].pkt_sz, INBOUND_SPI + k, j + 1);
2448 if (ut_params->ibuf[j] == NULL)
2449 rc = TEST_FAILED;
2450 }
2451
2452 if (rc == 0)
2453 rc = test_ipsec_crypto_op_alloc(num_pkts);
2454
2455 if (rc == 0) {
2456 /* call ipsec library api */
2457 rc = crypto_ipsec_2sa_4grp();
2458 if (rc == 0)
2459 rc = crypto_inb_burst_2sa_null_null_check(
2460 ut_params, i);
2461 else {
2462 RTE_LOG(ERR, USER1, "crypto_ipsec failed, cfg %d\n",
2463 i);
2464 rc = TEST_FAILED;
2465 }
2466 }
2467
2468 if (rc == TEST_FAILED)
2469 test_ipsec_dump_buffers(ut_params, i);
2470
2471 destroy_sa(0);
2472 destroy_sa(1);
2473 return rc;
2474 }
2475
2476 static int
test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)2477 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper(void)
2478 {
2479 int i;
2480 int rc = 0;
2481 struct ipsec_unitest_params *ut_params = &unittest_params;
2482
2483 ut_params->ipsec_xform.spi = INBOUND_SPI;
2484 ut_params->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
2485 ut_params->ipsec_xform.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP;
2486 ut_params->ipsec_xform.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
2487 ut_params->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
2488
2489 for (i = 0; i < num_cfg && rc == 0; i++) {
2490 ut_params->ipsec_xform.options.esn = test_cfg[i].esn;
2491 rc = test_ipsec_crypto_inb_burst_2sa_4grp_null_null(i);
2492 }
2493
2494 return rc;
2495 }
2496
2497 static struct unit_test_suite ipsec_testsuite = {
2498 .suite_name = "IPsec NULL Unit Test Suite",
2499 .setup = testsuite_setup,
2500 .teardown = testsuite_teardown,
2501 .unit_test_cases = {
2502 TEST_CASE_ST(ut_setup, ut_teardown,
2503 test_ipsec_crypto_inb_burst_null_null_wrapper),
2504 TEST_CASE_ST(ut_setup, ut_teardown,
2505 test_ipsec_crypto_outb_burst_null_null_wrapper),
2506 TEST_CASE_ST(ut_setup, ut_teardown,
2507 test_ipsec_inline_crypto_inb_burst_null_null_wrapper),
2508 TEST_CASE_ST(ut_setup, ut_teardown,
2509 test_ipsec_inline_crypto_outb_burst_null_null_wrapper),
2510 TEST_CASE_ST(ut_setup, ut_teardown,
2511 test_ipsec_inline_proto_inb_burst_null_null_wrapper),
2512 TEST_CASE_ST(ut_setup, ut_teardown,
2513 test_ipsec_inline_proto_outb_burst_null_null_wrapper),
2514 TEST_CASE_ST(ut_setup, ut_teardown,
2515 test_ipsec_lksd_proto_inb_burst_null_null_wrapper),
2516 TEST_CASE_ST(ut_setup, ut_teardown,
2517 test_ipsec_lksd_proto_outb_burst_null_null_wrapper),
2518 TEST_CASE_ST(ut_setup, ut_teardown,
2519 test_ipsec_replay_inb_inside_null_null_wrapper),
2520 TEST_CASE_ST(ut_setup, ut_teardown,
2521 test_ipsec_replay_inb_outside_null_null_wrapper),
2522 TEST_CASE_ST(ut_setup, ut_teardown,
2523 test_ipsec_replay_inb_repeat_null_null_wrapper),
2524 TEST_CASE_ST(ut_setup, ut_teardown,
2525 test_ipsec_replay_inb_inside_burst_null_null_wrapper),
2526 TEST_CASE_ST(ut_setup, ut_teardown,
2527 test_ipsec_crypto_inb_burst_2sa_null_null_wrapper),
2528 TEST_CASE_ST(ut_setup, ut_teardown,
2529 test_ipsec_crypto_inb_burst_2sa_4grp_null_null_wrapper),
2530 TEST_CASES_END() /**< NULL terminate unit test array */
2531 }
2532 };
2533
2534 static int
test_ipsec(void)2535 test_ipsec(void)
2536 {
2537 return unit_test_suite_runner(&ipsec_testsuite);
2538 }
2539
2540 REGISTER_TEST_COMMAND(ipsec_autotest, test_ipsec);
2541