Add outbound known vector tests. The tests would be skipped on PMDs which do not support IV provided by application.
Signed-off-by: Anoob Joseph <ano...@marvell.com> Acked-by: Akhil Goyal <gak...@marvell.com> --- app/test/test_cryptodev.c | 44 ++++++++++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 16 +++++++++++- 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fefab3c..dd68080 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8978,6 +8978,22 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], ut_params->op->sym->m_src = ut_params->ibuf; ut_params->op->sym->m_dst = NULL; + /* Copy IV in crypto operation when IV generation is disabled */ + if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + ipsec_xform.options.iv_gen_disable == 1) { + uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op, + uint8_t *, + IV_OFFSET); + int len; + + if (td[i].aead) + len = td[i].xform.aead.aead.iv.length; + else + len = td[i].xform.chain.cipher.cipher.iv.length; + + memcpy(iv, td[i].iv.data, len); + } + /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); @@ -9015,6 +9031,22 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], } static int +test_ipsec_proto_known_vec(const void *test_data) +{ + struct ipsec_test_data td_outb; + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + memcpy(&td_outb, test_data, sizeof(td_outb)); + + /* Disable IV gen to be able to test with known vectors */ + td_outb.ipsec_xform.options.iv_gen_disable = 1; + + return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags); +} + +static int test_ipsec_proto_known_vec_inb(const void *td_outb) { struct ipsec_test_flags flags; @@ -14019,6 +14051,18 @@ static struct unit_test_suite ipsec_proto_testsuite = { .setup = ipsec_proto_testsuite_setup, .unit_test_cases = { TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_192_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 5b54996..f371b15 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -77,6 +77,15 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, return -ENOTSUP; } + if ((ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) && + (ipsec_xform->options.iv_gen_disable == 1) && + (sec_cap->ipsec.options.iv_gen_disable != 1)) { + if (!silent) + RTE_LOG(INFO, USER1, + "Application provided IV is not supported\n"); + return -ENOTSUP; + } + return 0; } @@ -161,9 +170,11 @@ test_ipsec_td_prepare(const struct crypto_param *param1, td->xform.aead.aead.algo = param1->alg.aead; td->xform.aead.aead.key.length = param1->key_length; + + if (flags->iv_gen) + td->ipsec_xform.options.iv_gen_disable = 0; } - RTE_SET_USED(flags); RTE_SET_USED(param2); } @@ -187,6 +198,9 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], if (flags->udp_encap) td_inb[i].ipsec_xform.options.udp_encap = 1; + + /* Clear outbound specific flags */ + td_inb[i].ipsec_xform.options.iv_gen_disable = 0; } } -- 2.7.4