1474f1202SAnoob Joseph /* SPDX-License-Identifier: BSD-3-Clause 2474f1202SAnoob Joseph * Copyright(C) 2021 Marvell. 3474f1202SAnoob Joseph */ 4474f1202SAnoob Joseph 5474f1202SAnoob Joseph #include <rte_common.h> 6474f1202SAnoob Joseph #include <rte_cryptodev.h> 7cd928003STejasree Kondoj #include <rte_esp.h> 8474f1202SAnoob Joseph #include <rte_ip.h> 9474f1202SAnoob Joseph #include <rte_security.h> 10c8234341STejasree Kondoj #include <rte_udp.h> 11474f1202SAnoob Joseph 12474f1202SAnoob Joseph #include "test.h" 13474f1202SAnoob Joseph #include "test_cryptodev_security_ipsec.h" 14474f1202SAnoob Joseph 15cd928003STejasree Kondoj #define IV_LEN_MAX 16 16cd928003STejasree Kondoj 176622d9c9SAnoob Joseph extern struct ipsec_test_data pkt_aes_256_gcm; 186622d9c9SAnoob Joseph 19474f1202SAnoob Joseph int 20474f1202SAnoob Joseph test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, 21474f1202SAnoob Joseph const struct rte_security_capability *sec_cap, 22474f1202SAnoob Joseph bool silent) 23474f1202SAnoob Joseph { 24474f1202SAnoob Joseph /* Verify security capabilities */ 25474f1202SAnoob Joseph 26474f1202SAnoob Joseph if (ipsec_xform->options.esn == 1 && sec_cap->ipsec.options.esn == 0) { 27474f1202SAnoob Joseph if (!silent) 28474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "ESN is not supported\n"); 29474f1202SAnoob Joseph return -ENOTSUP; 30474f1202SAnoob Joseph } 31474f1202SAnoob Joseph 32474f1202SAnoob Joseph if (ipsec_xform->options.udp_encap == 1 && 33474f1202SAnoob Joseph sec_cap->ipsec.options.udp_encap == 0) { 34474f1202SAnoob Joseph if (!silent) 35474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "UDP encapsulation is not supported\n"); 36474f1202SAnoob Joseph return -ENOTSUP; 37474f1202SAnoob Joseph } 38474f1202SAnoob Joseph 39*9ec50a52STejasree Kondoj if (ipsec_xform->options.udp_ports_verify == 1 && 40*9ec50a52STejasree Kondoj sec_cap->ipsec.options.udp_ports_verify == 0) { 41*9ec50a52STejasree Kondoj if (!silent) 42*9ec50a52STejasree Kondoj RTE_LOG(INFO, USER1, "UDP encapsulation ports " 43*9ec50a52STejasree Kondoj "verification is not supported\n"); 44*9ec50a52STejasree Kondoj return -ENOTSUP; 45*9ec50a52STejasree Kondoj } 46*9ec50a52STejasree Kondoj 47474f1202SAnoob Joseph if (ipsec_xform->options.copy_dscp == 1 && 48474f1202SAnoob Joseph sec_cap->ipsec.options.copy_dscp == 0) { 49474f1202SAnoob Joseph if (!silent) 50474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "Copy DSCP is not supported\n"); 51474f1202SAnoob Joseph return -ENOTSUP; 52474f1202SAnoob Joseph } 53474f1202SAnoob Joseph 54474f1202SAnoob Joseph if (ipsec_xform->options.copy_flabel == 1 && 55474f1202SAnoob Joseph sec_cap->ipsec.options.copy_flabel == 0) { 56474f1202SAnoob Joseph if (!silent) 57474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "Copy Flow Label is not supported\n"); 58474f1202SAnoob Joseph return -ENOTSUP; 59474f1202SAnoob Joseph } 60474f1202SAnoob Joseph 61474f1202SAnoob Joseph if (ipsec_xform->options.copy_df == 1 && 62474f1202SAnoob Joseph sec_cap->ipsec.options.copy_df == 0) { 63474f1202SAnoob Joseph if (!silent) 64474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "Copy DP bit is not supported\n"); 65474f1202SAnoob Joseph return -ENOTSUP; 66474f1202SAnoob Joseph } 67474f1202SAnoob Joseph 68474f1202SAnoob Joseph if (ipsec_xform->options.dec_ttl == 1 && 69474f1202SAnoob Joseph sec_cap->ipsec.options.dec_ttl == 0) { 70474f1202SAnoob Joseph if (!silent) 71474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "Decrement TTL is not supported\n"); 72474f1202SAnoob Joseph return -ENOTSUP; 73474f1202SAnoob Joseph } 74474f1202SAnoob Joseph 75474f1202SAnoob Joseph if (ipsec_xform->options.ecn == 1 && sec_cap->ipsec.options.ecn == 0) { 76474f1202SAnoob Joseph if (!silent) 77474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "ECN is not supported\n"); 78474f1202SAnoob Joseph return -ENOTSUP; 79474f1202SAnoob Joseph } 80474f1202SAnoob Joseph 81474f1202SAnoob Joseph if (ipsec_xform->options.stats == 1 && 82474f1202SAnoob Joseph sec_cap->ipsec.options.stats == 0) { 83474f1202SAnoob Joseph if (!silent) 84474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "Stats is not supported\n"); 85474f1202SAnoob Joseph return -ENOTSUP; 86474f1202SAnoob Joseph } 87474f1202SAnoob Joseph 880532f50cSAnoob Joseph if ((ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) && 890532f50cSAnoob Joseph (ipsec_xform->options.iv_gen_disable == 1) && 900532f50cSAnoob Joseph (sec_cap->ipsec.options.iv_gen_disable != 1)) { 910532f50cSAnoob Joseph if (!silent) 920532f50cSAnoob Joseph RTE_LOG(INFO, USER1, 930532f50cSAnoob Joseph "Application provided IV is not supported\n"); 940532f50cSAnoob Joseph return -ENOTSUP; 950532f50cSAnoob Joseph } 960532f50cSAnoob Joseph 97270470eeSTejasree Kondoj if ((ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && 98270470eeSTejasree Kondoj (ipsec_xform->options.tunnel_hdr_verify > 99270470eeSTejasree Kondoj sec_cap->ipsec.options.tunnel_hdr_verify)) { 100270470eeSTejasree Kondoj if (!silent) 101270470eeSTejasree Kondoj RTE_LOG(INFO, USER1, 102270470eeSTejasree Kondoj "Tunnel header verify is not supported\n"); 103270470eeSTejasree Kondoj return -ENOTSUP; 104270470eeSTejasree Kondoj } 105270470eeSTejasree Kondoj 106474f1202SAnoob Joseph return 0; 107474f1202SAnoob Joseph } 108474f1202SAnoob Joseph 109474f1202SAnoob Joseph int 110474f1202SAnoob Joseph test_ipsec_crypto_caps_aead_verify( 111474f1202SAnoob Joseph const struct rte_security_capability *sec_cap, 112474f1202SAnoob Joseph struct rte_crypto_sym_xform *aead) 113474f1202SAnoob Joseph { 114474f1202SAnoob Joseph const struct rte_cryptodev_symmetric_capability *sym_cap; 115474f1202SAnoob Joseph const struct rte_cryptodev_capabilities *crypto_cap; 116474f1202SAnoob Joseph int j = 0; 117474f1202SAnoob Joseph 118474f1202SAnoob Joseph while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != 119474f1202SAnoob Joseph RTE_CRYPTO_OP_TYPE_UNDEFINED) { 120474f1202SAnoob Joseph if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && 121474f1202SAnoob Joseph crypto_cap->sym.xform_type == aead->type && 122474f1202SAnoob Joseph crypto_cap->sym.aead.algo == aead->aead.algo) { 123474f1202SAnoob Joseph sym_cap = &crypto_cap->sym; 124474f1202SAnoob Joseph if (rte_cryptodev_sym_capability_check_aead(sym_cap, 125474f1202SAnoob Joseph aead->aead.key.length, 126474f1202SAnoob Joseph aead->aead.digest_length, 127474f1202SAnoob Joseph aead->aead.aad_length, 128474f1202SAnoob Joseph aead->aead.iv.length) == 0) 129474f1202SAnoob Joseph return 0; 130474f1202SAnoob Joseph } 131474f1202SAnoob Joseph } 132474f1202SAnoob Joseph 133474f1202SAnoob Joseph return -ENOTSUP; 134474f1202SAnoob Joseph } 135474f1202SAnoob Joseph 136474f1202SAnoob Joseph void 137474f1202SAnoob Joseph test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, 138474f1202SAnoob Joseph struct ipsec_test_data *td_in) 139474f1202SAnoob Joseph { 140474f1202SAnoob Joseph memcpy(td_in, td_out, sizeof(*td_in)); 141474f1202SAnoob Joseph 142474f1202SAnoob Joseph /* Populate output text of td_in with input text of td_out */ 143474f1202SAnoob Joseph memcpy(td_in->output_text.data, td_out->input_text.data, 144474f1202SAnoob Joseph td_out->input_text.len); 145474f1202SAnoob Joseph td_in->output_text.len = td_out->input_text.len; 146474f1202SAnoob Joseph 147474f1202SAnoob Joseph /* Populate input text of td_in with output text of td_out */ 148474f1202SAnoob Joseph memcpy(td_in->input_text.data, td_out->output_text.data, 149474f1202SAnoob Joseph td_out->output_text.len); 150474f1202SAnoob Joseph td_in->input_text.len = td_out->output_text.len; 151474f1202SAnoob Joseph 152474f1202SAnoob Joseph td_in->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; 153474f1202SAnoob Joseph 154474f1202SAnoob Joseph if (td_in->aead) { 155474f1202SAnoob Joseph td_in->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; 156474f1202SAnoob Joseph } else { 157474f1202SAnoob Joseph td_in->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; 158474f1202SAnoob Joseph td_in->xform.chain.cipher.cipher.op = 159474f1202SAnoob Joseph RTE_CRYPTO_CIPHER_OP_DECRYPT; 160474f1202SAnoob Joseph } 161474f1202SAnoob Joseph } 162474f1202SAnoob Joseph 1636622d9c9SAnoob Joseph void 1646622d9c9SAnoob Joseph test_ipsec_td_prepare(const struct crypto_param *param1, 1656622d9c9SAnoob Joseph const struct crypto_param *param2, 1666622d9c9SAnoob Joseph const struct ipsec_test_flags *flags, 1676622d9c9SAnoob Joseph struct ipsec_test_data *td_array, 1686622d9c9SAnoob Joseph int nb_td) 1696622d9c9SAnoob Joseph 1706622d9c9SAnoob Joseph { 1716622d9c9SAnoob Joseph struct ipsec_test_data *td; 1726622d9c9SAnoob Joseph int i; 1736622d9c9SAnoob Joseph 1746622d9c9SAnoob Joseph memset(td_array, 0, nb_td * sizeof(*td)); 1756622d9c9SAnoob Joseph 1766622d9c9SAnoob Joseph for (i = 0; i < nb_td; i++) { 1776622d9c9SAnoob Joseph td = &td_array[i]; 1786622d9c9SAnoob Joseph /* Copy template for packet & key fields */ 1796622d9c9SAnoob Joseph memcpy(td, &pkt_aes_256_gcm, sizeof(*td)); 1806622d9c9SAnoob Joseph 1816622d9c9SAnoob Joseph /* Override fields based on param */ 1826622d9c9SAnoob Joseph 1836622d9c9SAnoob Joseph if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) 1846622d9c9SAnoob Joseph td->aead = true; 1856622d9c9SAnoob Joseph else 1866622d9c9SAnoob Joseph td->aead = false; 1876622d9c9SAnoob Joseph 1886622d9c9SAnoob Joseph td->xform.aead.aead.algo = param1->alg.aead; 1896622d9c9SAnoob Joseph td->xform.aead.aead.key.length = param1->key_length; 1900532f50cSAnoob Joseph 1910532f50cSAnoob Joseph if (flags->iv_gen) 1920532f50cSAnoob Joseph td->ipsec_xform.options.iv_gen_disable = 0; 1934aa52f21SAnoob Joseph 1944aa52f21SAnoob Joseph if (flags->sa_expiry_pkts_soft) 1954aa52f21SAnoob Joseph td->ipsec_xform.life.packets_soft_limit = 1964aa52f21SAnoob Joseph IPSEC_TEST_PACKETS_MAX - 1; 1976622d9c9SAnoob Joseph } 1986622d9c9SAnoob Joseph 1996622d9c9SAnoob Joseph RTE_SET_USED(param2); 2006622d9c9SAnoob Joseph } 2016622d9c9SAnoob Joseph 2026622d9c9SAnoob Joseph void 2036622d9c9SAnoob Joseph test_ipsec_td_update(struct ipsec_test_data td_inb[], 2046622d9c9SAnoob Joseph const struct ipsec_test_data td_outb[], 2056622d9c9SAnoob Joseph int nb_td, 2066622d9c9SAnoob Joseph const struct ipsec_test_flags *flags) 2076622d9c9SAnoob Joseph { 2086622d9c9SAnoob Joseph int i; 2096622d9c9SAnoob Joseph 2106622d9c9SAnoob Joseph for (i = 0; i < nb_td; i++) { 2116622d9c9SAnoob Joseph memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data, 2126622d9c9SAnoob Joseph td_outb[i].input_text.len); 2136622d9c9SAnoob Joseph td_inb[i].output_text.len = td_outb->input_text.len; 2146622d9c9SAnoob Joseph 2150f453190STejasree Kondoj if (flags->icv_corrupt) { 2160f453190STejasree Kondoj int icv_pos = td_inb[i].input_text.len - 4; 2170f453190STejasree Kondoj td_inb[i].input_text.data[icv_pos] += 1; 2180f453190STejasree Kondoj } 219c8234341STejasree Kondoj 2206978f51eSAnoob Joseph if (flags->sa_expiry_pkts_hard) 2216978f51eSAnoob Joseph td_inb[i].ipsec_xform.life.packets_hard_limit = 2226978f51eSAnoob Joseph IPSEC_TEST_PACKETS_MAX - 1; 2236978f51eSAnoob Joseph 224c8234341STejasree Kondoj if (flags->udp_encap) 225c8234341STejasree Kondoj td_inb[i].ipsec_xform.options.udp_encap = 1; 2260532f50cSAnoob Joseph 227*9ec50a52STejasree Kondoj if (flags->udp_ports_verify) 228*9ec50a52STejasree Kondoj td_inb[i].ipsec_xform.options.udp_ports_verify = 1; 229*9ec50a52STejasree Kondoj 230270470eeSTejasree Kondoj td_inb[i].ipsec_xform.options.tunnel_hdr_verify = 231270470eeSTejasree Kondoj flags->tunnel_hdr_verify; 232270470eeSTejasree Kondoj 2330532f50cSAnoob Joseph /* Clear outbound specific flags */ 2340532f50cSAnoob Joseph td_inb[i].ipsec_xform.options.iv_gen_disable = 0; 2350f453190STejasree Kondoj } 2366622d9c9SAnoob Joseph } 2376622d9c9SAnoob Joseph 2386622d9c9SAnoob Joseph void 2396622d9c9SAnoob Joseph test_ipsec_display_alg(const struct crypto_param *param1, 2406622d9c9SAnoob Joseph const struct crypto_param *param2) 2416622d9c9SAnoob Joseph { 2426622d9c9SAnoob Joseph if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) 2436622d9c9SAnoob Joseph printf("\t%s [%d]\n", 2446622d9c9SAnoob Joseph rte_crypto_aead_algorithm_strings[param1->alg.aead], 2456622d9c9SAnoob Joseph param1->key_length); 2466622d9c9SAnoob Joseph 2476622d9c9SAnoob Joseph RTE_SET_USED(param2); 2486622d9c9SAnoob Joseph } 2496622d9c9SAnoob Joseph 250474f1202SAnoob Joseph static int 251474f1202SAnoob Joseph test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) 252474f1202SAnoob Joseph { 253474f1202SAnoob Joseph int len = 0; 254474f1202SAnoob Joseph 255474f1202SAnoob Joseph if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { 256474f1202SAnoob Joseph if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { 257474f1202SAnoob Joseph if (td->ipsec_xform.tunnel.type == 258474f1202SAnoob Joseph RTE_SECURITY_IPSEC_TUNNEL_IPV4) 259474f1202SAnoob Joseph len += sizeof(struct rte_ipv4_hdr); 260474f1202SAnoob Joseph else 261474f1202SAnoob Joseph len += sizeof(struct rte_ipv6_hdr); 262474f1202SAnoob Joseph } 263474f1202SAnoob Joseph } 264474f1202SAnoob Joseph 265474f1202SAnoob Joseph return len; 266474f1202SAnoob Joseph } 267474f1202SAnoob Joseph 268474f1202SAnoob Joseph static int 269cd928003STejasree Kondoj test_ipsec_iv_verify_push(struct rte_mbuf *m, const struct ipsec_test_data *td) 270cd928003STejasree Kondoj { 271cd928003STejasree Kondoj static uint8_t iv_queue[IV_LEN_MAX * IPSEC_TEST_PACKETS_MAX]; 272cd928003STejasree Kondoj uint8_t *iv_tmp, *output_text = rte_pktmbuf_mtod(m, uint8_t *); 273cd928003STejasree Kondoj int i, iv_pos, iv_len; 274cd928003STejasree Kondoj static int index; 275cd928003STejasree Kondoj 276cd928003STejasree Kondoj if (td->aead) 277cd928003STejasree Kondoj iv_len = td->xform.aead.aead.iv.length - td->salt.len; 278cd928003STejasree Kondoj else 279cd928003STejasree Kondoj iv_len = td->xform.chain.cipher.cipher.iv.length; 280cd928003STejasree Kondoj 281cd928003STejasree Kondoj iv_pos = test_ipsec_tunnel_hdr_len_get(td) + sizeof(struct rte_esp_hdr); 282cd928003STejasree Kondoj output_text += iv_pos; 283cd928003STejasree Kondoj 284cd928003STejasree Kondoj TEST_ASSERT(iv_len <= IV_LEN_MAX, "IV length greater than supported"); 285cd928003STejasree Kondoj 286cd928003STejasree Kondoj /* Compare against previous values */ 287cd928003STejasree Kondoj for (i = 0; i < index; i++) { 288cd928003STejasree Kondoj iv_tmp = &iv_queue[i * IV_LEN_MAX]; 289cd928003STejasree Kondoj 290cd928003STejasree Kondoj if (memcmp(output_text, iv_tmp, iv_len) == 0) { 291cd928003STejasree Kondoj printf("IV repeated"); 292cd928003STejasree Kondoj return TEST_FAILED; 293cd928003STejasree Kondoj } 294cd928003STejasree Kondoj } 295cd928003STejasree Kondoj 296cd928003STejasree Kondoj /* Save IV for future comparisons */ 297cd928003STejasree Kondoj 298cd928003STejasree Kondoj iv_tmp = &iv_queue[index * IV_LEN_MAX]; 299cd928003STejasree Kondoj memcpy(iv_tmp, output_text, iv_len); 300cd928003STejasree Kondoj index++; 301cd928003STejasree Kondoj 302cd928003STejasree Kondoj if (index == IPSEC_TEST_PACKETS_MAX) 303cd928003STejasree Kondoj index = 0; 304cd928003STejasree Kondoj 305cd928003STejasree Kondoj return TEST_SUCCESS; 306cd928003STejasree Kondoj } 307cd928003STejasree Kondoj 308cd928003STejasree Kondoj static int 309474f1202SAnoob Joseph test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, 3106622d9c9SAnoob Joseph bool silent, const struct ipsec_test_flags *flags) 311474f1202SAnoob Joseph { 312474f1202SAnoob Joseph uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); 313474f1202SAnoob Joseph uint32_t skip, len = rte_pktmbuf_pkt_len(m); 314474f1202SAnoob Joseph 3156978f51eSAnoob Joseph /* For tests with status as error for test success, skip verification */ 3166978f51eSAnoob Joseph if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && 3176978f51eSAnoob Joseph (flags->icv_corrupt || 318270470eeSTejasree Kondoj flags->sa_expiry_pkts_hard || 319270470eeSTejasree Kondoj flags->tunnel_hdr_verify)) 3200f453190STejasree Kondoj return TEST_SUCCESS; 3210f453190STejasree Kondoj 322c8234341STejasree Kondoj if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && 323c8234341STejasree Kondoj flags->udp_encap) { 324c8234341STejasree Kondoj const struct rte_ipv4_hdr *iph4; 325c8234341STejasree Kondoj const struct rte_ipv6_hdr *iph6; 326c8234341STejasree Kondoj 327c8234341STejasree Kondoj if (td->ipsec_xform.tunnel.type == 328c8234341STejasree Kondoj RTE_SECURITY_IPSEC_TUNNEL_IPV4) { 329c8234341STejasree Kondoj iph4 = (const struct rte_ipv4_hdr *)output_text; 330c8234341STejasree Kondoj if (iph4->next_proto_id != IPPROTO_UDP) { 331c8234341STejasree Kondoj printf("UDP header is not found\n"); 332c8234341STejasree Kondoj return TEST_FAILED; 333c8234341STejasree Kondoj } 334c8234341STejasree Kondoj } else { 335c8234341STejasree Kondoj iph6 = (const struct rte_ipv6_hdr *)output_text; 336c8234341STejasree Kondoj if (iph6->proto != IPPROTO_UDP) { 337c8234341STejasree Kondoj printf("UDP header is not found\n"); 338c8234341STejasree Kondoj return TEST_FAILED; 339c8234341STejasree Kondoj } 340c8234341STejasree Kondoj } 341c8234341STejasree Kondoj 342c8234341STejasree Kondoj len -= sizeof(struct rte_udp_hdr); 343c8234341STejasree Kondoj output_text += sizeof(struct rte_udp_hdr); 344c8234341STejasree Kondoj } 345c8234341STejasree Kondoj 346474f1202SAnoob Joseph if (len != td->output_text.len) { 347474f1202SAnoob Joseph printf("Output length (%d) not matching with expected (%d)\n", 348474f1202SAnoob Joseph len, td->output_text.len); 349474f1202SAnoob Joseph return TEST_FAILED; 350474f1202SAnoob Joseph } 351474f1202SAnoob Joseph 352474f1202SAnoob Joseph skip = test_ipsec_tunnel_hdr_len_get(td); 353474f1202SAnoob Joseph 354474f1202SAnoob Joseph len -= skip; 355474f1202SAnoob Joseph output_text += skip; 356474f1202SAnoob Joseph 357474f1202SAnoob Joseph if (memcmp(output_text, td->output_text.data + skip, len)) { 358474f1202SAnoob Joseph if (silent) 359474f1202SAnoob Joseph return TEST_FAILED; 360474f1202SAnoob Joseph 361474f1202SAnoob Joseph printf("TestCase %s line %d: %s\n", __func__, __LINE__, 362474f1202SAnoob Joseph "output text not as expected\n"); 363474f1202SAnoob Joseph 364474f1202SAnoob Joseph rte_hexdump(stdout, "expected", td->output_text.data + skip, 365474f1202SAnoob Joseph len); 366474f1202SAnoob Joseph rte_hexdump(stdout, "actual", output_text, len); 367474f1202SAnoob Joseph return TEST_FAILED; 368474f1202SAnoob Joseph } 369474f1202SAnoob Joseph 3706622d9c9SAnoob Joseph return TEST_SUCCESS; 3716622d9c9SAnoob Joseph } 3726622d9c9SAnoob Joseph 3736622d9c9SAnoob Joseph static int 3746622d9c9SAnoob Joseph test_ipsec_res_d_prepare(struct rte_mbuf *m, const struct ipsec_test_data *td, 3756622d9c9SAnoob Joseph struct ipsec_test_data *res_d) 3766622d9c9SAnoob Joseph { 3776622d9c9SAnoob Joseph uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); 3786622d9c9SAnoob Joseph uint32_t len = rte_pktmbuf_pkt_len(m); 3796622d9c9SAnoob Joseph 3806622d9c9SAnoob Joseph memcpy(res_d, td, sizeof(*res_d)); 3816622d9c9SAnoob Joseph memcpy(res_d->input_text.data, output_text, len); 3826622d9c9SAnoob Joseph res_d->input_text.len = len; 3836622d9c9SAnoob Joseph 3846622d9c9SAnoob Joseph res_d->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; 3856622d9c9SAnoob Joseph if (res_d->aead) { 3866622d9c9SAnoob Joseph res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; 3876622d9c9SAnoob Joseph } else { 3886622d9c9SAnoob Joseph printf("Only AEAD supported\n"); 3896622d9c9SAnoob Joseph return TEST_SKIPPED; 3906622d9c9SAnoob Joseph } 3916622d9c9SAnoob Joseph 392474f1202SAnoob Joseph return TEST_SUCCESS; 393474f1202SAnoob Joseph } 394474f1202SAnoob Joseph 395474f1202SAnoob Joseph int 396474f1202SAnoob Joseph test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, 3976622d9c9SAnoob Joseph struct ipsec_test_data *res_d, bool silent, 3986622d9c9SAnoob Joseph const struct ipsec_test_flags *flags) 399474f1202SAnoob Joseph { 400cd928003STejasree Kondoj int ret; 401cd928003STejasree Kondoj 402cd928003STejasree Kondoj if (flags->iv_gen && 403cd928003STejasree Kondoj td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { 404cd928003STejasree Kondoj ret = test_ipsec_iv_verify_push(m, td); 405cd928003STejasree Kondoj if (ret != TEST_SUCCESS) 406cd928003STejasree Kondoj return ret; 407cd928003STejasree Kondoj } 408cd928003STejasree Kondoj 409474f1202SAnoob Joseph /* 410474f1202SAnoob Joseph * In case of known vector tests & all inbound tests, res_d provided 411474f1202SAnoob Joseph * would be NULL and output data need to be validated against expected. 412474f1202SAnoob Joseph * For inbound, output_text would be plain packet and for outbound 413474f1202SAnoob Joseph * output_text would IPsec packet. Validate by comparing against 414474f1202SAnoob Joseph * known vectors. 4156622d9c9SAnoob Joseph * 4166622d9c9SAnoob Joseph * In case of combined mode tests, the output_text from outbound 4176622d9c9SAnoob Joseph * operation (ie, IPsec packet) would need to be inbound processed to 4186622d9c9SAnoob Joseph * obtain the plain text. Copy output_text to result data, 'res_d', so 4196622d9c9SAnoob Joseph * that inbound processing can be done. 420474f1202SAnoob Joseph */ 4216622d9c9SAnoob Joseph 4226622d9c9SAnoob Joseph if (res_d == NULL) 4236622d9c9SAnoob Joseph return test_ipsec_td_verify(m, td, silent, flags); 4246622d9c9SAnoob Joseph else 4256622d9c9SAnoob Joseph return test_ipsec_res_d_prepare(m, td, res_d); 426474f1202SAnoob Joseph } 427474f1202SAnoob Joseph 428474f1202SAnoob Joseph int 429474f1202SAnoob Joseph test_ipsec_status_check(struct rte_crypto_op *op, 4306622d9c9SAnoob Joseph const struct ipsec_test_flags *flags, 4314aa52f21SAnoob Joseph enum rte_security_ipsec_sa_direction dir, 4324aa52f21SAnoob Joseph int pkt_num) 433474f1202SAnoob Joseph { 434474f1202SAnoob Joseph int ret = TEST_SUCCESS; 435474f1202SAnoob Joseph 4366978f51eSAnoob Joseph if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && 4376978f51eSAnoob Joseph flags->sa_expiry_pkts_hard && 4386978f51eSAnoob Joseph pkt_num == IPSEC_TEST_PACKETS_MAX) { 4396978f51eSAnoob Joseph if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { 4406978f51eSAnoob Joseph printf("SA hard expiry (pkts) test failed\n"); 4416978f51eSAnoob Joseph return TEST_FAILED; 4426978f51eSAnoob Joseph } else { 4436978f51eSAnoob Joseph return TEST_SUCCESS; 4446978f51eSAnoob Joseph } 4456978f51eSAnoob Joseph } 4466978f51eSAnoob Joseph 447270470eeSTejasree Kondoj if ((dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && 448270470eeSTejasree Kondoj flags->tunnel_hdr_verify) { 449270470eeSTejasree Kondoj if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { 450270470eeSTejasree Kondoj printf("Tunnel header verify test case failed\n"); 451270470eeSTejasree Kondoj return TEST_FAILED; 452270470eeSTejasree Kondoj } else { 453270470eeSTejasree Kondoj return TEST_SUCCESS; 454270470eeSTejasree Kondoj } 455270470eeSTejasree Kondoj } 456270470eeSTejasree Kondoj 4570f453190STejasree Kondoj if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) { 4580f453190STejasree Kondoj if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { 4590f453190STejasree Kondoj printf("ICV corruption test case failed\n"); 4600f453190STejasree Kondoj ret = TEST_FAILED; 4610f453190STejasree Kondoj } 4620f453190STejasree Kondoj } else { 463474f1202SAnoob Joseph if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { 4644aa52f21SAnoob Joseph printf("Security op processing failed [pkt_num: %d]\n", 4654aa52f21SAnoob Joseph pkt_num); 4664aa52f21SAnoob Joseph ret = TEST_FAILED; 4674aa52f21SAnoob Joseph } 4684aa52f21SAnoob Joseph } 4694aa52f21SAnoob Joseph 4704aa52f21SAnoob Joseph if (flags->sa_expiry_pkts_soft && pkt_num == IPSEC_TEST_PACKETS_MAX) { 4714aa52f21SAnoob Joseph if (!(op->aux_flags & 4724aa52f21SAnoob Joseph RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY)) { 4734aa52f21SAnoob Joseph printf("SA soft expiry (pkts) test failed\n"); 474474f1202SAnoob Joseph ret = TEST_FAILED; 475474f1202SAnoob Joseph } 4760f453190STejasree Kondoj } 477474f1202SAnoob Joseph 478474f1202SAnoob Joseph return ret; 479474f1202SAnoob Joseph } 480