test/crypto: add outbound known vector cases for IV

Added outbound known vector test cases for IV generated by app. The tests would be skipped on PMDs which do not support IV provided by application. Signed-off-by: Anoob Joseph <anoobj@marvell.com> Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-09-07 21:47:42 +05:30 · 2021-09-07 21:47:42 +05:30 · 0532f50c0e
commit 0532f50c0e
parent c7c7f34739
2 changed files with 59 additions and 1 deletions
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@ -9026,6 +9026,22 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 		ut_params->op->sym->m_src = ut_params->ibuf;
 		ut_params->op->sym->m_dst = NULL;

+		/* Copy IV in crypto operation when IV generation is disabled */
+		if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+		    ipsec_xform.options.iv_gen_disable == 1) {
+			uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op,
+								uint8_t *,
+								IV_OFFSET);
+			int len;
+
+			if (td[i].aead)
+				len = td[i].xform.aead.aead.iv.length;
+			else
+				len = td[i].xform.chain.cipher.cipher.iv.length;
+
+			memcpy(iv, td[i].iv.data, len);
+		}
+
 		/* Process crypto operation */
 		process_crypto_request(dev_id, ut_params->op);

@ -9062,6 +9078,22 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 	return ret;
 }

+static int
+test_ipsec_proto_known_vec(const void *test_data)
+{
+	struct ipsec_test_data td_outb;
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	memcpy(&td_outb, test_data, sizeof(td_outb));
+
+	/* Disable IV gen to be able to test with known vectors */
+	td_outb.ipsec_xform.options.iv_gen_disable = 1;
+
+	return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
+}
+
 static int
 test_ipsec_proto_known_vec_inb(const void *td_outb)
 {
@ -14067,6 +14099,18 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 	.suite_name = "IPsec Proto Unit Test Suite",
 	.setup = ipsec_proto_testsuite_setup,
 	.unit_test_cases = {
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec, &pkt_aes_128_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec, &pkt_aes_192_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec, &pkt_aes_256_gcm),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
 			ut_setup_security, ut_teardown,
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@ -77,6 +77,15 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 		return -ENOTSUP;
 	}

+	if ((ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) &&
+	    (ipsec_xform->options.iv_gen_disable == 1) &&
+	    (sec_cap->ipsec.options.iv_gen_disable != 1)) {
+		if (!silent)
+			RTE_LOG(INFO, USER1,
+				"Application provided IV is not supported\n");
+		return -ENOTSUP;
+	}
+
 	return 0;
 }

@ -161,9 +170,11 @@ test_ipsec_td_prepare(const struct crypto_param *param1,

 		td->xform.aead.aead.algo = param1->alg.aead;
 		td->xform.aead.aead.key.length = param1->key_length;
+
+		if (flags->iv_gen)
+			td->ipsec_xform.options.iv_gen_disable = 0;
 	}

-	RTE_SET_USED(flags);
 	RTE_SET_USED(param2);
 }

@ -187,6 +198,9 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[],

 		if (flags->udp_encap)
 			td_inb[i].ipsec_xform.options.udp_encap = 1;
+
+		/* Clear outbound specific flags */
+		td_inb[i].ipsec_xform.options.iv_gen_disable = 0;
 	}
 }