test/crypto: add PDCP C-Plane encap cases

PDCP control plane can support 5 bit and 12 bit
sequence number. This patch add test cases and test
vectors for all supported algo combinations of cipher+integrity
(NULL+NULL, NULL+AES, NULL+SNOW, NULL+ZUC,
 AES+NULL,  AES+SNOW, AES+AES,   AES+ZUC,
 SNOW+NULL, SNOW+AES, SNOW+SNOW, SNOW+ZUC,
 ZUC+NULL,  ZUC+AES,  ZUC+SNOW,  ZUC+ZUC).

The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
This commit is contained in:
Akhil Goyal 2019-10-01 00:57:40 +05:30
parent 75b3dddf95
commit d883e6e713
6 changed files with 2880 additions and 7 deletions

View File

@ -196,6 +196,7 @@ SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring_perf.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_blockcipher.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_asym.c
SRCS-$(CONFIG_RTE_LIBRTE_SECURITY) += test_cryptodev_security_pdcp.c
SRCS-$(CONFIG_RTE_LIBRTE_METRICS) += test_metrics.c

View File

@ -30,6 +30,7 @@ test_sources = files('commands.c',
'test_cryptodev.c',
'test_cryptodev_asym.c',
'test_cryptodev_blockcipher.c',
'test_cryptodev_security_pdcp.c',
'test_cycles.c',
'test_debug.c',
'test_distributor.c',

View File

@ -38,6 +38,10 @@
#include "test_cryptodev_zuc_test_vectors.h"
#include "test_cryptodev_aead_test_vectors.h"
#include "test_cryptodev_hmac_test_vectors.h"
#ifdef RTE_LIBRTE_SECURITY
#include "test_cryptodev_security_pdcp_test_vectors.h"
#include "test_cryptodev_security_pdcp_test_func.h"
#endif
#define VDEV_ARGS_SIZE 100
#define MAX_NB_SESSIONS 4
@ -65,8 +69,11 @@ struct crypto_unittest_params {
struct rte_crypto_sym_xform auth_xform;
struct rte_crypto_sym_xform aead_xform;
struct rte_cryptodev_sym_session *sess;
union {
struct rte_cryptodev_sym_session *sess;
struct rte_security_session *sec_session;
};
enum rte_security_session_action_type type;
struct rte_crypto_op *op;
struct rte_mbuf *obuf, *ibuf;
@ -566,11 +573,21 @@ ut_teardown(void)
struct rte_cryptodev_stats stats;
/* free crypto session structure */
if (ut_params->sess) {
rte_cryptodev_sym_session_clear(ts_params->valid_devs[0],
ut_params->sess);
rte_cryptodev_sym_session_free(ut_params->sess);
ut_params->sess = NULL;
if (ut_params->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
if (ut_params->sec_session) {
rte_security_session_destroy(rte_cryptodev_get_sec_ctx
(ts_params->valid_devs[0]),
ut_params->sec_session);
ut_params->sec_session = NULL;
}
} else {
if (ut_params->sess) {
rte_cryptodev_sym_session_clear(
ts_params->valid_devs[0],
ut_params->sess);
rte_cryptodev_sym_session_free(ut_params->sess);
ut_params->sess = NULL;
}
}
/* free crypto operation structure */
@ -7021,6 +7038,185 @@ test_authenticated_encryption(const struct aead_test_data *tdata)
}
#ifdef RTE_LIBRTE_SECURITY
/* Basic algorithm run function for async inplace mode.
* Creates a session from input parameters and runs one operation
* on input_vec. Checks the output of the crypto operation against
* output_vec.
*/
static int
test_pdcp_proto(int i, int oop,
enum rte_crypto_cipher_operation opc,
enum rte_crypto_auth_operation opa,
uint8_t *input_vec,
unsigned int input_vec_len,
uint8_t *output_vec,
unsigned int output_vec_len)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
uint8_t *plaintext;
int ret = TEST_SUCCESS;
/* Generate test mbuf data */
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
/* clear mbuf payload */
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
input_vec_len);
memcpy(plaintext, input_vec, input_vec_len);
/* Out of place support */
if (oop) {
/*
* For out-op-place we need to alloc another mbuf
*/
ut_params->obuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
rte_pktmbuf_append(ut_params->obuf, output_vec_len);
}
/* Set crypto type as IPSEC */
ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
/* Setup Cipher Parameters */
ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
ut_params->cipher_xform.cipher.algo = pdcp_test_params[i].cipher_alg;
ut_params->cipher_xform.cipher.op = opc;
ut_params->cipher_xform.cipher.key.data = pdcp_test_crypto_key[i];
ut_params->cipher_xform.cipher.key.length =
pdcp_test_params[i].cipher_key_len;
ut_params->cipher_xform.cipher.iv.length = 0;
/* Setup HMAC Parameters if ICV header is required */
if (pdcp_test_params[i].auth_alg != 0) {
ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
ut_params->auth_xform.next = NULL;
ut_params->auth_xform.auth.algo = pdcp_test_params[i].auth_alg;
ut_params->auth_xform.auth.op = opa;
ut_params->auth_xform.auth.key.data = pdcp_test_auth_key[i];
ut_params->auth_xform.auth.key.length =
pdcp_test_params[i].auth_key_len;
ut_params->cipher_xform.next = &ut_params->auth_xform;
} else {
ut_params->cipher_xform.next = NULL;
}
struct rte_security_session_conf sess_conf = {
.action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
.protocol = RTE_SECURITY_PROTOCOL_PDCP,
{.pdcp = {
.bearer = pdcp_test_bearer[i],
.domain = pdcp_test_params[i].domain,
.pkt_dir = pdcp_test_packet_direction[i],
.sn_size = pdcp_test_data_sn_size[i],
.hfn = pdcp_test_hfn[i],
.hfn_threshold = pdcp_test_hfn_threshold[i],
} },
.crypto_xform = &ut_params->cipher_xform
};
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ts_params->valid_devs[0]);
/* Create security session */
ut_params->sec_session = rte_security_session_create(ctx,
&sess_conf, ts_params->session_mpool);
if (!ut_params->sec_session) {
printf("TestCase %s()-%d line %d failed %s: ",
__func__, i, __LINE__, "Failed to allocate session");
ret = TEST_FAILED;
goto on_err;
}
/* Generate crypto op data structure */
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC);
if (!ut_params->op) {
printf("TestCase %s()-%d line %d failed %s: ",
__func__, i, __LINE__,
"Failed to allocate symmetric crypto operation struct");
ret = TEST_FAILED;
goto on_err;
}
rte_security_attach_session(ut_params->op, ut_params->sec_session);
/* set crypto operation source mbuf */
ut_params->op->sym->m_src = ut_params->ibuf;
if (oop)
ut_params->op->sym->m_dst = ut_params->obuf;
/* Process crypto operation */
if (process_crypto_request(ts_params->valid_devs[0], ut_params->op)
== NULL) {
printf("TestCase %s()-%d line %d failed %s: ",
__func__, i, __LINE__,
"failed to process sym crypto op");
ret = TEST_FAILED;
goto on_err;
}
if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
printf("TestCase %s()-%d line %d failed %s: ",
__func__, i, __LINE__, "crypto op processing failed");
ret = TEST_FAILED;
goto on_err;
}
/* Validate obuf */
uint8_t *ciphertext = rte_pktmbuf_mtod(ut_params->op->sym->m_src,
uint8_t *);
if (oop) {
ciphertext = rte_pktmbuf_mtod(ut_params->op->sym->m_dst,
uint8_t *);
}
if (memcmp(ciphertext, output_vec, output_vec_len)) {
printf("\n=======PDCP TestCase #%d failed: Data Mismatch ", i);
rte_hexdump(stdout, "encrypted", ciphertext, output_vec_len);
rte_hexdump(stdout, "reference", output_vec, output_vec_len);
ret = TEST_FAILED;
goto on_err;
}
on_err:
rte_crypto_op_free(ut_params->op);
ut_params->op = NULL;
if (ut_params->sec_session)
rte_security_session_destroy(ctx, ut_params->sec_session);
ut_params->sec_session = NULL;
rte_pktmbuf_free(ut_params->ibuf);
ut_params->ibuf = NULL;
if (oop) {
rte_pktmbuf_free(ut_params->obuf);
ut_params->obuf = NULL;
}
return ret;
}
int
test_pdcp_proto_cplane_encap(int i)
{
return test_pdcp_proto(i, 0,
RTE_CRYPTO_CIPHER_OP_ENCRYPT,
RTE_CRYPTO_AUTH_OP_GENERATE,
pdcp_test_data_in[i],
pdcp_test_data_in_len[i],
pdcp_test_data_out[i],
pdcp_test_data_in_len[i]+4);
}
#endif
static int
test_AES_GCM_authenticated_encryption_test_case_1(void)
{
@ -11433,6 +11629,10 @@ static struct unit_test_suite cryptodev_dpaa_sec_testsuite = {
TEST_CASE_ST(ut_setup, ut_teardown,
test_authonly_dpaa_sec_all),
#ifdef RTE_LIBRTE_SECURITY
TEST_CASE_ST(ut_setup, ut_teardown,
test_PDCP_PROTO_cplane_encap_all),
#endif
/** AES GCM Authenticated Encryption */
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_authenticated_encryption_test_case_1),
@ -11538,6 +11738,10 @@ static struct unit_test_suite cryptodev_dpaa2_sec_testsuite = {
TEST_CASE_ST(ut_setup, ut_teardown,
test_authonly_dpaa2_sec_all),
#ifdef RTE_LIBRTE_SECURITY
TEST_CASE_ST(ut_setup, ut_teardown,
test_PDCP_PROTO_cplane_encap_all),
#endif
/** AES GCM Authenticated Encryption */
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_authenticated_encryption_test_case_1),

View File

@ -0,0 +1,140 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (C) 2015-2016 Freescale Semiconductor,Inc.
* Copyright 2018-2019 NXP
*/
#include <time.h>
#include <rte_common.h>
#include <rte_hexdump.h>
#include <rte_mbuf.h>
#include <rte_malloc.h>
#include <rte_memcpy.h>
#include <rte_pause.h>
#include <rte_bus_vdev.h>
#include <rte_byteorder.h>
#include <rte_crypto.h>
#include <rte_cryptodev.h>
#include <rte_cryptodev_pmd.h>
#include <rte_security.h>
#include <rte_lcore.h>
#include "test.h"
#include "test_cryptodev_security_pdcp_test_func.h"
static int cplane_encap(uint32_t sn_size, uint8_t dir,
enum enc_alg_off enc_alg_off,
enum auth_alg_off auth_alg_off)
{
int i = 0;
switch (sn_size) {
case 5:
i = PDCP_CPLANE_OFFSET + enc_alg_off +
auth_alg_off + ((dir == 0) ?
UPLINK : DOWNLINK);
break;
case 12:
i = PDCP_CPLANE_LONG_SN_OFFSET + enc_alg_off +
auth_alg_off + ((dir == 0) ?
UPLINK : DOWNLINK);
break;
default:
printf("\nInvalid SN: %u for %s\n", sn_size, __func__);
}
return test_pdcp_proto_cplane_encap(i);
}
#define TEST_PDCP_COUNT(func) do { \
if (func == TEST_SUCCESS) { \
printf("\t%d)", n++); \
printf(#func"-PASS\n"); \
i++; \
} else { \
printf("\t%d)", n++); \
printf("+++++ FAILED:" #func"\n"); \
} \
} while (0)
int
test_PDCP_PROTO_cplane_encap_all(void)
{
int i = 0, n = 0;
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, NULL_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, NULL_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, NULL_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, NULL_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, NULL_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, NULL_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, NULL_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, NULL_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, SNOW_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, SNOW_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, SNOW_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, SNOW_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, SNOW_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, SNOW_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, SNOW_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, SNOW_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, AES_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, AES_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, AES_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, AES_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, AES_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, AES_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, AES_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, AES_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, ZUC_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, ZUC_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, ZUC_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, ZUC_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, ZUC_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, ZUC_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, UPLINK, ZUC_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(5, DOWNLINK, ZUC_ENC, ZUC_AUTH));
/* For 12-bit SN */
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, NULL_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, NULL_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, NULL_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, NULL_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, NULL_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, NULL_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, NULL_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, NULL_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, SNOW_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, SNOW_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, SNOW_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, SNOW_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, SNOW_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, SNOW_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, SNOW_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, SNOW_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, AES_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, AES_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, AES_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, AES_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, AES_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, AES_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, AES_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, AES_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, ZUC_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, ZUC_ENC, NULL_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, ZUC_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, ZUC_ENC, SNOW_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, ZUC_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, ZUC_ENC, AES_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, UPLINK, ZUC_ENC, ZUC_AUTH));
TEST_PDCP_COUNT(cplane_encap(12, DOWNLINK, ZUC_ENC, ZUC_AUTH));
if (n - i)
printf("## %s: %d passed out of %d\n", __func__, i, n);
return n - i;
};

View File

@ -0,0 +1,36 @@
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright 2019 NXP
*/
#ifndef SECURITY_PDCP_TEST_FUNC_H_
#define SECURITY_PDCP_TEST_FUNC_H_
#define PDCP_CPLANE_OFFSET 0
#define PDCP_CPLANE_LONG_SN_OFFSET 32
#define LONG_SEQ_NUM_OFFSET 0
#define SHORT_SEQ_NUM_OFFSET 2
#define FIFTEEN_BIT_SEQ_NUM_OFFSET 4
#define EIGHTEEN_BIT_SEQ_NUM_OFFSET 6
#define UPLINK 0
#define DOWNLINK 1
/* key length(in bytes) for F8 */
#define F8_KEY_LEN 16
enum enc_alg_off {
NULL_ENC = 0,
SNOW_ENC = 8,
AES_ENC = 16,
ZUC_ENC = 24
};
enum auth_alg_off {
NULL_AUTH = 0,
SNOW_AUTH = 2,
AES_AUTH = 4,
ZUC_AUTH = 6
};
int test_pdcp_proto_cplane_encap(int i);
int test_PDCP_PROTO_cplane_encap_all(void);
#endif /* SECURITY_PDCP_TEST_FUNC_H_ */

File diff suppressed because it is too large Load Diff