From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>
Cc: Harry van Haaren <harry.van.haaren@intel.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>,
<dev@dpdk.org>, Vidya Sagar Velumuri <vvelumuri@marvell.com>
Subject: [PATCH 01/14] test/crypto: move security caps checks to separate file
Date: Thu, 7 Dec 2023 18:32:03 +0530 [thread overview]
Message-ID: <20231207130216.140-2-anoobj@marvell.com> (raw)
In-Reply-To: <20231207130216.140-1-anoobj@marvell.com>
Move routines performing security caps verifications to a separate file
to allow the usage of same for other protocol tests such as TLS record.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
app/test-security-perf/meson.build | 1 +
app/test-security-perf/test_security_perf.c | 17 ++---
app/test/meson.build | 1 +
app/test/test_cryptodev.c | 17 ++---
app/test/test_cryptodev_security_ipsec.c | 78 -------------------
app/test/test_cryptodev_security_ipsec.h | 12 ---
app/test/test_security_inline_proto.c | 12 +--
app/test/test_security_proto.c | 83 +++++++++++++++++++++
app/test/test_security_proto.h | 20 +++++
9 files changed, 121 insertions(+), 120 deletions(-)
create mode 100644 app/test/test_security_proto.c
create mode 100644 app/test/test_security_proto.h
diff --git a/app/test-security-perf/meson.build b/app/test-security-perf/meson.build
index 076999022e..547de9c908 100644
--- a/app/test-security-perf/meson.build
+++ b/app/test-security-perf/meson.build
@@ -10,5 +10,6 @@ endif
sources = files(
'test_security_perf.c',
'../test/test_cryptodev_security_ipsec.c',
+ '../test/test_security_proto.c',
)
deps += ['security', 'cmdline']
diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c
index 4dfaca4800..c64f20e76c 100644
--- a/app/test-security-perf/test_security_perf.c
+++ b/app/test-security-perf/test_security_perf.c
@@ -16,6 +16,7 @@
#include <app/test/test_cryptodev.h>
#include <app/test/test_cryptodev_security_ipsec.h>
#include <app/test/test_cryptodev_security_ipsec_test_vectors.h>
+#include <app/test/test_security_proto.h>
#define NB_DESC 4096
#define DEF_NB_SESSIONS (16 * 10 * 1024) /* 16 * 10K tunnels */
@@ -258,9 +259,7 @@ sec_conf_init(struct lcore_conf *conf,
conf->aead_xform.aead.iv.offset = IV_OFFSET;
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_aead_verify(
- sec_cap,
- &conf->aead_xform) != 0) {
+ if (test_sec_crypto_caps_aead_verify(sec_cap, &conf->aead_xform) != 0) {
RTE_LOG(ERR, USER1,
"Crypto capabilities not supported\n");
return -1;
@@ -270,9 +269,7 @@ sec_conf_init(struct lcore_conf *conf,
sizeof(conf->auth_xform));
conf->auth_xform.auth.key.data = td[0].auth_key.data;
- if (test_ipsec_crypto_caps_auth_verify(
- sec_cap,
- &conf->auth_xform) != 0) {
+ if (test_sec_crypto_caps_auth_verify(sec_cap, &conf->auth_xform) != 0) {
RTE_LOG(INFO, USER1,
"Auth crypto capabilities not supported\n");
return -1;
@@ -288,17 +285,13 @@ sec_conf_init(struct lcore_conf *conf,
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_cipher_verify(
- sec_cap,
- &conf->cipher_xform) != 0) {
+ if (test_sec_crypto_caps_cipher_verify(sec_cap, &conf->cipher_xform) != 0) {
RTE_LOG(ERR, USER1,
"Cipher crypto capabilities not supported\n");
return -1;
}
- if (test_ipsec_crypto_caps_auth_verify(
- sec_cap,
- &conf->auth_xform) != 0) {
+ if (test_sec_crypto_caps_auth_verify(sec_cap, &conf->auth_xform) != 0) {
RTE_LOG(ERR, USER1,
"Auth crypto capabilities not supported\n");
return -1;
diff --git a/app/test/meson.build b/app/test/meson.build
index dcc93f4a43..58e120a6ab 100644
--- a/app/test/meson.build
+++ b/app/test/meson.build
@@ -169,6 +169,7 @@ source_file_deps = {
'test_security.c': ['net', 'security'],
'test_security_inline_macsec.c': ['ethdev', 'security'],
'test_security_inline_proto.c': ['ethdev', 'security', 'eventdev'] + test_cryptodev_deps,
+ 'test_security_proto.c' : ['cryptodev', 'security'],
'test_seqlock.c': [],
'test_service_cores.c': [],
'test_spinlock.c': [],
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 58561ededf..9644566acc 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -53,6 +53,7 @@
#include "test_cryptodev_security_pdcp_sdap_test_vectors.h"
#include "test_cryptodev_security_pdcp_test_func.h"
#include "test_cryptodev_security_docsis_test_vectors.h"
+#include "test_security_proto.h"
#define SDAP_DISABLED 0
#define SDAP_ENABLED 1
@@ -10229,9 +10230,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
ut_params->aead_xform.aead.iv.offset = IV_OFFSET;
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_aead_verify(
- sec_cap,
- &ut_params->aead_xform) != 0) {
+ if (test_sec_crypto_caps_aead_verify(sec_cap, &ut_params->aead_xform) != 0) {
if (!silent)
RTE_LOG(INFO, USER1,
"Crypto capabilities not supported\n");
@@ -10242,9 +10241,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
sizeof(ut_params->auth_xform));
ut_params->auth_xform.auth.key.data = td[0].auth_key.data;
- if (test_ipsec_crypto_caps_auth_verify(
- sec_cap,
- &ut_params->auth_xform) != 0) {
+ if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) {
if (!silent)
RTE_LOG(INFO, USER1,
"Auth crypto capabilities not supported\n");
@@ -10261,18 +10258,14 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_cipher_verify(
- sec_cap,
- &ut_params->cipher_xform) != 0) {
+ if (test_sec_crypto_caps_cipher_verify(sec_cap, &ut_params->cipher_xform) != 0) {
if (!silent)
RTE_LOG(INFO, USER1,
"Cipher crypto capabilities not supported\n");
return TEST_SKIPPED;
}
- if (test_ipsec_crypto_caps_auth_verify(
- sec_cap,
- &ut_params->auth_xform) != 0) {
+ if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) {
if (!silent)
RTE_LOG(INFO, USER1,
"Auth crypto capabilities not supported\n");
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 205714b270..01e0a45ffd 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -224,84 +224,6 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
return 0;
}
-int
-test_ipsec_crypto_caps_aead_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *aead)
-{
- const struct rte_cryptodev_symmetric_capability *sym_cap;
- const struct rte_cryptodev_capabilities *crypto_cap;
- int j = 0;
-
- while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op !=
- RTE_CRYPTO_OP_TYPE_UNDEFINED) {
- if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
- crypto_cap->sym.xform_type == aead->type &&
- crypto_cap->sym.aead.algo == aead->aead.algo) {
- sym_cap = &crypto_cap->sym;
- if (rte_cryptodev_sym_capability_check_aead(sym_cap,
- aead->aead.key.length,
- aead->aead.digest_length,
- aead->aead.aad_length,
- aead->aead.iv.length) == 0)
- return 0;
- }
- }
-
- return -ENOTSUP;
-}
-
-int
-test_ipsec_crypto_caps_cipher_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *cipher)
-{
- const struct rte_cryptodev_symmetric_capability *sym_cap;
- const struct rte_cryptodev_capabilities *cap;
- int j = 0;
-
- while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
- RTE_CRYPTO_OP_TYPE_UNDEFINED) {
- if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
- cap->sym.xform_type == cipher->type &&
- cap->sym.cipher.algo == cipher->cipher.algo) {
- sym_cap = &cap->sym;
- if (rte_cryptodev_sym_capability_check_cipher(sym_cap,
- cipher->cipher.key.length,
- cipher->cipher.iv.length) == 0)
- return 0;
- }
- }
-
- return -ENOTSUP;
-}
-
-int
-test_ipsec_crypto_caps_auth_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *auth)
-{
- const struct rte_cryptodev_symmetric_capability *sym_cap;
- const struct rte_cryptodev_capabilities *cap;
- int j = 0;
-
- while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
- RTE_CRYPTO_OP_TYPE_UNDEFINED) {
- if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
- cap->sym.xform_type == auth->type &&
- cap->sym.auth.algo == auth->auth.algo) {
- sym_cap = &cap->sym;
- if (rte_cryptodev_sym_capability_check_auth(sym_cap,
- auth->auth.key.length,
- auth->auth.digest_length,
- auth->auth.iv.length) == 0)
- return 0;
- }
- }
-
- return -ENOTSUP;
-}
-
void
test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
struct ipsec_test_data *td_in)
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index d7fc562751..dc1b4c4a80 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -263,18 +263,6 @@ int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
const struct rte_security_capability *sec_cap,
bool silent);
-int test_ipsec_crypto_caps_aead_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *aead);
-
-int test_ipsec_crypto_caps_cipher_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *cipher);
-
-int test_ipsec_crypto_caps_auth_verify(
- const struct rte_security_capability *sec_cap,
- struct rte_crypto_sym_xform *auth);
-
void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
struct ipsec_test_data *td_in);
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 78a2064b65..9644a3c39c 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -12,6 +12,7 @@
#include "test.h"
#include "test_security_inline_proto_vectors.h"
+#include "test_security_proto.h"
#ifdef RTE_EXEC_ENV_WINDOWS
static int
@@ -248,8 +249,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
sizeof(struct rte_crypto_sym_xform));
sess_conf->crypto_xform->aead.key.data = sa->key.data;
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_aead_verify(sec_cap,
- sess_conf->crypto_xform) != 0) {
+ if (test_sec_crypto_caps_aead_verify(sec_cap, sess_conf->crypto_xform) != 0) {
RTE_LOG(INFO, USER1,
"Crypto capabilities not supported\n");
return TEST_SKIPPED;
@@ -268,14 +268,14 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
sess_conf->crypto_xform->next->auth.key.data =
sa->auth_key.data;
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_cipher_verify(sec_cap,
+ if (test_sec_crypto_caps_cipher_verify(sec_cap,
sess_conf->crypto_xform) != 0) {
RTE_LOG(INFO, USER1,
"Cipher crypto capabilities not supported\n");
return TEST_SKIPPED;
}
- if (test_ipsec_crypto_caps_auth_verify(sec_cap,
+ if (test_sec_crypto_caps_auth_verify(sec_cap,
sess_conf->crypto_xform->next) != 0) {
RTE_LOG(INFO, USER1,
"Auth crypto capabilities not supported\n");
@@ -294,14 +294,14 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
sa->key.data;
/* Verify crypto capabilities */
- if (test_ipsec_crypto_caps_cipher_verify(sec_cap,
+ if (test_sec_crypto_caps_cipher_verify(sec_cap,
sess_conf->crypto_xform->next) != 0) {
RTE_LOG(INFO, USER1,
"Cipher crypto capabilities not supported\n");
return TEST_SKIPPED;
}
- if (test_ipsec_crypto_caps_auth_verify(sec_cap,
+ if (test_sec_crypto_caps_auth_verify(sec_cap,
sess_conf->crypto_xform) != 0) {
RTE_LOG(INFO, USER1,
"Auth crypto capabilities not supported\n");
diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c
new file mode 100644
index 0000000000..bc4c5e11d2
--- /dev/null
+++ b/app/test/test_security_proto.c
@@ -0,0 +1,83 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#include <rte_cryptodev.h>
+#include <rte_security.h>
+
+#include "test_security_proto.h"
+
+int
+test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *aead)
+{
+ const struct rte_cryptodev_symmetric_capability *sym_cap;
+ const struct rte_cryptodev_capabilities *crypto_cap;
+ int j = 0;
+
+ while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op !=
+ RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+ if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
+ crypto_cap->sym.xform_type == aead->type &&
+ crypto_cap->sym.aead.algo == aead->aead.algo) {
+ sym_cap = &crypto_cap->sym;
+ if (rte_cryptodev_sym_capability_check_aead(sym_cap,
+ aead->aead.key.length,
+ aead->aead.digest_length,
+ aead->aead.aad_length,
+ aead->aead.iv.length) == 0)
+ return 0;
+ }
+ }
+
+ return -ENOTSUP;
+}
+
+int
+test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *cipher)
+{
+ const struct rte_cryptodev_symmetric_capability *sym_cap;
+ const struct rte_cryptodev_capabilities *cap;
+ int j = 0;
+
+ while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
+ RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+ if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
+ cap->sym.xform_type == cipher->type &&
+ cap->sym.cipher.algo == cipher->cipher.algo) {
+ sym_cap = &cap->sym;
+ if (rte_cryptodev_sym_capability_check_cipher(sym_cap,
+ cipher->cipher.key.length,
+ cipher->cipher.iv.length) == 0)
+ return 0;
+ }
+ }
+
+ return -ENOTSUP;
+}
+
+int
+test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *auth)
+{
+ const struct rte_cryptodev_symmetric_capability *sym_cap;
+ const struct rte_cryptodev_capabilities *cap;
+ int j = 0;
+
+ while ((cap = &sec_cap->crypto_capabilities[j++])->op !=
+ RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+ if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&
+ cap->sym.xform_type == auth->type &&
+ cap->sym.auth.algo == auth->auth.algo) {
+ sym_cap = &cap->sym;
+ if (rte_cryptodev_sym_capability_check_auth(sym_cap,
+ auth->auth.key.length,
+ auth->auth.digest_length,
+ auth->auth.iv.length) == 0)
+ return 0;
+ }
+ }
+
+ return -ENOTSUP;
+}
diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h
new file mode 100644
index 0000000000..b91181384b
--- /dev/null
+++ b/app/test/test_security_proto.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#ifndef _TEST_SECURITY_PROTO_H_
+#define _TEST_SECURITY_PROTO_H_
+
+#include <rte_cryptodev.h>
+#include <rte_security.h>
+
+int test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *aead);
+
+int test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *cipher);
+
+int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap,
+ struct rte_crypto_sym_xform *auth);
+
+#endif
--
2.25.1
next prev parent reply other threads:[~2023-12-07 13:02 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 13:02 [PATCH 00/14] Add TLS record test suite Anoob Joseph
2023-12-07 13:02 ` Anoob Joseph [this message]
2023-12-07 13:02 ` [PATCH 02/14] test/crypto: move algorithm list to common Anoob Joseph
2023-12-07 13:02 ` [PATCH 03/14] test/crypto: move algorithm display routines " Anoob Joseph
2023-12-07 13:02 ` [PATCH 04/14] test/security: add sha1-hmac to auth list Anoob Joseph
2023-12-07 13:02 ` [PATCH 05/14] test/crypto: move algorithm framework to common Anoob Joseph
2023-12-07 13:02 ` [PATCH 06/14] test/crypto: add TLS record tests Anoob Joseph
2023-12-07 13:02 ` [PATCH 07/14] test/crypto: add AES-GCM 128 TLS 1.2 vector Anoob Joseph
2023-12-07 13:02 ` [PATCH 08/14] test/crypto: add TLS1.2 vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 09/14] test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 10/14] test/crypto: add combined mode cases Anoob Joseph
2023-12-07 13:02 ` [PATCH 11/14] test/crypto: add verification of TLS headers Anoob Joseph
2023-12-07 13:02 ` [PATCH 12/14] test/security: add more algos to combined tests Anoob Joseph
2023-12-07 13:02 ` [PATCH 13/14] test/security: add TLS 1.2 and DTLS 1.2 vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 14/14] test/crypto: add multi segmented cases Anoob Joseph
2024-01-16 9:02 ` [PATCH 00/14] Add TLS record test suite Akhil Goyal
2024-01-19 8:55 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231207130216.140-2-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=harry.van.haaren@intel.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.