2 * Copyright (c) 2019 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #include <vlib/vlib.h>
16 #include <vppinfra/time.h>
17 #include <vppinfra/cache.h>
18 #include <vppinfra/error.h>
19 #include <vnet/crypto/crypto.h>
20 #include <unittest/crypto/crypto.h>
22 crypto_test_main_t crypto_test_main;
25 sort_registrations (void *a0, void *a1)
27 unittest_crypto_test_registration_t **r0 = a0;
28 unittest_crypto_test_registration_t **r1 = a1;
30 return (strncmp (r0[0]->name, r1[0]->name, 256));
34 test_crypto (vlib_main_t * vm, crypto_test_main_t * tm)
36 vnet_crypto_main_t *cm = &crypto_main;
37 unittest_crypto_test_registration_t *r = tm->test_registrations;
38 unittest_crypto_test_registration_t **rv = 0;
39 vnet_crypto_alg_data_t *ad;
40 vnet_crypto_op_t *ops = 0, *op;
41 vnet_crypto_key_index_t *key_indices = 0;
42 u8 *computed_data = 0, *s = 0, *err = 0;
43 u32 computed_data_total_len = 0, n_ops = 0;
46 /* construct registration vector */
50 ad = vec_elt_at_index (cm->algs, r->alg);
52 for (i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++)
54 vnet_crypto_op_id_t id = ad->op_by_type[i];
61 case VNET_CRYPTO_OP_TYPE_ENCRYPT:
62 case VNET_CRYPTO_OP_TYPE_DECRYPT:
63 case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
64 computed_data_total_len += r->ciphertext.length;
67 case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
68 computed_data_total_len += r->ciphertext.length;
69 computed_data_total_len += r->tag.length;
72 case VNET_CRYPTO_OP_TYPE_HMAC:
73 computed_data_total_len += r->digest.length;
85 /* no tests registered */
89 vec_sort_with_function (rv, sort_registrations);
91 vec_validate_aligned (computed_data, computed_data_total_len - 1,
92 CLIB_CACHE_LINE_BYTES);
93 vec_validate_aligned (ops, n_ops - 1, CLIB_CACHE_LINE_BYTES);
94 computed_data_total_len = 0;
98 vec_foreach_index (i, rv)
102 ad = vec_elt_at_index (cm->algs, r->alg);
103 for (t = 0; t < VNET_CRYPTO_OP_N_TYPES; t++)
105 vnet_crypto_op_id_t id = ad->op_by_type[t];
110 vnet_crypto_op_init (op, id);
114 case VNET_CRYPTO_OP_TYPE_ENCRYPT:
115 case VNET_CRYPTO_OP_TYPE_DECRYPT:
117 op->iv_len = r->iv.length;
118 op->key_index = vnet_crypto_key_add (vm, r->alg,
121 vec_add1 (key_indices, op->key_index);
122 op->len = r->plaintext.length;
123 op->src = t == VNET_CRYPTO_OP_TYPE_ENCRYPT ?
124 r->plaintext.data : r->ciphertext.data;
125 op->dst = computed_data + computed_data_total_len;
126 computed_data_total_len += r->ciphertext.length;
128 case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
129 case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
131 op->iv_len = r->iv.length;
132 op->key_index = vnet_crypto_key_add (vm, r->alg,
135 vec_add1 (key_indices, op->key_index);
136 op->aad = r->aad.data;
137 op->aad_len = r->aad.length;
138 op->len = r->plaintext.length;
139 op->dst = computed_data + computed_data_total_len;
140 computed_data_total_len += r->ciphertext.length;
141 if (t == VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT)
143 op->src = r->plaintext.data;
144 op->tag = computed_data + computed_data_total_len;
145 computed_data_total_len += r->tag.length;
149 op->src = r->ciphertext.data;
150 op->tag = r->tag.data;
152 op->tag_len = r->tag.length;
154 case VNET_CRYPTO_OP_TYPE_HMAC:
155 op->key_index = vnet_crypto_key_add (vm, r->alg,
158 vec_add1 (key_indices, op->key_index);
159 op->src = r->plaintext.data;
160 op->len = r->plaintext.length;
161 op->digest_len = r->digest.length;
162 op->digest = computed_data + computed_data_total_len;
163 computed_data_total_len += r->digest.length;
175 vnet_crypto_process_ops (vm, ops, vec_len (ops));
178 vec_foreach (op, ops)
181 r = rv[op->user_data];
182 unittest_crypto_test_data_t *exp_pt = 0, *exp_ct = 0;
183 unittest_crypto_test_data_t *exp_digest = 0, *exp_tag = 0;
185 switch (vnet_crypto_get_op_type (op->op))
187 case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
190 case VNET_CRYPTO_OP_TYPE_ENCRYPT:
191 exp_ct = &r->ciphertext;
193 case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
194 case VNET_CRYPTO_OP_TYPE_DECRYPT:
195 exp_pt = &r->plaintext;
197 case VNET_CRYPTO_OP_TYPE_HMAC:
198 exp_digest = &r->digest;
204 vec_reset_length (err);
206 if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED)
207 err = format (err, "%sengine error: %U", vec_len (err) ? ", " : "",
208 format_vnet_crypto_op_status, op->status);
210 if (exp_ct && memcmp (op->dst, exp_ct->data, exp_ct->length) != 0)
211 err = format (err, "%sciphertext mismatch",
212 vec_len (err) ? ", " : "");
214 if (exp_pt && memcmp (op->dst, exp_pt->data, exp_pt->length) != 0)
215 err = format (err, "%splaintext mismatch", vec_len (err) ? ", " : "");
217 if (exp_tag && memcmp (op->tag, exp_tag->data, exp_tag->length) != 0)
218 err = format (err, "%stag mismatch", vec_len (err) ? ", " : "");
221 memcmp (op->digest, exp_digest->data, exp_digest->length) != 0)
222 err = format (err, "%sdigest mismatch", vec_len (err) ? ", " : "");
224 vec_reset_length (s);
225 s = format (s, "%s (%U)", r->name, format_vnet_crypto_op, op->op);
230 vlib_cli_output (vm, "%-60v%s%v", s, vec_len (err) ? "FAIL: " : "OK",
234 if (tm->verbose == 2)
238 vlib_cli_output (vm, "Expected ciphertext:\n%U"
239 "\nCalculated ciphertext:\n%U",
240 format_hexdump, exp_ct->data, exp_ct->length,
241 format_hexdump, op->dst, exp_ct->length);
243 vlib_cli_output (vm, "Expected plaintext:\n%U"
244 "\nCalculated plaintext:\n%U",
245 format_hexdump, exp_pt->data, exp_pt->length,
246 format_hexdump, op->dst, exp_pt->length);
247 if (r->tag.length && fail)
248 vlib_cli_output (vm, "Expected tag:\n%U"
249 "\nCalculated tag:\n%U",
250 format_hexdump, r->tag.data, r->tag.length,
251 format_hexdump, op->tag, op->tag_len);
252 if (exp_digest && fail)
253 vlib_cli_output (vm, "Expected digest:\n%U"
254 "\nCalculated Digest:\n%U",
255 format_hexdump, exp_digest->data,
256 exp_digest->length, format_hexdump, op->digest,
261 vec_foreach_index (i, key_indices)
262 vnet_crypto_key_del (vm, key_indices[i]);
265 vec_free (computed_data);
273 static clib_error_t *
274 test_crypto_perf (vlib_main_t * vm, crypto_test_main_t * tm)
276 vnet_crypto_main_t *cm = &crypto_main;
277 clib_error_t *err = 0;
278 u32 n_buffers, n_alloc = 0, warmup_rounds, rounds;
279 u32 *buffer_indices = 0;
280 vnet_crypto_op_t *ops1 = 0, *ops2 = 0, *op1, *op2;
281 vnet_crypto_alg_data_t *ad = vec_elt_at_index (cm->algs, tm->alg);
282 vnet_crypto_key_index_t key_index = ~0;
284 int buffer_size = vlib_buffer_get_default_data_size (vm);
285 u64 seed = clib_cpu_time_now ();
286 u64 t0[5], t1[5], t2[5], n_bytes = 0;
289 if (tm->buffer_size > buffer_size)
290 return clib_error_return (0, "buffer size must be <= %u", buffer_size);
292 rounds = tm->rounds ? tm->rounds : 100;
293 n_buffers = tm->n_buffers ? tm->n_buffers : 256;
294 buffer_size = tm->buffer_size ? tm->buffer_size : 2048;
295 warmup_rounds = tm->warmup_rounds ? tm->warmup_rounds : 100;
297 if (buffer_size > vlib_buffer_get_default_data_size (vm))
298 return clib_error_return (0, "buffer size too big");
300 vec_validate_aligned (buffer_indices, n_buffers - 1, CLIB_CACHE_LINE_BYTES);
301 vec_validate_aligned (ops1, n_buffers - 1, CLIB_CACHE_LINE_BYTES);
302 vec_validate_aligned (ops2, n_buffers - 1, CLIB_CACHE_LINE_BYTES);
304 n_alloc = vlib_buffer_alloc (vm, buffer_indices, n_buffers);
305 if (n_alloc != n_buffers)
308 vlib_buffer_free (vm, buffer_indices, n_alloc);
309 err = clib_error_return (0, "buffer alloc failure");
313 vlib_cli_output (vm, "%U: n_buffers %u buffer-size %u rounds %u "
315 format_vnet_crypto_alg, tm->alg, n_buffers, buffer_size,
316 rounds, warmup_rounds);
317 vlib_cli_output (vm, " cpu-freq %.2f GHz",
318 (f64) vm->clib_time.clocks_per_second * 1e-9);
320 vnet_crypto_op_type_t ot = 0;
322 for (i = 0; i < sizeof (key); i++)
325 key_index = vnet_crypto_key_add (vm, tm->alg, key, sizeof (key));
327 for (i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++)
329 vnet_crypto_op_id_t id = ad->op_by_type[i];
336 for (i = 0; i < n_buffers; i++)
338 vlib_buffer_t *b = vlib_get_buffer (vm, buffer_indices[i]);
344 case VNET_CRYPTO_OP_TYPE_ENCRYPT:
345 case VNET_CRYPTO_OP_TYPE_DECRYPT:
346 vnet_crypto_op_init (op1,
347 ad->op_by_type[VNET_CRYPTO_OP_TYPE_ENCRYPT]);
348 vnet_crypto_op_init (op2,
349 ad->op_by_type[VNET_CRYPTO_OP_TYPE_DECRYPT]);
350 op1->flags = VNET_CRYPTO_OP_FLAG_INIT_IV;
351 op1->src = op2->src = op1->dst = op2->dst = b->data;
352 op1->key_index = op2->key_index = key_index;
353 op1->iv = op2->iv = b->data - 64;
354 n_bytes += op1->len = op2->len = buffer_size;
356 case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
357 case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
358 vnet_crypto_op_init (op1,
360 [VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT]);
361 vnet_crypto_op_init (op2,
363 [VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT]);
364 op1->flags = VNET_CRYPTO_OP_FLAG_INIT_IV;
365 op1->src = op2->src = op1->dst = op2->dst = b->data;
366 op1->key_index = op2->key_index = key_index;
367 op1->iv = op2->iv = b->data - 64;
368 op1->aad = op2->aad = b->data - VLIB_BUFFER_PRE_DATA_SIZE;
369 op1->aad_len = op2->aad_len = 0;
370 n_bytes += op1->len = op2->len = buffer_size;
372 case VNET_CRYPTO_OP_TYPE_HMAC:
373 vnet_crypto_op_init (op1, ad->op_by_type[VNET_CRYPTO_OP_TYPE_HMAC]);
375 op1->key_index = key_index;
377 op1->digest = b->data - VLIB_BUFFER_PRE_DATA_SIZE;
379 n_bytes += op1->len = buffer_size;
385 for (j = -VLIB_BUFFER_PRE_DATA_SIZE; j < buffer_size; j += 8)
386 *(u64 *) (b->data + j) = 1 + random_u64 (&seed);
389 for (i = 0; i < 5; i++)
391 for (j = 0; j < warmup_rounds; j++)
393 vnet_crypto_process_ops (vm, ops1, n_buffers);
394 if (ot != VNET_CRYPTO_OP_TYPE_HMAC)
395 vnet_crypto_process_ops (vm, ops2, n_buffers);
398 t0[i] = clib_cpu_time_now ();
399 for (j = 0; j < rounds; j++)
400 vnet_crypto_process_ops (vm, ops1, n_buffers);
401 t1[i] = clib_cpu_time_now ();
403 if (ot != VNET_CRYPTO_OP_TYPE_HMAC)
405 for (j = 0; j < rounds; j++)
406 vnet_crypto_process_ops (vm, ops2, n_buffers);
407 t2[i] = clib_cpu_time_now ();
411 for (i = 0; i < 5; i++)
413 f64 tpb1 = (f64) (t1[i] - t0[i]) / (n_bytes * rounds);
414 f64 gbps1 = vm->clib_time.clocks_per_second * 1e-9 * 8 / tpb1;
417 if (ot != VNET_CRYPTO_OP_TYPE_HMAC)
419 tpb2 = (f64) (t2[i] - t1[i]) / (n_bytes * rounds);
420 gbps2 = vm->clib_time.clocks_per_second * 1e-9 * 8 / tpb2;
421 vlib_cli_output (vm, "%-2u: encrypt %.03f ticks/byte, %.02f Gbps; "
422 "decrypt %.03f ticks/byte, %.02f Gbps",
423 i + 1, tpb1, gbps1, tpb2, gbps2);
427 vlib_cli_output (vm, "%-2u: hash %.03f ticks/byte, %.02f Gbps\n",
434 vlib_buffer_free (vm, buffer_indices, n_alloc);
437 vnet_crypto_key_del (vm, key_index);
439 vec_free (buffer_indices);
445 static clib_error_t *
446 test_crypto_command_fn (vlib_main_t * vm,
447 unformat_input_t * input, vlib_cli_command_t * cmd)
449 crypto_test_main_t *tm = &crypto_test_main;
450 unittest_crypto_test_registration_t *tr;
453 tr = tm->test_registrations;
454 memset (tm, 0, sizeof (crypto_test_main_t));
455 tm->test_registrations = tr;
458 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
460 if (unformat (input, "verbose"))
462 else if (unformat (input, "detail"))
465 if (unformat (input, "perf %U", unformat_vnet_crypto_alg, &tm->alg))
467 else if (unformat (input, "buffers %u", &tm->n_buffers))
469 else if (unformat (input, "rounds %u", &tm->rounds))
471 else if (unformat (input, "warmup-rounds %u", &tm->warmup_rounds))
473 else if (unformat (input, "buffer-size %u", &tm->buffer_size))
476 return clib_error_return (0, "unknown input '%U'",
477 format_unformat_error, input);
481 return test_crypto_perf (vm, tm);
483 return test_crypto (vm, tm);
487 VLIB_CLI_COMMAND (test_crypto_command, static) =
489 .path = "test crypto",
490 .short_help = "test crypto",
491 .function = test_crypto_command_fn,
495 static clib_error_t *
496 crypto_test_init (vlib_main_t * vm)
501 VLIB_INIT_FUNCTION (crypto_test_init);
504 * fd.io coding-style-patch-verification: ON
507 * eval: (c-set-style "gnu")