diff mbox series

[13/13] test/crypto: add copy and set DF cases

Message ID 1638777528-553-14-git-send-email-anoobj@marvell.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers show
Series Add new cases to lookaside IPsec tests | expand

Checks

Context Check Description
ci/iol-x86_64-compile-testing fail Testing issues
ci/iol-x86_64-unit-testing fail Testing issues
ci/iol-aarch64-compile-testing fail Testing issues
ci/iol-aarch64-unit-testing fail Testing issues
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/github-robot: build success github build: passed
ci/intel-Testing success Testing PASS
ci/Intel-compilation fail Compilation issues
ci/checkpatch success coding style OK

Commit Message

Anoob Joseph Dec. 6, 2021, 7:58 a.m. UTC
Add test cases to verify copy DF and set DF options with lookaside IPsec
offload.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 app/test/test_cryptodev.c                | 75 ++++++++++++++++++++++++++++++++
 app/test/test_cryptodev_security_ipsec.c | 71 ++++++++++++++++++++++++++++--
 app/test/test_cryptodev_security_ipsec.h | 10 +++++
 doc/guides/rel_notes/release_22_03.rst   | 18 ++++++++
 4 files changed, 171 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index aa85a19..aac17d1 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9169,6 +9169,13 @@  test_ipsec_proto_process(const struct ipsec_test_data td[],
 			       sizeof(src));
 			memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
 			       sizeof(dst));
+
+			if (flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+				ipsec_xform.tunnel.ipv4.df = 0;
+
+			if (flags->df == TEST_IPSEC_SET_DF_1_INNER_0)
+				ipsec_xform.tunnel.ipv4.df = 1;
+
 		} else {
 			memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
 			       sizeof(v6_src));
@@ -9282,6 +9289,9 @@  test_ipsec_proto_process(const struct ipsec_test_data td[],
 		memcpy(input_text, td[i].input_text.data,
 		       td[i].input_text.len);
 
+		if (test_ipsec_pkt_update(input_text, flags))
+			return TEST_FAILED;
+
 		/* Generate crypto op data structure */
 		ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
 					RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -9700,6 +9710,55 @@  test_ipsec_proto_pkt_fragment(const void *data __rte_unused)
 	flags.fragment = true;
 
 	return test_ipsec_proto_all(&flags);
+
+}
+
+static int
+test_ipsec_proto_copy_df_inner_0(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.df = TEST_IPSEC_COPY_DF_INNER_0;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_copy_df_inner_1(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.df = TEST_IPSEC_COPY_DF_INNER_1;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_0_inner_1(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.df = TEST_IPSEC_SET_DF_0_INNER_1;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_set_df_1_inner_0(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.df = TEST_IPSEC_SET_DF_1_INNER_0;
+
+	return test_ipsec_proto_all(&flags);
 }
 
 static int
@@ -14724,6 +14783,22 @@  static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Fragmented packet",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_pkt_fragment),
+		TEST_CASE_NAMED_ST(
+			"Tunnel header copy DF (inner 0)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_copy_df_inner_0),
+		TEST_CASE_NAMED_ST(
+			"Tunnel header copy DF (inner 1)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_copy_df_inner_1),
+		TEST_CASE_NAMED_ST(
+			"Tunnel header set DF 0 (inner 1)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_set_df_0_inner_1),
+		TEST_CASE_NAMED_ST(
+			"Tunnel header set DF 1 (inner 0)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_set_df_1_inner_0),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 94e5213..4f5f20c 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -427,6 +427,9 @@  test_ipsec_td_prepare(const struct crypto_param *param1,
 			ip->hdr_checksum = rte_ipv4_cksum(ip);
 		}
 
+		if (flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+		    flags->df == TEST_IPSEC_COPY_DF_INNER_1)
+			td->ipsec_xform.options.copy_df = 1;
 	}
 }
 
@@ -640,6 +643,7 @@  test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 {
 	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
 	uint32_t skip, len = rte_pktmbuf_pkt_len(m);
+	uint8_t td_output_text[4096];
 	int ret;
 
 	/* For tests with status as error for test success, skip verification */
@@ -720,16 +724,21 @@  test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		return ret;
 	}
 
+	memcpy(td_output_text, td->output_text.data + skip, len);
 
-	if (memcmp(output_text, td->output_text.data + skip, len)) {
+	if (test_ipsec_pkt_update(td_output_text, flags)) {
+		printf("Could not update expected vector");
+		return TEST_FAILED;
+	}
+
+	if (memcmp(output_text, td_output_text, len)) {
 		if (silent)
 			return TEST_FAILED;
 
 		printf("TestCase %s line %d: %s\n", __func__, __LINE__,
 			"output text not as expected\n");
 
-		rte_hexdump(stdout, "expected", td->output_text.data + skip,
-			    len);
+		rte_hexdump(stdout, "expected", td_output_text, len);
 		rte_hexdump(stdout, "actual", output_text, len);
 		return TEST_FAILED;
 	}
@@ -797,10 +806,27 @@  test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		} else {
 			if (td->ipsec_xform.tunnel.type ==
 					RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+				uint16_t f_off;
+
 				if (is_valid_ipv4_pkt(iph4) == false) {
 					printf("Tunnel outer header is not IPv4\n");
 					return TEST_FAILED;
 				}
+
+				f_off = rte_be_to_cpu_16(iph4->fragment_offset);
+
+				if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+				    flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
+					if (!(f_off & RTE_IPV4_HDR_DF_FLAG)) {
+						printf("DF bit is not set\n");
+						return TEST_FAILED;
+					}
+				} else {
+					if ((f_off & RTE_IPV4_HDR_DF_FLAG)) {
+						printf("DF bit is set\n");
+						return TEST_FAILED;
+					}
+				}
 			} else {
 				iph6 = (const struct rte_ipv6_hdr *)output_text;
 				if (is_valid_ipv6_pkt(iph6) == false) {
@@ -909,3 +935,42 @@  test_ipsec_stats_verify(struct rte_security_ctx *ctx,
 
 	return ret;
 }
+
+int
+test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags)
+{
+	struct rte_ipv4_hdr *iph4;
+	bool cksum_dirty = false;
+	uint16_t frag_off;
+
+	iph4 = (struct rte_ipv4_hdr *)pkt;
+
+	if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+	    flags->df == TEST_IPSEC_SET_DF_0_INNER_1 ||
+	    flags->df == TEST_IPSEC_COPY_DF_INNER_0 ||
+	    flags->df == TEST_IPSEC_SET_DF_1_INNER_0) {
+
+		if (!is_ipv4(iph4)) {
+			printf("Invalid packet type");
+			return -1;
+		}
+
+		frag_off = rte_be_to_cpu_16(iph4->fragment_offset);
+
+		if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 ||
+		    flags->df == TEST_IPSEC_SET_DF_0_INNER_1)
+			frag_off |= RTE_IPV4_HDR_DF_FLAG;
+		else
+			frag_off &= !RTE_IPV4_HDR_DF_FLAG;
+
+		iph4->fragment_offset = rte_cpu_to_be_16(frag_off);
+		cksum_dirty = true;
+	}
+
+	if (cksum_dirty && is_ipv4(iph4)) {
+		iph4->hdr_checksum = 0;
+		iph4->hdr_checksum = rte_ipv4_cksum(iph4);
+	}
+
+	return 0;
+}
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 6e27eba..12a9b77 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -50,6 +50,13 @@  struct ipsec_test_data {
 	} xform;
 };
 
+enum df_flags {
+	TEST_IPSEC_COPY_DF_INNER_0 = 1,
+	TEST_IPSEC_COPY_DF_INNER_1,
+	TEST_IPSEC_SET_DF_0_INNER_1,
+	TEST_IPSEC_SET_DF_1_INNER_0,
+};
+
 struct ipsec_test_flags {
 	bool display_alg;
 	bool sa_expiry_pkts_soft;
@@ -66,6 +73,7 @@  struct ipsec_test_flags {
 	bool transport;
 	bool fragment;
 	bool stats_success;
+	enum df_flags df;
 };
 
 struct crypto_param {
@@ -226,4 +234,6 @@  int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
 			    const struct ipsec_test_flags *flags,
 			    enum rte_security_ipsec_sa_direction dir);
 
+int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
+
 #endif
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index 6d99d1e..0a29671 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -55,6 +55,24 @@  New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Updated lookaside protocol (IPsec) tests in dpdk-test.**
+
+  * Added support for chained operations.
+  * Added AES-CBC 128 NULL auth known vector tests.
+  * Added AES-CBC 128 HMAC-SHA256 known vector tests.
+  * Added AES-CBC 128 HMAC-SHA384 known vector tests.
+  * Added AES-CBC 128 HMAC-SHA512 known vector tests.
+  * Added NULL cipher AES-XCBC known vector tests.
+  * Added tunnel mode tests
+    * IPv6 in IPv6
+    * IPv4 in IPv4
+    * IPv4 in IPv6
+    * IPv6 in IPv4
+  * Added IPv4 transport mode tests.
+  * Added security stats tests.
+  * Added AES-CTR tests.
+  * Added set/copy DF tests.
+
 
 Removed Items
 -------------