diff mbox series

[v2,07/13] test/crypto: add transport mode cases

Message ID	1638788880-650-8-git-send-email-anoobj@marvell.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Anoob Joseph <anoobj@marvell.com> To: Akhil Goyal <gakhil@marvell.com>, Declan Doherty <declan.doherty@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>, "Pablo de Lara" <pablo.de.lara.guarch@intel.com> CC: Anoob Joseph <anoobj@marvell.com>, Jerin Jacob <jerinj@marvell.com>, Archana Muniganti <marchana@marvell.com>, Tejasree Kondoj <ktejasree@marvell.com>, Hemant Agrawal <hemant.agrawal@nxp.com>, "Radu Nicolau" <radu.nicolau@intel.com>, Ciara Power <ciara.power@intel.com>, Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org> Subject: [PATCH v2 07/13] test/crypto: add transport mode cases Date: Mon, 6 Dec 2021 16:37:54 +0530 Message-ID: <1638788880-650-8-git-send-email-anoobj@marvell.com> In-Reply-To: <1638788880-650-1-git-send-email-anoobj@marvell.com> References: <1638777528-553-1-git-send-email-anoobj@marvell.com> <1638788880-650-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	Add new cases to lookaside IPsec tests \| [v2,00/13] Add new cases to lookaside IPsec tests [v2,01/13] test/crypto: add IPsec aes-cbc known vectors [v2,02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 known vectors [v2,03/13] test/crypto: add chained operations in combined cases [v2,04/13] test/crypto: add IPv6 tunnel mode cases [v2,05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors [v2,06/13] test/crypto: add IPsec fragmented packet known vectors [v2,07/13] test/crypto: add transport mode cases [v2,08/13] test/crypto: add security stats cases [v2,09/13] test/crypto: add lookaside IPsec AES-CTR known vectors [v2,10/13] test/crypto: add fragmented packet case [v2,11/13] test/crypto: skip null auth in ICV corrupt case [v2,12/13] test/crypto: add aes xcbc known vectors [v2,13/13] test/crypto: add copy and set DF cases

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Anoob Joseph Dec. 6, 2021, 11:07 a.m. UTC

  Add transport mode tests with test cases for IPv4 packets.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 app/test/test_cryptodev.c                | 39 ++++++++++++++----
 app/test/test_cryptodev_security_ipsec.c | 71 +++++++++++++++++++++-----------
 app/test/test_cryptodev_security_ipsec.h |  1 +
 doc/guides/rel_notes/release_22_03.rst   |  1 +
 4 files changed, 80 insertions(+), 32 deletions(-)

diff mbox series

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index e2bbabf..f470d5c 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9162,15 +9162,19 @@  test_ipsec_proto_process(const struct ipsec_test_data td[],
 			dst += 1;
 	}
 
-	if (td->ipsec_xform.tunnel.type ==
-			RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
-		memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
-		memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
-	} else {
-		memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
-			sizeof(v6_src));
-		memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
-			sizeof(v6_dst));
+	if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+		if (td->ipsec_xform.tunnel.type ==
+				RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+			memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src,
+			       sizeof(src));
+			memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
+			       sizeof(dst));
+		} else {
+			memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+			       sizeof(v6_src));
+			memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+			       sizeof(v6_dst));
+		}
 	}
 
 	ctx = rte_cryptodev_get_sec_ctx(dev_id);
@@ -9636,6 +9640,19 @@  test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
 }
 
 static int
+test_ipsec_proto_transport_v4(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.ipv6 = false;
+	flags.transport = true;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
 test_PDCP_PROTO_all(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14635,6 +14652,10 @@  static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Tunnel IPv6 in IPv4",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_tunnel_v6_in_v4),
+		TEST_CASE_NAMED_ST(
+			"Transport IPv4",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_transport_v4),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index ccce63f..029fdd3 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -400,12 +400,21 @@  test_ipsec_td_prepare(const struct crypto_param *param1,
 			test_ipsec_csum_init(&td->input_text.data, false, true);
 		}
 
-		if (flags->tunnel_ipv6)
-			td->ipsec_xform.tunnel.type =
-					RTE_SECURITY_IPSEC_TUNNEL_IPV6;
-		else
-			td->ipsec_xform.tunnel.type =
-					RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+		if (flags->transport) {
+			td->ipsec_xform.mode =
+					RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT;
+		} else {
+			td->ipsec_xform.mode =
+					RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
+
+			if (flags->tunnel_ipv6)
+				td->ipsec_xform.tunnel.type =
+						RTE_SECURITY_IPSEC_TUNNEL_IPV6;
+			else
+				td->ipsec_xform.tunnel.type =
+						RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+		}
+
 
 	}
 }
@@ -748,29 +757,45 @@  test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
 	int ret;
 
-	if (flags->iv_gen &&
-	    td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
-		ret = test_ipsec_iv_verify_push(m, td);
-		if (ret != TEST_SUCCESS)
-			return ret;
-	}
-
 	if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
 		const struct rte_ipv4_hdr *iph4;
 		const struct rte_ipv6_hdr *iph6;
 
-		if (td->ipsec_xform.tunnel.type ==
-				RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
-			iph4 = (const struct rte_ipv4_hdr *)output_text;
-			if (is_valid_ipv4_pkt(iph4) == false) {
-				printf("Outer header is not IPv4\n");
-				return TEST_FAILED;
+		if (flags->iv_gen) {
+			ret = test_ipsec_iv_verify_push(m, td);
+			if (ret != TEST_SUCCESS)
+				return ret;
+		}
+
+		iph4 = (const struct rte_ipv4_hdr *)output_text;
+
+		if (td->ipsec_xform.mode ==
+				RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) {
+			if (flags->ipv6) {
+				iph6 = (const struct rte_ipv6_hdr *)output_text;
+				if (is_valid_ipv6_pkt(iph6) == false) {
+					printf("Transport packet is not IPv6\n");
+					return TEST_FAILED;
+				}
+			} else {
+				if (is_valid_ipv4_pkt(iph4) == false) {
+					printf("Transport packet is not IPv4\n");
+					return TEST_FAILED;
+				}
 			}
 		} else {
-			iph6 = (const struct rte_ipv6_hdr *)output_text;
-			if (is_valid_ipv6_pkt(iph6) == false) {
-				printf("Outer header is not IPv6\n");
-				return TEST_FAILED;
+			if (td->ipsec_xform.tunnel.type ==
+					RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+				if (is_valid_ipv4_pkt(iph4) == false) {
+					printf("Tunnel outer header is not IPv4\n");
+					return TEST_FAILED;
+				}
+			} else {
+				iph6 = (const struct rte_ipv6_hdr *)output_text;
+				if (is_valid_ipv6_pkt(iph6) == false) {
+					printf("Tunnel outer header is not IPv6\n");
+					return TEST_FAILED;
+				}
 			}
 		}
 	}
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 884a795..07d2453 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -63,6 +63,7 @@  struct ipsec_test_flags {
 	bool l4_csum;
 	bool ipv6;
 	bool tunnel_ipv6;
+	bool transport;
 	bool fragment;
 };
 
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index 0562547..58e9690 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -67,6 +67,7 @@  New Features
     * IPv4 in IPv4
     * IPv4 in IPv6
     * IPv6 in IPv4
+  * Added IPv4 transport mode tests.
   * Added tunnel mode fragment packet tests.