X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=app%2Ftest%2Ftest_security.c;h=77fd5adc69f0b5437afcc5d94d7fec72df5811f5;hb=5723fbed4f969bb69b32927a138b272fb002fba1;hp=193ab2ba9a5b6c91bdf99e363da002ff647392c8;hpb=a9ff3522586de48a8270b2e63ed669aca2238feb;p=dpdk.git diff --git a/app/test/test_security.c b/app/test/test_security.c index 193ab2ba9a..77fd5adc69 100644 --- a/app/test/test_security.c +++ b/app/test/test_security.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include @@ -76,6 +77,19 @@ #define MOCK_TEST_ASSERT_EQUAL(fail_counter, a, b, msg, ...) \ MOCK_TEST_ASSERT(fail_counter, (a) == (b), msg, ##__VA_ARGS__) +/** + * Verify not null condition inside mocked up function. + * Mockup function cannot return a test error, so the failure + * of assertion increases counter and print logs. + * The counter can be verified later to check if test case should fail. + * + * @param fail_counter fail counter + * @param val value expected not to be NULL + * @param msg printf style formatting string for custom message + */ +#define MOCK_TEST_ASSERT_NOT_NULL(fail_counter, val, msg, ...) \ + MOCK_TEST_ASSERT(fail_counter, (val) != NULL, msg, ##__VA_ARGS__) + /** * Verify if parameter of the mocked up function matches expected value. @@ -101,6 +115,15 @@ #define MOCK_TEST_ASSERT_POINTER_PARAMETER(data, parameter) \ MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%p") +/** + * Wrap for MOCK_TEST_ASSERT_PARAMETER macro for uint64_t type parameters. + * + * @param data structure with expected values + * @param parameter name of the parameter (both field and parameter name) + */ +#define MOCK_TEST_ASSERT_U64_PARAMETER(data, parameter) \ + MOCK_TEST_ASSERT_PARAMETER(data, parameter, "%" PRIu64) + /** * Verify number of calls of the mocked up function * and check if there were any fails during execution. @@ -381,6 +404,67 @@ mock_set_pkt_metadata(void *device, return mock_set_pkt_metadata_exp.ret; } +/** + * get_userdata mockup + * + * Verified parameters: device, md. + * The userdata parameter works as an output parameter, so a passed address + * is verified not to be NULL and filled with userdata stored in structure. + */ +static struct mock_get_userdata_data { + void *device; + uint64_t md; + void *userdata; + + int ret; + + int called; + int failed; +} mock_get_userdata_exp = {NULL, 0UL, NULL, 0, 0, 0}; + +static int +mock_get_userdata(void *device, + uint64_t md, + void **userdata) +{ + mock_get_userdata_exp.called++; + + MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_get_userdata_exp, device); + MOCK_TEST_ASSERT_U64_PARAMETER(mock_get_userdata_exp, md); + + MOCK_TEST_ASSERT_NOT_NULL(mock_get_userdata_exp.failed, + userdata, + "Expecting parameter userdata not to be NULL but it's %p", + userdata); + *userdata = mock_get_userdata_exp.userdata; + + return mock_get_userdata_exp.ret; +} + +/** + * capabilities_get mockup + * + * Verified parameters: device. + */ +static struct mock_capabilities_get_data { + void *device; + + struct rte_security_capability *ret; + + int called; + int failed; +} mock_capabilities_get_exp = {NULL, NULL, 0, 0}; + +static const struct rte_security_capability * +mock_capabilities_get(void *device) +{ + mock_capabilities_get_exp.called++; + + MOCK_TEST_ASSERT_POINTER_PARAMETER(mock_capabilities_get_exp, device); + + return mock_capabilities_get_exp.ret; +} + /** * empty_ops * @@ -400,6 +484,8 @@ struct rte_security_ops mock_ops = { .session_stats_get = mock_session_stats_get, .session_destroy = mock_session_destroy, .set_pkt_metadata = mock_set_pkt_metadata, + .get_userdata = mock_get_userdata, + .capabilities_get = mock_capabilities_get, }; @@ -495,6 +581,8 @@ ut_setup(void) mock_session_stats_get_exp.called = 0; mock_session_destroy_exp.called = 0; mock_set_pkt_metadata_exp.called = 0; + mock_get_userdata_exp.called = 0; + mock_capabilities_get_exp.called = 0; mock_session_create_exp.failed = 0; mock_session_update_exp.failed = 0; @@ -502,6 +590,8 @@ ut_setup(void) mock_session_stats_get_exp.failed = 0; mock_session_destroy_exp.failed = 0; mock_set_pkt_metadata_exp.failed = 0; + mock_get_userdata_exp.failed = 0; + mock_capabilities_get_exp.failed = 0; return TEST_SUCCESS; } @@ -1385,7 +1475,6 @@ test_set_pkt_metadata_inv_context_ops(void) static int test_set_pkt_metadata_inv_context_ops_fun(void) { -#ifdef RTE_DEBUG struct security_unittest_params *ut_params = &unittest_params; struct rte_mbuf m; int params; @@ -1398,9 +1487,6 @@ test_set_pkt_metadata_inv_context_ops_fun(void) TEST_ASSERT_MOCK_CALLS(mock_set_pkt_metadata_exp, 0); return TEST_SUCCESS; -#else - return TEST_SKIPPED; -#endif } /** @@ -1478,6 +1564,794 @@ test_set_pkt_metadata_success(void) } +/** + * rte_security_get_userdata tests + */ + +/** + * Test execution of rte_security_get_userdata with NULL instance + */ +static int +test_get_userdata_inv_context(void) +{ +#ifdef RTE_DEBUG + uint64_t md = 0xDEADBEEF; + + void *ret = rte_security_get_userdata(NULL, md); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0); + + return TEST_SUCCESS; +#else + return TEST_SKIPPED; +#endif +} + +/** + * Test execution of rte_security_get_userdata with invalid + * security operations structure (NULL) + */ +static int +test_get_userdata_inv_context_ops(void) +{ +#ifdef RTE_DEBUG + struct security_unittest_params *ut_params = &unittest_params; + uint64_t md = 0xDEADBEEF; + ut_params->ctx.ops = NULL; + + void *ret = rte_security_get_userdata(&ut_params->ctx, md); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0); + + return TEST_SUCCESS; +#else + return TEST_SKIPPED; +#endif +} + +/** + * Test execution of rte_security_get_userdata with empty + * security operations + */ +static int +test_get_userdata_inv_context_ops_fun(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + uint64_t md = 0xDEADBEEF; + ut_params->ctx.ops = &empty_ops; + + void *ret = rte_security_get_userdata(&ut_params->ctx, md); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 0); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_get_userdata when get_userdata + * security operation fails + */ +static int +test_get_userdata_ops_failure(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + uint64_t md = 0xDEADBEEF; + void *userdata = (void *)0x7E577E57; + + mock_get_userdata_exp.device = NULL; + mock_get_userdata_exp.md = md; + mock_get_userdata_exp.userdata = userdata; + mock_get_userdata_exp.ret = -1; + + void *ret = rte_security_get_userdata(&ut_params->ctx, md); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_get_userdata in successful execution path + */ +static int +test_get_userdata_success(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + uint64_t md = 0xDEADBEEF; + void *userdata = (void *)0x7E577E57; + + mock_get_userdata_exp.device = NULL; + mock_get_userdata_exp.md = md; + mock_get_userdata_exp.userdata = userdata; + mock_get_userdata_exp.ret = 0; + + void *ret = rte_security_get_userdata(&ut_params->ctx, md); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_get_userdata, + ret, userdata, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_get_userdata_exp, 1); + + return TEST_SUCCESS; +} + + +/** + * rte_security_capabilities_get tests + */ + +/** + * Test execution of rte_security_capabilities_get with NULL instance + */ +static int +test_capabilities_get_inv_context(void) +{ + const struct rte_security_capability *ret; + ret = rte_security_capabilities_get(NULL); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capabilities_get with invalid + * security operations structure (NULL) + */ +static int +test_capabilities_get_inv_context_ops(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + ut_params->ctx.ops = NULL; + + const struct rte_security_capability *ret; + ret = rte_security_capabilities_get(&ut_params->ctx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capabilities_get with empty + * security operations + */ +static int +test_capabilities_get_inv_context_ops_fun(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + ut_params->ctx.ops = &empty_ops; + + const struct rte_security_capability *ret; + ret = rte_security_capabilities_get(&ut_params->ctx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capabilities_get when capabilities_get + * security operation fails + */ +static int +test_capabilities_get_ops_failure(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = NULL; + + const struct rte_security_capability *ret; + ret = rte_security_capabilities_get(&ut_params->ctx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capabilities_get in successful execution path + */ +static int +test_capabilities_get_success(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability capabilities; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = &capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capabilities_get(&ut_params->ctx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capabilities_get, + ret, &capabilities, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + + +/** + * rte_security_capability_get tests + */ + +/** + * Test execution of rte_security_capability_get with NULL instance + */ +static int +test_capability_get_inv_context(void) +{ + struct rte_security_capability_idx idx; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(NULL, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get with invalid + * security operations structure (NULL) + */ +static int +test_capability_get_inv_context_ops(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx; + ut_params->ctx.ops = NULL; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get with empty + * security operations + */ +static int +test_capability_get_inv_context_ops_fun(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx; + ut_params->ctx.ops = &empty_ops; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get with NULL idx parameter + */ +static int +test_capability_get_inv_idx(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, NULL); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 0); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities_get + * security operation fails + */ +static int +test_capability_get_ops_failure(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = NULL; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * is empty (contains only RTE_SECURITY_ACTION_TYPE_NONE ending entry) + */ +static int +test_capability_get_empty_table(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * does not contain entry with matching action + */ +static int +test_capability_get_no_matching_action(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * does not contain entry with matching protocol + */ +static int +test_capability_get_no_matching_protocol(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_PDCP, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when macsec protocol + * is searched and capabilities table contain proper entry. + * However macsec records search is not supported in rte_security. + */ +static int +test_capability_get_no_support_for_macsec(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * does not contain entry with matching ipsec proto field + */ +static int +test_capability_get_ipsec_mismatch_proto(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * does not contain entry with matching ipsec mode field + */ +static int +test_capability_get_ipsec_mismatch_mode(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * does not contain entry with matching ipsec direction field + */ +static int +test_capability_get_ipsec_mismatch_dir(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * contains matching ipsec entry + */ +static int +test_capability_get_ipsec_match(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, &capabilities[1], "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * does not contain entry with matching pdcp domain field + */ +static int +test_capability_get_pdcp_mismatch_domain(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_PDCP, + .pdcp = { + .domain = RTE_SECURITY_PDCP_MODE_CONTROL, + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_PDCP, + .pdcp = { + .domain = RTE_SECURITY_PDCP_MODE_DATA, + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * contains matching pdcp entry + */ +static int +test_capability_get_pdcp_match(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_PDCP, + .pdcp = { + .domain = RTE_SECURITY_PDCP_MODE_CONTROL, + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_PDCP, + .pdcp = { + .domain = RTE_SECURITY_PDCP_MODE_CONTROL, + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, &capabilities[1], "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * does not contain entry with matching DOCSIS direction field + */ +static int +test_capability_get_docsis_mismatch_direction(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_DOWNLINK + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * contains matching DOCSIS entry + */ +static int +test_capability_get_docsis_match(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, &capabilities[1], "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + /** * Declaration of testcases */ @@ -1568,6 +2442,63 @@ static struct unit_test_suite security_testsuite = { TEST_CASE_ST(ut_setup_with_session, ut_teardown, test_set_pkt_metadata_success), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_get_userdata_inv_context), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_get_userdata_inv_context_ops), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_get_userdata_inv_context_ops_fun), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_get_userdata_ops_failure), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_get_userdata_success), + + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capabilities_get_inv_context), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capabilities_get_inv_context_ops), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capabilities_get_inv_context_ops_fun), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capabilities_get_ops_failure), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capabilities_get_success), + + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_inv_context), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_inv_context_ops), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_inv_context_ops_fun), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_inv_idx), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_ops_failure), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_empty_table), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_no_matching_action), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_no_matching_protocol), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_no_support_for_macsec), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_ipsec_mismatch_proto), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_ipsec_mismatch_mode), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_ipsec_mismatch_dir), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_ipsec_match), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_pdcp_mismatch_domain), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_pdcp_match), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_docsis_mismatch_direction), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_docsis_match), + TEST_CASES_END() /**< NULL terminate unit test array */ } };