From 65d68c7cd787101a5f11f9e3c16c0315633d6b02 Mon Sep 17 00:00:00 2001 From: Anoob Joseph Date: Mon, 6 Dec 2021 16:37:54 +0530 Subject: [PATCH] test/crypto: add IPsec transport mode cases Added IPsec transport mode test cases for IPv4 packets in the test app. Signed-off-by: Anoob Joseph Acked-by: Akhil Goyal --- app/test/test_cryptodev.c | 39 ++++++++++--- app/test/test_cryptodev_security_ipsec.c | 71 ++++++++++++++++-------- app/test/test_cryptodev_security_ipsec.h | 1 + 3 files changed, 79 insertions(+), 32 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index c108eb52e7..2adec1d524 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9162,15 +9162,19 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], dst += 1; } - if (td->ipsec_xform.tunnel.type == - RTE_SECURITY_IPSEC_TUNNEL_IPV4) { - memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src)); - memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst)); - } else { - memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src, - sizeof(v6_src)); - memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst, - sizeof(v6_dst)); + if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (td->ipsec_xform.tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, + sizeof(src)); + memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, + sizeof(dst)); + } else { + memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src, + sizeof(v6_src)); + memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst, + sizeof(v6_dst)); + } } ctx = rte_cryptodev_get_sec_ctx(dev_id); @@ -9635,6 +9639,19 @@ test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused) return test_ipsec_proto_all(&flags); } +static int +test_ipsec_proto_transport_v4(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = false; + flags.transport = true; + + return test_ipsec_proto_all(&flags); +} + static int test_PDCP_PROTO_all(void) { @@ -14635,6 +14652,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Tunnel IPv6 in IPv4", ut_setup_security, ut_teardown, test_ipsec_proto_tunnel_v6_in_v4), + TEST_CASE_NAMED_ST( + "Transport IPv4", + ut_setup_security, ut_teardown, + test_ipsec_proto_transport_v4), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index ccce63f0ad..029fdd333a 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -400,12 +400,21 @@ test_ipsec_td_prepare(const struct crypto_param *param1, test_ipsec_csum_init(&td->input_text.data, false, true); } - if (flags->tunnel_ipv6) - td->ipsec_xform.tunnel.type = - RTE_SECURITY_IPSEC_TUNNEL_IPV6; - else - td->ipsec_xform.tunnel.type = - RTE_SECURITY_IPSEC_TUNNEL_IPV4; + if (flags->transport) { + td->ipsec_xform.mode = + RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT; + } else { + td->ipsec_xform.mode = + RTE_SECURITY_IPSEC_SA_MODE_TUNNEL; + + if (flags->tunnel_ipv6) + td->ipsec_xform.tunnel.type = + RTE_SECURITY_IPSEC_TUNNEL_IPV6; + else + td->ipsec_xform.tunnel.type = + RTE_SECURITY_IPSEC_TUNNEL_IPV4; + } + } } @@ -748,29 +757,45 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); int ret; - if (flags->iv_gen && - td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { - ret = test_ipsec_iv_verify_push(m, td); - if (ret != TEST_SUCCESS) - return ret; - } - if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { const struct rte_ipv4_hdr *iph4; const struct rte_ipv6_hdr *iph6; - if (td->ipsec_xform.tunnel.type == - RTE_SECURITY_IPSEC_TUNNEL_IPV4) { - iph4 = (const struct rte_ipv4_hdr *)output_text; - if (is_valid_ipv4_pkt(iph4) == false) { - printf("Outer header is not IPv4\n"); - return TEST_FAILED; + if (flags->iv_gen) { + ret = test_ipsec_iv_verify_push(m, td); + if (ret != TEST_SUCCESS) + return ret; + } + + iph4 = (const struct rte_ipv4_hdr *)output_text; + + if (td->ipsec_xform.mode == + RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) { + if (flags->ipv6) { + iph6 = (const struct rte_ipv6_hdr *)output_text; + if (is_valid_ipv6_pkt(iph6) == false) { + printf("Transport packet is not IPv6\n"); + return TEST_FAILED; + } + } else { + if (is_valid_ipv4_pkt(iph4) == false) { + printf("Transport packet is not IPv4\n"); + return TEST_FAILED; + } } } else { - iph6 = (const struct rte_ipv6_hdr *)output_text; - if (is_valid_ipv6_pkt(iph6) == false) { - printf("Outer header is not IPv6\n"); - return TEST_FAILED; + if (td->ipsec_xform.tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + if (is_valid_ipv4_pkt(iph4) == false) { + printf("Tunnel outer header is not IPv4\n"); + return TEST_FAILED; + } + } else { + iph6 = (const struct rte_ipv6_hdr *)output_text; + if (is_valid_ipv6_pkt(iph6) == false) { + printf("Tunnel outer header is not IPv6\n"); + return TEST_FAILED; + } } } } diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 884a79537f..07d2453061 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -63,6 +63,7 @@ struct ipsec_test_flags { bool l4_csum; bool ipv6; bool tunnel_ipv6; + bool transport; bool fragment; }; -- 2.20.1