From 6978f51ea79626cb7a2b81f30b0d3ebe7bc2406f Mon Sep 17 00:00:00 2001 From: Anoob Joseph Date: Tue, 28 Sep 2021 16:29:58 +0530 Subject: [PATCH] test/crypto: add packet hard expiry cases Add tests to validate packets hard expiry handling. Signed-off-by: Anoob Joseph Acked-by: Akhil Goyal --- app/test/test_cryptodev.c | 19 ++++++++++++++++++- app/test/test_cryptodev_security_ipsec.c | 22 +++++++++++++++++++--- app/test/test_cryptodev_security_ipsec.h | 1 + doc/guides/rel_notes/release_21_11.rst | 1 + 4 files changed, 39 insertions(+), 4 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 1befbebb59..34b55a952e 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9116,7 +9116,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) int ret; if (flags->iv_gen || - flags->sa_expiry_pkts_soft) + flags->sa_expiry_pkts_soft || + flags->sa_expiry_pkts_hard) nb_pkts = IPSEC_TEST_PACKETS_MAX; for (i = 0; i < RTE_DIM(aead_list); i++) { @@ -9192,6 +9193,18 @@ test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused) return test_ipsec_proto_all(&flags); } +static int +test_ipsec_proto_sa_exp_pkts_hard(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.sa_expiry_pkts_hard = true; + + return test_ipsec_proto_all(&flags); +} + static int test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) { @@ -14152,6 +14165,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "SA expiry packets soft", ut_setup_security, ut_teardown, test_ipsec_proto_sa_exp_pkts_soft), + TEST_CASE_NAMED_ST( + "SA expiry packets hard", + ut_setup_security, ut_teardown, + test_ipsec_proto_sa_exp_pkts_hard), TEST_CASE_NAMED_ST( "Negative test: ICV corruption", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 56a44b5039..046536cc9c 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -200,6 +200,10 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], td_inb[i].input_text.data[icv_pos] += 1; } + if (flags->sa_expiry_pkts_hard) + td_inb[i].ipsec_xform.life.packets_hard_limit = + IPSEC_TEST_PACKETS_MAX - 1; + if (flags->udp_encap) td_inb[i].ipsec_xform.options.udp_encap = 1; @@ -285,9 +289,10 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip, len = rte_pktmbuf_pkt_len(m); - /* For negative tests, no need to do verification */ - if (flags->icv_corrupt && - td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + /* For tests with status as error for test success, skip verification */ + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + (flags->icv_corrupt || + flags->sa_expiry_pkts_hard)) return TEST_SUCCESS; if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && @@ -404,6 +409,17 @@ test_ipsec_status_check(struct rte_crypto_op *op, { int ret = TEST_SUCCESS; + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + flags->sa_expiry_pkts_hard && + pkt_num == IPSEC_TEST_PACKETS_MAX) { + if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { + printf("SA hard expiry (pkts) test failed\n"); + return TEST_FAILED; + } else { + return TEST_SUCCESS; + } + } + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) { if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { printf("ICV corruption test case failed\n"); diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index eed3476578..18f3c64bb7 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -50,6 +50,7 @@ struct ipsec_test_data { struct ipsec_test_flags { bool display_alg; bool sa_expiry_pkts_soft; + bool sa_expiry_pkts_hard; bool icv_corrupt; bool iv_gen; bool udp_encap; diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index ae62df84c2..afbe744ae5 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -103,6 +103,7 @@ New Features * Added tests to verify IV generation. * Added tests to verify UDP encapsulation. * Added tests to validate packets soft expiry. + * Added tests to validate packets hard expiry. Removed Items -- 2.20.1