[v5,5/5] test/crypto: add UDP encapsulated IPsec test cases
Checks
Commit Message
From: Tejasree Kondoj <ktejasree@marvell.com>
Add tests to verify UDP encapsulation with IPsec. The tests have IPsec
packets generated from plain packets and verifies that UDP header is
added. Subsequently, the packets are decapsulated and then resultant
packet is verified by comparing against original packet.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
---
app/test/test_cryptodev.c | 19 +++++++++++++++++++
app/test/test_cryptodev_security_ipsec.c | 28 ++++++++++++++++++++++++++++
app/test/test_cryptodev_security_ipsec.h | 1 +
doc/guides/rel_notes/release_21_11.rst | 1 +
4 files changed, 49 insertions(+)
@@ -8946,6 +8946,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
sec_cap_idx.ipsec.mode = ipsec_xform.mode;
sec_cap_idx.ipsec.direction = ipsec_xform.direction;
+ if (flags->udp_encap)
+ ipsec_xform.options.udp_encap = 1;
+
sec_cap = rte_security_capability_get(ctx, &sec_cap_idx);
if (sec_cap == NULL)
return TEST_SKIPPED;
@@ -9157,6 +9160,18 @@ test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
}
static int
+test_ipsec_proto_udp_encap(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.udp_encap = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14073,6 +14088,10 @@ static struct unit_test_suite ipsec_proto_testsuite = {
ut_setup_security, ut_teardown,
test_ipsec_proto_iv_gen),
TEST_CASE_NAMED_ST(
+ "UDP encapsulation",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_udp_encap),
+ TEST_CASE_NAMED_ST(
"Negative test: ICV corruption",
ut_setup_security, ut_teardown,
test_ipsec_proto_err_icv_corrupt),
@@ -7,6 +7,7 @@
#include <rte_esp.h>
#include <rte_ip.h>
#include <rte_security.h>
+#include <rte_udp.h>
#include "test.h"
#include "test_cryptodev_security_ipsec.h"
@@ -183,6 +184,9 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[],
int icv_pos = td_inb[i].input_text.len - 4;
td_inb[i].input_text.data[icv_pos] += 1;
}
+
+ if (flags->udp_encap)
+ td_inb[i].ipsec_xform.options.udp_encap = 1;
}
}
@@ -268,6 +272,30 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
return TEST_SUCCESS;
+ if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+ flags->udp_encap) {
+ const struct rte_ipv4_hdr *iph4;
+ const struct rte_ipv6_hdr *iph6;
+
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ iph4 = (const struct rte_ipv4_hdr *)output_text;
+ if (iph4->next_proto_id != IPPROTO_UDP) {
+ printf("UDP header is not found\n");
+ return TEST_FAILED;
+ }
+ } else {
+ iph6 = (const struct rte_ipv6_hdr *)output_text;
+ if (iph6->proto != IPPROTO_UDP) {
+ printf("UDP header is not found\n");
+ return TEST_FAILED;
+ }
+ }
+
+ len -= sizeof(struct rte_udp_hdr);
+ output_text += sizeof(struct rte_udp_hdr);
+ }
+
if (len != td->output_text.len) {
printf("Output length (%d) not matching with expected (%d)\n",
len, td->output_text.len);
@@ -51,6 +51,7 @@ struct ipsec_test_flags {
bool display_alg;
bool icv_corrupt;
bool iv_gen;
+ bool udp_encap;
};
struct crypto_param {
@@ -92,6 +92,7 @@ New Features
* Added known vector tests (AES-GCM 128, 192, 256).
* Added tests to verify error reporting with ICV corruption.
* Added tests to verify IV generation.
+ * Added tests to verify UDP encapsulation.
Removed Items