From: Tejasree Kondoj <ktejas...@marvell.com>
Adding lookaside IPsec ICV corrupt test case.
Signed-off-by: Anoob Joseph <ano...@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com>
---
app/test/test_cryptodev.c | 16 ++++++++++++++++
app/test/test_cryptodev_security_ipsec.c | 30 ++++++++++++++++++++----------
app/test/test_cryptodev_security_ipsec.h | 1 +
3 files changed, 37 insertions(+), 10 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 7fd246e..19694f8 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9126,6 +9126,18 @@ test_ipsec_proto_display_list(const void *data
__rte_unused)
}
static int
+test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.icv_corrupt = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14036,6 +14048,10 @@ static struct unit_test_suite ipsec_proto_testsuite =
{
"Combined test alg list",
ut_setup_security, ut_teardown,
test_ipsec_proto_display_list),
+ TEST_CASE_NAMED_ST(
+ "Negative test: ICV corruption",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_err_icv_corrupt),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c
b/app/test/test_cryptodev_security_ipsec.c
index d08e093..aebbe66 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -175,9 +175,12 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[],
memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
td_outb[i].input_text.len);
td_inb[i].output_text.len = td_outb->input_text.len;
- }
- RTE_SET_USED(flags);
+ if (flags->icv_corrupt) {
+ int icv_pos = td_inb[i].input_text.len - 4;
+ td_inb[i].input_text.data[icv_pos] += 1;
+ }
+ }
}
void
@@ -217,6 +220,11 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct
ipsec_test_data *td,
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
uint32_t skip, len = rte_pktmbuf_pkt_len(m);
+ /* For negative tests, no need to do verification */
+ if (flags->icv_corrupt &&
+ td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
+ return TEST_SUCCESS;
+
if (len != td->output_text.len) {
printf("Output length (%d) not matching with expected (%d)\n",
len, td->output_text.len);
@@ -241,8 +249,6 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct
ipsec_test_data *td,
return TEST_FAILED;
}
- RTE_SET_USED(flags);
-
return TEST_SUCCESS;
}
@@ -299,13 +305,17 @@ test_ipsec_status_check(struct rte_crypto_op *op,
{
int ret = TEST_SUCCESS;
- if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
- printf("Security op processing failed\n");
- ret = TEST_FAILED;
+ if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) {
+ if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) {
+ printf("ICV corruption test case failed\n");
+ ret = TEST_FAILED;
+ }
+ } else {
+ if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+ printf("Security op processing failed\n");
+ ret = TEST_FAILED;
+ }
}
- RTE_SET_USED(flags);
- RTE_SET_USED(dir);
-
return ret;
}
diff --git a/app/test/test_cryptodev_security_ipsec.h
b/app/test/test_cryptodev_security_ipsec.h
index cbb3ee4..134fc3a 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -49,6 +49,7 @@ struct ipsec_test_data {
struct ipsec_test_flags {
bool display_alg;
+ bool icv_corrupt;
};
struct crypto_param {
--
2.7.4
