From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id B6014A0547;
	Wed, 29 Sep 2021 13:24:14 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 9D5CD410F7;
	Wed, 29 Sep 2021 13:24:14 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id 0F46B410F8
 for <dev@dpdk.org>; Wed, 29 Sep 2021 13:24:12 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18T8dfBI008084; 
 Wed, 29 Sep 2021 04:24:12 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=FdEnFPh1jabWDLp//loxy4A7f2lBk1IlbWQSr79SAOA=;
 b=gy1Xdi3pk83gsjS1ItTPtX8vgotpqjMPJcXbVC2LNn4CS93cB7f9g82p18+jKMzX07Z3
 t9GQ7DNHwMh6aoF+UCJOGGPSNl4nJz9NukpuDHzorNfkaifXZUOzr1oybHFeCc0J8j2J
 5oHibm4g8rCgXUmMHzdC2MxHzZdsz6g+gFejipcSfMLpO2h8nEOwzu95P+IZRmimhomm
 0eyqLU0zRZWJG8l8ZXdvY8Q45IV50Z+YOFmwLjKSMvOczoF54d7KgGpEgWoomn16Fgvy
 sz7n+xof1YnQfwrlRIE194ro9JOaIex8phmAyCHp763/IRY9doCtx8uFgUEs7usW25zm 3A== 
Received: from dc5-exch02.marvell.com ([199.233.59.182])
 by mx0b-0016f401.pphosted.com with ESMTP id 3bcfd49tw0-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Wed, 29 Sep 2021 04:24:12 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;
 Wed, 29 Sep 2021 04:24:10 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend
 Transport; Wed, 29 Sep 2021 04:24:09 -0700
Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15])
 by maili.marvell.com (Postfix) with ESMTP id 2CBC63F7085;
 Wed, 29 Sep 2021 04:24:01 -0700 (PDT)
From: Archana Muniganti <marchana@marvell.com>
To: <gakhil@marvell.com>, <radu.nicolau@intel.com>, <roy.fan.zhang@intel.com>, 
 <hemant.agrawal@nxp.com>, <konstantin.ananyev@intel.com>
CC: Archana Muniganti <marchana@marvell.com>, <anoobj@marvell.com>,
 <ktejasree@marvell.com>, <adwivedi@marvell.com>, <jerinj@marvell.com>,
 <dev@dpdk.org>
Date: Wed, 29 Sep 2021 16:53:25 +0530
Message-ID: <20210929112325.28662-4-marchana@marvell.com>
X-Mailer: git-send-email 2.22.0
In-Reply-To: <20210929112325.28662-1-marchana@marvell.com>
References: <20210929112325.28662-1-marchana@marvell.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Proofpoint-GUID: lu4vEdcmrmkpGhc__iFspRiXSo5fK_FF
X-Proofpoint-ORIG-GUID: lu4vEdcmrmkpGhc__iFspRiXSo5fK_FF
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475
 definitions=2021-09-29_04,2021-09-29_01,2020-04-07_01
Subject: [dpdk-dev] [PATCH v3 3/3] test/crypto: add inner checksum cases
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This patch adds tests for inner IP and inner L4 checksum
in IPsec mode.

Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
 app/test/test_cryptodev.c                     |  34 +++
 app/test/test_cryptodev_security_ipsec.c      | 195 ++++++++++++++++++
 app/test/test_cryptodev_security_ipsec.h      |   2 +
 ...st_cryptodev_security_ipsec_test_vectors.h |   6 +
 doc/guides/rel_notes/release_21_11.rst        |   1 +
 5 files changed, 238 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 5f0d023451..c127e6bc04 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -18,6 +18,8 @@
 #include <rte_cryptodev.h>
 #include <rte_ip.h>
 #include <rte_string_fns.h>
+#include <rte_tcp.h>
+#include <rte_udp.h>
 
 #ifdef RTE_CRYPTO_SCHEDULER
 #include <rte_cryptodev_scheduler.h>
@@ -9275,6 +9277,30 @@ test_ipsec_proto_udp_ports_verify(const void *data __rte_unused)
 	return test_ipsec_proto_all(&flags);
 }
 
+static int
+test_ipsec_proto_inner_ip_csum(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.ip_csum = true;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_inner_l4_csum(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.l4_csum = true;
+
+	return test_ipsec_proto_all(&flags);
+}
+
 static int
 test_PDCP_PROTO_all(void)
 {
@@ -14231,6 +14257,14 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Tunnel src and dst addr verification",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_tunnel_src_dst_addr_verify),
+		TEST_CASE_NAMED_ST(
+			"Inner IP checksum",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_inner_ip_csum),
+		TEST_CASE_NAMED_ST(
+			"Inner L4 checksum",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_inner_l4_csum),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 764e77bbff..bcd9746c98 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -7,6 +7,7 @@
 #include <rte_esp.h>
 #include <rte_ip.h>
 #include <rte_security.h>
+#include <rte_tcp.h>
 #include <rte_udp.h>
 
 #include "test.h"
@@ -103,6 +104,22 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 		return -ENOTSUP;
 	}
 
+	if (ipsec_xform->options.ip_csum_enable == 1 &&
+	    sec_cap->ipsec.options.ip_csum_enable == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1,
+				"Inner IP checksum is not supported\n");
+		return -ENOTSUP;
+	}
+
+	if (ipsec_xform->options.l4_csum_enable == 1 &&
+	    sec_cap->ipsec.options.l4_csum_enable == 0) {
+		if (!silent)
+			RTE_LOG(INFO, USER1,
+				"Inner L4 checksum is not supported\n");
+		return -ENOTSUP;
+	}
+
 	return 0;
 }
 
@@ -160,6 +177,56 @@ test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 	}
 }
 
+static bool
+is_ipv4(void *ip)
+{
+	struct rte_ipv4_hdr *ipv4 = ip;
+	uint8_t ip_ver;
+
+	ip_ver = (ipv4->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER;
+	if (ip_ver == IPVERSION)
+		return true;
+	else
+		return false;
+}
+
+static void
+test_ipsec_csum_init(void *ip, bool l3, bool l4)
+{
+	struct rte_ipv4_hdr *ipv4;
+	struct rte_tcp_hdr *tcp;
+	struct rte_udp_hdr *udp;
+	uint8_t next_proto;
+	uint8_t size;
+
+	if (is_ipv4(ip)) {
+		ipv4 = ip;
+		size = sizeof(struct rte_ipv4_hdr);
+		next_proto = ipv4->next_proto_id;
+
+		if (l3)
+			ipv4->hdr_checksum = 0;
+	} else {
+		size = sizeof(struct rte_ipv6_hdr);
+		next_proto = ((struct rte_ipv6_hdr *)ip)->proto;
+	}
+
+	if (l4) {
+		switch (next_proto) {
+		case IPPROTO_TCP:
+			tcp = (struct rte_tcp_hdr *)RTE_PTR_ADD(ip, size);
+			tcp->cksum = 0;
+			break;
+		case IPPROTO_UDP:
+			udp = (struct rte_udp_hdr *)RTE_PTR_ADD(ip, size);
+			udp->dgram_cksum = 0;
+			break;
+		default:
+			return;
+		}
+	}
+}
+
 void
 test_ipsec_td_prepare(const struct crypto_param *param1,
 		      const struct crypto_param *param2,
@@ -194,6 +261,17 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
 		if (flags->sa_expiry_pkts_soft)
 			td->ipsec_xform.life.packets_soft_limit =
 					IPSEC_TEST_PACKETS_MAX - 1;
+
+		if (flags->ip_csum) {
+			td->ipsec_xform.options.ip_csum_enable = 1;
+			test_ipsec_csum_init(&td->input_text.data, true, false);
+		}
+
+		if (flags->l4_csum) {
+			td->ipsec_xform.options.l4_csum_enable = 1;
+			test_ipsec_csum_init(&td->input_text.data, false, true);
+		}
+
 	}
 
 	RTE_SET_USED(param2);
@@ -230,6 +308,12 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[],
 		td_inb[i].ipsec_xform.options.tunnel_hdr_verify =
 			flags->tunnel_hdr_verify;
 
+		if (flags->ip_csum)
+			td_inb[i].ipsec_xform.options.ip_csum_enable = 1;
+
+		if (flags->l4_csum)
+			td_inb[i].ipsec_xform.options.l4_csum_enable = 1;
+
 		/* Clear outbound specific flags */
 		td_inb[i].ipsec_xform.options.iv_gen_disable = 0;
 	}
@@ -305,12 +389,96 @@ test_ipsec_iv_verify_push(struct rte_mbuf *m, const struct ipsec_test_data *td)
 	return TEST_SUCCESS;
 }
 
+static int
+test_ipsec_l3_csum_verify(struct rte_mbuf *m)
+{
+	uint16_t actual_cksum, expected_cksum;
+	struct rte_ipv4_hdr *ip;
+
+	ip = rte_pktmbuf_mtod(m, struct rte_ipv4_hdr *);
+
+	if (!is_ipv4((void *)ip))
+		return TEST_SKIPPED;
+
+	actual_cksum = ip->hdr_checksum;
+
+	ip->hdr_checksum = 0;
+
+	expected_cksum = rte_ipv4_cksum(ip);
+
+	if (actual_cksum != expected_cksum)
+		return TEST_FAILED;
+
+	return TEST_SUCCESS;
+}
+
+static int
+test_ipsec_l4_csum_verify(struct rte_mbuf *m)
+{
+	uint16_t actual_cksum = 0, expected_cksum = 0;
+	struct rte_ipv4_hdr *ipv4;
+	struct rte_ipv6_hdr *ipv6;
+	struct rte_tcp_hdr *tcp;
+	struct rte_udp_hdr *udp;
+	void *ip, *l4;
+
+	ip = rte_pktmbuf_mtod(m, void *);
+
+	if (is_ipv4(ip)) {
+		ipv4 = ip;
+		l4 = RTE_PTR_ADD(ipv4, sizeof(struct rte_ipv4_hdr));
+
+		switch (ipv4->next_proto_id) {
+		case IPPROTO_TCP:
+			tcp = (struct rte_tcp_hdr *)l4;
+			actual_cksum = tcp->cksum;
+			tcp->cksum = 0;
+			expected_cksum = rte_ipv4_udptcp_cksum(ipv4, l4);
+			break;
+		case IPPROTO_UDP:
+			udp = (struct rte_udp_hdr *)l4;
+			actual_cksum = udp->dgram_cksum;
+			udp->dgram_cksum = 0;
+			expected_cksum = rte_ipv4_udptcp_cksum(ipv4, l4);
+			break;
+		default:
+			break;
+		}
+	} else {
+		ipv6 = ip;
+		l4 = RTE_PTR_ADD(ipv6, sizeof(struct rte_ipv6_hdr));
+
+		switch (ipv6->proto) {
+		case IPPROTO_TCP:
+			tcp = (struct rte_tcp_hdr *)l4;
+			actual_cksum = tcp->cksum;
+			tcp->cksum = 0;
+			expected_cksum = rte_ipv6_udptcp_cksum(ipv6, l4);
+			break;
+		case IPPROTO_UDP:
+			udp = (struct rte_udp_hdr *)l4;
+			actual_cksum = udp->dgram_cksum;
+			udp->dgram_cksum = 0;
+			expected_cksum = rte_ipv6_udptcp_cksum(ipv6, l4);
+			break;
+		default:
+			break;
+		}
+	}
+
+	if (actual_cksum != expected_cksum)
+		return TEST_FAILED;
+
+	return TEST_SUCCESS;
+}
+
 static int
 test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		     bool silent, const struct ipsec_test_flags *flags)
 {
 	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
 	uint32_t skip, len = rte_pktmbuf_pkt_len(m);
+	int ret;
 
 	/* For tests with status as error for test success, skip verification */
 	if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&
@@ -354,6 +522,33 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 	len -= skip;
 	output_text += skip;
 
+	if ((td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) &&
+				flags->ip_csum) {
+		if (m->ol_flags & PKT_RX_IP_CKSUM_GOOD)
+			ret = test_ipsec_l3_csum_verify(m);
+		else
+			ret = TEST_FAILED;
+
+		if (ret == TEST_FAILED)
+			printf("Inner IP checksum test failed\n");
+
+		return ret;
+	}
+
+	if ((td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) &&
+				flags->l4_csum) {
+		if (m->ol_flags & PKT_RX_L4_CKSUM_GOOD)
+			ret = test_ipsec_l4_csum_verify(m);
+		else
+			ret = TEST_FAILED;
+
+		if (ret == TEST_FAILED)
+			printf("Inner L4 checksum test failed\n");
+
+		return ret;
+	}
+
+
 	if (memcmp(output_text, td->output_text.data + skip, len)) {
 		if (silent)
 			return TEST_FAILED;
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 0416005520..7628d0c42a 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -56,6 +56,8 @@ struct ipsec_test_flags {
 	uint32_t tunnel_hdr_verify;
 	bool udp_encap;
 	bool udp_ports_verify;
+	bool ip_csum;
+	bool l4_csum;
 };
 
 struct crypto_param {
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index 4e147ec19c..bb95d00641 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -95,6 +95,8 @@ struct ipsec_test_data pkt_aes_128_gcm = {
 		.options.ecn = 0,
 		.options.stats = 0,
 		.options.tunnel_hdr_verify = 0,
+		.options.ip_csum_enable = 0,
+		.options.l4_csum_enable = 0,
 		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
 		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
@@ -192,6 +194,8 @@ struct ipsec_test_data pkt_aes_192_gcm = {
 		.options.ecn = 0,
 		.options.stats = 0,
 		.options.tunnel_hdr_verify = 0,
+		.options.ip_csum_enable = 0,
+		.options.l4_csum_enable = 0,
 		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
 		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
@@ -292,6 +296,8 @@ struct ipsec_test_data pkt_aes_256_gcm = {
 		.options.ecn = 0,
 		.options.stats = 0,
 		.options.tunnel_hdr_verify = 0,
+		.options.ip_csum_enable = 0,
+		.options.l4_csum_enable = 0,
 		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
 		.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 163cdaa800..e2e1e1547f 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -106,6 +106,7 @@ New Features
   * Added tests to validate packets soft expiry.
   * Added tests to validate packets hard expiry.
   * Added tests to verify tunnel header verification in IPsec inbound.
+  * Added tests to verify inner checksum.
 
 
 Removed Items
-- 
2.22.0