From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
Declan Doherty <declan.doherty@intel.com>,
Fan Zhang <roy.fan.zhang@intel.com>,
"Konstantin Ananyev" <konstantin.ananyev@intel.com>
Cc: Tejasree Kondoj <ktejasree@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Archana Muniganti <marchana@marvell.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
Radu Nicolau <radu.nicolau@intel.com>,
Ciara Power <ciara.power@intel.com>,
Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org>,
Anoob Joseph <anoobj@marvell.com>
Subject: [dpdk-dev] [PATCH v5 3/5] test/crypto: add lookaside IPsec ICV corrupt test case
Date: Sat, 25 Sep 2021 21:05:30 +0530 [thread overview]
Message-ID: <1632584132-289-4-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1632584132-289-1-git-send-email-anoobj@marvell.com>
From: Tejasree Kondoj <ktejasree@marvell.com>
Add negative test to validate IPsec inbound processing failure with ICV
corruption. The tests would first do IPsec encapsulation and corrupt
ICV of the generated IPsec packet. Then the packet is submitted to IPsec
outbound processing for decapsulation. Test case would validate that PMD
returns an error in such cases.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
app/test/test_cryptodev.c | 16 ++++++++++++++++
app/test/test_cryptodev_security_ipsec.c | 30 ++++++++++++++++++++----------
app/test/test_cryptodev_security_ipsec.h | 1 +
doc/guides/rel_notes/release_21_11.rst | 1 +
4 files changed, 38 insertions(+), 10 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 3eacc66..bfaca1d 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9130,6 +9130,18 @@ test_ipsec_proto_display_list(const void *data __rte_unused)
}
static int
+test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.icv_corrupt = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14041,6 +14053,10 @@ static struct unit_test_suite ipsec_proto_testsuite = {
"Combined test alg list",
ut_setup_security, ut_teardown,
test_ipsec_proto_display_list),
+ TEST_CASE_NAMED_ST(
+ "Negative test: ICV corruption",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_err_icv_corrupt),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index d08e093..aebbe66 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -175,9 +175,12 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[],
memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
td_outb[i].input_text.len);
td_inb[i].output_text.len = td_outb->input_text.len;
- }
- RTE_SET_USED(flags);
+ if (flags->icv_corrupt) {
+ int icv_pos = td_inb[i].input_text.len - 4;
+ td_inb[i].input_text.data[icv_pos] += 1;
+ }
+ }
}
void
@@ -217,6 +220,11 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
uint32_t skip, len = rte_pktmbuf_pkt_len(m);
+ /* For negative tests, no need to do verification */
+ if (flags->icv_corrupt &&
+ td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
+ return TEST_SUCCESS;
+
if (len != td->output_text.len) {
printf("Output length (%d) not matching with expected (%d)\n",
len, td->output_text.len);
@@ -241,8 +249,6 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
return TEST_FAILED;
}
- RTE_SET_USED(flags);
-
return TEST_SUCCESS;
}
@@ -299,13 +305,17 @@ test_ipsec_status_check(struct rte_crypto_op *op,
{
int ret = TEST_SUCCESS;
- if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
- printf("Security op processing failed\n");
- ret = TEST_FAILED;
+ if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) {
+ if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) {
+ printf("ICV corruption test case failed\n");
+ ret = TEST_FAILED;
+ }
+ } else {
+ if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+ printf("Security op processing failed\n");
+ ret = TEST_FAILED;
+ }
}
- RTE_SET_USED(flags);
- RTE_SET_USED(dir);
-
return ret;
}
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index cbb3ee4..134fc3a 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -49,6 +49,7 @@ struct ipsec_test_data {
struct ipsec_test_flags {
bool display_alg;
+ bool icv_corrupt;
};
struct crypto_param {
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index cf0277d..8fc5844 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -90,6 +90,7 @@ New Features
* **Added lookaside protocol (IPsec) tests in dpdk-test.**
* Added known vector tests (AES-GCM 128, 192, 256).
+ * Added tests to verify error reporting with ICV corruption.
Removed Items
--
2.7.4
next prev parent reply other threads:[~2021-09-25 15:36 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-29 10:43 [dpdk-dev] [PATCH 21.11 0/3] Add lookaside IPsec tests Anoob Joseph
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 1/3] test/crypto: add " Anoob Joseph
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 2/3] test/crypto: add combined mode tests Anoob Joseph
2021-07-29 10:43 ` [dpdk-dev] [PATCH 21.11 3/3] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 0/4] Add lookaside IPsec tests Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 1/4] test/crypto: add " Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 2/4] test/crypto: add combined mode tests Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 3/4] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-08-11 9:45 ` [dpdk-dev] [PATCH v2 4/4] test/crypto: add IV gen tests Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 0/5] Add lookaside IPsec tests Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 1/5] test/crypto: add " Anoob Joseph
2021-09-03 9:38 ` Power, Ciara
2021-09-03 9:46 ` Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 2/5] test/crypto: add combined mode tests Anoob Joseph
2021-09-03 9:42 ` Power, Ciara
2021-09-03 10:04 ` Anoob Joseph
2021-09-03 15:04 ` Power, Ciara
2021-09-03 16:14 ` Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 4/5] test/crypto: add IV gen tests Anoob Joseph
2021-09-03 4:46 ` [dpdk-dev] [PATCH v3 5/5] test/crypto: add UDP encapsulation test cases Anoob Joseph
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 0/5] Add lookaside IPsec tests Anoob Joseph
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 1/5] test/crypto: add " Anoob Joseph
2021-09-21 16:08 ` Akhil Goyal
2021-09-23 4:48 ` Anoob Joseph
2021-09-23 10:39 ` Power, Ciara
2021-09-23 11:08 ` Anoob Joseph
2021-09-23 11:26 ` Power, Ciara
2021-09-23 11:30 ` Anoob Joseph
2021-09-24 8:42 ` Hemant Agrawal
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 2/5] test/crypto: add combined mode tests Anoob Joseph
2021-09-21 16:22 ` Akhil Goyal
2021-09-24 7:23 ` Hemant Agrawal
2021-09-24 8:12 ` [dpdk-dev] [EXT] " Anoob Joseph
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 3/5] test/crypto: add lookaside IPsec ICV corrupt test case Anoob Joseph
2021-09-21 16:25 ` Akhil Goyal
2021-09-24 8:43 ` Hemant Agrawal
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 4/5] test/crypto: add IV gen tests Anoob Joseph
2021-09-21 16:31 ` Akhil Goyal
2021-09-17 13:15 ` [dpdk-dev] [PATCH v4 5/5] test/crypto: add UDP encapsulation test cases Anoob Joseph
2021-09-21 16:35 ` Akhil Goyal
2021-09-23 13:34 ` [dpdk-dev] [PATCH v4 0/5] Add lookaside IPsec tests Power, Ciara
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 " Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 1/5] test/crypto: add lookaside IPsec cases Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 2/5] test/crypto: add combined mode " Anoob Joseph
2021-09-25 15:35 ` Anoob Joseph [this message]
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 4/5] test/crypto: add IV gen cases for IPsec Anoob Joseph
2021-09-25 15:35 ` [dpdk-dev] [PATCH v5 5/5] test/crypto: add UDP encapsulated IPsec test cases Anoob Joseph
2021-09-28 7:49 ` [dpdk-dev] [PATCH v5 0/5] Add lookaside IPsec tests Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1632584132-289-4-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=ciara.power@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=g.singh@nxp.com \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.ananyev@intel.com \
--cc=ktejasree@marvell.com \
--cc=marchana@marvell.com \
--cc=radu.nicolau@intel.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).