[PATCH v2 07/13] test/crypto: add transport mode cases

[Anoob Joseph <anoobj@marvell.com>]

Add transport mode tests with test cases for IPv4 packets.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 app/test/test_cryptodev.c                | 39 ++++++++++++++----
 app/test/test_cryptodev_security_ipsec.c | 71 +++++++++++++++++++++-----------
 app/test/test_cryptodev_security_ipsec.h |  1 +
 doc/guides/rel_notes/release_22_03.rst   |  1 +
 4 files changed, 80 insertions(+), 32 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index e2bbabf..f470d5c 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9162,15 +9162,19 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 			dst += 1;
 	}
 
-	if (td->ipsec_xform.tunnel.type ==
-			RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
-		memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
-		memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
-	} else {
-		memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
-			sizeof(v6_src));
-		memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
-			sizeof(v6_dst));
+	if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+		if (td->ipsec_xform.tunnel.type ==
+				RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+			memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src,
+			       sizeof(src));
+			memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst,
+			       sizeof(dst));
+		} else {
+			memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+			       sizeof(v6_src));
+			memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+			       sizeof(v6_dst));
+		}
 	}
 
 	ctx = rte_cryptodev_get_sec_ctx(dev_id);
@@ -9636,6 +9640,19 @@ test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
 }
 
 static int
+test_ipsec_proto_transport_v4(const void *data __rte_unused)
+{
+	struct ipsec_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.ipv6 = false;
+	flags.transport = true;
+
+	return test_ipsec_proto_all(&flags);
+}
+
+static int
 test_PDCP_PROTO_all(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14635,6 +14652,10 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			"Tunnel IPv6 in IPv4",
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_tunnel_v6_in_v4),
+		TEST_CASE_NAMED_ST(
+			"Transport IPv4",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_transport_v4),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index ccce63f..029fdd3 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -400,12 +400,21 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
 			test_ipsec_csum_init(&td->input_text.data, false, true);
 		}
 
-		if (flags->tunnel_ipv6)
-			td->ipsec_xform.tunnel.type =
-					RTE_SECURITY_IPSEC_TUNNEL_IPV6;
-		else
-			td->ipsec_xform.tunnel.type =
-					RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+		if (flags->transport) {
+			td->ipsec_xform.mode =
+					RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT;
+		} else {
+			td->ipsec_xform.mode =
+					RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
+
+			if (flags->tunnel_ipv6)
+				td->ipsec_xform.tunnel.type =
+						RTE_SECURITY_IPSEC_TUNNEL_IPV6;
+			else
+				td->ipsec_xform.tunnel.type =
+						RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+		}
+
 
 	}
 }
@@ -748,29 +757,45 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
 	int ret;
 
-	if (flags->iv_gen &&
-	    td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
-		ret = test_ipsec_iv_verify_push(m, td);
-		if (ret != TEST_SUCCESS)
-			return ret;
-	}
-
 	if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
 		const struct rte_ipv4_hdr *iph4;
 		const struct rte_ipv6_hdr *iph6;
 
-		if (td->ipsec_xform.tunnel.type ==
-				RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
-			iph4 = (const struct rte_ipv4_hdr *)output_text;
-			if (is_valid_ipv4_pkt(iph4) == false) {
-				printf("Outer header is not IPv4\n");
-				return TEST_FAILED;
+		if (flags->iv_gen) {
+			ret = test_ipsec_iv_verify_push(m, td);
+			if (ret != TEST_SUCCESS)
+				return ret;
+		}
+
+		iph4 = (const struct rte_ipv4_hdr *)output_text;
+
+		if (td->ipsec_xform.mode ==
+				RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) {
+			if (flags->ipv6) {
+				iph6 = (const struct rte_ipv6_hdr *)output_text;
+				if (is_valid_ipv6_pkt(iph6) == false) {
+					printf("Transport packet is not IPv6\n");
+					return TEST_FAILED;
+				}
+			} else {
+				if (is_valid_ipv4_pkt(iph4) == false) {
+					printf("Transport packet is not IPv4\n");
+					return TEST_FAILED;
+				}
 			}
 		} else {
-			iph6 = (const struct rte_ipv6_hdr *)output_text;
-			if (is_valid_ipv6_pkt(iph6) == false) {
-				printf("Outer header is not IPv6\n");
-				return TEST_FAILED;
+			if (td->ipsec_xform.tunnel.type ==
+					RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+				if (is_valid_ipv4_pkt(iph4) == false) {
+					printf("Tunnel outer header is not IPv4\n");
+					return TEST_FAILED;
+				}
+			} else {
+				iph6 = (const struct rte_ipv6_hdr *)output_text;
+				if (is_valid_ipv6_pkt(iph6) == false) {
+					printf("Tunnel outer header is not IPv6\n");
+					return TEST_FAILED;
+				}
 			}
 		}
 	}
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 884a795..07d2453 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -63,6 +63,7 @@ struct ipsec_test_flags {
 	bool l4_csum;
 	bool ipv6;
 	bool tunnel_ipv6;
+	bool transport;
 	bool fragment;
 };
 
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index 0562547..58e9690 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -67,6 +67,7 @@ New Features
     * IPv4 in IPv4
     * IPv4 in IPv6
     * IPv6 in IPv4
+  * Added IPv4 transport mode tests.
   * Added tunnel mode fragment packet tests.
 
 
-- 
2.7.4