[API-NEXT,v5,3/3] validation: ipsec: verify TFC dummy packet generation

Message ID 1520103609-30096-4-git-send-email-odpbot@yandex.ru
State New
Headers show
Series
  • IPsec TFC implementation
Related show

Commit Message

Github ODP bot March 3, 2018, 7 p.m.
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 494 (lumag:ipsec-tfc-imp)
 ** https://github.com/Linaro/odp/pull/494
 ** Patch: https://github.com/Linaro/odp/pull/494.patch
 ** Base sha: 89f735041d4474f5da399ff683200991fc73cdd9
 ** Merge commit sha: bfec54aa995f41058bfe916c6a2bb43354c65b9e
 **/
 test/validation/api/ipsec/ipsec.c          |   7 +-
 test/validation/api/ipsec/ipsec_test_out.c | 162 +++++++++++++++++++++++++++++
 test/validation/api/ipsec/test_vectors.h   |  18 ++++
 3 files changed, 186 insertions(+), 1 deletion(-)

Patch

diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c
index 21eaf17b8..3e2e743d2 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -604,10 +604,15 @@  static int ipsec_send_out_one(const ipsec_test_part *part,
 			hdr_len = part->out[0].pkt_out->l3_offset;
 			CU_ASSERT_FATAL(hdr_len <= sizeof(hdr));
 			memcpy(hdr, part->out[0].pkt_out->data, hdr_len);
-		} else {
+		} else if (part->pkt_in->l3_offset !=
+			   ODP_PACKET_OFFSET_INVALID) {
 			hdr_len = part->pkt_in->l3_offset;
 			CU_ASSERT_FATAL(hdr_len <= sizeof(hdr));
 			memcpy(hdr, part->pkt_in->data, hdr_len);
+		} else {
+			/* Dummy header */
+			hdr_len = 14;
+			memset(hdr, 0xff, hdr_len);
 		}
 		inline_param.pktio = suite_context.pktio;
 		inline_param.outer_hdr.ptr = hdr;
diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c
index 3db553b60..5089dfa79 100644
--- a/test/validation/api/ipsec/ipsec_test_out.c
+++ b/test/validation/api/ipsec/ipsec_test_out.c
@@ -997,6 +997,164 @@  static void test_out_ipv6_esp_udp_null_sha256(void)
 	ipsec_sa_destroy(sa);
 }
 
+static void test_out_dummy_esp_null_sha256_tun_ipv4(void)
+{
+	uint32_t src = IPV4ADDR(10, 0, 111, 2);
+	uint32_t dst = IPV4ADDR(10, 0, 222, 2);
+	odp_ipsec_tunnel_param_t tunnel = {
+		.type = ODP_IPSEC_TUNNEL_IPV4,
+		.ipv4.src_addr = &src,
+		.ipv4.dst_addr = &dst,
+		.ipv4.ttl = 64,
+	};
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+	odp_ipsec_sa_t sa2;
+
+	/* This test will not work properly inbound inline mode.
+	 * Packet might be dropped and we will not check for that. */
+	if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE)
+		return;
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 123, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256,
+			    NULL);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256,
+			    NULL);
+
+	sa2 = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_test_nodata,
+		.num_opt = 1,
+		.opt = { .flag.tfc_dummy = 1,
+			 .tfc_pad_len = 16, },
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .l3_type = ODP_PROTO_L3_TYPE_IPV4,
+			  .l4_type = ODP_PROTO_L4_TYPE_NO_NEXT,
+			  .pkt_out = NULL },
+		},
+	};
+
+	ipsec_test_part test_empty = {
+		.pkt_in = &pkt_test_emtpy,
+		.num_opt = 1,
+		.opt = { .flag.tfc_dummy = 1,
+			 .tfc_pad_len = 16, },
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .l3_type = ODP_PROTO_L3_TYPE_IPV4,
+			  .l4_type = ODP_PROTO_L4_TYPE_NO_NEXT,
+			  .pkt_out = NULL },
+		},
+	};
+
+	ipsec_check_out_in_one(&test, sa, sa2);
+	ipsec_check_out_in_one(&test_empty, sa, sa2);
+
+	ipsec_sa_destroy(sa2);
+	ipsec_sa_destroy(sa);
+}
+
+static void test_out_dummy_esp_null_sha256_tun_ipv6(void)
+{
+	uint8_t src[16] = {
+		0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
+		0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a,
+	};
+	uint8_t dst[16] = {
+		0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16,
+	};
+	odp_ipsec_tunnel_param_t tunnel = {
+		.type = ODP_IPSEC_TUNNEL_IPV6,
+		.ipv6.src_addr = src,
+		.ipv6.dst_addr = dst,
+		.ipv6.hlimit = 64,
+	};
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+	odp_ipsec_sa_t sa2;
+
+	/* This test will not work properly inbound inline mode.
+	 * Packet might be dropped and we will not check for that. */
+	if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE)
+		return;
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 123, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256,
+			    NULL);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256,
+			    NULL);
+
+	sa2 = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_test_nodata,
+		.num_opt = 1,
+		.opt = { .flag.tfc_dummy = 1,
+			 .tfc_pad_len = 16, },
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .l3_type = ODP_PROTO_L3_TYPE_IPV4,
+			  .l4_type = ODP_PROTO_L4_TYPE_NO_NEXT,
+			  .pkt_out = NULL },
+		},
+	};
+
+	ipsec_test_part test_empty = {
+		.pkt_in = &pkt_test_emtpy,
+		.num_opt = 1,
+		.opt = { .flag.tfc_dummy = 1,
+			 .tfc_pad_len = 16, },
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .l3_type = ODP_PROTO_L3_TYPE_IPV4,
+			  .l4_type = ODP_PROTO_L4_TYPE_NO_NEXT,
+			  .pkt_out = NULL },
+		},
+	};
+
+	ipsec_check_out_in_one(&test, sa, sa2);
+	ipsec_check_out_in_one(&test_empty, sa, sa2);
+
+	ipsec_sa_destroy(sa2);
+	ipsec_sa_destroy(sa);
+}
+
 static void ipsec_test_capability(void)
 {
 	odp_ipsec_capability_t capa;
@@ -1056,5 +1214,9 @@  odp_testinfo_t ipsec_out_suite[] = {
 				  ipsec_check_esp_null_sha256),
 	ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_udp_null_sha256,
 				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_out_dummy_esp_null_sha256_tun_ipv4,
+				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_out_dummy_esp_null_sha256_tun_ipv6,
+				  ipsec_check_esp_null_sha256),
 	ODP_TEST_INFO_NULL,
 };
diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h
index 4d5ab3bdc..5b357a160 100644
--- a/test/validation/api/ipsec/test_vectors.h
+++ b/test/validation/api/ipsec/test_vectors.h
@@ -1865,4 +1865,22 @@  static const ODP_UNUSED ipsec_test_packet
 	},
 };
 
+static const ipsec_test_packet pkt_test_emtpy = {
+	.len = 0,
+	.l2_offset = ODP_PACKET_OFFSET_INVALID,
+	.l3_offset = ODP_PACKET_OFFSET_INVALID,
+	.l4_offset = ODP_PACKET_OFFSET_INVALID,
+	.data = { 0 },
+};
+
+static const ipsec_test_packet pkt_test_nodata = {
+	.len = 14,
+	.l2_offset = 0,
+	.l3_offset = ODP_PACKET_OFFSET_INVALID,
+	.l4_offset = ODP_PACKET_OFFSET_INVALID,
+	.data = {
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+		0x0a, 0x0b, 0x0c, 0x0d,
+	},
+};
 #endif