diff options
author | Anoob Joseph <anoobj@marvell.com> | 2021-02-10 18:52:54 +0530 |
---|---|---|
committer | Matias Elo <matias.elo@nokia.com> | 2021-05-05 10:33:29 +0300 |
commit | 057a52f1ead1c0b2bc2aefc603c69ac844891774 (patch) | |
tree | 78747614d4c915d9f5f363786a19235e0d9a2936 /test/validation/api | |
parent | 9dee565e2a1ceb23f33f3dd2bfa0b5206b6b24ab (diff) |
validation: ipsec: add test cases for reassembly of IPv6 pkts
Add test cases to handle reassembly of IPv6 packets.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Subrahmanyam Nilla <snilla@marvell.com>
Reviewed-by: Janne Peltonen <janne.peltonen@nokia.com>
Diffstat (limited to 'test/validation/api')
-rw-r--r-- | test/validation/api/ipsec/ipsec.c | 8 | ||||
-rw-r--r-- | test/validation/api/ipsec/ipsec.h | 1 | ||||
-rw-r--r-- | test/validation/api/ipsec/ipsec_test_in.c | 270 |
3 files changed, 279 insertions, 0 deletions
diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 390e7e4ff..e2f0e8c07 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -277,6 +277,14 @@ int ipsec_check_esp_aes_gcm_128_reass_ipv4(void) return ODP_TEST_INACTIVE; } +int ipsec_check_esp_aes_gcm_128_reass_ipv6(void) +{ + if (suite_context.reass_ipv6) + return ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 128, + ODP_AUTH_ALG_AES_GCM, 0); + return ODP_TEST_INACTIVE; +} + void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, odp_bool_t in, odp_bool_t ah, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index 96404ba9b..161835a33 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -139,5 +139,6 @@ int ipsec_check_esp_null_aes_gmac_256(void); int ipsec_check_esp_chacha20_poly1305(void); int ipsec_check_test_sa_update_seq_num(void); int ipsec_check_esp_aes_gcm_128_reass_ipv4(void); +int ipsec_check_esp_aes_gcm_128_reass_ipv6(void); #endif diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 0a844025d..4eafed6a9 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -2021,6 +2021,272 @@ static void test_in_ipv4_esp_reass_incomp(void) ipsec_sa_destroy(out_sa); } +static void test_in_ipv6_esp_reass_success_two_frags(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 2); + + part_prep_esp(test_out, 2, true); + + test_out[0].pkt_in = &pkt_ipv6_udp_p1_f1; + test_out[1].pkt_in = &pkt_ipv6_udp_p1_f2; + + part_prep_plain(&test_in[1], 1, true, true); + test_in[1].out[0].pkt_res = &pkt_ipv6_udp_p1; + + for (i = 0; i < 2; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv6_esp_reass_success_four_frags(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 4); + + part_prep_esp(test_out, 4, true); + + test_out[0].pkt_in = &pkt_ipv6_udp_p2_f1; + test_out[1].pkt_in = &pkt_ipv6_udp_p2_f2; + test_out[2].pkt_in = &pkt_ipv6_udp_p2_f3; + test_out[3].pkt_in = &pkt_ipv6_udp_p2_f4; + + part_prep_plain(&test_in[3], 1, true, true); + test_in[3].out[0].pkt_res = &pkt_ipv6_udp_p2; + + for (i = 0; i < 4; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv6_esp_reass_success_two_frags_ooo(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 2); + + part_prep_esp(test_out, 2, true); + + test_out[0].pkt_in = &pkt_ipv6_udp_p1_f2; + test_out[1].pkt_in = &pkt_ipv6_udp_p1_f1; + + part_prep_plain(&test_in[1], 1, true, true); + test_in[1].out[0].pkt_res = &pkt_ipv6_udp_p1; + + for (i = 0; i < 2; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv6_esp_reass_success_four_frags_ooo(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 4); + + part_prep_esp(test_out, 4, true); + + test_out[1].pkt_in = &pkt_ipv6_udp_p2_f2; + test_out[2].pkt_in = &pkt_ipv6_udp_p2_f3; + test_out[3].pkt_in = &pkt_ipv6_udp_p2_f4; + test_out[0].pkt_in = &pkt_ipv6_udp_p2_f1; + + part_prep_plain(&test_in[3], 1, true, true); + test_in[3].out[0].pkt_res = &pkt_ipv6_udp_p2; + + for (i = 0; i < 4; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv6_esp_reass_incomp_missing(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 1); + + part_prep_esp(test_out, 1, true); + + test_out[0].pkt_in = &pkt_ipv6_udp_p1_f1; + + part_prep_plain(&test_in[0], 1, true, true); + test_in[0].out[0].pkt_res = &pkt_ipv6_udp_p1_f1; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[0], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[0].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[0], in_sa); +} + +static void test_in_ipv6_esp_reass_success(void) +{ + odp_ipsec_tunnel_param_t in_tunnel, out_tunnel; + odp_ipsec_sa_param_t param_in, param_out; + odp_ipsec_sa_t out_sa, in_sa; + odp_ipsec_capability_t capa; + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + + memset(&in_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + memset(&out_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + out_tunnel.type = ODP_IPSEC_TUNNEL_IPV6; + out_tunnel.ipv6.src_addr = &src; + out_tunnel.ipv6.dst_addr = &dst; + out_tunnel.ipv6.hlimit = 64; + + CU_ASSERT(odp_ipsec_capability(&capa) == 0); + + ipsec_sa_param_fill(¶m_out, + false, false, 0x4a2cbfe7, &out_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + + ipsec_sa_param_fill(¶m_in, + true, false, 0x4a2cbfe7, &in_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + param_in.inbound.reassembly_en = 1; + + out_sa = odp_ipsec_sa_create(¶m_out); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, out_sa); + + in_sa = odp_ipsec_sa_create(¶m_in); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, in_sa); + + printf("\n IPv6 two frags"); + test_in_ipv6_esp_reass_success_two_frags(out_sa, in_sa); + + printf("\n IPv6 four frags"); + test_in_ipv6_esp_reass_success_four_frags(out_sa, in_sa); + + printf("\n IPv6 two frags out of order"); + test_in_ipv6_esp_reass_success_two_frags_ooo(out_sa, in_sa); + + printf("\n IPv6 four frags out of order"); + test_in_ipv6_esp_reass_success_four_frags_ooo(out_sa, in_sa); + + printf("\n"); + + ipsec_sa_destroy(in_sa); + ipsec_sa_destroy(out_sa); +} + +static void test_in_ipv6_esp_reass_incomp(void) +{ + odp_ipsec_tunnel_param_t in_tunnel, out_tunnel; + odp_ipsec_sa_param_t param_in, param_out; + odp_ipsec_sa_t out_sa, in_sa; + odp_ipsec_capability_t capa; + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + + memset(&in_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + memset(&out_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + out_tunnel.type = ODP_IPSEC_TUNNEL_IPV6; + out_tunnel.ipv6.src_addr = &src; + out_tunnel.ipv6.dst_addr = &dst; + + CU_ASSERT(odp_ipsec_capability(&capa) == 0); + + ipsec_sa_param_fill(¶m_out, + false, false, 0x4a2cbfe7, &out_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + + ipsec_sa_param_fill(¶m_in, + true, false, 0x4a2cbfe7, &in_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + param_in.inbound.reassembly_en = 1; + + out_sa = odp_ipsec_sa_create(¶m_out); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, out_sa); + + in_sa = odp_ipsec_sa_create(¶m_in); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, in_sa); + + printf("\n IPv6 missing frag"); + test_in_ipv6_esp_reass_incomp_missing(out_sa, in_sa); + + printf("\n"); + + ipsec_sa_destroy(in_sa); + ipsec_sa_destroy(out_sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -2137,5 +2403,9 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_aes_gcm_128_reass_ipv4), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_reass_incomp, ipsec_check_esp_aes_gcm_128_reass_ipv4), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_reass_success, + ipsec_check_esp_aes_gcm_128_reass_ipv6), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_reass_incomp, + ipsec_check_esp_aes_gcm_128_reass_ipv6), ODP_TEST_INFO_NULL, }; |