diff options
author | Janne Peltonen <janne.peltonen@nokia.com> | 2023-04-05 15:27:54 +0300 |
---|---|---|
committer | Petri Savolainen <petri.savolainen@nokia.com> | 2023-04-06 09:11:13 +0300 |
commit | d9e2c1e09020a3f6e058c70d3ddef6884b9cde73 (patch) | |
tree | 363192b116a4396a93c350429b7a8584567a06d8 /test | |
parent | 4d162f58fa3909480cd8bab44fad3f2b5ce64143 (diff) |
validation: ipsec: allow sa creation failure for unsupported algos
Not all implementations support all possible combinations of cipher and
auth algorithms. Allow session creation error and skip test in cases
where session creation failure might have been caused by an unsupported
algorithm combination.
Signed-off-by: Janne Peltonen <janne.peltonen@nokia.com>
Reviewed-by: Jere Leppänen <jere.leppanen@nokia.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/validation/api/ipsec/ipsec_test_out.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index bb318edad..1a013289b 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -475,6 +475,30 @@ static void ipsec_check_out_in_one(const ipsec_test_part *part_outbound, } } +static int sa_creation_failure_ok(const odp_ipsec_sa_param_t *param) +{ + odp_cipher_alg_t cipher = param->crypto.cipher_alg; + odp_auth_alg_t auth = param->crypto.auth_alg; + + /* Single algorithm must not fail */ + if (cipher == ODP_CIPHER_ALG_NULL || auth == ODP_AUTH_ALG_NULL) + return 0; + + /* Combined mode algorithms must not fail */ + if (cipher == ODP_CIPHER_ALG_AES_GCM || + cipher == ODP_CIPHER_ALG_AES_CCM || + cipher == ODP_CIPHER_ALG_CHACHA20_POLY1305) + return 0; + + /* Combination of mandatory algorithms must not fail */ + if (cipher == ODP_CIPHER_ALG_AES_CBC && auth == ODP_AUTH_ALG_SHA1_HMAC) + return 0; + + printf("\n Algorithm combination (%d, %d) maybe not supported.\n", cipher, auth); + printf(" SA creation failed, skipping test.\n"); + return 1; +} + static void test_out_in_common(const ipsec_test_flags *flags, odp_cipher_alg_t cipher, const odp_crypto_key_t *cipher_key, @@ -539,6 +563,9 @@ static void test_out_in_common(const ipsec_test_flags *flags, sa_out = odp_ipsec_sa_create(¶m); + if (sa_out == ODP_IPSEC_SA_INVALID && sa_creation_failure_ok(¶m)) + return; + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa_out); ipsec_sa_param_fill(¶m, |