diff options
Diffstat (limited to 'test/validation/api/ipsec/ipsec_test_in.c')
-rw-r--r-- | test/validation/api/ipsec/ipsec_test_in.c | 690 |
1 files changed, 622 insertions, 68 deletions
diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index f31f77244..4eafed6a9 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -1,5 +1,5 @@ /* Copyright (c) 2017-2018, Linaro Limited - * Copyright (c) 2020, Marvell + * Copyright (c) 2020-2021, Marvell * All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause @@ -7,8 +7,45 @@ #include "ipsec.h" +#include "reass_test_vectors.h" #include "test_vectors.h" +static void part_prep_esp(ipsec_test_part part[], int num_part, bool v6_tunnel) +{ + int i; + + memset(part, 0, sizeof(ipsec_test_part) * num_part); + + for (i = 0; i < num_part; i++) { + part[i].num_pkt = 1; + + if (v6_tunnel) + part[i].out[0].l3_type = ODP_PROTO_L3_TYPE_IPV6; + else + part[i].out[0].l3_type = ODP_PROTO_L3_TYPE_IPV4; + + part[i].out[0].l4_type = ODP_PROTO_L4_TYPE_ESP; + } +} + +static void part_prep_plain(ipsec_test_part *part, int num_pkt, bool v6, bool udp) +{ + int i; + + part->num_pkt = num_pkt; + for (i = 0; i < num_pkt; i++) { + part->out[i].l4_type = _ODP_PROTO_L4_TYPE_UNDEF; + + if (v6) + part->out[i].l3_type = ODP_PROTO_L3_TYPE_IPV6; + else + part->out[i].l3_type = ODP_PROTO_L3_TYPE_IPV4; + + if (udp) + part->out[i].l4_type = ODP_PROTO_L4_TYPE_UDP; + } +} + static void test_in_ipv4_ah_sha256(void) { odp_ipsec_sa_param_t param; @@ -27,7 +64,7 @@ static void test_in_ipv4_ah_sha256(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -62,7 +99,7 @@ static void test_in_ipv4_ah_sha256_tun_ipv4(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -97,7 +134,7 @@ static void test_in_ipv4_ah_sha256_tun_ipv6(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -129,7 +166,7 @@ static void test_in_ipv4_ah_sha256_tun_ipv4_notun(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -162,7 +199,7 @@ static void test_in_ipv4_esp_null_sha256(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -194,7 +231,7 @@ static void test_in_ipv4_esp_aes_cbc_null(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_null_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -226,7 +263,7 @@ static void test_in_ipv4_esp_aes_cbc_sha1(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_sha1_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -258,7 +295,7 @@ static void test_in_ipv4_esp_aes_cbc_sha256(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -290,7 +327,7 @@ static void test_in_ipv4_esp_aes_cbc_sha384(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_sha384_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -322,7 +359,7 @@ static void test_in_ipv4_esp_aes_cbc_sha512(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_sha512_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -354,7 +391,7 @@ static void test_in_ipv4_esp_aes_ctr_null(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_aes_ctr_null_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -389,7 +426,7 @@ static void test_in_ipv4_ah_sha256_lookup(void) .lookup = 1, }, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -424,7 +461,7 @@ static void test_in_ipv4_esp_null_sha256_lookup(void) .lookup = 1, }, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -459,7 +496,7 @@ static void test_in_ipv4_esp_null_sha256_tun_ipv4(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -494,7 +531,7 @@ static void test_in_ipv4_esp_null_sha256_tun_ipv6(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -527,7 +564,7 @@ static void test_in_ipv4_esp_udp_null_sha256(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -563,7 +600,7 @@ static void test_in_ipv4_esp_udp_null_sha256_lookup(void) .lookup = 1, }, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -596,7 +633,7 @@ static void test_in_ipv4_ah_sha256_noreplay(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -608,7 +645,7 @@ static void test_in_ipv4_ah_sha256_noreplay(void) ipsec_test_part test_1235 = { .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1235, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -647,7 +684,7 @@ static void test_in_ipv4_ah_sha256_replay(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -658,12 +695,12 @@ static void test_in_ipv4_ah_sha256_replay(void) test_repl.pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1; test_repl.num_pkt = 1; - test_repl.in[0].status.error.antireplay = 1; + test_repl.out[0].status.error.antireplay = 1; ipsec_test_part test_1235 = { .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1235, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -699,7 +736,7 @@ static void test_in_ipv4_esp_null_sha256_noreplay(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -711,7 +748,7 @@ static void test_in_ipv4_esp_null_sha256_noreplay(void) ipsec_test_part test_1235 = { .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1235, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -757,18 +794,11 @@ static void test_in_ipv4_esp_null_sha256_replay(void) .l4_type = ODP_PROTO_L4_TYPE_ICMPV4, .pkt_res = &pkt_ipv4_icmp_0 }, }, - .in = { - { .status.warn.all = 0, - .status.error.all = 0, - .l3_type = ODP_PROTO_L3_TYPE_IPV4, - .l4_type = ODP_PROTO_L4_TYPE_ICMPV4, - .pkt_res = &pkt_ipv4_icmp_0 }, - }, }; test_repl.pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1; test_repl.num_pkt = 1; - test_repl.in[0].status.error.antireplay = 1; + test_repl.out[0].status.error.antireplay = 1; ipsec_test_part test_1235 = { .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1235, @@ -780,13 +810,6 @@ static void test_in_ipv4_esp_null_sha256_replay(void) .l4_type = ODP_PROTO_L4_TYPE_ICMPV4, .pkt_res = &pkt_ipv4_icmp_0 }, }, - .in = { - { .status.warn.all = 0, - .status.error.all = 0, - .l3_type = ODP_PROTO_L3_TYPE_IPV4, - .l4_type = ODP_PROTO_L4_TYPE_ICMPV4, - .pkt_res = &pkt_ipv4_icmp_0 }, - }, }; ipsec_check_in_one(&test, sa); @@ -822,7 +845,7 @@ static void test_in_ipv4_ah_esp_pkt(void) test.pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1; test.num_pkt = 1; - test.in[0].status.error.proto = 1; + test.out[0].status.error.proto = 1; ipsec_check_in_one(&test, sa); @@ -854,7 +877,7 @@ static void test_in_ipv4_esp_ah_pkt(void) test.pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1; test.num_pkt = 1; - test.in[0].status.error.proto = 1; + test.out[0].status.error.proto = 1; ipsec_check_in_one(&test, sa); @@ -882,7 +905,7 @@ static void test_in_ipv4_ah_esp_pkt_lookup(void) test.pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1; test.flags.lookup = 1; test.num_pkt = 1; - test.in[0].status.error.sa_lookup = 1; + test.out[0].status.error.sa_lookup = 1; ipsec_check_in_one(&test, ODP_IPSEC_SA_INVALID); @@ -910,7 +933,7 @@ static void test_in_ipv4_esp_ah_pkt_lookup(void) test.pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1; test.flags.lookup = 1; test.num_pkt = 1; - test.in[0].status.error.sa_lookup = 1; + test.out[0].status.error.sa_lookup = 1; ipsec_check_in_one(&test, ODP_IPSEC_SA_INVALID); @@ -937,7 +960,7 @@ static void test_in_ipv4_ah_sha256_bad1(void) test.pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1_bad1; test.num_pkt = 1; - test.in[0].status.error.auth = 1; + test.out[0].status.error.auth = 1; ipsec_check_in_one(&test, sa); @@ -964,7 +987,7 @@ static void test_in_ipv4_ah_sha256_bad2(void) test.pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1_bad2; test.num_pkt = 1; - test.in[0].status.error.auth = 1; + test.out[0].status.error.auth = 1; ipsec_check_in_one(&test, sa); @@ -991,7 +1014,7 @@ static void test_in_ipv4_esp_null_sha256_bad1(void) test.pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1_bad1; test.num_pkt = 1; - test.in[0].status.error.auth = 1; + test.out[0].status.error.auth = 1; ipsec_check_in_one(&test, sa); @@ -1016,7 +1039,7 @@ static void test_in_ipv4_rfc3602_5_esp(void) ipsec_test_part test = { .pkt_in = &pkt_rfc3602_5_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1048,7 +1071,7 @@ static void test_in_ipv4_rfc3602_6_esp(void) ipsec_test_part test = { .pkt_in = &pkt_rfc3602_6_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1083,7 +1106,7 @@ static void test_in_ipv4_rfc3602_7_esp(void) ipsec_test_part test = { .pkt_in = &pkt_rfc3602_7_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1118,7 +1141,7 @@ static void test_in_ipv4_rfc3602_8_esp(void) ipsec_test_part test = { .pkt_in = &pkt_rfc3602_8_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1153,7 +1176,7 @@ static void test_in_ipv4_mcgrew_gcm_2_esp(void) ipsec_test_part test = { .pkt_in = &pkt_mcgrew_gcm_test_2_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1188,7 +1211,7 @@ static void test_in_ipv4_mcgrew_gcm_3_esp(void) ipsec_test_part test = { .pkt_in = &pkt_mcgrew_gcm_test_3_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1223,7 +1246,7 @@ static void test_in_ipv4_mcgrew_gcm_4_esp(void) ipsec_test_part test = { .pkt_in = &pkt_mcgrew_gcm_test_4_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1263,7 +1286,7 @@ static void test_in_ipv4_mcgrew_gcm_12_esp(void) ipsec_test_part test = { .pkt_in = &pkt_mcgrew_gcm_test_12_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_NONE, @@ -1295,7 +1318,7 @@ static void test_in_ipv4_mcgrew_gcm_12_esp_notun(void) ipsec_test_part test = { .pkt_in = &pkt_mcgrew_gcm_test_12_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1330,7 +1353,7 @@ static void test_in_ipv4_mcgrew_gcm_15_esp(void) ipsec_test_part test = { .pkt_in = &pkt_mcgrew_gcm_test_15_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1365,7 +1388,7 @@ static void test_in_ipv4_rfc7634_chacha(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_rfc7634_esp, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1397,7 +1420,7 @@ static void test_in_ipv4_ah_aes_gmac_128(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_ah_aes_gmac_128_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1429,7 +1452,7 @@ static void test_in_ipv4_esp_null_aes_gmac_128(void) ipsec_test_part test = { .pkt_in = &pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV4, @@ -1461,7 +1484,7 @@ static void test_in_ipv6_ah_sha256(void) ipsec_test_part test = { .pkt_in = &pkt_ipv6_icmp_0_ah_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV6, @@ -1496,7 +1519,7 @@ static void test_in_ipv6_ah_sha256_tun_ipv4(void) ipsec_test_part test = { .pkt_in = &pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV6, @@ -1531,7 +1554,7 @@ static void test_in_ipv6_ah_sha256_tun_ipv6(void) ipsec_test_part test = { .pkt_in = &pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV6, @@ -1563,7 +1586,7 @@ static void test_in_ipv6_esp_null_sha256(void) ipsec_test_part test = { .pkt_in = &pkt_ipv6_icmp_0_esp_null_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV6, @@ -1598,7 +1621,7 @@ static void test_in_ipv6_esp_null_sha256_tun_ipv4(void) ipsec_test_part test = { .pkt_in = &pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV6, @@ -1633,7 +1656,7 @@ static void test_in_ipv6_esp_null_sha256_tun_ipv6(void) ipsec_test_part test = { .pkt_in = &pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV6, @@ -1666,7 +1689,7 @@ static void test_in_ipv6_esp_udp_null_sha256(void) ipsec_test_part test = { .pkt_in = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV6, @@ -1702,7 +1725,7 @@ static void test_in_ipv6_esp_udp_null_sha256_lookup(void) .lookup = 1, }, .num_pkt = 1, - .in = { + .out = { { .status.warn.all = 0, .status.error.all = 0, .l3_type = ODP_PROTO_L3_TYPE_IPV6, @@ -1741,6 +1764,529 @@ static void test_ipsec_sa_print(void) ipsec_sa_destroy(in_sa); } +static void test_in_ipv4_esp_reass_success_two_frags(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 2); + + part_prep_esp(test_out, 2, false); + + test_out[0].pkt_in = &pkt_ipv4_udp_p1_f1; + test_out[1].pkt_in = &pkt_ipv4_udp_p1_f2; + + part_prep_plain(&test_in[1], 1, false, true); + test_in[1].out[0].pkt_res = &pkt_ipv4_udp_p1; + + for (i = 0; i < 2; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv4_esp_reass_success_four_frags(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 4); + + part_prep_esp(test_out, 4, false); + + test_out[0].pkt_in = &pkt_ipv4_udp_p2_f1; + test_out[1].pkt_in = &pkt_ipv4_udp_p2_f2; + test_out[2].pkt_in = &pkt_ipv4_udp_p2_f3; + test_out[3].pkt_in = &pkt_ipv4_udp_p2_f4; + + part_prep_plain(&test_in[3], 1, false, true); + test_in[3].out[0].pkt_res = &pkt_ipv4_udp_p2; + + for (i = 0; i < 4; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv4_esp_reass_success_two_frags_ooo(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 2); + + part_prep_esp(test_out, 2, false); + + test_out[0].pkt_in = &pkt_ipv4_udp_p1_f2; + test_out[1].pkt_in = &pkt_ipv4_udp_p1_f1; + + part_prep_plain(&test_in[1], 1, false, true); + test_in[1].out[0].pkt_res = &pkt_ipv4_udp_p1; + + for (i = 0; i < 2; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv4_esp_reass_success_four_frags_ooo(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 4); + + part_prep_esp(test_out, 4, false); + + test_out[0].pkt_in = &pkt_ipv4_udp_p2_f4; + test_out[1].pkt_in = &pkt_ipv4_udp_p2_f1; + test_out[2].pkt_in = &pkt_ipv4_udp_p2_f2; + test_out[3].pkt_in = &pkt_ipv4_udp_p2_f3; + + part_prep_plain(&test_in[3], 1, false, true); + test_in[3].out[0].pkt_res = &pkt_ipv4_udp_p2; + + for (i = 0; i < 4; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv4_esp_reass_incomp_missing(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 1); + + part_prep_esp(test_out, 1, false); + + test_out[0].pkt_in = &pkt_ipv4_udp_p1_f1; + + part_prep_plain(&test_in[0], 1, false, true); + test_in[0].out[0].pkt_res = &pkt_ipv4_udp_p1_f1; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[0], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[0].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[0], in_sa); +} + +static void test_in_ipv4_esp_reass_success(void) +{ + odp_ipsec_tunnel_param_t in_tunnel, out_tunnel; + odp_ipsec_sa_param_t param_in, param_out; + uint32_t src = IPV4ADDR(10, 0, 11, 2); + uint32_t dst = IPV4ADDR(10, 0, 22, 2); + odp_ipsec_sa_t out_sa, in_sa; + odp_ipsec_capability_t capa; + + memset(&in_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + memset(&out_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + + out_tunnel.type = ODP_IPSEC_TUNNEL_IPV4; + out_tunnel.ipv4.src_addr = &src; + out_tunnel.ipv4.dst_addr = &dst; + + CU_ASSERT(odp_ipsec_capability(&capa) == 0); + + ipsec_sa_param_fill(¶m_out, + false, false, 0x4a2cbfe7, &out_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + + ipsec_sa_param_fill(¶m_in, + true, false, 0x4a2cbfe7, &in_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + + param_in.inbound.reassembly_en = 1; + + out_sa = odp_ipsec_sa_create(¶m_out); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, out_sa); + + in_sa = odp_ipsec_sa_create(¶m_in); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, in_sa); + + printf("\n IPv4 two frags"); + test_in_ipv4_esp_reass_success_two_frags(out_sa, in_sa); + + printf("\n IPv4 four frags"); + test_in_ipv4_esp_reass_success_four_frags(out_sa, in_sa); + + printf("\n IPv4 two frags out of order"); + test_in_ipv4_esp_reass_success_two_frags_ooo(out_sa, in_sa); + + printf("\n IPv4 four frags out of order"); + test_in_ipv4_esp_reass_success_four_frags_ooo(out_sa, in_sa); + + printf("\n"); + + ipsec_sa_destroy(in_sa); + ipsec_sa_destroy(out_sa); +} + +static void test_in_ipv4_esp_reass_incomp(void) +{ + odp_ipsec_tunnel_param_t in_tunnel, out_tunnel; + odp_ipsec_sa_param_t param_in, param_out; + uint32_t src = IPV4ADDR(10, 0, 11, 2); + uint32_t dst = IPV4ADDR(10, 0, 22, 2); + odp_ipsec_sa_t out_sa, in_sa; + odp_ipsec_capability_t capa; + + memset(&in_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + memset(&out_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + + out_tunnel.type = ODP_IPSEC_TUNNEL_IPV4; + out_tunnel.ipv4.src_addr = &src; + out_tunnel.ipv4.dst_addr = &dst; + + CU_ASSERT(odp_ipsec_capability(&capa) == 0); + + ipsec_sa_param_fill(¶m_out, + false, false, 0x4a2cbfe7, &out_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + + ipsec_sa_param_fill(¶m_in, + true, false, 0x4a2cbfe7, &in_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + + param_in.inbound.reassembly_en = 1; + + out_sa = odp_ipsec_sa_create(¶m_out); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, out_sa); + + in_sa = odp_ipsec_sa_create(¶m_in); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, in_sa); + + printf("\n IPv4 missing frag"); + test_in_ipv4_esp_reass_incomp_missing(out_sa, in_sa); + + printf("\n"); + + ipsec_sa_destroy(in_sa); + ipsec_sa_destroy(out_sa); +} + +static void test_in_ipv6_esp_reass_success_two_frags(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 2); + + part_prep_esp(test_out, 2, true); + + test_out[0].pkt_in = &pkt_ipv6_udp_p1_f1; + test_out[1].pkt_in = &pkt_ipv6_udp_p1_f2; + + part_prep_plain(&test_in[1], 1, true, true); + test_in[1].out[0].pkt_res = &pkt_ipv6_udp_p1; + + for (i = 0; i < 2; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv6_esp_reass_success_four_frags(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 4); + + part_prep_esp(test_out, 4, true); + + test_out[0].pkt_in = &pkt_ipv6_udp_p2_f1; + test_out[1].pkt_in = &pkt_ipv6_udp_p2_f2; + test_out[2].pkt_in = &pkt_ipv6_udp_p2_f3; + test_out[3].pkt_in = &pkt_ipv6_udp_p2_f4; + + part_prep_plain(&test_in[3], 1, true, true); + test_in[3].out[0].pkt_res = &pkt_ipv6_udp_p2; + + for (i = 0; i < 4; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv6_esp_reass_success_two_frags_ooo(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 2); + + part_prep_esp(test_out, 2, true); + + test_out[0].pkt_in = &pkt_ipv6_udp_p1_f2; + test_out[1].pkt_in = &pkt_ipv6_udp_p1_f1; + + part_prep_plain(&test_in[1], 1, true, true); + test_in[1].out[0].pkt_res = &pkt_ipv6_udp_p1; + + for (i = 0; i < 2; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv6_esp_reass_success_four_frags_ooo(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + int i; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 4); + + part_prep_esp(test_out, 4, true); + + test_out[1].pkt_in = &pkt_ipv6_udp_p2_f2; + test_out[2].pkt_in = &pkt_ipv6_udp_p2_f3; + test_out[3].pkt_in = &pkt_ipv6_udp_p2_f4; + test_out[0].pkt_in = &pkt_ipv6_udp_p2_f1; + + part_prep_plain(&test_in[3], 1, true, true); + test_in[3].out[0].pkt_res = &pkt_ipv6_udp_p2; + + for (i = 0; i < 4; i++) { + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[i], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[i].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[i], in_sa); + } +} + +static void test_in_ipv6_esp_reass_incomp_missing(odp_ipsec_sa_t out_sa, + odp_ipsec_sa_t in_sa) +{ + ipsec_test_part test_out[MAX_FRAGS], test_in[MAX_FRAGS]; + ipsec_test_packet test_pkt; + odp_packet_t pkt; + + memset(test_in, 0, sizeof(test_in)); + + CU_ASSERT(MAX_FRAGS >= 1); + + part_prep_esp(test_out, 1, true); + + test_out[0].pkt_in = &pkt_ipv6_udp_p1_f1; + + part_prep_plain(&test_in[0], 1, true, true); + test_in[0].out[0].pkt_res = &pkt_ipv6_udp_p1_f1; + + CU_ASSERT_EQUAL(ipsec_check_out(&test_out[0], out_sa, &pkt), 1); + + ipsec_test_packet_from_pkt(&test_pkt, &pkt); + test_in[0].pkt_in = &test_pkt; + + ipsec_check_in_one(&test_in[0], in_sa); +} + +static void test_in_ipv6_esp_reass_success(void) +{ + odp_ipsec_tunnel_param_t in_tunnel, out_tunnel; + odp_ipsec_sa_param_t param_in, param_out; + odp_ipsec_sa_t out_sa, in_sa; + odp_ipsec_capability_t capa; + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + + memset(&in_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + memset(&out_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + out_tunnel.type = ODP_IPSEC_TUNNEL_IPV6; + out_tunnel.ipv6.src_addr = &src; + out_tunnel.ipv6.dst_addr = &dst; + out_tunnel.ipv6.hlimit = 64; + + CU_ASSERT(odp_ipsec_capability(&capa) == 0); + + ipsec_sa_param_fill(¶m_out, + false, false, 0x4a2cbfe7, &out_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + + ipsec_sa_param_fill(¶m_in, + true, false, 0x4a2cbfe7, &in_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + param_in.inbound.reassembly_en = 1; + + out_sa = odp_ipsec_sa_create(¶m_out); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, out_sa); + + in_sa = odp_ipsec_sa_create(¶m_in); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, in_sa); + + printf("\n IPv6 two frags"); + test_in_ipv6_esp_reass_success_two_frags(out_sa, in_sa); + + printf("\n IPv6 four frags"); + test_in_ipv6_esp_reass_success_four_frags(out_sa, in_sa); + + printf("\n IPv6 two frags out of order"); + test_in_ipv6_esp_reass_success_two_frags_ooo(out_sa, in_sa); + + printf("\n IPv6 four frags out of order"); + test_in_ipv6_esp_reass_success_four_frags_ooo(out_sa, in_sa); + + printf("\n"); + + ipsec_sa_destroy(in_sa); + ipsec_sa_destroy(out_sa); +} + +static void test_in_ipv6_esp_reass_incomp(void) +{ + odp_ipsec_tunnel_param_t in_tunnel, out_tunnel; + odp_ipsec_sa_param_t param_in, param_out; + odp_ipsec_sa_t out_sa, in_sa; + odp_ipsec_capability_t capa; + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + + memset(&in_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + memset(&out_tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + out_tunnel.type = ODP_IPSEC_TUNNEL_IPV6; + out_tunnel.ipv6.src_addr = &src; + out_tunnel.ipv6.dst_addr = &dst; + + CU_ASSERT(odp_ipsec_capability(&capa) == 0); + + ipsec_sa_param_fill(¶m_out, + false, false, 0x4a2cbfe7, &out_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + + ipsec_sa_param_fill(¶m_in, + true, false, 0x4a2cbfe7, &in_tunnel, + ODP_CIPHER_ALG_AES_GCM, &key_mcgrew_gcm_4, + ODP_AUTH_ALG_AES_GCM, NULL, + &key_mcgrew_gcm_salt_4, NULL); + param_in.inbound.reassembly_en = 1; + + out_sa = odp_ipsec_sa_create(¶m_out); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, out_sa); + + in_sa = odp_ipsec_sa_create(¶m_in); + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, in_sa); + + printf("\n IPv6 missing frag"); + test_in_ipv6_esp_reass_incomp_missing(out_sa, in_sa); + + printf("\n"); + + ipsec_sa_destroy(in_sa); + ipsec_sa_destroy(out_sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -1853,5 +2399,13 @@ odp_testinfo_t ipsec_in_suite[] = { ODP_TEST_INFO(test_ipsec_print), ODP_TEST_INFO_CONDITIONAL(test_ipsec_sa_print, ipsec_check_esp_aes_cbc_128_sha1), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_reass_success, + ipsec_check_esp_aes_gcm_128_reass_ipv4), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_reass_incomp, + ipsec_check_esp_aes_gcm_128_reass_ipv4), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_reass_success, + ipsec_check_esp_aes_gcm_128_reass_ipv6), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_reass_incomp, + ipsec_check_esp_aes_gcm_128_reass_ipv6), ODP_TEST_INFO_NULL, }; |