From d9e2c1e09020a3f6e058c70d3ddef6884b9cde73 Mon Sep 17 00:00:00 2001
From: Janne Peltonen <janne.peltonen@nokia.com>
Date: Wed, 5 Apr 2023 15:27:54 +0300
Subject: validation: ipsec: allow sa creation failure for unsupported algos
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Not all implementations support all possible combinations of cipher and
auth algorithms. Allow session creation error and skip test in cases
where session creation failure might have been caused by an unsupported
algorithm combination.

Signed-off-by: Janne Peltonen <janne.peltonen@nokia.com>
Reviewed-by: Jere Leppänen <jere.leppanen@nokia.com>
---
 test/validation/api/ipsec/ipsec_test_out.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'test')

diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c
index bb318edad..1a013289b 100644
--- a/test/validation/api/ipsec/ipsec_test_out.c
+++ b/test/validation/api/ipsec/ipsec_test_out.c
@@ -475,6 +475,30 @@ static void ipsec_check_out_in_one(const ipsec_test_part *part_outbound,
 	}
 }
 
+static int sa_creation_failure_ok(const odp_ipsec_sa_param_t *param)
+{
+	odp_cipher_alg_t cipher = param->crypto.cipher_alg;
+	odp_auth_alg_t auth     = param->crypto.auth_alg;
+
+	/* Single algorithm must not fail */
+	if (cipher == ODP_CIPHER_ALG_NULL || auth == ODP_AUTH_ALG_NULL)
+		return 0;
+
+	/* Combined mode algorithms must not fail */
+	if (cipher == ODP_CIPHER_ALG_AES_GCM ||
+	    cipher == ODP_CIPHER_ALG_AES_CCM ||
+	    cipher == ODP_CIPHER_ALG_CHACHA20_POLY1305)
+		return 0;
+
+	/* Combination of mandatory algorithms must not fail */
+	if (cipher == ODP_CIPHER_ALG_AES_CBC && auth == ODP_AUTH_ALG_SHA1_HMAC)
+		return 0;
+
+	printf("\n      Algorithm combination (%d, %d) maybe not supported.\n", cipher, auth);
+	printf("      SA creation failed, skipping test.\n");
+	return 1;
+}
+
 static void test_out_in_common(const ipsec_test_flags *flags,
 			       odp_cipher_alg_t cipher,
 			       const odp_crypto_key_t *cipher_key,
@@ -539,6 +563,9 @@ static void test_out_in_common(const ipsec_test_flags *flags,
 
 	sa_out = odp_ipsec_sa_create(&param);
 
+	if (sa_out == ODP_IPSEC_SA_INVALID && sa_creation_failure_ok(&param))
+		return;
+
 	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa_out);
 
 	ipsec_sa_param_fill(&param,
-- 
cgit v1.2.3