[dpdk-test-report] |WARNING| pw99655-99659 [PATCH] [v5, 5/5] test/crypto: add UDP encapsulated IPsec test cases

dpdklab at iol.unh.edu dpdklab at iol.unh.edu
Wed Oct 6 08:29:27 CEST 2021


Test-Label: iol-testing
Test-Status: WARNING
http://dpdk.org/patch/99655

_apply patch failure_

Submitter: Anoob Joseph <anoobj at marvell.com>
Date: Saturday, September 25 2021 15:35:32 
Applied on: CommitID:2700326085033fd13339a8de31f58a95d1ee9c3f
Apply patch set 99655-99659 failed:

Checking patch app/test/meson.build...
error: while searching for:
        'test_cryptodev.c',
        'test_cryptodev_asym.c',
        'test_cryptodev_blockcipher.c',
        'test_cryptodev_security_pdcp.c',
        'test_cycles.c',
        'test_debug.c',

error: patch failed: app/test/meson.build:38
Checking patch app/test/test.h...
error: while searching for:
#define TEST_CASE_WITH_DATA(setup, teardown, testcase, data) \
		{ setup, teardown, NULL, testcase, #testcase, 1, data }

#define TEST_CASE_DISABLED(fn) { NULL, NULL, fn, NULL, #fn, 0, NULL }

#define TEST_CASE_ST_DISABLED(setup, teardown, testcase) \

error: patch failed: app/test/test.h:124
Checking patch app/test/test_cryptodev.c...
error: while searching for:

#include <rte_crypto.h>
#include <rte_cryptodev.h>
#include <rte_string_fns.h>

#ifdef RTE_CRYPTO_SCHEDULER

error: patch failed: app/test/test_cryptodev.c:16
error: while searching for:
#include "test_cryptodev_hmac_test_vectors.h"
#include "test_cryptodev_mixed_test_vectors.h"
#ifdef RTE_LIB_SECURITY
#include "test_cryptodev_security_pdcp_test_vectors.h"
#include "test_cryptodev_security_pdcp_sdap_test_vectors.h"
#include "test_cryptodev_security_pdcp_test_func.h"

error: patch failed: app/test/test_cryptodev.c:41
error: while searching for:
		const uint8_t *digest,
		const uint8_t *iv);

static struct rte_mbuf *
setup_test_string(struct rte_mempool *mpool,
		const char *string, size_t len, uint8_t blocksize)

error: patch failed: app/test/test_cryptodev.c:123
error: while searching for:

#ifdef RTE_LIB_SECURITY
static int
pdcp_proto_testsuite_setup(void)
{
	struct crypto_testsuite_params *ts_params = &testsuite_params;

error: patch failed: app/test/test_cryptodev.c:753
Hunk #5 succeeded at 9263 (offset 358 lines).
error: while searching for:
};

#ifdef RTE_LIB_SECURITY
static struct unit_test_suite pdcp_proto_testsuite  = {
	.suite_name = "PDCP Proto Unit Test Suite",
	.setup = pdcp_proto_testsuite_setup,

error: patch failed: app/test/test_cryptodev.c:13745
error: while searching for:
		&cryptodev_negative_hmac_sha1_testsuite,
		&cryptodev_gen_testsuite,
#ifdef RTE_LIB_SECURITY
		&pdcp_proto_testsuite,
		&docsis_proto_testsuite,
#endif

error: patch failed: app/test/test_cryptodev.c:14530
Checking patch app/test/test_cryptodev_security_ipsec.c...
error: app/test/test_cryptodev_security_ipsec.c: already exists in index
Checking patch app/test/test_cryptodev_security_ipsec.h...
error: app/test/test_cryptodev_security_ipsec.h: already exists in index
Checking patch app/test/test_cryptodev_security_ipsec_test_vectors.h...
error: app/test/test_cryptodev_security_ipsec_test_vectors.h: already exists in index
Checking patch doc/guides/rel_notes/release_21_11.rst...
error: while searching for:
  Added command-line options to specify total number of processes and
  current process ID. Each process owns subset of Rx and Tx queues.


Removed Items
-------------

error: patch failed: doc/guides/rel_notes/release_21_11.rst:87
Applying patch app/test/meson.build with 1 reject...
Rejected hunk #1.
Applying patch app/test/test.h with 1 reject...
Rejected hunk #1.
Applying patch app/test/test_cryptodev.c with 6 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
Hunk #5 applied cleanly.
Rejected hunk #6.
Rejected hunk #7.
Applying patch doc/guides/rel_notes/release_21_11.rst with 1 reject...
Rejected hunk #1.
diff a/app/test/meson.build b/app/test/meson.build	(rejected hunks)
@@ -38,6 +38,7 @@ test_sources = files(
         'test_cryptodev.c',
         'test_cryptodev_asym.c',
         'test_cryptodev_blockcipher.c',
+        'test_cryptodev_security_ipsec.c',
         'test_cryptodev_security_pdcp.c',
         'test_cycles.c',
         'test_debug.c',
diff a/app/test/test.h b/app/test/test.h	(rejected hunks)
@@ -124,6 +124,12 @@ struct unit_test_case {
 #define TEST_CASE_WITH_DATA(setup, teardown, testcase, data) \
 		{ setup, teardown, NULL, testcase, #testcase, 1, data }
 
+#define TEST_CASE_NAMED_ST(name, setup, teardown, testcase) \
+		{ setup, teardown, NULL, testcase, name, 1, NULL }
+
+#define TEST_CASE_NAMED_WITH_DATA(name, setup, teardown, testcase, data) \
+		{ setup, teardown, NULL, testcase, name, 1, data }
+
 #define TEST_CASE_DISABLED(fn) { NULL, NULL, fn, NULL, #fn, 0, NULL }
 
 #define TEST_CASE_ST_DISABLED(setup, teardown, testcase) \
diff a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c	(rejected hunks)
@@ -16,6 +16,7 @@
 
 #include <rte_crypto.h>
 #include <rte_cryptodev.h>
+#include <rte_ip.h>
 #include <rte_string_fns.h>
 
 #ifdef RTE_CRYPTO_SCHEDULER
@@ -41,6 +42,8 @@
 #include "test_cryptodev_hmac_test_vectors.h"
 #include "test_cryptodev_mixed_test_vectors.h"
 #ifdef RTE_LIB_SECURITY
+#include "test_cryptodev_security_ipsec.h"
+#include "test_cryptodev_security_ipsec_test_vectors.h"
 #include "test_cryptodev_security_pdcp_test_vectors.h"
 #include "test_cryptodev_security_pdcp_sdap_test_vectors.h"
 #include "test_cryptodev_security_pdcp_test_func.h"
@@ -123,6 +126,13 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
 		const uint8_t *digest,
 		const uint8_t *iv);
 
+static int
+security_proto_supported(enum rte_security_session_action_type action,
+	enum rte_security_session_protocol proto);
+
+static int
+dev_configure_and_start(uint64_t ff_disable);
+
 static struct rte_mbuf *
 setup_test_string(struct rte_mempool *mpool,
 		const char *string, size_t len, uint8_t blocksize)
@@ -753,6 +763,47 @@ crypto_gen_testsuite_setup(void)
 
 #ifdef RTE_LIB_SECURITY
 static int
+ipsec_proto_testsuite_setup(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct crypto_unittest_params *ut_params = &unittest_params;
+	struct rte_cryptodev_info dev_info;
+	int ret = 0;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) {
+		RTE_LOG(INFO, USER1, "Feature flag requirements for IPsec Proto "
+				"testsuite not met\n");
+		return TEST_SKIPPED;
+	}
+
+	/* Reconfigure to enable security */
+	ret = dev_configure_and_start(0);
+	if (ret != TEST_SUCCESS)
+		return ret;
+
+	/* Set action type */
+	ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
+
+	if (security_proto_supported(
+			RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+			RTE_SECURITY_PROTOCOL_IPSEC) < 0) {
+		RTE_LOG(INFO, USER1, "Capability requirements for IPsec Proto "
+				"test not met\n");
+		ret = TEST_SKIPPED;
+	}
+
+	/*
+	 * Stop the device. Device would be started again by individual test
+	 * case setup routine.
+	 */
+	rte_cryptodev_stop(ts_params->valid_devs[0]);
+
+	return ret;
+}
+
+static int
 pdcp_proto_testsuite_setup(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -13745,6 +13960,26 @@ static struct unit_test_suite end_testsuite = {
 };
 
 #ifdef RTE_LIB_SECURITY
+static struct unit_test_suite ipsec_proto_testsuite  = {
+	.suite_name = "IPsec Proto Unit Test Suite",
+	.setup = ipsec_proto_testsuite_setup,
+	.unit_test_cases = {
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 192)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb, &pkt_aes_192_gcm),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),
+		TEST_CASES_END() /**< NULL terminate unit test array */
+	}
+};
+
 static struct unit_test_suite pdcp_proto_testsuite  = {
 	.suite_name = "PDCP Proto Unit Test Suite",
 	.setup = pdcp_proto_testsuite_setup,
@@ -14530,6 +14765,7 @@ run_cryptodev_testsuite(const char *pmd_name)
 		&cryptodev_negative_hmac_sha1_testsuite,
 		&cryptodev_gen_testsuite,
 #ifdef RTE_LIB_SECURITY
+		&ipsec_proto_testsuite,
 		&pdcp_proto_testsuite,
 		&docsis_proto_testsuite,
 #endif
diff a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst	(rejected hunks)
@@ -87,6 +87,10 @@ New Features
   Added command-line options to specify total number of processes and
   current process ID. Each process owns subset of Rx and Tx queues.
 
+* **Added lookaside protocol (IPsec) tests in dpdk-test.**
+
+  * Added known vector tests (AES-GCM 128, 192, 256).
+
 
 Removed Items
 -------------
Checking patch app/test/test_cryptodev.c...
error: app/test/test_cryptodev.c: does not match index
Checking patch app/test/test_cryptodev_security_ipsec.c...
error: while searching for:
#include "test.h"
#include "test_cryptodev_security_ipsec.h"

int
test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
			   const struct rte_security_capability *sec_cap,

error: patch failed: app/test/test_cryptodev_security_ipsec.c:10
error: while searching for:
	}
}

static int
test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
{

error: patch failed: app/test/test_cryptodev_security_ipsec.c:128
error: while searching for:

static int
test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
		     bool silent)
{
	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
	uint32_t skip, len = rte_pktmbuf_pkt_len(m);

error: patch failed: app/test/test_cryptodev_security_ipsec.c:148
error: while searching for:
		return TEST_FAILED;
	}

	return TEST_SUCCESS;
}

int
test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
			struct ipsec_test_data *res_d, bool silent)
{
	/*
	 * In case of known vector tests & all inbound tests, res_d provided

error: patch failed: app/test/test_cryptodev_security_ipsec.c:177
error: while searching for:
	 * For inbound, output_text would be plain packet and for outbound
	 * output_text would IPsec packet. Validate by comparing against
	 * known vectors.
	 */
	RTE_SET_USED(res_d);
	return test_ipsec_td_verify(m, td, silent);
}

int
test_ipsec_status_check(struct rte_crypto_op *op,
			enum rte_security_ipsec_sa_direction dir)
{
	int ret = TEST_SUCCESS;

error: patch failed: app/test/test_cryptodev_security_ipsec.c:190
error: while searching for:
		ret = TEST_FAILED;
	}

	RTE_SET_USED(dir);

	return ret;

error: patch failed: app/test/test_cryptodev_security_ipsec.c:206
Checking patch app/test/test_cryptodev_security_ipsec.h...
error: while searching for:
#include <rte_cryptodev.h>
#include <rte_security.h>

struct ipsec_test_data {
	struct {
		uint8_t data[32];

error: patch failed: app/test/test_cryptodev_security_ipsec.h:8
error: while searching for:
	} xform;
};

int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
			       const struct rte_security_capability *sec_cap,
			       bool silent);

error: patch failed: app/test/test_cryptodev_security_ipsec.h:45
error: while searching for:
void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
			       struct ipsec_test_data *td_in);

int test_ipsec_post_process(struct rte_mbuf *m,
			    const struct ipsec_test_data *td,
			    struct ipsec_test_data *res_d, bool silent);

int test_ipsec_status_check(struct rte_crypto_op *op,
			    enum rte_security_ipsec_sa_direction dir);

#endif

error: patch failed: app/test/test_cryptodev_security_ipsec.h:56
Applying patch app/test/test_cryptodev_security_ipsec.c with 6 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
Rejected hunk #5.
Rejected hunk #6.
Applying patch app/test/test_cryptodev_security_ipsec.h with 3 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
diff a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c	(rejected hunks)
@@ -10,6 +10,8 @@
 #include "test.h"
 #include "test_cryptodev_security_ipsec.h"
 
+extern struct ipsec_test_data pkt_aes_256_gcm;
+
 int
 test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 			   const struct rte_security_capability *sec_cap,
@@ -128,6 +130,68 @@ test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 	}
 }
 
+void
+test_ipsec_td_prepare(const struct crypto_param *param1,
+		      const struct crypto_param *param2,
+		      const struct ipsec_test_flags *flags,
+		      struct ipsec_test_data *td_array,
+		      int nb_td)
+
+{
+	struct ipsec_test_data *td;
+	int i;
+
+	memset(td_array, 0, nb_td * sizeof(*td));
+
+	for (i = 0; i < nb_td; i++) {
+		td = &td_array[i];
+		/* Copy template for packet & key fields */
+		memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
+
+		/* Override fields based on param */
+
+		if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+			td->aead = true;
+		else
+			td->aead = false;
+
+		td->xform.aead.aead.algo = param1->alg.aead;
+		td->xform.aead.aead.key.length = param1->key_length;
+	}
+
+	RTE_SET_USED(flags);
+	RTE_SET_USED(param2);
+}
+
+void
+test_ipsec_td_update(struct ipsec_test_data td_inb[],
+		     const struct ipsec_test_data td_outb[],
+		     int nb_td,
+		     const struct ipsec_test_flags *flags)
+{
+	int i;
+
+	for (i = 0; i < nb_td; i++) {
+		memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
+		       td_outb[i].input_text.len);
+		td_inb[i].output_text.len = td_outb->input_text.len;
+	}
+
+	RTE_SET_USED(flags);
+}
+
+void
+test_ipsec_display_alg(const struct crypto_param *param1,
+		       const struct crypto_param *param2)
+{
+	if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+		printf("\t%s [%d]\n",
+		       rte_crypto_aead_algorithm_strings[param1->alg.aead],
+		       param1->key_length);
+
+	RTE_SET_USED(param2);
+}
+
 static int
 test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
 {
@@ -148,7 +212,7 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td)
 
 static int
 test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
-		     bool silent)
+		     bool silent, const struct ipsec_test_flags *flags)
 {
 	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
 	uint32_t skip, len = rte_pktmbuf_pkt_len(m);
@@ -177,12 +241,37 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		return TEST_FAILED;
 	}
 
+	RTE_SET_USED(flags);
+
+	return TEST_SUCCESS;
+}
+
+static int
+test_ipsec_res_d_prepare(struct rte_mbuf *m, const struct ipsec_test_data *td,
+		   struct ipsec_test_data *res_d)
+{
+	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
+	uint32_t len = rte_pktmbuf_pkt_len(m);
+
+	memcpy(res_d, td, sizeof(*res_d));
+	memcpy(res_d->input_text.data, output_text, len);
+	res_d->input_text.len = len;
+
+	res_d->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
+	if (res_d->aead) {
+		res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
+	} else {
+		printf("Only AEAD supported\n");
+		return TEST_SKIPPED;
+	}
+
 	return TEST_SUCCESS;
 }
 
 int
 test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
-			struct ipsec_test_data *res_d, bool silent)
+			struct ipsec_test_data *res_d, bool silent,
+			const struct ipsec_test_flags *flags)
 {
 	/*
 	 * In case of known vector tests & all inbound tests, res_d provided
@@ -190,13 +279,22 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 	 * For inbound, output_text would be plain packet and for outbound
 	 * output_text would IPsec packet. Validate by comparing against
 	 * known vectors.
+	 *
+	 * In case of combined mode tests, the output_text from outbound
+	 * operation (ie, IPsec packet) would need to be inbound processed to
+	 * obtain the plain text. Copy output_text to result data, 'res_d', so
+	 * that inbound processing can be done.
 	 */
-	RTE_SET_USED(res_d);
-	return test_ipsec_td_verify(m, td, silent);
+
+	if (res_d == NULL)
+		return test_ipsec_td_verify(m, td, silent, flags);
+	else
+		return test_ipsec_res_d_prepare(m, td, res_d);
 }
 
 int
 test_ipsec_status_check(struct rte_crypto_op *op,
+			const struct ipsec_test_flags *flags,
 			enum rte_security_ipsec_sa_direction dir)
 {
 	int ret = TEST_SUCCESS;
@@ -206,6 +304,7 @@ test_ipsec_status_check(struct rte_crypto_op *op,
 		ret = TEST_FAILED;
 	}
 
+	RTE_SET_USED(flags);
 	RTE_SET_USED(dir);
 
 	return ret;
diff a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h	(rejected hunks)
@@ -8,6 +8,8 @@
 #include <rte_cryptodev.h>
 #include <rte_security.h>
 
+#define IPSEC_TEST_PACKETS_MAX 32
+
 struct ipsec_test_data {
 	struct {
 		uint8_t data[32];
@@ -45,6 +47,38 @@ struct ipsec_test_data {
 	} xform;
 };
 
+struct ipsec_test_flags {
+	bool display_alg;
+};
+
+struct crypto_param {
+	enum rte_crypto_sym_xform_type type;
+	union {
+		enum rte_crypto_cipher_algorithm cipher;
+		enum rte_crypto_auth_algorithm auth;
+		enum rte_crypto_aead_algorithm aead;
+	} alg;
+	uint16_t key_length;
+};
+
+static const struct crypto_param aead_list[] = {
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+		.alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
+		.key_length = 16,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+		.key_length = 24,
+	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
+		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
+		.key_length = 32
+	},
+};
+
 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 			       const struct rte_security_capability *sec_cap,
 			       bool silent);
@@ -56,11 +90,27 @@ int test_ipsec_crypto_caps_aead_verify(
 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 			       struct ipsec_test_data *td_in);
 
+void test_ipsec_td_prepare(const struct crypto_param *param1,
+			   const struct crypto_param *param2,
+			   const struct ipsec_test_flags *flags,
+			   struct ipsec_test_data *td_array,
+			   int nb_td);
+
+void test_ipsec_td_update(struct ipsec_test_data td_inb[],
+			  const struct ipsec_test_data td_outb[],
+			  int nb_td,
+			  const struct ipsec_test_flags *flags);
+
+void test_ipsec_display_alg(const struct crypto_param *param1,
+			    const struct crypto_param *param2);
+
 int test_ipsec_post_process(struct rte_mbuf *m,
 			    const struct ipsec_test_data *td,
-			    struct ipsec_test_data *res_d, bool silent);
+			    struct ipsec_test_data *res_d, bool silent,
+			    const struct ipsec_test_flags *flags);
 
 int test_ipsec_status_check(struct rte_crypto_op *op,
+			    const struct ipsec_test_flags *flags,
 			    enum rte_security_ipsec_sa_direction dir);
 
 #endif
Checking patch app/test/test_cryptodev.c...
error: app/test/test_cryptodev.c: does not match index
Checking patch app/test/test_cryptodev_security_ipsec.c...
error: while searching for:
		memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
		       td_outb[i].input_text.len);
		td_inb[i].output_text.len = td_outb->input_text.len;
	}

	RTE_SET_USED(flags);
}

void

error: patch failed: app/test/test_cryptodev_security_ipsec.c:175
error: while searching for:
	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
	uint32_t skip, len = rte_pktmbuf_pkt_len(m);

	if (len != td->output_text.len) {
		printf("Output length (%d) not matching with expected (%d)\n",
			len, td->output_text.len);

error: patch failed: app/test/test_cryptodev_security_ipsec.c:217
error: while searching for:
		return TEST_FAILED;
	}

	RTE_SET_USED(flags);

	return TEST_SUCCESS;
}


error: patch failed: app/test/test_cryptodev_security_ipsec.c:241
error: while searching for:
{
	int ret = TEST_SUCCESS;

	if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
		printf("Security op processing failed\n");
		ret = TEST_FAILED;
	}

	RTE_SET_USED(flags);
	RTE_SET_USED(dir);

	return ret;
}

error: patch failed: app/test/test_cryptodev_security_ipsec.c:299
Checking patch app/test/test_cryptodev_security_ipsec.h...
error: while searching for:

struct ipsec_test_flags {
	bool display_alg;
};

struct crypto_param {

error: patch failed: app/test/test_cryptodev_security_ipsec.h:49
Checking patch doc/guides/rel_notes/release_21_11.rst...
error: while searching for:
* **Added lookaside protocol (IPsec) tests in dpdk-test.**

  * Added known vector tests (AES-GCM 128, 192, 256).


Removed Items

error: patch failed: doc/guides/rel_notes/release_21_11.rst:90
Applying patch app/test/test_cryptodev_security_ipsec.c with 4 rejects...
Rejected hunk #1.
Rejected hunk #2.
Rejected hunk #3.
Rejected hunk #4.
Applying patch app/test/test_cryptodev_security_ipsec.h with 1 reject...
Rejected hunk #1.
Applying patch doc/guides/rel_notes/release_21_11.rst with 1 reject...
Rejected hunk #1.
diff a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c	(rejected hunks)
@@ -175,9 +175,12 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[],
 		memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
 		       td_outb[i].input_text.len);
 		td_inb[i].output_text.len = td_outb->input_text.len;
-	}
 
-	RTE_SET_USED(flags);
+		if (flags->icv_corrupt) {
+			int icv_pos = td_inb[i].input_text.len - 4;
+			td_inb[i].input_text.data[icv_pos] += 1;
+		}
+	}
 }
 
 void
@@ -217,6 +220,11 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 	uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
 	uint32_t skip, len = rte_pktmbuf_pkt_len(m);
 
+	/* For negative tests, no need to do verification */
+	if (flags->icv_corrupt &&
+	    td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
+		return TEST_SUCCESS;
+
 	if (len != td->output_text.len) {
 		printf("Output length (%d) not matching with expected (%d)\n",
 			len, td->output_text.len);
@@ -241,8 +249,6 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
 		return TEST_FAILED;
 	}
 
-	RTE_SET_USED(flags);
-
 	return TEST_SUCCESS;
 }
 
@@ -299,13 +305,17 @@ test_ipsec_status_check(struct rte_crypto_op *op,
 {
 	int ret = TEST_SUCCESS;
 
-	if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
-		printf("Security op processing failed\n");
-		ret = TEST_FAILED;
+	if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) {
+		if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) {
+			printf("ICV corruption test case failed\n");
+			ret = TEST_FAILED;
+		}
+	} else {
+		if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+			printf("Security op processing failed\n");
+			ret = TEST_FAILED;
+		}
 	}
 
-	RTE_SET_USED(flags);
-	RTE_SET_USED(dir);
-
 	return ret;
 }
diff a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h	(rejected hunks)
@@ -49,6 +49,7 @@ struct ipsec_test_data {
 
 struct ipsec_test_flags {
 	bool display_alg;
+	bool icv_corrupt;
 };
 
 struct crypto_param {
diff a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst	(rejected hunks)
@@ -90,6 +90,7 @@ New Features
 * **Added lookaside protocol (IPsec) tests in dpdk-test.**
 
   * Added known vector tests (AES-GCM 128, 192, 256).
+  * Added tests to verify error reporting with ICV corruption.
 
 
 Removed Items
Checking patch app/test/test_cryptodev.c...
error: app/test/test_cryptodev.c: does not match index
Checking patch app/test/test_cryptodev_security_ipsec.c...
error: while searching for:

#include <rte_common.h>
#include <rte_cryptodev.h>
#include <rte_ip.h>
#include <rte_security.h>

#include "test.h"
#include "test_cryptodev_security_ipsec.h"

extern struct ipsec_test_data pkt_aes_256_gcm;

int

error: patch failed: app/test/test_cryptodev_security_ipsec.c:4
Hunk #2 succeeded at 295 (offset 78 lines).
error: while searching for:
			struct ipsec_test_data *res_d, bool silent,
			const struct ipsec_test_flags *flags)
{
	/*
	 * In case of known vector tests & all inbound tests, res_d provided
	 * would be NULL and output data need to be validated against expected.

error: patch failed: app/test/test_cryptodev_security_ipsec.c:279
Checking patch app/test/test_cryptodev_security_ipsec.h...
error: while searching for:
struct ipsec_test_flags {
	bool display_alg;
	bool icv_corrupt;
};

struct crypto_param {

error: patch failed: app/test/test_cryptodev_security_ipsec.h:50
Checking patch doc/guides/rel_notes/release_21_11.rst...
error: while searching for:

  * Added known vector tests (AES-GCM 128, 192, 256).
  * Added tests to verify error reporting with ICV corruption.


Removed Items

error: patch failed: doc/guides/rel_notes/release_21_11.rst:91
Applying patch app/test/test_cryptodev_security_ipsec.c with 2 rejects...
Rejected hunk #1.
Hunk #2 applied cleanly.
Rejected hunk #3.
Applying patch app/test/test_cryptodev_security_ipsec.h with 1 reject...
Rejected hunk #1.
Applying patch doc/guides/rel_notes/release_21_11.rst with 1 reject...
Rejected hunk #1.
diff a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c	(rejected hunks)
@@ -4,12 +4,15 @@
 
 #include <rte_common.h>
 #include <rte_cryptodev.h>
+#include <rte_esp.h>
 #include <rte_ip.h>
 #include <rte_security.h>
 
 #include "test.h"
 #include "test_cryptodev_security_ipsec.h"
 
+#define IV_LEN_MAX 16
+
 extern struct ipsec_test_data pkt_aes_256_gcm;
 
 int
@@ -279,6 +322,15 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
 			struct ipsec_test_data *res_d, bool silent,
 			const struct ipsec_test_flags *flags)
 {
+	int ret;
+
+	if (flags->iv_gen &&
+	    td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+		ret = test_ipsec_iv_verify_push(m, td);
+		if (ret != TEST_SUCCESS)
+			return ret;
+	}
+
 	/*
 	 * In case of known vector tests & all inbound tests, res_d provided
 	 * would be NULL and output data need to be validated against expected.
diff a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h	(rejected hunks)
@@ -50,6 +50,7 @@ struct ipsec_test_data {
 struct ipsec_test_flags {
 	bool display_alg;
 	bool icv_corrupt;
+	bool iv_gen;
 };
 
 struct crypto_param {
diff a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst	(rejected hunks)
@@ -91,6 +91,7 @@ New Features
 
   * Added known vector tests (AES-GCM 128, 192, 256).
   * Added tests to verify error reporting with ICV corruption.
+  * Added tests to verify IV generation.
 
 
 Removed Items
Checking patch app/test/test_cryptodev.c...
error: app/test/test_cryptodev.c: does not match index
Checking patch app/test/test_cryptodev_security_ipsec.c...
error: app/test/test_cryptodev_security_ipsec.c: does not match index
Checking patch app/test/test_cryptodev_security_ipsec.h...
error: while searching for:
	bool display_alg;
	bool icv_corrupt;
	bool iv_gen;
};

struct crypto_param {

error: patch failed: app/test/test_cryptodev_security_ipsec.h:51
Checking patch doc/guides/rel_notes/release_21_11.rst...
error: while searching for:
  * Added known vector tests (AES-GCM 128, 192, 256).
  * Added tests to verify error reporting with ICV corruption.
  * Added tests to verify IV generation.


Removed Items

error: patch failed: doc/guides/rel_notes/release_21_11.rst:92
Applying patch app/test/test_cryptodev_security_ipsec.h with 1 reject...
Rejected hunk #1.
Applying patch doc/guides/rel_notes/release_21_11.rst with 1 reject...
Rejected hunk #1.
diff a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h	(rejected hunks)
@@ -51,6 +51,7 @@ struct ipsec_test_flags {
 	bool display_alg;
 	bool icv_corrupt;
 	bool iv_gen;
+	bool udp_encap;
 };
 
 struct crypto_param {
diff a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst	(rejected hunks)
@@ -92,6 +92,7 @@ New Features
   * Added known vector tests (AES-GCM 128, 192, 256).
   * Added tests to verify error reporting with ICV corruption.
   * Added tests to verify IV generation.
+  * Added tests to verify UDP encapsulation.
 
 
 Removed Items

https://lab.dpdk.org/results/dashboard/patchsets/18961/

UNH-IOL DPDK Community Lab


More information about the test-report mailing list