1474f1202SAnoob Joseph /* SPDX-License-Identifier: BSD-3-Clause 2474f1202SAnoob Joseph * Copyright(C) 2021 Marvell. 3474f1202SAnoob Joseph */ 4474f1202SAnoob Joseph 5474f1202SAnoob Joseph #include <rte_common.h> 6474f1202SAnoob Joseph #include <rte_cryptodev.h> 7cd928003STejasree Kondoj #include <rte_esp.h> 8474f1202SAnoob Joseph #include <rte_ip.h> 9474f1202SAnoob Joseph #include <rte_security.h> 10*c8234341STejasree Kondoj #include <rte_udp.h> 11474f1202SAnoob Joseph 12474f1202SAnoob Joseph #include "test.h" 13474f1202SAnoob Joseph #include "test_cryptodev_security_ipsec.h" 14474f1202SAnoob Joseph 15cd928003STejasree Kondoj #define IV_LEN_MAX 16 16cd928003STejasree Kondoj 176622d9c9SAnoob Joseph extern struct ipsec_test_data pkt_aes_256_gcm; 186622d9c9SAnoob Joseph 19474f1202SAnoob Joseph int 20474f1202SAnoob Joseph test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, 21474f1202SAnoob Joseph const struct rte_security_capability *sec_cap, 22474f1202SAnoob Joseph bool silent) 23474f1202SAnoob Joseph { 24474f1202SAnoob Joseph /* Verify security capabilities */ 25474f1202SAnoob Joseph 26474f1202SAnoob Joseph if (ipsec_xform->options.esn == 1 && sec_cap->ipsec.options.esn == 0) { 27474f1202SAnoob Joseph if (!silent) 28474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "ESN is not supported\n"); 29474f1202SAnoob Joseph return -ENOTSUP; 30474f1202SAnoob Joseph } 31474f1202SAnoob Joseph 32474f1202SAnoob Joseph if (ipsec_xform->options.udp_encap == 1 && 33474f1202SAnoob Joseph sec_cap->ipsec.options.udp_encap == 0) { 34474f1202SAnoob Joseph if (!silent) 35474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "UDP encapsulation is not supported\n"); 36474f1202SAnoob Joseph return -ENOTSUP; 37474f1202SAnoob Joseph } 38474f1202SAnoob Joseph 39474f1202SAnoob Joseph if (ipsec_xform->options.copy_dscp == 1 && 40474f1202SAnoob Joseph sec_cap->ipsec.options.copy_dscp == 0) { 41474f1202SAnoob Joseph if (!silent) 42474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "Copy DSCP is not supported\n"); 43474f1202SAnoob Joseph return -ENOTSUP; 44474f1202SAnoob Joseph } 45474f1202SAnoob Joseph 46474f1202SAnoob Joseph if (ipsec_xform->options.copy_flabel == 1 && 47474f1202SAnoob Joseph sec_cap->ipsec.options.copy_flabel == 0) { 48474f1202SAnoob Joseph if (!silent) 49474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "Copy Flow Label is not supported\n"); 50474f1202SAnoob Joseph return -ENOTSUP; 51474f1202SAnoob Joseph } 52474f1202SAnoob Joseph 53474f1202SAnoob Joseph if (ipsec_xform->options.copy_df == 1 && 54474f1202SAnoob Joseph sec_cap->ipsec.options.copy_df == 0) { 55474f1202SAnoob Joseph if (!silent) 56474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "Copy DP bit is not supported\n"); 57474f1202SAnoob Joseph return -ENOTSUP; 58474f1202SAnoob Joseph } 59474f1202SAnoob Joseph 60474f1202SAnoob Joseph if (ipsec_xform->options.dec_ttl == 1 && 61474f1202SAnoob Joseph sec_cap->ipsec.options.dec_ttl == 0) { 62474f1202SAnoob Joseph if (!silent) 63474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "Decrement TTL is not supported\n"); 64474f1202SAnoob Joseph return -ENOTSUP; 65474f1202SAnoob Joseph } 66474f1202SAnoob Joseph 67474f1202SAnoob Joseph if (ipsec_xform->options.ecn == 1 && sec_cap->ipsec.options.ecn == 0) { 68474f1202SAnoob Joseph if (!silent) 69474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "ECN is not supported\n"); 70474f1202SAnoob Joseph return -ENOTSUP; 71474f1202SAnoob Joseph } 72474f1202SAnoob Joseph 73474f1202SAnoob Joseph if (ipsec_xform->options.stats == 1 && 74474f1202SAnoob Joseph sec_cap->ipsec.options.stats == 0) { 75474f1202SAnoob Joseph if (!silent) 76474f1202SAnoob Joseph RTE_LOG(INFO, USER1, "Stats is not supported\n"); 77474f1202SAnoob Joseph return -ENOTSUP; 78474f1202SAnoob Joseph } 79474f1202SAnoob Joseph 80474f1202SAnoob Joseph return 0; 81474f1202SAnoob Joseph } 82474f1202SAnoob Joseph 83474f1202SAnoob Joseph int 84474f1202SAnoob Joseph test_ipsec_crypto_caps_aead_verify( 85474f1202SAnoob Joseph const struct rte_security_capability *sec_cap, 86474f1202SAnoob Joseph struct rte_crypto_sym_xform *aead) 87474f1202SAnoob Joseph { 88474f1202SAnoob Joseph const struct rte_cryptodev_symmetric_capability *sym_cap; 89474f1202SAnoob Joseph const struct rte_cryptodev_capabilities *crypto_cap; 90474f1202SAnoob Joseph int j = 0; 91474f1202SAnoob Joseph 92474f1202SAnoob Joseph while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != 93474f1202SAnoob Joseph RTE_CRYPTO_OP_TYPE_UNDEFINED) { 94474f1202SAnoob Joseph if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && 95474f1202SAnoob Joseph crypto_cap->sym.xform_type == aead->type && 96474f1202SAnoob Joseph crypto_cap->sym.aead.algo == aead->aead.algo) { 97474f1202SAnoob Joseph sym_cap = &crypto_cap->sym; 98474f1202SAnoob Joseph if (rte_cryptodev_sym_capability_check_aead(sym_cap, 99474f1202SAnoob Joseph aead->aead.key.length, 100474f1202SAnoob Joseph aead->aead.digest_length, 101474f1202SAnoob Joseph aead->aead.aad_length, 102474f1202SAnoob Joseph aead->aead.iv.length) == 0) 103474f1202SAnoob Joseph return 0; 104474f1202SAnoob Joseph } 105474f1202SAnoob Joseph } 106474f1202SAnoob Joseph 107474f1202SAnoob Joseph return -ENOTSUP; 108474f1202SAnoob Joseph } 109474f1202SAnoob Joseph 110474f1202SAnoob Joseph void 111474f1202SAnoob Joseph test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, 112474f1202SAnoob Joseph struct ipsec_test_data *td_in) 113474f1202SAnoob Joseph { 114474f1202SAnoob Joseph memcpy(td_in, td_out, sizeof(*td_in)); 115474f1202SAnoob Joseph 116474f1202SAnoob Joseph /* Populate output text of td_in with input text of td_out */ 117474f1202SAnoob Joseph memcpy(td_in->output_text.data, td_out->input_text.data, 118474f1202SAnoob Joseph td_out->input_text.len); 119474f1202SAnoob Joseph td_in->output_text.len = td_out->input_text.len; 120474f1202SAnoob Joseph 121474f1202SAnoob Joseph /* Populate input text of td_in with output text of td_out */ 122474f1202SAnoob Joseph memcpy(td_in->input_text.data, td_out->output_text.data, 123474f1202SAnoob Joseph td_out->output_text.len); 124474f1202SAnoob Joseph td_in->input_text.len = td_out->output_text.len; 125474f1202SAnoob Joseph 126474f1202SAnoob Joseph td_in->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; 127474f1202SAnoob Joseph 128474f1202SAnoob Joseph if (td_in->aead) { 129474f1202SAnoob Joseph td_in->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; 130474f1202SAnoob Joseph } else { 131474f1202SAnoob Joseph td_in->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; 132474f1202SAnoob Joseph td_in->xform.chain.cipher.cipher.op = 133474f1202SAnoob Joseph RTE_CRYPTO_CIPHER_OP_DECRYPT; 134474f1202SAnoob Joseph } 135474f1202SAnoob Joseph } 136474f1202SAnoob Joseph 1376622d9c9SAnoob Joseph void 1386622d9c9SAnoob Joseph test_ipsec_td_prepare(const struct crypto_param *param1, 1396622d9c9SAnoob Joseph const struct crypto_param *param2, 1406622d9c9SAnoob Joseph const struct ipsec_test_flags *flags, 1416622d9c9SAnoob Joseph struct ipsec_test_data *td_array, 1426622d9c9SAnoob Joseph int nb_td) 1436622d9c9SAnoob Joseph 1446622d9c9SAnoob Joseph { 1456622d9c9SAnoob Joseph struct ipsec_test_data *td; 1466622d9c9SAnoob Joseph int i; 1476622d9c9SAnoob Joseph 1486622d9c9SAnoob Joseph memset(td_array, 0, nb_td * sizeof(*td)); 1496622d9c9SAnoob Joseph 1506622d9c9SAnoob Joseph for (i = 0; i < nb_td; i++) { 1516622d9c9SAnoob Joseph td = &td_array[i]; 1526622d9c9SAnoob Joseph /* Copy template for packet & key fields */ 1536622d9c9SAnoob Joseph memcpy(td, &pkt_aes_256_gcm, sizeof(*td)); 1546622d9c9SAnoob Joseph 1556622d9c9SAnoob Joseph /* Override fields based on param */ 1566622d9c9SAnoob Joseph 1576622d9c9SAnoob Joseph if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) 1586622d9c9SAnoob Joseph td->aead = true; 1596622d9c9SAnoob Joseph else 1606622d9c9SAnoob Joseph td->aead = false; 1616622d9c9SAnoob Joseph 1626622d9c9SAnoob Joseph td->xform.aead.aead.algo = param1->alg.aead; 1636622d9c9SAnoob Joseph td->xform.aead.aead.key.length = param1->key_length; 1646622d9c9SAnoob Joseph } 1656622d9c9SAnoob Joseph 1666622d9c9SAnoob Joseph RTE_SET_USED(flags); 1676622d9c9SAnoob Joseph RTE_SET_USED(param2); 1686622d9c9SAnoob Joseph } 1696622d9c9SAnoob Joseph 1706622d9c9SAnoob Joseph void 1716622d9c9SAnoob Joseph test_ipsec_td_update(struct ipsec_test_data td_inb[], 1726622d9c9SAnoob Joseph const struct ipsec_test_data td_outb[], 1736622d9c9SAnoob Joseph int nb_td, 1746622d9c9SAnoob Joseph const struct ipsec_test_flags *flags) 1756622d9c9SAnoob Joseph { 1766622d9c9SAnoob Joseph int i; 1776622d9c9SAnoob Joseph 1786622d9c9SAnoob Joseph for (i = 0; i < nb_td; i++) { 1796622d9c9SAnoob Joseph memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data, 1806622d9c9SAnoob Joseph td_outb[i].input_text.len); 1816622d9c9SAnoob Joseph td_inb[i].output_text.len = td_outb->input_text.len; 1826622d9c9SAnoob Joseph 1830f453190STejasree Kondoj if (flags->icv_corrupt) { 1840f453190STejasree Kondoj int icv_pos = td_inb[i].input_text.len - 4; 1850f453190STejasree Kondoj td_inb[i].input_text.data[icv_pos] += 1; 1860f453190STejasree Kondoj } 187*c8234341STejasree Kondoj 188*c8234341STejasree Kondoj if (flags->udp_encap) 189*c8234341STejasree Kondoj td_inb[i].ipsec_xform.options.udp_encap = 1; 1900f453190STejasree Kondoj } 1916622d9c9SAnoob Joseph } 1926622d9c9SAnoob Joseph 1936622d9c9SAnoob Joseph void 1946622d9c9SAnoob Joseph test_ipsec_display_alg(const struct crypto_param *param1, 1956622d9c9SAnoob Joseph const struct crypto_param *param2) 1966622d9c9SAnoob Joseph { 1976622d9c9SAnoob Joseph if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) 1986622d9c9SAnoob Joseph printf("\t%s [%d]\n", 1996622d9c9SAnoob Joseph rte_crypto_aead_algorithm_strings[param1->alg.aead], 2006622d9c9SAnoob Joseph param1->key_length); 2016622d9c9SAnoob Joseph 2026622d9c9SAnoob Joseph RTE_SET_USED(param2); 2036622d9c9SAnoob Joseph } 2046622d9c9SAnoob Joseph 205474f1202SAnoob Joseph static int 206474f1202SAnoob Joseph test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) 207474f1202SAnoob Joseph { 208474f1202SAnoob Joseph int len = 0; 209474f1202SAnoob Joseph 210474f1202SAnoob Joseph if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { 211474f1202SAnoob Joseph if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { 212474f1202SAnoob Joseph if (td->ipsec_xform.tunnel.type == 213474f1202SAnoob Joseph RTE_SECURITY_IPSEC_TUNNEL_IPV4) 214474f1202SAnoob Joseph len += sizeof(struct rte_ipv4_hdr); 215474f1202SAnoob Joseph else 216474f1202SAnoob Joseph len += sizeof(struct rte_ipv6_hdr); 217474f1202SAnoob Joseph } 218474f1202SAnoob Joseph } 219474f1202SAnoob Joseph 220474f1202SAnoob Joseph return len; 221474f1202SAnoob Joseph } 222474f1202SAnoob Joseph 223474f1202SAnoob Joseph static int 224cd928003STejasree Kondoj test_ipsec_iv_verify_push(struct rte_mbuf *m, const struct ipsec_test_data *td) 225cd928003STejasree Kondoj { 226cd928003STejasree Kondoj static uint8_t iv_queue[IV_LEN_MAX * IPSEC_TEST_PACKETS_MAX]; 227cd928003STejasree Kondoj uint8_t *iv_tmp, *output_text = rte_pktmbuf_mtod(m, uint8_t *); 228cd928003STejasree Kondoj int i, iv_pos, iv_len; 229cd928003STejasree Kondoj static int index; 230cd928003STejasree Kondoj 231cd928003STejasree Kondoj if (td->aead) 232cd928003STejasree Kondoj iv_len = td->xform.aead.aead.iv.length - td->salt.len; 233cd928003STejasree Kondoj else 234cd928003STejasree Kondoj iv_len = td->xform.chain.cipher.cipher.iv.length; 235cd928003STejasree Kondoj 236cd928003STejasree Kondoj iv_pos = test_ipsec_tunnel_hdr_len_get(td) + sizeof(struct rte_esp_hdr); 237cd928003STejasree Kondoj output_text += iv_pos; 238cd928003STejasree Kondoj 239cd928003STejasree Kondoj TEST_ASSERT(iv_len <= IV_LEN_MAX, "IV length greater than supported"); 240cd928003STejasree Kondoj 241cd928003STejasree Kondoj /* Compare against previous values */ 242cd928003STejasree Kondoj for (i = 0; i < index; i++) { 243cd928003STejasree Kondoj iv_tmp = &iv_queue[i * IV_LEN_MAX]; 244cd928003STejasree Kondoj 245cd928003STejasree Kondoj if (memcmp(output_text, iv_tmp, iv_len) == 0) { 246cd928003STejasree Kondoj printf("IV repeated"); 247cd928003STejasree Kondoj return TEST_FAILED; 248cd928003STejasree Kondoj } 249cd928003STejasree Kondoj } 250cd928003STejasree Kondoj 251cd928003STejasree Kondoj /* Save IV for future comparisons */ 252cd928003STejasree Kondoj 253cd928003STejasree Kondoj iv_tmp = &iv_queue[index * IV_LEN_MAX]; 254cd928003STejasree Kondoj memcpy(iv_tmp, output_text, iv_len); 255cd928003STejasree Kondoj index++; 256cd928003STejasree Kondoj 257cd928003STejasree Kondoj if (index == IPSEC_TEST_PACKETS_MAX) 258cd928003STejasree Kondoj index = 0; 259cd928003STejasree Kondoj 260cd928003STejasree Kondoj return TEST_SUCCESS; 261cd928003STejasree Kondoj } 262cd928003STejasree Kondoj 263cd928003STejasree Kondoj static int 264474f1202SAnoob Joseph test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, 2656622d9c9SAnoob Joseph bool silent, const struct ipsec_test_flags *flags) 266474f1202SAnoob Joseph { 267474f1202SAnoob Joseph uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); 268474f1202SAnoob Joseph uint32_t skip, len = rte_pktmbuf_pkt_len(m); 269474f1202SAnoob Joseph 2700f453190STejasree Kondoj /* For negative tests, no need to do verification */ 2710f453190STejasree Kondoj if (flags->icv_corrupt && 2720f453190STejasree Kondoj td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) 2730f453190STejasree Kondoj return TEST_SUCCESS; 2740f453190STejasree Kondoj 275*c8234341STejasree Kondoj if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && 276*c8234341STejasree Kondoj flags->udp_encap) { 277*c8234341STejasree Kondoj const struct rte_ipv4_hdr *iph4; 278*c8234341STejasree Kondoj const struct rte_ipv6_hdr *iph6; 279*c8234341STejasree Kondoj 280*c8234341STejasree Kondoj if (td->ipsec_xform.tunnel.type == 281*c8234341STejasree Kondoj RTE_SECURITY_IPSEC_TUNNEL_IPV4) { 282*c8234341STejasree Kondoj iph4 = (const struct rte_ipv4_hdr *)output_text; 283*c8234341STejasree Kondoj if (iph4->next_proto_id != IPPROTO_UDP) { 284*c8234341STejasree Kondoj printf("UDP header is not found\n"); 285*c8234341STejasree Kondoj return TEST_FAILED; 286*c8234341STejasree Kondoj } 287*c8234341STejasree Kondoj } else { 288*c8234341STejasree Kondoj iph6 = (const struct rte_ipv6_hdr *)output_text; 289*c8234341STejasree Kondoj if (iph6->proto != IPPROTO_UDP) { 290*c8234341STejasree Kondoj printf("UDP header is not found\n"); 291*c8234341STejasree Kondoj return TEST_FAILED; 292*c8234341STejasree Kondoj } 293*c8234341STejasree Kondoj } 294*c8234341STejasree Kondoj 295*c8234341STejasree Kondoj len -= sizeof(struct rte_udp_hdr); 296*c8234341STejasree Kondoj output_text += sizeof(struct rte_udp_hdr); 297*c8234341STejasree Kondoj } 298*c8234341STejasree Kondoj 299474f1202SAnoob Joseph if (len != td->output_text.len) { 300474f1202SAnoob Joseph printf("Output length (%d) not matching with expected (%d)\n", 301474f1202SAnoob Joseph len, td->output_text.len); 302474f1202SAnoob Joseph return TEST_FAILED; 303474f1202SAnoob Joseph } 304474f1202SAnoob Joseph 305474f1202SAnoob Joseph skip = test_ipsec_tunnel_hdr_len_get(td); 306474f1202SAnoob Joseph 307474f1202SAnoob Joseph len -= skip; 308474f1202SAnoob Joseph output_text += skip; 309474f1202SAnoob Joseph 310474f1202SAnoob Joseph if (memcmp(output_text, td->output_text.data + skip, len)) { 311474f1202SAnoob Joseph if (silent) 312474f1202SAnoob Joseph return TEST_FAILED; 313474f1202SAnoob Joseph 314474f1202SAnoob Joseph printf("TestCase %s line %d: %s\n", __func__, __LINE__, 315474f1202SAnoob Joseph "output text not as expected\n"); 316474f1202SAnoob Joseph 317474f1202SAnoob Joseph rte_hexdump(stdout, "expected", td->output_text.data + skip, 318474f1202SAnoob Joseph len); 319474f1202SAnoob Joseph rte_hexdump(stdout, "actual", output_text, len); 320474f1202SAnoob Joseph return TEST_FAILED; 321474f1202SAnoob Joseph } 322474f1202SAnoob Joseph 3236622d9c9SAnoob Joseph return TEST_SUCCESS; 3246622d9c9SAnoob Joseph } 3256622d9c9SAnoob Joseph 3266622d9c9SAnoob Joseph static int 3276622d9c9SAnoob Joseph test_ipsec_res_d_prepare(struct rte_mbuf *m, const struct ipsec_test_data *td, 3286622d9c9SAnoob Joseph struct ipsec_test_data *res_d) 3296622d9c9SAnoob Joseph { 3306622d9c9SAnoob Joseph uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); 3316622d9c9SAnoob Joseph uint32_t len = rte_pktmbuf_pkt_len(m); 3326622d9c9SAnoob Joseph 3336622d9c9SAnoob Joseph memcpy(res_d, td, sizeof(*res_d)); 3346622d9c9SAnoob Joseph memcpy(res_d->input_text.data, output_text, len); 3356622d9c9SAnoob Joseph res_d->input_text.len = len; 3366622d9c9SAnoob Joseph 3376622d9c9SAnoob Joseph res_d->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; 3386622d9c9SAnoob Joseph if (res_d->aead) { 3396622d9c9SAnoob Joseph res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; 3406622d9c9SAnoob Joseph } else { 3416622d9c9SAnoob Joseph printf("Only AEAD supported\n"); 3426622d9c9SAnoob Joseph return TEST_SKIPPED; 3436622d9c9SAnoob Joseph } 3446622d9c9SAnoob Joseph 345474f1202SAnoob Joseph return TEST_SUCCESS; 346474f1202SAnoob Joseph } 347474f1202SAnoob Joseph 348474f1202SAnoob Joseph int 349474f1202SAnoob Joseph test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, 3506622d9c9SAnoob Joseph struct ipsec_test_data *res_d, bool silent, 3516622d9c9SAnoob Joseph const struct ipsec_test_flags *flags) 352474f1202SAnoob Joseph { 353cd928003STejasree Kondoj int ret; 354cd928003STejasree Kondoj 355cd928003STejasree Kondoj if (flags->iv_gen && 356cd928003STejasree Kondoj td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { 357cd928003STejasree Kondoj ret = test_ipsec_iv_verify_push(m, td); 358cd928003STejasree Kondoj if (ret != TEST_SUCCESS) 359cd928003STejasree Kondoj return ret; 360cd928003STejasree Kondoj } 361cd928003STejasree Kondoj 362474f1202SAnoob Joseph /* 363474f1202SAnoob Joseph * In case of known vector tests & all inbound tests, res_d provided 364474f1202SAnoob Joseph * would be NULL and output data need to be validated against expected. 365474f1202SAnoob Joseph * For inbound, output_text would be plain packet and for outbound 366474f1202SAnoob Joseph * output_text would IPsec packet. Validate by comparing against 367474f1202SAnoob Joseph * known vectors. 3686622d9c9SAnoob Joseph * 3696622d9c9SAnoob Joseph * In case of combined mode tests, the output_text from outbound 3706622d9c9SAnoob Joseph * operation (ie, IPsec packet) would need to be inbound processed to 3716622d9c9SAnoob Joseph * obtain the plain text. Copy output_text to result data, 'res_d', so 3726622d9c9SAnoob Joseph * that inbound processing can be done. 373474f1202SAnoob Joseph */ 3746622d9c9SAnoob Joseph 3756622d9c9SAnoob Joseph if (res_d == NULL) 3766622d9c9SAnoob Joseph return test_ipsec_td_verify(m, td, silent, flags); 3776622d9c9SAnoob Joseph else 3786622d9c9SAnoob Joseph return test_ipsec_res_d_prepare(m, td, res_d); 379474f1202SAnoob Joseph } 380474f1202SAnoob Joseph 381474f1202SAnoob Joseph int 382474f1202SAnoob Joseph test_ipsec_status_check(struct rte_crypto_op *op, 3836622d9c9SAnoob Joseph const struct ipsec_test_flags *flags, 384474f1202SAnoob Joseph enum rte_security_ipsec_sa_direction dir) 385474f1202SAnoob Joseph { 386474f1202SAnoob Joseph int ret = TEST_SUCCESS; 387474f1202SAnoob Joseph 3880f453190STejasree Kondoj if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) { 3890f453190STejasree Kondoj if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { 3900f453190STejasree Kondoj printf("ICV corruption test case failed\n"); 3910f453190STejasree Kondoj ret = TEST_FAILED; 3920f453190STejasree Kondoj } 3930f453190STejasree Kondoj } else { 394474f1202SAnoob Joseph if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { 395474f1202SAnoob Joseph printf("Security op processing failed\n"); 396474f1202SAnoob Joseph ret = TEST_FAILED; 397474f1202SAnoob Joseph } 3980f453190STejasree Kondoj } 399474f1202SAnoob Joseph 400474f1202SAnoob Joseph return ret; 401474f1202SAnoob Joseph } 402