diff mbox series

[API-NEXT,v2,7/8] validation: ipsec: check authentication key length is supported

Message ID 1510192807-13538-8-git-send-email-odpbot@yandex.ru
State Superseded
Headers show
Series [API-NEXT,v2,1/8] linux-gen: ipsec: use counter instead of random IV for GCM | expand

Commit Message

Github ODP bot Nov. 9, 2017, 2 a.m. UTC
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Add check through auth capabilities, verifying that key length is
supported.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: d22c949cc466bf28de559855a1cb525740578137
 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f
 **/
 test/validation/api/ipsec/ipsec.c | 32 ++++++++++++++++++++++++--------
 test/validation/api/ipsec/ipsec.h | 11 ++++++-----
 2 files changed, 30 insertions(+), 13 deletions(-)
diff mbox series

Patch

diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c
index a8fdf2b14..fb5f7863e 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -119,13 +119,14 @@  static void pktio_stop(odp_pktio_t pktio)
 int ipsec_check(odp_bool_t ah,
 		odp_cipher_alg_t cipher,
 		uint32_t cipher_bits,
-		odp_auth_alg_t auth)
+		odp_auth_alg_t auth,
+		uint32_t auth_bits)
 {
 	odp_ipsec_capability_t capa;
 	odp_crypto_cipher_capability_t cipher_capa[MAX_ALG_CAPA];
 	odp_crypto_auth_capability_t   auth_capa[MAX_ALG_CAPA];
 	int i, num;
-	odp_bool_t found = false;
+	odp_bool_t found;
 
 	if (odp_ipsec_capability(&capa) < 0)
 		return ODP_TEST_INACTIVE;
@@ -212,6 +213,7 @@  int ipsec_check(odp_bool_t ah,
 	}
 
 	/* Search for the test case */
+	found = false;
 	for (i = 0; i < num; i++) {
 		if (cipher_capa[i].key_len == cipher_bits / 8) {
 			found = 1;
@@ -230,42 +232,56 @@  int ipsec_check(odp_bool_t ah,
 		return ODP_TEST_INACTIVE;
 	}
 
+	/* Search for the test case */
+	found = false;
+	for (i = 0; i < num; i++) {
+		if (auth_capa[i].key_len == auth_bits / 8) {
+			found = 1;
+			break;
+		}
+	}
+
+	if (!found) {
+		fprintf(stderr, "Unsupported auth key length\n");
+		return ODP_TEST_INACTIVE;
+	}
+
 	return ODP_TEST_ACTIVE;
 }
 
 int ipsec_check_ah_sha256(void)
 {
-	return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC);
+	return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC, 256);
 }
 
 int ipsec_check_esp_null_sha256(void)
 {
 	return  ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0,
-				ODP_AUTH_ALG_SHA256_HMAC);
+				ODP_AUTH_ALG_SHA256_HMAC, 256);
 }
 
 int ipsec_check_esp_aes_cbc_128_null(void)
 {
 	return  ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, 128,
-				ODP_AUTH_ALG_NULL);
+				ODP_AUTH_ALG_NULL, 0);
 }
 
 int ipsec_check_esp_aes_cbc_128_sha256(void)
 {
 	return  ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, 128,
-				ODP_AUTH_ALG_SHA256_HMAC);
+				ODP_AUTH_ALG_SHA256_HMAC, 256);
 }
 
 int ipsec_check_esp_aes_gcm_128(void)
 {
 	return  ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 128,
-				ODP_AUTH_ALG_AES_GCM);
+				ODP_AUTH_ALG_AES_GCM, 0);
 }
 
 int ipsec_check_esp_aes_gcm_256(void)
 {
 	return  ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 256,
-				ODP_AUTH_ALG_AES_GCM);
+				ODP_AUTH_ALG_AES_GCM, 0);
 }
 
 void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h
index d1c6854b7..9dd0feabf 100644
--- a/test/validation/api/ipsec/ipsec.h
+++ b/test/validation/api/ipsec/ipsec.h
@@ -74,11 +74,12 @@  void ipsec_check_out_in_one(const ipsec_test_part *part,
 int ipsec_check(odp_bool_t ah,
 		odp_cipher_alg_t cipher,
 		uint32_t cipher_bits,
-		odp_auth_alg_t auth);
-#define ipsec_check_ah(auth) \
-	ipsec_check(true, ODP_CIPHER_ALG_NULL, 0, auth)
-#define ipsec_check_esp(cipher, cipher_bits, auth) \
-	ipsec_check(false, cipher, cipher_bits, auth)
+		odp_auth_alg_t auth,
+		uint32_t auth_bits);
+#define ipsec_check_ah(auth, auth_bits) \
+	ipsec_check(true, ODP_CIPHER_ALG_NULL, 0, auth, auth_bits)
+#define ipsec_check_esp(cipher, cipher_bits, auth, auth_bits) \
+	ipsec_check(false, cipher, cipher_bits, auth, auth_bits)
 int ipsec_check_ah_sha256(void);
 int ipsec_check_esp_null_sha256(void);
 int ipsec_check_esp_aes_cbc_128_null(void);