1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(C) 2021 Marvell. 3 */ 4 5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_ 6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_ 7 8 #include <rte_cryptodev.h> 9 #include <rte_security.h> 10 11 #define IPSEC_TEST_PACKETS_MAX 32 12 13 struct ipsec_test_data { 14 struct { 15 uint8_t data[32]; 16 } key; 17 struct { 18 uint8_t data[64]; 19 } auth_key; 20 21 struct { 22 uint8_t data[1024]; 23 unsigned int len; 24 } input_text; 25 26 struct { 27 uint8_t data[1024]; 28 unsigned int len; 29 } output_text; 30 31 struct { 32 uint8_t data[4]; 33 unsigned int len; 34 } salt; 35 36 struct { 37 uint8_t data[16]; 38 } iv; 39 40 struct rte_security_ipsec_xform ipsec_xform; 41 42 bool aead; 43 44 union { 45 struct { 46 struct rte_crypto_sym_xform cipher; 47 struct rte_crypto_sym_xform auth; 48 } chain; 49 struct rte_crypto_sym_xform aead; 50 } xform; 51 }; 52 53 enum df_flags { 54 TEST_IPSEC_COPY_DF_INNER_0 = 1, 55 TEST_IPSEC_COPY_DF_INNER_1, 56 TEST_IPSEC_SET_DF_0_INNER_1, 57 TEST_IPSEC_SET_DF_1_INNER_0, 58 }; 59 60 struct ipsec_test_flags { 61 bool display_alg; 62 bool sa_expiry_pkts_soft; 63 bool sa_expiry_pkts_hard; 64 bool icv_corrupt; 65 bool iv_gen; 66 uint32_t tunnel_hdr_verify; 67 bool udp_encap; 68 bool udp_ports_verify; 69 bool ip_csum; 70 bool l4_csum; 71 bool ipv6; 72 bool tunnel_ipv6; 73 bool transport; 74 bool fragment; 75 bool stats_success; 76 enum df_flags df; 77 }; 78 79 struct crypto_param { 80 enum rte_crypto_sym_xform_type type; 81 union { 82 enum rte_crypto_cipher_algorithm cipher; 83 enum rte_crypto_auth_algorithm auth; 84 enum rte_crypto_aead_algorithm aead; 85 } alg; 86 uint16_t key_length; 87 uint16_t iv_length; 88 uint16_t digest_length; 89 }; 90 91 static const struct crypto_param aead_list[] = { 92 { 93 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 94 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 95 .key_length = 16, 96 }, 97 { 98 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 99 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 100 .key_length = 24, 101 }, 102 { 103 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 104 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 105 .key_length = 32 106 }, 107 }; 108 109 static const struct crypto_param cipher_list[] = { 110 { 111 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 112 .alg.cipher = RTE_CRYPTO_CIPHER_NULL, 113 .key_length = 0, 114 .iv_length = 0, 115 }, 116 { 117 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 118 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC, 119 .key_length = 16, 120 .iv_length = 16, 121 }, 122 { 123 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 124 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 125 .key_length = 16, 126 .iv_length = 16, 127 }, 128 { 129 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 130 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 131 .key_length = 24, 132 .iv_length = 16, 133 }, 134 { 135 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 136 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 137 .key_length = 32, 138 .iv_length = 16, 139 }, 140 }; 141 142 static const struct crypto_param auth_list[] = { 143 { 144 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 145 .alg.auth = RTE_CRYPTO_AUTH_NULL, 146 }, 147 { 148 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 149 .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC, 150 .key_length = 32, 151 .digest_length = 16, 152 }, 153 { 154 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 155 .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC, 156 .key_length = 48, 157 .digest_length = 24, 158 }, 159 { 160 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 161 .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC, 162 .key_length = 64, 163 .digest_length = 32, 164 }, 165 { 166 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 167 .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 168 .key_length = 16, 169 .digest_length = 12, 170 }, 171 }; 172 173 struct crypto_param_comb { 174 const struct crypto_param *param1; 175 const struct crypto_param *param2; 176 }; 177 178 extern struct ipsec_test_data pkt_aes_256_gcm; 179 extern struct ipsec_test_data pkt_aes_256_gcm_v6; 180 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256; 181 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6; 182 183 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) + 184 (RTE_DIM(cipher_list) * 185 RTE_DIM(auth_list))]; 186 187 void test_ipsec_alg_list_populate(void); 188 189 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, 190 const struct rte_security_capability *sec_cap, 191 bool silent); 192 193 int test_ipsec_crypto_caps_aead_verify( 194 const struct rte_security_capability *sec_cap, 195 struct rte_crypto_sym_xform *aead); 196 197 int test_ipsec_crypto_caps_cipher_verify( 198 const struct rte_security_capability *sec_cap, 199 struct rte_crypto_sym_xform *cipher); 200 201 int test_ipsec_crypto_caps_auth_verify( 202 const struct rte_security_capability *sec_cap, 203 struct rte_crypto_sym_xform *auth); 204 205 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, 206 struct ipsec_test_data *td_in); 207 208 void test_ipsec_td_prepare(const struct crypto_param *param1, 209 const struct crypto_param *param2, 210 const struct ipsec_test_flags *flags, 211 struct ipsec_test_data *td_array, 212 int nb_td); 213 214 void test_ipsec_td_update(struct ipsec_test_data td_inb[], 215 const struct ipsec_test_data td_outb[], 216 int nb_td, 217 const struct ipsec_test_flags *flags); 218 219 void test_ipsec_display_alg(const struct crypto_param *param1, 220 const struct crypto_param *param2); 221 222 int test_ipsec_post_process(struct rte_mbuf *m, 223 const struct ipsec_test_data *td, 224 struct ipsec_test_data *res_d, bool silent, 225 const struct ipsec_test_flags *flags); 226 227 int test_ipsec_status_check(struct rte_crypto_op *op, 228 const struct ipsec_test_flags *flags, 229 enum rte_security_ipsec_sa_direction dir, 230 int pkt_num); 231 232 int test_ipsec_stats_verify(struct rte_security_ctx *ctx, 233 struct rte_security_session *sess, 234 const struct ipsec_test_flags *flags, 235 enum rte_security_ipsec_sa_direction dir); 236 237 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags); 238 239 #endif 240