1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(C) 2021 Marvell. 3 */ 4 5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_ 6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_ 7 8 #include <rte_cryptodev.h> 9 #include <rte_security.h> 10 11 #define IPSEC_TEST_PACKETS_MAX 32 12 #define IPSEC_TEXT_MAX_LEN 16384u 13 14 struct ipsec_test_data { 15 struct { 16 uint8_t data[32]; 17 } key; 18 struct { 19 uint8_t data[64]; 20 } auth_key; 21 22 struct { 23 uint8_t data[IPSEC_TEXT_MAX_LEN]; 24 unsigned int len; 25 } input_text; 26 27 struct { 28 uint8_t data[IPSEC_TEXT_MAX_LEN]; 29 unsigned int len; 30 } output_text; 31 32 struct { 33 uint8_t data[4]; 34 unsigned int len; 35 } salt; 36 37 struct { 38 uint8_t data[16]; 39 } iv; 40 41 struct rte_security_ipsec_xform ipsec_xform; 42 43 bool aead; 44 45 bool aes_gmac; 46 47 bool auth_only; 48 49 /* Antireplay packet */ 50 bool ar_packet; 51 52 union { 53 struct { 54 struct rte_crypto_sym_xform cipher; 55 struct rte_crypto_sym_xform auth; 56 } chain; 57 struct rte_crypto_sym_xform aead; 58 } xform; 59 }; 60 61 enum df_flags { 62 TEST_IPSEC_COPY_DF_INNER_0 = 1, 63 TEST_IPSEC_COPY_DF_INNER_1, 64 TEST_IPSEC_SET_DF_0_INNER_1, 65 TEST_IPSEC_SET_DF_1_INNER_0, 66 }; 67 68 #define TEST_IPSEC_DSCP_VAL 0x12 69 70 enum dscp_flags { 71 TEST_IPSEC_COPY_DSCP_INNER_0 = 1, 72 TEST_IPSEC_COPY_DSCP_INNER_1, 73 TEST_IPSEC_SET_DSCP_0_INNER_1, 74 TEST_IPSEC_SET_DSCP_1_INNER_0, 75 }; 76 77 #define TEST_IPSEC_FLABEL_VAL 0x1234 78 79 enum flabel_flags { 80 TEST_IPSEC_COPY_FLABEL_INNER_0 = 1, 81 TEST_IPSEC_COPY_FLABEL_INNER_1, 82 TEST_IPSEC_SET_FLABEL_0_INNER_1, 83 TEST_IPSEC_SET_FLABEL_1_INNER_0, 84 }; 85 86 struct ipsec_test_flags { 87 bool display_alg; 88 bool sa_expiry_pkts_soft; 89 bool sa_expiry_pkts_hard; 90 bool sa_expiry_bytes_soft; 91 bool sa_expiry_bytes_hard; 92 bool icv_corrupt; 93 bool iv_gen; 94 uint32_t tunnel_hdr_verify; 95 bool udp_encap; 96 bool udp_ports_verify; 97 bool udp_encap_custom_ports; 98 bool ip_csum; 99 bool l4_csum; 100 bool ipv6; 101 bool tunnel_ipv6; 102 bool transport; 103 bool fragment; 104 bool stats_success; 105 bool antireplay; 106 enum df_flags df; 107 enum dscp_flags dscp; 108 enum flabel_flags flabel; 109 bool dec_ttl_or_hop_limit; 110 bool ah; 111 uint32_t plaintext_len; 112 int nb_segs_in_mbuf; 113 }; 114 115 struct crypto_param { 116 enum rte_crypto_sym_xform_type type; 117 union { 118 enum rte_crypto_cipher_algorithm cipher; 119 enum rte_crypto_auth_algorithm auth; 120 enum rte_crypto_aead_algorithm aead; 121 } alg; 122 uint16_t key_length; 123 uint16_t iv_length; 124 uint16_t digest_length; 125 }; 126 127 static const struct crypto_param aead_list[] = { 128 { 129 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 130 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 131 .key_length = 16, 132 }, 133 { 134 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 135 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 136 .key_length = 24, 137 }, 138 { 139 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 140 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 141 .key_length = 32, 142 }, 143 { 144 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 145 .alg.aead = RTE_CRYPTO_AEAD_AES_CCM, 146 .key_length = 32 147 }, 148 }; 149 150 static const struct crypto_param cipher_list[] = { 151 { 152 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 153 .alg.cipher = RTE_CRYPTO_CIPHER_NULL, 154 .key_length = 0, 155 .iv_length = 0, 156 }, 157 { 158 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 159 .alg.cipher = RTE_CRYPTO_CIPHER_DES_CBC, 160 .key_length = 8, 161 .iv_length = 8, 162 }, 163 { 164 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 165 .alg.cipher = RTE_CRYPTO_CIPHER_3DES_CBC, 166 .key_length = 24, 167 .iv_length = 8, 168 }, 169 { 170 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 171 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC, 172 .key_length = 16, 173 .iv_length = 16, 174 }, 175 { 176 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 177 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 178 .key_length = 16, 179 .iv_length = 16, 180 }, 181 { 182 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 183 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 184 .key_length = 24, 185 .iv_length = 16, 186 }, 187 { 188 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 189 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 190 .key_length = 32, 191 .iv_length = 16, 192 }, 193 }; 194 195 static const struct crypto_param auth_list[] = { 196 { 197 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 198 .alg.auth = RTE_CRYPTO_AUTH_NULL, 199 }, 200 { 201 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 202 .alg.auth = RTE_CRYPTO_AUTH_MD5_HMAC, 203 .key_length = 16, 204 .digest_length = 12, 205 }, 206 { 207 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 208 .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC, 209 .key_length = 32, 210 .digest_length = 16, 211 }, 212 { 213 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 214 .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC, 215 .key_length = 48, 216 .digest_length = 24, 217 }, 218 { 219 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 220 .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC, 221 .key_length = 64, 222 .digest_length = 32, 223 }, 224 { 225 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 226 .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 227 .key_length = 16, 228 .digest_length = 12, 229 }, 230 { 231 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 232 .alg.auth = RTE_CRYPTO_AUTH_AES_GMAC, 233 .key_length = 16, 234 .digest_length = 16, 235 .iv_length = 12, 236 }, 237 }; 238 239 struct crypto_param_comb { 240 const struct crypto_param *param1; 241 const struct crypto_param *param2; 242 }; 243 244 extern struct ipsec_test_data pkt_aes_256_gcm; 245 extern struct ipsec_test_data pkt_aes_256_gcm_v6; 246 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256; 247 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6; 248 249 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) + 250 (RTE_DIM(cipher_list) * 251 RTE_DIM(auth_list))]; 252 253 extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)]; 254 255 void test_ipsec_alg_list_populate(void); 256 257 void test_ipsec_ah_alg_list_populate(void); 258 259 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, 260 const struct rte_security_capability *sec_cap, 261 bool silent); 262 263 int test_ipsec_crypto_caps_aead_verify( 264 const struct rte_security_capability *sec_cap, 265 struct rte_crypto_sym_xform *aead); 266 267 int test_ipsec_crypto_caps_cipher_verify( 268 const struct rte_security_capability *sec_cap, 269 struct rte_crypto_sym_xform *cipher); 270 271 int test_ipsec_crypto_caps_auth_verify( 272 const struct rte_security_capability *sec_cap, 273 struct rte_crypto_sym_xform *auth); 274 275 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, 276 struct ipsec_test_data *td_in); 277 278 void test_ipsec_td_prepare(const struct crypto_param *param1, 279 const struct crypto_param *param2, 280 const struct ipsec_test_flags *flags, 281 struct ipsec_test_data *td_array, 282 int nb_td); 283 284 void test_ipsec_td_update(struct ipsec_test_data td_inb[], 285 const struct ipsec_test_data td_outb[], 286 int nb_td, 287 const struct ipsec_test_flags *flags); 288 289 void test_ipsec_display_alg(const struct crypto_param *param1, 290 const struct crypto_param *param2); 291 292 int test_ipsec_post_process(const struct rte_mbuf *m, 293 const struct ipsec_test_data *td, 294 struct ipsec_test_data *res_d, bool silent, 295 const struct ipsec_test_flags *flags); 296 297 int test_ipsec_status_check(const struct ipsec_test_data *td, 298 struct rte_crypto_op *op, 299 const struct ipsec_test_flags *flags, 300 enum rte_security_ipsec_sa_direction dir, 301 int pkt_num); 302 303 int test_ipsec_stats_verify(struct rte_security_ctx *ctx, 304 void *sess, 305 const struct ipsec_test_flags *flags, 306 enum rte_security_ipsec_sa_direction dir); 307 308 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags); 309 310 #endif 311