1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(C) 2021 Marvell. 3 */ 4 5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_ 6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_ 7 8 #include <rte_cryptodev.h> 9 #include <rte_security.h> 10 11 #define IPSEC_TEST_PACKETS_MAX 32 12 #define IPSEC_TEXT_MAX_LEN 16384u 13 14 struct ipsec_test_data { 15 struct { 16 uint8_t data[32]; 17 } key; 18 struct { 19 uint8_t data[64]; 20 } auth_key; 21 22 struct { 23 uint8_t data[IPSEC_TEXT_MAX_LEN]; 24 unsigned int len; 25 } input_text; 26 27 struct { 28 uint8_t data[IPSEC_TEXT_MAX_LEN]; 29 unsigned int len; 30 } output_text; 31 32 struct { 33 uint8_t data[4]; 34 unsigned int len; 35 } salt; 36 37 struct { 38 uint8_t data[16]; 39 } iv; 40 41 struct rte_security_ipsec_xform ipsec_xform; 42 43 bool aead; 44 45 bool aes_gmac; 46 47 bool auth_only; 48 49 /* Antireplay packet */ 50 bool ar_packet; 51 52 union { 53 struct { 54 struct rte_crypto_sym_xform cipher; 55 struct rte_crypto_sym_xform auth; 56 } chain; 57 struct rte_crypto_sym_xform aead; 58 } xform; 59 }; 60 61 enum df_flags { 62 TEST_IPSEC_COPY_DF_INNER_0 = 1, 63 TEST_IPSEC_COPY_DF_INNER_1, 64 TEST_IPSEC_SET_DF_0_INNER_1, 65 TEST_IPSEC_SET_DF_1_INNER_0, 66 }; 67 68 #define TEST_IPSEC_DSCP_VAL 0x12 69 70 enum dscp_flags { 71 TEST_IPSEC_COPY_DSCP_INNER_0 = 1, 72 TEST_IPSEC_COPY_DSCP_INNER_1, 73 TEST_IPSEC_SET_DSCP_0_INNER_1, 74 TEST_IPSEC_SET_DSCP_1_INNER_0, 75 }; 76 77 #define TEST_IPSEC_FLABEL_VAL 0x1234 78 79 enum flabel_flags { 80 TEST_IPSEC_COPY_FLABEL_INNER_0 = 1, 81 TEST_IPSEC_COPY_FLABEL_INNER_1, 82 TEST_IPSEC_SET_FLABEL_0_INNER_1, 83 TEST_IPSEC_SET_FLABEL_1_INNER_0, 84 }; 85 86 struct ipsec_test_flags { 87 bool display_alg; 88 bool sa_expiry_pkts_soft; 89 bool sa_expiry_pkts_hard; 90 bool sa_expiry_bytes_soft; 91 bool sa_expiry_bytes_hard; 92 bool icv_corrupt; 93 bool iv_gen; 94 uint32_t tunnel_hdr_verify; 95 bool udp_encap; 96 bool udp_ports_verify; 97 bool udp_encap_custom_ports; 98 bool ip_csum; 99 bool l4_csum; 100 bool ipv6; 101 bool tunnel_ipv6; 102 bool transport; 103 bool fragment; 104 bool stats_success; 105 bool antireplay; 106 enum df_flags df; 107 enum dscp_flags dscp; 108 enum flabel_flags flabel; 109 bool dec_ttl_or_hop_limit; 110 bool ah; 111 uint32_t plaintext_len; 112 }; 113 114 struct crypto_param { 115 enum rte_crypto_sym_xform_type type; 116 union { 117 enum rte_crypto_cipher_algorithm cipher; 118 enum rte_crypto_auth_algorithm auth; 119 enum rte_crypto_aead_algorithm aead; 120 } alg; 121 uint16_t key_length; 122 uint16_t iv_length; 123 uint16_t digest_length; 124 }; 125 126 static const struct crypto_param aead_list[] = { 127 { 128 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 129 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 130 .key_length = 16, 131 }, 132 { 133 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 134 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 135 .key_length = 24, 136 }, 137 { 138 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 139 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 140 .key_length = 32, 141 }, 142 { 143 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 144 .alg.aead = RTE_CRYPTO_AEAD_AES_CCM, 145 .key_length = 32 146 }, 147 }; 148 149 static const struct crypto_param cipher_list[] = { 150 { 151 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 152 .alg.cipher = RTE_CRYPTO_CIPHER_NULL, 153 .key_length = 0, 154 .iv_length = 0, 155 }, 156 { 157 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 158 .alg.cipher = RTE_CRYPTO_CIPHER_DES_CBC, 159 .key_length = 8, 160 .iv_length = 8, 161 }, 162 { 163 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 164 .alg.cipher = RTE_CRYPTO_CIPHER_3DES_CBC, 165 .key_length = 24, 166 .iv_length = 8, 167 }, 168 { 169 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 170 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC, 171 .key_length = 16, 172 .iv_length = 16, 173 }, 174 { 175 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 176 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 177 .key_length = 16, 178 .iv_length = 16, 179 }, 180 { 181 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 182 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 183 .key_length = 24, 184 .iv_length = 16, 185 }, 186 { 187 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 188 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 189 .key_length = 32, 190 .iv_length = 16, 191 }, 192 }; 193 194 static const struct crypto_param auth_list[] = { 195 { 196 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 197 .alg.auth = RTE_CRYPTO_AUTH_NULL, 198 }, 199 { 200 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 201 .alg.auth = RTE_CRYPTO_AUTH_MD5_HMAC, 202 .key_length = 16, 203 .digest_length = 12, 204 }, 205 { 206 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 207 .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC, 208 .key_length = 32, 209 .digest_length = 16, 210 }, 211 { 212 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 213 .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC, 214 .key_length = 48, 215 .digest_length = 24, 216 }, 217 { 218 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 219 .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC, 220 .key_length = 64, 221 .digest_length = 32, 222 }, 223 { 224 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 225 .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 226 .key_length = 16, 227 .digest_length = 12, 228 }, 229 { 230 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 231 .alg.auth = RTE_CRYPTO_AUTH_AES_GMAC, 232 .key_length = 16, 233 .digest_length = 16, 234 .iv_length = 12, 235 }, 236 }; 237 238 struct crypto_param_comb { 239 const struct crypto_param *param1; 240 const struct crypto_param *param2; 241 }; 242 243 extern struct ipsec_test_data pkt_aes_256_gcm; 244 extern struct ipsec_test_data pkt_aes_256_gcm_v6; 245 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256; 246 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6; 247 248 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) + 249 (RTE_DIM(cipher_list) * 250 RTE_DIM(auth_list))]; 251 252 extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)]; 253 254 void test_ipsec_alg_list_populate(void); 255 256 void test_ipsec_ah_alg_list_populate(void); 257 258 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, 259 const struct rte_security_capability *sec_cap, 260 bool silent); 261 262 int test_ipsec_crypto_caps_aead_verify( 263 const struct rte_security_capability *sec_cap, 264 struct rte_crypto_sym_xform *aead); 265 266 int test_ipsec_crypto_caps_cipher_verify( 267 const struct rte_security_capability *sec_cap, 268 struct rte_crypto_sym_xform *cipher); 269 270 int test_ipsec_crypto_caps_auth_verify( 271 const struct rte_security_capability *sec_cap, 272 struct rte_crypto_sym_xform *auth); 273 274 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, 275 struct ipsec_test_data *td_in); 276 277 void test_ipsec_td_prepare(const struct crypto_param *param1, 278 const struct crypto_param *param2, 279 const struct ipsec_test_flags *flags, 280 struct ipsec_test_data *td_array, 281 int nb_td); 282 283 void test_ipsec_td_update(struct ipsec_test_data td_inb[], 284 const struct ipsec_test_data td_outb[], 285 int nb_td, 286 const struct ipsec_test_flags *flags); 287 288 void test_ipsec_display_alg(const struct crypto_param *param1, 289 const struct crypto_param *param2); 290 291 int test_ipsec_post_process(struct rte_mbuf *m, 292 const struct ipsec_test_data *td, 293 struct ipsec_test_data *res_d, bool silent, 294 const struct ipsec_test_flags *flags); 295 296 int test_ipsec_status_check(const struct ipsec_test_data *td, 297 struct rte_crypto_op *op, 298 const struct ipsec_test_flags *flags, 299 enum rte_security_ipsec_sa_direction dir, 300 int pkt_num); 301 302 int test_ipsec_stats_verify(struct rte_security_ctx *ctx, 303 void *sess, 304 const struct ipsec_test_flags *flags, 305 enum rte_security_ipsec_sa_direction dir); 306 307 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags); 308 309 #endif 310