xref: /dpdk/app/test/test_cryptodev_security_ipsec.h (revision 515cd4a488b6a0c6e40d20e6b10d8e89657dc23f) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(C) 2021 Marvell.
3  */
4 
5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
7 
8 #include <rte_cryptodev.h>
9 #include <rte_security.h>
10 
11 #define IPSEC_TEST_PACKETS_MAX 32
12 
13 struct ipsec_test_data {
14 	struct {
15 		uint8_t data[32];
16 	} key;
17 	struct {
18 		uint8_t data[64];
19 	} auth_key;
20 
21 	struct {
22 		uint8_t data[1024];
23 		unsigned int len;
24 	} input_text;
25 
26 	struct {
27 		uint8_t data[1024];
28 		unsigned int len;
29 	} output_text;
30 
31 	struct {
32 		uint8_t data[4];
33 		unsigned int len;
34 	} salt;
35 
36 	struct {
37 		uint8_t data[16];
38 	} iv;
39 
40 	struct rte_security_ipsec_xform ipsec_xform;
41 
42 	bool aead;
43 
44 	bool aes_gmac;
45 
46 	bool auth_only;
47 
48 	/* Antireplay packet */
49 	bool ar_packet;
50 
51 	union {
52 		struct {
53 			struct rte_crypto_sym_xform cipher;
54 			struct rte_crypto_sym_xform auth;
55 		} chain;
56 		struct rte_crypto_sym_xform aead;
57 	} xform;
58 };
59 
60 enum df_flags {
61 	TEST_IPSEC_COPY_DF_INNER_0 = 1,
62 	TEST_IPSEC_COPY_DF_INNER_1,
63 	TEST_IPSEC_SET_DF_0_INNER_1,
64 	TEST_IPSEC_SET_DF_1_INNER_0,
65 };
66 
67 #define TEST_IPSEC_DSCP_VAL 0x12
68 
69 enum dscp_flags {
70 	TEST_IPSEC_COPY_DSCP_INNER_0 = 1,
71 	TEST_IPSEC_COPY_DSCP_INNER_1,
72 	TEST_IPSEC_SET_DSCP_0_INNER_1,
73 	TEST_IPSEC_SET_DSCP_1_INNER_0,
74 };
75 
76 #define TEST_IPSEC_FLABEL_VAL 0x1234
77 
78 enum flabel_flags {
79 	TEST_IPSEC_COPY_FLABEL_INNER_0 = 1,
80 	TEST_IPSEC_COPY_FLABEL_INNER_1,
81 	TEST_IPSEC_SET_FLABEL_0_INNER_1,
82 	TEST_IPSEC_SET_FLABEL_1_INNER_0,
83 };
84 
85 struct ipsec_test_flags {
86 	bool display_alg;
87 	bool sa_expiry_pkts_soft;
88 	bool sa_expiry_pkts_hard;
89 	bool sa_expiry_bytes_soft;
90 	bool sa_expiry_bytes_hard;
91 	bool icv_corrupt;
92 	bool iv_gen;
93 	uint32_t tunnel_hdr_verify;
94 	bool udp_encap;
95 	bool udp_ports_verify;
96 	bool ip_csum;
97 	bool l4_csum;
98 	bool ipv6;
99 	bool tunnel_ipv6;
100 	bool transport;
101 	bool fragment;
102 	bool stats_success;
103 	bool antireplay;
104 	enum df_flags df;
105 	enum dscp_flags dscp;
106 	enum flabel_flags flabel;
107 	bool dec_ttl_or_hop_limit;
108 	bool ah;
109 };
110 
111 struct crypto_param {
112 	enum rte_crypto_sym_xform_type type;
113 	union {
114 		enum rte_crypto_cipher_algorithm cipher;
115 		enum rte_crypto_auth_algorithm auth;
116 		enum rte_crypto_aead_algorithm aead;
117 	} alg;
118 	uint16_t key_length;
119 	uint16_t iv_length;
120 	uint16_t digest_length;
121 };
122 
123 static const struct crypto_param aead_list[] = {
124 	{
125 		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
126 		.alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
127 		.key_length = 16,
128 	},
129 	{
130 		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
131 		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
132 		.key_length = 24,
133 	},
134 	{
135 		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
136 		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
137 		.key_length = 32,
138 	},
139 	{
140 		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
141 		.alg.aead = RTE_CRYPTO_AEAD_AES_CCM,
142 		.key_length = 32
143 	},
144 };
145 
146 static const struct crypto_param cipher_list[] = {
147 	{
148 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
149 		.alg.cipher =  RTE_CRYPTO_CIPHER_NULL,
150 		.key_length = 0,
151 		.iv_length = 0,
152 	},
153 	{
154 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
155 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
156 		.key_length = 16,
157 		.iv_length = 16,
158 	},
159 	{
160 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
161 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
162 		.key_length = 16,
163 		.iv_length = 16,
164 	},
165 	{
166 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
167 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
168 		.key_length = 24,
169 		.iv_length = 16,
170 	},
171 	{
172 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
173 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
174 		.key_length = 32,
175 		.iv_length = 16,
176 	},
177 };
178 
179 static const struct crypto_param auth_list[] = {
180 	{
181 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
182 		.alg.auth =  RTE_CRYPTO_AUTH_NULL,
183 	},
184 	{
185 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
186 		.alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
187 		.key_length = 32,
188 		.digest_length = 16,
189 	},
190 	{
191 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
192 		.alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
193 		.key_length = 48,
194 		.digest_length = 24,
195 	},
196 	{
197 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
198 		.alg.auth =  RTE_CRYPTO_AUTH_SHA512_HMAC,
199 		.key_length = 64,
200 		.digest_length = 32,
201 	},
202 	{
203 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
204 		.alg.auth =  RTE_CRYPTO_AUTH_AES_XCBC_MAC,
205 		.key_length = 16,
206 		.digest_length = 12,
207 	},
208 	{
209 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
210 		.alg.auth =  RTE_CRYPTO_AUTH_AES_GMAC,
211 		.key_length = 16,
212 		.digest_length = 16,
213 		.iv_length = 12,
214 	},
215 };
216 
217 struct crypto_param_comb {
218 	const struct crypto_param *param1;
219 	const struct crypto_param *param2;
220 };
221 
222 extern struct ipsec_test_data pkt_aes_256_gcm;
223 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
224 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
225 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
226 
227 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
228 					 (RTE_DIM(cipher_list) *
229 					  RTE_DIM(auth_list))];
230 
231 extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)];
232 
233 void test_ipsec_alg_list_populate(void);
234 
235 void test_ipsec_ah_alg_list_populate(void);
236 
237 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
238 			       const struct rte_security_capability *sec_cap,
239 			       bool silent);
240 
241 int test_ipsec_crypto_caps_aead_verify(
242 		const struct rte_security_capability *sec_cap,
243 		struct rte_crypto_sym_xform *aead);
244 
245 int test_ipsec_crypto_caps_cipher_verify(
246 		const struct rte_security_capability *sec_cap,
247 		struct rte_crypto_sym_xform *cipher);
248 
249 int test_ipsec_crypto_caps_auth_verify(
250 		const struct rte_security_capability *sec_cap,
251 		struct rte_crypto_sym_xform *auth);
252 
253 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
254 			       struct ipsec_test_data *td_in);
255 
256 void test_ipsec_td_prepare(const struct crypto_param *param1,
257 			   const struct crypto_param *param2,
258 			   const struct ipsec_test_flags *flags,
259 			   struct ipsec_test_data *td_array,
260 			   int nb_td);
261 
262 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
263 			  const struct ipsec_test_data td_outb[],
264 			  int nb_td,
265 			  const struct ipsec_test_flags *flags);
266 
267 void test_ipsec_display_alg(const struct crypto_param *param1,
268 			    const struct crypto_param *param2);
269 
270 int test_ipsec_post_process(struct rte_mbuf *m,
271 			    const struct ipsec_test_data *td,
272 			    struct ipsec_test_data *res_d, bool silent,
273 			    const struct ipsec_test_flags *flags);
274 
275 int test_ipsec_status_check(const struct ipsec_test_data *td,
276 			    struct rte_crypto_op *op,
277 			    const struct ipsec_test_flags *flags,
278 			    enum rte_security_ipsec_sa_direction dir,
279 			    int pkt_num);
280 
281 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
282 			    struct rte_security_session *sess,
283 			    const struct ipsec_test_flags *flags,
284 			    enum rte_security_ipsec_sa_direction dir);
285 
286 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
287 
288 #endif
289