1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(C) 2021 Marvell. 3 */ 4 5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_ 6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_ 7 8 #include <rte_cryptodev.h> 9 #include <rte_security.h> 10 11 #define IPSEC_TEST_PACKETS_MAX 32 12 #define IPSEC_TEXT_MAX_LEN 16384u 13 14 struct ipsec_test_data { 15 struct { 16 uint8_t data[32]; 17 } key; 18 struct { 19 uint8_t data[64]; 20 } auth_key; 21 22 struct { 23 uint8_t data[IPSEC_TEXT_MAX_LEN]; 24 unsigned int len; 25 } input_text; 26 27 struct { 28 uint8_t data[IPSEC_TEXT_MAX_LEN]; 29 unsigned int len; 30 } output_text; 31 32 struct { 33 uint8_t data[4]; 34 unsigned int len; 35 } salt; 36 37 struct { 38 uint8_t data[16]; 39 } iv; 40 41 struct rte_security_ipsec_xform ipsec_xform; 42 43 bool aead; 44 45 bool aes_gmac; 46 47 bool auth_only; 48 49 /* Antireplay packet */ 50 bool ar_packet; 51 52 union { 53 struct { 54 struct rte_crypto_sym_xform cipher; 55 struct rte_crypto_sym_xform auth; 56 } chain; 57 struct rte_crypto_sym_xform aead; 58 } xform; 59 }; 60 61 enum df_flags { 62 TEST_IPSEC_COPY_DF_INNER_0 = 1, 63 TEST_IPSEC_COPY_DF_INNER_1, 64 TEST_IPSEC_SET_DF_0_INNER_1, 65 TEST_IPSEC_SET_DF_1_INNER_0, 66 }; 67 68 #define TEST_IPSEC_DSCP_VAL 0x12 69 70 enum dscp_flags { 71 TEST_IPSEC_COPY_DSCP_INNER_0 = 1, 72 TEST_IPSEC_COPY_DSCP_INNER_1, 73 TEST_IPSEC_SET_DSCP_0_INNER_1, 74 TEST_IPSEC_SET_DSCP_1_INNER_0, 75 }; 76 77 #define TEST_IPSEC_FLABEL_VAL 0x1234 78 79 enum flabel_flags { 80 TEST_IPSEC_COPY_FLABEL_INNER_0 = 1, 81 TEST_IPSEC_COPY_FLABEL_INNER_1, 82 TEST_IPSEC_SET_FLABEL_0_INNER_1, 83 TEST_IPSEC_SET_FLABEL_1_INNER_0, 84 }; 85 86 struct ipsec_test_flags { 87 bool display_alg; 88 bool sa_expiry_pkts_soft; 89 bool sa_expiry_pkts_hard; 90 bool sa_expiry_bytes_soft; 91 bool sa_expiry_bytes_hard; 92 bool icv_corrupt; 93 bool iv_gen; 94 uint32_t tunnel_hdr_verify; 95 bool udp_encap; 96 bool udp_ports_verify; 97 bool udp_encap_custom_ports; 98 bool ip_csum; 99 bool l4_csum; 100 bool ipv6; 101 bool tunnel_ipv6; 102 bool transport; 103 bool fragment; 104 bool stats_success; 105 bool antireplay; 106 bool use_ext_mbuf; 107 enum df_flags df; 108 enum dscp_flags dscp; 109 enum flabel_flags flabel; 110 bool dec_ttl_or_hop_limit; 111 bool ah; 112 uint32_t plaintext_len; 113 int nb_segs_in_mbuf; 114 bool inb_oop; 115 }; 116 117 struct crypto_param { 118 enum rte_crypto_sym_xform_type type; 119 union { 120 enum rte_crypto_cipher_algorithm cipher; 121 enum rte_crypto_auth_algorithm auth; 122 enum rte_crypto_aead_algorithm aead; 123 } alg; 124 uint16_t key_length; 125 uint16_t iv_length; 126 uint16_t digest_length; 127 }; 128 129 static const struct crypto_param aead_list[] = { 130 { 131 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 132 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 133 .key_length = 16, 134 }, 135 { 136 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 137 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 138 .key_length = 24, 139 }, 140 { 141 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 142 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 143 .key_length = 32, 144 }, 145 { 146 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 147 .alg.aead = RTE_CRYPTO_AEAD_AES_CCM, 148 .key_length = 32 149 }, 150 }; 151 152 static const struct crypto_param cipher_list[] = { 153 { 154 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 155 .alg.cipher = RTE_CRYPTO_CIPHER_NULL, 156 .key_length = 0, 157 .iv_length = 0, 158 }, 159 { 160 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 161 .alg.cipher = RTE_CRYPTO_CIPHER_DES_CBC, 162 .key_length = 8, 163 .iv_length = 8, 164 }, 165 { 166 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 167 .alg.cipher = RTE_CRYPTO_CIPHER_3DES_CBC, 168 .key_length = 24, 169 .iv_length = 8, 170 }, 171 { 172 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 173 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC, 174 .key_length = 16, 175 .iv_length = 16, 176 }, 177 { 178 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 179 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 180 .key_length = 16, 181 .iv_length = 16, 182 }, 183 { 184 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 185 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 186 .key_length = 24, 187 .iv_length = 16, 188 }, 189 { 190 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 191 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 192 .key_length = 32, 193 .iv_length = 16, 194 }, 195 }; 196 197 static const struct crypto_param auth_list[] = { 198 { 199 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 200 .alg.auth = RTE_CRYPTO_AUTH_NULL, 201 }, 202 { 203 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 204 .alg.auth = RTE_CRYPTO_AUTH_MD5_HMAC, 205 .key_length = 16, 206 .digest_length = 12, 207 }, 208 { 209 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 210 .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC, 211 .key_length = 32, 212 .digest_length = 16, 213 }, 214 { 215 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 216 .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC, 217 .key_length = 48, 218 .digest_length = 24, 219 }, 220 { 221 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 222 .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC, 223 .key_length = 64, 224 .digest_length = 32, 225 }, 226 { 227 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 228 .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 229 .key_length = 16, 230 .digest_length = 12, 231 }, 232 { 233 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 234 .alg.auth = RTE_CRYPTO_AUTH_AES_GMAC, 235 .key_length = 16, 236 .digest_length = 16, 237 .iv_length = 12, 238 }, 239 }; 240 241 struct crypto_param_comb { 242 const struct crypto_param *param1; 243 const struct crypto_param *param2; 244 }; 245 246 extern struct ipsec_test_data pkt_aes_256_gcm; 247 extern struct ipsec_test_data pkt_aes_256_gcm_v6; 248 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256; 249 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6; 250 251 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) + 252 (RTE_DIM(cipher_list) * 253 RTE_DIM(auth_list))]; 254 255 extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)]; 256 257 void test_ipsec_alg_list_populate(void); 258 259 void test_ipsec_ah_alg_list_populate(void); 260 261 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, 262 const struct rte_security_capability *sec_cap, 263 bool silent); 264 265 int test_ipsec_crypto_caps_aead_verify( 266 const struct rte_security_capability *sec_cap, 267 struct rte_crypto_sym_xform *aead); 268 269 int test_ipsec_crypto_caps_cipher_verify( 270 const struct rte_security_capability *sec_cap, 271 struct rte_crypto_sym_xform *cipher); 272 273 int test_ipsec_crypto_caps_auth_verify( 274 const struct rte_security_capability *sec_cap, 275 struct rte_crypto_sym_xform *auth); 276 277 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, 278 struct ipsec_test_data *td_in); 279 280 void test_ipsec_td_prepare(const struct crypto_param *param1, 281 const struct crypto_param *param2, 282 const struct ipsec_test_flags *flags, 283 struct ipsec_test_data *td_array, 284 int nb_td); 285 286 void test_ipsec_td_update(struct ipsec_test_data td_inb[], 287 const struct ipsec_test_data td_outb[], 288 int nb_td, 289 const struct ipsec_test_flags *flags); 290 291 void test_ipsec_display_alg(const struct crypto_param *param1, 292 const struct crypto_param *param2); 293 294 int test_ipsec_post_process(const struct rte_mbuf *m, 295 const struct ipsec_test_data *td, 296 struct ipsec_test_data *res_d, bool silent, 297 const struct ipsec_test_flags *flags); 298 299 int test_ipsec_status_check(const struct ipsec_test_data *td, 300 struct rte_crypto_op *op, 301 const struct ipsec_test_flags *flags, 302 enum rte_security_ipsec_sa_direction dir, 303 int pkt_num); 304 305 int test_ipsec_stats_verify(void *ctx, 306 void *sess, 307 const struct ipsec_test_flags *flags, 308 enum rte_security_ipsec_sa_direction dir); 309 310 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags); 311 312 #endif 313