1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(C) 2021 Marvell. 3 */ 4 5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_ 6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_ 7 8 #include <rte_cryptodev.h> 9 #include <rte_security.h> 10 11 #define IPSEC_TEST_PACKETS_MAX 32 12 #define IPSEC_TEXT_MAX_LEN 16384u 13 14 struct ipsec_test_data { 15 struct { 16 uint8_t data[32]; 17 } key; 18 struct { 19 uint8_t data[64]; 20 } auth_key; 21 22 struct { 23 uint8_t data[IPSEC_TEXT_MAX_LEN]; 24 unsigned int len; 25 } input_text; 26 27 struct { 28 uint8_t data[IPSEC_TEXT_MAX_LEN]; 29 unsigned int len; 30 } output_text; 31 32 struct { 33 uint8_t data[4]; 34 unsigned int len; 35 } salt; 36 37 struct { 38 uint8_t data[16]; 39 } iv; 40 41 struct rte_security_ipsec_xform ipsec_xform; 42 43 bool aead; 44 45 bool aes_gmac; 46 47 bool auth_only; 48 49 /* Antireplay packet */ 50 bool ar_packet; 51 52 union { 53 struct { 54 struct rte_crypto_sym_xform cipher; 55 struct rte_crypto_sym_xform auth; 56 } chain; 57 struct rte_crypto_sym_xform aead; 58 } xform; 59 }; 60 61 enum df_flags { 62 TEST_IPSEC_COPY_DF_INNER_0 = 1, 63 TEST_IPSEC_COPY_DF_INNER_1, 64 TEST_IPSEC_SET_DF_0_INNER_1, 65 TEST_IPSEC_SET_DF_1_INNER_0, 66 }; 67 68 #define TEST_IPSEC_DSCP_VAL 0x12 69 70 enum dscp_flags { 71 TEST_IPSEC_COPY_DSCP_INNER_0 = 1, 72 TEST_IPSEC_COPY_DSCP_INNER_1, 73 TEST_IPSEC_SET_DSCP_0_INNER_1, 74 TEST_IPSEC_SET_DSCP_1_INNER_0, 75 }; 76 77 #define TEST_IPSEC_FLABEL_VAL 0x1234 78 79 enum flabel_flags { 80 TEST_IPSEC_COPY_FLABEL_INNER_0 = 1, 81 TEST_IPSEC_COPY_FLABEL_INNER_1, 82 TEST_IPSEC_SET_FLABEL_0_INNER_1, 83 TEST_IPSEC_SET_FLABEL_1_INNER_0, 84 }; 85 86 struct ipsec_test_flags { 87 bool display_alg; 88 bool sa_expiry_pkts_soft; 89 bool sa_expiry_pkts_hard; 90 bool sa_expiry_bytes_soft; 91 bool sa_expiry_bytes_hard; 92 bool icv_corrupt; 93 bool iv_gen; 94 uint32_t tunnel_hdr_verify; 95 bool udp_encap; 96 bool udp_ports_verify; 97 bool udp_encap_custom_ports; 98 bool ip_csum; 99 bool l4_csum; 100 bool ipv6; 101 bool tunnel_ipv6; 102 bool transport; 103 bool fragment; 104 bool stats_success; 105 bool antireplay; 106 bool use_ext_mbuf; 107 enum df_flags df; 108 enum dscp_flags dscp; 109 enum flabel_flags flabel; 110 bool dec_ttl_or_hop_limit; 111 bool ah; 112 uint32_t plaintext_len; 113 int nb_segs_in_mbuf; 114 bool inb_oop; 115 bool rx_inject; 116 }; 117 118 struct crypto_param { 119 enum rte_crypto_sym_xform_type type; 120 union { 121 enum rte_crypto_cipher_algorithm cipher; 122 enum rte_crypto_auth_algorithm auth; 123 enum rte_crypto_aead_algorithm aead; 124 } alg; 125 uint16_t key_length; 126 uint16_t iv_length; 127 uint16_t digest_length; 128 }; 129 130 static const struct crypto_param aead_list[] = { 131 { 132 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 133 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 134 .key_length = 16, 135 }, 136 { 137 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 138 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 139 .key_length = 24, 140 }, 141 { 142 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 143 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, 144 .key_length = 32, 145 }, 146 { 147 .type = RTE_CRYPTO_SYM_XFORM_AEAD, 148 .alg.aead = RTE_CRYPTO_AEAD_AES_CCM, 149 .key_length = 32 150 }, 151 }; 152 153 static const struct crypto_param cipher_list[] = { 154 { 155 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 156 .alg.cipher = RTE_CRYPTO_CIPHER_NULL, 157 .key_length = 0, 158 .iv_length = 0, 159 }, 160 { 161 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 162 .alg.cipher = RTE_CRYPTO_CIPHER_DES_CBC, 163 .key_length = 8, 164 .iv_length = 8, 165 }, 166 { 167 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 168 .alg.cipher = RTE_CRYPTO_CIPHER_3DES_CBC, 169 .key_length = 24, 170 .iv_length = 8, 171 }, 172 { 173 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 174 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC, 175 .key_length = 16, 176 .iv_length = 16, 177 }, 178 { 179 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 180 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 181 .key_length = 16, 182 .iv_length = 16, 183 }, 184 { 185 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 186 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 187 .key_length = 24, 188 .iv_length = 16, 189 }, 190 { 191 .type = RTE_CRYPTO_SYM_XFORM_CIPHER, 192 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, 193 .key_length = 32, 194 .iv_length = 16, 195 }, 196 }; 197 198 static const struct crypto_param auth_list[] = { 199 { 200 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 201 .alg.auth = RTE_CRYPTO_AUTH_NULL, 202 }, 203 { 204 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 205 .alg.auth = RTE_CRYPTO_AUTH_MD5_HMAC, 206 .key_length = 16, 207 .digest_length = 12, 208 }, 209 { 210 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 211 .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC, 212 .key_length = 32, 213 .digest_length = 16, 214 }, 215 { 216 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 217 .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC, 218 .key_length = 48, 219 .digest_length = 24, 220 }, 221 { 222 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 223 .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC, 224 .key_length = 64, 225 .digest_length = 32, 226 }, 227 { 228 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 229 .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 230 .key_length = 16, 231 .digest_length = 12, 232 }, 233 { 234 .type = RTE_CRYPTO_SYM_XFORM_AUTH, 235 .alg.auth = RTE_CRYPTO_AUTH_AES_GMAC, 236 .key_length = 16, 237 .digest_length = 16, 238 .iv_length = 12, 239 }, 240 }; 241 242 struct crypto_param_comb { 243 const struct crypto_param *param1; 244 const struct crypto_param *param2; 245 }; 246 247 extern struct ipsec_test_data pkt_aes_256_gcm; 248 extern struct ipsec_test_data pkt_aes_256_gcm_v6; 249 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256; 250 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6; 251 252 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) + 253 (RTE_DIM(cipher_list) * 254 RTE_DIM(auth_list))]; 255 256 extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)]; 257 258 void test_ipsec_alg_list_populate(void); 259 260 void test_ipsec_ah_alg_list_populate(void); 261 262 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, 263 const struct rte_security_capability *sec_cap, 264 bool silent); 265 266 int test_ipsec_crypto_caps_aead_verify( 267 const struct rte_security_capability *sec_cap, 268 struct rte_crypto_sym_xform *aead); 269 270 int test_ipsec_crypto_caps_cipher_verify( 271 const struct rte_security_capability *sec_cap, 272 struct rte_crypto_sym_xform *cipher); 273 274 int test_ipsec_crypto_caps_auth_verify( 275 const struct rte_security_capability *sec_cap, 276 struct rte_crypto_sym_xform *auth); 277 278 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, 279 struct ipsec_test_data *td_in); 280 281 void test_ipsec_td_prepare(const struct crypto_param *param1, 282 const struct crypto_param *param2, 283 const struct ipsec_test_flags *flags, 284 struct ipsec_test_data *td_array, 285 int nb_td); 286 287 void test_ipsec_td_update(struct ipsec_test_data td_inb[], 288 const struct ipsec_test_data td_outb[], 289 int nb_td, 290 const struct ipsec_test_flags *flags); 291 292 void test_ipsec_display_alg(const struct crypto_param *param1, 293 const struct crypto_param *param2); 294 295 int test_ipsec_post_process(const struct rte_mbuf *m, 296 const struct ipsec_test_data *td, 297 struct ipsec_test_data *res_d, bool silent, 298 const struct ipsec_test_flags *flags); 299 300 int test_ipsec_status_check(const struct ipsec_test_data *td, 301 struct rte_crypto_op *op, 302 const struct ipsec_test_flags *flags, 303 enum rte_security_ipsec_sa_direction dir, 304 int pkt_num); 305 306 int test_ipsec_stats_verify(void *ctx, 307 void *sess, 308 const struct ipsec_test_flags *flags, 309 enum rte_security_ipsec_sa_direction dir); 310 311 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags); 312 313 #endif 314