app/test/test_cryptodev_security_ipsec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(C) 2021 Marvell.
   3  */
   4
   5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   7
   8 #include <rte_cryptodev.h>
   9 #include <rte_security.h>
  10
  11 #define IPSEC_TEST_PACKETS_MAX 32
  12
  13 struct ipsec_test_data {
  14         struct {
  15                 uint8_t data[32];
  16         } key;
  17         struct {
  18                 uint8_t data[64];
  19         } auth_key;
  20
  21         struct {
  22                 uint8_t data[1024];
  23                 unsigned int len;
  24         } input_text;
  25
  26         struct {
  27                 uint8_t data[1024];
  28                 unsigned int len;
  29         } output_text;
  30
  31         struct {
  32                 uint8_t data[4];
  33                 unsigned int len;
  34         } salt;
  35
  36         struct {
  37                 uint8_t data[16];
  38         } iv;
  39
  40         struct rte_security_ipsec_xform ipsec_xform;
  41
  42         bool aead;
  43
  44         union {
  45                 struct {
  46                         struct rte_crypto_sym_xform cipher;
  47                         struct rte_crypto_sym_xform auth;
  48                 } chain;
  49                 struct rte_crypto_sym_xform aead;
  50         } xform;
  51 };
  52
  53 enum df_flags {
  54         TEST_IPSEC_COPY_DF_INNER_0 = 1,
  55         TEST_IPSEC_COPY_DF_INNER_1,
  56         TEST_IPSEC_SET_DF_0_INNER_1,
  57         TEST_IPSEC_SET_DF_1_INNER_0,
  58 };
  59
  60 struct ipsec_test_flags {
  61         bool display_alg;
  62         bool sa_expiry_pkts_soft;
  63         bool sa_expiry_pkts_hard;
  64         bool icv_corrupt;
  65         bool iv_gen;
  66         uint32_t tunnel_hdr_verify;
  67         bool udp_encap;
  68         bool udp_ports_verify;
  69         bool ip_csum;
  70         bool l4_csum;
  71         bool ipv6;
  72         bool tunnel_ipv6;
  73         bool transport;
  74         bool fragment;
  75         bool stats_success;
  76         enum df_flags df;
  77 };
  78
  79 struct crypto_param {
  80         enum rte_crypto_sym_xform_type type;
  81         union {
  82                 enum rte_crypto_cipher_algorithm cipher;
  83                 enum rte_crypto_auth_algorithm auth;
  84                 enum rte_crypto_aead_algorithm aead;
  85         } alg;
  86         uint16_t key_length;
  87         uint16_t iv_length;
  88         uint16_t digest_length;
  89 };
  90
  91 static const struct crypto_param aead_list[] = {
  92         {
  93                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
  94                 .alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
  95                 .key_length = 16,
  96         },
  97         {
  98                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
  99                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
 100                 .key_length = 24,
 101         },
 102         {
 103                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
 104                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
 105                 .key_length = 32
 106         },
 107 };
 108
 109 static const struct crypto_param cipher_list[] = {
 110         {
 111                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 112                 .alg.cipher =  RTE_CRYPTO_CIPHER_NULL,
 113                 .key_length = 0,
 114                 .iv_length = 0,
 115         },
 116         {
 117                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 118                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
 119                 .key_length = 16,
 120                 .iv_length = 16,
 121         },
 122         {
 123                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 124                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 125                 .key_length = 16,
 126                 .iv_length = 16,
 127         },
 128         {
 129                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 130                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 131                 .key_length = 24,
 132                 .iv_length = 16,
 133         },
 134         {
 135                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 136                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 137                 .key_length = 32,
 138                 .iv_length = 16,
 139         },
 140 };
 141
 142 static const struct crypto_param auth_list[] = {
 143         {
 144                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 145                 .alg.auth =  RTE_CRYPTO_AUTH_NULL,
 146         },
 147         {
 148                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 149                 .alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
 150                 .key_length = 32,
 151                 .digest_length = 16,
 152         },
 153         {
 154                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 155                 .alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
 156                 .key_length = 48,
 157                 .digest_length = 24,
 158         },
 159         {
 160                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 161                 .alg.auth =  RTE_CRYPTO_AUTH_SHA512_HMAC,
 162                 .key_length = 64,
 163                 .digest_length = 32,
 164         },
 165         {
 166                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 167                 .alg.auth =  RTE_CRYPTO_AUTH_AES_XCBC_MAC,
 168                 .key_length = 16,
 169                 .digest_length = 12,
 170         },
 171 };
 172
 173 struct crypto_param_comb {
 174         const struct crypto_param *param1;
 175         const struct crypto_param *param2;
 176 };
 177
 178 extern struct ipsec_test_data pkt_aes_256_gcm;
 179 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
 180 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
 181 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
 182
 183 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
 184                                          (RTE_DIM(cipher_list) *
 185                                           RTE_DIM(auth_list))];
 186
 187 void test_ipsec_alg_list_populate(void);
 188
 189 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 190                                const struct rte_security_capability *sec_cap,
 191                                bool silent);
 192
 193 int test_ipsec_crypto_caps_aead_verify(
 194                 const struct rte_security_capability *sec_cap,
 195                 struct rte_crypto_sym_xform *aead);
 196
 197 int test_ipsec_crypto_caps_cipher_verify(
 198                 const struct rte_security_capability *sec_cap,
 199                 struct rte_crypto_sym_xform *cipher);
 200
 201 int test_ipsec_crypto_caps_auth_verify(
 202                 const struct rte_security_capability *sec_cap,
 203                 struct rte_crypto_sym_xform *auth);
 204
 205 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 206                                struct ipsec_test_data *td_in);
 207
 208 void test_ipsec_td_prepare(const struct crypto_param *param1,
 209                            const struct crypto_param *param2,
 210                            const struct ipsec_test_flags *flags,
 211                            struct ipsec_test_data *td_array,
 212                            int nb_td);
 213
 214 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
 215                           const struct ipsec_test_data td_outb[],
 216                           int nb_td,
 217                           const struct ipsec_test_flags *flags);
 218
 219 void test_ipsec_display_alg(const struct crypto_param *param1,
 220                             const struct crypto_param *param2);
 221
 222 int test_ipsec_post_process(struct rte_mbuf *m,
 223                             const struct ipsec_test_data *td,
 224                             struct ipsec_test_data *res_d, bool silent,
 225                             const struct ipsec_test_flags *flags);
 226
 227 int test_ipsec_status_check(struct rte_crypto_op *op,
 228                             const struct ipsec_test_flags *flags,
 229                             enum rte_security_ipsec_sa_direction dir,
 230                             int pkt_num);
 231
 232 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
 233                             struct rte_security_session *sess,
 234                             const struct ipsec_test_flags *flags,
 235                             enum rte_security_ipsec_sa_direction dir);
 236
 237 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
 238
 239 #endif