1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
8 #include <rte_cryptodev.h>
9 #include <rte_security.h>
11 #define IPSEC_TEST_PACKETS_MAX 32
13 struct ipsec_test_data {
40 struct rte_security_ipsec_xform ipsec_xform;
46 struct rte_crypto_sym_xform cipher;
47 struct rte_crypto_sym_xform auth;
49 struct rte_crypto_sym_xform aead;
54 TEST_IPSEC_COPY_DF_INNER_0 = 1,
55 TEST_IPSEC_COPY_DF_INNER_1,
56 TEST_IPSEC_SET_DF_0_INNER_1,
57 TEST_IPSEC_SET_DF_1_INNER_0,
60 struct ipsec_test_flags {
62 bool sa_expiry_pkts_soft;
63 bool sa_expiry_pkts_hard;
66 uint32_t tunnel_hdr_verify;
68 bool udp_ports_verify;
80 enum rte_crypto_sym_xform_type type;
82 enum rte_crypto_cipher_algorithm cipher;
83 enum rte_crypto_auth_algorithm auth;
84 enum rte_crypto_aead_algorithm aead;
88 uint16_t digest_length;
91 static const struct crypto_param aead_list[] = {
93 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
94 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
98 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
99 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
103 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
104 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
109 static const struct crypto_param cipher_list[] = {
111 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
112 .alg.cipher = RTE_CRYPTO_CIPHER_NULL,
117 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
118 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC,
123 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
124 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
129 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
130 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
135 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
136 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
142 static const struct crypto_param auth_list[] = {
144 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
145 .alg.auth = RTE_CRYPTO_AUTH_NULL,
148 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
149 .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC,
154 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
155 .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC,
160 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
161 .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC,
166 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
167 .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
173 struct crypto_param_comb {
174 const struct crypto_param *param1;
175 const struct crypto_param *param2;
178 extern struct ipsec_test_data pkt_aes_256_gcm;
179 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
180 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
181 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
183 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
184 (RTE_DIM(cipher_list) *
185 RTE_DIM(auth_list))];
187 void test_ipsec_alg_list_populate(void);
189 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
190 const struct rte_security_capability *sec_cap,
193 int test_ipsec_crypto_caps_aead_verify(
194 const struct rte_security_capability *sec_cap,
195 struct rte_crypto_sym_xform *aead);
197 int test_ipsec_crypto_caps_cipher_verify(
198 const struct rte_security_capability *sec_cap,
199 struct rte_crypto_sym_xform *cipher);
201 int test_ipsec_crypto_caps_auth_verify(
202 const struct rte_security_capability *sec_cap,
203 struct rte_crypto_sym_xform *auth);
205 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
206 struct ipsec_test_data *td_in);
208 void test_ipsec_td_prepare(const struct crypto_param *param1,
209 const struct crypto_param *param2,
210 const struct ipsec_test_flags *flags,
211 struct ipsec_test_data *td_array,
214 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
215 const struct ipsec_test_data td_outb[],
217 const struct ipsec_test_flags *flags);
219 void test_ipsec_display_alg(const struct crypto_param *param1,
220 const struct crypto_param *param2);
222 int test_ipsec_post_process(struct rte_mbuf *m,
223 const struct ipsec_test_data *td,
224 struct ipsec_test_data *res_d, bool silent,
225 const struct ipsec_test_flags *flags);
227 int test_ipsec_status_check(struct rte_crypto_op *op,
228 const struct ipsec_test_flags *flags,
229 enum rte_security_ipsec_sa_direction dir,
232 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
233 struct rte_security_session *sess,
234 const struct ipsec_test_flags *flags,
235 enum rte_security_ipsec_sa_direction dir);
237 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);