app/test/test_cryptodev_security_ipsec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(C) 2021 Marvell.
   3  */
   4
   5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   7
   8 #include <rte_cryptodev.h>
   9 #include <rte_security.h>
  10
  11 #define IPSEC_TEST_PACKETS_MAX 32
  12
  13 struct ipsec_test_data {
  14         struct {
  15                 uint8_t data[32];
  16         } key;
  17         struct {
  18                 uint8_t data[64];
  19         } auth_key;
  20
  21         struct {
  22                 uint8_t data[1024];
  23                 unsigned int len;
  24         } input_text;
  25
  26         struct {
  27                 uint8_t data[1024];
  28                 unsigned int len;
  29         } output_text;
  30
  31         struct {
  32                 uint8_t data[4];
  33                 unsigned int len;
  34         } salt;
  35
  36         struct {
  37                 uint8_t data[16];
  38         } iv;
  39
  40         struct rte_security_ipsec_xform ipsec_xform;
  41
  42         bool aead;
  43
  44         union {
  45                 struct {
  46                         struct rte_crypto_sym_xform cipher;
  47                         struct rte_crypto_sym_xform auth;
  48                 } chain;
  49                 struct rte_crypto_sym_xform aead;
  50         } xform;
  51 };
  52
  53 struct ipsec_test_flags {
  54         bool display_alg;
  55         bool sa_expiry_pkts_soft;
  56         bool sa_expiry_pkts_hard;
  57         bool icv_corrupt;
  58         bool iv_gen;
  59         uint32_t tunnel_hdr_verify;
  60         bool udp_encap;
  61         bool udp_ports_verify;
  62         bool ip_csum;
  63         bool l4_csum;
  64         bool ipv6;
  65         bool tunnel_ipv6;
  66         bool transport;
  67         bool fragment;
  68         bool stats_success;
  69 };
  70
  71 struct crypto_param {
  72         enum rte_crypto_sym_xform_type type;
  73         union {
  74                 enum rte_crypto_cipher_algorithm cipher;
  75                 enum rte_crypto_auth_algorithm auth;
  76                 enum rte_crypto_aead_algorithm aead;
  77         } alg;
  78         uint16_t key_length;
  79         uint16_t digest_length;
  80 };
  81
  82 static const struct crypto_param aead_list[] = {
  83         {
  84                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
  85                 .alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
  86                 .key_length = 16,
  87         },
  88         {
  89                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
  90                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
  91                 .key_length = 24,
  92         },
  93         {
  94                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
  95                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
  96                 .key_length = 32
  97         },
  98 };
  99
 100 static const struct crypto_param cipher_list[] = {
 101         {
 102                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 103                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
 104                 .key_length = 16,
 105         },
 106 };
 107
 108 static const struct crypto_param auth_list[] = {
 109         {
 110                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 111                 .alg.auth =  RTE_CRYPTO_AUTH_NULL,
 112         },
 113         {
 114                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 115                 .alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
 116                 .key_length = 32,
 117                 .digest_length = 16,
 118         },
 119         {
 120                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 121                 .alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
 122                 .key_length = 48,
 123                 .digest_length = 24,
 124         },
 125         {
 126                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 127                 .alg.auth =  RTE_CRYPTO_AUTH_SHA512_HMAC,
 128                 .key_length = 64,
 129                 .digest_length = 32,
 130         },
 131 };
 132
 133 struct crypto_param_comb {
 134         const struct crypto_param *param1;
 135         const struct crypto_param *param2;
 136 };
 137
 138 extern struct ipsec_test_data pkt_aes_256_gcm;
 139 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
 140 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
 141 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
 142
 143 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
 144                                          (RTE_DIM(cipher_list) *
 145                                           RTE_DIM(auth_list))];
 146
 147 void test_ipsec_alg_list_populate(void);
 148
 149 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 150                                const struct rte_security_capability *sec_cap,
 151                                bool silent);
 152
 153 int test_ipsec_crypto_caps_aead_verify(
 154                 const struct rte_security_capability *sec_cap,
 155                 struct rte_crypto_sym_xform *aead);
 156
 157 int test_ipsec_crypto_caps_cipher_verify(
 158                 const struct rte_security_capability *sec_cap,
 159                 struct rte_crypto_sym_xform *cipher);
 160
 161 int test_ipsec_crypto_caps_auth_verify(
 162                 const struct rte_security_capability *sec_cap,
 163                 struct rte_crypto_sym_xform *auth);
 164
 165 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 166                                struct ipsec_test_data *td_in);
 167
 168 void test_ipsec_td_prepare(const struct crypto_param *param1,
 169                            const struct crypto_param *param2,
 170                            const struct ipsec_test_flags *flags,
 171                            struct ipsec_test_data *td_array,
 172                            int nb_td);
 173
 174 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
 175                           const struct ipsec_test_data td_outb[],
 176                           int nb_td,
 177                           const struct ipsec_test_flags *flags);
 178
 179 void test_ipsec_display_alg(const struct crypto_param *param1,
 180                             const struct crypto_param *param2);
 181
 182 int test_ipsec_post_process(struct rte_mbuf *m,
 183                             const struct ipsec_test_data *td,
 184                             struct ipsec_test_data *res_d, bool silent,
 185                             const struct ipsec_test_flags *flags);
 186
 187 int test_ipsec_status_check(struct rte_crypto_op *op,
 188                             const struct ipsec_test_flags *flags,
 189                             enum rte_security_ipsec_sa_direction dir,
 190                             int pkt_num);
 191
 192 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
 193                             struct rte_security_session *sess,
 194                             const struct ipsec_test_flags *flags,
 195                             enum rte_security_ipsec_sa_direction dir);
 196
 197 #endif