app/test/test_cryptodev_security_ipsec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(C) 2021 Marvell.
   3  */
   4
   5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   7
   8 #include <rte_cryptodev.h>
   9 #include <rte_security.h>
  10
  11 #define IPSEC_TEST_PACKETS_MAX 32
  12
  13 struct ipsec_test_data {
  14         struct {
  15                 uint8_t data[32];
  16         } key;
  17         struct {
  18                 uint8_t data[64];
  19         } auth_key;
  20
  21         struct {
  22                 uint8_t data[1024];
  23                 unsigned int len;
  24         } input_text;
  25
  26         struct {
  27                 uint8_t data[1024];
  28                 unsigned int len;
  29         } output_text;
  30
  31         struct {
  32                 uint8_t data[4];
  33                 unsigned int len;
  34         } salt;
  35
  36         struct {
  37                 uint8_t data[16];
  38         } iv;
  39
  40         struct rte_security_ipsec_xform ipsec_xform;
  41
  42         bool aead;
  43
  44         union {
  45                 struct {
  46                         struct rte_crypto_sym_xform cipher;
  47                         struct rte_crypto_sym_xform auth;
  48                 } chain;
  49                 struct rte_crypto_sym_xform aead;
  50         } xform;
  51 };
  52
  53 struct ipsec_test_flags {
  54         bool display_alg;
  55         bool sa_expiry_pkts_soft;
  56         bool sa_expiry_pkts_hard;
  57         bool icv_corrupt;
  58         bool iv_gen;
  59         uint32_t tunnel_hdr_verify;
  60         bool udp_encap;
  61         bool udp_ports_verify;
  62         bool ip_csum;
  63         bool l4_csum;
  64         bool ipv6;
  65         bool tunnel_ipv6;
  66         bool transport;
  67         bool fragment;
  68         bool stats_success;
  69 };
  70
  71 struct crypto_param {
  72         enum rte_crypto_sym_xform_type type;
  73         union {
  74                 enum rte_crypto_cipher_algorithm cipher;
  75                 enum rte_crypto_auth_algorithm auth;
  76                 enum rte_crypto_aead_algorithm aead;
  77         } alg;
  78         uint16_t key_length;
  79         uint16_t iv_length;
  80         uint16_t digest_length;
  81 };
  82
  83 static const struct crypto_param aead_list[] = {
  84         {
  85                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
  86                 .alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
  87                 .key_length = 16,
  88         },
  89         {
  90                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
  91                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
  92                 .key_length = 24,
  93         },
  94         {
  95                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
  96                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
  97                 .key_length = 32
  98         },
  99 };
 100
 101 static const struct crypto_param cipher_list[] = {
 102         {
 103                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 104                 .alg.cipher =  RTE_CRYPTO_CIPHER_NULL,
 105                 .key_length = 0,
 106                 .iv_length = 0,
 107         },
 108         {
 109                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 110                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
 111                 .key_length = 16,
 112                 .iv_length = 16,
 113         },
 114         {
 115                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 116                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 117                 .key_length = 16,
 118                 .iv_length = 16,
 119         },
 120         {
 121                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 122                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 123                 .key_length = 24,
 124                 .iv_length = 16,
 125         },
 126         {
 127                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 128                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 129                 .key_length = 32,
 130                 .iv_length = 16,
 131         },
 132 };
 133
 134 static const struct crypto_param auth_list[] = {
 135         {
 136                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 137                 .alg.auth =  RTE_CRYPTO_AUTH_NULL,
 138         },
 139         {
 140                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 141                 .alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
 142                 .key_length = 32,
 143                 .digest_length = 16,
 144         },
 145         {
 146                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 147                 .alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
 148                 .key_length = 48,
 149                 .digest_length = 24,
 150         },
 151         {
 152                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 153                 .alg.auth =  RTE_CRYPTO_AUTH_SHA512_HMAC,
 154                 .key_length = 64,
 155                 .digest_length = 32,
 156         },
 157         {
 158                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 159                 .alg.auth =  RTE_CRYPTO_AUTH_AES_XCBC_MAC,
 160                 .key_length = 16,
 161                 .digest_length = 12,
 162         },
 163 };
 164
 165 struct crypto_param_comb {
 166         const struct crypto_param *param1;
 167         const struct crypto_param *param2;
 168 };
 169
 170 extern struct ipsec_test_data pkt_aes_256_gcm;
 171 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
 172 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
 173 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
 174
 175 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
 176                                          (RTE_DIM(cipher_list) *
 177                                           RTE_DIM(auth_list))];
 178
 179 void test_ipsec_alg_list_populate(void);
 180
 181 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 182                                const struct rte_security_capability *sec_cap,
 183                                bool silent);
 184
 185 int test_ipsec_crypto_caps_aead_verify(
 186                 const struct rte_security_capability *sec_cap,
 187                 struct rte_crypto_sym_xform *aead);
 188
 189 int test_ipsec_crypto_caps_cipher_verify(
 190                 const struct rte_security_capability *sec_cap,
 191                 struct rte_crypto_sym_xform *cipher);
 192
 193 int test_ipsec_crypto_caps_auth_verify(
 194                 const struct rte_security_capability *sec_cap,
 195                 struct rte_crypto_sym_xform *auth);
 196
 197 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 198                                struct ipsec_test_data *td_in);
 199
 200 void test_ipsec_td_prepare(const struct crypto_param *param1,
 201                            const struct crypto_param *param2,
 202                            const struct ipsec_test_flags *flags,
 203                            struct ipsec_test_data *td_array,
 204                            int nb_td);
 205
 206 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
 207                           const struct ipsec_test_data td_outb[],
 208                           int nb_td,
 209                           const struct ipsec_test_flags *flags);
 210
 211 void test_ipsec_display_alg(const struct crypto_param *param1,
 212                             const struct crypto_param *param2);
 213
 214 int test_ipsec_post_process(struct rte_mbuf *m,
 215                             const struct ipsec_test_data *td,
 216                             struct ipsec_test_data *res_d, bool silent,
 217                             const struct ipsec_test_flags *flags);
 218
 219 int test_ipsec_status_check(struct rte_crypto_op *op,
 220                             const struct ipsec_test_flags *flags,
 221                             enum rte_security_ipsec_sa_direction dir,
 222                             int pkt_num);
 223
 224 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
 225                             struct rte_security_session *sess,
 226                             const struct ipsec_test_flags *flags,
 227                             enum rte_security_ipsec_sa_direction dir);
 228
 229 #endif