app/test/test_cryptodev_security_ipsec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(C) 2021 Marvell.
   3  */
   4
   5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   7
   8 #include <rte_cryptodev.h>
   9 #include <rte_security.h>
  10
  11 #define IPSEC_TEST_PACKETS_MAX 32
  12
  13 struct ipsec_test_data {
  14         struct {
  15                 uint8_t data[32];
  16         } key;
  17         struct {
  18                 uint8_t data[64];
  19         } auth_key;
  20
  21         struct {
  22                 uint8_t data[1024];
  23                 unsigned int len;
  24         } input_text;
  25
  26         struct {
  27                 uint8_t data[1024];
  28                 unsigned int len;
  29         } output_text;
  30
  31         struct {
  32                 uint8_t data[4];
  33                 unsigned int len;
  34         } salt;
  35
  36         struct {
  37                 uint8_t data[16];
  38         } iv;
  39
  40         struct rte_security_ipsec_xform ipsec_xform;
  41
  42         bool aead;
  43
  44         bool aes_gmac;
  45
  46         bool auth_only;
  47
  48         /* Antireplay packet */
  49         bool ar_packet;
  50
  51         union {
  52                 struct {
  53                         struct rte_crypto_sym_xform cipher;
  54                         struct rte_crypto_sym_xform auth;
  55                 } chain;
  56                 struct rte_crypto_sym_xform aead;
  57         } xform;
  58 };
  59
  60 enum df_flags {
  61         TEST_IPSEC_COPY_DF_INNER_0 = 1,
  62         TEST_IPSEC_COPY_DF_INNER_1,
  63         TEST_IPSEC_SET_DF_0_INNER_1,
  64         TEST_IPSEC_SET_DF_1_INNER_0,
  65 };
  66
  67 #define TEST_IPSEC_DSCP_VAL 0x12
  68
  69 enum dscp_flags {
  70         TEST_IPSEC_COPY_DSCP_INNER_0 = 1,
  71         TEST_IPSEC_COPY_DSCP_INNER_1,
  72         TEST_IPSEC_SET_DSCP_0_INNER_1,
  73         TEST_IPSEC_SET_DSCP_1_INNER_0,
  74 };
  75
  76 #define TEST_IPSEC_FLABEL_VAL 0x1234
  77
  78 enum flabel_flags {
  79         TEST_IPSEC_COPY_FLABEL_INNER_0 = 1,
  80         TEST_IPSEC_COPY_FLABEL_INNER_1,
  81         TEST_IPSEC_SET_FLABEL_0_INNER_1,
  82         TEST_IPSEC_SET_FLABEL_1_INNER_0,
  83 };
  84
  85 struct ipsec_test_flags {
  86         bool display_alg;
  87         bool sa_expiry_pkts_soft;
  88         bool sa_expiry_pkts_hard;
  89         bool icv_corrupt;
  90         bool iv_gen;
  91         uint32_t tunnel_hdr_verify;
  92         bool udp_encap;
  93         bool udp_ports_verify;
  94         bool ip_csum;
  95         bool l4_csum;
  96         bool ipv6;
  97         bool tunnel_ipv6;
  98         bool transport;
  99         bool fragment;
 100         bool stats_success;
 101         bool antireplay;
 102         enum df_flags df;
 103         enum dscp_flags dscp;
 104         enum flabel_flags flabel;
 105         bool dec_ttl_or_hop_limit;
 106         bool ah;
 107 };
 108
 109 struct crypto_param {
 110         enum rte_crypto_sym_xform_type type;
 111         union {
 112                 enum rte_crypto_cipher_algorithm cipher;
 113                 enum rte_crypto_auth_algorithm auth;
 114                 enum rte_crypto_aead_algorithm aead;
 115         } alg;
 116         uint16_t key_length;
 117         uint16_t iv_length;
 118         uint16_t digest_length;
 119 };
 120
 121 static const struct crypto_param aead_list[] = {
 122         {
 123                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
 124                 .alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
 125                 .key_length = 16,
 126         },
 127         {
 128                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
 129                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
 130                 .key_length = 24,
 131         },
 132         {
 133                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
 134                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
 135                 .key_length = 32
 136         },
 137 };
 138
 139 static const struct crypto_param cipher_list[] = {
 140         {
 141                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 142                 .alg.cipher =  RTE_CRYPTO_CIPHER_NULL,
 143                 .key_length = 0,
 144                 .iv_length = 0,
 145         },
 146         {
 147                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 148                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
 149                 .key_length = 16,
 150                 .iv_length = 16,
 151         },
 152         {
 153                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 154                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 155                 .key_length = 16,
 156                 .iv_length = 16,
 157         },
 158         {
 159                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 160                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 161                 .key_length = 24,
 162                 .iv_length = 16,
 163         },
 164         {
 165                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 166                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 167                 .key_length = 32,
 168                 .iv_length = 16,
 169         },
 170 };
 171
 172 static const struct crypto_param auth_list[] = {
 173         {
 174                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 175                 .alg.auth =  RTE_CRYPTO_AUTH_NULL,
 176         },
 177         {
 178                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 179                 .alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
 180                 .key_length = 32,
 181                 .digest_length = 16,
 182         },
 183         {
 184                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 185                 .alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
 186                 .key_length = 48,
 187                 .digest_length = 24,
 188         },
 189         {
 190                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 191                 .alg.auth =  RTE_CRYPTO_AUTH_SHA512_HMAC,
 192                 .key_length = 64,
 193                 .digest_length = 32,
 194         },
 195         {
 196                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 197                 .alg.auth =  RTE_CRYPTO_AUTH_AES_XCBC_MAC,
 198                 .key_length = 16,
 199                 .digest_length = 12,
 200         },
 201         {
 202                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 203                 .alg.auth =  RTE_CRYPTO_AUTH_AES_GMAC,
 204                 .key_length = 16,
 205                 .digest_length = 16,
 206                 .iv_length = 12,
 207         },
 208 };
 209
 210 struct crypto_param_comb {
 211         const struct crypto_param *param1;
 212         const struct crypto_param *param2;
 213 };
 214
 215 extern struct ipsec_test_data pkt_aes_256_gcm;
 216 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
 217 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
 218 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
 219
 220 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
 221                                          (RTE_DIM(cipher_list) *
 222                                           RTE_DIM(auth_list))];
 223
 224 extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)];
 225
 226 void test_ipsec_alg_list_populate(void);
 227
 228 void test_ipsec_ah_alg_list_populate(void);
 229
 230 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 231                                const struct rte_security_capability *sec_cap,
 232                                bool silent);
 233
 234 int test_ipsec_crypto_caps_aead_verify(
 235                 const struct rte_security_capability *sec_cap,
 236                 struct rte_crypto_sym_xform *aead);
 237
 238 int test_ipsec_crypto_caps_cipher_verify(
 239                 const struct rte_security_capability *sec_cap,
 240                 struct rte_crypto_sym_xform *cipher);
 241
 242 int test_ipsec_crypto_caps_auth_verify(
 243                 const struct rte_security_capability *sec_cap,
 244                 struct rte_crypto_sym_xform *auth);
 245
 246 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 247                                struct ipsec_test_data *td_in);
 248
 249 void test_ipsec_td_prepare(const struct crypto_param *param1,
 250                            const struct crypto_param *param2,
 251                            const struct ipsec_test_flags *flags,
 252                            struct ipsec_test_data *td_array,
 253                            int nb_td);
 254
 255 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
 256                           const struct ipsec_test_data td_outb[],
 257                           int nb_td,
 258                           const struct ipsec_test_flags *flags);
 259
 260 void test_ipsec_display_alg(const struct crypto_param *param1,
 261                             const struct crypto_param *param2);
 262
 263 int test_ipsec_post_process(struct rte_mbuf *m,
 264                             const struct ipsec_test_data *td,
 265                             struct ipsec_test_data *res_d, bool silent,
 266                             const struct ipsec_test_flags *flags);
 267
 268 int test_ipsec_status_check(const struct ipsec_test_data *td,
 269                             struct rte_crypto_op *op,
 270                             const struct ipsec_test_flags *flags,
 271                             enum rte_security_ipsec_sa_direction dir,
 272                             int pkt_num);
 273
 274 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
 275                             struct rte_security_session *sess,
 276                             const struct ipsec_test_flags *flags,
 277                             enum rte_security_ipsec_sa_direction dir);
 278
 279 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
 280
 281 #endif