1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
8 #include <rte_cryptodev.h>
9 #include <rte_security.h>
11 #define IPSEC_TEST_PACKETS_MAX 32
13 struct ipsec_test_data {
40 struct rte_security_ipsec_xform ipsec_xform;
43 /* Antireplay packet */
48 struct rte_crypto_sym_xform cipher;
49 struct rte_crypto_sym_xform auth;
51 struct rte_crypto_sym_xform aead;
56 TEST_IPSEC_COPY_DF_INNER_0 = 1,
57 TEST_IPSEC_COPY_DF_INNER_1,
58 TEST_IPSEC_SET_DF_0_INNER_1,
59 TEST_IPSEC_SET_DF_1_INNER_0,
62 #define TEST_IPSEC_DSCP_VAL 0x12
65 TEST_IPSEC_COPY_DSCP_INNER_0 = 1,
66 TEST_IPSEC_COPY_DSCP_INNER_1,
67 TEST_IPSEC_SET_DSCP_0_INNER_1,
68 TEST_IPSEC_SET_DSCP_1_INNER_0,
71 struct ipsec_test_flags {
73 bool sa_expiry_pkts_soft;
74 bool sa_expiry_pkts_hard;
77 uint32_t tunnel_hdr_verify;
79 bool udp_ports_verify;
90 bool dec_ttl_or_hop_limit;
94 enum rte_crypto_sym_xform_type type;
96 enum rte_crypto_cipher_algorithm cipher;
97 enum rte_crypto_auth_algorithm auth;
98 enum rte_crypto_aead_algorithm aead;
102 uint16_t digest_length;
105 static const struct crypto_param aead_list[] = {
107 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
108 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
112 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
113 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
117 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
118 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
123 static const struct crypto_param cipher_list[] = {
125 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
126 .alg.cipher = RTE_CRYPTO_CIPHER_NULL,
131 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
132 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC,
137 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
138 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
143 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
144 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
149 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
150 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
156 static const struct crypto_param auth_list[] = {
158 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
159 .alg.auth = RTE_CRYPTO_AUTH_NULL,
162 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
163 .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC,
168 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
169 .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC,
174 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
175 .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC,
180 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
181 .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
187 struct crypto_param_comb {
188 const struct crypto_param *param1;
189 const struct crypto_param *param2;
192 extern struct ipsec_test_data pkt_aes_256_gcm;
193 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
194 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
195 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
197 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
198 (RTE_DIM(cipher_list) *
199 RTE_DIM(auth_list))];
201 void test_ipsec_alg_list_populate(void);
203 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
204 const struct rte_security_capability *sec_cap,
207 int test_ipsec_crypto_caps_aead_verify(
208 const struct rte_security_capability *sec_cap,
209 struct rte_crypto_sym_xform *aead);
211 int test_ipsec_crypto_caps_cipher_verify(
212 const struct rte_security_capability *sec_cap,
213 struct rte_crypto_sym_xform *cipher);
215 int test_ipsec_crypto_caps_auth_verify(
216 const struct rte_security_capability *sec_cap,
217 struct rte_crypto_sym_xform *auth);
219 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
220 struct ipsec_test_data *td_in);
222 void test_ipsec_td_prepare(const struct crypto_param *param1,
223 const struct crypto_param *param2,
224 const struct ipsec_test_flags *flags,
225 struct ipsec_test_data *td_array,
228 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
229 const struct ipsec_test_data td_outb[],
231 const struct ipsec_test_flags *flags);
233 void test_ipsec_display_alg(const struct crypto_param *param1,
234 const struct crypto_param *param2);
236 int test_ipsec_post_process(struct rte_mbuf *m,
237 const struct ipsec_test_data *td,
238 struct ipsec_test_data *res_d, bool silent,
239 const struct ipsec_test_flags *flags);
241 int test_ipsec_status_check(const struct ipsec_test_data *td,
242 struct rte_crypto_op *op,
243 const struct ipsec_test_flags *flags,
244 enum rte_security_ipsec_sa_direction dir,
247 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
248 struct rte_security_session *sess,
249 const struct ipsec_test_flags *flags,
250 enum rte_security_ipsec_sa_direction dir);
252 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);