app/test/test_cryptodev_security_ipsec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(C) 2021 Marvell.
   3  */
   4
   5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   7
   8 #include <rte_cryptodev.h>
   9 #include <rte_security.h>
  10
  11 #define IPSEC_TEST_PACKETS_MAX 32
  12
  13 struct ipsec_test_data {
  14         struct {
  15                 uint8_t data[32];
  16         } key;
  17         struct {
  18                 uint8_t data[64];
  19         } auth_key;
  20
  21         struct {
  22                 uint8_t data[1024];
  23                 unsigned int len;
  24         } input_text;
  25
  26         struct {
  27                 uint8_t data[1024];
  28                 unsigned int len;
  29         } output_text;
  30
  31         struct {
  32                 uint8_t data[4];
  33                 unsigned int len;
  34         } salt;
  35
  36         struct {
  37                 uint8_t data[16];
  38         } iv;
  39
  40         struct rte_security_ipsec_xform ipsec_xform;
  41
  42         bool aead;
  43         /* Antireplay packet */
  44         bool ar_packet;
  45
  46         union {
  47                 struct {
  48                         struct rte_crypto_sym_xform cipher;
  49                         struct rte_crypto_sym_xform auth;
  50                 } chain;
  51                 struct rte_crypto_sym_xform aead;
  52         } xform;
  53 };
  54
  55 enum df_flags {
  56         TEST_IPSEC_COPY_DF_INNER_0 = 1,
  57         TEST_IPSEC_COPY_DF_INNER_1,
  58         TEST_IPSEC_SET_DF_0_INNER_1,
  59         TEST_IPSEC_SET_DF_1_INNER_0,
  60 };
  61
  62 #define TEST_IPSEC_DSCP_VAL 0x12
  63
  64 enum dscp_flags {
  65         TEST_IPSEC_COPY_DSCP_INNER_0 = 1,
  66         TEST_IPSEC_COPY_DSCP_INNER_1,
  67         TEST_IPSEC_SET_DSCP_0_INNER_1,
  68         TEST_IPSEC_SET_DSCP_1_INNER_0,
  69 };
  70
  71 struct ipsec_test_flags {
  72         bool display_alg;
  73         bool sa_expiry_pkts_soft;
  74         bool sa_expiry_pkts_hard;
  75         bool icv_corrupt;
  76         bool iv_gen;
  77         uint32_t tunnel_hdr_verify;
  78         bool udp_encap;
  79         bool udp_ports_verify;
  80         bool ip_csum;
  81         bool l4_csum;
  82         bool ipv6;
  83         bool tunnel_ipv6;
  84         bool transport;
  85         bool fragment;
  86         bool stats_success;
  87         bool antireplay;
  88         enum df_flags df;
  89         enum dscp_flags dscp;
  90         bool dec_ttl_or_hop_limit;
  91 };
  92
  93 struct crypto_param {
  94         enum rte_crypto_sym_xform_type type;
  95         union {
  96                 enum rte_crypto_cipher_algorithm cipher;
  97                 enum rte_crypto_auth_algorithm auth;
  98                 enum rte_crypto_aead_algorithm aead;
  99         } alg;
 100         uint16_t key_length;
 101         uint16_t iv_length;
 102         uint16_t digest_length;
 103 };
 104
 105 static const struct crypto_param aead_list[] = {
 106         {
 107                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
 108                 .alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
 109                 .key_length = 16,
 110         },
 111         {
 112                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
 113                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
 114                 .key_length = 24,
 115         },
 116         {
 117                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
 118                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
 119                 .key_length = 32
 120         },
 121 };
 122
 123 static const struct crypto_param cipher_list[] = {
 124         {
 125                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 126                 .alg.cipher =  RTE_CRYPTO_CIPHER_NULL,
 127                 .key_length = 0,
 128                 .iv_length = 0,
 129         },
 130         {
 131                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 132                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
 133                 .key_length = 16,
 134                 .iv_length = 16,
 135         },
 136         {
 137                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 138                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 139                 .key_length = 16,
 140                 .iv_length = 16,
 141         },
 142         {
 143                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 144                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 145                 .key_length = 24,
 146                 .iv_length = 16,
 147         },
 148         {
 149                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 150                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 151                 .key_length = 32,
 152                 .iv_length = 16,
 153         },
 154 };
 155
 156 static const struct crypto_param auth_list[] = {
 157         {
 158                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 159                 .alg.auth =  RTE_CRYPTO_AUTH_NULL,
 160         },
 161         {
 162                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 163                 .alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
 164                 .key_length = 32,
 165                 .digest_length = 16,
 166         },
 167         {
 168                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 169                 .alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
 170                 .key_length = 48,
 171                 .digest_length = 24,
 172         },
 173         {
 174                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 175                 .alg.auth =  RTE_CRYPTO_AUTH_SHA512_HMAC,
 176                 .key_length = 64,
 177                 .digest_length = 32,
 178         },
 179         {
 180                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 181                 .alg.auth =  RTE_CRYPTO_AUTH_AES_XCBC_MAC,
 182                 .key_length = 16,
 183                 .digest_length = 12,
 184         },
 185 };
 186
 187 struct crypto_param_comb {
 188         const struct crypto_param *param1;
 189         const struct crypto_param *param2;
 190 };
 191
 192 extern struct ipsec_test_data pkt_aes_256_gcm;
 193 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
 194 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
 195 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
 196
 197 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
 198                                          (RTE_DIM(cipher_list) *
 199                                           RTE_DIM(auth_list))];
 200
 201 void test_ipsec_alg_list_populate(void);
 202
 203 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 204                                const struct rte_security_capability *sec_cap,
 205                                bool silent);
 206
 207 int test_ipsec_crypto_caps_aead_verify(
 208                 const struct rte_security_capability *sec_cap,
 209                 struct rte_crypto_sym_xform *aead);
 210
 211 int test_ipsec_crypto_caps_cipher_verify(
 212                 const struct rte_security_capability *sec_cap,
 213                 struct rte_crypto_sym_xform *cipher);
 214
 215 int test_ipsec_crypto_caps_auth_verify(
 216                 const struct rte_security_capability *sec_cap,
 217                 struct rte_crypto_sym_xform *auth);
 218
 219 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 220                                struct ipsec_test_data *td_in);
 221
 222 void test_ipsec_td_prepare(const struct crypto_param *param1,
 223                            const struct crypto_param *param2,
 224                            const struct ipsec_test_flags *flags,
 225                            struct ipsec_test_data *td_array,
 226                            int nb_td);
 227
 228 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
 229                           const struct ipsec_test_data td_outb[],
 230                           int nb_td,
 231                           const struct ipsec_test_flags *flags);
 232
 233 void test_ipsec_display_alg(const struct crypto_param *param1,
 234                             const struct crypto_param *param2);
 235
 236 int test_ipsec_post_process(struct rte_mbuf *m,
 237                             const struct ipsec_test_data *td,
 238                             struct ipsec_test_data *res_d, bool silent,
 239                             const struct ipsec_test_flags *flags);
 240
 241 int test_ipsec_status_check(const struct ipsec_test_data *td,
 242                             struct rte_crypto_op *op,
 243                             const struct ipsec_test_flags *flags,
 244                             enum rte_security_ipsec_sa_direction dir,
 245                             int pkt_num);
 246
 247 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
 248                             struct rte_security_session *sess,
 249                             const struct ipsec_test_flags *flags,
 250                             enum rte_security_ipsec_sa_direction dir);
 251
 252 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
 253
 254 #endif