app/test/test_cryptodev_security_ipsec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(C) 2021 Marvell.
   3  */
   4
   5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
   7
   8 #include <rte_cryptodev.h>
   9 #include <rte_security.h>
  10
  11 #define IPSEC_TEST_PACKETS_MAX 32
  12
  13 struct ipsec_test_data {
  14         struct {
  15                 uint8_t data[32];
  16         } key;
  17         struct {
  18                 uint8_t data[64];
  19         } auth_key;
  20
  21         struct {
  22                 uint8_t data[1024];
  23                 unsigned int len;
  24         } input_text;
  25
  26         struct {
  27                 uint8_t data[1024];
  28                 unsigned int len;
  29         } output_text;
  30
  31         struct {
  32                 uint8_t data[4];
  33                 unsigned int len;
  34         } salt;
  35
  36         struct {
  37                 uint8_t data[16];
  38         } iv;
  39
  40         struct rte_security_ipsec_xform ipsec_xform;
  41
  42         bool aead;
  43
  44         bool auth_only;
  45
  46         /* Antireplay packet */
  47         bool ar_packet;
  48
  49         union {
  50                 struct {
  51                         struct rte_crypto_sym_xform cipher;
  52                         struct rte_crypto_sym_xform auth;
  53                 } chain;
  54                 struct rte_crypto_sym_xform aead;
  55         } xform;
  56 };
  57
  58 enum df_flags {
  59         TEST_IPSEC_COPY_DF_INNER_0 = 1,
  60         TEST_IPSEC_COPY_DF_INNER_1,
  61         TEST_IPSEC_SET_DF_0_INNER_1,
  62         TEST_IPSEC_SET_DF_1_INNER_0,
  63 };
  64
  65 #define TEST_IPSEC_DSCP_VAL 0x12
  66
  67 enum dscp_flags {
  68         TEST_IPSEC_COPY_DSCP_INNER_0 = 1,
  69         TEST_IPSEC_COPY_DSCP_INNER_1,
  70         TEST_IPSEC_SET_DSCP_0_INNER_1,
  71         TEST_IPSEC_SET_DSCP_1_INNER_0,
  72 };
  73
  74 struct ipsec_test_flags {
  75         bool display_alg;
  76         bool sa_expiry_pkts_soft;
  77         bool sa_expiry_pkts_hard;
  78         bool icv_corrupt;
  79         bool iv_gen;
  80         uint32_t tunnel_hdr_verify;
  81         bool udp_encap;
  82         bool udp_ports_verify;
  83         bool ip_csum;
  84         bool l4_csum;
  85         bool ipv6;
  86         bool tunnel_ipv6;
  87         bool transport;
  88         bool fragment;
  89         bool stats_success;
  90         bool antireplay;
  91         enum df_flags df;
  92         enum dscp_flags dscp;
  93         bool dec_ttl_or_hop_limit;
  94         bool ah;
  95 };
  96
  97 struct crypto_param {
  98         enum rte_crypto_sym_xform_type type;
  99         union {
 100                 enum rte_crypto_cipher_algorithm cipher;
 101                 enum rte_crypto_auth_algorithm auth;
 102                 enum rte_crypto_aead_algorithm aead;
 103         } alg;
 104         uint16_t key_length;
 105         uint16_t iv_length;
 106         uint16_t digest_length;
 107 };
 108
 109 static const struct crypto_param aead_list[] = {
 110         {
 111                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
 112                 .alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
 113                 .key_length = 16,
 114         },
 115         {
 116                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
 117                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
 118                 .key_length = 24,
 119         },
 120         {
 121                 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
 122                 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
 123                 .key_length = 32
 124         },
 125 };
 126
 127 static const struct crypto_param cipher_list[] = {
 128         {
 129                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 130                 .alg.cipher =  RTE_CRYPTO_CIPHER_NULL,
 131                 .key_length = 0,
 132                 .iv_length = 0,
 133         },
 134         {
 135                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 136                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
 137                 .key_length = 16,
 138                 .iv_length = 16,
 139         },
 140         {
 141                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 142                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 143                 .key_length = 16,
 144                 .iv_length = 16,
 145         },
 146         {
 147                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 148                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 149                 .key_length = 24,
 150                 .iv_length = 16,
 151         },
 152         {
 153                 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 154                 .alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
 155                 .key_length = 32,
 156                 .iv_length = 16,
 157         },
 158 };
 159
 160 static const struct crypto_param auth_list[] = {
 161         {
 162                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 163                 .alg.auth =  RTE_CRYPTO_AUTH_NULL,
 164         },
 165         {
 166                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 167                 .alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
 168                 .key_length = 32,
 169                 .digest_length = 16,
 170         },
 171         {
 172                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 173                 .alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
 174                 .key_length = 48,
 175                 .digest_length = 24,
 176         },
 177         {
 178                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 179                 .alg.auth =  RTE_CRYPTO_AUTH_SHA512_HMAC,
 180                 .key_length = 64,
 181                 .digest_length = 32,
 182         },
 183         {
 184                 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
 185                 .alg.auth =  RTE_CRYPTO_AUTH_AES_XCBC_MAC,
 186                 .key_length = 16,
 187                 .digest_length = 12,
 188         },
 189 };
 190
 191 struct crypto_param_comb {
 192         const struct crypto_param *param1;
 193         const struct crypto_param *param2;
 194 };
 195
 196 extern struct ipsec_test_data pkt_aes_256_gcm;
 197 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
 198 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
 199 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
 200
 201 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
 202                                          (RTE_DIM(cipher_list) *
 203                                           RTE_DIM(auth_list))];
 204
 205 extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)];
 206
 207 void test_ipsec_alg_list_populate(void);
 208
 209 void test_ipsec_ah_alg_list_populate(void);
 210
 211 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
 212                                const struct rte_security_capability *sec_cap,
 213                                bool silent);
 214
 215 int test_ipsec_crypto_caps_aead_verify(
 216                 const struct rte_security_capability *sec_cap,
 217                 struct rte_crypto_sym_xform *aead);
 218
 219 int test_ipsec_crypto_caps_cipher_verify(
 220                 const struct rte_security_capability *sec_cap,
 221                 struct rte_crypto_sym_xform *cipher);
 222
 223 int test_ipsec_crypto_caps_auth_verify(
 224                 const struct rte_security_capability *sec_cap,
 225                 struct rte_crypto_sym_xform *auth);
 226
 227 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
 228                                struct ipsec_test_data *td_in);
 229
 230 void test_ipsec_td_prepare(const struct crypto_param *param1,
 231                            const struct crypto_param *param2,
 232                            const struct ipsec_test_flags *flags,
 233                            struct ipsec_test_data *td_array,
 234                            int nb_td);
 235
 236 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
 237                           const struct ipsec_test_data td_outb[],
 238                           int nb_td,
 239                           const struct ipsec_test_flags *flags);
 240
 241 void test_ipsec_display_alg(const struct crypto_param *param1,
 242                             const struct crypto_param *param2);
 243
 244 int test_ipsec_post_process(struct rte_mbuf *m,
 245                             const struct ipsec_test_data *td,
 246                             struct ipsec_test_data *res_d, bool silent,
 247                             const struct ipsec_test_flags *flags);
 248
 249 int test_ipsec_status_check(const struct ipsec_test_data *td,
 250                             struct rte_crypto_op *op,
 251                             const struct ipsec_test_flags *flags,
 252                             enum rte_security_ipsec_sa_direction dir,
 253                             int pkt_num);
 254
 255 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
 256                             struct rte_security_session *sess,
 257                             const struct ipsec_test_flags *flags,
 258                             enum rte_security_ipsec_sa_direction dir);
 259
 260 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
 261
 262 #endif