1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
8 #include <rte_cryptodev.h>
9 #include <rte_security.h>
11 #define IPSEC_TEST_PACKETS_MAX 32
13 struct ipsec_test_data {
40 struct rte_security_ipsec_xform ipsec_xform;
48 /* Antireplay packet */
53 struct rte_crypto_sym_xform cipher;
54 struct rte_crypto_sym_xform auth;
56 struct rte_crypto_sym_xform aead;
61 TEST_IPSEC_COPY_DF_INNER_0 = 1,
62 TEST_IPSEC_COPY_DF_INNER_1,
63 TEST_IPSEC_SET_DF_0_INNER_1,
64 TEST_IPSEC_SET_DF_1_INNER_0,
67 #define TEST_IPSEC_DSCP_VAL 0x12
70 TEST_IPSEC_COPY_DSCP_INNER_0 = 1,
71 TEST_IPSEC_COPY_DSCP_INNER_1,
72 TEST_IPSEC_SET_DSCP_0_INNER_1,
73 TEST_IPSEC_SET_DSCP_1_INNER_0,
76 #define TEST_IPSEC_FLABEL_VAL 0x1234
79 TEST_IPSEC_COPY_FLABEL_INNER_0 = 1,
80 TEST_IPSEC_COPY_FLABEL_INNER_1,
81 TEST_IPSEC_SET_FLABEL_0_INNER_1,
82 TEST_IPSEC_SET_FLABEL_1_INNER_0,
85 struct ipsec_test_flags {
87 bool sa_expiry_pkts_soft;
88 bool sa_expiry_pkts_hard;
91 uint32_t tunnel_hdr_verify;
93 bool udp_ports_verify;
103 enum dscp_flags dscp;
104 enum flabel_flags flabel;
105 bool dec_ttl_or_hop_limit;
109 struct crypto_param {
110 enum rte_crypto_sym_xform_type type;
112 enum rte_crypto_cipher_algorithm cipher;
113 enum rte_crypto_auth_algorithm auth;
114 enum rte_crypto_aead_algorithm aead;
118 uint16_t digest_length;
121 static const struct crypto_param aead_list[] = {
123 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
124 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
128 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
129 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
133 .type = RTE_CRYPTO_SYM_XFORM_AEAD,
134 .alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
139 static const struct crypto_param cipher_list[] = {
141 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
142 .alg.cipher = RTE_CRYPTO_CIPHER_NULL,
147 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
148 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC,
153 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
154 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
159 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
160 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
165 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
166 .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
172 static const struct crypto_param auth_list[] = {
174 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
175 .alg.auth = RTE_CRYPTO_AUTH_NULL,
178 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
179 .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC,
184 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
185 .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC,
190 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
191 .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC,
196 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
197 .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
202 .type = RTE_CRYPTO_SYM_XFORM_AUTH,
203 .alg.auth = RTE_CRYPTO_AUTH_AES_GMAC,
210 struct crypto_param_comb {
211 const struct crypto_param *param1;
212 const struct crypto_param *param2;
215 extern struct ipsec_test_data pkt_aes_256_gcm;
216 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
217 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
218 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
220 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
221 (RTE_DIM(cipher_list) *
222 RTE_DIM(auth_list))];
224 extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)];
226 void test_ipsec_alg_list_populate(void);
228 void test_ipsec_ah_alg_list_populate(void);
230 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
231 const struct rte_security_capability *sec_cap,
234 int test_ipsec_crypto_caps_aead_verify(
235 const struct rte_security_capability *sec_cap,
236 struct rte_crypto_sym_xform *aead);
238 int test_ipsec_crypto_caps_cipher_verify(
239 const struct rte_security_capability *sec_cap,
240 struct rte_crypto_sym_xform *cipher);
242 int test_ipsec_crypto_caps_auth_verify(
243 const struct rte_security_capability *sec_cap,
244 struct rte_crypto_sym_xform *auth);
246 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
247 struct ipsec_test_data *td_in);
249 void test_ipsec_td_prepare(const struct crypto_param *param1,
250 const struct crypto_param *param2,
251 const struct ipsec_test_flags *flags,
252 struct ipsec_test_data *td_array,
255 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
256 const struct ipsec_test_data td_outb[],
258 const struct ipsec_test_flags *flags);
260 void test_ipsec_display_alg(const struct crypto_param *param1,
261 const struct crypto_param *param2);
263 int test_ipsec_post_process(struct rte_mbuf *m,
264 const struct ipsec_test_data *td,
265 struct ipsec_test_data *res_d, bool silent,
266 const struct ipsec_test_flags *flags);
268 int test_ipsec_status_check(const struct ipsec_test_data *td,
269 struct rte_crypto_op *op,
270 const struct ipsec_test_flags *flags,
271 enum rte_security_ipsec_sa_direction dir,
274 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
275 struct rte_security_session *sess,
276 const struct ipsec_test_flags *flags,
277 enum rte_security_ipsec_sa_direction dir);
279 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);