.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
};
- if (td[0].aead) {
+ if (td[0].aead || td[0].aes_gmac) {
salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
+ }
+
+ if (td[0].aead) {
sess_conf.ipsec = ipsec_xform;
sess_conf.crypto_xform = &ut_params->aead_xform;
} else if (td[0].auth_only) {
if (td[i].aead)
len = td[i].xform.aead.aead.iv.length;
+ else if (td[i].aes_gmac)
+ len = td[i].xform.chain.auth.auth.iv.length;
else
len = td[i].xform.chain.cipher.cipher.iv.length;
memcpy(&td_outb, test_data, sizeof(td_outb));
- if ((td_outb.ipsec_xform.proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) &&
- (td_outb.aead || (td_outb.xform.chain.cipher.cipher.algo !=
- RTE_CRYPTO_CIPHER_NULL))) {
+ if (td_outb.aes_gmac || td_outb.aead ||
+ ((td_outb.ipsec_xform.proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) &&
+ (td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL))) {
/* Disable IV gen to be able to test with known vectors */
td_outb.ipsec_xform.options.iv_gen_disable = 1;
}
cipher_alg = td_outb->xform.chain.cipher.cipher.algo;
auth_alg = td_outb->xform.chain.auth.auth.algo;
+ if (td_outb->aes_gmac && cipher_alg != RTE_CRYPTO_CIPHER_NULL)
+ continue;
+
/* ICV is not applicable for NULL auth */
if (flags->icv_corrupt &&
auth_alg == RTE_CRYPTO_AUTH_NULL)
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec,
&pkt_ah_transport_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (AH transport mode IPv4 AES-GMAC 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_ah_ipv4_aes_gmac_128),
TEST_CASE_NAMED_WITH_DATA(
"Outbound fragmented packet",
ut_setup_security, ut_teardown,
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb,
&pkt_ah_transport_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (AH transport mode IPv4 AES-GMAC 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_ah_ipv4_aes_gmac_128),
TEST_CASE_NAMED_ST(
"Combined test alg list",
ut_setup_security, ut_teardown,
},
};
+struct ipsec_test_data pkt_ah_ipv4_aes_gmac_128 = {
+ .auth_key = {
+ .data = {
+ 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,
+ 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
+ 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,
+ 0xc0, 0xa8, 0xde, 0x02,
+
+ /* ICMP */
+ 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+ 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+ 0x58, 0x59, 0x5a, 0x5b,
+ },
+ .len = 128,
+ },
+ .output_text = {
+ .data = {
+ /* IP outer header */
+ 0x45, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00,
+ 0x40, 0x33, 0xab, 0xd1, 0xc0, 0xa8, 0x6f, 0x02,
+ 0xc0, 0xa8, 0xde, 0x02,
+
+ /* AH */
+ 0x01, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+ 0x00, 0x00, 0x00, 0x01,
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xd6, 0x0e, 0xcc, 0x22, 0x31, 0x79, 0x59, 0x72,
+ 0x68, 0xc9, 0x58, 0xfb, 0x8b, 0xb0, 0xbb, 0xd5,
+
+ /* ICMP */
+ 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+ 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+ 0x58, 0x59, 0x5a, 0x5b,
+ },
+ .len = 164,
+ },
+ .salt = {
+ .data = {
+ 0xca, 0xfe, 0xba, 0xbe,
+ },
+ .len = 4,
+ },
+
+ .iv = {
+ .data = {
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 0x7b,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .options.ip_csum_enable = 0,
+ .options.l4_csum_enable = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+ .aes_gmac = true,
+ .auth_only = true,
+
+ .xform = {
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_AES_GMAC,
+ .key.length = 16,
+ .digest_length = 16,
+ .iv.length = 12,
+ .iv.offset = IV_OFFSET,
+ },
+ },
+ },
+};
+
#endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */
git.droids-corp.org / dpdk.git / commitdiff