From: Anoob Joseph Date: Mon, 6 Dec 2021 11:07:59 +0000 (+0530) Subject: test/crypto: add AES-XCBC known vectors X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=67b5428db372f50a2fed8eec7a8b5720380ecc17;p=dpdk.git test/crypto: add AES-XCBC known vectors Add known vector test cases for NULL cipher + AES-XCBC. Also add both algos to the combined mode list of algos. Signed-off-by: Anoob Joseph Acked-by: Akhil Goyal --- diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 12a5c71660..7704cc2261 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9368,8 +9368,11 @@ test_ipsec_proto_known_vec(const void *test_data) memcpy(&td_outb, test_data, sizeof(td_outb)); - /* Disable IV gen to be able to test with known vectors */ - td_outb.ipsec_xform.options.iv_gen_disable = 1; + if (td_outb.aead || + td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL) { + /* Disable IV gen to be able to test with known vectors */ + td_outb.ipsec_xform.options.iv_gen_disable = 1; + } return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags); } @@ -9428,10 +9431,23 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) td_outb, nb_pkts); - if (flags->icv_corrupt && (td_outb->aead == false) && - (td_outb->xform.chain.auth.auth.algo == - RTE_CRYPTO_AUTH_NULL)) - continue; + if (!td_outb->aead) { + enum rte_crypto_cipher_algorithm cipher_alg; + enum rte_crypto_auth_algorithm auth_alg; + + cipher_alg = td_outb->xform.chain.cipher.cipher.algo; + auth_alg = td_outb->xform.chain.auth.auth.algo; + + /* ICV is not applicable for NULL auth */ + if (flags->icv_corrupt && + auth_alg == RTE_CRYPTO_AUTH_NULL) + continue; + + /* IV is not applicable for NULL cipher */ + if (flags->iv_gen && + cipher_alg == RTE_CRYPTO_CIPHER_NULL) + continue; + } ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, flags); @@ -14581,6 +14597,11 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_known_vec, &pkt_aes_128_cbc_hmac_sha256_v6), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_null_aes_xcbc), TEST_CASE_NAMED_WITH_DATA( "Outbound fragmented packet", ut_setup_security, ut_teardown, @@ -14626,6 +14647,11 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_hmac_sha256_v6), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_null_aes_xcbc), TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 832f9d844d..94e5213c89 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -375,6 +375,8 @@ test_ipsec_td_prepare(const struct crypto_param *param1, td->xform.chain.cipher.cipher.algo = param1->alg.cipher; td->xform.chain.cipher.cipher.key.length = param1->key_length; + td->xform.chain.cipher.cipher.iv.length = + param1->iv_length; td->xform.chain.auth.auth.algo = param2->alg.auth; td->xform.chain.auth.auth.key.length = param2->key_length; diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 3376d082c1..6e27eba804 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -76,6 +76,7 @@ struct crypto_param { enum rte_crypto_aead_algorithm aead; } alg; uint16_t key_length; + uint16_t iv_length; uint16_t digest_length; }; @@ -98,25 +99,35 @@ static const struct crypto_param aead_list[] = { }; static const struct crypto_param cipher_list[] = { + { + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .alg.cipher = RTE_CRYPTO_CIPHER_NULL, + .key_length = 0, + .iv_length = 0, + }, { .type = RTE_CRYPTO_SYM_XFORM_CIPHER, .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC, .key_length = 16, + .iv_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_CIPHER, .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, .key_length = 16, + .iv_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_CIPHER, .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, .key_length = 24, + .iv_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_CIPHER, .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, .key_length = 32, + .iv_length = 16, }, }; @@ -143,6 +154,12 @@ static const struct crypto_param auth_list[] = { .key_length = 64, .digest_length = 32, }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC, + .key_length = 16, + .digest_length = 12, + }, }; struct crypto_param_comb { diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h index b6d48adcaa..85cd6c51a8 100644 --- a/app/test/test_cryptodev_security_ipsec_test_vectors.h +++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h @@ -1062,4 +1062,94 @@ struct ipsec_test_data pkt_aes_128_gcm_frag = { }, }; +struct ipsec_test_data pkt_null_aes_xcbc = { + .auth_key = { + .data = { + 0x61, 0x31, 0x62, 0x32, 0x63, 0x33, 0x64, 0x34, + 0x65, 0x35, 0x66, 0x36, 0x67, 0x37, 0x68, 0x38, + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x2f, 0x49, 0x37, 0x00, 0x00, + 0x40, 0x11, 0x22, 0x84, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, 0x08, 0x00, 0x08, 0x00, + 0x00, 0x1b, 0x6d, 0x99, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + }, + .len = 47, + }, + .output_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x5c, 0x06, 0x00, 0x00, 0x00, + 0x40, 0x32, 0x13, 0x6c, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, + + /* IP */ + 0x45, 0x00, 0x00, 0x2f, 0x49, 0x37, 0x00, 0x00, + 0x40, 0x11, 0x22, 0x84, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, 0x08, 0x00, 0x08, 0x00, + 0x00, 0x1b, 0x6d, 0x99, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + + /* ESP trailer */ + 0x01, 0x02, 0x03, 0x03, 0x04, + + /* ICV */ + 0xf1, 0x52, 0x64, 0xd1, 0x9b, 0x62, 0x24, 0xdd, + 0xcc, 0x14, 0xf5, 0xc1, + }, + .len = 92, + }, + .ipsec_xform = { + .spi = 0x100, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .options.tunnel_hdr_verify = 0, + .options.ip_csum_enable = 0, + .options.l4_csum_enable = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .replay_win_sz = 0, + }, + .aead = false, + .xform = { + .chain.cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_NULL, + .key.length = 0, + .iv.length = 0, + }, + }, + .chain.auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, + .key.length = 16, + .digest_length = 12, + }, + }, + }, +}; + #endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */