1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(C) 2021 Marvell.
3  */
4 
5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
7 
8 #include <rte_cryptodev.h>
9 #include <rte_security.h>
10 
11 #define IPSEC_TEST_PACKETS_MAX 32
12 
13 struct ipsec_test_data {
14 	struct {
15 		uint8_t data[32];
16 	} key;
17 	struct {
18 		uint8_t data[64];
19 	} auth_key;
20 
21 	struct {
22 		uint8_t data[1024];
23 		unsigned int len;
24 	} input_text;
25 
26 	struct {
27 		uint8_t data[1024];
28 		unsigned int len;
29 	} output_text;
30 
31 	struct {
32 		uint8_t data[4];
33 		unsigned int len;
34 	} salt;
35 
36 	struct {
37 		uint8_t data[16];
38 	} iv;
39 
40 	struct rte_security_ipsec_xform ipsec_xform;
41 
42 	bool aead;
43 	/* Antireplay packet */
44 	bool ar_packet;
45 
46 	union {
47 		struct {
48 			struct rte_crypto_sym_xform cipher;
49 			struct rte_crypto_sym_xform auth;
50 		} chain;
51 		struct rte_crypto_sym_xform aead;
52 	} xform;
53 };
54 
55 enum df_flags {
56 	TEST_IPSEC_COPY_DF_INNER_0 = 1,
57 	TEST_IPSEC_COPY_DF_INNER_1,
58 	TEST_IPSEC_SET_DF_0_INNER_1,
59 	TEST_IPSEC_SET_DF_1_INNER_0,
60 };
61 
62 #define TEST_IPSEC_DSCP_VAL 0x12
63 
64 enum dscp_flags {
65 	TEST_IPSEC_COPY_DSCP_INNER_0 = 1,
66 	TEST_IPSEC_COPY_DSCP_INNER_1,
67 	TEST_IPSEC_SET_DSCP_0_INNER_1,
68 	TEST_IPSEC_SET_DSCP_1_INNER_0,
69 };
70 
71 struct ipsec_test_flags {
72 	bool display_alg;
73 	bool sa_expiry_pkts_soft;
74 	bool sa_expiry_pkts_hard;
75 	bool icv_corrupt;
76 	bool iv_gen;
77 	uint32_t tunnel_hdr_verify;
78 	bool udp_encap;
79 	bool udp_ports_verify;
80 	bool ip_csum;
81 	bool l4_csum;
82 	bool ipv6;
83 	bool tunnel_ipv6;
84 	bool transport;
85 	bool fragment;
86 	bool stats_success;
87 	bool antireplay;
88 	enum df_flags df;
89 	enum dscp_flags dscp;
90 };
91 
92 struct crypto_param {
93 	enum rte_crypto_sym_xform_type type;
94 	union {
95 		enum rte_crypto_cipher_algorithm cipher;
96 		enum rte_crypto_auth_algorithm auth;
97 		enum rte_crypto_aead_algorithm aead;
98 	} alg;
99 	uint16_t key_length;
100 	uint16_t iv_length;
101 	uint16_t digest_length;
102 };
103 
104 static const struct crypto_param aead_list[] = {
105 	{
106 		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
107 		.alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
108 		.key_length = 16,
109 	},
110 	{
111 		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
112 		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
113 		.key_length = 24,
114 	},
115 	{
116 		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
117 		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
118 		.key_length = 32
119 	},
120 };
121 
122 static const struct crypto_param cipher_list[] = {
123 	{
124 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
125 		.alg.cipher =  RTE_CRYPTO_CIPHER_NULL,
126 		.key_length = 0,
127 		.iv_length = 0,
128 	},
129 	{
130 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
131 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
132 		.key_length = 16,
133 		.iv_length = 16,
134 	},
135 	{
136 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
137 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
138 		.key_length = 16,
139 		.iv_length = 16,
140 	},
141 	{
142 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
143 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
144 		.key_length = 24,
145 		.iv_length = 16,
146 	},
147 	{
148 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
149 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CTR,
150 		.key_length = 32,
151 		.iv_length = 16,
152 	},
153 };
154 
155 static const struct crypto_param auth_list[] = {
156 	{
157 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
158 		.alg.auth =  RTE_CRYPTO_AUTH_NULL,
159 	},
160 	{
161 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
162 		.alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
163 		.key_length = 32,
164 		.digest_length = 16,
165 	},
166 	{
167 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
168 		.alg.auth =  RTE_CRYPTO_AUTH_SHA384_HMAC,
169 		.key_length = 48,
170 		.digest_length = 24,
171 	},
172 	{
173 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
174 		.alg.auth =  RTE_CRYPTO_AUTH_SHA512_HMAC,
175 		.key_length = 64,
176 		.digest_length = 32,
177 	},
178 	{
179 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
180 		.alg.auth =  RTE_CRYPTO_AUTH_AES_XCBC_MAC,
181 		.key_length = 16,
182 		.digest_length = 12,
183 	},
184 };
185 
186 struct crypto_param_comb {
187 	const struct crypto_param *param1;
188 	const struct crypto_param *param2;
189 };
190 
191 extern struct ipsec_test_data pkt_aes_256_gcm;
192 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
193 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
194 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
195 
196 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
197 					 (RTE_DIM(cipher_list) *
198 					  RTE_DIM(auth_list))];
199 
200 void test_ipsec_alg_list_populate(void);
201 
202 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
203 			       const struct rte_security_capability *sec_cap,
204 			       bool silent);
205 
206 int test_ipsec_crypto_caps_aead_verify(
207 		const struct rte_security_capability *sec_cap,
208 		struct rte_crypto_sym_xform *aead);
209 
210 int test_ipsec_crypto_caps_cipher_verify(
211 		const struct rte_security_capability *sec_cap,
212 		struct rte_crypto_sym_xform *cipher);
213 
214 int test_ipsec_crypto_caps_auth_verify(
215 		const struct rte_security_capability *sec_cap,
216 		struct rte_crypto_sym_xform *auth);
217 
218 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
219 			       struct ipsec_test_data *td_in);
220 
221 void test_ipsec_td_prepare(const struct crypto_param *param1,
222 			   const struct crypto_param *param2,
223 			   const struct ipsec_test_flags *flags,
224 			   struct ipsec_test_data *td_array,
225 			   int nb_td);
226 
227 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
228 			  const struct ipsec_test_data td_outb[],
229 			  int nb_td,
230 			  const struct ipsec_test_flags *flags);
231 
232 void test_ipsec_display_alg(const struct crypto_param *param1,
233 			    const struct crypto_param *param2);
234 
235 int test_ipsec_post_process(struct rte_mbuf *m,
236 			    const struct ipsec_test_data *td,
237 			    struct ipsec_test_data *res_d, bool silent,
238 			    const struct ipsec_test_flags *flags);
239 
240 int test_ipsec_status_check(const struct ipsec_test_data *td,
241 			    struct rte_crypto_op *op,
242 			    const struct ipsec_test_flags *flags,
243 			    enum rte_security_ipsec_sa_direction dir,
244 			    int pkt_num);
245 
246 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
247 			    struct rte_security_session *sess,
248 			    const struct ipsec_test_flags *flags,
249 			    enum rte_security_ipsec_sa_direction dir);
250 
251 int test_ipsec_pkt_update(uint8_t *pkt, const struct ipsec_test_flags *flags);
252 
253 #endif
254