1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(C) 2021 Marvell.
3  */
4 
5 #ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_
6 #define _TEST_CRYPTODEV_SECURITY_IPSEC_H_
7 
8 #include <rte_cryptodev.h>
9 #include <rte_security.h>
10 
11 #define IPSEC_TEST_PACKETS_MAX 32
12 
13 struct ipsec_test_data {
14 	struct {
15 		uint8_t data[32];
16 	} key;
17 	struct {
18 		uint8_t data[32];
19 	} auth_key;
20 
21 	struct {
22 		uint8_t data[1024];
23 		unsigned int len;
24 	} input_text;
25 
26 	struct {
27 		uint8_t data[1024];
28 		unsigned int len;
29 	} output_text;
30 
31 	struct {
32 		uint8_t data[4];
33 		unsigned int len;
34 	} salt;
35 
36 	struct {
37 		uint8_t data[16];
38 	} iv;
39 
40 	struct rte_security_ipsec_xform ipsec_xform;
41 
42 	bool aead;
43 
44 	union {
45 		struct {
46 			struct rte_crypto_sym_xform cipher;
47 			struct rte_crypto_sym_xform auth;
48 		} chain;
49 		struct rte_crypto_sym_xform aead;
50 	} xform;
51 };
52 
53 struct ipsec_test_flags {
54 	bool display_alg;
55 	bool sa_expiry_pkts_soft;
56 	bool sa_expiry_pkts_hard;
57 	bool icv_corrupt;
58 	bool iv_gen;
59 	uint32_t tunnel_hdr_verify;
60 	bool udp_encap;
61 	bool udp_ports_verify;
62 	bool ip_csum;
63 	bool l4_csum;
64 	bool ipv6;
65 	bool tunnel_ipv6;
66 };
67 
68 struct crypto_param {
69 	enum rte_crypto_sym_xform_type type;
70 	union {
71 		enum rte_crypto_cipher_algorithm cipher;
72 		enum rte_crypto_auth_algorithm auth;
73 		enum rte_crypto_aead_algorithm aead;
74 	} alg;
75 	uint16_t key_length;
76 	uint16_t digest_length;
77 };
78 
79 static const struct crypto_param aead_list[] = {
80 	{
81 		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
82 		.alg.aead =  RTE_CRYPTO_AEAD_AES_GCM,
83 		.key_length = 16,
84 	},
85 	{
86 		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
87 		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
88 		.key_length = 24,
89 	},
90 	{
91 		.type = RTE_CRYPTO_SYM_XFORM_AEAD,
92 		.alg.aead = RTE_CRYPTO_AEAD_AES_GCM,
93 		.key_length = 32
94 	},
95 };
96 
97 static const struct crypto_param cipher_list[] = {
98 	{
99 		.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
100 		.alg.cipher =  RTE_CRYPTO_CIPHER_AES_CBC,
101 		.key_length = 16,
102 	},
103 };
104 
105 static const struct crypto_param auth_list[] = {
106 	{
107 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
108 		.alg.auth =  RTE_CRYPTO_AUTH_NULL,
109 	},
110 	{
111 		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
112 		.alg.auth =  RTE_CRYPTO_AUTH_SHA256_HMAC,
113 		.key_length = 32,
114 		.digest_length = 16,
115 	},
116 };
117 
118 struct crypto_param_comb {
119 	const struct crypto_param *param1;
120 	const struct crypto_param *param2;
121 };
122 
123 extern struct ipsec_test_data pkt_aes_256_gcm;
124 extern struct ipsec_test_data pkt_aes_256_gcm_v6;
125 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
126 extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
127 
128 extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
129 					 (RTE_DIM(cipher_list) *
130 					  RTE_DIM(auth_list))];
131 
132 void test_ipsec_alg_list_populate(void);
133 
134 int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
135 			       const struct rte_security_capability *sec_cap,
136 			       bool silent);
137 
138 int test_ipsec_crypto_caps_aead_verify(
139 		const struct rte_security_capability *sec_cap,
140 		struct rte_crypto_sym_xform *aead);
141 
142 int test_ipsec_crypto_caps_cipher_verify(
143 		const struct rte_security_capability *sec_cap,
144 		struct rte_crypto_sym_xform *cipher);
145 
146 int test_ipsec_crypto_caps_auth_verify(
147 		const struct rte_security_capability *sec_cap,
148 		struct rte_crypto_sym_xform *auth);
149 
150 void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,
151 			       struct ipsec_test_data *td_in);
152 
153 void test_ipsec_td_prepare(const struct crypto_param *param1,
154 			   const struct crypto_param *param2,
155 			   const struct ipsec_test_flags *flags,
156 			   struct ipsec_test_data *td_array,
157 			   int nb_td);
158 
159 void test_ipsec_td_update(struct ipsec_test_data td_inb[],
160 			  const struct ipsec_test_data td_outb[],
161 			  int nb_td,
162 			  const struct ipsec_test_flags *flags);
163 
164 void test_ipsec_display_alg(const struct crypto_param *param1,
165 			    const struct crypto_param *param2);
166 
167 int test_ipsec_post_process(struct rte_mbuf *m,
168 			    const struct ipsec_test_data *td,
169 			    struct ipsec_test_data *res_d, bool silent,
170 			    const struct ipsec_test_flags *flags);
171 
172 int test_ipsec_status_check(struct rte_crypto_op *op,
173 			    const struct ipsec_test_flags *flags,
174 			    enum rte_security_ipsec_sa_direction dir,
175 			    int pkt_num);
176 
177 #endif
178