Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/96393/?format=api
{ "id": 96393, "url": "http://patchwork.dpdk.org/api/patches/96393/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/1627555402-4789-2-git-send-email-anoobj@marvell.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1627555402-4789-2-git-send-email-anoobj@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1627555402-4789-2-git-send-email-anoobj@marvell.com", "date": "2021-07-29T10:43:20", "name": "[21.11,1/3] test/crypto: add lookaside IPsec tests", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "eef5a05e89bc822ad004f9c7b52dfe1fa5412ea7", "submitter": { "id": 1205, "url": "http://patchwork.dpdk.org/api/people/1205/?format=api", "name": "Anoob Joseph", "email": "anoobj@marvell.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/1627555402-4789-2-git-send-email-anoobj@marvell.com/mbox/", "series": [ { "id": 18061, "url": "http://patchwork.dpdk.org/api/series/18061/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=18061", "date": "2021-07-29T10:43:19", "name": "Add lookaside IPsec tests", "version": 1, "mbox": "http://patchwork.dpdk.org/series/18061/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/96393/comments/", "check": "success", "checks": "http://patchwork.dpdk.org/api/patches/96393/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 5154FA0C40;\n\tThu, 29 Jul 2021 12:43:46 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 369A0410F0;\n\tThu, 29 Jul 2021 12:43:46 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 7DA7D410EF\n for <dev@dpdk.org>; Thu, 29 Jul 2021 12:43:44 +0200 (CEST)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id\n 16TAeAMv006845; Thu, 29 Jul 2021 03:43:43 -0700", "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0a-0016f401.pphosted.com with ESMTP id 3a37vvv2hf-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Thu, 29 Jul 2021 03:43:43 -0700", "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Thu, 29 Jul 2021 03:43:41 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Thu, 29 Jul 2021 03:43:41 -0700", "from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218])\n by maili.marvell.com (Postfix) with ESMTP id 17D803F7061;\n Thu, 29 Jul 2021 03:43:35 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=sMsxIOtUO/0dDDSdq5QgA6v9iG2NShVfttk4Vei0cXU=;\n b=geIgC4SU9ocPfwaCYj1rZFWsfzOL53uqQSd5kiRkiK20H6IGnlpUMnt7qrdL2T3iVbmO\n 2FmAtxnH640t7VvxSqUn8xVwxWvTjmL3zsYKA0XBBMWROFsDX6YVWDhgPUHHYsB2+rmL\n 4dvq/qJvyiIGJLn/F3U3bNmbz/GDpQ0dehTCOxaz7pL8QxnCr/unuVJRaoXIiEzgYAKl\n aNkvZDV3LpAkyT/kA8ICcua7oVMnTl4mqabn5E9/2ITe2A2nKhFGiFEH2ivC2FztG1d6\n dkVLea2HLz9s/sm8dQlAr149jI6tb8qRrwpMSr5rBe0HohiQLZrffc7r26KSF2j4h2J5 mA==", "From": "Anoob Joseph <anoobj@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>, Declan Doherty\n <declan.doherty@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>,\n \"Konstantin Ananyev\" <konstantin.ananyev@intel.com>", "CC": "Anoob Joseph <anoobj@marvell.com>, Jerin Jacob <jerinj@marvell.com>,\n \"Ankur Dwivedi\" <adwivedi@marvell.com>, Tejasree Kondoj\n <ktejasree@marvell.com>, <dev@dpdk.org>", "Date": "Thu, 29 Jul 2021 16:13:20 +0530", "Message-ID": "<1627555402-4789-2-git-send-email-anoobj@marvell.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1627555402-4789-1-git-send-email-anoobj@marvell.com>", "References": "<1627555402-4789-1-git-send-email-anoobj@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-ORIG-GUID": "zE772j9CYHvFzYkH3kD4FfMyTPeXRbDg", "X-Proofpoint-GUID": "zE772j9CYHvFzYkH3kD4FfMyTPeXRbDg", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790\n definitions=2021-07-29_09:2021-07-29,\n 2021-07-29 signatures=0", "Subject": "[dpdk-dev] [PATCH 21.11 1/3] test/crypto: add lookaside IPsec tests", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Added test case for lookaside IPsec. Following tests are added,\n\n1. Inbound known vector [AES-GCM 128, 192 & 256]\n2. Outbound known vector [AES-GCM 128, 192 & 256]\n\nSigned-off-by: Anoob Joseph <anoobj@marvell.com>\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n app/test/meson.build | 1 +\n app/test/test.h | 6 +\n app/test/test_cryptodev.c | 250 ++++++++++++++++\n app/test/test_cryptodev_security_ipsec.c | 202 +++++++++++++\n app/test/test_cryptodev_security_ipsec.h | 66 +++++\n .../test_cryptodev_security_ipsec_test_vectors.h | 321 +++++++++++++++++++++\n 6 files changed, 846 insertions(+)\n create mode 100644 app/test/test_cryptodev_security_ipsec.c\n create mode 100644 app/test/test_cryptodev_security_ipsec.h\n create mode 100644 app/test/test_cryptodev_security_ipsec_test_vectors.h", "diff": "diff --git a/app/test/meson.build b/app/test/meson.build\nindex 88aae44..4cfa022 100644\n--- a/app/test/meson.build\n+++ b/app/test/meson.build\n@@ -31,6 +31,7 @@ test_sources = files(\n 'test_cryptodev.c',\n 'test_cryptodev_asym.c',\n 'test_cryptodev_blockcipher.c',\n+ 'test_cryptodev_security_ipsec.c',\n 'test_cryptodev_security_pdcp.c',\n 'test_cycles.c',\n 'test_debug.c',\ndiff --git a/app/test/test.h b/app/test/test.h\nindex c3b2a87..7115edf 100644\n--- a/app/test/test.h\n+++ b/app/test/test.h\n@@ -124,6 +124,12 @@ struct unit_test_case {\n #define TEST_CASE_WITH_DATA(setup, teardown, testcase, data) \\\n \t\t{ setup, teardown, NULL, testcase, #testcase, 1, data }\n \n+#define TEST_CASE_NAMED_ST(name, setup, teardown, testcase) \\\n+\t\t{ setup, teardown, NULL, testcase, name, 1, NULL }\n+\n+#define TEST_CASE_NAMED_WITH_DATA(name, setup, teardown, testcase, data) \\\n+\t\t{ setup, teardown, NULL, testcase, name, 1, data }\n+\n #define TEST_CASE_DISABLED(fn) { NULL, NULL, fn, NULL, #fn, 0, NULL }\n \n #define TEST_CASE_ST_DISABLED(setup, teardown, testcase) \\\ndiff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c\nindex ead8c6e..6e5bd69 100644\n--- a/app/test/test_cryptodev.c\n+++ b/app/test/test_cryptodev.c\n@@ -17,6 +17,7 @@\n #include <rte_crypto.h>\n #include <rte_cryptodev.h>\n #include <rte_cryptodev_pmd.h>\n+#include <rte_ip.h>\n #include <rte_string_fns.h>\n \n #ifdef RTE_CRYPTO_SCHEDULER\n@@ -42,6 +43,8 @@\n #include \"test_cryptodev_hmac_test_vectors.h\"\n #include \"test_cryptodev_mixed_test_vectors.h\"\n #ifdef RTE_LIB_SECURITY\n+#include \"test_cryptodev_security_ipsec.h\"\n+#include \"test_cryptodev_security_ipsec_test_vectors.h\"\n #include \"test_cryptodev_security_pdcp_test_vectors.h\"\n #include \"test_cryptodev_security_pdcp_sdap_test_vectors.h\"\n #include \"test_cryptodev_security_pdcp_test_func.h\"\n@@ -128,6 +131,13 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,\n \t\tconst uint8_t *digest,\n \t\tconst uint8_t *iv);\n \n+static int\n+security_proto_supported(enum rte_security_session_action_type action,\n+\tenum rte_security_session_protocol proto);\n+\n+static int\n+dev_configure_and_start(uint64_t ff_disable);\n+\n static struct rte_mbuf *\n setup_test_string(struct rte_mempool *mpool,\n \t\tconst char *string, size_t len, uint8_t blocksize)\n@@ -757,6 +767,42 @@ crypto_gen_testsuite_setup(void)\n \n #ifdef RTE_LIB_SECURITY\n static int\n+ipsec_proto_testsuite_setup(void)\n+{\n+\tstruct crypto_testsuite_params *ts_params = &testsuite_params;\n+\tstruct crypto_unittest_params *ut_params = &unittest_params;\n+\tstruct rte_cryptodev_info dev_info;\n+\n+\trte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);\n+\n+\tif (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) {\n+\t\tRTE_LOG(INFO, USER1, \"Feature flag requirements for IPsec Proto \"\n+\t\t\t\t\"testsuite not met\\n\");\n+\t\treturn TEST_SKIPPED;\n+\t}\n+\n+\t/* Reconfigure to enable security */\n+\tdev_configure_and_start(RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |\n+\t\t\t\tRTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO);\n+\n+\t/* Set action type */\n+\tut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;\n+\n+\tif (security_proto_supported(\n+\t\t\tRTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,\n+\t\t\tRTE_SECURITY_PROTOCOL_IPSEC) < 0) {\n+\t\tRTE_LOG(INFO, USER1, \"Capability requirements for IPsec Proto \"\n+\t\t\t\t\"test not met\\n\");\n+\t\treturn TEST_SKIPPED;\n+\t}\n+\n+\t/* Stop the device */\n+\trte_cryptodev_stop(ts_params->valid_devs[0]);\n+\n+\treturn 0;\n+}\n+\n+static int\n pdcp_proto_testsuite_setup(void)\n {\n \tstruct crypto_testsuite_params *ts_params = &testsuite_params;\n@@ -8814,6 +8860,177 @@ test_PDCP_SDAP_PROTO_decap_all(void)\n }\n \n static int\n+test_ipsec_proto_process(const struct ipsec_test_data td[],\n+\t\t\t struct ipsec_test_data res_d[],\n+\t\t\t int nb_td,\n+\t\t\t bool silent)\n+{\n+\tstruct crypto_testsuite_params *ts_params = &testsuite_params;\n+\tstruct crypto_unittest_params *ut_params = &unittest_params;\n+\tstruct rte_security_capability_idx sec_cap_idx;\n+\tconst struct rte_security_capability *sec_cap;\n+\tstruct rte_security_ipsec_xform ipsec_xform;\n+\tuint8_t dev_id = ts_params->valid_devs[0];\n+\tenum rte_security_ipsec_sa_direction dir;\n+\tuint32_t src = RTE_IPV4(192, 168, 1, 0);\n+\tuint32_t dst = RTE_IPV4(192, 168, 1, 1);\n+\tint salt_len, i, ret = TEST_SUCCESS;\n+\tstruct rte_security_ctx *ctx;\n+\tuint8_t *input_text;\n+\n+\tut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;\n+\tgbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;\n+\n+\t/* Use first test data to create session */\n+\n+\t/* Copy IPsec xform */\n+\tmemcpy(&ipsec_xform, &td[0].ipsec_xform, sizeof(ipsec_xform));\n+\n+\tmemcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));\n+\tmemcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));\n+\n+\tdir = ipsec_xform.direction;\n+\n+\tctx = rte_cryptodev_get_sec_ctx(dev_id);\n+\n+\tsec_cap_idx.action = ut_params->type;\n+\tsec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_IPSEC;\n+\tsec_cap_idx.ipsec.proto = ipsec_xform.proto;\n+\tsec_cap_idx.ipsec.mode = ipsec_xform.mode;\n+\tsec_cap_idx.ipsec.direction = ipsec_xform.direction;\n+\n+\tsec_cap = rte_security_capability_get(ctx, &sec_cap_idx);\n+\tif (sec_cap == NULL)\n+\t\treturn TEST_SKIPPED;\n+\n+\t/* Copy cipher session parameters */\n+\tif (td[0].aead) {\n+\t\tmemcpy(&ut_params->aead_xform, &td[0].xform.aead,\n+\t\t sizeof(ut_params->aead_xform));\n+\t\tut_params->aead_xform.aead.key.data = td[0].key.data;\n+\t\tut_params->aead_xform.aead.iv.offset = IV_OFFSET;\n+\n+\t\t/* Verify crypto capabilities */\n+\t\tif (test_ipsec_crypto_caps_aead_verify(\n+\t\t\t\tsec_cap,\n+\t\t\t\t&ut_params->aead_xform) != 0) {\n+\t\t\tif (!silent)\n+\t\t\t\tRTE_LOG(INFO, USER1,\n+\t\t\t\t\t\"Crypto capabilities not supported\\n\");\n+\t\t\treturn TEST_SKIPPED;\n+\t\t}\n+\t} else {\n+\t\t/* Only AEAD supported now */\n+\t\treturn TEST_SKIPPED;\n+\t}\n+\n+\tif (test_ipsec_sec_caps_verify(&ipsec_xform, sec_cap, silent) != 0)\n+\t\treturn TEST_SKIPPED;\n+\n+\tsalt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);\n+\tmemcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);\n+\n+\tstruct rte_security_session_conf sess_conf = {\n+\t\t.action_type = ut_params->type,\n+\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t.ipsec = ipsec_xform,\n+\t\t.crypto_xform = &ut_params->aead_xform,\n+\t};\n+\n+\t/* Create security session */\n+\tut_params->sec_session = rte_security_session_create(ctx, &sess_conf,\n+\t\t\t\t\tts_params->session_mpool,\n+\t\t\t\t\tts_params->session_priv_mpool);\n+\n+\tif (ut_params->sec_session == NULL)\n+\t\treturn TEST_SKIPPED;\n+\n+\tfor (i = 0; i < nb_td; i++) {\n+\t\t/* Setup source mbuf payload */\n+\t\tut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);\n+\t\tmemset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,\n+\t\t\t\trte_pktmbuf_tailroom(ut_params->ibuf));\n+\n+\t\tinput_text = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,\n+\t\t\t\ttd[i].input_text.len);\n+\n+\t\tmemcpy(input_text, td[i].input_text.data,\n+\t\t td[i].input_text.len);\n+\n+\t\t/* Generate crypto op data structure */\n+\t\tut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,\n+\t\t\t\t\tRTE_CRYPTO_OP_TYPE_SYMMETRIC);\n+\t\tif (!ut_params->op) {\n+\t\t\tprintf(\"TestCase %s line %d: %s\\n\",\n+\t\t\t\t__func__, __LINE__,\n+\t\t\t\t\"failed to allocate crypto op\");\n+\t\t\tret = TEST_FAILED;\n+\t\t\tgoto crypto_op_free;\n+\t\t}\n+\n+\t\t/* Attach session to operation */\n+\t\trte_security_attach_session(ut_params->op,\n+\t\t\t\t\t ut_params->sec_session);\n+\n+\t\t/* Set crypto operation mbufs */\n+\t\tut_params->op->sym->m_src = ut_params->ibuf;\n+\t\tut_params->op->sym->m_dst = NULL;\n+\n+\t\t/* Copy IV at the end of the crypto operation for egress */\n+\t\tif (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)\n+\t\t\trte_memcpy(rte_crypto_op_ctod_offset(ut_params->op,\n+\t\t\t\t uint8_t *, IV_OFFSET),\n+\t\t\t\t td[i].iv.data,\n+\t\t\t\t td[i].xform.aead.aead.iv.length);\n+\n+\t\t/* Process crypto operation */\n+\t\tprocess_crypto_request(dev_id, ut_params->op);\n+\n+\t\tret = test_ipsec_status_check(ut_params->op, dir);\n+\t\tif (ret != TEST_SUCCESS)\n+\t\t\tgoto crypto_op_free;\n+\n+\t\tret = test_ipsec_post_process(ut_params->ibuf, &td[i],\n+\t\t\t\t\t &res_d[i], silent);\n+\n+\t\trte_crypto_op_free(ut_params->op);\n+\t\tut_params->op = NULL;\n+\n+\t\trte_pktmbuf_free(ut_params->ibuf);\n+\t\tut_params->ibuf = NULL;\n+\t}\n+\n+crypto_op_free:\n+\trte_crypto_op_free(ut_params->op);\n+\tut_params->op = NULL;\n+\n+\trte_pktmbuf_free(ut_params->ibuf);\n+\tut_params->ibuf = NULL;\n+\n+\tif (ut_params->sec_session)\n+\t\trte_security_session_destroy(ctx, ut_params->sec_session);\n+\tut_params->sec_session = NULL;\n+\n+\treturn ret;\n+}\n+\n+static int\n+test_ipsec_proto_known_vec(const void *test_data)\n+{\n+\treturn test_ipsec_proto_process(test_data, NULL, 1, false);\n+}\n+\n+static int\n+test_ipsec_proto_known_vec_inb(const void *td_outb)\n+{\n+\tstruct ipsec_test_data td_inb;\n+\n+\ttest_ipsec_td_in_from_out(td_outb, &td_inb);\n+\n+\treturn test_ipsec_proto_process(&td_inb, NULL, 1, false);\n+}\n+\n+static int\n test_PDCP_PROTO_all(void)\n {\n \tstruct crypto_testsuite_params *ts_params = &testsuite_params;\n@@ -13703,6 +13920,38 @@ static struct unit_test_suite end_testsuite = {\n };\n \n #ifdef RTE_LIB_SECURITY\n+static struct unit_test_suite ipsec_proto_testsuite = {\n+\t.suite_name = \"IPsec Proto Unit Test Suite\",\n+\t.setup = ipsec_proto_testsuite_setup,\n+\t.unit_test_cases = {\n+\t\tTEST_CASE_NAMED_WITH_DATA(\n+\t\t\t\"Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)\",\n+\t\t\tut_setup_security, ut_teardown,\n+\t\t\ttest_ipsec_proto_known_vec, &pkt_aes_128_gcm),\n+\t\tTEST_CASE_NAMED_WITH_DATA(\n+\t\t\t\"Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)\",\n+\t\t\tut_setup_security, ut_teardown,\n+\t\t\ttest_ipsec_proto_known_vec, &pkt_aes_192_gcm),\n+\t\tTEST_CASE_NAMED_WITH_DATA(\n+\t\t\t\"Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)\",\n+\t\t\tut_setup_security, ut_teardown,\n+\t\t\ttest_ipsec_proto_known_vec, &pkt_aes_256_gcm),\n+\t\tTEST_CASE_NAMED_WITH_DATA(\n+\t\t\t\"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)\",\n+\t\t\tut_setup_security, ut_teardown,\n+\t\t\ttest_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),\n+\t\tTEST_CASE_NAMED_WITH_DATA(\n+\t\t\t\"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 192)\",\n+\t\t\tut_setup_security, ut_teardown,\n+\t\t\ttest_ipsec_proto_known_vec_inb, &pkt_aes_192_gcm),\n+\t\tTEST_CASE_NAMED_WITH_DATA(\n+\t\t\t\"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 256)\",\n+\t\t\tut_setup_security, ut_teardown,\n+\t\t\ttest_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm),\n+\t\tTEST_CASES_END() /**< NULL terminate unit test array */\n+\t}\n+};\n+\n static struct unit_test_suite pdcp_proto_testsuite = {\n \t.suite_name = \"PDCP Proto Unit Test Suite\",\n \t.setup = pdcp_proto_testsuite_setup,\n@@ -14489,6 +14738,7 @@ run_cryptodev_testsuite(const char *pmd_name)\n \t\t&cryptodev_negative_hmac_sha1_testsuite,\n \t\t&cryptodev_gen_testsuite,\n #ifdef RTE_LIB_SECURITY\n+\t\t&ipsec_proto_testsuite,\n \t\t&pdcp_proto_testsuite,\n \t\t&docsis_proto_testsuite,\n #endif\ndiff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c\nnew file mode 100644\nindex 0000000..789d39c\n--- /dev/null\n+++ b/app/test/test_cryptodev_security_ipsec.c\n@@ -0,0 +1,202 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2021 Marvell.\n+ */\n+\n+#include <rte_common.h>\n+#include <rte_cryptodev.h>\n+#include <rte_ip.h>\n+#include <rte_security.h>\n+\n+#include \"test.h\"\n+#include \"test_cryptodev_security_ipsec.h\"\n+\n+int\n+test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,\n+\t\t\t const struct rte_security_capability *sec_cap,\n+\t\t\t bool silent)\n+{\n+\t/* Verify security capabilities */\n+\n+\tif (ipsec_xform->options.esn == 1 && sec_cap->ipsec.options.esn == 0) {\n+\t\tif (!silent)\n+\t\t\tRTE_LOG(INFO, USER1, \"ESN is not supported\\n\");\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tif (ipsec_xform->options.udp_encap == 1 &&\n+\t sec_cap->ipsec.options.udp_encap == 0) {\n+\t\tif (!silent)\n+\t\t\tRTE_LOG(INFO, USER1, \"UDP encapsulation is not supported\\n\");\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tif (ipsec_xform->options.copy_dscp == 1 &&\n+\t sec_cap->ipsec.options.copy_dscp == 0) {\n+\t\tif (!silent)\n+\t\t\tRTE_LOG(INFO, USER1, \"Copy DSCP is not supported\\n\");\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tif (ipsec_xform->options.copy_flabel == 1 &&\n+\t sec_cap->ipsec.options.copy_flabel == 0) {\n+\t\tif (!silent)\n+\t\t\tRTE_LOG(INFO, USER1, \"Copy Flow Label is not supported\\n\");\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tif (ipsec_xform->options.copy_df == 1 &&\n+\t sec_cap->ipsec.options.copy_df == 0) {\n+\t\tif (!silent)\n+\t\t\tRTE_LOG(INFO, USER1, \"Copy DP bit is not supported\\n\");\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tif (ipsec_xform->options.dec_ttl == 1 &&\n+\t sec_cap->ipsec.options.dec_ttl == 0) {\n+\t\tif (!silent)\n+\t\t\tRTE_LOG(INFO, USER1, \"Decrement TTL is not supported\\n\");\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tif (ipsec_xform->options.ecn == 1 && sec_cap->ipsec.options.ecn == 0) {\n+\t\tif (!silent)\n+\t\t\tRTE_LOG(INFO, USER1, \"ECN is not supported\\n\");\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tif (ipsec_xform->options.stats == 1 &&\n+\t sec_cap->ipsec.options.stats == 0) {\n+\t\tif (!silent)\n+\t\t\tRTE_LOG(INFO, USER1, \"Stats is not supported\\n\");\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+int\n+test_ipsec_crypto_caps_aead_verify(\n+\t\tconst struct rte_security_capability *sec_cap,\n+\t\tstruct rte_crypto_sym_xform *aead)\n+{\n+\tconst struct rte_cryptodev_symmetric_capability *sym_cap;\n+\tconst struct rte_cryptodev_capabilities *crypto_cap;\n+\tint j = 0;\n+\n+\twhile ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op !=\n+\t\t\tRTE_CRYPTO_OP_TYPE_UNDEFINED) {\n+\t\tif (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC &&\n+\t\t\t\tcrypto_cap->sym.xform_type == aead->type &&\n+\t\t\t\tcrypto_cap->sym.aead.algo == aead->aead.algo) {\n+\t\t\tsym_cap = &crypto_cap->sym;\n+\t\t\tif (rte_cryptodev_sym_capability_check_aead(sym_cap,\n+\t\t\t\t\taead->aead.key.length,\n+\t\t\t\t\taead->aead.digest_length,\n+\t\t\t\t\taead->aead.aad_length,\n+\t\t\t\t\taead->aead.iv.length) == 0)\n+\t\t\t\treturn 0;\n+\t\t}\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n+void\n+test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,\n+\t\t\t struct ipsec_test_data *td_in)\n+{\n+\tmemcpy(td_in, td_out, sizeof(*td_in));\n+\n+\t/* Populate output text of td_in with input text of td_out */\n+\tmemcpy(td_in->output_text.data, td_out->input_text.data,\n+\t td_out->input_text.len);\n+\ttd_in->output_text.len = td_out->input_text.len;\n+\n+\t/* Populate input text of td_in with output text of td_out */\n+\tmemcpy(td_in->input_text.data, td_out->output_text.data,\n+\t td_out->output_text.len);\n+\ttd_in->input_text.len = td_out->output_text.len;\n+\n+\ttd_in->ipsec_xform.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;\n+\n+\tif (td_in->aead) {\n+\t\ttd_in->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;\n+\t} else {\n+\t\ttd_in->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;\n+\t\ttd_in->xform.chain.cipher.cipher.op =\n+\t\t\t\tRTE_CRYPTO_CIPHER_OP_DECRYPT;\n+\t}\n+}\n+\n+static int\n+test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,\n+\t\t bool silent)\n+{\n+\tuint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);\n+\tuint32_t skip = 0, len = rte_pktmbuf_pkt_len(m);\n+\n+\tif (len != td->output_text.len) {\n+\t\tprintf(\"Output length (%d) not matching with expected (%d)\\n\",\n+\t\t\tlen, td->output_text.len);\n+\t\treturn TEST_FAILED;\n+\t}\n+\n+\tif (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {\n+\t\tif (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {\n+\t\t\tif (td->ipsec_xform.tunnel.type ==\n+\t\t\t\t\tRTE_SECURITY_IPSEC_TUNNEL_IPV4)\n+\t\t\t\tskip += sizeof(struct rte_ipv4_hdr);\n+\t\t\telse\n+\t\t\t\tskip += sizeof(struct rte_ipv6_hdr);\n+\t\t}\n+\t}\n+\n+\tlen -= skip;\n+\toutput_text += skip;\n+\n+\tif (memcmp(output_text, td->output_text.data + skip, len)) {\n+\t\tif (silent)\n+\t\t\treturn TEST_FAILED;\n+\n+\t\tprintf(\"TestCase %s line %d: %s\\n\", __func__, __LINE__,\n+\t\t\t\"output text not as expected\\n\");\n+\n+\t\trte_hexdump(stdout, \"expected\", td->output_text.data + skip,\n+\t\t\t len);\n+\t\trte_hexdump(stdout, \"actual\", output_text, len);\n+\t\treturn TEST_FAILED;\n+\t}\n+\n+\treturn TEST_SUCCESS;\n+}\n+\n+int\n+test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,\n+\t\t\tstruct ipsec_test_data *res_d, bool silent)\n+{\n+\t/*\n+\t * In case of known vector tests & all inbound tests, res_d provided\n+\t * would be NULL and output data need to be validated against expected.\n+\t * For inbound, output_text would be plain packet and for outbound\n+\t * output_text would IPsec packet. Validate by comparing against\n+\t * known vectors.\n+\t */\n+\tRTE_SET_USED(res_d);\n+\treturn test_ipsec_td_verify(m, td, silent);\n+}\n+\n+int\n+test_ipsec_status_check(struct rte_crypto_op *op,\n+\t\t\tenum rte_security_ipsec_sa_direction dir)\n+{\n+\tint ret = TEST_SUCCESS;\n+\n+\tif (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {\n+\t\tprintf(\"Security op processing failed\\n\");\n+\t\tret = TEST_FAILED;\n+\t}\n+\n+\tRTE_SET_USED(dir);\n+\n+\treturn ret;\n+}\ndiff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h\nnew file mode 100644\nindex 0000000..5f1b46d\n--- /dev/null\n+++ b/app/test/test_cryptodev_security_ipsec.h\n@@ -0,0 +1,66 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2021 Marvell.\n+ */\n+\n+#ifndef _TEST_CRYPTODEV_SECURITY_IPSEC_H_\n+#define _TEST_CRYPTODEV_SECURITY_IPSEC_H_\n+\n+#include <rte_cryptodev.h>\n+#include <rte_security.h>\n+\n+struct ipsec_test_data {\n+\tstruct {\n+\t\tuint8_t data[32];\n+\t} key;\n+\n+\tstruct {\n+\t\tuint8_t data[1024];\n+\t\tunsigned int len;\n+\t} input_text;\n+\n+\tstruct {\n+\t\tuint8_t data[1024];\n+\t\tunsigned int len;\n+\t} output_text;\n+\n+\tstruct {\n+\t\tuint8_t data[4];\n+\t\tunsigned int len;\n+\t} salt;\n+\n+\tstruct {\n+\t\tuint8_t data[16];\n+\t} iv;\n+\n+\tstruct rte_security_ipsec_xform ipsec_xform;\n+\n+\tbool aead;\n+\n+\tunion {\n+\t\tstruct {\n+\t\t\tstruct rte_crypto_sym_xform cipher;\n+\t\t\tstruct rte_crypto_sym_xform auth;\n+\t\t} chain;\n+\t\tstruct rte_crypto_sym_xform aead;\n+\t} xform;\n+};\n+\n+int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,\n+\t\t\t const struct rte_security_capability *sec_cap,\n+\t\t\t bool silent);\n+\n+int test_ipsec_crypto_caps_aead_verify(\n+\t\tconst struct rte_security_capability *sec_cap,\n+\t\tstruct rte_crypto_sym_xform *aead);\n+\n+void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out,\n+\t\t\t struct ipsec_test_data *td_in);\n+\n+int test_ipsec_post_process(struct rte_mbuf *m,\n+\t\t\t const struct ipsec_test_data *td,\n+\t\t\t struct ipsec_test_data *res_d, bool silent);\n+\n+int test_ipsec_status_check(struct rte_crypto_op *op,\n+\t\t\t enum rte_security_ipsec_sa_direction dir);\n+\n+#endif\ndiff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h\nnew file mode 100644\nindex 0000000..ae9cd24\n--- /dev/null\n+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h\n@@ -0,0 +1,321 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2021 Marvell\n+ */\n+\n+#ifndef TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_\n+#define TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_\n+\n+#include <rte_crypto.h>\n+#include <rte_security.h>\n+\n+#include \"test_cryptodev_security_ipsec.h\"\n+\n+/*\n+ * Known vectors\n+ *\n+ * AES-GCM vectors are based on :\n+ * https://datatracker.ietf.org/doc/html/draft-mcgrew-gcm-test-01\n+ *\n+ * Vectors are updated to have corrected L4 checksum and sequence number 1.\n+ */\n+\n+struct ipsec_test_data pkt_aes_128_gcm = {\n+\t.key = {\n+\t\t.data = {\n+\t\t\t0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,\n+\t\t\t0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08\n+\t\t},\n+\t},\n+\t.input_text = {\n+\t\t.data = {\n+\t\t\t/* IP */\n+\t\t\t0x45, 0x00, 0x00, 0x3e, 0x69, 0x8f, 0x00, 0x00,\n+\t\t\t0x80, 0x11, 0x4d, 0xcc, 0xc0, 0xa8, 0x01, 0x02,\n+\t\t\t0xc0, 0xa8, 0x01, 0x01,\n+\n+\t\t\t/* UDP */\n+\t\t\t0x0a, 0x98, 0x00, 0x35, 0x00, 0x2a, 0x23, 0x43,\n+\t\t\t0xb2, 0xd0, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00,\n+\t\t\t0x00, 0x00, 0x00, 0x00, 0x03, 0x73, 0x69, 0x70,\n+\t\t\t0x09, 0x63, 0x79, 0x62, 0x65, 0x72, 0x63, 0x69,\n+\t\t\t0x74, 0x79, 0x02, 0x64, 0x6b, 0x00, 0x00, 0x01,\n+\t\t\t0x00, 0x01,\n+\t\t},\n+\t\t.len = 62,\n+\t},\n+\t.output_text = {\n+\t\t.data = {\n+\t\t\t/* IP - outer header */\n+\t\t\t0x45, 0x00, 0x00, 0x74, 0x69, 0x8f, 0x00, 0x00,\n+\t\t\t0x80, 0x32, 0x4d, 0x75, 0xc0, 0xa8, 0x01, 0x02,\n+\t\t\t0xc0, 0xa8, 0x01, 0x01,\n+\n+\t\t\t/* ESP */\n+\t\t\t0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x01,\n+\n+\t\t\t/* IV */\n+\t\t\t0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88,\n+\n+\t\t\t/* Data */\n+\t\t\t0xde, 0xb2, 0x2c, 0xd9, 0xb0, 0x7c, 0x72, 0xc1,\n+\t\t\t0x6e, 0x3a, 0x65, 0xbe, 0xeb, 0x8d, 0xf3, 0x04,\n+\t\t\t0xa5, 0xa5, 0x89, 0x7d, 0x33, 0xae, 0x53, 0x0f,\n+\t\t\t0x1b, 0xa7, 0x6d, 0x5d, 0x11, 0x4d, 0x2a, 0x5c,\n+\t\t\t0x3d, 0xe8, 0x18, 0x27, 0xc1, 0x0e, 0x9a, 0x4f,\n+\t\t\t0x51, 0x33, 0x0d, 0x0e, 0xec, 0x41, 0x66, 0x42,\n+\t\t\t0xcf, 0xbb, 0x85, 0xa5, 0xb4, 0x7e, 0x48, 0xa4,\n+\t\t\t0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd4,\n+\t\t\t0x29, 0xc7, 0x37, 0x57, 0x9f, 0xf1, 0x9e, 0x58,\n+\t\t\t0xcf, 0xfc, 0x60, 0x7a, 0x3b, 0xce, 0x89, 0x94,\n+\n+\t\t},\n+\t\t.len = 116,\n+\t},\n+\t.salt = {\n+\t\t.data = {\n+\t\t\t0xca, 0xfe, 0xba, 0xbe\n+\t\t},\n+\t\t.len = 4,\n+\t},\n+\n+\t.iv = {\n+\t\t.data = {\n+\t\t\t0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88\n+\t\t},\n+\t},\n+\n+\t.ipsec_xform = {\n+\t\t.spi = 0xa5f8,\n+\t\t.options.esn = 0,\n+\t\t.options.udp_encap = 0,\n+\t\t.options.copy_dscp = 0,\n+\t\t.options.copy_flabel = 0,\n+\t\t.options.copy_df = 0,\n+\t\t.options.dec_ttl = 0,\n+\t\t.options.ecn = 0,\n+\t\t.options.stats = 0,\n+\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,\n+\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,\n+\t\t.esn_soft_limit = 0,\n+\t\t.replay_win_sz = 0,\n+\t},\n+\n+\t.aead = true,\n+\n+\t.xform = {\n+\t\t.aead = {\n+\t\t\t.next = NULL,\n+\t\t\t.type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t.aead = {\n+\t\t\t\t.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,\n+\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\n+\t\t\t\t.key.length = 16,\n+\t\t\t\t.iv.length = 12,\n+\t\t\t\t.iv.offset = IV_OFFSET,\n+\t\t\t\t.digest_length = 16,\n+\t\t\t\t.aad_length = 12,\n+\t\t\t},\n+\t\t},\n+\t},\n+};\n+\n+struct ipsec_test_data pkt_aes_192_gcm = {\n+\t.key = {\n+\t\t.data = {\n+\t\t\t0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,\n+\t\t\t0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,\n+\t\t\t0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c\n+\t\t},\n+\t},\n+\t.input_text = {\n+\t\t.data = {\n+\t\t\t/* IP */\n+\t\t\t0x45, 0x00, 0x00, 0x28, 0xa4, 0xad, 0x40, 0x00,\n+\t\t\t0x40, 0x06, 0x78, 0x80, 0x0a, 0x01, 0x03, 0x8f,\n+\t\t\t0x0a, 0x01, 0x06, 0x12,\n+\n+\t\t\t/* TCP */\n+\t\t\t0x80, 0x23, 0x06, 0xb8, 0xcb, 0x71, 0x26, 0x02,\n+\t\t\t0xdd, 0x6b, 0xb0, 0x3e, 0x50, 0x10, 0x16, 0xd0,\n+\t\t\t0x75, 0x67, 0x00, 0x01\n+\t\t},\n+\t\t.len = 40,\n+\t},\n+\t.output_text = {\n+\t\t.data = {\n+\t\t\t/* IP - outer header */\n+\t\t\t0x45, 0x00, 0x00, 0x60, 0x69, 0x8f, 0x00, 0x00,\n+\t\t\t0x80, 0x32, 0x4d, 0x89, 0xc0, 0xa8, 0x01, 0x02,\n+\t\t\t0xc0, 0xa8, 0x01, 0x01,\n+\n+\t\t\t/* ESP */\n+\t\t\t0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x01,\n+\n+\t\t\t/* IV */\n+\t\t\t0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88,\n+\n+\t\t\t/* Data */\n+\t\t\t0xa5, 0xb1, 0xf8, 0x06, 0x60, 0x29, 0xae, 0xa4,\n+\t\t\t0x0e, 0x59, 0x8b, 0x81, 0x22, 0xde, 0x02, 0x42,\n+\t\t\t0x09, 0x38, 0xb3, 0xab, 0x33, 0xf8, 0x28, 0xe6,\n+\t\t\t0x87, 0xb8, 0x85, 0x8b, 0x5b, 0xfb, 0xdb, 0xd0,\n+\t\t\t0x31, 0x5b, 0x27, 0x45, 0x21, 0x4b, 0xcc, 0x77,\n+\t\t\t0x82, 0xac, 0x91, 0x38, 0xf2, 0xbb, 0xbe, 0xe4,\n+\t\t\t0xcf, 0x03, 0x36, 0x89, 0xdd, 0x40, 0xd3, 0x6e,\n+\t\t\t0x54, 0x05, 0x22, 0x22,\n+\t\t},\n+\t\t.len = 96,\n+\t},\n+\t.salt = {\n+\t\t.data = {\n+\t\t\t0xca, 0xfe, 0xba, 0xbe\n+\t\t},\n+\t\t.len = 4,\n+\t},\n+\n+\t.iv = {\n+\t\t.data = {\n+\t\t\t0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88\n+\t\t},\n+\t},\n+\n+\t.ipsec_xform = {\n+\t\t.spi = 0xa5f8,\n+\t\t.options.esn = 0,\n+\t\t.options.udp_encap = 0,\n+\t\t.options.copy_dscp = 0,\n+\t\t.options.copy_flabel = 0,\n+\t\t.options.copy_df = 0,\n+\t\t.options.dec_ttl = 0,\n+\t\t.options.ecn = 0,\n+\t\t.options.stats = 0,\n+\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,\n+\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,\n+\t\t.esn_soft_limit = 0,\n+\t\t.replay_win_sz = 0,\n+\t},\n+\n+\t.aead = true,\n+\n+\t.xform = {\n+\t\t.aead = {\n+\t\t\t.next = NULL,\n+\t\t\t.type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t.aead = {\n+\t\t\t\t.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,\n+\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\n+\t\t\t\t.key.length = 24,\n+\t\t\t\t.iv.length = 12,\n+\t\t\t\t.iv.offset = IV_OFFSET,\n+\t\t\t\t.digest_length = 16,\n+\t\t\t\t.aad_length = 12,\n+\t\t\t},\n+\t\t},\n+\t},\n+};\n+\n+struct ipsec_test_data pkt_aes_256_gcm = {\n+\t.key = {\n+\t\t.data = {\n+\t\t\t0xab, 0xbc, 0xcd, 0xde, 0xf0, 0x01, 0x12, 0x23,\n+\t\t\t0x34, 0x45, 0x56, 0x67, 0x78, 0x89, 0x9a, 0xab,\n+\t\t\t0xab, 0xbc, 0xcd, 0xde, 0xf0, 0x01, 0x12, 0x23,\n+\t\t\t0x34, 0x45, 0x56, 0x67, 0x78, 0x89, 0x9a, 0xab,\n+\t\t},\n+\t},\n+\t.input_text = {\n+\t\t.data = {\n+\t\t\t/* IP */\n+\t\t\t0x45, 0x00, 0x00, 0x30, 0x69, 0xa6, 0x40, 0x00,\n+\t\t\t0x80, 0x06, 0x26, 0x90, 0xc0, 0xa8, 0x01, 0x02,\n+\t\t\t0x93, 0x89, 0x15, 0x5e,\n+\n+\t\t\t/* TCP */\n+\t\t\t0x0a, 0x9e, 0x00, 0x8b, 0x2d, 0xc5, 0x7e, 0xe0,\n+\t\t\t0x00, 0x00, 0x00, 0x00, 0x70, 0x02, 0x40, 0x00,\n+\t\t\t0x20, 0xbf, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,\n+\t\t\t0x01, 0x01, 0x04, 0x02,\n+\t\t},\n+\t\t.len = 48,\n+\t},\n+\t.output_text = {\n+\t\t.data = {\n+\t\t\t/* IP - outer header */\n+\t\t\t0x45, 0x00, 0x00, 0x68, 0x69, 0x8f, 0x00, 0x00,\n+\t\t\t0x80, 0x32, 0x4d, 0x81, 0xc0, 0xa8, 0x01, 0x02,\n+\t\t\t0xc0, 0xa8, 0x01, 0x01,\n+\n+\t\t\t/* ESP */\n+\t\t\t0x4a, 0x2c, 0xbf, 0xe3, 0x00, 0x00, 0x00, 0x01,\n+\n+\t\t\t/* IV */\n+\t\t\t0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,\n+\n+\t\t\t/* Data */\n+\t\t\t0xff, 0x42, 0x5c, 0x9b, 0x72, 0x45, 0x99, 0xdf,\n+\t\t\t0x7a, 0x3b, 0xcd, 0x51, 0x01, 0x94, 0xe0, 0x0d,\n+\t\t\t0x6a, 0x78, 0x10, 0x7f, 0x1b, 0x0b, 0x1c, 0xbf,\n+\t\t\t0x06, 0xef, 0xae, 0x9d, 0x65, 0xa5, 0xd7, 0x63,\n+\t\t\t0x74, 0x8a, 0x63, 0x79, 0x85, 0x77, 0x1d, 0x34,\n+\t\t\t0x7f, 0x05, 0x45, 0x65, 0x9f, 0x14, 0xe9, 0x9d,\n+\t\t\t0xef, 0x84, 0x2d, 0x8b, 0x00, 0x14, 0x4a, 0x1f,\n+\t\t\t0xec, 0x6a, 0xdf, 0x0c, 0x9a, 0x92, 0x7f, 0xee,\n+\t\t\t0xa6, 0xc5, 0x11, 0x60,\n+\t\t},\n+\t\t.len = 104,\n+\t},\n+\t.salt = {\n+\t\t.data = {\n+\t\t\t0x11, 0x22, 0x33, 0x44\n+\t\t},\n+\t\t.len = 4,\n+\t},\n+\n+\t.iv = {\n+\t\t.data = {\n+\t\t\t0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08\n+\t\t},\n+\t},\n+\n+\t.ipsec_xform = {\n+\t\t.spi = 0x4a2cbfe3,\n+\t\t.options.esn = 0,\n+\t\t.options.udp_encap = 0,\n+\t\t.options.copy_dscp = 0,\n+\t\t.options.copy_flabel = 0,\n+\t\t.options.copy_df = 0,\n+\t\t.options.dec_ttl = 0,\n+\t\t.options.ecn = 0,\n+\t\t.options.stats = 0,\n+\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,\n+\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,\n+\t\t.esn_soft_limit = 0,\n+\t\t.replay_win_sz = 0,\n+\t},\n+\n+\t.aead = true,\n+\n+\t.xform = {\n+\t\t.aead = {\n+\t\t\t.next = NULL,\n+\t\t\t.type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t.aead = {\n+\t\t\t\t.op = RTE_CRYPTO_AEAD_OP_ENCRYPT,\n+\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\n+\t\t\t\t.key.length = 32,\n+\t\t\t\t.iv.length = 12,\n+\t\t\t\t.iv.offset = IV_OFFSET,\n+\t\t\t\t.digest_length = 16,\n+\t\t\t\t.aad_length = 12,\n+\t\t\t},\n+\t\t},\n+\t},\n+};\n+\n+#endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */\n", "prefixes": [ "21.11", "1/3" ] }