@@ -128,6 +128,7 @@ test_sources = files(
'test_rwlock.c',
'test_sched.c',
'test_security.c',
+ 'test_security_inline_macsec.c',
'test_security_inline_proto.c',
'test_seqlock.c',
'test_service_cores.c',
new file mode 100644
@@ -0,0 +1,1108 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+
+#include <stdio.h>
+#include <inttypes.h>
+
+#include <rte_ethdev.h>
+#include <rte_malloc.h>
+#include <rte_security.h>
+
+#include "test.h"
+#include "test_security_inline_macsec_vectors.h"
+
+#ifdef RTE_EXEC_ENV_WINDOWS
+static int
+test_inline_macsec(void)
+{
+ printf("Inline MACsec not supported on Windows, skipping test\n");
+ return TEST_SKIPPED;
+}
+
+#else
+
+#define NB_ETHPORTS_USED 1
+#define MEMPOOL_CACHE_SIZE 32
+#define RTE_TEST_RX_DESC_DEFAULT 1024
+#define RTE_TEST_TX_DESC_DEFAULT 1024
+#define RTE_PORT_ALL (~(uint16_t)0x0)
+
+#define RX_PTHRESH 8 /**< Default values of RX prefetch threshold reg. */
+#define RX_HTHRESH 8 /**< Default values of RX host threshold reg. */
+#define RX_WTHRESH 0 /**< Default values of RX write-back threshold reg. */
+
+#define TX_PTHRESH 32 /**< Default values of TX prefetch threshold reg. */
+#define TX_HTHRESH 0 /**< Default values of TX host threshold reg. */
+#define TX_WTHRESH 0 /**< Default values of TX write-back threshold reg. */
+
+#define MAX_TRAFFIC_BURST 2048
+#define NB_MBUF 10240
+
+#define MCS_INVALID_SA 0xFFFF
+#define MCS_DEFAULT_PN_THRESHOLD 0xFFFFF
+
+static struct rte_mempool *mbufpool;
+static struct rte_mempool *sess_pool;
+/* ethernet addresses of ports */
+static struct rte_ether_addr ports_eth_addr[RTE_MAX_ETHPORTS];
+
+struct mcs_test_opts {
+ int val_frames;
+ int nb_td;
+ uint16_t mtu;
+ uint8_t sa_in_use;
+ bool encrypt;
+ bool protect_frames;
+ uint8_t sectag_insert_mode;
+ uint8_t nb_vlan;
+ uint32_t replay_win_sz;
+ uint8_t replay_protect;
+ uint8_t rekey_en;
+ const struct mcs_test_vector *rekey_td;
+ bool dump_all_stats;
+ uint8_t check_untagged_rx;
+ uint8_t check_bad_tag_cnt;
+ uint8_t check_sa_not_in_use;
+ uint8_t check_decap_stats;
+ uint8_t check_verify_only_stats;
+ uint8_t check_pkts_invalid_stats;
+ uint8_t check_pkts_unchecked_stats;
+ uint8_t check_out_pkts_untagged;
+ uint8_t check_out_pkts_toolong;
+ uint8_t check_encap_stats;
+ uint8_t check_auth_only_stats;
+ uint8_t check_sectag_interrupts;
+};
+
+static struct rte_eth_conf port_conf = {
+ .rxmode = {
+ .mq_mode = RTE_ETH_MQ_RX_NONE,
+ .offloads = RTE_ETH_RX_OFFLOAD_CHECKSUM |
+ RTE_ETH_RX_OFFLOAD_MACSEC_STRIP,
+ },
+ .txmode = {
+ .mq_mode = RTE_ETH_MQ_TX_NONE,
+ .offloads = RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE |
+ RTE_ETH_TX_OFFLOAD_MACSEC_INSERT,
+ },
+ .lpbk_mode = 1, /* enable loopback */
+};
+
+static struct rte_eth_rxconf rx_conf = {
+ .rx_thresh = {
+ .pthresh = RX_PTHRESH,
+ .hthresh = RX_HTHRESH,
+ .wthresh = RX_WTHRESH,
+ },
+ .rx_free_thresh = 32,
+};
+
+static struct rte_eth_txconf tx_conf = {
+ .tx_thresh = {
+ .pthresh = TX_PTHRESH,
+ .hthresh = TX_HTHRESH,
+ .wthresh = TX_WTHRESH,
+ },
+ .tx_free_thresh = 32, /* Use PMD default values */
+ .tx_rs_thresh = 32, /* Use PMD default values */
+};
+
+static uint16_t port_id;
+
+static uint64_t link_mbps;
+
+static struct rte_flow *default_tx_flow[RTE_MAX_ETHPORTS];
+static struct rte_flow *default_rx_flow[RTE_MAX_ETHPORTS];
+
+static struct rte_mbuf **tx_pkts_burst;
+static struct rte_mbuf **rx_pkts_burst;
+
+static inline struct rte_mbuf *
+init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len)
+{
+ struct rte_mbuf *pkt;
+
+ pkt = rte_pktmbuf_alloc(mp);
+ if (pkt == NULL)
+ return NULL;
+
+ rte_memcpy(rte_pktmbuf_append(pkt, len), data, len);
+
+ return pkt;
+}
+
+static int
+init_mempools(unsigned int nb_mbuf)
+{
+ struct rte_security_ctx *sec_ctx;
+ uint16_t nb_sess = 512;
+ uint32_t sess_sz;
+ char s[64];
+
+ if (mbufpool == NULL) {
+ snprintf(s, sizeof(s), "mbuf_pool");
+ mbufpool = rte_pktmbuf_pool_create(s, nb_mbuf,
+ MEMPOOL_CACHE_SIZE, 0,
+ RTE_MBUF_DEFAULT_BUF_SIZE, SOCKET_ID_ANY);
+ if (mbufpool == NULL) {
+ printf("Cannot init mbuf pool\n");
+ return TEST_FAILED;
+ }
+ printf("Allocated mbuf pool\n");
+ }
+
+ sec_ctx = rte_eth_dev_get_sec_ctx(port_id);
+ if (sec_ctx == NULL) {
+ printf("Device does not support Security ctx\n");
+ return TEST_SKIPPED;
+ }
+ sess_sz = rte_security_session_get_size(sec_ctx);
+ if (sess_pool == NULL) {
+ snprintf(s, sizeof(s), "sess_pool");
+ sess_pool = rte_mempool_create(s, nb_sess, sess_sz,
+ MEMPOOL_CACHE_SIZE, 0,
+ NULL, NULL, NULL, NULL,
+ SOCKET_ID_ANY, 0);
+ if (sess_pool == NULL) {
+ printf("Cannot init sess pool\n");
+ return TEST_FAILED;
+ }
+ printf("Allocated sess pool\n");
+ }
+
+ return 0;
+}
+
+static void
+fill_macsec_sa_conf(const struct mcs_test_vector *td, struct rte_security_macsec_sa *sa,
+ enum rte_security_macsec_direction dir, uint8_t an, uint8_t tci_off)
+{
+ sa->dir = dir;
+
+ sa->key.data = td->sa_key.data;
+ sa->key.length = td->sa_key.len;
+
+ memcpy((uint8_t *)sa->salt, (const uint8_t *)td->salt, RTE_SECURITY_MACSEC_SALT_LEN);
+
+ /* AN is set as per the value in secure packet in test vector */
+ sa->an = an & RTE_MACSEC_AN_MASK;
+
+ sa->ssci = td->ssci;
+ sa->xpn = td->xpn;
+ /* Starting packet number which is expected to come next.
+ * It is take from the test vector so that we can match the out packet.
+ */
+ sa->next_pn = *(const uint32_t *)(&td->secure_pkt.data[tci_off + 2]);
+}
+
+static void
+fill_macsec_sc_conf(const struct mcs_test_vector *td,
+ struct rte_security_macsec_sc *sc_conf,
+ const struct mcs_test_opts *opts,
+ enum rte_security_macsec_direction dir,
+ uint16_t sa_id[], uint8_t tci_off)
+{
+ uint8_t i;
+
+ sc_conf->dir = dir;
+ if (dir == RTE_SECURITY_MACSEC_DIR_TX) {
+ sc_conf->sc_tx.sa_id = sa_id[0];
+ if (sa_id[1] != MCS_INVALID_SA) {
+ sc_conf->sc_tx.sa_id_rekey = sa_id[1];
+ sc_conf->sc_tx.re_key_en = 1;
+ }
+ sc_conf->sc_tx.active = 1;
+ /* is SCI valid */
+ if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) {
+ memcpy(&sc_conf->sc_tx.sci, &td->secure_pkt.data[tci_off + 6],
+ sizeof(sc_conf->sc_tx.sci));
+ sc_conf->sc_tx.sci = rte_be_to_cpu_64(sc_conf->sc_tx.sci);
+ } else if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) {
+ /* sci = source_mac + port_id when ES.bit = 1 & SC.bit = 0 */
+ const uint8_t *smac = td->plain_pkt.data + RTE_ETHER_ADDR_LEN;
+ uint8_t *ptr = (uint8_t *)&sc_conf->sc_tx.sci;
+
+ ptr[0] = 0x01;
+ ptr[1] = 0;
+ for (i = 0; i < RTE_ETHER_ADDR_LEN; i++)
+ ptr[2 + i] = smac[RTE_ETHER_ADDR_LEN - 1 - i];
+ } else {
+ /* use some default SCI */
+ sc_conf->sc_tx.sci = 0xf1341e023a2b1c5d;
+ }
+ } else {
+ for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) {
+ sc_conf->sc_rx.sa_id[i] = sa_id[i];
+ sc_conf->sc_rx.sa_in_use[i] = opts->sa_in_use;
+ }
+ sc_conf->sc_rx.active = 1;
+ }
+}
+
+
+/* Create Inline MACsec session */
+static int
+fill_session_conf(const struct mcs_test_vector *td, uint16_t portid __rte_unused,
+ const struct mcs_test_opts *opts,
+ struct rte_security_session_conf *sess_conf,
+ enum rte_security_macsec_direction dir,
+ uint16_t sc_id,
+ uint8_t tci_off)
+{
+ sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
+ sess_conf->protocol = RTE_SECURITY_PROTOCOL_MACSEC;
+ sess_conf->macsec.dir = dir;
+ sess_conf->macsec.alg = td->alg;
+ sess_conf->macsec.cipher_off = 0;
+ if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) {
+ sess_conf->macsec.sci = rte_be_to_cpu_64(*(const uint64_t *)
+ (&td->secure_pkt.data[tci_off + 6]));
+ } else if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) {
+ /* sci = source_mac + port_id when ES.bit = 1 & SC.bit = 0 */
+ const uint8_t *smac = td->plain_pkt.data + RTE_ETHER_ADDR_LEN;
+ uint8_t *ptr = (uint8_t *)&sess_conf->macsec.sci;
+ uint8_t j;
+
+ ptr[0] = 0x01;
+ ptr[1] = 0;
+ for (j = 0; j < RTE_ETHER_ADDR_LEN; j++)
+ ptr[2 + j] = smac[RTE_ETHER_ADDR_LEN - 1 - j];
+ }
+ sess_conf->macsec.sc_id = sc_id;
+ if (dir == RTE_SECURITY_MACSEC_DIR_TX) {
+ sess_conf->macsec.tx_secy.mtu = opts->mtu;
+ sess_conf->macsec.tx_secy.sectag_off = (opts->sectag_insert_mode == 1) ?
+ 2 * RTE_ETHER_ADDR_LEN :
+ RTE_VLAN_HLEN;
+ sess_conf->macsec.tx_secy.sectag_insert_mode = opts->sectag_insert_mode;
+ sess_conf->macsec.tx_secy.ctrl_port_enable = 1;
+ sess_conf->macsec.tx_secy.sectag_version = 0;
+ sess_conf->macsec.tx_secy.end_station =
+ (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) >> 6;
+ sess_conf->macsec.tx_secy.send_sci =
+ (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) >> 5;
+ sess_conf->macsec.tx_secy.scb =
+ (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SCB) >> 4;
+ sess_conf->macsec.tx_secy.encrypt = opts->encrypt;
+ sess_conf->macsec.tx_secy.protect_frames = opts->protect_frames;
+ sess_conf->macsec.tx_secy.icv_include_da_sa = 1;
+ } else {
+ sess_conf->macsec.rx_secy.replay_win_sz = opts->replay_win_sz;
+ sess_conf->macsec.rx_secy.replay_protect = opts->replay_protect;
+ sess_conf->macsec.rx_secy.icv_include_da_sa = 1;
+ sess_conf->macsec.rx_secy.ctrl_port_enable = 1;
+ sess_conf->macsec.rx_secy.preserve_sectag = 0;
+ sess_conf->macsec.rx_secy.preserve_icv = 0;
+ sess_conf->macsec.rx_secy.validate_frames = opts->val_frames;
+ }
+
+ return 0;
+}
+
+static int
+create_default_flow(const struct mcs_test_vector *td, uint16_t portid,
+ enum rte_security_macsec_direction dir, void *sess)
+{
+ struct rte_flow_action action[2];
+ struct rte_flow_item pattern[2];
+ struct rte_flow_attr attr = {0};
+ struct rte_flow_error err;
+ struct rte_flow *flow;
+ struct rte_flow_item_eth eth = { .hdr.ether_type = 0, };
+ static const struct rte_flow_item_eth eth_mask = {
+ .hdr.dst_addr.addr_bytes = "\x00\x00\x00\x00\x00\x00",
+ .hdr.src_addr.addr_bytes = "\x00\x00\x00\x00\x00\x00",
+ .hdr.ether_type = RTE_BE16(0x0000),
+ };
+
+ int ret;
+
+ eth.has_vlan = 0;
+ if (dir == RTE_SECURITY_MACSEC_DIR_TX)
+ memcpy(ð.hdr, td->plain_pkt.data, RTE_ETHER_HDR_LEN);
+ else
+ memcpy(ð.hdr, td->secure_pkt.data, RTE_ETHER_HDR_LEN);
+
+ pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;
+ pattern[0].spec = ð
+ pattern[0].mask = ð_mask;
+ pattern[0].last = NULL;
+ pattern[1].type = RTE_FLOW_ITEM_TYPE_END;
+
+ action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
+ action[0].conf = sess;
+ action[1].type = RTE_FLOW_ACTION_TYPE_END;
+ action[1].conf = NULL;
+
+ attr.ingress = (dir == RTE_SECURITY_MACSEC_DIR_RX) ? 1 : 0;
+ attr.egress = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? 1 : 0;
+
+ ret = rte_flow_validate(portid, &attr, pattern, action, &err);
+ if (ret) {
+ printf("\nValidate flow failed, ret = %d\n", ret);
+ return -1;
+ }
+ flow = rte_flow_create(portid, &attr, pattern, action, &err);
+ if (flow == NULL) {
+ printf("\nDefault flow rule create failed\n");
+ return -1;
+ }
+
+ if (dir == RTE_SECURITY_MACSEC_DIR_TX)
+ default_tx_flow[portid] = flow;
+ else
+ default_rx_flow[portid] = flow;
+
+ return 0;
+}
+
+static void
+destroy_default_flow(uint16_t portid)
+{
+ struct rte_flow_error err;
+ int ret;
+
+ if (default_tx_flow[portid]) {
+ ret = rte_flow_destroy(portid, default_tx_flow[portid], &err);
+ if (ret) {
+ printf("\nDefault Tx flow rule destroy failed\n");
+ return;
+ }
+ default_tx_flow[portid] = NULL;
+ }
+ if (default_rx_flow[portid]) {
+ ret = rte_flow_destroy(portid, default_rx_flow[portid], &err);
+ if (ret) {
+ printf("\nDefault Rx flow rule destroy failed\n");
+ return;
+ }
+ default_rx_flow[portid] = NULL;
+ }
+}
+
+static void
+print_ethaddr(const char *name, const struct rte_ether_addr *eth_addr)
+{
+ char buf[RTE_ETHER_ADDR_FMT_SIZE];
+ rte_ether_format_addr(buf, RTE_ETHER_ADDR_FMT_SIZE, eth_addr);
+ printf("%s%s", name, buf);
+}
+
+/* Check the link status of all ports in up to 3s, and print them finally */
+static void
+check_all_ports_link_status(uint16_t port_num, uint32_t port_mask)
+{
+#define CHECK_INTERVAL 100 /* 100ms */
+#define MAX_CHECK_TIME 30 /* 3s (30 * 100ms) in total */
+ uint16_t portid;
+ uint8_t count, all_ports_up, print_flag = 0;
+ struct rte_eth_link link;
+ int ret;
+ char link_status[RTE_ETH_LINK_MAX_STR_LEN];
+
+ printf("Checking link statuses...\n");
+ fflush(stdout);
+ for (count = 0; count <= MAX_CHECK_TIME; count++) {
+ all_ports_up = 1;
+ for (portid = 0; portid < port_num; portid++) {
+ if ((port_mask & (1 << portid)) == 0)
+ continue;
+ memset(&link, 0, sizeof(link));
+ ret = rte_eth_link_get_nowait(portid, &link);
+ if (ret < 0) {
+ all_ports_up = 0;
+ if (print_flag == 1)
+ printf("Port %u link get failed: %s\n",
+ portid, rte_strerror(-ret));
+ continue;
+ }
+
+ /* print link status if flag set */
+ if (print_flag == 1) {
+ if (link.link_status && link_mbps == 0)
+ link_mbps = link.link_speed;
+
+ rte_eth_link_to_str(link_status,
+ sizeof(link_status), &link);
+ printf("Port %d %s\n", portid, link_status);
+ continue;
+ }
+ /* clear all_ports_up flag if any link down */
+ if (link.link_status == RTE_ETH_LINK_DOWN) {
+ all_ports_up = 0;
+ break;
+ }
+ }
+ /* after finally printing all link status, get out */
+ if (print_flag == 1)
+ break;
+
+ if (all_ports_up == 0)
+ fflush(stdout);
+
+ /* set the print_flag if all ports up or timeout */
+ if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1))
+ print_flag = 1;
+ }
+}
+
+static int
+test_macsec_post_process(struct rte_mbuf *m, const struct mcs_test_vector *td,
+ enum mcs_op op, uint8_t check_out_pkts_untagged)
+{
+ const uint8_t *dptr;
+ uint16_t pkt_len;
+
+ if (op == MCS_DECAP || op == MCS_ENCAP_DECAP ||
+ op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY ||
+ check_out_pkts_untagged == 1) {
+ dptr = td->plain_pkt.data;
+ pkt_len = td->plain_pkt.len;
+ } else {
+ dptr = td->secure_pkt.data;
+ pkt_len = td->secure_pkt.len;
+ }
+
+ if (memcmp(rte_pktmbuf_mtod(m, uint8_t *), dptr, pkt_len)) {
+ printf("\nData comparison failed for td.");
+ rte_pktmbuf_dump(stdout, m, m->pkt_len);
+ rte_hexdump(stdout, "expected_data", dptr, pkt_len);
+ return TEST_FAILED;
+ }
+
+ return TEST_SUCCESS;
+}
+
+static void
+mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op,
+ void *rx_sess, void *tx_sess,
+ uint8_t rx_sc_id, uint8_t tx_sc_id,
+ uint16_t rx_sa_id[], uint16_t tx_sa_id[])
+{
+ struct rte_security_stats sess_stats = {0};
+ struct rte_security_macsec_secy_stats *secy_stat;
+ struct rte_security_macsec_sc_stats sc_stat = {0};
+ struct rte_security_macsec_sa_stats sa_stat = {0};
+ int i;
+
+ if (op == MCS_DECAP || op == MCS_ENCAP_DECAP ||
+ op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) {
+ printf("\n********* RX SECY STATS ************\n");
+ rte_security_session_stats_get(ctx, rx_sess, &sess_stats);
+ secy_stat = &sess_stats.macsec;
+
+ if (secy_stat->ctl_pkt_bcast_cnt)
+ printf("RX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->ctl_pkt_bcast_cnt);
+ if (secy_stat->ctl_pkt_mcast_cnt)
+ printf("RX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->ctl_pkt_mcast_cnt);
+ if (secy_stat->ctl_pkt_ucast_cnt)
+ printf("RX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->ctl_pkt_ucast_cnt);
+ if (secy_stat->ctl_octet_cnt)
+ printf("RX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt);
+ if (secy_stat->unctl_pkt_bcast_cnt)
+ printf("RX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->unctl_pkt_bcast_cnt);
+ if (secy_stat->unctl_pkt_mcast_cnt)
+ printf("RX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->unctl_pkt_mcast_cnt);
+ if (secy_stat->unctl_pkt_ucast_cnt)
+ printf("RX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->unctl_pkt_ucast_cnt);
+ if (secy_stat->unctl_octet_cnt)
+ printf("RX: unctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->unctl_octet_cnt);
+ /* Valid only for RX */
+ if (secy_stat->octet_decrypted_cnt)
+ printf("RX: octet_decrypted_cnt: 0x%" PRIx64 "\n",
+ secy_stat->octet_decrypted_cnt);
+ if (secy_stat->octet_validated_cnt)
+ printf("RX: octet_validated_cnt: 0x%" PRIx64 "\n",
+ secy_stat->octet_validated_cnt);
+ if (secy_stat->pkt_port_disabled_cnt)
+ printf("RX: pkt_port_disabled_cnt: 0x%" PRIx64 "\n",
+ secy_stat->pkt_port_disabled_cnt);
+ if (secy_stat->pkt_badtag_cnt)
+ printf("RX: pkt_badtag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_badtag_cnt);
+ if (secy_stat->pkt_nosa_cnt)
+ printf("RX: pkt_nosa_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_nosa_cnt);
+ if (secy_stat->pkt_nosaerror_cnt)
+ printf("RX: pkt_nosaerror_cnt: 0x%" PRIx64 "\n",
+ secy_stat->pkt_nosaerror_cnt);
+ if (secy_stat->pkt_tagged_ctl_cnt)
+ printf("RX: pkt_tagged_ctl_cnt: 0x%" PRIx64 "\n",
+ secy_stat->pkt_tagged_ctl_cnt);
+ if (secy_stat->pkt_untaged_cnt)
+ printf("RX: pkt_untaged_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_untaged_cnt);
+ if (secy_stat->pkt_ctl_cnt)
+ printf("RX: pkt_ctl_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_ctl_cnt);
+ if (secy_stat->pkt_notag_cnt)
+ printf("RX: pkt_notag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_notag_cnt);
+ printf("\n");
+ printf("\n********** RX SC[%u] STATS **************\n", rx_sc_id);
+
+ rte_security_macsec_sc_stats_get(ctx, rx_sc_id, RTE_SECURITY_MACSEC_DIR_RX,
+ &sc_stat);
+ /* RX */
+ if (sc_stat.hit_cnt)
+ printf("RX hit_cnt: 0x%" PRIx64 "\n", sc_stat.hit_cnt);
+ if (sc_stat.pkt_invalid_cnt)
+ printf("RX pkt_invalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_invalid_cnt);
+ if (sc_stat.pkt_late_cnt)
+ printf("RX pkt_late_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_late_cnt);
+ if (sc_stat.pkt_notvalid_cnt)
+ printf("RX pkt_notvalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_notvalid_cnt);
+ if (sc_stat.pkt_unchecked_cnt)
+ printf("RX pkt_unchecked_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_unchecked_cnt);
+ if (sc_stat.pkt_delay_cnt)
+ printf("RX pkt_delay_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_delay_cnt);
+ if (sc_stat.pkt_ok_cnt)
+ printf("RX pkt_ok_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_ok_cnt);
+ if (sc_stat.octet_decrypt_cnt)
+ printf("RX octet_decrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_decrypt_cnt);
+ if (sc_stat.octet_validate_cnt)
+ printf("RX octet_validate_cnt: 0x%" PRIx64 "\n",
+ sc_stat.octet_validate_cnt);
+ printf("\n");
+ for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) {
+ printf("\n********** RX SA[%u] STATS ****************\n", rx_sa_id[i]);
+ memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats));
+ rte_security_macsec_sa_stats_get(ctx, rx_sa_id[i],
+ RTE_SECURITY_MACSEC_DIR_RX, &sa_stat);
+
+ /* RX */
+ if (sa_stat.pkt_invalid_cnt)
+ printf("RX pkt_invalid_cnt: 0x%" PRIx64 "\n",
+ sa_stat.pkt_invalid_cnt);
+ if (sa_stat.pkt_nosaerror_cnt)
+ printf("RX pkt_nosaerror_cnt: 0x%" PRIx64 "\n",
+ sa_stat.pkt_nosaerror_cnt);
+ if (sa_stat.pkt_notvalid_cnt)
+ printf("RX pkt_notvalid_cnt: 0x%" PRIx64 "\n",
+ sa_stat.pkt_notvalid_cnt);
+ if (sa_stat.pkt_ok_cnt)
+ printf("RX pkt_ok_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_ok_cnt);
+ if (sa_stat.pkt_nosa_cnt)
+ printf("RX pkt_nosa_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_nosa_cnt);
+ printf("\n");
+ }
+ }
+
+ if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
+ op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) {
+ memset(&sess_stats, 0, sizeof(struct rte_security_stats));
+ rte_security_session_stats_get(ctx, tx_sess, &sess_stats);
+ secy_stat = &sess_stats.macsec;
+
+ printf("\n********* TX SECY STATS ************\n");
+ if (secy_stat->ctl_pkt_bcast_cnt)
+ printf("TX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->ctl_pkt_bcast_cnt);
+ if (secy_stat->ctl_pkt_mcast_cnt)
+ printf("TX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->ctl_pkt_mcast_cnt);
+ if (secy_stat->ctl_pkt_ucast_cnt)
+ printf("TX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->ctl_pkt_ucast_cnt);
+ if (secy_stat->ctl_octet_cnt)
+ printf("TX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt);
+ if (secy_stat->unctl_pkt_bcast_cnt)
+ printf("TX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->unctl_pkt_bcast_cnt);
+ if (secy_stat->unctl_pkt_mcast_cnt)
+ printf("TX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->unctl_pkt_mcast_cnt);
+ if (secy_stat->unctl_pkt_ucast_cnt)
+ printf("TX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
+ secy_stat->unctl_pkt_ucast_cnt);
+ if (secy_stat->unctl_octet_cnt)
+ printf("TX: unctl_octet_cnt: 0x%" PRIx64 "\n",
+ secy_stat->unctl_octet_cnt);
+ /* Valid only for TX */
+ if (secy_stat->octet_encrypted_cnt)
+ printf("TX: octet_encrypted_cnt: 0x%" PRIx64 "\n",
+ secy_stat->octet_encrypted_cnt);
+ if (secy_stat->octet_protected_cnt)
+ printf("TX: octet_protected_cnt: 0x%" PRIx64 "\n",
+ secy_stat->octet_protected_cnt);
+ if (secy_stat->pkt_noactivesa_cnt)
+ printf("TX: pkt_noactivesa_cnt: 0x%" PRIx64 "\n",
+ secy_stat->pkt_noactivesa_cnt);
+ if (secy_stat->pkt_toolong_cnt)
+ printf("TX: pkt_toolong_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_toolong_cnt);
+ if (secy_stat->pkt_untagged_cnt)
+ printf("TX: pkt_untagged_cnt: 0x%" PRIx64 "\n",
+ secy_stat->pkt_untagged_cnt);
+
+
+ memset(&sc_stat, 0, sizeof(struct rte_security_macsec_sc_stats));
+ rte_security_macsec_sc_stats_get(ctx, tx_sc_id, RTE_SECURITY_MACSEC_DIR_TX,
+ &sc_stat);
+ printf("\n********** TX SC[%u] STATS **************\n", tx_sc_id);
+ if (sc_stat.pkt_encrypt_cnt)
+ printf("TX pkt_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_encrypt_cnt);
+ if (sc_stat.pkt_protected_cnt)
+ printf("TX pkt_protected_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_protected_cnt);
+ if (sc_stat.octet_encrypt_cnt)
+ printf("TX octet_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_encrypt_cnt);
+
+ memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats));
+ rte_security_macsec_sa_stats_get(ctx, tx_sa_id[0],
+ RTE_SECURITY_MACSEC_DIR_TX, &sa_stat);
+ printf("\n********** TX SA[%u] STATS ****************\n", tx_sa_id[0]);
+ if (sa_stat.pkt_encrypt_cnt)
+ printf("TX pkt_encrypt_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_encrypt_cnt);
+ if (sa_stat.pkt_protected_cnt)
+ printf("TX pkt_protected_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_protected_cnt);
+ }
+}
+
+static int
+test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts)
+{
+ uint16_t rx_sa_id[MCS_MAX_FLOWS][RTE_SECURITY_MACSEC_NUM_AN] = {{0}};
+ uint16_t tx_sa_id[MCS_MAX_FLOWS][2] = {{0}};
+ uint16_t rx_sc_id[MCS_MAX_FLOWS] = {0};
+ uint16_t tx_sc_id[MCS_MAX_FLOWS] = {0};
+ void *rx_sess[MCS_MAX_FLOWS] = {0};
+ void *tx_sess[MCS_MAX_FLOWS] = {0};
+ struct rte_security_session_conf sess_conf = {0};
+ struct rte_security_macsec_sa sa_conf = {0};
+ struct rte_security_macsec_sc sc_conf = {0};
+ struct rte_security_ctx *ctx;
+ int nb_rx = 0, nb_sent;
+ int i, j = 0, ret, id, an = 0;
+ uint8_t tci_off;
+
+ memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td);
+
+ ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(port_id);
+ if (ctx == NULL) {
+ printf("Ethernet device doesn't support security features.\n");
+ return TEST_SKIPPED;
+ }
+
+ tci_off = (opts->sectag_insert_mode == 1) ? RTE_ETHER_HDR_LEN :
+ RTE_ETHER_HDR_LEN + (opts->nb_vlan * RTE_VLAN_HLEN);
+
+ for (i = 0, j = 0; i < opts->nb_td; i++) {
+ if (op == MCS_DECAP || op == MCS_VERIFY_ONLY)
+ tx_pkts_burst[j] = init_packet(mbufpool, td[i]->secure_pkt.data,
+ td[i]->secure_pkt.len);
+ else {
+ tx_pkts_burst[j] = init_packet(mbufpool, td[i]->plain_pkt.data,
+ td[i]->plain_pkt.len);
+
+ tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC;
+ }
+ if (tx_pkts_burst[j] == NULL) {
+ while (j--)
+ rte_pktmbuf_free(tx_pkts_burst[j]);
+ ret = TEST_FAILED;
+ goto out;
+ }
+ j++;
+
+ if (op == MCS_DECAP || op == MCS_ENCAP_DECAP ||
+ op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) {
+ for (an = 0; an < RTE_SECURITY_MACSEC_NUM_AN; an++) {
+ /* For simplicity, using same SA conf for all AN */
+ fill_macsec_sa_conf(td[i], &sa_conf,
+ RTE_SECURITY_MACSEC_DIR_RX, an, tci_off);
+ id = rte_security_macsec_sa_create(ctx, &sa_conf);
+ if (id < 0) {
+ printf("MACsec SA create failed : %d.\n", id);
+ return TEST_FAILED;
+ }
+ rx_sa_id[i][an] = (uint16_t)id;
+ }
+ fill_macsec_sc_conf(td[i], &sc_conf, opts,
+ RTE_SECURITY_MACSEC_DIR_RX, rx_sa_id[i], tci_off);
+ id = rte_security_macsec_sc_create(ctx, &sc_conf);
+ if (id < 0) {
+ printf("MACsec SC create failed : %d.\n", id);
+ goto out;
+ }
+ rx_sc_id[i] = (uint16_t)id;
+
+ /* Create Inline IPsec session. */
+ ret = fill_session_conf(td[i], port_id, opts, &sess_conf,
+ RTE_SECURITY_MACSEC_DIR_RX, rx_sc_id[i], tci_off);
+ if (ret)
+ return TEST_FAILED;
+
+ rx_sess[i] = rte_security_session_create(ctx, &sess_conf,
+ sess_pool);
+ if (rx_sess[i] == NULL) {
+ printf("SEC Session init failed.\n");
+ return TEST_FAILED;
+ }
+ ret = create_default_flow(td[i], port_id,
+ RTE_SECURITY_MACSEC_DIR_RX, rx_sess[i]);
+ if (ret)
+ goto out;
+ }
+ if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
+ op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) {
+ int id;
+
+ fill_macsec_sa_conf(td[i], &sa_conf,
+ RTE_SECURITY_MACSEC_DIR_TX,
+ td[i]->secure_pkt.data[tci_off] & RTE_MACSEC_AN_MASK,
+ tci_off);
+ id = rte_security_macsec_sa_create(ctx, &sa_conf);
+ if (id < 0) {
+ printf("MACsec SA create failed : %d.\n", id);
+ return TEST_FAILED;
+ }
+ tx_sa_id[i][0] = (uint16_t)id;
+ tx_sa_id[i][1] = MCS_INVALID_SA;
+ fill_macsec_sc_conf(td[i], &sc_conf, opts,
+ RTE_SECURITY_MACSEC_DIR_TX, tx_sa_id[i], tci_off);
+ id = rte_security_macsec_sc_create(ctx, &sc_conf);
+ if (id < 0) {
+ printf("MACsec SC create failed : %d.\n", id);
+ goto out;
+ }
+ tx_sc_id[i] = (uint16_t)id;
+
+ /* Create Inline IPsec session. */
+ ret = fill_session_conf(td[i], port_id, opts, &sess_conf,
+ RTE_SECURITY_MACSEC_DIR_TX, tx_sc_id[i], tci_off);
+ if (ret)
+ return TEST_FAILED;
+
+ tx_sess[i] = rte_security_session_create(ctx, &sess_conf,
+ sess_pool);
+ if (tx_sess[i] == NULL) {
+ printf("SEC Session init failed.\n");
+ return TEST_FAILED;
+ }
+ ret = create_default_flow(td[i], port_id,
+ RTE_SECURITY_MACSEC_DIR_TX, tx_sess[i]);
+ if (ret)
+ goto out;
+ }
+ }
+
+ /* Send packet to ethdev for inline MACsec processing. */
+ nb_sent = rte_eth_tx_burst(port_id, 0, tx_pkts_burst, j);
+
+ if (nb_sent != j) {
+ printf("\nUnable to TX %d packets, sent: %i", j, nb_sent);
+ for ( ; nb_sent < j; nb_sent++)
+ rte_pktmbuf_free(tx_pkts_burst[nb_sent]);
+ ret = TEST_FAILED;
+ goto out;
+ }
+
+ rte_pause();
+
+ /* Receive back packet on loopback interface. */
+ do {
+ nb_rx += rte_eth_rx_burst(port_id, 0,
+ &rx_pkts_burst[nb_rx],
+ nb_sent - nb_rx);
+ if (nb_rx >= nb_sent)
+ break;
+ rte_delay_ms(1);
+ } while (j++ < 5 && nb_rx == 0);
+
+ if (nb_rx != nb_sent) {
+ printf("\nUnable to RX all %d packets, received(%i)",
+ nb_sent, nb_rx);
+ while (--nb_rx >= 0)
+ rte_pktmbuf_free(rx_pkts_burst[nb_rx]);
+ ret = TEST_FAILED;
+ goto out;
+ }
+
+ for (i = 0; i < nb_rx; i++) {
+ ret = test_macsec_post_process(rx_pkts_burst[i], td[i], op,
+ opts->check_out_pkts_untagged);
+ if (ret != TEST_SUCCESS) {
+ for ( ; i < nb_rx; i++)
+ rte_pktmbuf_free(rx_pkts_burst[i]);
+ goto out;
+ }
+
+ rte_pktmbuf_free(rx_pkts_burst[i]);
+ rx_pkts_burst[i] = NULL;
+ }
+out:
+ for (i = 0; i < opts->nb_td; i++) {
+ if (opts->dump_all_stats) {
+ mcs_stats_dump(ctx, op,
+ rx_sess[i], tx_sess[i],
+ rx_sc_id[i], tx_sc_id[i],
+ rx_sa_id[i], tx_sa_id[i]);
+ }
+ }
+
+ destroy_default_flow(port_id);
+
+ /* Destroy session so that other cases can create the session again */
+ for (i = 0; i < opts->nb_td; i++) {
+ if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP ||
+ op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) {
+ rte_security_session_destroy(ctx, tx_sess[i]);
+ tx_sess[i] = NULL;
+ rte_security_macsec_sc_destroy(ctx, tx_sc_id[i],
+ RTE_SECURITY_MACSEC_DIR_TX);
+ rte_security_macsec_sa_destroy(ctx, tx_sa_id[i][0],
+ RTE_SECURITY_MACSEC_DIR_TX);
+ }
+ if (op == MCS_DECAP || op == MCS_ENCAP_DECAP ||
+ op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) {
+ rte_security_session_destroy(ctx, rx_sess[i]);
+ rx_sess[i] = NULL;
+ rte_security_macsec_sc_destroy(ctx, rx_sc_id[i],
+ RTE_SECURITY_MACSEC_DIR_RX);
+ for (j = 0; j < RTE_SECURITY_MACSEC_NUM_AN; j++) {
+ rte_security_macsec_sa_destroy(ctx, rx_sa_id[i][j],
+ RTE_SECURITY_MACSEC_DIR_RX);
+ }
+ }
+ }
+
+ return ret;
+}
+
+static int
+test_inline_macsec_encap_all(const void *data __rte_unused)
+{
+ const struct mcs_test_vector *cur_td;
+ struct mcs_test_opts opts = {0};
+ int err, all_err = 0;
+ int i, size;
+
+ opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+ opts.encrypt = true;
+ opts.protect_frames = true;
+ opts.sa_in_use = 1;
+ opts.nb_td = 1;
+ opts.sectag_insert_mode = 1;
+ opts.mtu = RTE_ETHER_MTU;
+
+ size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0]));
+ for (i = 0; i < size; i++) {
+ cur_td = &list_mcs_cipher_vectors[i];
+ err = test_macsec(&cur_td, MCS_ENCAP, &opts);
+ if (err) {
+ printf("\nCipher Auth Encryption case %d failed", cur_td->test_idx);
+ err = -1;
+ } else {
+ printf("\nCipher Auth Encryption case %d Passed", cur_td->test_idx);
+ err = 0;
+ }
+ all_err += err;
+ }
+ printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+
+ return all_err;
+}
+
+static int
+test_inline_macsec_decap_all(const void *data __rte_unused)
+{
+ const struct mcs_test_vector *cur_td;
+ struct mcs_test_opts opts = {0};
+ int err, all_err = 0;
+ int i, size;
+
+ opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+ opts.sa_in_use = 1;
+ opts.nb_td = 1;
+ opts.sectag_insert_mode = 1;
+ opts.mtu = RTE_ETHER_MTU;
+
+ size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0]));
+ for (i = 0; i < size; i++) {
+ cur_td = &list_mcs_cipher_vectors[i];
+ err = test_macsec(&cur_td, MCS_DECAP, &opts);
+ if (err) {
+ printf("\nCipher Auth Decryption case %d failed", cur_td->test_idx);
+ err = -1;
+ } else {
+ printf("\nCipher Auth Decryption case %d Passed", cur_td->test_idx);
+ err = 0;
+ }
+ all_err += err;
+ }
+ printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err);
+
+ return all_err;
+}
+
+static int
+ut_setup_inline_macsec(void)
+{
+ int ret;
+
+ /* Start device */
+ ret = rte_eth_dev_start(port_id);
+ if (ret < 0) {
+ printf("rte_eth_dev_start: err=%d, port=%d\n",
+ ret, port_id);
+ return ret;
+ }
+ /* always enable promiscuous */
+ ret = rte_eth_promiscuous_enable(port_id);
+ if (ret != 0) {
+ printf("rte_eth_promiscuous_enable: err=%s, port=%d\n",
+ rte_strerror(-ret), port_id);
+ return ret;
+ }
+
+ check_all_ports_link_status(1, RTE_PORT_ALL);
+
+ return 0;
+}
+
+static void
+ut_teardown_inline_macsec(void)
+{
+ uint16_t portid;
+ int ret;
+
+ /* port tear down */
+ RTE_ETH_FOREACH_DEV(portid) {
+ ret = rte_eth_dev_stop(portid);
+ if (ret != 0)
+ printf("rte_eth_dev_stop: err=%s, port=%u\n",
+ rte_strerror(-ret), portid);
+
+ }
+}
+
+static int
+inline_macsec_testsuite_setup(void)
+{
+ uint16_t nb_rxd;
+ uint16_t nb_txd;
+ uint16_t nb_ports;
+ int ret;
+ uint16_t nb_rx_queue = 1, nb_tx_queue = 1;
+
+ printf("Start inline MACsec test.\n");
+
+ nb_ports = rte_eth_dev_count_avail();
+ if (nb_ports < NB_ETHPORTS_USED) {
+ printf("At least %u port(s) used for test\n",
+ NB_ETHPORTS_USED);
+ return TEST_SKIPPED;
+ }
+
+ ret = init_mempools(NB_MBUF);
+ if (ret)
+ return ret;
+
+ if (tx_pkts_burst == NULL) {
+ tx_pkts_burst = (struct rte_mbuf **)rte_calloc("tx_buff",
+ MAX_TRAFFIC_BURST,
+ sizeof(void *),
+ RTE_CACHE_LINE_SIZE);
+ if (!tx_pkts_burst)
+ return TEST_FAILED;
+
+ rx_pkts_burst = (struct rte_mbuf **)rte_calloc("rx_buff",
+ MAX_TRAFFIC_BURST,
+ sizeof(void *),
+ RTE_CACHE_LINE_SIZE);
+ if (!rx_pkts_burst)
+ return TEST_FAILED;
+ }
+
+ printf("Generate %d packets\n", MAX_TRAFFIC_BURST);
+
+ nb_rxd = RTE_TEST_RX_DESC_DEFAULT;
+ nb_txd = RTE_TEST_TX_DESC_DEFAULT;
+
+ /* configuring port 0 for the test is enough */
+ port_id = 0;
+ /* port configure */
+ ret = rte_eth_dev_configure(port_id, nb_rx_queue,
+ nb_tx_queue, &port_conf);
+ if (ret < 0) {
+ printf("Cannot configure device: err=%d, port=%d\n",
+ ret, port_id);
+ return ret;
+ }
+ ret = rte_eth_macaddr_get(port_id, &ports_eth_addr[port_id]);
+ if (ret < 0) {
+ printf("Cannot get mac address: err=%d, port=%d\n",
+ ret, port_id);
+ return ret;
+ }
+ printf("Port %u ", port_id);
+ print_ethaddr("Address:", &ports_eth_addr[port_id]);
+ printf("\n");
+
+ /* tx queue setup */
+ ret = rte_eth_tx_queue_setup(port_id, 0, nb_txd,
+ SOCKET_ID_ANY, &tx_conf);
+ if (ret < 0) {
+ printf("rte_eth_tx_queue_setup: err=%d, port=%d\n",
+ ret, port_id);
+ return ret;
+ }
+ /* rx queue steup */
+ ret = rte_eth_rx_queue_setup(port_id, 0, nb_rxd, SOCKET_ID_ANY,
+ &rx_conf, mbufpool);
+ if (ret < 0) {
+ printf("rte_eth_rx_queue_setup: err=%d, port=%d\n",
+ ret, port_id);
+ return ret;
+ }
+
+ return 0;
+}
+
+static void
+inline_macsec_testsuite_teardown(void)
+{
+ uint16_t portid;
+ int ret;
+
+ /* port tear down */
+ RTE_ETH_FOREACH_DEV(portid) {
+ ret = rte_eth_dev_reset(portid);
+ if (ret != 0)
+ printf("rte_eth_dev_reset: err=%s, port=%u\n",
+ rte_strerror(-ret), port_id);
+ }
+ rte_free(tx_pkts_burst);
+ rte_free(rx_pkts_burst);
+}
+
+
+static struct unit_test_suite inline_macsec_testsuite = {
+ .suite_name = "Inline MACsec Ethernet Device Unit Test Suite",
+ .unit_test_cases = {
+ TEST_CASE_NAMED_ST(
+ "MACsec encap(Cipher+Auth) known vector",
+ ut_setup_inline_macsec, ut_teardown_inline_macsec,
+ test_inline_macsec_encap_all),
+ TEST_CASE_NAMED_ST(
+ "MACsec decap(De-cipher+verify) known vector",
+ ut_setup_inline_macsec, ut_teardown_inline_macsec,
+ test_inline_macsec_decap_all),
+
+ TEST_CASES_END() /**< NULL terminate unit test array */
+ },
+};
+
+static int
+test_inline_macsec(void)
+{
+ inline_macsec_testsuite.setup = inline_macsec_testsuite_setup;
+ inline_macsec_testsuite.teardown = inline_macsec_testsuite_teardown;
+ return unit_test_suite_runner(&inline_macsec_testsuite);
+}
+
+#endif /* !RTE_EXEC_ENV_WINDOWS */
+
+REGISTER_TEST_COMMAND(inline_macsec_autotest, test_inline_macsec);
new file mode 100644
@@ -0,0 +1,1086 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+#ifndef _TEST_INLINE_MACSEC_VECTORS_H_
+#define _TEST_INLINE_MACSEC_VECTORS_H_
+
+#define MCS_MAX_DATA_SZ 256
+#define MCS_MAX_KEY_LEN 32
+#define MCS_IV_LEN 12
+#define MCS_SALT_LEN 12
+#define MCS_MAX_FLOWS 63
+
+enum mcs_op {
+ MCS_NO_OP,
+ MCS_ENCAP,
+ MCS_DECAP,
+ MCS_ENCAP_DECAP,
+ MCS_AUTH_ONLY,
+ MCS_VERIFY_ONLY,
+ MCS_AUTH_VERIFY,
+};
+
+struct mcs_test_vector {
+ uint32_t test_idx;
+ enum rte_security_macsec_alg alg;
+ uint32_t ssci;
+ uint32_t xpn;
+ uint8_t salt[MCS_SALT_LEN];
+ struct {
+ uint8_t data[MCS_MAX_KEY_LEN];
+ uint16_t len;
+ } sa_key;
+ struct {
+ uint8_t data[MCS_MAX_DATA_SZ];
+ uint16_t len;
+ } plain_pkt;
+ struct {
+ uint8_t data[MCS_MAX_DATA_SZ];
+ uint16_t len;
+ } secure_pkt;
+};
+
+static const struct mcs_test_vector list_mcs_cipher_vectors[] = {
+/* gcm_128_64B_cipher */
+{
+ .test_idx = 0,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+ .ssci = 0x0,
+ .salt = {0},
+ .sa_key = {
+ .data = {
+ 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE,
+ 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82
+ },
+ .len = 16,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D,
+ /* MAC SA */
+ 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42,
+ 0x43, 0x44, 0x45, 0x46,
+ },
+ .len = 64,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D,
+ /* MAC SA */
+ 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x2C,
+ /* SL */
+ 0x0,
+ /* PN */
+ 0x0, 0x0, 0x0, 0x2,
+ /* SCI */
+ 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C,
+ /* Secure Data */
+ 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D,
+ 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD,
+ 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49,
+ 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D,
+ 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22,
+ 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9,
+ 0x99, 0xDB, 0xF1, 0xC8,
+ /* ICV */
+ 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB,
+ 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87,
+ },
+ .len = 96,
+ },
+},
+/* gcm_128_54B_cipher */
+{
+ .test_idx = 1,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+ .ssci = 0x0,
+ .xpn = 0,
+ .salt = {0},
+ .sa_key = {
+ .data = {
+ 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE,
+ 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82,
+ },
+ .len = 16,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D,
+ /* MAC SA */
+ 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x00, 0x04,
+ },
+ .len = 54,
+ },
+
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D,
+ /* MAC SA */
+ 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x4C,
+ /* SL */
+ 0x2A,
+ /* PN */
+ 0x76, 0xD4, 0x57, 0xED,
+ /* Secure Data */
+ 0x13, 0xB4, 0xC7, 0x2B, 0x38, 0x9D, 0xC5, 0x01,
+ 0x8E, 0x72, 0xA1, 0x71, 0xDD, 0x85, 0xA5, 0xD3,
+ 0x75, 0x22, 0x74, 0xD3, 0xA0, 0x19, 0xFB, 0xCA,
+ 0xED, 0x09, 0xA4, 0x25, 0xCD, 0x9B, 0x2E, 0x1C,
+ 0x9B, 0x72, 0xEE, 0xE7, 0xC9, 0xDE, 0x7D, 0x52,
+ 0xB3, 0xF3,
+ /* ICV */
+ 0xD6, 0xA5, 0x28, 0x4F, 0x4A, 0x6D, 0x3F, 0xE2,
+ 0x2A, 0x5D, 0x6C, 0x2B, 0x96, 0x04, 0x94, 0xC3,
+ },
+ .len = 78,
+ },
+},
+/* gcm_256_54B_cipher */
+{
+ .test_idx = 2,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_256,
+ .ssci = 0x0,
+ .xpn = 0,
+ .salt = {0},
+ .sa_key = {
+ .data = {
+ 0x69, 0x1D, 0x3E, 0xE9, 0x09, 0xD7, 0xF5, 0x41,
+ 0x67, 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x08,
+ 0x1F, 0x2B, 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB,
+ 0xAB, 0x80, 0xBD, 0x52, 0x95, 0xAE, 0x6B, 0xE7,
+ },
+ .len = 32,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D,
+ /* MAC SA */
+ 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x00, 0x04,
+ },
+ .len = 54,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D,
+ /* MAC SA */
+ 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x4C,
+ /* SL */
+ 0x2A,
+ /* PN */
+ 0x76, 0xD4, 0x57, 0xED,
+ /* Secure Data */
+ 0xC1, 0x62, 0x3F, 0x55, 0x73, 0x0C, 0x93, 0x53,
+ 0x30, 0x97, 0xAD, 0xDA, 0xD2, 0x56, 0x64, 0x96,
+ 0x61, 0x25, 0x35, 0x2B, 0x43, 0xAD, 0xAC, 0xBD,
+ 0x61, 0xC5, 0xEF, 0x3A, 0xC9, 0x0B, 0x5B, 0xEE,
+ 0x92, 0x9C, 0xE4, 0x63, 0x0E, 0xA7, 0x9F, 0x6C,
+ 0xE5, 0x19,
+ /* ICV */
+ 0x12, 0xAF, 0x39, 0xC2, 0xD1, 0xFD, 0xC2, 0x05,
+ 0x1F, 0x8B, 0x7B, 0x3C, 0x9D, 0x39, 0x7E, 0xF2,
+ },
+ .len = 78,
+ },
+},
+/* gcm_128_xpn_54B_cipher */
+{
+ .test_idx = 3,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128,
+ .ssci = 0x7A30C118,
+ .xpn = 0xB0DF459C, /* Most significant 32 bits */
+ .salt = {
+ 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE,
+ 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D,
+ },
+ .sa_key = {
+ .data = {
+ 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE,
+ 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82,
+ },
+ .len = 16,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D,
+ /* MAC SA */
+ 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x00, 0x04,
+ },
+ .len = 54,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D,
+ /* MAC SA */
+ 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x4C,
+ /* SL */
+ 0x2A,
+ /* PN */
+ 0x76, 0xD4, 0x57, 0xED,
+ /* Secure Data */
+ 0x9C, 0xA4, 0x69, 0x84, 0x43, 0x02, 0x03, 0xED,
+ 0x41, 0x6E, 0xBD, 0xC2, 0xFE, 0x26, 0x22, 0xBA,
+ 0x3E, 0x5E, 0xAB, 0x69, 0x61, 0xC3, 0x63, 0x83,
+ 0x00, 0x9E, 0x18, 0x7E, 0x9B, 0x0C, 0x88, 0x56,
+ 0x46, 0x53, 0xB9, 0xAB, 0xD2, 0x16, 0x44, 0x1C,
+ 0x6A, 0xB6,
+ /* ICV */
+ 0xF0, 0xA2, 0x32, 0xE9, 0xE4, 0x4C, 0x97, 0x8C,
+ 0xF7, 0xCD, 0x84, 0xD4, 0x34, 0x84, 0xD1, 0x01,
+ },
+ .len = 78,
+ },
+},
+/* gcm_256_xpn_54B_cipher */
+{
+ .test_idx = 4,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256,
+ .ssci = 0x7A30C118,
+ .xpn = 0xB0DF459C, /* Most significant 32 bits */
+ .salt = {
+ 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE,
+ 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D,
+ },
+ .sa_key = {
+ .data = {
+ 0x69, 0x1D, 0x3E, 0xE9, 0x09, 0xD7, 0xF5, 0x41,
+ 0x67, 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x08,
+ 0x1F, 0x2B, 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB,
+ 0xAB, 0x80, 0xBD, 0x52, 0x95, 0xAE, 0x6B, 0xE7,
+ },
+ .len = 32,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D,
+ /* MAC SA */
+ 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x00, 0x04,
+ },
+ .len = 54,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D,
+ /* MAC SA */
+ 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x4C,
+ /* SL */
+ 0x2A,
+ /* PN */
+ 0x76, 0xD4, 0x57, 0xED,
+ /* Secure Data */
+ 0x88, 0xD9, 0xF7, 0xD1, 0xF1, 0x57, 0x8E, 0xE3,
+ 0x4B, 0xA7, 0xB1, 0xAB, 0xC8, 0x98, 0x93, 0xEF,
+ 0x1D, 0x33, 0x98, 0xC9, 0xF1, 0xDD, 0x3E, 0x47,
+ 0xFB, 0xD8, 0x55, 0x3E, 0x0F, 0xF7, 0x86, 0xEF,
+ 0x56, 0x99, 0xEB, 0x01, 0xEA, 0x10, 0x42, 0x0D,
+ 0x0E, 0xBD,
+ /* ICV */
+ 0x39, 0xA0, 0xE2, 0x73, 0xC4, 0xC7, 0xF9, 0x5E,
+ 0xD8, 0x43, 0x20, 0x7D, 0x7A, 0x49, 0x7D, 0xFA,
+ },
+ .len = 78,
+ },
+},
+/* gcm_128_60B_cipher */
+{
+ .test_idx = 5,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+ .ssci = 0x0,
+ .xpn = 0x0, /* Most significant 32 bits */
+ .salt = {0},
+ .sa_key = {
+ .data = {
+ 0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A,
+ 0x6F, 0x62, 0x0F, 0xDC, 0xB5, 0x06, 0xB3, 0x45,
+ },
+ .len = 16,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63,
+ /* MAC SA */
+ 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02,
+ },
+ .len = 60,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63,
+ /* MAC SA */
+ 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x2E,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0xB2, 0xC2, 0x84, 0x65,
+ /* SCI */
+ 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81,
+ /* Secure Data */
+ 0x70, 0x1A, 0xFA, 0x1C, 0xC0, 0x39, 0xC0, 0xD7,
+ 0x65, 0x12, 0x8A, 0x66, 0x5D, 0xAB, 0x69, 0x24,
+ 0x38, 0x99, 0xBF, 0x73, 0x18, 0xCC, 0xDC, 0x81,
+ 0xC9, 0x93, 0x1D, 0xA1, 0x7F, 0xBE, 0x8E, 0xDD,
+ 0x7D, 0x17, 0xCB, 0x8B, 0x4C, 0x26, 0xFC, 0x81,
+ 0xE3, 0x28, 0x4F, 0x2B, 0x7F, 0xBA, 0x71, 0x3D,
+ /* ICV */
+ 0x4F, 0x8D, 0x55, 0xE7, 0xD3, 0xF0, 0x6F, 0xD5,
+ 0xA1, 0x3C, 0x0C, 0x29, 0xB9, 0xD5, 0xB8, 0x80,
+ },
+ .len = 92,
+ },
+},
+/* gcm_256_60B_cipher */
+{
+ .test_idx = 6,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_256,
+ .ssci = 0x0,
+ .xpn = 0x0, /* Most significant 32 bits */
+ .salt = {0},
+ .sa_key = {
+ .data = {
+ 0xE3, 0xC0, 0x8A, 0x8F, 0x06, 0xC6, 0xE3, 0xAD,
+ 0x95, 0xA7, 0x05, 0x57, 0xB2, 0x3F, 0x75, 0x48,
+ 0x3C, 0xE3, 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70,
+ 0x25, 0x66, 0x62, 0x04, 0xC6, 0x9C, 0x0B, 0x72,
+ },
+ .len = 32,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63,
+ /* MAC SA */
+ 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02,
+ },
+ .len = 60,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63,
+ /* MAC SA */
+ 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x2E,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0xB2, 0xC2, 0x84, 0x65,
+ /* SCI */
+ 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81,
+ /* Secure Data */
+ 0xE2, 0x00, 0x6E, 0xB4, 0x2F, 0x52, 0x77, 0x02,
+ 0x2D, 0x9B, 0x19, 0x92, 0x5B, 0xC4, 0x19, 0xD7,
+ 0xA5, 0x92, 0x66, 0x6C, 0x92, 0x5F, 0xE2, 0xEF,
+ 0x71, 0x8E, 0xB4, 0xE3, 0x08, 0xEF, 0xEA, 0xA7,
+ 0xC5, 0x27, 0x3B, 0x39, 0x41, 0x18, 0x86, 0x0A,
+ 0x5B, 0xE2, 0xA9, 0x7F, 0x56, 0xAB, 0x78, 0x36,
+ /* ICV */
+ 0x5C, 0xA5, 0x97, 0xCD, 0xBB, 0x3E, 0xDB, 0x8D,
+ 0x1A, 0x11, 0x51, 0xEA, 0x0A, 0xF7, 0xB4, 0x36,
+ },
+ .len = 92,
+ },
+},
+/* gcm_128_xpn_60B_cipher */
+{
+ .test_idx = 7,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128,
+ .ssci = 0x7A30C118,
+ .xpn = 0xB0DF459C, /* Most significant 32 bits */
+ .salt = {
+ 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE,
+ 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D,
+ },
+ .sa_key = {
+ .data = {
+ 0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A,
+ 0x6F, 0x62, 0x0F, 0xDC, 0xB5, 0x06, 0xB3, 0x45,
+ },
+ .len = 16,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63,
+ /* MAC SA */
+ 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02,
+ },
+ .len = 60,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63,
+ /* MAC SA */
+ 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x2E,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0xB2, 0xC2, 0x84, 0x65,
+ /* SCI */
+ 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81,
+ /* Secure Data */
+ 0x07, 0x12, 0xD9, 0x80, 0xCA, 0x50, 0xBB, 0xED,
+ 0x35, 0xA0, 0xFA, 0x56, 0x63, 0x38, 0x72, 0x9F,
+ 0xFA, 0x16, 0xD1, 0x9F, 0xFC, 0xF0, 0x7B, 0x3A,
+ 0x1E, 0x79, 0x19, 0xB3, 0x77, 0x6A, 0xAC, 0xEC,
+ 0x8A, 0x59, 0x37, 0x20, 0x8B, 0x48, 0x3A, 0x76,
+ 0x91, 0x98, 0x4D, 0x38, 0x07, 0x92, 0xE0, 0x7F,
+ /* ICV */
+ 0xC2, 0xC3, 0xC7, 0x9F, 0x26, 0x3F, 0xA6, 0xBF,
+ 0xF8, 0xE7, 0x58, 0x1E, 0x2C, 0xE4, 0x5A, 0xF8,
+ },
+ .len = 92,
+ },
+},
+/* gcm_256_xpn_60B_cipher */
+{
+ .test_idx = 8,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256,
+ .ssci = 0x7A30C118,
+ .xpn = 0xB0DF459C, /* Most significant 32 bits */
+ .salt = {
+ 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE,
+ 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D,
+ },
+ .sa_key = {
+ .data = {
+ 0xE3, 0xC0, 0x8A, 0x8F, 0x06, 0xC6, 0xE3, 0xAD,
+ 0x95, 0xA7, 0x05, 0x57, 0xB2, 0x3F, 0x75, 0x48,
+ 0x3C, 0xE3, 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70,
+ 0x25, 0x66, 0x62, 0x04, 0xC6, 0x9C, 0x0B, 0x72,
+ },
+ .len = 32,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63,
+ /* MAC SA */
+ 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02,
+ },
+ .len = 60,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63,
+ /* MAC SA */
+ 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x2E,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0xB2, 0xC2, 0x84, 0x65,
+ /* SCI */
+ 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81,
+ /* Secure Data */
+ 0x3E, 0xB0, 0x4A, 0x4B, 0xBF, 0x54, 0xC6, 0xEB,
+ 0x12, 0x22, 0xA9, 0xAE, 0xA0, 0x0C, 0x38, 0x68,
+ 0x7F, 0x6C, 0x35, 0x20, 0xD9, 0x76, 0xA3, 0xB6,
+ 0x94, 0x80, 0x06, 0x50, 0xCE, 0x65, 0x85, 0xE6,
+ 0x20, 0xA4, 0x19, 0x19, 0x17, 0xD2, 0xA6, 0x05,
+ 0xD8, 0x70, 0xC7, 0x8D, 0x27, 0x52, 0xCE, 0x49,
+ /* ICV */
+ 0x3B, 0x44, 0x2A, 0xC0, 0xC8, 0x16, 0xD7, 0xAB,
+ 0xD7, 0x0A, 0xD6, 0x5C, 0x25, 0xD4, 0x64, 0x13,
+ },
+ .len = 92,
+ },
+},
+/* gcm_128_61B_cipher */
+{
+ .test_idx = 9,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+ .ssci = 0x0,
+ .xpn = 0x0, /* Most significant 32 bits */
+ .salt = {0},
+ .sa_key = {
+ .data = {
+ 0x01, 0x3F, 0xE0, 0x0B, 0x5F, 0x11, 0xBE, 0x7F,
+ 0x86, 0x6D, 0x0C, 0xBB, 0xC5, 0x5A, 0x7A, 0x90,
+ },
+ .len = 16,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA,
+ /* MAC SA */
+ 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00,
+ 0x06,
+ },
+ .len = 61,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA,
+ /* MAC SA */
+ 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x2F,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0x89, 0x32, 0xD6, 0x12,
+ /* SCI */
+ 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6,
+ /* Secure Data */
+ 0x3A, 0x4D, 0xE6, 0xFA, 0x32, 0x19, 0x10, 0x14,
+ 0xDB, 0xB3, 0x03, 0xD9, 0x2E, 0xE3, 0xA9, 0xE8,
+ 0xA1, 0xB5, 0x99, 0xC1, 0x4D, 0x22, 0xFB, 0x08,
+ 0x00, 0x96, 0xE1, 0x38, 0x11, 0x81, 0x6A, 0x3C,
+ 0x9C, 0x9B, 0xCF, 0x7C, 0x1B, 0x9B, 0x96, 0xDA,
+ 0x80, 0x92, 0x04, 0xE2, 0x9D, 0x0E, 0x2A, 0x76,
+ 0x42,
+ /* ICV */
+ 0xBF, 0xD3, 0x10, 0xA4, 0x83, 0x7C, 0x81, 0x6C,
+ 0xCF, 0xA5, 0xAC, 0x23, 0xAB, 0x00, 0x39, 0x88,
+ },
+ .len = 93,
+ },
+},
+/* gcm_256_61B_cipher */
+{
+ .test_idx = 10,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_256,
+ .ssci = 0x0,
+ .xpn = 0x0, /* Most significant 32 bits */
+ .salt = {0},
+ .sa_key = {
+ .data = {
+ 0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1,
+ 0xC0, 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60,
+ 0x9A, 0xC1, 0xC8, 0x0F, 0xEE, 0x1B, 0x62, 0x44,
+ 0x97, 0xEF, 0x94, 0x2E, 0x2F, 0x79, 0xA8, 0x23,
+ },
+ .len = 32,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA,
+ /* MAC SA */
+ 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00,
+ 0x06,
+ },
+ .len = 61,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA,
+ /* MAC SA */
+ 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x2F,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0x89, 0x32, 0xD6, 0x12,
+ /* SCI */
+ 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6,
+ /* Secure Data */
+ 0x11, 0x02, 0x22, 0xFF, 0x80, 0x50, 0xCB, 0xEC,
+ 0xE6, 0x6A, 0x81, 0x3A, 0xD0, 0x9A, 0x73, 0xED,
+ 0x7A, 0x9A, 0x08, 0x9C, 0x10, 0x6B, 0x95, 0x93,
+ 0x89, 0x16, 0x8E, 0xD6, 0xE8, 0x69, 0x8E, 0xA9,
+ 0x02, 0xEB, 0x12, 0x77, 0xDB, 0xEC, 0x2E, 0x68,
+ 0xE4, 0x73, 0x15, 0x5A, 0x15, 0xA7, 0xDA, 0xEE,
+ 0xD4,
+ /* ICV */
+ 0xA1, 0x0F, 0x4E, 0x05, 0x13, 0x9C, 0x23, 0xDF,
+ 0x00, 0xB3, 0xAA, 0xDC, 0x71, 0xF0, 0x59, 0x6A,
+ },
+ .len = 93,
+ },
+},
+/* gcm_128_xpn_61B_cipher */
+{
+ .test_idx = 11,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128,
+ .ssci = 0x7A30C118,
+ .xpn = 0xB0DF459C, /* Most significant 32 bits */
+ .salt = {
+ 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE,
+ 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D,
+ },
+ .sa_key = {
+ .data = {
+ 0x01, 0x3F, 0xE0, 0x0B, 0x5F, 0x11, 0xBE, 0x7F,
+ 0x86, 0x6D, 0x0C, 0xBB, 0xC5, 0x5A, 0x7A, 0x90,
+ },
+ .len = 16,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA,
+ /* MAC SA */
+ 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00,
+ 0x06,
+ },
+ .len = 61,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA,
+ /* MAC SA */
+ 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x2F,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0x89, 0x32, 0xD6, 0x12,
+ /* SCI */
+ 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6,
+ /* Secure Data */
+ 0x14, 0xC1, 0x76, 0x93, 0xBC, 0x82, 0x97, 0xEE,
+ 0x6C, 0x47, 0xC5, 0x65, 0xCB, 0xE0, 0x67, 0x9E,
+ 0x80, 0xF0, 0x0F, 0xCA, 0xF5, 0x92, 0xC9, 0xAA,
+ 0x04, 0x73, 0x92, 0x8E, 0x7F, 0x2F, 0x21, 0x6F,
+ 0xF5, 0xA0, 0x33, 0xDE, 0xC7, 0x51, 0x3F, 0x45,
+ 0xD3, 0x4C, 0xBB, 0x98, 0x1C, 0x5B, 0xD6, 0x4E,
+ 0x8B,
+ /* ICV */
+ 0xD8, 0x4B, 0x8E, 0x2A, 0x78, 0xE7, 0x4D, 0xAF,
+ 0xEA, 0xA0, 0x38, 0x46, 0xFE, 0x93, 0x0C, 0x0E,
+ },
+ .len = 93,
+ },
+},
+/* gcm_256_xpn_61B_cipher */
+{
+ .test_idx = 12,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256,
+ .ssci = 0x7A30C118,
+ .xpn = 0xB0DF459C, /* Most significant 32 bits */
+ .salt = {
+ 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE,
+ 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D,
+ },
+ .sa_key = {
+ .data = {
+ 0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1,
+ 0xC0, 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60,
+ 0x9A, 0xC1, 0xC8, 0x0F, 0xEE, 0x1B, 0x62, 0x44,
+ 0x97, 0xEF, 0x94, 0x2E, 0x2F, 0x79, 0xA8, 0x23,
+ },
+ .len = 32,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA,
+ /* MAC SA */
+ 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00,
+ 0x06,
+ },
+ .len = 61,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA,
+ /* MAC SA */
+ 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x2F,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0x89, 0x32, 0xD6, 0x12,
+ /* SCI */
+ 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6,
+ /* Secure Data */
+ 0x09, 0x96, 0xE0, 0xC9, 0xA5, 0x57, 0x74, 0xE0,
+ 0xA7, 0x92, 0x30, 0x4E, 0x7D, 0xC1, 0x50, 0xBD,
+ 0x67, 0xFD, 0x74, 0x7D, 0xD1, 0xB9, 0x41, 0x95,
+ 0x94, 0xBF, 0x37, 0x3D, 0x4A, 0xCE, 0x8F, 0x87,
+ 0xF5, 0xC1, 0x34, 0x9A, 0xFA, 0xC4, 0x91, 0xAA,
+ 0x0A, 0x40, 0xD3, 0x19, 0x90, 0x87, 0xB2, 0x9F,
+ 0xDF,
+ /* ICV */
+ 0x80, 0x2F, 0x05, 0x0E, 0x69, 0x1F, 0x11, 0xA2,
+ 0xD9, 0xB3, 0x58, 0xF6, 0x99, 0x41, 0x84, 0xF5,
+ },
+ .len = 93,
+ },
+},
+/* gcm_128_75B_cipher */
+{
+ .test_idx = 13,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+ .ssci = 0,
+ .xpn = 0, /* Most significant 32 bits */
+ .salt = {0},
+ .sa_key = {
+ .data = {
+ 0x88, 0xEE, 0x08, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB,
+ 0xF6, 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD,
+ },
+ .len = 16,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE,
+ /* MAC SA */
+ 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
+ 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
+ 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08,
+ },
+ .len = 75,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE,
+ /* MAC SA */
+ 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x4D,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0x2E, 0x58, 0x49, 0x5C,
+ /* SCI */
+ /* Secure Data */
+ 0xC3, 0x1F, 0x53, 0xD9, 0x9E, 0x56, 0x87, 0xF7,
+ 0x36, 0x51, 0x19, 0xB8, 0x32, 0xD2, 0xAA, 0xE7,
+ 0x07, 0x41, 0xD5, 0x93, 0xF1, 0xF9, 0xE2, 0xAB,
+ 0x34, 0x55, 0x77, 0x9B, 0x07, 0x8E, 0xB8, 0xFE,
+ 0xAC, 0xDF, 0xEC, 0x1F, 0x8E, 0x3E, 0x52, 0x77,
+ 0xF8, 0x18, 0x0B, 0x43, 0x36, 0x1F, 0x65, 0x12,
+ 0xAD, 0xB1, 0x6D, 0x2E, 0x38, 0x54, 0x8A, 0x2C,
+ 0x71, 0x9D, 0xBA, 0x72, 0x28, 0xD8, 0x40,
+ /* ICV */
+ 0x88, 0xF8, 0x75, 0x7A, 0xDB, 0x8A, 0xA7, 0x88,
+ 0xD8, 0xF6, 0x5A, 0xD6, 0x68, 0xBE, 0x70, 0xE7,
+ },
+ .len = 99,
+ },
+},
+/* gcm_256_75B_cipher */
+{
+ .test_idx = 14,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_256,
+ .ssci = 0,
+ .xpn = 0, /* Most significant 32 bits */
+ .salt = {0},
+ .sa_key = {
+ .data = {
+ 0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16,
+ 0x74, 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51,
+ 0x1F, 0xCE, 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C,
+ 0x1A, 0x2C, 0xAA, 0x0F, 0xFE, 0x04, 0x07, 0xE5,
+ },
+ .len = 32,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE,
+ /* MAC SA */
+ 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
+ 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
+ 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08,
+ },
+ .len = 75,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE,
+ /* MAC SA */
+ 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x4D,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0x2E, 0x58, 0x49, 0x5C,
+ /* SCI */
+ /* Secure Data */
+ 0xBA, 0x8A, 0xE3, 0x1B, 0xC5, 0x06, 0x48, 0x6D,
+ 0x68, 0x73, 0xE4, 0xFC, 0xE4, 0x60, 0xE7, 0xDC,
+ 0x57, 0x59, 0x1F, 0xF0, 0x06, 0x11, 0xF3, 0x1C,
+ 0x38, 0x34, 0xFE, 0x1C, 0x04, 0xAD, 0x80, 0xB6,
+ 0x68, 0x03, 0xAF, 0xCF, 0x5B, 0x27, 0xE6, 0x33,
+ 0x3F, 0xA6, 0x7C, 0x99, 0xDA, 0x47, 0xC2, 0xF0,
+ 0xCE, 0xD6, 0x8D, 0x53, 0x1B, 0xD7, 0x41, 0xA9,
+ 0x43, 0xCF, 0xF7, 0xA6, 0x71, 0x3B, 0xD0,
+ /* ICV */
+ 0x26, 0x11, 0xCD, 0x7D, 0xAA, 0x01, 0xD6, 0x1C,
+ 0x5C, 0x88, 0x6D, 0xC1, 0xA8, 0x17, 0x01, 0x07,
+ },
+ .len = 99,
+ },
+},
+/* gcm_128_xpn_75B_cipher */
+{
+ .test_idx = 15,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128,
+ .ssci = 0x7A30C118,
+ .xpn = 0xB0DF459C, /* Most significant 32 bits */
+ .salt = {
+ 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2,
+ 0x1C, 0x66, 0xFA, 0x6D,
+ },
+ .sa_key = {
+ .data = {
+ 0x88, 0xEE, 0x08, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB,
+ 0xF6, 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD,
+ },
+ .len = 16,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE,
+ /* MAC SA */
+ 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
+ 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
+ 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08,
+ },
+ .len = 75,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE,
+ /* MAC SA */
+ 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x4D,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0x2E, 0x58, 0x49, 0x5C,
+ /* SCI */
+ /* Secure Data */
+ 0xEA, 0xEC, 0xC6, 0xAF, 0x65, 0x12, 0xFC, 0x8B,
+ 0x6C, 0x8C, 0x43, 0xBC, 0x55, 0xB1, 0x90, 0xB2,
+ 0x62, 0x6D, 0x07, 0xD3, 0xD2, 0x18, 0xFA, 0xF5,
+ 0xDA, 0xA7, 0xD8, 0xF8, 0x00, 0xA5, 0x73, 0x31,
+ 0xEB, 0x43, 0xB5, 0xA1, 0x7A, 0x37, 0xE5, 0xB1,
+ 0xD6, 0x0D, 0x27, 0x5C, 0xCA, 0xF7, 0xAC, 0xD7,
+ 0x04, 0xCC, 0x9A, 0xCE, 0x2B, 0xF8, 0xBC, 0x8B,
+ 0x9B, 0x23, 0xB9, 0xAD, 0xF0, 0x2F, 0x87,
+ /* ICV */
+ 0x34, 0x6B, 0x96, 0xD1, 0x13, 0x6A, 0x75, 0x4D,
+ 0xF0, 0xA6, 0xCD, 0xE1, 0x26, 0xC1, 0x07, 0xF8,
+ },
+ .len = 99,
+ },
+},
+/* gcm_256_xpn_75B_cipher */
+{
+ .test_idx = 16,
+ .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256,
+ .ssci = 0x7A30C118,
+ .xpn = 0xB0DF459C, /* Most significant 32 bits */
+ .salt = {
+ 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2,
+ 0x1C, 0x66, 0xFA, 0x6D,
+ },
+ .sa_key = {
+ .data = {
+ 0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16,
+ 0x74, 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51,
+ 0x1F, 0xCE, 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C,
+ 0x1A, 0x2C, 0xAA, 0x0F, 0xFE, 0x04, 0x07, 0xE5,
+ },
+ .len = 32,
+ },
+ .plain_pkt = {
+ .data = {/* MAC DA */
+ 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE,
+ /* MAC SA */
+ 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
+ /* User Data */
+ 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C,
+ 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
+ 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
+ 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08,
+ },
+ .len = 75,
+ },
+ .secure_pkt = {
+ .data = {/* MAC DA */
+ 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE,
+ /* MAC SA */
+ 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5,
+ /* MACsec EtherType */
+ 0x88, 0xE5,
+ /* TCI and AN */
+ 0x4D,
+ /* SL */
+ 0x00,
+ /* PN */
+ 0x2E, 0x58, 0x49, 0x5C,
+ /* SCI */
+ /* Secure Data */
+ 0xB0, 0xFE, 0xA3, 0x63, 0x18, 0xB9, 0xB3, 0x64,
+ 0x66, 0xC4, 0x6E, 0x9E, 0x1B, 0xDA, 0x1A, 0x26,
+ 0x68, 0x58, 0x19, 0x6E, 0x7E, 0x70, 0xD8, 0x82,
+ 0xAE, 0x70, 0x47, 0x56, 0x68, 0xCD, 0xE4, 0xEC,
+ 0x88, 0x3F, 0x6A, 0xC2, 0x36, 0x9F, 0x28, 0x4B,
+ 0xED, 0x1F, 0xE3, 0x2F, 0x42, 0x09, 0x2F, 0xDF,
+ 0xF5, 0x86, 0x8A, 0x3C, 0x64, 0xE5, 0x61, 0x51,
+ 0x92, 0xA7, 0xA3, 0x76, 0x0B, 0x34, 0xBC,
+ /* ICV */
+ 0x85, 0x69, 0x2C, 0xD8, 0x15, 0xB6, 0x64, 0x71,
+ 0x1A, 0xEF, 0x91, 0x1D, 0xF7, 0x8D, 0x7F, 0x46,
+ },
+ .len = 99,
+ },
+},
+};
+
+#endif