From patchwork Wed Jun 7 15:19:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128326 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F112E42C4E; Wed, 7 Jun 2023 17:20:11 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B9153410FD; Wed, 7 Jun 2023 17:20:07 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E66A6410FC for ; Wed, 7 Jun 2023 17:20:05 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvhxp028122; Wed, 7 Jun 2023 08:20:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=B6x4nFrb4pscGmFRXhjkYZd+nKJ1tK5Sks5b2jQ7ezA=; b=Qs4qCOBd+yehcUtLDKXmu6x9B7GQ77BKSOsXUOhfefLhS4fBTYKethDLXQA+cRdSG2Ow I01h1wb6/DZ6XIagMWljieoCbLnsgdGyuon5JuFMkQfKHJxX1DSnysy5E9zJURV6UQgM 4NHgACaVitTgXeakD8BmoZj4FncenIT9SNOTK15glbxhvaGTYok5eeHTmz4YsEGQJyv8 IO2iJBsLblhbcZHvoUTN7yM+SVogvFCtYpLcwYs+cDDxPYg7OAuxK/eChLpc3NRVQIFR TNPaEh/aETT/5IlTEMy29Y1+EGil8OBWl7/KW1Vcspqs6CRlrbijY+XYZ0ySJOy2A5NI /g== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv66g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:02 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:19:59 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:19:59 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 16E193F7088; Wed, 7 Jun 2023 08:19:55 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 03/13] test/security: add inline MACsec cases Date: Wed, 7 Jun 2023 20:49:30 +0530 Message-ID: <20230607151940.223417-4-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: RTRfm0GVeP3X5KC5UHVdNXZSWxFwySkq X-Proofpoint-GUID: RTRfm0GVeP3X5KC5UHVdNXZSWxFwySkq X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Updated test app to verify Inline MACsec offload using rte_security APIs. A couple of test cases are added to verify encap only and decap only of some known test vectors from MACsec specification. Signed-off-by: Akhil Goyal --- app/test/meson.build | 1 + app/test/test_security_inline_macsec.c | 1108 +++++++++++++++++ .../test_security_inline_macsec_vectors.h | 1086 ++++++++++++++++ 3 files changed, 2195 insertions(+) create mode 100644 app/test/test_security_inline_macsec.c create mode 100644 app/test/test_security_inline_macsec_vectors.h diff --git a/app/test/meson.build b/app/test/meson.build index b9b5432496..69c1d19f7b 100644 --- a/app/test/meson.build +++ b/app/test/meson.build @@ -128,6 +128,7 @@ test_sources = files( 'test_rwlock.c', 'test_sched.c', 'test_security.c', + 'test_security_inline_macsec.c', 'test_security_inline_proto.c', 'test_seqlock.c', 'test_service_cores.c', diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c new file mode 100644 index 0000000000..9ef967597b --- /dev/null +++ b/app/test/test_security_inline_macsec.c @@ -0,0 +1,1108 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ + + +#include +#include + +#include +#include +#include + +#include "test.h" +#include "test_security_inline_macsec_vectors.h" + +#ifdef RTE_EXEC_ENV_WINDOWS +static int +test_inline_macsec(void) +{ + printf("Inline MACsec not supported on Windows, skipping test\n"); + return TEST_SKIPPED; +} + +#else + +#define NB_ETHPORTS_USED 1 +#define MEMPOOL_CACHE_SIZE 32 +#define RTE_TEST_RX_DESC_DEFAULT 1024 +#define RTE_TEST_TX_DESC_DEFAULT 1024 +#define RTE_PORT_ALL (~(uint16_t)0x0) + +#define RX_PTHRESH 8 /**< Default values of RX prefetch threshold reg. */ +#define RX_HTHRESH 8 /**< Default values of RX host threshold reg. */ +#define RX_WTHRESH 0 /**< Default values of RX write-back threshold reg. */ + +#define TX_PTHRESH 32 /**< Default values of TX prefetch threshold reg. */ +#define TX_HTHRESH 0 /**< Default values of TX host threshold reg. */ +#define TX_WTHRESH 0 /**< Default values of TX write-back threshold reg. */ + +#define MAX_TRAFFIC_BURST 2048 +#define NB_MBUF 10240 + +#define MCS_INVALID_SA 0xFFFF +#define MCS_DEFAULT_PN_THRESHOLD 0xFFFFF + +static struct rte_mempool *mbufpool; +static struct rte_mempool *sess_pool; +/* ethernet addresses of ports */ +static struct rte_ether_addr ports_eth_addr[RTE_MAX_ETHPORTS]; + +struct mcs_test_opts { + int val_frames; + int nb_td; + uint16_t mtu; + uint8_t sa_in_use; + bool encrypt; + bool protect_frames; + uint8_t sectag_insert_mode; + uint8_t nb_vlan; + uint32_t replay_win_sz; + uint8_t replay_protect; + uint8_t rekey_en; + const struct mcs_test_vector *rekey_td; + bool dump_all_stats; + uint8_t check_untagged_rx; + uint8_t check_bad_tag_cnt; + uint8_t check_sa_not_in_use; + uint8_t check_decap_stats; + uint8_t check_verify_only_stats; + uint8_t check_pkts_invalid_stats; + uint8_t check_pkts_unchecked_stats; + uint8_t check_out_pkts_untagged; + uint8_t check_out_pkts_toolong; + uint8_t check_encap_stats; + uint8_t check_auth_only_stats; + uint8_t check_sectag_interrupts; +}; + +static struct rte_eth_conf port_conf = { + .rxmode = { + .mq_mode = RTE_ETH_MQ_RX_NONE, + .offloads = RTE_ETH_RX_OFFLOAD_CHECKSUM | + RTE_ETH_RX_OFFLOAD_MACSEC_STRIP, + }, + .txmode = { + .mq_mode = RTE_ETH_MQ_TX_NONE, + .offloads = RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE | + RTE_ETH_TX_OFFLOAD_MACSEC_INSERT, + }, + .lpbk_mode = 1, /* enable loopback */ +}; + +static struct rte_eth_rxconf rx_conf = { + .rx_thresh = { + .pthresh = RX_PTHRESH, + .hthresh = RX_HTHRESH, + .wthresh = RX_WTHRESH, + }, + .rx_free_thresh = 32, +}; + +static struct rte_eth_txconf tx_conf = { + .tx_thresh = { + .pthresh = TX_PTHRESH, + .hthresh = TX_HTHRESH, + .wthresh = TX_WTHRESH, + }, + .tx_free_thresh = 32, /* Use PMD default values */ + .tx_rs_thresh = 32, /* Use PMD default values */ +}; + +static uint16_t port_id; + +static uint64_t link_mbps; + +static struct rte_flow *default_tx_flow[RTE_MAX_ETHPORTS]; +static struct rte_flow *default_rx_flow[RTE_MAX_ETHPORTS]; + +static struct rte_mbuf **tx_pkts_burst; +static struct rte_mbuf **rx_pkts_burst; + +static inline struct rte_mbuf * +init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len) +{ + struct rte_mbuf *pkt; + + pkt = rte_pktmbuf_alloc(mp); + if (pkt == NULL) + return NULL; + + rte_memcpy(rte_pktmbuf_append(pkt, len), data, len); + + return pkt; +} + +static int +init_mempools(unsigned int nb_mbuf) +{ + struct rte_security_ctx *sec_ctx; + uint16_t nb_sess = 512; + uint32_t sess_sz; + char s[64]; + + if (mbufpool == NULL) { + snprintf(s, sizeof(s), "mbuf_pool"); + mbufpool = rte_pktmbuf_pool_create(s, nb_mbuf, + MEMPOOL_CACHE_SIZE, 0, + RTE_MBUF_DEFAULT_BUF_SIZE, SOCKET_ID_ANY); + if (mbufpool == NULL) { + printf("Cannot init mbuf pool\n"); + return TEST_FAILED; + } + printf("Allocated mbuf pool\n"); + } + + sec_ctx = rte_eth_dev_get_sec_ctx(port_id); + if (sec_ctx == NULL) { + printf("Device does not support Security ctx\n"); + return TEST_SKIPPED; + } + sess_sz = rte_security_session_get_size(sec_ctx); + if (sess_pool == NULL) { + snprintf(s, sizeof(s), "sess_pool"); + sess_pool = rte_mempool_create(s, nb_sess, sess_sz, + MEMPOOL_CACHE_SIZE, 0, + NULL, NULL, NULL, NULL, + SOCKET_ID_ANY, 0); + if (sess_pool == NULL) { + printf("Cannot init sess pool\n"); + return TEST_FAILED; + } + printf("Allocated sess pool\n"); + } + + return 0; +} + +static void +fill_macsec_sa_conf(const struct mcs_test_vector *td, struct rte_security_macsec_sa *sa, + enum rte_security_macsec_direction dir, uint8_t an, uint8_t tci_off) +{ + sa->dir = dir; + + sa->key.data = td->sa_key.data; + sa->key.length = td->sa_key.len; + + memcpy((uint8_t *)sa->salt, (const uint8_t *)td->salt, RTE_SECURITY_MACSEC_SALT_LEN); + + /* AN is set as per the value in secure packet in test vector */ + sa->an = an & RTE_MACSEC_AN_MASK; + + sa->ssci = td->ssci; + sa->xpn = td->xpn; + /* Starting packet number which is expected to come next. + * It is take from the test vector so that we can match the out packet. + */ + sa->next_pn = *(const uint32_t *)(&td->secure_pkt.data[tci_off + 2]); +} + +static void +fill_macsec_sc_conf(const struct mcs_test_vector *td, + struct rte_security_macsec_sc *sc_conf, + const struct mcs_test_opts *opts, + enum rte_security_macsec_direction dir, + uint16_t sa_id[], uint8_t tci_off) +{ + uint8_t i; + + sc_conf->dir = dir; + if (dir == RTE_SECURITY_MACSEC_DIR_TX) { + sc_conf->sc_tx.sa_id = sa_id[0]; + if (sa_id[1] != MCS_INVALID_SA) { + sc_conf->sc_tx.sa_id_rekey = sa_id[1]; + sc_conf->sc_tx.re_key_en = 1; + } + sc_conf->sc_tx.active = 1; + /* is SCI valid */ + if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) { + memcpy(&sc_conf->sc_tx.sci, &td->secure_pkt.data[tci_off + 6], + sizeof(sc_conf->sc_tx.sci)); + sc_conf->sc_tx.sci = rte_be_to_cpu_64(sc_conf->sc_tx.sci); + } else if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) { + /* sci = source_mac + port_id when ES.bit = 1 & SC.bit = 0 */ + const uint8_t *smac = td->plain_pkt.data + RTE_ETHER_ADDR_LEN; + uint8_t *ptr = (uint8_t *)&sc_conf->sc_tx.sci; + + ptr[0] = 0x01; + ptr[1] = 0; + for (i = 0; i < RTE_ETHER_ADDR_LEN; i++) + ptr[2 + i] = smac[RTE_ETHER_ADDR_LEN - 1 - i]; + } else { + /* use some default SCI */ + sc_conf->sc_tx.sci = 0xf1341e023a2b1c5d; + } + } else { + for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) { + sc_conf->sc_rx.sa_id[i] = sa_id[i]; + sc_conf->sc_rx.sa_in_use[i] = opts->sa_in_use; + } + sc_conf->sc_rx.active = 1; + } +} + + +/* Create Inline MACsec session */ +static int +fill_session_conf(const struct mcs_test_vector *td, uint16_t portid __rte_unused, + const struct mcs_test_opts *opts, + struct rte_security_session_conf *sess_conf, + enum rte_security_macsec_direction dir, + uint16_t sc_id, + uint8_t tci_off) +{ + sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; + sess_conf->protocol = RTE_SECURITY_PROTOCOL_MACSEC; + sess_conf->macsec.dir = dir; + sess_conf->macsec.alg = td->alg; + sess_conf->macsec.cipher_off = 0; + if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) { + sess_conf->macsec.sci = rte_be_to_cpu_64(*(const uint64_t *) + (&td->secure_pkt.data[tci_off + 6])); + } else if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) { + /* sci = source_mac + port_id when ES.bit = 1 & SC.bit = 0 */ + const uint8_t *smac = td->plain_pkt.data + RTE_ETHER_ADDR_LEN; + uint8_t *ptr = (uint8_t *)&sess_conf->macsec.sci; + uint8_t j; + + ptr[0] = 0x01; + ptr[1] = 0; + for (j = 0; j < RTE_ETHER_ADDR_LEN; j++) + ptr[2 + j] = smac[RTE_ETHER_ADDR_LEN - 1 - j]; + } + sess_conf->macsec.sc_id = sc_id; + if (dir == RTE_SECURITY_MACSEC_DIR_TX) { + sess_conf->macsec.tx_secy.mtu = opts->mtu; + sess_conf->macsec.tx_secy.sectag_off = (opts->sectag_insert_mode == 1) ? + 2 * RTE_ETHER_ADDR_LEN : + RTE_VLAN_HLEN; + sess_conf->macsec.tx_secy.sectag_insert_mode = opts->sectag_insert_mode; + sess_conf->macsec.tx_secy.ctrl_port_enable = 1; + sess_conf->macsec.tx_secy.sectag_version = 0; + sess_conf->macsec.tx_secy.end_station = + (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) >> 6; + sess_conf->macsec.tx_secy.send_sci = + (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) >> 5; + sess_conf->macsec.tx_secy.scb = + (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SCB) >> 4; + sess_conf->macsec.tx_secy.encrypt = opts->encrypt; + sess_conf->macsec.tx_secy.protect_frames = opts->protect_frames; + sess_conf->macsec.tx_secy.icv_include_da_sa = 1; + } else { + sess_conf->macsec.rx_secy.replay_win_sz = opts->replay_win_sz; + sess_conf->macsec.rx_secy.replay_protect = opts->replay_protect; + sess_conf->macsec.rx_secy.icv_include_da_sa = 1; + sess_conf->macsec.rx_secy.ctrl_port_enable = 1; + sess_conf->macsec.rx_secy.preserve_sectag = 0; + sess_conf->macsec.rx_secy.preserve_icv = 0; + sess_conf->macsec.rx_secy.validate_frames = opts->val_frames; + } + + return 0; +} + +static int +create_default_flow(const struct mcs_test_vector *td, uint16_t portid, + enum rte_security_macsec_direction dir, void *sess) +{ + struct rte_flow_action action[2]; + struct rte_flow_item pattern[2]; + struct rte_flow_attr attr = {0}; + struct rte_flow_error err; + struct rte_flow *flow; + struct rte_flow_item_eth eth = { .hdr.ether_type = 0, }; + static const struct rte_flow_item_eth eth_mask = { + .hdr.dst_addr.addr_bytes = "\x00\x00\x00\x00\x00\x00", + .hdr.src_addr.addr_bytes = "\x00\x00\x00\x00\x00\x00", + .hdr.ether_type = RTE_BE16(0x0000), + }; + + int ret; + + eth.has_vlan = 0; + if (dir == RTE_SECURITY_MACSEC_DIR_TX) + memcpy(ð.hdr, td->plain_pkt.data, RTE_ETHER_HDR_LEN); + else + memcpy(ð.hdr, td->secure_pkt.data, RTE_ETHER_HDR_LEN); + + pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH; + pattern[0].spec = ð + pattern[0].mask = ð_mask; + pattern[0].last = NULL; + pattern[1].type = RTE_FLOW_ITEM_TYPE_END; + + action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; + action[0].conf = sess; + action[1].type = RTE_FLOW_ACTION_TYPE_END; + action[1].conf = NULL; + + attr.ingress = (dir == RTE_SECURITY_MACSEC_DIR_RX) ? 1 : 0; + attr.egress = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? 1 : 0; + + ret = rte_flow_validate(portid, &attr, pattern, action, &err); + if (ret) { + printf("\nValidate flow failed, ret = %d\n", ret); + return -1; + } + flow = rte_flow_create(portid, &attr, pattern, action, &err); + if (flow == NULL) { + printf("\nDefault flow rule create failed\n"); + return -1; + } + + if (dir == RTE_SECURITY_MACSEC_DIR_TX) + default_tx_flow[portid] = flow; + else + default_rx_flow[portid] = flow; + + return 0; +} + +static void +destroy_default_flow(uint16_t portid) +{ + struct rte_flow_error err; + int ret; + + if (default_tx_flow[portid]) { + ret = rte_flow_destroy(portid, default_tx_flow[portid], &err); + if (ret) { + printf("\nDefault Tx flow rule destroy failed\n"); + return; + } + default_tx_flow[portid] = NULL; + } + if (default_rx_flow[portid]) { + ret = rte_flow_destroy(portid, default_rx_flow[portid], &err); + if (ret) { + printf("\nDefault Rx flow rule destroy failed\n"); + return; + } + default_rx_flow[portid] = NULL; + } +} + +static void +print_ethaddr(const char *name, const struct rte_ether_addr *eth_addr) +{ + char buf[RTE_ETHER_ADDR_FMT_SIZE]; + rte_ether_format_addr(buf, RTE_ETHER_ADDR_FMT_SIZE, eth_addr); + printf("%s%s", name, buf); +} + +/* Check the link status of all ports in up to 3s, and print them finally */ +static void +check_all_ports_link_status(uint16_t port_num, uint32_t port_mask) +{ +#define CHECK_INTERVAL 100 /* 100ms */ +#define MAX_CHECK_TIME 30 /* 3s (30 * 100ms) in total */ + uint16_t portid; + uint8_t count, all_ports_up, print_flag = 0; + struct rte_eth_link link; + int ret; + char link_status[RTE_ETH_LINK_MAX_STR_LEN]; + + printf("Checking link statuses...\n"); + fflush(stdout); + for (count = 0; count <= MAX_CHECK_TIME; count++) { + all_ports_up = 1; + for (portid = 0; portid < port_num; portid++) { + if ((port_mask & (1 << portid)) == 0) + continue; + memset(&link, 0, sizeof(link)); + ret = rte_eth_link_get_nowait(portid, &link); + if (ret < 0) { + all_ports_up = 0; + if (print_flag == 1) + printf("Port %u link get failed: %s\n", + portid, rte_strerror(-ret)); + continue; + } + + /* print link status if flag set */ + if (print_flag == 1) { + if (link.link_status && link_mbps == 0) + link_mbps = link.link_speed; + + rte_eth_link_to_str(link_status, + sizeof(link_status), &link); + printf("Port %d %s\n", portid, link_status); + continue; + } + /* clear all_ports_up flag if any link down */ + if (link.link_status == RTE_ETH_LINK_DOWN) { + all_ports_up = 0; + break; + } + } + /* after finally printing all link status, get out */ + if (print_flag == 1) + break; + + if (all_ports_up == 0) + fflush(stdout); + + /* set the print_flag if all ports up or timeout */ + if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) + print_flag = 1; + } +} + +static int +test_macsec_post_process(struct rte_mbuf *m, const struct mcs_test_vector *td, + enum mcs_op op, uint8_t check_out_pkts_untagged) +{ + const uint8_t *dptr; + uint16_t pkt_len; + + if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || + op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY || + check_out_pkts_untagged == 1) { + dptr = td->plain_pkt.data; + pkt_len = td->plain_pkt.len; + } else { + dptr = td->secure_pkt.data; + pkt_len = td->secure_pkt.len; + } + + if (memcmp(rte_pktmbuf_mtod(m, uint8_t *), dptr, pkt_len)) { + printf("\nData comparison failed for td."); + rte_pktmbuf_dump(stdout, m, m->pkt_len); + rte_hexdump(stdout, "expected_data", dptr, pkt_len); + return TEST_FAILED; + } + + return TEST_SUCCESS; +} + +static void +mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op, + void *rx_sess, void *tx_sess, + uint8_t rx_sc_id, uint8_t tx_sc_id, + uint16_t rx_sa_id[], uint16_t tx_sa_id[]) +{ + struct rte_security_stats sess_stats = {0}; + struct rte_security_macsec_secy_stats *secy_stat; + struct rte_security_macsec_sc_stats sc_stat = {0}; + struct rte_security_macsec_sa_stats sa_stat = {0}; + int i; + + if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || + op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { + printf("\n********* RX SECY STATS ************\n"); + rte_security_session_stats_get(ctx, rx_sess, &sess_stats); + secy_stat = &sess_stats.macsec; + + if (secy_stat->ctl_pkt_bcast_cnt) + printf("RX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_bcast_cnt); + if (secy_stat->ctl_pkt_mcast_cnt) + printf("RX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_mcast_cnt); + if (secy_stat->ctl_pkt_ucast_cnt) + printf("RX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_ucast_cnt); + if (secy_stat->ctl_octet_cnt) + printf("RX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt); + if (secy_stat->unctl_pkt_bcast_cnt) + printf("RX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_bcast_cnt); + if (secy_stat->unctl_pkt_mcast_cnt) + printf("RX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_mcast_cnt); + if (secy_stat->unctl_pkt_ucast_cnt) + printf("RX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_ucast_cnt); + if (secy_stat->unctl_octet_cnt) + printf("RX: unctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->unctl_octet_cnt); + /* Valid only for RX */ + if (secy_stat->octet_decrypted_cnt) + printf("RX: octet_decrypted_cnt: 0x%" PRIx64 "\n", + secy_stat->octet_decrypted_cnt); + if (secy_stat->octet_validated_cnt) + printf("RX: octet_validated_cnt: 0x%" PRIx64 "\n", + secy_stat->octet_validated_cnt); + if (secy_stat->pkt_port_disabled_cnt) + printf("RX: pkt_port_disabled_cnt: 0x%" PRIx64 "\n", + secy_stat->pkt_port_disabled_cnt); + if (secy_stat->pkt_badtag_cnt) + printf("RX: pkt_badtag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_badtag_cnt); + if (secy_stat->pkt_nosa_cnt) + printf("RX: pkt_nosa_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_nosa_cnt); + if (secy_stat->pkt_nosaerror_cnt) + printf("RX: pkt_nosaerror_cnt: 0x%" PRIx64 "\n", + secy_stat->pkt_nosaerror_cnt); + if (secy_stat->pkt_tagged_ctl_cnt) + printf("RX: pkt_tagged_ctl_cnt: 0x%" PRIx64 "\n", + secy_stat->pkt_tagged_ctl_cnt); + if (secy_stat->pkt_untaged_cnt) + printf("RX: pkt_untaged_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_untaged_cnt); + if (secy_stat->pkt_ctl_cnt) + printf("RX: pkt_ctl_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_ctl_cnt); + if (secy_stat->pkt_notag_cnt) + printf("RX: pkt_notag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_notag_cnt); + printf("\n"); + printf("\n********** RX SC[%u] STATS **************\n", rx_sc_id); + + rte_security_macsec_sc_stats_get(ctx, rx_sc_id, RTE_SECURITY_MACSEC_DIR_RX, + &sc_stat); + /* RX */ + if (sc_stat.hit_cnt) + printf("RX hit_cnt: 0x%" PRIx64 "\n", sc_stat.hit_cnt); + if (sc_stat.pkt_invalid_cnt) + printf("RX pkt_invalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_invalid_cnt); + if (sc_stat.pkt_late_cnt) + printf("RX pkt_late_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_late_cnt); + if (sc_stat.pkt_notvalid_cnt) + printf("RX pkt_notvalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_notvalid_cnt); + if (sc_stat.pkt_unchecked_cnt) + printf("RX pkt_unchecked_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_unchecked_cnt); + if (sc_stat.pkt_delay_cnt) + printf("RX pkt_delay_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_delay_cnt); + if (sc_stat.pkt_ok_cnt) + printf("RX pkt_ok_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_ok_cnt); + if (sc_stat.octet_decrypt_cnt) + printf("RX octet_decrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_decrypt_cnt); + if (sc_stat.octet_validate_cnt) + printf("RX octet_validate_cnt: 0x%" PRIx64 "\n", + sc_stat.octet_validate_cnt); + printf("\n"); + for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) { + printf("\n********** RX SA[%u] STATS ****************\n", rx_sa_id[i]); + memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); + rte_security_macsec_sa_stats_get(ctx, rx_sa_id[i], + RTE_SECURITY_MACSEC_DIR_RX, &sa_stat); + + /* RX */ + if (sa_stat.pkt_invalid_cnt) + printf("RX pkt_invalid_cnt: 0x%" PRIx64 "\n", + sa_stat.pkt_invalid_cnt); + if (sa_stat.pkt_nosaerror_cnt) + printf("RX pkt_nosaerror_cnt: 0x%" PRIx64 "\n", + sa_stat.pkt_nosaerror_cnt); + if (sa_stat.pkt_notvalid_cnt) + printf("RX pkt_notvalid_cnt: 0x%" PRIx64 "\n", + sa_stat.pkt_notvalid_cnt); + if (sa_stat.pkt_ok_cnt) + printf("RX pkt_ok_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_ok_cnt); + if (sa_stat.pkt_nosa_cnt) + printf("RX pkt_nosa_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_nosa_cnt); + printf("\n"); + } + } + + if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || + op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { + memset(&sess_stats, 0, sizeof(struct rte_security_stats)); + rte_security_session_stats_get(ctx, tx_sess, &sess_stats); + secy_stat = &sess_stats.macsec; + + printf("\n********* TX SECY STATS ************\n"); + if (secy_stat->ctl_pkt_bcast_cnt) + printf("TX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_bcast_cnt); + if (secy_stat->ctl_pkt_mcast_cnt) + printf("TX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_mcast_cnt); + if (secy_stat->ctl_pkt_ucast_cnt) + printf("TX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_ucast_cnt); + if (secy_stat->ctl_octet_cnt) + printf("TX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt); + if (secy_stat->unctl_pkt_bcast_cnt) + printf("TX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_bcast_cnt); + if (secy_stat->unctl_pkt_mcast_cnt) + printf("TX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_mcast_cnt); + if (secy_stat->unctl_pkt_ucast_cnt) + printf("TX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_ucast_cnt); + if (secy_stat->unctl_octet_cnt) + printf("TX: unctl_octet_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_octet_cnt); + /* Valid only for TX */ + if (secy_stat->octet_encrypted_cnt) + printf("TX: octet_encrypted_cnt: 0x%" PRIx64 "\n", + secy_stat->octet_encrypted_cnt); + if (secy_stat->octet_protected_cnt) + printf("TX: octet_protected_cnt: 0x%" PRIx64 "\n", + secy_stat->octet_protected_cnt); + if (secy_stat->pkt_noactivesa_cnt) + printf("TX: pkt_noactivesa_cnt: 0x%" PRIx64 "\n", + secy_stat->pkt_noactivesa_cnt); + if (secy_stat->pkt_toolong_cnt) + printf("TX: pkt_toolong_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_toolong_cnt); + if (secy_stat->pkt_untagged_cnt) + printf("TX: pkt_untagged_cnt: 0x%" PRIx64 "\n", + secy_stat->pkt_untagged_cnt); + + + memset(&sc_stat, 0, sizeof(struct rte_security_macsec_sc_stats)); + rte_security_macsec_sc_stats_get(ctx, tx_sc_id, RTE_SECURITY_MACSEC_DIR_TX, + &sc_stat); + printf("\n********** TX SC[%u] STATS **************\n", tx_sc_id); + if (sc_stat.pkt_encrypt_cnt) + printf("TX pkt_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_encrypt_cnt); + if (sc_stat.pkt_protected_cnt) + printf("TX pkt_protected_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_protected_cnt); + if (sc_stat.octet_encrypt_cnt) + printf("TX octet_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_encrypt_cnt); + + memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); + rte_security_macsec_sa_stats_get(ctx, tx_sa_id[0], + RTE_SECURITY_MACSEC_DIR_TX, &sa_stat); + printf("\n********** TX SA[%u] STATS ****************\n", tx_sa_id[0]); + if (sa_stat.pkt_encrypt_cnt) + printf("TX pkt_encrypt_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_encrypt_cnt); + if (sa_stat.pkt_protected_cnt) + printf("TX pkt_protected_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_protected_cnt); + } +} + +static int +test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts) +{ + uint16_t rx_sa_id[MCS_MAX_FLOWS][RTE_SECURITY_MACSEC_NUM_AN] = {{0}}; + uint16_t tx_sa_id[MCS_MAX_FLOWS][2] = {{0}}; + uint16_t rx_sc_id[MCS_MAX_FLOWS] = {0}; + uint16_t tx_sc_id[MCS_MAX_FLOWS] = {0}; + void *rx_sess[MCS_MAX_FLOWS] = {0}; + void *tx_sess[MCS_MAX_FLOWS] = {0}; + struct rte_security_session_conf sess_conf = {0}; + struct rte_security_macsec_sa sa_conf = {0}; + struct rte_security_macsec_sc sc_conf = {0}; + struct rte_security_ctx *ctx; + int nb_rx = 0, nb_sent; + int i, j = 0, ret, id, an = 0; + uint8_t tci_off; + + memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td); + + ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(port_id); + if (ctx == NULL) { + printf("Ethernet device doesn't support security features.\n"); + return TEST_SKIPPED; + } + + tci_off = (opts->sectag_insert_mode == 1) ? RTE_ETHER_HDR_LEN : + RTE_ETHER_HDR_LEN + (opts->nb_vlan * RTE_VLAN_HLEN); + + for (i = 0, j = 0; i < opts->nb_td; i++) { + if (op == MCS_DECAP || op == MCS_VERIFY_ONLY) + tx_pkts_burst[j] = init_packet(mbufpool, td[i]->secure_pkt.data, + td[i]->secure_pkt.len); + else { + tx_pkts_burst[j] = init_packet(mbufpool, td[i]->plain_pkt.data, + td[i]->plain_pkt.len); + + tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC; + } + if (tx_pkts_burst[j] == NULL) { + while (j--) + rte_pktmbuf_free(tx_pkts_burst[j]); + ret = TEST_FAILED; + goto out; + } + j++; + + if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || + op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { + for (an = 0; an < RTE_SECURITY_MACSEC_NUM_AN; an++) { + /* For simplicity, using same SA conf for all AN */ + fill_macsec_sa_conf(td[i], &sa_conf, + RTE_SECURITY_MACSEC_DIR_RX, an, tci_off); + id = rte_security_macsec_sa_create(ctx, &sa_conf); + if (id < 0) { + printf("MACsec SA create failed : %d.\n", id); + return TEST_FAILED; + } + rx_sa_id[i][an] = (uint16_t)id; + } + fill_macsec_sc_conf(td[i], &sc_conf, opts, + RTE_SECURITY_MACSEC_DIR_RX, rx_sa_id[i], tci_off); + id = rte_security_macsec_sc_create(ctx, &sc_conf); + if (id < 0) { + printf("MACsec SC create failed : %d.\n", id); + goto out; + } + rx_sc_id[i] = (uint16_t)id; + + /* Create Inline IPsec session. */ + ret = fill_session_conf(td[i], port_id, opts, &sess_conf, + RTE_SECURITY_MACSEC_DIR_RX, rx_sc_id[i], tci_off); + if (ret) + return TEST_FAILED; + + rx_sess[i] = rte_security_session_create(ctx, &sess_conf, + sess_pool); + if (rx_sess[i] == NULL) { + printf("SEC Session init failed.\n"); + return TEST_FAILED; + } + ret = create_default_flow(td[i], port_id, + RTE_SECURITY_MACSEC_DIR_RX, rx_sess[i]); + if (ret) + goto out; + } + if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || + op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { + int id; + + fill_macsec_sa_conf(td[i], &sa_conf, + RTE_SECURITY_MACSEC_DIR_TX, + td[i]->secure_pkt.data[tci_off] & RTE_MACSEC_AN_MASK, + tci_off); + id = rte_security_macsec_sa_create(ctx, &sa_conf); + if (id < 0) { + printf("MACsec SA create failed : %d.\n", id); + return TEST_FAILED; + } + tx_sa_id[i][0] = (uint16_t)id; + tx_sa_id[i][1] = MCS_INVALID_SA; + fill_macsec_sc_conf(td[i], &sc_conf, opts, + RTE_SECURITY_MACSEC_DIR_TX, tx_sa_id[i], tci_off); + id = rte_security_macsec_sc_create(ctx, &sc_conf); + if (id < 0) { + printf("MACsec SC create failed : %d.\n", id); + goto out; + } + tx_sc_id[i] = (uint16_t)id; + + /* Create Inline IPsec session. */ + ret = fill_session_conf(td[i], port_id, opts, &sess_conf, + RTE_SECURITY_MACSEC_DIR_TX, tx_sc_id[i], tci_off); + if (ret) + return TEST_FAILED; + + tx_sess[i] = rte_security_session_create(ctx, &sess_conf, + sess_pool); + if (tx_sess[i] == NULL) { + printf("SEC Session init failed.\n"); + return TEST_FAILED; + } + ret = create_default_flow(td[i], port_id, + RTE_SECURITY_MACSEC_DIR_TX, tx_sess[i]); + if (ret) + goto out; + } + } + + /* Send packet to ethdev for inline MACsec processing. */ + nb_sent = rte_eth_tx_burst(port_id, 0, tx_pkts_burst, j); + + if (nb_sent != j) { + printf("\nUnable to TX %d packets, sent: %i", j, nb_sent); + for ( ; nb_sent < j; nb_sent++) + rte_pktmbuf_free(tx_pkts_burst[nb_sent]); + ret = TEST_FAILED; + goto out; + } + + rte_pause(); + + /* Receive back packet on loopback interface. */ + do { + nb_rx += rte_eth_rx_burst(port_id, 0, + &rx_pkts_burst[nb_rx], + nb_sent - nb_rx); + if (nb_rx >= nb_sent) + break; + rte_delay_ms(1); + } while (j++ < 5 && nb_rx == 0); + + if (nb_rx != nb_sent) { + printf("\nUnable to RX all %d packets, received(%i)", + nb_sent, nb_rx); + while (--nb_rx >= 0) + rte_pktmbuf_free(rx_pkts_burst[nb_rx]); + ret = TEST_FAILED; + goto out; + } + + for (i = 0; i < nb_rx; i++) { + ret = test_macsec_post_process(rx_pkts_burst[i], td[i], op, + opts->check_out_pkts_untagged); + if (ret != TEST_SUCCESS) { + for ( ; i < nb_rx; i++) + rte_pktmbuf_free(rx_pkts_burst[i]); + goto out; + } + + rte_pktmbuf_free(rx_pkts_burst[i]); + rx_pkts_burst[i] = NULL; + } +out: + for (i = 0; i < opts->nb_td; i++) { + if (opts->dump_all_stats) { + mcs_stats_dump(ctx, op, + rx_sess[i], tx_sess[i], + rx_sc_id[i], tx_sc_id[i], + rx_sa_id[i], tx_sa_id[i]); + } + } + + destroy_default_flow(port_id); + + /* Destroy session so that other cases can create the session again */ + for (i = 0; i < opts->nb_td; i++) { + if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || + op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { + rte_security_session_destroy(ctx, tx_sess[i]); + tx_sess[i] = NULL; + rte_security_macsec_sc_destroy(ctx, tx_sc_id[i], + RTE_SECURITY_MACSEC_DIR_TX); + rte_security_macsec_sa_destroy(ctx, tx_sa_id[i][0], + RTE_SECURITY_MACSEC_DIR_TX); + } + if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || + op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { + rte_security_session_destroy(ctx, rx_sess[i]); + rx_sess[i] = NULL; + rte_security_macsec_sc_destroy(ctx, rx_sc_id[i], + RTE_SECURITY_MACSEC_DIR_RX); + for (j = 0; j < RTE_SECURITY_MACSEC_NUM_AN; j++) { + rte_security_macsec_sa_destroy(ctx, rx_sa_id[i][j], + RTE_SECURITY_MACSEC_DIR_RX); + } + } + } + + return ret; +} + +static int +test_inline_macsec_encap_all(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.encrypt = true; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_ENCAP, &opts); + if (err) { + printf("\nCipher Auth Encryption case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nCipher Auth Encryption case %d Passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_decap_all(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) { + printf("\nCipher Auth Decryption case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nCipher Auth Decryption case %d Passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +ut_setup_inline_macsec(void) +{ + int ret; + + /* Start device */ + ret = rte_eth_dev_start(port_id); + if (ret < 0) { + printf("rte_eth_dev_start: err=%d, port=%d\n", + ret, port_id); + return ret; + } + /* always enable promiscuous */ + ret = rte_eth_promiscuous_enable(port_id); + if (ret != 0) { + printf("rte_eth_promiscuous_enable: err=%s, port=%d\n", + rte_strerror(-ret), port_id); + return ret; + } + + check_all_ports_link_status(1, RTE_PORT_ALL); + + return 0; +} + +static void +ut_teardown_inline_macsec(void) +{ + uint16_t portid; + int ret; + + /* port tear down */ + RTE_ETH_FOREACH_DEV(portid) { + ret = rte_eth_dev_stop(portid); + if (ret != 0) + printf("rte_eth_dev_stop: err=%s, port=%u\n", + rte_strerror(-ret), portid); + + } +} + +static int +inline_macsec_testsuite_setup(void) +{ + uint16_t nb_rxd; + uint16_t nb_txd; + uint16_t nb_ports; + int ret; + uint16_t nb_rx_queue = 1, nb_tx_queue = 1; + + printf("Start inline MACsec test.\n"); + + nb_ports = rte_eth_dev_count_avail(); + if (nb_ports < NB_ETHPORTS_USED) { + printf("At least %u port(s) used for test\n", + NB_ETHPORTS_USED); + return TEST_SKIPPED; + } + + ret = init_mempools(NB_MBUF); + if (ret) + return ret; + + if (tx_pkts_burst == NULL) { + tx_pkts_burst = (struct rte_mbuf **)rte_calloc("tx_buff", + MAX_TRAFFIC_BURST, + sizeof(void *), + RTE_CACHE_LINE_SIZE); + if (!tx_pkts_burst) + return TEST_FAILED; + + rx_pkts_burst = (struct rte_mbuf **)rte_calloc("rx_buff", + MAX_TRAFFIC_BURST, + sizeof(void *), + RTE_CACHE_LINE_SIZE); + if (!rx_pkts_burst) + return TEST_FAILED; + } + + printf("Generate %d packets\n", MAX_TRAFFIC_BURST); + + nb_rxd = RTE_TEST_RX_DESC_DEFAULT; + nb_txd = RTE_TEST_TX_DESC_DEFAULT; + + /* configuring port 0 for the test is enough */ + port_id = 0; + /* port configure */ + ret = rte_eth_dev_configure(port_id, nb_rx_queue, + nb_tx_queue, &port_conf); + if (ret < 0) { + printf("Cannot configure device: err=%d, port=%d\n", + ret, port_id); + return ret; + } + ret = rte_eth_macaddr_get(port_id, &ports_eth_addr[port_id]); + if (ret < 0) { + printf("Cannot get mac address: err=%d, port=%d\n", + ret, port_id); + return ret; + } + printf("Port %u ", port_id); + print_ethaddr("Address:", &ports_eth_addr[port_id]); + printf("\n"); + + /* tx queue setup */ + ret = rte_eth_tx_queue_setup(port_id, 0, nb_txd, + SOCKET_ID_ANY, &tx_conf); + if (ret < 0) { + printf("rte_eth_tx_queue_setup: err=%d, port=%d\n", + ret, port_id); + return ret; + } + /* rx queue steup */ + ret = rte_eth_rx_queue_setup(port_id, 0, nb_rxd, SOCKET_ID_ANY, + &rx_conf, mbufpool); + if (ret < 0) { + printf("rte_eth_rx_queue_setup: err=%d, port=%d\n", + ret, port_id); + return ret; + } + + return 0; +} + +static void +inline_macsec_testsuite_teardown(void) +{ + uint16_t portid; + int ret; + + /* port tear down */ + RTE_ETH_FOREACH_DEV(portid) { + ret = rte_eth_dev_reset(portid); + if (ret != 0) + printf("rte_eth_dev_reset: err=%s, port=%u\n", + rte_strerror(-ret), port_id); + } + rte_free(tx_pkts_burst); + rte_free(rx_pkts_burst); +} + + +static struct unit_test_suite inline_macsec_testsuite = { + .suite_name = "Inline MACsec Ethernet Device Unit Test Suite", + .unit_test_cases = { + TEST_CASE_NAMED_ST( + "MACsec encap(Cipher+Auth) known vector", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_encap_all), + TEST_CASE_NAMED_ST( + "MACsec decap(De-cipher+verify) known vector", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_decap_all), + + TEST_CASES_END() /**< NULL terminate unit test array */ + }, +}; + +static int +test_inline_macsec(void) +{ + inline_macsec_testsuite.setup = inline_macsec_testsuite_setup; + inline_macsec_testsuite.teardown = inline_macsec_testsuite_teardown; + return unit_test_suite_runner(&inline_macsec_testsuite); +} + +#endif /* !RTE_EXEC_ENV_WINDOWS */ + +REGISTER_TEST_COMMAND(inline_macsec_autotest, test_inline_macsec); diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h new file mode 100644 index 0000000000..68bd485419 --- /dev/null +++ b/app/test/test_security_inline_macsec_vectors.h @@ -0,0 +1,1086 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ +#ifndef _TEST_INLINE_MACSEC_VECTORS_H_ +#define _TEST_INLINE_MACSEC_VECTORS_H_ + +#define MCS_MAX_DATA_SZ 256 +#define MCS_MAX_KEY_LEN 32 +#define MCS_IV_LEN 12 +#define MCS_SALT_LEN 12 +#define MCS_MAX_FLOWS 63 + +enum mcs_op { + MCS_NO_OP, + MCS_ENCAP, + MCS_DECAP, + MCS_ENCAP_DECAP, + MCS_AUTH_ONLY, + MCS_VERIFY_ONLY, + MCS_AUTH_VERIFY, +}; + +struct mcs_test_vector { + uint32_t test_idx; + enum rte_security_macsec_alg alg; + uint32_t ssci; + uint32_t xpn; + uint8_t salt[MCS_SALT_LEN]; + struct { + uint8_t data[MCS_MAX_KEY_LEN]; + uint16_t len; + } sa_key; + struct { + uint8_t data[MCS_MAX_DATA_SZ]; + uint16_t len; + } plain_pkt; + struct { + uint8_t data[MCS_MAX_DATA_SZ]; + uint16_t len; + } secure_pkt; +}; + +static const struct mcs_test_vector list_mcs_cipher_vectors[] = { +/* gcm_128_64B_cipher */ +{ + .test_idx = 0, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +/* gcm_128_54B_cipher */ +{ + .test_idx = 1, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .xpn = 0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* Secure Data */ + 0x13, 0xB4, 0xC7, 0x2B, 0x38, 0x9D, 0xC5, 0x01, + 0x8E, 0x72, 0xA1, 0x71, 0xDD, 0x85, 0xA5, 0xD3, + 0x75, 0x22, 0x74, 0xD3, 0xA0, 0x19, 0xFB, 0xCA, + 0xED, 0x09, 0xA4, 0x25, 0xCD, 0x9B, 0x2E, 0x1C, + 0x9B, 0x72, 0xEE, 0xE7, 0xC9, 0xDE, 0x7D, 0x52, + 0xB3, 0xF3, + /* ICV */ + 0xD6, 0xA5, 0x28, 0x4F, 0x4A, 0x6D, 0x3F, 0xE2, + 0x2A, 0x5D, 0x6C, 0x2B, 0x96, 0x04, 0x94, 0xC3, + }, + .len = 78, + }, +}, +/* gcm_256_54B_cipher */ +{ + .test_idx = 2, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0x0, + .xpn = 0, + .salt = {0}, + .sa_key = { + .data = { + 0x69, 0x1D, 0x3E, 0xE9, 0x09, 0xD7, 0xF5, 0x41, + 0x67, 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x08, + 0x1F, 0x2B, 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, + 0xAB, 0x80, 0xBD, 0x52, 0x95, 0xAE, 0x6B, 0xE7, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* Secure Data */ + 0xC1, 0x62, 0x3F, 0x55, 0x73, 0x0C, 0x93, 0x53, + 0x30, 0x97, 0xAD, 0xDA, 0xD2, 0x56, 0x64, 0x96, + 0x61, 0x25, 0x35, 0x2B, 0x43, 0xAD, 0xAC, 0xBD, + 0x61, 0xC5, 0xEF, 0x3A, 0xC9, 0x0B, 0x5B, 0xEE, + 0x92, 0x9C, 0xE4, 0x63, 0x0E, 0xA7, 0x9F, 0x6C, + 0xE5, 0x19, + /* ICV */ + 0x12, 0xAF, 0x39, 0xC2, 0xD1, 0xFD, 0xC2, 0x05, + 0x1F, 0x8B, 0x7B, 0x3C, 0x9D, 0x39, 0x7E, 0xF2, + }, + .len = 78, + }, +}, +/* gcm_128_xpn_54B_cipher */ +{ + .test_idx = 3, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* Secure Data */ + 0x9C, 0xA4, 0x69, 0x84, 0x43, 0x02, 0x03, 0xED, + 0x41, 0x6E, 0xBD, 0xC2, 0xFE, 0x26, 0x22, 0xBA, + 0x3E, 0x5E, 0xAB, 0x69, 0x61, 0xC3, 0x63, 0x83, + 0x00, 0x9E, 0x18, 0x7E, 0x9B, 0x0C, 0x88, 0x56, + 0x46, 0x53, 0xB9, 0xAB, 0xD2, 0x16, 0x44, 0x1C, + 0x6A, 0xB6, + /* ICV */ + 0xF0, 0xA2, 0x32, 0xE9, 0xE4, 0x4C, 0x97, 0x8C, + 0xF7, 0xCD, 0x84, 0xD4, 0x34, 0x84, 0xD1, 0x01, + }, + .len = 78, + }, +}, +/* gcm_256_xpn_54B_cipher */ +{ + .test_idx = 4, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x69, 0x1D, 0x3E, 0xE9, 0x09, 0xD7, 0xF5, 0x41, + 0x67, 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x08, + 0x1F, 0x2B, 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, + 0xAB, 0x80, 0xBD, 0x52, 0x95, 0xAE, 0x6B, 0xE7, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* Secure Data */ + 0x88, 0xD9, 0xF7, 0xD1, 0xF1, 0x57, 0x8E, 0xE3, + 0x4B, 0xA7, 0xB1, 0xAB, 0xC8, 0x98, 0x93, 0xEF, + 0x1D, 0x33, 0x98, 0xC9, 0xF1, 0xDD, 0x3E, 0x47, + 0xFB, 0xD8, 0x55, 0x3E, 0x0F, 0xF7, 0x86, 0xEF, + 0x56, 0x99, 0xEB, 0x01, 0xEA, 0x10, 0x42, 0x0D, + 0x0E, 0xBD, + /* ICV */ + 0x39, 0xA0, 0xE2, 0x73, 0xC4, 0xC7, 0xF9, 0x5E, + 0xD8, 0x43, 0x20, 0x7D, 0x7A, 0x49, 0x7D, 0xFA, + }, + .len = 78, + }, +}, +/* gcm_128_60B_cipher */ +{ + .test_idx = 5, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .xpn = 0x0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, + 0x6F, 0x62, 0x0F, 0xDC, 0xB5, 0x06, 0xB3, 0x45, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2E, + /* SL */ + 0x00, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0x70, 0x1A, 0xFA, 0x1C, 0xC0, 0x39, 0xC0, 0xD7, + 0x65, 0x12, 0x8A, 0x66, 0x5D, 0xAB, 0x69, 0x24, + 0x38, 0x99, 0xBF, 0x73, 0x18, 0xCC, 0xDC, 0x81, + 0xC9, 0x93, 0x1D, 0xA1, 0x7F, 0xBE, 0x8E, 0xDD, + 0x7D, 0x17, 0xCB, 0x8B, 0x4C, 0x26, 0xFC, 0x81, + 0xE3, 0x28, 0x4F, 0x2B, 0x7F, 0xBA, 0x71, 0x3D, + /* ICV */ + 0x4F, 0x8D, 0x55, 0xE7, 0xD3, 0xF0, 0x6F, 0xD5, + 0xA1, 0x3C, 0x0C, 0x29, 0xB9, 0xD5, 0xB8, 0x80, + }, + .len = 92, + }, +}, +/* gcm_256_60B_cipher */ +{ + .test_idx = 6, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0x0, + .xpn = 0x0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0xE3, 0xC0, 0x8A, 0x8F, 0x06, 0xC6, 0xE3, 0xAD, + 0x95, 0xA7, 0x05, 0x57, 0xB2, 0x3F, 0x75, 0x48, + 0x3C, 0xE3, 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, + 0x25, 0x66, 0x62, 0x04, 0xC6, 0x9C, 0x0B, 0x72, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2E, + /* SL */ + 0x00, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0xE2, 0x00, 0x6E, 0xB4, 0x2F, 0x52, 0x77, 0x02, + 0x2D, 0x9B, 0x19, 0x92, 0x5B, 0xC4, 0x19, 0xD7, + 0xA5, 0x92, 0x66, 0x6C, 0x92, 0x5F, 0xE2, 0xEF, + 0x71, 0x8E, 0xB4, 0xE3, 0x08, 0xEF, 0xEA, 0xA7, + 0xC5, 0x27, 0x3B, 0x39, 0x41, 0x18, 0x86, 0x0A, + 0x5B, 0xE2, 0xA9, 0x7F, 0x56, 0xAB, 0x78, 0x36, + /* ICV */ + 0x5C, 0xA5, 0x97, 0xCD, 0xBB, 0x3E, 0xDB, 0x8D, + 0x1A, 0x11, 0x51, 0xEA, 0x0A, 0xF7, 0xB4, 0x36, + }, + .len = 92, + }, +}, +/* gcm_128_xpn_60B_cipher */ +{ + .test_idx = 7, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, + 0x6F, 0x62, 0x0F, 0xDC, 0xB5, 0x06, 0xB3, 0x45, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2E, + /* SL */ + 0x00, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0x07, 0x12, 0xD9, 0x80, 0xCA, 0x50, 0xBB, 0xED, + 0x35, 0xA0, 0xFA, 0x56, 0x63, 0x38, 0x72, 0x9F, + 0xFA, 0x16, 0xD1, 0x9F, 0xFC, 0xF0, 0x7B, 0x3A, + 0x1E, 0x79, 0x19, 0xB3, 0x77, 0x6A, 0xAC, 0xEC, + 0x8A, 0x59, 0x37, 0x20, 0x8B, 0x48, 0x3A, 0x76, + 0x91, 0x98, 0x4D, 0x38, 0x07, 0x92, 0xE0, 0x7F, + /* ICV */ + 0xC2, 0xC3, 0xC7, 0x9F, 0x26, 0x3F, 0xA6, 0xBF, + 0xF8, 0xE7, 0x58, 0x1E, 0x2C, 0xE4, 0x5A, 0xF8, + }, + .len = 92, + }, +}, +/* gcm_256_xpn_60B_cipher */ +{ + .test_idx = 8, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0xE3, 0xC0, 0x8A, 0x8F, 0x06, 0xC6, 0xE3, 0xAD, + 0x95, 0xA7, 0x05, 0x57, 0xB2, 0x3F, 0x75, 0x48, + 0x3C, 0xE3, 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, + 0x25, 0x66, 0x62, 0x04, 0xC6, 0x9C, 0x0B, 0x72, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2E, + /* SL */ + 0x00, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0x3E, 0xB0, 0x4A, 0x4B, 0xBF, 0x54, 0xC6, 0xEB, + 0x12, 0x22, 0xA9, 0xAE, 0xA0, 0x0C, 0x38, 0x68, + 0x7F, 0x6C, 0x35, 0x20, 0xD9, 0x76, 0xA3, 0xB6, + 0x94, 0x80, 0x06, 0x50, 0xCE, 0x65, 0x85, 0xE6, + 0x20, 0xA4, 0x19, 0x19, 0x17, 0xD2, 0xA6, 0x05, + 0xD8, 0x70, 0xC7, 0x8D, 0x27, 0x52, 0xCE, 0x49, + /* ICV */ + 0x3B, 0x44, 0x2A, 0xC0, 0xC8, 0x16, 0xD7, 0xAB, + 0xD7, 0x0A, 0xD6, 0x5C, 0x25, 0xD4, 0x64, 0x13, + }, + .len = 92, + }, +}, +/* gcm_128_61B_cipher */ +{ + .test_idx = 9, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .xpn = 0x0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x01, 0x3F, 0xE0, 0x0B, 0x5F, 0x11, 0xBE, 0x7F, + 0x86, 0x6D, 0x0C, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00, + 0x06, + }, + .len = 61, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2F, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x3A, 0x4D, 0xE6, 0xFA, 0x32, 0x19, 0x10, 0x14, + 0xDB, 0xB3, 0x03, 0xD9, 0x2E, 0xE3, 0xA9, 0xE8, + 0xA1, 0xB5, 0x99, 0xC1, 0x4D, 0x22, 0xFB, 0x08, + 0x00, 0x96, 0xE1, 0x38, 0x11, 0x81, 0x6A, 0x3C, + 0x9C, 0x9B, 0xCF, 0x7C, 0x1B, 0x9B, 0x96, 0xDA, + 0x80, 0x92, 0x04, 0xE2, 0x9D, 0x0E, 0x2A, 0x76, + 0x42, + /* ICV */ + 0xBF, 0xD3, 0x10, 0xA4, 0x83, 0x7C, 0x81, 0x6C, + 0xCF, 0xA5, 0xAC, 0x23, 0xAB, 0x00, 0x39, 0x88, + }, + .len = 93, + }, +}, +/* gcm_256_61B_cipher */ +{ + .test_idx = 10, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0x0, + .xpn = 0x0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, + 0xC0, 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, + 0x9A, 0xC1, 0xC8, 0x0F, 0xEE, 0x1B, 0x62, 0x44, + 0x97, 0xEF, 0x94, 0x2E, 0x2F, 0x79, 0xA8, 0x23, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00, + 0x06, + }, + .len = 61, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2F, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x11, 0x02, 0x22, 0xFF, 0x80, 0x50, 0xCB, 0xEC, + 0xE6, 0x6A, 0x81, 0x3A, 0xD0, 0x9A, 0x73, 0xED, + 0x7A, 0x9A, 0x08, 0x9C, 0x10, 0x6B, 0x95, 0x93, + 0x89, 0x16, 0x8E, 0xD6, 0xE8, 0x69, 0x8E, 0xA9, + 0x02, 0xEB, 0x12, 0x77, 0xDB, 0xEC, 0x2E, 0x68, + 0xE4, 0x73, 0x15, 0x5A, 0x15, 0xA7, 0xDA, 0xEE, + 0xD4, + /* ICV */ + 0xA1, 0x0F, 0x4E, 0x05, 0x13, 0x9C, 0x23, 0xDF, + 0x00, 0xB3, 0xAA, 0xDC, 0x71, 0xF0, 0x59, 0x6A, + }, + .len = 93, + }, +}, +/* gcm_128_xpn_61B_cipher */ +{ + .test_idx = 11, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x01, 0x3F, 0xE0, 0x0B, 0x5F, 0x11, 0xBE, 0x7F, + 0x86, 0x6D, 0x0C, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00, + 0x06, + }, + .len = 61, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2F, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x14, 0xC1, 0x76, 0x93, 0xBC, 0x82, 0x97, 0xEE, + 0x6C, 0x47, 0xC5, 0x65, 0xCB, 0xE0, 0x67, 0x9E, + 0x80, 0xF0, 0x0F, 0xCA, 0xF5, 0x92, 0xC9, 0xAA, + 0x04, 0x73, 0x92, 0x8E, 0x7F, 0x2F, 0x21, 0x6F, + 0xF5, 0xA0, 0x33, 0xDE, 0xC7, 0x51, 0x3F, 0x45, + 0xD3, 0x4C, 0xBB, 0x98, 0x1C, 0x5B, 0xD6, 0x4E, + 0x8B, + /* ICV */ + 0xD8, 0x4B, 0x8E, 0x2A, 0x78, 0xE7, 0x4D, 0xAF, + 0xEA, 0xA0, 0x38, 0x46, 0xFE, 0x93, 0x0C, 0x0E, + }, + .len = 93, + }, +}, +/* gcm_256_xpn_61B_cipher */ +{ + .test_idx = 12, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, + 0xC0, 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, + 0x9A, 0xC1, 0xC8, 0x0F, 0xEE, 0x1B, 0x62, 0x44, + 0x97, 0xEF, 0x94, 0x2E, 0x2F, 0x79, 0xA8, 0x23, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00, + 0x06, + }, + .len = 61, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2F, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x09, 0x96, 0xE0, 0xC9, 0xA5, 0x57, 0x74, 0xE0, + 0xA7, 0x92, 0x30, 0x4E, 0x7D, 0xC1, 0x50, 0xBD, + 0x67, 0xFD, 0x74, 0x7D, 0xD1, 0xB9, 0x41, 0x95, + 0x94, 0xBF, 0x37, 0x3D, 0x4A, 0xCE, 0x8F, 0x87, + 0xF5, 0xC1, 0x34, 0x9A, 0xFA, 0xC4, 0x91, 0xAA, + 0x0A, 0x40, 0xD3, 0x19, 0x90, 0x87, 0xB2, 0x9F, + 0xDF, + /* ICV */ + 0x80, 0x2F, 0x05, 0x0E, 0x69, 0x1F, 0x11, 0xA2, + 0xD9, 0xB3, 0x58, 0xF6, 0x99, 0x41, 0x84, 0xF5, + }, + .len = 93, + }, +}, +/* gcm_128_75B_cipher */ +{ + .test_idx = 13, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x88, 0xEE, 0x08, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, + 0xF6, 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08, + }, + .len = 75, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4D, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0xC3, 0x1F, 0x53, 0xD9, 0x9E, 0x56, 0x87, 0xF7, + 0x36, 0x51, 0x19, 0xB8, 0x32, 0xD2, 0xAA, 0xE7, + 0x07, 0x41, 0xD5, 0x93, 0xF1, 0xF9, 0xE2, 0xAB, + 0x34, 0x55, 0x77, 0x9B, 0x07, 0x8E, 0xB8, 0xFE, + 0xAC, 0xDF, 0xEC, 0x1F, 0x8E, 0x3E, 0x52, 0x77, + 0xF8, 0x18, 0x0B, 0x43, 0x36, 0x1F, 0x65, 0x12, + 0xAD, 0xB1, 0x6D, 0x2E, 0x38, 0x54, 0x8A, 0x2C, + 0x71, 0x9D, 0xBA, 0x72, 0x28, 0xD8, 0x40, + /* ICV */ + 0x88, 0xF8, 0x75, 0x7A, 0xDB, 0x8A, 0xA7, 0x88, + 0xD8, 0xF6, 0x5A, 0xD6, 0x68, 0xBE, 0x70, 0xE7, + }, + .len = 99, + }, +}, +/* gcm_256_75B_cipher */ +{ + .test_idx = 14, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, + 0x74, 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, + 0x1F, 0xCE, 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, + 0x1A, 0x2C, 0xAA, 0x0F, 0xFE, 0x04, 0x07, 0xE5, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08, + }, + .len = 75, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4D, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0xBA, 0x8A, 0xE3, 0x1B, 0xC5, 0x06, 0x48, 0x6D, + 0x68, 0x73, 0xE4, 0xFC, 0xE4, 0x60, 0xE7, 0xDC, + 0x57, 0x59, 0x1F, 0xF0, 0x06, 0x11, 0xF3, 0x1C, + 0x38, 0x34, 0xFE, 0x1C, 0x04, 0xAD, 0x80, 0xB6, + 0x68, 0x03, 0xAF, 0xCF, 0x5B, 0x27, 0xE6, 0x33, + 0x3F, 0xA6, 0x7C, 0x99, 0xDA, 0x47, 0xC2, 0xF0, + 0xCE, 0xD6, 0x8D, 0x53, 0x1B, 0xD7, 0x41, 0xA9, + 0x43, 0xCF, 0xF7, 0xA6, 0x71, 0x3B, 0xD0, + /* ICV */ + 0x26, 0x11, 0xCD, 0x7D, 0xAA, 0x01, 0xD6, 0x1C, + 0x5C, 0x88, 0x6D, 0xC1, 0xA8, 0x17, 0x01, 0x07, + }, + .len = 99, + }, +}, +/* gcm_128_xpn_75B_cipher */ +{ + .test_idx = 15, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x88, 0xEE, 0x08, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, + 0xF6, 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08, + }, + .len = 75, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4D, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0xEA, 0xEC, 0xC6, 0xAF, 0x65, 0x12, 0xFC, 0x8B, + 0x6C, 0x8C, 0x43, 0xBC, 0x55, 0xB1, 0x90, 0xB2, + 0x62, 0x6D, 0x07, 0xD3, 0xD2, 0x18, 0xFA, 0xF5, + 0xDA, 0xA7, 0xD8, 0xF8, 0x00, 0xA5, 0x73, 0x31, + 0xEB, 0x43, 0xB5, 0xA1, 0x7A, 0x37, 0xE5, 0xB1, + 0xD6, 0x0D, 0x27, 0x5C, 0xCA, 0xF7, 0xAC, 0xD7, + 0x04, 0xCC, 0x9A, 0xCE, 0x2B, 0xF8, 0xBC, 0x8B, + 0x9B, 0x23, 0xB9, 0xAD, 0xF0, 0x2F, 0x87, + /* ICV */ + 0x34, 0x6B, 0x96, 0xD1, 0x13, 0x6A, 0x75, 0x4D, + 0xF0, 0xA6, 0xCD, 0xE1, 0x26, 0xC1, 0x07, 0xF8, + }, + .len = 99, + }, +}, +/* gcm_256_xpn_75B_cipher */ +{ + .test_idx = 16, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, + 0x74, 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, + 0x1F, 0xCE, 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, + 0x1A, 0x2C, 0xAA, 0x0F, 0xFE, 0x04, 0x07, 0xE5, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08, + }, + .len = 75, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4D, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0xB0, 0xFE, 0xA3, 0x63, 0x18, 0xB9, 0xB3, 0x64, + 0x66, 0xC4, 0x6E, 0x9E, 0x1B, 0xDA, 0x1A, 0x26, + 0x68, 0x58, 0x19, 0x6E, 0x7E, 0x70, 0xD8, 0x82, + 0xAE, 0x70, 0x47, 0x56, 0x68, 0xCD, 0xE4, 0xEC, + 0x88, 0x3F, 0x6A, 0xC2, 0x36, 0x9F, 0x28, 0x4B, + 0xED, 0x1F, 0xE3, 0x2F, 0x42, 0x09, 0x2F, 0xDF, + 0xF5, 0x86, 0x8A, 0x3C, 0x64, 0xE5, 0x61, 0x51, + 0x92, 0xA7, 0xA3, 0x76, 0x0B, 0x34, 0xBC, + /* ICV */ + 0x85, 0x69, 0x2C, 0xD8, 0x15, 0xB6, 0x64, 0x71, + 0x1A, 0xEF, 0x91, 0x1D, 0xF7, 0x8D, 0x7F, 0x46, + }, + .len = 99, + }, +}, +}; + +#endif