From patchwork Tue Jun 30 16:30:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72468 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A7921A0523; Tue, 30 Jun 2020 18:53:24 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 86D4B1BF7E; Tue, 30 Jun 2020 18:53:24 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 3DCD91BF7D for ; Tue, 30 Jun 2020 18:53:20 +0200 (CEST) IronPort-SDR: VmT8V91Uzw5wlyHgQUwrqbgPZJ5vAv9RHEt1BVAx0tY/m9JJ67cnV2v1iv91/7MuPyMUGY1vaZ O9IwNUznKuIA== X-IronPort-AV: E=McAfee;i="6000,8403,9667"; a="134598845" X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="134598845" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 09:53:18 -0700 IronPort-SDR: sf91sgIuA/pLocgsp/Fc6V6m0E/XXPTtfc435O8CRGr2ZDVDFxHG+SIPiv//RL53aQiDdDd1Gj Y2znu8KFdeBA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="386747354" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga001.fm.intel.com with ESMTP; 30 Jun 2020 09:53:12 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 30 Jun 2020 17:30:42 +0100 Message-Id: <20200630163049.61900-2-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630163049.61900-1-david.coyle@intel.com> References: <20200623101423.9215-1-david.coyle@intel.com> <20200630163049.61900-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v3 1/8] security: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support for DOCSIS protocol to rte_security library. This support currently comprises the combination of Crypto and CRC operations. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh Acked-by: Akhil Goyal --- lib/librte_security/rte_security.c | 5 ++++ lib/librte_security/rte_security.h | 38 ++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c index dc9a3e89c..515c29e04 100644 --- a/lib/librte_security/rte_security.c +++ b/lib/librte_security/rte_security.c @@ -173,6 +173,11 @@ rte_security_capability_get(struct rte_security_ctx *instance, if (capability->pdcp.domain == idx->pdcp.domain) return capability; + } else if (idx->protocol == + RTE_SECURITY_PROTOCOL_DOCSIS) { + if (capability->docsis.direction == + idx->docsis.direction) + return capability; } } } diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index 747830d67..16839e539 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -293,6 +293,28 @@ struct rte_security_pdcp_xform { uint32_t hfn_ovrd; }; +/** DOCSIS direction */ +enum rte_security_docsis_direction { + RTE_SECURITY_DOCSIS_UPLINK, + /**< Uplink + * - Decryption, followed by CRC Verification + */ + RTE_SECURITY_DOCSIS_DOWNLINK, + /**< Downlink + * - CRC Generation, followed by Encryption + */ +}; + +/** + * DOCSIS security session configuration. + * + * This structure contains data required to create a DOCSIS security session. + */ +struct rte_security_docsis_xform { + enum rte_security_docsis_direction direction; + /**< DOCSIS direction */ +}; + /** * Security session action type. */ @@ -325,6 +347,8 @@ enum rte_security_session_protocol { /**< MACSec Protocol */ RTE_SECURITY_PROTOCOL_PDCP, /**< PDCP Protocol */ + RTE_SECURITY_PROTOCOL_DOCSIS, + /**< DOCSIS Protocol */ }; /** @@ -340,6 +364,7 @@ struct rte_security_session_conf { struct rte_security_ipsec_xform ipsec; struct rte_security_macsec_xform macsec; struct rte_security_pdcp_xform pdcp; + struct rte_security_docsis_xform docsis; }; /**< Configuration parameters for security session */ struct rte_crypto_sym_xform *crypto_xform; @@ -523,6 +548,10 @@ struct rte_security_pdcp_stats { uint64_t reserved; }; +struct rte_security_docsis_stats { + uint64_t reserved; +}; + struct rte_security_stats { enum rte_security_session_protocol protocol; /**< Security protocol to be configured */ @@ -532,6 +561,7 @@ struct rte_security_stats { struct rte_security_macsec_stats macsec; struct rte_security_ipsec_stats ipsec; struct rte_security_pdcp_stats pdcp; + struct rte_security_docsis_stats docsis; }; }; @@ -591,6 +621,11 @@ struct rte_security_capability { /**< Capability flags, see RTE_SECURITY_PDCP_* */ } pdcp; /**< PDCP capability */ + struct { + enum rte_security_docsis_direction direction; + /**< DOCSIS direction */ + } docsis; + /**< DOCSIS capability */ }; const struct rte_cryptodev_capabilities *crypto_capabilities; @@ -649,6 +684,9 @@ struct rte_security_capability_idx { enum rte_security_pdcp_domain domain; uint32_t capa_flags; } pdcp; + struct { + enum rte_security_docsis_direction direction; + } docsis; }; }; From patchwork Tue Jun 30 16:30:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72469 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id DD358A0523; Tue, 30 Jun 2020 18:53:31 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D1C6A1BF97; Tue, 30 Jun 2020 18:53:30 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id AAABF1BEDD for ; Tue, 30 Jun 2020 18:53:23 +0200 (CEST) IronPort-SDR: UkdBBBGLehbbl/CrzSrniWnN319Izf6Q9qCFaNev4fZAsj5ZHzRTWi3tfe2J7X3nOngPOEgntY 4Xf61wsxXlXg== X-IronPort-AV: E=McAfee;i="6000,8403,9667"; a="134598880" X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="134598880" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 09:53:23 -0700 IronPort-SDR: CW7Um+6Q6hRHcVBehclb/exscUjcDWtIZlrTedf0WLcAZnHvdMInLWrMRhW0I/mvgBAnpfGw6T 3RRMlYa/w19Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="386747369" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga001.fm.intel.com with ESMTP; 30 Jun 2020 09:53:17 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 30 Jun 2020 17:30:43 +0100 Message-Id: <20200630163049.61900-3-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630163049.61900-1-david.coyle@intel.com> References: <20200623101423.9215-1-david.coyle@intel.com> <20200630163049.61900-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v3 2/8] cryptodev: add a note regarding DOCSIS protocol support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add a note to the rte_crypto_sym_op->auth.data fields to state that for DOCSIS security protocol, these are used to specify the CRC offset and length. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh Acked-by: Akhil Goyal --- lib/librte_cryptodev/rte_crypto_sym.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index da961a19d..f29c98051 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -705,6 +705,14 @@ struct rte_crypto_sym_op { * For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9, * this offset should be such that * data to authenticate starts at COUNT. + * + * @note + * For DOCSIS security protocol, this + * offset is the DOCSIS header length + * and, therefore, also the CRC offset + * i.e. the number of bytes into the + * packet at which CRC calculation + * should begin. */ uint32_t length; /**< The message length, in bytes, of the source @@ -723,6 +731,12 @@ struct rte_crypto_sym_op { * the length should include the COUNT, * FRESH, message, direction bit and padding * (to be multiple of 8 bits). + * + * @note + * For DOCSIS security protocol, this + * is the CRC length i.e. the number of + * bytes in the packet over which the + * CRC should be calculated */ } data; /**< Data offsets and length for authentication */ From patchwork Tue Jun 30 16:30:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72470 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id CA599A0523; Tue, 30 Jun 2020 18:53:39 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 39BC91BFAC; Tue, 30 Jun 2020 18:53:38 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 6BA891BEDD for ; Tue, 30 Jun 2020 18:53:30 +0200 (CEST) IronPort-SDR: Lh5fVi1E8lbdE+Ucf+bMJDxtHiugWLb2KgAGH4yZl2juO4Q1K2+6LF2Az3pfibwsiz57v1+N+/ GgCMXiMdroRQ== X-IronPort-AV: E=McAfee;i="6000,8403,9667"; a="144478907" X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="144478907" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 09:53:29 -0700 IronPort-SDR: 341uewBKX73Qb388dOKUIU7fc64QAmJEMbxPzDJkRoC0PWUqIMUkZGDH6exx1dRqbqQqqmknMg S+E/X3pr+raA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="386747389" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga001.fm.intel.com with ESMTP; 30 Jun 2020 09:53:23 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 30 Jun 2020 17:30:44 +0100 Message-Id: <20200630163049.61900-4-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630163049.61900-1-david.coyle@intel.com> References: <20200623101423.9215-1-david.coyle@intel.com> <20200630163049.61900-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v3 3/8] crypto/aesni_mb: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support to the AESNI-MB PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- .../crypto/aesni_mb/aesni_mb_pmd_private.h | 19 +- drivers/crypto/aesni_mb/meson.build | 2 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 293 +++++++++++++++++- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 125 ++++++++ 4 files changed, 432 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 347b4b7e0..e0c7b4f7c 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -7,6 +7,12 @@ #include +#if defined(RTE_LIBRTE_SECURITY) && (IMB_VERSION_NUM) >= IMB_VERSION(0, 54, 0) +#define AESNI_MB_DOCSIS_SEC_ENABLED 1 +#include +#include +#endif + enum aesni_mb_vector_mode { RTE_AESNI_MB_NOT_SUPPORTED = 0, RTE_AESNI_MB_SSE, @@ -272,8 +278,19 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, struct aesni_mb_session *sess, const struct rte_crypto_sym_xform *xform); -/** device specific operations function pointer structure */ +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +extern int +aesni_mb_set_docsis_sec_session_parameters( + __rte_unused struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, + void *sess); +#endif + +/** device specific operations function pointer structures */ extern struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops; +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +extern struct rte_security_ops *rte_aesni_mb_pmd_sec_ops; +#endif extern uint32_t aesni_mb_cpu_crypto_process_bulk(struct rte_cryptodev *dev, diff --git a/drivers/crypto/aesni_mb/meson.build b/drivers/crypto/aesni_mb/meson.build index e557e0103..419b4743f 100644 --- a/drivers/crypto/aesni_mb/meson.build +++ b/drivers/crypto/aesni_mb/meson.build @@ -22,4 +22,4 @@ else endif sources = files('rte_aesni_mb_pmd.c', 'rte_aesni_mb_pmd_ops.c') -deps += ['bus_vdev'] +deps += ['bus_vdev', 'net', 'security'] diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 2d688f4d3..4b25c5e23 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "aesni_mb_pmd_private.h" @@ -720,6 +721,134 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, return 0; } +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +/** Check DOCSIS security session configuration is valid */ +static int +check_docsis_sec_session(struct rte_security_session_conf *conf) +{ + struct rte_crypto_sym_xform *crypto_sym = conf->crypto_xform; + struct rte_security_docsis_xform *docsis = &conf->docsis; + + /* Downlink: CRC generate -> Cipher encrypt */ + if (docsis->direction == RTE_SECURITY_DOCSIS_DOWNLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == IMB_KEY_AES_128_BYTES || + crypto_sym->cipher.key.length == IMB_KEY_AES_256_BYTES) && + crypto_sym->cipher.iv.length == AES_BLOCK_SIZE && + crypto_sym->next == NULL) { + return 0; + } + /* Uplink: Cipher decrypt -> CRC verify */ + } else if (docsis->direction == RTE_SECURITY_DOCSIS_UPLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == IMB_KEY_AES_128_BYTES || + crypto_sym->cipher.key.length == IMB_KEY_AES_256_BYTES) && + crypto_sym->cipher.iv.length == AES_BLOCK_SIZE && + crypto_sym->next == NULL) { + return 0; + } + } + + return -EINVAL; +} + +/** Set DOCSIS security session auth (CRC) parameters */ +static int +aesni_mb_set_docsis_sec_session_auth_parameters(struct aesni_mb_session *sess, + struct rte_security_docsis_xform *xform) +{ + if (xform == NULL) { + AESNI_MB_LOG(ERR, "Invalid DOCSIS xform"); + return -EINVAL; + } + + /* Select CRC generate/verify */ + if (xform->direction == RTE_SECURITY_DOCSIS_UPLINK) { + sess->auth.algo = IMB_AUTH_DOCSIS_CRC32; + sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY; + } else if (xform->direction == RTE_SECURITY_DOCSIS_DOWNLINK) { + sess->auth.algo = IMB_AUTH_DOCSIS_CRC32; + sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE; + } else { + AESNI_MB_LOG(ERR, "Unsupported DOCSIS direction"); + return -ENOTSUP; + } + + sess->auth.req_digest_len = RTE_ETHER_CRC_LEN; + sess->auth.gen_digest_len = RTE_ETHER_CRC_LEN; + + return 0; +} + +/** + * Parse DOCSIS security session configuration and set private session + * parameters + */ +int +aesni_mb_set_docsis_sec_session_parameters( + __rte_unused struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, + void *sess) +{ + struct rte_security_docsis_xform *docsis_xform; + struct rte_crypto_sym_xform *cipher_xform; + struct aesni_mb_session *aesni_sess = sess; + struct aesni_mb_private *internals = dev->data->dev_private; + int ret; + + ret = check_docsis_sec_session(conf); + if (ret) { + AESNI_MB_LOG(ERR, "Unsupported DOCSIS security configuration"); + return ret; + } + + switch (conf->docsis.direction) { + case RTE_SECURITY_DOCSIS_UPLINK: + aesni_sess->chain_order = IMB_ORDER_CIPHER_HASH; + docsis_xform = &conf->docsis; + cipher_xform = conf->crypto_xform; + break; + case RTE_SECURITY_DOCSIS_DOWNLINK: + aesni_sess->chain_order = IMB_ORDER_HASH_CIPHER; + cipher_xform = conf->crypto_xform; + docsis_xform = &conf->docsis; + break; + default: + return -EINVAL; + } + + /* Default IV length = 0 */ + aesni_sess->iv.length = 0; + + ret = aesni_mb_set_docsis_sec_session_auth_parameters(aesni_sess, + docsis_xform); + if (ret != 0) { + AESNI_MB_LOG(ERR, "Invalid/unsupported DOCSIS parameters"); + return -EINVAL; + } + + ret = aesni_mb_set_session_cipher_parameters(internals->mb_mgr, + aesni_sess, cipher_xform); + + if (ret != 0) { + AESNI_MB_LOG(ERR, "Invalid/unsupported cipher parameters"); + return -EINVAL; + } + + return 0; +} +#endif + /** * burst enqueue, place crypto operations on ingress queue for processing. * @@ -758,6 +887,13 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op) get_sym_session_private_data( op->sym->session, cryptodev_driver_id); +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + } else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + if (likely(op->sym->sec_session != NULL)) + sess = (struct aesni_mb_session *) + get_sec_session_private_data( + op->sym->sec_session); +#endif } else { void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp); void *_sess_private_data = NULL; @@ -1158,6 +1294,106 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, return 0; } +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +/** + * Process a crypto operation containing a security op and complete a + * JOB_AES_HMAC job structure for submission to the multi buffer library for + * processing. + */ +static inline int +set_sec_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, + struct rte_crypto_op *op, uint8_t *digest_idx) +{ + struct rte_mbuf *m_src, *m_dst; + struct rte_crypto_sym_op *sym; + struct aesni_mb_session *session; + + session = get_session(qp, op); + if (unlikely(session == NULL)) { + op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; + return -1; + } + + /* Only DOCSIS protocol operations supported now */ + if (session->cipher.mode != IMB_CIPHER_DOCSIS_SEC_BPI || + session->auth.algo != IMB_AUTH_DOCSIS_CRC32) { + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + return -1; + } + + sym = op->sym; + m_src = sym->m_src; + + if (likely(sym->m_dst == NULL || sym->m_dst == m_src)) { + /* in-place operation */ + m_dst = m_src; + } else { + /* out-of-place operation not supported */ + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + return -ENOTSUP; + } + + /* Set crypto operation */ + job->chain_order = session->chain_order; + + /* Set cipher parameters */ + job->cipher_direction = session->cipher.direction; + job->cipher_mode = session->cipher.mode; + + job->aes_key_len_in_bytes = session->cipher.key_length_in_bytes; + job->aes_enc_key_expanded = session->cipher.expanded_aes_keys.encode; + job->aes_dec_key_expanded = session->cipher.expanded_aes_keys.decode; + + /* Set IV parameters */ + job->iv_len_in_bytes = session->iv.length; + job->iv = (uint8_t *)op + session->iv.offset; + + /* Set authentication parameters */ + job->hash_alg = session->auth.algo; + + /* Set digest output location */ + job->auth_tag_output = qp->temp_digests[*digest_idx]; + *digest_idx = (*digest_idx + 1) % MAX_JOBS; + + /* Set digest length */ + job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len; + + /* Set data parameters */ + job->src = rte_pktmbuf_mtod(m_src, uint8_t *); + job->dst = rte_pktmbuf_mtod_offset(m_dst, uint8_t *, + sym->cipher.data.offset); + + job->cipher_start_src_offset_in_bytes = sym->cipher.data.offset; + job->msg_len_to_cipher_in_bytes = sym->cipher.data.length; + + job->hash_start_src_offset_in_bytes = sym->auth.data.offset; + job->msg_len_to_hash_in_bytes = sym->auth.data.length; + + job->user_data = op; + + return 0; +} + +static inline void +verify_docsis_sec_crc(JOB_AES_HMAC *job, uint8_t *status) +{ + uint16_t crc_offset; + uint8_t *crc; + + if (!job->msg_len_to_hash_in_bytes) + return; + + crc_offset = job->hash_start_src_offset_in_bytes + + job->msg_len_to_hash_in_bytes - + job->cipher_start_src_offset_in_bytes; + crc = job->dst + crc_offset; + + /* Verify CRC (at the end of the message) */ + if (memcmp(job->auth_tag_output, crc, RTE_ETHER_CRC_LEN) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; +} +#endif + static inline void verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { @@ -1196,9 +1432,25 @@ static inline struct rte_crypto_op * post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) { struct rte_crypto_op *op = (struct rte_crypto_op *)job->user_data; - struct aesni_mb_session *sess = get_sym_session_private_data( - op->sym->session, - cryptodev_driver_id); + struct aesni_mb_session *sess = NULL; + +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + uint8_t is_docsis_sec = 0; + + if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + /* + * Assuming at this point that if it's a security type op, that + * this is for DOCSIS + */ + is_docsis_sec = 1; + sess = get_sec_session_private_data(op->sym->sec_session); + } else +#endif + { + sess = get_sym_session_private_data(op->sym->session, + cryptodev_driver_id); + } + if (unlikely(sess == NULL)) { op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; return op; @@ -1220,6 +1472,11 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) op->sym->aead.digest.data, sess->auth.req_digest_len, &op->status); +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + else if (is_docsis_sec) + verify_docsis_sec_crc(job, + &op->status); +#endif else verify_digest(job, op->sym->auth.digest.data, @@ -1382,7 +1639,14 @@ aesni_mb_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops, if (retval < 0) break; - retval = set_mb_job_params(job, qp, op, &digest_idx); +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) + retval = set_sec_mb_job_params(job, qp, op, + &digest_idx); + else +#endif + retval = set_mb_job_params(job, qp, op, &digest_idx); + if (unlikely(retval != 0)) { qp->stats.dequeue_err_count++; set_job_null_op(job, op); @@ -1619,6 +1883,9 @@ cryptodev_aesni_mb_create(const char *name, struct aesni_mb_private *internals; enum aesni_mb_vector_mode vector_mode; MB_MGR *mb_mgr; +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + struct rte_security_ctx *security_instance; +#endif dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params); if (dev == NULL) { @@ -1647,7 +1914,23 @@ cryptodev_aesni_mb_create(const char *name, RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO | - RTE_CRYPTODEV_FF_SYM_SESSIONLESS; + RTE_CRYPTODEV_FF_SYM_SESSIONLESS +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + | RTE_CRYPTODEV_FF_SECURITY +#endif + ; + +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + security_instance = rte_malloc("aesni_mb_sec", + sizeof(struct rte_security_ctx), 0); + if (security_instance == NULL) + AESNI_MB_LOG(ERR, "rte_security_ctx memory alloc failed\n"); + + security_instance->device = (void *)dev; + security_instance->ops = rte_aesni_mb_pmd_sec_ops; + security_instance->sess_cnt = 0; + dev->security_ctx = security_instance; +#endif /* Check CPU for support for AES instruction set */ if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AES)) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 8c5e0cd92..ed93daec7 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include "aesni_mb_pmd_private.h" @@ -499,6 +500,55 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +static const struct rte_cryptodev_capabilities + aesni_mb_pmd_security_crypto_cap[] = { + { /* AES DOCSIS BPI */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 16 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +static const struct rte_security_capability aesni_mb_pmd_security_cap[] = { + { /* DOCSIS Uplink */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + .crypto_capabilities = aesni_mb_pmd_security_crypto_cap + }, + { /* DOCSIS Downlink */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_DOWNLINK + }, + .crypto_capabilities = aesni_mb_pmd_security_crypto_cap + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; +#endif /** Configure device */ static int @@ -810,3 +860,78 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = { }; struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops; + +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +/** + * Configure a aesni multi-buffer session from a security session + * configuration + */ +static int +aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; + int ret; + + if (rte_mempool_get(mempool, &sess_private_data)) { + AESNI_MB_LOG(ERR, "Couldn't get object from session mempool"); + return -ENOMEM; + } + + if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + AESNI_MB_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + + ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, + sess_private_data); + + if (ret != 0) { + AESNI_MB_LOG(ERR, "Failed to configure session parameters"); + + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sec_session_private_data(sess, sess_private_data); + + return ret; +} + +/** Clear the memory of session so it doesn't leave key material behind */ +static int +aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, + struct rte_security_session *sess) +{ + void *sess_priv = get_sec_session_private_data(sess); + + if (sess_priv) { + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + memset(sess, 0, sizeof(struct aesni_mb_session)); + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, sess_priv); + } + return 0; +} + +/** Get security capabilities for aesni multi-buffer */ +static const struct rte_security_capability * +aesni_mb_pmd_sec_capa_get(void *device __rte_unused) +{ + return aesni_mb_pmd_security_cap; +} + +static struct rte_security_ops aesni_mb_pmd_sec_ops = { + .session_create = aesni_mb_pmd_sec_sess_create, + .session_update = NULL, + .session_stats_get = NULL, + .session_destroy = aesni_mb_pmd_sec_sess_destroy, + .set_pkt_metadata = NULL, + .capabilities_get = aesni_mb_pmd_sec_capa_get +}; + +struct rte_security_ops *rte_aesni_mb_pmd_sec_ops = &aesni_mb_pmd_sec_ops; +#endif From patchwork Tue Jun 30 16:30:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72471 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 72BE0A0523; Tue, 30 Jun 2020 18:53:49 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 655B01BFC3; Tue, 30 Jun 2020 18:53:39 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 5221C1BF95 for ; Tue, 30 Jun 2020 18:53:36 +0200 (CEST) IronPort-SDR: LFYq5sbXdTr3+z7iXaD7wgHP4PBXKN4QtqlwV+0+zYBQ7CU+t25I/89hQIOr2qjXtnUvw+sz3h HJ9LPnKYwTfA== X-IronPort-AV: E=McAfee;i="6000,8403,9667"; a="207815878" X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="207815878" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 09:53:35 -0700 IronPort-SDR: gp5DjI32HWzyqAwxD10iznF0rF77UFxaRia96GqwrIuPQBBT5i/qzhAeQOKm1bmXc1PfQJRCcZ etxd2EyddDQw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="386747395" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga001.fm.intel.com with ESMTP; 30 Jun 2020 09:53:29 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 30 Jun 2020 17:30:45 +0100 Message-Id: <20200630163049.61900-5-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630163049.61900-1-david.coyle@intel.com> References: <20200623101423.9215-1-david.coyle@intel.com> <20200630163049.61900-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v3 4/8] crypto/qat: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support to the QAT SYM PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- drivers/common/qat/Makefile | 3 + drivers/crypto/qat/meson.build | 2 + drivers/crypto/qat/qat_sym.c | 70 ++++++++++- drivers/crypto/qat/qat_sym.h | 69 ++++++++-- drivers/crypto/qat/qat_sym_capabilities.h | 42 +++++++ drivers/crypto/qat/qat_sym_pmd.c | 53 +++++++- drivers/crypto/qat/qat_sym_pmd.h | 4 + drivers/crypto/qat/qat_sym_session.c | 146 ++++++++++++++++++++++ drivers/crypto/qat/qat_sym_session.h | 12 ++ 9 files changed, 389 insertions(+), 12 deletions(-) diff --git a/drivers/common/qat/Makefile b/drivers/common/qat/Makefile index 28bd5668f..85d420709 100644 --- a/drivers/common/qat/Makefile +++ b/drivers/common/qat/Makefile @@ -35,6 +35,9 @@ endif ifeq ($(CONFIG_RTE_LIBRTE_PMD_QAT_SYM),y) LDLIBS += -lrte_cryptodev LDLIBS += -lcrypto +ifeq ($(CONFIG_RTE_LIBRTE_SECURITY),y) + LDLIBS += -lrte_net +endif CFLAGS += -DBUILD_QAT_SYM SRCS-y += qat_sym.c SRCS-y += qat_sym_session.c diff --git a/drivers/crypto/qat/meson.build b/drivers/crypto/qat/meson.build index fc65923a7..a225f374a 100644 --- a/drivers/crypto/qat/meson.build +++ b/drivers/crypto/qat/meson.build @@ -8,6 +8,8 @@ reason = '' # sentinal value to suppress printout dep = dependency('libcrypto', required: false) qat_includes += include_directories('.') qat_deps += 'cryptodev' +qat_deps += 'net' +qat_deps += 'security' if dep.found() # Add our sources files to the list qat_sources += files('qat_sym_pmd.c', diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 25b6dd5f4..cc4d2c2cd 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -9,6 +9,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_sym.h" @@ -99,6 +102,30 @@ qat_bpicipher_preprocess(struct qat_sym_session *ctx, return sym_op->cipher.data.length - last_block_len; } +#ifdef RTE_LIBRTE_SECURITY +static inline void +qat_crc_generate(struct qat_sym_session *ctx, + struct rte_crypto_op *op) +{ + struct rte_crypto_sym_op *sym_op = op->sym; + uint8_t *crc_data; + uint32_t *crc; + uint32_t crc_length; + + if (ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT && + sym_op->auth.data.length != 0) { + + crc_length = sym_op->auth.data.length; + crc_data = (uint8_t *) rte_pktmbuf_mtod_offset( + sym_op->m_src, uint8_t *, + sym_op->auth.data.offset); + crc = (uint32_t *)(crc_data + crc_length); + *crc = rte_net_crc_calc(crc_data, crc_length, + RTE_NET_CRC32_ETH); + } +} +#endif + static inline void set_cipher_iv(uint16_t iv_length, uint16_t iv_offset, struct icp_qat_fw_la_cipher_req_params *cipher_param, @@ -161,6 +188,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, uint64_t auth_data_end = 0; uint8_t do_sgl = 0; uint8_t in_place = 1; + uint8_t is_docsis_sec = 0; int alignment_adjustment = 0; struct rte_crypto_op *op = (struct rte_crypto_op *)in_op; struct qat_sym_op_cookie *cookie = @@ -177,11 +205,23 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, QAT_DP_LOG(ERR, "QAT PMD only supports session oriented" " requests, op (%p) is sessionless.", op); return -EINVAL; + } else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { + ctx = (struct qat_sym_session *)get_sym_session_private_data( + op->sym->session, cryptodev_qat_driver_id); +#ifdef RTE_LIBRTE_SECURITY + } else { + ctx = (struct qat_sym_session *)get_sec_session_private_data( + op->sym->sec_session); + if (ctx && ctx->bpi_ctx == NULL) { + QAT_DP_LOG(ERR, "QAT PMD only supports security" + " operation requests for DOCSIS, op" + " (%p) is not for DOCSIS.", op); + return -EINVAL; + } + is_docsis_sec = 1; +#endif } - ctx = (struct qat_sym_session *)get_sym_session_private_data( - op->sym->session, cryptodev_qat_driver_id); - if (unlikely(ctx == NULL)) { QAT_DP_LOG(ERR, "Session was not created for this device"); return -EINVAL; @@ -242,7 +282,29 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, cipher_ofs = op->sym->cipher.data.offset >> 3; } else if (ctx->bpi_ctx) { - /* DOCSIS - only send complete blocks to device + /* DOCSIS processing */ +#ifdef RTE_LIBRTE_SECURITY + if (is_docsis_sec) { + /* Check for OOP */ + if (unlikely((op->sym->m_dst != NULL) && + (op->sym->m_dst != + op->sym->m_src))) { + QAT_DP_LOG(ERR, + "OOP not supported for DOCSIS " + "security"); + op->status = + RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + return -EINVAL; + } + + /* Calculate CRC */ + qat_crc_generate(ctx, op); + } +#else + RTE_SET_USED(is_docsis_sec); +#endif + + /* Only send complete blocks to device. * Process any partial block using CFB mode. * Even if 0 complete blocks, still send this to device * to get into rx queue for post-process and dequeuing diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h index bc6426c32..712a62856 100644 --- a/drivers/crypto/qat/qat_sym.h +++ b/drivers/crypto/qat/qat_sym.h @@ -6,6 +6,9 @@ #define _QAT_SYM_H_ #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #ifdef BUILD_QAT_SYM #include @@ -132,14 +135,45 @@ qat_bpicipher_postprocess(struct qat_sym_session *ctx, return sym_op->cipher.data.length - last_block_len; } +#ifdef RTE_LIBRTE_SECURITY static inline void -qat_sym_process_response(void **op, uint8_t *resp) +qat_crc_verify(struct qat_sym_session *ctx, struct rte_crypto_op *op) { + struct rte_crypto_sym_op *sym_op = op->sym; + uint32_t crc = 0; + uint8_t *crc_data; + uint32_t crc_offset, crc_length; + + if (ctx->qat_dir == ICP_QAT_HW_CIPHER_DECRYPT && + sym_op->auth.data.length != 0) { + + crc_offset = sym_op->auth.data.offset; + crc_length = sym_op->auth.data.length; + crc_data = (uint8_t *) rte_pktmbuf_mtod_offset( + sym_op->m_src, uint8_t *, crc_offset); + if (unlikely((sym_op->m_dst != NULL) + && (sym_op->m_dst != sym_op->m_src))) + /* out-of-place operation (OOP) */ + crc_data = (uint8_t *) rte_pktmbuf_mtod_offset( + sym_op->m_dst, uint8_t *, crc_offset); + + crc = rte_net_crc_calc(crc_data, crc_length, RTE_NET_CRC32_ETH); + + if (crc != *(uint32_t *)(crc_data + crc_length)) + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; + } +} +#endif + +static inline void +qat_sym_process_response(void **op, uint8_t *resp) +{ struct icp_qat_fw_comn_resp *resp_msg = (struct icp_qat_fw_comn_resp *)resp; struct rte_crypto_op *rx_op = (struct rte_crypto_op *)(uintptr_t) (resp_msg->opaque_data); + struct qat_sym_session *sess; #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG QAT_DP_HEXDUMP_LOG(DEBUG, "qat_response:", (uint8_t *)resp_msg, @@ -152,15 +186,36 @@ qat_sym_process_response(void **op, uint8_t *resp) rx_op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } else { - struct qat_sym_session *sess = (struct qat_sym_session *) - get_sym_session_private_data( - rx_op->sym->session, - cryptodev_qat_driver_id); +#ifdef RTE_LIBRTE_SECURITY + uint8_t is_docsis_sec = 0; + + if (rx_op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + /* + * Assuming at this point that if it's a security + * op, that this is for DOCSIS + */ + sess = (struct qat_sym_session *) + get_sec_session_private_data( + rx_op->sym->sec_session); + is_docsis_sec = 1; + } else +#endif + { + sess = (struct qat_sym_session *) + get_sym_session_private_data( + rx_op->sym->session, + cryptodev_qat_driver_id); + } + rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (sess->bpi_ctx) + if (sess->bpi_ctx) { qat_bpicipher_postprocess(sess, rx_op); - rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; +#ifdef RTE_LIBRTE_SECURITY + if (is_docsis_sec) + qat_crc_verify(sess, rx_op); +#endif + } } *op = (void *)rx_op; } diff --git a/drivers/crypto/qat/qat_sym_capabilities.h b/drivers/crypto/qat/qat_sym_capabilities.h index ff691ce35..7b8b13b4f 100644 --- a/drivers/crypto/qat/qat_sym_capabilities.h +++ b/drivers/crypto/qat/qat_sym_capabilities.h @@ -699,4 +699,46 @@ }, } \ } +#ifdef RTE_LIBRTE_SECURITY +#define QAT_SECURITY_SYM_CAPABILITIES \ + { /* AES DOCSIS BPI */ \ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \ + {.sym = { \ + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, \ + {.cipher = { \ + .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,\ + .block_size = 16, \ + .key_size = { \ + .min = 16, \ + .max = 32, \ + .increment = 16 \ + }, \ + .iv_size = { \ + .min = 16, \ + .max = 16, \ + .increment = 0 \ + } \ + }, } \ + }, } \ + } + +#define QAT_SECURITY_CAPABILITIES(sym) \ + [0] = { /* DOCSIS Uplink */ \ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, \ + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, \ + .docsis = { \ + .direction = RTE_SECURITY_DOCSIS_UPLINK \ + }, \ + .crypto_capabilities = (sym) \ + }, \ + [1] = { /* DOCSIS Downlink */ \ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, \ + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, \ + .docsis = { \ + .direction = RTE_SECURITY_DOCSIS_DOWNLINK \ + }, \ + .crypto_capabilities = (sym) \ + } +#endif + #endif /* _QAT_SYM_CAPABILITIES_H_ */ diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c index e887c880f..711d1585f 100644 --- a/drivers/crypto/qat/qat_sym_pmd.c +++ b/drivers/crypto/qat/qat_sym_pmd.c @@ -8,6 +8,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_logs.h" #include "qat_sym.h" @@ -29,6 +32,21 @@ static const struct rte_cryptodev_capabilities qat_gen2_sym_capabilities[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +#ifdef RTE_LIBRTE_SECURITY +static const struct rte_cryptodev_capabilities + qat_security_sym_capabilities[] = { + QAT_SECURITY_SYM_CAPABILITIES, + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +static const struct rte_security_capability qat_security_capabilities[] = { + QAT_SECURITY_CAPABILITIES(qat_security_sym_capabilities), + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; +#endif + static int qat_sym_qp_release(struct rte_cryptodev *dev, uint16_t queue_pair_id); @@ -237,6 +255,23 @@ static struct rte_cryptodev_ops crypto_qat_ops = { .sym_session_clear = qat_sym_session_clear }; +#ifdef RTE_LIBRTE_SECURITY +static const struct rte_security_capability * +qat_security_cap_get(void *device __rte_unused) +{ + return qat_security_capabilities; +} + +static struct rte_security_ops security_qat_ops = { + .session_create = qat_security_session_create, + .session_update = NULL, + .session_stats_get = NULL, + .session_destroy = qat_security_session_destroy, + .set_pkt_metadata = NULL, + .capabilities_get = qat_security_cap_get +}; +#endif + static uint16_t qat_sym_pmd_enqueue_op_burst(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops) @@ -276,6 +311,9 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev, char name[RTE_CRYPTODEV_NAME_MAX_LEN]; struct rte_cryptodev *cryptodev; struct qat_sym_dev_private *internals; +#ifdef RTE_LIBRTE_SECURITY + struct rte_security_ctx *security_instance; +#endif snprintf(name, RTE_CRYPTODEV_NAME_MAX_LEN, "%s_%s", qat_pci_dev->name, "sym"); @@ -308,7 +346,20 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev, RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | - RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED | + RTE_CRYPTODEV_FF_SECURITY; + +#ifdef RTE_LIBRTE_SECURITY + security_instance = rte_malloc("qat_sec", + sizeof(struct rte_security_ctx), 0); + if (security_instance == NULL) + QAT_LOG(ERR, "rte_security_ctx memory alloc failed\n"); + + security_instance->device = (void *)cryptodev; + security_instance->ops = &security_qat_ops; + security_instance->sess_cnt = 0; + cryptodev->security_ctx = security_instance; +#endif internals = cryptodev->data->dev_private; internals->qat_dev = qat_pci_dev; diff --git a/drivers/crypto/qat/qat_sym_pmd.h b/drivers/crypto/qat/qat_sym_pmd.h index a5a31e512..c625fef4a 100644 --- a/drivers/crypto/qat/qat_sym_pmd.h +++ b/drivers/crypto/qat/qat_sym_pmd.h @@ -7,7 +7,11 @@ #ifdef BUILD_QAT_SYM +#include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_sym_capabilities.h" #include "qat_device.h" diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 58bdbd343..82ba2b47c 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -14,6 +14,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_logs.h" #include "qat_sym_session.h" @@ -2092,3 +2095,146 @@ int qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg) } return 0; } + +#ifdef RTE_LIBRTE_SECURITY +static int +qat_sec_session_check_docsis(struct rte_security_session_conf *conf) +{ + struct rte_crypto_sym_xform *crypto_sym = conf->crypto_xform; + struct rte_security_docsis_xform *docsis = &conf->docsis; + + /* CRC generate -> Cipher encrypt */ + if (docsis->direction == RTE_SECURITY_DOCSIS_DOWNLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_128_KEY_SZ || + crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_256_KEY_SZ) && + crypto_sym->cipher.iv.length == ICP_QAT_HW_AES_BLK_SZ && + crypto_sym->next == NULL) { + return 0; + } + /* Cipher decrypt -> CRC verify */ + } else if (docsis->direction == RTE_SECURITY_DOCSIS_UPLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_128_KEY_SZ || + crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_256_KEY_SZ) && + crypto_sym->cipher.iv.length == ICP_QAT_HW_AES_BLK_SZ && + crypto_sym->next == NULL) { + return 0; + } + } + + return -EINVAL; +} + +static int +qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, void *session_private) +{ + int ret; + int qat_cmd_id; + struct rte_crypto_sym_xform *xform = NULL; + struct qat_sym_session *session = session_private; + + ret = qat_sec_session_check_docsis(conf); + if (ret) { + QAT_LOG(ERR, "Unsupported DOCSIS security configuration"); + return ret; + } + + xform = conf->crypto_xform; + + /* Set context descriptor physical address */ + session->cd_paddr = rte_mempool_virt2iova(session) + + offsetof(struct qat_sym_session, cd); + + session->min_qat_dev_gen = QAT_GEN1; + + /* Get requested QAT command id */ + qat_cmd_id = qat_get_cmd_id(xform); + if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) { + QAT_LOG(ERR, "Unsupported xform chain requested"); + return -ENOTSUP; + } + session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id; + switch (session->qat_cmd) { + case ICP_QAT_FW_LA_CMD_CIPHER: + ret = qat_sym_session_configure_cipher(dev, xform, session); + if (ret < 0) + return ret; + break; + default: + QAT_LOG(ERR, "Unsupported Service %u", + session->qat_cmd); + return -ENOTSUP; + } + + return 0; +} + +int +qat_security_session_create(void *dev, + struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; + int ret; + + if (rte_mempool_get(mempool, &sess_private_data)) { + QAT_LOG(ERR, "Couldn't get object from session mempool"); + return -ENOMEM; + } + + if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + QAT_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + + ret = qat_sec_session_set_docsis_parameters(cdev, conf, + sess_private_data); + if (ret != 0) { + QAT_LOG(ERR, "Failed to configure session parameters"); + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sec_session_private_data(sess, sess_private_data); + + return ret; +} + +int +qat_security_session_destroy(void *dev __rte_unused, + struct rte_security_session *sess) +{ + void *sess_priv = get_sec_session_private_data(sess); + struct qat_sym_session *s = (struct qat_sym_session *)sess_priv; + + if (sess_priv) { + if (s->bpi_ctx) + bpi_cipher_ctx_free(s->bpi_ctx); + memset(s, 0, qat_sym_session_get_private_size(dev)); + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, sess_priv); + } + return 0; +} +#endif diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h index e6538f627..721f8fcd3 100644 --- a/drivers/crypto/qat/qat_sym_session.h +++ b/drivers/crypto/qat/qat_sym_session.h @@ -6,6 +6,9 @@ #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_common.h" #include "icp_qat_hw.h" @@ -156,4 +159,13 @@ qat_cipher_get_block_size(enum icp_qat_hw_cipher_algo qat_cipher_alg); int qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg); +#ifdef RTE_LIBRTE_SECURITY +int +qat_security_session_create(void *dev, struct rte_security_session_conf *conf, + struct rte_security_session *sess, struct rte_mempool *mempool); +int +qat_security_session_destroy(void *dev __rte_unused, + struct rte_security_session *sess); +#endif + #endif /* _QAT_SYM_SESSION_H_ */ From patchwork Tue Jun 30 16:30:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72472 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 46246A0523; Tue, 30 Jun 2020 18:54:02 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 10EA01BFC0; Tue, 30 Jun 2020 18:53:50 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 33BF11C012 for ; Tue, 30 Jun 2020 18:53:42 +0200 (CEST) IronPort-SDR: G016dLK7xTntAhmGASZ3oUkO7Sxxu/3cqDPc2XSvEb5UPW5LUp5Z/Va/qhr7NKuUKy0GZfainl aZSxFctzjGaw== X-IronPort-AV: E=McAfee;i="6000,8403,9667"; a="144479047" X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="144479047" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 09:53:41 -0700 IronPort-SDR: C43uqPV6nEwVNZVvbjJbCXrEAWz1XaMIlyvFUQGCn/3W80fUKxBqB+ZtpGPobX7VtHm4wBBbFH 7/RXpzVFtf8w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="386747402" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga001.fm.intel.com with ESMTP; 30 Jun 2020 09:53:35 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 30 Jun 2020 17:30:46 +0100 Message-Id: <20200630163049.61900-6-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630163049.61900-1-david.coyle@intel.com> References: <20200623101423.9215-1-david.coyle@intel.com> <20200630163049.61900-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v3 5/8] test/crypto: add DOCSIS security test cases X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add uplink and downlink DOCSIS unit test cases and vectors, to test the combined DOCSIS Crypto-CRC support that has been added to the rte_security library. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh Acked-by: Akhil Goyal --- app/test/test_cryptodev.c | 513 ++++++ ...t_cryptodev_security_docsis_test_vectors.h | 1544 +++++++++++++++++ 2 files changed, 2057 insertions(+) create mode 100644 app/test/test_cryptodev_security_docsis_test_vectors.h diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 8f631468b..d11f60f3f 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -42,6 +43,7 @@ #ifdef RTE_LIBRTE_SECURITY #include "test_cryptodev_security_pdcp_test_vectors.h" #include "test_cryptodev_security_pdcp_test_func.h" +#include "test_cryptodev_security_docsis_test_vectors.h" #endif #define VDEV_ARGS_SIZE 100 @@ -72,6 +74,9 @@ struct crypto_unittest_params { struct rte_crypto_sym_xform cipher_xform; struct rte_crypto_sym_xform auth_xform; struct rte_crypto_sym_xform aead_xform; +#ifdef RTE_LIBRTE_SECURITY + struct rte_security_docsis_xform docsis_xform; +#endif union { struct rte_cryptodev_sym_session *sess; @@ -7067,6 +7072,34 @@ test_authenticated_encryption(const struct aead_test_data *tdata) } #ifdef RTE_LIBRTE_SECURITY +static int +security_proto_supported(enum rte_security_session_protocol proto) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + + const struct rte_security_capability *capabilities; + const struct rte_security_capability *capability; + uint16_t i = 0; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx( + ts_params->valid_devs[0]); + + + capabilities = rte_security_capabilities_get(ctx); + + if (capabilities == NULL) + return -ENOTSUP; + + while ((capability = &capabilities[i++])->action != + RTE_SECURITY_ACTION_TYPE_NONE) { + if (capability->protocol == proto) + return 0; + } + + return -ENOTSUP; +} + /* Basic algorithm run function for async inplace mode. * Creates a session from input parameters and runs one operation * on input_vec. Checks the output of the crypto operation against @@ -7670,6 +7703,9 @@ test_PDCP_PROTO_all(void) if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY)) return -ENOTSUP; + if (security_proto_supported(RTE_SECURITY_PROTOCOL_PDCP) < 0) + return -ENOTSUP; + status = test_PDCP_PROTO_cplane_encap_all(); status += test_PDCP_PROTO_cplane_decap_all(); status += test_PDCP_PROTO_uplane_encap_all(); @@ -7684,6 +7720,481 @@ test_PDCP_PROTO_all(void) else return TEST_SUCCESS; } + +static int +test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + uint8_t *plaintext, *ciphertext; + uint8_t *iv_ptr; + int32_t cipher_len, crc_len; + uint32_t crc_data_len; + int ret = TEST_SUCCESS; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx( + ts_params->valid_devs[0]); + + /* Verify the capabilities */ + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + const struct rte_cryptodev_capabilities *crypto_cap; + const struct rte_cryptodev_symmetric_capability *sym_cap; + int j = 0; + + sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS; + sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_UPLINK; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) + return -ENOTSUP; + + while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + crypto_cap->sym.xform_type == + RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_cap->sym.cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI) { + sym_cap = &crypto_cap->sym; + if (rte_cryptodev_sym_capability_check_cipher(sym_cap, + d_td->key.len, + d_td->iv.len) == 0) + break; + } + } + + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) + return -ENOTSUP; + + /* Setup source mbuf payload */ + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + d_td->ciphertext.len); + + memcpy(ciphertext, d_td->ciphertext.data, d_td->ciphertext.len); + + /* Set session action type */ + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + /* Setup cipher session parameters */ + ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI; + ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + ut_params->cipher_xform.cipher.key.data = d_td->key.data; + ut_params->cipher_xform.cipher.key.length = d_td->key.len; + ut_params->cipher_xform.cipher.iv.length = d_td->iv.len; + ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET; + ut_params->cipher_xform.next = NULL; + + /* Setup DOCSIS session parameters */ + ut_params->docsis_xform.direction = RTE_SECURITY_DOCSIS_UPLINK; + + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = ut_params->docsis_xform, + .crypto_xform = &ut_params->cipher_xform, + }; + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_priv_mpool); + + if (!ut_params->sec_session) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "failed to allocate session"); + ret = TEST_FAILED; + goto on_err; + } + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, + RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (!ut_params->op) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to allocate symmetric crypto operation"); + ret = TEST_FAILED; + goto on_err; + } + + /* Setup CRC operation parameters */ + crc_len = d_td->ciphertext.no_crc == false ? + (d_td->ciphertext.len - + d_td->ciphertext.crc_offset - + RTE_ETHER_CRC_LEN) : + 0; + crc_len = crc_len > 0 ? crc_len : 0; + crc_data_len = crc_len == 0 ? 0 : RTE_ETHER_CRC_LEN; + ut_params->op->sym->auth.data.length = crc_len; + ut_params->op->sym->auth.data.offset = d_td->ciphertext.crc_offset; + + /* Setup cipher operation parameters */ + cipher_len = d_td->ciphertext.no_cipher == false ? + (d_td->ciphertext.len - + d_td->ciphertext.cipher_offset) : + 0; + cipher_len = cipher_len > 0 ? cipher_len : 0; + ut_params->op->sym->cipher.data.length = cipher_len; + ut_params->op->sym->cipher.data.offset = d_td->ciphertext.cipher_offset; + + /* Setup cipher IV */ + iv_ptr = (uint8_t *)ut_params->op + IV_OFFSET; + rte_memcpy(iv_ptr, d_td->iv.data, d_td->iv.len); + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, ut_params->sec_session); + + /* Set crypto operation mbufs */ + ut_params->op->sym->m_src = ut_params->ibuf; + ut_params->op->sym->m_dst = NULL; + + /* Process crypto operation */ + if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) == + NULL) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to process security crypto op"); + ret = TEST_FAILED; + goto on_err; + } + + if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "crypto op processing failed"); + ret = TEST_FAILED; + goto on_err; + } + + /* Validate plaintext */ + plaintext = ciphertext; + + if (memcmp(plaintext, d_td->plaintext.data, + d_td->plaintext.len - crc_data_len)) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "plaintext not as expected\n"); + rte_hexdump(stdout, "expected", d_td->plaintext.data, + d_td->plaintext.len); + rte_hexdump(stdout, "actual", plaintext, d_td->plaintext.len); + ret = TEST_FAILED; + goto on_err; + } + +on_err: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + return ret; +} + +static int +test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + uint8_t *plaintext, *ciphertext; + uint8_t *iv_ptr; + int32_t cipher_len, crc_len; + int ret = TEST_SUCCESS; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx( + ts_params->valid_devs[0]); + + /* Verify the capabilities */ + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + const struct rte_cryptodev_capabilities *crypto_cap; + const struct rte_cryptodev_symmetric_capability *sym_cap; + int j = 0; + + sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS; + sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_DOWNLINK; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) + return -ENOTSUP; + + while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + crypto_cap->sym.xform_type == + RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_cap->sym.cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI) { + sym_cap = &crypto_cap->sym; + if (rte_cryptodev_sym_capability_check_cipher(sym_cap, + d_td->key.len, + d_td->iv.len) == 0) + break; + } + } + + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) + return -ENOTSUP; + + /* Setup source mbuf payload */ + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + d_td->plaintext.len); + + memcpy(plaintext, d_td->plaintext.data, d_td->plaintext.len); + + /* Set session action type */ + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + /* Setup cipher session parameters */ + ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI; + ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; + ut_params->cipher_xform.cipher.key.data = d_td->key.data; + ut_params->cipher_xform.cipher.key.length = d_td->key.len; + ut_params->cipher_xform.cipher.iv.length = d_td->iv.len; + ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET; + ut_params->cipher_xform.next = NULL; + + /* Setup DOCSIS session parameters */ + ut_params->docsis_xform.direction = RTE_SECURITY_DOCSIS_DOWNLINK; + + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = ut_params->docsis_xform, + .crypto_xform = &ut_params->cipher_xform, + }; + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_priv_mpool); + + if (!ut_params->sec_session) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "failed to allocate session"); + ret = TEST_FAILED; + goto on_err; + } + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, + RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (!ut_params->op) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to allocate security crypto operation"); + ret = TEST_FAILED; + goto on_err; + } + + /* Setup CRC operation parameters */ + crc_len = d_td->plaintext.no_crc == false ? + (d_td->plaintext.len - + d_td->plaintext.crc_offset - + RTE_ETHER_CRC_LEN) : + 0; + crc_len = crc_len > 0 ? crc_len : 0; + ut_params->op->sym->auth.data.length = crc_len; + ut_params->op->sym->auth.data.offset = d_td->plaintext.crc_offset; + + /* Setup cipher operation parameters */ + cipher_len = d_td->plaintext.no_cipher == false ? + (d_td->plaintext.len - + d_td->plaintext.cipher_offset) : + 0; + cipher_len = cipher_len > 0 ? cipher_len : 0; + ut_params->op->sym->cipher.data.length = cipher_len; + ut_params->op->sym->cipher.data.offset = d_td->plaintext.cipher_offset; + + /* Setup cipher IV */ + iv_ptr = (uint8_t *)ut_params->op + IV_OFFSET; + rte_memcpy(iv_ptr, d_td->iv.data, d_td->iv.len); + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, ut_params->sec_session); + + /* Set crypto operation mbufs */ + ut_params->op->sym->m_src = ut_params->ibuf; + ut_params->op->sym->m_dst = NULL; + + /* Process crypto operation */ + if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) == + NULL) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to process security crypto op"); + ret = TEST_FAILED; + goto on_err; + } + + if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "crypto op processing failed"); + ret = TEST_FAILED; + goto on_err; + } + + /* Validate ciphertext */ + ciphertext = plaintext; + + if (memcmp(ciphertext, d_td->ciphertext.data, d_td->ciphertext.len)) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "ciphertext not as expected\n"); + rte_hexdump(stdout, "expected", d_td->ciphertext.data, + d_td->ciphertext.len); + rte_hexdump(stdout, "actual", ciphertext, d_td->ciphertext.len); + ret = TEST_FAILED; + goto on_err; + } + +on_err: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + return ret; +} + +#define TEST_DOCSIS_COUNT(func) do { \ + int ret = func; \ + if (ret == TEST_SUCCESS) { \ + printf("\t%2d)", n++); \ + printf("+++++ PASSED:" #func"\n"); \ + p++; \ + } else if (ret == -ENOTSUP) { \ + printf("\t%2d)", n++); \ + printf("~~~~~ UNSUPP:" #func"\n"); \ + u++; \ + } else { \ + printf("\t%2d)", n++); \ + printf("----- FAILED:" #func"\n"); \ + f++; \ + } \ +} while (0) + +static int +test_DOCSIS_PROTO_uplink_all(void) +{ + int p = 0, u = 0, f = 0, n = 0; + + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(1, &docsis_test_case_1)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(2, &docsis_test_case_2)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(3, &docsis_test_case_3)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(4, &docsis_test_case_4)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(5, &docsis_test_case_5)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(6, &docsis_test_case_6)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(7, &docsis_test_case_7)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(8, &docsis_test_case_8)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(9, &docsis_test_case_9)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(10, &docsis_test_case_10)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(11, &docsis_test_case_11)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(12, &docsis_test_case_12)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(13, &docsis_test_case_13)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(14, &docsis_test_case_14)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(15, &docsis_test_case_15)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(16, &docsis_test_case_16)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(17, &docsis_test_case_17)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(18, &docsis_test_case_18)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(19, &docsis_test_case_19)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(20, &docsis_test_case_20)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(21, &docsis_test_case_21)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(22, &docsis_test_case_22)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(23, &docsis_test_case_23)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(24, &docsis_test_case_24)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(25, &docsis_test_case_25)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(26, &docsis_test_case_26)); + + if (f) + printf("## %s: %d passed out of %d (%d unsupported)\n", + __func__, p, n, u); + + return f; +}; + +static int +test_DOCSIS_PROTO_downlink_all(void) +{ + int p = 0, u = 0, f = 0, n = 0; + + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(1, &docsis_test_case_1)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(2, &docsis_test_case_2)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(3, &docsis_test_case_3)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(4, &docsis_test_case_4)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(5, &docsis_test_case_5)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(6, &docsis_test_case_6)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(7, &docsis_test_case_7)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(8, &docsis_test_case_8)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(9, &docsis_test_case_9)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(10, &docsis_test_case_10)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(11, &docsis_test_case_11)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(12, &docsis_test_case_12)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(13, &docsis_test_case_13)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(14, &docsis_test_case_14)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(15, &docsis_test_case_15)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(16, &docsis_test_case_16)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(17, &docsis_test_case_17)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(18, &docsis_test_case_18)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(19, &docsis_test_case_19)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(20, &docsis_test_case_20)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(21, &docsis_test_case_21)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(22, &docsis_test_case_22)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(23, &docsis_test_case_23)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(24, &docsis_test_case_24)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(25, &docsis_test_case_25)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(26, &docsis_test_case_26)); + + if (f) + printf("## %s: %d passed out of %d (%d unsupported)\n", + __func__, p, n, u); + + return f; +}; + +static int +test_DOCSIS_PROTO_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + int status; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; + + if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY)) + return -ENOTSUP; + + if (security_proto_supported(RTE_SECURITY_PROTOCOL_DOCSIS) < 0) + return -ENOTSUP; + + status = test_DOCSIS_PROTO_uplink_all(); + status += test_DOCSIS_PROTO_downlink_all(); + + if (status) + return TEST_FAILED; + else + return TEST_SUCCESS; +} #endif static int @@ -12342,6 +12853,8 @@ static struct unit_test_suite cryptodev_testsuite = { #ifdef RTE_LIBRTE_SECURITY TEST_CASE_ST(ut_setup, ut_teardown, test_PDCP_PROTO_all), + TEST_CASE_ST(ut_setup, ut_teardown, + test_DOCSIS_PROTO_all), #endif TEST_CASES_END() /**< NULL terminate unit test array */ } diff --git a/app/test/test_cryptodev_security_docsis_test_vectors.h b/app/test/test_cryptodev_security_docsis_test_vectors.h new file mode 100644 index 000000000..2ed57bd56 --- /dev/null +++ b/app/test/test_cryptodev_security_docsis_test_vectors.h @@ -0,0 +1,1544 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Intel Corporation + */ + +#ifndef TEST_CRYPTODEV_SECURITY_DOCSIS_TEST_VECTORS_H_ +#define TEST_CRYPTODEV_SECURITY_DOCSIS_TEST_VECTORS_H_ + +/* + * DOCSIS test data and cases + * - encrypt direction: CRC-Crypto + * - decrypt direction: Crypto-CRC + */ + +struct docsis_test_data { + struct { + uint8_t data[32]; + unsigned int len; + } key; + + struct { + uint8_t data[16] __rte_aligned(16); + unsigned int len; + } iv; + + struct { + uint8_t data[1024]; + unsigned int len; + unsigned int cipher_offset; + unsigned int crc_offset; + bool no_cipher; + bool no_crc; + } plaintext; + + struct { + uint8_t data[1024]; + unsigned int len; + unsigned int cipher_offset; + unsigned int crc_offset; + bool no_cipher; + bool no_crc; + } ciphertext; +}; + +struct docsis_test_data docsis_test_case_1 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x7A, 0xF0, + /* CRC */ + 0x61, 0xF8, 0x63, 0x42 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_2 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x7A, 0xF0, 0xDF, + /* CRC */ + 0xFE, 0x12, 0x99, 0xE5 + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_3 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xD6, 0xE2, 0x70, 0x5C, + 0xE6, 0x4D, 0xCC, 0x8C, 0x47, 0xB7, 0x09, 0xD6, + /* CRC */ + 0x54, 0x85, 0xF8, 0x32 + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_4 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x92, 0x6A, 0xC2, 0xDC, + 0xEE, 0x3B, 0x31, 0xEC, 0x03, 0xDE, 0x95, 0x33, + 0x5E, + /* CRC */ + 0xFE, 0x47, 0x3E, 0x22 + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_5 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x77, 0x74, 0x56, 0x05, + 0xD1, 0x14, 0xA2, 0x8D, 0x2C, 0x9A, 0x11, 0xFC, + 0x7D, 0xB0, 0xE7, 0x18, 0xCE, 0x75, 0x7C, 0x89, + 0x14, 0x56, 0xE2, 0xF2, 0xB7, 0x47, 0x08, 0x27, + 0xF7, 0x08, 0x7A, 0x13, 0x90, 0x81, 0x75, 0xB0, + 0xC7, 0x91, 0x04, 0x83, 0xAD, 0x11, 0x46, 0x46, + 0xF8, 0x54, 0x87, 0xA0, 0x42, 0xF3, 0x71, 0xA9, + 0x8A, 0xCD, 0x59, 0x77, 0x67, 0x11, 0x1A, 0x87, + /* CRC */ + 0xAB, 0xED, 0x2C, 0x26 + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_6 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x77, 0x74, 0x56, 0x05, + 0xD1, 0x14, 0xA2, 0x8D, 0x2C, 0x9A, 0x11, 0xFC, + 0x7D, 0xB0, 0xE7, 0x18, 0xCE, 0x75, 0x7C, 0x89, + 0x14, 0x56, 0xE2, 0xF2, 0xB7, 0x47, 0x08, 0x27, + 0xF7, 0x08, 0x7A, 0x13, 0x90, 0x81, 0x75, 0xB0, + 0xC7, 0x91, 0x04, 0x83, 0xAD, 0x11, 0x46, 0x46, + 0xF8, 0x54, 0x87, 0xA0, 0xA4, 0x0C, 0xC2, 0xF0, + 0x81, 0x49, 0xA8, 0xA6, 0x6C, 0x48, 0xEB, 0x1F, + 0x4B, + /* CRC */ + 0x2F, 0xD4, 0x48, 0x18 + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_7 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x3B, 0x9F, 0x72, 0x4C, 0xB5, 0x72, + 0x3E, 0x56, 0x54, 0x49, 0x13, 0x53, 0xC4, 0xAA, + 0xCD, 0xEA, 0x6A, 0x88, 0x99, 0x07, 0x86, 0xF4, + 0xCF, 0x03, 0x4E, 0xDF, 0x65, 0x61, 0x47, 0x5B, + 0x2F, 0x81, 0x09, 0x12, 0x9A, 0xC2, 0x24, 0x8C, + 0x09, + /* CRC */ + 0x11, 0xB4, 0x06, 0x33 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_8 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x7A, 0xF0, + /* CRC */ + 0x8A, 0x0F, 0x74, 0xE8 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_9 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x3B, 0x9F, 0x72, 0x4C, 0xB5, 0x72, + 0x3E, 0x56, 0x54, 0x49, 0x13, 0x53, 0xC4, 0xAA, + 0xCD, 0xEA, 0x6A, 0x88, 0x99, 0x07, 0x86, 0xF4, + 0xCF, 0x03, 0x4E, 0xDF, 0x65, 0x61, 0x47, 0x5B, + 0x2F, 0x81, 0x09, 0x12, 0x9A, 0xC2, 0x24, 0x8C, + 0x09, + /* CRC */ + 0x5D, 0x2B, 0x12, 0xF4 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_10 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0x14, 0x08, 0xE8, 0x55 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_11 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xB3, 0x60, 0xEB, 0x38 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_12 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_13 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_14 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x6A, 0x86, + /* CRC */ + 0x9B, 0xB3, 0x1A, 0x26 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_15 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x6A, 0x86, 0x25, + /* CRC */ + 0xB5, 0x6B, 0xFD, 0xCB + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_16 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xF6, 0xA1, 0x2E, 0x0A, + 0xBB, 0x27, 0x82, 0x4F, 0x99, 0x0A, 0xE2, 0x3F, + /* CRC */ + 0xEB, 0xB7, 0x89, 0xB0 + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_17 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xE1, 0x30, 0x38, 0xC8, + 0xC4, 0x59, 0x8D, 0x43, 0x9A, 0xBE, 0xBE, 0x73, + 0xC3, + /*CRC */ + 0x8C, 0xE1, 0x89, 0x8B + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_18 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xE9, 0x12, 0x3B, 0x12, + 0x36, 0x56, 0x95, 0xA6, 0x97, 0xF1, 0x74, 0x68, + 0xBA, 0x58, 0x77, 0xEA, 0x43, 0x11, 0x85, 0xD4, + 0x7A, 0xF8, 0x1C, 0x11, 0x50, 0xD1, 0xF1, 0xBD, + 0x15, 0x4D, 0x99, 0xB5, 0x39, 0x74, 0x84, 0xDF, + 0xD4, 0x8B, 0xDC, 0xB7, 0x58, 0x1B, 0x22, 0xAB, + 0xF3, 0x29, 0xC6, 0xCB, 0x26, 0x07, 0x36, 0x6B, + 0x8C, 0xAC, 0x6E, 0x99, 0x37, 0x94, 0xDF, 0x31, + /* CRC */ + 0xA1, 0x7D, 0x70, 0xBB + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_19 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xE9, 0x12, 0x3B, 0x12, + 0x36, 0x56, 0x95, 0xA6, 0x97, 0xF1, 0x74, 0x68, + 0xBA, 0x58, 0x77, 0xEA, 0x43, 0x11, 0x85, 0xD4, + 0x7A, 0xF8, 0x1C, 0x11, 0x50, 0xD1, 0xF1, 0xBD, + 0x15, 0x4D, 0x99, 0xB5, 0x39, 0x74, 0x84, 0xDF, + 0xD4, 0x8B, 0xDC, 0xB7, 0x58, 0x1B, 0x22, 0xAB, + 0xF3, 0x29, 0xC6, 0xCB, 0x13, 0xED, 0x08, 0xF5, + 0x1B, 0x4B, 0xD8, 0x79, 0x93, 0x26, 0x69, 0x03, + 0x23, + /* CRC */ + 0xC8, 0x8E, 0x02, 0x3A + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_20 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x54, 0xB4, 0x55, 0x68, 0x06, 0xBF, + 0x00, 0x8B, 0x5F, 0x2C, 0x10, 0x4A, 0xBF, 0x5A, + 0xF2, 0x20, 0xD9, 0x77, 0x7F, 0x2D, 0x2B, 0x11, + 0xAC, 0xAF, 0x21, 0x36, 0xD2, 0xD4, 0x80, 0xF2, + 0x4F, 0x14, 0xA0, 0x3A, 0x66, 0xE5, 0xC5, 0xE2, + 0x15, + /* CRC */ + 0x0C, 0x89, 0x76, 0x26 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_21 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x6A, 0x86, + /* CRC */ + 0x70, 0x44, 0x0D, 0x8C + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_22 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x54, 0xB4, 0x55, 0x68, 0x06, 0xBF, + 0x00, 0x8B, 0x5F, 0x2C, 0x10, 0x4A, 0xBF, 0x5A, + 0xF2, 0x20, 0xD9, 0x77, 0x7F, 0x2D, 0x2B, 0x11, + 0xAC, 0xAF, 0x21, 0x36, 0xD2, 0xD4, 0x80, 0xF2, + 0x4F, 0x14, 0xA0, 0x3A, 0x66, 0xE5, 0xC5, 0xE2, + 0x15, + /* CRC */ + 0x40, 0x16, 0x62, 0xE1 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_23 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0x14, 0x08, 0xE8, 0x55 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_24 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xB3, 0x60, 0xEB, 0x38 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_25 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_26 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +#endif /* TEST_CRYPTODEV_SECURITY_DOCSIS_TEST_VECTORS_H_ */ From patchwork Tue Jun 30 16:30:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72473 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 33827A0523; Tue, 30 Jun 2020 18:54:14 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 788D21C026; Tue, 30 Jun 2020 18:53:51 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id AB0A51BF95 for ; Tue, 30 Jun 2020 18:53:47 +0200 (CEST) IronPort-SDR: aCLNuQk284lrWaw4SHhEiHSBjzZKTIJVz8P0XWo4tcBn5SnDuIIeUTUwzfSh5zU6iT8VhDzijI sYqDjFYIMJ9w== X-IronPort-AV: E=McAfee;i="6000,8403,9667"; a="134599071" X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="134599071" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 09:53:46 -0700 IronPort-SDR: 4AafCtx9EE4ABc/yUJ52sQjfgWi3PIVgv6eU2EgsOR9xuMqffJEz09SvrNOawBcPN+Qh5Kkox4 xl6R3DwPIjmw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="386747418" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga001.fm.intel.com with ESMTP; 30 Jun 2020 09:53:41 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 30 Jun 2020 17:30:47 +0100 Message-Id: <20200630163049.61900-7-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630163049.61900-1-david.coyle@intel.com> References: <20200623101423.9215-1-david.coyle@intel.com> <20200630163049.61900-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v3 6/8] test/security: add DOCSIS capability check tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add unit tests for DOCSIS capabilitity checks. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- app/test/test_security.c | 88 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/app/test/test_security.c b/app/test/test_security.c index 3076a4c5a..77fd5adc6 100644 --- a/app/test/test_security.c +++ b/app/test/test_security.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include @@ -2268,6 +2269,89 @@ test_capability_get_pdcp_match(void) return TEST_SUCCESS; } +/** + * Test execution of rte_security_capability_get when capabilities table + * does not contain entry with matching DOCSIS direction field + */ +static int +test_capability_get_docsis_mismatch_direction(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_DOWNLINK + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * contains matching DOCSIS entry + */ +static int +test_capability_get_docsis_match(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, &capabilities[1], "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + /** * Declaration of testcases */ @@ -2410,6 +2494,10 @@ static struct unit_test_suite security_testsuite = { test_capability_get_pdcp_mismatch_domain), TEST_CASE_ST(ut_setup_with_session, ut_teardown, test_capability_get_pdcp_match), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_docsis_mismatch_direction), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_docsis_match), TEST_CASES_END() /**< NULL terminate unit test array */ } From patchwork Tue Jun 30 16:30:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72474 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id BF5CCA0523; Tue, 30 Jun 2020 18:54:25 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 940E41C032; Tue, 30 Jun 2020 18:54:00 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 25DC51C034 for ; Tue, 30 Jun 2020 18:53:52 +0200 (CEST) IronPort-SDR: bLS+IVMEuWk+mchLO/luveCLRO6jvSoLYz+K//UJ1qBhSHLFLx6lSB6dGNYhLwzOtn9lhoDK1A NWXVCEN+ltwA== X-IronPort-AV: E=McAfee;i="6000,8403,9667"; a="146300012" X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="146300012" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 09:53:52 -0700 IronPort-SDR: k6bDVkm1H7liKGOqu02EMJE7KHYYhd3S/Jvxfs2rWRRpichNN/8JQ/QoFuNlNOyjoJKGt3ifxW xvvAGdNT4d5g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="386747436" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga001.fm.intel.com with ESMTP; 30 Jun 2020 09:53:46 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 30 Jun 2020 17:30:48 +0100 Message-Id: <20200630163049.61900-8-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630163049.61900-1-david.coyle@intel.com> References: <20200623101423.9215-1-david.coyle@intel.com> <20200630163049.61900-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v3 7/8] app/crypto-perf: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Update test-crypto-perf app to calculate DOCSIS throughput numbers. 1 new parameter is added for DOCSIS: --docsis-hdr-sz ./dpdk-test-crypto-perf -l 3,4 --socket-mem 2048,0 --vdev crypto_aesni_mb_pmd_1 -n 1 -- --devtype crypto_aesni_mb --optype docsis --cipher-algo aes-docsisbpi --cipher-op encrypt --cipher-key-sz 16 --cipher-iv-sz 16 --burst-sz 32 --total-ops 20000000 --buffer-sz 1024 --silent --docsis-hdr-sz 17 Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh Acked-by: Akhil Goyal --- app/test-crypto-perf/cperf_ops.c | 82 ++++++++++++++++++-- app/test-crypto-perf/cperf_options.h | 5 +- app/test-crypto-perf/cperf_options_parsing.c | 67 +++++++++++++++- app/test-crypto-perf/cperf_test_throughput.c | 3 +- app/test-crypto-perf/cperf_test_vectors.c | 3 +- app/test-crypto-perf/main.c | 5 +- app/test-crypto-perf/meson.build | 2 +- 7 files changed, 155 insertions(+), 12 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 97584ceed..e06b59f55 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -3,6 +3,7 @@ */ #include +#include #include "cperf_ops.h" #include "cperf_test_vectors.h" @@ -15,8 +16,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops, uint16_t nb_ops, struct rte_cryptodev_sym_session *sess, const struct cperf_options *options __rte_unused, const struct cperf_test_vector *test_vector __rte_unused, - uint16_t iv_offset __rte_unused, - uint32_t *imix_idx __rte_unused) + uint16_t iv_offset __rte_unused, uint32_t *imix_idx) { uint16_t i; @@ -24,14 +24,39 @@ cperf_set_ops_security(struct rte_crypto_op **ops, struct rte_crypto_sym_op *sym_op = ops[i]->sym; struct rte_security_session *sec_sess = (struct rte_security_session *)sess; + uint32_t buf_sz; ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; rte_security_attach_session(ops[i], sec_sess); sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] + src_buf_offset); - sym_op->m_src->buf_len = options->segment_sz; - sym_op->m_src->data_len = options->test_buffer_size; - sym_op->m_src->pkt_len = sym_op->m_src->data_len; + + if (options->op_type == CPERF_PDCP) { + sym_op->m_src->buf_len = options->segment_sz; + sym_op->m_src->data_len = options->test_buffer_size; + sym_op->m_src->pkt_len = sym_op->m_src->data_len; + } + + if (options->op_type == CPERF_DOCSIS) { + if (options->imix_distribution_count) { + buf_sz = options->imix_buffer_sizes[*imix_idx]; + *imix_idx = (*imix_idx + 1) % options->pool_sz; + } else + buf_sz = options->test_buffer_size; + + /* DOCSIS header is not CRC'ed */ + sym_op->auth.data.offset = options->docsis_hdr_sz; + sym_op->auth.data.length = buf_sz - + sym_op->auth.data.offset - RTE_ETHER_CRC_LEN; + /* + * DOCSIS header and SRC and DST MAC addresses are not + * ciphered + */ + sym_op->cipher.data.offset = sym_op->auth.data.offset + + RTE_ETHER_HDR_LEN - RTE_ETHER_TYPE_LEN; + sym_op->cipher.data.length = buf_sz - + sym_op->cipher.data.offset; + } /* Set dest mbuf to NULL if out-of-place (dst_buf_offset = 0) */ if (dst_buf_offset == 0) @@ -589,6 +614,49 @@ cperf_create_session(struct rte_mempool *sess_mp, return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); } + if (options->op_type == CPERF_DOCSIS) { + enum rte_security_docsis_direction direction; + + cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + cipher_xform.next = NULL; + cipher_xform.cipher.algo = options->cipher_algo; + cipher_xform.cipher.op = options->cipher_op; + cipher_xform.cipher.iv.offset = iv_offset; + if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) { + cipher_xform.cipher.key.data = + test_vector->cipher_key.data; + cipher_xform.cipher.key.length = + test_vector->cipher_key.length; + cipher_xform.cipher.iv.length = + test_vector->cipher_iv.length; + } else { + cipher_xform.cipher.key.data = NULL; + cipher_xform.cipher.key.length = 0; + cipher_xform.cipher.iv.length = 0; + } + cipher_xform.next = NULL; + + if (options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + direction = RTE_SECURITY_DOCSIS_DOWNLINK; + else + direction = RTE_SECURITY_DOCSIS_UPLINK; + + struct rte_security_session_conf sess_conf = { + .action_type = + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + {.docsis = { + .direction = direction, + } }, + .crypto_xform = &cipher_xform + }; + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx(dev_id); + + /* Create security session */ + return (void *)rte_security_session_create(ctx, + &sess_conf, priv_mp); + } #endif sess = rte_cryptodev_sym_session_create(sess_mp); /* @@ -772,6 +840,10 @@ cperf_get_op_functions(const struct cperf_options *options, op_fns->populate_ops = cperf_set_ops_security; return 0; } + if (options->op_type == CPERF_DOCSIS) { + op_fns->populate_ops = cperf_set_ops_security; + return 0; + } #endif return -1; } diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h index 1ed0a77e5..e5f1edffc 100644 --- a/app/test-crypto-perf/cperf_options.h +++ b/app/test-crypto-perf/cperf_options.h @@ -50,6 +50,7 @@ #ifdef RTE_LIBRTE_SECURITY #define CPERF_PDCP_SN_SZ ("pdcp-sn-sz") #define CPERF_PDCP_DOMAIN ("pdcp-domain") +#define CPERF_DOCSIS_HDR_SZ ("docsis-hdr-sz") #endif #define CPERF_CSV ("csv-friendly") @@ -75,7 +76,8 @@ enum cperf_op_type { CPERF_CIPHER_THEN_AUTH, CPERF_AUTH_THEN_CIPHER, CPERF_AEAD, - CPERF_PDCP + CPERF_PDCP, + CPERF_DOCSIS }; extern const char *cperf_op_type_strs[]; @@ -122,6 +124,7 @@ struct cperf_options { #ifdef RTE_LIBRTE_SECURITY uint16_t pdcp_sn_sz; enum rte_security_pdcp_domain pdcp_domain; + uint16_t docsis_hdr_sz; #endif char device_type[RTE_CRYPTODEV_NAME_MAX_LEN]; enum cperf_op_type op_type; diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c index f43c5bede..20577a144 100644 --- a/app/test-crypto-perf/cperf_options_parsing.c +++ b/app/test-crypto-perf/cperf_options_parsing.c @@ -7,6 +7,7 @@ #include #include +#include #include "cperf_options.h" @@ -56,6 +57,9 @@ usage(char *progname) " --pmd-cyclecount-delay-ms N: set delay between enqueue\n" " and dequeue in pmd-cyclecount benchmarking mode\n" " --csv-friendly: enable test result output CSV friendly\n" +#ifdef RTE_LIBRTE_SECURITY + " --docsis-hdr-sz: set DOCSIS header size\n" +#endif " -h: prints this help\n", progname); } @@ -446,6 +450,10 @@ parse_op_type(struct cperf_options *opts, const char *arg) { cperf_op_type_strs[CPERF_PDCP], CPERF_PDCP + }, + { + cperf_op_type_strs[CPERF_DOCSIS], + CPERF_DOCSIS } }; @@ -675,6 +683,12 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg) return 0; } + +static int +parse_docsis_hdr_sz(struct cperf_options *opts, const char *arg) +{ + return parse_uint16_t(&opts->docsis_hdr_sz, arg); +} #endif static int @@ -820,6 +834,7 @@ static struct option lgopts[] = { #ifdef RTE_LIBRTE_SECURITY { CPERF_PDCP_SN_SZ, required_argument, 0, 0 }, { CPERF_PDCP_DOMAIN, required_argument, 0, 0 }, + { CPERF_DOCSIS_HDR_SZ, required_argument, 0, 0 }, #endif { CPERF_CSV, no_argument, 0, 0}, @@ -890,6 +905,7 @@ cperf_options_default(struct cperf_options *opts) #ifdef RTE_LIBRTE_SECURITY opts->pdcp_sn_sz = 12; opts->pdcp_domain = RTE_SECURITY_PDCP_MODE_CONTROL; + opts->docsis_hdr_sz = 17; #endif } @@ -929,6 +945,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts) #ifdef RTE_LIBRTE_SECURITY { CPERF_PDCP_SN_SZ, parse_pdcp_sn_sz }, { CPERF_PDCP_DOMAIN, parse_pdcp_domain }, + { CPERF_DOCSIS_HDR_SZ, parse_docsis_hdr_sz }, #endif { CPERF_CSV, parse_csv_friendly}, { CPERF_PMDCC_DELAY_MS, parse_pmd_cyclecount_delay_ms}, @@ -1031,10 +1048,44 @@ check_cipher_buffer_length(struct cperf_options *options) return 0; } +#ifdef RTE_LIBRTE_SECURITY +static int +check_docsis_buffer_length(struct cperf_options *options) +{ + uint32_t buffer_size, buffer_size_idx = 0; + + if (options->inc_buffer_size != 0) + buffer_size = options->min_buffer_size; + else + buffer_size = options->buffer_size_list[0]; + + while (buffer_size <= options->max_buffer_size) { + if (buffer_size < (uint32_t)(options->docsis_hdr_sz + + RTE_ETHER_HDR_LEN + RTE_ETHER_CRC_LEN)) { + RTE_LOG(ERR, USER1, "Some of the buffer sizes are not " + "valid for DOCSIS\n"); + return -EINVAL; + } + + if (options->inc_buffer_size != 0) + buffer_size += options->inc_buffer_size; + else { + if (++buffer_size_idx == options->buffer_size_count) + break; + buffer_size = + options->buffer_size_list[buffer_size_idx]; + } + } + + return 0; +} +#endif + int cperf_options_check(struct cperf_options *options) { - if (options->op_type == CPERF_CIPHER_ONLY) + if (options->op_type == CPERF_CIPHER_ONLY || + options->op_type == CPERF_DOCSIS) options->digest_sz = 0; if (options->out_of_place && @@ -1151,6 +1202,13 @@ cperf_options_check(struct cperf_options *options) return -EINVAL; } +#ifdef RTE_LIBRTE_SECURITY + if (options->op_type == CPERF_DOCSIS) { + if (check_docsis_buffer_length(options) < 0) + return -EINVAL; + } +#endif + return 0; } @@ -1236,4 +1294,11 @@ cperf_options_dump(struct cperf_options *opts) printf("# aead aad size: %u\n", opts->aead_aad_sz); printf("#\n"); } + +#ifdef RTE_LIBRTE_SECURITY + if (opts->op_type == CPERF_DOCSIS) { + printf("# docsis header size: %u\n", opts->docsis_hdr_sz); + printf("#\n"); + } +#endif } diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c index 35c51026f..12d9ea4f9 100644 --- a/app/test-crypto-perf/cperf_test_throughput.c +++ b/app/test-crypto-perf/cperf_test_throughput.c @@ -36,7 +36,8 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx) return; if (ctx->sess) { #ifdef RTE_LIBRTE_SECURITY - if (ctx->options->op_type == CPERF_PDCP) { + if (ctx->options->op_type == CPERF_PDCP || + ctx->options->op_type == CPERF_DOCSIS) { struct rte_security_ctx *sec_ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c index 41641650c..0af01ff91 100644 --- a/app/test-crypto-perf/cperf_test_vectors.c +++ b/app/test-crypto-perf/cperf_test_vectors.c @@ -469,7 +469,8 @@ cperf_test_vector_get_dummy(struct cperf_options *options) if (options->op_type == CPERF_CIPHER_ONLY || options->op_type == CPERF_CIPHER_THEN_AUTH || - options->op_type == CPERF_AUTH_THEN_CIPHER) { + options->op_type == CPERF_AUTH_THEN_CIPHER || + options->op_type == CPERF_DOCSIS) { if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) { t_vec->cipher_key.length = 0; t_vec->ciphertext.data = plaintext; diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c index 7bb286ccb..edeea9c1b 100644 --- a/app/test-crypto-perf/main.c +++ b/app/test-crypto-perf/main.c @@ -39,7 +39,8 @@ const char *cperf_op_type_strs[] = { [CPERF_CIPHER_THEN_AUTH] = "cipher-then-auth", [CPERF_AUTH_THEN_CIPHER] = "auth-then-cipher", [CPERF_AEAD] = "aead", - [CPERF_PDCP] = "pdcp" + [CPERF_PDCP] = "pdcp", + [CPERF_DOCSIS] = "docsis" }; const struct cperf_test cperf_testmap[] = { @@ -244,7 +245,7 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs) #endif } else sessions_needed = enabled_cdev_count * - opts->nb_qps; + opts->nb_qps * 2; /* * A single session is required per queue pair diff --git a/app/test-crypto-perf/meson.build b/app/test-crypto-perf/meson.build index ef28cb5a0..f394b75ba 100644 --- a/app/test-crypto-perf/meson.build +++ b/app/test-crypto-perf/meson.build @@ -11,4 +11,4 @@ sources = files('cperf_ops.c', 'cperf_test_vectors.c', 'cperf_test_verify.c', 'main.c') -deps += ['cryptodev', 'security'] +deps += ['cryptodev', 'net', 'security'] From patchwork Tue Jun 30 16:30:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72475 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 492F8A0523; Tue, 30 Jun 2020 18:54:37 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 03F751C065; Tue, 30 Jun 2020 18:54:02 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id C6BE71BF8E for ; Tue, 30 Jun 2020 18:53:58 +0200 (CEST) IronPort-SDR: HneE46fTgX193XP4uCNAWMdr25/OqlheE20BFoV8J4L90Pf8Ob4Sqikqt8Mbk9gpu578FIIBvD gcgcrDJd3TjA== X-IronPort-AV: E=McAfee;i="6000,8403,9667"; a="207816053" X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="207816053" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 09:53:57 -0700 IronPort-SDR: P6Md1HNIJvN/94vkuXfIm5purk6ZWIawjGXoINuK72vEhvw6Bk4595oASTH/K+VHNS88RLO1kM MEKTfoLQcDJQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="386747447" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga001.fm.intel.com with ESMTP; 30 Jun 2020 09:53:52 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 30 Jun 2020 17:30:49 +0100 Message-Id: <20200630163049.61900-9-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630163049.61900-1-david.coyle@intel.com> References: <20200623101423.9215-1-david.coyle@intel.com> <20200630163049.61900-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v3 8/8] doc: add doc updates for DOCSIS security protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Update Security library, AESNI-MB crypto PMD, QAT crypto PMD, dpdk-test-crypto-perf tool and release note documentation for DOCSIS protocol support. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- doc/guides/cryptodevs/aesni_mb.rst | 8 ++ doc/guides/cryptodevs/features/aesni_mb.ini | 1 + doc/guides/cryptodevs/features/qat.ini | 1 + doc/guides/cryptodevs/qat.rst | 7 ++ doc/guides/prog_guide/rte_security.rst | 114 +++++++++++++++++++- doc/guides/rel_notes/release_20_08.rst | 16 +++ doc/guides/tools/cryptoperf.rst | 5 + 7 files changed, 150 insertions(+), 2 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index cc64f1243..15388d20a 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -55,10 +55,18 @@ AEAD algorithms: * RTE_CRYPTO_AEAD_AES_CCM * RTE_CRYPTO_AEAD_AES_GCM +Protocol offloads: + +* RTE_SECURITY_PROTOCOL_DOCSIS + Limitations ----------- * Chained mbufs are not supported. +* Out-of-place is not supported for combined Crypto-CRC DOCSIS security + protocol. +* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC + DOCSIS security protocol. Installation diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 49cb82a39..38d255aff 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -6,6 +6,7 @@ [Features] Symmetric crypto = Y Sym operation chaining = Y +Protocol offload = Y CPU SSE = Y CPU AVX = Y CPU AVX2 = Y diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini index a72241997..2d56b187a 100644 --- a/doc/guides/cryptodevs/features/qat.ini +++ b/doc/guides/cryptodevs/features/qat.ini @@ -7,6 +7,7 @@ Symmetric crypto = Y Sym operation chaining = Y HW Accelerated = Y +Protocol offload = Y In Place SGL = Y OOP SGL In SGL Out = Y OOP SGL In LB Out = Y diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index c2cc3d5ca..ee873e7b8 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -76,6 +76,9 @@ Supported AEAD algorithms: * ``RTE_CRYPTO_AEAD_AES_GCM`` * ``RTE_CRYPTO_AEAD_AES_CCM`` +Protocol offloads: + +* ``RTE_SECURITY_PROTOCOL_DOCSIS`` Supported Chains ~~~~~~~~~~~~~~~~ @@ -126,6 +129,10 @@ Limitations generations in the same process if planning to use for GCM. * The mixed algo feature on GEN2 is not supported by all kernel drivers. Check the notes under the Available Kernel Drivers table below for specific details. +* Out-of-place is not supported for combined Crypto-CRC DOCSIS security + protocol. +* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` is not supported for combined Crypto-CRC + DOCSIS security protocol. Extra notes on KASUMI F9 ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst index 9b5d249de..af4281587 100644 --- a/doc/guides/prog_guide/rte_security.rst +++ b/doc/guides/prog_guide/rte_security.rst @@ -10,8 +10,9 @@ The security library provides a framework for management and provisioning of security protocol operations offloaded to hardware based devices. The library defines generic APIs to create and free security sessions which can support full protocol offload as well as inline crypto operation with -NIC or crypto devices. The framework currently only supports the IPsec and PDCP -protocol and associated operations, other protocols will be added in future. +NIC or crypto devices. The framework currently only supports the IPsec, PDCP +and DOCSIS protocols and associated operations, other protocols will be added +in the future. Design Principles ----------------- @@ -296,6 +297,53 @@ Just like IPsec, in case of PDCP also header addition/deletion, cipher/ de-cipher, integrity protection/verification is done based on the action type chosen. +DOCSIS Protocol +~~~~~~~~~~~~~~~ + +The Data Over Cable Service Interface Specification (DOCSIS) support comprises +the combination of encryption/decryption and CRC generation/verification, for +use in a DOCSIS-MAC pipeline. + +.. code-block:: c + + + Downlink Uplink + -------- ------ + + Ethernet frame Ethernet frame + from core network to core network + | ^ + ~ | + | ~ ----+ + V | | + +---------|----------+ +----------|---------+ | + | CRC generation | | CRC verification | | + +---------|----------+ +----------|---------+ | combined + | | > Crypto + CRC + +---------|----------+ +----------|---------+ | + | Encryption | | Decryption | | + +---------|----------+ +----------|---------+ | + | ^ | + ~ | ----+ + | ~ + V | + DOCSIS frame DOCSIS frame + to Cable Modem from Cable Modem + +The encryption/decryption is a combination of CBC and CFB modes using either AES +or DES algorithms as specified in the DOCSIS Security Specification (from DPDK +lib_rtecryptodev perspective, these are RTE_CRYPTO_CIPHER_AES_DOCSISBPI and +RTE_CRYPTO_CIPHER_DES_DOCSISBPI). + +The CRC is Ethernet CRC-32 as specified in Ethernet/[ISO/IEC 8802-3]. + +.. note:: + + * The CRC offset and length are specified via the auth offset and + length fields of the rte_crypto_sym_op. + * Other DOCSIS protocol functionality such as Header Checksum (HCS) + calculation may be added in the future. + Device Features and Capabilities --------------------------------- @@ -408,6 +456,56 @@ PMD which supports the IPsec and PDCP protocol. } } +Below is an example of the capabilities for a PMD which supports the DOCSIS +protocol. + +.. code-block:: c + + static const struct rte_security_capability pmd_security_capabilities[] = { + { /* DOCSIS Uplink */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + .crypto_capabilities = pmd_capabilities + }, + { /* DOCSIS Downlink */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_DOWNLINK + }, + .crypto_capabilities = pmd_capabilities + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } + }; + static const struct rte_cryptodev_capabilities pmd_capabilities[] = { + { /* AES DOCSIS BPI */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + .sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 16 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + } + } + }, + + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() + }; Capabilities Discovery ~~~~~~~~~~~~~~~~~~~~~~ @@ -491,6 +589,7 @@ Security Session configuration structure is defined as ``rte_security_session_co struct rte_security_ipsec_xform ipsec; struct rte_security_macsec_xform macsec; struct rte_security_pdcp_xform pdcp; + struct rte_security_docsis_xform docsis; }; /**< Configuration parameters for security session */ struct rte_crypto_sym_xform *crypto_xform; @@ -538,6 +637,8 @@ The ``rte_security_session_protocol`` is defined as /**< MACSec Protocol */ RTE_SECURITY_PROTOCOL_PDCP, /**< PDCP Protocol */ + RTE_SECURITY_PROTOCOL_DOCSIS, + /**< DOCSIS Protocol */ }; Currently the library defines configuration parameters for IPsec and PDCP only. @@ -594,6 +695,15 @@ PDCP related configuration parameters are defined in ``rte_security_pdcp_xform`` uint32_t hfn_threshold; }; +DOCSIS related configuration parameters are defined in ``rte_security_docsis_xform`` + +.. code-block:: c + + struct rte_security_docsis_xform { + enum rte_security_docsis_direction direction; + /**< DOCSIS direction */ + }; + Security API ~~~~~~~~~~~~ diff --git a/doc/guides/rel_notes/release_20_08.rst b/doc/guides/rel_notes/release_20_08.rst index 39064afbe..0e72a26b1 100644 --- a/doc/guides/rel_notes/release_20_08.rst +++ b/doc/guides/rel_notes/release_20_08.rst @@ -56,6 +56,22 @@ New Features Also, make sure to start the actual text at the margin. ========================================================= +* **Added support for DOCSIS protocol to rte_security.** + + Added support for combined crypto and CRC operations for the DOCSIS protocol + to ``rte_security``. Test and test-crypto-perf applications have been updated + for unit testing. + +* **Updated the AESNI MB crypto PMD.** + + Added support for lookaside protocol offload for DOCSIS through the + ``rte_security`` API. + +* **Updated the QuickAssist Technology (QAT) Crypto PMD.** + + Added support for lookaside protocol offload for DOCSIS through the + ``rte_security`` API. + Removed Items ------------- diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst index a19ccb262..a8df8bc99 100644 --- a/doc/guides/tools/cryptoperf.rst +++ b/doc/guides/tools/cryptoperf.rst @@ -193,6 +193,7 @@ The following are the application command-line options: auth-then-cipher aead pdcp + docsis For GCM/CCM algorithms you should use aead flag. @@ -342,6 +343,10 @@ The following are the application command-line options: Set PDCP domain to specify Control/user plane. +* ``--docsis-hdr-sz `` + + Set DOCSIS header size(n) in bytes. + Test Vector File ~~~~~~~~~~~~~~~~