From patchwork Fri Jul 3 12:39:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 73000 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 45FDFA0519; Fri, 3 Jul 2020 15:02:30 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 72AD81DB94; Fri, 3 Jul 2020 15:02:29 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by dpdk.org (Postfix) with ESMTP id 631091DB93 for ; Fri, 3 Jul 2020 15:02:27 +0200 (CEST) IronPort-SDR: g1wDodhJds6q6ar2h4boOo0HPNX8ch11sxfHcwsDNbUDfTWYY1BAkeOVCT4J9UBFHVAJOCeRdy IegMwgICNRBg== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="127236898" X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="127236898" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 06:02:26 -0700 IronPort-SDR: GwjwYCln+kusR3w1CfM2/xZL0+ijpLuNvEEQv6asVXAddsLy/p3KCxeDJOdWvoFaOkfmKl2Vgw EZfPl7w71VUw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="322412687" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by orsmga007.jf.intel.com with ESMTP; 03 Jul 2020 06:02:20 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Fri, 3 Jul 2020 13:39:27 +0100 Message-Id: <20200703123933.52351-2-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200703123933.52351-1-david.coyle@intel.com> References: <20200630163049.61900-1-david.coyle@intel.com> <20200703123933.52351-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v4 1/7] security: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support for DOCSIS protocol to rte_security library. This support currently comprises the combination of Crypto and CRC operations. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh Acked-by: Akhil Goyal Acked-by: Pablo de Lara --- doc/guides/prog_guide/rte_security.rst | 114 ++++++++++++++++++++++++- doc/guides/rel_notes/release_20_08.rst | 5 ++ lib/librte_security/rte_security.c | 5 ++ lib/librte_security/rte_security.h | 38 +++++++++ 4 files changed, 160 insertions(+), 2 deletions(-) diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst index 9b5d249de..127da2e4f 100644 --- a/doc/guides/prog_guide/rte_security.rst +++ b/doc/guides/prog_guide/rte_security.rst @@ -10,8 +10,9 @@ The security library provides a framework for management and provisioning of security protocol operations offloaded to hardware based devices. The library defines generic APIs to create and free security sessions which can support full protocol offload as well as inline crypto operation with -NIC or crypto devices. The framework currently only supports the IPsec and PDCP -protocol and associated operations, other protocols will be added in future. +NIC or crypto devices. The framework currently only supports the IPsec, PDCP +and DOCSIS protocols and associated operations, other protocols will be added +in the future. Design Principles ----------------- @@ -296,6 +297,53 @@ Just like IPsec, in case of PDCP also header addition/deletion, cipher/ de-cipher, integrity protection/verification is done based on the action type chosen. +DOCSIS Protocol +~~~~~~~~~~~~~~~ + +The Data Over Cable Service Interface Specification (DOCSIS) support comprises +the combination of encryption/decryption and CRC generation/verification, for +use in a DOCSIS-MAC pipeline. + +.. code-block:: c + + + Downlink Uplink + -------- ------ + + Ethernet frame Ethernet frame + from core network to core network + | ^ + ~ | + | ~ ----+ + V | | + +---------|----------+ +----------|---------+ | + | CRC generation | | CRC verification | | + +---------|----------+ +----------|---------+ | combined + | | > Crypto + CRC + +---------|----------+ +----------|---------+ | + | Encryption | | Decryption | | + +---------|----------+ +----------|---------+ | + | ^ | + ~ | ----+ + | ~ + V | + DOCSIS frame DOCSIS frame + to Cable Modem from Cable Modem + +The encryption/decryption is a combination of CBC and CFB modes using either AES +or DES algorithms as specified in the DOCSIS Security Specification (from DPDK +lib_rtecryptodev perspective, these are RTE_CRYPTO_CIPHER_AES_DOCSISBPI and +RTE_CRYPTO_CIPHER_DES_DOCSISBPI). + +The CRC is Ethernet CRC-32 as specified in Ethernet/[ISO/IEC 8802-3]. + +.. note:: + + * The offset and length of data for which CRC needs to be computed are + specified via the auth offset and length fields of the rte_crypto_sym_op. + * Other DOCSIS protocol functionality such as Header Checksum (HCS) + calculation may be added in the future. + Device Features and Capabilities --------------------------------- @@ -408,6 +456,56 @@ PMD which supports the IPsec and PDCP protocol. } } +Below is an example of the capabilities for a PMD which supports the DOCSIS +protocol. + +.. code-block:: c + + static const struct rte_security_capability pmd_security_capabilities[] = { + { /* DOCSIS Uplink */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + .crypto_capabilities = pmd_capabilities + }, + { /* DOCSIS Downlink */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_DOWNLINK + }, + .crypto_capabilities = pmd_capabilities + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } + }; + static const struct rte_cryptodev_capabilities pmd_capabilities[] = { + { /* AES DOCSIS BPI */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + .sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 16 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + } + } + }, + + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() + }; Capabilities Discovery ~~~~~~~~~~~~~~~~~~~~~~ @@ -491,6 +589,7 @@ Security Session configuration structure is defined as ``rte_security_session_co struct rte_security_ipsec_xform ipsec; struct rte_security_macsec_xform macsec; struct rte_security_pdcp_xform pdcp; + struct rte_security_docsis_xform docsis; }; /**< Configuration parameters for security session */ struct rte_crypto_sym_xform *crypto_xform; @@ -538,6 +637,8 @@ The ``rte_security_session_protocol`` is defined as /**< MACSec Protocol */ RTE_SECURITY_PROTOCOL_PDCP, /**< PDCP Protocol */ + RTE_SECURITY_PROTOCOL_DOCSIS, + /**< DOCSIS Protocol */ }; Currently the library defines configuration parameters for IPsec and PDCP only. @@ -594,6 +695,15 @@ PDCP related configuration parameters are defined in ``rte_security_pdcp_xform`` uint32_t hfn_threshold; }; +DOCSIS related configuration parameters are defined in ``rte_security_docsis_xform`` + +.. code-block:: c + + struct rte_security_docsis_xform { + enum rte_security_docsis_direction direction; + /**< DOCSIS direction */ + }; + Security API ~~~~~~~~~~~~ diff --git a/doc/guides/rel_notes/release_20_08.rst b/doc/guides/rel_notes/release_20_08.rst index 5cbc4ce14..13f8f621e 100644 --- a/doc/guides/rel_notes/release_20_08.rst +++ b/doc/guides/rel_notes/release_20_08.rst @@ -56,6 +56,11 @@ New Features Also, make sure to start the actual text at the margin. ========================================================= +* **Added support for DOCSIS protocol to rte_security.** + + Added support for combined crypto and CRC operations for the DOCSIS protocol + to ``rte_security``. + * **Updated PCAP driver.** Updated PCAP driver with new features and improvements, including: diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c index dc9a3e89c..515c29e04 100644 --- a/lib/librte_security/rte_security.c +++ b/lib/librte_security/rte_security.c @@ -173,6 +173,11 @@ rte_security_capability_get(struct rte_security_ctx *instance, if (capability->pdcp.domain == idx->pdcp.domain) return capability; + } else if (idx->protocol == + RTE_SECURITY_PROTOCOL_DOCSIS) { + if (capability->docsis.direction == + idx->docsis.direction) + return capability; } } } diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index 747830d67..16839e539 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -293,6 +293,28 @@ struct rte_security_pdcp_xform { uint32_t hfn_ovrd; }; +/** DOCSIS direction */ +enum rte_security_docsis_direction { + RTE_SECURITY_DOCSIS_UPLINK, + /**< Uplink + * - Decryption, followed by CRC Verification + */ + RTE_SECURITY_DOCSIS_DOWNLINK, + /**< Downlink + * - CRC Generation, followed by Encryption + */ +}; + +/** + * DOCSIS security session configuration. + * + * This structure contains data required to create a DOCSIS security session. + */ +struct rte_security_docsis_xform { + enum rte_security_docsis_direction direction; + /**< DOCSIS direction */ +}; + /** * Security session action type. */ @@ -325,6 +347,8 @@ enum rte_security_session_protocol { /**< MACSec Protocol */ RTE_SECURITY_PROTOCOL_PDCP, /**< PDCP Protocol */ + RTE_SECURITY_PROTOCOL_DOCSIS, + /**< DOCSIS Protocol */ }; /** @@ -340,6 +364,7 @@ struct rte_security_session_conf { struct rte_security_ipsec_xform ipsec; struct rte_security_macsec_xform macsec; struct rte_security_pdcp_xform pdcp; + struct rte_security_docsis_xform docsis; }; /**< Configuration parameters for security session */ struct rte_crypto_sym_xform *crypto_xform; @@ -523,6 +548,10 @@ struct rte_security_pdcp_stats { uint64_t reserved; }; +struct rte_security_docsis_stats { + uint64_t reserved; +}; + struct rte_security_stats { enum rte_security_session_protocol protocol; /**< Security protocol to be configured */ @@ -532,6 +561,7 @@ struct rte_security_stats { struct rte_security_macsec_stats macsec; struct rte_security_ipsec_stats ipsec; struct rte_security_pdcp_stats pdcp; + struct rte_security_docsis_stats docsis; }; }; @@ -591,6 +621,11 @@ struct rte_security_capability { /**< Capability flags, see RTE_SECURITY_PDCP_* */ } pdcp; /**< PDCP capability */ + struct { + enum rte_security_docsis_direction direction; + /**< DOCSIS direction */ + } docsis; + /**< DOCSIS capability */ }; const struct rte_cryptodev_capabilities *crypto_capabilities; @@ -649,6 +684,9 @@ struct rte_security_capability_idx { enum rte_security_pdcp_domain domain; uint32_t capa_flags; } pdcp; + struct { + enum rte_security_docsis_direction direction; + } docsis; }; }; From patchwork Fri Jul 3 12:39:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 73001 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 696E1A0519; Fri, 3 Jul 2020 15:02:41 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1C1E21DBA0; Fri, 3 Jul 2020 15:02:33 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by dpdk.org (Postfix) with ESMTP id 5493D1DBA5 for ; Fri, 3 Jul 2020 15:02:31 +0200 (CEST) IronPort-SDR: Nj1gCSsk7vd3d5vyIoQmbLokBVm6l0h976VnoRLTScBYM+E/ECj4pwrFJX79ZbjnNg/oDRjvbl O3+buKrI0L/g== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="127236912" X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="127236912" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 06:02:30 -0700 IronPort-SDR: veQKClSZc+W8WSw5NuWfKfy9xut+NKm+19g8/IOra+kVMMIPZQ4T+vFHW160uxHiDioblnd5BI 39IZ8/qt9QUA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="322412704" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by orsmga007.jf.intel.com with ESMTP; 03 Jul 2020 06:02:26 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Fri, 3 Jul 2020 13:39:28 +0100 Message-Id: <20200703123933.52351-3-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200703123933.52351-1-david.coyle@intel.com> References: <20200630163049.61900-1-david.coyle@intel.com> <20200703123933.52351-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v4 2/7] cryptodev: add a note regarding DOCSIS protocol support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add a note to the rte_crypto_sym_op->auth.data fields to state that for DOCSIS security protocol, these are used to specify the offset and length of data over which the CRC is calculated. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh Acked-by: Akhil Goyal Acked-by: Pablo de Lara --- lib/librte_cryptodev/rte_crypto_sym.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index da961a19d..f29c98051 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -705,6 +705,14 @@ struct rte_crypto_sym_op { * For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9, * this offset should be such that * data to authenticate starts at COUNT. + * + * @note + * For DOCSIS security protocol, this + * offset is the DOCSIS header length + * and, therefore, also the CRC offset + * i.e. the number of bytes into the + * packet at which CRC calculation + * should begin. */ uint32_t length; /**< The message length, in bytes, of the source @@ -723,6 +731,12 @@ struct rte_crypto_sym_op { * the length should include the COUNT, * FRESH, message, direction bit and padding * (to be multiple of 8 bits). + * + * @note + * For DOCSIS security protocol, this + * is the CRC length i.e. the number of + * bytes in the packet over which the + * CRC should be calculated */ } data; /**< Data offsets and length for authentication */ From patchwork Fri Jul 3 12:39:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 73003 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A2BBDA0519; Fri, 3 Jul 2020 15:03:06 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 374CB1DBB9; Fri, 3 Jul 2020 15:02:54 +0200 (CEST) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by dpdk.org (Postfix) with ESMTP id 8AC9F1DB9D for ; Fri, 3 Jul 2020 15:02:51 +0200 (CEST) IronPort-SDR: t7BBNSxLdRFyAbRJtCe2D1ZALbEpX/QSUuaZMAb9DpdQv8N6hgVrZdAUpzmVMZbxwDBiEExLgH XTFAMOdhHEKw== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="126756298" X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="126756298" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 06:02:36 -0700 IronPort-SDR: C5G03NLlN73yWJEnx1a84lEziuzwfVIL4yv8q0S3tgiJDm4djYhzYZ+GEqNMEC0QnaaGevvfle kf0hGFIHE7Fw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="322412718" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by orsmga007.jf.intel.com with ESMTP; 03 Jul 2020 06:02:31 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Fri, 3 Jul 2020 13:39:29 +0100 Message-Id: <20200703123933.52351-4-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200703123933.52351-1-david.coyle@intel.com> References: <20200630163049.61900-1-david.coyle@intel.com> <20200703123933.52351-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v4 3/7] crypto/aesni_mb: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support to the AESNI-MB PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh Acked-by: Pablo de Lara --- doc/guides/cryptodevs/aesni_mb.rst | 8 + doc/guides/cryptodevs/features/aesni_mb.ini | 1 + doc/guides/rel_notes/release_20_08.rst | 5 + .../crypto/aesni_mb/aesni_mb_pmd_private.h | 19 +- drivers/crypto/aesni_mb/meson.build | 2 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 301 +++++++++++++++++- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 125 ++++++++ 7 files changed, 454 insertions(+), 7 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index cc64f1243..15388d20a 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -55,10 +55,18 @@ AEAD algorithms: * RTE_CRYPTO_AEAD_AES_CCM * RTE_CRYPTO_AEAD_AES_GCM +Protocol offloads: + +* RTE_SECURITY_PROTOCOL_DOCSIS + Limitations ----------- * Chained mbufs are not supported. +* Out-of-place is not supported for combined Crypto-CRC DOCSIS security + protocol. +* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC + DOCSIS security protocol. Installation diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 49cb82a39..38d255aff 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -6,6 +6,7 @@ [Features] Symmetric crypto = Y Sym operation chaining = Y +Protocol offload = Y CPU SSE = Y CPU AVX = Y CPU AVX2 = Y diff --git a/doc/guides/rel_notes/release_20_08.rst b/doc/guides/rel_notes/release_20_08.rst index 13f8f621e..19fc043f2 100644 --- a/doc/guides/rel_notes/release_20_08.rst +++ b/doc/guides/rel_notes/release_20_08.rst @@ -96,6 +96,11 @@ New Features * Added support for DCF datapath configuration. +* **Updated the AESNI MB crypto PMD.** + + Added support for lookaside protocol offload for DOCSIS through the + ``rte_security`` API. + * **Added support for BPF_ABS/BPF_IND load instructions.** Added support for two BPF non-generic instructions: diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 347b4b7e0..e0c7b4f7c 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -7,6 +7,12 @@ #include +#if defined(RTE_LIBRTE_SECURITY) && (IMB_VERSION_NUM) >= IMB_VERSION(0, 54, 0) +#define AESNI_MB_DOCSIS_SEC_ENABLED 1 +#include +#include +#endif + enum aesni_mb_vector_mode { RTE_AESNI_MB_NOT_SUPPORTED = 0, RTE_AESNI_MB_SSE, @@ -272,8 +278,19 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, struct aesni_mb_session *sess, const struct rte_crypto_sym_xform *xform); -/** device specific operations function pointer structure */ +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +extern int +aesni_mb_set_docsis_sec_session_parameters( + __rte_unused struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, + void *sess); +#endif + +/** device specific operations function pointer structures */ extern struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops; +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +extern struct rte_security_ops *rte_aesni_mb_pmd_sec_ops; +#endif extern uint32_t aesni_mb_cpu_crypto_process_bulk(struct rte_cryptodev *dev, diff --git a/drivers/crypto/aesni_mb/meson.build b/drivers/crypto/aesni_mb/meson.build index e557e0103..419b4743f 100644 --- a/drivers/crypto/aesni_mb/meson.build +++ b/drivers/crypto/aesni_mb/meson.build @@ -22,4 +22,4 @@ else endif sources = files('rte_aesni_mb_pmd.c', 'rte_aesni_mb_pmd_ops.c') -deps += ['bus_vdev'] +deps += ['bus_vdev', 'net', 'security'] diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 2d688f4d3..59e76fb8e 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "aesni_mb_pmd_private.h" @@ -720,6 +721,134 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, return 0; } +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +/** Check DOCSIS security session configuration is valid */ +static int +check_docsis_sec_session(struct rte_security_session_conf *conf) +{ + struct rte_crypto_sym_xform *crypto_sym = conf->crypto_xform; + struct rte_security_docsis_xform *docsis = &conf->docsis; + + /* Downlink: CRC generate -> Cipher encrypt */ + if (docsis->direction == RTE_SECURITY_DOCSIS_DOWNLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == IMB_KEY_AES_128_BYTES || + crypto_sym->cipher.key.length == IMB_KEY_AES_256_BYTES) && + crypto_sym->cipher.iv.length == AES_BLOCK_SIZE && + crypto_sym->next == NULL) { + return 0; + } + /* Uplink: Cipher decrypt -> CRC verify */ + } else if (docsis->direction == RTE_SECURITY_DOCSIS_UPLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == IMB_KEY_AES_128_BYTES || + crypto_sym->cipher.key.length == IMB_KEY_AES_256_BYTES) && + crypto_sym->cipher.iv.length == AES_BLOCK_SIZE && + crypto_sym->next == NULL) { + return 0; + } + } + + return -EINVAL; +} + +/** Set DOCSIS security session auth (CRC) parameters */ +static int +aesni_mb_set_docsis_sec_session_auth_parameters(struct aesni_mb_session *sess, + struct rte_security_docsis_xform *xform) +{ + if (xform == NULL) { + AESNI_MB_LOG(ERR, "Invalid DOCSIS xform"); + return -EINVAL; + } + + /* Select CRC generate/verify */ + if (xform->direction == RTE_SECURITY_DOCSIS_UPLINK) { + sess->auth.algo = IMB_AUTH_DOCSIS_CRC32; + sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY; + } else if (xform->direction == RTE_SECURITY_DOCSIS_DOWNLINK) { + sess->auth.algo = IMB_AUTH_DOCSIS_CRC32; + sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE; + } else { + AESNI_MB_LOG(ERR, "Unsupported DOCSIS direction"); + return -ENOTSUP; + } + + sess->auth.req_digest_len = RTE_ETHER_CRC_LEN; + sess->auth.gen_digest_len = RTE_ETHER_CRC_LEN; + + return 0; +} + +/** + * Parse DOCSIS security session configuration and set private session + * parameters + */ +int +aesni_mb_set_docsis_sec_session_parameters( + __rte_unused struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, + void *sess) +{ + struct rte_security_docsis_xform *docsis_xform; + struct rte_crypto_sym_xform *cipher_xform; + struct aesni_mb_session *aesni_sess = sess; + struct aesni_mb_private *internals = dev->data->dev_private; + int ret; + + ret = check_docsis_sec_session(conf); + if (ret) { + AESNI_MB_LOG(ERR, "Unsupported DOCSIS security configuration"); + return ret; + } + + switch (conf->docsis.direction) { + case RTE_SECURITY_DOCSIS_UPLINK: + aesni_sess->chain_order = IMB_ORDER_CIPHER_HASH; + docsis_xform = &conf->docsis; + cipher_xform = conf->crypto_xform; + break; + case RTE_SECURITY_DOCSIS_DOWNLINK: + aesni_sess->chain_order = IMB_ORDER_HASH_CIPHER; + cipher_xform = conf->crypto_xform; + docsis_xform = &conf->docsis; + break; + default: + return -EINVAL; + } + + /* Default IV length = 0 */ + aesni_sess->iv.length = 0; + + ret = aesni_mb_set_docsis_sec_session_auth_parameters(aesni_sess, + docsis_xform); + if (ret != 0) { + AESNI_MB_LOG(ERR, "Invalid/unsupported DOCSIS parameters"); + return -EINVAL; + } + + ret = aesni_mb_set_session_cipher_parameters(internals->mb_mgr, + aesni_sess, cipher_xform); + + if (ret != 0) { + AESNI_MB_LOG(ERR, "Invalid/unsupported cipher parameters"); + return -EINVAL; + } + + return 0; +} +#endif + /** * burst enqueue, place crypto operations on ingress queue for processing. * @@ -758,6 +887,13 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op) get_sym_session_private_data( op->sym->session, cryptodev_driver_id); +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + } else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + if (likely(op->sym->sec_session != NULL)) + sess = (struct aesni_mb_session *) + get_sec_session_private_data( + op->sym->sec_session); +#endif } else { void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp); void *_sess_private_data = NULL; @@ -1158,6 +1294,106 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, return 0; } +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +/** + * Process a crypto operation containing a security op and complete a + * JOB_AES_HMAC job structure for submission to the multi buffer library for + * processing. + */ +static inline int +set_sec_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, + struct rte_crypto_op *op, uint8_t *digest_idx) +{ + struct rte_mbuf *m_src, *m_dst; + struct rte_crypto_sym_op *sym; + struct aesni_mb_session *session; + + session = get_session(qp, op); + if (unlikely(session == NULL)) { + op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; + return -1; + } + + /* Only DOCSIS protocol operations supported now */ + if (session->cipher.mode != IMB_CIPHER_DOCSIS_SEC_BPI || + session->auth.algo != IMB_AUTH_DOCSIS_CRC32) { + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + return -1; + } + + sym = op->sym; + m_src = sym->m_src; + + if (likely(sym->m_dst == NULL || sym->m_dst == m_src)) { + /* in-place operation */ + m_dst = m_src; + } else { + /* out-of-place operation not supported */ + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + return -ENOTSUP; + } + + /* Set crypto operation */ + job->chain_order = session->chain_order; + + /* Set cipher parameters */ + job->cipher_direction = session->cipher.direction; + job->cipher_mode = session->cipher.mode; + + job->aes_key_len_in_bytes = session->cipher.key_length_in_bytes; + job->aes_enc_key_expanded = session->cipher.expanded_aes_keys.encode; + job->aes_dec_key_expanded = session->cipher.expanded_aes_keys.decode; + + /* Set IV parameters */ + job->iv_len_in_bytes = session->iv.length; + job->iv = (uint8_t *)op + session->iv.offset; + + /* Set authentication parameters */ + job->hash_alg = session->auth.algo; + + /* Set digest output location */ + job->auth_tag_output = qp->temp_digests[*digest_idx]; + *digest_idx = (*digest_idx + 1) % MAX_JOBS; + + /* Set digest length */ + job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len; + + /* Set data parameters */ + job->src = rte_pktmbuf_mtod(m_src, uint8_t *); + job->dst = rte_pktmbuf_mtod_offset(m_dst, uint8_t *, + sym->cipher.data.offset); + + job->cipher_start_src_offset_in_bytes = sym->cipher.data.offset; + job->msg_len_to_cipher_in_bytes = sym->cipher.data.length; + + job->hash_start_src_offset_in_bytes = sym->auth.data.offset; + job->msg_len_to_hash_in_bytes = sym->auth.data.length; + + job->user_data = op; + + return 0; +} + +static inline void +verify_docsis_sec_crc(JOB_AES_HMAC *job, uint8_t *status) +{ + uint16_t crc_offset; + uint8_t *crc; + + if (!job->msg_len_to_hash_in_bytes) + return; + + crc_offset = job->hash_start_src_offset_in_bytes + + job->msg_len_to_hash_in_bytes - + job->cipher_start_src_offset_in_bytes; + crc = job->dst + crc_offset; + + /* Verify CRC (at the end of the message) */ + if (memcmp(job->auth_tag_output, crc, RTE_ETHER_CRC_LEN) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; +} +#endif + static inline void verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { @@ -1196,9 +1432,25 @@ static inline struct rte_crypto_op * post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) { struct rte_crypto_op *op = (struct rte_crypto_op *)job->user_data; - struct aesni_mb_session *sess = get_sym_session_private_data( - op->sym->session, - cryptodev_driver_id); + struct aesni_mb_session *sess = NULL; + +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + uint8_t is_docsis_sec = 0; + + if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + /* + * Assuming at this point that if it's a security type op, that + * this is for DOCSIS + */ + is_docsis_sec = 1; + sess = get_sec_session_private_data(op->sym->sec_session); + } else +#endif + { + sess = get_sym_session_private_data(op->sym->session, + cryptodev_driver_id); + } + if (unlikely(sess == NULL)) { op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; return op; @@ -1220,6 +1472,11 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) op->sym->aead.digest.data, sess->auth.req_digest_len, &op->status); +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + else if (is_docsis_sec) + verify_docsis_sec_crc(job, + &op->status); +#endif else verify_digest(job, op->sym->auth.digest.data, @@ -1382,7 +1639,14 @@ aesni_mb_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops, if (retval < 0) break; - retval = set_mb_job_params(job, qp, op, &digest_idx); +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) + retval = set_sec_mb_job_params(job, qp, op, + &digest_idx); + else +#endif + retval = set_mb_job_params(job, qp, op, &digest_idx); + if (unlikely(retval != 0)) { qp->stats.dequeue_err_count++; set_job_null_op(job, op); @@ -1619,6 +1883,9 @@ cryptodev_aesni_mb_create(const char *name, struct aesni_mb_private *internals; enum aesni_mb_vector_mode vector_mode; MB_MGR *mb_mgr; +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + struct rte_security_ctx *security_instance; +#endif dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params); if (dev == NULL) { @@ -1647,7 +1914,27 @@ cryptodev_aesni_mb_create(const char *name, RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO | - RTE_CRYPTODEV_FF_SYM_SESSIONLESS; + RTE_CRYPTODEV_FF_SYM_SESSIONLESS +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + | RTE_CRYPTODEV_FF_SECURITY +#endif + ; + +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + security_instance = rte_malloc("aesni_mb_sec", + sizeof(struct rte_security_ctx), + RTE_CACHE_LINE_SIZE); + if (security_instance == NULL) { + AESNI_MB_LOG(ERR, "rte_security_ctx memory alloc failed"); + rte_cryptodev_pmd_destroy(dev); + return -ENOMEM; + } + + security_instance->device = (void *)dev; + security_instance->ops = rte_aesni_mb_pmd_sec_ops; + security_instance->sess_cnt = 0; + dev->security_ctx = security_instance; +#endif /* Check CPU for support for AES instruction set */ if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AES)) @@ -1726,6 +2013,10 @@ cryptodev_aesni_mb_remove(struct rte_vdev_device *vdev) RTE_PER_LCORE(sync_mb_mgr) = NULL; } +#ifdef RTE_LIBRTE_SECURITYY + rte_free(cryptodev->security_ctx); +#endif + return rte_cryptodev_pmd_destroy(cryptodev); } diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 8c5e0cd92..ed93daec7 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include "aesni_mb_pmd_private.h" @@ -499,6 +500,55 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +static const struct rte_cryptodev_capabilities + aesni_mb_pmd_security_crypto_cap[] = { + { /* AES DOCSIS BPI */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 16 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +static const struct rte_security_capability aesni_mb_pmd_security_cap[] = { + { /* DOCSIS Uplink */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + .crypto_capabilities = aesni_mb_pmd_security_crypto_cap + }, + { /* DOCSIS Downlink */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_DOWNLINK + }, + .crypto_capabilities = aesni_mb_pmd_security_crypto_cap + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; +#endif /** Configure device */ static int @@ -810,3 +860,78 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = { }; struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops; + +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +/** + * Configure a aesni multi-buffer session from a security session + * configuration + */ +static int +aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; + int ret; + + if (rte_mempool_get(mempool, &sess_private_data)) { + AESNI_MB_LOG(ERR, "Couldn't get object from session mempool"); + return -ENOMEM; + } + + if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + AESNI_MB_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + + ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, + sess_private_data); + + if (ret != 0) { + AESNI_MB_LOG(ERR, "Failed to configure session parameters"); + + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sec_session_private_data(sess, sess_private_data); + + return ret; +} + +/** Clear the memory of session so it doesn't leave key material behind */ +static int +aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, + struct rte_security_session *sess) +{ + void *sess_priv = get_sec_session_private_data(sess); + + if (sess_priv) { + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + memset(sess, 0, sizeof(struct aesni_mb_session)); + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, sess_priv); + } + return 0; +} + +/** Get security capabilities for aesni multi-buffer */ +static const struct rte_security_capability * +aesni_mb_pmd_sec_capa_get(void *device __rte_unused) +{ + return aesni_mb_pmd_security_cap; +} + +static struct rte_security_ops aesni_mb_pmd_sec_ops = { + .session_create = aesni_mb_pmd_sec_sess_create, + .session_update = NULL, + .session_stats_get = NULL, + .session_destroy = aesni_mb_pmd_sec_sess_destroy, + .set_pkt_metadata = NULL, + .capabilities_get = aesni_mb_pmd_sec_capa_get +}; + +struct rte_security_ops *rte_aesni_mb_pmd_sec_ops = &aesni_mb_pmd_sec_ops; +#endif From patchwork Fri Jul 3 12:39:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 73005 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 96B4EA0519; Fri, 3 Jul 2020 15:03:29 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id AE9221DBC3; Fri, 3 Jul 2020 15:02:56 +0200 (CEST) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by dpdk.org (Postfix) with ESMTP id 43E481DBB7 for ; Fri, 3 Jul 2020 15:02:52 +0200 (CEST) IronPort-SDR: xhL3fdfcHAnrlIZdtN8UM5vw7aM+uvrzVRB7MsTFh7gzPpKI2/oIve59Hpgj4f4w7H+RjZla5/ gbSBB/YpASFg== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="126756307" X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="126756307" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 06:02:41 -0700 IronPort-SDR: 1Vls8OEi046O8IbN5JSSaYgGblDFKiLGZf3dxJFWwpv9+djSY0AvWkd99Dik2jmOY5MBitoOno lCBbEEQjOMzA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="322412735" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by orsmga007.jf.intel.com with ESMTP; 03 Jul 2020 06:02:36 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Fri, 3 Jul 2020 13:39:30 +0100 Message-Id: <20200703123933.52351-5-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200703123933.52351-1-david.coyle@intel.com> References: <20200630163049.61900-1-david.coyle@intel.com> <20200703123933.52351-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v4 4/7] crypto/qat: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support to the QAT SYM PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- doc/guides/cryptodevs/features/qat.ini | 1 + doc/guides/cryptodevs/qat.rst | 7 + doc/guides/rel_notes/release_20_08.rst | 5 + drivers/common/qat/Makefile | 3 + drivers/crypto/qat/meson.build | 2 + drivers/crypto/qat/qat_sym.c | 71 +++++++++- drivers/crypto/qat/qat_sym.h | 62 ++++++++- drivers/crypto/qat/qat_sym_capabilities.h | 42 ++++++ drivers/crypto/qat/qat_sym_pmd.c | 61 ++++++++- drivers/crypto/qat/qat_sym_pmd.h | 4 + drivers/crypto/qat/qat_sym_session.c | 153 ++++++++++++++++++++++ drivers/crypto/qat/qat_sym_session.h | 11 ++ 12 files changed, 409 insertions(+), 13 deletions(-) diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini index a72241997..2d56b187a 100644 --- a/doc/guides/cryptodevs/features/qat.ini +++ b/doc/guides/cryptodevs/features/qat.ini @@ -7,6 +7,7 @@ Symmetric crypto = Y Sym operation chaining = Y HW Accelerated = Y +Protocol offload = Y In Place SGL = Y OOP SGL In SGL Out = Y OOP SGL In LB Out = Y diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index c2cc3d5ca..ee873e7b8 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -76,6 +76,9 @@ Supported AEAD algorithms: * ``RTE_CRYPTO_AEAD_AES_GCM`` * ``RTE_CRYPTO_AEAD_AES_CCM`` +Protocol offloads: + +* ``RTE_SECURITY_PROTOCOL_DOCSIS`` Supported Chains ~~~~~~~~~~~~~~~~ @@ -126,6 +129,10 @@ Limitations generations in the same process if planning to use for GCM. * The mixed algo feature on GEN2 is not supported by all kernel drivers. Check the notes under the Available Kernel Drivers table below for specific details. +* Out-of-place is not supported for combined Crypto-CRC DOCSIS security + protocol. +* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` is not supported for combined Crypto-CRC + DOCSIS security protocol. Extra notes on KASUMI F9 ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/guides/rel_notes/release_20_08.rst b/doc/guides/rel_notes/release_20_08.rst index 19fc043f2..4ff7911c0 100644 --- a/doc/guides/rel_notes/release_20_08.rst +++ b/doc/guides/rel_notes/release_20_08.rst @@ -101,6 +101,11 @@ New Features Added support for lookaside protocol offload for DOCSIS through the ``rte_security`` API. +* **Updated the QuickAssist Technology (QAT) Crypto PMD.** + + Added support for lookaside protocol offload for DOCSIS through the + ``rte_security`` API. + * **Added support for BPF_ABS/BPF_IND load instructions.** Added support for two BPF non-generic instructions: diff --git a/drivers/common/qat/Makefile b/drivers/common/qat/Makefile index 28bd5668f..85d420709 100644 --- a/drivers/common/qat/Makefile +++ b/drivers/common/qat/Makefile @@ -35,6 +35,9 @@ endif ifeq ($(CONFIG_RTE_LIBRTE_PMD_QAT_SYM),y) LDLIBS += -lrte_cryptodev LDLIBS += -lcrypto +ifeq ($(CONFIG_RTE_LIBRTE_SECURITY),y) + LDLIBS += -lrte_net +endif CFLAGS += -DBUILD_QAT_SYM SRCS-y += qat_sym.c SRCS-y += qat_sym_session.c diff --git a/drivers/crypto/qat/meson.build b/drivers/crypto/qat/meson.build index fc65923a7..a225f374a 100644 --- a/drivers/crypto/qat/meson.build +++ b/drivers/crypto/qat/meson.build @@ -8,6 +8,8 @@ reason = '' # sentinal value to suppress printout dep = dependency('libcrypto', required: false) qat_includes += include_directories('.') qat_deps += 'cryptodev' +qat_deps += 'net' +qat_deps += 'security' if dep.found() # Add our sources files to the list qat_sources += files('qat_sym_pmd.c', diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 25b6dd5f4..55251d171 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -9,6 +9,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_sym.h" @@ -99,6 +102,29 @@ qat_bpicipher_preprocess(struct qat_sym_session *ctx, return sym_op->cipher.data.length - last_block_len; } +#ifdef RTE_LIBRTE_SECURITY +static inline void +qat_crc_generate(struct qat_sym_session *ctx, + struct rte_crypto_op *op) +{ + struct rte_crypto_sym_op *sym_op = op->sym; + uint32_t *crc, crc_length; + uint8_t *crc_data; + + if (ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT && + sym_op->auth.data.length != 0) { + + crc_length = sym_op->auth.data.length; + crc_data = rte_pktmbuf_mtod_offset(sym_op->m_src, uint8_t *, + sym_op->auth.data.offset); + crc = (uint32_t *)(crc_data + crc_length); + + *crc = rte_net_crc_calc(crc_data, crc_length, + RTE_NET_CRC32_ETH); + } +} +#endif + static inline void set_cipher_iv(uint16_t iv_length, uint16_t iv_offset, struct icp_qat_fw_la_cipher_req_params *cipher_param, @@ -149,7 +175,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, void *op_cookie, enum qat_device_gen qat_dev_gen) { int ret = 0; - struct qat_sym_session *ctx; + struct qat_sym_session *ctx = NULL; struct icp_qat_fw_la_cipher_req_params *cipher_param; struct icp_qat_fw_la_auth_req_params *auth_param; register struct icp_qat_fw_la_bulk_req *qat_req; @@ -161,6 +187,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, uint64_t auth_data_end = 0; uint8_t do_sgl = 0; uint8_t in_place = 1; + uint8_t is_docsis_sec = 0; int alignment_adjustment = 0; struct rte_crypto_op *op = (struct rte_crypto_op *)in_op; struct qat_sym_op_cookie *cookie = @@ -177,11 +204,23 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, QAT_DP_LOG(ERR, "QAT PMD only supports session oriented" " requests, op (%p) is sessionless.", op); return -EINVAL; + } else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { + ctx = (struct qat_sym_session *)get_sym_session_private_data( + op->sym->session, cryptodev_qat_driver_id); +#ifdef RTE_LIBRTE_SECURITY + } else { + ctx = (struct qat_sym_session *)get_sec_session_private_data( + op->sym->sec_session); + if (ctx && ctx->bpi_ctx == NULL) { + QAT_DP_LOG(ERR, "QAT PMD only supports security" + " operation requests for DOCSIS, op" + " (%p) is not for DOCSIS.", op); + return -EINVAL; + } + is_docsis_sec = 1; +#endif } - ctx = (struct qat_sym_session *)get_sym_session_private_data( - op->sym->session, cryptodev_qat_driver_id); - if (unlikely(ctx == NULL)) { QAT_DP_LOG(ERR, "Session was not created for this device"); return -EINVAL; @@ -242,7 +281,29 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, cipher_ofs = op->sym->cipher.data.offset >> 3; } else if (ctx->bpi_ctx) { - /* DOCSIS - only send complete blocks to device + /* DOCSIS processing */ +#ifdef RTE_LIBRTE_SECURITY + if (is_docsis_sec) { + /* Check for OOP */ + if (unlikely((op->sym->m_dst != NULL) && + (op->sym->m_dst != + op->sym->m_src))) { + QAT_DP_LOG(ERR, + "OOP not supported for DOCSIS " + "security"); + op->status = + RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + return -EINVAL; + } + + /* Calculate CRC */ + qat_crc_generate(ctx, op); + } +#else + RTE_SET_USED(is_docsis_sec); +#endif + + /* Only send complete blocks to device. * Process any partial block using CFB mode. * Even if 0 complete blocks, still send this to device * to get into rx queue for post-process and dequeuing diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h index bc6426c32..02e72391d 100644 --- a/drivers/crypto/qat/qat_sym.h +++ b/drivers/crypto/qat/qat_sym.h @@ -6,6 +6,9 @@ #define _QAT_SYM_H_ #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #ifdef BUILD_QAT_SYM #include @@ -132,14 +135,38 @@ qat_bpicipher_postprocess(struct qat_sym_session *ctx, return sym_op->cipher.data.length - last_block_len; } +#ifdef RTE_LIBRTE_SECURITY static inline void -qat_sym_process_response(void **op, uint8_t *resp) +qat_crc_verify(struct qat_sym_session *ctx, struct rte_crypto_op *op) { + struct rte_crypto_sym_op *sym_op = op->sym; + uint32_t crc_offset, crc_length, crc; + uint8_t *crc_data; + + if (ctx->qat_dir == ICP_QAT_HW_CIPHER_DECRYPT && + sym_op->auth.data.length != 0) { + + crc_offset = sym_op->auth.data.offset; + crc_length = sym_op->auth.data.length; + crc_data = rte_pktmbuf_mtod_offset(sym_op->m_src, uint8_t *, + crc_offset); + crc = rte_net_crc_calc(crc_data, crc_length, RTE_NET_CRC32_ETH); + + if (crc != *(uint32_t *)(crc_data + crc_length)) + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; + } +} +#endif + +static inline void +qat_sym_process_response(void **op, uint8_t *resp) +{ struct icp_qat_fw_comn_resp *resp_msg = (struct icp_qat_fw_comn_resp *)resp; struct rte_crypto_op *rx_op = (struct rte_crypto_op *)(uintptr_t) (resp_msg->opaque_data); + struct qat_sym_session *sess; #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG QAT_DP_HEXDUMP_LOG(DEBUG, "qat_response:", (uint8_t *)resp_msg, @@ -152,15 +179,36 @@ qat_sym_process_response(void **op, uint8_t *resp) rx_op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } else { - struct qat_sym_session *sess = (struct qat_sym_session *) - get_sym_session_private_data( - rx_op->sym->session, - cryptodev_qat_driver_id); +#ifdef RTE_LIBRTE_SECURITY + uint8_t is_docsis_sec = 0; + + if (rx_op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + /* + * Assuming at this point that if it's a security + * op, that this is for DOCSIS + */ + sess = (struct qat_sym_session *) + get_sec_session_private_data( + rx_op->sym->sec_session); + is_docsis_sec = 1; + } else +#endif + { + sess = (struct qat_sym_session *) + get_sym_session_private_data( + rx_op->sym->session, + cryptodev_qat_driver_id); + } + rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (sess->bpi_ctx) + if (sess->bpi_ctx) { qat_bpicipher_postprocess(sess, rx_op); - rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; +#ifdef RTE_LIBRTE_SECURITY + if (is_docsis_sec) + qat_crc_verify(sess, rx_op); +#endif + } } *op = (void *)rx_op; } diff --git a/drivers/crypto/qat/qat_sym_capabilities.h b/drivers/crypto/qat/qat_sym_capabilities.h index ff691ce35..7b8b13b4f 100644 --- a/drivers/crypto/qat/qat_sym_capabilities.h +++ b/drivers/crypto/qat/qat_sym_capabilities.h @@ -699,4 +699,46 @@ }, } \ } +#ifdef RTE_LIBRTE_SECURITY +#define QAT_SECURITY_SYM_CAPABILITIES \ + { /* AES DOCSIS BPI */ \ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \ + {.sym = { \ + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, \ + {.cipher = { \ + .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,\ + .block_size = 16, \ + .key_size = { \ + .min = 16, \ + .max = 32, \ + .increment = 16 \ + }, \ + .iv_size = { \ + .min = 16, \ + .max = 16, \ + .increment = 0 \ + } \ + }, } \ + }, } \ + } + +#define QAT_SECURITY_CAPABILITIES(sym) \ + [0] = { /* DOCSIS Uplink */ \ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, \ + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, \ + .docsis = { \ + .direction = RTE_SECURITY_DOCSIS_UPLINK \ + }, \ + .crypto_capabilities = (sym) \ + }, \ + [1] = { /* DOCSIS Downlink */ \ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, \ + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, \ + .docsis = { \ + .direction = RTE_SECURITY_DOCSIS_DOWNLINK \ + }, \ + .crypto_capabilities = (sym) \ + } +#endif + #endif /* _QAT_SYM_CAPABILITIES_H_ */ diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c index e887c880f..1561752b8 100644 --- a/drivers/crypto/qat/qat_sym_pmd.c +++ b/drivers/crypto/qat/qat_sym_pmd.c @@ -8,6 +8,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_logs.h" #include "qat_sym.h" @@ -29,6 +32,21 @@ static const struct rte_cryptodev_capabilities qat_gen2_sym_capabilities[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +#ifdef RTE_LIBRTE_SECURITY +static const struct rte_cryptodev_capabilities + qat_security_sym_capabilities[] = { + QAT_SECURITY_SYM_CAPABILITIES, + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +static const struct rte_security_capability qat_security_capabilities[] = { + QAT_SECURITY_CAPABILITIES(qat_security_sym_capabilities), + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; +#endif + static int qat_sym_qp_release(struct rte_cryptodev *dev, uint16_t queue_pair_id); @@ -237,6 +255,24 @@ static struct rte_cryptodev_ops crypto_qat_ops = { .sym_session_clear = qat_sym_session_clear }; +#ifdef RTE_LIBRTE_SECURITY +static const struct rte_security_capability * +qat_security_cap_get(void *device __rte_unused) +{ + return qat_security_capabilities; +} + +static struct rte_security_ops security_qat_ops = { + + .session_create = qat_security_session_create, + .session_update = NULL, + .session_stats_get = NULL, + .session_destroy = qat_security_session_destroy, + .set_pkt_metadata = NULL, + .capabilities_get = qat_security_cap_get +}; +#endif + static uint16_t qat_sym_pmd_enqueue_op_burst(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops) @@ -276,6 +312,9 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev, char name[RTE_CRYPTODEV_NAME_MAX_LEN]; struct rte_cryptodev *cryptodev; struct qat_sym_dev_private *internals; +#ifdef RTE_LIBRTE_SECURITY + struct rte_security_ctx *security_instance; +#endif snprintf(name, RTE_CRYPTODEV_NAME_MAX_LEN, "%s_%s", qat_pci_dev->name, "sym"); @@ -308,7 +347,24 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev, RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | - RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED | + RTE_CRYPTODEV_FF_SECURITY; + +#ifdef RTE_LIBRTE_SECURITY + security_instance = rte_malloc("qat_sec", + sizeof(struct rte_security_ctx), + RTE_CACHE_LINE_SIZE); + if (security_instance == NULL) { + QAT_LOG(ERR, "rte_security_ctx memory alloc failed"); + rte_cryptodev_pmd_destroy(cryptodev); + return -ENOMEM; + } + + security_instance->device = (void *)cryptodev; + security_instance->ops = &security_qat_ops; + security_instance->sess_cnt = 0; + cryptodev->security_ctx = security_instance; +#endif internals = cryptodev->data->dev_private; internals->qat_dev = qat_pci_dev; @@ -357,6 +413,9 @@ qat_sym_dev_destroy(struct qat_pci_device *qat_pci_dev) /* free crypto device */ cryptodev = rte_cryptodev_pmd_get_dev(qat_pci_dev->sym_dev->sym_dev_id); +#ifdef RTE_LIBRTE_SECURITY + rte_free(cryptodev->security_ctx); +#endif rte_cryptodev_pmd_destroy(cryptodev); qat_pci_dev->sym_rte_dev.name = NULL; qat_pci_dev->sym_dev = NULL; diff --git a/drivers/crypto/qat/qat_sym_pmd.h b/drivers/crypto/qat/qat_sym_pmd.h index a5a31e512..c625fef4a 100644 --- a/drivers/crypto/qat/qat_sym_pmd.h +++ b/drivers/crypto/qat/qat_sym_pmd.h @@ -7,7 +7,11 @@ #ifdef BUILD_QAT_SYM +#include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_sym_capabilities.h" #include "qat_device.h" diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 11b459ee8..c7c2d36c1 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -14,6 +14,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_logs.h" #include "qat_sym_session.h" @@ -2100,3 +2103,153 @@ int qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg) } return 0; } + +#ifdef RTE_LIBRTE_SECURITY +static int +qat_sec_session_check_docsis(struct rte_security_session_conf *conf) +{ + struct rte_crypto_sym_xform *crypto_sym = conf->crypto_xform; + struct rte_security_docsis_xform *docsis = &conf->docsis; + + /* CRC generate -> Cipher encrypt */ + if (docsis->direction == RTE_SECURITY_DOCSIS_DOWNLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_128_KEY_SZ || + crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_256_KEY_SZ) && + crypto_sym->cipher.iv.length == ICP_QAT_HW_AES_BLK_SZ && + crypto_sym->next == NULL) { + return 0; + } + /* Cipher decrypt -> CRC verify */ + } else if (docsis->direction == RTE_SECURITY_DOCSIS_UPLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_128_KEY_SZ || + crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_256_KEY_SZ) && + crypto_sym->cipher.iv.length == ICP_QAT_HW_AES_BLK_SZ && + crypto_sym->next == NULL) { + return 0; + } + } + + return -EINVAL; +} + +static int +qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, void *session_private) +{ + int ret; + int qat_cmd_id; + struct rte_crypto_sym_xform *xform = NULL; + struct qat_sym_session *session = session_private; + + ret = qat_sec_session_check_docsis(conf); + if (ret) { + QAT_LOG(ERR, "Unsupported DOCSIS security configuration"); + return ret; + } + + xform = conf->crypto_xform; + + /* Verify the session physical address is known */ + rte_iova_t session_paddr = rte_mempool_virt2iova(session); + if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) { + QAT_LOG(ERR, + "Session physical address unknown. Bad memory pool."); + return -EINVAL; + } + + /* Set context descriptor physical address */ + session->cd_paddr = session_paddr + + offsetof(struct qat_sym_session, cd); + + session->min_qat_dev_gen = QAT_GEN1; + + /* Get requested QAT command id */ + qat_cmd_id = qat_get_cmd_id(xform); + if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) { + QAT_LOG(ERR, "Unsupported xform chain requested"); + return -ENOTSUP; + } + session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id; + switch (session->qat_cmd) { + case ICP_QAT_FW_LA_CMD_CIPHER: + ret = qat_sym_session_configure_cipher(dev, xform, session); + if (ret < 0) + return ret; + break; + default: + QAT_LOG(ERR, "Unsupported Service %u", session->qat_cmd); + return -ENOTSUP; + } + + return 0; +} + +int +qat_security_session_create(void *dev, + struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; + int ret; + + if (rte_mempool_get(mempool, &sess_private_data)) { + QAT_LOG(ERR, "Couldn't get object from session mempool"); + return -ENOMEM; + } + + if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + QAT_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + + ret = qat_sec_session_set_docsis_parameters(cdev, conf, + sess_private_data); + if (ret != 0) { + QAT_LOG(ERR, "Failed to configure session parameters"); + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sec_session_private_data(sess, sess_private_data); + + return ret; +} + +int +qat_security_session_destroy(void *dev __rte_unused, + struct rte_security_session *sess) +{ + void *sess_priv = get_sec_session_private_data(sess); + struct qat_sym_session *s = (struct qat_sym_session *)sess_priv; + + if (sess_priv) { + if (s->bpi_ctx) + bpi_cipher_ctx_free(s->bpi_ctx); + memset(s, 0, qat_sym_session_get_private_size(dev)); + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, sess_priv); + } + return 0; +} +#endif diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h index e6538f627..9f1033baf 100644 --- a/drivers/crypto/qat/qat_sym_session.h +++ b/drivers/crypto/qat/qat_sym_session.h @@ -6,6 +6,9 @@ #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_common.h" #include "icp_qat_hw.h" @@ -156,4 +159,12 @@ qat_cipher_get_block_size(enum icp_qat_hw_cipher_algo qat_cipher_alg); int qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg); +#ifdef RTE_LIBRTE_SECURITY +int +qat_security_session_create(void *dev, struct rte_security_session_conf *conf, + struct rte_security_session *sess, struct rte_mempool *mempool); +int +qat_security_session_destroy(void *dev, struct rte_security_session *sess); +#endif + #endif /* _QAT_SYM_SESSION_H_ */ From patchwork Fri Jul 3 12:39:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 73002 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8C8D7A0519; Fri, 3 Jul 2020 15:02:51 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 7071F1DB99; Fri, 3 Jul 2020 15:02:51 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id EB7FD1DB99 for ; Fri, 3 Jul 2020 15:02:48 +0200 (CEST) IronPort-SDR: I2Ee+9T6PFcYse4S5hlpTVQuF4n/Yz+Iyf7W+SfGgiJAT1sl3WwcXc9LYB20egihh1KanU6639 1VT9+QjdYErA== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="208655599" X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="208655599" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 06:02:48 -0700 IronPort-SDR: KNHYFthgeJPR7EwyhStyLS/zmbP+COg2FE/p5csm2u3+uYj51nH36Xulbkq3wcSzK/ty5pvbNi 4PEZHGwkdhMg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="322412761" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by orsmga007.jf.intel.com with ESMTP; 03 Jul 2020 06:02:41 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Fri, 3 Jul 2020 13:39:31 +0100 Message-Id: <20200703123933.52351-6-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200703123933.52351-1-david.coyle@intel.com> References: <20200630163049.61900-1-david.coyle@intel.com> <20200703123933.52351-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v4 5/7] test/crypto: add DOCSIS security test cases X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add uplink and downlink DOCSIS unit test cases and vectors, to test the combined DOCSIS Crypto-CRC support that has been added to the rte_security library. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh Acked-by: Akhil Goyal Acked-by: Pablo de Lara --- app/test/test_cryptodev.c | 513 ++++++ ...t_cryptodev_security_docsis_test_vectors.h | 1544 +++++++++++++++++ 2 files changed, 2057 insertions(+) create mode 100644 app/test/test_cryptodev_security_docsis_test_vectors.h diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 8f631468b..d11f60f3f 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -42,6 +43,7 @@ #ifdef RTE_LIBRTE_SECURITY #include "test_cryptodev_security_pdcp_test_vectors.h" #include "test_cryptodev_security_pdcp_test_func.h" +#include "test_cryptodev_security_docsis_test_vectors.h" #endif #define VDEV_ARGS_SIZE 100 @@ -72,6 +74,9 @@ struct crypto_unittest_params { struct rte_crypto_sym_xform cipher_xform; struct rte_crypto_sym_xform auth_xform; struct rte_crypto_sym_xform aead_xform; +#ifdef RTE_LIBRTE_SECURITY + struct rte_security_docsis_xform docsis_xform; +#endif union { struct rte_cryptodev_sym_session *sess; @@ -7067,6 +7072,34 @@ test_authenticated_encryption(const struct aead_test_data *tdata) } #ifdef RTE_LIBRTE_SECURITY +static int +security_proto_supported(enum rte_security_session_protocol proto) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + + const struct rte_security_capability *capabilities; + const struct rte_security_capability *capability; + uint16_t i = 0; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx( + ts_params->valid_devs[0]); + + + capabilities = rte_security_capabilities_get(ctx); + + if (capabilities == NULL) + return -ENOTSUP; + + while ((capability = &capabilities[i++])->action != + RTE_SECURITY_ACTION_TYPE_NONE) { + if (capability->protocol == proto) + return 0; + } + + return -ENOTSUP; +} + /* Basic algorithm run function for async inplace mode. * Creates a session from input parameters and runs one operation * on input_vec. Checks the output of the crypto operation against @@ -7670,6 +7703,9 @@ test_PDCP_PROTO_all(void) if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY)) return -ENOTSUP; + if (security_proto_supported(RTE_SECURITY_PROTOCOL_PDCP) < 0) + return -ENOTSUP; + status = test_PDCP_PROTO_cplane_encap_all(); status += test_PDCP_PROTO_cplane_decap_all(); status += test_PDCP_PROTO_uplane_encap_all(); @@ -7684,6 +7720,481 @@ test_PDCP_PROTO_all(void) else return TEST_SUCCESS; } + +static int +test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + uint8_t *plaintext, *ciphertext; + uint8_t *iv_ptr; + int32_t cipher_len, crc_len; + uint32_t crc_data_len; + int ret = TEST_SUCCESS; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx( + ts_params->valid_devs[0]); + + /* Verify the capabilities */ + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + const struct rte_cryptodev_capabilities *crypto_cap; + const struct rte_cryptodev_symmetric_capability *sym_cap; + int j = 0; + + sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS; + sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_UPLINK; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) + return -ENOTSUP; + + while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + crypto_cap->sym.xform_type == + RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_cap->sym.cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI) { + sym_cap = &crypto_cap->sym; + if (rte_cryptodev_sym_capability_check_cipher(sym_cap, + d_td->key.len, + d_td->iv.len) == 0) + break; + } + } + + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) + return -ENOTSUP; + + /* Setup source mbuf payload */ + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + d_td->ciphertext.len); + + memcpy(ciphertext, d_td->ciphertext.data, d_td->ciphertext.len); + + /* Set session action type */ + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + /* Setup cipher session parameters */ + ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI; + ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + ut_params->cipher_xform.cipher.key.data = d_td->key.data; + ut_params->cipher_xform.cipher.key.length = d_td->key.len; + ut_params->cipher_xform.cipher.iv.length = d_td->iv.len; + ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET; + ut_params->cipher_xform.next = NULL; + + /* Setup DOCSIS session parameters */ + ut_params->docsis_xform.direction = RTE_SECURITY_DOCSIS_UPLINK; + + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = ut_params->docsis_xform, + .crypto_xform = &ut_params->cipher_xform, + }; + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_priv_mpool); + + if (!ut_params->sec_session) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "failed to allocate session"); + ret = TEST_FAILED; + goto on_err; + } + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, + RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (!ut_params->op) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to allocate symmetric crypto operation"); + ret = TEST_FAILED; + goto on_err; + } + + /* Setup CRC operation parameters */ + crc_len = d_td->ciphertext.no_crc == false ? + (d_td->ciphertext.len - + d_td->ciphertext.crc_offset - + RTE_ETHER_CRC_LEN) : + 0; + crc_len = crc_len > 0 ? crc_len : 0; + crc_data_len = crc_len == 0 ? 0 : RTE_ETHER_CRC_LEN; + ut_params->op->sym->auth.data.length = crc_len; + ut_params->op->sym->auth.data.offset = d_td->ciphertext.crc_offset; + + /* Setup cipher operation parameters */ + cipher_len = d_td->ciphertext.no_cipher == false ? + (d_td->ciphertext.len - + d_td->ciphertext.cipher_offset) : + 0; + cipher_len = cipher_len > 0 ? cipher_len : 0; + ut_params->op->sym->cipher.data.length = cipher_len; + ut_params->op->sym->cipher.data.offset = d_td->ciphertext.cipher_offset; + + /* Setup cipher IV */ + iv_ptr = (uint8_t *)ut_params->op + IV_OFFSET; + rte_memcpy(iv_ptr, d_td->iv.data, d_td->iv.len); + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, ut_params->sec_session); + + /* Set crypto operation mbufs */ + ut_params->op->sym->m_src = ut_params->ibuf; + ut_params->op->sym->m_dst = NULL; + + /* Process crypto operation */ + if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) == + NULL) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to process security crypto op"); + ret = TEST_FAILED; + goto on_err; + } + + if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "crypto op processing failed"); + ret = TEST_FAILED; + goto on_err; + } + + /* Validate plaintext */ + plaintext = ciphertext; + + if (memcmp(plaintext, d_td->plaintext.data, + d_td->plaintext.len - crc_data_len)) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "plaintext not as expected\n"); + rte_hexdump(stdout, "expected", d_td->plaintext.data, + d_td->plaintext.len); + rte_hexdump(stdout, "actual", plaintext, d_td->plaintext.len); + ret = TEST_FAILED; + goto on_err; + } + +on_err: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + return ret; +} + +static int +test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + uint8_t *plaintext, *ciphertext; + uint8_t *iv_ptr; + int32_t cipher_len, crc_len; + int ret = TEST_SUCCESS; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx( + ts_params->valid_devs[0]); + + /* Verify the capabilities */ + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + const struct rte_cryptodev_capabilities *crypto_cap; + const struct rte_cryptodev_symmetric_capability *sym_cap; + int j = 0; + + sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS; + sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_DOWNLINK; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) + return -ENOTSUP; + + while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + crypto_cap->sym.xform_type == + RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_cap->sym.cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI) { + sym_cap = &crypto_cap->sym; + if (rte_cryptodev_sym_capability_check_cipher(sym_cap, + d_td->key.len, + d_td->iv.len) == 0) + break; + } + } + + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) + return -ENOTSUP; + + /* Setup source mbuf payload */ + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + d_td->plaintext.len); + + memcpy(plaintext, d_td->plaintext.data, d_td->plaintext.len); + + /* Set session action type */ + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + /* Setup cipher session parameters */ + ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI; + ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; + ut_params->cipher_xform.cipher.key.data = d_td->key.data; + ut_params->cipher_xform.cipher.key.length = d_td->key.len; + ut_params->cipher_xform.cipher.iv.length = d_td->iv.len; + ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET; + ut_params->cipher_xform.next = NULL; + + /* Setup DOCSIS session parameters */ + ut_params->docsis_xform.direction = RTE_SECURITY_DOCSIS_DOWNLINK; + + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = ut_params->docsis_xform, + .crypto_xform = &ut_params->cipher_xform, + }; + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_priv_mpool); + + if (!ut_params->sec_session) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "failed to allocate session"); + ret = TEST_FAILED; + goto on_err; + } + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, + RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (!ut_params->op) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to allocate security crypto operation"); + ret = TEST_FAILED; + goto on_err; + } + + /* Setup CRC operation parameters */ + crc_len = d_td->plaintext.no_crc == false ? + (d_td->plaintext.len - + d_td->plaintext.crc_offset - + RTE_ETHER_CRC_LEN) : + 0; + crc_len = crc_len > 0 ? crc_len : 0; + ut_params->op->sym->auth.data.length = crc_len; + ut_params->op->sym->auth.data.offset = d_td->plaintext.crc_offset; + + /* Setup cipher operation parameters */ + cipher_len = d_td->plaintext.no_cipher == false ? + (d_td->plaintext.len - + d_td->plaintext.cipher_offset) : + 0; + cipher_len = cipher_len > 0 ? cipher_len : 0; + ut_params->op->sym->cipher.data.length = cipher_len; + ut_params->op->sym->cipher.data.offset = d_td->plaintext.cipher_offset; + + /* Setup cipher IV */ + iv_ptr = (uint8_t *)ut_params->op + IV_OFFSET; + rte_memcpy(iv_ptr, d_td->iv.data, d_td->iv.len); + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, ut_params->sec_session); + + /* Set crypto operation mbufs */ + ut_params->op->sym->m_src = ut_params->ibuf; + ut_params->op->sym->m_dst = NULL; + + /* Process crypto operation */ + if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) == + NULL) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to process security crypto op"); + ret = TEST_FAILED; + goto on_err; + } + + if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "crypto op processing failed"); + ret = TEST_FAILED; + goto on_err; + } + + /* Validate ciphertext */ + ciphertext = plaintext; + + if (memcmp(ciphertext, d_td->ciphertext.data, d_td->ciphertext.len)) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "ciphertext not as expected\n"); + rte_hexdump(stdout, "expected", d_td->ciphertext.data, + d_td->ciphertext.len); + rte_hexdump(stdout, "actual", ciphertext, d_td->ciphertext.len); + ret = TEST_FAILED; + goto on_err; + } + +on_err: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + return ret; +} + +#define TEST_DOCSIS_COUNT(func) do { \ + int ret = func; \ + if (ret == TEST_SUCCESS) { \ + printf("\t%2d)", n++); \ + printf("+++++ PASSED:" #func"\n"); \ + p++; \ + } else if (ret == -ENOTSUP) { \ + printf("\t%2d)", n++); \ + printf("~~~~~ UNSUPP:" #func"\n"); \ + u++; \ + } else { \ + printf("\t%2d)", n++); \ + printf("----- FAILED:" #func"\n"); \ + f++; \ + } \ +} while (0) + +static int +test_DOCSIS_PROTO_uplink_all(void) +{ + int p = 0, u = 0, f = 0, n = 0; + + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(1, &docsis_test_case_1)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(2, &docsis_test_case_2)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(3, &docsis_test_case_3)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(4, &docsis_test_case_4)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(5, &docsis_test_case_5)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(6, &docsis_test_case_6)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(7, &docsis_test_case_7)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(8, &docsis_test_case_8)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(9, &docsis_test_case_9)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(10, &docsis_test_case_10)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(11, &docsis_test_case_11)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(12, &docsis_test_case_12)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(13, &docsis_test_case_13)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(14, &docsis_test_case_14)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(15, &docsis_test_case_15)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(16, &docsis_test_case_16)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(17, &docsis_test_case_17)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(18, &docsis_test_case_18)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(19, &docsis_test_case_19)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(20, &docsis_test_case_20)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(21, &docsis_test_case_21)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(22, &docsis_test_case_22)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(23, &docsis_test_case_23)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(24, &docsis_test_case_24)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(25, &docsis_test_case_25)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(26, &docsis_test_case_26)); + + if (f) + printf("## %s: %d passed out of %d (%d unsupported)\n", + __func__, p, n, u); + + return f; +}; + +static int +test_DOCSIS_PROTO_downlink_all(void) +{ + int p = 0, u = 0, f = 0, n = 0; + + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(1, &docsis_test_case_1)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(2, &docsis_test_case_2)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(3, &docsis_test_case_3)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(4, &docsis_test_case_4)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(5, &docsis_test_case_5)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(6, &docsis_test_case_6)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(7, &docsis_test_case_7)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(8, &docsis_test_case_8)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(9, &docsis_test_case_9)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(10, &docsis_test_case_10)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(11, &docsis_test_case_11)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(12, &docsis_test_case_12)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(13, &docsis_test_case_13)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(14, &docsis_test_case_14)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(15, &docsis_test_case_15)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(16, &docsis_test_case_16)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(17, &docsis_test_case_17)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(18, &docsis_test_case_18)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(19, &docsis_test_case_19)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(20, &docsis_test_case_20)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(21, &docsis_test_case_21)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(22, &docsis_test_case_22)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(23, &docsis_test_case_23)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(24, &docsis_test_case_24)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(25, &docsis_test_case_25)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(26, &docsis_test_case_26)); + + if (f) + printf("## %s: %d passed out of %d (%d unsupported)\n", + __func__, p, n, u); + + return f; +}; + +static int +test_DOCSIS_PROTO_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + int status; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; + + if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY)) + return -ENOTSUP; + + if (security_proto_supported(RTE_SECURITY_PROTOCOL_DOCSIS) < 0) + return -ENOTSUP; + + status = test_DOCSIS_PROTO_uplink_all(); + status += test_DOCSIS_PROTO_downlink_all(); + + if (status) + return TEST_FAILED; + else + return TEST_SUCCESS; +} #endif static int @@ -12342,6 +12853,8 @@ static struct unit_test_suite cryptodev_testsuite = { #ifdef RTE_LIBRTE_SECURITY TEST_CASE_ST(ut_setup, ut_teardown, test_PDCP_PROTO_all), + TEST_CASE_ST(ut_setup, ut_teardown, + test_DOCSIS_PROTO_all), #endif TEST_CASES_END() /**< NULL terminate unit test array */ } diff --git a/app/test/test_cryptodev_security_docsis_test_vectors.h b/app/test/test_cryptodev_security_docsis_test_vectors.h new file mode 100644 index 000000000..2ed57bd56 --- /dev/null +++ b/app/test/test_cryptodev_security_docsis_test_vectors.h @@ -0,0 +1,1544 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Intel Corporation + */ + +#ifndef TEST_CRYPTODEV_SECURITY_DOCSIS_TEST_VECTORS_H_ +#define TEST_CRYPTODEV_SECURITY_DOCSIS_TEST_VECTORS_H_ + +/* + * DOCSIS test data and cases + * - encrypt direction: CRC-Crypto + * - decrypt direction: Crypto-CRC + */ + +struct docsis_test_data { + struct { + uint8_t data[32]; + unsigned int len; + } key; + + struct { + uint8_t data[16] __rte_aligned(16); + unsigned int len; + } iv; + + struct { + uint8_t data[1024]; + unsigned int len; + unsigned int cipher_offset; + unsigned int crc_offset; + bool no_cipher; + bool no_crc; + } plaintext; + + struct { + uint8_t data[1024]; + unsigned int len; + unsigned int cipher_offset; + unsigned int crc_offset; + bool no_cipher; + bool no_crc; + } ciphertext; +}; + +struct docsis_test_data docsis_test_case_1 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x7A, 0xF0, + /* CRC */ + 0x61, 0xF8, 0x63, 0x42 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_2 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x7A, 0xF0, 0xDF, + /* CRC */ + 0xFE, 0x12, 0x99, 0xE5 + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_3 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xD6, 0xE2, 0x70, 0x5C, + 0xE6, 0x4D, 0xCC, 0x8C, 0x47, 0xB7, 0x09, 0xD6, + /* CRC */ + 0x54, 0x85, 0xF8, 0x32 + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_4 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x92, 0x6A, 0xC2, 0xDC, + 0xEE, 0x3B, 0x31, 0xEC, 0x03, 0xDE, 0x95, 0x33, + 0x5E, + /* CRC */ + 0xFE, 0x47, 0x3E, 0x22 + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_5 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x77, 0x74, 0x56, 0x05, + 0xD1, 0x14, 0xA2, 0x8D, 0x2C, 0x9A, 0x11, 0xFC, + 0x7D, 0xB0, 0xE7, 0x18, 0xCE, 0x75, 0x7C, 0x89, + 0x14, 0x56, 0xE2, 0xF2, 0xB7, 0x47, 0x08, 0x27, + 0xF7, 0x08, 0x7A, 0x13, 0x90, 0x81, 0x75, 0xB0, + 0xC7, 0x91, 0x04, 0x83, 0xAD, 0x11, 0x46, 0x46, + 0xF8, 0x54, 0x87, 0xA0, 0x42, 0xF3, 0x71, 0xA9, + 0x8A, 0xCD, 0x59, 0x77, 0x67, 0x11, 0x1A, 0x87, + /* CRC */ + 0xAB, 0xED, 0x2C, 0x26 + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_6 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x77, 0x74, 0x56, 0x05, + 0xD1, 0x14, 0xA2, 0x8D, 0x2C, 0x9A, 0x11, 0xFC, + 0x7D, 0xB0, 0xE7, 0x18, 0xCE, 0x75, 0x7C, 0x89, + 0x14, 0x56, 0xE2, 0xF2, 0xB7, 0x47, 0x08, 0x27, + 0xF7, 0x08, 0x7A, 0x13, 0x90, 0x81, 0x75, 0xB0, + 0xC7, 0x91, 0x04, 0x83, 0xAD, 0x11, 0x46, 0x46, + 0xF8, 0x54, 0x87, 0xA0, 0xA4, 0x0C, 0xC2, 0xF0, + 0x81, 0x49, 0xA8, 0xA6, 0x6C, 0x48, 0xEB, 0x1F, + 0x4B, + /* CRC */ + 0x2F, 0xD4, 0x48, 0x18 + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_7 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x3B, 0x9F, 0x72, 0x4C, 0xB5, 0x72, + 0x3E, 0x56, 0x54, 0x49, 0x13, 0x53, 0xC4, 0xAA, + 0xCD, 0xEA, 0x6A, 0x88, 0x99, 0x07, 0x86, 0xF4, + 0xCF, 0x03, 0x4E, 0xDF, 0x65, 0x61, 0x47, 0x5B, + 0x2F, 0x81, 0x09, 0x12, 0x9A, 0xC2, 0x24, 0x8C, + 0x09, + /* CRC */ + 0x11, 0xB4, 0x06, 0x33 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_8 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x7A, 0xF0, + /* CRC */ + 0x8A, 0x0F, 0x74, 0xE8 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_9 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x3B, 0x9F, 0x72, 0x4C, 0xB5, 0x72, + 0x3E, 0x56, 0x54, 0x49, 0x13, 0x53, 0xC4, 0xAA, + 0xCD, 0xEA, 0x6A, 0x88, 0x99, 0x07, 0x86, 0xF4, + 0xCF, 0x03, 0x4E, 0xDF, 0x65, 0x61, 0x47, 0x5B, + 0x2F, 0x81, 0x09, 0x12, 0x9A, 0xC2, 0x24, 0x8C, + 0x09, + /* CRC */ + 0x5D, 0x2B, 0x12, 0xF4 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_10 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0x14, 0x08, 0xE8, 0x55 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_11 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xB3, 0x60, 0xEB, 0x38 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_12 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_13 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_14 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x6A, 0x86, + /* CRC */ + 0x9B, 0xB3, 0x1A, 0x26 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_15 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x6A, 0x86, 0x25, + /* CRC */ + 0xB5, 0x6B, 0xFD, 0xCB + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_16 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xF6, 0xA1, 0x2E, 0x0A, + 0xBB, 0x27, 0x82, 0x4F, 0x99, 0x0A, 0xE2, 0x3F, + /* CRC */ + 0xEB, 0xB7, 0x89, 0xB0 + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_17 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xE1, 0x30, 0x38, 0xC8, + 0xC4, 0x59, 0x8D, 0x43, 0x9A, 0xBE, 0xBE, 0x73, + 0xC3, + /*CRC */ + 0x8C, 0xE1, 0x89, 0x8B + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_18 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xE9, 0x12, 0x3B, 0x12, + 0x36, 0x56, 0x95, 0xA6, 0x97, 0xF1, 0x74, 0x68, + 0xBA, 0x58, 0x77, 0xEA, 0x43, 0x11, 0x85, 0xD4, + 0x7A, 0xF8, 0x1C, 0x11, 0x50, 0xD1, 0xF1, 0xBD, + 0x15, 0x4D, 0x99, 0xB5, 0x39, 0x74, 0x84, 0xDF, + 0xD4, 0x8B, 0xDC, 0xB7, 0x58, 0x1B, 0x22, 0xAB, + 0xF3, 0x29, 0xC6, 0xCB, 0x26, 0x07, 0x36, 0x6B, + 0x8C, 0xAC, 0x6E, 0x99, 0x37, 0x94, 0xDF, 0x31, + /* CRC */ + 0xA1, 0x7D, 0x70, 0xBB + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_19 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xE9, 0x12, 0x3B, 0x12, + 0x36, 0x56, 0x95, 0xA6, 0x97, 0xF1, 0x74, 0x68, + 0xBA, 0x58, 0x77, 0xEA, 0x43, 0x11, 0x85, 0xD4, + 0x7A, 0xF8, 0x1C, 0x11, 0x50, 0xD1, 0xF1, 0xBD, + 0x15, 0x4D, 0x99, 0xB5, 0x39, 0x74, 0x84, 0xDF, + 0xD4, 0x8B, 0xDC, 0xB7, 0x58, 0x1B, 0x22, 0xAB, + 0xF3, 0x29, 0xC6, 0xCB, 0x13, 0xED, 0x08, 0xF5, + 0x1B, 0x4B, 0xD8, 0x79, 0x93, 0x26, 0x69, 0x03, + 0x23, + /* CRC */ + 0xC8, 0x8E, 0x02, 0x3A + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_20 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x54, 0xB4, 0x55, 0x68, 0x06, 0xBF, + 0x00, 0x8B, 0x5F, 0x2C, 0x10, 0x4A, 0xBF, 0x5A, + 0xF2, 0x20, 0xD9, 0x77, 0x7F, 0x2D, 0x2B, 0x11, + 0xAC, 0xAF, 0x21, 0x36, 0xD2, 0xD4, 0x80, 0xF2, + 0x4F, 0x14, 0xA0, 0x3A, 0x66, 0xE5, 0xC5, 0xE2, + 0x15, + /* CRC */ + 0x0C, 0x89, 0x76, 0x26 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_21 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x6A, 0x86, + /* CRC */ + 0x70, 0x44, 0x0D, 0x8C + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_22 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x54, 0xB4, 0x55, 0x68, 0x06, 0xBF, + 0x00, 0x8B, 0x5F, 0x2C, 0x10, 0x4A, 0xBF, 0x5A, + 0xF2, 0x20, 0xD9, 0x77, 0x7F, 0x2D, 0x2B, 0x11, + 0xAC, 0xAF, 0x21, 0x36, 0xD2, 0xD4, 0x80, 0xF2, + 0x4F, 0x14, 0xA0, 0x3A, 0x66, 0xE5, 0xC5, 0xE2, + 0x15, + /* CRC */ + 0x40, 0x16, 0x62, 0xE1 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_23 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0x14, 0x08, 0xE8, 0x55 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_24 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xB3, 0x60, 0xEB, 0x38 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_25 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_26 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +#endif /* TEST_CRYPTODEV_SECURITY_DOCSIS_TEST_VECTORS_H_ */ From patchwork Fri Jul 3 12:39:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 73004 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id DA131A0519; Fri, 3 Jul 2020 15:03:18 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 8C7411DBBE; Fri, 3 Jul 2020 15:02:55 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 6C0011DBAE for ; Fri, 3 Jul 2020 15:02:52 +0200 (CEST) IronPort-SDR: dBs0KsphV0R6yzFL8ysXOAM+7RaTxPNFNsF1wKuYnFXJgOwxf0aWvPwPHnHvzhlUJ5XUCNnwub Usz2FE6PK+HA== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="208655606" X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="208655606" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 06:02:52 -0700 IronPort-SDR: R3S7cXlT5ADNJL+Up0Fbxhax/ydMeMt4GTELSrTF4jJNbWBUNArLere1FlKkhlcDT00lthf7Hp feAhfFuG/K0g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="322412770" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by orsmga007.jf.intel.com with ESMTP; 03 Jul 2020 06:02:47 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Fri, 3 Jul 2020 13:39:32 +0100 Message-Id: <20200703123933.52351-7-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200703123933.52351-1-david.coyle@intel.com> References: <20200630163049.61900-1-david.coyle@intel.com> <20200703123933.52351-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v4 6/7] test/security: add DOCSIS capability check tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add unit tests for DOCSIS capabilitity checks. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- app/test/test_security.c | 88 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/app/test/test_security.c b/app/test/test_security.c index 3076a4c5a..77fd5adc6 100644 --- a/app/test/test_security.c +++ b/app/test/test_security.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include @@ -2268,6 +2269,89 @@ test_capability_get_pdcp_match(void) return TEST_SUCCESS; } +/** + * Test execution of rte_security_capability_get when capabilities table + * does not contain entry with matching DOCSIS direction field + */ +static int +test_capability_get_docsis_mismatch_direction(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_DOWNLINK + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * contains matching DOCSIS entry + */ +static int +test_capability_get_docsis_match(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, &capabilities[1], "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + /** * Declaration of testcases */ @@ -2410,6 +2494,10 @@ static struct unit_test_suite security_testsuite = { test_capability_get_pdcp_mismatch_domain), TEST_CASE_ST(ut_setup_with_session, ut_teardown, test_capability_get_pdcp_match), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_docsis_mismatch_direction), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_docsis_match), TEST_CASES_END() /**< NULL terminate unit test array */ } From patchwork Fri Jul 3 12:39:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 73006 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id E9FA1A0519; Fri, 3 Jul 2020 15:03:44 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 4ED411DBD3; Fri, 3 Jul 2020 15:02:59 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 2E3451DBD0 for ; Fri, 3 Jul 2020 15:02:58 +0200 (CEST) IronPort-SDR: ZkqzfXjrNKGLMyAXnEnpc1uxfKbz2P+U0H6lrJibAYUT3TMi7NXfMbgcnZMGk30IcK8MqBEZxj J4NiMgK8L9ZA== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="147156349" X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="147156349" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 06:02:57 -0700 IronPort-SDR: Ftc9j+6N7dxRblYl8lkQ0AQNnjyPTl6K0G8yKts7oX10KFuY4/qcTxq8uG8ghISkmKtEA2PQyB RBHgC2sd9BBQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,308,1589266800"; d="scan'208";a="322412787" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by orsmga007.jf.intel.com with ESMTP; 03 Jul 2020 06:02:52 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Fri, 3 Jul 2020 13:39:33 +0100 Message-Id: <20200703123933.52351-8-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200703123933.52351-1-david.coyle@intel.com> References: <20200630163049.61900-1-david.coyle@intel.com> <20200703123933.52351-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v4 7/7] app/crypto-perf: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Update test-crypto-perf app to calculate DOCSIS throughput numbers. 1 new parameter is added for DOCSIS: --docsis-hdr-sz ./dpdk-test-crypto-perf -l 3,4 --socket-mem 2048,0 --vdev crypto_aesni_mb_pmd_1 -n 1 -- --devtype crypto_aesni_mb --optype docsis --cipher-algo aes-docsisbpi --cipher-op encrypt --cipher-key-sz 16 --cipher-iv-sz 16 --burst-sz 32 --total-ops 20000000 --buffer-sz 1024 --silent --docsis-hdr-sz 17 Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh Acked-by: Akhil Goyal Acked-by: Pablo de Lara --- app/test-crypto-perf/cperf_ops.c | 82 ++++++++++++++++++-- app/test-crypto-perf/cperf_options.h | 5 +- app/test-crypto-perf/cperf_options_parsing.c | 67 +++++++++++++++- app/test-crypto-perf/cperf_test_throughput.c | 3 +- app/test-crypto-perf/cperf_test_vectors.c | 3 +- app/test-crypto-perf/main.c | 5 +- app/test-crypto-perf/meson.build | 2 +- doc/guides/rel_notes/release_20_08.rst | 6 ++ doc/guides/tools/cryptoperf.rst | 5 ++ 9 files changed, 166 insertions(+), 12 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 97584ceed..e06b59f55 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -3,6 +3,7 @@ */ #include +#include #include "cperf_ops.h" #include "cperf_test_vectors.h" @@ -15,8 +16,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops, uint16_t nb_ops, struct rte_cryptodev_sym_session *sess, const struct cperf_options *options __rte_unused, const struct cperf_test_vector *test_vector __rte_unused, - uint16_t iv_offset __rte_unused, - uint32_t *imix_idx __rte_unused) + uint16_t iv_offset __rte_unused, uint32_t *imix_idx) { uint16_t i; @@ -24,14 +24,39 @@ cperf_set_ops_security(struct rte_crypto_op **ops, struct rte_crypto_sym_op *sym_op = ops[i]->sym; struct rte_security_session *sec_sess = (struct rte_security_session *)sess; + uint32_t buf_sz; ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; rte_security_attach_session(ops[i], sec_sess); sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] + src_buf_offset); - sym_op->m_src->buf_len = options->segment_sz; - sym_op->m_src->data_len = options->test_buffer_size; - sym_op->m_src->pkt_len = sym_op->m_src->data_len; + + if (options->op_type == CPERF_PDCP) { + sym_op->m_src->buf_len = options->segment_sz; + sym_op->m_src->data_len = options->test_buffer_size; + sym_op->m_src->pkt_len = sym_op->m_src->data_len; + } + + if (options->op_type == CPERF_DOCSIS) { + if (options->imix_distribution_count) { + buf_sz = options->imix_buffer_sizes[*imix_idx]; + *imix_idx = (*imix_idx + 1) % options->pool_sz; + } else + buf_sz = options->test_buffer_size; + + /* DOCSIS header is not CRC'ed */ + sym_op->auth.data.offset = options->docsis_hdr_sz; + sym_op->auth.data.length = buf_sz - + sym_op->auth.data.offset - RTE_ETHER_CRC_LEN; + /* + * DOCSIS header and SRC and DST MAC addresses are not + * ciphered + */ + sym_op->cipher.data.offset = sym_op->auth.data.offset + + RTE_ETHER_HDR_LEN - RTE_ETHER_TYPE_LEN; + sym_op->cipher.data.length = buf_sz - + sym_op->cipher.data.offset; + } /* Set dest mbuf to NULL if out-of-place (dst_buf_offset = 0) */ if (dst_buf_offset == 0) @@ -589,6 +614,49 @@ cperf_create_session(struct rte_mempool *sess_mp, return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp); } + if (options->op_type == CPERF_DOCSIS) { + enum rte_security_docsis_direction direction; + + cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + cipher_xform.next = NULL; + cipher_xform.cipher.algo = options->cipher_algo; + cipher_xform.cipher.op = options->cipher_op; + cipher_xform.cipher.iv.offset = iv_offset; + if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) { + cipher_xform.cipher.key.data = + test_vector->cipher_key.data; + cipher_xform.cipher.key.length = + test_vector->cipher_key.length; + cipher_xform.cipher.iv.length = + test_vector->cipher_iv.length; + } else { + cipher_xform.cipher.key.data = NULL; + cipher_xform.cipher.key.length = 0; + cipher_xform.cipher.iv.length = 0; + } + cipher_xform.next = NULL; + + if (options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + direction = RTE_SECURITY_DOCSIS_DOWNLINK; + else + direction = RTE_SECURITY_DOCSIS_UPLINK; + + struct rte_security_session_conf sess_conf = { + .action_type = + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + {.docsis = { + .direction = direction, + } }, + .crypto_xform = &cipher_xform + }; + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx(dev_id); + + /* Create security session */ + return (void *)rte_security_session_create(ctx, + &sess_conf, priv_mp); + } #endif sess = rte_cryptodev_sym_session_create(sess_mp); /* @@ -772,6 +840,10 @@ cperf_get_op_functions(const struct cperf_options *options, op_fns->populate_ops = cperf_set_ops_security; return 0; } + if (options->op_type == CPERF_DOCSIS) { + op_fns->populate_ops = cperf_set_ops_security; + return 0; + } #endif return -1; } diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h index 1ed0a77e5..e5f1edffc 100644 --- a/app/test-crypto-perf/cperf_options.h +++ b/app/test-crypto-perf/cperf_options.h @@ -50,6 +50,7 @@ #ifdef RTE_LIBRTE_SECURITY #define CPERF_PDCP_SN_SZ ("pdcp-sn-sz") #define CPERF_PDCP_DOMAIN ("pdcp-domain") +#define CPERF_DOCSIS_HDR_SZ ("docsis-hdr-sz") #endif #define CPERF_CSV ("csv-friendly") @@ -75,7 +76,8 @@ enum cperf_op_type { CPERF_CIPHER_THEN_AUTH, CPERF_AUTH_THEN_CIPHER, CPERF_AEAD, - CPERF_PDCP + CPERF_PDCP, + CPERF_DOCSIS }; extern const char *cperf_op_type_strs[]; @@ -122,6 +124,7 @@ struct cperf_options { #ifdef RTE_LIBRTE_SECURITY uint16_t pdcp_sn_sz; enum rte_security_pdcp_domain pdcp_domain; + uint16_t docsis_hdr_sz; #endif char device_type[RTE_CRYPTODEV_NAME_MAX_LEN]; enum cperf_op_type op_type; diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c index f43c5bede..20577a144 100644 --- a/app/test-crypto-perf/cperf_options_parsing.c +++ b/app/test-crypto-perf/cperf_options_parsing.c @@ -7,6 +7,7 @@ #include #include +#include #include "cperf_options.h" @@ -56,6 +57,9 @@ usage(char *progname) " --pmd-cyclecount-delay-ms N: set delay between enqueue\n" " and dequeue in pmd-cyclecount benchmarking mode\n" " --csv-friendly: enable test result output CSV friendly\n" +#ifdef RTE_LIBRTE_SECURITY + " --docsis-hdr-sz: set DOCSIS header size\n" +#endif " -h: prints this help\n", progname); } @@ -446,6 +450,10 @@ parse_op_type(struct cperf_options *opts, const char *arg) { cperf_op_type_strs[CPERF_PDCP], CPERF_PDCP + }, + { + cperf_op_type_strs[CPERF_DOCSIS], + CPERF_DOCSIS } }; @@ -675,6 +683,12 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg) return 0; } + +static int +parse_docsis_hdr_sz(struct cperf_options *opts, const char *arg) +{ + return parse_uint16_t(&opts->docsis_hdr_sz, arg); +} #endif static int @@ -820,6 +834,7 @@ static struct option lgopts[] = { #ifdef RTE_LIBRTE_SECURITY { CPERF_PDCP_SN_SZ, required_argument, 0, 0 }, { CPERF_PDCP_DOMAIN, required_argument, 0, 0 }, + { CPERF_DOCSIS_HDR_SZ, required_argument, 0, 0 }, #endif { CPERF_CSV, no_argument, 0, 0}, @@ -890,6 +905,7 @@ cperf_options_default(struct cperf_options *opts) #ifdef RTE_LIBRTE_SECURITY opts->pdcp_sn_sz = 12; opts->pdcp_domain = RTE_SECURITY_PDCP_MODE_CONTROL; + opts->docsis_hdr_sz = 17; #endif } @@ -929,6 +945,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts) #ifdef RTE_LIBRTE_SECURITY { CPERF_PDCP_SN_SZ, parse_pdcp_sn_sz }, { CPERF_PDCP_DOMAIN, parse_pdcp_domain }, + { CPERF_DOCSIS_HDR_SZ, parse_docsis_hdr_sz }, #endif { CPERF_CSV, parse_csv_friendly}, { CPERF_PMDCC_DELAY_MS, parse_pmd_cyclecount_delay_ms}, @@ -1031,10 +1048,44 @@ check_cipher_buffer_length(struct cperf_options *options) return 0; } +#ifdef RTE_LIBRTE_SECURITY +static int +check_docsis_buffer_length(struct cperf_options *options) +{ + uint32_t buffer_size, buffer_size_idx = 0; + + if (options->inc_buffer_size != 0) + buffer_size = options->min_buffer_size; + else + buffer_size = options->buffer_size_list[0]; + + while (buffer_size <= options->max_buffer_size) { + if (buffer_size < (uint32_t)(options->docsis_hdr_sz + + RTE_ETHER_HDR_LEN + RTE_ETHER_CRC_LEN)) { + RTE_LOG(ERR, USER1, "Some of the buffer sizes are not " + "valid for DOCSIS\n"); + return -EINVAL; + } + + if (options->inc_buffer_size != 0) + buffer_size += options->inc_buffer_size; + else { + if (++buffer_size_idx == options->buffer_size_count) + break; + buffer_size = + options->buffer_size_list[buffer_size_idx]; + } + } + + return 0; +} +#endif + int cperf_options_check(struct cperf_options *options) { - if (options->op_type == CPERF_CIPHER_ONLY) + if (options->op_type == CPERF_CIPHER_ONLY || + options->op_type == CPERF_DOCSIS) options->digest_sz = 0; if (options->out_of_place && @@ -1151,6 +1202,13 @@ cperf_options_check(struct cperf_options *options) return -EINVAL; } +#ifdef RTE_LIBRTE_SECURITY + if (options->op_type == CPERF_DOCSIS) { + if (check_docsis_buffer_length(options) < 0) + return -EINVAL; + } +#endif + return 0; } @@ -1236,4 +1294,11 @@ cperf_options_dump(struct cperf_options *opts) printf("# aead aad size: %u\n", opts->aead_aad_sz); printf("#\n"); } + +#ifdef RTE_LIBRTE_SECURITY + if (opts->op_type == CPERF_DOCSIS) { + printf("# docsis header size: %u\n", opts->docsis_hdr_sz); + printf("#\n"); + } +#endif } diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c index 35c51026f..12d9ea4f9 100644 --- a/app/test-crypto-perf/cperf_test_throughput.c +++ b/app/test-crypto-perf/cperf_test_throughput.c @@ -36,7 +36,8 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx) return; if (ctx->sess) { #ifdef RTE_LIBRTE_SECURITY - if (ctx->options->op_type == CPERF_PDCP) { + if (ctx->options->op_type == CPERF_PDCP || + ctx->options->op_type == CPERF_DOCSIS) { struct rte_security_ctx *sec_ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c index 41641650c..0af01ff91 100644 --- a/app/test-crypto-perf/cperf_test_vectors.c +++ b/app/test-crypto-perf/cperf_test_vectors.c @@ -469,7 +469,8 @@ cperf_test_vector_get_dummy(struct cperf_options *options) if (options->op_type == CPERF_CIPHER_ONLY || options->op_type == CPERF_CIPHER_THEN_AUTH || - options->op_type == CPERF_AUTH_THEN_CIPHER) { + options->op_type == CPERF_AUTH_THEN_CIPHER || + options->op_type == CPERF_DOCSIS) { if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) { t_vec->cipher_key.length = 0; t_vec->ciphertext.data = plaintext; diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c index 7bb286ccb..edeea9c1b 100644 --- a/app/test-crypto-perf/main.c +++ b/app/test-crypto-perf/main.c @@ -39,7 +39,8 @@ const char *cperf_op_type_strs[] = { [CPERF_CIPHER_THEN_AUTH] = "cipher-then-auth", [CPERF_AUTH_THEN_CIPHER] = "auth-then-cipher", [CPERF_AEAD] = "aead", - [CPERF_PDCP] = "pdcp" + [CPERF_PDCP] = "pdcp", + [CPERF_DOCSIS] = "docsis" }; const struct cperf_test cperf_testmap[] = { @@ -244,7 +245,7 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs) #endif } else sessions_needed = enabled_cdev_count * - opts->nb_qps; + opts->nb_qps * 2; /* * A single session is required per queue pair diff --git a/app/test-crypto-perf/meson.build b/app/test-crypto-perf/meson.build index ef28cb5a0..f394b75ba 100644 --- a/app/test-crypto-perf/meson.build +++ b/app/test-crypto-perf/meson.build @@ -11,4 +11,4 @@ sources = files('cperf_ops.c', 'cperf_test_vectors.c', 'cperf_test_verify.c', 'main.c') -deps += ['cryptodev', 'security'] +deps += ['cryptodev', 'net', 'security'] diff --git a/doc/guides/rel_notes/release_20_08.rst b/doc/guides/rel_notes/release_20_08.rst index 4ff7911c0..a07150e62 100644 --- a/doc/guides/rel_notes/release_20_08.rst +++ b/doc/guides/rel_notes/release_20_08.rst @@ -122,6 +122,12 @@ New Features * Dump ``rte_flow`` memory consumption. * Measure packet per second forwarding. +* **Added support for DOCSIS protocol to dpdk-test-crypto-perf application.** + + Updated the ``dpdk-test-crypto-perf`` application to support the DOCSIS + protocol in order to measure the throughput of combined crypto and CRC + operations. + Removed Items ------------- diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst index a19ccb262..a8df8bc99 100644 --- a/doc/guides/tools/cryptoperf.rst +++ b/doc/guides/tools/cryptoperf.rst @@ -193,6 +193,7 @@ The following are the application command-line options: auth-then-cipher aead pdcp + docsis For GCM/CCM algorithms you should use aead flag. @@ -342,6 +343,10 @@ The following are the application command-line options: Set PDCP domain to specify Control/user plane. +* ``--docsis-hdr-sz `` + + Set DOCSIS header size(n) in bytes. + Test Vector File ~~~~~~~~~~~~~~~~