From patchwork Wed Jun 7 15:19:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128325 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9512742C4E; Wed, 7 Jun 2023 17:20:04 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7FA3342B8E; Wed, 7 Jun 2023 17:19:58 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 58F9A40A84 for ; Wed, 7 Jun 2023 17:19:56 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvj7Z028182; Wed, 7 Jun 2023 08:19:53 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Ao0FnCwxlA1FTzoUWq+ioGvYF/pEBwQffY2sbUizsAM=; b=LjghxcrxMod6kzyiyWznWVoWQMSSFZlNgeUbYKJw6QaeFM+iJESVCrf1KYxEtRrXEtrB ObuZfCuZMyfkBD69LBrOs3K04yVx/UlyX77dEqP86RrQQmMHVc22tqI0OXyO4FZjjKpy RenEOMBldiQNDF8DutJKfj85teQIC3kLAt97AxRyJS/zoYY4C+XIG0hz/OYdHQon7RMF nxGqbzUmIQvw1TyxxFYhXn8AxWvmq43d1FIu+LAiOUeBLnWnE8gxgelIx99xtbOZgX9N JuicodrUXbT9bCMb/xt16WToC6d4QLbPAtJSj3iDaK9tvvckegmQB1uGKgArXzFXCRtz Eg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv64y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:19:53 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:19:51 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:19:51 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 528253F7088; Wed, 7 Jun 2023 08:19:48 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 01/13] security: add direction in SA/SC configuration Date: Wed, 7 Jun 2023 20:49:28 +0530 Message-ID: <20230607151940.223417-2-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: ApB596M3Q6NDWS5IWaDFPKbotBqSoZtO X-Proofpoint-GUID: ApB596M3Q6NDWS5IWaDFPKbotBqSoZtO X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org MACsec SC/SA ids are created based on direction of the flow. Hence, added the missing field for configuration and cleanup of the SCs and SAs. Signed-off-by: Akhil Goyal --- devtools/libabigail.abignore | 7 +++++++ lib/security/rte_security.c | 16 ++++++++++------ lib/security/rte_security.h | 14 ++++++++++---- lib/security/rte_security_driver.h | 12 ++++++++++-- 4 files changed, 37 insertions(+), 12 deletions(-) diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore index c0361bfc7b..14d8fa4293 100644 --- a/devtools/libabigail.abignore +++ b/devtools/libabigail.abignore @@ -37,6 +37,13 @@ [suppress_type] type_kind = enum changed_enumerators = RTE_CRYPTO_ASYM_XFORM_ECPM, RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END +; Ignore changes to rte_security_ops MACsec APIs which are experimental +[suppress_type] + name = rte_security_ops + has_data_member_inserted_between = + { + offset_of(security_macsec_sc_create_t), offset_of(security_macsec_sa_stats_get_t) + } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Temporary exceptions till next major ABI version ; diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index e102c55e55..c4d64bb8e9 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -164,13 +164,14 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance, } int -rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id) +rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id, + enum rte_security_macsec_direction dir) { int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_destroy, -EINVAL, -ENOTSUP); - ret = instance->ops->macsec_sc_destroy(instance->device, sc_id); + ret = instance->ops->macsec_sc_destroy(instance->device, sc_id, dir); if (ret != 0) return ret; @@ -181,13 +182,14 @@ rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id } int -rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id) +rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id, + enum rte_security_macsec_direction dir) { int ret; RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_destroy, -EINVAL, -ENOTSUP); - ret = instance->ops->macsec_sa_destroy(instance->device, sa_id); + ret = instance->ops->macsec_sa_destroy(instance->device, sa_id, dir); if (ret != 0) return ret; @@ -199,22 +201,24 @@ rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id int rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_id, + enum rte_security_macsec_direction dir, struct rte_security_macsec_sc_stats *stats) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_stats_get, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(stats, -EINVAL); - return instance->ops->macsec_sc_stats_get(instance->device, sc_id, stats); + return instance->ops->macsec_sc_stats_get(instance->device, sc_id, dir, stats); } int rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_id, + enum rte_security_macsec_direction dir, struct rte_security_macsec_sa_stats *stats) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_stats_get, -EINVAL, -ENOTSUP); RTE_PTR_OR_ERR_RET(stats, -EINVAL); - return instance->ops->macsec_sa_stats_get(instance->device, sa_id, stats); + return instance->ops->macsec_sa_stats_get(instance->device, sa_id, dir, stats); } int diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 4bacf9fcd9..c7a523b6d6 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -761,6 +761,7 @@ rte_security_macsec_sc_create(struct rte_security_ctx *instance, * * @param instance security instance * @param sc_id SC ID to be destroyed + * @param dir direction of the SC * @return * - 0 if successful. * - -EINVAL if sc_id is invalid or instance is NULL. @@ -768,7 +769,8 @@ rte_security_macsec_sc_create(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id); +rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id, + enum rte_security_macsec_direction dir); /** * @warning @@ -798,6 +800,7 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance, * * @param instance security instance * @param sa_id SA ID to be destroyed + * @param dir direction of the SA * @return * - 0 if successful. * - -EINVAL if sa_id is invalid or instance is NULL. @@ -805,7 +808,8 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance, */ __rte_experimental int -rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id); +rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id, + enum rte_security_macsec_direction dir); /** Device-specific metadata field type */ typedef uint64_t rte_security_dynfield_t; @@ -1077,6 +1081,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, * * @param instance security instance * @param sa_id SA ID for which stats are needed + * @param dir direction of the SA * @param stats statistics * @return * - On success, return 0. @@ -1085,7 +1090,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, __rte_experimental int rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, - uint16_t sa_id, + uint16_t sa_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sa_stats *stats); /** @@ -1096,6 +1101,7 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, * * @param instance security instance * @param sc_id SC ID for which stats are needed + * @param dir direction of the SC * @param stats SC statistics * @return * - On success, return 0. @@ -1104,7 +1110,7 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, __rte_experimental int rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, - uint16_t sc_id, + uint16_t sc_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sc_stats *stats); /** diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h index 421e6f7780..677c7d1f91 100644 --- a/lib/security/rte_security_driver.h +++ b/lib/security/rte_security_driver.h @@ -106,8 +106,10 @@ typedef int (*security_macsec_sc_create_t)(void *device, struct rte_security_mac * * @param device Crypto/eth device pointer * @param sc_id MACsec SC ID + * @param dir Direction of SC */ -typedef int (*security_macsec_sc_destroy_t)(void *device, uint16_t sc_id); +typedef int (*security_macsec_sc_destroy_t)(void *device, uint16_t sc_id, + enum rte_security_macsec_direction dir); /** * Configure a MACsec security Association (SA) on a device. @@ -128,8 +130,10 @@ typedef int (*security_macsec_sa_create_t)(void *device, struct rte_security_mac * * @param device Crypto/eth device pointer * @param sa_id MACsec SA ID + * @param dir Direction of SA */ -typedef int (*security_macsec_sa_destroy_t)(void *device, uint16_t sa_id); +typedef int (*security_macsec_sa_destroy_t)(void *device, uint16_t sa_id, + enum rte_security_macsec_direction dir); /** * Get the size of a security session @@ -162,6 +166,7 @@ typedef int (*security_session_stats_get_t)(void *device, * * @param device Crypto/eth device pointer * @param sc_id secure channel ID created by rte_security_macsec_sc_create() + * @param dir direction of SC * @param stats SC stats of the driver * * @return @@ -169,6 +174,7 @@ typedef int (*security_session_stats_get_t)(void *device, * - -EINVAL if sc_id or device is invalid. */ typedef int (*security_macsec_sc_stats_get_t)(void *device, uint16_t sc_id, + enum rte_security_macsec_direction dir, struct rte_security_macsec_sc_stats *stats); /** @@ -176,6 +182,7 @@ typedef int (*security_macsec_sc_stats_get_t)(void *device, uint16_t sc_id, * * @param device Crypto/eth device pointer * @param sa_id secure channel ID created by rte_security_macsec_sc_create() + * @param dir direction of SA * @param stats SC stats of the driver * * @return @@ -183,6 +190,7 @@ typedef int (*security_macsec_sc_stats_get_t)(void *device, uint16_t sc_id, * - -EINVAL if sa_id or device is invalid. */ typedef int (*security_macsec_sa_stats_get_t)(void *device, uint16_t sa_id, + enum rte_security_macsec_direction dir, struct rte_security_macsec_sa_stats *stats); From patchwork Wed Jun 7 15:19:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128327 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9E83142C4E; Wed, 7 Jun 2023 17:20:19 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C817A42D17; Wed, 7 Jun 2023 17:20:08 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 6EF6A410FD for ; Wed, 7 Jun 2023 17:20:06 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvh1s028140; Wed, 7 Jun 2023 08:19:57 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=/te6SjN+49DdP6sPClyO7QlARO0aWlJ/UKPWoUWMVa0=; b=hs6ngKFev9/OO7C/HvoKX8B4n/bIqlJz2Ku9oWlgXXzCuq+CADg+JRjZg06hs2cdZBgG F3Xx1pFoPnnjY+X3AsTXeWkodRhHIbSGd3Zk7OXNm7mDTAqYWcGwbh7UbdLBHPXHLmsI tgseYgrOtIkN30l4cH12ELiVFYZKtoCBmCJZXvb8U+FNMpIbkWONXUPs73YYykfcXmMP zgXwuU5QpwPSJxqTBfLe0pYNFNJxvuBGvsvhhfNkIGwddFCJAg7OKgONDgMqqAgPJYeZ Ab5SRnRWgCsC3sKoolzUmXnhFbofA501vsKD8M9Uc/iMzhTzQo68exUfRGkKl1BXwHm+ rw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv658-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:19:57 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:19:55 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:19:55 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 3486E3F7084; Wed, 7 Jun 2023 08:19:51 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 02/13] security: add MACsec packet number threshold Date: Wed, 7 Jun 2023 20:49:29 +0530 Message-ID: <20230607151940.223417-3-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: J8-RoopbAoUfYjS-ORt8OFQsyFb8QiX- X-Proofpoint-GUID: J8-RoopbAoUfYjS-ORt8OFQsyFb8QiX- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added Packet number threshold parameter in MACsec SC configuration to identify the maximum allowed threshold for packet number field in the packet. A field is_xpn is also added to identify if the SAs are configured for extended packet number or not so that packet number threshold can be configured accordingly. Signed-off-by: Akhil Goyal --- lib/security/rte_security.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index c7a523b6d6..30bac4e25a 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -399,6 +399,8 @@ struct rte_security_macsec_sa { struct rte_security_macsec_sc { /** Direction of SC */ enum rte_security_macsec_direction dir; + /** Packet number threshold */ + uint64_t pn_threshold; union { struct { /** SAs for each association number */ @@ -407,8 +409,10 @@ struct rte_security_macsec_sc { uint8_t sa_in_use[RTE_SECURITY_MACSEC_NUM_AN]; /** Channel is active */ uint8_t active : 1; + /** Extended packet number is enabled for SAs */ + uint8_t is_xpn : 1; /** Reserved bitfields for future */ - uint8_t reserved : 7; + uint8_t reserved : 6; } sc_rx; struct { uint16_t sa_id; /**< SA ID to be used for encryption */ @@ -416,8 +420,10 @@ struct rte_security_macsec_sc { uint64_t sci; /**< SCI value to be used if send_sci is set */ uint8_t active : 1; /**< Channel is active */ uint8_t re_key_en : 1; /**< Enable Rekeying */ + /** Extended packet number is enabled for SAs */ + uint8_t is_xpn : 1; /** Reserved bitfields for future */ - uint8_t reserved : 6; + uint8_t reserved : 5; } sc_tx; }; }; From patchwork Wed Jun 7 15:19:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128326 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F112E42C4E; Wed, 7 Jun 2023 17:20:11 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B9153410FD; Wed, 7 Jun 2023 17:20:07 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E66A6410FC for ; Wed, 7 Jun 2023 17:20:05 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvhxp028122; Wed, 7 Jun 2023 08:20:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=B6x4nFrb4pscGmFRXhjkYZd+nKJ1tK5Sks5b2jQ7ezA=; b=Qs4qCOBd+yehcUtLDKXmu6x9B7GQ77BKSOsXUOhfefLhS4fBTYKethDLXQA+cRdSG2Ow I01h1wb6/DZ6XIagMWljieoCbLnsgdGyuon5JuFMkQfKHJxX1DSnysy5E9zJURV6UQgM 4NHgACaVitTgXeakD8BmoZj4FncenIT9SNOTK15glbxhvaGTYok5eeHTmz4YsEGQJyv8 IO2iJBsLblhbcZHvoUTN7yM+SVogvFCtYpLcwYs+cDDxPYg7OAuxK/eChLpc3NRVQIFR TNPaEh/aETT/5IlTEMy29Y1+EGil8OBWl7/KW1Vcspqs6CRlrbijY+XYZ0ySJOy2A5NI /g== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv66g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:02 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:19:59 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:19:59 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 16E193F7088; Wed, 7 Jun 2023 08:19:55 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 03/13] test/security: add inline MACsec cases Date: Wed, 7 Jun 2023 20:49:30 +0530 Message-ID: <20230607151940.223417-4-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: RTRfm0GVeP3X5KC5UHVdNXZSWxFwySkq X-Proofpoint-GUID: RTRfm0GVeP3X5KC5UHVdNXZSWxFwySkq X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Updated test app to verify Inline MACsec offload using rte_security APIs. A couple of test cases are added to verify encap only and decap only of some known test vectors from MACsec specification. Signed-off-by: Akhil Goyal --- app/test/meson.build | 1 + app/test/test_security_inline_macsec.c | 1108 +++++++++++++++++ .../test_security_inline_macsec_vectors.h | 1086 ++++++++++++++++ 3 files changed, 2195 insertions(+) create mode 100644 app/test/test_security_inline_macsec.c create mode 100644 app/test/test_security_inline_macsec_vectors.h diff --git a/app/test/meson.build b/app/test/meson.build index b9b5432496..69c1d19f7b 100644 --- a/app/test/meson.build +++ b/app/test/meson.build @@ -128,6 +128,7 @@ test_sources = files( 'test_rwlock.c', 'test_sched.c', 'test_security.c', + 'test_security_inline_macsec.c', 'test_security_inline_proto.c', 'test_seqlock.c', 'test_service_cores.c', diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c new file mode 100644 index 0000000000..9ef967597b --- /dev/null +++ b/app/test/test_security_inline_macsec.c @@ -0,0 +1,1108 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ + + +#include +#include + +#include +#include +#include + +#include "test.h" +#include "test_security_inline_macsec_vectors.h" + +#ifdef RTE_EXEC_ENV_WINDOWS +static int +test_inline_macsec(void) +{ + printf("Inline MACsec not supported on Windows, skipping test\n"); + return TEST_SKIPPED; +} + +#else + +#define NB_ETHPORTS_USED 1 +#define MEMPOOL_CACHE_SIZE 32 +#define RTE_TEST_RX_DESC_DEFAULT 1024 +#define RTE_TEST_TX_DESC_DEFAULT 1024 +#define RTE_PORT_ALL (~(uint16_t)0x0) + +#define RX_PTHRESH 8 /**< Default values of RX prefetch threshold reg. */ +#define RX_HTHRESH 8 /**< Default values of RX host threshold reg. */ +#define RX_WTHRESH 0 /**< Default values of RX write-back threshold reg. */ + +#define TX_PTHRESH 32 /**< Default values of TX prefetch threshold reg. */ +#define TX_HTHRESH 0 /**< Default values of TX host threshold reg. */ +#define TX_WTHRESH 0 /**< Default values of TX write-back threshold reg. */ + +#define MAX_TRAFFIC_BURST 2048 +#define NB_MBUF 10240 + +#define MCS_INVALID_SA 0xFFFF +#define MCS_DEFAULT_PN_THRESHOLD 0xFFFFF + +static struct rte_mempool *mbufpool; +static struct rte_mempool *sess_pool; +/* ethernet addresses of ports */ +static struct rte_ether_addr ports_eth_addr[RTE_MAX_ETHPORTS]; + +struct mcs_test_opts { + int val_frames; + int nb_td; + uint16_t mtu; + uint8_t sa_in_use; + bool encrypt; + bool protect_frames; + uint8_t sectag_insert_mode; + uint8_t nb_vlan; + uint32_t replay_win_sz; + uint8_t replay_protect; + uint8_t rekey_en; + const struct mcs_test_vector *rekey_td; + bool dump_all_stats; + uint8_t check_untagged_rx; + uint8_t check_bad_tag_cnt; + uint8_t check_sa_not_in_use; + uint8_t check_decap_stats; + uint8_t check_verify_only_stats; + uint8_t check_pkts_invalid_stats; + uint8_t check_pkts_unchecked_stats; + uint8_t check_out_pkts_untagged; + uint8_t check_out_pkts_toolong; + uint8_t check_encap_stats; + uint8_t check_auth_only_stats; + uint8_t check_sectag_interrupts; +}; + +static struct rte_eth_conf port_conf = { + .rxmode = { + .mq_mode = RTE_ETH_MQ_RX_NONE, + .offloads = RTE_ETH_RX_OFFLOAD_CHECKSUM | + RTE_ETH_RX_OFFLOAD_MACSEC_STRIP, + }, + .txmode = { + .mq_mode = RTE_ETH_MQ_TX_NONE, + .offloads = RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE | + RTE_ETH_TX_OFFLOAD_MACSEC_INSERT, + }, + .lpbk_mode = 1, /* enable loopback */ +}; + +static struct rte_eth_rxconf rx_conf = { + .rx_thresh = { + .pthresh = RX_PTHRESH, + .hthresh = RX_HTHRESH, + .wthresh = RX_WTHRESH, + }, + .rx_free_thresh = 32, +}; + +static struct rte_eth_txconf tx_conf = { + .tx_thresh = { + .pthresh = TX_PTHRESH, + .hthresh = TX_HTHRESH, + .wthresh = TX_WTHRESH, + }, + .tx_free_thresh = 32, /* Use PMD default values */ + .tx_rs_thresh = 32, /* Use PMD default values */ +}; + +static uint16_t port_id; + +static uint64_t link_mbps; + +static struct rte_flow *default_tx_flow[RTE_MAX_ETHPORTS]; +static struct rte_flow *default_rx_flow[RTE_MAX_ETHPORTS]; + +static struct rte_mbuf **tx_pkts_burst; +static struct rte_mbuf **rx_pkts_burst; + +static inline struct rte_mbuf * +init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len) +{ + struct rte_mbuf *pkt; + + pkt = rte_pktmbuf_alloc(mp); + if (pkt == NULL) + return NULL; + + rte_memcpy(rte_pktmbuf_append(pkt, len), data, len); + + return pkt; +} + +static int +init_mempools(unsigned int nb_mbuf) +{ + struct rte_security_ctx *sec_ctx; + uint16_t nb_sess = 512; + uint32_t sess_sz; + char s[64]; + + if (mbufpool == NULL) { + snprintf(s, sizeof(s), "mbuf_pool"); + mbufpool = rte_pktmbuf_pool_create(s, nb_mbuf, + MEMPOOL_CACHE_SIZE, 0, + RTE_MBUF_DEFAULT_BUF_SIZE, SOCKET_ID_ANY); + if (mbufpool == NULL) { + printf("Cannot init mbuf pool\n"); + return TEST_FAILED; + } + printf("Allocated mbuf pool\n"); + } + + sec_ctx = rte_eth_dev_get_sec_ctx(port_id); + if (sec_ctx == NULL) { + printf("Device does not support Security ctx\n"); + return TEST_SKIPPED; + } + sess_sz = rte_security_session_get_size(sec_ctx); + if (sess_pool == NULL) { + snprintf(s, sizeof(s), "sess_pool"); + sess_pool = rte_mempool_create(s, nb_sess, sess_sz, + MEMPOOL_CACHE_SIZE, 0, + NULL, NULL, NULL, NULL, + SOCKET_ID_ANY, 0); + if (sess_pool == NULL) { + printf("Cannot init sess pool\n"); + return TEST_FAILED; + } + printf("Allocated sess pool\n"); + } + + return 0; +} + +static void +fill_macsec_sa_conf(const struct mcs_test_vector *td, struct rte_security_macsec_sa *sa, + enum rte_security_macsec_direction dir, uint8_t an, uint8_t tci_off) +{ + sa->dir = dir; + + sa->key.data = td->sa_key.data; + sa->key.length = td->sa_key.len; + + memcpy((uint8_t *)sa->salt, (const uint8_t *)td->salt, RTE_SECURITY_MACSEC_SALT_LEN); + + /* AN is set as per the value in secure packet in test vector */ + sa->an = an & RTE_MACSEC_AN_MASK; + + sa->ssci = td->ssci; + sa->xpn = td->xpn; + /* Starting packet number which is expected to come next. + * It is take from the test vector so that we can match the out packet. + */ + sa->next_pn = *(const uint32_t *)(&td->secure_pkt.data[tci_off + 2]); +} + +static void +fill_macsec_sc_conf(const struct mcs_test_vector *td, + struct rte_security_macsec_sc *sc_conf, + const struct mcs_test_opts *opts, + enum rte_security_macsec_direction dir, + uint16_t sa_id[], uint8_t tci_off) +{ + uint8_t i; + + sc_conf->dir = dir; + if (dir == RTE_SECURITY_MACSEC_DIR_TX) { + sc_conf->sc_tx.sa_id = sa_id[0]; + if (sa_id[1] != MCS_INVALID_SA) { + sc_conf->sc_tx.sa_id_rekey = sa_id[1]; + sc_conf->sc_tx.re_key_en = 1; + } + sc_conf->sc_tx.active = 1; + /* is SCI valid */ + if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) { + memcpy(&sc_conf->sc_tx.sci, &td->secure_pkt.data[tci_off + 6], + sizeof(sc_conf->sc_tx.sci)); + sc_conf->sc_tx.sci = rte_be_to_cpu_64(sc_conf->sc_tx.sci); + } else if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) { + /* sci = source_mac + port_id when ES.bit = 1 & SC.bit = 0 */ + const uint8_t *smac = td->plain_pkt.data + RTE_ETHER_ADDR_LEN; + uint8_t *ptr = (uint8_t *)&sc_conf->sc_tx.sci; + + ptr[0] = 0x01; + ptr[1] = 0; + for (i = 0; i < RTE_ETHER_ADDR_LEN; i++) + ptr[2 + i] = smac[RTE_ETHER_ADDR_LEN - 1 - i]; + } else { + /* use some default SCI */ + sc_conf->sc_tx.sci = 0xf1341e023a2b1c5d; + } + } else { + for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) { + sc_conf->sc_rx.sa_id[i] = sa_id[i]; + sc_conf->sc_rx.sa_in_use[i] = opts->sa_in_use; + } + sc_conf->sc_rx.active = 1; + } +} + + +/* Create Inline MACsec session */ +static int +fill_session_conf(const struct mcs_test_vector *td, uint16_t portid __rte_unused, + const struct mcs_test_opts *opts, + struct rte_security_session_conf *sess_conf, + enum rte_security_macsec_direction dir, + uint16_t sc_id, + uint8_t tci_off) +{ + sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; + sess_conf->protocol = RTE_SECURITY_PROTOCOL_MACSEC; + sess_conf->macsec.dir = dir; + sess_conf->macsec.alg = td->alg; + sess_conf->macsec.cipher_off = 0; + if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) { + sess_conf->macsec.sci = rte_be_to_cpu_64(*(const uint64_t *) + (&td->secure_pkt.data[tci_off + 6])); + } else if (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) { + /* sci = source_mac + port_id when ES.bit = 1 & SC.bit = 0 */ + const uint8_t *smac = td->plain_pkt.data + RTE_ETHER_ADDR_LEN; + uint8_t *ptr = (uint8_t *)&sess_conf->macsec.sci; + uint8_t j; + + ptr[0] = 0x01; + ptr[1] = 0; + for (j = 0; j < RTE_ETHER_ADDR_LEN; j++) + ptr[2 + j] = smac[RTE_ETHER_ADDR_LEN - 1 - j]; + } + sess_conf->macsec.sc_id = sc_id; + if (dir == RTE_SECURITY_MACSEC_DIR_TX) { + sess_conf->macsec.tx_secy.mtu = opts->mtu; + sess_conf->macsec.tx_secy.sectag_off = (opts->sectag_insert_mode == 1) ? + 2 * RTE_ETHER_ADDR_LEN : + RTE_VLAN_HLEN; + sess_conf->macsec.tx_secy.sectag_insert_mode = opts->sectag_insert_mode; + sess_conf->macsec.tx_secy.ctrl_port_enable = 1; + sess_conf->macsec.tx_secy.sectag_version = 0; + sess_conf->macsec.tx_secy.end_station = + (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_ES) >> 6; + sess_conf->macsec.tx_secy.send_sci = + (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SC) >> 5; + sess_conf->macsec.tx_secy.scb = + (td->secure_pkt.data[tci_off] & RTE_MACSEC_TCI_SCB) >> 4; + sess_conf->macsec.tx_secy.encrypt = opts->encrypt; + sess_conf->macsec.tx_secy.protect_frames = opts->protect_frames; + sess_conf->macsec.tx_secy.icv_include_da_sa = 1; + } else { + sess_conf->macsec.rx_secy.replay_win_sz = opts->replay_win_sz; + sess_conf->macsec.rx_secy.replay_protect = opts->replay_protect; + sess_conf->macsec.rx_secy.icv_include_da_sa = 1; + sess_conf->macsec.rx_secy.ctrl_port_enable = 1; + sess_conf->macsec.rx_secy.preserve_sectag = 0; + sess_conf->macsec.rx_secy.preserve_icv = 0; + sess_conf->macsec.rx_secy.validate_frames = opts->val_frames; + } + + return 0; +} + +static int +create_default_flow(const struct mcs_test_vector *td, uint16_t portid, + enum rte_security_macsec_direction dir, void *sess) +{ + struct rte_flow_action action[2]; + struct rte_flow_item pattern[2]; + struct rte_flow_attr attr = {0}; + struct rte_flow_error err; + struct rte_flow *flow; + struct rte_flow_item_eth eth = { .hdr.ether_type = 0, }; + static const struct rte_flow_item_eth eth_mask = { + .hdr.dst_addr.addr_bytes = "\x00\x00\x00\x00\x00\x00", + .hdr.src_addr.addr_bytes = "\x00\x00\x00\x00\x00\x00", + .hdr.ether_type = RTE_BE16(0x0000), + }; + + int ret; + + eth.has_vlan = 0; + if (dir == RTE_SECURITY_MACSEC_DIR_TX) + memcpy(ð.hdr, td->plain_pkt.data, RTE_ETHER_HDR_LEN); + else + memcpy(ð.hdr, td->secure_pkt.data, RTE_ETHER_HDR_LEN); + + pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH; + pattern[0].spec = ð + pattern[0].mask = ð_mask; + pattern[0].last = NULL; + pattern[1].type = RTE_FLOW_ITEM_TYPE_END; + + action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; + action[0].conf = sess; + action[1].type = RTE_FLOW_ACTION_TYPE_END; + action[1].conf = NULL; + + attr.ingress = (dir == RTE_SECURITY_MACSEC_DIR_RX) ? 1 : 0; + attr.egress = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? 1 : 0; + + ret = rte_flow_validate(portid, &attr, pattern, action, &err); + if (ret) { + printf("\nValidate flow failed, ret = %d\n", ret); + return -1; + } + flow = rte_flow_create(portid, &attr, pattern, action, &err); + if (flow == NULL) { + printf("\nDefault flow rule create failed\n"); + return -1; + } + + if (dir == RTE_SECURITY_MACSEC_DIR_TX) + default_tx_flow[portid] = flow; + else + default_rx_flow[portid] = flow; + + return 0; +} + +static void +destroy_default_flow(uint16_t portid) +{ + struct rte_flow_error err; + int ret; + + if (default_tx_flow[portid]) { + ret = rte_flow_destroy(portid, default_tx_flow[portid], &err); + if (ret) { + printf("\nDefault Tx flow rule destroy failed\n"); + return; + } + default_tx_flow[portid] = NULL; + } + if (default_rx_flow[portid]) { + ret = rte_flow_destroy(portid, default_rx_flow[portid], &err); + if (ret) { + printf("\nDefault Rx flow rule destroy failed\n"); + return; + } + default_rx_flow[portid] = NULL; + } +} + +static void +print_ethaddr(const char *name, const struct rte_ether_addr *eth_addr) +{ + char buf[RTE_ETHER_ADDR_FMT_SIZE]; + rte_ether_format_addr(buf, RTE_ETHER_ADDR_FMT_SIZE, eth_addr); + printf("%s%s", name, buf); +} + +/* Check the link status of all ports in up to 3s, and print them finally */ +static void +check_all_ports_link_status(uint16_t port_num, uint32_t port_mask) +{ +#define CHECK_INTERVAL 100 /* 100ms */ +#define MAX_CHECK_TIME 30 /* 3s (30 * 100ms) in total */ + uint16_t portid; + uint8_t count, all_ports_up, print_flag = 0; + struct rte_eth_link link; + int ret; + char link_status[RTE_ETH_LINK_MAX_STR_LEN]; + + printf("Checking link statuses...\n"); + fflush(stdout); + for (count = 0; count <= MAX_CHECK_TIME; count++) { + all_ports_up = 1; + for (portid = 0; portid < port_num; portid++) { + if ((port_mask & (1 << portid)) == 0) + continue; + memset(&link, 0, sizeof(link)); + ret = rte_eth_link_get_nowait(portid, &link); + if (ret < 0) { + all_ports_up = 0; + if (print_flag == 1) + printf("Port %u link get failed: %s\n", + portid, rte_strerror(-ret)); + continue; + } + + /* print link status if flag set */ + if (print_flag == 1) { + if (link.link_status && link_mbps == 0) + link_mbps = link.link_speed; + + rte_eth_link_to_str(link_status, + sizeof(link_status), &link); + printf("Port %d %s\n", portid, link_status); + continue; + } + /* clear all_ports_up flag if any link down */ + if (link.link_status == RTE_ETH_LINK_DOWN) { + all_ports_up = 0; + break; + } + } + /* after finally printing all link status, get out */ + if (print_flag == 1) + break; + + if (all_ports_up == 0) + fflush(stdout); + + /* set the print_flag if all ports up or timeout */ + if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) + print_flag = 1; + } +} + +static int +test_macsec_post_process(struct rte_mbuf *m, const struct mcs_test_vector *td, + enum mcs_op op, uint8_t check_out_pkts_untagged) +{ + const uint8_t *dptr; + uint16_t pkt_len; + + if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || + op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY || + check_out_pkts_untagged == 1) { + dptr = td->plain_pkt.data; + pkt_len = td->plain_pkt.len; + } else { + dptr = td->secure_pkt.data; + pkt_len = td->secure_pkt.len; + } + + if (memcmp(rte_pktmbuf_mtod(m, uint8_t *), dptr, pkt_len)) { + printf("\nData comparison failed for td."); + rte_pktmbuf_dump(stdout, m, m->pkt_len); + rte_hexdump(stdout, "expected_data", dptr, pkt_len); + return TEST_FAILED; + } + + return TEST_SUCCESS; +} + +static void +mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op, + void *rx_sess, void *tx_sess, + uint8_t rx_sc_id, uint8_t tx_sc_id, + uint16_t rx_sa_id[], uint16_t tx_sa_id[]) +{ + struct rte_security_stats sess_stats = {0}; + struct rte_security_macsec_secy_stats *secy_stat; + struct rte_security_macsec_sc_stats sc_stat = {0}; + struct rte_security_macsec_sa_stats sa_stat = {0}; + int i; + + if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || + op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { + printf("\n********* RX SECY STATS ************\n"); + rte_security_session_stats_get(ctx, rx_sess, &sess_stats); + secy_stat = &sess_stats.macsec; + + if (secy_stat->ctl_pkt_bcast_cnt) + printf("RX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_bcast_cnt); + if (secy_stat->ctl_pkt_mcast_cnt) + printf("RX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_mcast_cnt); + if (secy_stat->ctl_pkt_ucast_cnt) + printf("RX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_ucast_cnt); + if (secy_stat->ctl_octet_cnt) + printf("RX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt); + if (secy_stat->unctl_pkt_bcast_cnt) + printf("RX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_bcast_cnt); + if (secy_stat->unctl_pkt_mcast_cnt) + printf("RX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_mcast_cnt); + if (secy_stat->unctl_pkt_ucast_cnt) + printf("RX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_ucast_cnt); + if (secy_stat->unctl_octet_cnt) + printf("RX: unctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->unctl_octet_cnt); + /* Valid only for RX */ + if (secy_stat->octet_decrypted_cnt) + printf("RX: octet_decrypted_cnt: 0x%" PRIx64 "\n", + secy_stat->octet_decrypted_cnt); + if (secy_stat->octet_validated_cnt) + printf("RX: octet_validated_cnt: 0x%" PRIx64 "\n", + secy_stat->octet_validated_cnt); + if (secy_stat->pkt_port_disabled_cnt) + printf("RX: pkt_port_disabled_cnt: 0x%" PRIx64 "\n", + secy_stat->pkt_port_disabled_cnt); + if (secy_stat->pkt_badtag_cnt) + printf("RX: pkt_badtag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_badtag_cnt); + if (secy_stat->pkt_nosa_cnt) + printf("RX: pkt_nosa_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_nosa_cnt); + if (secy_stat->pkt_nosaerror_cnt) + printf("RX: pkt_nosaerror_cnt: 0x%" PRIx64 "\n", + secy_stat->pkt_nosaerror_cnt); + if (secy_stat->pkt_tagged_ctl_cnt) + printf("RX: pkt_tagged_ctl_cnt: 0x%" PRIx64 "\n", + secy_stat->pkt_tagged_ctl_cnt); + if (secy_stat->pkt_untaged_cnt) + printf("RX: pkt_untaged_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_untaged_cnt); + if (secy_stat->pkt_ctl_cnt) + printf("RX: pkt_ctl_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_ctl_cnt); + if (secy_stat->pkt_notag_cnt) + printf("RX: pkt_notag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_notag_cnt); + printf("\n"); + printf("\n********** RX SC[%u] STATS **************\n", rx_sc_id); + + rte_security_macsec_sc_stats_get(ctx, rx_sc_id, RTE_SECURITY_MACSEC_DIR_RX, + &sc_stat); + /* RX */ + if (sc_stat.hit_cnt) + printf("RX hit_cnt: 0x%" PRIx64 "\n", sc_stat.hit_cnt); + if (sc_stat.pkt_invalid_cnt) + printf("RX pkt_invalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_invalid_cnt); + if (sc_stat.pkt_late_cnt) + printf("RX pkt_late_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_late_cnt); + if (sc_stat.pkt_notvalid_cnt) + printf("RX pkt_notvalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_notvalid_cnt); + if (sc_stat.pkt_unchecked_cnt) + printf("RX pkt_unchecked_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_unchecked_cnt); + if (sc_stat.pkt_delay_cnt) + printf("RX pkt_delay_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_delay_cnt); + if (sc_stat.pkt_ok_cnt) + printf("RX pkt_ok_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_ok_cnt); + if (sc_stat.octet_decrypt_cnt) + printf("RX octet_decrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_decrypt_cnt); + if (sc_stat.octet_validate_cnt) + printf("RX octet_validate_cnt: 0x%" PRIx64 "\n", + sc_stat.octet_validate_cnt); + printf("\n"); + for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) { + printf("\n********** RX SA[%u] STATS ****************\n", rx_sa_id[i]); + memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); + rte_security_macsec_sa_stats_get(ctx, rx_sa_id[i], + RTE_SECURITY_MACSEC_DIR_RX, &sa_stat); + + /* RX */ + if (sa_stat.pkt_invalid_cnt) + printf("RX pkt_invalid_cnt: 0x%" PRIx64 "\n", + sa_stat.pkt_invalid_cnt); + if (sa_stat.pkt_nosaerror_cnt) + printf("RX pkt_nosaerror_cnt: 0x%" PRIx64 "\n", + sa_stat.pkt_nosaerror_cnt); + if (sa_stat.pkt_notvalid_cnt) + printf("RX pkt_notvalid_cnt: 0x%" PRIx64 "\n", + sa_stat.pkt_notvalid_cnt); + if (sa_stat.pkt_ok_cnt) + printf("RX pkt_ok_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_ok_cnt); + if (sa_stat.pkt_nosa_cnt) + printf("RX pkt_nosa_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_nosa_cnt); + printf("\n"); + } + } + + if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || + op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { + memset(&sess_stats, 0, sizeof(struct rte_security_stats)); + rte_security_session_stats_get(ctx, tx_sess, &sess_stats); + secy_stat = &sess_stats.macsec; + + printf("\n********* TX SECY STATS ************\n"); + if (secy_stat->ctl_pkt_bcast_cnt) + printf("TX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_bcast_cnt); + if (secy_stat->ctl_pkt_mcast_cnt) + printf("TX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_mcast_cnt); + if (secy_stat->ctl_pkt_ucast_cnt) + printf("TX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", + secy_stat->ctl_pkt_ucast_cnt); + if (secy_stat->ctl_octet_cnt) + printf("TX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt); + if (secy_stat->unctl_pkt_bcast_cnt) + printf("TX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_bcast_cnt); + if (secy_stat->unctl_pkt_mcast_cnt) + printf("TX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_mcast_cnt); + if (secy_stat->unctl_pkt_ucast_cnt) + printf("TX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_pkt_ucast_cnt); + if (secy_stat->unctl_octet_cnt) + printf("TX: unctl_octet_cnt: 0x%" PRIx64 "\n", + secy_stat->unctl_octet_cnt); + /* Valid only for TX */ + if (secy_stat->octet_encrypted_cnt) + printf("TX: octet_encrypted_cnt: 0x%" PRIx64 "\n", + secy_stat->octet_encrypted_cnt); + if (secy_stat->octet_protected_cnt) + printf("TX: octet_protected_cnt: 0x%" PRIx64 "\n", + secy_stat->octet_protected_cnt); + if (secy_stat->pkt_noactivesa_cnt) + printf("TX: pkt_noactivesa_cnt: 0x%" PRIx64 "\n", + secy_stat->pkt_noactivesa_cnt); + if (secy_stat->pkt_toolong_cnt) + printf("TX: pkt_toolong_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_toolong_cnt); + if (secy_stat->pkt_untagged_cnt) + printf("TX: pkt_untagged_cnt: 0x%" PRIx64 "\n", + secy_stat->pkt_untagged_cnt); + + + memset(&sc_stat, 0, sizeof(struct rte_security_macsec_sc_stats)); + rte_security_macsec_sc_stats_get(ctx, tx_sc_id, RTE_SECURITY_MACSEC_DIR_TX, + &sc_stat); + printf("\n********** TX SC[%u] STATS **************\n", tx_sc_id); + if (sc_stat.pkt_encrypt_cnt) + printf("TX pkt_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_encrypt_cnt); + if (sc_stat.pkt_protected_cnt) + printf("TX pkt_protected_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_protected_cnt); + if (sc_stat.octet_encrypt_cnt) + printf("TX octet_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_encrypt_cnt); + + memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); + rte_security_macsec_sa_stats_get(ctx, tx_sa_id[0], + RTE_SECURITY_MACSEC_DIR_TX, &sa_stat); + printf("\n********** TX SA[%u] STATS ****************\n", tx_sa_id[0]); + if (sa_stat.pkt_encrypt_cnt) + printf("TX pkt_encrypt_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_encrypt_cnt); + if (sa_stat.pkt_protected_cnt) + printf("TX pkt_protected_cnt: 0x%" PRIx64 "\n", sa_stat.pkt_protected_cnt); + } +} + +static int +test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts) +{ + uint16_t rx_sa_id[MCS_MAX_FLOWS][RTE_SECURITY_MACSEC_NUM_AN] = {{0}}; + uint16_t tx_sa_id[MCS_MAX_FLOWS][2] = {{0}}; + uint16_t rx_sc_id[MCS_MAX_FLOWS] = {0}; + uint16_t tx_sc_id[MCS_MAX_FLOWS] = {0}; + void *rx_sess[MCS_MAX_FLOWS] = {0}; + void *tx_sess[MCS_MAX_FLOWS] = {0}; + struct rte_security_session_conf sess_conf = {0}; + struct rte_security_macsec_sa sa_conf = {0}; + struct rte_security_macsec_sc sc_conf = {0}; + struct rte_security_ctx *ctx; + int nb_rx = 0, nb_sent; + int i, j = 0, ret, id, an = 0; + uint8_t tci_off; + + memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td); + + ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(port_id); + if (ctx == NULL) { + printf("Ethernet device doesn't support security features.\n"); + return TEST_SKIPPED; + } + + tci_off = (opts->sectag_insert_mode == 1) ? RTE_ETHER_HDR_LEN : + RTE_ETHER_HDR_LEN + (opts->nb_vlan * RTE_VLAN_HLEN); + + for (i = 0, j = 0; i < opts->nb_td; i++) { + if (op == MCS_DECAP || op == MCS_VERIFY_ONLY) + tx_pkts_burst[j] = init_packet(mbufpool, td[i]->secure_pkt.data, + td[i]->secure_pkt.len); + else { + tx_pkts_burst[j] = init_packet(mbufpool, td[i]->plain_pkt.data, + td[i]->plain_pkt.len); + + tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC; + } + if (tx_pkts_burst[j] == NULL) { + while (j--) + rte_pktmbuf_free(tx_pkts_burst[j]); + ret = TEST_FAILED; + goto out; + } + j++; + + if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || + op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { + for (an = 0; an < RTE_SECURITY_MACSEC_NUM_AN; an++) { + /* For simplicity, using same SA conf for all AN */ + fill_macsec_sa_conf(td[i], &sa_conf, + RTE_SECURITY_MACSEC_DIR_RX, an, tci_off); + id = rte_security_macsec_sa_create(ctx, &sa_conf); + if (id < 0) { + printf("MACsec SA create failed : %d.\n", id); + return TEST_FAILED; + } + rx_sa_id[i][an] = (uint16_t)id; + } + fill_macsec_sc_conf(td[i], &sc_conf, opts, + RTE_SECURITY_MACSEC_DIR_RX, rx_sa_id[i], tci_off); + id = rte_security_macsec_sc_create(ctx, &sc_conf); + if (id < 0) { + printf("MACsec SC create failed : %d.\n", id); + goto out; + } + rx_sc_id[i] = (uint16_t)id; + + /* Create Inline IPsec session. */ + ret = fill_session_conf(td[i], port_id, opts, &sess_conf, + RTE_SECURITY_MACSEC_DIR_RX, rx_sc_id[i], tci_off); + if (ret) + return TEST_FAILED; + + rx_sess[i] = rte_security_session_create(ctx, &sess_conf, + sess_pool); + if (rx_sess[i] == NULL) { + printf("SEC Session init failed.\n"); + return TEST_FAILED; + } + ret = create_default_flow(td[i], port_id, + RTE_SECURITY_MACSEC_DIR_RX, rx_sess[i]); + if (ret) + goto out; + } + if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || + op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { + int id; + + fill_macsec_sa_conf(td[i], &sa_conf, + RTE_SECURITY_MACSEC_DIR_TX, + td[i]->secure_pkt.data[tci_off] & RTE_MACSEC_AN_MASK, + tci_off); + id = rte_security_macsec_sa_create(ctx, &sa_conf); + if (id < 0) { + printf("MACsec SA create failed : %d.\n", id); + return TEST_FAILED; + } + tx_sa_id[i][0] = (uint16_t)id; + tx_sa_id[i][1] = MCS_INVALID_SA; + fill_macsec_sc_conf(td[i], &sc_conf, opts, + RTE_SECURITY_MACSEC_DIR_TX, tx_sa_id[i], tci_off); + id = rte_security_macsec_sc_create(ctx, &sc_conf); + if (id < 0) { + printf("MACsec SC create failed : %d.\n", id); + goto out; + } + tx_sc_id[i] = (uint16_t)id; + + /* Create Inline IPsec session. */ + ret = fill_session_conf(td[i], port_id, opts, &sess_conf, + RTE_SECURITY_MACSEC_DIR_TX, tx_sc_id[i], tci_off); + if (ret) + return TEST_FAILED; + + tx_sess[i] = rte_security_session_create(ctx, &sess_conf, + sess_pool); + if (tx_sess[i] == NULL) { + printf("SEC Session init failed.\n"); + return TEST_FAILED; + } + ret = create_default_flow(td[i], port_id, + RTE_SECURITY_MACSEC_DIR_TX, tx_sess[i]); + if (ret) + goto out; + } + } + + /* Send packet to ethdev for inline MACsec processing. */ + nb_sent = rte_eth_tx_burst(port_id, 0, tx_pkts_burst, j); + + if (nb_sent != j) { + printf("\nUnable to TX %d packets, sent: %i", j, nb_sent); + for ( ; nb_sent < j; nb_sent++) + rte_pktmbuf_free(tx_pkts_burst[nb_sent]); + ret = TEST_FAILED; + goto out; + } + + rte_pause(); + + /* Receive back packet on loopback interface. */ + do { + nb_rx += rte_eth_rx_burst(port_id, 0, + &rx_pkts_burst[nb_rx], + nb_sent - nb_rx); + if (nb_rx >= nb_sent) + break; + rte_delay_ms(1); + } while (j++ < 5 && nb_rx == 0); + + if (nb_rx != nb_sent) { + printf("\nUnable to RX all %d packets, received(%i)", + nb_sent, nb_rx); + while (--nb_rx >= 0) + rte_pktmbuf_free(rx_pkts_burst[nb_rx]); + ret = TEST_FAILED; + goto out; + } + + for (i = 0; i < nb_rx; i++) { + ret = test_macsec_post_process(rx_pkts_burst[i], td[i], op, + opts->check_out_pkts_untagged); + if (ret != TEST_SUCCESS) { + for ( ; i < nb_rx; i++) + rte_pktmbuf_free(rx_pkts_burst[i]); + goto out; + } + + rte_pktmbuf_free(rx_pkts_burst[i]); + rx_pkts_burst[i] = NULL; + } +out: + for (i = 0; i < opts->nb_td; i++) { + if (opts->dump_all_stats) { + mcs_stats_dump(ctx, op, + rx_sess[i], tx_sess[i], + rx_sc_id[i], tx_sc_id[i], + rx_sa_id[i], tx_sa_id[i]); + } + } + + destroy_default_flow(port_id); + + /* Destroy session so that other cases can create the session again */ + for (i = 0; i < opts->nb_td; i++) { + if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || + op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { + rte_security_session_destroy(ctx, tx_sess[i]); + tx_sess[i] = NULL; + rte_security_macsec_sc_destroy(ctx, tx_sc_id[i], + RTE_SECURITY_MACSEC_DIR_TX); + rte_security_macsec_sa_destroy(ctx, tx_sa_id[i][0], + RTE_SECURITY_MACSEC_DIR_TX); + } + if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || + op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { + rte_security_session_destroy(ctx, rx_sess[i]); + rx_sess[i] = NULL; + rte_security_macsec_sc_destroy(ctx, rx_sc_id[i], + RTE_SECURITY_MACSEC_DIR_RX); + for (j = 0; j < RTE_SECURITY_MACSEC_NUM_AN; j++) { + rte_security_macsec_sa_destroy(ctx, rx_sa_id[i][j], + RTE_SECURITY_MACSEC_DIR_RX); + } + } + } + + return ret; +} + +static int +test_inline_macsec_encap_all(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.encrypt = true; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_ENCAP, &opts); + if (err) { + printf("\nCipher Auth Encryption case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nCipher Auth Encryption case %d Passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_decap_all(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) { + printf("\nCipher Auth Decryption case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nCipher Auth Decryption case %d Passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +ut_setup_inline_macsec(void) +{ + int ret; + + /* Start device */ + ret = rte_eth_dev_start(port_id); + if (ret < 0) { + printf("rte_eth_dev_start: err=%d, port=%d\n", + ret, port_id); + return ret; + } + /* always enable promiscuous */ + ret = rte_eth_promiscuous_enable(port_id); + if (ret != 0) { + printf("rte_eth_promiscuous_enable: err=%s, port=%d\n", + rte_strerror(-ret), port_id); + return ret; + } + + check_all_ports_link_status(1, RTE_PORT_ALL); + + return 0; +} + +static void +ut_teardown_inline_macsec(void) +{ + uint16_t portid; + int ret; + + /* port tear down */ + RTE_ETH_FOREACH_DEV(portid) { + ret = rte_eth_dev_stop(portid); + if (ret != 0) + printf("rte_eth_dev_stop: err=%s, port=%u\n", + rte_strerror(-ret), portid); + + } +} + +static int +inline_macsec_testsuite_setup(void) +{ + uint16_t nb_rxd; + uint16_t nb_txd; + uint16_t nb_ports; + int ret; + uint16_t nb_rx_queue = 1, nb_tx_queue = 1; + + printf("Start inline MACsec test.\n"); + + nb_ports = rte_eth_dev_count_avail(); + if (nb_ports < NB_ETHPORTS_USED) { + printf("At least %u port(s) used for test\n", + NB_ETHPORTS_USED); + return TEST_SKIPPED; + } + + ret = init_mempools(NB_MBUF); + if (ret) + return ret; + + if (tx_pkts_burst == NULL) { + tx_pkts_burst = (struct rte_mbuf **)rte_calloc("tx_buff", + MAX_TRAFFIC_BURST, + sizeof(void *), + RTE_CACHE_LINE_SIZE); + if (!tx_pkts_burst) + return TEST_FAILED; + + rx_pkts_burst = (struct rte_mbuf **)rte_calloc("rx_buff", + MAX_TRAFFIC_BURST, + sizeof(void *), + RTE_CACHE_LINE_SIZE); + if (!rx_pkts_burst) + return TEST_FAILED; + } + + printf("Generate %d packets\n", MAX_TRAFFIC_BURST); + + nb_rxd = RTE_TEST_RX_DESC_DEFAULT; + nb_txd = RTE_TEST_TX_DESC_DEFAULT; + + /* configuring port 0 for the test is enough */ + port_id = 0; + /* port configure */ + ret = rte_eth_dev_configure(port_id, nb_rx_queue, + nb_tx_queue, &port_conf); + if (ret < 0) { + printf("Cannot configure device: err=%d, port=%d\n", + ret, port_id); + return ret; + } + ret = rte_eth_macaddr_get(port_id, &ports_eth_addr[port_id]); + if (ret < 0) { + printf("Cannot get mac address: err=%d, port=%d\n", + ret, port_id); + return ret; + } + printf("Port %u ", port_id); + print_ethaddr("Address:", &ports_eth_addr[port_id]); + printf("\n"); + + /* tx queue setup */ + ret = rte_eth_tx_queue_setup(port_id, 0, nb_txd, + SOCKET_ID_ANY, &tx_conf); + if (ret < 0) { + printf("rte_eth_tx_queue_setup: err=%d, port=%d\n", + ret, port_id); + return ret; + } + /* rx queue steup */ + ret = rte_eth_rx_queue_setup(port_id, 0, nb_rxd, SOCKET_ID_ANY, + &rx_conf, mbufpool); + if (ret < 0) { + printf("rte_eth_rx_queue_setup: err=%d, port=%d\n", + ret, port_id); + return ret; + } + + return 0; +} + +static void +inline_macsec_testsuite_teardown(void) +{ + uint16_t portid; + int ret; + + /* port tear down */ + RTE_ETH_FOREACH_DEV(portid) { + ret = rte_eth_dev_reset(portid); + if (ret != 0) + printf("rte_eth_dev_reset: err=%s, port=%u\n", + rte_strerror(-ret), port_id); + } + rte_free(tx_pkts_burst); + rte_free(rx_pkts_burst); +} + + +static struct unit_test_suite inline_macsec_testsuite = { + .suite_name = "Inline MACsec Ethernet Device Unit Test Suite", + .unit_test_cases = { + TEST_CASE_NAMED_ST( + "MACsec encap(Cipher+Auth) known vector", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_encap_all), + TEST_CASE_NAMED_ST( + "MACsec decap(De-cipher+verify) known vector", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_decap_all), + + TEST_CASES_END() /**< NULL terminate unit test array */ + }, +}; + +static int +test_inline_macsec(void) +{ + inline_macsec_testsuite.setup = inline_macsec_testsuite_setup; + inline_macsec_testsuite.teardown = inline_macsec_testsuite_teardown; + return unit_test_suite_runner(&inline_macsec_testsuite); +} + +#endif /* !RTE_EXEC_ENV_WINDOWS */ + +REGISTER_TEST_COMMAND(inline_macsec_autotest, test_inline_macsec); diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h new file mode 100644 index 0000000000..68bd485419 --- /dev/null +++ b/app/test/test_security_inline_macsec_vectors.h @@ -0,0 +1,1086 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ +#ifndef _TEST_INLINE_MACSEC_VECTORS_H_ +#define _TEST_INLINE_MACSEC_VECTORS_H_ + +#define MCS_MAX_DATA_SZ 256 +#define MCS_MAX_KEY_LEN 32 +#define MCS_IV_LEN 12 +#define MCS_SALT_LEN 12 +#define MCS_MAX_FLOWS 63 + +enum mcs_op { + MCS_NO_OP, + MCS_ENCAP, + MCS_DECAP, + MCS_ENCAP_DECAP, + MCS_AUTH_ONLY, + MCS_VERIFY_ONLY, + MCS_AUTH_VERIFY, +}; + +struct mcs_test_vector { + uint32_t test_idx; + enum rte_security_macsec_alg alg; + uint32_t ssci; + uint32_t xpn; + uint8_t salt[MCS_SALT_LEN]; + struct { + uint8_t data[MCS_MAX_KEY_LEN]; + uint16_t len; + } sa_key; + struct { + uint8_t data[MCS_MAX_DATA_SZ]; + uint16_t len; + } plain_pkt; + struct { + uint8_t data[MCS_MAX_DATA_SZ]; + uint16_t len; + } secure_pkt; +}; + +static const struct mcs_test_vector list_mcs_cipher_vectors[] = { +/* gcm_128_64B_cipher */ +{ + .test_idx = 0, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +/* gcm_128_54B_cipher */ +{ + .test_idx = 1, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .xpn = 0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* Secure Data */ + 0x13, 0xB4, 0xC7, 0x2B, 0x38, 0x9D, 0xC5, 0x01, + 0x8E, 0x72, 0xA1, 0x71, 0xDD, 0x85, 0xA5, 0xD3, + 0x75, 0x22, 0x74, 0xD3, 0xA0, 0x19, 0xFB, 0xCA, + 0xED, 0x09, 0xA4, 0x25, 0xCD, 0x9B, 0x2E, 0x1C, + 0x9B, 0x72, 0xEE, 0xE7, 0xC9, 0xDE, 0x7D, 0x52, + 0xB3, 0xF3, + /* ICV */ + 0xD6, 0xA5, 0x28, 0x4F, 0x4A, 0x6D, 0x3F, 0xE2, + 0x2A, 0x5D, 0x6C, 0x2B, 0x96, 0x04, 0x94, 0xC3, + }, + .len = 78, + }, +}, +/* gcm_256_54B_cipher */ +{ + .test_idx = 2, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0x0, + .xpn = 0, + .salt = {0}, + .sa_key = { + .data = { + 0x69, 0x1D, 0x3E, 0xE9, 0x09, 0xD7, 0xF5, 0x41, + 0x67, 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x08, + 0x1F, 0x2B, 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, + 0xAB, 0x80, 0xBD, 0x52, 0x95, 0xAE, 0x6B, 0xE7, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* Secure Data */ + 0xC1, 0x62, 0x3F, 0x55, 0x73, 0x0C, 0x93, 0x53, + 0x30, 0x97, 0xAD, 0xDA, 0xD2, 0x56, 0x64, 0x96, + 0x61, 0x25, 0x35, 0x2B, 0x43, 0xAD, 0xAC, 0xBD, + 0x61, 0xC5, 0xEF, 0x3A, 0xC9, 0x0B, 0x5B, 0xEE, + 0x92, 0x9C, 0xE4, 0x63, 0x0E, 0xA7, 0x9F, 0x6C, + 0xE5, 0x19, + /* ICV */ + 0x12, 0xAF, 0x39, 0xC2, 0xD1, 0xFD, 0xC2, 0x05, + 0x1F, 0x8B, 0x7B, 0x3C, 0x9D, 0x39, 0x7E, 0xF2, + }, + .len = 78, + }, +}, +/* gcm_128_xpn_54B_cipher */ +{ + .test_idx = 3, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* Secure Data */ + 0x9C, 0xA4, 0x69, 0x84, 0x43, 0x02, 0x03, 0xED, + 0x41, 0x6E, 0xBD, 0xC2, 0xFE, 0x26, 0x22, 0xBA, + 0x3E, 0x5E, 0xAB, 0x69, 0x61, 0xC3, 0x63, 0x83, + 0x00, 0x9E, 0x18, 0x7E, 0x9B, 0x0C, 0x88, 0x56, + 0x46, 0x53, 0xB9, 0xAB, 0xD2, 0x16, 0x44, 0x1C, + 0x6A, 0xB6, + /* ICV */ + 0xF0, 0xA2, 0x32, 0xE9, 0xE4, 0x4C, 0x97, 0x8C, + 0xF7, 0xCD, 0x84, 0xD4, 0x34, 0x84, 0xD1, 0x01, + }, + .len = 78, + }, +}, +/* gcm_256_xpn_54B_cipher */ +{ + .test_idx = 4, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x69, 0x1D, 0x3E, 0xE9, 0x09, 0xD7, 0xF5, 0x41, + 0x67, 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x08, + 0x1F, 0x2B, 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, + 0xAB, 0x80, 0xBD, 0x52, 0x95, 0xAE, 0x6B, 0xE7, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* Secure Data */ + 0x88, 0xD9, 0xF7, 0xD1, 0xF1, 0x57, 0x8E, 0xE3, + 0x4B, 0xA7, 0xB1, 0xAB, 0xC8, 0x98, 0x93, 0xEF, + 0x1D, 0x33, 0x98, 0xC9, 0xF1, 0xDD, 0x3E, 0x47, + 0xFB, 0xD8, 0x55, 0x3E, 0x0F, 0xF7, 0x86, 0xEF, + 0x56, 0x99, 0xEB, 0x01, 0xEA, 0x10, 0x42, 0x0D, + 0x0E, 0xBD, + /* ICV */ + 0x39, 0xA0, 0xE2, 0x73, 0xC4, 0xC7, 0xF9, 0x5E, + 0xD8, 0x43, 0x20, 0x7D, 0x7A, 0x49, 0x7D, 0xFA, + }, + .len = 78, + }, +}, +/* gcm_128_60B_cipher */ +{ + .test_idx = 5, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .xpn = 0x0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, + 0x6F, 0x62, 0x0F, 0xDC, 0xB5, 0x06, 0xB3, 0x45, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2E, + /* SL */ + 0x00, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0x70, 0x1A, 0xFA, 0x1C, 0xC0, 0x39, 0xC0, 0xD7, + 0x65, 0x12, 0x8A, 0x66, 0x5D, 0xAB, 0x69, 0x24, + 0x38, 0x99, 0xBF, 0x73, 0x18, 0xCC, 0xDC, 0x81, + 0xC9, 0x93, 0x1D, 0xA1, 0x7F, 0xBE, 0x8E, 0xDD, + 0x7D, 0x17, 0xCB, 0x8B, 0x4C, 0x26, 0xFC, 0x81, + 0xE3, 0x28, 0x4F, 0x2B, 0x7F, 0xBA, 0x71, 0x3D, + /* ICV */ + 0x4F, 0x8D, 0x55, 0xE7, 0xD3, 0xF0, 0x6F, 0xD5, + 0xA1, 0x3C, 0x0C, 0x29, 0xB9, 0xD5, 0xB8, 0x80, + }, + .len = 92, + }, +}, +/* gcm_256_60B_cipher */ +{ + .test_idx = 6, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0x0, + .xpn = 0x0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0xE3, 0xC0, 0x8A, 0x8F, 0x06, 0xC6, 0xE3, 0xAD, + 0x95, 0xA7, 0x05, 0x57, 0xB2, 0x3F, 0x75, 0x48, + 0x3C, 0xE3, 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, + 0x25, 0x66, 0x62, 0x04, 0xC6, 0x9C, 0x0B, 0x72, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2E, + /* SL */ + 0x00, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0xE2, 0x00, 0x6E, 0xB4, 0x2F, 0x52, 0x77, 0x02, + 0x2D, 0x9B, 0x19, 0x92, 0x5B, 0xC4, 0x19, 0xD7, + 0xA5, 0x92, 0x66, 0x6C, 0x92, 0x5F, 0xE2, 0xEF, + 0x71, 0x8E, 0xB4, 0xE3, 0x08, 0xEF, 0xEA, 0xA7, + 0xC5, 0x27, 0x3B, 0x39, 0x41, 0x18, 0x86, 0x0A, + 0x5B, 0xE2, 0xA9, 0x7F, 0x56, 0xAB, 0x78, 0x36, + /* ICV */ + 0x5C, 0xA5, 0x97, 0xCD, 0xBB, 0x3E, 0xDB, 0x8D, + 0x1A, 0x11, 0x51, 0xEA, 0x0A, 0xF7, 0xB4, 0x36, + }, + .len = 92, + }, +}, +/* gcm_128_xpn_60B_cipher */ +{ + .test_idx = 7, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, + 0x6F, 0x62, 0x0F, 0xDC, 0xB5, 0x06, 0xB3, 0x45, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2E, + /* SL */ + 0x00, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0x07, 0x12, 0xD9, 0x80, 0xCA, 0x50, 0xBB, 0xED, + 0x35, 0xA0, 0xFA, 0x56, 0x63, 0x38, 0x72, 0x9F, + 0xFA, 0x16, 0xD1, 0x9F, 0xFC, 0xF0, 0x7B, 0x3A, + 0x1E, 0x79, 0x19, 0xB3, 0x77, 0x6A, 0xAC, 0xEC, + 0x8A, 0x59, 0x37, 0x20, 0x8B, 0x48, 0x3A, 0x76, + 0x91, 0x98, 0x4D, 0x38, 0x07, 0x92, 0xE0, 0x7F, + /* ICV */ + 0xC2, 0xC3, 0xC7, 0x9F, 0x26, 0x3F, 0xA6, 0xBF, + 0xF8, 0xE7, 0x58, 0x1E, 0x2C, 0xE4, 0x5A, 0xF8, + }, + .len = 92, + }, +}, +/* gcm_256_xpn_60B_cipher */ +{ + .test_idx = 8, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0xE3, 0xC0, 0x8A, 0x8F, 0x06, 0xC6, 0xE3, 0xAD, + 0x95, 0xA7, 0x05, 0x57, 0xB2, 0x3F, 0x75, 0x48, + 0x3C, 0xE3, 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, + 0x25, 0x66, 0x62, 0x04, 0xC6, 0x9C, 0x0B, 0x72, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x02, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2E, + /* SL */ + 0x00, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0x3E, 0xB0, 0x4A, 0x4B, 0xBF, 0x54, 0xC6, 0xEB, + 0x12, 0x22, 0xA9, 0xAE, 0xA0, 0x0C, 0x38, 0x68, + 0x7F, 0x6C, 0x35, 0x20, 0xD9, 0x76, 0xA3, 0xB6, + 0x94, 0x80, 0x06, 0x50, 0xCE, 0x65, 0x85, 0xE6, + 0x20, 0xA4, 0x19, 0x19, 0x17, 0xD2, 0xA6, 0x05, + 0xD8, 0x70, 0xC7, 0x8D, 0x27, 0x52, 0xCE, 0x49, + /* ICV */ + 0x3B, 0x44, 0x2A, 0xC0, 0xC8, 0x16, 0xD7, 0xAB, + 0xD7, 0x0A, 0xD6, 0x5C, 0x25, 0xD4, 0x64, 0x13, + }, + .len = 92, + }, +}, +/* gcm_128_61B_cipher */ +{ + .test_idx = 9, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .xpn = 0x0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x01, 0x3F, 0xE0, 0x0B, 0x5F, 0x11, 0xBE, 0x7F, + 0x86, 0x6D, 0x0C, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00, + 0x06, + }, + .len = 61, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2F, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x3A, 0x4D, 0xE6, 0xFA, 0x32, 0x19, 0x10, 0x14, + 0xDB, 0xB3, 0x03, 0xD9, 0x2E, 0xE3, 0xA9, 0xE8, + 0xA1, 0xB5, 0x99, 0xC1, 0x4D, 0x22, 0xFB, 0x08, + 0x00, 0x96, 0xE1, 0x38, 0x11, 0x81, 0x6A, 0x3C, + 0x9C, 0x9B, 0xCF, 0x7C, 0x1B, 0x9B, 0x96, 0xDA, + 0x80, 0x92, 0x04, 0xE2, 0x9D, 0x0E, 0x2A, 0x76, + 0x42, + /* ICV */ + 0xBF, 0xD3, 0x10, 0xA4, 0x83, 0x7C, 0x81, 0x6C, + 0xCF, 0xA5, 0xAC, 0x23, 0xAB, 0x00, 0x39, 0x88, + }, + .len = 93, + }, +}, +/* gcm_256_61B_cipher */ +{ + .test_idx = 10, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0x0, + .xpn = 0x0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, + 0xC0, 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, + 0x9A, 0xC1, 0xC8, 0x0F, 0xEE, 0x1B, 0x62, 0x44, + 0x97, 0xEF, 0x94, 0x2E, 0x2F, 0x79, 0xA8, 0x23, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00, + 0x06, + }, + .len = 61, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2F, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x11, 0x02, 0x22, 0xFF, 0x80, 0x50, 0xCB, 0xEC, + 0xE6, 0x6A, 0x81, 0x3A, 0xD0, 0x9A, 0x73, 0xED, + 0x7A, 0x9A, 0x08, 0x9C, 0x10, 0x6B, 0x95, 0x93, + 0x89, 0x16, 0x8E, 0xD6, 0xE8, 0x69, 0x8E, 0xA9, + 0x02, 0xEB, 0x12, 0x77, 0xDB, 0xEC, 0x2E, 0x68, + 0xE4, 0x73, 0x15, 0x5A, 0x15, 0xA7, 0xDA, 0xEE, + 0xD4, + /* ICV */ + 0xA1, 0x0F, 0x4E, 0x05, 0x13, 0x9C, 0x23, 0xDF, + 0x00, 0xB3, 0xAA, 0xDC, 0x71, 0xF0, 0x59, 0x6A, + }, + .len = 93, + }, +}, +/* gcm_128_xpn_61B_cipher */ +{ + .test_idx = 11, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x01, 0x3F, 0xE0, 0x0B, 0x5F, 0x11, 0xBE, 0x7F, + 0x86, 0x6D, 0x0C, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00, + 0x06, + }, + .len = 61, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2F, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x14, 0xC1, 0x76, 0x93, 0xBC, 0x82, 0x97, 0xEE, + 0x6C, 0x47, 0xC5, 0x65, 0xCB, 0xE0, 0x67, 0x9E, + 0x80, 0xF0, 0x0F, 0xCA, 0xF5, 0x92, 0xC9, 0xAA, + 0x04, 0x73, 0x92, 0x8E, 0x7F, 0x2F, 0x21, 0x6F, + 0xF5, 0xA0, 0x33, 0xDE, 0xC7, 0x51, 0x3F, 0x45, + 0xD3, 0x4C, 0xBB, 0x98, 0x1C, 0x5B, 0xD6, 0x4E, + 0x8B, + /* ICV */ + 0xD8, 0x4B, 0x8E, 0x2A, 0x78, 0xE7, 0x4D, 0xAF, + 0xEA, 0xA0, 0x38, 0x46, 0xFE, 0x93, 0x0C, 0x0E, + }, + .len = 93, + }, +}, +/* gcm_256_xpn_61B_cipher */ +{ + .test_idx = 12, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, + 0xC0, 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, + 0x9A, 0xC1, 0xC8, 0x0F, 0xEE, 0x1B, 0x62, 0x44, + 0x97, 0xEF, 0x94, 0x2E, 0x2F, 0x79, 0xA8, 0x23, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x00, + 0x06, + }, + .len = 61, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2F, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x09, 0x96, 0xE0, 0xC9, 0xA5, 0x57, 0x74, 0xE0, + 0xA7, 0x92, 0x30, 0x4E, 0x7D, 0xC1, 0x50, 0xBD, + 0x67, 0xFD, 0x74, 0x7D, 0xD1, 0xB9, 0x41, 0x95, + 0x94, 0xBF, 0x37, 0x3D, 0x4A, 0xCE, 0x8F, 0x87, + 0xF5, 0xC1, 0x34, 0x9A, 0xFA, 0xC4, 0x91, 0xAA, + 0x0A, 0x40, 0xD3, 0x19, 0x90, 0x87, 0xB2, 0x9F, + 0xDF, + /* ICV */ + 0x80, 0x2F, 0x05, 0x0E, 0x69, 0x1F, 0x11, 0xA2, + 0xD9, 0xB3, 0x58, 0xF6, 0x99, 0x41, 0x84, 0xF5, + }, + .len = 93, + }, +}, +/* gcm_128_75B_cipher */ +{ + .test_idx = 13, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x88, 0xEE, 0x08, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, + 0xF6, 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08, + }, + .len = 75, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4D, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0xC3, 0x1F, 0x53, 0xD9, 0x9E, 0x56, 0x87, 0xF7, + 0x36, 0x51, 0x19, 0xB8, 0x32, 0xD2, 0xAA, 0xE7, + 0x07, 0x41, 0xD5, 0x93, 0xF1, 0xF9, 0xE2, 0xAB, + 0x34, 0x55, 0x77, 0x9B, 0x07, 0x8E, 0xB8, 0xFE, + 0xAC, 0xDF, 0xEC, 0x1F, 0x8E, 0x3E, 0x52, 0x77, + 0xF8, 0x18, 0x0B, 0x43, 0x36, 0x1F, 0x65, 0x12, + 0xAD, 0xB1, 0x6D, 0x2E, 0x38, 0x54, 0x8A, 0x2C, + 0x71, 0x9D, 0xBA, 0x72, 0x28, 0xD8, 0x40, + /* ICV */ + 0x88, 0xF8, 0x75, 0x7A, 0xDB, 0x8A, 0xA7, 0x88, + 0xD8, 0xF6, 0x5A, 0xD6, 0x68, 0xBE, 0x70, 0xE7, + }, + .len = 99, + }, +}, +/* gcm_256_75B_cipher */ +{ + .test_idx = 14, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, + 0x74, 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, + 0x1F, 0xCE, 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, + 0x1A, 0x2C, 0xAA, 0x0F, 0xFE, 0x04, 0x07, 0xE5, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08, + }, + .len = 75, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4D, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0xBA, 0x8A, 0xE3, 0x1B, 0xC5, 0x06, 0x48, 0x6D, + 0x68, 0x73, 0xE4, 0xFC, 0xE4, 0x60, 0xE7, 0xDC, + 0x57, 0x59, 0x1F, 0xF0, 0x06, 0x11, 0xF3, 0x1C, + 0x38, 0x34, 0xFE, 0x1C, 0x04, 0xAD, 0x80, 0xB6, + 0x68, 0x03, 0xAF, 0xCF, 0x5B, 0x27, 0xE6, 0x33, + 0x3F, 0xA6, 0x7C, 0x99, 0xDA, 0x47, 0xC2, 0xF0, + 0xCE, 0xD6, 0x8D, 0x53, 0x1B, 0xD7, 0x41, 0xA9, + 0x43, 0xCF, 0xF7, 0xA6, 0x71, 0x3B, 0xD0, + /* ICV */ + 0x26, 0x11, 0xCD, 0x7D, 0xAA, 0x01, 0xD6, 0x1C, + 0x5C, 0x88, 0x6D, 0xC1, 0xA8, 0x17, 0x01, 0x07, + }, + .len = 99, + }, +}, +/* gcm_128_xpn_75B_cipher */ +{ + .test_idx = 15, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x88, 0xEE, 0x08, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, + 0xF6, 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08, + }, + .len = 75, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4D, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0xEA, 0xEC, 0xC6, 0xAF, 0x65, 0x12, 0xFC, 0x8B, + 0x6C, 0x8C, 0x43, 0xBC, 0x55, 0xB1, 0x90, 0xB2, + 0x62, 0x6D, 0x07, 0xD3, 0xD2, 0x18, 0xFA, 0xF5, + 0xDA, 0xA7, 0xD8, 0xF8, 0x00, 0xA5, 0x73, 0x31, + 0xEB, 0x43, 0xB5, 0xA1, 0x7A, 0x37, 0xE5, 0xB1, + 0xD6, 0x0D, 0x27, 0x5C, 0xCA, 0xF7, 0xAC, 0xD7, + 0x04, 0xCC, 0x9A, 0xCE, 0x2B, 0xF8, 0xBC, 0x8B, + 0x9B, 0x23, 0xB9, 0xAD, 0xF0, 0x2F, 0x87, + /* ICV */ + 0x34, 0x6B, 0x96, 0xD1, 0x13, 0x6A, 0x75, 0x4D, + 0xF0, 0xA6, 0xCD, 0xE1, 0x26, 0xC1, 0x07, 0xF8, + }, + .len = 99, + }, +}, +/* gcm_256_xpn_75B_cipher */ +{ + .test_idx = 16, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, + 0x74, 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, + 0x1F, 0xCE, 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, + 0x1A, 0x2C, 0xAA, 0x0F, 0xFE, 0x04, 0x07, 0xE5, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08, + }, + .len = 75, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4D, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0xB0, 0xFE, 0xA3, 0x63, 0x18, 0xB9, 0xB3, 0x64, + 0x66, 0xC4, 0x6E, 0x9E, 0x1B, 0xDA, 0x1A, 0x26, + 0x68, 0x58, 0x19, 0x6E, 0x7E, 0x70, 0xD8, 0x82, + 0xAE, 0x70, 0x47, 0x56, 0x68, 0xCD, 0xE4, 0xEC, + 0x88, 0x3F, 0x6A, 0xC2, 0x36, 0x9F, 0x28, 0x4B, + 0xED, 0x1F, 0xE3, 0x2F, 0x42, 0x09, 0x2F, 0xDF, + 0xF5, 0x86, 0x8A, 0x3C, 0x64, 0xE5, 0x61, 0x51, + 0x92, 0xA7, 0xA3, 0x76, 0x0B, 0x34, 0xBC, + /* ICV */ + 0x85, 0x69, 0x2C, 0xD8, 0x15, 0xB6, 0x64, 0x71, + 0x1A, 0xEF, 0x91, 0x1D, 0xF7, 0x8D, 0x7F, 0x46, + }, + .len = 99, + }, +}, +}; + +#endif From patchwork Wed Jun 7 15:19:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128329 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A44D742C4E; Wed, 7 Jun 2023 17:20:36 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5BA9442D12; Wed, 7 Jun 2023 17:20:18 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 69D9F42D3A for ; Wed, 7 Jun 2023 17:20:16 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvhxw028122; Wed, 7 Jun 2023 08:20:13 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=pW99rgngjSk3EVrDs3i3KlEFMFjuIzwBfNVHl9CGI2k=; b=bkD00wXzSnSA/Hp7amv0HR6NFuyAx86xPiajfyOID6W+8MeiN76NcVOAMfJxKgSeeHhw hSGwUd0T6V/q/id7AbLNmBWrXPqITAYuFW0hV+6Hk7/A3vxkvH9ts2hZHJX2DrciyY8a DSy2oK+JzKZcX2KZSAoecJbsVlGZ28SHgKe8qeGENa3lv2VJzpXbY+W+vZTOwtzl8KGk J2po2f7/zA6JhjzuI3c0pqVW5s3Q3Iz3s7Bmm+rdTYY/gVRstlJvYJbILuZNbI8UqE17 q4I80nf1KcG1yjAT0Bqw+YeJotWMW75n/uB5fbcNZtgICsHCF3N9X08fqI/nOw4g673P lA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv67q-8 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:12 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:20:03 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:20:03 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 3E7033F7084; Wed, 7 Jun 2023 08:20:00 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 04/13] test/security: add MACsec integrity cases Date: Wed, 7 Jun 2023 20:49:31 +0530 Message-ID: <20230607151940.223417-5-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: pifBq_MRBk5o3hiGeNB2y8fUCDaENn-Z X-Proofpoint-GUID: pifBq_MRBk5o3hiGeNB2y8fUCDaENn-Z X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added test vectors and test cases to verify auth_only/verify_only and encap-decap/auth-verify to verify the complete TX-RX path using the loopback mode of ethdev. Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 153 +++ .../test_security_inline_macsec_vectors.h | 995 ++++++++++++++++++ 2 files changed, 1148 insertions(+) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 9ef967597b..7445b667e4 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -937,6 +937,143 @@ test_inline_macsec_decap_all(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_auth_only_all(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_integrity_vectors[i]; + err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts); + if (err) { + printf("\nAuth Generate case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nAuth Generate case %d Passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_verify_only_all(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_integrity_vectors[i]; + err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); + if (err) { + printf("\nAuth Verify case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nAuth Verify case %d Passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_encap_decap_all(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.encrypt = true; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_ENCAP_DECAP, &opts); + if (err) { + printf("\nCipher Auth Encap-decap case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nCipher Auth Encap-decap case %d Passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + + +static int +test_inline_macsec_auth_verify_all(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_integrity_vectors[i]; + err = test_macsec(&cur_td, MCS_AUTH_VERIFY, &opts); + if (err) { + printf("\nAuth Generate + Verify case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nAuth Generate + Verify case %d Passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + static int ut_setup_inline_macsec(void) { @@ -1090,6 +1227,22 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec decap(De-cipher+verify) known vector", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_decap_all), + TEST_CASE_NAMED_ST( + "MACsec auth only known vector", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_auth_only_all), + TEST_CASE_NAMED_ST( + "MACsec verify only known vector", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_verify_only_all), + TEST_CASE_NAMED_ST( + "MACsec encap + decap known vector", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_encap_decap_all), + TEST_CASE_NAMED_ST( + "MACsec auth + verify known vector", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_auth_verify_all), TEST_CASES_END() /**< NULL terminate unit test array */ }, diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h index 68bd485419..f6c668c281 100644 --- a/app/test/test_security_inline_macsec_vectors.h +++ b/app/test/test_security_inline_macsec_vectors.h @@ -1083,4 +1083,999 @@ static const struct mcs_test_vector list_mcs_cipher_vectors[] = { }, }; +static const struct mcs_test_vector list_mcs_integrity_vectors[] = { +/* gcm_128_54B_integrity */ +{ + .test_idx = 1, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, + 0x6F, 0x62, 0x0F, 0xDC, 0xB5, 0x06, 0xB3, 0x45, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x01, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x22, + /* SL */ + 0x2A, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x01, + /* ICV */ + 0xF0, 0x94, 0x78, 0xA9, 0xB0, 0x90, 0x07, 0xD0, + 0x6F, 0x46, 0xE9, 0xB6, 0xA1, 0xDA, 0x25, 0xDD, + }, + .len = 86, + }, +}, +/* gcm_256_54B_integrity */ +{ + .test_idx = 2, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0xE3, 0xC0, 0x8A, 0x8F, 0x06, 0xC6, 0xE3, 0xAD, + 0x95, 0xA7, 0x05, 0x57, 0xB2, 0x3F, 0x75, 0x48, + 0x3C, 0xE3, 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, + 0x25, 0x66, 0x62, 0x04, 0xC6, 0x9C, 0x0B, 0x72, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x01, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x22, + /* SL */ + 0x2A, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x01, + /* ICV */ + 0x2F, 0x0B, 0xC5, 0xAF, 0x40, 0x9E, 0x06, 0xD6, + 0x09, 0xEA, 0x8B, 0x7D, 0x0F, 0xA5, 0xEA, 0x50, + }, + .len = 86, + }, +}, +/* gcm_128_xpn_54B_integrity */ +{ + .test_idx = 3, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, + 0x6F, 0x62, 0x0F, 0xDC, 0xB5, 0x06, 0xB3, 0x45, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x01, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x22, + /* SL */ + 0x2A, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x01, + /* ICV */ + 0x17, 0xFE, 0x19, 0x81, 0xEB, 0xDD, 0x4A, 0xFC, + 0x50, 0x62, 0x69, 0x7E, 0x8B, 0xAA, 0x0C, 0x23, + }, + .len = 86, + }, +}, +/* gcm_256_xpn_54B_integrity */ +{ + .test_idx = 4, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0xE3, 0xC0, 0x8A, 0x8F, 0x06, 0xC6, 0xE3, 0xAD, + 0x95, 0xA7, 0x05, 0x57, 0xB2, 0x3F, 0x75, 0x48, + 0x3C, 0xE3, 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, + 0x25, 0x66, 0x62, 0x04, 0xC6, 0x9C, 0x0B, 0x72, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x01, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xD6, 0x09, 0xB1, 0xF0, 0x56, 0x63, + /* MAC SA */ + 0x7A, 0x0D, 0x46, 0xDF, 0x99, 0x8D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x22, + /* SL */ + 0x2A, + /* PN */ + 0xB2, 0xC2, 0x84, 0x65, + /* SCI */ + 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x01, + /* ICV */ + 0x4D, 0xBD, 0x2F, 0x6A, 0x75, 0x4A, 0x6C, 0xF7, + 0x28, 0xCC, 0x12, 0x9B, 0xA6, 0x93, 0x15, 0x77, + }, + .len = 86, + }, +}, +/* gcm_128_60B_integrity */ +{ + .test_idx = 5, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x03, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x40, + /* SL */ + 0x00, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* SCI */ + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x03, + /* ICV */ + 0x0C, 0x01, 0x7B, 0xC7, 0x3B, 0x22, 0x7D, 0xFC, + 0xC9, 0xBA, 0xFA, 0x1C, 0x41, 0xAC, 0xC3, 0x53, + }, + .len = 84, + }, +}, +/* gcm_256_60B_integrity */ +{ + .test_idx = 6, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x69, 0x1D, 0x3E, 0xE9, 0x09, 0xD7, 0xF5, 0x41, + 0x67, 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x08, + 0x1F, 0x2B, 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, + 0xAB, 0x80, 0xBD, 0x52, 0x95, 0xAE, 0x6B, 0xE7, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x03, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x40, + /* SL */ + 0x00, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* SCI */ + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x03, + /* ICV */ + 0x35, 0x21, 0x7C, 0x77, 0x4B, 0xBC, 0x31, 0xB6, + 0x31, 0x66, 0xBC, 0xF9, 0xD4, 0xAB, 0xED, 0x07, + }, + .len = 84, + }, +}, +/* gcm_128_xpn_60B_integrity */ +{ + .test_idx = 7, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x03, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x40, + /* SL */ + 0x00, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* SCI */ + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x03, + /* ICV */ + 0xAB, 0xC4, 0x06, 0x85, 0xA3, 0xCF, 0x91, 0x1D, + 0x37, 0x87, 0xE4, 0x9D, 0xB6, 0xA7, 0x26, 0x5E, + }, + .len = 84, + }, +}, +/* gcm_256_xpn_60B_integrity */ +{ + .test_idx = 8, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x69, 0x1D, 0x3E, 0xE9, 0x09, 0xD7, 0xF5, 0x41, + 0x67, 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x08, + 0x1F, 0x2B, 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, + 0xAB, 0x80, 0xBD, 0x52, 0x95, 0xAE, 0x6B, 0xE7, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x03, + }, + .len = 60, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x40, + /* SL */ + 0x00, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* SCI */ + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x00, 0x03, + /* ICV */ + 0xAC, 0x21, 0x95, 0x7B, 0x83, 0x12, 0xAB, 0x3C, + 0x99, 0xAB, 0x46, 0x84, 0x98, 0x79, 0xC3, 0xF3, + }, + .len = 84, + }, +}, +/* gcm_128_65B_integrity */ +{ + .test_idx = 9, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x01, 0x3F, 0xE0, 0x0B, 0x5F, 0x11, 0xBE, 0x7F, + 0x86, 0x6D, 0x0C, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x00, 0x05, + }, + .len = 65, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x23, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x00, 0x05, + /* ICV */ + 0x21, 0x78, 0x67, 0xE5, 0x0C, 0x2D, 0xAD, 0x74, + 0xC2, 0x8C, 0x3B, 0x50, 0xAB, 0xDF, 0x69, 0x5A, + }, + .len = 97, + }, +}, +/* gcm_256_65B_integrity */ +{ + .test_idx = 10, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, + 0xC0, 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, + 0x9A, 0xC1, 0xC8, 0x0F, 0xEE, 0x1B, 0x62, 0x44, + 0x97, 0xEF, 0x94, 0x2E, 0x2F, 0x79, 0xA8, 0x23, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x00, 0x05, + }, + .len = 65, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x23, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x00, 0x05, + /* ICV */ + 0x6E, 0xE1, 0x60, 0xE8, 0xFA, 0xEC, 0xA4, 0xB3, + 0x6C, 0x86, 0xB2, 0x34, 0x92, 0x0C, 0xA9, 0x75, + }, + .len = 97, + }, +}, +/* gcm_128_xpn_65B_integrity */ +{ + .test_idx = 11, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x01, 0x3F, 0xE0, 0x0B, 0x5F, 0x11, 0xBE, 0x7F, + 0x86, 0x6D, 0x0C, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x00, 0x05, + }, + .len = 65, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x23, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x00, 0x05, + /* ICV */ + 0x67, 0x85, 0x59, 0xB7, 0xE5, 0x2D, 0xB0, 0x06, + 0x82, 0xE3, 0xB8, 0x30, 0x34, 0xCE, 0xBE, 0x59, + }, + .len = 97, + }, +}, +/* gcm_256_xpn_65B_integrity */ +{ + .test_idx = 12, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, + 0xC0, 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, + 0x9A, 0xC1, 0xC8, 0x0F, 0xEE, 0x1B, 0x62, 0x44, + 0x97, 0xEF, 0x94, 0x2E, 0x2F, 0x79, 0xA8, 0x23, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x00, 0x05, + }, + .len = 65, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, + /* MAC SA */ + 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x23, + /* SL */ + 0x00, + /* PN */ + 0x89, 0x32, 0xD6, 0x12, + /* SCI */ + 0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6, + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x00, 0x05, + /* ICV */ + 0x84, 0xBA, 0xC8, 0xE5, 0x3D, 0x1E, 0xA3, 0x55, + 0xA5, 0xC7, 0xD3, 0x34, 0x84, 0x0A, 0xE9, 0x62, + }, + .len = 97, + }, +}, +/* gcm_128_79B_integrity */ +{ + .test_idx = 13, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x88, 0xEE, 0x08, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, + 0xF6, 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, + 0x4D, 0x00, 0x07, + }, + .len = 79, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x41, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, + 0x4D, 0x00, 0x07, + /* ICV */ + 0x07, 0x92, 0x2B, 0x8E, 0xBC, 0xF1, 0x0B, 0xB2, + 0x29, 0x75, 0x88, 0xCA, 0x4C, 0x61, 0x45, 0x23, + }, + .len = 103, + }, +}, +/* gcm_256_79B_integrity */ +{ + .test_idx = 14, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, + 0x74, 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, + 0x1F, 0xCE, 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, + 0x1A, 0x2C, 0xAA, 0x0F, 0xFE, 0x04, 0x07, 0xE5, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, + 0x4D, 0x00, 0x07, + }, + .len = 79, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x41, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, + 0x4D, 0x00, 0x07, + /* ICV */ + 0x00, 0xBD, 0xA1, 0xB7, 0xE8, 0x76, 0x08, 0xBC, + 0xBF, 0x47, 0x0F, 0x12, 0x15, 0x7F, 0x4C, 0x07, + }, + .len = 103, + }, +}, +/* gcm_128_xpn_79B_integrity */ +{ + .test_idx = 15, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x88, 0xEE, 0x08, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, + 0xF6, 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, + 0x4D, 0x00, 0x07, + }, + .len = 79, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x41, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, + 0x4D, 0x00, 0x07, + /* ICV */ + 0xD0, 0xDC, 0x89, 0x6D, 0xC8, 0x37, 0x98, 0xA7, + 0x9F, 0x3C, 0x5A, 0x95, 0xBA, 0x3C, 0xDF, 0x9A, + }, + .len = 103, + }, +}, +/* gcm_256_xpn_79B_integrity */ +{ + .test_idx = 16, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, 0x86, 0xA2, + 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, + 0x74, 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, + 0x1F, 0xCE, 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, + 0x1A, 0x2C, 0xAA, 0x0F, 0xFE, 0x04, 0x07, 0xE5, + }, + .len = 32, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, + 0x4D, 0x00, 0x07, + }, + .len = 79, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, + /* MAC SA */ + 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x41, + /* SL */ + 0x00, + /* PN */ + 0x2E, 0x58, 0x49, 0x5C, + /* SCI */ + /* Secure Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, + 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, + 0x4D, 0x00, 0x07, + /* ICV */ + 0x04, 0x24, 0x9A, 0x20, 0x8A, 0x65, 0xB9, 0x6B, + 0x3F, 0x32, 0x63, 0x00, 0x4C, 0xFD, 0x86, 0x7D, + }, + .len = 103, + }, +}, +}; + #endif From patchwork Wed Jun 7 15:19:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128328 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 41F6642C4E; Wed, 7 Jun 2023 17:20:29 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2D53C42D2C; Wed, 7 Jun 2023 17:20:15 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id CBE4D410FC for ; Wed, 7 Jun 2023 17:20:12 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357DvjAR028185; Wed, 7 Jun 2023 08:20:09 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=juXo0UyXr2QPfyzFq6dln3kfkxw0fxkSg0XhCPGS04I=; b=A6D1ipp90c4BjXEItedeJZuJHLiPdekKntt2jVXA5wJqnvA99NahbNBHvB8LuEzosSOp HZ7MSvCacOiJgWAtq80ztKDljTNjxlpBChjsh3h603P3h03GpaQcH++ries7NPCovd3b 8qgzgNCs5e197nSuNMrtp6/bnXVsqY/VErj5aXkGqH+GHuj8oHTTjS/BeOaCOYwdv/kG VpUcq7OGDk4qW3YHdDPbGrC/XXqr5c+uiMtPgrdcHC37URKE/tykWWu0XgE9u0JmXR/h RKucKaUZYEnBZzoFnUWQZ2ywgjYMACm6LqBNCUaosGnsCWKcni2r9rIPb4V9kDeOY9Q9 zw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv68u-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:09 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:20:07 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:20:07 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 2105E3F7088; Wed, 7 Jun 2023 08:20:03 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 05/13] test/security: verify multi flow MACsec Date: Wed, 7 Jun 2023 20:49:32 +0530 Message-ID: <20230607151940.223417-6-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: eMuorWNGb2Q4EyhxiRVEgSx0V3uazkLH X-Proofpoint-GUID: eMuorWNGb2Q4EyhxiRVEgSx0V3uazkLH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added test case and test vectors to verify multiple flows of MACsec. Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 49 ++++++++ .../test_security_inline_macsec_vectors.h | 110 +++++++++++++++++- 2 files changed, 158 insertions(+), 1 deletion(-) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 7445b667e4..621074a928 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -1074,6 +1074,51 @@ test_inline_macsec_auth_verify_all(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_multi_flow(const void *data __rte_unused) +{ + const struct mcs_test_vector *tv[MCS_MAX_FLOWS]; + struct mcs_test_vector iter[MCS_MAX_FLOWS]; + struct mcs_test_opts opts = {0}; + int i, err; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.encrypt = true; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = MCS_MAX_FLOWS; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + for (i = 0; i < MCS_MAX_FLOWS; i++) { + memcpy(&iter[i].sa_key.data, sa_key, MCS_MULTI_FLOW_TD_KEY_SZ); + memcpy(&iter[i].plain_pkt.data, eth_addrs[i], 2 * RTE_ETHER_ADDR_LEN); + memcpy(&iter[i].plain_pkt.data[2 * RTE_ETHER_ADDR_LEN], plain_user_data, + MCS_MULTI_FLOW_TD_PLAIN_DATA_SZ); + memcpy(&iter[i].secure_pkt.data, eth_addrs[i], 2 * RTE_ETHER_ADDR_LEN); + memcpy(&iter[i].secure_pkt.data[2 * RTE_ETHER_ADDR_LEN], secure_user_data, + MCS_MULTI_FLOW_TD_SECURE_DATA_SZ); + iter[i].sa_key.len = MCS_MULTI_FLOW_TD_KEY_SZ; + iter[i].plain_pkt.len = MCS_MULTI_FLOW_TD_PLAIN_DATA_SZ + + (2 * RTE_ETHER_ADDR_LEN); + iter[i].secure_pkt.len = MCS_MULTI_FLOW_TD_SECURE_DATA_SZ + + (2 * RTE_ETHER_ADDR_LEN); + iter[i].alg = RTE_SECURITY_MACSEC_ALG_GCM_128; + iter[i].ssci = 0x0; + iter[i].xpn = 0x0; + tv[i] = (const struct mcs_test_vector *)&iter[i]; + } + err = test_macsec(tv, MCS_ENCAP_DECAP, &opts); + if (err) { + printf("\nCipher Auth Encryption multi flow failed"); + err = -1; + } else { + printf("\nCipher Auth Encryption multi flow Passed"); + err = 0; + } + return err; +} + static int ut_setup_inline_macsec(void) { @@ -1219,6 +1264,10 @@ inline_macsec_testsuite_teardown(void) static struct unit_test_suite inline_macsec_testsuite = { .suite_name = "Inline MACsec Ethernet Device Unit Test Suite", .unit_test_cases = { + TEST_CASE_NAMED_ST( + "MACsec Encap + decap Multi flow", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_multi_flow), TEST_CASE_NAMED_ST( "MACsec encap(Cipher+Auth) known vector", ut_setup_inline_macsec, ut_teardown_inline_macsec, diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h index f6c668c281..8d9c2cae77 100644 --- a/app/test/test_security_inline_macsec_vectors.h +++ b/app/test/test_security_inline_macsec_vectors.h @@ -8,7 +8,6 @@ #define MCS_MAX_KEY_LEN 32 #define MCS_IV_LEN 12 #define MCS_SALT_LEN 12 -#define MCS_MAX_FLOWS 63 enum mcs_op { MCS_NO_OP, @@ -2078,4 +2077,113 @@ static const struct mcs_test_vector list_mcs_integrity_vectors[] = { }, }; +#define MCS_MULTI_FLOW_TD_KEY_SZ 16 +#define MCS_MULTI_FLOW_TD_PLAIN_DATA_SZ 42 +#define MCS_MULTI_FLOW_TD_SECURE_DATA_SZ 66 +#define MCS_MULTI_FLOW_TD_KEY_SZ 16 +#define MCS_MAX_FLOWS 63 + +uint8_t sa_key[MCS_MULTI_FLOW_TD_KEY_SZ] = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, +}; + +uint8_t eth_addrs[MCS_MAX_FLOWS][2 * RTE_ETHER_ADDR_LEN] = { + {0xE2, 0x00, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x02, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x03, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x04, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x05, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x06, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x07, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x08, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x09, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x0A, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x0B, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x0C, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x0D, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x0E, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x0F, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x10, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x11, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x12, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x13, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x14, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x15, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x16, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x17, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x18, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x19, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x1A, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x1B, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x1C, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x1D, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x1E, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x1F, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x20, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x21, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x22, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x23, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x24, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x25, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x26, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x27, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x28, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x29, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x2A, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x2B, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x2C, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x2D, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x2E, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x2F, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x30, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x31, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x32, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x33, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x34, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x35, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x36, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x37, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x38, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x39, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x3A, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x3B, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x3C, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x3D, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, + {0xE2, 0x3E, 0x06, 0xD7, 0xCD, 0x0D, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D,}, +}; + +uint8_t plain_user_data[MCS_MULTI_FLOW_TD_PLAIN_DATA_SZ] = { + /* User Data with Ethertype */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, +}; + +uint8_t secure_user_data[MCS_MULTI_FLOW_TD_SECURE_DATA_SZ] = { + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* Secure Data */ + 0x13, 0xB4, 0xC7, 0x2B, 0x38, 0x9D, 0xC5, 0x01, + 0x8E, 0x72, 0xA1, 0x71, 0xDD, 0x85, 0xA5, 0xD3, + 0x75, 0x22, 0x74, 0xD3, 0xA0, 0x19, 0xFB, 0xCA, + 0xED, 0x09, 0xA4, 0x25, 0xCD, 0x9B, 0x2E, 0x1C, + 0x9B, 0x72, 0xEE, 0xE7, 0xC9, 0xDE, 0x7D, 0x52, + 0xB3, 0xF3, + /* ICV */ + 0xD6, 0xA5, 0x28, 0x4F, 0x4A, 0x6D, 0x3F, 0xE2, + 0x2A, 0x5D, 0x6C, 0x2B, 0x96, 0x04, 0x94, 0xC3, +}; + + #endif From patchwork Wed Jun 7 15:19:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128330 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 44E3742C4E; Wed, 7 Jun 2023 17:20:44 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 96ABA42D43; Wed, 7 Jun 2023 17:20:19 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 8B85842D3B for ; Wed, 7 Jun 2023 17:20:16 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvh26028140; Wed, 7 Jun 2023 08:20:13 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=9vWB4HFHTI/raG/K2iTBCHT1fYmJu84ImOh4fllrxTo=; b=GZRiQWAnXPY57LDOV/aBkg9NsjcC6j6+r4JPqC27KyHmBswAum6ppAtKVacjSuH1T7C+ dbe0ERUB9sA4yeFaWqAnZZZgCPqAKdHBHUILrK9pNyvOpfBSIwV4V/OFEJj+gygqshld +pZ2cf4+MLecv4itmH1sWYRFKYMV05etxz9oQrNUGdIjBxcu/6OLOF9zV/NRI+JbweIQ ZZ5QGlj5r88PrqRxnn4/FI6zy11B5kcQgYdu37uGDUfjvTcqbmfHR4qcoPxFPV5H7LbY Y6JWe2Ox+rmM2lMkV97snU9vlf5+rC+v7R7kektBBSgYO2dnkvE3Qkzin0bkn1tmeyO8 fQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv695-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:13 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:20:11 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:20:11 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 047263F708C; Wed, 7 Jun 2023 08:20:07 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 06/13] test/security: add MACsec VLAN cases Date: Wed, 7 Jun 2023 20:49:33 +0530 Message-ID: <20230607151940.223417-7-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 45qF4yMGUSYF-JVrJjQqkstmzW0M9h7V X-Proofpoint-GUID: 45qF4yMGUSYF-JVrJjQqkstmzW0M9h7V X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added cases to verify MACsec processing with VLAN tags inserted. Vectors are added to verify 1/2/3 VLAN tags in clear or encrypted data. Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 67 ++++++ .../test_security_inline_macsec_vectors.h | 217 ++++++++++++++++++ 2 files changed, 284 insertions(+) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 621074a928..854ead75a0 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -1119,6 +1119,69 @@ test_inline_macsec_multi_flow(const void *data __rte_unused) return err; } +static int +test_inline_macsec_with_vlan(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_vlan_vectors) / sizeof((list_mcs_vlan_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_vlan_vectors[i]; + if (i == 0) { + opts.sectag_insert_mode = 1; + } else if (i == 1) { + opts.sectag_insert_mode = 0; /* offset from special E-type */ + opts.nb_vlan = 1; + } else if (i == 2) { + opts.sectag_insert_mode = 0; /* offset from special E-type */ + opts.nb_vlan = 2; + } + err = test_macsec(&cur_td, MCS_ENCAP, &opts); + if (err) { + printf("\n VLAN Encap case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\n VLAN Encap case %d passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + for (i = 0; i < size; i++) { + cur_td = &list_mcs_vlan_vectors[i]; + if (i == 0) { + opts.sectag_insert_mode = 1; + } else if (i == 1) { + opts.sectag_insert_mode = 0; /* offset from special E-type */ + opts.nb_vlan = 1; + } else if (i == 2) { + opts.sectag_insert_mode = 0; /* offset from special E-type */ + opts.nb_vlan = 2; + } + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) { + printf("\n VLAN Decap case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\n VLAN Decap case %d passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, (2 * size) + all_err, -all_err); + return all_err; +} + static int ut_setup_inline_macsec(void) { @@ -1292,6 +1355,10 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec auth + verify known vector", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_auth_verify_all), + TEST_CASE_NAMED_ST( + "MACsec Encap and decap with VLAN", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_with_vlan), TEST_CASES_END() /**< NULL terminate unit test array */ }, diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h index 8d9c2cae77..4bcb82783c 100644 --- a/app/test/test_security_inline_macsec_vectors.h +++ b/app/test/test_security_inline_macsec_vectors.h @@ -2185,5 +2185,222 @@ uint8_t secure_user_data[MCS_MULTI_FLOW_TD_SECURE_DATA_SZ] = { 0x2A, 0x5D, 0x6C, 0x2B, 0x96, 0x04, 0x94, 0xC3, }; +static const struct mcs_test_vector list_mcs_vlan_vectors[] = { +/* No clear tag, VLAN after macsec header */ +{ + .test_idx = 1, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* User Data with VLAN Tag */ + 0x81, 0x00, 0x00, 0x02, 0x08, 0x00, 0x45, 0x00, + 0x00, 0x54, 0xF2, 0xFA, 0x40, 0x00, 0x40, 0x01, + 0xF7, 0x83, 0x14, 0x14, 0x14, 0x02, 0x14, 0x14, + 0x14, 0x01, 0x08, 0x00, 0xE9, 0xC5, 0x02, 0xAF, + 0x00, 0x01, 0xCB, 0x51, 0x6D, 0x38, 0x00, 0x00, + 0x00, 0x00, 0x13, 0x2D, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, + 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, + 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, + 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, + 0x36, 0x37, + }, + .len = 102, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x20, + /* SL */ + 0x00, + /* PN */ + 0x00, 0x00, 0x00, 0x06, + /* SCI */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01, + /* Secure Data */ + 0x81, 0x00, 0x00, 0x02, 0x08, 0x00, 0x45, 0x00, + 0x00, 0x54, 0xF2, 0xFA, 0x40, 0x00, 0x40, 0x01, + 0xF7, 0x83, 0x14, 0x14, 0x14, 0x02, 0x14, 0x14, + 0x14, 0x01, 0x08, 0x00, 0xE9, 0xC5, 0x02, 0xAF, + 0x00, 0x01, 0xCB, 0x51, 0x6D, 0x38, 0x00, 0x00, + 0x00, 0x00, 0x13, 0x2D, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, + 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, + 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, + 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, + 0x36, 0x37, + /* ICV */ + 0x21, 0x68, 0xF1, 0x21, 0x19, 0xB7, 0xDF, 0x73, + 0x6F, 0x2A, 0x11, 0xEA, 0x8A, 0xBC, 0x8A, 0x79, + }, + .len = 134, + }, +}, +/* 1 vlan tag followed by MACsec */ +{ + .test_idx = 2, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* User Data */ + 0x81, 0x00, 0x00, 0x02, + 0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x88, 0x71, + 0x40, 0x00, 0x40, 0x01, 0x62, 0x0D, 0x14, 0x14, + 0x14, 0x02, 0x14, 0x14, 0x14, 0x01, 0x08, 0x00, + 0x77, 0xA6, 0x02, 0xB3, 0x00, 0x01, 0xBE, 0x52, + 0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x8C, 0x47, + 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, + 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, + 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, + 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, + 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, + 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + }, + .len = 102, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* VLAN Tag before MACsec */ + 0x81, 0x00, 0x00, 0x02, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x20, + /* SL */ + 0x00, + /* PN */ + 0x00, 0x00, 0x00, 0x07, + /* SCI */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01, + /* Secure Data */ + 0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x88, 0x71, + 0x40, 0x00, 0x40, 0x01, 0x62, 0x0D, 0x14, 0x14, + 0x14, 0x02, 0x14, 0x14, 0x14, 0x01, 0x08, 0x00, + 0x77, 0xA6, 0x02, 0xB3, 0x00, 0x01, 0xBE, 0x52, + 0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x8C, 0x47, + 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, + 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, + 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, + 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, + 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, + 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + /* ICV */ + 0xF1, 0xC0, 0xA2, 0x6E, 0x99, 0xE5, 0xAB, 0x97, + 0x78, 0x79, 0x7D, 0x13, 0x35, 0x5E, 0x39, 0x4F, + }, + .len = 134, + }, +}, +/* 2 vlan tag followed by MACsec */ +{ + .test_idx = 3, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* User Data */ + 0x88, 0xA8, 0x00, 0x04, 0x81, 0x00, 0x00, 0x02, + 0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x70, 0x5B, + 0x40, 0x00, 0x40, 0x01, 0x29, 0xF9, 0x28, 0x28, + 0x28, 0x04, 0x28, 0x28, 0x28, 0x01, 0x08, 0x00, + 0x08, 0x02, 0x02, 0xE2, 0x00, 0x01, 0x60, 0x58, + 0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x5C, 0xB7, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, + 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, + 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, + 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, + 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, + 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + }, + .len = 106, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* VLAN Tags before MACsec */ + 0x88, 0xA8, 0x00, 0x04, + 0x81, 0x00, 0x00, 0x02, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x20, + /* SL */ + 0x00, + /* PN */ + 0x00, 0x00, 0x00, 0x0E, + /* SCI */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01, + /* Secure Data */ + 0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x70, 0x5B, + 0x40, 0x00, 0x40, 0x01, 0x29, 0xF9, 0x28, 0x28, + 0x28, 0x04, 0x28, 0x28, 0x28, 0x01, 0x08, 0x00, + 0x08, 0x02, 0x02, 0xE2, 0x00, 0x01, 0x60, 0x58, + 0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x5C, 0xB7, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, + 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, + 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, + 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, + 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, + 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + /* ICV */ + 0xCC, 0x38, 0x21, 0x3A, 0xEE, 0x5F, 0xE3, 0x7F, + 0xA1, 0xBA, 0xBD, 0xBD, 0x65, 0x5B, 0xB3, 0xE5, + }, + .len = 138, + }, +}, +}; + + #endif From patchwork Wed Jun 7 15:19:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128331 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AACE142C4E; Wed, 7 Jun 2023 17:20:53 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0A2A742D61; Wed, 7 Jun 2023 17:20:22 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 35CD842D4E for ; Wed, 7 Jun 2023 17:20:20 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357DvhP1028125; Wed, 7 Jun 2023 08:20:17 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=vdkVymTV+CHC6v9gZ9ehsTJeu+rKK85Lbvjj07CEwBs=; b=kSkrTFD10NLj2xJswRvKAPwae5QDl0arc/3ozHmIdw+/Gxe1qzy2MyAoU7vhpsR0ewRh D9O9b5lBacs48+Pd+hqon4OIPTzooO8ufvJ/J/4wBQApgK7JYEwpBhbePCUNWhcG6hYO 1nCvvyR1l7h3UnUd0RcsE8zxkuGeDzlKDxvsF1LODNTudFrWq+rmNMoGxbwHThubOB2L giRkMo+8s6rJ2cS7qDGjELXBpkcGtepTFekEHhU/ulCctzeObVNODuSvPH8Q0hVIXsk9 wRiO41NPQ1XMUmILCoYIXVhj/hiA+i8IUFcagg77gsNHHj5fS/WrjPNIuWKf8rr08vLM bw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv69r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:17 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:20:15 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:20:15 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id DAD4A3F7093; Wed, 7 Jun 2023 08:20:11 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 07/13] test/security: add MACsec negative cases Date: Wed, 7 Jun 2023 20:49:34 +0530 Message-ID: <20230607151940.223417-8-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: YSHXwoEaKgWYGc2zyDZbV8B577Q4ag9C X-Proofpoint-GUID: YSHXwoEaKgWYGc2zyDZbV8B577Q4ag9C X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added MACsec negative test cases to verify pkt drop, untagged rx, bad tag rx, sa not in use, out packets untagged, pkts too long. Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 346 +++++++++++++ .../test_security_inline_macsec_vectors.h | 475 ++++++++++++++++++ 2 files changed, 821 insertions(+) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 854ead75a0..2a06f31f37 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -660,6 +660,103 @@ mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op, } } +static int +mcs_stats_check(struct rte_security_ctx *ctx, enum mcs_op op, + const struct mcs_test_opts *opts, + const struct mcs_test_vector *td, + void *rx_sess, void *tx_sess, + uint8_t rx_sc_id, uint8_t tx_sc_id, + uint16_t rx_sa_id[], uint16_t tx_sa_id[]) +{ + struct rte_security_stats sess_stats = {0}; + struct rte_security_macsec_secy_stats *secy_stat; + struct rte_security_macsec_sc_stats sc_stat = {0}; + struct rte_security_macsec_sa_stats sa_stat = {0}; + int i; + + if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || + op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { + rte_security_session_stats_get(ctx, rx_sess, &sess_stats); + secy_stat = &sess_stats.macsec; + + if ((opts->check_untagged_rx && secy_stat->pkt_notag_cnt != 1) || + (opts->check_untagged_rx && secy_stat->pkt_untaged_cnt != 1)) + return TEST_FAILED; + + if (opts->check_bad_tag_cnt && secy_stat->pkt_badtag_cnt != 1) + return TEST_FAILED; + + if (opts->check_sa_not_in_use && secy_stat->pkt_nosaerror_cnt != 1) + return TEST_FAILED; + + if (opts->check_decap_stats && secy_stat->octet_decrypted_cnt != + (uint16_t)(td->plain_pkt.len - 2 * RTE_ETHER_ADDR_LEN)) + return TEST_FAILED; + + if (opts->check_verify_only_stats && secy_stat->octet_validated_cnt != + (uint16_t)(td->plain_pkt.len - 2 * RTE_ETHER_ADDR_LEN)) + return TEST_FAILED; + + rte_security_macsec_sc_stats_get(ctx, rx_sc_id, + RTE_SECURITY_MACSEC_DIR_RX, &sc_stat); + + if ((opts->check_decap_stats || opts->check_verify_only_stats) && + sc_stat.pkt_ok_cnt != 1) + return TEST_FAILED; + + if (opts->check_pkts_invalid_stats && sc_stat.pkt_notvalid_cnt != 1) + return TEST_FAILED; + + if (opts->check_pkts_unchecked_stats && sc_stat.pkt_unchecked_cnt != 1) + return TEST_FAILED; + + for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) { + memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); + rte_security_macsec_sa_stats_get(ctx, rx_sa_id[i], + RTE_SECURITY_MACSEC_DIR_RX, &sa_stat); + + } + } + + if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || + op == MCS_AUTH_ONLY || op == MCS_AUTH_VERIFY) { + memset(&sess_stats, 0, sizeof(struct rte_security_stats)); + rte_security_session_stats_get(ctx, tx_sess, &sess_stats); + secy_stat = &sess_stats.macsec; + + if (opts->check_out_pkts_untagged && secy_stat->pkt_untagged_cnt != 1) + return TEST_FAILED; + + if (opts->check_out_pkts_toolong && secy_stat->pkt_toolong_cnt != 1) + return TEST_FAILED; + + if (opts->check_encap_stats && secy_stat->octet_encrypted_cnt != + (uint16_t)(td->plain_pkt.len - 2 * RTE_ETHER_ADDR_LEN)) + return TEST_FAILED; + + if (opts->check_auth_only_stats && secy_stat->octet_protected_cnt != + (uint16_t)(td->plain_pkt.len - 2 * RTE_ETHER_ADDR_LEN)) + return TEST_FAILED; + + + memset(&sc_stat, 0, sizeof(struct rte_security_macsec_sc_stats)); + rte_security_macsec_sc_stats_get(ctx, tx_sc_id, RTE_SECURITY_MACSEC_DIR_TX, + &sc_stat); + + if (opts->check_encap_stats && sc_stat.pkt_encrypt_cnt != 1) + return TEST_FAILED; + + if (opts->check_auth_only_stats && sc_stat.pkt_protected_cnt != 1) + return TEST_FAILED; + + memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); + rte_security_macsec_sa_stats_get(ctx, tx_sa_id[0], + RTE_SECURITY_MACSEC_DIR_TX, &sa_stat); + } + + return 0; +} + static int test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts) { @@ -833,12 +930,23 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs rx_pkts_burst[i] = NULL; } out: + if (opts->check_out_pkts_toolong == 1 || + opts->check_sa_not_in_use == 1 || + opts->check_bad_tag_cnt == 1) + ret = TEST_SUCCESS; + for (i = 0; i < opts->nb_td; i++) { if (opts->dump_all_stats) { mcs_stats_dump(ctx, op, rx_sess[i], tx_sess[i], rx_sc_id[i], tx_sc_id[i], rx_sa_id[i], tx_sa_id[i]); + } else { + if (ret == TEST_SUCCESS) + ret = mcs_stats_check(ctx, op, opts, td[i], + rx_sess[i], tx_sess[i], + rx_sc_id[i], tx_sc_id[i], + rx_sa_id[i], tx_sa_id[i]); } } @@ -1182,6 +1290,220 @@ test_inline_macsec_with_vlan(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_pkt_drop(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.encrypt = true; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_err_cipher_vectors) / sizeof((list_mcs_err_cipher_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_err_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) { + printf("\nPacket drop case %d passed", cur_td->test_idx); + err = 0; + } else { + printf("\nPacket drop case %d failed", cur_td->test_idx); + err = -1; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_untagged_rx(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_untagged_rx = 1; + + size = (sizeof(list_mcs_untagged_cipher_vectors) / + sizeof((list_mcs_untagged_cipher_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_untagged_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) + err = 0; + else + err = -1; + + all_err += err; + } + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD; + for (i = 0; i < size; i++) { + cur_td = &list_mcs_untagged_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) + err = 0; + else + err = -1; + + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_bad_tag_rx(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_bad_tag_cnt = 1; + + size = (sizeof(list_mcs_bad_tag_vectors) / sizeof((list_mcs_bad_tag_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_bad_tag_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) + err = -1; + else + err = 0; + + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_sa_not_in_use(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 0; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_sa_not_in_use = 1; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) + err = -1; + else + err = 0; + + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_out_pkts_untagged(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.encrypt = false; + opts.protect_frames = false; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_out_pkts_untagged = 1; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_ENCAP, &opts); + if (err) + err = -1; + else + err = 0; + + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + +static int +test_inline_macsec_out_pkts_toolong(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD; + opts.encrypt = true; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = 50; + opts.check_out_pkts_toolong = 1; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_ENCAP, &opts); + if (err) + err = -1; + else + err = 0; + + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + static int ut_setup_inline_macsec(void) { @@ -1359,6 +1681,30 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec Encap and decap with VLAN", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_with_vlan), + TEST_CASE_NAMED_ST( + "MACsec packet drop", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_pkt_drop), + TEST_CASE_NAMED_ST( + "MACsec untagged Rx", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_untagged_rx), + TEST_CASE_NAMED_ST( + "MACsec bad tag Rx", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_bad_tag_rx), + TEST_CASE_NAMED_ST( + "MACsec SA not in use", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_sa_not_in_use), + TEST_CASE_NAMED_ST( + "MACsec out pkts untagged", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_out_pkts_untagged), + TEST_CASE_NAMED_ST( + "MACsec out pkts too long", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_out_pkts_toolong), TEST_CASES_END() /**< NULL terminate unit test array */ }, diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h index 4bcb82783c..2b200c1d89 100644 --- a/app/test/test_security_inline_macsec_vectors.h +++ b/app/test/test_security_inline_macsec_vectors.h @@ -2077,6 +2077,481 @@ static const struct mcs_test_vector list_mcs_integrity_vectors[] = { }, }; +static const struct mcs_test_vector list_mcs_err_cipher_vectors[] = { +/* gcm_128_64B_cipher */ +{ + .test_idx = 0, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x38, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + } +} +}; + +static const struct mcs_test_vector list_mcs_untagged_cipher_vectors[] = { +{ + .test_idx = 0, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* Wrong MACsec EtherType */ + 0x88, 0xD7, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +}; + +static const struct mcs_test_vector list_mcs_bad_tag_vectors[] = { +{ + .test_idx = 0, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI{V = 1} and AN */ + 0xAC, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +{ + .test_idx = 1, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI{E,C = 2'b01} and AN */ + 0x24, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +{ + .test_idx = 2, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI{ES = 1 && SC = 1} and AN */ + 0x6C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +{ + .test_idx = 3, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI{SCB = 1 && SC = 1} and AN */ + 0x3C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +{ + .test_idx = 4, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .xpn = 0x0, /* Most significant 32 bits */ + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x0, + /* PN = 0 */ + 0x0, 0x0, 0x0, 0x0, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +{ + .test_idx = 5, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x80, + /* PN = 0 */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +}; + #define MCS_MULTI_FLOW_TD_KEY_SZ 16 #define MCS_MULTI_FLOW_TD_PLAIN_DATA_SZ 42 #define MCS_MULTI_FLOW_TD_SECURE_DATA_SZ 66 From patchwork Wed Jun 7 15:19:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128332 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EC5BC42C4E; Wed, 7 Jun 2023 17:21:02 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9B5B142D52; Wed, 7 Jun 2023 17:20:26 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id B5A16410F6 for ; Wed, 7 Jun 2023 17:20:24 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvlvv028208; Wed, 7 Jun 2023 08:20:21 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=fbB26+QhBYPuN3Dhxe6+f8bH+mpX5ZHsYV7P89NF08o=; b=ApoWeVHJIyal3s1lb1f57pVahlWiLTzqw3d5oqvMKqLgipYuWGwkMwYV1vOPVmsXMcYI cFW0lsT7tTUimEhPzseOgQB++WFYgkRABdZ1rQanrC/l5d7mAXYZgD6PGmCgA+nzyHsh 5/OB7m2y759dymfRB4qIPtikyMzN4ds0J/5voskHwGevZaU2sfa+AVMXYXkL7fqbBfkF YkTLvJ6nwr84Oa4dK7ARDVMPKRD4lkq8l/hp2fnbuBNHLLYxM7J5wPIktGh42h5CXOMm hX8SCzDdfmjP4gvhcrairi0F3xJNgjhDKxA+ZoC/Fco1dh59uuJLxaSXHCJXhPFyRprQ 1g== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv6ah-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:21 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:20:20 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:20:19 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id BDB023F708E; Wed, 7 Jun 2023 08:20:15 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 08/13] test/security: verify MACsec stats Date: Wed, 7 Jun 2023 20:49:35 +0530 Message-ID: <20230607151940.223417-9-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: HauvHj_KYOmVpUxGwivozYGFZjUjwOhh X-Proofpoint-GUID: HauvHj_KYOmVpUxGwivozYGFZjUjwOhh X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added cases to verify various stats of MACsec. Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 222 +++++++++++++++++++++++++ 1 file changed, 222 insertions(+) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 2a06f31f37..9cab3253f4 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -1438,6 +1438,140 @@ test_inline_macsec_sa_not_in_use(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_decap_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_decap_stats = 1; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) { + printf("\nDecap stats case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nDecap stats case %d passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_verify_only_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_verify_only_stats = 1; + + size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_integrity_vectors[i]; + err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); + if (err) { + printf("\nVerify only stats case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\nVerify only stats case %d Passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + + return all_err; +} + +static int +test_inline_macsec_pkts_invalid_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_err_cipher_vectors) / sizeof((list_mcs_err_cipher_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_err_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) + err = 0; + else + err = -1; + + all_err += err; + } + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + +static int +test_inline_macsec_pkts_unchecked_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_DISABLE; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_pkts_unchecked_stats = 1; + + size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_integrity_vectors[i]; + err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); + if (err) + err = -1; + else + err = 0; + + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + static int test_inline_macsec_out_pkts_untagged(const void *data __rte_unused) { @@ -1504,6 +1638,70 @@ test_inline_macsec_out_pkts_toolong(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_encap_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.encrypt = true; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_encap_stats = 1; + + size = (sizeof(list_mcs_cipher_vectors) / sizeof((list_mcs_cipher_vectors)[0])); + for (i = 0; i < size; i++) { + cur_td = &list_mcs_cipher_vectors[i]; + err = test_macsec(&cur_td, MCS_ENCAP, &opts); + if (err) + err = -1; + else + err = 0; + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + +static int +test_inline_macsec_auth_only_stats(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_auth_only_stats = 1; + + size = (sizeof(list_mcs_integrity_vectors) / sizeof((list_mcs_integrity_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_integrity_vectors[i]; + err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts); + if (err) + err = -1; + else + err = 0; + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + static int ut_setup_inline_macsec(void) { @@ -1697,6 +1895,22 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec SA not in use", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_sa_not_in_use), + TEST_CASE_NAMED_ST( + "MACsec decap stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_decap_stats), + TEST_CASE_NAMED_ST( + "MACsec verify only stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_verify_only_stats), + TEST_CASE_NAMED_ST( + "MACsec pkts invalid stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_pkts_invalid_stats), + TEST_CASE_NAMED_ST( + "MACsec pkts unchecked stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_pkts_unchecked_stats), TEST_CASE_NAMED_ST( "MACsec out pkts untagged", ut_setup_inline_macsec, ut_teardown_inline_macsec, @@ -1705,6 +1919,14 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec out pkts too long", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_out_pkts_toolong), + TEST_CASE_NAMED_ST( + "MACsec Encap stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_encap_stats), + TEST_CASE_NAMED_ST( + "MACsec auth only stats", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_auth_only_stats), TEST_CASES_END() /**< NULL terminate unit test array */ }, From patchwork Wed Jun 7 15:19:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128333 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1FB1F42C4E; Wed, 7 Jun 2023 17:21:09 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5F2F742D81; Wed, 7 Jun 2023 17:20:29 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id CC2AF42D53 for ; Wed, 7 Jun 2023 17:20:27 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvlw0028208; Wed, 7 Jun 2023 08:20:25 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=xKRYJzpMctuYef/8Alhgo6awFRqtaDE3kfBz797gVEc=; b=fAxQaRXQSaLn4egXOn+CWzAQ6jrMSxztQS6mj8fZaVfRqRBk37Pt4g9KsYXAHr3dab4H CTtx9xGojURkM6q/inRiJtCo+k46HGvzkYOVxa5Uznc6TDib9WHTr/H0zH32PWQIR+Jh 1b6cPkylDLFv79xqyJoM2Ix1+9ndhhlNhTCJP8Lgwm7gwvF6VIkH58fO/KLub4lww6KK ACrMgfFm+csODnStCndKYG0NpvR8BqKI3cOcuUV4Z3DbhXDIT/qvEIj5/CZLyhZ9eb0H dYeLoVt9q9kTiGgeI1L81p1bextRoA0gLgJBAlM3DN3NshLNGLyoiDhAGHl9mXbiXNaM VQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv6b4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:24 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:20:23 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:20:22 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 9F6EE3F708C; Wed, 7 Jun 2023 08:20:19 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 09/13] test/security: verify MACsec interrupts Date: Wed, 7 Jun 2023 20:49:36 +0530 Message-ID: <20230607151940.223417-10-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: qbT3Nlu2d4plasFqjyk8Rm47YGWN8fRF X-Proofpoint-GUID: qbT3Nlu2d4plasFqjyk8Rm47YGWN8fRF X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Ankur Dwivedi This patch enables the test_inline_macsec_interrupts_all test case for MACSEC. Signed-off-by: Ankur Dwivedi Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 124 +++++++ .../test_security_inline_macsec_vectors.h | 306 +++++++++++++++++- 2 files changed, 429 insertions(+), 1 deletion(-) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 9cab3253f4..12e3234cfb 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -757,6 +757,71 @@ mcs_stats_check(struct rte_security_ctx *ctx, enum mcs_op op, return 0; } +static int +test_macsec_event_callback(uint16_t port_id, enum rte_eth_event_type type, + void *param, void *ret_param) +{ + struct mcs_err_vector *vector = (struct mcs_err_vector *)param; + struct rte_eth_event_macsec_desc *event_desc = NULL; + + RTE_SET_USED(port_id); + + if (type != RTE_ETH_EVENT_MACSEC) + return -1; + + event_desc = ret_param; + if (event_desc == NULL) { + printf("Event descriptor not set\n"); + return -1; + } + vector->notify_event = true; + + switch (event_desc->type) { + case RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR: + vector->event = RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR; + switch (event_desc->subtype) { + case RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_V_EQ1: + vector->event_subtype = RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_V_EQ1; + break; + case RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_E_EQ0_C_EQ1: + vector->event_subtype = RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_E_EQ0_C_EQ1; + break; + case RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SL_GTE48: + vector->event_subtype = RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SL_GTE48; + break; + case RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_ES_EQ1_SC_EQ1: + vector->event_subtype = RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_ES_EQ1_SC_EQ1; + break; + case RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SC_EQ1_SCB_EQ1: + vector->event_subtype = RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SC_EQ1_SCB_EQ1; + break; + default: + printf("\nUnknown Macsec event subtype: %d", event_desc->subtype); + } + break; + case RTE_ETH_EVENT_MACSEC_RX_SA_PN_HARD_EXP: + vector->event = RTE_ETH_EVENT_MACSEC_RX_SA_PN_HARD_EXP; + break; + case RTE_ETH_EVENT_MACSEC_RX_SA_PN_SOFT_EXP: + vector->event = RTE_ETH_EVENT_MACSEC_RX_SA_PN_SOFT_EXP; + break; + case RTE_ETH_EVENT_MACSEC_TX_SA_PN_HARD_EXP: + vector->event = RTE_ETH_EVENT_MACSEC_TX_SA_PN_HARD_EXP; + break; + case RTE_ETH_EVENT_MACSEC_TX_SA_PN_SOFT_EXP: + vector->event = RTE_ETH_EVENT_MACSEC_TX_SA_PN_SOFT_EXP; + break; + case RTE_ETH_EVENT_MACSEC_SA_NOT_VALID: + vector->event = RTE_ETH_EVENT_MACSEC_SA_NOT_VALID; + break; + default: + printf("Invalid MACsec event reported\n"); + return -1; + } + + return 0; +} + static int test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts) { @@ -914,6 +979,8 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs while (--nb_rx >= 0) rte_pktmbuf_free(rx_pkts_burst[nb_rx]); ret = TEST_FAILED; + if (opts->check_sectag_interrupts == 1) + ret = TEST_SUCCESS; goto out; } @@ -1702,6 +1769,59 @@ test_inline_macsec_auth_only_stats(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_interrupts_all(const void *data __rte_unused) +{ + struct mcs_err_vector err_vector = {0}; + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int i, size; + int err, all_err = 0; + enum rte_eth_event_macsec_subtype subtype[] = { + RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_V_EQ1, + RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_E_EQ0_C_EQ1, + RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SL_GTE48, + RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_ES_EQ1_SC_EQ1, + RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SC_EQ1_SCB_EQ1, + }; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.check_sectag_interrupts = 1; + + err_vector.event = RTE_ETH_EVENT_MACSEC_UNKNOWN; + err_vector.event_subtype = RTE_ETH_SUBEVENT_MACSEC_UNKNOWN; + rte_eth_dev_callback_register(port_id, RTE_ETH_EVENT_MACSEC, + test_macsec_event_callback, &err_vector); + + size = (sizeof(list_mcs_intr_test_vectors) / sizeof((list_mcs_intr_test_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_intr_test_vectors[i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if ((err_vector.event == RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR) && + (err_vector.event_subtype == subtype[i])) { + printf("\nSectag val err interrupt test case %d passed", + cur_td->test_idx); + err = 0; + } else { + printf("\nSectag val err interrupt test case %d failed", + cur_td->test_idx); + err = -1; + } + all_err += err; + } + rte_eth_dev_callback_unregister(port_id, RTE_ETH_EVENT_MACSEC, + test_macsec_event_callback, &err_vector); + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + static int ut_setup_inline_macsec(void) { @@ -1927,6 +2047,10 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec auth only stats", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_auth_only_stats), + TEST_CASE_NAMED_ST( + "MACsec interrupts all", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_interrupts_all), TEST_CASES_END() /**< NULL terminate unit test array */ }, diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h index 2b200c1d89..d861004e8e 100644 --- a/app/test/test_security_inline_macsec_vectors.h +++ b/app/test/test_security_inline_macsec_vectors.h @@ -39,6 +39,13 @@ struct mcs_test_vector { } secure_pkt; }; +struct mcs_err_vector { + const struct mcs_test_vector *td; + enum rte_eth_event_macsec_type event; + enum rte_eth_event_macsec_subtype event_subtype; + bool notify_event; +}; + static const struct mcs_test_vector list_mcs_cipher_vectors[] = { /* gcm_128_64B_cipher */ { @@ -2876,6 +2883,303 @@ static const struct mcs_test_vector list_mcs_vlan_vectors[] = { }, }; - +static const struct mcs_test_vector list_mcs_intr_test_vectors[] = { +/* gcm_128_64B_cipher */ +/* SECTAG_V_EQ1 */ +{ + .test_idx = 0, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0xAC, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +/* SECTAG_E_EQ0_C_EQ1 */ +{ + .test_idx = 1, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x24, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +/* SECTAG_SL_GTE48 */ +{ + .test_idx = 2, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x31, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +/* SECTAG_ES_EQ1_SC_EQ1 */ +{ + .test_idx = 3, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x6C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +/* SECTAG_SC_EQ1_SCB_EQ1 */ +{ + .test_idx = 4, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x3C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +}; #endif From patchwork Wed Jun 7 15:19:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128334 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9308A42C4E; Wed, 7 Jun 2023 17:21:15 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6A813410F9; Wed, 7 Jun 2023 17:20:33 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 9B84A42D84 for ; Wed, 7 Jun 2023 17:20:31 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvj7v028182; Wed, 7 Jun 2023 08:20:28 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=6VIaLfz+vGKHO0NkoZC8/b5y6MlZrK39v+geCYpWXjE=; b=cGwgxjjih79ALjuy/Rz5FQ7+G3SjUPsQbj/NvFYTvEhjck+LY1J+RF2oqJQFK2zoZug4 n6N9mPfNNnRoll3xP+ehkl/C3MJeRCghzttFZX2eb/8xtXqDJp83GUFOU+VsX5aX/Eoj RtXcmBTyyyzWu4/9urCi+m29NDmeuct2DR87zIC8+UQAgHqZv3nSAucCQVK8Y1QBzx2Y ZdasN21kgtpXfm80FolqXnU34PlXki1bC19hI42FCYwyyRHTvkrL6Fp9ENVoNLRPpCbp n/X+7VF9tx1G4Ow+T3zWpX8tV7ddUkIqA8RxtOrcbBh0AfLLMQNtpWRqL/YRyWu5dqEc xg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv6bh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:28 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:20:26 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:20:26 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 822C03F708D; Wed, 7 Jun 2023 08:20:23 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 10/13] test/security: verify MACsec Tx HW rekey Date: Wed, 7 Jun 2023 20:49:37 +0530 Message-ID: <20230607151940.223417-11-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: hrbz8vHispOvk4wK2nYNkIl4Fw4BREW- X-Proofpoint-GUID: hrbz8vHispOvk4wK2nYNkIl4Fw4BREW- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This patch enables the Tx HW rekey test case for MACSEC. Signed-off-by: Ankur Dwivedi Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 137 +++++++++- .../test_security_inline_macsec_vectors.h | 243 ++++++++++++++++++ 2 files changed, 378 insertions(+), 2 deletions(-) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 12e3234cfb..2172f61199 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -207,6 +207,8 @@ fill_macsec_sc_conf(const struct mcs_test_vector *td, uint8_t i; sc_conf->dir = dir; + sc_conf->pn_threshold = ((uint64_t)td->xpn << 32) | + rte_be_to_cpu_32(*(const uint32_t *)(&td->secure_pkt.data[tci_off + 2])); if (dir == RTE_SECURITY_MACSEC_DIR_TX) { sc_conf->sc_tx.sa_id = sa_id[0]; if (sa_id[1] != MCS_INVALID_SA) { @@ -232,12 +234,16 @@ fill_macsec_sc_conf(const struct mcs_test_vector *td, /* use some default SCI */ sc_conf->sc_tx.sci = 0xf1341e023a2b1c5d; } + if (td->xpn > 0) + sc_conf->sc_tx.is_xpn = 1; } else { for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) { sc_conf->sc_rx.sa_id[i] = sa_id[i]; sc_conf->sc_rx.sa_in_use[i] = opts->sa_in_use; } sc_conf->sc_rx.active = 1; + if (td->xpn > 0) + sc_conf->sc_rx.is_xpn = 1; } } @@ -834,6 +840,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs struct rte_security_session_conf sess_conf = {0}; struct rte_security_macsec_sa sa_conf = {0}; struct rte_security_macsec_sc sc_conf = {0}; + struct mcs_err_vector err_vector = {0}; struct rte_security_ctx *ctx; int nb_rx = 0, nb_sent; int i, j = 0, ret, id, an = 0; @@ -868,6 +875,34 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs } j++; + if (opts->rekey_en) { + + err_vector.td = td[i]; + err_vector.rekey_td = opts->rekey_td; + err_vector.event = RTE_ETH_EVENT_MACSEC_UNKNOWN; + err_vector.event_subtype = RTE_ETH_SUBEVENT_MACSEC_UNKNOWN; + rte_eth_dev_callback_register(port_id, RTE_ETH_EVENT_MACSEC, + test_macsec_event_callback, &err_vector); + if (op == MCS_DECAP || op == MCS_VERIFY_ONLY) + tx_pkts_burst[j] = init_packet(mbufpool, + opts->rekey_td->secure_pkt.data, + opts->rekey_td->secure_pkt.len); + else { + tx_pkts_burst[j] = init_packet(mbufpool, + opts->rekey_td->plain_pkt.data, + opts->rekey_td->plain_pkt.len); + + tx_pkts_burst[j]->ol_flags |= RTE_MBUF_F_TX_MACSEC; + } + if (tx_pkts_burst[j] == NULL) { + while (j--) + rte_pktmbuf_free(tx_pkts_burst[j]); + ret = TEST_FAILED; + goto out; + } + j++; + } + if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { for (an = 0; an < RTE_SECURITY_MACSEC_NUM_AN; an++) { @@ -922,6 +957,20 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs } tx_sa_id[i][0] = (uint16_t)id; tx_sa_id[i][1] = MCS_INVALID_SA; + if (opts->rekey_en) { + memset(&sa_conf, 0, sizeof(struct rte_security_macsec_sa)); + fill_macsec_sa_conf(opts->rekey_td, &sa_conf, + RTE_SECURITY_MACSEC_DIR_TX, + opts->rekey_td->secure_pkt.data[tci_off] & + RTE_MACSEC_AN_MASK, + tci_off); + id = rte_security_macsec_sa_create(ctx, &sa_conf); + if (id < 0) { + printf("MACsec rekey SA create failed : %d.\n", id); + goto out; + } + tx_sa_id[i][1] = (uint16_t)id; + } fill_macsec_sc_conf(td[i], &sc_conf, opts, RTE_SECURITY_MACSEC_DIR_TX, tx_sa_id[i], tci_off); id = rte_security_macsec_sc_create(ctx, &sc_conf); @@ -984,9 +1033,44 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs goto out; } + if (opts->rekey_en) { + switch (err_vector.event) { + case RTE_ETH_EVENT_MACSEC_TX_SA_PN_SOFT_EXP: + printf("Received RTE_ETH_EVENT_MACSEC_TX_SA_PN_SOFT_EXP event\n"); + /* The first sa is active now, so the 0th sa can be + * reconfigured. Using the same key as zeroeth sa, but + * other key can also be configured. + */ + rte_security_macsec_sa_destroy(ctx, tx_sa_id[0][0], + RTE_SECURITY_MACSEC_DIR_TX); + fill_macsec_sa_conf(td[0], &sa_conf, + RTE_SECURITY_MACSEC_DIR_TX, + td[0]->secure_pkt.data[tci_off] & + RTE_MACSEC_AN_MASK, tci_off); + id = rte_security_macsec_sa_create(ctx, &sa_conf); + if (id < 0) { + printf("MACsec SA create failed : %d.\n", id); + return TEST_FAILED; + } + tx_sa_id[0][0] = (uint16_t)id; + break; + default: + printf("Received unsupported event\n"); + } + } + for (i = 0; i < nb_rx; i++) { - ret = test_macsec_post_process(rx_pkts_burst[i], td[i], op, - opts->check_out_pkts_untagged); + if (opts->rekey_en && i == 1) { + /* The second received packet is matched with + * rekey td + */ + ret = test_macsec_post_process(rx_pkts_burst[i], + opts->rekey_td, op, + opts->check_out_pkts_untagged); + } else { + ret = test_macsec_post_process(rx_pkts_burst[i], td[i], + op, opts->check_out_pkts_untagged); + } if (ret != TEST_SUCCESS) { for ( ; i < nb_rx; i++) rte_pktmbuf_free(rx_pkts_burst[i]); @@ -1019,6 +1103,10 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs destroy_default_flow(port_id); + if (opts->rekey_en) + rte_eth_dev_callback_unregister(port_id, RTE_ETH_EVENT_MACSEC, + test_macsec_event_callback, &err_vector); + /* Destroy session so that other cases can create the session again */ for (i = 0; i < opts->nb_td; i++) { if (op == MCS_ENCAP || op == MCS_ENCAP_DECAP || @@ -1029,6 +1117,10 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs RTE_SECURITY_MACSEC_DIR_TX); rte_security_macsec_sa_destroy(ctx, tx_sa_id[i][0], RTE_SECURITY_MACSEC_DIR_TX); + if (opts->rekey_en) { + rte_security_macsec_sa_destroy(ctx, tx_sa_id[i][1], + RTE_SECURITY_MACSEC_DIR_TX); + } } if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { @@ -1822,6 +1914,43 @@ test_inline_macsec_interrupts_all(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_rekey_tx(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.encrypt = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.rekey_en = 1; + + size = (sizeof(list_mcs_rekey_vectors) / sizeof((list_mcs_rekey_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_rekey_vectors[i]; + opts.rekey_td = &list_mcs_rekey_vectors[++i]; + err = test_macsec(&cur_td, MCS_ENCAP, &opts); + if (err) { + printf("Tx hw rekey test case %d failed\n", i); + err = -1; + } else { + printf("Tx hw rekey test case %d passed\n", i); + err = 0; + } + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + static int ut_setup_inline_macsec(void) { @@ -2051,6 +2180,10 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec interrupts all", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_interrupts_all), + TEST_CASE_NAMED_ST( + "MACsec re-key Tx", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_rekey_tx), TEST_CASES_END() /**< NULL terminate unit test array */ }, diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h index d861004e8e..80425b0b71 100644 --- a/app/test/test_security_inline_macsec_vectors.h +++ b/app/test/test_security_inline_macsec_vectors.h @@ -41,6 +41,7 @@ struct mcs_test_vector { struct mcs_err_vector { const struct mcs_test_vector *td; + const struct mcs_test_vector *rekey_td; enum rte_eth_event_macsec_type event; enum rte_eth_event_macsec_subtype event_subtype; bool notify_event; @@ -3182,4 +3183,246 @@ static const struct mcs_test_vector list_mcs_intr_test_vectors[] = { }, }; +static const struct mcs_test_vector list_mcs_rekey_vectors[] = { +/* Initial SA, AN = 0 and PN = 2 */ +{ + .test_idx = 0, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +/* Rekeyed SA. sa_key is different from the initial sa. + * Also, AN = 1 and PN = 1. + */ +{ + .test_idx = 1, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, + 0x6F, 0x62, 0x0F, 0xDC, 0xB5, 0x06, 0xB3, 0x45, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2D, + /* SL */ + 0x00, + /* PN */ + 0x00, 0x00, 0x00, 0x01, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x17, 0x66, 0xEF, 0xD9, 0x06, 0xDC, 0x15, 0xAF, + 0xE9, 0x06, 0xB1, 0xE6, 0x26, 0x22, 0xC8, 0x78, + 0x27, 0xE1, 0xED, 0x76, 0xF5, 0xC8, 0x16, 0xA1, + 0x6B, 0x0D, 0xA0, 0x8E, 0x24, 0x2A, 0x9D, 0x34, + 0xD0, 0xE0, 0x5F, 0xBA, 0x08, 0xF0, 0xE3, 0x7D, + 0x17, 0xC0, 0x2C, 0xCD, 0x8A, 0x44, 0xC9, 0xB9, + 0x28, 0xC0, 0xE8, 0x22, + /* ICV */ + 0x1B, 0x16, 0x68, 0x5F, 0x14, 0x8A, 0x51, 0x29, + 0xB5, 0x3D, 0x61, 0x0E, 0x49, 0x20, 0x60, 0x09, + }, + .len = 96, + }, +}, +{ + .test_idx = 2, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0xB0DF459C, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x76, 0xD4, 0x57, 0xED, + /* Secure Data */ + 0x9C, 0xA4, 0x69, 0x84, 0x43, 0x02, 0x03, 0xED, + 0x41, 0x6E, 0xBD, 0xC2, 0xFE, 0x26, 0x22, 0xBA, + 0x3E, 0x5E, 0xAB, 0x69, 0x61, 0xC3, 0x63, 0x83, + 0x00, 0x9E, 0x18, 0x7E, 0x9B, 0x0C, 0x88, 0x56, + 0x46, 0x53, 0xB9, 0xAB, 0xD2, 0x16, 0x44, 0x1C, + 0x6A, 0xB6, + /* ICV */ + 0xF0, 0xA2, 0x32, 0xE9, 0xE4, 0x4C, 0x97, 0x8C, + 0xF7, 0xCD, 0x84, 0xD4, 0x34, 0x84, 0xD1, 0x01, + }, + .len = 78, + }, +}, +/* Rekeyed SA. sa_key is different from the initial sa. + * Also, AN = 1, XPN = 0 and PN = 1. + */ +{ + .test_idx = 3, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0x0, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, + 0x6F, 0x62, 0x0F, 0xDC, 0xB5, 0x06, 0xB3, 0x45, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4D, + /* SL */ + 0x2A, + /* PN */ + 0x0, 0x0, 0x0, 0x1, + /* Secure Data */ + 0x91, 0x00, 0xC0, 0xE4, 0xB9, 0x4E, 0x2C, 0x1C, + 0x86, 0xDF, 0xE1, 0x8F, 0xDD, 0xB6, 0xE6, 0x79, + 0x65, 0x87, 0x80, 0xE7, 0x9C, 0x5D, 0x8A, 0xB7, + 0x68, 0xFD, 0xE1, 0x6E, 0x3F, 0xF1, 0xDE, 0x20, + 0x4A, 0xF6, 0xBA, 0xE6, 0x14, 0xDB, 0x6A, 0x05, + 0xE9, 0xB6, + /* ICV */ + 0x2D, 0xDF, 0x59, 0x27, 0x25, 0x41, 0x68, 0x1D, + 0x74, 0x1A, 0xAA, 0xC4, 0x18, 0x49, 0xB4, 0x22, + }, + .len = 78, + }, +}, +}; + #endif From patchwork Wed Jun 7 15:19:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128335 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E9D1842C4E; Wed, 7 Jun 2023 17:21:23 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 08D0442D86; Wed, 7 Jun 2023 17:20:37 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 4247442D10 for ; Wed, 7 Jun 2023 17:20:35 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvj7x028182; Wed, 7 Jun 2023 08:20:32 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=iozv4oTPdxq+e0eRjdE5Qm2QRfrN2VIW+dmmBsrw11M=; b=e4ARYt3TbJbg0YwZ/AFUNUc1nILNa194s9AZdXuFP/Jw/DGGfG22kSeakXu+VtXWRaZI pdV/1LCk+fjP0uPuxR14wSJYOMPRmAiYGB2+RkBMjIDOyIgRsydiSkPAI8HtEENkkBEf 3SDnRJ0I2j+W7KCqws8nOuGVYDzASwHF8f+nwg1VUXNB9dnS0JLhHaYvZKnEWEhSqwwr sVhoGhmsFqQRqdu01eMLQZ8QtHuA2oVqwf05C7BMnOXT5JvZ5zy5cIH9AWBMnsCgcscM LyWhXSa6KMp0TaT/EgzmaT367diLSJWaTHM7aajtjJd6GKCS8Q8mUpMV/zt0Rjgy6vIa 4g== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv6c4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:32 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:20:30 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:20:30 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 643E73F7084; Wed, 7 Jun 2023 08:20:27 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , Subject: [PATCH v2 11/13] test/security: verify MACsec Rx rekey Date: Wed, 7 Jun 2023 20:49:38 +0530 Message-ID: <20230607151940.223417-12-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: KPbkho-uV5pcMc9wvJm7Ogt6_g2Yl1PB X-Proofpoint-GUID: KPbkho-uV5pcMc9wvJm7Ogt6_g2Yl1PB X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Ankur Dwivedi This patch enables the Rx rekey test case for MACSEC. Signed-off-by: Ankur Dwivedi --- app/test/test_security_inline_macsec.c | 50 +++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 2172f61199..d832dfc170 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -906,8 +906,14 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs if (op == MCS_DECAP || op == MCS_ENCAP_DECAP || op == MCS_VERIFY_ONLY || op == MCS_AUTH_VERIFY) { for (an = 0; an < RTE_SECURITY_MACSEC_NUM_AN; an++) { + if (opts->rekey_en && an == + (opts->rekey_td->secure_pkt.data[tci_off] & + RTE_MACSEC_AN_MASK)) + fill_macsec_sa_conf(opts->rekey_td, &sa_conf, + RTE_SECURITY_MACSEC_DIR_RX, an, tci_off); + else /* For simplicity, using same SA conf for all AN */ - fill_macsec_sa_conf(td[i], &sa_conf, + fill_macsec_sa_conf(td[i], &sa_conf, RTE_SECURITY_MACSEC_DIR_RX, an, tci_off); id = rte_security_macsec_sa_create(ctx, &sa_conf); if (id < 0) { @@ -1054,6 +1060,9 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs } tx_sa_id[0][0] = (uint16_t)id; break; + case RTE_ETH_EVENT_MACSEC_RX_SA_PN_SOFT_EXP: + printf("Received RTE_ETH_EVENT_MACSEC_RX_SA_PN_SOFT_EXP event\n"); + break; default: printf("Received unsupported event\n"); } @@ -1951,6 +1960,41 @@ test_inline_macsec_rekey_tx(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_rekey_rx(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.mtu = RTE_ETHER_MTU; + opts.rekey_en = 1; + + size = (sizeof(list_mcs_rekey_vectors) / sizeof((list_mcs_rekey_vectors)[0])); + for (i = 0; i < size; i++) { + cur_td = &list_mcs_rekey_vectors[i]; + opts.rekey_td = &list_mcs_rekey_vectors[++i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) { + printf("Rx rekey test case %d failed\n", i); + err = -1; + } else { + printf("Rx rekey test case %d passed\n", i); + err = 0; + } + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + static int ut_setup_inline_macsec(void) { @@ -2184,6 +2228,10 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec re-key Tx", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_rekey_tx), + TEST_CASE_NAMED_ST( + "MACsec re-key Rx", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_rekey_rx), TEST_CASES_END() /**< NULL terminate unit test array */ }, From patchwork Wed Jun 7 15:19:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128336 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C43B442C4E; Wed, 7 Jun 2023 17:21:29 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0E3C342D29; Wed, 7 Jun 2023 17:20:41 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 065A942C76 for ; Wed, 7 Jun 2023 17:20:39 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvlw7028208; Wed, 7 Jun 2023 08:20:37 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=10/y5KCNbANBnA4UdJT+yIAu5tnJF8cC/iCHqIl0Px0=; b=got9+kOzVgLs37c+hNRGYWnmrmbBiDcZw2pglj/CsYBNUsyDXDiaRBrCb1XP7sdvPaVM 8qdk6huRf9ER6aOfqTUR9W6BdcD7p5lqkZoD13CAO3ZjqXLkgCcV6b50snG8jTmkMc3a 4pvkWY6aGjkV0209AETJInijYAU/UB9Zmjh88hOAPrVWYIoN6pZ1EnzRc6ckM9/Rir04 kljGaJhMibIRTI+MJV2bPx0ynbYoKTlmU/X6PnAf2dyWGTphOB0WinwRBHBs5X+IHogv gXKLpXCd9UQcUoJpusSHuJywfvhtbJrknM7Hcyj70ejWeLzEI+3vfnrQGkCxYMR47fDt nw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv6cd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:35 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:20:34 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:20:34 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 0BC703F7088; Wed, 7 Jun 2023 08:20:30 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 12/13] test/security: verify MACsec anti replay Date: Wed, 7 Jun 2023 20:49:39 +0530 Message-ID: <20230607151940.223417-13-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 0pjMDywEYf-2-wet6VUmu7sfrwNG-kw6 X-Proofpoint-GUID: 0pjMDywEYf-2-wet6VUmu7sfrwNG-kw6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Ankur Dwivedi This patch enables anti replay test case for MACsec. Signed-off-by: Ankur Dwivedi Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 82 +++ .../test_security_inline_macsec_vectors.h | 467 ++++++++++++++++++ 2 files changed, 549 insertions(+) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index d832dfc170..f7fb1b6fd6 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -61,6 +61,7 @@ struct mcs_test_opts { uint8_t replay_protect; uint8_t rekey_en; const struct mcs_test_vector *rekey_td; + const struct mcs_test_vector *ar_td[3]; bool dump_all_stats; uint8_t check_untagged_rx; uint8_t check_bad_tag_cnt; @@ -716,6 +717,15 @@ mcs_stats_check(struct rte_security_ctx *ctx, enum mcs_op op, if (opts->check_pkts_unchecked_stats && sc_stat.pkt_unchecked_cnt != 1) return TEST_FAILED; + if (opts->replay_protect) { + if (opts->replay_win_sz == 0 && + sc_stat.pkt_late_cnt != 2) + return TEST_FAILED; + else if (opts->replay_win_sz == 32 && + sc_stat.pkt_late_cnt != 1) + return TEST_FAILED; + } + for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) { memset(&sa_stat, 0, sizeof(struct rte_security_macsec_sa_stats)); rte_security_macsec_sa_stats_get(ctx, rx_sa_id[i], @@ -845,6 +855,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs int nb_rx = 0, nb_sent; int i, j = 0, ret, id, an = 0; uint8_t tci_off; + int k; memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td); @@ -875,6 +886,20 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs } j++; + if (opts->replay_protect) { + for (k = 0; k < 3; k++, j++) { + tx_pkts_burst[j] = init_packet(mbufpool, + opts->ar_td[k]->secure_pkt.data, + opts->ar_td[k]->secure_pkt.len); + if (tx_pkts_burst[j] == NULL) { + while (j--) + rte_pktmbuf_free(tx_pkts_burst[j]); + ret = TEST_FAILED; + goto out; + } + } + } + if (opts->rekey_en) { err_vector.td = td[i]; @@ -1068,6 +1093,15 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs } } + if (opts->replay_protect) { + for (i = 0; i < nb_rx; i++) { + rte_pktmbuf_free(rx_pkts_burst[i]); + rx_pkts_burst[i] = NULL; + } + ret = TEST_SUCCESS; + goto out; + } + for (i = 0; i < nb_rx; i++) { if (opts->rekey_en && i == 1) { /* The second received packet is matched with @@ -1995,6 +2029,50 @@ test_inline_macsec_rekey_rx(const void *data __rte_unused) return all_err; } +static int +test_inline_macsec_anti_replay(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + uint16_t replay_win_sz[2] = {32, 0}; + int err, all_err = 0; + int i, size; + int j; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.sectag_insert_mode = 1; + opts.replay_protect = 1; + + size = (sizeof(list_mcs_anti_replay_vectors) / sizeof((list_mcs_anti_replay_vectors)[0])); + + for (j = 0; j < 2; j++) { + opts.replay_win_sz = replay_win_sz[j]; + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_anti_replay_vectors[i]; + opts.ar_td[0] = &list_mcs_anti_replay_vectors[++i]; + opts.ar_td[1] = &list_mcs_anti_replay_vectors[++i]; + opts.ar_td[2] = &list_mcs_anti_replay_vectors[++i]; + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) { + printf("Replay window: %u, Anti replay test case %d failed\n", + opts.replay_win_sz, i); + err = -1; + } else { + printf("Replay window: %u, Anti replay test case %d passed\n", + opts.replay_win_sz, i); + err = 0; + } + all_err += err; + } + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + return all_err; +} + static int ut_setup_inline_macsec(void) { @@ -2232,6 +2310,10 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec re-key Rx", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_rekey_rx), + TEST_CASE_NAMED_ST( + "MACsec anti-replay", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_anti_replay), TEST_CASES_END() /**< NULL terminate unit test array */ }, diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h index 80425b0b71..ddaa8043e7 100644 --- a/app/test/test_security_inline_macsec_vectors.h +++ b/app/test/test_security_inline_macsec_vectors.h @@ -3425,4 +3425,471 @@ static const struct mcs_test_vector list_mcs_rekey_vectors[] = { }, }; +static const struct mcs_test_vector list_mcs_anti_replay_vectors[] = { +{ + .test_idx = 0, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x2, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x39, 0x38, 0x97, 0x44, 0xA2, 0x6D, 0x71, 0x3D, + 0x14, 0x27, 0xC7, 0x3E, 0x02, 0x96, 0x81, 0xAD, + 0x47, 0x82, 0x2A, 0xCF, 0x19, 0x79, 0x12, 0x49, + 0x0F, 0x93, 0x5A, 0x32, 0x43, 0x79, 0xEF, 0x9D, + 0x70, 0xF8, 0xA9, 0xBE, 0x3D, 0x00, 0x5D, 0x22, + 0xDA, 0x87, 0x3D, 0xC1, 0xBE, 0x1B, 0x13, 0xD9, + 0x99, 0xDB, 0xF1, 0xC8, + /* ICV */ + 0x4B, 0xC4, 0xF8, 0xC6, 0x09, 0x78, 0xB9, 0xBB, + 0x5D, 0xC0, 0x04, 0xF3, 0x20, 0x7D, 0x14, 0x87, + }, + .len = 96, + }, +}, +{ + .test_idx = 1, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x4B, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x51, 0xC9, 0xBB, 0xF3, 0x24, 0x38, 0xF9, 0x06, + 0x76, 0x9E, 0x61, 0xCE, 0xB8, 0x65, 0xA7, 0xE4, + 0x1F, 0x16, 0x5D, 0x59, 0xB8, 0x44, 0x0F, 0x94, + 0x50, 0xF0, 0x4C, 0x35, 0x7D, 0x91, 0x53, 0xC6, + 0x28, 0x4D, 0xA8, 0xAB, 0x13, 0x3B, 0xC0, 0x2D, + 0x11, 0x8E, 0xCC, 0x75, 0xC9, 0xD8, 0x8F, 0x60, + 0x67, 0xE1, 0x03, 0x2C, + /* ICV */ + 0xA5, 0xF1, 0x2C, 0x85, 0x10, 0xEE, 0x67, 0x7E, + 0xDB, 0x4E, 0xF6, 0x0A, 0xA1, 0x0F, 0x15, 0x69, + }, + .len = 96, + }, +}, +{ + .test_idx = 2, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x32, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x6F, 0xB6, 0xF8, 0x54, 0x67, 0x23, 0x3C, 0xE8, + 0x67, 0x54, 0x8B, 0xAD, 0x31, 0xC3, 0x2B, 0xAA, + 0x70, 0x1A, 0xC8, 0x0D, 0x3C, 0x31, 0x54, 0x0F, + 0xDD, 0x8F, 0x23, 0x0F, 0x86, 0xF3, 0x80, 0x31, + 0x8B, 0x30, 0xD9, 0x15, 0xF9, 0x3B, 0xD6, 0x00, + 0x95, 0xBD, 0xF3, 0x7F, 0xD2, 0x41, 0x28, 0xFC, + 0x52, 0x27, 0xB5, 0x88, + /* ICV */ + 0x64, 0x3C, 0x67, 0xD7, 0xB8, 0xC1, 0xAF, 0x15, + 0x82, 0x5F, 0x06, 0x4F, 0x5A, 0xED, 0x47, 0xC1, + }, + .len = 96, + }, +}, +{ + .test_idx = 3, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0x0, + .salt = {0}, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82 + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x35, 0x36, 0x37, 0x38, 0x39, 0x40, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, + }, + .len = 64, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x2C, + /* SL */ + 0x0, + /* PN */ + 0x0, 0x0, 0x0, 0x3, + /* SCI */ + 0xFE, 0x2F, 0xCD, 0x14, 0x24, 0x1B, 0x88, 0x2C, + /* Secure Data */ + 0x16, 0x6E, 0x74, 0xE5, 0xF7, 0x49, 0xCC, 0x42, + 0x06, 0x30, 0x99, 0x60, 0x10, 0xAA, 0xB3, 0xEC, + 0x3C, 0xEF, 0x6C, 0x7D, 0x72, 0x93, 0x61, 0x28, + 0x39, 0x8E, 0x6B, 0x5C, 0x6C, 0x9E, 0xCA, 0x86, + 0x70, 0x5A, 0x95, 0x98, 0x0F, 0xB2, 0xC8, 0x05, + 0xD6, 0xC9, 0xBA, 0x9A, 0xCF, 0x7B, 0x5F, 0xD0, + 0xAE, 0x50, 0x66, 0x7D, + /* ICV */ + 0xC8, 0xF1, 0x4A, 0x10, 0x8A, 0xFF, 0x64, 0x6C, + 0xC7, 0x18, 0xC2, 0x7A, 0x16, 0x1A, 0x0D, 0xCA, + }, + .len = 96, + }, +}, +{ + .test_idx = 4, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0x0, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0xFF, 0xFF, 0xFF, 0xFE, + /* Secure Data */ + 0xA4, 0x80, 0xA4, 0x24, 0xD3, 0xCB, 0x3B, 0x05, + 0xD5, 0x5B, 0x48, 0xE0, 0x23, 0xEA, 0x8C, 0x11, + 0xE2, 0xB6, 0xE9, 0x69, 0x39, 0x40, 0xA6, 0xEA, + 0xC9, 0xCD, 0xF9, 0xD8, 0x85, 0x8C, 0xD6, 0xFA, + 0xB6, 0x9A, 0xE2, 0x37, 0xAA, 0x0C, 0x02, 0x2C, + 0xB8, 0xC1, + /* ICV */ + 0xE3, 0x36, 0x34, 0x7A, 0x7C, 0x00, 0x71, 0x1F, + 0xAC, 0x04, 0x48, 0x82, 0x64, 0xD2, 0xDF, 0x58, + }, + .len = 78, + }, +}, +{ + .test_idx = 5, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0x1, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x00, 0x00, 0x00, 0x62, + /* Secure Data */ + 0x62, 0x62, 0x9E, 0x43, 0x59, 0x0C, 0xC6, 0x33, + 0x26, 0x3C, 0xBF, 0x93, 0x5D, 0xE2, 0x8A, 0x7F, + 0x96, 0xB4, 0xF7, 0x08, 0xEA, 0x9A, 0xA8, 0x88, + 0xB4, 0xE8, 0xBE, 0x8D, 0x28, 0x84, 0xE0, 0x16, + 0x08, 0x92, 0xB0, 0xAB, 0x76, 0x60, 0xEA, 0x05, + 0x74, 0x79, + /* ICV */ + 0x8E, 0x5D, 0x81, 0xA6, 0x3F, 0xDF, 0x39, 0xB8, + 0x19, 0x33, 0x73, 0x09, 0xCE, 0xC1, 0xAF, 0x85, + }, + .len = 78, + }, +}, +{ + .test_idx = 6, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0x1, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x00, 0x00, 0x00, 0x58, + /* Secure Data */ + 0xC7, 0xDC, 0xF4, 0xC9, 0x8C, 0x59, 0x6E, 0x96, + 0x3D, 0x4B, 0x89, 0xB3, 0xF3, 0x8D, 0x5D, 0x99, + 0x4E, 0xDF, 0x48, 0x74, 0x02, 0x25, 0x93, 0xB4, + 0x12, 0xFB, 0x0F, 0x28, 0xA5, 0x02, 0x78, 0xAC, + 0x0B, 0x14, 0xF1, 0xAC, 0x1C, 0x0C, 0x80, 0x37, + 0x6B, 0x44, + /* ICV */ + 0x47, 0x5A, 0xEE, 0x37, 0xFC, 0x6E, 0xDE, 0xB9, + 0x14, 0x0E, 0xBD, 0x22, 0x05, 0x12, 0x00, 0x52, + }, + .len = 78, + }, +}, +{ + .test_idx = 7, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .ssci = 0x7A30C118, + .xpn = 0x1, /* Most significant 32 bits */ + .salt = { + 0xE6, 0x30, 0xE8, 0x1A, 0x48, 0xDE, + 0x86, 0xA2, 0x1C, 0x66, 0xFA, 0x6D, + }, + .sa_key = { + .data = { + 0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE, + 0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* User Data */ + 0x08, 0x00, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, + 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, + 0x00, 0x04, + }, + .len = 54, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xE2, 0x01, 0x06, 0xD7, 0xCD, 0x0D, + /* MAC SA */ + 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x4C, + /* SL */ + 0x2A, + /* PN */ + 0x00, 0x00, 0x00, 0x02, + /* Secure Data */ + 0xDD, 0x86, 0x37, 0x48, 0x11, 0xF3, 0xA8, 0x96, + 0x25, 0x3A, 0xD9, 0xBE, 0x7C, 0x62, 0x72, 0xD6, + 0x43, 0x70, 0xB6, 0x92, 0x04, 0x25, 0x46, 0xC1, + 0x17, 0xBC, 0x14, 0xE1, 0x09, 0x4C, 0x04, 0x94, + 0x51, 0x1F, 0x6E, 0x89, 0x32, 0x13, 0x4B, 0xAC, + 0x2A, 0x60, + /* ICV */ + 0x96, 0xC0, 0xB4, 0xA4, 0xC7, 0xEC, 0xF5, 0xEF, + 0x5E, 0x51, 0x22, 0x14, 0xF8, 0x70, 0xA0, 0x22, + }, + .len = 78, + }, +}, +}; + #endif From patchwork Wed Jun 7 15:19:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 128337 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C239842C4E; Wed, 7 Jun 2023 17:21:35 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1980C42D8A; Wed, 7 Jun 2023 17:20:44 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 0B73842D8A for ; Wed, 7 Jun 2023 17:20:42 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357Dvj81028182; Wed, 7 Jun 2023 08:20:40 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=gpTNqadLwaQDUBute+utB0lopgWYbTl+2Okvlix74Iw=; b=CCfCQw8+t2yfb9oGyUejcRfrVURPTj3qiWH+Hp5/wPxO3Iz2URnJE4xROoo6uabTs31j 3gatrQ0F+o+TiNIOYn8YrzlA4khzyuhBxzLtQ/nFilEE5xTbh4HgZ1I3dEAuEfJV/4PT GqL/Hs1M/hogfo60rsjjsXegJI2WIGaZGy8rk6fRAmy0n6Xw4qYn6vRo1tbHt3a2cwyy XhEokRchm7kVTnUJ524Hv8ENdAe6DkB+gX6F+FTI/1Xgl5aBZ5q3oRM/vIbwQKA+hgzO Ybh9oR9qHBJ8cVJj7avX34dGp0bfdO8mwp4KLpxSbfWJjOvyx03bBJcvKOxCHN8bZfAE 9g== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv6cp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 08:20:39 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 08:20:38 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 08:20:38 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id E217E3F7084; Wed, 7 Jun 2023 08:20:34 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 13/13] test/security: remove no MACsec support case Date: Wed, 7 Jun 2023 20:49:40 +0530 Message-ID: <20230607151940.223417-14-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com> References: <20230523194918.1940212-1-gakhil@marvell.com> <20230607151940.223417-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: FRGPbsi2RaO6LL-AAi-dlIgYs_XuUf2e X-Proofpoint-GUID: FRGPbsi2RaO6LL-AAi-dlIgYs_XuUf2e X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Removed the test_capability_get_no_support_for_macsec case as MACsec is now supported and capability can have valid MACsec support. Signed-off-by: Akhil Goyal --- app/test/test_security.c | 37 ------------------------------------- 1 file changed, 37 deletions(-) diff --git a/app/test/test_security.c b/app/test/test_security.c index e4ddcefe40..4783cd0663 100644 --- a/app/test/test_security.c +++ b/app/test/test_security.c @@ -1828,41 +1828,6 @@ test_capability_get_no_matching_protocol(void) return TEST_SUCCESS; } -/** - * Test execution of rte_security_capability_get when macsec protocol - * is searched and capabilities table contain proper entry. - * However macsec records search is not supported in rte_security. - */ -static int -test_capability_get_no_support_for_macsec(void) -{ - struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_capability_idx idx = { - .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, - .protocol = RTE_SECURITY_PROTOCOL_MACSEC, - }; - struct rte_security_capability capabilities[] = { - { - .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, - .protocol = RTE_SECURITY_PROTOCOL_MACSEC, - }, - { - .action = RTE_SECURITY_ACTION_TYPE_NONE, - }, - }; - - mock_capabilities_get_exp.device = NULL; - mock_capabilities_get_exp.ret = capabilities; - - const struct rte_security_capability *ret; - ret = rte_security_capability_get(&ut_params->ctx, &idx); - TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, - ret, NULL, "%p"); - TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); - - return TEST_SUCCESS; -} - /** * Test execution of rte_security_capability_get when capabilities table * does not contain entry with matching ipsec proto field @@ -2319,8 +2284,6 @@ static struct unit_test_suite security_testsuite = { test_capability_get_no_matching_action), TEST_CASE_ST(ut_setup_with_session, ut_teardown, test_capability_get_no_matching_protocol), - TEST_CASE_ST(ut_setup_with_session, ut_teardown, - test_capability_get_no_support_for_macsec), TEST_CASE_ST(ut_setup_with_session, ut_teardown, test_capability_get_ipsec_mismatch_proto), TEST_CASE_ST(ut_setup_with_session, ut_teardown,