From patchwork Wed Jun  7 15:19:33 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Akhil Goyal <gakhil@marvell.com>
X-Patchwork-Id: 128330
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 44E3742C4E;
	Wed,  7 Jun 2023 17:20:44 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 96ABA42D43;
	Wed,  7 Jun 2023 17:20:19 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 8B85842D3B
 for <dev@dpdk.org>; Wed,  7 Jun 2023 17:20:16 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 357Dvh26028140; Wed, 7 Jun 2023 08:20:13 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=9vWB4HFHTI/raG/K2iTBCHT1fYmJu84ImOh4fllrxTo=;
 b=GZRiQWAnXPY57LDOV/aBkg9NsjcC6j6+r4JPqC27KyHmBswAum6ppAtKVacjSuH1T7C+
 dbe0ERUB9sA4yeFaWqAnZZZgCPqAKdHBHUILrK9pNyvOpfBSIwV4V/OFEJj+gygqshld
 +pZ2cf4+MLecv4itmH1sWYRFKYMV05etxz9oQrNUGdIjBxcu/6OLOF9zV/NRI+JbweIQ
 ZZ5QGlj5r88PrqRxnn4/FI6zy11B5kcQgYdu37uGDUfjvTcqbmfHR4qcoPxFPV5H7LbY
 Y6JWe2Ox+rmM2lMkV97snU9vlf5+rC+v7R7kektBBSgYO2dnkvE3Qkzin0bkn1tmeyO8 fQ==
Received: from dc5-exch02.marvell.com ([199.233.59.182])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv695-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Wed, 07 Jun 2023 08:20:13 -0700
Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Wed, 7 Jun 2023 08:20:11 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Wed, 7 Jun 2023 08:20:11 -0700
Received: from localhost.localdomain (unknown [10.28.36.102])
 by maili.marvell.com (Postfix) with ESMTP id 047263F708C;
 Wed,  7 Jun 2023 08:20:07 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
CC: <thomas@monjalon.net>, <olivier.matz@6wind.com>, <orika@nvidia.com>,
 <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>,
 <vattunuru@marvell.com>, <ferruh.yigit@amd.com>,
 <andrew.rybchenko@oktetlabs.ru>, <jerinj@marvell.com>,
 <adwivedi@marvell.com>, Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH v2 06/13] test/security: add MACsec VLAN cases
Date: Wed, 7 Jun 2023 20:49:33 +0530
Message-ID: <20230607151940.223417-7-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230607151940.223417-1-gakhil@marvell.com>
References: <20230523194918.1940212-1-gakhil@marvell.com>
 <20230607151940.223417-1-gakhil@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: 45qF4yMGUSYF-JVrJjQqkstmzW0M9h7V
X-Proofpoint-GUID: 45qF4yMGUSYF-JVrJjQqkstmzW0M9h7V
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26
 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Added cases to verify MACsec processing with VLAN
tags inserted. Vectors are added to verify 1/2/3
VLAN tags in clear or encrypted data.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 app/test/test_security_inline_macsec.c        |  67 ++++++
 .../test_security_inline_macsec_vectors.h     | 217 ++++++++++++++++++
 2 files changed, 284 insertions(+)

diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c
index 621074a928..854ead75a0 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -1119,6 +1119,69 @@ test_inline_macsec_multi_flow(const void *data __rte_unused)
 	return err;
 }
 
+static int
+test_inline_macsec_with_vlan(const void *data __rte_unused)
+{
+	const struct mcs_test_vector *cur_td;
+	struct mcs_test_opts opts = {0};
+	int err, all_err = 0;
+	int i, size;
+
+	opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+	opts.protect_frames = true;
+	opts.sa_in_use = 1;
+	opts.nb_td = 1;
+	opts.mtu = RTE_ETHER_MTU;
+
+	size = (sizeof(list_mcs_vlan_vectors) / sizeof((list_mcs_vlan_vectors)[0]));
+
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_vlan_vectors[i];
+		if (i == 0) {
+			opts.sectag_insert_mode = 1;
+		} else if (i == 1) {
+			opts.sectag_insert_mode = 0; /* offset from special E-type */
+			opts.nb_vlan = 1;
+		} else if (i == 2) {
+			opts.sectag_insert_mode = 0; /* offset from special E-type */
+			opts.nb_vlan = 2;
+		}
+		err = test_macsec(&cur_td, MCS_ENCAP, &opts);
+		if (err) {
+			printf("\n VLAN Encap case %d failed", cur_td->test_idx);
+			err = -1;
+		} else {
+			printf("\n VLAN Encap case %d passed", cur_td->test_idx);
+			err = 0;
+		}
+		all_err += err;
+	}
+	for (i = 0; i < size; i++) {
+		cur_td = &list_mcs_vlan_vectors[i];
+		if (i == 0) {
+			opts.sectag_insert_mode = 1;
+		} else if (i == 1) {
+			opts.sectag_insert_mode = 0; /* offset from special E-type */
+			opts.nb_vlan = 1;
+		} else if (i == 2) {
+			opts.sectag_insert_mode = 0; /* offset from special E-type */
+			opts.nb_vlan = 2;
+		}
+		err = test_macsec(&cur_td, MCS_DECAP, &opts);
+		if (err) {
+			printf("\n VLAN Decap case %d failed", cur_td->test_idx);
+			err = -1;
+		} else {
+			printf("\n VLAN Decap case %d passed", cur_td->test_idx);
+			err = 0;
+		}
+		all_err += err;
+	}
+
+	printf("\n%s: Success: %d, Failure: %d\n", __func__, (2 * size) + all_err, -all_err);
+	return all_err;
+}
+
 static int
 ut_setup_inline_macsec(void)
 {
@@ -1292,6 +1355,10 @@ static struct unit_test_suite inline_macsec_testsuite  = {
 			"MACsec auth + verify known vector",
 			ut_setup_inline_macsec, ut_teardown_inline_macsec,
 			test_inline_macsec_auth_verify_all),
+		TEST_CASE_NAMED_ST(
+			"MACsec Encap and decap with VLAN",
+			ut_setup_inline_macsec, ut_teardown_inline_macsec,
+			test_inline_macsec_with_vlan),
 
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	},
diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h
index 8d9c2cae77..4bcb82783c 100644
--- a/app/test/test_security_inline_macsec_vectors.h
+++ b/app/test/test_security_inline_macsec_vectors.h
@@ -2185,5 +2185,222 @@ uint8_t secure_user_data[MCS_MULTI_FLOW_TD_SECURE_DATA_SZ] = {
 		0x2A, 0x5D, 0x6C, 0x2B, 0x96, 0x04, 0x94, 0xC3,
 };
 
+static const struct mcs_test_vector list_mcs_vlan_vectors[] = {
+/* No clear tag, VLAN after macsec header */
+{
+	.test_idx = 1,
+	.alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+	.ssci = 0,
+	.xpn = 0, /* Most significant 32 bits */
+	.salt = {0},
+	.sa_key = {
+		.data = {
+			0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+			0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+		},
+		.len = 16,
+	},
+	.plain_pkt = {
+		.data = {/* MAC DA */
+			0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+			/* MAC SA */
+			0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+			/* User Data with VLAN Tag */
+			0x81, 0x00, 0x00, 0x02, 0x08, 0x00, 0x45, 0x00,
+			0x00, 0x54, 0xF2, 0xFA, 0x40, 0x00, 0x40, 0x01,
+			0xF7, 0x83, 0x14, 0x14, 0x14, 0x02, 0x14, 0x14,
+			0x14, 0x01, 0x08, 0x00, 0xE9, 0xC5, 0x02, 0xAF,
+			0x00, 0x01, 0xCB, 0x51, 0x6D, 0x38, 0x00, 0x00,
+			0x00, 0x00, 0x13, 0x2D, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
+			0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D,
+			0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
+			0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D,
+			0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+			0x36, 0x37,
+		},
+		.len = 102,
+	},
+	.secure_pkt = {
+		.data = {/* MAC DA */
+			0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+			/* MAC SA */
+			0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+			/* MACsec EtherType */
+			0x88, 0xE5,
+			/* TCI and AN */
+			0x20,
+			/* SL */
+			0x00,
+			/* PN */
+			0x00, 0x00, 0x00, 0x06,
+			/* SCI */
+			0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01,
+			/* Secure Data */
+			0x81, 0x00, 0x00, 0x02, 0x08, 0x00, 0x45, 0x00,
+			0x00, 0x54, 0xF2, 0xFA, 0x40, 0x00, 0x40, 0x01,
+			0xF7, 0x83, 0x14, 0x14, 0x14, 0x02, 0x14, 0x14,
+			0x14, 0x01, 0x08, 0x00, 0xE9, 0xC5, 0x02, 0xAF,
+			0x00, 0x01, 0xCB, 0x51, 0x6D, 0x38, 0x00, 0x00,
+			0x00, 0x00, 0x13, 0x2D, 0x01, 0x00, 0x00, 0x00,
+			0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
+			0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D,
+			0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
+			0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D,
+			0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+			0x36, 0x37,
+			/* ICV */
+			0x21, 0x68, 0xF1, 0x21, 0x19, 0xB7, 0xDF, 0x73,
+			0x6F, 0x2A, 0x11, 0xEA, 0x8A, 0xBC, 0x8A, 0x79,
+		},
+		.len = 134,
+	},
+},
+/* 1 vlan tag followed by MACsec */
+{
+	.test_idx = 2,
+	.alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+	.ssci = 0,
+	.xpn = 0, /* Most significant 32 bits */
+	.salt = {0},
+	.sa_key = {
+		.data = {
+			0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+			0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+		},
+		.len = 16,
+	},
+	.plain_pkt = {
+		.data = {/* MAC DA */
+			0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+			/* MAC SA */
+			0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+			/* User Data */
+			0x81, 0x00, 0x00, 0x02,
+			0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x88, 0x71,
+			0x40, 0x00, 0x40, 0x01, 0x62, 0x0D, 0x14, 0x14,
+			0x14, 0x02, 0x14, 0x14, 0x14, 0x01, 0x08, 0x00,
+			0x77, 0xA6, 0x02, 0xB3, 0x00, 0x01, 0xBE, 0x52,
+			0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x8C, 0x47,
+			0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11,
+			0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+			0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21,
+			0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
+			0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31,
+			0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		},
+		.len = 102,
+	},
+	.secure_pkt = {
+		.data = {/* MAC DA */
+			0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+			/* MAC SA */
+			0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+			/* VLAN Tag before MACsec */
+			0x81, 0x00, 0x00, 0x02,
+			/* MACsec EtherType */
+			0x88, 0xE5,
+			/* TCI and AN */
+			0x20,
+			/* SL */
+			0x00,
+			/* PN */
+			0x00, 0x00, 0x00, 0x07,
+			/* SCI */
+			0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01,
+			/* Secure Data */
+			0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x88, 0x71,
+			0x40, 0x00, 0x40, 0x01, 0x62, 0x0D, 0x14, 0x14,
+			0x14, 0x02, 0x14, 0x14, 0x14, 0x01, 0x08, 0x00,
+			0x77, 0xA6, 0x02, 0xB3, 0x00, 0x01, 0xBE, 0x52,
+			0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x8C, 0x47,
+			0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11,
+			0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+			0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21,
+			0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
+			0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31,
+			0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			/* ICV */
+			0xF1, 0xC0, 0xA2, 0x6E, 0x99, 0xE5, 0xAB, 0x97,
+			0x78, 0x79, 0x7D, 0x13, 0x35, 0x5E, 0x39, 0x4F,
+		},
+		.len = 134,
+	},
+},
+/* 2 vlan tag followed by MACsec */
+{
+	.test_idx = 3,
+	.alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+	.ssci = 0,
+	.xpn = 0, /* Most significant 32 bits */
+	.salt = {0},
+	.sa_key = {
+		.data = {
+			0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+			0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+		},
+		.len = 16,
+	},
+	.plain_pkt = {
+		.data = {/* MAC DA */
+			0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+			/* MAC SA */
+			0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+			/* User Data */
+			0x88, 0xA8, 0x00, 0x04, 0x81, 0x00, 0x00, 0x02,
+			0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x70, 0x5B,
+			0x40, 0x00, 0x40, 0x01, 0x29, 0xF9, 0x28, 0x28,
+			0x28, 0x04, 0x28, 0x28, 0x28, 0x01, 0x08, 0x00,
+			0x08, 0x02, 0x02, 0xE2, 0x00, 0x01, 0x60, 0x58,
+			0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x5C, 0xB7,
+			0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11,
+			0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+			0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21,
+			0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
+			0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31,
+			0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		},
+		.len = 106,
+	},
+	.secure_pkt = {
+		.data = {/* MAC DA */
+			0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+			/* MAC SA */
+			0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+			/* VLAN Tags before MACsec */
+			0x88, 0xA8, 0x00, 0x04,
+			0x81, 0x00, 0x00, 0x02,
+			/* MACsec EtherType */
+			0x88, 0xE5,
+			/* TCI and AN */
+			0x20,
+			/* SL */
+			0x00,
+			/* PN */
+			0x00, 0x00, 0x00, 0x0E,
+			/* SCI */
+			0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01,
+			/* Secure Data */
+			0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x70, 0x5B,
+			0x40, 0x00, 0x40, 0x01, 0x29, 0xF9, 0x28, 0x28,
+			0x28, 0x04, 0x28, 0x28, 0x28, 0x01, 0x08, 0x00,
+			0x08, 0x02, 0x02, 0xE2, 0x00, 0x01, 0x60, 0x58,
+			0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x5C, 0xB7,
+			0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11,
+			0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+			0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21,
+			0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
+			0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31,
+			0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			/* ICV */
+			0xCC, 0x38, 0x21, 0x3A, 0xEE, 0x5F, 0xE3, 0x7F,
+			0xA1, 0xBA, 0xBD, 0xBD, 0x65, 0x5B, 0xB3, 0xE5,
+		},
+		.len = 138,
+	},
+},
+};
+
+
 
 #endif