From patchwork Fri Apr 8 10:16:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 109509 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0520FA0501; Fri, 8 Apr 2022 12:16:52 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A716E40E5A; Fri, 8 Apr 2022 12:16:50 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 5FD1240E5A for ; Fri, 8 Apr 2022 12:16:49 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 238614jF024820; Fri, 8 Apr 2022 03:16:48 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=VGudKRg7K4BGOw7kUp7vtdkalcKTfNoisSOwBVg4mMY=; b=doet1hWhJnd2eD4tfO0AR3BTmDmFtatto5wHz3ZC/hCnM0EmElYFXcu9NtChi/viAzSY NFtyaI3uwIxUKUUdSC5ctMkF0za0Hq8Sf5HBkznTACHtb0HMcNJ0YR2skG7Iz+HwNK5i QpPGRdkDcfZb/1UujDtvddljWJfg7+X0KbbZdskvTVeYrrOQxBT9dZeMiNIPe+3Uyo+g UIb0gmKxldkbF7hkA4zkUO8A+aUQLbEQH1q/nA5vvgU4YkUSfaVaxQLcY76EYw7X/fCH cWdOsj4yoHSGHKBNwUnFgk336HOPAOouWNsIZZ50p5EeW9VBGORsqNPDoar5HNBVOrTH cQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3f9r5wfv2q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 08 Apr 2022 03:16:48 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 8 Apr 2022 03:16:47 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Fri, 8 Apr 2022 03:16:47 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 8A7C83F704D; Fri, 8 Apr 2022 03:16:43 -0700 (PDT) From: Archana Muniganti To: , , , , CC: Archana Muniganti , , , , , Subject: [PATCH 1/3] test/crypto: add AH under combined mode UT Date: Fri, 8 Apr 2022 15:46:23 +0530 Message-ID: <20220408101625.12020-2-marchana@marvell.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220408101625.12020-1-marchana@marvell.com> References: <20220408101625.12020-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 5ssRHvGEiOva2W_fmUGKUhR6Ybc7s52e X-Proofpoint-ORIG-GUID: 5ssRHvGEiOva2W_fmUGKUhR6Ybc7s52e X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-04-08_03,2022-04-08_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added auth only and null cipher + auth under combined mode for following combinations. 1. Tunnel IPv4 2. Transport IPv4 Signed-off-by: Archana Muniganti --- app/test/test_cryptodev.c | 97 ++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 74 +++++++++++++++--- app/test/test_cryptodev_security_ipsec.h | 8 ++ doc/guides/rel_notes/release_22_03.rst | 3 + 4 files changed, 172 insertions(+), 10 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index a0c8926776..eda4a5b6f1 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -845,6 +845,7 @@ ipsec_proto_testsuite_setup(void) } test_ipsec_alg_list_populate(); + test_ipsec_ah_alg_list_populate(); /* * Stop the device. Device would be started again by individual test @@ -9238,6 +9239,19 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], "Crypto capabilities not supported\n"); return TEST_SKIPPED; } + } else if (td[0].auth_only) { + memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth, + sizeof(ut_params->auth_xform)); + ut_params->auth_xform.auth.key.data = td[0].auth_key.data; + + if (test_ipsec_crypto_caps_auth_verify( + sec_cap, + &ut_params->auth_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, + "Auth crypto capabilities not supported\n"); + return TEST_SKIPPED; + } } else { memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher, sizeof(ut_params->cipher_xform)); @@ -9281,6 +9295,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len); sess_conf.ipsec = ipsec_xform; sess_conf.crypto_xform = &ut_params->aead_xform; + } else if (td[0].auth_only) { + sess_conf.ipsec = ipsec_xform; + sess_conf.crypto_xform = &ut_params->auth_xform; } else { sess_conf.ipsec = ipsec_xform; if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { @@ -9526,6 +9543,52 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) return TEST_SKIPPED; } +static int +test_ipsec_ah_proto_all(const struct ipsec_test_flags *flags) +{ + struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + unsigned int i, nb_pkts = 1, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(ah_alg_list); i++) { + test_ipsec_td_prepare(ah_alg_list[i].param1, + ah_alg_list[i].param2, + flags, + td_outb, + nb_pkts); + + ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_ipsec_td_update(td_inb, td_outb, nb_pkts, flags); + + ret = test_ipsec_proto_process(td_inb, NULL, nb_pkts, true, + flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_ipsec_display_alg(ah_alg_list[i].param1, + ah_alg_list[i].param2); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + static int test_ipsec_proto_display_list(const void *data __rte_unused) { @@ -9538,6 +9601,32 @@ test_ipsec_proto_display_list(const void *data __rte_unused) return test_ipsec_proto_all(&flags); } +static int +test_ipsec_proto_ah_tunnel_ipv4(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ah = true; + flags.display_alg = true; + + return test_ipsec_ah_proto_all(&flags); +} + +static int +test_ipsec_proto_ah_transport_ipv4(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ah = true; + flags.transport = true; + + return test_ipsec_ah_proto_all(&flags); +} + static int test_ipsec_proto_iv_gen(const void *data __rte_unused) { @@ -15047,6 +15136,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_ipsec_proto_display_list), + TEST_CASE_NAMED_ST( + "Combined test alg list (AH)", + ut_setup_security, ut_teardown, + test_ipsec_proto_ah_tunnel_ipv4), TEST_CASE_NAMED_ST( "IV generation", ut_setup_security, ut_teardown, @@ -15107,6 +15200,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Transport IPv4", ut_setup_security, ut_teardown, test_ipsec_proto_transport_v4), + TEST_CASE_NAMED_ST( + "AH transport IPv4", + ut_setup_security, ut_teardown, + test_ipsec_proto_ah_transport_ipv4), TEST_CASE_NAMED_ST( "Transport l4 checksum", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index f66360f4c4..6098c3edc3 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -21,6 +21,8 @@ struct crypto_param_comb alg_list[RTE_DIM(aead_list) + (RTE_DIM(cipher_list) * RTE_DIM(auth_list))]; +struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)]; + static bool is_valid_ipv4_pkt(const struct rte_ipv4_hdr *pkt) { @@ -75,6 +77,26 @@ test_ipsec_alg_list_populate(void) } } +void +test_ipsec_ah_alg_list_populate(void) +{ + unsigned long i, index = 0; + + for (i = 1; i < RTE_DIM(auth_list); i++) { + ah_alg_list[index].param1 = &auth_list[i]; + ah_alg_list[index].param2 = NULL; + index++; + } + + for (i = 1; i < RTE_DIM(auth_list); i++) { + /* NULL cipher */ + ah_alg_list[index].param1 = &cipher_list[0]; + + ah_alg_list[index].param2 = &auth_list[i]; + index++; + } +} + int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, @@ -381,17 +403,34 @@ test_ipsec_td_prepare(const struct crypto_param *param1, sizeof(*td)); td->aead = false; - td->xform.chain.cipher.cipher.algo = param1->alg.cipher; - td->xform.chain.cipher.cipher.key.length = - param1->key_length; - td->xform.chain.cipher.cipher.iv.length = - param1->iv_length; - td->xform.chain.auth.auth.algo = param2->alg.auth; - td->xform.chain.auth.auth.key.length = - param2->key_length; - td->xform.chain.auth.auth.digest_length = - param2->digest_length; + if (param1->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + td->xform.chain.auth.auth.algo = + param1->alg.auth; + td->xform.chain.auth.auth.key.length = + param1->key_length; + td->xform.chain.auth.auth.digest_length = + param1->digest_length; + td->auth_only = true; + } else { + td->xform.chain.cipher.cipher.algo = + param1->alg.cipher; + td->xform.chain.cipher.cipher.key.length = + param1->key_length; + td->xform.chain.cipher.cipher.iv.length = + param1->iv_length; + td->xform.chain.auth.auth.algo = + param2->alg.auth; + td->xform.chain.auth.auth.key.length = + param2->key_length; + td->xform.chain.auth.auth.digest_length = + param2->digest_length; + } + } + + if (flags->ah) { + td->ipsec_xform.proto = + RTE_SECURITY_IPSEC_SA_PROTO_AH; } if (flags->iv_gen) @@ -499,6 +538,11 @@ test_ipsec_display_alg(const struct crypto_param *param1, printf("\t%s [%d]", rte_crypto_aead_algorithm_strings[param1->alg.aead], param1->key_length * 8); + } else if (param1->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + printf("\t%s", + rte_crypto_auth_algorithm_strings[param1->alg.auth]); + if (param1->alg.auth != RTE_CRYPTO_AUTH_NULL) + printf(" [%dB ICV]", param1->digest_length); } else { printf("\t%s", rte_crypto_cipher_algorithm_strings[param1->alg.cipher]); @@ -832,6 +876,11 @@ test_ipsec_iph4_hdr_validate(const struct rte_ipv4_hdr *iph4, return -1; } + if (flags->ah && iph4->next_proto_id != IPPROTO_AH) { + printf("Tunnel outer header proto is not AH\n"); + return -1; + } + f_off = rte_be_to_cpu_16(iph4->fragment_offset); if (flags->df == TEST_IPSEC_COPY_DF_INNER_1 || flags->df == TEST_IPSEC_SET_DF_1_INNER_0) { @@ -934,6 +983,11 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, printf("Transport packet is not IPv4\n"); return TEST_FAILED; } + + if (flags->ah && iph4->next_proto_id != IPPROTO_AH) { + printf("Transport IPv4 header proto is not AH\n"); + return -1; + } } } else { if (td->ipsec_xform.tunnel.type == diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 7529d2ae50..fa7bb06022 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -40,6 +40,9 @@ struct ipsec_test_data { struct rte_security_ipsec_xform ipsec_xform; bool aead; + + bool auth_only; + /* Antireplay packet */ bool ar_packet; @@ -88,6 +91,7 @@ struct ipsec_test_flags { enum df_flags df; enum dscp_flags dscp; bool dec_ttl_or_hop_limit; + bool ah; }; struct crypto_param { @@ -198,8 +202,12 @@ extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) + (RTE_DIM(cipher_list) * RTE_DIM(auth_list))]; +extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)]; + void test_ipsec_alg_list_populate(void); +void test_ipsec_ah_alg_list_populate(void); + int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, bool silent); diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst index 0923707cb8..9eaf9919ca 100644 --- a/doc/guides/rel_notes/release_22_03.rst +++ b/doc/guides/rel_notes/release_22_03.rst @@ -190,6 +190,9 @@ New Features Crypto producer mode helps to measure performance of OP_NEW and OP_FORWARD modes of event crypto adapter. +* **Updated lookaside protocol (IPsec) tests in dpdk-test.** + + * Added tests to verify IPSec AH in combined mode. Removed Items ------------- From patchwork Fri Apr 8 10:16:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 109510 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DAA46A0501; Fri, 8 Apr 2022 12:16:57 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9D7F241144; Fri, 8 Apr 2022 12:16:55 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id BD4B14003F for ; Fri, 8 Apr 2022 12:16:53 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 2387M34E010018; Fri, 8 Apr 2022 03:16:53 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=RzwsT3e8/N/hz0ZYTEL4aN78jtHIxGOl10yCagoekkg=; b=SCxdUpQaUHEY70g8yVVaYZoqUhdOyECQN1Bx6/6isYYKMNSnLBEwctFP6WBkfx5JTJ7d cCSLLklDjnB7KvmV9j3VK0QpKS2uxpToORXP44PmKDC/DoIW8Pqo1nM4xPd6QgCDymGW CxNYl0qZn0hZOUwmKY3uIzdNzA9D1o4snG8MiEE6Ig0z2thKDwd+oCP+FfHFQKoQlIXZ zYBH8XDT/ESLZ6jsSZDjWtZUxkIFryKDkaBgCg11NBf4VebESdXQRLjargDk5yo5LYjC HENGSdyExLSVLGh9YzBkuNZBX6k+otWVMFMOjWQ8Ry4iXOmBJjFcCjZ6mesMdY6tWEZH tw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3f9r7eqjvh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 08 Apr 2022 03:16:52 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Fri, 8 Apr 2022 03:16:50 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Fri, 8 Apr 2022 03:16:50 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 6B1613F705E; Fri, 8 Apr 2022 03:16:47 -0700 (PDT) From: Archana Muniganti To: , , , , CC: Archana Muniganti , , , , , Subject: [PATCH 2/3] test/crypto: add AH test vectors Date: Fri, 8 Apr 2022 15:46:24 +0530 Message-ID: <20220408101625.12020-3-marchana@marvell.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220408101625.12020-1-marchana@marvell.com> References: <20220408101625.12020-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: V3f48My165tN7hOfp5_5_BCjlyMisebE X-Proofpoint-ORIG-GUID: V3f48My165tN7hOfp5_5_BCjlyMisebE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-04-08_03,2022-04-08_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added tunnel and transport AH known test vectors for SHA256 HMAC. Signed-off-by: Archana Muniganti --- app/test/test_cryptodev.c | 33 ++- ...st_cryptodev_security_ipsec_test_vectors.h | 210 ++++++++++++++++++ doc/guides/rel_notes/release_22_03.rst | 1 + 3 files changed, 240 insertions(+), 4 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index eda4a5b6f1..e152d45e1c 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9139,6 +9139,8 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], 0x0000, 0x001a}; uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174, 0xe82c, 0x4887}; + const struct rte_ipv4_hdr *ipv4 = + (const struct rte_ipv4_hdr *)td[0].output_text.data; struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; struct rte_security_capability_idx sec_cap_idx; @@ -9147,11 +9149,10 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], uint8_t dev_id = ts_params->valid_devs[0]; enum rte_security_ipsec_sa_direction dir; struct ipsec_test_data *res_d_tmp = NULL; - uint32_t src = RTE_IPV4(192, 168, 1, 0); - uint32_t dst = RTE_IPV4(192, 168, 1, 1); int salt_len, i, ret = TEST_SUCCESS; struct rte_security_ctx *ctx; uint8_t *input_text; + uint32_t src, dst; uint32_t verify; ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; @@ -9165,6 +9166,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], dir = ipsec_xform.direction; verify = flags->tunnel_hdr_verify; + memcpy(&src, &ipv4->src_addr, sizeof(ipv4->src_addr)); + memcpy(&dst, &ipv4->dst_addr, sizeof(ipv4->dst_addr)); + if ((dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && verify) { if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR) src += 1; @@ -9431,8 +9435,9 @@ test_ipsec_proto_known_vec(const void *test_data) memcpy(&td_outb, test_data, sizeof(td_outb)); - if (td_outb.aead || - td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL) { + if ((td_outb.ipsec_xform.proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) && + (td_outb.aead || (td_outb.xform.chain.cipher.cipher.algo != + RTE_CRYPTO_CIPHER_NULL))) { /* Disable IV gen to be able to test with known vectors */ td_outb.ipsec_xform.options.iv_gen_disable = 1; } @@ -15082,6 +15087,16 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_known_vec, &pkt_null_aes_xcbc), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (AH tunnel mode IPv4 HMAC-SHA256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_ah_tunnel_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (AH transport mode IPv4 HMAC-SHA256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_ah_transport_sha256), TEST_CASE_NAMED_WITH_DATA( "Outbound fragmented packet", ut_setup_security, ut_teardown, @@ -15132,6 +15147,16 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_null_aes_xcbc), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (AH tunnel mode IPv4 HMAC-SHA256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_ah_tunnel_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (AH transport mode IPv4 HMAC-SHA256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_ah_transport_sha256), TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h index fe2fd855df..f50986e9b4 100644 --- a/app/test/test_cryptodev_security_ipsec_test_vectors.h +++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h @@ -1153,4 +1153,214 @@ struct ipsec_test_data pkt_null_aes_xcbc = { }, }; +struct ipsec_test_data pkt_ah_tunnel_sha256 = { + .auth_key = { + .data = { + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, + .len = 128, + }, + .output_text = { + .data = { + /* IP outer header */ + 0x45, 0x00, 0x00, 0xb0, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x33, 0x59, 0x16, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* AH */ + 0x04, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x59, 0xfd, 0xb4, 0xdb, 0x70, 0x57, 0x4f, 0x27, + 0x72, 0xfe, 0xc9, 0xdc, 0xb2, 0xf0, 0xab, 0xea, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, + .len = 176, + }, + + .ipsec_xform = { + .spi = 0x7b, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .options.tunnel_hdr_verify = 0, + .options.ip_csum_enable = 0, + .options.l4_csum_enable = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .replay_win_sz = 0, + }, + + .aead = false, + .auth_only = true, + + .xform = { + .chain.auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .key.length = 32, + .digest_length = 16, + }, + }, + }, +}; + +struct ipsec_test_data pkt_ah_transport_sha256 = { + .auth_key = { + .data = { + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, + .len = 128, + }, + .output_text = { + .data = { + /* IP outer header */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, + .len = 156, + }, + + .ipsec_xform = { + .spi = 0x7b, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .options.tunnel_hdr_verify = 0, + .options.ip_csum_enable = 0, + .options.l4_csum_enable = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .replay_win_sz = 0, + }, + + .aead = false, + .auth_only = true, + + .xform = { + .chain.auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .key.length = 32, + .digest_length = 16, + }, + }, + }, +}; + #endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */ diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst index 9eaf9919ca..8874440af2 100644 --- a/doc/guides/rel_notes/release_22_03.rst +++ b/doc/guides/rel_notes/release_22_03.rst @@ -193,6 +193,7 @@ New Features * **Updated lookaside protocol (IPsec) tests in dpdk-test.** * Added tests to verify IPSec AH in combined mode. + * Added AH known test vectors for SHA256 HMAC. Removed Items ------------- From patchwork Fri Apr 8 10:16:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 109511 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1579EA0501; Fri, 8 Apr 2022 12:17:06 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BCE32427ED; Fri, 8 Apr 2022 12:16:58 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 1C9DF427F3 for ; Fri, 8 Apr 2022 12:16:56 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 2384tDtW024137; Fri, 8 Apr 2022 03:16:56 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=xRoBppB/rMpBD5tdAA94kVCHuShxDD3fj1cALAXM5GE=; b=AASBrwGjjojsp0v6M0GJYydZ8kQkKWYKK51tch5v/f53DWM5WFg3c7AmhpYx2f1zrQMU bbMhufDlZUXQuOi+53gbV6rlYSdoU0ZJaqXtQVo1/kphqWpU2qGKmYoNFJtC/g97N8Un Iy7ERy9//RSNU2lgver7bD0J6beXS45NiwRMTGNBhJtFf9CipD+mXpOApyThrSOT+LP0 v/HxmG5B8rNpnJKcrwDAsswVaeRd8wlTI+g47hxmMklfIlDB5RyXmrmXXcNSxyVJEzvt VHVu/rsawMlo/5D1icQdrHWyxZozHZt/UlPHMQ1jvHMUpggxv+Wb08+QaWihfKv20fBK 2g== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3f9r5wfv38-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 08 Apr 2022 03:16:55 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 8 Apr 2022 03:16:54 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Fri, 8 Apr 2022 03:16:54 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 369083F704D; Fri, 8 Apr 2022 03:16:50 -0700 (PDT) From: Archana Muniganti To: , , , , CC: Archana Muniganti , , , , , Subject: [PATCH 3/3] test/crypto: add AH AES-GMAC test vectors Date: Fri, 8 Apr 2022 15:46:25 +0530 Message-ID: <20220408101625.12020-4-marchana@marvell.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220408101625.12020-1-marchana@marvell.com> References: <20220408101625.12020-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 6q7rNoCiErIB4gFq11xRsTAN8A5VQYKf X-Proofpoint-ORIG-GUID: 6q7rNoCiErIB4gFq11xRsTAN8A5VQYKf X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-04-08_03,2022-04-08_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added AES_GMAC test vectors along with combined mode support. Signed-off-by: Archana Muniganti --- app/test/test_cryptodev.c | 26 +++- app/test/test_cryptodev_security_ipsec.c | 12 ++ app/test/test_cryptodev_security_ipsec.h | 9 ++ ...st_cryptodev_security_ipsec_test_vectors.h | 116 ++++++++++++++++++ doc/guides/rel_notes/release_22_03.rst | 1 + 5 files changed, 160 insertions(+), 4 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index e152d45e1c..f444144cc6 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9294,9 +9294,12 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], .protocol = RTE_SECURITY_PROTOCOL_IPSEC, }; - if (td[0].aead) { + if (td[0].aead || td[0].aes_gmac) { salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len); memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len); + } + + if (td[0].aead) { sess_conf.ipsec = ipsec_xform; sess_conf.crypto_xform = &ut_params->aead_xform; } else if (td[0].auth_only) { @@ -9377,6 +9380,8 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], if (td[i].aead) len = td[i].xform.aead.aead.iv.length; + else if (td[i].aes_gmac) + len = td[i].xform.chain.auth.auth.iv.length; else len = td[i].xform.chain.cipher.cipher.iv.length; @@ -9435,9 +9440,9 @@ test_ipsec_proto_known_vec(const void *test_data) memcpy(&td_outb, test_data, sizeof(td_outb)); - if ((td_outb.ipsec_xform.proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) && - (td_outb.aead || (td_outb.xform.chain.cipher.cipher.algo != - RTE_CRYPTO_CIPHER_NULL))) { + if (td_outb.aes_gmac || td_outb.aead || + ((td_outb.ipsec_xform.proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) && + (td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL))) { /* Disable IV gen to be able to test with known vectors */ td_outb.ipsec_xform.options.iv_gen_disable = 1; } @@ -9506,6 +9511,9 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) cipher_alg = td_outb->xform.chain.cipher.cipher.algo; auth_alg = td_outb->xform.chain.auth.auth.algo; + if (td_outb->aes_gmac && cipher_alg != RTE_CRYPTO_CIPHER_NULL) + continue; + /* ICV is not applicable for NULL auth */ if (flags->icv_corrupt && auth_alg == RTE_CRYPTO_AUTH_NULL) @@ -15097,6 +15105,11 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_known_vec, &pkt_ah_transport_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (AH transport mode IPv4 AES-GMAC 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_ah_ipv4_aes_gmac_128), TEST_CASE_NAMED_WITH_DATA( "Outbound fragmented packet", ut_setup_security, ut_teardown, @@ -15157,6 +15170,11 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_ah_transport_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (AH transport mode IPv4 AES-GMAC 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_ah_ipv4_aes_gmac_128), TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 6098c3edc3..14c6ba681f 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -412,6 +412,12 @@ test_ipsec_td_prepare(const struct crypto_param *param1, td->xform.chain.auth.auth.digest_length = param1->digest_length; td->auth_only = true; + + if (td->xform.chain.auth.auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + td->xform.chain.auth.auth.iv.length = + param1->iv_length; + td->aes_gmac = true; + } } else { td->xform.chain.cipher.cipher.algo = param1->alg.cipher; @@ -425,6 +431,12 @@ test_ipsec_td_prepare(const struct crypto_param *param1, param2->key_length; td->xform.chain.auth.auth.digest_length = param2->digest_length; + + if (td->xform.chain.auth.auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + td->xform.chain.auth.auth.iv.length = + param2->iv_length; + td->aes_gmac = true; + } } } diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index fa7bb06022..0d9b5b6e2e 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -41,6 +41,8 @@ struct ipsec_test_data { bool aead; + bool aes_gmac; + bool auth_only; /* Antireplay packet */ @@ -186,6 +188,13 @@ static const struct crypto_param auth_list[] = { .key_length = 16, .digest_length = 12, }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_AES_GMAC, + .key_length = 16, + .digest_length = 16, + .iv_length = 12, + }, }; struct crypto_param_comb { diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h index f50986e9b4..5c5b0445ee 100644 --- a/app/test/test_cryptodev_security_ipsec_test_vectors.h +++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h @@ -1363,4 +1363,120 @@ struct ipsec_test_data pkt_ah_transport_sha256 = { }, }; +struct ipsec_test_data pkt_ah_ipv4_aes_gmac_128 = { + .auth_key = { + .data = { + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, + .len = 128, + }, + .output_text = { + .data = { + /* IP outer header */ + 0x45, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd1, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xd6, 0x0e, 0xcc, 0x22, 0x31, 0x79, 0x59, 0x72, + 0x68, 0xc9, 0x58, 0xfb, 0x8b, 0xb0, 0xbb, 0xd5, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, + .len = 164, + }, + .salt = { + .data = { + 0xca, 0xfe, 0xba, 0xbe, + }, + .len = 4, + }, + + .iv = { + .data = { + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }, + }, + + .ipsec_xform = { + .spi = 0x7b, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .options.tunnel_hdr_verify = 0, + .options.ip_csum_enable = 0, + .options.l4_csum_enable = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .replay_win_sz = 0, + }, + + .aead = false, + .aes_gmac = true, + .auth_only = true, + + .xform = { + .chain.auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .key.length = 16, + .digest_length = 16, + .iv.length = 12, + .iv.offset = IV_OFFSET, + }, + }, + }, +}; + #endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */ diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst index 8874440af2..d5ce99c1f3 100644 --- a/doc/guides/rel_notes/release_22_03.rst +++ b/doc/guides/rel_notes/release_22_03.rst @@ -194,6 +194,7 @@ New Features * Added tests to verify IPSec AH in combined mode. * Added AH known test vectors for SHA256 HMAC. + * Added AH known test vectors for AES-GMAC along with combined mode. Removed Items -------------