* [PATCH 0/6] update autotest with new algorithms
@ 2022-10-19 16:54 Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 1/6] test/security: add unit tests for DES and 3DES Tejasree Kondoj
` (5 more replies)
0 siblings, 6 replies; 8+ messages in thread
From: Tejasree Kondoj @ 2022-10-19 16:54 UTC (permalink / raw)
To: Akhil Goyal, Fan Zhang, Ciara Power
Cc: Anoob Joseph, Vidya Sagar Velumuri, dev
This series updates autotest with DES, 3DES, MD5
and custom UDP ports support.
Tejasree Kondoj (2):
test/crypto: check antireply capability only for ingress
test/crypto: add unit test for custom UDP ports
Vidya Sagar Velumuri (4):
test/security: add unit tests for DES and 3DES
test/security: add unit tests for auth algo MD5
test/security: update antireplay unit test for event mode
test/crypto: add unit tests for DES and MD5
app/test/test_cryptodev.c | 71 ++
app/test/test_cryptodev_security_ipsec.c | 83 +-
app/test/test_cryptodev_security_ipsec.h | 19 +
...st_cryptodev_security_ipsec_test_vectors.h | 1059 ++++++++++++++++-
app/test/test_security_inline_proto.c | 120 +-
5 files changed, 1286 insertions(+), 66 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/6] test/security: add unit tests for DES and 3DES
2022-10-19 16:54 [PATCH 0/6] update autotest with new algorithms Tejasree Kondoj
@ 2022-10-19 16:54 ` Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 2/6] test/security: add unit tests for auth algo MD5 Tejasree Kondoj
` (4 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Tejasree Kondoj @ 2022-10-19 16:54 UTC (permalink / raw)
To: Akhil Goyal, Fan Zhang, Ciara Power
Cc: Vidya Sagar Velumuri, Anoob Joseph, dev
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Add unit test cases and test vecotrs for DES-CBC
and 3DES-CBC.
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
app/test/test_cryptodev_security_ipsec.h | 12 +
...st_cryptodev_security_ipsec_test_vectors.h | 876 ++++++++++++++++++
app/test/test_security_inline_proto.c | 89 ++
3 files changed, 977 insertions(+)
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 67b783e637..95e86a05e0 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -150,6 +150,18 @@ static const struct crypto_param cipher_list[] = {
.key_length = 0,
.iv_length = 0,
},
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .alg.cipher = RTE_CRYPTO_CIPHER_DES_CBC,
+ .key_length = 8,
+ .iv_length = 8,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .alg.cipher = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .key_length = 24,
+ .iv_length = 8,
+ },
{
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
.alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC,
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index 5f775a241a..18ffceddce 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -955,6 +955,661 @@ struct ipsec_test_data pkt_aes_128_cbc_hmac_sha512 = {
},
};
+struct ipsec_test_data pkt_3des_cbc_hmac_sha256 = {
+ .key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+ 0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+ 0xc0, 0xa8, 0x01, 0x70,
+
+ /* UDP */
+ 0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+ 0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 50,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x45, 0x00, 0x00, 0x6c, 0x00, 0x01, 0x00, 0x00,
+ 0x40, 0x32, 0xf7, 0x0b, 0xc0, 0xa8, 0x01, 0x02,
+ 0xc0, 0xa8, 0x01, 0x01,
+
+ /* ESP */
+ 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+
+ /* IV */
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+ /* Data */
+ 0x45, 0x2a, 0x7d, 0xe8, 0x96, 0x8b, 0x6e, 0x9f,
+ 0x8e, 0xa8, 0x87, 0xf6, 0x12, 0x41, 0x61, 0x6e,
+ 0x42, 0xae, 0xd4, 0x71, 0x2a, 0x7d, 0xde, 0x46,
+ 0x24, 0xa7, 0xc8, 0xd1, 0x8a, 0x78, 0x5f, 0xb8,
+ 0xb1, 0x43, 0xec, 0x3b, 0x95, 0x9c, 0x54, 0x7b,
+ 0x0c, 0x47, 0x80, 0xfb, 0xff, 0x18, 0x54, 0x87,
+ 0x16, 0x22, 0x88, 0x06, 0xcf, 0xfd, 0xf6, 0x01,
+ 0x02, 0x58, 0x94, 0x34, 0xc9, 0xbc, 0xea, 0xb8,
+ 0xc9, 0x75, 0xf6, 0xc4, 0x8b, 0x46, 0x69, 0x3c,
+ },
+ .len = 108,
+ },
+ .iv = {
+ .data = {
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 52,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .key.length = 24,
+ .iv.length = 8,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .key.length = 32,
+ .digest_length = 16,
+ },
+ },
+ },
+};
+
+struct ipsec_test_data pkt_3des_cbc_hmac_sha384 = {
+ .key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x34,
+ 0x1a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+ 0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+ 0xc0, 0xa8, 0x01, 0x70,
+
+ /* UDP */
+ 0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+ 0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 50,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x45, 0x00, 0x00, 0x74, 0x00, 0x01, 0x00, 0x00,
+ 0x40, 0x32, 0xf7, 0x03, 0xc0, 0xa8, 0x01, 0x02,
+ 0xc0, 0xa8, 0x01, 0x01,
+
+ /* ESP */
+ 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+
+ /* IV */
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+ /* Data */
+ 0x45, 0x2a, 0x7d, 0xe8, 0x96, 0x8b, 0x6e, 0x9f,
+ 0x8e, 0xa8, 0x87, 0xf6, 0x12, 0x41, 0x61, 0x6e,
+ 0x42, 0xae, 0xd4, 0x71, 0x2a, 0x7d, 0xde, 0x46,
+ 0x24, 0xa7, 0xc8, 0xd1, 0x8a, 0x78, 0x5f, 0xb8,
+ 0xb1, 0x43, 0xec, 0x3b, 0x95, 0x9c, 0x54, 0x7b,
+ 0x0c, 0x47, 0x80, 0xfb, 0xff, 0x18, 0x54, 0x87,
+ 0x16, 0x22, 0x88, 0x06, 0xcf, 0xfd, 0xf6, 0x01,
+ 0x27, 0x34, 0x80, 0xa0, 0xc0, 0xd8, 0x97, 0xa4,
+ 0x67, 0xf5, 0x6b, 0xd4, 0x2c, 0x74, 0xc4, 0x51,
+ 0xed, 0x0d, 0xae, 0x23, 0xbb, 0xfa, 0xfb, 0x91,
+ },
+ .len = 116,
+ },
+ .iv = {
+ .data = {
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 52,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .key.length = 24,
+ .iv.length = 8,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+ .key.length = 48,
+ .digest_length = 24,
+ },
+ },
+ },
+};
+
+struct ipsec_test_data pkt_3des_cbc_hmac_sha512 = {
+ .key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x34,
+ 0x1a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+ 0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+ 0xc0, 0xa8, 0x01, 0x70,
+
+ /* UDP */
+ 0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+ 0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 50,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x45, 0x00, 0x00, 0x7c, 0x00, 0x01, 0x00, 0x00,
+ 0x40, 0x32, 0xf6, 0xfb, 0xc0, 0xa8, 0x01, 0x02,
+ 0xc0, 0xa8, 0x01, 0x01,
+
+ /* ESP */
+ 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+
+ /* IV */
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+ /* Data */
+ 0x45, 0x2a, 0x7d, 0xe8, 0x96, 0x8b, 0x6e, 0x9f,
+ 0x8e, 0xa8, 0x87, 0xf6, 0x12, 0x41, 0x61, 0x6e,
+ 0x42, 0xae, 0xd4, 0x71, 0x2a, 0x7d, 0xde, 0x46,
+ 0x24, 0xa7, 0xc8, 0xd1, 0x8a, 0x78, 0x5f, 0xb8,
+ 0xb1, 0x43, 0xec, 0x3b, 0x95, 0x9c, 0x54, 0x7b,
+ 0x0c, 0x47, 0x80, 0xfb, 0xff, 0x18, 0x54, 0x87,
+ 0x16, 0x22, 0x88, 0x06, 0xcf, 0xfd, 0xf6, 0x01,
+ 0xe7, 0x32, 0x8b, 0x4c, 0x9f, 0xe4, 0x54, 0x0d,
+ 0x37, 0xec, 0xaa, 0x4b, 0x2a, 0x32, 0xfc, 0x4c,
+ 0x04, 0xeb, 0x26, 0x53, 0x24, 0x4c, 0xcc, 0xf7,
+ 0xeb, 0x24, 0x76, 0x42, 0xb4, 0x0c, 0xbc, 0xd4,
+ },
+ .len = 124,
+ },
+ .iv = {
+ .data = {
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 52,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .key.length = 24,
+ .iv.length = 8,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
+ .key.length = 64,
+ .digest_length = 32,
+ },
+ },
+ },
+};
+
+struct ipsec_test_data pkt_des_cbc_hmac_sha256 = {
+ .key = {
+ .data = {
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+ 0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+ 0xc0, 0xa8, 0x01, 0x70,
+
+ /* UDP */
+ 0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+ 0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 50,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x45, 0x00, 0x00, 0x6c, 0x00, 0x01, 0x00, 0x00,
+ 0x40, 0x32, 0xf7, 0x0b, 0xc0, 0xa8, 0x01, 0x02,
+ 0xc0, 0xa8, 0x01, 0x01,
+
+ /* ESP */
+ 0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x01,
+
+ /* IV */
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+ /* Data */
+ 0xdd, 0x13, 0x10, 0x3c, 0xe4, 0xb9, 0xce, 0x12,
+ 0x73, 0x4c, 0x97, 0x00, 0x28, 0xf7, 0xa4, 0x5e,
+ 0x02, 0x17, 0xe1, 0xc6, 0x09, 0x20, 0x90, 0xe3,
+ 0xb6, 0x9c, 0x25, 0x6d, 0x62, 0x06, 0x60, 0x90,
+ 0x91, 0x76, 0x94, 0xd8, 0x57, 0x56, 0xcb, 0xdd,
+ 0x62, 0x99, 0x99, 0x98, 0xd0, 0x3a, 0x99, 0x71,
+ 0x64, 0xcb, 0x79, 0x0c, 0x89, 0xa2, 0xf6, 0x12,
+ 0x1f, 0x09, 0xf8, 0x36, 0x8f, 0x5e, 0x31, 0x93,
+ 0x0a, 0xa0, 0x48, 0xee, 0x61, 0x21, 0xb5, 0x3d,
+ },
+ .len = 108,
+ },
+ .iv = {
+ .data = {
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 58,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .key.length = 8,
+ .iv.length = 8,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .key.length = 32,
+ .digest_length = 16,
+ },
+ },
+ },
+};
+
+struct ipsec_test_data pkt_des_cbc_hmac_sha384 = {
+ .key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x34,
+ 0x1a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+ 0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+ 0xc0, 0xa8, 0x01, 0x70,
+
+ /* UDP */
+ 0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+ 0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 50,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x45, 0x00, 0x00, 0x74, 0x00, 0x01, 0x00, 0x00,
+ 0x40, 0x32, 0xf7, 0x03, 0xc0, 0xa8, 0x01, 0x02,
+ 0xc0, 0xa8, 0x01, 0x01,
+
+ /* ESP */
+ 0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x01,
+
+ /* IV */
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+ /* Data */
+ 0x80, 0x6a, 0xcd, 0x35, 0x95, 0x6c, 0x04, 0x66,
+ 0x4c, 0x04, 0xeb, 0xdb, 0x85, 0xc8, 0xf9, 0x56,
+ 0xe7, 0x01, 0x17, 0x97, 0xc4, 0xa5, 0xa4, 0xfe,
+ 0xa0, 0x81, 0x62, 0xda, 0xb2, 0xc0, 0xcf, 0x21,
+ 0x54, 0x0c, 0x38, 0xcf, 0xca, 0x41, 0x20, 0x5f,
+ 0xed, 0xc3, 0xe3, 0x59, 0xc4, 0x2f, 0x5e, 0xf7,
+ 0xdd, 0x16, 0x15, 0xd2, 0x00, 0xe8, 0x60, 0xc6,
+ 0xd8, 0x73, 0xf0, 0xb1, 0x89, 0xc4, 0xb2, 0x65,
+ 0xe2, 0xbf, 0xeb, 0xd8, 0x1d, 0x0a, 0xae, 0x2c,
+ 0x4d, 0xd3, 0x59, 0x30, 0x5e, 0x47, 0xb9, 0xcc,
+ },
+ .len = 116,
+ },
+ .iv = {
+ .data = {
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 58,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .key.length = 8,
+ .iv.length = 8,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+ .key.length = 48,
+ .digest_length = 24,
+ },
+ },
+ },
+};
+
+struct ipsec_test_data pkt_des_cbc_hmac_sha512 = {
+ .key = {
+ .data = {
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x34,
+ 0x1a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+ 0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+ 0xc0, 0xa8, 0x01, 0x70,
+
+ /* UDP */
+ 0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+ 0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 50,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x45, 0x00, 0x00, 0x7c, 0x00, 0x01, 0x00, 0x00,
+ 0x40, 0x32, 0xf6, 0xfb, 0xc0, 0xa8, 0x01, 0x02,
+ 0xc0, 0xa8, 0x01, 0x01,
+
+ /* ESP */
+ 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+
+ /* IV */
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+ /* Data */
+ 0x54, 0xe6, 0xf3, 0xd4, 0x25, 0x1c, 0x57, 0xd0,
+ 0x55, 0x7d, 0x52, 0xd3, 0xcb, 0x65, 0x57, 0x37,
+ 0xd9, 0x83, 0x37, 0x69, 0x95, 0xa7, 0x2b, 0xc2,
+ 0x65, 0x9e, 0xf6, 0xc8, 0xca, 0x6a, 0x9d, 0x51,
+ 0xde, 0xbe, 0x45, 0x58, 0x72, 0x58, 0x92, 0x49,
+ 0x15, 0x02, 0xae, 0x38, 0xb5, 0xf7, 0xcc, 0x6d,
+ 0xe5, 0x95, 0x21, 0xf1, 0xda, 0x69, 0x93, 0x76,
+ 0x6c, 0x85, 0x42, 0xef, 0xb1, 0xd4, 0xae, 0x32,
+ 0x88, 0x73, 0x1a, 0x59, 0xf9, 0xe5, 0x4b, 0x1c,
+ 0xc0, 0x32, 0x07, 0x78, 0xaf, 0x09, 0xfd, 0x15,
+ 0x3e, 0xad, 0x9d, 0x8a, 0xa5, 0x0f, 0xd4, 0x66,
+
+ },
+ .len = 124,
+ },
+ .iv = {
+ .data = {
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 52,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .key.length = 8,
+ .iv.length = 8,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
+ .key.length = 64,
+ .digest_length = 32,
+ },
+ },
+ },
+};
+
struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6 = {
.key = {
.data = {
@@ -1060,6 +1715,227 @@ struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6 = {
},
};
+struct ipsec_test_data pkt_3des_cbc_hmac_sha256_v6 = {
+ .key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x38,
+ 0x26, 0x07, 0xf8, 0xb0, 0x40, 0x0c, 0x0c, 0x03,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
+ 0x20, 0x01, 0x04, 0x70, 0xe5, 0xbf, 0xde, 0xad,
+ 0x49, 0x57, 0x21, 0x74, 0xe8, 0x2c, 0x48, 0x87,
+ 0x00, 0x19, 0xf9, 0xc7, 0x95, 0x63, 0x97, 0x9c,
+ 0x03, 0xa0, 0x88, 0x31, 0x80, 0x12, 0xa7, 0xd6,
+ 0x25, 0x83, 0x00, 0x00, 0x02, 0x04, 0x05, 0x6a,
+ 0x01, 0x01, 0x04, 0x02, 0x01, 0x03, 0x03, 0x07,
+ },
+ .len = 72,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x70, 0x32, 0x40,
+ 0x0c, 0x03, 0x40, 0x0c, 0xf8, 0xb0, 0x26, 0x07,
+ 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xde, 0xad, 0xe5, 0xbf, 0x04, 0x70, 0x20, 0x01,
+ 0x48, 0x87, 0xe8, 0x2c, 0x21, 0x74, 0x49, 0x57,
+
+ /* ESP */
+ 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+
+ /* IV */
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+ /* Data */
+ 0xf9, 0x99, 0x5b, 0x32, 0xfc, 0x7d, 0x0f, 0xcb,
+ 0x25, 0x0c, 0x9f, 0x11, 0xc5, 0xc7, 0x5e, 0x46,
+ 0x1d, 0x01, 0x2f, 0xd5, 0xb3, 0x6b, 0x02, 0x30,
+ 0x8a, 0x0c, 0x85, 0xa9, 0xca, 0x87, 0x6f, 0x17,
+ 0x3f, 0xb0, 0x03, 0x6c, 0xa5, 0x16, 0x1d, 0x1e,
+ 0x67, 0x5e, 0x70, 0x1a, 0x76, 0xe7, 0x12, 0x0e,
+ 0x19, 0x2b, 0x5d, 0xe3, 0x4c, 0x51, 0xb3, 0x3a,
+ 0x1b, 0x7e, 0xd0, 0x21, 0x76, 0x44, 0xcd, 0xb0,
+ 0xe8, 0x6d, 0xe3, 0x92, 0xad, 0xa1, 0xad, 0x26,
+ 0x9c, 0xec, 0x2a, 0x65, 0x51, 0xd4, 0xa4, 0xa9,
+ 0x97, 0x5b, 0x1e, 0xdd, 0x24, 0x47, 0x16, 0x3a,
+ 0x2d, 0xf3, 0x80, 0x50, 0xd5, 0xbd, 0x4a, 0x98,
+ },
+ .len = 152,
+ },
+ .iv = {
+ .data = {
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 52,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .key.length = 24,
+ .iv.length = 8,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .key.length = 32,
+ .digest_length = 16,
+ },
+ },
+ },
+};
+
+struct ipsec_test_data pkt_des_cbc_hmac_sha256_v6 = {
+ .key = {
+ .data = {
+ 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x38,
+ 0x26, 0x07, 0xf8, 0xb0, 0x40, 0x0c, 0x0c, 0x03,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
+ 0x20, 0x01, 0x04, 0x70, 0xe5, 0xbf, 0xde, 0xad,
+ 0x49, 0x57, 0x21, 0x74, 0xe8, 0x2c, 0x48, 0x87,
+ 0x00, 0x19, 0xf9, 0xc7, 0x95, 0x63, 0x97, 0x9c,
+ 0x03, 0xa0, 0x88, 0x31, 0x80, 0x12, 0xa7, 0xd6,
+ 0x25, 0x83, 0x00, 0x00, 0x02, 0x04, 0x05, 0x6a,
+ 0x01, 0x01, 0x04, 0x02, 0x01, 0x03, 0x03, 0x07,
+ },
+ .len = 72,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x70, 0x32, 0x40,
+ 0x0c, 0x03, 0x40, 0x0c, 0xf8, 0xb0, 0x26, 0x07,
+ 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xde, 0xad, 0xe5, 0xbf, 0x04, 0x70, 0x20, 0x01,
+ 0x48, 0x87, 0xe8, 0x2c, 0x21, 0x74, 0x49, 0x57,
+
+ /* ESP */
+ 0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x01,
+
+ /* IV */
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+
+ /* Data */
+ 0x6e, 0xf8, 0x1e, 0x91, 0x77, 0x7f, 0x61, 0x77,
+ 0xcd, 0x1a, 0x9d, 0xb4, 0x4c, 0xf8, 0x9a, 0x89,
+ 0xa7, 0x7a, 0xf8, 0x2a, 0x2e, 0x54, 0xa5, 0x0a,
+ 0xe3, 0x60, 0xb9, 0x21, 0xe1, 0xc6, 0x7f, 0x56,
+ 0x92, 0x76, 0xc3, 0x33, 0x95, 0x93, 0x0d, 0xb8,
+ 0xce, 0xb9, 0x0e, 0x32, 0xe6, 0xf1, 0x86, 0x81,
+ 0x73, 0xc9, 0x62, 0x2e, 0x5d, 0x9b, 0xb4, 0xd5,
+ 0x68, 0xda, 0xb1, 0x87, 0x78, 0x22, 0xc0, 0x9a,
+ 0x1c, 0xa1, 0x53, 0x1b, 0x67, 0xea, 0x6d, 0x58,
+ 0x1a, 0xd8, 0xc3, 0x95, 0xa0, 0xc3, 0x7a, 0xb6,
+ 0xfe, 0xb1, 0x49, 0xa8, 0xad, 0x1a, 0x21, 0xc2,
+ 0x01, 0x42, 0xa6, 0xf2, 0x3d, 0x7f, 0xb0, 0x6d,
+
+ },
+ .len = 152,
+ },
+ .iv = {
+ .data = {
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 58,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .key.length = 8,
+ .iv.length = 8,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .key.length = 32,
+ .digest_length = 16,
+ },
+ },
+ },
+};
+
struct ipsec_test_data pkt_aes_128_gcm_frag = {
.key = {
.data = {
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 19297d3628..289778d9be 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -63,6 +63,14 @@ extern struct ipsec_test_data pkt_aes_128_cbc_null;
extern struct ipsec_test_data pkt_null_aes_xcbc;
extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha384;
extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha512;
+extern struct ipsec_test_data pkt_3des_cbc_hmac_sha256;
+extern struct ipsec_test_data pkt_3des_cbc_hmac_sha384;
+extern struct ipsec_test_data pkt_3des_cbc_hmac_sha512;
+extern struct ipsec_test_data pkt_3des_cbc_hmac_sha256_v6;
+extern struct ipsec_test_data pkt_des_cbc_hmac_sha256;
+extern struct ipsec_test_data pkt_des_cbc_hmac_sha384;
+extern struct ipsec_test_data pkt_des_cbc_hmac_sha512;
+extern struct ipsec_test_data pkt_des_cbc_hmac_sha256_v6;
static struct rte_mempool *mbufpool;
static struct rte_mempool *sess_pool;
@@ -2584,6 +2592,21 @@ static struct unit_test_suite inline_ipsec_testsuite = {
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
test_ipsec_inline_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec,
+ &pkt_3des_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA384 [24B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec,
+ &pkt_3des_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA512 [32B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec,
+ &pkt_3des_cbc_hmac_sha512),
TEST_CASE_NAMED_WITH_DATA(
"Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
@@ -2593,11 +2616,36 @@ static struct unit_test_suite inline_ipsec_testsuite = {
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
test_ipsec_inline_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 3DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec,
+ &pkt_3des_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_WITH_DATA(
"Outbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])",
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
test_ipsec_inline_proto_known_vec,
&pkt_null_aes_xcbc),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec,
+ &pkt_des_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA384 [24B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec,
+ &pkt_des_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA512 [32B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec,
+ &pkt_des_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec,
+ &pkt_des_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_WITH_DATA(
"Outbound fragmented packet",
@@ -2636,6 +2684,21 @@ static struct unit_test_suite inline_ipsec_testsuite = {
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
test_ipsec_inline_proto_known_vec_inb,
&pkt_aes_128_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec_inb,
+ &pkt_3des_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA384 [24B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec_inb,
+ &pkt_3des_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 3DES-CBC HMAC-SHA512 [32B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec_inb,
+ &pkt_3des_cbc_hmac_sha512),
TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
@@ -2645,11 +2708,37 @@ static struct unit_test_suite inline_ipsec_testsuite = {
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
test_ipsec_inline_proto_known_vec_inb,
&pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 3DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec_inb,
+ &pkt_3des_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])",
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
test_ipsec_inline_proto_known_vec_inb,
&pkt_null_aes_xcbc),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec_inb,
+ &pkt_des_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA384 [24B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec_inb,
+ &pkt_des_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA512 [32B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec_inb,
+ &pkt_des_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec_inb,
+ &pkt_des_cbc_hmac_sha256_v6),
+
TEST_CASE_NAMED_ST(
"Combined test alg list",
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/6] test/security: add unit tests for auth algo MD5
2022-10-19 16:54 [PATCH 0/6] update autotest with new algorithms Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 1/6] test/security: add unit tests for DES and 3DES Tejasree Kondoj
@ 2022-10-19 16:54 ` Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 3/6] test/security: update antireplay unit test for event mode Tejasree Kondoj
` (3 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Tejasree Kondoj @ 2022-10-19 16:54 UTC (permalink / raw)
To: Akhil Goyal, Fan Zhang, Ciara Power
Cc: Vidya Sagar Velumuri, Anoob Joseph, dev
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Add unit test cases for MD5 auth algo.
Add the test vectors for MD5 auth algo.
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
app/test/test_cryptodev_security_ipsec.h | 6 +
...st_cryptodev_security_ipsec_test_vectors.h | 107 ++++++++++++++++++
app/test/test_security_inline_proto.c | 11 ++
3 files changed, 124 insertions(+)
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 95e86a05e0..9147d1c0d6 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -193,6 +193,12 @@ static const struct crypto_param auth_list[] = {
.type = RTE_CRYPTO_SYM_XFORM_AUTH,
.alg.auth = RTE_CRYPTO_AUTH_NULL,
},
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .alg.auth = RTE_CRYPTO_AUTH_MD5_HMAC,
+ .key_length = 12,
+ .digest_length = 12,
+ },
{
.type = RTE_CRYPTO_SYM_XFORM_AUTH,
.alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC,
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index 18ffceddce..2686bbeb62 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -633,6 +633,113 @@ struct ipsec_test_data pkt_aes_256_gcm_v6 = {
},
};
+struct ipsec_test_data pkt_aes_128_cbc_md5 = {
+ .key = {
+ .data = {
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x0a, 0x0b, 0x0c, 0x0f, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x32, 0x00, 0x01, 0x00, 0x00,
+ 0x1f, 0x11, 0x17, 0x8b, 0xc0, 0xa8, 0x01, 0x6f,
+ 0xc0, 0xa8, 0x01, 0x70,
+
+ /* UDP */
+ 0x00, 0x09, 0x00, 0x09, 0x00, 0x1e, 0x00, 0x00,
+ 0xbe, 0x9b, 0xe9, 0x55, 0x00, 0x00, 0x00, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 50,
+ },
+ .output_text = {
+ .data = {
+ /* IP - outer header */
+ 0x45, 0x00, 0x00, 0x78, 0x00, 0x01, 0x00, 0x00,
+ 0x40, 0x32, 0x52, 0x51, 0x14, 0x00, 0x00, 0x01,
+ 0x14, 0x00, 0x00, 0x02,
+
+ /* ESP */
+ 0x00, 0x00, 0x00, 0x3c, 0x00, 0x00, 0x00, 0x01,
+
+ /* IV */
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+ 0x20, 0xbf, 0xe8, 0x39, 0x00, 0x00, 0x00, 0x00,
+
+ /* Data */
+ 0x67, 0xb5, 0x46, 0x6e, 0x78, 0x17, 0xd3, 0x5a,
+ 0xac, 0x62, 0x62, 0x62, 0xb0, 0x57, 0x9b, 0x09,
+ 0x19, 0x4f, 0x06, 0x59, 0xc8, 0xb0, 0x30, 0x65,
+ 0x1f, 0x45, 0x57, 0x41, 0x72, 0x17, 0x28, 0xe9,
+ 0xad, 0x50, 0xbe, 0x44, 0x1d, 0x2d, 0x9a, 0xd0,
+ 0x48, 0x75, 0x0d, 0x1c, 0x8d, 0x24, 0xa8, 0x6f,
+ 0x6b, 0x24, 0xb6, 0x5d, 0x43, 0x1e, 0x55, 0xf0,
+ 0xf7, 0x14, 0x1f, 0xf2, 0x61, 0xd4, 0xe0, 0x30,
+ 0xff, 0xd7, 0x3f, 0xb4, 0x7c, 0x30, 0xdb, 0xeb,
+ 0xf3, 0x95, 0xbf, 0xcd,
+ },
+ .len = 120,
+ },
+ .iv = {
+ .data = {
+ 0x34, 0x12, 0x67, 0x45, 0xff, 0xff, 0x00, 0x00,
+ 0x20, 0xbf, 0xe8, 0x39, 0x00, 0x00, 0x00, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 60,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .key.length = 16,
+ .iv.length = 16,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
+ .key.length = 16,
+ .digest_length = 12,
+ },
+ },
+ },
+};
+
struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = {
.key = {
.data = {
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index 289778d9be..feef54f538 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -71,6 +71,7 @@ extern struct ipsec_test_data pkt_des_cbc_hmac_sha256;
extern struct ipsec_test_data pkt_des_cbc_hmac_sha384;
extern struct ipsec_test_data pkt_des_cbc_hmac_sha512;
extern struct ipsec_test_data pkt_des_cbc_hmac_sha256_v6;
+extern struct ipsec_test_data pkt_aes_128_cbc_md5;
static struct rte_mempool *mbufpool;
static struct rte_mempool *sess_pool;
@@ -2577,6 +2578,11 @@ static struct unit_test_suite inline_ipsec_testsuite = {
"Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)",
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
test_ipsec_inline_proto_known_vec, &pkt_aes_256_gcm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC MD5 [12B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec,
+ &pkt_aes_128_cbc_md5),
TEST_CASE_NAMED_WITH_DATA(
"Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
@@ -2669,6 +2675,11 @@ static struct unit_test_suite inline_ipsec_testsuite = {
"Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128)",
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
test_ipsec_inline_proto_known_vec_inb, &pkt_aes_128_cbc_null),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC MD5 [12B ICV])",
+ ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
+ test_ipsec_inline_proto_known_vec_inb,
+ &pkt_aes_128_cbc_md5),
TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
ut_setup_inline_ipsec, ut_teardown_inline_ipsec,
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 3/6] test/security: update antireplay unit test for event mode
2022-10-19 16:54 [PATCH 0/6] update autotest with new algorithms Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 1/6] test/security: add unit tests for DES and 3DES Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 2/6] test/security: add unit tests for auth algo MD5 Tejasree Kondoj
@ 2022-10-19 16:54 ` Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 4/6] test/crypto: check antireply capability only for ingress Tejasree Kondoj
` (2 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Tejasree Kondoj @ 2022-10-19 16:54 UTC (permalink / raw)
To: Akhil Goyal, Fan Zhang, Ciara Power
Cc: Vidya Sagar Velumuri, Anoob Joseph, dev
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
With event mode is enabled, send and receive packets via event dev
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
app/test/test_security_inline_proto.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c
index feef54f538..700ed3844b 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -1378,8 +1378,13 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[],
tx_pkt, NULL);
tx_pkt->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD;
}
+
/* Send packet to ethdev for inline IPsec processing. */
- nb_sent = rte_eth_tx_burst(port_id, 0, &tx_pkt, 1);
+ if (event_mode_enabled)
+ nb_sent = event_tx_burst(&tx_pkt, 1);
+ else
+ nb_sent = rte_eth_tx_burst(port_id, 0, &tx_pkt, 1);
+
if (nb_sent != 1) {
printf("\nUnable to TX packets");
rte_pktmbuf_free(tx_pkt);
@@ -1390,11 +1395,14 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[],
rte_pause();
/* Receive back packet on loopback interface. */
- do {
- rte_delay_ms(1);
- nb_rx = rte_eth_rx_burst(port_id, 0, &rx_pkt, 1);
- } while (nb_rx == 0);
-
+ if (event_mode_enabled)
+ nb_rx = event_rx_burst(&rx_pkt, nb_sent);
+ else {
+ do {
+ rte_delay_ms(1);
+ nb_rx = rte_eth_rx_burst(port_id, 0, &rx_pkt, 1);
+ } while (nb_rx == 0);
+ }
rte_pktmbuf_adj(rx_pkt, RTE_ETHER_HDR_LEN);
if (res_d != NULL)
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 4/6] test/crypto: check antireply capability only for ingress
2022-10-19 16:54 [PATCH 0/6] update autotest with new algorithms Tejasree Kondoj
` (2 preceding siblings ...)
2022-10-19 16:54 ` [PATCH 3/6] test/security: update antireplay unit test for event mode Tejasree Kondoj
@ 2022-10-19 16:54 ` Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 5/6] test/crypto: add unit tests for DES and MD5 Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 6/6] test/crypto: add unit test for custom UDP ports Tejasree Kondoj
5 siblings, 0 replies; 8+ messages in thread
From: Tejasree Kondoj @ 2022-10-19 16:54 UTC (permalink / raw)
To: Akhil Goyal, Fan Zhang, Ciara Power
Cc: Vidya Sagar Velumuri, Anoob Joseph, dev
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Antireplay is supported only for ingress. Check this
capability only for ingress.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
app/test/test_cryptodev_security_ipsec.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index cb77b39dbb..3219b41e39 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -202,11 +202,13 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform,
return -ENOTSUP;
}
- if (ipsec_xform->replay_win_sz > sec_cap->ipsec.replay_win_sz_max) {
- if (!silent)
- RTE_LOG(INFO, USER1,
- "Replay window size is not supported\n");
- return -ENOTSUP;
+ if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+ if (ipsec_xform->replay_win_sz > sec_cap->ipsec.replay_win_sz_max) {
+ if (!silent)
+ RTE_LOG(INFO, USER1,
+ "Replay window size is not supported\n");
+ return -ENOTSUP;
+ }
}
return 0;
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 5/6] test/crypto: add unit tests for DES and MD5
2022-10-19 16:54 [PATCH 0/6] update autotest with new algorithms Tejasree Kondoj
` (3 preceding siblings ...)
2022-10-19 16:54 ` [PATCH 4/6] test/crypto: check antireply capability only for ingress Tejasree Kondoj
@ 2022-10-19 16:54 ` Tejasree Kondoj
2022-10-20 16:23 ` Akhil Goyal
2022-10-19 16:54 ` [PATCH 6/6] test/crypto: add unit test for custom UDP ports Tejasree Kondoj
5 siblings, 1 reply; 8+ messages in thread
From: Tejasree Kondoj @ 2022-10-19 16:54 UTC (permalink / raw)
To: Akhil Goyal, Fan Zhang, Ciara Power
Cc: Vidya Sagar Velumuri, Anoob Joseph, dev
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Add unit test cases for auth algo MD5.
Add unit test cases for cipher DES-CBC.
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
app/test/test_cryptodev.c | 50 ++++++++++++++++++++++++
app/test/test_cryptodev_security_ipsec.h | 2 +-
2 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index c2b33686ed..96941dd55c 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -15179,6 +15179,11 @@ static struct unit_test_suite ipsec_proto_testsuite = {
"Outbound known vector (ESP tunnel mode IPv4 AES-CCM 256)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec, &pkt_aes_256_ccm),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 AES-CBC MD5 [12B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_md5),
TEST_CASE_NAMED_WITH_DATA(
"Outbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
ut_setup_security, ut_teardown,
@@ -15208,6 +15213,26 @@ static struct unit_test_suite ipsec_proto_testsuite = {
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec,
&pkt_null_aes_xcbc),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_des_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA384 [24B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_des_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA512 [32B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_des_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_des_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_WITH_DATA(
"Outbound known vector (AH tunnel mode IPv4 HMAC-SHA256)",
ut_setup_security, ut_teardown,
@@ -15248,6 +15273,11 @@ static struct unit_test_suite ipsec_proto_testsuite = {
"Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_null),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 AES-CBC MD5 [12B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_md5),
TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 AES-CBC 128 HMAC-SHA256 [16B ICV])",
ut_setup_security, ut_teardown,
@@ -15277,6 +15307,26 @@ static struct unit_test_suite ipsec_proto_testsuite = {
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb,
&pkt_null_aes_xcbc),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_des_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA384 [24B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_des_cbc_hmac_sha384),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 DES-CBC HMAC-SHA512 [32B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_des_cbc_hmac_sha512),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 DES-CBC HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_des_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (AH tunnel mode IPv4 HMAC-SHA256)",
ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 9147d1c0d6..b98f4741b2 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -196,7 +196,7 @@ static const struct crypto_param auth_list[] = {
{
.type = RTE_CRYPTO_SYM_XFORM_AUTH,
.alg.auth = RTE_CRYPTO_AUTH_MD5_HMAC,
- .key_length = 12,
+ .key_length = 16,
.digest_length = 12,
},
{
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 6/6] test/crypto: add unit test for custom UDP ports
2022-10-19 16:54 [PATCH 0/6] update autotest with new algorithms Tejasree Kondoj
` (4 preceding siblings ...)
2022-10-19 16:54 ` [PATCH 5/6] test/crypto: add unit tests for DES and MD5 Tejasree Kondoj
@ 2022-10-19 16:54 ` Tejasree Kondoj
5 siblings, 0 replies; 8+ messages in thread
From: Tejasree Kondoj @ 2022-10-19 16:54 UTC (permalink / raw)
To: Akhil Goyal, Fan Zhang, Ciara Power
Cc: Vidya Sagar Velumuri, Anoob Joseph, dev
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Add unit test for custom UDP ports with UDP encapsulation.
Verify UDP header in egress path for all unit tests.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
app/test/test_cryptodev.c | 21 +++++++
app/test/test_cryptodev_security_ipsec.c | 71 ++++++++++++++++++------
app/test/test_cryptodev_security_ipsec.h | 1 +
3 files changed, 76 insertions(+), 17 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 96941dd55c..43fcef7e73 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9892,6 +9892,23 @@ test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused)
return test_ipsec_proto_all(&flags);
}
+static int
+test_ipsec_proto_udp_encap_custom_ports(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ if (gbl_driver_id == rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_CN10K_PMD)))
+ return TEST_SKIPPED;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.udp_encap = true;
+ flags.udp_encap_custom_ports = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
static int
test_ipsec_proto_udp_encap(const void *data __rte_unused)
{
@@ -15358,6 +15375,10 @@ static struct unit_test_suite ipsec_proto_testsuite = {
"UDP encapsulation",
ut_setup_security, ut_teardown,
test_ipsec_proto_udp_encap),
+ TEST_CASE_NAMED_ST(
+ "UDP encapsulation with custom ports",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_udp_encap_custom_ports),
TEST_CASE_NAMED_ST(
"UDP encapsulation ports verification test",
ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 3219b41e39..d64e07f226 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -14,6 +14,8 @@
#include "test_cryptodev_security_ipsec.h"
#define IV_LEN_MAX 16
+#define UDP_CUSTOM_SPORT 4650
+#define UDP_CUSTOM_DPORT 4660
#ifndef IPVERSION
#define IPVERSION 4
@@ -508,6 +510,11 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
if (flags->dec_ttl_or_hop_limit)
td->ipsec_xform.options.dec_ttl = 1;
+
+ if (flags->udp_encap && flags->udp_encap_custom_ports) {
+ td->ipsec_xform.udp.sport = UDP_CUSTOM_SPORT;
+ td->ipsec_xform.udp.dport = UDP_CUSTOM_DPORT;
+ }
}
}
@@ -765,23 +772,6 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td,
if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
flags->udp_encap) {
- const struct rte_ipv4_hdr *iph4;
- const struct rte_ipv6_hdr *iph6;
-
- if (td->ipsec_xform.tunnel.type ==
- RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
- iph4 = (const struct rte_ipv4_hdr *)output_text;
- if (iph4->next_proto_id != IPPROTO_UDP) {
- printf("UDP header is not found\n");
- return TEST_FAILED;
- }
- } else {
- iph6 = (const struct rte_ipv6_hdr *)output_text;
- if (iph6->proto != IPPROTO_UDP) {
- printf("UDP header is not found\n");
- return TEST_FAILED;
- }
- }
len -= sizeof(struct rte_udp_hdr);
output_text += sizeof(struct rte_udp_hdr);
@@ -1043,6 +1033,53 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
}
}
+ if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+ flags->udp_encap) {
+ const struct rte_ipv4_hdr *iph4;
+ const struct rte_ipv6_hdr *iph6;
+
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ iph4 = (const struct rte_ipv4_hdr *)output_text;
+
+ if (iph4->next_proto_id != IPPROTO_UDP) {
+ printf("UDP header is not found\n");
+ return TEST_FAILED;
+ }
+
+ if (flags->udp_encap_custom_ports) {
+ const struct rte_udp_hdr *udph;
+
+ udph = (const struct rte_udp_hdr *)(output_text +
+ sizeof(struct rte_ipv4_hdr));
+ if ((rte_be_to_cpu_16(udph->src_port) != UDP_CUSTOM_SPORT) ||
+ (rte_be_to_cpu_16(udph->dst_port) != UDP_CUSTOM_DPORT)) {
+ printf("UDP custom ports not matching.\n");
+ return TEST_FAILED;
+ }
+ }
+ } else {
+ iph6 = (const struct rte_ipv6_hdr *)output_text;
+
+ if (iph6->proto != IPPROTO_UDP) {
+ printf("UDP header is not found\n");
+ return TEST_FAILED;
+ }
+
+ if (flags->udp_encap_custom_ports) {
+ const struct rte_udp_hdr *udph;
+
+ udph = (const struct rte_udp_hdr *)(output_text +
+ sizeof(struct rte_ipv6_hdr));
+ if ((rte_be_to_cpu_16(udph->src_port) != UDP_CUSTOM_SPORT) ||
+ (rte_be_to_cpu_16(udph->dst_port) != UDP_CUSTOM_DPORT)) {
+ printf("UDP custom ports not matching.\n");
+ return TEST_FAILED;
+ }
+ }
+ }
+ }
+
/*
* In case of known vector tests & all inbound tests, res_d provided
* would be NULL and output data need to be validated against expected.
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index b98f4741b2..008b17c290 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -93,6 +93,7 @@ struct ipsec_test_flags {
uint32_t tunnel_hdr_verify;
bool udp_encap;
bool udp_ports_verify;
+ bool udp_encap_custom_ports;
bool ip_csum;
bool l4_csum;
bool ipv6;
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [PATCH 5/6] test/crypto: add unit tests for DES and MD5
2022-10-19 16:54 ` [PATCH 5/6] test/crypto: add unit tests for DES and MD5 Tejasree Kondoj
@ 2022-10-20 16:23 ` Akhil Goyal
0 siblings, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2022-10-20 16:23 UTC (permalink / raw)
To: Tejasree Kondoj, Fan Zhang, Ciara Power
Cc: Vidya Sagar Velumuri, Anoob Joseph, dev
> diff --git a/app/test/test_cryptodev_security_ipsec.h
> b/app/test/test_cryptodev_security_ipsec.h
> index 9147d1c0d6..b98f4741b2 100644
> --- a/app/test/test_cryptodev_security_ipsec.h
> +++ b/app/test/test_cryptodev_security_ipsec.h
> @@ -196,7 +196,7 @@ static const struct crypto_param auth_list[] = {
> {
> .type = RTE_CRYPTO_SYM_XFORM_AUTH,
> .alg.auth = RTE_CRYPTO_AUTH_MD5_HMAC,
> - .key_length = 12,
> + .key_length = 16,
> .digest_length = 12,
> },
Above change should not be part of this patch.
Squash with 2/6 patch.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-10-20 16:23 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-19 16:54 [PATCH 0/6] update autotest with new algorithms Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 1/6] test/security: add unit tests for DES and 3DES Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 2/6] test/security: add unit tests for auth algo MD5 Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 3/6] test/security: update antireplay unit test for event mode Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 4/6] test/crypto: check antireply capability only for ingress Tejasree Kondoj
2022-10-19 16:54 ` [PATCH 5/6] test/crypto: add unit tests for DES and MD5 Tejasree Kondoj
2022-10-20 16:23 ` Akhil Goyal
2022-10-19 16:54 ` [PATCH 6/6] test/crypto: add unit test for custom UDP ports Tejasree Kondoj
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).