From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 083AEA034F; Mon, 6 Dec 2021 09:00:46 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B17DD4116E; Mon, 6 Dec 2021 09:00:23 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A71784115E for ; Mon, 6 Dec 2021 09:00:22 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B5MiLcv005836; Mon, 6 Dec 2021 00:00:21 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=z7YH3noA1tRUNjADP/KE1kk/ow+BDWOQYPwx9PRm7Wo=; b=K6HlVYPks4mZdvs5iGWV4IgZtzC6gHu3wRgef+/BAaXxLZx9SPIokI98LThu/UZUq0Q4 oEkRnde6fQSjoBOBvswuRZatXVKTGDSvNDGxU196A7BLZjep4qVPNvZivQ4e5nx07z+H U/HjPtkNglzZb2eKEn5ZnnvLlpVmxhvhdYFJ989HpzsM8o+xS4n7/sOgCwYrp0NYViPx SR+FBhlK53QmkzpK79si586F4kjphda1HTanMwVfDZ0JSMGm3cYWff8/JzWsUGW3fsdG XqI5aRTla1erGk0gqV53Itgy+oYxRJgULLC/LssHFhYbzK7Xz4L9KcJ/oh1Xc+9DKp30 fA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3cs0qn2764-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 06 Dec 2021 00:00:21 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 6 Dec 2021 00:00:20 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 6 Dec 2021 00:00:19 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 9291F3F7094; Mon, 6 Dec 2021 00:00:15 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Pablo de Lara" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Subject: [PATCH 12/13] test/crypto: add aes xcbc known vectors Date: Mon, 6 Dec 2021 13:28:47 +0530 Message-ID: <1638777528-553-13-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1638777528-553-1-git-send-email-anoobj@marvell.com> References: <1638777528-553-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: 9FfXvKfzIEXId2sCPkXaQJAKbRzLsNWi X-Proofpoint-ORIG-GUID: 9FfXvKfzIEXId2sCPkXaQJAKbRzLsNWi X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-06_03,2021-12-06_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add known vector test cases for NULL cipher + AES-XCBC. Also add both algos to the combined mode list of algos. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.c | 38 +++++++-- app/test/test_cryptodev_security_ipsec.c | 2 + app/test/test_cryptodev_security_ipsec.h | 17 ++++ .../test_cryptodev_security_ipsec_test_vectors.h | 90 ++++++++++++++++++++++ 4 files changed, 141 insertions(+), 6 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 0f7885c..aa85a19 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9368,8 +9368,11 @@ test_ipsec_proto_known_vec(const void *test_data) memcpy(&td_outb, test_data, sizeof(td_outb)); - /* Disable IV gen to be able to test with known vectors */ - td_outb.ipsec_xform.options.iv_gen_disable = 1; + if (td_outb.aead || + td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL) { + /* Disable IV gen to be able to test with known vectors */ + td_outb.ipsec_xform.options.iv_gen_disable = 1; + } return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags); } @@ -9428,10 +9431,23 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) td_outb, nb_pkts); - if (flags->icv_corrupt && (td_outb->aead == false) && - (td_outb->xform.chain.auth.auth.algo == - RTE_CRYPTO_AUTH_NULL)) - continue; + if (!td_outb->aead) { + enum rte_crypto_cipher_algorithm cipher_alg; + enum rte_crypto_auth_algorithm auth_alg; + + cipher_alg = td_outb->xform.chain.cipher.cipher.algo; + auth_alg = td_outb->xform.chain.auth.auth.algo; + + /* ICV is not applicable for NULL auth */ + if (flags->icv_corrupt && + auth_alg == RTE_CRYPTO_AUTH_NULL) + continue; + + /* IV is not applicable for NULL cipher */ + if (flags->iv_gen && + cipher_alg == RTE_CRYPTO_CIPHER_NULL) + continue; + } ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true, flags); @@ -14582,6 +14598,11 @@ static struct unit_test_suite ipsec_proto_testsuite = { test_ipsec_proto_known_vec, &pkt_aes_128_cbc_hmac_sha256_v6), TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_null_aes_xcbc), + TEST_CASE_NAMED_WITH_DATA( "Outbound fragmented packet", ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_fragmented, @@ -14626,6 +14647,11 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_hmac_sha256_v6), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_null_aes_xcbc), TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 832f9d8..94e5213 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -375,6 +375,8 @@ test_ipsec_td_prepare(const struct crypto_param *param1, td->xform.chain.cipher.cipher.algo = param1->alg.cipher; td->xform.chain.cipher.cipher.key.length = param1->key_length; + td->xform.chain.cipher.cipher.iv.length = + param1->iv_length; td->xform.chain.auth.auth.algo = param2->alg.auth; td->xform.chain.auth.auth.key.length = param2->key_length; diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 3376d08..6e27eba 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -76,6 +76,7 @@ struct crypto_param { enum rte_crypto_aead_algorithm aead; } alg; uint16_t key_length; + uint16_t iv_length; uint16_t digest_length; }; @@ -100,23 +101,33 @@ static const struct crypto_param aead_list[] = { static const struct crypto_param cipher_list[] = { { .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .alg.cipher = RTE_CRYPTO_CIPHER_NULL, + .key_length = 0, + .iv_length = 0, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC, .key_length = 16, + .iv_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_CIPHER, .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, .key_length = 16, + .iv_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_CIPHER, .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, .key_length = 24, + .iv_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_CIPHER, .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, .key_length = 32, + .iv_length = 16, }, }; @@ -143,6 +154,12 @@ static const struct crypto_param auth_list[] = { .key_length = 64, .digest_length = 32, }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC, + .key_length = 16, + .digest_length = 12, + }, }; struct crypto_param_comb { diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h index b6d48ad..85cd6c5 100644 --- a/app/test/test_cryptodev_security_ipsec_test_vectors.h +++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h @@ -1062,4 +1062,94 @@ struct ipsec_test_data pkt_aes_128_gcm_frag = { }, }; +struct ipsec_test_data pkt_null_aes_xcbc = { + .auth_key = { + .data = { + 0x61, 0x31, 0x62, 0x32, 0x63, 0x33, 0x64, 0x34, + 0x65, 0x35, 0x66, 0x36, 0x67, 0x37, 0x68, 0x38, + }, + }, + .input_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x2f, 0x49, 0x37, 0x00, 0x00, + 0x40, 0x11, 0x22, 0x84, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, 0x08, 0x00, 0x08, 0x00, + 0x00, 0x1b, 0x6d, 0x99, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + }, + .len = 47, + }, + .output_text = { + .data = { + /* IP */ + 0x45, 0x00, 0x00, 0x5c, 0x06, 0x00, 0x00, 0x00, + 0x40, 0x32, 0x13, 0x6c, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, + + /* IP */ + 0x45, 0x00, 0x00, 0x2f, 0x49, 0x37, 0x00, 0x00, + 0x40, 0x11, 0x22, 0x84, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, 0x08, 0x00, 0x08, 0x00, + 0x00, 0x1b, 0x6d, 0x99, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + + /* ESP trailer */ + 0x01, 0x02, 0x03, 0x03, 0x04, + + /* ICV */ + 0xf1, 0x52, 0x64, 0xd1, 0x9b, 0x62, 0x24, 0xdd, + 0xcc, 0x14, 0xf5, 0xc1, + }, + .len = 92, + }, + .ipsec_xform = { + .spi = 0x100, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .options.tunnel_hdr_verify = 0, + .options.ip_csum_enable = 0, + .options.l4_csum_enable = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + .replay_win_sz = 0, + }, + .aead = false, + .xform = { + .chain.cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_NULL, + .key.length = 0, + .iv.length = 0, + }, + }, + .chain.auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, + .key.length = 16, + .digest_length = 12, + }, + }, + }, +}; + #endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */ -- 2.7.4