From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CB2E3A034F; Mon, 6 Dec 2021 12:08:40 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E0AB141184; Mon, 6 Dec 2021 12:08:36 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 25C8B41184 for ; Mon, 6 Dec 2021 12:08:35 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B62KQLw002366; Mon, 6 Dec 2021 03:08:34 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=52biCJPXz5fMBGozoyOEo6Yg2uywH/RfY7ROSb9GI6Y=; b=P39wRRo2ErsPc0omZMz4iyC9hvNp8vabmE4Tfg+JATyrLhF0MGPVHQy6mtvs3VSDN1uP Mjc/TrOrjgukpe4l9CMMNEDtQmPYL+X8BdPltGItfr0pvxqFsY5nmeMZudQamjBFrMHE FHXpvuQPhShTarYUmpa4oLbKohWZ4k0VRHfh8BNTknOy3d0j78HvH1UcYqwNb+DqW9eL CM9tLQ+NBC6NFMgXpUsOdsSjZF1M045oCRma8/21wmj5JGVjvZPgM6IpytqvJNGDwMfd yZLLk83S7avyeM2ddGN4KJH7SBjewl9Wzpr9weVA7wuZujmCU0hY/yOV1lEvp2Q8Wr6R CA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3cs9muhfum-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 06 Dec 2021 03:08:34 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 6 Dec 2021 03:08:32 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 6 Dec 2021 03:08:32 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id B5C603F704A; Mon, 6 Dec 2021 03:08:28 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Pablo de Lara" CC: Tejasree Kondoj , Jerin Jacob , Archana Muniganti , Hemant Agrawal , Radu Nicolau , Ciara Power , Gagandeep Singh , Subject: [PATCH v2 04/13] test/crypto: add IPv6 tunnel mode cases Date: Mon, 6 Dec 2021 16:37:51 +0530 Message-ID: <1638788880-650-5-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1638788880-650-1-git-send-email-anoobj@marvell.com> References: <1638777528-553-1-git-send-email-anoobj@marvell.com> <1638788880-650-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: tnOpVsjqAb9xFD66aQYHvdwtRvKpdJNu X-Proofpoint-ORIG-GUID: tnOpVsjqAb9xFD66aQYHvdwtRvKpdJNu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-06_04,2021-12-06_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Tejasree Kondoj Add IPv6 known vector and combined mode tests. Following modes are added: Tunnel IPv6 in IPv6 Tunnel IPv4 in IPv4 Tunnel IPv4 in IPv6 Tunnel IPv6 in IPv4 Signed-off-by: Tejasree Kondoj --- app/test/test_cryptodev.c | 102 ++++++++++- app/test/test_cryptodev_security_ipsec.c | 74 +++++++- app/test/test_cryptodev_security_ipsec.h | 4 + .../test_cryptodev_security_ipsec_test_vectors.h | 202 +++++++++++++++++++++ doc/guides/rel_notes/release_22_03.rst | 5 + 5 files changed, 383 insertions(+), 4 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index a307aec..a64ed60 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9125,6 +9125,10 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], bool silent, const struct ipsec_test_flags *flags) { + uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000, + 0x0000, 0x001a}; + uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174, + 0xe82c, 0x4887}; struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; struct rte_security_capability_idx sec_cap_idx; @@ -9158,8 +9162,16 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], dst += 1; } - memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src)); - memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst)); + if (td->ipsec_xform.tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src)); + memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst)); + } else { + memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src, + sizeof(v6_src)); + memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst, + sizeof(v6_dst)); + } ctx = rte_cryptodev_get_sec_ctx(dev_id); @@ -9555,6 +9567,58 @@ test_ipsec_proto_inner_l4_csum(const void *data __rte_unused) } static int +test_ipsec_proto_tunnel_v4_in_v4(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = false; + flags.tunnel_ipv6 = false; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_v6_in_v6(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = true; + flags.tunnel_ipv6 = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_v4_in_v6(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = false; + flags.tunnel_ipv6 = true; + + return test_ipsec_proto_all(&flags); +} + +static int +test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.ipv6 = true; + flags.tunnel_ipv6 = false; + + return test_ipsec_proto_all(&flags); +} + +static int test_PDCP_PROTO_all(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -14431,6 +14495,15 @@ static struct unit_test_suite ipsec_proto_testsuite = { test_ipsec_proto_known_vec, &pkt_aes_128_cbc_hmac_sha256), TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, + &pkt_aes_128_cbc_hmac_sha256_v6), + TEST_CASE_NAMED_WITH_DATA( "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm), @@ -14451,6 +14524,15 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_128_cbc_hmac_sha256), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm_v6), + TEST_CASE_NAMED_WITH_DATA( + "Inbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec_inb, + &pkt_aes_128_cbc_hmac_sha256_v6), TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, @@ -14495,6 +14577,22 @@ static struct unit_test_suite ipsec_proto_testsuite = { "Inner L4 checksum", ut_setup_security, ut_teardown, test_ipsec_proto_inner_l4_csum), + TEST_CASE_NAMED_ST( + "Tunnel IPv4 in IPv4", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_v4_in_v4), + TEST_CASE_NAMED_ST( + "Tunnel IPv6 in IPv6", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_v6_in_v6), + TEST_CASE_NAMED_ST( + "Tunnel IPv4 in IPv6", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_v4_in_v6), + TEST_CASE_NAMED_ST( + "Tunnel IPv6 in IPv4", + ut_setup_security, ut_teardown, + test_ipsec_proto_tunnel_v6_in_v4), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 5f67dc0..12031d3 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -19,6 +19,40 @@ struct crypto_param_comb alg_list[RTE_DIM(aead_list) + (RTE_DIM(cipher_list) * RTE_DIM(auth_list))]; +static bool +is_valid_ipv4_pkt(const struct rte_ipv4_hdr *pkt) +{ + /* The IP version number must be 4 */ + if (((pkt->version_ihl) >> 4) != 4) + return false; + /* + * The IP header length field must be large enough to hold the + * minimum length legal IP datagram (20 bytes = 5 words). + */ + if ((pkt->version_ihl & 0xf) < 5) + return false; + + /* + * The IP total length field must be large enough to hold the IP + * datagram header, whose length is specified in the IP header length + * field. + */ + if (rte_cpu_to_be_16(pkt->total_length) < sizeof(struct rte_ipv4_hdr)) + return false; + + return true; +} + +static bool +is_valid_ipv6_pkt(const struct rte_ipv6_hdr *pkt) +{ + /* The IP version number must be 6 */ + if ((rte_be_to_cpu_32((pkt->vtc_flow)) >> 28) != 6) + return false; + + return true; +} + void test_ipsec_alg_list_populate(void) { @@ -320,14 +354,22 @@ test_ipsec_td_prepare(const struct crypto_param *param1, if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - memcpy(td, &pkt_aes_256_gcm, sizeof(*td)); + if (flags->ipv6) + memcpy(td, &pkt_aes_256_gcm_v6, sizeof(*td)); + else + memcpy(td, &pkt_aes_256_gcm, sizeof(*td)); td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; td->xform.aead.aead.key.length = param1->key_length; } else { /* Copy template for packet & key fields */ - memcpy(td, &pkt_aes_128_cbc_hmac_sha256, sizeof(*td)); + if (flags->ipv6) + memcpy(td, &pkt_aes_128_cbc_hmac_sha256_v6, + sizeof(*td)); + else + memcpy(td, &pkt_aes_128_cbc_hmac_sha256, + sizeof(*td)); td->aead = false; td->xform.chain.cipher.cipher.algo = param1->alg.cipher; @@ -358,6 +400,13 @@ test_ipsec_td_prepare(const struct crypto_param *param1, test_ipsec_csum_init(&td->input_text.data, false, true); } + if (flags->tunnel_ipv6) + td->ipsec_xform.tunnel.type = + RTE_SECURITY_IPSEC_TUNNEL_IPV6; + else + td->ipsec_xform.tunnel.type = + RTE_SECURITY_IPSEC_TUNNEL_IPV4; + } } @@ -686,6 +735,7 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, struct ipsec_test_data *res_d, bool silent, const struct ipsec_test_flags *flags) { + uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); int ret; if (flags->iv_gen && @@ -695,6 +745,26 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, return ret; } + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + const struct rte_ipv4_hdr *iph4; + const struct rte_ipv6_hdr *iph6; + + if (td->ipsec_xform.tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + iph4 = (const struct rte_ipv4_hdr *)output_text; + if (is_valid_ipv4_pkt(iph4) == false) { + printf("Outer header is not IPv4\n"); + return TEST_FAILED; + } + } else { + iph6 = (const struct rte_ipv6_hdr *)output_text; + if (is_valid_ipv6_pkt(iph6) == false) { + printf("Outer header is not IPv6\n"); + return TEST_FAILED; + } + } + } + /* * In case of known vector tests & all inbound tests, res_d provided * would be NULL and output data need to be validated against expected. diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index b1f0ff8..69e81ae 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -61,6 +61,8 @@ struct ipsec_test_flags { bool udp_ports_verify; bool ip_csum; bool l4_csum; + bool ipv6; + bool tunnel_ipv6; }; struct crypto_param { @@ -119,7 +121,9 @@ struct crypto_param_comb { }; extern struct ipsec_test_data pkt_aes_256_gcm; +extern struct ipsec_test_data pkt_aes_256_gcm_v6; extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256; +extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6; extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) + (RTE_DIM(cipher_list) * diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h index 16c88fe..04ccbf0 100644 --- a/app/test/test_cryptodev_security_ipsec_test_vectors.h +++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h @@ -434,6 +434,103 @@ struct ipsec_test_data pkt_aes_128_cbc_null = { }, }; +struct ipsec_test_data pkt_aes_256_gcm_v6 = { + .key = { + .data = { + 0xde, 0x12, 0xbe, 0x56, 0xde, 0xad, 0xbe, 0xef, + 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, + 0x12, 0x78, 0xbe, 0x34, 0x01, 0x02, 0x03, 0x07, + 0xaa, 0xbb, 0xcc, 0xf1, 0x08, 0x07, 0x06, 0x05, + }, + }, + .input_text = { + .data = { + 0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x38, + 0x26, 0x07, 0xf8, 0xb0, 0x40, 0x0c, 0x0c, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, + 0x20, 0x01, 0x04, 0x70, 0xe5, 0xbf, 0xde, 0xad, + 0x49, 0x57, 0x21, 0x74, 0xe8, 0x2c, 0x48, 0x87, + 0x00, 0x19, 0xf9, 0xc7, 0x95, 0x63, 0x97, 0x9c, + 0x03, 0xa0, 0x88, 0x31, 0x80, 0x12, 0xa7, 0xd6, + 0x25, 0x83, 0x00, 0x00, 0x02, 0x04, 0x05, 0x6a, + 0x01, 0x01, 0x04, 0x02, 0x01, 0x03, 0x03, 0x07, + }, + .len = 72, + }, + .output_text = { + .data = { + 0x60, 0x00, 0x00, 0x00, 0x00, 0x6c, 0x32, 0x40, + 0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34, + 0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x56, 0x78, + 0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34, + 0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x34, 0x56, + 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01, + 0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00, + 0xe7, 0xdf, 0xc4, 0x7e, 0x21, 0xbd, 0xec, 0x1b, + 0x74, 0x5a, 0xe4, 0x7e, 0x2e, 0x94, 0x21, 0x0a, + 0x9b, 0x0e, 0x59, 0xbe, 0x06, 0x2a, 0xda, 0xb8, + 0x6b, 0x48, 0x7f, 0x0b, 0x88, 0x3a, 0xa9, 0xfd, + 0x3c, 0xfe, 0x9f, 0xb1, 0x8c, 0x67, 0xd2, 0xf8, + 0xaf, 0xb5, 0xad, 0x16, 0xdb, 0xff, 0x8d, 0x50, + 0xd3, 0x48, 0xf5, 0x6c, 0x3c, 0x0c, 0x27, 0x34, + 0x2b, 0x65, 0xc8, 0xff, 0xeb, 0x5f, 0xb8, 0xff, + 0x12, 0x00, 0x1c, 0x9f, 0xb7, 0x85, 0xdd, 0x7d, + 0x40, 0x19, 0xcb, 0x18, 0xeb, 0x15, 0xc4, 0x88, + 0xe1, 0xc2, 0x91, 0xc7, 0xb1, 0x65, 0xc3, 0x27, + 0x16, 0x06, 0x8f, 0xf2, + }, + .len = 148, + }, + .salt = { + .data = { + 0x11, 0x22, 0x33, 0x44 + }, + .len = 4, + }, + + .iv = { + .data = { + 0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00, + }, + }, + + .ipsec_xform = { + .spi = 52, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .options.tunnel_hdr_verify = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6, + .replay_win_sz = 0, + }, + + .aead = true, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 32, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 12, + }, + }, + }, +}; + struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = { .key = { .data = { @@ -543,4 +640,109 @@ struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = { }, }; +struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6 = { + .key = { + .data = { + 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x0a, 0x0b, 0x0c, 0x0f, 0x00, 0x00, + }, + }, + .auth_key = { + .data = { + 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00, + 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, + 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04, + 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08, + }, + }, + .input_text = { + .data = { + 0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x38, + 0x26, 0x07, 0xf8, 0xb0, 0x40, 0x0c, 0x0c, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, + 0x20, 0x01, 0x04, 0x70, 0xe5, 0xbf, 0xde, 0xad, + 0x49, 0x57, 0x21, 0x74, 0xe8, 0x2c, 0x48, 0x87, + 0x00, 0x19, 0xf9, 0xc7, 0x95, 0x63, 0x97, 0x9c, + 0x03, 0xa0, 0x88, 0x31, 0x80, 0x12, 0xa7, 0xd6, + 0x25, 0x83, 0x00, 0x00, 0x02, 0x04, 0x05, 0x6a, + 0x01, 0x01, 0x04, 0x02, 0x01, 0x03, 0x03, 0x07, + }, + .len = 72, + }, + .output_text = { + .data = { + 0x60, 0x00, 0x00, 0x00, 0x00, 0x78, 0x32, 0x40, + 0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34, + 0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x56, 0x78, + 0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34, + 0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x34, 0x56, + 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01, + 0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00, + 0xf0, 0xc1, 0x05, 0x3c, 0x00, 0x00, 0x00, 0x00, + 0x1b, 0x1c, 0x98, 0x6e, 0x2a, 0xce, 0x61, 0xef, + 0xc1, 0xdd, 0x25, 0x96, 0x5c, 0xb1, 0xb0, 0x15, + 0x47, 0x25, 0xb7, 0x8b, 0x00, 0xb6, 0xbb, 0xe6, + 0x2e, 0x29, 0xcb, 0x4a, 0x94, 0x00, 0xf0, 0x73, + 0xdb, 0x14, 0x32, 0xd9, 0xa2, 0xdf, 0x22, 0x2f, + 0x52, 0x3e, 0x79, 0x77, 0xf3, 0x17, 0xaa, 0x40, + 0x1c, 0x57, 0x27, 0x12, 0x82, 0x44, 0x35, 0xb8, + 0x64, 0xe0, 0xaa, 0x5c, 0x10, 0xc7, 0x97, 0x35, + 0x9c, 0x6b, 0x1c, 0xf7, 0xe7, 0xbd, 0x83, 0x33, + 0x77, 0x48, 0x44, 0x7d, 0xa4, 0x13, 0x74, 0x3b, + 0x6a, 0x91, 0xd0, 0xd8, 0x7d, 0x41, 0x45, 0x23, + 0x5d, 0xc9, 0x2d, 0x08, 0x7a, 0xd8, 0x25, 0x8e, + }, + .len = 160, + }, + .iv = { + .data = { + 0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00, + 0xf0, 0xc1, 0x05, 0x3c, 0x00, 0x00, 0x00, 0x00, + }, + }, + + .ipsec_xform = { + .spi = 52, + .options.esn = 0, + .options.udp_encap = 0, + .options.copy_dscp = 0, + .options.copy_flabel = 0, + .options.copy_df = 0, + .options.dec_ttl = 0, + .options.ecn = 0, + .options.stats = 0, + .options.tunnel_hdr_verify = 0, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6, + .replay_win_sz = 0, + }, + + .aead = false, + + .xform = { + .chain.cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 16, + .iv.length = 16, + }, + }, + .chain.auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .key.length = 32, + .digest_length = 16, + }, + }, + }, +}; + #endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */ diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst index 62682d0..42f3a3c 100644 --- a/doc/guides/rel_notes/release_22_03.rst +++ b/doc/guides/rel_notes/release_22_03.rst @@ -60,6 +60,11 @@ New Features * Added support for chained operations. * Added AES-CBC 128 NULL auth known vector tests. * Added AES-CBC 128 HMAC-SHA256 known vector tests. + * Added tunnel mode tests + * IPv6 in IPv6 + * IPv4 in IPv4 + * IPv4 in IPv6 + * IPv6 in IPv4 Removed Items -- 2.7.4