DPDK patches and discussions
 help / color / mirror / Atom feed
From: Archana Muniganti <marchana@marvell.com>
To: <gakhil@marvell.com>, <radu.nicolau@intel.com>,
	<roy.fan.zhang@intel.com>,  <hemant.agrawal@nxp.com>,
	<konstantin.ananyev@intel.com>
Cc: Archana Muniganti <marchana@marvell.com>, <anoobj@marvell.com>,
	<ktejasree@marvell.com>, <adwivedi@marvell.com>,
	<jerinj@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 3/3] test/crypto: add AH AES-GMAC test vectors
Date: Fri, 8 Apr 2022 15:46:25 +0530	[thread overview]
Message-ID: <20220408101625.12020-4-marchana@marvell.com> (raw)
In-Reply-To: <20220408101625.12020-1-marchana@marvell.com>

Added AES_GMAC test vectors along with combined mode support.

Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
 app/test/test_cryptodev.c                     |  26 +++-
 app/test/test_cryptodev_security_ipsec.c      |  12 ++
 app/test/test_cryptodev_security_ipsec.h      |   9 ++
 ...st_cryptodev_security_ipsec_test_vectors.h | 116 ++++++++++++++++++
 doc/guides/rel_notes/release_22_03.rst        |   1 +
 5 files changed, 160 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index e152d45e1c..f444144cc6 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9294,9 +9294,12 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
 	};
 
-	if (td[0].aead) {
+	if (td[0].aead || td[0].aes_gmac) {
 		salt_len = RTE_MIN(sizeof(ipsec_xform.salt), td[0].salt.len);
 		memcpy(&ipsec_xform.salt, td[0].salt.data, salt_len);
+	}
+
+	if (td[0].aead) {
 		sess_conf.ipsec = ipsec_xform;
 		sess_conf.crypto_xform = &ut_params->aead_xform;
 	} else if (td[0].auth_only) {
@@ -9377,6 +9380,8 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 
 			if (td[i].aead)
 				len = td[i].xform.aead.aead.iv.length;
+			else if (td[i].aes_gmac)
+				len = td[i].xform.chain.auth.auth.iv.length;
 			else
 				len = td[i].xform.chain.cipher.cipher.iv.length;
 
@@ -9435,9 +9440,9 @@ test_ipsec_proto_known_vec(const void *test_data)
 
 	memcpy(&td_outb, test_data, sizeof(td_outb));
 
-	if ((td_outb.ipsec_xform.proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) &&
-	    (td_outb.aead || (td_outb.xform.chain.cipher.cipher.algo !=
-			RTE_CRYPTO_CIPHER_NULL))) {
+	if (td_outb.aes_gmac || td_outb.aead ||
+	    ((td_outb.ipsec_xform.proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) &&
+	     (td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL))) {
 		/* Disable IV gen to be able to test with known vectors */
 		td_outb.ipsec_xform.options.iv_gen_disable = 1;
 	}
@@ -9506,6 +9511,9 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
 			cipher_alg = td_outb->xform.chain.cipher.cipher.algo;
 			auth_alg = td_outb->xform.chain.auth.auth.algo;
 
+			if (td_outb->aes_gmac && cipher_alg != RTE_CRYPTO_CIPHER_NULL)
+				continue;
+
 			/* ICV is not applicable for NULL auth */
 			if (flags->icv_corrupt &&
 			    auth_alg == RTE_CRYPTO_AUTH_NULL)
@@ -15097,6 +15105,11 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec,
 			&pkt_ah_transport_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (AH transport mode IPv4 AES-GMAC 128)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec,
+			&pkt_ah_ipv4_aes_gmac_128),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Outbound fragmented packet",
 			ut_setup_security, ut_teardown,
@@ -15157,6 +15170,11 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec_inb,
 			&pkt_ah_transport_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (AH transport mode IPv4 AES-GMAC 128)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb,
+			&pkt_ah_ipv4_aes_gmac_128),
 		TEST_CASE_NAMED_ST(
 			"Combined test alg list",
 			ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 6098c3edc3..14c6ba681f 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -412,6 +412,12 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
 				td->xform.chain.auth.auth.digest_length =
 						param1->digest_length;
 				td->auth_only = true;
+
+				if (td->xform.chain.auth.auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+					td->xform.chain.auth.auth.iv.length =
+						param1->iv_length;
+					td->aes_gmac = true;
+				}
 			} else {
 				td->xform.chain.cipher.cipher.algo =
 						param1->alg.cipher;
@@ -425,6 +431,12 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
 						param2->key_length;
 				td->xform.chain.auth.auth.digest_length =
 						param2->digest_length;
+
+				if (td->xform.chain.auth.auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+					td->xform.chain.auth.auth.iv.length =
+						param2->iv_length;
+					td->aes_gmac = true;
+				}
 			}
 		}
 
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index fa7bb06022..0d9b5b6e2e 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -41,6 +41,8 @@ struct ipsec_test_data {
 
 	bool aead;
 
+	bool aes_gmac;
+
 	bool auth_only;
 
 	/* Antireplay packet */
@@ -186,6 +188,13 @@ static const struct crypto_param auth_list[] = {
 		.key_length = 16,
 		.digest_length = 12,
 	},
+	{
+		.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+		.alg.auth =  RTE_CRYPTO_AUTH_AES_GMAC,
+		.key_length = 16,
+		.digest_length = 16,
+		.iv_length = 12,
+	},
 };
 
 struct crypto_param_comb {
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index f50986e9b4..5c5b0445ee 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -1363,4 +1363,120 @@ struct ipsec_test_data pkt_ah_transport_sha256 = {
 	},
 };
 
+struct ipsec_test_data pkt_ah_ipv4_aes_gmac_128 = {
+	.auth_key = {
+		.data = {
+			0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,
+			0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* IP */
+			0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
+			0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,
+			0xc0, 0xa8, 0xde, 0x02,
+
+			/* ICMP */
+			0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+			0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b,
+		},
+		.len = 128,
+	},
+	.output_text = {
+		.data = {
+			/* IP outer header */
+			0x45, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00,
+			0x40, 0x33, 0xab, 0xd1, 0xc0, 0xa8, 0x6f, 0x02,
+			0xc0, 0xa8, 0xde, 0x02,
+
+			/* AH */
+			0x01, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+			0x00, 0x00, 0x00, 0x01,
+			0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			0xd6, 0x0e, 0xcc, 0x22, 0x31, 0x79, 0x59, 0x72,
+			0x68, 0xc9, 0x58, 0xfb, 0x8b, 0xb0, 0xbb, 0xd5,
+
+			/* ICMP */
+			0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+			0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b,
+		},
+		.len = 164,
+	},
+	.salt = {
+		.data = {
+			0xca, 0xfe, 0xba, 0xbe,
+		},
+		.len = 4,
+	},
+
+	.iv = {
+		.data = {
+			0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+	},
+
+	.ipsec_xform = {
+		.spi = 0x7b,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.options.ip_csum_enable = 0,
+		.options.l4_csum_enable = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+	.aes_gmac = true,
+	.auth_only = true,
+
+	.xform = {
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_AES_GMAC,
+				.key.length = 16,
+				.digest_length = 16,
+				.iv.length = 12,
+				.iv.offset = IV_OFFSET,
+			},
+		},
+	},
+};
+
 #endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index 8874440af2..d5ce99c1f3 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -194,6 +194,7 @@ New Features
 
   * Added tests to verify IPSec AH in combined mode.
   * Added AH known test vectors for SHA256 HMAC.
+  * Added AH known test vectors for AES-GMAC along with combined mode.
 
 Removed Items
 -------------
-- 
2.22.0


  parent reply	other threads:[~2022-04-08 10:17 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-08 10:16 [PATCH 0/3] add IPsec AH test cases Archana Muniganti
2022-04-08 10:16 ` [PATCH 1/3] test/crypto: add AH under combined mode UT Archana Muniganti
2022-04-08 10:16 ` [PATCH 2/3] test/crypto: add AH test vectors Archana Muniganti
2022-04-08 10:16 ` Archana Muniganti [this message]
2022-04-16 19:13 ` [PATCH 0/3] add IPsec AH test cases Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220408101625.12020-4-marchana@marvell.com \
    --to=marchana@marvell.com \
    --cc=adwivedi@marvell.com \
    --cc=anoobj@marvell.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=hemant.agrawal@nxp.com \
    --cc=jerinj@marvell.com \
    --cc=konstantin.ananyev@intel.com \
    --cc=ktejasree@marvell.com \
    --cc=radu.nicolau@intel.com \
    --cc=roy.fan.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).