From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 70E3342C5A; Thu, 8 Jun 2023 08:56:05 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A055542D3D; Thu, 8 Jun 2023 08:55:36 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 86B8A427E9 for ; Thu, 8 Jun 2023 08:55:32 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 357LwAdc023531; Wed, 7 Jun 2023 23:55:28 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=9vWB4HFHTI/raG/K2iTBCHT1fYmJu84ImOh4fllrxTo=; b=WbGW/tdKDwEFRKzEBCybZa3kc8/VisEP2hoD3YdIUer9G7+4KYe3BK+MDY9UCD2yYmzG QSvi9iQ137r03Vyh0kDKwzBwcVprSk+1+ytshhjnZUEcwaYvfAUkbV6rLJFSkPt1F4kv yyaAsBg1oWcFY0QMRano3vVXQYzeu9sYPtr/n8w9KmiYFWgm7O4wn+KuUfNl2NoKdx88 SOO0Nc1KssL/VIq5uI+4K3XazIcM1r5XEIZF7cwd6xkuOGEfFW0lfs+f/TL2toqSJuO2 ZKpi0r7T7D+Hx5tB67pDyLb2qQLD82CABghIJ4YPSulZ+wgdEkskt5uTUOpXWIHn2mck Ww== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r329c1jsf-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Jun 2023 23:55:28 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 7 Jun 2023 23:55:27 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 7 Jun 2023 23:55:27 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id D59543F7057; Wed, 7 Jun 2023 23:55:23 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Subject: [PATCH v3 06/13] test/security: add MACsec VLAN cases Date: Thu, 8 Jun 2023 12:24:51 +0530 Message-ID: <20230608065458.333670-7-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230608065458.333670-1-gakhil@marvell.com> References: <20230607151940.223417-1-gakhil@marvell.com> <20230608065458.333670-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: MpduHbJAhRlqDR05wrKRGhyrK6MJEEck X-Proofpoint-ORIG-GUID: MpduHbJAhRlqDR05wrKRGhyrK6MJEEck X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-08_04,2023-06-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added cases to verify MACsec processing with VLAN tags inserted. Vectors are added to verify 1/2/3 VLAN tags in clear or encrypted data. Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 67 ++++++ .../test_security_inline_macsec_vectors.h | 217 ++++++++++++++++++ 2 files changed, 284 insertions(+) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 621074a928..854ead75a0 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -1119,6 +1119,69 @@ test_inline_macsec_multi_flow(const void *data __rte_unused) return err; } +static int +test_inline_macsec_with_vlan(const void *data __rte_unused) +{ + const struct mcs_test_vector *cur_td; + struct mcs_test_opts opts = {0}; + int err, all_err = 0; + int i, size; + + opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; + opts.protect_frames = true; + opts.sa_in_use = 1; + opts.nb_td = 1; + opts.mtu = RTE_ETHER_MTU; + + size = (sizeof(list_mcs_vlan_vectors) / sizeof((list_mcs_vlan_vectors)[0])); + + for (i = 0; i < size; i++) { + cur_td = &list_mcs_vlan_vectors[i]; + if (i == 0) { + opts.sectag_insert_mode = 1; + } else if (i == 1) { + opts.sectag_insert_mode = 0; /* offset from special E-type */ + opts.nb_vlan = 1; + } else if (i == 2) { + opts.sectag_insert_mode = 0; /* offset from special E-type */ + opts.nb_vlan = 2; + } + err = test_macsec(&cur_td, MCS_ENCAP, &opts); + if (err) { + printf("\n VLAN Encap case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\n VLAN Encap case %d passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + for (i = 0; i < size; i++) { + cur_td = &list_mcs_vlan_vectors[i]; + if (i == 0) { + opts.sectag_insert_mode = 1; + } else if (i == 1) { + opts.sectag_insert_mode = 0; /* offset from special E-type */ + opts.nb_vlan = 1; + } else if (i == 2) { + opts.sectag_insert_mode = 0; /* offset from special E-type */ + opts.nb_vlan = 2; + } + err = test_macsec(&cur_td, MCS_DECAP, &opts); + if (err) { + printf("\n VLAN Decap case %d failed", cur_td->test_idx); + err = -1; + } else { + printf("\n VLAN Decap case %d passed", cur_td->test_idx); + err = 0; + } + all_err += err; + } + + printf("\n%s: Success: %d, Failure: %d\n", __func__, (2 * size) + all_err, -all_err); + return all_err; +} + static int ut_setup_inline_macsec(void) { @@ -1292,6 +1355,10 @@ static struct unit_test_suite inline_macsec_testsuite = { "MACsec auth + verify known vector", ut_setup_inline_macsec, ut_teardown_inline_macsec, test_inline_macsec_auth_verify_all), + TEST_CASE_NAMED_ST( + "MACsec Encap and decap with VLAN", + ut_setup_inline_macsec, ut_teardown_inline_macsec, + test_inline_macsec_with_vlan), TEST_CASES_END() /**< NULL terminate unit test array */ }, diff --git a/app/test/test_security_inline_macsec_vectors.h b/app/test/test_security_inline_macsec_vectors.h index 8d9c2cae77..4bcb82783c 100644 --- a/app/test/test_security_inline_macsec_vectors.h +++ b/app/test/test_security_inline_macsec_vectors.h @@ -2185,5 +2185,222 @@ uint8_t secure_user_data[MCS_MULTI_FLOW_TD_SECURE_DATA_SZ] = { 0x2A, 0x5D, 0x6C, 0x2B, 0x96, 0x04, 0x94, 0xC3, }; +static const struct mcs_test_vector list_mcs_vlan_vectors[] = { +/* No clear tag, VLAN after macsec header */ +{ + .test_idx = 1, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* User Data with VLAN Tag */ + 0x81, 0x00, 0x00, 0x02, 0x08, 0x00, 0x45, 0x00, + 0x00, 0x54, 0xF2, 0xFA, 0x40, 0x00, 0x40, 0x01, + 0xF7, 0x83, 0x14, 0x14, 0x14, 0x02, 0x14, 0x14, + 0x14, 0x01, 0x08, 0x00, 0xE9, 0xC5, 0x02, 0xAF, + 0x00, 0x01, 0xCB, 0x51, 0x6D, 0x38, 0x00, 0x00, + 0x00, 0x00, 0x13, 0x2D, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, + 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, + 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, + 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, + 0x36, 0x37, + }, + .len = 102, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x20, + /* SL */ + 0x00, + /* PN */ + 0x00, 0x00, 0x00, 0x06, + /* SCI */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01, + /* Secure Data */ + 0x81, 0x00, 0x00, 0x02, 0x08, 0x00, 0x45, 0x00, + 0x00, 0x54, 0xF2, 0xFA, 0x40, 0x00, 0x40, 0x01, + 0xF7, 0x83, 0x14, 0x14, 0x14, 0x02, 0x14, 0x14, + 0x14, 0x01, 0x08, 0x00, 0xE9, 0xC5, 0x02, 0xAF, + 0x00, 0x01, 0xCB, 0x51, 0x6D, 0x38, 0x00, 0x00, + 0x00, 0x00, 0x13, 0x2D, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, + 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, + 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, + 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, + 0x36, 0x37, + /* ICV */ + 0x21, 0x68, 0xF1, 0x21, 0x19, 0xB7, 0xDF, 0x73, + 0x6F, 0x2A, 0x11, 0xEA, 0x8A, 0xBC, 0x8A, 0x79, + }, + .len = 134, + }, +}, +/* 1 vlan tag followed by MACsec */ +{ + .test_idx = 2, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* User Data */ + 0x81, 0x00, 0x00, 0x02, + 0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x88, 0x71, + 0x40, 0x00, 0x40, 0x01, 0x62, 0x0D, 0x14, 0x14, + 0x14, 0x02, 0x14, 0x14, 0x14, 0x01, 0x08, 0x00, + 0x77, 0xA6, 0x02, 0xB3, 0x00, 0x01, 0xBE, 0x52, + 0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x8C, 0x47, + 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, + 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, + 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, + 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, + 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, + 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + }, + .len = 102, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* VLAN Tag before MACsec */ + 0x81, 0x00, 0x00, 0x02, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x20, + /* SL */ + 0x00, + /* PN */ + 0x00, 0x00, 0x00, 0x07, + /* SCI */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01, + /* Secure Data */ + 0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x88, 0x71, + 0x40, 0x00, 0x40, 0x01, 0x62, 0x0D, 0x14, 0x14, + 0x14, 0x02, 0x14, 0x14, 0x14, 0x01, 0x08, 0x00, + 0x77, 0xA6, 0x02, 0xB3, 0x00, 0x01, 0xBE, 0x52, + 0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x8C, 0x47, + 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, + 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, + 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, + 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, + 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, + 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + /* ICV */ + 0xF1, 0xC0, 0xA2, 0x6E, 0x99, 0xE5, 0xAB, 0x97, + 0x78, 0x79, 0x7D, 0x13, 0x35, 0x5E, 0x39, 0x4F, + }, + .len = 134, + }, +}, +/* 2 vlan tag followed by MACsec */ +{ + .test_idx = 3, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .ssci = 0, + .xpn = 0, /* Most significant 32 bits */ + .salt = {0}, + .sa_key = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + }, + .len = 16, + }, + .plain_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* User Data */ + 0x88, 0xA8, 0x00, 0x04, 0x81, 0x00, 0x00, 0x02, + 0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x70, 0x5B, + 0x40, 0x00, 0x40, 0x01, 0x29, 0xF9, 0x28, 0x28, + 0x28, 0x04, 0x28, 0x28, 0x28, 0x01, 0x08, 0x00, + 0x08, 0x02, 0x02, 0xE2, 0x00, 0x01, 0x60, 0x58, + 0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x5C, 0xB7, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, + 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, + 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, + 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, + 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, + 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + }, + .len = 106, + }, + .secure_pkt = { + .data = {/* MAC DA */ + 0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43, + /* MAC SA */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, + /* VLAN Tags before MACsec */ + 0x88, 0xA8, 0x00, 0x04, + 0x81, 0x00, 0x00, 0x02, + /* MACsec EtherType */ + 0x88, 0xE5, + /* TCI and AN */ + 0x20, + /* SL */ + 0x00, + /* PN */ + 0x00, 0x00, 0x00, 0x0E, + /* SCI */ + 0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01, + /* Secure Data */ + 0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x70, 0x5B, + 0x40, 0x00, 0x40, 0x01, 0x29, 0xF9, 0x28, 0x28, + 0x28, 0x04, 0x28, 0x28, 0x28, 0x01, 0x08, 0x00, + 0x08, 0x02, 0x02, 0xE2, 0x00, 0x01, 0x60, 0x58, + 0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x5C, 0xB7, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, + 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, + 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, + 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, + 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, + 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + /* ICV */ + 0xCC, 0x38, 0x21, 0x3A, 0xEE, 0x5F, 0xE3, 0x7F, + 0xA1, 0xBA, 0xBD, 0xBD, 0x65, 0x5B, 0xB3, 0xE5, + }, + .len = 138, + }, +}, +}; + + #endif -- 2.25.1