From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
Declan Doherty <declan.doherty@intel.com>,
Fan Zhang <roy.fan.zhang@intel.com>,
"Pablo de Lara" <pablo.de.lara.guarch@intel.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Archana Muniganti <marchana@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
"Radu Nicolau" <radu.nicolau@intel.com>,
Ciara Power <ciara.power@intel.com>,
Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org>
Subject: [PATCH v2 12/13] test/crypto: add aes xcbc known vectors
Date: Mon, 6 Dec 2021 16:37:59 +0530 [thread overview]
Message-ID: <1638788880-650-13-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1638788880-650-1-git-send-email-anoobj@marvell.com>
Add known vector test cases for NULL cipher + AES-XCBC. Also add both
algos to the combined mode list of algos.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
app/test/test_cryptodev.c | 38 +++++++--
app/test/test_cryptodev_security_ipsec.c | 2 +
app/test/test_cryptodev_security_ipsec.h | 17 ++++
.../test_cryptodev_security_ipsec_test_vectors.h | 90 ++++++++++++++++++++++
doc/guides/rel_notes/release_22_03.rst | 1 +
5 files changed, 142 insertions(+), 6 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 0ab4ca7..203b4a4 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9368,8 +9368,11 @@ test_ipsec_proto_known_vec(const void *test_data)
memcpy(&td_outb, test_data, sizeof(td_outb));
- /* Disable IV gen to be able to test with known vectors */
- td_outb.ipsec_xform.options.iv_gen_disable = 1;
+ if (td_outb.aead ||
+ td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL) {
+ /* Disable IV gen to be able to test with known vectors */
+ td_outb.ipsec_xform.options.iv_gen_disable = 1;
+ }
return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags);
}
@@ -9428,10 +9431,23 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags)
td_outb,
nb_pkts);
- if (flags->icv_corrupt && (td_outb->aead == false) &&
- (td_outb->xform.chain.auth.auth.algo ==
- RTE_CRYPTO_AUTH_NULL))
- continue;
+ if (!td_outb->aead) {
+ enum rte_crypto_cipher_algorithm cipher_alg;
+ enum rte_crypto_auth_algorithm auth_alg;
+
+ cipher_alg = td_outb->xform.chain.cipher.cipher.algo;
+ auth_alg = td_outb->xform.chain.auth.auth.algo;
+
+ /* ICV is not applicable for NULL auth */
+ if (flags->icv_corrupt &&
+ auth_alg == RTE_CRYPTO_AUTH_NULL)
+ continue;
+
+ /* IV is not applicable for NULL cipher */
+ if (flags->iv_gen &&
+ cipher_alg == RTE_CRYPTO_CIPHER_NULL)
+ continue;
+ }
ret = test_ipsec_proto_process(td_outb, td_inb, nb_pkts, true,
flags);
@@ -14582,6 +14598,11 @@ static struct unit_test_suite ipsec_proto_testsuite = {
test_ipsec_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_null_aes_xcbc),
+ TEST_CASE_NAMED_WITH_DATA(
"Outbound fragmented packet",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_fragmented,
@@ -14626,6 +14647,11 @@ static struct unit_test_suite ipsec_proto_testsuite = {
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb,
&pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv4 NULL AES-XCBC-MAC [12B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_null_aes_xcbc),
TEST_CASE_NAMED_ST(
"Combined test alg list",
ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 832f9d8..94e5213 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -375,6 +375,8 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
td->xform.chain.cipher.cipher.key.length =
param1->key_length;
+ td->xform.chain.cipher.cipher.iv.length =
+ param1->iv_length;
td->xform.chain.auth.auth.algo = param2->alg.auth;
td->xform.chain.auth.auth.key.length =
param2->key_length;
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index 3376d08..6e27eba 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -76,6 +76,7 @@ struct crypto_param {
enum rte_crypto_aead_algorithm aead;
} alg;
uint16_t key_length;
+ uint16_t iv_length;
uint16_t digest_length;
};
@@ -100,23 +101,33 @@ static const struct crypto_param aead_list[] = {
static const struct crypto_param cipher_list[] = {
{
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .alg.cipher = RTE_CRYPTO_CIPHER_NULL,
+ .key_length = 0,
+ .iv_length = 0,
+ },
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
.alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC,
.key_length = 16,
+ .iv_length = 16,
},
{
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
.alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
.key_length = 16,
+ .iv_length = 16,
},
{
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
.alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
.key_length = 24,
+ .iv_length = 16,
},
{
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
.alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR,
.key_length = 32,
+ .iv_length = 16,
},
};
@@ -143,6 +154,12 @@ static const struct crypto_param auth_list[] = {
.key_length = 64,
.digest_length = 32,
},
+ {
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .key_length = 16,
+ .digest_length = 12,
+ },
};
struct crypto_param_comb {
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index b6d48ad..85cd6c5 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -1062,4 +1062,94 @@ struct ipsec_test_data pkt_aes_128_gcm_frag = {
},
};
+struct ipsec_test_data pkt_null_aes_xcbc = {
+ .auth_key = {
+ .data = {
+ 0x61, 0x31, 0x62, 0x32, 0x63, 0x33, 0x64, 0x34,
+ 0x65, 0x35, 0x66, 0x36, 0x67, 0x37, 0x68, 0x38,
+ },
+ },
+ .input_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x2f, 0x49, 0x37, 0x00, 0x00,
+ 0x40, 0x11, 0x22, 0x84, 0x0d, 0x00, 0x00, 0x02,
+ 0x02, 0x00, 0x00, 0x02, 0x08, 0x00, 0x08, 0x00,
+ 0x00, 0x1b, 0x6d, 0x99, 0x58, 0x58, 0x58, 0x58,
+ 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+ 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+ },
+ .len = 47,
+ },
+ .output_text = {
+ .data = {
+ /* IP */
+ 0x45, 0x00, 0x00, 0x5c, 0x06, 0x00, 0x00, 0x00,
+ 0x40, 0x32, 0x13, 0x6c, 0x0a, 0x00, 0x6f, 0x02,
+ 0x0a, 0x00, 0xde, 0x02,
+
+ /* ESP */
+ 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01,
+
+ /* IP */
+ 0x45, 0x00, 0x00, 0x2f, 0x49, 0x37, 0x00, 0x00,
+ 0x40, 0x11, 0x22, 0x84, 0x0d, 0x00, 0x00, 0x02,
+ 0x02, 0x00, 0x00, 0x02, 0x08, 0x00, 0x08, 0x00,
+ 0x00, 0x1b, 0x6d, 0x99, 0x58, 0x58, 0x58, 0x58,
+ 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+ 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+
+ /* ESP trailer */
+ 0x01, 0x02, 0x03, 0x03, 0x04,
+
+ /* ICV */
+ 0xf1, 0x52, 0x64, 0xd1, 0x9b, 0x62, 0x24, 0xdd,
+ 0xcc, 0x14, 0xf5, 0xc1,
+ },
+ .len = 92,
+ },
+ .ipsec_xform = {
+ .spi = 0x100,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .options.ip_csum_enable = 0,
+ .options.l4_csum_enable = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+ .replay_win_sz = 0,
+ },
+ .aead = false,
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_NULL,
+ .key.length = 0,
+ .iv.length = 0,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .key.length = 16,
+ .digest_length = 12,
+ },
+ },
+ },
+};
+
#endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index db5ec20..a7d0e53 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -62,6 +62,7 @@ New Features
* Added AES-CBC 128 HMAC-SHA256 known vector tests.
* Added AES-CBC 128 HMAC-SHA384 known vector tests.
* Added AES-CBC 128 HMAC-SHA512 known vector tests.
+ * Added NULL cipher AES-XCBC known vector tests.
* Added tunnel mode tests
* IPv6 in IPv6
* IPv4 in IPv4
--
2.7.4
next prev parent reply other threads:[~2021-12-06 11:09 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-06 7:58 [PATCH 00/13] Add new cases to lookaside IPsec tests Anoob Joseph
2021-12-06 7:58 ` [PATCH 01/13] test/crypto: add IPsec aes-cbc known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 " Anoob Joseph
2021-12-06 7:58 ` [PATCH 03/13] test/crypto: add chained operations in combined cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 04/13] test/crypto: add IPv6 tunnel mode cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 06/13] test/crypto: add IPsec fragmented packet " Anoob Joseph
2021-12-06 7:58 ` [PATCH 07/13] test/crypto: add transport mode cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 08/13] test/crypto: add security stats cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 09/13] test/crypto: add lookaside IPsec AES-CTR known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 10/13] test/crypto: add fragmented packet case Anoob Joseph
2021-12-06 7:58 ` [PATCH 11/13] test/crypto: skip null auth in ICV corrupt case Anoob Joseph
2021-12-06 7:58 ` [PATCH 12/13] test/crypto: add aes xcbc known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 13/13] test/crypto: add copy and set DF cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 00/13] Add new cases to lookaside IPsec tests Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 01/13] test/crypto: add IPsec aes-cbc known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 " Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 03/13] test/crypto: add chained operations in combined cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 04/13] test/crypto: add IPv6 tunnel mode cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 06/13] test/crypto: add IPsec fragmented packet " Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 07/13] test/crypto: add transport mode cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 08/13] test/crypto: add security stats cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 09/13] test/crypto: add lookaside IPsec AES-CTR known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 10/13] test/crypto: add fragmented packet case Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 11/13] test/crypto: skip null auth in ICV corrupt case Anoob Joseph
2021-12-06 11:07 ` Anoob Joseph [this message]
2021-12-06 11:08 ` [PATCH v2 13/13] test/crypto: add copy and set DF cases Anoob Joseph
2022-01-21 11:02 ` [PATCH v2 00/13] Add new cases to lookaside IPsec tests Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1638788880-650-13-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=ciara.power@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=g.singh@nxp.com \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
--cc=marchana@marvell.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.