From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
Declan Doherty <declan.doherty@intel.com>,
Fan Zhang <roy.fan.zhang@intel.com>,
"Pablo de Lara" <pablo.de.lara.guarch@intel.com>
Cc: Tejasree Kondoj <ktejasree@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Archana Muniganti <marchana@marvell.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
Radu Nicolau <radu.nicolau@intel.com>,
Ciara Power <ciara.power@intel.com>,
Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org>
Subject: [PATCH v2 04/13] test/crypto: add IPv6 tunnel mode cases
Date: Mon, 6 Dec 2021 16:37:51 +0530 [thread overview]
Message-ID: <1638788880-650-5-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1638788880-650-1-git-send-email-anoobj@marvell.com>
From: Tejasree Kondoj <ktejasree@marvell.com>
Add IPv6 known vector and combined mode tests.
Following modes are added:
Tunnel IPv6 in IPv6
Tunnel IPv4 in IPv4
Tunnel IPv4 in IPv6
Tunnel IPv6 in IPv4
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
app/test/test_cryptodev.c | 102 ++++++++++-
app/test/test_cryptodev_security_ipsec.c | 74 +++++++-
app/test/test_cryptodev_security_ipsec.h | 4 +
.../test_cryptodev_security_ipsec_test_vectors.h | 202 +++++++++++++++++++++
doc/guides/rel_notes/release_22_03.rst | 5 +
5 files changed, 383 insertions(+), 4 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index a307aec..a64ed60 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9125,6 +9125,10 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
bool silent,
const struct ipsec_test_flags *flags)
{
+ uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000,
+ 0x0000, 0x001a};
+ uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174,
+ 0xe82c, 0x4887};
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
struct rte_security_capability_idx sec_cap_idx;
@@ -9158,8 +9162,16 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
dst += 1;
}
- memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
- memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ memcpy(&ipsec_xform.tunnel.ipv4.src_ip, &src, sizeof(src));
+ memcpy(&ipsec_xform.tunnel.ipv4.dst_ip, &dst, sizeof(dst));
+ } else {
+ memcpy(&ipsec_xform.tunnel.ipv6.src_addr, &v6_src,
+ sizeof(v6_src));
+ memcpy(&ipsec_xform.tunnel.ipv6.dst_addr, &v6_dst,
+ sizeof(v6_dst));
+ }
ctx = rte_cryptodev_get_sec_ctx(dev_id);
@@ -9555,6 +9567,58 @@ test_ipsec_proto_inner_l4_csum(const void *data __rte_unused)
}
static int
+test_ipsec_proto_tunnel_v4_in_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.tunnel_ipv6 = false;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v6(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v4_in_v6(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = false;
+ flags.tunnel_ipv6 = true;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
+test_ipsec_proto_tunnel_v6_in_v4(const void *data __rte_unused)
+{
+ struct ipsec_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.ipv6 = true;
+ flags.tunnel_ipv6 = false;
+
+ return test_ipsec_proto_all(&flags);
+}
+
+static int
test_PDCP_PROTO_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -14431,6 +14495,15 @@ static struct unit_test_suite ipsec_proto_testsuite = {
test_ipsec_proto_known_vec,
&pkt_aes_128_cbc_hmac_sha256),
TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec, &pkt_aes_256_gcm_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Outbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec,
+ &pkt_aes_128_cbc_hmac_sha256_v6),
+ TEST_CASE_NAMED_WITH_DATA(
"Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)",
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm),
@@ -14451,6 +14524,15 @@ static struct unit_test_suite ipsec_proto_testsuite = {
ut_setup_security, ut_teardown,
test_ipsec_proto_known_vec_inb,
&pkt_aes_128_cbc_hmac_sha256),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 AES-GCM 128)",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb, &pkt_aes_256_gcm_v6),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Inbound known vector (ESP tunnel mode IPv6 AES-CBC 128 HMAC-SHA256 [16B ICV])",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_known_vec_inb,
+ &pkt_aes_128_cbc_hmac_sha256_v6),
TEST_CASE_NAMED_ST(
"Combined test alg list",
ut_setup_security, ut_teardown,
@@ -14495,6 +14577,22 @@ static struct unit_test_suite ipsec_proto_testsuite = {
"Inner L4 checksum",
ut_setup_security, ut_teardown,
test_ipsec_proto_inner_l4_csum),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv4 in IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v4_in_v4),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv6 in IPv6",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v6_in_v6),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv4 in IPv6",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v4_in_v6),
+ TEST_CASE_NAMED_ST(
+ "Tunnel IPv6 in IPv4",
+ ut_setup_security, ut_teardown,
+ test_ipsec_proto_tunnel_v6_in_v4),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c
index 5f67dc0..12031d3 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -19,6 +19,40 @@ struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
(RTE_DIM(cipher_list) *
RTE_DIM(auth_list))];
+static bool
+is_valid_ipv4_pkt(const struct rte_ipv4_hdr *pkt)
+{
+ /* The IP version number must be 4 */
+ if (((pkt->version_ihl) >> 4) != 4)
+ return false;
+ /*
+ * The IP header length field must be large enough to hold the
+ * minimum length legal IP datagram (20 bytes = 5 words).
+ */
+ if ((pkt->version_ihl & 0xf) < 5)
+ return false;
+
+ /*
+ * The IP total length field must be large enough to hold the IP
+ * datagram header, whose length is specified in the IP header length
+ * field.
+ */
+ if (rte_cpu_to_be_16(pkt->total_length) < sizeof(struct rte_ipv4_hdr))
+ return false;
+
+ return true;
+}
+
+static bool
+is_valid_ipv6_pkt(const struct rte_ipv6_hdr *pkt)
+{
+ /* The IP version number must be 6 */
+ if ((rte_be_to_cpu_32((pkt->vtc_flow)) >> 28) != 6)
+ return false;
+
+ return true;
+}
+
void
test_ipsec_alg_list_populate(void)
{
@@ -320,14 +354,22 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
/* Copy template for packet & key fields */
- memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
+ if (flags->ipv6)
+ memcpy(td, &pkt_aes_256_gcm_v6, sizeof(*td));
+ else
+ memcpy(td, &pkt_aes_256_gcm, sizeof(*td));
td->aead = true;
td->xform.aead.aead.algo = param1->alg.aead;
td->xform.aead.aead.key.length = param1->key_length;
} else {
/* Copy template for packet & key fields */
- memcpy(td, &pkt_aes_128_cbc_hmac_sha256, sizeof(*td));
+ if (flags->ipv6)
+ memcpy(td, &pkt_aes_128_cbc_hmac_sha256_v6,
+ sizeof(*td));
+ else
+ memcpy(td, &pkt_aes_128_cbc_hmac_sha256,
+ sizeof(*td));
td->aead = false;
td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
@@ -358,6 +400,13 @@ test_ipsec_td_prepare(const struct crypto_param *param1,
test_ipsec_csum_init(&td->input_text.data, false, true);
}
+ if (flags->tunnel_ipv6)
+ td->ipsec_xform.tunnel.type =
+ RTE_SECURITY_IPSEC_TUNNEL_IPV6;
+ else
+ td->ipsec_xform.tunnel.type =
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4;
+
}
}
@@ -686,6 +735,7 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
struct ipsec_test_data *res_d, bool silent,
const struct ipsec_test_flags *flags)
{
+ uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *);
int ret;
if (flags->iv_gen &&
@@ -695,6 +745,26 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td,
return ret;
}
+ if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ const struct rte_ipv4_hdr *iph4;
+ const struct rte_ipv6_hdr *iph6;
+
+ if (td->ipsec_xform.tunnel.type ==
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ iph4 = (const struct rte_ipv4_hdr *)output_text;
+ if (is_valid_ipv4_pkt(iph4) == false) {
+ printf("Outer header is not IPv4\n");
+ return TEST_FAILED;
+ }
+ } else {
+ iph6 = (const struct rte_ipv6_hdr *)output_text;
+ if (is_valid_ipv6_pkt(iph6) == false) {
+ printf("Outer header is not IPv6\n");
+ return TEST_FAILED;
+ }
+ }
+ }
+
/*
* In case of known vector tests & all inbound tests, res_d provided
* would be NULL and output data need to be validated against expected.
diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h
index b1f0ff8..69e81ae 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -61,6 +61,8 @@ struct ipsec_test_flags {
bool udp_ports_verify;
bool ip_csum;
bool l4_csum;
+ bool ipv6;
+ bool tunnel_ipv6;
};
struct crypto_param {
@@ -119,7 +121,9 @@ struct crypto_param_comb {
};
extern struct ipsec_test_data pkt_aes_256_gcm;
+extern struct ipsec_test_data pkt_aes_256_gcm_v6;
extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256;
+extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6;
extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) +
(RTE_DIM(cipher_list) *
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index 16c88fe..04ccbf0 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -434,6 +434,103 @@ struct ipsec_test_data pkt_aes_128_cbc_null = {
},
};
+struct ipsec_test_data pkt_aes_256_gcm_v6 = {
+ .key = {
+ .data = {
+ 0xde, 0x12, 0xbe, 0x56, 0xde, 0xad, 0xbe, 0xef,
+ 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
+ 0x12, 0x78, 0xbe, 0x34, 0x01, 0x02, 0x03, 0x07,
+ 0xaa, 0xbb, 0xcc, 0xf1, 0x08, 0x07, 0x06, 0x05,
+ },
+ },
+ .input_text = {
+ .data = {
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x38,
+ 0x26, 0x07, 0xf8, 0xb0, 0x40, 0x0c, 0x0c, 0x03,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
+ 0x20, 0x01, 0x04, 0x70, 0xe5, 0xbf, 0xde, 0xad,
+ 0x49, 0x57, 0x21, 0x74, 0xe8, 0x2c, 0x48, 0x87,
+ 0x00, 0x19, 0xf9, 0xc7, 0x95, 0x63, 0x97, 0x9c,
+ 0x03, 0xa0, 0x88, 0x31, 0x80, 0x12, 0xa7, 0xd6,
+ 0x25, 0x83, 0x00, 0x00, 0x02, 0x04, 0x05, 0x6a,
+ 0x01, 0x01, 0x04, 0x02, 0x01, 0x03, 0x03, 0x07,
+ },
+ .len = 72,
+ },
+ .output_text = {
+ .data = {
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x6c, 0x32, 0x40,
+ 0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34,
+ 0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x56, 0x78,
+ 0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34,
+ 0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x34, 0x56,
+ 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+ 0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00,
+ 0xe7, 0xdf, 0xc4, 0x7e, 0x21, 0xbd, 0xec, 0x1b,
+ 0x74, 0x5a, 0xe4, 0x7e, 0x2e, 0x94, 0x21, 0x0a,
+ 0x9b, 0x0e, 0x59, 0xbe, 0x06, 0x2a, 0xda, 0xb8,
+ 0x6b, 0x48, 0x7f, 0x0b, 0x88, 0x3a, 0xa9, 0xfd,
+ 0x3c, 0xfe, 0x9f, 0xb1, 0x8c, 0x67, 0xd2, 0xf8,
+ 0xaf, 0xb5, 0xad, 0x16, 0xdb, 0xff, 0x8d, 0x50,
+ 0xd3, 0x48, 0xf5, 0x6c, 0x3c, 0x0c, 0x27, 0x34,
+ 0x2b, 0x65, 0xc8, 0xff, 0xeb, 0x5f, 0xb8, 0xff,
+ 0x12, 0x00, 0x1c, 0x9f, 0xb7, 0x85, 0xdd, 0x7d,
+ 0x40, 0x19, 0xcb, 0x18, 0xeb, 0x15, 0xc4, 0x88,
+ 0xe1, 0xc2, 0x91, 0xc7, 0xb1, 0x65, 0xc3, 0x27,
+ 0x16, 0x06, 0x8f, 0xf2,
+ },
+ .len = 148,
+ },
+ .salt = {
+ .data = {
+ 0x11, 0x22, 0x33, 0x44
+ },
+ .len = 4,
+ },
+
+ .iv = {
+ .data = {
+ 0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 52,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+ .replay_win_sz = 0,
+ },
+
+ .aead = true,
+
+ .xform = {
+ .aead = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ .aead = {
+ .op = RTE_CRYPTO_AEAD_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .key.length = 32,
+ .iv.length = 12,
+ .iv.offset = IV_OFFSET,
+ .digest_length = 16,
+ .aad_length = 12,
+ },
+ },
+ },
+};
+
struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = {
.key = {
.data = {
@@ -543,4 +640,109 @@ struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256 = {
},
};
+struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6 = {
+ .key = {
+ .data = {
+ 0x00, 0x04, 0x05, 0x01, 0x23, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x0a, 0x0b, 0x0c, 0x0f, 0x00, 0x00,
+ },
+ },
+ .auth_key = {
+ .data = {
+ 0xde, 0x34, 0x56, 0x00, 0x00, 0x00, 0x78, 0x00,
+ 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x10, 0x30, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x05, 0x06, 0x07, 0x08,
+ },
+ },
+ .input_text = {
+ .data = {
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x38,
+ 0x26, 0x07, 0xf8, 0xb0, 0x40, 0x0c, 0x0c, 0x03,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a,
+ 0x20, 0x01, 0x04, 0x70, 0xe5, 0xbf, 0xde, 0xad,
+ 0x49, 0x57, 0x21, 0x74, 0xe8, 0x2c, 0x48, 0x87,
+ 0x00, 0x19, 0xf9, 0xc7, 0x95, 0x63, 0x97, 0x9c,
+ 0x03, 0xa0, 0x88, 0x31, 0x80, 0x12, 0xa7, 0xd6,
+ 0x25, 0x83, 0x00, 0x00, 0x02, 0x04, 0x05, 0x6a,
+ 0x01, 0x01, 0x04, 0x02, 0x01, 0x03, 0x03, 0x07,
+ },
+ .len = 72,
+ },
+ .output_text = {
+ .data = {
+ 0x60, 0x00, 0x00, 0x00, 0x00, 0x78, 0x32, 0x40,
+ 0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34,
+ 0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x56, 0x78,
+ 0x12, 0x34, 0x12, 0x21, 0x17, 0x45, 0x11, 0x34,
+ 0x11, 0xfc, 0x89, 0x71, 0xdf, 0x22, 0x34, 0x56,
+ 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x01,
+ 0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00,
+ 0xf0, 0xc1, 0x05, 0x3c, 0x00, 0x00, 0x00, 0x00,
+ 0x1b, 0x1c, 0x98, 0x6e, 0x2a, 0xce, 0x61, 0xef,
+ 0xc1, 0xdd, 0x25, 0x96, 0x5c, 0xb1, 0xb0, 0x15,
+ 0x47, 0x25, 0xb7, 0x8b, 0x00, 0xb6, 0xbb, 0xe6,
+ 0x2e, 0x29, 0xcb, 0x4a, 0x94, 0x00, 0xf0, 0x73,
+ 0xdb, 0x14, 0x32, 0xd9, 0xa2, 0xdf, 0x22, 0x2f,
+ 0x52, 0x3e, 0x79, 0x77, 0xf3, 0x17, 0xaa, 0x40,
+ 0x1c, 0x57, 0x27, 0x12, 0x82, 0x44, 0x35, 0xb8,
+ 0x64, 0xe0, 0xaa, 0x5c, 0x10, 0xc7, 0x97, 0x35,
+ 0x9c, 0x6b, 0x1c, 0xf7, 0xe7, 0xbd, 0x83, 0x33,
+ 0x77, 0x48, 0x44, 0x7d, 0xa4, 0x13, 0x74, 0x3b,
+ 0x6a, 0x91, 0xd0, 0xd8, 0x7d, 0x41, 0x45, 0x23,
+ 0x5d, 0xc9, 0x2d, 0x08, 0x7a, 0xd8, 0x25, 0x8e,
+ },
+ .len = 160,
+ },
+ .iv = {
+ .data = {
+ 0x45, 0xad, 0xfe, 0x23, 0x78, 0x56, 0x12, 0x00,
+ 0xf0, 0xc1, 0x05, 0x3c, 0x00, 0x00, 0x00, 0x00,
+ },
+ },
+
+ .ipsec_xform = {
+ .spi = 52,
+ .options.esn = 0,
+ .options.udp_encap = 0,
+ .options.copy_dscp = 0,
+ .options.copy_flabel = 0,
+ .options.copy_df = 0,
+ .options.dec_ttl = 0,
+ .options.ecn = 0,
+ .options.stats = 0,
+ .options.tunnel_hdr_verify = 0,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6,
+ .replay_win_sz = 0,
+ },
+
+ .aead = false,
+
+ .xform = {
+ .chain.cipher = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ .algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .key.length = 16,
+ .iv.length = 16,
+ },
+ },
+ .chain.auth = {
+ .next = NULL,
+ .type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .op = RTE_CRYPTO_AUTH_OP_GENERATE,
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .key.length = 32,
+ .digest_length = 16,
+ },
+ },
+ },
+};
+
#endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index 62682d0..42f3a3c 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -60,6 +60,11 @@ New Features
* Added support for chained operations.
* Added AES-CBC 128 NULL auth known vector tests.
* Added AES-CBC 128 HMAC-SHA256 known vector tests.
+ * Added tunnel mode tests
+ * IPv6 in IPv6
+ * IPv4 in IPv4
+ * IPv4 in IPv6
+ * IPv6 in IPv4
Removed Items
--
2.7.4
next prev parent reply other threads:[~2021-12-06 11:08 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-06 7:58 [PATCH 00/13] Add new cases to lookaside IPsec tests Anoob Joseph
2021-12-06 7:58 ` [PATCH 01/13] test/crypto: add IPsec aes-cbc known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 " Anoob Joseph
2021-12-06 7:58 ` [PATCH 03/13] test/crypto: add chained operations in combined cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 04/13] test/crypto: add IPv6 tunnel mode cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 06/13] test/crypto: add IPsec fragmented packet " Anoob Joseph
2021-12-06 7:58 ` [PATCH 07/13] test/crypto: add transport mode cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 08/13] test/crypto: add security stats cases Anoob Joseph
2021-12-06 7:58 ` [PATCH 09/13] test/crypto: add lookaside IPsec AES-CTR known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 10/13] test/crypto: add fragmented packet case Anoob Joseph
2021-12-06 7:58 ` [PATCH 11/13] test/crypto: skip null auth in ICV corrupt case Anoob Joseph
2021-12-06 7:58 ` [PATCH 12/13] test/crypto: add aes xcbc known vectors Anoob Joseph
2021-12-06 7:58 ` [PATCH 13/13] test/crypto: add copy and set DF cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 00/13] Add new cases to lookaside IPsec tests Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 01/13] test/crypto: add IPsec aes-cbc known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 02/13] test/crypto: add IPsec AES-CBC-HMAC-SHA256 " Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 03/13] test/crypto: add chained operations in combined cases Anoob Joseph
2021-12-06 11:07 ` Anoob Joseph [this message]
2021-12-06 11:07 ` [PATCH v2 05/13] test/crypto: add IPsec HMAC-SHA384/512 known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 06/13] test/crypto: add IPsec fragmented packet " Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 07/13] test/crypto: add transport mode cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 08/13] test/crypto: add security stats cases Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 09/13] test/crypto: add lookaside IPsec AES-CTR known vectors Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 10/13] test/crypto: add fragmented packet case Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 11/13] test/crypto: skip null auth in ICV corrupt case Anoob Joseph
2021-12-06 11:07 ` [PATCH v2 12/13] test/crypto: add aes xcbc known vectors Anoob Joseph
2021-12-06 11:08 ` [PATCH v2 13/13] test/crypto: add copy and set DF cases Anoob Joseph
2022-01-21 11:02 ` [PATCH v2 00/13] Add new cases to lookaside IPsec tests Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1638788880-650-5-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=ciara.power@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=g.singh@nxp.com \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
--cc=marchana@marvell.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.