From patchwork Thu May 11 22:00:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99680 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp14431qge; Thu, 11 May 2017 15:03:00 -0700 (PDT) X-Received: by 10.55.26.215 with SMTP id l84mr692503qkh.307.1494540180249; Thu, 11 May 2017 15:03:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494540180; cv=none; d=google.com; s=arc-20160816; b=y7G2kiod7vK3jL2y/DiNhIR14LY/GHofqIsqgDfBkGa9p4EZ6JGUVsAPy20HTsZWu3 gByyEUqm3e3BoIdJEgNcXM2kNM9Qp6k9RsyLkDz/TDj4U6eEThklFkoM+wDLulTfLQZC k3x8n/T00rj2QicoH+J9onFQIiFTDehVaPGPHWFaEHw5jqgbH5THhzEtLLfn3OAajqR+ cMXSF+BWMeVoUW4tV5AHvUVJ2D/eje+GFQT5wV8nBhszshn29fCAvrb9Xmnnq6Fnlm5O RacKe8f/mQ3aOvTksH6dVTVWauBI1lD7ubTSz7TftoGkHVuEcTIeHC5PedmiAmhaKL1z 0TTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=O/fUzA8husYSXcWqlpusj7dlMElYThShWqKVtMcJzlI=; b=PT0PrYXhAhP61YmLkC8AlhEZvQ0S+4mk8v28zub9Vz//FFJRgfuKf6aYeV42oxZfxm 6P1T14jOWofeLMG36raxb06P+rR1E5kjuKXF2jm7MpU6BFpK0z9bJ/oAEJuhJqk1gkYs NOK0OLfl4IPLO33Zt/h2gli5IDTVwxt1RJZf1AXkBgcdfakTvXm10hZXMBZ2avhXe6f+ d8c5ysPPvpxXDDaPvKvSjjnYI7ITngxEVUdxWhhwfa/jqhA3Uz/C+n7qdN464m8CQsSL 9Cswe69GX9bOkGPPbM40zgV18KV6fM5ca9SG0y2Gy0k6kDYZP73MwbzMXKJYr/IiZ+Jf E1PA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id o31si1239188qte.220.2017.05.11.15.02.59; Thu, 11 May 2017 15:03:00 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id CA9EB60C31; Thu, 11 May 2017 22:02:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id B355B60CB2; Thu, 11 May 2017 22:01:09 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id B429460688; Thu, 11 May 2017 22:01:01 +0000 (UTC) Received: from forward3p.cmail.yandex.net (forward3p.cmail.yandex.net [77.88.31.18]) by lists.linaro.org (Postfix) with ESMTPS id A2B4560688 for ; Thu, 11 May 2017 22:01:00 +0000 (UTC) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b6:8]) by forward3p.cmail.yandex.net (Yandex) with ESMTP id 598BF20699 for ; Fri, 12 May 2017 01:00:58 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id 2B6721320046 for ; Fri, 12 May 2017 01:00:57 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yyhcZmfGaE-0vUOxW4I; Fri, 12 May 2017 01:00:57 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 01:00:01 +0300 Message-Id: <1494540010-25779-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> References: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v3 1/10] api: ipsec: add soft limit expiration event X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov If outbound packet was processed in inline mode, soft limit expiration event is not reported, as packet goes to the interface. Instead report this as an ODP_IPSEC_STATUS_SA_SOFT_EXPIRED. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: 1589f97414ab144b3cb1e65667d311783fdba670 **/ include/odp/api/spec/ipsec.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 9a7404c..03742c6 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -1092,7 +1092,14 @@ typedef struct odp_ipsec_op_result_t { */ typedef enum odp_ipsec_status_id_t { /** Response to SA disable command */ - ODP_IPSEC_STATUS_SA_DISABLE = 0 + ODP_IPSEC_STATUS_SA_DISABLE = 0, + + /** + * Soft limit expired on this SA + * + * This event is sent only if SA was configured in OUT INLINE mode. + */ + ODP_IPSEC_STATUS_SA_SOFT_EXPIRED } odp_ipsec_status_id_t; From patchwork Thu May 11 22:00:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99681 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp14711qge; Thu, 11 May 2017 15:03:36 -0700 (PDT) X-Received: by 10.237.34.58 with SMTP id n55mr750155qtc.117.1494540216501; Thu, 11 May 2017 15:03:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494540216; cv=none; d=google.com; s=arc-20160816; b=Uf3NPEDm0369d9hmGciTo6SLyLVsYOdJDMXk4w3RlugKufL43JgC46XN8DbH/v4yqf Wz3ElnvvW60ckPe+bi8buhCdx3DW6lcIt7ikbMLqUaV0T0A7xaJfCZMqNzrFb0e4kfkh /lnUHCzA6QQerNeJoFTQlfpM27Ig/MyXWC/FsdZHUXnRD3bmRtVDp8nT6ahx6RK6xH2b zFsgT4b67rCUaIEd7NS7oUISMNfu9RzP8RhvwHHJvVMKQvcVjstK9QfLNw0I3wu0qrE6 l3B+rS6D0j5OOxm58lMyS9ktelFV8f8B/mC6ZQhY9lUo6EwTacujqe1GaiJ6syj4DiKV HA0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=ADHrX3p4ZjQWYjCBZlMEmEqb/vy3TU6KZ2Z1f8zjLZg=; b=VFkS2FhoMIRXw3jHAC2GkAgH9lp8KMtr1lyEOIyqv9+Nhr3bmppXLO19slNvamX+Rq NcF7LWJeuD7cMjUXpL30Q4rMPPArwV8zYz7tlRs3XmKnqC1LUaKumzeVvsywa9Zv59qR b5dTF2onuzPBXl11iQFv7NBOxvGOrIQqEAXOhm/CDB/cIFCuzdOsgpIP+F78tnElAg0K N04E6DhyLWclZ5tC62HwLsLTvHJVOqfQdffKbyFLN20nB9QZSgPNtJ/wJLnMSVAH9/EC FfjSA147N/qtnfcArQowFe0itAvDA8LUHCL7qzou1VwQJllyy7cmXeSKN9Ml87CT3Mqq h4JA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id 31si1280970qtn.87.2017.05.11.15.03.36; Thu, 11 May 2017 15:03:36 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 1AA9E60CC6; Thu, 11 May 2017 22:03:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 2085F60CDC; Thu, 11 May 2017 22:01:20 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id C94A1607B5; Thu, 11 May 2017 22:01:02 +0000 (UTC) Received: from forward1p.cmail.yandex.net (forward1p.cmail.yandex.net [77.88.31.16]) by lists.linaro.org (Postfix) with ESMTPS id 9B5F160677 for ; Thu, 11 May 2017 22:01:01 +0000 (UTC) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b6:8]) by forward1p.cmail.yandex.net (Yandex) with ESMTP id AFF0F20C5C for ; Fri, 12 May 2017 01:00:59 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id 8FCA91320042 for ; Fri, 12 May 2017 01:00:58 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yyhcZmfGaE-0wUmRo1c; Fri, 12 May 2017 01:00:58 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 01:00:02 +0300 Message-Id: <1494540010-25779-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> References: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v3 2/10] api: ipsec: note that soft_exp bits are set only once X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add an explicit note telling that soft_exp bits are set only once, for the packet actually crossing the boundary. They will not be set for further packets. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: 1589f97414ab144b3cb1e65667d311783fdba670 **/ include/odp/api/spec/ipsec.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 03742c6..b1c81b1 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -493,8 +493,10 @@ typedef struct odp_ipsec_sa_opt_t { * * These limits are used for setting up SA lifetime. IPSEC operations check * against the limits and output a status code (e.g. soft_exp_bytes) when - * a limit is crossed. Any number of limits may be used simultaneously. - * Use zero when there is no limit. + * a limit is crossed. The soft_exp_* bits will be set only for the first + * packet crossing the boundary. Any further packets will not have those bits + * set. Any number of limits may be used simultaneously. Use zero when there + * is no limit. */ typedef struct odp_ipsec_lifetime_t { /** Soft expiry limits for the session */ From patchwork Thu May 11 22:00:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99682 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp14984qge; Thu, 11 May 2017 15:04:18 -0700 (PDT) X-Received: by 10.55.42.220 with SMTP id q89mr718782qkq.211.1494540258312; Thu, 11 May 2017 15:04:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494540258; cv=none; d=google.com; s=arc-20160816; b=YLSVyR8Dvwgft41xl4gAGszNslDwjyEwjLQrC+RZUA4eLlHzOyTy+tzsuIKgS2yNCi 7jRUJ6HsiOD6om8bVGoqZxyC2QHlmMR8WE/kUnvefgGaKpE8NO/LtweFRlCLYAHUpmyj hc6u7MGq4b23St30FOXxtgDoKyflTKunLei9N4jMbYFWP2bIT1JV3qfc7Ks5lj71/0+O jWXw1K5g0dn7Jnf135JQMa0Wu11vzDPd44+5drdY4DV+uB2b5VaJO9V6fttXiNOzREFe s2Uoh11obOaqK055dcmLICT0iQcbAW1CUCBNijVqSS+NjXZlDikPpLhxSwlDe043oxQZ /3Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=oAKAMCSvILsIs0Xn2H+Y+nDg01zeT+JRyApNUCmoyYM=; b=VJLLwT6Dqi6x8mxZujo4BLEyU85sAFAYRcCIzrzs2O4O6TTz/HdBMoGVmfZcx6Xqq2 E5d+I7z//XyH5fwZQUHqi2FG2y2NQUhOc4CbFc5UP+OLEzd/Fs+s6vcx9dVV1jHIDrxX 1sQYgboXQcMFMW4rR0wMFMUJt/L7q5HrU9IBU570fGo/gCbJHzp/4G5+LJ6ofUJEbOw9 Y2PZ1hBzqbi+abXVLJesEyzkx7G6HQArfgdTJlK+ZrSmpbcHYkPfRqwuD2/gS3nbt9mB +kmS4gNoFhZHZYfOXNUfrfXzPn1LDjTqNSNfwiK+xjZRZhFDWE5Jym3bIxOPi+3U5RUf 3J9Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id g10si1302086qte.110.2017.05.11.15.04.18; Thu, 11 May 2017 15:04:18 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 0337160D35; Thu, 11 May 2017 22:04:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 6B9D860CF7; Thu, 11 May 2017 22:01:30 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E947960688; Thu, 11 May 2017 22:01:04 +0000 (UTC) Received: from forward1j.cmail.yandex.net (forward1j.cmail.yandex.net [5.255.227.19]) by lists.linaro.org (Postfix) with ESMTPS id 8D71660688 for ; Thu, 11 May 2017 22:01:02 +0000 (UTC) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [77.88.29.86]) by forward1j.cmail.yandex.net (Yandex) with ESMTP id D490020C74 for ; Fri, 12 May 2017 01:01:00 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id B13D21320042 for ; Fri, 12 May 2017 01:01:00 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yyhcZmfGaE-0xU4OhmI; Fri, 12 May 2017 01:00:59 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 01:00:03 +0300 Message-Id: <1494540010-25779-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> References: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v3 3/10] api: ipsec: introduce all_status bitfield covering all error and flags X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov An expectation would be that an application would check if there is any exceptional status set by checking the all_status field and then further descending on the reason on the particular exception. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: 1589f97414ab144b3cb1e65667d311783fdba670 **/ include/odp/api/spec/ipsec.h | 135 +++++++++++++++++++++++-------------------- 1 file changed, 72 insertions(+), 63 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index b1c81b1..103fc39 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -851,71 +851,80 @@ typedef struct odp_ipsec_op_opt_t { #define ODP_IPSEC_OK 0 /** IPSEC operation status */ -typedef struct odp_ipsec_op_status_t { - /** Variant mappings for op status */ - union { - /** Error flags */ - struct { - /** Protocol error. Not a valid ESP or AH packet. */ - uint32_t proto : 1; - - /** SA lookup failed */ - uint32_t sa_lookup : 1; - - /** Authentication failed */ - uint32_t auth : 1; - - /** Anti-replay check failed */ - uint32_t antireplay : 1; - - /** Other algorithm error */ - uint32_t alg : 1; - - /** Packet does not fit into the given MTU size */ - uint32_t mtu : 1; - - /** Soft lifetime expired: seconds */ - uint32_t soft_exp_sec : 1; - - /** Soft lifetime expired: bytes */ - uint32_t soft_exp_bytes : 1; - - /** Soft lifetime expired: packets */ - uint32_t soft_exp_packets : 1; - - /** Hard lifetime expired: seconds */ - uint32_t hard_exp_sec : 1; - - /** Hard lifetime expired: bytes */ - uint32_t hard_exp_bytes : 1; - - /** Hard lifetime expired: packets */ - uint32_t hard_exp_packets : 1; - - } error; - - /** All error bits - * - * This field can be used to set, clear or compare multiple - * flags. For example, 'status.all_error != ODP_IPSEC_OK' - * checks if there are - * any errors. - */ - uint32_t all_error; +typedef union odp_ipsec_op_status_t { + struct { + /** Variant mappings for op status */ + union { + /** Error flags */ + struct { + /** + * Protocol error. Not a valid ESP or AH + * packet. + */ + uint32_t proto : 1; + + /** SA lookup failed */ + uint32_t sa_lookup : 1; + + /** Authentication failed */ + uint32_t auth : 1; + + /** Anti-replay check failed */ + uint32_t antireplay : 1; + + /** Other algorithm error */ + uint32_t alg : 1; + + /** + * Packet does not fit into the given MTU size + */ + uint32_t mtu : 1; + + /** Soft lifetime expired: seconds */ + uint32_t soft_exp_sec : 1; + + /** Soft lifetime expired: bytes */ + uint32_t soft_exp_bytes : 1; + + /** Soft lifetime expired: packets */ + uint32_t soft_exp_packets : 1; + + /** Hard lifetime expired: seconds */ + uint32_t hard_exp_sec : 1; + + /** Hard lifetime expired: bytes */ + uint32_t hard_exp_bytes : 1; + + /** Hard lifetime expired: packets */ + uint32_t hard_exp_packets : 1; + + } error; + + /** All error bits + * + * This field can be used to set, clear or compare + * multiple flags. For example, 'status.all_error != + * ODP_IPSEC_OK' checks if there are any errors. + */ + uint32_t all_error; + }; + + /** Variant mappings for status flags */ + union { + /** Status flags */ + struct { + /** Packet was processed in inline mode */ + uint32_t inline_mode : 1; + + } flag; + + /** All flag bits */ + uint32_t all_flag; + }; }; - /** Variant mappings for status flags */ - union { - /** Status flags */ - struct { - /** Packet was processed in inline mode */ - uint32_t inline_mode : 1; - - } flag; - - /** All flag bits */ - uint32_t all_flag; - }; + /** All status bits */ + uint64_t all_status; } odp_ipsec_op_status_t; From patchwork Thu May 11 22:00:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99683 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp15299qge; Thu, 11 May 2017 15:05:03 -0700 (PDT) X-Received: by 10.55.68.81 with SMTP id r78mr881489qka.102.1494540303914; Thu, 11 May 2017 15:05:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494540303; cv=none; d=google.com; s=arc-20160816; b=X/zcrminPThfiUEFLaxbbp6Z+qKLlq22p2UD2E+71z43O6uWpL2GfZ5+sk2yWAfd/t uZeqGyyeA8GEV85zoMQbm28H2jzAMj/kC0yjo4fOXXnganj+enYXK1ASPMmP+a8cd+Rq yRBLsa7sKn4SJagfU3Yjrj21Ih1Zb+m20YPeDpBD95tffJ9Y0gmPcwBzlbVb4EJynYaq fTK3SboRKMf5KTTBqJ+m2kWhYPEltQiMQgLwwrI9CF0IwrSW/hPSdtnrjQvI0Pn5guNh z720lTZexEOxwuiaQazkSv3qqsBfScsjQA5kNDecQDht7EYsrW1vIgBX1ZNgpzHu8yHV bGUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=zpXzZxvnvUdVwG1WDgJfT0vTOGQ7eGWcwh4nwlRf6Wc=; b=pKcy+pETdIfOaqmYTabiaX/sGbmbSaqwmatqwlnJPJLr6BE7M7mikBh7u2YgOz4hcs nLsyOVMX7dLazhuT/igQQ9NTUsmEpivw3ciV9S/+5k2MkQ9umodozwuwCWMYdYmcC0kI NITE6JEfguIsf9mrKbqrWRq8RUgY6b7vBXhjHXP5rP8YkX813wF0ZiEnnsAXcnzGCswo lEZoC/FCzZIKa2jK2vFdXg6toYh6+xGYh/1nxpBK9j7WQ7J5nJ3UFP1VjW1vYy6IxYyP xkJlFRxkYzXtKhrHjuOrT7Cv1w4gbtSxpgUdk+oUEAtC0e5jnNnYRn0HD0fq/9ojBFRK rK/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id y31si1264609qtb.129.2017.05.11.15.05.03; Thu, 11 May 2017 15:05:03 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 82DF460CE4; Thu, 11 May 2017 22:05:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id AAF6D60D1A; Thu, 11 May 2017 22:01:35 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id F1AAF60677; Thu, 11 May 2017 22:01:04 +0000 (UTC) Received: from forward3h.cmail.yandex.net (forward3h.cmail.yandex.net [87.250.230.18]) by lists.linaro.org (Postfix) with ESMTPS id 19F0160677 for ; Thu, 11 May 2017 22:01:03 +0000 (UTC) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [77.88.29.86]) by forward3h.cmail.yandex.net (Yandex) with ESMTP id B02C721488 for ; Fri, 12 May 2017 01:01:01 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id 8BFFF1320042 for ; Fri, 12 May 2017 01:01:01 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yyhcZmfGaE-10UqAwDW; Fri, 12 May 2017 01:01:00 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 01:00:04 +0300 Message-Id: <1494540010-25779-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> References: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v3 4/10] api: ipsec: invert the inline_mode flag X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov For INLINE-destined SAs it is typical to have packets processed through INLINE API. So, let's invert the inline_mode flag to mean that the packet was processed through ASYNC API. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: 1589f97414ab144b3cb1e65667d311783fdba670 **/ include/odp/api/spec/ipsec.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 103fc39..ceda881 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -913,8 +913,11 @@ typedef union odp_ipsec_op_status_t { union { /** Status flags */ struct { - /** Packet was processed in inline mode */ - uint32_t inline_mode : 1; + /** + * Packet was processed in ASYNC mode through + * the SA configured for INLINE mode. + */ + uint32_t non_inline_mode : 1; } flag; From patchwork Thu May 11 22:00:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99684 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp15564qge; Thu, 11 May 2017 15:05:45 -0700 (PDT) X-Received: by 10.55.40.226 with SMTP id o95mr708195qko.312.1494540344988; Thu, 11 May 2017 15:05:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494540344; cv=none; d=google.com; s=arc-20160816; b=VVoRlja23rcqmbgzII5WnSeSssNnmbkyg4ntQiub2IgwQylinB/fcsAkvbxz7LZZJJ 197D20dCBE/C41xSjH9rj58dg+uzSowf3c4W5yC5svY871VDnZRzfAibPgCngDhJ4EgK AczSCeq7e0w+4Ew4xrbzcQQD0vVjS/BTtG0tPRHkYox9kvLeqITbt6FZH6Iwi/u57tGb TJqBZO5e4Kvz8QzNDB6TlQSmlnqAgdzvHljGPjrVjaItcGuhL/kLOj2JJAE1S0TCI00U W5ufUkstTSTwF4B/qYCyaWDDpbibDpl+XKj/+WhtzVvlI5w15ZK6Lq0HV9tUh/xUMS8e 6eiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=KUEeHQ0l26cSWNS/R9QZg25VvuttDmMuDd9NlYwyc+g=; b=IC1ert0iO78N+yVAWMxJaO+6O44DsjKyYdYtYfUPybchfQTwMnwBrKRQJ9g4e39jPG xyOvU9ofIQEIVm1szHUy5SH3Pr7nZS/Iue7ntAuXXsHn8W2Zg7LwXSVrhviVqeSE/94Q aO+YV/gEcG42q/y+WugPs3DKD/BvNfXPt4Slr9XMQT6ZeOb0mm5WtjXuuSBeUhzrCkWl mapgXsH+rFj03KhNAJJ5cPb77oyeI3I9ZtX7FT0XP39zjo9b1FEFOZT3aySisc4zc8yS QVemDgBuQmR2cCn5iVuiByMiIE6RtJJYjPVHzRoslFma7TZEi25igB2NYI6t/OFdWCcT 3rIQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id d71si1264611qkg.102.2017.05.11.15.05.44; Thu, 11 May 2017 15:05:44 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 97BE460889; Thu, 11 May 2017 22:05:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id F291B60CEE; Thu, 11 May 2017 22:01:38 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A3FA6607B5; Thu, 11 May 2017 22:01:06 +0000 (UTC) Received: from forward5j.cmail.yandex.net (forward5j.cmail.yandex.net [5.255.227.23]) by lists.linaro.org (Postfix) with ESMTPS id B3490607B4 for ; Thu, 11 May 2017 22:01:04 +0000 (UTC) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b6:8]) by forward5j.cmail.yandex.net (Yandex) with ESMTP id 00A8D20C0E for ; Fri, 12 May 2017 01:01:03 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id D36C11320042 for ; Fri, 12 May 2017 01:01:02 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yyhcZmfGaE-11USb8de; Fri, 12 May 2017 01:01:01 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 01:00:05 +0300 Message-Id: <1494540010-25779-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> References: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v3 5/10] api: ipsec: move soft limits expiration to flags, rather than errors X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Soft limit expiration isn't an error per se. It does not mean, that we received invalid or unprocessed packet. They look more like flags, noting that soft limit on this SA was expired. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: 1589f97414ab144b3cb1e65667d311783fdba670 **/ include/odp/api/spec/ipsec.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index ceda881..0ae3233 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -880,15 +880,6 @@ typedef union odp_ipsec_op_status_t { */ uint32_t mtu : 1; - /** Soft lifetime expired: seconds */ - uint32_t soft_exp_sec : 1; - - /** Soft lifetime expired: bytes */ - uint32_t soft_exp_bytes : 1; - - /** Soft lifetime expired: packets */ - uint32_t soft_exp_packets : 1; - /** Hard lifetime expired: seconds */ uint32_t hard_exp_sec : 1; @@ -919,6 +910,15 @@ typedef union odp_ipsec_op_status_t { */ uint32_t non_inline_mode : 1; + /** Soft lifetime expired: seconds */ + uint32_t soft_exp_sec : 1; + + /** Soft lifetime expired: bytes */ + uint32_t soft_exp_bytes : 1; + + /** Soft lifetime expired: packets */ + uint32_t soft_exp_packets : 1; + } flag; /** All flag bits */ From patchwork Thu May 11 22:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99685 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp15888qge; Thu, 11 May 2017 15:06:33 -0700 (PDT) X-Received: by 10.55.25.80 with SMTP id k77mr764529qkh.294.1494540393877; Thu, 11 May 2017 15:06:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494540393; cv=none; d=google.com; s=arc-20160816; b=egwJ7sqzw/cQExB8Ba2lEaefdi8FpWOEhv+wykccpfWw0bykNxbRpfSiGw4S8a2BEs 71SCHz/Q4LNh5raJV8QtvBPA/wrUlGfTw0e2PrTJSzstjSxq67jiE4tGVO/KdLsxpy6L 0SXY6qYbb/7kgbTG62i5Pcxy77Mk1QiUGI7Hc5aksOE+6Ep3pwKezDWYplPMEVZvJO9o SU/fdtmhEujTypHKWYeVG31uST5p4Pz3HVl7k5iJJQMQJ4cCtIay03h4Ly5RfT8JQ6me CiTNknMfuIwCvrNdfV9pCwczg+whjlepHS5KkxTJIPOGWFxFbggIxu6Mlk9afya8+YMI i7fA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=xe9+br7PBCRN4NF0cFvajPaJzqkKVg5PRb+vlR4zvw8=; b=uCw27i4nWBxR2oWdUrHXVuhyceS1taUdWVoOJyOq4J15UFw1oe0Av1EK1TQcnuMCUL KZIFyy21R3HWeinxUl3iDkW+ZbD9I7Mewy5EP28gJoLrw1nU5ZwhmIFl8kMQfxUfufq8 ecsDbrjP7zp6oaBAj0wsg+2CFb2kJvtigbHLSBi1o8JksUBTWLZeOvOU3T+CYXLFmJX9 mtYanBhOpnIhr8U/trXfCEvFwxvnGxzcxzBEVx/JSOulUKdfcGTwOExqv3N87UpKpfjT 3xWrn9mRpq+JhsctR3/QNWKOb2g9G7jry/iMR3SgNqFOGZ03K6h7bYsR0fwG88PtoJKG 2N8A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id 12si1322397qkp.330.2017.05.11.15.06.33; Thu, 11 May 2017 15:06:33 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 91F8760889; Thu, 11 May 2017 22:06:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3FD6460D2D; Thu, 11 May 2017 22:01:41 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5B1CF6087A; Thu, 11 May 2017 22:01:07 +0000 (UTC) Received: from forward2o.cmail.yandex.net (forward2o.cmail.yandex.net [37.9.109.243]) by lists.linaro.org (Postfix) with ESMTPS id B866660677 for ; Thu, 11 May 2017 22:01:05 +0000 (UTC) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b6:8]) by forward2o.cmail.yandex.net (Yandex) with ESMTP id 019352103B for ; Fri, 12 May 2017 01:01:04 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id CD16A1320042 for ; Fri, 12 May 2017 01:01:03 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yyhcZmfGaE-13Um8Ceh; Fri, 12 May 2017 01:01:03 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 01:00:06 +0300 Message-Id: <1494540010-25779-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> References: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v3 6/10] linux-generic: crypto: don't leak sessions if creation fails X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov We should free allocated session in odp_crypto_session_create() error paths, so that the session is not leaked. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: 1589f97414ab144b3cb1e65667d311783fdba670 **/ platform/linux-generic/odp_crypto.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index a0f3f7e..dfeb9f3 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -682,6 +682,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, if (session->p.iv.data) { if (session->p.iv.length > MAX_IV_LEN) { ODP_DBG("Maximum IV length exceeded\n"); + free_session(session); return -1; } @@ -732,6 +733,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, /* Check result */ if (rc) { *status = ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; + free_session(session); return -1; } @@ -778,6 +780,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, /* Check result */ if (rc) { *status = ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH; + free_session(session); return -1; } From patchwork Thu May 11 22:00:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99686 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp16432qge; Thu, 11 May 2017 15:08:03 -0700 (PDT) X-Received: by 10.55.9.141 with SMTP id 135mr776254qkj.20.1494540483012; Thu, 11 May 2017 15:08:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494540483; cv=none; d=google.com; s=arc-20160816; b=H6gRcCUV4CeQdvna8tIeSoZWpjx9mjH80I4Ok5bUCUp7Hp2gqMjixwejmtY6FmieLj SZj5/YZRVISYwU6E/i+m7rQKs0jIQ3qyJ8cpr9tfAYAakjynkEiY8UqpTgqbthx8/QSo 7aybmVVe6eWwcVlU2v65FlooGAopuuYzc9HqdUftKKW3yuzR3BxXMU8qxsX4OnHLtfai BFbfHHJ1qnPnob5LYfizmFKY9hVttPNmD33vyZ6MpHU5GBphTrocXNIi/8co1tLth7Dd BewfH7OiHo0P+B9G/VYrL/TEd6FrQYjQ0xkI0OLuIH3msqi4EY1Xw+6CmeYKxHwxGx4m nqmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=cvCKWUmh2XvbM2izSkpvvHteRE3r+WfS4ych5N3jdrU=; b=UBq8uJIsuGqEHXZYeG+QvrgK+oKJ8ofFdkii3URSpeqLz7vmRTCpygugUncMmtUjhB SjQ9PtC055NCTAoSa92/BgRvClu2Q7VP7aIa0owyaTKahz4otbbqszloEWaiCkL1b1QA TtHpHylKTv3uAthMoBvC31AgC3yS8PNonrBiHofUcUAR2TANlsrsNXeblqz0C12PR1el otrwU1A4xFBowJMt5+ejevrtOlqGcVA8o2Ox0JDNqyByCCbRV2481itodBeaaTfgFo8H Basa6j4OeTBgtJhUnkz4YUhcn12QF/Ekf1vHlolFC785ZHDgvZtclc6BeCoR2Ealqi51 Tv+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id n39si1300332qte.22.2017.05.11.15.08.02; Thu, 11 May 2017 15:08:02 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 959F760889; Thu, 11 May 2017 22:08:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id AF26E60D3D; Thu, 11 May 2017 22:01:49 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 664BE60CE8; Thu, 11 May 2017 22:01:24 +0000 (UTC) Received: from forward5m.cmail.yandex.net (forward5m.cmail.yandex.net [5.255.216.23]) by lists.linaro.org (Postfix) with ESMTPS id 1966B60688 for ; Thu, 11 May 2017 22:01:07 +0000 (UTC) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [77.88.29.86]) by forward5m.cmail.yandex.net (Yandex) with ESMTP id 85C3721547 for ; Fri, 12 May 2017 01:01:05 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id 60ED21320042 for ; Fri, 12 May 2017 01:01:04 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yyhcZmfGaE-13US8Ceh; Fri, 12 May 2017 01:01:04 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 01:00:07 +0300 Message-Id: <1494540010-25779-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> References: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v3 7/10] linux-generic: ipsec: implement events handling X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add functions implementing IPsec events support. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: 1589f97414ab144b3cb1e65667d311783fdba670 **/ platform/linux-generic/Makefile.am | 2 + .../include/odp/api/plat/event_types.h | 3 +- platform/linux-generic/include/odp_internal.h | 4 + .../linux-generic/include/odp_ipsec_internal.h | 150 ++++++++++++ platform/linux-generic/odp_event.c | 7 + platform/linux-generic/odp_init.c | 13 + platform/linux-generic/odp_ipsec.c | 19 +- platform/linux-generic/odp_ipsec_events.c | 269 +++++++++++++++++++++ 8 files changed, 456 insertions(+), 11 deletions(-) create mode 100644 platform/linux-generic/include/odp_ipsec_internal.h create mode 100644 platform/linux-generic/odp_ipsec_events.c diff --git a/platform/linux-generic/Makefile.am b/platform/linux-generic/Makefile.am index 79f0e70..0cd8149 100644 --- a/platform/linux-generic/Makefile.am +++ b/platform/linux-generic/Makefile.am @@ -155,6 +155,7 @@ noinst_HEADERS = \ ${srcdir}/include/odp_errno_define.h \ ${srcdir}/include/odp_forward_typedefs_internal.h \ ${srcdir}/include/odp_internal.h \ + ${srcdir}/include/odp_ipsec_internal.h \ ${srcdir}/include/odp_name_table_internal.h \ ${srcdir}/include/odp_packet_internal.h \ ${srcdir}/include/odp_packet_io_internal.h \ @@ -206,6 +207,7 @@ __LIB__libodp_linux_la_SOURCES = \ odp_init.c \ odp_impl.c \ odp_ipsec.c \ + odp_ipsec_events.c \ odp_name_table.c \ odp_packet.c \ odp_packet_flags.c \ diff --git a/platform/linux-generic/include/odp/api/plat/event_types.h b/platform/linux-generic/include/odp/api/plat/event_types.h index 0f51783..cb3a1f8 100644 --- a/platform/linux-generic/include/odp/api/plat/event_types.h +++ b/platform/linux-generic/include/odp/api/plat/event_types.h @@ -39,7 +39,8 @@ typedef enum odp_event_type_t { ODP_EVENT_PACKET = 2, ODP_EVENT_TIMEOUT = 3, ODP_EVENT_CRYPTO_COMPL = 4, - ODP_EVENT_IPSEC_RESULT = 5 + ODP_EVENT_IPSEC_RESULT = 5, + ODP_EVENT_IPSEC_STATUS = 6 } odp_event_type_t; /** diff --git a/platform/linux-generic/include/odp_internal.h b/platform/linux-generic/include/odp_internal.h index 90e2a62..ca8a262 100644 --- a/platform/linux-generic/include/odp_internal.h +++ b/platform/linux-generic/include/odp_internal.h @@ -70,6 +70,7 @@ enum init_stage { CLASSIFICATION_INIT, TRAFFIC_MNGR_INIT, NAME_TABLE_INIT, + IPSEC_EVENTS_INIT, MODULES_INIT, ALL_INIT /* All init stages completed */ }; @@ -129,6 +130,9 @@ int _odp_ishm_init_local(void); int _odp_ishm_term_global(void); int _odp_ishm_term_local(void); +int odp_ipsec_events_init_global(void); +int odp_ipsec_events_term_global(void); + int _odp_modules_init_global(void); int cpuinfo_parser(FILE *file, system_info_t *sysinfo); diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h new file mode 100644 index 0000000..9f644a8 --- /dev/null +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -0,0 +1,150 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * @file + * + * ODP internal IPsec routines + */ + +#ifndef ODP_IPSEC_INTERNAL_H_ +#define ODP_IPSEC_INTERNAL_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +#include + +/** @ingroup odp_ipsec + * @{ + */ + +typedef ODP_HANDLE_T(ipsec_result_t); + +#define ODP_IPSEC_RESULT_INVALID \ + _odp_cast_scalar(ipsec_result_t, 0xffffffff) + +typedef ODP_HANDLE_T(ipsec_status_t); + +#define ODP_IPSEC_STATUS_INVALID \ + _odp_cast_scalar(ipsec_status_t, 0xffffffff) + +typedef struct ipsec_ctx_s ipsec_ctx_t; + +/** + * @internal Free IPsec context + * + * Frees the IPsec context into the pool it was allocated from. + * + * @param ctx IPsec context + */ +void _odp_ipsec_ctx_free(ipsec_ctx_t *ctx); + +/** + * @internal Process context filling operation result information + * + * Processes IPsec operation context related to completed operation, extracting + * operation result information. This function may update context provided via + * pointer to opaque context pointer. + * + * @param ctx IPsec context pointer. + * @param[out] result Pointer to operation result for output. May be + * NULL, if application is interested only on the + * number of packets. + * + * @return Number of packets remaining in the event. + * @retval <0 On failure + */ +int _odp_ipsec_ctx_result(ipsec_ctx_t *ctx, odp_ipsec_op_result_t *result); + +/** + * @internal Get ipsec_result handle from event + * + * Converts an ODP_EVENT_IPSEC_RESULT type event to an IPsec result event. + * + * @param ev Event handle + * + * @return IPsec result handle + * + * @see odp_event_type() + */ +ipsec_result_t _odp_ipsec_result_from_event(odp_event_t ev); + +/** + * @internal Free IPsec result event + * + * Frees the ipsec_result into the ipsec_result pool it was allocated from. + * + * @param res IPsec result handle + */ +void _odp_ipsec_result_free(ipsec_result_t res); + +/** + * @internal Send ODP_IPSEC_RESULT event + * + * Sends the ipsec_result event using provided information + * + * @param queue destination queue + * @param ctx IPsec context for the operation + * + * @retval 0 on success + * @retval <0 on failure + */ +int _odp_ipsec_result_send(odp_queue_t queue, ipsec_ctx_t *ctx); + +/** + * @internal Get ipsec_status handle from event + * + * Converts an ODP_EVENT_IPSEC_STATUS type event to an IPsec status event. + * + * @param ev Event handle + * + * @return IPsec status handle + * + * @see odp_event_type() + */ +ipsec_status_t _odp_ipsec_status_from_event(odp_event_t ev); + +/** + * @internal Free IPsec status event + * + * Frees the ipsec_status into the ipsec_status pool it was allocated from. + * + * @param res IPsec status handle + */ +void _odp_ipsec_status_free(ipsec_status_t status); + +/** + * @internal Send ODP_IPSEC_STATUS event + * + * Sends the ipsec_status event using provided information + * + * @param queue destination queue + * @param id status id + * @param ret status value + * @param sa SA respective to the operation + * + * @retval 0 on success + * @retval <0 on failure + */ +int _odp_ipsec_status_send(odp_queue_t queue, + odp_ipsec_status_id_t id, + int ret, + odp_ipsec_sa_t sa); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/platform/linux-generic/odp_event.c b/platform/linux-generic/odp_event.c index d71f446..fd0a5ff 100644 --- a/platform/linux-generic/odp_event.c +++ b/platform/linux-generic/odp_event.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -34,6 +35,12 @@ void odp_event_free(odp_event_t event) case ODP_EVENT_CRYPTO_COMPL: odp_crypto_compl_free(odp_crypto_compl_from_event(event)); break; + case ODP_EVENT_IPSEC_RESULT: + _odp_ipsec_result_free(_odp_ipsec_result_from_event(event)); + break; + case ODP_EVENT_IPSEC_STATUS: + _odp_ipsec_status_free(_odp_ipsec_status_from_event(event)); + break; default: ODP_ABORT("Invalid event type: %d\n", odp_event_type(event)); } diff --git a/platform/linux-generic/odp_init.c b/platform/linux-generic/odp_init.c index 685e02f..647c05e 100644 --- a/platform/linux-generic/odp_init.c +++ b/platform/linux-generic/odp_init.c @@ -266,6 +266,12 @@ int odp_init_global(odp_instance_t *instance, } stage = NAME_TABLE_INIT; + if (odp_ipsec_events_init_global()) { + ODP_ERR("ODP IPsec events init failed.\n"); + goto init_failed; + } + stage = IPSEC_EVENTS_INIT; + if (_odp_modules_init_global()) { ODP_ERR("ODP modules init failed\n"); goto init_failed; @@ -296,6 +302,13 @@ int _odp_term_global(enum init_stage stage) switch (stage) { case ALL_INIT: case MODULES_INIT: + case IPSEC_EVENTS_INIT: + if (odp_ipsec_events_term_global()) { + ODP_ERR("ODP IPsec events term failed.\n"); + rc = -1; + } + /* Fall through */ + case NAME_TABLE_INIT: if (_odp_int_name_tbl_term_global()) { ODP_ERR("Name table term failed.\n"); diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 10918df..7d6b410 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -6,6 +6,8 @@ #include +#include + #include int odp_ipsec_capability(odp_ipsec_capability_t *capa) @@ -73,6 +75,11 @@ int odp_ipsec_sa_destroy(odp_ipsec_sa_t sa) return -1; } +void _odp_ipsec_ctx_free(ipsec_ctx_t *ctx) +{ + (void)ctx; +} + int odp_ipsec_in(const odp_ipsec_op_param_t *input, odp_ipsec_op_result_t *output) { @@ -114,18 +121,10 @@ int odp_ipsec_out_inline(const odp_ipsec_op_param_t *op_param, return -1; } -int odp_ipsec_result(odp_ipsec_op_result_t *result, odp_event_t event) +int _odp_ipsec_ctx_result(ipsec_ctx_t *ctx, odp_ipsec_op_result_t *result) { + (void)ctx; (void)result; - (void)event; - - return -1; -} - -int odp_ipsec_status(odp_ipsec_status_t *status, odp_event_t event) -{ - (void)status; - (void)event; return -1; } diff --git a/platform/linux-generic/odp_ipsec_events.c b/platform/linux-generic/odp_ipsec_events.c new file mode 100644 index 0000000..5a31430 --- /dev/null +++ b/platform/linux-generic/odp_ipsec_events.c @@ -0,0 +1,269 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include + +#include +#include +#include +#include +#include + +typedef struct { + /* common buffer header */ + odp_buffer_hdr_t buf_hdr; + + ipsec_ctx_t *ctx; +} ipsec_result_hdr_t; + +typedef struct { + /* common buffer header */ + odp_buffer_hdr_t buf_hdr; + + odp_ipsec_status_t status; +} ipsec_status_hdr_t; + +static odp_pool_t ipsec_result_pool = ODP_POOL_INVALID; +static odp_pool_t ipsec_status_pool = ODP_POOL_INVALID; + +#define IPSEC_EVENTS_POOL_BUF_COUNT 1024 + +int odp_ipsec_events_init_global(void) +{ + odp_pool_param_t param; + + param.buf.size = sizeof(ipsec_result_hdr_t); + param.buf.align = 0; + param.buf.num = IPSEC_EVENTS_POOL_BUF_COUNT; + param.type = ODP_POOL_BUFFER; + + ipsec_result_pool = odp_pool_create("ipsec_result_pool", ¶m); + if (ODP_POOL_INVALID == ipsec_result_pool) { + ODP_ERR("Error: result pool create failed.\n"); + goto err_result; + } + + param.buf.size = sizeof(ipsec_status_hdr_t); + param.buf.align = 0; + param.buf.num = IPSEC_EVENTS_POOL_BUF_COUNT; + param.type = ODP_POOL_BUFFER; + + ipsec_status_pool = odp_pool_create("ipsec_status_pool", ¶m); + if (ODP_POOL_INVALID == ipsec_status_pool) { + ODP_ERR("Error: status pool create failed.\n"); + goto err_status; + } + + return 0; + +err_status: + (void)odp_pool_destroy(ipsec_result_pool); +err_result: + return -1; +} + +int odp_ipsec_events_term_global(void) +{ + int ret = 0; + int rc = 0; + + ret = odp_pool_destroy(ipsec_status_pool); + if (ret < 0) { + ODP_ERR("status pool destroy failed"); + rc = -1; + } + + ret = odp_pool_destroy(ipsec_result_pool); + if (ret < 0) { + ODP_ERR("result pool destroy failed"); + rc = -1; + } + + return rc; +} + +ipsec_result_t _odp_ipsec_result_from_event(odp_event_t ev) +{ + ODP_ASSERT(ODP_EVENT_INVALID != ev); + ODP_ASSERT(ODP_EVENT_IPSEC_RESULT == odp_event_type(ev)); + + return (ipsec_result_t)ev; +} + +static +odp_event_t ipsec_result_to_event(ipsec_result_t res) +{ + ODP_ASSERT(ODP_IPSEC_RESULT_INVALID != res); + + return (odp_event_t)res; +} + +static +ipsec_result_hdr_t *ipsec_result_hdr_from_buf(odp_buffer_t buf) +{ + return (ipsec_result_hdr_t *)(void *)buf_hdl_to_hdr(buf); +} + +static +ipsec_result_hdr_t *ipsec_result_hdr(ipsec_result_t res) +{ + odp_buffer_t buf = odp_buffer_from_event(ipsec_result_to_event(res)); + + return ipsec_result_hdr_from_buf(buf); +} + +static +ipsec_result_t _odp_ipsec_result_alloc(void) +{ + odp_buffer_t buf = odp_buffer_alloc(ipsec_result_pool); + + if (odp_unlikely(buf == ODP_BUFFER_INVALID)) + return ODP_IPSEC_RESULT_INVALID; + + _odp_buffer_event_type_set(buf, ODP_EVENT_IPSEC_RESULT); + + return _odp_ipsec_result_from_event(odp_buffer_to_event(buf)); +} + +void _odp_ipsec_result_free(ipsec_result_t res) +{ + odp_event_t ev = ipsec_result_to_event(res); + ipsec_result_hdr_t *res_hdr = ipsec_result_hdr(res); + + _odp_ipsec_ctx_free(res_hdr->ctx); + + odp_buffer_free(odp_buffer_from_event(ev)); +} + +int _odp_ipsec_result_send(odp_queue_t queue, ipsec_ctx_t *ctx) +{ + ipsec_result_t ipsec_ev; + ipsec_result_hdr_t *res_hdr; + + ipsec_ev = _odp_ipsec_result_alloc(); + if (odp_unlikely(ODP_IPSEC_RESULT_INVALID == ipsec_ev)) + return -1; + + res_hdr = ipsec_result_hdr(ipsec_ev); + res_hdr->ctx = ctx; + + if (odp_queue_enq(queue, ipsec_result_to_event(ipsec_ev))) { + _odp_ipsec_result_free(ipsec_ev); + return -1; + } + + return 0; +} + +int odp_ipsec_result(odp_ipsec_op_result_t *result, odp_event_t event) +{ + ipsec_result_t ipsec_ev; + ipsec_result_hdr_t *res_hdr; + + ODP_ASSERT(ODP_EVENT_INVALID != event); + + ipsec_ev = _odp_ipsec_result_from_event(event); + ODP_ASSERT(ODP_IPSEC_RESULT_INVALID != ipsec_ev); + + res_hdr = ipsec_result_hdr(ipsec_ev); + + return _odp_ipsec_ctx_result(res_hdr->ctx, result); +} + +ipsec_status_t _odp_ipsec_status_from_event(odp_event_t ev) +{ + ODP_ASSERT(ODP_EVENT_INVALID != ev); + ODP_ASSERT(ODP_EVENT_IPSEC_STATUS == odp_event_type(ev)); + + return (ipsec_status_t)ev; +} + +static +odp_event_t ipsec_status_to_event(ipsec_status_t status) +{ + ODP_ASSERT(ODP_IPSEC_STATUS_INVALID != status); + + return (odp_event_t)status; +} + +static +ipsec_status_hdr_t *ipsec_status_hdr_from_buf(odp_buffer_t buf) +{ + return (ipsec_status_hdr_t *)(void *)buf_hdl_to_hdr(buf); +} + +static +ipsec_status_hdr_t *ipsec_status_hdr(ipsec_status_t status) +{ + odp_buffer_t buf = odp_buffer_from_event(ipsec_status_to_event(status)); + + return ipsec_status_hdr_from_buf(buf); +} + +static +ipsec_status_t odp_ipsec_status_alloc(void) +{ + odp_buffer_t buf = odp_buffer_alloc(ipsec_status_pool); + + if (odp_unlikely(buf == ODP_BUFFER_INVALID)) + return ODP_IPSEC_STATUS_INVALID; + + _odp_buffer_event_type_set(buf, ODP_EVENT_IPSEC_STATUS); + + return _odp_ipsec_status_from_event(odp_buffer_to_event(buf)); +} + +void _odp_ipsec_status_free(ipsec_status_t status) +{ + odp_event_t ev = ipsec_status_to_event(status); + + odp_buffer_free(odp_buffer_from_event(ev)); +} + +int _odp_ipsec_status_send(odp_queue_t queue, + odp_ipsec_status_id_t id, + int ret, + odp_ipsec_sa_t sa) +{ + ipsec_status_t ipsec_ev = odp_ipsec_status_alloc(); + ipsec_status_hdr_t *status_hdr; + + if (ODP_IPSEC_STATUS_INVALID == ipsec_ev) + return -1; + + status_hdr = ipsec_status_hdr(ipsec_ev); + + status_hdr->status.id = id; + status_hdr->status.ret = ret; + status_hdr->status.sa = sa; + + if (odp_queue_enq(queue, ipsec_status_to_event(ipsec_ev))) { + _odp_ipsec_status_free(ipsec_ev); + return -1; + } + + return 0; +} + +int odp_ipsec_status(odp_ipsec_status_t *status, odp_event_t event) +{ + ipsec_status_t ipsec_ev; + ipsec_status_hdr_t *status_hdr; + + if (odp_unlikely(ODP_EVENT_INVALID == event)) + return -1; + + ipsec_ev = _odp_ipsec_status_from_event(event); + if (odp_unlikely(ODP_IPSEC_STATUS_INVALID == ipsec_ev)) + return -1; + + status_hdr = ipsec_status_hdr(ipsec_ev); + + *status = status_hdr->status; + + return 0; +} From patchwork Thu May 11 22:00:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99687 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp17042qge; Thu, 11 May 2017 15:09:49 -0700 (PDT) X-Received: by 10.200.56.243 with SMTP id g48mr898485qtc.79.1494540589047; Thu, 11 May 2017 15:09:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494540589; cv=none; d=google.com; s=arc-20160816; b=0V0JNSDyGMQK5OAtqwL3Yh3CF6Oc6yXVHAZuPJIXoa2qS75ltHdC+z8fukgxsKAr/u A846GiWCy4lt3KlgtlMxjaxZZ2pLesJ+NHUarzt/4n4ZqrhTyl8nktg5UVPtdfYKFrje XAbGg657GdUgQOBL8rOcntkYVzwPx86WQDdpAwo+/Uvs2ct3TbxZVWAKqMvkb9rzVRYw Ny1uOh4M/pREmc4mMEa14gMdZeOmeAyXKVacAQn7Yet6lkOCPNvaG83/wlPdAjmgmGW3 Sd0y2h0zseYNwOshkxOUP0xPIp9sM76pRYhr1iTcgV7qJMQfPJr34kV+jpdapf5wzwto oRGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=jm499XyyclNdRFRCfem9CxcODSYCuQE5gfKy5whk9w8=; b=o7yb8x0LoLSOM6MH/1REjzQZPu0m1PUtWL5F6psITWPeQG4sSWuQKRzjoUUm4bDfI2 qs9Bt4PJbN79lTzCnWjj1di6dB56xrCYqKWc18vtq6q1Qu1a3uKbVkvxyRkVq7jvJ5ju HandNJVm4gcJmfgz4UI4j3q6Kbw90KJ7h0kfojPNPO9n6v5nECry+M+wcG8f5g0lqt6U d4uvJB9hqk85gaIqaZDtOmSgW2ZSQeoY+gy3iWHnL9KQfzznc/TCkgnZeG1lHzN0O6kU j+r4uA1caoPsooy4ebfL8kHP4PVRkLU2G3yIG+f8YHMD18VCpS1/LVW6vQSHd0W+e9av JtoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id o16si1279443qki.132.2017.05.11.15.09.48; Thu, 11 May 2017 15:09:49 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id B6CD9607D7; Thu, 11 May 2017 22:09:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id B25E460D6A; Thu, 11 May 2017 22:03:07 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 75B9B60C61; Thu, 11 May 2017 22:02:59 +0000 (UTC) Received: from forward5p.cmail.yandex.net (forward5p.cmail.yandex.net [77.88.31.20]) by lists.linaro.org (Postfix) with ESMTPS id 4CBD860C31 for ; Thu, 11 May 2017 22:01:09 +0000 (UTC) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b6:8]) by forward5p.cmail.yandex.net (Yandex) with ESMTP id 95C3B20CA8 for ; Fri, 12 May 2017 01:01:06 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id 714731320042 for ; Fri, 12 May 2017 01:01:06 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yyhcZmfGaE-15Uae0kn; Fri, 12 May 2017 01:01:05 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 01:00:08 +0300 Message-Id: <1494540010-25779-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> References: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v3 8/10] linux-generic: ipsec: implement IPsec SAD X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Implement SA database and SA handling. - only IPv4 is supported for now - no support for time-based limits Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: 1589f97414ab144b3cb1e65667d311783fdba670 **/ platform/linux-generic/Makefile.am | 1 + platform/linux-generic/include/odp_internal.h | 4 + .../linux-generic/include/odp_ipsec_internal.h | 92 ++++ platform/linux-generic/odp_init.c | 13 + platform/linux-generic/odp_ipsec.c | 46 -- platform/linux-generic/odp_ipsec_sad.c | 480 +++++++++++++++++++++ 6 files changed, 590 insertions(+), 46 deletions(-) create mode 100644 platform/linux-generic/odp_ipsec_sad.c diff --git a/platform/linux-generic/Makefile.am b/platform/linux-generic/Makefile.am index 0cd8149..6f61239 100644 --- a/platform/linux-generic/Makefile.am +++ b/platform/linux-generic/Makefile.am @@ -208,6 +208,7 @@ __LIB__libodp_linux_la_SOURCES = \ odp_impl.c \ odp_ipsec.c \ odp_ipsec_events.c \ + odp_ipsec_sad.c \ odp_name_table.c \ odp_packet.c \ odp_packet_flags.c \ diff --git a/platform/linux-generic/include/odp_internal.h b/platform/linux-generic/include/odp_internal.h index ca8a262..4662651 100644 --- a/platform/linux-generic/include/odp_internal.h +++ b/platform/linux-generic/include/odp_internal.h @@ -71,6 +71,7 @@ enum init_stage { TRAFFIC_MNGR_INIT, NAME_TABLE_INIT, IPSEC_EVENTS_INIT, + IPSEC_SAD_INIT, MODULES_INIT, ALL_INIT /* All init stages completed */ }; @@ -133,6 +134,9 @@ int _odp_ishm_term_local(void); int odp_ipsec_events_init_global(void); int odp_ipsec_events_term_global(void); +int odp_ipsec_sad_init_global(void); +int odp_ipsec_sad_term_global(void); + int _odp_modules_init_global(void); int cpuinfo_parser(FILE *file, system_info_t *sysinfo); diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 9f644a8..c350e36 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -20,7 +20,9 @@ extern "C" { #include #include +#include #include +#include /** @ingroup odp_ipsec * @{ @@ -38,6 +40,8 @@ typedef ODP_HANDLE_T(ipsec_status_t); typedef struct ipsec_ctx_s ipsec_ctx_t; +typedef struct ipsec_sa_s ipsec_sa_t; + /** * @internal Free IPsec context * @@ -139,6 +143,94 @@ int _odp_ipsec_status_send(odp_queue_t queue, int ret, odp_ipsec_sa_t sa); +#define MAX_IV_LEN 32 /**< Maximum IV length in bytes */ + +/** + * Maximum number of available SAs + */ +#define ODP_CONFIG_IPSEC_SAS 8 + +struct ipsec_sa_s { + odp_atomic_u32_t state ODP_ALIGNED_CACHE; + + unsigned in_place : 1; + unsigned dec_ttl : 1; + + uint8_t tun_ttl; + + odp_ipsec_sa_t ipsec_sa_hdl; + uint32_t ipsec_sa_idx; + + odp_ipsec_mode_t mode; + odp_ipsec_lookup_mode_t lookup_mode; + odp_crypto_session_t session; + void *context; + odp_queue_t queue; + + odp_u32be_t lookup_dst_ip; + odp_u32be_t tun_src_ip; + odp_u32be_t tun_dst_ip; + + odp_ipsec_protocol_t proto; + uint32_t icv_len; + uint32_t esp_iv_len; + uint32_t esp_block_len; + uint32_t spi; + uint8_t iv[MAX_IV_LEN]; /**< ESP IV storage */ + + /* 32-bit from which low 16 are used */ + odp_atomic_u32_t tun_hdr_id; + odp_atomic_u32_t seq; + + /* Limits */ + uint64_t soft_limit_bytes; + uint64_t soft_limit_packets; + uint64_t hard_limit_bytes; + uint64_t hard_limit_packets; + + /* Statistics for soft/hard expiration */ + odp_atomic_u64_t bytes; + odp_atomic_u64_t packets; +}; + +/** + * IPSEC Security Association (SA) lookup parameters + */ +typedef struct odp_ipsec_sa_lookup_s { + /** IPSEC protocol: ESP or AH */ + odp_ipsec_protocol_t proto; + + /** SPI value */ + uint32_t spi; + + /* FIXME: IPv4 vs IPv6 */ + + /** IP destination address (NETWORK ENDIAN) */ + void *dst_addr; +} ipsec_sa_lookup_t; + +/** + * Obtain SA reference + */ +ipsec_sa_t *_odp_ipsec_sa_use(odp_ipsec_sa_t sa); + +/** + * Release SA reference + */ +void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa); + +/** + * Lookup SA corresponding to inbound packet pkt + */ +ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup); + +/** + * Update SA usage statistics, filling respective status for the packet. + * + * @retval <0 if hard limits were breached + */ +int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); + /** * @} */ diff --git a/platform/linux-generic/odp_init.c b/platform/linux-generic/odp_init.c index 647c05e..30dc54d 100644 --- a/platform/linux-generic/odp_init.c +++ b/platform/linux-generic/odp_init.c @@ -272,6 +272,12 @@ int odp_init_global(odp_instance_t *instance, } stage = IPSEC_EVENTS_INIT; + if (odp_ipsec_sad_init_global()) { + ODP_ERR("ODP IPsec SAD init failed.\n"); + goto init_failed; + } + stage = IPSEC_SAD_INIT; + if (_odp_modules_init_global()) { ODP_ERR("ODP modules init failed\n"); goto init_failed; @@ -302,6 +308,13 @@ int _odp_term_global(enum init_stage stage) switch (stage) { case ALL_INIT: case MODULES_INIT: + case IPSEC_SAD_INIT: + if (odp_ipsec_sad_term_global()) { + ODP_ERR("ODP IPsec SAD term failed.\n"); + rc = -1; + } + /* Fall through */ + case IPSEC_EVENTS_INIT: if (odp_ipsec_events_term_global()) { ODP_ERR("ODP IPsec events term failed.\n"); diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 7d6b410..6620daf 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -49,32 +49,6 @@ int odp_ipsec_config(const odp_ipsec_config_t *config) return -1; } -void odp_ipsec_sa_param_init(odp_ipsec_sa_param_t *param) -{ - memset(param, 0, sizeof(odp_ipsec_sa_param_t)); -} - -odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) -{ - (void)param; - - return ODP_IPSEC_SA_INVALID; -} - -int odp_ipsec_sa_disable(odp_ipsec_sa_t sa) -{ - (void)sa; - - return -1; -} - -int odp_ipsec_sa_destroy(odp_ipsec_sa_t sa) -{ - (void)sa; - - return -1; -} - void _odp_ipsec_ctx_free(ipsec_ctx_t *ctx) { (void)ctx; @@ -128,23 +102,3 @@ int _odp_ipsec_ctx_result(ipsec_ctx_t *ctx, odp_ipsec_op_result_t *result) return -1; } - -int odp_ipsec_mtu_update(odp_ipsec_sa_t sa, uint32_t mtu) -{ - (void)sa; - (void)mtu; - - return -1; -} - -void *odp_ipsec_sa_context(odp_ipsec_sa_t sa) -{ - (void)sa; - - return NULL; -} - -uint64_t odp_ipsec_sa_to_u64(odp_ipsec_sa_t sa) -{ - return _odp_pri(sa); -} diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c new file mode 100644 index 0000000..71aae06 --- /dev/null +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -0,0 +1,480 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include +#include +#include + +#include +#include + +#include + +#define IPSEC_SA_STATE_DISABLE 0x40000000 +#define IPSEC_SA_STATE_FREE 0xc0000000 /* This includes disable !!! */ + +typedef struct ipsec_sa_table_t { + ipsec_sa_t ipsec_sa[ODP_CONFIG_IPSEC_SAS]; + odp_shm_t shm; +} ipsec_sa_table_t; + +static ipsec_sa_table_t *ipsec_sa_tbl; + +static inline +ipsec_sa_t *ipsec_sa_entry(uint32_t ipsec_sa_idx) +{ + return &ipsec_sa_tbl->ipsec_sa[ipsec_sa_idx]; +} + +static inline +ipsec_sa_t *ipsec_sa_entry_from_hdl(odp_ipsec_sa_t ipsec_sa_hdl) +{ + return ipsec_sa_entry(_odp_typeval(ipsec_sa_hdl)); +} + +static inline +odp_ipsec_sa_t ipsec_sa_index_to_handle(uint32_t ipsec_sa_idx) +{ + return _odp_cast_scalar(odp_ipsec_sa_t, ipsec_sa_idx); +} + +int odp_ipsec_sad_init_global(void) +{ + odp_shm_t shm; + unsigned i; + + shm = odp_shm_reserve("ipsec_sa_table", + sizeof(ipsec_sa_table_t), + ODP_CACHE_LINE_SIZE, 0); + + ipsec_sa_tbl = odp_shm_addr(shm); + if (ipsec_sa_tbl == NULL) + return -1; + + memset(ipsec_sa_tbl, 0, sizeof(ipsec_sa_table_t)); + ipsec_sa_tbl->shm = shm; + + for (i = 0; i < ODP_CONFIG_IPSEC_SAS; i++) { + ipsec_sa_t *ipsec_sa = ipsec_sa_entry(i); + + ipsec_sa->ipsec_sa_hdl = ipsec_sa_index_to_handle(i); + ipsec_sa->ipsec_sa_idx = i; + odp_atomic_init_u32(&ipsec_sa->state, IPSEC_SA_STATE_FREE); + odp_atomic_init_u32(&ipsec_sa->seq, 0); + odp_atomic_init_u32(&ipsec_sa->tun_hdr_id, 0); + odp_atomic_init_u64(&ipsec_sa->bytes, 0); + odp_atomic_init_u64(&ipsec_sa->packets, 0); + } + + return 0; +} + +int odp_ipsec_sad_term_global(void) +{ + int i; + ipsec_sa_t *ipsec_sa; + int ret = 0; + int rc = 0; + + for (i = 0; i < ODP_CONFIG_IPSEC_SAS; i++) { + ipsec_sa = ipsec_sa_entry(i); + + if (odp_atomic_load_u32(&ipsec_sa->state) != IPSEC_SA_STATE_FREE) { + ODP_ERR("Not destroyed ipsec_sa: %u\n", ipsec_sa->ipsec_sa_idx); + rc = -1; + } + odp_atomic_store_u32(&ipsec_sa->state, IPSEC_SA_STATE_FREE); + } + + ret = odp_shm_free(ipsec_sa_tbl->shm); + if (ret < 0) { + ODP_ERR("shm free failed"); + rc = -1; + } + + return rc; +} + +static +ipsec_sa_t *ipsec_sa_reserve(void) +{ + int i; + ipsec_sa_t *ipsec_sa; + + for (i = 0; i < ODP_CONFIG_IPSEC_SAS; i++) { + uint32_t state = IPSEC_SA_STATE_FREE; + + ipsec_sa = ipsec_sa_entry(i); + + if (odp_atomic_cas_acq_u32(&ipsec_sa->state, &state, 0)) + return ipsec_sa; + } + + return NULL; +} + +static +void ipsec_sa_release(ipsec_sa_t *ipsec_sa) +{ + odp_atomic_store_rel_u32(&ipsec_sa->state, IPSEC_SA_STATE_FREE); +} + +static +int ipsec_sa_lock(ipsec_sa_t *ipsec_sa) +{ + int cas = 0; + uint32_t state = odp_atomic_load_u32(&ipsec_sa->state); + + while (0 == cas) { + /* This can be called from lookup path, so we really need this check */ + if (state & IPSEC_SA_STATE_DISABLE) + return -1; + + cas = odp_atomic_cas_acq_u32(&ipsec_sa->state, &state, + state + 1); + } + + return 0; +} + +/* Do not call directly, use _odp_ipsec_sa_unuse */ +static +odp_bool_t ipsec_sa_unlock(ipsec_sa_t *ipsec_sa) +{ + int cas = 0; + uint32_t state = odp_atomic_load_u32(&ipsec_sa->state); + + while (0 == cas) + cas = odp_atomic_cas_rel_u32(&ipsec_sa->state, &state, + state - 1); + + return state == IPSEC_SA_STATE_DISABLE; +} + +ipsec_sa_t *_odp_ipsec_sa_use(odp_ipsec_sa_t sa) +{ + ipsec_sa_t *ipsec_sa; + + ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); + + ipsec_sa = ipsec_sa_entry_from_hdl(sa); + + if (ipsec_sa_lock(ipsec_sa) < 0) + return NULL; + + return ipsec_sa; +} + +void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa) +{ + odp_queue_t queue; + odp_ipsec_sa_t sa; + + ODP_ASSERT(NULL != ipsec_sa); + + queue = ipsec_sa->queue; + sa = ipsec_sa->ipsec_sa_hdl; + + if (ipsec_sa_unlock(ipsec_sa) && ODP_QUEUE_INVALID != queue) + _odp_ipsec_status_send(queue, + ODP_IPSEC_STATUS_SA_DISABLE, + 0, + sa); +} + +void odp_ipsec_sa_param_init(odp_ipsec_sa_param_t *param) +{ + memset(param, 0, sizeof(odp_ipsec_sa_param_t)); + param->dest_queue = ODP_QUEUE_INVALID; +} + +odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) +{ + ipsec_sa_t *ipsec_sa; + odp_crypto_session_param_t crypto_param; + odp_crypto_ses_create_err_t ses_create_rc; + + ipsec_sa = ipsec_sa_reserve(); + if (NULL == ipsec_sa) { + ODP_ERR("No more free SA\n"); + return ODP_IPSEC_SA_INVALID; + } + +#if 1 + ipsec_sa->in_place = 0; +#else + ipsec_sa->in_place = 1; +#endif + ipsec_sa->proto = param->proto; + ipsec_sa->spi = param->spi; + odp_atomic_store_u32(&ipsec_sa->seq, param->seq); + ipsec_sa->context = param->context; + ipsec_sa->queue = param->dest_queue; + ipsec_sa->mode = param->mode; + ipsec_sa->lookup_mode = param->lookup_mode; + ipsec_sa->dec_ttl = param->opt.dec_ttl; + + odp_atomic_store_u64(&ipsec_sa->bytes, 0); + odp_atomic_store_u64(&ipsec_sa->packets, 0); + ipsec_sa->soft_limit_bytes = param->lifetime.soft_limit.bytes; + ipsec_sa->soft_limit_packets = param->lifetime.soft_limit.packets; + ipsec_sa->hard_limit_bytes = param->lifetime.hard_limit.bytes; + ipsec_sa->hard_limit_packets = param->lifetime.hard_limit.packets; + + if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->lookup_mode) + memcpy(&ipsec_sa->lookup_dst_ip, param->lookup_param.dst_addr, sizeof(ipsec_sa->lookup_dst_ip)); + + if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { + if (param->tunnel.type != ODP_IPSEC_TUNNEL_IPV4) { + ipsec_sa_release(ipsec_sa); + + return ODP_IPSEC_SA_INVALID; + } + memcpy(&ipsec_sa->tun_src_ip, param->tunnel.ipv4.src_addr, sizeof(ipsec_sa->tun_src_ip)); + memcpy(&ipsec_sa->tun_dst_ip, param->tunnel.ipv4.dst_addr, sizeof(ipsec_sa->tun_dst_ip)); + odp_atomic_store_u32(&ipsec_sa->tun_hdr_id, 0); + ipsec_sa->tun_ttl = param->tunnel.ipv4.ttl; + } + + odp_crypto_session_param_init(&crypto_param); + + /* Setup parameters and call crypto library to create session */ + crypto_param.op = (ODP_IPSEC_DIR_INBOUND == param->dir) ? + ODP_CRYPTO_OP_DECODE : + ODP_CRYPTO_OP_ENCODE; + crypto_param.auth_cipher_text = 1; + + /* FIXME: is it possible to use ASYNC crypto to implement ASYNC and inline IPsec? */ + crypto_param.pref_mode = ODP_CRYPTO_SYNC; + crypto_param.compl_queue = ODP_QUEUE_INVALID; + crypto_param.output_pool = ODP_POOL_INVALID; + + crypto_param.cipher_alg = param->crypto.cipher_alg; + crypto_param.cipher_key = param->crypto.cipher_key; + crypto_param.auth_alg = param->crypto.auth_alg; + crypto_param.auth_key = param->crypto.auth_key; + + switch (crypto_param.auth_alg) { + case ODP_AUTH_ALG_NULL: + ipsec_sa->icv_len = 0; + break; +#if ODP_DEPRECATED_API + case ODP_AUTH_ALG_MD5_96: +#endif + case ODP_AUTH_ALG_MD5_HMAC: + ipsec_sa->icv_len = 12; + break; + case ODP_AUTH_ALG_SHA1_HMAC: + ipsec_sa->icv_len = 12; + break; +#if ODP_DEPRECATED_API + case ODP_AUTH_ALG_SHA256_128: +#endif + case ODP_AUTH_ALG_SHA256_HMAC: + ipsec_sa->icv_len = 16; + break; + case ODP_AUTH_ALG_SHA512_HMAC: + ipsec_sa->icv_len = 32; + break; +#if ODP_DEPRECATED_API + case ODP_AUTH_ALG_AES128_GCM: +#endif + case ODP_AUTH_ALG_AES_GCM: + ipsec_sa->icv_len = 16; + break; + default: + return ODP_IPSEC_SA_INVALID; + } + + switch (crypto_param.cipher_alg) { + case ODP_CIPHER_ALG_NULL: + ipsec_sa->esp_iv_len = 0; + ipsec_sa->esp_block_len = 1; + break; + case ODP_CIPHER_ALG_DES: + case ODP_CIPHER_ALG_3DES_CBC: + ipsec_sa->esp_iv_len = 8; + ipsec_sa->esp_block_len = 8; + break; +#if ODP_DEPRECATED_API + case ODP_CIPHER_ALG_AES128_CBC: + case ODP_CIPHER_ALG_AES128_GCM: +#endif + case ODP_CIPHER_ALG_AES_CBC: + case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->esp_iv_len = 16; + ipsec_sa->esp_block_len = 16; + break; + default: + return ODP_IPSEC_SA_INVALID; + } + + crypto_param.auth_digest_len = ipsec_sa->icv_len; + + /* Generate an IV */ + if (ipsec_sa->esp_iv_len) { + crypto_param.iv.data = ipsec_sa->iv; + crypto_param.iv.length = odp_random_data(crypto_param.iv.data, ipsec_sa->esp_iv_len, ODP_RANDOM_CRYPTO); + if (crypto_param.iv.length != ipsec_sa->esp_iv_len) + goto error; + } + + if (odp_crypto_session_create(&crypto_param, &ipsec_sa->session, &ses_create_rc)) + goto error; + + return ipsec_sa->ipsec_sa_hdl; + +error: + ipsec_sa_release(ipsec_sa); + + return ODP_IPSEC_SA_INVALID; +} + +int odp_ipsec_sa_disable(odp_ipsec_sa_t sa) +{ + ipsec_sa_t *ipsec_sa = ipsec_sa_entry_from_hdl(sa); + uint32_t state; + int cas = 0; + + /* This is a custom rwlock implementation. It is not possible to use + * original rwlock, because there is no way to test if current code is + * the last reader when disable operation is pending. */ + state = odp_atomic_load_u32(&ipsec_sa->state); + + while (0 == cas) { + if (state & IPSEC_SA_STATE_DISABLE) + return -1; + + cas = odp_atomic_cas_acq_u32(&ipsec_sa->state, &state, + state | IPSEC_SA_STATE_DISABLE); + } + + if (ODP_QUEUE_INVALID != ipsec_sa->queue) { + /* + * If there were not active state when we disabled SA, + * send the event. + */ + if (0 == state) + _odp_ipsec_status_send(ipsec_sa->queue, + ODP_IPSEC_STATUS_SA_DISABLE, + 0, + ipsec_sa->ipsec_sa_hdl); + + return 0; + } + + while (IPSEC_SA_STATE_DISABLE != state) { + odp_cpu_pause(); + state = odp_atomic_load_u32(&ipsec_sa->state); + } + + return 0; +} + +int odp_ipsec_sa_destroy(odp_ipsec_sa_t sa) +{ + ipsec_sa_t *ipsec_sa = ipsec_sa_entry_from_hdl(sa); + int rc = 0; + uint32_t state = odp_atomic_load_u32(&ipsec_sa->state); + + if (IPSEC_SA_STATE_DISABLE != state) { + ODP_ERR("Distroying not disabled ipsec_sa: %u\n", ipsec_sa->ipsec_sa_idx); + return -1; + } + + if (odp_crypto_session_destroy(ipsec_sa->session) < 0) { + ODP_ERR("Error destroying crypto session for ipsec_sa: %u\n", ipsec_sa->ipsec_sa_idx); + rc = -1; + } + + ipsec_sa_release(ipsec_sa); + + return rc; +} + +void *odp_ipsec_sa_context(odp_ipsec_sa_t sa) +{ + ipsec_sa_t *ipsec_sa = ipsec_sa_entry_from_hdl(sa); + + return ipsec_sa->context; +} + +uint64_t odp_ipsec_sa_to_u64(odp_ipsec_sa_t sa) +{ + return _odp_pri(sa); +} + +int odp_ipsec_mtu_update(odp_ipsec_sa_t sa, uint32_t mtu) +{ + (void)sa; + (void)mtu; + + return -1; +} + +ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) +{ + (void)lookup; + + int i; + ipsec_sa_t *ipsec_sa; + ipsec_sa_t *best = NULL; + + for (i = 0; i < ODP_CONFIG_IPSEC_SAS; i++) { + ipsec_sa = ipsec_sa_entry(i); + + if (ipsec_sa_lock(ipsec_sa) < 0) + continue; + + if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->lookup_mode && + lookup->proto == ipsec_sa->proto && + lookup->spi == ipsec_sa->spi && + !memcmp(lookup->dst_addr, &ipsec_sa->lookup_dst_ip, sizeof(ipsec_sa->lookup_dst_ip))) { + if (NULL != best) + _odp_ipsec_sa_unuse(best); + return ipsec_sa; + } else if (ODP_IPSEC_LOOKUP_SPI == ipsec_sa->lookup_mode && + lookup->proto == ipsec_sa->proto && + lookup->spi == ipsec_sa->spi) { + best = ipsec_sa; + } else { + _odp_ipsec_sa_unuse(ipsec_sa); + } + } + + return best; +} + +int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status) +{ + uint64_t bytes = odp_atomic_fetch_add_u64(&ipsec_sa->bytes, len) + len; + uint64_t packets = odp_atomic_fetch_add_u64(&ipsec_sa->packets, 1) + 1; + int rc = 0; + + if (ipsec_sa->soft_limit_bytes > 0 && bytes > ipsec_sa->soft_limit_bytes && bytes - len <= ipsec_sa->soft_limit_bytes) + status->flag.soft_exp_bytes = 1; + if (ipsec_sa->soft_limit_packets > 0 && packets > ipsec_sa->soft_limit_packets && packets - len <= ipsec_sa->soft_limit_packets) + status->flag.soft_exp_packets = 1; + + /* FIXME: send only in INLINE case */ + if (status->flag.soft_exp_bytes || status->flag.soft_exp_packets) + _odp_ipsec_status_send(ipsec_sa->queue, + ODP_IPSEC_STATUS_SA_SOFT_EXPIRED, + 0, + ipsec_sa->ipsec_sa_hdl); + + if (ipsec_sa->hard_limit_bytes > 0 && bytes > ipsec_sa->hard_limit_bytes) { + status->error.hard_exp_bytes = 1; + rc = -1; + } + if (ipsec_sa->hard_limit_packets > 0 && packets > ipsec_sa->hard_limit_packets) { + status->error.hard_exp_packets = 1; + rc = -1; + } + + return rc; +} From patchwork Thu May 11 22:00:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99688 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp17651qge; Thu, 11 May 2017 15:11:35 -0700 (PDT) X-Received: by 10.36.190.133 with SMTP id i127mr325329itf.41.1494540695093; Thu, 11 May 2017 15:11:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494540695; cv=none; d=google.com; s=arc-20160816; b=yGafstuWWiTZpGPmzb1vDb18681duRoKJMHxK0p5PCup3n7KOGT0eqBiONKge5z9jT I/JEap08a3NlnYNDrZgY9qO2ExJcgeD5f7Jcw+YCWujn4A7FxXttumprLl4aYbzQNW/V XYfx+ZwWs2Aon+Qs70JQIOm+swTXEGAiRcjUKNvvKPu+TLwCwRX8UZxRBdtp6uJNyAA7 KbMLC4Dnqk4O+ORUSBoiDH6H07pgGpHT757A3bmWr3wl36BdcCu/Ji1s3ES+hmahYS6c CpmfidrULKvZGRO6YNRmp5jCo/AKJJjxakobJN2I1/tNEm39NrDXqI7SMVBCg3qaqOc2 6BXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=WkGS9f2emPfCt2Dn0cCwr1NCqS8SX6BVwp0VNFZpou4=; b=k7eCfbG6zmuEU7aKFvVOPvsKmjY01RTdP6b8rnPKjesvx6pT9QVYGVkaIEiMbKOFKS Fz7lHI+kI2Qqg1J5ULmWzgZZqjtxWZ1PoxNoxl/xwMoysuQqagS7yKfdqbbMWSUK8dFk ud2gK6e1aKzziZTXgEpEsP6Hy2o/l65plgv2syAkdu1hfXBwr/eEDMfzoNrgjalZlQma GV9GGSOBdo1ZBtvhSxg3QAccezmusD8iAI4+oFALoCmmeuo6Uwyye6EpReoKSELM0TC1 bHJpp8antEod6nikSN+TJdNsiZfUHpZmwizbj4ldJPdRG0r4N2ryd2wiGn26qIjw9G+s Gsgg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id l187si191264ith.1.2017.05.11.15.11.34; Thu, 11 May 2017 15:11:35 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 3DA0260848; Thu, 11 May 2017 22:11:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 2775260D69; Thu, 11 May 2017 22:03:20 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id C911360D69; Thu, 11 May 2017 22:03:09 +0000 (UTC) Received: from forward9m.cmail.yandex.net (forward9m.cmail.yandex.net [5.255.216.202]) by lists.linaro.org (Postfix) with ESMTPS id 973E160C53 for ; Thu, 11 May 2017 22:01:09 +0000 (UTC) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [77.88.29.86]) by forward9m.cmail.yandex.net (Yandex) with ESMTP id 4371922768 for ; Fri, 12 May 2017 01:01:08 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id C50341320042 for ; Fri, 12 May 2017 01:01:07 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yyhcZmfGaE-16UmDYuQ; Fri, 12 May 2017 01:01:06 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-ForeignMX: US X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 01:00:09 +0300 Message-Id: <1494540010-25779-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> References: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v3 9/10] linux-generic: ipsec: draft IPsec implementation X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov For now it's only a preview with the following limitation: - No inbound inline processing support - Only IPv4 support - No zeroing of mutable IPv4 options for AH ICV calculation - No replay protection - No ESN support - No SA options support: DF, DSCP, UDP, ESN Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: 1589f97414ab144b3cb1e65667d311783fdba670 **/ platform/linux-generic/include/odp_internal.h | 4 + platform/linux-generic/odp_init.c | 13 + platform/linux-generic/odp_ipsec.c | 1020 ++++++++++++++++++++++++- 3 files changed, 1005 insertions(+), 32 deletions(-) diff --git a/platform/linux-generic/include/odp_internal.h b/platform/linux-generic/include/odp_internal.h index 4662651..85ebbca 100644 --- a/platform/linux-generic/include/odp_internal.h +++ b/platform/linux-generic/include/odp_internal.h @@ -72,6 +72,7 @@ enum init_stage { NAME_TABLE_INIT, IPSEC_EVENTS_INIT, IPSEC_SAD_INIT, + IPSEC_INIT, MODULES_INIT, ALL_INIT /* All init stages completed */ }; @@ -131,6 +132,9 @@ int _odp_ishm_init_local(void); int _odp_ishm_term_global(void); int _odp_ishm_term_local(void); +int odp_ipsec_init_global(void); +int odp_ipsec_term_global(void); + int odp_ipsec_events_init_global(void); int odp_ipsec_events_term_global(void); diff --git a/platform/linux-generic/odp_init.c b/platform/linux-generic/odp_init.c index 30dc54d..483ee74 100644 --- a/platform/linux-generic/odp_init.c +++ b/platform/linux-generic/odp_init.c @@ -278,6 +278,12 @@ int odp_init_global(odp_instance_t *instance, } stage = IPSEC_SAD_INIT; + if (odp_ipsec_init_global()) { + ODP_ERR("ODP IPsec init failed.\n"); + goto init_failed; + } + stage = IPSEC_INIT; + if (_odp_modules_init_global()) { ODP_ERR("ODP modules init failed\n"); goto init_failed; @@ -308,6 +314,13 @@ int _odp_term_global(enum init_stage stage) switch (stage) { case ALL_INIT: case MODULES_INIT: + case IPSEC_INIT: + if (odp_ipsec_term_global()) { + ODP_ERR("ODP IPsec term failed.\n"); + rc = -1; + } + /* Fall through */ + case IPSEC_SAD_INIT: if (odp_ipsec_sad_term_global()) { ODP_ERR("ODP IPsec SAD term failed.\n"); diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6620daf..585c2e1 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -4,101 +4,1057 @@ * SPDX-License-Identifier: BSD-3-Clause */ +#include #include +#include +#include +#include +#include +#include #include +#include -#include +#include +#include + +typedef void (*ipsec_postprocess_t)(ipsec_ctx_t *ctx); + +/** + * Per packet IPsec processing context + */ +struct ipsec_ctx_s { + odp_buffer_t buffer; /**< Buffer for context */ + ipsec_ctx_t *next; /**< Next context in event */ + + ipsec_postprocess_t postprocess; + ipsec_sa_t *ipsec_sa; + odp_crypto_op_result_t crypto; + odp_ipsec_op_status_t status; + odp_packet_t pkt; + + uint8_t ip_tos; /**< Saved IP TOS value */ + uint8_t ip_ttl; /**< Saved IP TTL value */ + uint16_t ip_frag_offset; /**< Saved IP flags value */ + unsigned hdr_len; /**< Length of IPsec headers */ + unsigned trl_len; /**< Length of IPsec trailers */ + + uint32_t src_ip; /**< SA source IP address */ + uint32_t dst_ip; /**< SA dest IP address */ + uint16_t ipsec_offset; /**< Offset of IPsec header from + buffer start */ + uint8_t iv[MAX_IV_LEN]; /**< ESP IV storage */ + + unsigned pkt_out : 1; /**< Packet was output to application */ +}; + +static odp_pool_t ipsec_ctx_pool = ODP_POOL_INVALID; + +#define IPSEC_CTX_POOL_BUF_COUNT 1024 + +int odp_ipsec_init_global(void) +{ + odp_pool_param_t param; + + /* Create context buffer pool */ + param.buf.size = sizeof(ipsec_ctx_t); + param.buf.align = 0; + param.buf.num = IPSEC_CTX_POOL_BUF_COUNT; + param.type = ODP_POOL_BUFFER; + + ipsec_ctx_pool = odp_pool_create("ipsec_ctx_pool", ¶m); + if (ODP_POOL_INVALID == ipsec_ctx_pool) { + ODP_ERR("Error: context pool create failed.\n"); + goto err_ctx; + } + + return 0; + +err_ctx: + return -1; +} + +int odp_ipsec_term_global(void) +{ + int ret = 0; + int rc = 0; + + ret = odp_pool_destroy(ipsec_ctx_pool); + if (ret < 0) { + ODP_ERR("ctx pool destroy failed"); + rc = -1; + } + + return rc; +} int odp_ipsec_capability(odp_ipsec_capability_t *capa) { + int rc; + odp_crypto_capability_t crypto_capa; + memset(capa, 0, sizeof(odp_ipsec_capability_t)); + capa->op_mode_sync = ODP_SUPPORT_PREFERRED; + capa->op_mode_async = ODP_SUPPORT_PREFERRED; + capa->op_mode_inline_out = ODP_SUPPORT_YES; + + capa->proto_ah = ODP_SUPPORT_YES; + + capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; + + rc = odp_crypto_capability(&crypto_capa); + if (rc < 0) + return rc; + + capa->ciphers = crypto_capa.ciphers; + capa->auths = crypto_capa.auths; + return 0; } int odp_ipsec_cipher_capability(odp_cipher_alg_t cipher, odp_crypto_cipher_capability_t capa[], int num) { - (void)cipher; - (void)capa; - (void)num; - - return -1; + return odp_crypto_cipher_capability(cipher, capa, num); } int odp_ipsec_auth_capability(odp_auth_alg_t auth, odp_crypto_auth_capability_t capa[], int num) { - (void)auth; - (void)capa; - (void)num; - - return -1; + return odp_crypto_auth_capability(auth, capa, num); } void odp_ipsec_config_init(odp_ipsec_config_t *config) { memset(config, 0, sizeof(odp_ipsec_config_t)); + config->inbound_mode = ODP_IPSEC_OP_MODE_SYNC; + config->outbound_mode = ODP_IPSEC_OP_MODE_SYNC; + config->max_num_sa = ODP_CONFIG_IPSEC_SAS; + config->inbound.default_queue = ODP_QUEUE_INVALID; + config->inbound.lookup.min_spi = 0; + config->inbound.lookup.max_spi = UINT32_MAX; } +static odp_ipsec_config_t ipsec_config; + int odp_ipsec_config(const odp_ipsec_config_t *config) { - (void)config; + /* FIXME: unsupported for now */ + if (ODP_IPSEC_OP_MODE_INLINE == config->inbound_mode) + return -1; - return -1; + if (ODP_CONFIG_IPSEC_SAS > config->max_num_sa) + return -1; + + ipsec_config = *config; + + return 0; +} + +static +void ipsec_ctx_init(ipsec_ctx_t *ctx, odp_buffer_t buf) +{ + memset(ctx, 0, sizeof(*ctx)); + ctx->buffer = buf; + + ctx->pkt = ODP_PACKET_INVALID; + ctx->crypto.pkt = ODP_PACKET_INVALID; + ctx->crypto.ok = true; +} + +/** + * Allocate per packet processing context. + * + * @return pointer to context area + */ +static +ipsec_ctx_t *ipsec_ctx_alloc(void) +{ + odp_buffer_t ctx_buf = odp_buffer_alloc(ipsec_ctx_pool); + ipsec_ctx_t *ctx; + + if (odp_unlikely(ODP_BUFFER_INVALID == ctx_buf)) + return NULL; + + ctx = odp_buffer_addr(ctx_buf); + ipsec_ctx_init(ctx, ctx_buf); + + return ctx; } void _odp_ipsec_ctx_free(ipsec_ctx_t *ctx) { - (void)ctx; + while (NULL != ctx) { + ipsec_ctx_t *next = ctx->next; + + if (ODP_PACKET_INVALID != ctx->crypto.pkt) + odp_packet_free(ctx->crypto.pkt); + + if (!ctx->pkt_out && ODP_PACKET_INVALID != ctx->pkt) + odp_packet_free(ctx->pkt); + + odp_buffer_free(ctx->buffer); + + ctx = next; + } +} + +/** + * Checksum + * + * @param buffer calculate chksum for buffer + * @param len buffer length + * + * @return checksum value in host cpu order + */ +static inline +odp_u16sum_t _odp_chksum(void *buffer, int len) +{ + uint16_t *buf = (uint16_t *)buffer; + uint32_t sum = 0; + uint16_t result; + + for (sum = 0; len > 1; len -= 2) + sum += *buf++; + + if (len == 1) + sum += *(unsigned char *)buf; + + sum = (sum >> 16) + (sum & 0xFFFF); + sum += (sum >> 16); + result = ~sum; + + return (__odp_force odp_u16sum_t) result; +} + +/** + * Calculate and fill in IPv4 checksum + * + * @note when using this api to populate data destined for the wire + * odp_cpu_to_be_16() can be used to remove sparse warnings + * + * @param pkt ODP packet + * + * @return IPv4 checksum in host cpu order, or 0 on failure + */ +static inline odp_u16sum_t +_odp_ipv4_csum_update(odp_packet_t pkt) +{ + uint16_t *w; + _odp_ipv4hdr_t *ip; + int nleft = sizeof(_odp_ipv4hdr_t); + + ip = (_odp_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); + if (ip == NULL) + return 0; + + ip->chksum = 0; + w = (uint16_t *)(void *)ip; + ip->chksum = _odp_chksum(w, nleft); + return ip->chksum; +} + +#define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL(ip->ver_ihl) * 4) +static inline +void ipv4_adjust_len(_odp_ipv4hdr_t *ip, int adj) +{ + ip->tot_len = odp_cpu_to_be_16(odp_be_to_cpu_16(ip->tot_len) + adj); +} + +static +void ipsec_finish(ipsec_ctx_t *ctx, + odp_ipsec_packet_result_t *res, + odp_packet_t *pkt) +{ + odp_crypto_op_result_t *result = &ctx->crypto; + + res->status = ctx->status; + + if (ODP_PACKET_INVALID != result->pkt) { + ctx->pkt = result->pkt; + result->pkt = ODP_PACKET_INVALID; + } + + /* Check crypto result */ + if (!result->ok) { + if (result->cipher_status.alg_err != ODP_CRYPTO_ALG_ERR_NONE || + result->cipher_status.hw_err != ODP_CRYPTO_HW_ERR_NONE) + res->status.error.alg = 1; + + if (result->auth_status.alg_err != ODP_CRYPTO_ALG_ERR_NONE || + result->auth_status.hw_err != ODP_CRYPTO_HW_ERR_NONE) + res->status.error.auth = 1; + } else { + if (ctx->postprocess) + ctx->postprocess(ctx); + } + + *pkt = ctx->pkt; + ctx->pkt_out = 1; + + if (NULL != ctx->ipsec_sa) { + res->sa = ctx->ipsec_sa->ipsec_sa_hdl; + _odp_ipsec_sa_unuse(ctx->ipsec_sa); + } else { + res->sa = ODP_IPSEC_SA_INVALID; + } +} + +static void ipsec_in_postprocess(ipsec_ctx_t *ctx); + +static +void ipsec_in_single(ipsec_ctx_t *ctx) +{ + odp_packet_t pkt = ctx->pkt; + uint32_t ip_offset = odp_packet_l3_offset(pkt); + _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); + uint16_t ip_hdr_len = ipv4_hdr_len(ip); + odp_crypto_op_param_t param; + odp_bool_t posted = 0; + int rc = -1; + + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); + ODP_ASSERT(NULL != ip); + + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); + param.ctx = ctx; + + /* Save everything to context */ + ctx->ip_tos = ip->tos; + ctx->ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); + ctx->ip_ttl = ip->ttl; + + ctx->postprocess = ipsec_in_postprocess; + ctx->ipsec_offset = ip_offset + ip_hdr_len; + + /* Check IP header for IPSec protocols and look it up */ + if (_ODP_IPPROTO_AH == ip->proto) { + _odp_ahhdr_t ah; + + if (odp_packet_copy_to_mem(pkt, ctx->ipsec_offset, sizeof(ah), &ah) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + if (NULL == ctx->ipsec_sa) { + ipsec_sa_lookup_t lookup; + + lookup.proto = ODP_IPSEC_AH; + lookup.spi = odp_be_to_cpu_32(ah.spi); + lookup.dst_addr = &ip->dst_addr; + ctx->ipsec_sa = _odp_ipsec_sa_lookup(&lookup); + if (NULL == ctx->ipsec_sa) { + ctx->status.error.sa_lookup = 1; + goto out; + } + } + + if (ODP_IPSEC_AH != ctx->ipsec_sa->proto) { + ctx->status.error.proto = 1; + goto out; + } + + ctx->hdr_len = (ah.ah_len + 2) * 4; + ctx->trl_len = 0; + + /* If authenticating, zero the mutable fields build the request */ + ip->chksum = 0; + ip->tos = 0; + ip->frag_offset = 0; + ip->ttl = 0; + + param.auth_range.offset = ip_offset; + param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); + param.hash_result_offset = ctx->ipsec_offset + _ODP_AHHDR_LEN; + } else if (_ODP_IPPROTO_ESP == ip->proto) { + _odp_esphdr_t esp; + + if (odp_packet_copy_to_mem(pkt, ctx->ipsec_offset, sizeof(esp), &esp) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + if (NULL == ctx->ipsec_sa) { + ipsec_sa_lookup_t lookup; + + lookup.proto = ODP_IPSEC_ESP; + lookup.spi = odp_be_to_cpu_32(esp.spi); + lookup.dst_addr = &ip->dst_addr; + ctx->ipsec_sa = _odp_ipsec_sa_lookup(&lookup); + if (NULL == ctx->ipsec_sa) { + ctx->status.error.sa_lookup = 1; + goto out; + } + } + + if (ODP_IPSEC_ESP != ctx->ipsec_sa->proto) { + ctx->status.error.proto = 1; + goto out; + } + + if (odp_packet_copy_to_mem(pkt, ctx->ipsec_offset + _ODP_ESPHDR_LEN, ctx->ipsec_sa->esp_iv_len, ctx->iv) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + ctx->hdr_len = _ODP_ESPHDR_LEN + ctx->ipsec_sa->esp_iv_len; + ctx->trl_len = _ODP_ESPTRL_LEN + ctx->ipsec_sa->icv_len; + + param.cipher_range.offset = ctx->ipsec_offset + ctx->hdr_len; + param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - ip_hdr_len - ctx->hdr_len - ctx->ipsec_sa->icv_len; + param.override_iv_ptr = ctx->iv; + + param.auth_range.offset = ctx->ipsec_offset; + param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - ip_hdr_len - ctx->ipsec_sa->icv_len; + param.hash_result_offset = ip_offset + odp_be_to_cpu_16(ip->tot_len) - ctx->ipsec_sa->icv_len; + } else { + ctx->status.error.proto = 1; + goto out; + } + + if (_odp_ipsec_sa_update_stats(ctx->ipsec_sa, odp_packet_len(pkt), &ctx->status) < 0) + goto out; + + param.session = ctx->ipsec_sa->session; + param.pkt = pkt; + /* Create new packet after all length extensions */ + if (ctx->ipsec_sa->in_place) { + param.out_pkt = pkt; + } else { + param.out_pkt = odp_packet_alloc(odp_packet_pool(pkt), + odp_packet_len(pkt)); + /* uarea will be copied by odp_crypto_operation */ + odp_packet_user_ptr_set(param.out_pkt, + odp_packet_user_ptr(param.pkt)); + } + pkt = ODP_PACKET_INVALID; + + rc = odp_crypto_operation(¶m, &posted, &ctx->crypto); + if (rc < 0) { + ODP_DBG("Crypto failed\n"); + ctx->status.error.alg = 1; + goto out; + } + + ODP_ASSERT(!posted); + +out: + ctx->pkt = pkt; } +static +void ipsec_in_postprocess(ipsec_ctx_t *ctx) +{ + odp_packet_t pkt = ctx->pkt; + uint32_t ip_offset = odp_packet_l3_offset(pkt); + _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); + uint16_t ip_hdr_len = ipv4_hdr_len(ip); + + if (_ODP_IPPROTO_AH == ip->proto) { + /* + * Finish auth + */ + _odp_ahhdr_t ah; + + if (odp_packet_copy_to_mem(pkt, ctx->ipsec_offset, sizeof(ah), &ah) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + ip->proto = ah.next_header; + + /* Restore mutable fields */ + ip->ttl = ctx->ip_ttl; + ip->tos = ctx->ip_tos; + ip->frag_offset = odp_cpu_to_be_16(ctx->ip_frag_offset); + } else if (_ODP_IPPROTO_ESP == ip->proto) { + /* + * Finish cipher by finding ESP trailer and processing + */ + _odp_esptrl_t esptrl; + uint32_t esptrl_offset = ip_offset + odp_be_to_cpu_16(ip->tot_len) - ctx->trl_len; + + if (odp_packet_copy_to_mem(pkt, esptrl_offset, sizeof(esptrl), &esptrl) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + ip->proto = esptrl.next_header; + ctx->trl_len += esptrl.pad_len; + } else { + ctx->status.error.proto = 1; + goto out; + } + + if (ip->proto == _ODP_IPV4) { + ip->ttl -= ctx->ipsec_sa->dec_ttl; + _odp_ipv4_csum_update(pkt); + + /* We have a tunneled IPv4 packet, strip outer and IPsec headers */ + odp_packet_move_data(pkt, ip_hdr_len + ctx->hdr_len, 0, ip_offset); + if (odp_packet_trunc_head(&pkt, ip_hdr_len + ctx->hdr_len, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + } else { + /* Finalize the IPv4 header */ + ipv4_adjust_len(ip, -(ctx->hdr_len + ctx->trl_len)); + + _odp_ipv4_csum_update(pkt); + + odp_packet_move_data(pkt, ctx->hdr_len, 0, ip_offset + ip_hdr_len); + if (odp_packet_trunc_head(&pkt, ctx->hdr_len, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + } + + if (odp_packet_trunc_tail(&pkt, ctx->trl_len, NULL, NULL) < 0) + ctx->status.error.alg = 1; + +out: + ctx->pkt = pkt; +} + +/** Helper for calculating encode length using data length and block size */ +#define ESP_ENCODE_LEN(x, b) ((((x) + ((b) - 1)) / (b)) * (b)) + +static void ipsec_out_postprocess(ipsec_ctx_t *ctx); + +static +void ipsec_out_single(ipsec_ctx_t *ctx) +{ + odp_packet_t pkt = ctx->pkt; + uint32_t ip_offset = odp_packet_l3_offset(pkt); + _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); + uint16_t ip_hdr_len = ipv4_hdr_len(ip); + odp_crypto_op_param_t param; + odp_bool_t posted = 0; + int rc = -1; + + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); + ODP_ASSERT(NULL != ip); + ODP_ASSERT(NULL != ctx->ipsec_sa); + + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); + param.ctx = ctx; + + if (ctx->ipsec_sa->mode == ODP_IPSEC_MODE_TUNNEL) { + _odp_ipv4hdr_t out_ip; + _odp_ipv4hdr_t *inner_ip; + uint16_t tun_hdr_offset = ip_offset + ip_hdr_len; + + ip->ttl -= ctx->ipsec_sa->dec_ttl; + + if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); + + inner_ip = odp_packet_offset(pkt, tun_hdr_offset, NULL, NULL); + + out_ip.ver_ihl = 0x45; + out_ip.tos = inner_ip->tos; /* FIXME */ + out_ip.tot_len = odp_cpu_to_be_16(odp_be_to_cpu_16(inner_ip->tot_len) + _ODP_IPV4HDR_LEN); + /* No need to convert to BE: ID just should not be duplicated */ + out_ip.id = (odp_atomic_fetch_add_u32(&ctx->ipsec_sa->tun_hdr_id, 1) + 1) & 0xffff; + out_ip.frag_offset = 0; + out_ip.ttl = ctx->ipsec_sa->tun_ttl; + out_ip.proto = _ODP_IPV4; + out_ip.src_addr = ctx->ipsec_sa->tun_src_ip; + out_ip.dst_addr = ctx->ipsec_sa->tun_dst_ip; + + odp_packet_copy_from_mem(pkt, ip_offset, _ODP_IPV4HDR_LEN, &out_ip); + + odp_packet_l4_offset_set(pkt, ip_offset + _ODP_IPV4HDR_LEN); + + ip = odp_packet_l3_ptr(pkt, NULL); + ip_hdr_len = _ODP_IPV4HDR_LEN; + } + + /* Save IPv4 stuff */ + ctx->ip_tos = ip->tos; + ctx->ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); + ctx->ip_ttl = ip->ttl; + + ctx->postprocess = ipsec_out_postprocess; + + ctx->ipsec_offset = ip_offset + ip_hdr_len; + + if (ctx->ipsec_sa->proto == ODP_IPSEC_AH) { + ctx->hdr_len = _ODP_AHHDR_LEN + ctx->ipsec_sa->icv_len; + ctx->trl_len = 0; + } else if (ctx->ipsec_sa->proto == ODP_IPSEC_ESP) { + uint32_t encrypt_len; + uint16_t ip_next_len = odp_be_to_cpu_16(ip->tot_len) - ip_hdr_len; + + ctx->hdr_len += _ODP_ESPHDR_LEN + ctx->ipsec_sa->esp_iv_len; + + encrypt_len = ESP_ENCODE_LEN(ip_next_len + _ODP_ESPTRL_LEN, + ctx->ipsec_sa->esp_block_len); + ctx->trl_len = encrypt_len - ip_next_len + ctx->ipsec_sa->icv_len; + } else { + ctx->status.error.proto = 1; + goto out; + } + + if (odp_packet_extend_tail(&pkt, ctx->trl_len, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + if (odp_packet_extend_head(&pkt, ctx->hdr_len, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + odp_packet_move_data(pkt, 0, ctx->hdr_len, ctx->ipsec_offset); + + ip = odp_packet_l3_ptr(pkt, NULL); + + /* Set IPv4 length before authentication */ + ipv4_adjust_len(ip, ctx->hdr_len + ctx->trl_len); + + /* For authentication, build header clear mutables and build request */ + if (ctx->ipsec_sa->proto == ODP_IPSEC_AH) { + _odp_ahhdr_t ah; + uint8_t icv[ctx->ipsec_sa->icv_len]; + + memset(&ah, 0, sizeof(ah)); + ah.spi = odp_cpu_to_be_32(ctx->ipsec_sa->spi); + ah.ah_len = 1 + (ctx->ipsec_sa->icv_len / 4); + ah.seq_no = odp_cpu_to_be_32(odp_atomic_fetch_add_u32(&ctx->ipsec_sa->seq, 1) + 1); + ah.next_header = ip->proto; + ip->proto = _ODP_IPPROTO_AH; + + odp_packet_copy_from_mem(pkt, ctx->ipsec_offset, _ODP_AHHDR_LEN, &ah); + memset(icv, 0, ctx->ipsec_sa->icv_len); + odp_packet_copy_from_mem(pkt, ctx->ipsec_offset + _ODP_AHHDR_LEN, ctx->ipsec_sa->icv_len, icv); + + ip->chksum = 0; + ip->tos = 0; + ip->frag_offset = 0; + ip->ttl = 0; + + param.auth_range.offset = ip_offset; + param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); + param.hash_result_offset = ctx->ipsec_offset + _ODP_AHHDR_LEN; + } + + if (ctx->ipsec_sa->proto == ODP_IPSEC_ESP) { + _odp_esphdr_t esp; + _odp_esptrl_t esptrl; + uint32_t esptrl_offset = ip_offset + odp_be_to_cpu_16(ip->tot_len) - ctx->ipsec_sa->icv_len - _ODP_ESPTRL_LEN; + + memset(&esp, 0, sizeof(esp)); + memset(&esptrl, 0, sizeof(esptrl)); + esp.spi = odp_cpu_to_be_32(ctx->ipsec_sa->spi); + esp.seq_no = odp_cpu_to_be_32(odp_atomic_fetch_add_u32(&ctx->ipsec_sa->seq, 1) + 1); + + esptrl.pad_len = ctx->trl_len - _ODP_ESPTRL_LEN - ctx->ipsec_sa->icv_len; + esptrl.next_header = ip->proto; + ip->proto = _ODP_IPPROTO_ESP; + + odp_packet_copy_from_mem(pkt, ctx->ipsec_offset, _ODP_ESPHDR_LEN, &esp); + odp_packet_copy_from_mem(pkt, ctx->ipsec_offset + _ODP_ESPHDR_LEN, ctx->ipsec_sa->esp_iv_len, ctx->ipsec_sa->iv); + odp_packet_copy_from_mem(pkt, esptrl_offset, _ODP_ESPTRL_LEN, &esptrl); + + param.cipher_range.offset = ctx->ipsec_offset + ctx->hdr_len; + param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - ip_hdr_len - ctx->hdr_len - ctx->ipsec_sa->icv_len; + + param.auth_range.offset = ctx->ipsec_offset; + param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - ip_hdr_len - ctx->ipsec_sa->icv_len; + param.hash_result_offset = ip_offset + odp_be_to_cpu_16(ip->tot_len) - ctx->ipsec_sa->icv_len; + } + + if (_odp_ipsec_sa_update_stats(ctx->ipsec_sa, odp_packet_len(pkt), &ctx->status) < 0) + goto out; + + param.session = ctx->ipsec_sa->session; + param.pkt = pkt; + /* Create new packet after all length extensions */ + if (ctx->ipsec_sa->in_place) { + param.out_pkt = pkt; + } else { + param.out_pkt = odp_packet_alloc(odp_packet_pool(pkt), + odp_packet_len(pkt)); + odp_packet_user_ptr_set(param.out_pkt, + odp_packet_user_ptr(param.pkt)); + } + pkt = ODP_PACKET_INVALID; + + rc = odp_crypto_operation(¶m, &posted, &ctx->crypto); + if (rc < 0) { + ODP_DBG("Crypto failed\n"); + ctx->status.error.alg = 1; + goto out; + } + + ODP_ASSERT(!posted); + +out: + ctx->pkt = pkt; +} + +static +void ipsec_out_postprocess(ipsec_ctx_t *ctx) +{ + odp_packet_t pkt = ctx->pkt; + _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); + + /* Finalize the IPv4 header */ + if (ip->proto == _ODP_IPPROTO_AH) { + ip->ttl = ctx->ip_ttl; + ip->tos = ctx->ip_tos; + ip->frag_offset = odp_cpu_to_be_16(ctx->ip_frag_offset); + } + + _odp_ipv4_csum_update(pkt); +} + +#if 0 +static odp_ipsec_op_opt_t default_opt = { + .mode = ODP_IPSEC_FRAG_DISABLED, +}; +#endif + int odp_ipsec_in(const odp_ipsec_op_param_t *input, odp_ipsec_op_result_t *output) { - (void)input; - (void)output; + int in_pkt = 0; + int out_pkt = 0; + unsigned sa_idx = 0; + unsigned opt_idx = 0; + unsigned sa_inc = (input->num_sa > 1) ? 1 : 0; + unsigned opt_inc = (input->num_opt > 1) ? 1 : 0; - return -1; + while (in_pkt < input->num_pkt && out_pkt < output->num_pkt) { + ipsec_ctx_t ctx; + + ipsec_ctx_init(&ctx, ODP_BUFFER_INVALID); + +#if 0 + odp_ipsec_op_opt_t *opt; + + if (0 == input->num_opt) + opt = &default_opt; + else + opt = &input->opt[opt_idx]; +#endif + + ctx.pkt = input->pkt[in_pkt]; + + if (0 == input->num_sa) { + ctx.ipsec_sa = NULL; + } else { + ctx.ipsec_sa = _odp_ipsec_sa_use(input->sa[sa_idx]); + ODP_ASSERT(NULL != ctx.ipsec_sa); + } + + ipsec_in_single(&ctx); + + ipsec_finish(&ctx, &output->res[out_pkt], &output->pkt[out_pkt]); + + in_pkt++; + out_pkt++; + sa_idx += sa_inc; + opt_idx += opt_inc; + } + + return in_pkt; } int odp_ipsec_out(const odp_ipsec_op_param_t *input, - odp_ipsec_op_result_t *output) + odp_ipsec_op_result_t *output) { - (void)input; - (void)output; + int in_pkt = 0; + int out_pkt = 0; + unsigned sa_idx = 0; + unsigned opt_idx = 0; + unsigned sa_inc = (input->num_sa > 1) ? 1 : 0; + unsigned opt_inc = (input->num_opt > 1) ? 1 : 0; - return -1; + ODP_ASSERT(input->num_sa != 0); + + while (in_pkt < input->num_pkt && out_pkt < output->num_pkt) { + odp_ipsec_sa_t sa; + ipsec_ctx_t ctx; + + ipsec_ctx_init(&ctx, ODP_BUFFER_INVALID); + + sa = input->sa[sa_idx]; + + ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); + +#if 0 + odp_ipsec_op_opt_t *opt; + + if (0 == input->num_opt) + opt = &default_opt; + else + opt = &input->opt[opt_idx]; +#endif + + ctx.pkt = input->pkt[in_pkt]; + ctx.ipsec_sa = _odp_ipsec_sa_use(sa); + + ipsec_out_single(&ctx); + + ipsec_finish(&ctx, &output->res[out_pkt], &output->pkt[out_pkt]); + + in_pkt++; + out_pkt++; + sa_idx += sa_inc; + opt_idx += opt_inc; + } + + return in_pkt; } int odp_ipsec_in_enq(const odp_ipsec_op_param_t *input) { - (void)input; + int in_pkt = 0; + unsigned sa_idx = 0; + unsigned opt_idx = 0; + unsigned sa_inc = (input->num_sa > 1) ? 1 : 0; + unsigned opt_inc = (input->num_opt > 1) ? 1 : 0; - return -1; + while (in_pkt < input->num_pkt) { + ipsec_ctx_t *ctx; + odp_queue_t queue; + + ctx = ipsec_ctx_alloc(); + if (NULL == ctx) + break; + +#if 0 + odp_ipsec_op_opt_t *opt; + + if (0 == input->num_opt) + opt = &default_opt; + else + opt = &input->opt[opt_idx]; +#endif + + ctx->pkt = input->pkt[in_pkt]; + + if (0 == input->num_sa) { + ctx->ipsec_sa = NULL; + } else { + ctx->ipsec_sa = _odp_ipsec_sa_use(input->sa[sa_idx]); + ODP_ASSERT(NULL != ctx->ipsec_sa); + } + + ipsec_in_single(ctx); + + in_pkt++; + sa_idx += sa_inc; + opt_idx += opt_inc; + + /* IN might have looked up SA for the packet */ + if (NULL == ctx->ipsec_sa) + queue = ipsec_config.inbound.default_queue; + else + queue = ctx->ipsec_sa->queue; + if (odp_unlikely(_odp_ipsec_result_send(queue, ctx) < 0)) { + _odp_ipsec_ctx_free(ctx); + break; + } + } + + return in_pkt; } int odp_ipsec_out_enq(const odp_ipsec_op_param_t *input) { - (void)input; + int in_pkt = 0; + unsigned sa_idx = 0; + unsigned opt_idx = 0; + unsigned sa_inc = (input->num_sa > 1) ? 1 : 0; + unsigned opt_inc = (input->num_opt > 1) ? 1 : 0; - return -1; + ODP_ASSERT(input->num_sa != 0); + + while (in_pkt < input->num_pkt) { + odp_ipsec_sa_t sa; + ipsec_ctx_t *ctx; + + ctx = ipsec_ctx_alloc(); + if (NULL == ctx) + break; + + sa = input->sa[sa_idx]; + + ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); + +#if 0 + odp_ipsec_op_opt_t *opt; + + if (0 == input->num_opt) + opt = &default_opt; + else + opt = &input->opt[opt_idx]; +#endif + + ctx->pkt = input->pkt[in_pkt]; + ctx->ipsec_sa = _odp_ipsec_sa_use(sa); + + ipsec_out_single(ctx); + + in_pkt++; + sa_idx += sa_inc; + opt_idx += opt_inc; + + if (odp_unlikely(_odp_ipsec_result_send(ctx->ipsec_sa->queue, ctx) < 0)) { + _odp_ipsec_ctx_free(ctx); + break; + } + } + + return in_pkt; } -int odp_ipsec_out_inline(const odp_ipsec_op_param_t *op_param, +static +odp_bool_t _odp_ipsec_out_inline_send(ipsec_ctx_t *ctx, + const odp_ipsec_inline_op_param_t *inline_param) +{ + if (ctx->status.all_error || !ctx->crypto.ok) + return false; + + while (ctx) { + ipsec_ctx_t *next = ctx->next; + odp_ipsec_packet_result_t dummy; + odp_packet_t pkt; + uint32_t offset; + odp_pktout_queue_t queue; + uint32_t hdr_len = inline_param->outer_hdr.len; + + ctx->next = NULL; + + ipsec_finish(ctx, &dummy, &pkt); + offset = odp_packet_l3_offset(pkt); + + if (offset >= hdr_len) { + offset = offset - hdr_len; + } else { + if (odp_packet_extend_head(&pkt, hdr_len - offset, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + odp_packet_l3_offset_set(pkt, hdr_len); + + offset = 0; + } + + if (odp_packet_copy_from_mem(pkt, offset, hdr_len, inline_param->outer_hdr.ptr) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + if (odp_pktout_queue(inline_param->pktio, &queue, 1) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + if (odp_pktout_send(queue, &pkt, 1) < 0) { + ctx->status.error.alg = 1; + goto out; + } + +out: + if (ctx->status.all_error) { + if (odp_unlikely(_odp_ipsec_result_send(ctx->ipsec_sa->queue, ctx) < 0)) + _odp_ipsec_ctx_free(ctx); + } else { + _odp_ipsec_ctx_free(ctx); + } + ctx = next; + } + + return true; +} + +int odp_ipsec_out_inline(const odp_ipsec_op_param_t *input, const odp_ipsec_inline_op_param_t *inline_param) { - (void)op_param; - (void)inline_param; + int in_pkt = 0; + unsigned sa_idx = 0; + unsigned opt_idx = 0; + unsigned sa_inc = (input->num_sa > 1) ? 1 : 0; + unsigned opt_inc = (input->num_opt > 1) ? 1 : 0; - return -1; + ODP_ASSERT(input->num_sa != 0); + + while (in_pkt < input->num_pkt) { + odp_ipsec_sa_t sa; + ipsec_ctx_t *ctx; + + ctx = ipsec_ctx_alloc(); + if (NULL == ctx) + break; + + sa = input->sa[sa_idx]; + + ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); + +#if 0 + odp_ipsec_op_opt_t *opt; + + if (0 == input->num_opt) + opt = &default_opt; + else + opt = &input->opt[opt_idx]; +#endif + + ctx->pkt = input->pkt[in_pkt]; + ctx->ipsec_sa = _odp_ipsec_sa_use(sa); + + ipsec_out_single(ctx); + + in_pkt++; + sa_idx += sa_inc; + opt_idx += opt_inc; + + /* FIXME: inline_param should have been put into context */ + if (!_odp_ipsec_out_inline_send(ctx, &inline_param[in_pkt - 1])) { + /* In case of an error, submit result event */ + if (odp_unlikely(_odp_ipsec_result_send(ctx->ipsec_sa->queue, ctx) < 0)) { + _odp_ipsec_ctx_free(ctx); + break; + } + } + } + + return in_pkt; } int _odp_ipsec_ctx_result(ipsec_ctx_t *ctx, odp_ipsec_op_result_t *result) { - (void)ctx; - (void)result; + int out_pkt = 0; - return -1; + if (NULL == result) + goto count; + + while (NULL != ctx && out_pkt < result->num_pkt) { + ipsec_finish(ctx, &result->res[out_pkt], &result->pkt[out_pkt]); + out_pkt++; + ctx = ctx->next; + } + + result->num_pkt = out_pkt; + +count: + while (NULL != ctx) { + out_pkt++; + ctx = ctx->next; + } + + return out_pkt; } From patchwork Thu May 11 22:00:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99689 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp18660qge; Thu, 11 May 2017 15:14:32 -0700 (PDT) X-Received: by 10.200.51.2 with SMTP id t2mr893646qta.130.1494540872558; Thu, 11 May 2017 15:14:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494540872; cv=none; d=google.com; s=arc-20160816; b=yVTt5iLpvBcuN0jxL1+Gw4hK1M6JQ77nswAK16ppNI2I6Yo88k5X0rJTC2eh1ljdR3 Wil11Zw30QTbZjy8a5rkNrcSsE1sfvV9FOazsZsj5ygDzX9BCLykYeF6TnHKSZNRYn5Q vEEM/rxEvvT8YQNy4G66Juk+anBhvdERA/xfHTtANk0b+IGwdGO+a0GmbfMIeIGPITZ1 tVmOZK0HTLDsDcrxtVHa0zL3nT8S2w9za9Wv/I2ij/5tLM8W9DQS0XmGnMwNoRP00QmB yQLLNfa7MS+uN1toMFyRtqAOg/6DD0TToq10rx4wm2FqpGr+i05JE3gTL7+2vCzBRIIM CWwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=4LkfpbErNY6gyK/Kbpo1/R4X5KPOuF0+ywchlui1mYQ=; b=ar4fL20jlMeJf3CN4neXVEHSkUUU1CIPHv+WJuIV+v9EsVYOIH0AlauSyBAuvKzztx Y2g9Uf+yqblQpQEfuGcO8EPCwPHymApUFv1VIs7DOMJq3TWaBCavHpEeMQZPir2wIIdj IpNHInVEsyAYobGzzVyNVZ1qIpRQ5i/DkTvZOZA4vnp5LlFcIyl0ZGCVILN87EC3Y5D2 itQ2lP+AlfOkwfGEGo+k4FYGeS5E2J8EWxMxZKH/4jgWqxggy7iwJQRohRpcLj2BAo8t zAyY/Gep+6YXbVyVKGZQWxDtrVyV/jsrC6FNVv6xoVfn/kOBP/tSMX5426STz/Qp06ZQ 1TkA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id l35si1309325qta.3.2017.05.11.15.14.31; Thu, 11 May 2017 15:14:31 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 33696608C1; Thu, 11 May 2017 22:14:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 33AA360CD7; Thu, 11 May 2017 22:03:53 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 0EC8F60C31; Thu, 11 May 2017 22:03:37 +0000 (UTC) Received: from forward15o.cmail.yandex.net (forward15o.cmail.yandex.net [37.9.109.212]) by lists.linaro.org (Postfix) with ESMTPS id 7CDF660CD7 for ; Thu, 11 May 2017 22:01:11 +0000 (UTC) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [77.88.29.86]) by forward15o.cmail.yandex.net (Yandex) with ESMTP id E92E3221A0 for ; Fri, 12 May 2017 01:01:09 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id 809ED1320046 for ; Fri, 12 May 2017 01:01:09 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yyhcZmfGaE-17UC0omx; Fri, 12 May 2017 01:01:07 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-ForeignMX: US X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 01:00:10 +0300 Message-Id: <1494540010-25779-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> References: <1494540010-25779-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v3 10/10] test: validation: add IPsec API testsuite X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add several basic tests for IPsec API. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: 1589f97414ab144b3cb1e65667d311783fdba670 **/ test/common_plat/validation/api/ipsec/Makefile.am | 5 +- test/common_plat/validation/api/ipsec/ipsec.c | 534 ++++++++++++++++++++- test/common_plat/validation/api/ipsec/ipsec.h | 54 ++- .../validation/api/ipsec/ipsec_test_in.c | 444 +++++++++++++++++ .../validation/api/ipsec/ipsec_test_out.c | 154 ++++++ .../validation/api/ipsec/test_vectors.h | 414 ++++++++++++++++ 6 files changed, 1596 insertions(+), 9 deletions(-) create mode 100644 test/common_plat/validation/api/ipsec/ipsec_test_in.c create mode 100644 test/common_plat/validation/api/ipsec/ipsec_test_out.c create mode 100644 test/common_plat/validation/api/ipsec/test_vectors.h diff --git a/test/common_plat/validation/api/ipsec/Makefile.am b/test/common_plat/validation/api/ipsec/Makefile.am index 106b8dc..0432222 100644 --- a/test/common_plat/validation/api/ipsec/Makefile.am +++ b/test/common_plat/validation/api/ipsec/Makefile.am @@ -1,7 +1,10 @@ include ../Makefile.inc noinst_LTLIBRARIES = libtestipsec.la -libtestipsec_la_SOURCES = ipsec.c +libtestipsec_la_SOURCES = \ + ipsec_test_in.c \ + ipsec_test_out.c \ + ipsec.c test_PROGRAMS = ipsec_main$(EXEEXT) dist_ipsec_main_SOURCES = ipsec_main.c diff --git a/test/common_plat/validation/api/ipsec/ipsec.c b/test/common_plat/validation/api/ipsec/ipsec.c index 7834803..3cea814 100644 --- a/test/common_plat/validation/api/ipsec/ipsec.c +++ b/test/common_plat/validation/api/ipsec/ipsec.c @@ -10,6 +10,383 @@ #include "ipsec.h" +#include "test_vectors.h" + +struct suite_context_s suite_context; + +#define PKT_POOL_NUM 64 +#define PKT_POOL_LEN (1 * 1024) + +int ipsec_check(odp_bool_t in, odp_bool_t ah, odp_cipher_alg_t cipher, odp_auth_alg_t auth) +{ + odp_ipsec_capability_t capa; + + if (odp_ipsec_capability(&capa) < 0) + return ODP_TEST_INACTIVE; + + if ((ODP_IPSEC_OP_MODE_SYNC == suite_context.pref_mode && + ODP_SUPPORT_NO == capa.op_mode_sync) || + (ODP_IPSEC_OP_MODE_ASYNC == suite_context.pref_mode && + ODP_SUPPORT_NO == capa.op_mode_async) || + (ODP_IPSEC_OP_MODE_INLINE == suite_context.pref_mode && + ODP_SUPPORT_NO == capa.op_mode_inline_in && in) || + (ODP_IPSEC_OP_MODE_INLINE == suite_context.pref_mode && + ODP_SUPPORT_NO == capa.op_mode_inline_out && !in)) + return ODP_TEST_INACTIVE; + + if (ah && (ODP_SUPPORT_NO == capa.proto_ah)) + return ODP_TEST_INACTIVE; + + /* Cipher algorithms */ + switch (cipher) { + case ODP_CIPHER_ALG_NULL: + if (!capa.ciphers.bit.null) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_DES: + if (!capa.ciphers.bit.des) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_3DES_CBC: + if (!capa.ciphers.bit.trides_cbc) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_AES_CBC: + if (!capa.ciphers.bit.aes_cbc) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_AES_GCM: + if (!capa.ciphers.bit.aes_gcm) + return ODP_TEST_INACTIVE; + break; + default: + fprintf(stderr, "Unsupported cipher algorithm\n"); + return ODP_TEST_INACTIVE; + } + + /* Authentication algorithms */ + switch (auth) { + case ODP_AUTH_ALG_NULL: + if (!capa.auths.bit.null) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_MD5_HMAC: + if (!capa.auths.bit.md5_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_SHA1_HMAC: + if (!capa.auths.bit.sha1_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_SHA256_HMAC: + if (!capa.auths.bit.sha256_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_SHA512_HMAC: + if (!capa.auths.bit.sha512_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_AES_GCM: + if (!capa.auths.bit.aes_gcm) + return ODP_TEST_INACTIVE; + break; + default: + fprintf(stderr, "Unsupported authentication algorithm\n"); + return ODP_TEST_INACTIVE; + } + + return ODP_TEST_ACTIVE; +} + +void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, + odp_bool_t in, + odp_bool_t ah, + uint32_t spi, + odp_cipher_alg_t cipher_alg, + const odp_crypto_key_t *cipher_key, + odp_auth_alg_t auth_alg, + const odp_crypto_key_t *auth_key) +{ + odp_ipsec_sa_param_init(param); + param->dir = in ? ODP_IPSEC_DIR_INBOUND : ODP_IPSEC_DIR_OUTBOUND; + param->lookup_mode = in ? ODP_IPSEC_LOOKUP_SPI : ODP_IPSEC_LOOKUP_DISABLED; + param->proto = ah ? ODP_IPSEC_AH : ODP_IPSEC_ESP; + + param->mode = /*tun ? ODP_IPSEC_MODE_TUNNEL : */ODP_IPSEC_MODE_TRANSPORT; + param->spi = spi; + param->seq = 0; + + param->dest_queue = suite_context.queue; + + if (cipher_key) { + param->crypto.cipher_alg = cipher_alg; + param->crypto.cipher_key = *cipher_key; + } + + if (auth_key) { + param->crypto.auth_alg = auth_alg; + param->crypto.auth_key = *auth_key; + } +} + +void ipsec_sa_destroy(odp_ipsec_sa_t sa) +{ + odp_event_t event; + odp_ipsec_status_t status; + + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa)); + + if (ODP_QUEUE_INVALID != suite_context.queue) { + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_STATUS, odp_event_type(event)); + + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_status(&status, event)); + + CU_ASSERT_EQUAL(ODP_IPSEC_STATUS_SA_DISABLE, status.id); + CU_ASSERT_EQUAL(0, status.ret); + CU_ASSERT_EQUAL(sa, status.sa); + + odp_event_free(event); + } + + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa)); +} + +#define PACKET_USER_PTR ((void *)0x1212fefe) + +odp_packet_t ipsec_packet(const ipsec_test_packet *itp) +{ + odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len); + + CU_ASSERT_NOT_EQUAL(ODP_PACKET_INVALID, pkt); + if (ODP_PACKET_INVALID == pkt) + return pkt; + + CU_ASSERT_EQUAL(0, odp_packet_copy_from_mem(pkt, 0, itp->len, itp->data)); + if (itp->l2_offset != ODP_PACKET_OFFSET_INVALID) + CU_ASSERT_EQUAL(0, odp_packet_l2_offset_set(pkt, itp->l2_offset)); + if (itp->l3_offset != ODP_PACKET_OFFSET_INVALID) + CU_ASSERT_EQUAL(0, odp_packet_l3_offset_set(pkt, itp->l3_offset)); + if (itp->l4_offset != ODP_PACKET_OFFSET_INVALID) + CU_ASSERT_EQUAL(0, odp_packet_l4_offset_set(pkt, itp->l4_offset)); + + odp_packet_user_ptr_set(pkt, PACKET_USER_PTR); + + return pkt; +} + +/* + * Compare packages ignoring everything before L3 header + */ +odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t pkt) +{ + uint32_t len = (ODP_PACKET_INVALID == pkt) ? 1 : odp_packet_len(pkt); + uint32_t l3, l4; + uint8_t data[len]; + + if (!itp) + return true; + + if (ODP_PACKET_INVALID == pkt) + return false; + + CU_ASSERT_EQUAL(PACKET_USER_PTR, odp_packet_user_ptr(pkt)); + + l3 = odp_packet_l3_offset(pkt); + l4 = odp_packet_l4_offset(pkt); + odp_packet_copy_to_mem(pkt, 0, len, data); + + if (len - l3 != itp->len - itp->l3_offset) + return false; + + if (l4 - l3 != itp->l4_offset - itp->l3_offset) + return false; + + return memcmp(data + l3, itp->data + itp->l3_offset, len - l3) ? false : true; +} + +void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, odp_bool_t lookup) +{ + odp_ipsec_op_param_t op_param; + odp_ipsec_op_result_t op_result; + odp_packet_t pkt; + odp_packet_t pkto[part->out_pkt]; + odp_ipsec_packet_result_t result[part->out_pkt]; + int i; + + pkt = ipsec_packet(part->pkt_in); + + memset(&op_param, 0, sizeof(op_param)); + op_param.num_pkt = 1; + op_param.pkt = &pkt; + if (lookup) { + op_param.num_sa = 1; + op_param.sa = &sa; + } else { + op_param.num_sa = 0; + op_param.sa = NULL; + } + op_param.num_opt = 0; + op_param.opt = NULL; + + op_result.num_pkt = part->out_pkt; + op_result.pkt = pkto; + op_result.res = result; + + if (ODP_IPSEC_OP_MODE_SYNC == suite_context.pref_mode) { + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_in(&op_param, &op_result)); + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.pref_mode) { + odp_event_t event; + + CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&op_param)); + + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_RESULT, odp_event_type(event)); + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_result(&op_result, event)); + } else { + CU_FAIL("INLINE not supported"); + } + + CU_ASSERT_EQUAL(part->out_pkt, op_result.num_pkt); + + for (i = 0; i < op_result.num_pkt && i < part->out_pkt; i++) { + CU_ASSERT_EQUAL(part->out[i].status.all_error, result[i].status.all_error); + CU_ASSERT_EQUAL(sa, result[i].sa); + if (ODP_PACKET_INVALID == pkto[i]) { + CU_FAIL("ODP_PACKET_INVALID received"); + } else { + CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out, pkto[i])); + odp_packet_free(pkto[i]); + } + } +} + +void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) +{ + odp_ipsec_op_param_t op_param; + odp_ipsec_op_result_t op_result; + odp_packet_t pkt; + odp_packet_t pkto[part->out_pkt]; + odp_ipsec_packet_result_t result[part->out_pkt]; + int i; + + pkt = ipsec_packet(part->pkt_in); + + memset(&op_param, 0, sizeof(op_param)); + op_param.num_pkt = 1; + op_param.pkt = &pkt; + op_param.num_sa = 1; + op_param.sa = &sa; + op_param.num_opt = 0; + op_param.opt = NULL; + + op_result.num_pkt = part->out_pkt; + op_result.pkt = pkto; + op_result.res = result; + + if (ODP_IPSEC_OP_MODE_SYNC == suite_context.pref_mode) { + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&op_param, &op_result)); + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.pref_mode) { + odp_event_t event; + + CU_ASSERT_EQUAL(1, odp_ipsec_out_enq(&op_param)); + + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_RESULT, odp_event_type(event)); + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_result(&op_result, event)); + } else { + CU_FAIL("INLINE not supported"); + } + + CU_ASSERT_EQUAL(part->out_pkt, op_result.num_pkt); + + for (i = 0; i < op_result.num_pkt && i < part->out_pkt; i++) { + CU_ASSERT_EQUAL(part->out[i].status.all_error, result[i].status.all_error); + CU_ASSERT_EQUAL(sa, result[i].sa); + if (ODP_PACKET_INVALID == pkto[i]) { + CU_FAIL("ODP_PACKET_INVALID received"); + } else { + CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out, pkto[i])); + odp_packet_free(pkto[i]); + } + } +} + +void ipsec_check_out_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, odp_ipsec_sa_t sa_in) +{ + odp_ipsec_op_param_t op_param; + odp_ipsec_op_result_t op_result; + odp_packet_t pkt; + odp_packet_t pkto[part->out_pkt]; + odp_ipsec_packet_result_t result[part->out_pkt]; + int i; + + pkt = ipsec_packet(part->pkt_in); + + memset(&op_param, 0, sizeof(op_param)); + op_param.num_pkt = 1; + op_param.pkt = &pkt; + op_param.num_sa = 1; + op_param.sa = &sa; + op_param.num_opt = 0; + op_param.opt = NULL; + + op_result.num_pkt = part->out_pkt; + op_result.pkt = pkto; + op_result.res = result; + + if (ODP_IPSEC_OP_MODE_SYNC == suite_context.pref_mode) { + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&op_param, &op_result)); + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.pref_mode) { + odp_event_t event; + + CU_ASSERT_EQUAL(1, odp_ipsec_out_enq(&op_param)); + + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_RESULT, odp_event_type(event)); + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_result(&op_result, event)); + } else { + CU_FAIL("INLINE not supported"); + } + + CU_ASSERT_EQUAL(part->out_pkt, op_result.num_pkt); + + for (i = 0; i < op_result.num_pkt && i < part->out_pkt; i++) { + CU_ASSERT_EQUAL(part->out[i].status.all_error, result[i].status.all_error); + CU_ASSERT_EQUAL(sa, result[i].sa); + if (ODP_PACKET_INVALID == pkto[i]) { + CU_FAIL("ODP_PACKET_INVALID received"); + } else { + ipsec_test_part part_in = *part; + ipsec_test_packet pkt_in; + + CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <= sizeof(pkt_in.data)); + + pkt_in.len = odp_packet_len(pkto[i]); + pkt_in.l2_offset = odp_packet_l2_offset(pkto[i]); + pkt_in.l3_offset = odp_packet_l3_offset(pkto[i]); + pkt_in.l4_offset = odp_packet_l4_offset(pkto[i]); + odp_packet_copy_to_mem(pkto[i], 0, pkt_in.len, pkt_in.data); + part_in.pkt_in = &pkt_in; + ipsec_check_in_one(&part_in, sa_in, false); + odp_packet_free(pkto[i]); + } + } +} + +static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -22,11 +399,164 @@ odp_testinfo_t ipsec_suite[] = { ODP_TEST_INFO_NULL }; +static +int ODP_UNUSED ipsec_sync_init(void) +{ + suite_context.pool = odp_pool_lookup("packet_pool"); + if (suite_context.pool == ODP_POOL_INVALID) + return -1; + + suite_context.queue = ODP_QUEUE_INVALID; + suite_context.pref_mode = ODP_IPSEC_OP_MODE_SYNC; + return 0; +} + +static +int ODP_UNUSED ipsec_async_init(void) +{ + suite_context.pool = odp_pool_lookup("packet_pool"); + if (suite_context.pool == ODP_POOL_INVALID) + return -1; + suite_context.queue = odp_queue_lookup("ipsec-out"); + if (suite_context.queue == ODP_QUEUE_INVALID) + return -1; + + suite_context.pref_mode = ODP_IPSEC_OP_MODE_ASYNC; + return 0; +} + +static +int ipsec_suite_term(odp_testinfo_t *suite) +{ + int i; + int first = 1; + + for (i = 0; suite[i].pName; i++) { + if (suite[i].check_active && + suite[i].check_active() == ODP_TEST_INACTIVE) { + if (first) { + first = 0; + printf("\n\n Inactive tests:\n"); + } + printf(" %s\n", suite[i].pName); + } + } + + return 0; +} + +static +int ipsec_in_term(void) +{ + return ipsec_suite_term(ipsec_in_suite); +} + +static +int ipsec_out_term(void) +{ + return ipsec_suite_term(ipsec_out_suite); +} + odp_suiteinfo_t ipsec_suites[] = { {"IPsec", NULL, NULL, ipsec_suite}, + {"IPsec-sync-in", ipsec_sync_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-async-in", ipsec_async_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-sync-out", ipsec_sync_init, ipsec_out_term, ipsec_out_suite}, + {"IPsec-async-out", ipsec_async_init, ipsec_out_term, ipsec_out_suite}, ODP_SUITE_INFO_NULL, }; +static +int ipsec_outit(odp_instance_t *inst) +{ + odp_pool_param_t params; + odp_pool_t pool; + odp_queue_t out_queue; + odp_pool_capability_t pool_capa; + + if (0 != odp_init_global(inst, NULL, NULL)) { + fprintf(stderr, "error: odp_init_global() failed.\n"); + return -1; + } + + if (0 != odp_init_local(*inst, ODP_THREAD_CONTROL)) { + fprintf(stderr, "error: odp_init_local() failed.\n"); + return -1; + } + + if (odp_pool_capability(&pool_capa) < 0) { + fprintf(stderr, "error: odp_pool_capability() failed.\n"); + return -1; + } + + odp_pool_param_init(¶ms); + params.pkt.seg_len = PKT_POOL_LEN; + params.pkt.len = PKT_POOL_LEN; + params.pkt.num = PKT_POOL_NUM; + params.type = ODP_POOL_PACKET; + + if (pool_capa.pkt.max_seg_len && + PKT_POOL_LEN > pool_capa.pkt.max_seg_len) { + fprintf(stderr, "Warning: small packet segment length\n"); + params.pkt.seg_len = pool_capa.pkt.max_seg_len; + } + + if (pool_capa.pkt.max_len && + PKT_POOL_LEN > pool_capa.pkt.max_len) { + fprintf(stderr, "Pool max packet length too small\n"); + return -1; + } + + pool = odp_pool_create("packet_pool", ¶ms); + + if (ODP_POOL_INVALID == pool) { + fprintf(stderr, "Packet pool creation failed.\n"); + return -1; + } + out_queue = odp_queue_create("ipsec-out", NULL); + if (ODP_QUEUE_INVALID == out_queue) { + fprintf(stderr, "Crypto outq creation failed.\n"); + return -1; + } + + return 0; +} + +static +int ipsec_term(odp_instance_t inst) +{ + odp_pool_t pool; + odp_queue_t out_queue; + + out_queue = odp_queue_lookup("ipsec-out"); + if (ODP_QUEUE_INVALID != out_queue) { + if (odp_queue_destroy(out_queue)) + fprintf(stderr, "Crypto outq destroy failed.\n"); + } else { + fprintf(stderr, "Crypto outq not found.\n"); + } + + pool = odp_pool_lookup("packet_pool"); + if (ODP_POOL_INVALID != pool) { + if (odp_pool_destroy(pool)) + fprintf(stderr, "Packet pool destroy failed.\n"); + } else { + fprintf(stderr, "Packet pool not found.\n"); + } + + if (0 != odp_term_local()) { + fprintf(stderr, "error: odp_term_local() failed.\n"); + return -1; + } + + if (0 != odp_term_global(inst)) { + fprintf(stderr, "error: odp_term_global() failed.\n"); + return -1; + } + + return 0; +} + int ipsec_main(int argc, char *argv[]) { int ret; @@ -35,8 +565,10 @@ int ipsec_main(int argc, char *argv[]) if (odp_cunit_parse_options(argc, argv)) return -1; - ret = odp_cunit_register(ipsec_suites); + odp_cunit_register_global_init(ipsec_outit); + odp_cunit_register_global_term(ipsec_term); + ret = odp_cunit_register(ipsec_suites); if (ret == 0) ret = odp_cunit_run(); diff --git a/test/common_plat/validation/api/ipsec/ipsec.h b/test/common_plat/validation/api/ipsec/ipsec.h index 290a186..e0d68c5 100644 --- a/test/common_plat/validation/api/ipsec/ipsec.h +++ b/test/common_plat/validation/api/ipsec/ipsec.h @@ -9,16 +9,56 @@ #include -/* test functions: */ -void ipsec_test_capability(void); - /* test arrays: */ -extern odp_testinfo_t ipsec_suite[]; - -/* test registry: */ -extern odp_suiteinfo_t ipsec_suites[]; +extern odp_testinfo_t ipsec_in_suite[]; +extern odp_testinfo_t ipsec_out_suite[]; /* main test program: */ int ipsec_main(int argc, char *argv[]); +struct suite_context_s { + odp_ipsec_op_mode_t pref_mode; + odp_pool_t pool; + odp_queue_t queue; +}; + +extern struct suite_context_s suite_context; + +typedef struct { + uint32_t len; + uint32_t l2_offset; + uint32_t l3_offset; + uint32_t l4_offset; + uint8_t data[256]; +} ipsec_test_packet; + +typedef struct { + const ipsec_test_packet *pkt_in; + int out_pkt; + struct { + odp_ipsec_op_status_t status; + const ipsec_test_packet *pkt_out; + } out[1]; +} ipsec_test_part; + +void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, + odp_bool_t in, + odp_bool_t ah, + uint32_t spi, + odp_cipher_alg_t cipher_alg, + const odp_crypto_key_t *cipher_key, + odp_auth_alg_t auth_alg, + const odp_crypto_key_t *auth_key); + +void ipsec_sa_destroy(odp_ipsec_sa_t sa); +odp_packet_t ipsec_packet(const ipsec_test_packet *itp); +odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t pkt); +void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, odp_bool_t lookup); +void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa); +void ipsec_check_out_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, odp_ipsec_sa_t sa_in); + +int ipsec_check(odp_bool_t in, odp_bool_t ah, odp_cipher_alg_t cipher, odp_auth_alg_t auth); +#define ipsec_check_ah(in, auth) ipsec_check(in, true, ODP_CIPHER_ALG_NULL, auth) +#define ipsec_check_esp(in, cipher, auth) ipsec_check(in, false, cipher, auth) + #endif diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_in.c b/test/common_plat/validation/api/ipsec/ipsec_test_in.c new file mode 100644 index 0000000..c774729 --- /dev/null +++ b/test/common_plat/validation/api/ipsec/ipsec_test_in.c @@ -0,0 +1,444 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "ipsec.h" + +#include "test_vectors.h" + +static +void test_in_ah_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_null_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_aes_cbc_null(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_aes_cbc_null_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_aes_cbc_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_aes_cbc_sha256_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_lookup_ah_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_lookup_esp_null_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_esp_pkt(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { { .all_error = 0, .error.proto = 1 }, NULL }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_ah_pkt(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { { .all_error = 0, .error.proto = 1 }, NULL }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_sha256_bad1(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1_bad1, + .out_pkt = 1, + .out = { + { { .all_error = 0, .error.auth = 1 }, NULL }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_sha256_bad2(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1_bad2, + .out_pkt = 1, + .out = { + { { .all_error = 0, .error.auth = 1 }, NULL }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_null_sha256_bad1(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1_bad1, + .out_pkt = 1, + .out = { + { { .all_error = 0, .error.auth = 1 }, NULL }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +int ipsec_check_in_ah_sha256(void) +{ + return ipsec_check_ah(true, ODP_AUTH_ALG_SHA256_HMAC); +} + +static +int ipsec_check_in_esp_null_sha256(void) +{ + return ipsec_check_esp(true, ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA256_HMAC); +} + +static +int ipsec_check_in_esp_aes_cbc_null(void) +{ + return ipsec_check_esp(true, ODP_CIPHER_ALG_AES_CBC, ODP_AUTH_ALG_NULL); +} + +static +int ipsec_check_in_esp_aes_cbc_sha256(void) +{ + return ipsec_check_esp(true, ODP_CIPHER_ALG_AES_CBC, ODP_AUTH_ALG_SHA256_HMAC); +} + +odp_testinfo_t ipsec_in_suite[] = { + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256, ipsec_check_in_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256, ipsec_check_in_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_null, ipsec_check_in_esp_aes_cbc_null), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, ipsec_check_in_esp_aes_cbc_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, ipsec_check_in_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, ipsec_check_in_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, ipsec_check_in_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, ipsec_check_in_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad1, ipsec_check_in_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad2, ipsec_check_in_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_bad1, ipsec_check_in_esp_null_sha256), + ODP_TEST_INFO_NULL, +}; diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_out.c b/test/common_plat/validation/api/ipsec/ipsec_test_out.c new file mode 100644 index 0000000..d4ecaaf --- /dev/null +++ b/test/common_plat/validation/api/ipsec/ipsec_test_out.c @@ -0,0 +1,154 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "ipsec.h" + +#include "test_vectors.h" + +static +void test_out_ah_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_out_esp_null_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, false, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_out_esp_aes_cbc_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + odp_ipsec_sa_t sa2; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, false, 123, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa2 = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_out_in_one(&test, sa, sa2); + + ipsec_sa_destroy(sa2); + ipsec_sa_destroy(sa); +} + +static +int ipsec_check_out_ah_sha256(void) +{ + return ipsec_check_ah(false, ODP_AUTH_ALG_SHA256_HMAC); +} + +static +int ipsec_check_out_esp_null_sha256(void) +{ + return ipsec_check_esp(false, ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA256_HMAC); +} + +static +int ipsec_check_both_esp_aes_cbc_sha256(void) +{ + return ipsec_check_esp(false, ODP_CIPHER_ALG_AES_CBC, ODP_AUTH_ALG_SHA256_HMAC) && + ipsec_check_esp(true, ODP_CIPHER_ALG_AES_CBC, ODP_AUTH_ALG_SHA256_HMAC); +} + +odp_testinfo_t ipsec_out_suite[] = { + ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256, ipsec_check_out_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256, ipsec_check_out_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, ipsec_check_both_esp_aes_cbc_sha256), + ODP_TEST_INFO_NULL, +}; diff --git a/test/common_plat/validation/api/ipsec/test_vectors.h b/test/common_plat/validation/api/ipsec/test_vectors.h new file mode 100644 index 0000000..47817bc --- /dev/null +++ b/test/common_plat/validation/api/ipsec/test_vectors.h @@ -0,0 +1,414 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef _ODP_TEST_IPSEC_VECTORS_H_ +#define _ODP_TEST_IPSEC_VECTORS_H_ + +#define KEY(name, ...) \ + static uint8_t name ## _data[] = { __VA_ARGS__ }; \ + static const ODP_UNUSED odp_crypto_key_t name = { \ + .data = name ## _data, \ + .length = sizeof(name ## _data), \ + } + +KEY(key_a5_128, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5); +KEY(key_5a_128, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a); +KEY(key_a5_256, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5); +KEY(key_5a_256, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a); + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { + .len = 142, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x12, 0x35, + 0x04, 0xef, 0x71, 0x73, 0xa1, 0xd4, 0x71, 0x3f, + 0xd6, 0x78, 0xfe, 0xa2, 0x59, 0xe9, 0x93, 0x70, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { + .len = 168, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5d, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { + .len = 168, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xdc, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x00, 0x01, + + /* ICV */ + 0x18, 0x00, 0x14, 0x3a, 0x54, 0x72, 0x98, 0xe8, + 0xc7, 0x2d, 0xfa, 0xeb, 0x70, 0xe0, 0x24, 0xdb, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { + .len = 168, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xdc, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x00, 0x01, + + /* ICV */ + 0x18, 0x00, 0x14, 0x3a, 0x54, 0x72, 0x98, 0xe8, + 0xc7, 0x2d, 0xfa, 0xeb, 0x70, 0xe0, 0x24, 0xdf, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xcc, 0xa6, 0x77, 0xa4, 0xda, 0x3a, 0x8d, 0x8c, + 0xdb, 0x0b, 0x77, 0xcd, 0x97, 0xa0, 0x90, 0xa6, + 0x96, 0x23, 0xad, 0x7e, 0x45, 0xe4, 0x32, 0xc3, + 0x0c, 0x54, 0xa9, 0x5a, 0x7a, 0xc9, 0xb4, 0x9f, + 0x59, 0x79, 0xe2, 0xfc, 0x5c, 0x7e, 0x27, 0x8b, + 0xad, 0x4a, 0x1f, 0x78, 0xe0, 0x92, 0x90, 0x70, + 0x79, 0xa2, 0x55, 0x38, 0x8f, 0x41, 0xe9, 0x07, + 0xfe, 0xfc, 0x04, 0x06, 0xda, 0xa5, 0xd4, 0xd8, + 0xcd, 0x02, 0x95, 0x54, 0x01, 0x25, 0xe2, 0x44, + 0x6f, 0xf7, 0x85, 0xa0, 0x53, 0xb9, 0x2b, 0xa1, + 0xad, 0x24, 0x62, 0xa3, 0x45, 0x3e, 0x3c, 0x75, + 0x44, 0x2d, 0x8f, 0x69, 0x8e, 0xa0, 0x64, 0x54, + 0xe6, 0x84, 0x3f, 0x8e, 0x9f, 0x5e, 0x74, 0x56, + 0x3c, 0x20, 0x0b, 0x1a, 0x7b, 0x1b, 0xb5, 0xd8, + 0x7e, 0xb0, 0xc4, 0x4d, 0x6e, 0xd1, 0x53, 0x05, + 0x28, 0xe9, 0x7d, 0xf9, 0xe5, 0x91, 0x98, 0xed, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { + .len = 186, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xcc, 0xa6, 0x77, 0xa4, 0xda, 0x3a, 0x8d, 0x8c, + 0xdb, 0x0b, 0x77, 0xcd, 0x97, 0xa0, 0x90, 0xa6, + 0x96, 0x23, 0xad, 0x7e, 0x45, 0xe4, 0x32, 0xc3, + 0x0c, 0x54, 0xa9, 0x5a, 0x7a, 0xc9, 0xb4, 0x9f, + 0x59, 0x79, 0xe2, 0xfc, 0x5c, 0x7e, 0x27, 0x8b, + 0xad, 0x4a, 0x1f, 0x78, 0xe0, 0x92, 0x90, 0x70, + 0x79, 0xa2, 0x55, 0x38, 0x8f, 0x41, 0xe9, 0x07, + 0xfe, 0xfc, 0x04, 0x06, 0xda, 0xa5, 0xd4, 0xd8, + 0xcd, 0x02, 0x95, 0x54, 0x01, 0x25, 0xe2, 0x44, + 0x6f, 0xf7, 0x85, 0xa0, 0x53, 0xb9, 0x2b, 0xa1, + 0xad, 0x24, 0x62, 0xa3, 0x45, 0x3e, 0x3c, 0x75, + 0x44, 0x2d, 0x8f, 0x69, 0x8e, 0xa0, 0x64, 0x54, + 0xe6, 0x84, 0x3f, 0x8e, 0x9f, 0x5e, 0x74, 0x56, + 0x3c, 0x20, 0x0b, 0x1a, 0x7b, 0x1b, 0xb5, 0xd8, + 0x7e, 0xb0, 0xc4, 0x4d, 0x6e, 0xd1, 0x53, 0x05, + 0x28, 0xe9, 0x7d, 0xf9, 0xe5, 0x91, 0x98, 0xed, + + /* ICV */ + 0xaa, 0x81, 0xa0, 0xd0, 0x2f, 0x92, 0x85, 0x51, + 0x4e, 0x8d, 0x22, 0x2e, 0x54, 0x80, 0xf0, 0xd9, + }, +}; + +#endif