From patchwork Thu May 11 23:00:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99690 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp33976qge; Thu, 11 May 2017 16:01:08 -0700 (PDT) X-Received: by 10.36.73.82 with SMTP id z79mr530242ita.20.1494543668551; Thu, 11 May 2017 16:01:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494543668; cv=none; d=google.com; s=arc-20160816; b=WC3DzQFEoeo+dmzF2xP58cx2krz9J1QA/LwQ+ZSA18WA4CW/2a16tc+/gccSIFFnnk 21B+oc5FVyGWZJvhn2X2vVgL10UdgUI+2ex1S9nmVZebXPbjctBd+l+QH/6OEnH2ulhz DWM9Oetihxh5bwuC/Eka89Bu43L43+gnBwn8J4Lu7J/J5t/UabNfBIKAJW5JUI/vk0Sr 2DIviyAr69VSZN2fsA+IzDjpfw9XlwbqK6mI4CTasXfBtpieil874gmKXxW0IGD5Tg7e pYTlb85WDT1BAHoyiUSAbVW7jbabJS4ruamNBg6M7MCSU6S6ON29AOL28wzRbTx8cHbK QuAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=XagZxaDDFS2R9r2OEQ16tin9+hr3hJViLfFBjrQtK2s=; b=bUoHpfQntj7Dt6r0LFaRC8ObN5nfjwQ56BTjm3dab2UhxNUXwDKlf2WVa7n3E2vMTj e1qyGvwD2TLbvJSj9juE73jfTuhK6XakQPvrrSDTXcD+3LhQNjOyfFQbZdUqJ5Avj7/p 1BtvSZ5rqWisow/ivPaF3BESzzhnD/r+eYjtRedmSBgIGL5nsTkMDJNmawADBB21RM5X a8BnWmJXEZEII7moz2bPXHyE/ZzJ6SqVVbQY4wpv58fVyci5Z3Le/sn1ZxR8hgr7kYd4 ui1HqklunRey7Hv1vnW/tx7F/+k5DZlXMjuSoCblrFLfTp5czlWRjd8/qtt1tUI7B69m EhmA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id u5si254402itf.25.2017.05.11.16.01.08; Thu, 11 May 2017 16:01:08 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id C72B560CE5; Thu, 11 May 2017 23:01:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D69D4606A3; Thu, 11 May 2017 23:01:02 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 560A7606A3; Thu, 11 May 2017 23:01:00 +0000 (UTC) Received: from forward3h.cmail.yandex.net (forward3h.cmail.yandex.net [87.250.230.18]) by lists.linaro.org (Postfix) with ESMTPS id 20F976069B for ; Thu, 11 May 2017 23:00:59 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [IPv6:2a02:6b8:0:f05::117]) by forward3h.cmail.yandex.net (Yandex) with ESMTP id A636D2147F for ; Fri, 12 May 2017 02:00:57 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id 7ECD2440DF7 for ; Fri, 12 May 2017 02:00:57 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id orGMuV8N85-0uYOlXnC; Fri, 12 May 2017 02:00:56 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 02:00:00 +0300 Message-Id: <1494543609-26126-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> References: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v4 1/10] api: ipsec: add soft limit expiration event X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov If outbound packet was processed in inline mode, soft limit expiration event is not reported, as packet goes to the interface. Instead report this as an ODP_IPSEC_STATUS_SA_SOFT_EXPIRED. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: b81277da57f0fe188a9a4e88872bba7ec92283ca **/ include/odp/api/spec/ipsec.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 9a7404c..03742c6 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -1092,7 +1092,14 @@ typedef struct odp_ipsec_op_result_t { */ typedef enum odp_ipsec_status_id_t { /** Response to SA disable command */ - ODP_IPSEC_STATUS_SA_DISABLE = 0 + ODP_IPSEC_STATUS_SA_DISABLE = 0, + + /** + * Soft limit expired on this SA + * + * This event is sent only if SA was configured in OUT INLINE mode. + */ + ODP_IPSEC_STATUS_SA_SOFT_EXPIRED } odp_ipsec_status_id_t; From patchwork Thu May 11 23:00:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99692 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp35452qge; Thu, 11 May 2017 16:04:24 -0700 (PDT) X-Received: by 10.55.17.232 with SMTP id 101mr1032006qkr.74.1494543864350; Thu, 11 May 2017 16:04:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494543864; cv=none; d=google.com; s=arc-20160816; b=Gx2mKbvv0ffwEWZ+v9g1pGDyI1UNVZhsdjRJ98qe68AueEY+1vKCp1gz4Xc245n0AZ NylrGGCKeJ5FM2lPIWspH1sq5iFTUEqUF3cMuAKpI8jKkzOvvdVYBfTid1YhgU4Q/N7x Is7c6aicjjPV8NhTgV3fezLQRhJcLvxfk3iVf3ClFHhZo08oLNwP0ckxmQuVyu3CwLgD s77RhI0UPJqx5vpvOTNTG05hZ74Ytfh6/kvk9wg9HkTqRFNxMmlE+GCoAauVqWOtIpr9 rqjTD4/ulCP5xkalsgIqHxThd1DsCZeBaE131YFdo4+d6RLYGuOiwSn8+ukAJjG6h9wC 4VIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=haHi4F0jjZgsOH6diaS3nLetjPxtE02SLBpEjpECjUE=; b=WmMRNo9rxbiYP2I5nRg+0Ce5J0NDTk6HdwLyGOK85oZD01hHPlQjBj2N/W+CuZVY3V WiiMahagbtleQ+VLLPqA+VbbRF3j6j81DLW9iK9oybckWfIWOIQov7aj2VNd1gJgDQQz 1RCryH6cmVdz8uSwR0ha6Gq7qgiHMNPhW9HGJbp2xXQ+C8dAuviiV2ZVbHQoX2tRwZSQ IP0XWbSqD+Oj4KBbgOyAUUy4n9+2OvFkoDJlv2RpAOSHyWuLCeuRvpgZ0P/dQQ9cTAtT GaVCgBqb9JWt9dp0+pTFAjk0rvpTY+ZITXzpVNOav+/pOykCtrIkNtcze7A68MV3DU0j eFKw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id x134si1400576qka.214.2017.05.11.16.04.23; Thu, 11 May 2017 16:04:24 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id D012360D95; Thu, 11 May 2017 23:04:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 69F2460D2E; Thu, 11 May 2017 23:01:20 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E3F4660CDE; Thu, 11 May 2017 23:01:05 +0000 (UTC) Received: from forward3p.cmail.yandex.net (forward3p.cmail.yandex.net [77.88.31.18]) by lists.linaro.org (Postfix) with ESMTPS id 554C1606A2 for ; Thu, 11 May 2017 23:01:02 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [84.201.186.20]) by forward3p.cmail.yandex.net (Yandex) with ESMTP id 25EDE20BEF for ; Fri, 12 May 2017 02:01:00 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id BC88F440E7A for ; Fri, 12 May 2017 02:00:57 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id orGMuV8N85-0vYOnvp4; Fri, 12 May 2017 02:00:57 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 02:00:01 +0300 Message-Id: <1494543609-26126-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> References: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v4 2/10] api: ipsec: note that soft_exp bits are set only once X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add an explicit note telling that soft_exp bits are set only once, for the packet actually crossing the boundary. They will not be set for further packets. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: b81277da57f0fe188a9a4e88872bba7ec92283ca **/ include/odp/api/spec/ipsec.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 03742c6..b1c81b1 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -493,8 +493,10 @@ typedef struct odp_ipsec_sa_opt_t { * * These limits are used for setting up SA lifetime. IPSEC operations check * against the limits and output a status code (e.g. soft_exp_bytes) when - * a limit is crossed. Any number of limits may be used simultaneously. - * Use zero when there is no limit. + * a limit is crossed. The soft_exp_* bits will be set only for the first + * packet crossing the boundary. Any further packets will not have those bits + * set. Any number of limits may be used simultaneously. Use zero when there + * is no limit. */ typedef struct odp_ipsec_lifetime_t { /** Soft expiry limits for the session */ From patchwork Thu May 11 23:00:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99691 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp35148qge; Thu, 11 May 2017 16:03:39 -0700 (PDT) X-Received: by 10.55.217.146 with SMTP id q18mr946549qkl.249.1494543819539; Thu, 11 May 2017 16:03:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494543819; cv=none; d=google.com; s=arc-20160816; b=alSiiBeVAbIL2In21brKf8yRivA8w3NSiRj3yCXACF79sZ7DKKCrrDP0wNkwscyf3A MIbuQQJUSI8xElKLro/1OExKapXFCGi9OxjwDgc+k85m4nJBL/VSOIFdDnFqRuxRheCW a4FgKrqXA5DT1O4x9rc8yJHM1VbLETcw7yRgwNMH50i63IimERNxqwLxCrAs9rUpBoqr vOlmlyj4svR/Z0M1ZqgCpPpVQ7QNv7pUormJGYx7HASSiGf8uBCZ0O6E0w7jKaPgClw4 ME/uJcKc9FxTqxvJwJhD+sXnmJK4838H4xpAI5+e72qCGbPN32FIrIokKcBLzLsOsGB1 ijgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=wy9Gk/o2CYYiRQFf1LbIVBiGLZ2ybxRihBoMMPpKjEQ=; b=R5x5olmfNc2l3llIP3zaaY37eyNs6jRkaXF/Z1QQwLndaHzKZOonsd5zMIUcK1flHK ddILtSRfmqJX1JNE8rRm+fJHiOaaZw3oogMoJRk4yi2aOhwRpS+2btZaqxCMYHE4MGvp 50lvMGSKN5kkYQAIuLvUbb8conA1xIX8Fhc/JvDEK6VywCUdgIbVaFc9TbNddkIbM4Lc QBYZKe9rOmaXDka57//4W2a0R8KjlnL2BU4VY0Ex4suA3rLaUSTdGQGr+AoQTlQFsNVW mXgwtAPcF4/teOEMnyxAsEwsXvWYlBBgtzAS3zYCE/fop/zmkXY2rR0oVcAxW1v7yk45 zEBA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id 56si1377266qts.263.2017.05.11.16.03.39; Thu, 11 May 2017 16:03:39 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2750A60D99; Thu, 11 May 2017 23:03:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 19F6C60CFC; Thu, 11 May 2017 23:01:17 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A527560CDE; Thu, 11 May 2017 23:01:04 +0000 (UTC) Received: from forward5m.cmail.yandex.net (forward5m.cmail.yandex.net [5.255.216.23]) by lists.linaro.org (Postfix) with ESMTPS id 9CC866069B for ; Thu, 11 May 2017 23:01:01 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [IPv6:2a02:6b8:0:f05::117]) by forward5m.cmail.yandex.net (Yandex) with ESMTP id 27B6621282 for ; Fri, 12 May 2017 02:01:00 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id CCDF5440DF7 for ; Fri, 12 May 2017 02:00:59 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id orGMuV8N85-0wYmSSTv; Fri, 12 May 2017 02:00:58 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 02:00:02 +0300 Message-Id: <1494543609-26126-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> References: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v4 3/10] api: ipsec: introduce all_status bitfield covering all error and flags X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov An expectation would be that an application would check if there is any exceptional status set by checking the all_status field and then further descending on the reason on the particular exception. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: b81277da57f0fe188a9a4e88872bba7ec92283ca **/ include/odp/api/spec/ipsec.h | 135 +++++++++++++++++++++++-------------------- 1 file changed, 72 insertions(+), 63 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index b1c81b1..103fc39 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -851,71 +851,80 @@ typedef struct odp_ipsec_op_opt_t { #define ODP_IPSEC_OK 0 /** IPSEC operation status */ -typedef struct odp_ipsec_op_status_t { - /** Variant mappings for op status */ - union { - /** Error flags */ - struct { - /** Protocol error. Not a valid ESP or AH packet. */ - uint32_t proto : 1; - - /** SA lookup failed */ - uint32_t sa_lookup : 1; - - /** Authentication failed */ - uint32_t auth : 1; - - /** Anti-replay check failed */ - uint32_t antireplay : 1; - - /** Other algorithm error */ - uint32_t alg : 1; - - /** Packet does not fit into the given MTU size */ - uint32_t mtu : 1; - - /** Soft lifetime expired: seconds */ - uint32_t soft_exp_sec : 1; - - /** Soft lifetime expired: bytes */ - uint32_t soft_exp_bytes : 1; - - /** Soft lifetime expired: packets */ - uint32_t soft_exp_packets : 1; - - /** Hard lifetime expired: seconds */ - uint32_t hard_exp_sec : 1; - - /** Hard lifetime expired: bytes */ - uint32_t hard_exp_bytes : 1; - - /** Hard lifetime expired: packets */ - uint32_t hard_exp_packets : 1; - - } error; - - /** All error bits - * - * This field can be used to set, clear or compare multiple - * flags. For example, 'status.all_error != ODP_IPSEC_OK' - * checks if there are - * any errors. - */ - uint32_t all_error; +typedef union odp_ipsec_op_status_t { + struct { + /** Variant mappings for op status */ + union { + /** Error flags */ + struct { + /** + * Protocol error. Not a valid ESP or AH + * packet. + */ + uint32_t proto : 1; + + /** SA lookup failed */ + uint32_t sa_lookup : 1; + + /** Authentication failed */ + uint32_t auth : 1; + + /** Anti-replay check failed */ + uint32_t antireplay : 1; + + /** Other algorithm error */ + uint32_t alg : 1; + + /** + * Packet does not fit into the given MTU size + */ + uint32_t mtu : 1; + + /** Soft lifetime expired: seconds */ + uint32_t soft_exp_sec : 1; + + /** Soft lifetime expired: bytes */ + uint32_t soft_exp_bytes : 1; + + /** Soft lifetime expired: packets */ + uint32_t soft_exp_packets : 1; + + /** Hard lifetime expired: seconds */ + uint32_t hard_exp_sec : 1; + + /** Hard lifetime expired: bytes */ + uint32_t hard_exp_bytes : 1; + + /** Hard lifetime expired: packets */ + uint32_t hard_exp_packets : 1; + + } error; + + /** All error bits + * + * This field can be used to set, clear or compare + * multiple flags. For example, 'status.all_error != + * ODP_IPSEC_OK' checks if there are any errors. + */ + uint32_t all_error; + }; + + /** Variant mappings for status flags */ + union { + /** Status flags */ + struct { + /** Packet was processed in inline mode */ + uint32_t inline_mode : 1; + + } flag; + + /** All flag bits */ + uint32_t all_flag; + }; }; - /** Variant mappings for status flags */ - union { - /** Status flags */ - struct { - /** Packet was processed in inline mode */ - uint32_t inline_mode : 1; - - } flag; - - /** All flag bits */ - uint32_t all_flag; - }; + /** All status bits */ + uint64_t all_status; } odp_ipsec_op_status_t; From patchwork Thu May 11 23:00:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99693 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp36002qge; Thu, 11 May 2017 16:05:50 -0700 (PDT) X-Received: by 10.55.41.74 with SMTP id p71mr1083658qkh.110.1494543950609; Thu, 11 May 2017 16:05:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494543950; cv=none; d=google.com; s=arc-20160816; b=tGM1pC5RZmD5JDCSbfpWJobvGaQLvQN8SHr1lDt2q23wIIYBDvb8yQP6tOrBMVH9Hu uHLg+qZeSLCoiQ7/hSVZcgYYh/op0Ov/0xNz3Os1gS8JZ9NhFDd2pao96mOrGLP8NvT7 Uwp2IyL49hpSrEioqdrtJckJExvhaNVlpPMcW/y2/l/X1mAkxwoWcDyH0bDpwrzU4DtW ciLkVmLRNCn/k+ESWv3p5rmAazlaaPjUyVDfSDyDbshwdpzkYWgxT3mTmWgu90j4AaFq HkpTfNLON8EXe42vVUTqeyrHWEOK/pvQ2GVVqqGzrKVJsZgijcOaB5jemIUthhnUxBbB 0wDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=YEeC33bVaCwNJgIy1eCZyN078Hxv6E/v79X7maiqpS8=; b=rHJPRVDjLbbG7QcyoFjP2Lqo/uiVKS+SXW9BBe0VXGZlFTisg8WV9fMxghkdEXSaSa 9d18KAZqk8YFY3YCxEziyU//DLJ+Gq07fC9x9WQ36R+sg4GHeDlNJzoG/cn3UmV5wzW4 mJ2soQZUXjaIMT+0c/fb1MsM6cFxoIyQQZcVDjI6MyII2aveT43tE4y5rVCXNnGyG1xV BpKH1+R8DjBAmb9NfjWOT5EbNogDwLL+W8uynmE3BiHRhWLlJzJiezHIB5BsglSid952 DQvTOxfl/S6KC6/jgFoLHEXGQqumItEknMAVC0V77yfQYBeMJNrccCl6adrtstBPtgY0 mYeA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id j124si1358206qkc.254.2017.05.11.16.05.50; Thu, 11 May 2017 16:05:50 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 38FF96071D; Thu, 11 May 2017 23:05:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 11A5760D00; Thu, 11 May 2017 23:01:32 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id B120260D48; Thu, 11 May 2017 23:01:27 +0000 (UTC) Received: from forward1p.cmail.yandex.net (forward1p.cmail.yandex.net [77.88.31.16]) by lists.linaro.org (Postfix) with ESMTPS id 86AAF60CC1 for ; Thu, 11 May 2017 23:01:03 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [84.201.186.20]) by forward1p.cmail.yandex.net (Yandex) with ESMTP id 1FA66211B2 for ; Fri, 12 May 2017 02:01:01 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id EBE9B440DF7 for ; Fri, 12 May 2017 02:01:00 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id orGMuV8N85-10Ym2jUj; Fri, 12 May 2017 02:01:00 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 02:00:03 +0300 Message-Id: <1494543609-26126-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> References: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v4 4/10] api: ipsec: invert the inline_mode flag X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov For INLINE-destined SAs it is typical to have packets processed through INLINE API. So, let's invert the inline_mode flag to mean that the packet was processed through ASYNC API. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: b81277da57f0fe188a9a4e88872bba7ec92283ca **/ include/odp/api/spec/ipsec.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 103fc39..ceda881 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -913,8 +913,11 @@ typedef union odp_ipsec_op_status_t { union { /** Status flags */ struct { - /** Packet was processed in inline mode */ - uint32_t inline_mode : 1; + /** + * Packet was processed in ASYNC mode through + * the SA configured for INLINE mode. + */ + uint32_t non_inline_mode : 1; } flag; From patchwork Thu May 11 23:00:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99694 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp36283qge; Thu, 11 May 2017 16:06:28 -0700 (PDT) X-Received: by 10.55.201.10 with SMTP id q10mr1094398qki.4.1494543988087; Thu, 11 May 2017 16:06:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494543988; cv=none; d=google.com; s=arc-20160816; b=Ohg3qkDck4lLQGk+s5xsVcolPfzMMPQhqozVCMTDRfoGMfA7gfV0B6dlZUMd4F+xxj cDeZWZm6nsdOAP0zi5lguh59CiQyDdtVMJyql1pxTinZg2DiTtwa+R/xuNAZqQHv5QH1 dY0jxiZsAAiMpZeodNNKAdmxVinW60LNEgpIKfkf/XPRjV3gDUQ1e8OypAZJqB6XqEWL 4/KojbTa3WLtYQgA7nEAEXOASPXbRpD3SCaPTBCt/lvI9uKuA36wv0UPRbHYFdT07WVh UO0GQOgGkzABSa4+SAcabYgY69f5CLBvyAcaDpy23x1fQE7yleIfFE6JXvQ7ZyZa/ZMe JktA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=FqwpwDHfxdZqf4b86Je9Kyb83htWVqi6aAh7eykfYtw=; b=g9LGw/IBtdKcTjPscpRFcJfqY6x9n7+HrUoVEYZ/4aPvttukQ8njdiKN0u+9UsHbtM DReRb7QXkE9uBwKKGZd7Optl5UBI5gkUr7Cp/Ui0C9L6WWJf465WI5YjQAg0ZyzZp+1d k2hdLREUVnhq89YG8vvBWYsMeiQtPnUc2VN91aX06aM9QsO0/jomr52Fe03Z5xSEKFCd 0zpD4vQtLJXup+9Sy88OmjzNLjJ7OYmgeT0M08HnDJCed07O9hYtVGluJkMNX+Wns62r 59wwC77gxB3hSBaNNuGMbi9/eHj7LFrT26hpQm063/N2GpnISjgefXe80W4hnYDKuHSu DYOQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id v10si1381390qtg.294.2017.05.11.16.06.27; Thu, 11 May 2017 16:06:28 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id BD10660D3A; Thu, 11 May 2017 23:06:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 604CF60D48; Thu, 11 May 2017 23:01:34 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E648260D37; Thu, 11 May 2017 23:01:29 +0000 (UTC) Received: from forward3p.cmail.yandex.net (forward3p.cmail.yandex.net [77.88.31.18]) by lists.linaro.org (Postfix) with ESMTPS id 9B0E760CD7 for ; Thu, 11 May 2017 23:01:03 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [IPv6:2a02:6b8:0:f05::117]) by forward3p.cmail.yandex.net (Yandex) with ESMTP id 8422620CF1 for ; Fri, 12 May 2017 02:01:02 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id 45E52440E7A for ; Fri, 12 May 2017 02:01:01 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id orGMuV8N85-11YCbYfO; Fri, 12 May 2017 02:01:01 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 02:00:04 +0300 Message-Id: <1494543609-26126-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> References: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v4 5/10] api: ipsec: move soft limits expiration to flags, rather than errors X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Soft limit expiration isn't an error per se. It does not mean, that we received invalid or unprocessed packet. They look more like flags, noting that soft limit on this SA was expired. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: b81277da57f0fe188a9a4e88872bba7ec92283ca **/ include/odp/api/spec/ipsec.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index ceda881..0ae3233 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -880,15 +880,6 @@ typedef union odp_ipsec_op_status_t { */ uint32_t mtu : 1; - /** Soft lifetime expired: seconds */ - uint32_t soft_exp_sec : 1; - - /** Soft lifetime expired: bytes */ - uint32_t soft_exp_bytes : 1; - - /** Soft lifetime expired: packets */ - uint32_t soft_exp_packets : 1; - /** Hard lifetime expired: seconds */ uint32_t hard_exp_sec : 1; @@ -919,6 +910,15 @@ typedef union odp_ipsec_op_status_t { */ uint32_t non_inline_mode : 1; + /** Soft lifetime expired: seconds */ + uint32_t soft_exp_sec : 1; + + /** Soft lifetime expired: bytes */ + uint32_t soft_exp_bytes : 1; + + /** Soft lifetime expired: packets */ + uint32_t soft_exp_packets : 1; + } flag; /** All flag bits */ From patchwork Thu May 11 23:00:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99695 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp36511qge; Thu, 11 May 2017 16:07:05 -0700 (PDT) X-Received: by 10.55.27.18 with SMTP id b18mr988195qkb.142.1494544025173; Thu, 11 May 2017 16:07:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494544025; cv=none; d=google.com; s=arc-20160816; b=yrOvg1TXK2gFbcGTigZM2dp5zobSOc5Pi2mwGTfk6nHvaCeD7OL5niHW1oazH93vCm 27i7g7kx0XFDh+T8JQBxk7vNH6UQxskgSpd0NIsL+/Ts6sWnF9ScLa2iXOfI8q82+HtE T9+jLK3+vqRIqptGHcBDvHPSnPRevfi7jKW/ZjL4p82C9TZIaPu1qlj0iLjAVitq+Ow9 4qcMZjgnM65WnDeWL4fMVn8YBZeqGk9XuA8tWCTTiFAM9HjzyhIze5crpfn/vNYluWhp eLRXPsg8Mdqh21NmD6lgzsCfh63ksC0OT3vQcDvX37A2duVnPaNNZlcS5NPn4Dg3L3Dt kZ3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=vjszeHpX0RYrvyHn7ETtFxbEHP1yrrAdo790+0KBnBw=; b=ZgwElTw0sp78Db+jc4j+DeCixU2MrZ2EwMYaa4E4FdqPRgWcbN0X89W8XaLgEsF2q5 cjNQEu3rbpJOmsgTyPoa8oU0bPH6/mG9Ppnqh+FMB+GmReAdTHgEn11VdL0c7Y9vI2MF K8nmJJqMSU2DoJdg2QHl3HPUfFEdWihIESwhE+a6vvM8zNl0Is9BA7yy82mTEVykUTcy NiYfWguOp44edVA5yYPLMdM4y3ttUbiL96ws8j9jYK06mNvOeiBSZeEu2c8Icj5nWkW3 cJ+OyPqKgE2nOCD7q5YpfKIBI/lf2B7GNMow0J5nJUu4CzdbfXwJLzQkUGlMZDZ66jL1 5Whw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id n19si1433929qtn.193.2017.05.11.16.07.04; Thu, 11 May 2017 16:07:05 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id B9BFB60829; Thu, 11 May 2017 23:07:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id BADC06069B; Thu, 11 May 2017 23:01:47 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E7F1360D4A; Thu, 11 May 2017 23:01:38 +0000 (UTC) Received: from forward5p.cmail.yandex.net (forward5p.cmail.yandex.net [77.88.31.20]) by lists.linaro.org (Postfix) with ESMTPS id C82E160694 for ; Thu, 11 May 2017 23:01:05 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [IPv6:2a02:6b8:0:f05::117]) by forward5p.cmail.yandex.net (Yandex) with ESMTP id 9384F20C4F for ; Fri, 12 May 2017 02:01:03 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id 4F013440EC9 for ; Fri, 12 May 2017 02:01:02 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id orGMuV8N85-12YOl97n; Fri, 12 May 2017 02:01:02 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 02:00:05 +0300 Message-Id: <1494543609-26126-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> References: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v4 6/10] linux-generic: crypto: don't leak sessions if creation fails X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov We should free allocated session in odp_crypto_session_create() error paths, so that the session is not leaked. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: b81277da57f0fe188a9a4e88872bba7ec92283ca **/ platform/linux-generic/odp_crypto.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index a0f3f7e..dfeb9f3 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -682,6 +682,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, if (session->p.iv.data) { if (session->p.iv.length > MAX_IV_LEN) { ODP_DBG("Maximum IV length exceeded\n"); + free_session(session); return -1; } @@ -732,6 +733,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, /* Check result */ if (rc) { *status = ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; + free_session(session); return -1; } @@ -778,6 +780,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, /* Check result */ if (rc) { *status = ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH; + free_session(session); return -1; } From patchwork Thu May 11 23:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99696 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp36869qge; Thu, 11 May 2017 16:08:00 -0700 (PDT) X-Received: by 10.36.101.130 with SMTP id u124mr494709itb.109.1494544080226; Thu, 11 May 2017 16:08:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494544080; cv=none; d=google.com; s=arc-20160816; b=fUMmpI5nNmnYA8xp66cx2899yaD7Z4FSIKdS2BbnxtnbCDstj0r0cljYaWkMOi1Kuw b6bD4123dyd98RoV5APDaYGxQczqK7B0ungxgpUjQHGBgylKAjKKyW2Y2B2yzdJaeDnb k3nxTS3UOaVgL4D1OapmKwjgvX5skaX+zZdw4ObMijcoVtcHqWqK65QCGFKSgy5gSkbZ obPTzaT+o5OHG7cLCPCiRUxdtHuBz5CzY4KdLOZQSKJlL5dgswiWmxWC8VP4ImI9H26O JNs52lra/LD39DCFv9ogez0OiPDuqJCZ4RInrKonRHle7Rt79oo59QmtFmKoMVDB2MKT xwtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=al2JPsUKKwvYiM/pQf/4XycOltQ6Covgu214svZa4as=; b=K1UIYNNeH1Sz/X1Lsk2VFjCevB0dTz/DwO7z5sDj/aMnxtuLZMeB23Dl28ib7OIAq1 z84HECUaHhI57bq37ine+V4oOmIxg90KlL2VSk0Y006CI6F7hh7/JKfO6IN0LaRxJ7pk Lz87vLMWp6t0yc/C0OXAQOEb2ZVuwRczphuW/KZenXyvNc+y/gbspUt2HTErTe4KIsxN V4O6LPryjY/5m0SkDQRcWbwrwOIbYiRYe0PvyKmRgnTGH+IzPGpIBPfrlqBbVA+Ykf9X cvdty0PP2YpHoz39PkOpnqmAp0Zb36s3f1YLd3xARhgS4j2DnPqLG4V8Po9ny3GE8GxU 7urQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id r79si1336553ior.105.2017.05.11.16.07.58; Thu, 11 May 2017 16:08:00 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id A294A60D1A; Thu, 11 May 2017 23:07:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 1028060CDC; Thu, 11 May 2017 23:01:55 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id CF8236072B; Thu, 11 May 2017 23:01:43 +0000 (UTC) Received: from forward1p.cmail.yandex.net (forward1p.cmail.yandex.net [77.88.31.16]) by lists.linaro.org (Postfix) with ESMTPS id D60256069B for ; Thu, 11 May 2017 23:01:05 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [IPv6:2a02:6b8:0:f05::117]) by forward1p.cmail.yandex.net (Yandex) with ESMTP id CC2DA211B5 for ; Fri, 12 May 2017 02:01:04 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id A4552440E7A for ; Fri, 12 May 2017 02:01:04 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id orGMuV8N85-13Y0mZfx; Fri, 12 May 2017 02:01:03 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 02:00:06 +0300 Message-Id: <1494543609-26126-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> References: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v4 7/10] linux-generic: ipsec: implement events handling X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add functions implementing IPsec events support. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: b81277da57f0fe188a9a4e88872bba7ec92283ca **/ platform/linux-generic/Makefile.am | 2 + .../include/odp/api/plat/event_types.h | 3 +- platform/linux-generic/include/odp_internal.h | 4 + .../linux-generic/include/odp_ipsec_internal.h | 150 ++++++++++++ platform/linux-generic/odp_event.c | 7 + platform/linux-generic/odp_init.c | 13 + platform/linux-generic/odp_ipsec.c | 19 +- platform/linux-generic/odp_ipsec_events.c | 269 +++++++++++++++++++++ 8 files changed, 456 insertions(+), 11 deletions(-) create mode 100644 platform/linux-generic/include/odp_ipsec_internal.h create mode 100644 platform/linux-generic/odp_ipsec_events.c diff --git a/platform/linux-generic/Makefile.am b/platform/linux-generic/Makefile.am index 79f0e70..0cd8149 100644 --- a/platform/linux-generic/Makefile.am +++ b/platform/linux-generic/Makefile.am @@ -155,6 +155,7 @@ noinst_HEADERS = \ ${srcdir}/include/odp_errno_define.h \ ${srcdir}/include/odp_forward_typedefs_internal.h \ ${srcdir}/include/odp_internal.h \ + ${srcdir}/include/odp_ipsec_internal.h \ ${srcdir}/include/odp_name_table_internal.h \ ${srcdir}/include/odp_packet_internal.h \ ${srcdir}/include/odp_packet_io_internal.h \ @@ -206,6 +207,7 @@ __LIB__libodp_linux_la_SOURCES = \ odp_init.c \ odp_impl.c \ odp_ipsec.c \ + odp_ipsec_events.c \ odp_name_table.c \ odp_packet.c \ odp_packet_flags.c \ diff --git a/platform/linux-generic/include/odp/api/plat/event_types.h b/platform/linux-generic/include/odp/api/plat/event_types.h index 0f51783..cb3a1f8 100644 --- a/platform/linux-generic/include/odp/api/plat/event_types.h +++ b/platform/linux-generic/include/odp/api/plat/event_types.h @@ -39,7 +39,8 @@ typedef enum odp_event_type_t { ODP_EVENT_PACKET = 2, ODP_EVENT_TIMEOUT = 3, ODP_EVENT_CRYPTO_COMPL = 4, - ODP_EVENT_IPSEC_RESULT = 5 + ODP_EVENT_IPSEC_RESULT = 5, + ODP_EVENT_IPSEC_STATUS = 6 } odp_event_type_t; /** diff --git a/platform/linux-generic/include/odp_internal.h b/platform/linux-generic/include/odp_internal.h index 90e2a62..ca8a262 100644 --- a/platform/linux-generic/include/odp_internal.h +++ b/platform/linux-generic/include/odp_internal.h @@ -70,6 +70,7 @@ enum init_stage { CLASSIFICATION_INIT, TRAFFIC_MNGR_INIT, NAME_TABLE_INIT, + IPSEC_EVENTS_INIT, MODULES_INIT, ALL_INIT /* All init stages completed */ }; @@ -129,6 +130,9 @@ int _odp_ishm_init_local(void); int _odp_ishm_term_global(void); int _odp_ishm_term_local(void); +int odp_ipsec_events_init_global(void); +int odp_ipsec_events_term_global(void); + int _odp_modules_init_global(void); int cpuinfo_parser(FILE *file, system_info_t *sysinfo); diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h new file mode 100644 index 0000000..9f644a8 --- /dev/null +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -0,0 +1,150 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * @file + * + * ODP internal IPsec routines + */ + +#ifndef ODP_IPSEC_INTERNAL_H_ +#define ODP_IPSEC_INTERNAL_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +#include + +/** @ingroup odp_ipsec + * @{ + */ + +typedef ODP_HANDLE_T(ipsec_result_t); + +#define ODP_IPSEC_RESULT_INVALID \ + _odp_cast_scalar(ipsec_result_t, 0xffffffff) + +typedef ODP_HANDLE_T(ipsec_status_t); + +#define ODP_IPSEC_STATUS_INVALID \ + _odp_cast_scalar(ipsec_status_t, 0xffffffff) + +typedef struct ipsec_ctx_s ipsec_ctx_t; + +/** + * @internal Free IPsec context + * + * Frees the IPsec context into the pool it was allocated from. + * + * @param ctx IPsec context + */ +void _odp_ipsec_ctx_free(ipsec_ctx_t *ctx); + +/** + * @internal Process context filling operation result information + * + * Processes IPsec operation context related to completed operation, extracting + * operation result information. This function may update context provided via + * pointer to opaque context pointer. + * + * @param ctx IPsec context pointer. + * @param[out] result Pointer to operation result for output. May be + * NULL, if application is interested only on the + * number of packets. + * + * @return Number of packets remaining in the event. + * @retval <0 On failure + */ +int _odp_ipsec_ctx_result(ipsec_ctx_t *ctx, odp_ipsec_op_result_t *result); + +/** + * @internal Get ipsec_result handle from event + * + * Converts an ODP_EVENT_IPSEC_RESULT type event to an IPsec result event. + * + * @param ev Event handle + * + * @return IPsec result handle + * + * @see odp_event_type() + */ +ipsec_result_t _odp_ipsec_result_from_event(odp_event_t ev); + +/** + * @internal Free IPsec result event + * + * Frees the ipsec_result into the ipsec_result pool it was allocated from. + * + * @param res IPsec result handle + */ +void _odp_ipsec_result_free(ipsec_result_t res); + +/** + * @internal Send ODP_IPSEC_RESULT event + * + * Sends the ipsec_result event using provided information + * + * @param queue destination queue + * @param ctx IPsec context for the operation + * + * @retval 0 on success + * @retval <0 on failure + */ +int _odp_ipsec_result_send(odp_queue_t queue, ipsec_ctx_t *ctx); + +/** + * @internal Get ipsec_status handle from event + * + * Converts an ODP_EVENT_IPSEC_STATUS type event to an IPsec status event. + * + * @param ev Event handle + * + * @return IPsec status handle + * + * @see odp_event_type() + */ +ipsec_status_t _odp_ipsec_status_from_event(odp_event_t ev); + +/** + * @internal Free IPsec status event + * + * Frees the ipsec_status into the ipsec_status pool it was allocated from. + * + * @param res IPsec status handle + */ +void _odp_ipsec_status_free(ipsec_status_t status); + +/** + * @internal Send ODP_IPSEC_STATUS event + * + * Sends the ipsec_status event using provided information + * + * @param queue destination queue + * @param id status id + * @param ret status value + * @param sa SA respective to the operation + * + * @retval 0 on success + * @retval <0 on failure + */ +int _odp_ipsec_status_send(odp_queue_t queue, + odp_ipsec_status_id_t id, + int ret, + odp_ipsec_sa_t sa); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/platform/linux-generic/odp_event.c b/platform/linux-generic/odp_event.c index d71f446..fd0a5ff 100644 --- a/platform/linux-generic/odp_event.c +++ b/platform/linux-generic/odp_event.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -34,6 +35,12 @@ void odp_event_free(odp_event_t event) case ODP_EVENT_CRYPTO_COMPL: odp_crypto_compl_free(odp_crypto_compl_from_event(event)); break; + case ODP_EVENT_IPSEC_RESULT: + _odp_ipsec_result_free(_odp_ipsec_result_from_event(event)); + break; + case ODP_EVENT_IPSEC_STATUS: + _odp_ipsec_status_free(_odp_ipsec_status_from_event(event)); + break; default: ODP_ABORT("Invalid event type: %d\n", odp_event_type(event)); } diff --git a/platform/linux-generic/odp_init.c b/platform/linux-generic/odp_init.c index 685e02f..647c05e 100644 --- a/platform/linux-generic/odp_init.c +++ b/platform/linux-generic/odp_init.c @@ -266,6 +266,12 @@ int odp_init_global(odp_instance_t *instance, } stage = NAME_TABLE_INIT; + if (odp_ipsec_events_init_global()) { + ODP_ERR("ODP IPsec events init failed.\n"); + goto init_failed; + } + stage = IPSEC_EVENTS_INIT; + if (_odp_modules_init_global()) { ODP_ERR("ODP modules init failed\n"); goto init_failed; @@ -296,6 +302,13 @@ int _odp_term_global(enum init_stage stage) switch (stage) { case ALL_INIT: case MODULES_INIT: + case IPSEC_EVENTS_INIT: + if (odp_ipsec_events_term_global()) { + ODP_ERR("ODP IPsec events term failed.\n"); + rc = -1; + } + /* Fall through */ + case NAME_TABLE_INIT: if (_odp_int_name_tbl_term_global()) { ODP_ERR("Name table term failed.\n"); diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 10918df..7d6b410 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -6,6 +6,8 @@ #include +#include + #include int odp_ipsec_capability(odp_ipsec_capability_t *capa) @@ -73,6 +75,11 @@ int odp_ipsec_sa_destroy(odp_ipsec_sa_t sa) return -1; } +void _odp_ipsec_ctx_free(ipsec_ctx_t *ctx) +{ + (void)ctx; +} + int odp_ipsec_in(const odp_ipsec_op_param_t *input, odp_ipsec_op_result_t *output) { @@ -114,18 +121,10 @@ int odp_ipsec_out_inline(const odp_ipsec_op_param_t *op_param, return -1; } -int odp_ipsec_result(odp_ipsec_op_result_t *result, odp_event_t event) +int _odp_ipsec_ctx_result(ipsec_ctx_t *ctx, odp_ipsec_op_result_t *result) { + (void)ctx; (void)result; - (void)event; - - return -1; -} - -int odp_ipsec_status(odp_ipsec_status_t *status, odp_event_t event) -{ - (void)status; - (void)event; return -1; } diff --git a/platform/linux-generic/odp_ipsec_events.c b/platform/linux-generic/odp_ipsec_events.c new file mode 100644 index 0000000..5a31430 --- /dev/null +++ b/platform/linux-generic/odp_ipsec_events.c @@ -0,0 +1,269 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include + +#include +#include +#include +#include +#include + +typedef struct { + /* common buffer header */ + odp_buffer_hdr_t buf_hdr; + + ipsec_ctx_t *ctx; +} ipsec_result_hdr_t; + +typedef struct { + /* common buffer header */ + odp_buffer_hdr_t buf_hdr; + + odp_ipsec_status_t status; +} ipsec_status_hdr_t; + +static odp_pool_t ipsec_result_pool = ODP_POOL_INVALID; +static odp_pool_t ipsec_status_pool = ODP_POOL_INVALID; + +#define IPSEC_EVENTS_POOL_BUF_COUNT 1024 + +int odp_ipsec_events_init_global(void) +{ + odp_pool_param_t param; + + param.buf.size = sizeof(ipsec_result_hdr_t); + param.buf.align = 0; + param.buf.num = IPSEC_EVENTS_POOL_BUF_COUNT; + param.type = ODP_POOL_BUFFER; + + ipsec_result_pool = odp_pool_create("ipsec_result_pool", ¶m); + if (ODP_POOL_INVALID == ipsec_result_pool) { + ODP_ERR("Error: result pool create failed.\n"); + goto err_result; + } + + param.buf.size = sizeof(ipsec_status_hdr_t); + param.buf.align = 0; + param.buf.num = IPSEC_EVENTS_POOL_BUF_COUNT; + param.type = ODP_POOL_BUFFER; + + ipsec_status_pool = odp_pool_create("ipsec_status_pool", ¶m); + if (ODP_POOL_INVALID == ipsec_status_pool) { + ODP_ERR("Error: status pool create failed.\n"); + goto err_status; + } + + return 0; + +err_status: + (void)odp_pool_destroy(ipsec_result_pool); +err_result: + return -1; +} + +int odp_ipsec_events_term_global(void) +{ + int ret = 0; + int rc = 0; + + ret = odp_pool_destroy(ipsec_status_pool); + if (ret < 0) { + ODP_ERR("status pool destroy failed"); + rc = -1; + } + + ret = odp_pool_destroy(ipsec_result_pool); + if (ret < 0) { + ODP_ERR("result pool destroy failed"); + rc = -1; + } + + return rc; +} + +ipsec_result_t _odp_ipsec_result_from_event(odp_event_t ev) +{ + ODP_ASSERT(ODP_EVENT_INVALID != ev); + ODP_ASSERT(ODP_EVENT_IPSEC_RESULT == odp_event_type(ev)); + + return (ipsec_result_t)ev; +} + +static +odp_event_t ipsec_result_to_event(ipsec_result_t res) +{ + ODP_ASSERT(ODP_IPSEC_RESULT_INVALID != res); + + return (odp_event_t)res; +} + +static +ipsec_result_hdr_t *ipsec_result_hdr_from_buf(odp_buffer_t buf) +{ + return (ipsec_result_hdr_t *)(void *)buf_hdl_to_hdr(buf); +} + +static +ipsec_result_hdr_t *ipsec_result_hdr(ipsec_result_t res) +{ + odp_buffer_t buf = odp_buffer_from_event(ipsec_result_to_event(res)); + + return ipsec_result_hdr_from_buf(buf); +} + +static +ipsec_result_t _odp_ipsec_result_alloc(void) +{ + odp_buffer_t buf = odp_buffer_alloc(ipsec_result_pool); + + if (odp_unlikely(buf == ODP_BUFFER_INVALID)) + return ODP_IPSEC_RESULT_INVALID; + + _odp_buffer_event_type_set(buf, ODP_EVENT_IPSEC_RESULT); + + return _odp_ipsec_result_from_event(odp_buffer_to_event(buf)); +} + +void _odp_ipsec_result_free(ipsec_result_t res) +{ + odp_event_t ev = ipsec_result_to_event(res); + ipsec_result_hdr_t *res_hdr = ipsec_result_hdr(res); + + _odp_ipsec_ctx_free(res_hdr->ctx); + + odp_buffer_free(odp_buffer_from_event(ev)); +} + +int _odp_ipsec_result_send(odp_queue_t queue, ipsec_ctx_t *ctx) +{ + ipsec_result_t ipsec_ev; + ipsec_result_hdr_t *res_hdr; + + ipsec_ev = _odp_ipsec_result_alloc(); + if (odp_unlikely(ODP_IPSEC_RESULT_INVALID == ipsec_ev)) + return -1; + + res_hdr = ipsec_result_hdr(ipsec_ev); + res_hdr->ctx = ctx; + + if (odp_queue_enq(queue, ipsec_result_to_event(ipsec_ev))) { + _odp_ipsec_result_free(ipsec_ev); + return -1; + } + + return 0; +} + +int odp_ipsec_result(odp_ipsec_op_result_t *result, odp_event_t event) +{ + ipsec_result_t ipsec_ev; + ipsec_result_hdr_t *res_hdr; + + ODP_ASSERT(ODP_EVENT_INVALID != event); + + ipsec_ev = _odp_ipsec_result_from_event(event); + ODP_ASSERT(ODP_IPSEC_RESULT_INVALID != ipsec_ev); + + res_hdr = ipsec_result_hdr(ipsec_ev); + + return _odp_ipsec_ctx_result(res_hdr->ctx, result); +} + +ipsec_status_t _odp_ipsec_status_from_event(odp_event_t ev) +{ + ODP_ASSERT(ODP_EVENT_INVALID != ev); + ODP_ASSERT(ODP_EVENT_IPSEC_STATUS == odp_event_type(ev)); + + return (ipsec_status_t)ev; +} + +static +odp_event_t ipsec_status_to_event(ipsec_status_t status) +{ + ODP_ASSERT(ODP_IPSEC_STATUS_INVALID != status); + + return (odp_event_t)status; +} + +static +ipsec_status_hdr_t *ipsec_status_hdr_from_buf(odp_buffer_t buf) +{ + return (ipsec_status_hdr_t *)(void *)buf_hdl_to_hdr(buf); +} + +static +ipsec_status_hdr_t *ipsec_status_hdr(ipsec_status_t status) +{ + odp_buffer_t buf = odp_buffer_from_event(ipsec_status_to_event(status)); + + return ipsec_status_hdr_from_buf(buf); +} + +static +ipsec_status_t odp_ipsec_status_alloc(void) +{ + odp_buffer_t buf = odp_buffer_alloc(ipsec_status_pool); + + if (odp_unlikely(buf == ODP_BUFFER_INVALID)) + return ODP_IPSEC_STATUS_INVALID; + + _odp_buffer_event_type_set(buf, ODP_EVENT_IPSEC_STATUS); + + return _odp_ipsec_status_from_event(odp_buffer_to_event(buf)); +} + +void _odp_ipsec_status_free(ipsec_status_t status) +{ + odp_event_t ev = ipsec_status_to_event(status); + + odp_buffer_free(odp_buffer_from_event(ev)); +} + +int _odp_ipsec_status_send(odp_queue_t queue, + odp_ipsec_status_id_t id, + int ret, + odp_ipsec_sa_t sa) +{ + ipsec_status_t ipsec_ev = odp_ipsec_status_alloc(); + ipsec_status_hdr_t *status_hdr; + + if (ODP_IPSEC_STATUS_INVALID == ipsec_ev) + return -1; + + status_hdr = ipsec_status_hdr(ipsec_ev); + + status_hdr->status.id = id; + status_hdr->status.ret = ret; + status_hdr->status.sa = sa; + + if (odp_queue_enq(queue, ipsec_status_to_event(ipsec_ev))) { + _odp_ipsec_status_free(ipsec_ev); + return -1; + } + + return 0; +} + +int odp_ipsec_status(odp_ipsec_status_t *status, odp_event_t event) +{ + ipsec_status_t ipsec_ev; + ipsec_status_hdr_t *status_hdr; + + if (odp_unlikely(ODP_EVENT_INVALID == event)) + return -1; + + ipsec_ev = _odp_ipsec_status_from_event(event); + if (odp_unlikely(ODP_IPSEC_STATUS_INVALID == ipsec_ev)) + return -1; + + status_hdr = ipsec_status_hdr(ipsec_ev); + + *status = status_hdr->status; + + return 0; +} From patchwork Thu May 11 23:00:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99697 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp37428qge; Thu, 11 May 2017 16:09:26 -0700 (PDT) X-Received: by 10.200.37.201 with SMTP id f9mr1150727qtf.138.1494544166056; Thu, 11 May 2017 16:09:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494544166; cv=none; d=google.com; s=arc-20160816; b=j98lMhdNb8bsL5bDBv2zzpWlgJ2KbXv/4lfM+zXsHiPuqIZ+J0ZoWNIXRoPBVNjdaW rah6Bhjf9Llt1eiSbTootslIgQ3sEjwH3gwaRATqgerWXlCq91p62Ki/UvgMONhXKd5b 1pKSc8s//z3eAxiLKB2Uz89Xalh/MkwmUA1yBjMjO6K2qUSoYs3qc4lUgdoO8danwgHy 3iRuatUB1hyXqZreS1XI/OkWJCkk2GXVBgVEqVVGFJHQXoG3W/ZwAR69Jg8Fui4b0NIl tRzVrkBW78sun/IQ5gVqsLttx69Jea/TdVlNNraHQJBTeGMpSdalZbWMVpjud2aRaGdC MneQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=f3Oc0fKNmzOQYCQ+SEbAyaknkH4TQ7/qf57JmaTy4RY=; b=lC6XJAObImCQRmOa7oY8TUa7qORJ3nQMZDhTSHKSNPZ8p/QgwNOfYifLv2mn591sEq P/9OU/R+K4OV/ea3BF3+DKuZ4GXO7spq4mHSNfI8uFGbHdInWQDmV9m07Hzx7V2msPvf f5GDO+Ns1Ng+GM8pmn9dn4NqHMGudwvpnLil4NwIe4qfQbj2VK3gSjkNK9QAlGZAccIB Ye8nvkP83U/IZORsbaNHzeHXsvFdFV+OExsfQtUXvZ5aNw8JZKQ55pt5IkgYM6Z4Kmkj CgH//PLDfBYvRap0AG567G0hVAXlcYurAH2hnmCuFyqPQrPJ8hHUf3CCjHP0yoevP19V EHoQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id 6si1400256qtg.102.2017.05.11.16.09.25; Thu, 11 May 2017 16:09:26 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id A92BB60CE5; Thu, 11 May 2017 23:09:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 5995760D4B; Thu, 11 May 2017 23:02:04 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 121126069B; Thu, 11 May 2017 23:01:44 +0000 (UTC) Received: from forward5p.cmail.yandex.net (forward5p.cmail.yandex.net [77.88.31.20]) by lists.linaro.org (Postfix) with ESMTPS id 25D42606A2 for ; Thu, 11 May 2017 23:01:07 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [84.201.186.20]) by forward5p.cmail.yandex.net (Yandex) with ESMTP id 15C7520C7B for ; Fri, 12 May 2017 02:01:06 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id E2569440E7A for ; Fri, 12 May 2017 02:01:05 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id orGMuV8N85-14YOvVYD; Fri, 12 May 2017 02:01:04 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 02:00:07 +0300 Message-Id: <1494543609-26126-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> References: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v4 8/10] linux-generic: ipsec: implement IPsec SAD X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Implement SA database and SA handling. - only IPv4 is supported for now - no support for time-based limits Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: b81277da57f0fe188a9a4e88872bba7ec92283ca **/ platform/linux-generic/Makefile.am | 1 + platform/linux-generic/include/odp_internal.h | 4 + .../linux-generic/include/odp_ipsec_internal.h | 92 ++++ platform/linux-generic/odp_init.c | 13 + platform/linux-generic/odp_ipsec.c | 46 -- platform/linux-generic/odp_ipsec_sad.c | 480 +++++++++++++++++++++ 6 files changed, 590 insertions(+), 46 deletions(-) create mode 100644 platform/linux-generic/odp_ipsec_sad.c diff --git a/platform/linux-generic/Makefile.am b/platform/linux-generic/Makefile.am index 0cd8149..6f61239 100644 --- a/platform/linux-generic/Makefile.am +++ b/platform/linux-generic/Makefile.am @@ -208,6 +208,7 @@ __LIB__libodp_linux_la_SOURCES = \ odp_impl.c \ odp_ipsec.c \ odp_ipsec_events.c \ + odp_ipsec_sad.c \ odp_name_table.c \ odp_packet.c \ odp_packet_flags.c \ diff --git a/platform/linux-generic/include/odp_internal.h b/platform/linux-generic/include/odp_internal.h index ca8a262..4662651 100644 --- a/platform/linux-generic/include/odp_internal.h +++ b/platform/linux-generic/include/odp_internal.h @@ -71,6 +71,7 @@ enum init_stage { TRAFFIC_MNGR_INIT, NAME_TABLE_INIT, IPSEC_EVENTS_INIT, + IPSEC_SAD_INIT, MODULES_INIT, ALL_INIT /* All init stages completed */ }; @@ -133,6 +134,9 @@ int _odp_ishm_term_local(void); int odp_ipsec_events_init_global(void); int odp_ipsec_events_term_global(void); +int odp_ipsec_sad_init_global(void); +int odp_ipsec_sad_term_global(void); + int _odp_modules_init_global(void); int cpuinfo_parser(FILE *file, system_info_t *sysinfo); diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 9f644a8..c350e36 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -20,7 +20,9 @@ extern "C" { #include #include +#include #include +#include /** @ingroup odp_ipsec * @{ @@ -38,6 +40,8 @@ typedef ODP_HANDLE_T(ipsec_status_t); typedef struct ipsec_ctx_s ipsec_ctx_t; +typedef struct ipsec_sa_s ipsec_sa_t; + /** * @internal Free IPsec context * @@ -139,6 +143,94 @@ int _odp_ipsec_status_send(odp_queue_t queue, int ret, odp_ipsec_sa_t sa); +#define MAX_IV_LEN 32 /**< Maximum IV length in bytes */ + +/** + * Maximum number of available SAs + */ +#define ODP_CONFIG_IPSEC_SAS 8 + +struct ipsec_sa_s { + odp_atomic_u32_t state ODP_ALIGNED_CACHE; + + unsigned in_place : 1; + unsigned dec_ttl : 1; + + uint8_t tun_ttl; + + odp_ipsec_sa_t ipsec_sa_hdl; + uint32_t ipsec_sa_idx; + + odp_ipsec_mode_t mode; + odp_ipsec_lookup_mode_t lookup_mode; + odp_crypto_session_t session; + void *context; + odp_queue_t queue; + + odp_u32be_t lookup_dst_ip; + odp_u32be_t tun_src_ip; + odp_u32be_t tun_dst_ip; + + odp_ipsec_protocol_t proto; + uint32_t icv_len; + uint32_t esp_iv_len; + uint32_t esp_block_len; + uint32_t spi; + uint8_t iv[MAX_IV_LEN]; /**< ESP IV storage */ + + /* 32-bit from which low 16 are used */ + odp_atomic_u32_t tun_hdr_id; + odp_atomic_u32_t seq; + + /* Limits */ + uint64_t soft_limit_bytes; + uint64_t soft_limit_packets; + uint64_t hard_limit_bytes; + uint64_t hard_limit_packets; + + /* Statistics for soft/hard expiration */ + odp_atomic_u64_t bytes; + odp_atomic_u64_t packets; +}; + +/** + * IPSEC Security Association (SA) lookup parameters + */ +typedef struct odp_ipsec_sa_lookup_s { + /** IPSEC protocol: ESP or AH */ + odp_ipsec_protocol_t proto; + + /** SPI value */ + uint32_t spi; + + /* FIXME: IPv4 vs IPv6 */ + + /** IP destination address (NETWORK ENDIAN) */ + void *dst_addr; +} ipsec_sa_lookup_t; + +/** + * Obtain SA reference + */ +ipsec_sa_t *_odp_ipsec_sa_use(odp_ipsec_sa_t sa); + +/** + * Release SA reference + */ +void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa); + +/** + * Lookup SA corresponding to inbound packet pkt + */ +ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup); + +/** + * Update SA usage statistics, filling respective status for the packet. + * + * @retval <0 if hard limits were breached + */ +int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); + /** * @} */ diff --git a/platform/linux-generic/odp_init.c b/platform/linux-generic/odp_init.c index 647c05e..30dc54d 100644 --- a/platform/linux-generic/odp_init.c +++ b/platform/linux-generic/odp_init.c @@ -272,6 +272,12 @@ int odp_init_global(odp_instance_t *instance, } stage = IPSEC_EVENTS_INIT; + if (odp_ipsec_sad_init_global()) { + ODP_ERR("ODP IPsec SAD init failed.\n"); + goto init_failed; + } + stage = IPSEC_SAD_INIT; + if (_odp_modules_init_global()) { ODP_ERR("ODP modules init failed\n"); goto init_failed; @@ -302,6 +308,13 @@ int _odp_term_global(enum init_stage stage) switch (stage) { case ALL_INIT: case MODULES_INIT: + case IPSEC_SAD_INIT: + if (odp_ipsec_sad_term_global()) { + ODP_ERR("ODP IPsec SAD term failed.\n"); + rc = -1; + } + /* Fall through */ + case IPSEC_EVENTS_INIT: if (odp_ipsec_events_term_global()) { ODP_ERR("ODP IPsec events term failed.\n"); diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 7d6b410..6620daf 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -49,32 +49,6 @@ int odp_ipsec_config(const odp_ipsec_config_t *config) return -1; } -void odp_ipsec_sa_param_init(odp_ipsec_sa_param_t *param) -{ - memset(param, 0, sizeof(odp_ipsec_sa_param_t)); -} - -odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) -{ - (void)param; - - return ODP_IPSEC_SA_INVALID; -} - -int odp_ipsec_sa_disable(odp_ipsec_sa_t sa) -{ - (void)sa; - - return -1; -} - -int odp_ipsec_sa_destroy(odp_ipsec_sa_t sa) -{ - (void)sa; - - return -1; -} - void _odp_ipsec_ctx_free(ipsec_ctx_t *ctx) { (void)ctx; @@ -128,23 +102,3 @@ int _odp_ipsec_ctx_result(ipsec_ctx_t *ctx, odp_ipsec_op_result_t *result) return -1; } - -int odp_ipsec_mtu_update(odp_ipsec_sa_t sa, uint32_t mtu) -{ - (void)sa; - (void)mtu; - - return -1; -} - -void *odp_ipsec_sa_context(odp_ipsec_sa_t sa) -{ - (void)sa; - - return NULL; -} - -uint64_t odp_ipsec_sa_to_u64(odp_ipsec_sa_t sa) -{ - return _odp_pri(sa); -} diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c new file mode 100644 index 0000000..71aae06 --- /dev/null +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -0,0 +1,480 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include +#include +#include + +#include +#include + +#include + +#define IPSEC_SA_STATE_DISABLE 0x40000000 +#define IPSEC_SA_STATE_FREE 0xc0000000 /* This includes disable !!! */ + +typedef struct ipsec_sa_table_t { + ipsec_sa_t ipsec_sa[ODP_CONFIG_IPSEC_SAS]; + odp_shm_t shm; +} ipsec_sa_table_t; + +static ipsec_sa_table_t *ipsec_sa_tbl; + +static inline +ipsec_sa_t *ipsec_sa_entry(uint32_t ipsec_sa_idx) +{ + return &ipsec_sa_tbl->ipsec_sa[ipsec_sa_idx]; +} + +static inline +ipsec_sa_t *ipsec_sa_entry_from_hdl(odp_ipsec_sa_t ipsec_sa_hdl) +{ + return ipsec_sa_entry(_odp_typeval(ipsec_sa_hdl)); +} + +static inline +odp_ipsec_sa_t ipsec_sa_index_to_handle(uint32_t ipsec_sa_idx) +{ + return _odp_cast_scalar(odp_ipsec_sa_t, ipsec_sa_idx); +} + +int odp_ipsec_sad_init_global(void) +{ + odp_shm_t shm; + unsigned i; + + shm = odp_shm_reserve("ipsec_sa_table", + sizeof(ipsec_sa_table_t), + ODP_CACHE_LINE_SIZE, 0); + + ipsec_sa_tbl = odp_shm_addr(shm); + if (ipsec_sa_tbl == NULL) + return -1; + + memset(ipsec_sa_tbl, 0, sizeof(ipsec_sa_table_t)); + ipsec_sa_tbl->shm = shm; + + for (i = 0; i < ODP_CONFIG_IPSEC_SAS; i++) { + ipsec_sa_t *ipsec_sa = ipsec_sa_entry(i); + + ipsec_sa->ipsec_sa_hdl = ipsec_sa_index_to_handle(i); + ipsec_sa->ipsec_sa_idx = i; + odp_atomic_init_u32(&ipsec_sa->state, IPSEC_SA_STATE_FREE); + odp_atomic_init_u32(&ipsec_sa->seq, 0); + odp_atomic_init_u32(&ipsec_sa->tun_hdr_id, 0); + odp_atomic_init_u64(&ipsec_sa->bytes, 0); + odp_atomic_init_u64(&ipsec_sa->packets, 0); + } + + return 0; +} + +int odp_ipsec_sad_term_global(void) +{ + int i; + ipsec_sa_t *ipsec_sa; + int ret = 0; + int rc = 0; + + for (i = 0; i < ODP_CONFIG_IPSEC_SAS; i++) { + ipsec_sa = ipsec_sa_entry(i); + + if (odp_atomic_load_u32(&ipsec_sa->state) != IPSEC_SA_STATE_FREE) { + ODP_ERR("Not destroyed ipsec_sa: %u\n", ipsec_sa->ipsec_sa_idx); + rc = -1; + } + odp_atomic_store_u32(&ipsec_sa->state, IPSEC_SA_STATE_FREE); + } + + ret = odp_shm_free(ipsec_sa_tbl->shm); + if (ret < 0) { + ODP_ERR("shm free failed"); + rc = -1; + } + + return rc; +} + +static +ipsec_sa_t *ipsec_sa_reserve(void) +{ + int i; + ipsec_sa_t *ipsec_sa; + + for (i = 0; i < ODP_CONFIG_IPSEC_SAS; i++) { + uint32_t state = IPSEC_SA_STATE_FREE; + + ipsec_sa = ipsec_sa_entry(i); + + if (odp_atomic_cas_acq_u32(&ipsec_sa->state, &state, 0)) + return ipsec_sa; + } + + return NULL; +} + +static +void ipsec_sa_release(ipsec_sa_t *ipsec_sa) +{ + odp_atomic_store_rel_u32(&ipsec_sa->state, IPSEC_SA_STATE_FREE); +} + +static +int ipsec_sa_lock(ipsec_sa_t *ipsec_sa) +{ + int cas = 0; + uint32_t state = odp_atomic_load_u32(&ipsec_sa->state); + + while (0 == cas) { + /* This can be called from lookup path, so we really need this check */ + if (state & IPSEC_SA_STATE_DISABLE) + return -1; + + cas = odp_atomic_cas_acq_u32(&ipsec_sa->state, &state, + state + 1); + } + + return 0; +} + +/* Do not call directly, use _odp_ipsec_sa_unuse */ +static +odp_bool_t ipsec_sa_unlock(ipsec_sa_t *ipsec_sa) +{ + int cas = 0; + uint32_t state = odp_atomic_load_u32(&ipsec_sa->state); + + while (0 == cas) + cas = odp_atomic_cas_rel_u32(&ipsec_sa->state, &state, + state - 1); + + return state == IPSEC_SA_STATE_DISABLE; +} + +ipsec_sa_t *_odp_ipsec_sa_use(odp_ipsec_sa_t sa) +{ + ipsec_sa_t *ipsec_sa; + + ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); + + ipsec_sa = ipsec_sa_entry_from_hdl(sa); + + if (ipsec_sa_lock(ipsec_sa) < 0) + return NULL; + + return ipsec_sa; +} + +void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa) +{ + odp_queue_t queue; + odp_ipsec_sa_t sa; + + ODP_ASSERT(NULL != ipsec_sa); + + queue = ipsec_sa->queue; + sa = ipsec_sa->ipsec_sa_hdl; + + if (ipsec_sa_unlock(ipsec_sa) && ODP_QUEUE_INVALID != queue) + _odp_ipsec_status_send(queue, + ODP_IPSEC_STATUS_SA_DISABLE, + 0, + sa); +} + +void odp_ipsec_sa_param_init(odp_ipsec_sa_param_t *param) +{ + memset(param, 0, sizeof(odp_ipsec_sa_param_t)); + param->dest_queue = ODP_QUEUE_INVALID; +} + +odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) +{ + ipsec_sa_t *ipsec_sa; + odp_crypto_session_param_t crypto_param; + odp_crypto_ses_create_err_t ses_create_rc; + + ipsec_sa = ipsec_sa_reserve(); + if (NULL == ipsec_sa) { + ODP_ERR("No more free SA\n"); + return ODP_IPSEC_SA_INVALID; + } + +#if 1 + ipsec_sa->in_place = 0; +#else + ipsec_sa->in_place = 1; +#endif + ipsec_sa->proto = param->proto; + ipsec_sa->spi = param->spi; + odp_atomic_store_u32(&ipsec_sa->seq, param->seq); + ipsec_sa->context = param->context; + ipsec_sa->queue = param->dest_queue; + ipsec_sa->mode = param->mode; + ipsec_sa->lookup_mode = param->lookup_mode; + ipsec_sa->dec_ttl = param->opt.dec_ttl; + + odp_atomic_store_u64(&ipsec_sa->bytes, 0); + odp_atomic_store_u64(&ipsec_sa->packets, 0); + ipsec_sa->soft_limit_bytes = param->lifetime.soft_limit.bytes; + ipsec_sa->soft_limit_packets = param->lifetime.soft_limit.packets; + ipsec_sa->hard_limit_bytes = param->lifetime.hard_limit.bytes; + ipsec_sa->hard_limit_packets = param->lifetime.hard_limit.packets; + + if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->lookup_mode) + memcpy(&ipsec_sa->lookup_dst_ip, param->lookup_param.dst_addr, sizeof(ipsec_sa->lookup_dst_ip)); + + if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { + if (param->tunnel.type != ODP_IPSEC_TUNNEL_IPV4) { + ipsec_sa_release(ipsec_sa); + + return ODP_IPSEC_SA_INVALID; + } + memcpy(&ipsec_sa->tun_src_ip, param->tunnel.ipv4.src_addr, sizeof(ipsec_sa->tun_src_ip)); + memcpy(&ipsec_sa->tun_dst_ip, param->tunnel.ipv4.dst_addr, sizeof(ipsec_sa->tun_dst_ip)); + odp_atomic_store_u32(&ipsec_sa->tun_hdr_id, 0); + ipsec_sa->tun_ttl = param->tunnel.ipv4.ttl; + } + + odp_crypto_session_param_init(&crypto_param); + + /* Setup parameters and call crypto library to create session */ + crypto_param.op = (ODP_IPSEC_DIR_INBOUND == param->dir) ? + ODP_CRYPTO_OP_DECODE : + ODP_CRYPTO_OP_ENCODE; + crypto_param.auth_cipher_text = 1; + + /* FIXME: is it possible to use ASYNC crypto to implement ASYNC and inline IPsec? */ + crypto_param.pref_mode = ODP_CRYPTO_SYNC; + crypto_param.compl_queue = ODP_QUEUE_INVALID; + crypto_param.output_pool = ODP_POOL_INVALID; + + crypto_param.cipher_alg = param->crypto.cipher_alg; + crypto_param.cipher_key = param->crypto.cipher_key; + crypto_param.auth_alg = param->crypto.auth_alg; + crypto_param.auth_key = param->crypto.auth_key; + + switch (crypto_param.auth_alg) { + case ODP_AUTH_ALG_NULL: + ipsec_sa->icv_len = 0; + break; +#if ODP_DEPRECATED_API + case ODP_AUTH_ALG_MD5_96: +#endif + case ODP_AUTH_ALG_MD5_HMAC: + ipsec_sa->icv_len = 12; + break; + case ODP_AUTH_ALG_SHA1_HMAC: + ipsec_sa->icv_len = 12; + break; +#if ODP_DEPRECATED_API + case ODP_AUTH_ALG_SHA256_128: +#endif + case ODP_AUTH_ALG_SHA256_HMAC: + ipsec_sa->icv_len = 16; + break; + case ODP_AUTH_ALG_SHA512_HMAC: + ipsec_sa->icv_len = 32; + break; +#if ODP_DEPRECATED_API + case ODP_AUTH_ALG_AES128_GCM: +#endif + case ODP_AUTH_ALG_AES_GCM: + ipsec_sa->icv_len = 16; + break; + default: + return ODP_IPSEC_SA_INVALID; + } + + switch (crypto_param.cipher_alg) { + case ODP_CIPHER_ALG_NULL: + ipsec_sa->esp_iv_len = 0; + ipsec_sa->esp_block_len = 1; + break; + case ODP_CIPHER_ALG_DES: + case ODP_CIPHER_ALG_3DES_CBC: + ipsec_sa->esp_iv_len = 8; + ipsec_sa->esp_block_len = 8; + break; +#if ODP_DEPRECATED_API + case ODP_CIPHER_ALG_AES128_CBC: + case ODP_CIPHER_ALG_AES128_GCM: +#endif + case ODP_CIPHER_ALG_AES_CBC: + case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->esp_iv_len = 16; + ipsec_sa->esp_block_len = 16; + break; + default: + return ODP_IPSEC_SA_INVALID; + } + + crypto_param.auth_digest_len = ipsec_sa->icv_len; + + /* Generate an IV */ + if (ipsec_sa->esp_iv_len) { + crypto_param.iv.data = ipsec_sa->iv; + crypto_param.iv.length = odp_random_data(crypto_param.iv.data, ipsec_sa->esp_iv_len, ODP_RANDOM_CRYPTO); + if (crypto_param.iv.length != ipsec_sa->esp_iv_len) + goto error; + } + + if (odp_crypto_session_create(&crypto_param, &ipsec_sa->session, &ses_create_rc)) + goto error; + + return ipsec_sa->ipsec_sa_hdl; + +error: + ipsec_sa_release(ipsec_sa); + + return ODP_IPSEC_SA_INVALID; +} + +int odp_ipsec_sa_disable(odp_ipsec_sa_t sa) +{ + ipsec_sa_t *ipsec_sa = ipsec_sa_entry_from_hdl(sa); + uint32_t state; + int cas = 0; + + /* This is a custom rwlock implementation. It is not possible to use + * original rwlock, because there is no way to test if current code is + * the last reader when disable operation is pending. */ + state = odp_atomic_load_u32(&ipsec_sa->state); + + while (0 == cas) { + if (state & IPSEC_SA_STATE_DISABLE) + return -1; + + cas = odp_atomic_cas_acq_u32(&ipsec_sa->state, &state, + state | IPSEC_SA_STATE_DISABLE); + } + + if (ODP_QUEUE_INVALID != ipsec_sa->queue) { + /* + * If there were not active state when we disabled SA, + * send the event. + */ + if (0 == state) + _odp_ipsec_status_send(ipsec_sa->queue, + ODP_IPSEC_STATUS_SA_DISABLE, + 0, + ipsec_sa->ipsec_sa_hdl); + + return 0; + } + + while (IPSEC_SA_STATE_DISABLE != state) { + odp_cpu_pause(); + state = odp_atomic_load_u32(&ipsec_sa->state); + } + + return 0; +} + +int odp_ipsec_sa_destroy(odp_ipsec_sa_t sa) +{ + ipsec_sa_t *ipsec_sa = ipsec_sa_entry_from_hdl(sa); + int rc = 0; + uint32_t state = odp_atomic_load_u32(&ipsec_sa->state); + + if (IPSEC_SA_STATE_DISABLE != state) { + ODP_ERR("Distroying not disabled ipsec_sa: %u\n", ipsec_sa->ipsec_sa_idx); + return -1; + } + + if (odp_crypto_session_destroy(ipsec_sa->session) < 0) { + ODP_ERR("Error destroying crypto session for ipsec_sa: %u\n", ipsec_sa->ipsec_sa_idx); + rc = -1; + } + + ipsec_sa_release(ipsec_sa); + + return rc; +} + +void *odp_ipsec_sa_context(odp_ipsec_sa_t sa) +{ + ipsec_sa_t *ipsec_sa = ipsec_sa_entry_from_hdl(sa); + + return ipsec_sa->context; +} + +uint64_t odp_ipsec_sa_to_u64(odp_ipsec_sa_t sa) +{ + return _odp_pri(sa); +} + +int odp_ipsec_mtu_update(odp_ipsec_sa_t sa, uint32_t mtu) +{ + (void)sa; + (void)mtu; + + return -1; +} + +ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) +{ + (void)lookup; + + int i; + ipsec_sa_t *ipsec_sa; + ipsec_sa_t *best = NULL; + + for (i = 0; i < ODP_CONFIG_IPSEC_SAS; i++) { + ipsec_sa = ipsec_sa_entry(i); + + if (ipsec_sa_lock(ipsec_sa) < 0) + continue; + + if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->lookup_mode && + lookup->proto == ipsec_sa->proto && + lookup->spi == ipsec_sa->spi && + !memcmp(lookup->dst_addr, &ipsec_sa->lookup_dst_ip, sizeof(ipsec_sa->lookup_dst_ip))) { + if (NULL != best) + _odp_ipsec_sa_unuse(best); + return ipsec_sa; + } else if (ODP_IPSEC_LOOKUP_SPI == ipsec_sa->lookup_mode && + lookup->proto == ipsec_sa->proto && + lookup->spi == ipsec_sa->spi) { + best = ipsec_sa; + } else { + _odp_ipsec_sa_unuse(ipsec_sa); + } + } + + return best; +} + +int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status) +{ + uint64_t bytes = odp_atomic_fetch_add_u64(&ipsec_sa->bytes, len) + len; + uint64_t packets = odp_atomic_fetch_add_u64(&ipsec_sa->packets, 1) + 1; + int rc = 0; + + if (ipsec_sa->soft_limit_bytes > 0 && bytes > ipsec_sa->soft_limit_bytes && bytes - len <= ipsec_sa->soft_limit_bytes) + status->flag.soft_exp_bytes = 1; + if (ipsec_sa->soft_limit_packets > 0 && packets > ipsec_sa->soft_limit_packets && packets - len <= ipsec_sa->soft_limit_packets) + status->flag.soft_exp_packets = 1; + + /* FIXME: send only in INLINE case */ + if (status->flag.soft_exp_bytes || status->flag.soft_exp_packets) + _odp_ipsec_status_send(ipsec_sa->queue, + ODP_IPSEC_STATUS_SA_SOFT_EXPIRED, + 0, + ipsec_sa->ipsec_sa_hdl); + + if (ipsec_sa->hard_limit_bytes > 0 && bytes > ipsec_sa->hard_limit_bytes) { + status->error.hard_exp_bytes = 1; + rc = -1; + } + if (ipsec_sa->hard_limit_packets > 0 && packets > ipsec_sa->hard_limit_packets) { + status->error.hard_exp_packets = 1; + rc = -1; + } + + return rc; +} From patchwork Thu May 11 23:00:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99698 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp37961qge; Thu, 11 May 2017 16:10:50 -0700 (PDT) X-Received: by 10.237.59.119 with SMTP id q52mr1096333qte.143.1494544250179; Thu, 11 May 2017 16:10:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494544250; cv=none; d=google.com; s=arc-20160816; b=Mgzs2ayvgJUV3ABbENeDr/qjWA7r3dF3DlKiIIHrgBITcOo2fvsu2rSi39LRsX6WFg Kld9ZpJ0FC7E+OP6gIqbN6tZ0Cgy4e3b91SjswLXzOSQOX30KnOOPN0/6NsEnSISwizw MS6REZ5vH1vfy4xPFJmWl6aidBsgKZyIVk/cjlu5Z+NBYGeMjFD/pxFVJ1L+tRZ83IYI vuSaJBcXPN798r+PUdpvIY9KPIDz52Qqy/UtNvC1CO4WZaAXyZc1Xu7fK77najmDM3l7 /WUQVTxq85TYKpxlXqEL3RrWXRlmhFFfNh3TTCvsmurJxrmk9m0ezRKYcilKaaK7xFVG z7+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=42IMimSMXW0r5LcrYd91jVcMr0nM4MWkBfUFw0uVRlo=; b=Vu66c3jiX0HktpEyOV/eDB4Fv+1kWEPdBUCFqr1DmYQ5V3guBh64oaVlAgHrvukGdP qj8z0yhNpYI3yucCfD5nUG2K/MdelwBC5DI9IRk6VIDZU5EAkvDTxa1EGc61Z+cqdjv5 t2HCeIhGeQQlonVI3LY2SDw38LPchn7LVI+qRp96qu0pKBh35Q9LGaYDUIrxiOxBPf81 k+a9aVXpUhUP1QvhQbsp706HCDI5IOTsOpS8Gr0qPrCGdlNIfjWDvGP5+6Cjkkf1jedK s84fmpDGANmOmgS73AsH1b/Ak3D6Mb8o+59EaLtgj+SKRWFunTYdzf6jkYN6/4PVfJdX Wygg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id r66si1410128qkb.243.2017.05.11.16.10.49; Thu, 11 May 2017 16:10:50 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id D03D060812; Thu, 11 May 2017 23:10:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id AEA2260D6C; Thu, 11 May 2017 23:02:15 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 4072D6069B; Thu, 11 May 2017 23:01:47 +0000 (UTC) Received: from forward8h.cmail.yandex.net (forward8h.cmail.yandex.net [87.250.230.219]) by lists.linaro.org (Postfix) with ESMTPS id 22326606A3 for ; Thu, 11 May 2017 23:01:10 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [84.201.186.20]) by forward8h.cmail.yandex.net (Yandex) with ESMTP id B8CB121544 for ; Fri, 12 May 2017 02:01:07 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id 43339440DF7 for ; Fri, 12 May 2017 02:01:06 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id orGMuV8N85-16Y0ls3w; Fri, 12 May 2017 02:01:06 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-ForeignMX: US X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 02:00:08 +0300 Message-Id: <1494543609-26126-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> References: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v4 9/10] linux-generic: ipsec: draft IPsec implementation X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov For now it's only a preview with the following limitation: - No inbound inline processing support - Only IPv4 support - No zeroing of mutable IPv4 options for AH ICV calculation - No replay protection - No ESN support - No SA options support: DF, DSCP, UDP, ESN Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: b81277da57f0fe188a9a4e88872bba7ec92283ca **/ platform/linux-generic/include/odp_internal.h | 4 + platform/linux-generic/odp_init.c | 13 + platform/linux-generic/odp_ipsec.c | 1020 ++++++++++++++++++++++++- 3 files changed, 1005 insertions(+), 32 deletions(-) diff --git a/platform/linux-generic/include/odp_internal.h b/platform/linux-generic/include/odp_internal.h index 4662651..85ebbca 100644 --- a/platform/linux-generic/include/odp_internal.h +++ b/platform/linux-generic/include/odp_internal.h @@ -72,6 +72,7 @@ enum init_stage { NAME_TABLE_INIT, IPSEC_EVENTS_INIT, IPSEC_SAD_INIT, + IPSEC_INIT, MODULES_INIT, ALL_INIT /* All init stages completed */ }; @@ -131,6 +132,9 @@ int _odp_ishm_init_local(void); int _odp_ishm_term_global(void); int _odp_ishm_term_local(void); +int odp_ipsec_init_global(void); +int odp_ipsec_term_global(void); + int odp_ipsec_events_init_global(void); int odp_ipsec_events_term_global(void); diff --git a/platform/linux-generic/odp_init.c b/platform/linux-generic/odp_init.c index 30dc54d..483ee74 100644 --- a/platform/linux-generic/odp_init.c +++ b/platform/linux-generic/odp_init.c @@ -278,6 +278,12 @@ int odp_init_global(odp_instance_t *instance, } stage = IPSEC_SAD_INIT; + if (odp_ipsec_init_global()) { + ODP_ERR("ODP IPsec init failed.\n"); + goto init_failed; + } + stage = IPSEC_INIT; + if (_odp_modules_init_global()) { ODP_ERR("ODP modules init failed\n"); goto init_failed; @@ -308,6 +314,13 @@ int _odp_term_global(enum init_stage stage) switch (stage) { case ALL_INIT: case MODULES_INIT: + case IPSEC_INIT: + if (odp_ipsec_term_global()) { + ODP_ERR("ODP IPsec term failed.\n"); + rc = -1; + } + /* Fall through */ + case IPSEC_SAD_INIT: if (odp_ipsec_sad_term_global()) { ODP_ERR("ODP IPsec SAD term failed.\n"); diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6620daf..585c2e1 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -4,101 +4,1057 @@ * SPDX-License-Identifier: BSD-3-Clause */ +#include #include +#include +#include +#include +#include +#include #include +#include -#include +#include +#include + +typedef void (*ipsec_postprocess_t)(ipsec_ctx_t *ctx); + +/** + * Per packet IPsec processing context + */ +struct ipsec_ctx_s { + odp_buffer_t buffer; /**< Buffer for context */ + ipsec_ctx_t *next; /**< Next context in event */ + + ipsec_postprocess_t postprocess; + ipsec_sa_t *ipsec_sa; + odp_crypto_op_result_t crypto; + odp_ipsec_op_status_t status; + odp_packet_t pkt; + + uint8_t ip_tos; /**< Saved IP TOS value */ + uint8_t ip_ttl; /**< Saved IP TTL value */ + uint16_t ip_frag_offset; /**< Saved IP flags value */ + unsigned hdr_len; /**< Length of IPsec headers */ + unsigned trl_len; /**< Length of IPsec trailers */ + + uint32_t src_ip; /**< SA source IP address */ + uint32_t dst_ip; /**< SA dest IP address */ + uint16_t ipsec_offset; /**< Offset of IPsec header from + buffer start */ + uint8_t iv[MAX_IV_LEN]; /**< ESP IV storage */ + + unsigned pkt_out : 1; /**< Packet was output to application */ +}; + +static odp_pool_t ipsec_ctx_pool = ODP_POOL_INVALID; + +#define IPSEC_CTX_POOL_BUF_COUNT 1024 + +int odp_ipsec_init_global(void) +{ + odp_pool_param_t param; + + /* Create context buffer pool */ + param.buf.size = sizeof(ipsec_ctx_t); + param.buf.align = 0; + param.buf.num = IPSEC_CTX_POOL_BUF_COUNT; + param.type = ODP_POOL_BUFFER; + + ipsec_ctx_pool = odp_pool_create("ipsec_ctx_pool", ¶m); + if (ODP_POOL_INVALID == ipsec_ctx_pool) { + ODP_ERR("Error: context pool create failed.\n"); + goto err_ctx; + } + + return 0; + +err_ctx: + return -1; +} + +int odp_ipsec_term_global(void) +{ + int ret = 0; + int rc = 0; + + ret = odp_pool_destroy(ipsec_ctx_pool); + if (ret < 0) { + ODP_ERR("ctx pool destroy failed"); + rc = -1; + } + + return rc; +} int odp_ipsec_capability(odp_ipsec_capability_t *capa) { + int rc; + odp_crypto_capability_t crypto_capa; + memset(capa, 0, sizeof(odp_ipsec_capability_t)); + capa->op_mode_sync = ODP_SUPPORT_PREFERRED; + capa->op_mode_async = ODP_SUPPORT_PREFERRED; + capa->op_mode_inline_out = ODP_SUPPORT_YES; + + capa->proto_ah = ODP_SUPPORT_YES; + + capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; + + rc = odp_crypto_capability(&crypto_capa); + if (rc < 0) + return rc; + + capa->ciphers = crypto_capa.ciphers; + capa->auths = crypto_capa.auths; + return 0; } int odp_ipsec_cipher_capability(odp_cipher_alg_t cipher, odp_crypto_cipher_capability_t capa[], int num) { - (void)cipher; - (void)capa; - (void)num; - - return -1; + return odp_crypto_cipher_capability(cipher, capa, num); } int odp_ipsec_auth_capability(odp_auth_alg_t auth, odp_crypto_auth_capability_t capa[], int num) { - (void)auth; - (void)capa; - (void)num; - - return -1; + return odp_crypto_auth_capability(auth, capa, num); } void odp_ipsec_config_init(odp_ipsec_config_t *config) { memset(config, 0, sizeof(odp_ipsec_config_t)); + config->inbound_mode = ODP_IPSEC_OP_MODE_SYNC; + config->outbound_mode = ODP_IPSEC_OP_MODE_SYNC; + config->max_num_sa = ODP_CONFIG_IPSEC_SAS; + config->inbound.default_queue = ODP_QUEUE_INVALID; + config->inbound.lookup.min_spi = 0; + config->inbound.lookup.max_spi = UINT32_MAX; } +static odp_ipsec_config_t ipsec_config; + int odp_ipsec_config(const odp_ipsec_config_t *config) { - (void)config; + /* FIXME: unsupported for now */ + if (ODP_IPSEC_OP_MODE_INLINE == config->inbound_mode) + return -1; - return -1; + if (ODP_CONFIG_IPSEC_SAS > config->max_num_sa) + return -1; + + ipsec_config = *config; + + return 0; +} + +static +void ipsec_ctx_init(ipsec_ctx_t *ctx, odp_buffer_t buf) +{ + memset(ctx, 0, sizeof(*ctx)); + ctx->buffer = buf; + + ctx->pkt = ODP_PACKET_INVALID; + ctx->crypto.pkt = ODP_PACKET_INVALID; + ctx->crypto.ok = true; +} + +/** + * Allocate per packet processing context. + * + * @return pointer to context area + */ +static +ipsec_ctx_t *ipsec_ctx_alloc(void) +{ + odp_buffer_t ctx_buf = odp_buffer_alloc(ipsec_ctx_pool); + ipsec_ctx_t *ctx; + + if (odp_unlikely(ODP_BUFFER_INVALID == ctx_buf)) + return NULL; + + ctx = odp_buffer_addr(ctx_buf); + ipsec_ctx_init(ctx, ctx_buf); + + return ctx; } void _odp_ipsec_ctx_free(ipsec_ctx_t *ctx) { - (void)ctx; + while (NULL != ctx) { + ipsec_ctx_t *next = ctx->next; + + if (ODP_PACKET_INVALID != ctx->crypto.pkt) + odp_packet_free(ctx->crypto.pkt); + + if (!ctx->pkt_out && ODP_PACKET_INVALID != ctx->pkt) + odp_packet_free(ctx->pkt); + + odp_buffer_free(ctx->buffer); + + ctx = next; + } +} + +/** + * Checksum + * + * @param buffer calculate chksum for buffer + * @param len buffer length + * + * @return checksum value in host cpu order + */ +static inline +odp_u16sum_t _odp_chksum(void *buffer, int len) +{ + uint16_t *buf = (uint16_t *)buffer; + uint32_t sum = 0; + uint16_t result; + + for (sum = 0; len > 1; len -= 2) + sum += *buf++; + + if (len == 1) + sum += *(unsigned char *)buf; + + sum = (sum >> 16) + (sum & 0xFFFF); + sum += (sum >> 16); + result = ~sum; + + return (__odp_force odp_u16sum_t) result; +} + +/** + * Calculate and fill in IPv4 checksum + * + * @note when using this api to populate data destined for the wire + * odp_cpu_to_be_16() can be used to remove sparse warnings + * + * @param pkt ODP packet + * + * @return IPv4 checksum in host cpu order, or 0 on failure + */ +static inline odp_u16sum_t +_odp_ipv4_csum_update(odp_packet_t pkt) +{ + uint16_t *w; + _odp_ipv4hdr_t *ip; + int nleft = sizeof(_odp_ipv4hdr_t); + + ip = (_odp_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); + if (ip == NULL) + return 0; + + ip->chksum = 0; + w = (uint16_t *)(void *)ip; + ip->chksum = _odp_chksum(w, nleft); + return ip->chksum; +} + +#define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL(ip->ver_ihl) * 4) +static inline +void ipv4_adjust_len(_odp_ipv4hdr_t *ip, int adj) +{ + ip->tot_len = odp_cpu_to_be_16(odp_be_to_cpu_16(ip->tot_len) + adj); +} + +static +void ipsec_finish(ipsec_ctx_t *ctx, + odp_ipsec_packet_result_t *res, + odp_packet_t *pkt) +{ + odp_crypto_op_result_t *result = &ctx->crypto; + + res->status = ctx->status; + + if (ODP_PACKET_INVALID != result->pkt) { + ctx->pkt = result->pkt; + result->pkt = ODP_PACKET_INVALID; + } + + /* Check crypto result */ + if (!result->ok) { + if (result->cipher_status.alg_err != ODP_CRYPTO_ALG_ERR_NONE || + result->cipher_status.hw_err != ODP_CRYPTO_HW_ERR_NONE) + res->status.error.alg = 1; + + if (result->auth_status.alg_err != ODP_CRYPTO_ALG_ERR_NONE || + result->auth_status.hw_err != ODP_CRYPTO_HW_ERR_NONE) + res->status.error.auth = 1; + } else { + if (ctx->postprocess) + ctx->postprocess(ctx); + } + + *pkt = ctx->pkt; + ctx->pkt_out = 1; + + if (NULL != ctx->ipsec_sa) { + res->sa = ctx->ipsec_sa->ipsec_sa_hdl; + _odp_ipsec_sa_unuse(ctx->ipsec_sa); + } else { + res->sa = ODP_IPSEC_SA_INVALID; + } +} + +static void ipsec_in_postprocess(ipsec_ctx_t *ctx); + +static +void ipsec_in_single(ipsec_ctx_t *ctx) +{ + odp_packet_t pkt = ctx->pkt; + uint32_t ip_offset = odp_packet_l3_offset(pkt); + _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); + uint16_t ip_hdr_len = ipv4_hdr_len(ip); + odp_crypto_op_param_t param; + odp_bool_t posted = 0; + int rc = -1; + + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); + ODP_ASSERT(NULL != ip); + + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); + param.ctx = ctx; + + /* Save everything to context */ + ctx->ip_tos = ip->tos; + ctx->ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); + ctx->ip_ttl = ip->ttl; + + ctx->postprocess = ipsec_in_postprocess; + ctx->ipsec_offset = ip_offset + ip_hdr_len; + + /* Check IP header for IPSec protocols and look it up */ + if (_ODP_IPPROTO_AH == ip->proto) { + _odp_ahhdr_t ah; + + if (odp_packet_copy_to_mem(pkt, ctx->ipsec_offset, sizeof(ah), &ah) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + if (NULL == ctx->ipsec_sa) { + ipsec_sa_lookup_t lookup; + + lookup.proto = ODP_IPSEC_AH; + lookup.spi = odp_be_to_cpu_32(ah.spi); + lookup.dst_addr = &ip->dst_addr; + ctx->ipsec_sa = _odp_ipsec_sa_lookup(&lookup); + if (NULL == ctx->ipsec_sa) { + ctx->status.error.sa_lookup = 1; + goto out; + } + } + + if (ODP_IPSEC_AH != ctx->ipsec_sa->proto) { + ctx->status.error.proto = 1; + goto out; + } + + ctx->hdr_len = (ah.ah_len + 2) * 4; + ctx->trl_len = 0; + + /* If authenticating, zero the mutable fields build the request */ + ip->chksum = 0; + ip->tos = 0; + ip->frag_offset = 0; + ip->ttl = 0; + + param.auth_range.offset = ip_offset; + param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); + param.hash_result_offset = ctx->ipsec_offset + _ODP_AHHDR_LEN; + } else if (_ODP_IPPROTO_ESP == ip->proto) { + _odp_esphdr_t esp; + + if (odp_packet_copy_to_mem(pkt, ctx->ipsec_offset, sizeof(esp), &esp) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + if (NULL == ctx->ipsec_sa) { + ipsec_sa_lookup_t lookup; + + lookup.proto = ODP_IPSEC_ESP; + lookup.spi = odp_be_to_cpu_32(esp.spi); + lookup.dst_addr = &ip->dst_addr; + ctx->ipsec_sa = _odp_ipsec_sa_lookup(&lookup); + if (NULL == ctx->ipsec_sa) { + ctx->status.error.sa_lookup = 1; + goto out; + } + } + + if (ODP_IPSEC_ESP != ctx->ipsec_sa->proto) { + ctx->status.error.proto = 1; + goto out; + } + + if (odp_packet_copy_to_mem(pkt, ctx->ipsec_offset + _ODP_ESPHDR_LEN, ctx->ipsec_sa->esp_iv_len, ctx->iv) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + ctx->hdr_len = _ODP_ESPHDR_LEN + ctx->ipsec_sa->esp_iv_len; + ctx->trl_len = _ODP_ESPTRL_LEN + ctx->ipsec_sa->icv_len; + + param.cipher_range.offset = ctx->ipsec_offset + ctx->hdr_len; + param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - ip_hdr_len - ctx->hdr_len - ctx->ipsec_sa->icv_len; + param.override_iv_ptr = ctx->iv; + + param.auth_range.offset = ctx->ipsec_offset; + param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - ip_hdr_len - ctx->ipsec_sa->icv_len; + param.hash_result_offset = ip_offset + odp_be_to_cpu_16(ip->tot_len) - ctx->ipsec_sa->icv_len; + } else { + ctx->status.error.proto = 1; + goto out; + } + + if (_odp_ipsec_sa_update_stats(ctx->ipsec_sa, odp_packet_len(pkt), &ctx->status) < 0) + goto out; + + param.session = ctx->ipsec_sa->session; + param.pkt = pkt; + /* Create new packet after all length extensions */ + if (ctx->ipsec_sa->in_place) { + param.out_pkt = pkt; + } else { + param.out_pkt = odp_packet_alloc(odp_packet_pool(pkt), + odp_packet_len(pkt)); + /* uarea will be copied by odp_crypto_operation */ + odp_packet_user_ptr_set(param.out_pkt, + odp_packet_user_ptr(param.pkt)); + } + pkt = ODP_PACKET_INVALID; + + rc = odp_crypto_operation(¶m, &posted, &ctx->crypto); + if (rc < 0) { + ODP_DBG("Crypto failed\n"); + ctx->status.error.alg = 1; + goto out; + } + + ODP_ASSERT(!posted); + +out: + ctx->pkt = pkt; } +static +void ipsec_in_postprocess(ipsec_ctx_t *ctx) +{ + odp_packet_t pkt = ctx->pkt; + uint32_t ip_offset = odp_packet_l3_offset(pkt); + _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); + uint16_t ip_hdr_len = ipv4_hdr_len(ip); + + if (_ODP_IPPROTO_AH == ip->proto) { + /* + * Finish auth + */ + _odp_ahhdr_t ah; + + if (odp_packet_copy_to_mem(pkt, ctx->ipsec_offset, sizeof(ah), &ah) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + ip->proto = ah.next_header; + + /* Restore mutable fields */ + ip->ttl = ctx->ip_ttl; + ip->tos = ctx->ip_tos; + ip->frag_offset = odp_cpu_to_be_16(ctx->ip_frag_offset); + } else if (_ODP_IPPROTO_ESP == ip->proto) { + /* + * Finish cipher by finding ESP trailer and processing + */ + _odp_esptrl_t esptrl; + uint32_t esptrl_offset = ip_offset + odp_be_to_cpu_16(ip->tot_len) - ctx->trl_len; + + if (odp_packet_copy_to_mem(pkt, esptrl_offset, sizeof(esptrl), &esptrl) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + ip->proto = esptrl.next_header; + ctx->trl_len += esptrl.pad_len; + } else { + ctx->status.error.proto = 1; + goto out; + } + + if (ip->proto == _ODP_IPV4) { + ip->ttl -= ctx->ipsec_sa->dec_ttl; + _odp_ipv4_csum_update(pkt); + + /* We have a tunneled IPv4 packet, strip outer and IPsec headers */ + odp_packet_move_data(pkt, ip_hdr_len + ctx->hdr_len, 0, ip_offset); + if (odp_packet_trunc_head(&pkt, ip_hdr_len + ctx->hdr_len, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + } else { + /* Finalize the IPv4 header */ + ipv4_adjust_len(ip, -(ctx->hdr_len + ctx->trl_len)); + + _odp_ipv4_csum_update(pkt); + + odp_packet_move_data(pkt, ctx->hdr_len, 0, ip_offset + ip_hdr_len); + if (odp_packet_trunc_head(&pkt, ctx->hdr_len, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + } + + if (odp_packet_trunc_tail(&pkt, ctx->trl_len, NULL, NULL) < 0) + ctx->status.error.alg = 1; + +out: + ctx->pkt = pkt; +} + +/** Helper for calculating encode length using data length and block size */ +#define ESP_ENCODE_LEN(x, b) ((((x) + ((b) - 1)) / (b)) * (b)) + +static void ipsec_out_postprocess(ipsec_ctx_t *ctx); + +static +void ipsec_out_single(ipsec_ctx_t *ctx) +{ + odp_packet_t pkt = ctx->pkt; + uint32_t ip_offset = odp_packet_l3_offset(pkt); + _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); + uint16_t ip_hdr_len = ipv4_hdr_len(ip); + odp_crypto_op_param_t param; + odp_bool_t posted = 0; + int rc = -1; + + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); + ODP_ASSERT(NULL != ip); + ODP_ASSERT(NULL != ctx->ipsec_sa); + + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); + param.ctx = ctx; + + if (ctx->ipsec_sa->mode == ODP_IPSEC_MODE_TUNNEL) { + _odp_ipv4hdr_t out_ip; + _odp_ipv4hdr_t *inner_ip; + uint16_t tun_hdr_offset = ip_offset + ip_hdr_len; + + ip->ttl -= ctx->ipsec_sa->dec_ttl; + + if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); + + inner_ip = odp_packet_offset(pkt, tun_hdr_offset, NULL, NULL); + + out_ip.ver_ihl = 0x45; + out_ip.tos = inner_ip->tos; /* FIXME */ + out_ip.tot_len = odp_cpu_to_be_16(odp_be_to_cpu_16(inner_ip->tot_len) + _ODP_IPV4HDR_LEN); + /* No need to convert to BE: ID just should not be duplicated */ + out_ip.id = (odp_atomic_fetch_add_u32(&ctx->ipsec_sa->tun_hdr_id, 1) + 1) & 0xffff; + out_ip.frag_offset = 0; + out_ip.ttl = ctx->ipsec_sa->tun_ttl; + out_ip.proto = _ODP_IPV4; + out_ip.src_addr = ctx->ipsec_sa->tun_src_ip; + out_ip.dst_addr = ctx->ipsec_sa->tun_dst_ip; + + odp_packet_copy_from_mem(pkt, ip_offset, _ODP_IPV4HDR_LEN, &out_ip); + + odp_packet_l4_offset_set(pkt, ip_offset + _ODP_IPV4HDR_LEN); + + ip = odp_packet_l3_ptr(pkt, NULL); + ip_hdr_len = _ODP_IPV4HDR_LEN; + } + + /* Save IPv4 stuff */ + ctx->ip_tos = ip->tos; + ctx->ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); + ctx->ip_ttl = ip->ttl; + + ctx->postprocess = ipsec_out_postprocess; + + ctx->ipsec_offset = ip_offset + ip_hdr_len; + + if (ctx->ipsec_sa->proto == ODP_IPSEC_AH) { + ctx->hdr_len = _ODP_AHHDR_LEN + ctx->ipsec_sa->icv_len; + ctx->trl_len = 0; + } else if (ctx->ipsec_sa->proto == ODP_IPSEC_ESP) { + uint32_t encrypt_len; + uint16_t ip_next_len = odp_be_to_cpu_16(ip->tot_len) - ip_hdr_len; + + ctx->hdr_len += _ODP_ESPHDR_LEN + ctx->ipsec_sa->esp_iv_len; + + encrypt_len = ESP_ENCODE_LEN(ip_next_len + _ODP_ESPTRL_LEN, + ctx->ipsec_sa->esp_block_len); + ctx->trl_len = encrypt_len - ip_next_len + ctx->ipsec_sa->icv_len; + } else { + ctx->status.error.proto = 1; + goto out; + } + + if (odp_packet_extend_tail(&pkt, ctx->trl_len, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + if (odp_packet_extend_head(&pkt, ctx->hdr_len, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + odp_packet_move_data(pkt, 0, ctx->hdr_len, ctx->ipsec_offset); + + ip = odp_packet_l3_ptr(pkt, NULL); + + /* Set IPv4 length before authentication */ + ipv4_adjust_len(ip, ctx->hdr_len + ctx->trl_len); + + /* For authentication, build header clear mutables and build request */ + if (ctx->ipsec_sa->proto == ODP_IPSEC_AH) { + _odp_ahhdr_t ah; + uint8_t icv[ctx->ipsec_sa->icv_len]; + + memset(&ah, 0, sizeof(ah)); + ah.spi = odp_cpu_to_be_32(ctx->ipsec_sa->spi); + ah.ah_len = 1 + (ctx->ipsec_sa->icv_len / 4); + ah.seq_no = odp_cpu_to_be_32(odp_atomic_fetch_add_u32(&ctx->ipsec_sa->seq, 1) + 1); + ah.next_header = ip->proto; + ip->proto = _ODP_IPPROTO_AH; + + odp_packet_copy_from_mem(pkt, ctx->ipsec_offset, _ODP_AHHDR_LEN, &ah); + memset(icv, 0, ctx->ipsec_sa->icv_len); + odp_packet_copy_from_mem(pkt, ctx->ipsec_offset + _ODP_AHHDR_LEN, ctx->ipsec_sa->icv_len, icv); + + ip->chksum = 0; + ip->tos = 0; + ip->frag_offset = 0; + ip->ttl = 0; + + param.auth_range.offset = ip_offset; + param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); + param.hash_result_offset = ctx->ipsec_offset + _ODP_AHHDR_LEN; + } + + if (ctx->ipsec_sa->proto == ODP_IPSEC_ESP) { + _odp_esphdr_t esp; + _odp_esptrl_t esptrl; + uint32_t esptrl_offset = ip_offset + odp_be_to_cpu_16(ip->tot_len) - ctx->ipsec_sa->icv_len - _ODP_ESPTRL_LEN; + + memset(&esp, 0, sizeof(esp)); + memset(&esptrl, 0, sizeof(esptrl)); + esp.spi = odp_cpu_to_be_32(ctx->ipsec_sa->spi); + esp.seq_no = odp_cpu_to_be_32(odp_atomic_fetch_add_u32(&ctx->ipsec_sa->seq, 1) + 1); + + esptrl.pad_len = ctx->trl_len - _ODP_ESPTRL_LEN - ctx->ipsec_sa->icv_len; + esptrl.next_header = ip->proto; + ip->proto = _ODP_IPPROTO_ESP; + + odp_packet_copy_from_mem(pkt, ctx->ipsec_offset, _ODP_ESPHDR_LEN, &esp); + odp_packet_copy_from_mem(pkt, ctx->ipsec_offset + _ODP_ESPHDR_LEN, ctx->ipsec_sa->esp_iv_len, ctx->ipsec_sa->iv); + odp_packet_copy_from_mem(pkt, esptrl_offset, _ODP_ESPTRL_LEN, &esptrl); + + param.cipher_range.offset = ctx->ipsec_offset + ctx->hdr_len; + param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - ip_hdr_len - ctx->hdr_len - ctx->ipsec_sa->icv_len; + + param.auth_range.offset = ctx->ipsec_offset; + param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - ip_hdr_len - ctx->ipsec_sa->icv_len; + param.hash_result_offset = ip_offset + odp_be_to_cpu_16(ip->tot_len) - ctx->ipsec_sa->icv_len; + } + + if (_odp_ipsec_sa_update_stats(ctx->ipsec_sa, odp_packet_len(pkt), &ctx->status) < 0) + goto out; + + param.session = ctx->ipsec_sa->session; + param.pkt = pkt; + /* Create new packet after all length extensions */ + if (ctx->ipsec_sa->in_place) { + param.out_pkt = pkt; + } else { + param.out_pkt = odp_packet_alloc(odp_packet_pool(pkt), + odp_packet_len(pkt)); + odp_packet_user_ptr_set(param.out_pkt, + odp_packet_user_ptr(param.pkt)); + } + pkt = ODP_PACKET_INVALID; + + rc = odp_crypto_operation(¶m, &posted, &ctx->crypto); + if (rc < 0) { + ODP_DBG("Crypto failed\n"); + ctx->status.error.alg = 1; + goto out; + } + + ODP_ASSERT(!posted); + +out: + ctx->pkt = pkt; +} + +static +void ipsec_out_postprocess(ipsec_ctx_t *ctx) +{ + odp_packet_t pkt = ctx->pkt; + _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); + + /* Finalize the IPv4 header */ + if (ip->proto == _ODP_IPPROTO_AH) { + ip->ttl = ctx->ip_ttl; + ip->tos = ctx->ip_tos; + ip->frag_offset = odp_cpu_to_be_16(ctx->ip_frag_offset); + } + + _odp_ipv4_csum_update(pkt); +} + +#if 0 +static odp_ipsec_op_opt_t default_opt = { + .mode = ODP_IPSEC_FRAG_DISABLED, +}; +#endif + int odp_ipsec_in(const odp_ipsec_op_param_t *input, odp_ipsec_op_result_t *output) { - (void)input; - (void)output; + int in_pkt = 0; + int out_pkt = 0; + unsigned sa_idx = 0; + unsigned opt_idx = 0; + unsigned sa_inc = (input->num_sa > 1) ? 1 : 0; + unsigned opt_inc = (input->num_opt > 1) ? 1 : 0; - return -1; + while (in_pkt < input->num_pkt && out_pkt < output->num_pkt) { + ipsec_ctx_t ctx; + + ipsec_ctx_init(&ctx, ODP_BUFFER_INVALID); + +#if 0 + odp_ipsec_op_opt_t *opt; + + if (0 == input->num_opt) + opt = &default_opt; + else + opt = &input->opt[opt_idx]; +#endif + + ctx.pkt = input->pkt[in_pkt]; + + if (0 == input->num_sa) { + ctx.ipsec_sa = NULL; + } else { + ctx.ipsec_sa = _odp_ipsec_sa_use(input->sa[sa_idx]); + ODP_ASSERT(NULL != ctx.ipsec_sa); + } + + ipsec_in_single(&ctx); + + ipsec_finish(&ctx, &output->res[out_pkt], &output->pkt[out_pkt]); + + in_pkt++; + out_pkt++; + sa_idx += sa_inc; + opt_idx += opt_inc; + } + + return in_pkt; } int odp_ipsec_out(const odp_ipsec_op_param_t *input, - odp_ipsec_op_result_t *output) + odp_ipsec_op_result_t *output) { - (void)input; - (void)output; + int in_pkt = 0; + int out_pkt = 0; + unsigned sa_idx = 0; + unsigned opt_idx = 0; + unsigned sa_inc = (input->num_sa > 1) ? 1 : 0; + unsigned opt_inc = (input->num_opt > 1) ? 1 : 0; - return -1; + ODP_ASSERT(input->num_sa != 0); + + while (in_pkt < input->num_pkt && out_pkt < output->num_pkt) { + odp_ipsec_sa_t sa; + ipsec_ctx_t ctx; + + ipsec_ctx_init(&ctx, ODP_BUFFER_INVALID); + + sa = input->sa[sa_idx]; + + ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); + +#if 0 + odp_ipsec_op_opt_t *opt; + + if (0 == input->num_opt) + opt = &default_opt; + else + opt = &input->opt[opt_idx]; +#endif + + ctx.pkt = input->pkt[in_pkt]; + ctx.ipsec_sa = _odp_ipsec_sa_use(sa); + + ipsec_out_single(&ctx); + + ipsec_finish(&ctx, &output->res[out_pkt], &output->pkt[out_pkt]); + + in_pkt++; + out_pkt++; + sa_idx += sa_inc; + opt_idx += opt_inc; + } + + return in_pkt; } int odp_ipsec_in_enq(const odp_ipsec_op_param_t *input) { - (void)input; + int in_pkt = 0; + unsigned sa_idx = 0; + unsigned opt_idx = 0; + unsigned sa_inc = (input->num_sa > 1) ? 1 : 0; + unsigned opt_inc = (input->num_opt > 1) ? 1 : 0; - return -1; + while (in_pkt < input->num_pkt) { + ipsec_ctx_t *ctx; + odp_queue_t queue; + + ctx = ipsec_ctx_alloc(); + if (NULL == ctx) + break; + +#if 0 + odp_ipsec_op_opt_t *opt; + + if (0 == input->num_opt) + opt = &default_opt; + else + opt = &input->opt[opt_idx]; +#endif + + ctx->pkt = input->pkt[in_pkt]; + + if (0 == input->num_sa) { + ctx->ipsec_sa = NULL; + } else { + ctx->ipsec_sa = _odp_ipsec_sa_use(input->sa[sa_idx]); + ODP_ASSERT(NULL != ctx->ipsec_sa); + } + + ipsec_in_single(ctx); + + in_pkt++; + sa_idx += sa_inc; + opt_idx += opt_inc; + + /* IN might have looked up SA for the packet */ + if (NULL == ctx->ipsec_sa) + queue = ipsec_config.inbound.default_queue; + else + queue = ctx->ipsec_sa->queue; + if (odp_unlikely(_odp_ipsec_result_send(queue, ctx) < 0)) { + _odp_ipsec_ctx_free(ctx); + break; + } + } + + return in_pkt; } int odp_ipsec_out_enq(const odp_ipsec_op_param_t *input) { - (void)input; + int in_pkt = 0; + unsigned sa_idx = 0; + unsigned opt_idx = 0; + unsigned sa_inc = (input->num_sa > 1) ? 1 : 0; + unsigned opt_inc = (input->num_opt > 1) ? 1 : 0; - return -1; + ODP_ASSERT(input->num_sa != 0); + + while (in_pkt < input->num_pkt) { + odp_ipsec_sa_t sa; + ipsec_ctx_t *ctx; + + ctx = ipsec_ctx_alloc(); + if (NULL == ctx) + break; + + sa = input->sa[sa_idx]; + + ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); + +#if 0 + odp_ipsec_op_opt_t *opt; + + if (0 == input->num_opt) + opt = &default_opt; + else + opt = &input->opt[opt_idx]; +#endif + + ctx->pkt = input->pkt[in_pkt]; + ctx->ipsec_sa = _odp_ipsec_sa_use(sa); + + ipsec_out_single(ctx); + + in_pkt++; + sa_idx += sa_inc; + opt_idx += opt_inc; + + if (odp_unlikely(_odp_ipsec_result_send(ctx->ipsec_sa->queue, ctx) < 0)) { + _odp_ipsec_ctx_free(ctx); + break; + } + } + + return in_pkt; } -int odp_ipsec_out_inline(const odp_ipsec_op_param_t *op_param, +static +odp_bool_t _odp_ipsec_out_inline_send(ipsec_ctx_t *ctx, + const odp_ipsec_inline_op_param_t *inline_param) +{ + if (ctx->status.all_error || !ctx->crypto.ok) + return false; + + while (ctx) { + ipsec_ctx_t *next = ctx->next; + odp_ipsec_packet_result_t dummy; + odp_packet_t pkt; + uint32_t offset; + odp_pktout_queue_t queue; + uint32_t hdr_len = inline_param->outer_hdr.len; + + ctx->next = NULL; + + ipsec_finish(ctx, &dummy, &pkt); + offset = odp_packet_l3_offset(pkt); + + if (offset >= hdr_len) { + offset = offset - hdr_len; + } else { + if (odp_packet_extend_head(&pkt, hdr_len - offset, NULL, NULL) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + odp_packet_l3_offset_set(pkt, hdr_len); + + offset = 0; + } + + if (odp_packet_copy_from_mem(pkt, offset, hdr_len, inline_param->outer_hdr.ptr) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + if (odp_pktout_queue(inline_param->pktio, &queue, 1) < 0) { + ctx->status.error.alg = 1; + goto out; + } + + if (odp_pktout_send(queue, &pkt, 1) < 0) { + ctx->status.error.alg = 1; + goto out; + } + +out: + if (ctx->status.all_error) { + if (odp_unlikely(_odp_ipsec_result_send(ctx->ipsec_sa->queue, ctx) < 0)) + _odp_ipsec_ctx_free(ctx); + } else { + _odp_ipsec_ctx_free(ctx); + } + ctx = next; + } + + return true; +} + +int odp_ipsec_out_inline(const odp_ipsec_op_param_t *input, const odp_ipsec_inline_op_param_t *inline_param) { - (void)op_param; - (void)inline_param; + int in_pkt = 0; + unsigned sa_idx = 0; + unsigned opt_idx = 0; + unsigned sa_inc = (input->num_sa > 1) ? 1 : 0; + unsigned opt_inc = (input->num_opt > 1) ? 1 : 0; - return -1; + ODP_ASSERT(input->num_sa != 0); + + while (in_pkt < input->num_pkt) { + odp_ipsec_sa_t sa; + ipsec_ctx_t *ctx; + + ctx = ipsec_ctx_alloc(); + if (NULL == ctx) + break; + + sa = input->sa[sa_idx]; + + ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); + +#if 0 + odp_ipsec_op_opt_t *opt; + + if (0 == input->num_opt) + opt = &default_opt; + else + opt = &input->opt[opt_idx]; +#endif + + ctx->pkt = input->pkt[in_pkt]; + ctx->ipsec_sa = _odp_ipsec_sa_use(sa); + + ipsec_out_single(ctx); + + in_pkt++; + sa_idx += sa_inc; + opt_idx += opt_inc; + + /* FIXME: inline_param should have been put into context */ + if (!_odp_ipsec_out_inline_send(ctx, &inline_param[in_pkt - 1])) { + /* In case of an error, submit result event */ + if (odp_unlikely(_odp_ipsec_result_send(ctx->ipsec_sa->queue, ctx) < 0)) { + _odp_ipsec_ctx_free(ctx); + break; + } + } + } + + return in_pkt; } int _odp_ipsec_ctx_result(ipsec_ctx_t *ctx, odp_ipsec_op_result_t *result) { - (void)ctx; - (void)result; + int out_pkt = 0; - return -1; + if (NULL == result) + goto count; + + while (NULL != ctx && out_pkt < result->num_pkt) { + ipsec_finish(ctx, &result->res[out_pkt], &result->pkt[out_pkt]); + out_pkt++; + ctx = ctx->next; + } + + result->num_pkt = out_pkt; + +count: + while (NULL != ctx) { + out_pkt++; + ctx = ctx->next; + } + + return out_pkt; } From patchwork Thu May 11 23:00:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99699 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp38774qge; Thu, 11 May 2017 16:13:13 -0700 (PDT) X-Received: by 10.55.209.144 with SMTP id o16mr964245qkl.188.1494544393596; Thu, 11 May 2017 16:13:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494544393; cv=none; d=google.com; s=arc-20160816; b=vSS/Bix2iQhoFCGLSpZwuhIgBcrVe426fHOk5pwxOraOp3x0kl7fipaNaislywNEGg THZWs0p/l3HVDZH6F5xoA/4E9enSusBRMmr2wuTrEKaUGIoQgILNJXar76k/hHXcpEqt HUSIXwak1E8MMIVZQGHHhvQ/iHdm8iAH/mI+/zWbwneiYniskyMVybyC/qc12PEvXNP2 ZusqpY83HWzHoJkXzir/Iqd9PyVg4maEUYCKEq04IQJWFMonhJmorckR6uSSyTtRJrF9 5HRBoDqu5ESd8zehkxCIibUB7fCkVUJ3tlrjvIwW/vKvqPb9tY6AVpOSdqh5t6dSy6Jk Emrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=B6dw6Tx/j700brH85J/Frqsa18xbpnJAyoDJgcEywlE=; b=o2rC0QDm+IX55wmcUXwkgxpOPYWSF0MI5c7mczJaKbdFbWP2CWw285XQ6dseeRT5/W DFNmhjPueZ2pkuuP2hn3wjOnCBDsiLkErL5JvqEotcG+UIsBnvZAzzKhWms5Ki2NAFTX PU/o8YJ3zDt3WeHQWHshOk+E/kjyNtNA3fNdael6IIu/Fl+du2FL9lBcrN24pEOeibOr 3CLmlMwLRy9bmNlFiJ4KvZyzkMGuaM/mteizqMsu4KI8akotlOXlWDA14HLJ5ShVzJAQ axcmeDCTgCeXBCJ5Mas1Lo3yJsfTnmURJpcVdukWJLsiKLmCn9qJ5bCvhKi5BvzKmTEh Fxyw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id 50si1442920qtp.88.2017.05.11.16.13.12; Thu, 11 May 2017 16:13:13 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id CD7EF60D34; Thu, 11 May 2017 23:13:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 2DC1A60D6A; Thu, 11 May 2017 23:02:32 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E712960CE5; Thu, 11 May 2017 23:01:52 +0000 (UTC) Received: from forward7m.cmail.yandex.net (forward7m.cmail.yandex.net [5.255.216.200]) by lists.linaro.org (Postfix) with ESMTPS id D6EC060CDC for ; Thu, 11 May 2017 23:01:10 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [IPv6:2a02:6b8:0:f05::117]) by forward7m.cmail.yandex.net (Yandex) with ESMTP id 8F3C422441 for ; Fri, 12 May 2017 02:01:09 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id ECF52440E8B for ; Fri, 12 May 2017 02:01:08 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id orGMuV8N85-17Yeuk27; Fri, 12 May 2017 02:01:07 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-ForeignMX: US X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 12 May 2017 02:00:09 +0300 Message-Id: <1494543609-26126-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> References: <1494543609-26126-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 28 Subject: [lng-odp] [PATCH API-NEXT v4 10/10] test: validation: add IPsec API testsuite X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add several basic tests for IPsec API. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 28 (lumag:ipsec) ** https://github.com/Linaro/odp/pull/28 ** Patch: https://github.com/Linaro/odp/pull/28.patch ** Base sha: 900dd9e2d3d2ae751ab2bc4e11dbd48ea7ed7030 ** Merge commit sha: b81277da57f0fe188a9a4e88872bba7ec92283ca **/ configure.ac | 1 + test/common_plat/validation/api/ipsec/Makefile.am | 5 +- test/common_plat/validation/api/ipsec/ipsec.c | 534 ++++++++++++++++++++- test/common_plat/validation/api/ipsec/ipsec.h | 54 ++- .../validation/api/ipsec/ipsec_test_in.c | 444 +++++++++++++++++ .../validation/api/ipsec/ipsec_test_out.c | 154 ++++++ .../validation/api/ipsec/test_vectors.h | 414 ++++++++++++++++ 7 files changed, 1597 insertions(+), 9 deletions(-) create mode 100644 test/common_plat/validation/api/ipsec/ipsec_test_in.c create mode 100644 test/common_plat/validation/api/ipsec/ipsec_test_out.c create mode 100644 test/common_plat/validation/api/ipsec/test_vectors.h diff --git a/configure.ac b/configure.ac index 63e7271..7d85414 100644 --- a/configure.ac +++ b/configure.ac @@ -314,6 +314,7 @@ ODP_CFLAGS="$ODP_CFLAGS -W -Wall -Werror -Wstrict-prototypes -Wmissing-prototype ODP_CFLAGS="$ODP_CFLAGS -Wmissing-declarations -Wold-style-definition -Wpointer-arith" ODP_CFLAGS="$ODP_CFLAGS -Wcast-align -Wnested-externs -Wcast-qual -Wformat-nonliteral" ODP_CFLAGS="$ODP_CFLAGS -Wformat-security -Wundef -Wwrite-strings" +ODP_CFLAGS="$ODP_CFLAGS -Wno-initializer-overrides" ODP_CFLAGS="$ODP_CFLAGS -std=c99" # Extra flags for example to suppress certain warning types ODP_CFLAGS="$ODP_CFLAGS $ODP_CFLAGS_EXTRA" diff --git a/test/common_plat/validation/api/ipsec/Makefile.am b/test/common_plat/validation/api/ipsec/Makefile.am index 106b8dc..0432222 100644 --- a/test/common_plat/validation/api/ipsec/Makefile.am +++ b/test/common_plat/validation/api/ipsec/Makefile.am @@ -1,7 +1,10 @@ include ../Makefile.inc noinst_LTLIBRARIES = libtestipsec.la -libtestipsec_la_SOURCES = ipsec.c +libtestipsec_la_SOURCES = \ + ipsec_test_in.c \ + ipsec_test_out.c \ + ipsec.c test_PROGRAMS = ipsec_main$(EXEEXT) dist_ipsec_main_SOURCES = ipsec_main.c diff --git a/test/common_plat/validation/api/ipsec/ipsec.c b/test/common_plat/validation/api/ipsec/ipsec.c index 7834803..3cea814 100644 --- a/test/common_plat/validation/api/ipsec/ipsec.c +++ b/test/common_plat/validation/api/ipsec/ipsec.c @@ -10,6 +10,383 @@ #include "ipsec.h" +#include "test_vectors.h" + +struct suite_context_s suite_context; + +#define PKT_POOL_NUM 64 +#define PKT_POOL_LEN (1 * 1024) + +int ipsec_check(odp_bool_t in, odp_bool_t ah, odp_cipher_alg_t cipher, odp_auth_alg_t auth) +{ + odp_ipsec_capability_t capa; + + if (odp_ipsec_capability(&capa) < 0) + return ODP_TEST_INACTIVE; + + if ((ODP_IPSEC_OP_MODE_SYNC == suite_context.pref_mode && + ODP_SUPPORT_NO == capa.op_mode_sync) || + (ODP_IPSEC_OP_MODE_ASYNC == suite_context.pref_mode && + ODP_SUPPORT_NO == capa.op_mode_async) || + (ODP_IPSEC_OP_MODE_INLINE == suite_context.pref_mode && + ODP_SUPPORT_NO == capa.op_mode_inline_in && in) || + (ODP_IPSEC_OP_MODE_INLINE == suite_context.pref_mode && + ODP_SUPPORT_NO == capa.op_mode_inline_out && !in)) + return ODP_TEST_INACTIVE; + + if (ah && (ODP_SUPPORT_NO == capa.proto_ah)) + return ODP_TEST_INACTIVE; + + /* Cipher algorithms */ + switch (cipher) { + case ODP_CIPHER_ALG_NULL: + if (!capa.ciphers.bit.null) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_DES: + if (!capa.ciphers.bit.des) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_3DES_CBC: + if (!capa.ciphers.bit.trides_cbc) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_AES_CBC: + if (!capa.ciphers.bit.aes_cbc) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_AES_GCM: + if (!capa.ciphers.bit.aes_gcm) + return ODP_TEST_INACTIVE; + break; + default: + fprintf(stderr, "Unsupported cipher algorithm\n"); + return ODP_TEST_INACTIVE; + } + + /* Authentication algorithms */ + switch (auth) { + case ODP_AUTH_ALG_NULL: + if (!capa.auths.bit.null) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_MD5_HMAC: + if (!capa.auths.bit.md5_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_SHA1_HMAC: + if (!capa.auths.bit.sha1_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_SHA256_HMAC: + if (!capa.auths.bit.sha256_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_SHA512_HMAC: + if (!capa.auths.bit.sha512_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_AES_GCM: + if (!capa.auths.bit.aes_gcm) + return ODP_TEST_INACTIVE; + break; + default: + fprintf(stderr, "Unsupported authentication algorithm\n"); + return ODP_TEST_INACTIVE; + } + + return ODP_TEST_ACTIVE; +} + +void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, + odp_bool_t in, + odp_bool_t ah, + uint32_t spi, + odp_cipher_alg_t cipher_alg, + const odp_crypto_key_t *cipher_key, + odp_auth_alg_t auth_alg, + const odp_crypto_key_t *auth_key) +{ + odp_ipsec_sa_param_init(param); + param->dir = in ? ODP_IPSEC_DIR_INBOUND : ODP_IPSEC_DIR_OUTBOUND; + param->lookup_mode = in ? ODP_IPSEC_LOOKUP_SPI : ODP_IPSEC_LOOKUP_DISABLED; + param->proto = ah ? ODP_IPSEC_AH : ODP_IPSEC_ESP; + + param->mode = /*tun ? ODP_IPSEC_MODE_TUNNEL : */ODP_IPSEC_MODE_TRANSPORT; + param->spi = spi; + param->seq = 0; + + param->dest_queue = suite_context.queue; + + if (cipher_key) { + param->crypto.cipher_alg = cipher_alg; + param->crypto.cipher_key = *cipher_key; + } + + if (auth_key) { + param->crypto.auth_alg = auth_alg; + param->crypto.auth_key = *auth_key; + } +} + +void ipsec_sa_destroy(odp_ipsec_sa_t sa) +{ + odp_event_t event; + odp_ipsec_status_t status; + + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa)); + + if (ODP_QUEUE_INVALID != suite_context.queue) { + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_STATUS, odp_event_type(event)); + + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_status(&status, event)); + + CU_ASSERT_EQUAL(ODP_IPSEC_STATUS_SA_DISABLE, status.id); + CU_ASSERT_EQUAL(0, status.ret); + CU_ASSERT_EQUAL(sa, status.sa); + + odp_event_free(event); + } + + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa)); +} + +#define PACKET_USER_PTR ((void *)0x1212fefe) + +odp_packet_t ipsec_packet(const ipsec_test_packet *itp) +{ + odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len); + + CU_ASSERT_NOT_EQUAL(ODP_PACKET_INVALID, pkt); + if (ODP_PACKET_INVALID == pkt) + return pkt; + + CU_ASSERT_EQUAL(0, odp_packet_copy_from_mem(pkt, 0, itp->len, itp->data)); + if (itp->l2_offset != ODP_PACKET_OFFSET_INVALID) + CU_ASSERT_EQUAL(0, odp_packet_l2_offset_set(pkt, itp->l2_offset)); + if (itp->l3_offset != ODP_PACKET_OFFSET_INVALID) + CU_ASSERT_EQUAL(0, odp_packet_l3_offset_set(pkt, itp->l3_offset)); + if (itp->l4_offset != ODP_PACKET_OFFSET_INVALID) + CU_ASSERT_EQUAL(0, odp_packet_l4_offset_set(pkt, itp->l4_offset)); + + odp_packet_user_ptr_set(pkt, PACKET_USER_PTR); + + return pkt; +} + +/* + * Compare packages ignoring everything before L3 header + */ +odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t pkt) +{ + uint32_t len = (ODP_PACKET_INVALID == pkt) ? 1 : odp_packet_len(pkt); + uint32_t l3, l4; + uint8_t data[len]; + + if (!itp) + return true; + + if (ODP_PACKET_INVALID == pkt) + return false; + + CU_ASSERT_EQUAL(PACKET_USER_PTR, odp_packet_user_ptr(pkt)); + + l3 = odp_packet_l3_offset(pkt); + l4 = odp_packet_l4_offset(pkt); + odp_packet_copy_to_mem(pkt, 0, len, data); + + if (len - l3 != itp->len - itp->l3_offset) + return false; + + if (l4 - l3 != itp->l4_offset - itp->l3_offset) + return false; + + return memcmp(data + l3, itp->data + itp->l3_offset, len - l3) ? false : true; +} + +void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, odp_bool_t lookup) +{ + odp_ipsec_op_param_t op_param; + odp_ipsec_op_result_t op_result; + odp_packet_t pkt; + odp_packet_t pkto[part->out_pkt]; + odp_ipsec_packet_result_t result[part->out_pkt]; + int i; + + pkt = ipsec_packet(part->pkt_in); + + memset(&op_param, 0, sizeof(op_param)); + op_param.num_pkt = 1; + op_param.pkt = &pkt; + if (lookup) { + op_param.num_sa = 1; + op_param.sa = &sa; + } else { + op_param.num_sa = 0; + op_param.sa = NULL; + } + op_param.num_opt = 0; + op_param.opt = NULL; + + op_result.num_pkt = part->out_pkt; + op_result.pkt = pkto; + op_result.res = result; + + if (ODP_IPSEC_OP_MODE_SYNC == suite_context.pref_mode) { + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_in(&op_param, &op_result)); + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.pref_mode) { + odp_event_t event; + + CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&op_param)); + + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_RESULT, odp_event_type(event)); + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_result(&op_result, event)); + } else { + CU_FAIL("INLINE not supported"); + } + + CU_ASSERT_EQUAL(part->out_pkt, op_result.num_pkt); + + for (i = 0; i < op_result.num_pkt && i < part->out_pkt; i++) { + CU_ASSERT_EQUAL(part->out[i].status.all_error, result[i].status.all_error); + CU_ASSERT_EQUAL(sa, result[i].sa); + if (ODP_PACKET_INVALID == pkto[i]) { + CU_FAIL("ODP_PACKET_INVALID received"); + } else { + CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out, pkto[i])); + odp_packet_free(pkto[i]); + } + } +} + +void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) +{ + odp_ipsec_op_param_t op_param; + odp_ipsec_op_result_t op_result; + odp_packet_t pkt; + odp_packet_t pkto[part->out_pkt]; + odp_ipsec_packet_result_t result[part->out_pkt]; + int i; + + pkt = ipsec_packet(part->pkt_in); + + memset(&op_param, 0, sizeof(op_param)); + op_param.num_pkt = 1; + op_param.pkt = &pkt; + op_param.num_sa = 1; + op_param.sa = &sa; + op_param.num_opt = 0; + op_param.opt = NULL; + + op_result.num_pkt = part->out_pkt; + op_result.pkt = pkto; + op_result.res = result; + + if (ODP_IPSEC_OP_MODE_SYNC == suite_context.pref_mode) { + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&op_param, &op_result)); + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.pref_mode) { + odp_event_t event; + + CU_ASSERT_EQUAL(1, odp_ipsec_out_enq(&op_param)); + + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_RESULT, odp_event_type(event)); + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_result(&op_result, event)); + } else { + CU_FAIL("INLINE not supported"); + } + + CU_ASSERT_EQUAL(part->out_pkt, op_result.num_pkt); + + for (i = 0; i < op_result.num_pkt && i < part->out_pkt; i++) { + CU_ASSERT_EQUAL(part->out[i].status.all_error, result[i].status.all_error); + CU_ASSERT_EQUAL(sa, result[i].sa); + if (ODP_PACKET_INVALID == pkto[i]) { + CU_FAIL("ODP_PACKET_INVALID received"); + } else { + CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out, pkto[i])); + odp_packet_free(pkto[i]); + } + } +} + +void ipsec_check_out_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, odp_ipsec_sa_t sa_in) +{ + odp_ipsec_op_param_t op_param; + odp_ipsec_op_result_t op_result; + odp_packet_t pkt; + odp_packet_t pkto[part->out_pkt]; + odp_ipsec_packet_result_t result[part->out_pkt]; + int i; + + pkt = ipsec_packet(part->pkt_in); + + memset(&op_param, 0, sizeof(op_param)); + op_param.num_pkt = 1; + op_param.pkt = &pkt; + op_param.num_sa = 1; + op_param.sa = &sa; + op_param.num_opt = 0; + op_param.opt = NULL; + + op_result.num_pkt = part->out_pkt; + op_result.pkt = pkto; + op_result.res = result; + + if (ODP_IPSEC_OP_MODE_SYNC == suite_context.pref_mode) { + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&op_param, &op_result)); + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.pref_mode) { + odp_event_t event; + + CU_ASSERT_EQUAL(1, odp_ipsec_out_enq(&op_param)); + + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_RESULT, odp_event_type(event)); + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_result(&op_result, event)); + } else { + CU_FAIL("INLINE not supported"); + } + + CU_ASSERT_EQUAL(part->out_pkt, op_result.num_pkt); + + for (i = 0; i < op_result.num_pkt && i < part->out_pkt; i++) { + CU_ASSERT_EQUAL(part->out[i].status.all_error, result[i].status.all_error); + CU_ASSERT_EQUAL(sa, result[i].sa); + if (ODP_PACKET_INVALID == pkto[i]) { + CU_FAIL("ODP_PACKET_INVALID received"); + } else { + ipsec_test_part part_in = *part; + ipsec_test_packet pkt_in; + + CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <= sizeof(pkt_in.data)); + + pkt_in.len = odp_packet_len(pkto[i]); + pkt_in.l2_offset = odp_packet_l2_offset(pkto[i]); + pkt_in.l3_offset = odp_packet_l3_offset(pkto[i]); + pkt_in.l4_offset = odp_packet_l4_offset(pkto[i]); + odp_packet_copy_to_mem(pkto[i], 0, pkt_in.len, pkt_in.data); + part_in.pkt_in = &pkt_in; + ipsec_check_in_one(&part_in, sa_in, false); + odp_packet_free(pkto[i]); + } + } +} + +static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -22,11 +399,164 @@ odp_testinfo_t ipsec_suite[] = { ODP_TEST_INFO_NULL }; +static +int ODP_UNUSED ipsec_sync_init(void) +{ + suite_context.pool = odp_pool_lookup("packet_pool"); + if (suite_context.pool == ODP_POOL_INVALID) + return -1; + + suite_context.queue = ODP_QUEUE_INVALID; + suite_context.pref_mode = ODP_IPSEC_OP_MODE_SYNC; + return 0; +} + +static +int ODP_UNUSED ipsec_async_init(void) +{ + suite_context.pool = odp_pool_lookup("packet_pool"); + if (suite_context.pool == ODP_POOL_INVALID) + return -1; + suite_context.queue = odp_queue_lookup("ipsec-out"); + if (suite_context.queue == ODP_QUEUE_INVALID) + return -1; + + suite_context.pref_mode = ODP_IPSEC_OP_MODE_ASYNC; + return 0; +} + +static +int ipsec_suite_term(odp_testinfo_t *suite) +{ + int i; + int first = 1; + + for (i = 0; suite[i].pName; i++) { + if (suite[i].check_active && + suite[i].check_active() == ODP_TEST_INACTIVE) { + if (first) { + first = 0; + printf("\n\n Inactive tests:\n"); + } + printf(" %s\n", suite[i].pName); + } + } + + return 0; +} + +static +int ipsec_in_term(void) +{ + return ipsec_suite_term(ipsec_in_suite); +} + +static +int ipsec_out_term(void) +{ + return ipsec_suite_term(ipsec_out_suite); +} + odp_suiteinfo_t ipsec_suites[] = { {"IPsec", NULL, NULL, ipsec_suite}, + {"IPsec-sync-in", ipsec_sync_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-async-in", ipsec_async_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-sync-out", ipsec_sync_init, ipsec_out_term, ipsec_out_suite}, + {"IPsec-async-out", ipsec_async_init, ipsec_out_term, ipsec_out_suite}, ODP_SUITE_INFO_NULL, }; +static +int ipsec_outit(odp_instance_t *inst) +{ + odp_pool_param_t params; + odp_pool_t pool; + odp_queue_t out_queue; + odp_pool_capability_t pool_capa; + + if (0 != odp_init_global(inst, NULL, NULL)) { + fprintf(stderr, "error: odp_init_global() failed.\n"); + return -1; + } + + if (0 != odp_init_local(*inst, ODP_THREAD_CONTROL)) { + fprintf(stderr, "error: odp_init_local() failed.\n"); + return -1; + } + + if (odp_pool_capability(&pool_capa) < 0) { + fprintf(stderr, "error: odp_pool_capability() failed.\n"); + return -1; + } + + odp_pool_param_init(¶ms); + params.pkt.seg_len = PKT_POOL_LEN; + params.pkt.len = PKT_POOL_LEN; + params.pkt.num = PKT_POOL_NUM; + params.type = ODP_POOL_PACKET; + + if (pool_capa.pkt.max_seg_len && + PKT_POOL_LEN > pool_capa.pkt.max_seg_len) { + fprintf(stderr, "Warning: small packet segment length\n"); + params.pkt.seg_len = pool_capa.pkt.max_seg_len; + } + + if (pool_capa.pkt.max_len && + PKT_POOL_LEN > pool_capa.pkt.max_len) { + fprintf(stderr, "Pool max packet length too small\n"); + return -1; + } + + pool = odp_pool_create("packet_pool", ¶ms); + + if (ODP_POOL_INVALID == pool) { + fprintf(stderr, "Packet pool creation failed.\n"); + return -1; + } + out_queue = odp_queue_create("ipsec-out", NULL); + if (ODP_QUEUE_INVALID == out_queue) { + fprintf(stderr, "Crypto outq creation failed.\n"); + return -1; + } + + return 0; +} + +static +int ipsec_term(odp_instance_t inst) +{ + odp_pool_t pool; + odp_queue_t out_queue; + + out_queue = odp_queue_lookup("ipsec-out"); + if (ODP_QUEUE_INVALID != out_queue) { + if (odp_queue_destroy(out_queue)) + fprintf(stderr, "Crypto outq destroy failed.\n"); + } else { + fprintf(stderr, "Crypto outq not found.\n"); + } + + pool = odp_pool_lookup("packet_pool"); + if (ODP_POOL_INVALID != pool) { + if (odp_pool_destroy(pool)) + fprintf(stderr, "Packet pool destroy failed.\n"); + } else { + fprintf(stderr, "Packet pool not found.\n"); + } + + if (0 != odp_term_local()) { + fprintf(stderr, "error: odp_term_local() failed.\n"); + return -1; + } + + if (0 != odp_term_global(inst)) { + fprintf(stderr, "error: odp_term_global() failed.\n"); + return -1; + } + + return 0; +} + int ipsec_main(int argc, char *argv[]) { int ret; @@ -35,8 +565,10 @@ int ipsec_main(int argc, char *argv[]) if (odp_cunit_parse_options(argc, argv)) return -1; - ret = odp_cunit_register(ipsec_suites); + odp_cunit_register_global_init(ipsec_outit); + odp_cunit_register_global_term(ipsec_term); + ret = odp_cunit_register(ipsec_suites); if (ret == 0) ret = odp_cunit_run(); diff --git a/test/common_plat/validation/api/ipsec/ipsec.h b/test/common_plat/validation/api/ipsec/ipsec.h index 290a186..e0d68c5 100644 --- a/test/common_plat/validation/api/ipsec/ipsec.h +++ b/test/common_plat/validation/api/ipsec/ipsec.h @@ -9,16 +9,56 @@ #include -/* test functions: */ -void ipsec_test_capability(void); - /* test arrays: */ -extern odp_testinfo_t ipsec_suite[]; - -/* test registry: */ -extern odp_suiteinfo_t ipsec_suites[]; +extern odp_testinfo_t ipsec_in_suite[]; +extern odp_testinfo_t ipsec_out_suite[]; /* main test program: */ int ipsec_main(int argc, char *argv[]); +struct suite_context_s { + odp_ipsec_op_mode_t pref_mode; + odp_pool_t pool; + odp_queue_t queue; +}; + +extern struct suite_context_s suite_context; + +typedef struct { + uint32_t len; + uint32_t l2_offset; + uint32_t l3_offset; + uint32_t l4_offset; + uint8_t data[256]; +} ipsec_test_packet; + +typedef struct { + const ipsec_test_packet *pkt_in; + int out_pkt; + struct { + odp_ipsec_op_status_t status; + const ipsec_test_packet *pkt_out; + } out[1]; +} ipsec_test_part; + +void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, + odp_bool_t in, + odp_bool_t ah, + uint32_t spi, + odp_cipher_alg_t cipher_alg, + const odp_crypto_key_t *cipher_key, + odp_auth_alg_t auth_alg, + const odp_crypto_key_t *auth_key); + +void ipsec_sa_destroy(odp_ipsec_sa_t sa); +odp_packet_t ipsec_packet(const ipsec_test_packet *itp); +odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t pkt); +void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, odp_bool_t lookup); +void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa); +void ipsec_check_out_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, odp_ipsec_sa_t sa_in); + +int ipsec_check(odp_bool_t in, odp_bool_t ah, odp_cipher_alg_t cipher, odp_auth_alg_t auth); +#define ipsec_check_ah(in, auth) ipsec_check(in, true, ODP_CIPHER_ALG_NULL, auth) +#define ipsec_check_esp(in, cipher, auth) ipsec_check(in, false, cipher, auth) + #endif diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_in.c b/test/common_plat/validation/api/ipsec/ipsec_test_in.c new file mode 100644 index 0000000..c774729 --- /dev/null +++ b/test/common_plat/validation/api/ipsec/ipsec_test_in.c @@ -0,0 +1,444 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "ipsec.h" + +#include "test_vectors.h" + +static +void test_in_ah_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_null_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_aes_cbc_null(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_aes_cbc_null_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_aes_cbc_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_aes_cbc_sha256_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_lookup_ah_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_lookup_esp_null_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_esp_pkt(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { { .all_error = 0, .error.proto = 1 }, NULL }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_ah_pkt(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { { .all_error = 0, .error.proto = 1 }, NULL }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_sha256_bad1(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1_bad1, + .out_pkt = 1, + .out = { + { { .all_error = 0, .error.auth = 1 }, NULL }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_sha256_bad2(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1_bad2, + .out_pkt = 1, + .out = { + { { .all_error = 0, .error.auth = 1 }, NULL }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_null_sha256_bad1(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1_bad1, + .out_pkt = 1, + .out = { + { { .all_error = 0, .error.auth = 1 }, NULL }, + }, + }; + + ipsec_check_in_one(&test, sa, true); + + ipsec_sa_destroy(sa); +} + +static +int ipsec_check_in_ah_sha256(void) +{ + return ipsec_check_ah(true, ODP_AUTH_ALG_SHA256_HMAC); +} + +static +int ipsec_check_in_esp_null_sha256(void) +{ + return ipsec_check_esp(true, ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA256_HMAC); +} + +static +int ipsec_check_in_esp_aes_cbc_null(void) +{ + return ipsec_check_esp(true, ODP_CIPHER_ALG_AES_CBC, ODP_AUTH_ALG_NULL); +} + +static +int ipsec_check_in_esp_aes_cbc_sha256(void) +{ + return ipsec_check_esp(true, ODP_CIPHER_ALG_AES_CBC, ODP_AUTH_ALG_SHA256_HMAC); +} + +odp_testinfo_t ipsec_in_suite[] = { + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256, ipsec_check_in_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256, ipsec_check_in_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_null, ipsec_check_in_esp_aes_cbc_null), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, ipsec_check_in_esp_aes_cbc_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, ipsec_check_in_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, ipsec_check_in_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, ipsec_check_in_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, ipsec_check_in_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad1, ipsec_check_in_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad2, ipsec_check_in_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_bad1, ipsec_check_in_esp_null_sha256), + ODP_TEST_INFO_NULL, +}; diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_out.c b/test/common_plat/validation/api/ipsec/ipsec_test_out.c new file mode 100644 index 0000000..d4ecaaf --- /dev/null +++ b/test/common_plat/validation/api/ipsec/ipsec_test_out.c @@ -0,0 +1,154 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "ipsec.h" + +#include "test_vectors.h" + +static +void test_out_ah_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, true, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_out_esp_null_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, false, 123, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_out_esp_aes_cbc_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + odp_ipsec_sa_t sa2; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.pref_mode; + ipsec_config.outbound_mode = suite_context.pref_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, false, 123, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_sa_param_fill(¶m, + true, false, 123, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa2 = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { { }, &pkt_icmp_0 }, + }, + }; + + ipsec_check_out_in_one(&test, sa, sa2); + + ipsec_sa_destroy(sa2); + ipsec_sa_destroy(sa); +} + +static +int ipsec_check_out_ah_sha256(void) +{ + return ipsec_check_ah(false, ODP_AUTH_ALG_SHA256_HMAC); +} + +static +int ipsec_check_out_esp_null_sha256(void) +{ + return ipsec_check_esp(false, ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA256_HMAC); +} + +static +int ipsec_check_both_esp_aes_cbc_sha256(void) +{ + return ipsec_check_esp(false, ODP_CIPHER_ALG_AES_CBC, ODP_AUTH_ALG_SHA256_HMAC) && + ipsec_check_esp(true, ODP_CIPHER_ALG_AES_CBC, ODP_AUTH_ALG_SHA256_HMAC); +} + +odp_testinfo_t ipsec_out_suite[] = { + ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256, ipsec_check_out_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256, ipsec_check_out_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, ipsec_check_both_esp_aes_cbc_sha256), + ODP_TEST_INFO_NULL, +}; diff --git a/test/common_plat/validation/api/ipsec/test_vectors.h b/test/common_plat/validation/api/ipsec/test_vectors.h new file mode 100644 index 0000000..47817bc --- /dev/null +++ b/test/common_plat/validation/api/ipsec/test_vectors.h @@ -0,0 +1,414 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef _ODP_TEST_IPSEC_VECTORS_H_ +#define _ODP_TEST_IPSEC_VECTORS_H_ + +#define KEY(name, ...) \ + static uint8_t name ## _data[] = { __VA_ARGS__ }; \ + static const ODP_UNUSED odp_crypto_key_t name = { \ + .data = name ## _data, \ + .length = sizeof(name ## _data), \ + } + +KEY(key_a5_128, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5); +KEY(key_5a_128, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a); +KEY(key_a5_256, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5); +KEY(key_5a_256, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a); + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { + .len = 142, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x12, 0x35, + 0x04, 0xef, 0x71, 0x73, 0xa1, 0xd4, 0x71, 0x3f, + 0xd6, 0x78, 0xfe, 0xa2, 0x59, 0xe9, 0x93, 0x70, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { + .len = 168, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5d, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { + .len = 168, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xdc, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x00, 0x01, + + /* ICV */ + 0x18, 0x00, 0x14, 0x3a, 0x54, 0x72, 0x98, 0xe8, + 0xc7, 0x2d, 0xfa, 0xeb, 0x70, 0xe0, 0x24, 0xdb, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { + .len = 168, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xdc, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x00, 0x01, + + /* ICV */ + 0x18, 0x00, 0x14, 0x3a, 0x54, 0x72, 0x98, 0xe8, + 0xc7, 0x2d, 0xfa, 0xeb, 0x70, 0xe0, 0x24, 0xdf, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xcc, 0xa6, 0x77, 0xa4, 0xda, 0x3a, 0x8d, 0x8c, + 0xdb, 0x0b, 0x77, 0xcd, 0x97, 0xa0, 0x90, 0xa6, + 0x96, 0x23, 0xad, 0x7e, 0x45, 0xe4, 0x32, 0xc3, + 0x0c, 0x54, 0xa9, 0x5a, 0x7a, 0xc9, 0xb4, 0x9f, + 0x59, 0x79, 0xe2, 0xfc, 0x5c, 0x7e, 0x27, 0x8b, + 0xad, 0x4a, 0x1f, 0x78, 0xe0, 0x92, 0x90, 0x70, + 0x79, 0xa2, 0x55, 0x38, 0x8f, 0x41, 0xe9, 0x07, + 0xfe, 0xfc, 0x04, 0x06, 0xda, 0xa5, 0xd4, 0xd8, + 0xcd, 0x02, 0x95, 0x54, 0x01, 0x25, 0xe2, 0x44, + 0x6f, 0xf7, 0x85, 0xa0, 0x53, 0xb9, 0x2b, 0xa1, + 0xad, 0x24, 0x62, 0xa3, 0x45, 0x3e, 0x3c, 0x75, + 0x44, 0x2d, 0x8f, 0x69, 0x8e, 0xa0, 0x64, 0x54, + 0xe6, 0x84, 0x3f, 0x8e, 0x9f, 0x5e, 0x74, 0x56, + 0x3c, 0x20, 0x0b, 0x1a, 0x7b, 0x1b, 0xb5, 0xd8, + 0x7e, 0xb0, 0xc4, 0x4d, 0x6e, 0xd1, 0x53, 0x05, + 0x28, 0xe9, 0x7d, 0xf9, 0xe5, 0x91, 0x98, 0xed, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { + .len = 186, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x00, 0x08, + + /* IP */ + 0x45, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xcc, 0xa6, 0x77, 0xa4, 0xda, 0x3a, 0x8d, 0x8c, + 0xdb, 0x0b, 0x77, 0xcd, 0x97, 0xa0, 0x90, 0xa6, + 0x96, 0x23, 0xad, 0x7e, 0x45, 0xe4, 0x32, 0xc3, + 0x0c, 0x54, 0xa9, 0x5a, 0x7a, 0xc9, 0xb4, 0x9f, + 0x59, 0x79, 0xe2, 0xfc, 0x5c, 0x7e, 0x27, 0x8b, + 0xad, 0x4a, 0x1f, 0x78, 0xe0, 0x92, 0x90, 0x70, + 0x79, 0xa2, 0x55, 0x38, 0x8f, 0x41, 0xe9, 0x07, + 0xfe, 0xfc, 0x04, 0x06, 0xda, 0xa5, 0xd4, 0xd8, + 0xcd, 0x02, 0x95, 0x54, 0x01, 0x25, 0xe2, 0x44, + 0x6f, 0xf7, 0x85, 0xa0, 0x53, 0xb9, 0x2b, 0xa1, + 0xad, 0x24, 0x62, 0xa3, 0x45, 0x3e, 0x3c, 0x75, + 0x44, 0x2d, 0x8f, 0x69, 0x8e, 0xa0, 0x64, 0x54, + 0xe6, 0x84, 0x3f, 0x8e, 0x9f, 0x5e, 0x74, 0x56, + 0x3c, 0x20, 0x0b, 0x1a, 0x7b, 0x1b, 0xb5, 0xd8, + 0x7e, 0xb0, 0xc4, 0x4d, 0x6e, 0xd1, 0x53, 0x05, + 0x28, 0xe9, 0x7d, 0xf9, 0xe5, 0x91, 0x98, 0xed, + + /* ICV */ + 0xaa, 0x81, 0xa0, 0xd0, 0x2f, 0x92, 0x85, 0x51, + 0x4e, 0x8d, 0x22, 0x2e, 0x54, 0x80, 0xf0, 0xd9, + }, +}; + +#endif