From patchwork Mon Nov 13 14:00:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118761 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1842067qgn; Mon, 13 Nov 2017 06:12:26 -0800 (PST) X-Google-Smtp-Source: AGs4zMax8zUn4+5AbRf28cDffltXiXN2qYCuuw+uvNq5liv1yJpztPfvCe5ekV++d/SG1KRN0Qop X-Received: by 10.200.15.24 with SMTP id e24mr14687714qtk.100.1510582346352; Mon, 13 Nov 2017 06:12:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582346; cv=none; d=google.com; s=arc-20160816; b=GKLzzhtva5JGVj8B+8iaa8AkqkUSql9SbIc+qxqgEKHNpj6I53VN5x1NVZR3QiZb53 qDOA8N9gO05EFL5YYmsEi73x7Glm3SESOntTJ5/g+/RE/kLue+PGYdnmq6qjB68zI5La 1OrAsnMgOHge0OmkZlnB/fio7ffMN0kFQEooTJgA2HYVQYRDCwgzav5VNBAXsQlX//oo cudJMsHitRqo2jfep8sKMS8y/ZNQUqBFmdsak39MxrJ9n0KmaO2Ldodxs15lT0FC0fT2 LbX2UfxTDTHXHHeOIGnZAyROomoFbAPeOVyC+NQvkgVdDAiB6ASmug2ZB/zm32/sIRse Fngw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=MZzI4Fg/WSDn/t0AViQwmzPjOsHKMnCpu0txlcQWoU4=; b=YBLnj6N9h9thuRZwymcp++gw3aVQ7T/mMWrPF/6DTCZhyWSTEdPXEKHqPQAGIuGxlE Z1ZfcS5u3YPqBUjG82uvU+hE6k0/TX1Uhzk12SR7epG9qsMkDOVbLvfmZMAJeMZHa4Ae xI+ZWdyLttvvy5aFa0mSf9xiUnAwFlT3tcAcOYMehN8ECPN1tpkVFs22aJDCZrL/snt8 HeH7blXAhNUjlhDHtd+R3QJQKQcoRKMpabirgiyAwKfhaS98btLYPuf+oqm5nQtWrFmK azXb2YexhfPgK9rE/4TIY4KZr4HIYiVwQKCJ6B1CDsApuheYSMd1zp4mG984fwwM38yv XH0g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id b84si10167536qkb.17.2017.11.13.06.12.26; Mon, 13 Nov 2017 06:12:26 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 0822460C47; Mon, 13 Nov 2017 14:12:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 70EFC60FFA; Mon, 13 Nov 2017 14:01:51 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 0DA936103A; Mon, 13 Nov 2017 14:01:32 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id 0D4EE608EE for ; Mon, 13 Nov 2017 14:00:33 +0000 (UTC) Received: from mxback15j.mail.yandex.net (mxback15j.mail.yandex.net [IPv6:2a02:6b8:0:1619::91]) by forward104p.mail.yandex.net (Yandex) with ESMTP id CCD5F181C27 for ; Mon, 13 Nov 2017 17:00:31 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback15j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id nEYzjVmPVL-0Vh4Yjue; Mon, 13 Nov 2017 17:00:31 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0VkSoGVV; Mon, 13 Nov 2017 17:00:31 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:15 +0300 Message-Id: <1510581630-13993-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 1/16] linux-gen: ipsec: use counter instead of random IV for GCM X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Reusing IV block with GCM results in disastrous consequences. Use counter instead of random-generated IV to remove possibility for IV reuse. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ .../linux-generic/include/odp_ipsec_internal.h | 16 ++++++++++--- platform/linux-generic/odp_ipsec.c | 28 +++++++++++++++------- platform/linux-generic/odp_ipsec_sad.c | 9 +++++++ 3 files changed, 42 insertions(+), 11 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 1340ca7bd..afc2f686e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -118,9 +118,17 @@ struct ipsec_sa_s { uint8_t salt[IPSEC_MAX_SALT_LEN]; uint32_t salt_length; - unsigned dec_ttl : 1; - unsigned copy_dscp : 1; - unsigned copy_df : 1; + union { + unsigned flags; + struct { + unsigned dec_ttl : 1; + unsigned copy_dscp : 1; + unsigned copy_df : 1; + + /* Only for outbound */ + unsigned use_counter_iv : 1; + }; + }; union { struct { @@ -136,6 +144,8 @@ struct ipsec_sa_s { odp_atomic_u32_t tun_hdr_id; odp_atomic_u32_t seq; + odp_atomic_u64_t counter; /* for CTR/GCM */ + uint8_t tun_ttl; uint8_t tun_dscp; uint8_t tun_df; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index e57736c2a..6a731e999 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -676,23 +676,36 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ip_data_len + ipsec_sa->icv_len; - if (ipsec_sa->esp_iv_len) { + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + goto out; + + memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + } else if (ipsec_sa->esp_iv_len) { uint32_t len; - len = odp_random_data(iv + ipsec_sa->salt_length, - ipsec_sa->esp_iv_len, + len = odp_random_data(iv, ipsec_sa->esp_iv_len, ODP_RANDOM_CRYPTO); if (len != ipsec_sa->esp_iv_len) { status->error.alg = 1; goto out; } - - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - - param.override_iv_ptr = iv; } + param.override_iv_ptr = iv; + if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; goto out; @@ -734,7 +747,6 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); odp_packet_copy_from_mem(pkt, ipsec_offset + _ODP_ESPHDR_LEN, ipsec_sa->esp_iv_len, diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index f0b5b9e4a..dc338bfcd 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -207,6 +207,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->context = param->context; ipsec_sa->queue = param->dest_queue; ipsec_sa->mode = param->mode; + ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) @@ -298,11 +299,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_NULL: ipsec_sa->esp_iv_len = 0; ipsec_sa->esp_block_len = 1; + crypto_param.iv.length = 0; break; case ODP_CIPHER_ALG_DES: case ODP_CIPHER_ALG_3DES_CBC: ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 8; + crypto_param.iv.length = 8; break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_CBC: @@ -310,11 +313,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_AES_CBC: ipsec_sa->esp_iv_len = 16; ipsec_sa->esp_block_len = 16; + crypto_param.iv.length = 16; break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_GCM: #endif case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; crypto_param.iv.length = 12; @@ -323,6 +328,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) return ODP_IPSEC_SA_INVALID; } + if (1 == ipsec_sa->use_counter_iv && + ODP_IPSEC_DIR_OUTBOUND == param->dir) + odp_atomic_init_u64(&ipsec_sa->out.counter, 1); + crypto_param.auth_digest_len = ipsec_sa->icv_len; if (param->crypto.cipher_key_extra.length) { From patchwork Mon Nov 13 14:00:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118762 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1842901qgn; Mon, 13 Nov 2017 06:13:07 -0800 (PST) X-Google-Smtp-Source: AGs4zMbnYjHD48Lz8QTu6cJZ8Elb/QtctREYDh8ycV4CRCH5HO+WDk0AuQCBX/rq6b/xMDs1+grF X-Received: by 10.200.15.164 with SMTP id b33mr12338267qtk.14.1510582387620; Mon, 13 Nov 2017 06:13:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582387; cv=none; d=google.com; s=arc-20160816; b=s1dZ7pRBK+2NsUV7TxtFQ8aY6zDlZckSsJp/w3+5uVIu+MpyPkKciZvIN4w4UF76HH WiLISFiO7DW0LjzMHa7oR/+eaAyao+BIaO1s1e4Kfc8o6FcCIhlShnR5M90c9HicvSzH AgSFhRT2XGAtPEmJdQGGddPRfNNRdoN+6XqhXro1dnSXqtnTaX+gpPYshzMvgzrlM9qI DrlyLBQBgCMLiR10CkrZK1THHSpSz1EiThaCuA66vLSjAeIu0Cs9i2fKURa7LVIbxwrO OIP9GxJtEsSa6Lnj+qGPAP9FQ4HY66baXTUQ1PiiXWYg72Dbl6MB9ypxHZyF+CPQ4weF UuMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=uN452Vh2MKchC6PQsRLPBJe4Hr+FsQek3IQpxlZwlJ4=; b=dn86e/MR1bDIfGoRhlm7Z9Kzrt4jTW3izcFvvPer1cbeE8tLWy0IPjjcVNhNYsopUs zz2YLt9j2K6cM5Yg59See4B3SQfVcevCRYjMcUMKSmUQvVB7UAo4svWoQsaO076Mb5gC MTM3Php/9BS1wk/7aX8cs4XbIU6BNHp7iboZRD9zFUKCfMKgKRrssdVkWrQ5iWA56y69 cVBKd7BAOq6NNc7XoJWIXIa11ZlEIGqaJthdfoUCTg8em/HJZc6IZCuF67R+0nZ/j7oW eT60gvBd+5rhNrt937vuMx2NIMHd00jE4LcY9KhUyLjANnknOAqWGnMmPn+iZuQ1mipy c7+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 41si8186506qtb.359.2017.11.13.06.13.07; Mon, 13 Nov 2017 06:13:07 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 31B2560D73; Mon, 13 Nov 2017 14:13:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 964956103A; Mon, 13 Nov 2017 14:01:56 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id DDD4360991; Mon, 13 Nov 2017 14:01:35 +0000 (UTC) Received: from forward102p.mail.yandex.net (forward102p.mail.yandex.net [77.88.28.102]) by lists.linaro.org (Postfix) with ESMTPS id E247260B16 for ; Mon, 13 Nov 2017 14:00:33 +0000 (UTC) Received: from mxback1o.mail.yandex.net (mxback1o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1b]) by forward102p.mail.yandex.net (Yandex) with ESMTP id 895C04301836 for ; Mon, 13 Nov 2017 17:00:32 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback1o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id IZZswz8ZH6-0WvqUunq; Mon, 13 Nov 2017 17:00:32 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0VkSD3br; Mon, 13 Nov 2017 17:00:31 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:16 +0300 Message-Id: <1510581630-13993-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 2/16] linux-gen: ipsec: set inline_mode flag for inline inbound packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Set IPsec inline_mode_flag for inbound inline packets according to the API specification. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ platform/linux-generic/odp_ipsec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6a731e999..f49fc4656 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -1131,6 +1131,7 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) memset(result, 0, sizeof(*result)); result->status = status; result->sa = ipsec_sa->ipsec_sa_hdl; + result->flag.inline_mode = 1; pkt_hdr = odp_packet_hdr(pkt); pkt_hdr->p.input_flags.dst_queue = 1; From patchwork Mon Nov 13 14:00:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118765 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1845462qgn; Mon, 13 Nov 2017 06:15:17 -0800 (PST) X-Google-Smtp-Source: AGs4zMYS9wQO5vJEDvYiGw7d/ZCvAof+7wFz4GYSHtXfNcPdU61rzJfKsZfllNPGNkLp/ck+u+yJ X-Received: by 10.55.22.7 with SMTP id g7mr14087414qkh.82.1510582517233; Mon, 13 Nov 2017 06:15:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582517; cv=none; d=google.com; s=arc-20160816; b=VdFGz7/0cspubocbnX+J80IHuOQh0/LnS+BLyL/ke6G/6rLp/OH6tjsipWqgBEBfHd 78XeWqcHYjydAOanW1mmIwVWEjslZ5A4+whlDOkv50UOwEIfu26zl81DINcWWqXfaivK zcs/QZPepaomI1zcgJhiTu56jFiuMia8cEHa2bO/2tKwke1IReuNE8F9WKAbliJZ94GY EJaVeVOoPNuJSzHebM0CbXkWnIrenXPg1Fyshe7Ca1wQdmXlpHKAFE3mob2XIjWP2dBb z3GfDXb4D93f1HlqnRQSoStXu/Tsaunf7gJCtEHkj4U6AlGCIEiIj9ox+npi6QoRMhxW Om5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=6Ot6lYKPDg23IxFU2moyB3/KeWSL7AVZqGXw9QDOc+E=; b=RPwAlhrdlUwt5SCpHcc166uRTZ/BHBZxkrgMEcl5sLVb3dCyJBsT0kwZ2FRGro9+Zq 4wOCGm0wbH2fEqrg7kkF5Gz/GWYnXrkJKyy3fQgvzGUY88j1qBkzm+AwwT9FxaWtmuHF uOSheLAp2KwgrQmcIbMGu3ECXNd1r0NHJEm5qgejSShhIddZe6MeUkm4uP0EpBnxl22c BkqYoFXZL6NCqqDXER3dr6mmKqIExeW2GmdO8QqOWsE342eH1XSTlZvmUZbpeCoHIfPf 4QdQ5Xuf5rNgyq9nmqA3DnWvXAfW3tRKLUCtFXk6UmGc2ou/aiee35B0kDTMfZy3ICJY hIIg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id z24si14839218qtz.159.2017.11.13.06.15.16; Mon, 13 Nov 2017 06:15:17 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id D39A361036; Mon, 13 Nov 2017 14:15:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 44E1B6104D; Mon, 13 Nov 2017 14:02:16 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 4CBC861039; Mon, 13 Nov 2017 14:01:39 +0000 (UTC) Received: from forward104j.mail.yandex.net (forward104j.mail.yandex.net [5.45.198.247]) by lists.linaro.org (Postfix) with ESMTPS id 49A7C60B47 for ; Mon, 13 Nov 2017 14:00:34 +0000 (UTC) Received: from mxback3o.mail.yandex.net (mxback3o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1d]) by forward104j.mail.yandex.net (Yandex) with ESMTP id E7BE041925 for ; Mon, 13 Nov 2017 17:00:32 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback3o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id GbLfSjtukJ-0WFOmpoD; Mon, 13 Nov 2017 17:00:32 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0WkqLTXs; Mon, 13 Nov 2017 17:00:32 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:17 +0300 Message-Id: <1510581630-13993-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 3/16] validation: ipsec: verify inline_mode flag X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Verify inline_mode flag being set for inbound inline packets. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ test/validation/api/ipsec/ipsec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index a8fdf2b14..ac0a083bd 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -608,6 +608,9 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + CU_ASSERT_EQUAL(suite_context.inbound_op_mode == + ODP_IPSEC_OP_MODE_INLINE, + result.flag.inline_mode); CU_ASSERT_EQUAL(sa, result.sa); } ipsec_check_packet(part->out[i].pkt_out, From patchwork Mon Nov 13 14:00:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118763 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1843790qgn; Mon, 13 Nov 2017 06:13:54 -0800 (PST) X-Google-Smtp-Source: AGs4zMaua10iRU+NeD6nTBWKD5jd976wstuZf2JKbS5ttEGnluN1Tk928AiGfbm+DEi9/8JssQK9 X-Received: by 10.200.47.152 with SMTP id l24mr9479090qta.275.1510582434484; Mon, 13 Nov 2017 06:13:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582434; cv=none; d=google.com; s=arc-20160816; b=gevXjFcd2GdMdqLJZPLAyWm1cOdHt9L6W2iRfm76Efyja1adpuvnHIA9EdfKBggMM7 xzE7/ks6TEUXyIHzYyV8VukNe77L2+q532v69eJHuod2GA0MN59YbAsF8ugiMfAargow LRjxv9w+Q57Gi7ifJKFeWCvxAxpDYxPdL5WLXwWyk0UDI1qSOoCt65K0KCQvi3q4O/uR R1IMk5govUmIs6gi729TJExHjhrdE/KlcyzlooAASMAQL60ZUSGiy1tE9ZDHXXuldgmr 5J7YTh/NE/+rn2RB72CgYOKqdrb9Hp/7Gj7Er7Z2mBdzyhUip2GTRYSym40a/gOutcKI Q1jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Tw+fQiFAlgiHj0J9ZiWfpb+YusqMvuQTelhDcfTWzLM=; b=j/zor1835ZSU5EHFpYxAaQeJqZkHlQqMBVyAe/3zitDNVNK1CeUONn/DZu9WTYyF/O GfUvdEhzgKr6mz0/fVbGxZugRkUhsFhtPx1l7ffQ+rxDQ3500lp+eVARq/GXDwucFLBg IeYJQ+6d9XHNH8PjLmxkuv2xVn7f76H2zm81yerDevkpqXzhMrnNiiADQCvbmhTkIk89 I5u7xb+6JlgvV0zV6RButhuNTkTj/EHnS2Medjefbd6LlswVi2/xD5d4FBK/+N9HferB iHN4Xi6zMn/7lBehqmV4NQXzeknUKLsjsixD1Ucx9U+iEouqn9nzDCmuHst6BOGHafg1 fr7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id k3si711304qkb.458.2017.11.13.06.13.54; Mon, 13 Nov 2017 06:13:54 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2826F61006; Mon, 13 Nov 2017 14:13:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id C7BF561044; Mon, 13 Nov 2017 14:02:01 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 693E360991; Mon, 13 Nov 2017 14:01:36 +0000 (UTC) Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net [5.45.198.241]) by lists.linaro.org (Postfix) with ESMTPS id 0F4EF60BDF for ; Mon, 13 Nov 2017 14:00:35 +0000 (UTC) Received: from mxback6o.mail.yandex.net (mxback6o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::20]) by forward101j.mail.yandex.net (Yandex) with ESMTP id 6C3DF1242C74 for ; Mon, 13 Nov 2017 17:00:33 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback6o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id hY491ZwACy-0XV4qJIM; Mon, 13 Nov 2017 17:00:33 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0WkarMGx; Mon, 13 Nov 2017 17:00:33 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:18 +0300 Message-Id: <1510581630-13993-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 4/16] validation: ipsec: drop unused file X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ test/validation/api/ipsec/ipsec_sync_in.c | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 test/validation/api/ipsec/ipsec_sync_in.c diff --git a/test/validation/api/ipsec/ipsec_sync_in.c b/test/validation/api/ipsec/ipsec_sync_in.c deleted file mode 100644 index 8a7fc4680..000000000 --- a/test/validation/api/ipsec/ipsec_sync_in.c +++ /dev/null @@ -1,27 +0,0 @@ -/* Copyright (c) 2017, Linaro Limited - * All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include "config.h" - -#include "ipsec.h" - -int main(int argc, char *argv[]) -{ - int ret; - - /* parse common options: */ - if (odp_cunit_parse_options(argc, argv)) - return -1; - - odp_cunit_register_global_init(ipsec_init); - odp_cunit_register_global_term(ipsec_term); - - ret = odp_cunit_register(ipsec_suites); - if (ret == 0) - ret = odp_cunit_run(); - - return ret; -} From patchwork Mon Nov 13 14:00:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118769 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1846972qgn; Mon, 13 Nov 2017 06:16:38 -0800 (PST) X-Google-Smtp-Source: AGs4zMawbzTXuxqowNfgR8NxKIZ3hxLQAZmjqvxiKkicIr3Gz12KYJCH7Ip4gu2DEuXkfFyRbPrt X-Received: by 10.55.197.201 with SMTP id k70mr12939629qkl.120.1510582598259; Mon, 13 Nov 2017 06:16:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582598; cv=none; d=google.com; s=arc-20160816; b=EHv+3lnXm0QYJmShf4Cdfxk08sgtGYmrP8epfs1VXJiU/wAT44uNtSjliEpn0H0NhC iwSraEawfJIVFz4WSUoWoJdQ4W1jaShtECvvxEhabVwpKeq2TeXPn7bSRXqQSkpHIgpi AvYUYpSlTa+B1Y9ZbKN5XM2CuH4RdAfGZdbsbgSXC+7HZGpuV4d7vAgIOYgJVms44cA9 +ZRifdG4DEFyCrGv252+4Z4Rnv3QF0FUBvE7zQz+7WwDho4fuc6iMD/VPRBZ0mQExtuc MJbYWIMvbZc877EMCLTV8iean3qLhtKD1/xPPagIF+EcVb02jQzMSqN+KK8QfxT2Ujj0 2kKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=9iDQFLdRvE68HzO0HUahTVmgVyGUUQHdFYUaTz3c68w=; b=A12VXNQ6SZmaDO0wDytNBjFYr8MlR++s8YwoPtWpx3j2zzVHcdugp35PxD7YRIO/Ft uGsbUDs3Js7rV/Bk4sqpWOCXngVZ4bsttd6tl04YT6ZkcK9+pUBTCsz2GD0mXixqBbbi IbpfihtCWQ9x2zxtcq5ccl67Zpm4dQtvps0oEL8Xg1I1Tjod29ZqycVSga9lgFDHUFJD fU+ELnTZdJpeKIdq+wmy7I+EKI/rgbzAlhX2gIqpeURsNviBLzRs4i4Mp3UZ9ekOgYaf QTbDSC9XRMh/rXCmeIXzYZT6U4DqryPMu+nZnpaDANCKoMBGT4oU19I9HPNhjdNU+fpC S9ww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 41si8193204qtb.359.2017.11.13.06.16.37; Mon, 13 Nov 2017 06:16:38 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id C26DB6103A; Mon, 13 Nov 2017 14:16:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id EEC4961055; Mon, 13 Nov 2017 14:02:25 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 453B56103A; Mon, 13 Nov 2017 14:01:42 +0000 (UTC) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [5.45.198.243]) by lists.linaro.org (Postfix) with ESMTPS id F0FDF60B4D for ; Mon, 13 Nov 2017 14:00:34 +0000 (UTC) Received: from mxback10g.mail.yandex.net (mxback10g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:171]) by forward102j.mail.yandex.net (Yandex) with ESMTP id E9BCE5601CD1 for ; Mon, 13 Nov 2017 17:00:33 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback10g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id UfGOwjyL21-0XxuKIuA; Mon, 13 Nov 2017 17:00:33 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0XkqdtQb; Mon, 13 Nov 2017 17:00:33 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:19 +0300 Message-Id: <1510581630-13993-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 5/16] validation: ipsec: verify odp_ipsec_sa_context X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ test/validation/api/ipsec/ipsec.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index ac0a083bd..853bd88a9 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -19,6 +19,9 @@ struct suite_context_s suite_context; #define PKT_POOL_NUM 64 #define PKT_POOL_LEN (1 * 1024) +#define PACKET_USER_PTR ((void *)0x1212fefe) +#define IPSEC_SA_CTX ((void *)0xfefefafa) + static odp_pktio_t pktio_create(odp_pool_t pool) { odp_pktio_t pktio; @@ -300,6 +303,8 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, param->dest_queue = suite_context.queue; + param->context = IPSEC_SA_CTX; + param->crypto.cipher_alg = cipher_alg; if (cipher_key) param->crypto.cipher_key = *cipher_key; @@ -317,6 +322,8 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) odp_event_t event; odp_ipsec_status_t status; + CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa)); if (ODP_QUEUE_INVALID != suite_context.queue) { @@ -339,8 +346,6 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa)); } -#define PACKET_USER_PTR ((void *)0x1212fefe) - odp_packet_t ipsec_packet(const ipsec_test_packet *itp) { odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len); @@ -612,6 +617,9 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) ODP_IPSEC_OP_MODE_INLINE, result.flag.inline_mode); CU_ASSERT_EQUAL(sa, result.sa); + if (ODP_IPSEC_SA_INVALID != sa) + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -645,6 +653,8 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -682,6 +692,8 @@ void ipsec_check_out_in_one(const ipsec_test_part *part, CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <= sizeof(pkt_in.data)); From patchwork Mon Nov 13 14:00:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118770 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1847694qgn; Mon, 13 Nov 2017 06:17:14 -0800 (PST) X-Google-Smtp-Source: AGs4zMbOlXnWkZHQc8aC6jKZxYefUKzbv848IlMGAxXFIKROTYDYsUJXVwSSv2Rnt0v4fmcpu1Mv X-Received: by 10.55.150.195 with SMTP id y186mr13926171qkd.228.1510582634868; Mon, 13 Nov 2017 06:17:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582634; cv=none; d=google.com; s=arc-20160816; b=AMasnaKXO2CmDS3m2tivlFeMpHwJHyeklvAn1rlzxn3SlcltwXq1xa9eSchl9OL178 a8yU/bfJDt+50g2O+ciBS6MMRkRaL8qLVVztO6QkeB/r30EqlVnVnGmw9XAu/2cOeorB pWpbZ42E9+mHxyHzIDFGYmf2d4+Kfkd7hMvYnK9UUukl850+UBGwHeZ3jpLpXhkNmsiP Vn23t43XApFqHw8/x4QIYbefjx209pg9WRIDG7lLq3O61Y/W10qgdkvTU4yvgwhx1T2M yKPNgay85efrZ4qhWuJoR4ZTkrJHoM8g2/y3yEazoIs5ffRb4tpPnjzblotMsDRuDKC1 sZcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=ajHfn1IqOATgGsWs3rKe6M8QOJa/7OhUyUgssE+6Imw=; b=0F5/0ryDwEbNgD2o6z4nUPHI8AJ3I1XYSw3fqq+cqV0GXzd/g+8SZQimzN9EAI2MvT DYbB9/RNqOpVxUzoRoaUzwx/XS13dvjXhjRTpJyQ7GqIkEg9ti2xX9OWapAWhaMhiHx8 fP3o6LKry0W2R6ZuGEczJCOIB6zJZAdFUf6K4iMVcVP+JZP1HEHiT9RE0lZGWksvjqrj prvl5jJ9Hsfbs6aGlrc/MFbZgu7tV3zhy4R3wQTWQlkslFjGqqkxbHoVLSSyNySnkN4x QOjyoLhPfGENfcaNAtQBEgQh80z/8zCNHzooP5WgxU7OUdFGXxczuR7QNmsf8P7fzFVX plmQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o55si3123472qtf.68.2017.11.13.06.17.14; Mon, 13 Nov 2017 06:17:14 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 83D096102E; Mon, 13 Nov 2017 14:17:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 49BB561054; Mon, 13 Nov 2017 14:02:36 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E724B61039; Mon, 13 Nov 2017 14:01:42 +0000 (UTC) Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net [5.45.198.241]) by lists.linaro.org (Postfix) with ESMTPS id 6987D60D73 for ; Mon, 13 Nov 2017 14:00:35 +0000 (UTC) Received: from mxback9g.mail.yandex.net (mxback9g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:170]) by forward101j.mail.yandex.net (Yandex) with ESMTP id 61AD01243024 for ; Mon, 13 Nov 2017 17:00:34 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback9g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id hscDl5rybC-0Yg4RotW; Mon, 13 Nov 2017 17:00:34 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0Xk0YBcT; Mon, 13 Nov 2017 17:00:33 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:20 +0300 Message-Id: <1510581630-13993-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 6/16] linux-gen: ipsec: fix soft/hard limits check X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Split count expiration check into two phases: - optional precheck, run before crypto, which fails only if hard limit is already breached - update, run after crypto in INBOUND case, so that limits will not be updated for packets failing ICV check. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ .../linux-generic/include/odp_ipsec_internal.h | 10 +++++++++- platform/linux-generic/odp_ipsec.c | 12 +++++------ platform/linux-generic/odp_ipsec_sad.c | 23 +++++++++++++++++++++- 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index afc2f686e..68ab195c7 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -185,11 +185,19 @@ void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa); ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup); /** + * Run pre-check on SA usage statistics. + * + * @retval <0 if hard limits were breached + */ +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status); + +/** * Update SA usage statistics, filling respective status for the packet. * * @retval <0 if hard limits were breached */ -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); /** diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index f49fc4656..dc6359d6e 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -412,9 +412,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; param.session = ipsec_sa->session; @@ -449,6 +447,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -830,9 +831,8 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + /* No need to run precheck here, we know that packet is authentic */ + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; param.session = ipsec_sa->session; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index dc338bfcd..e42bf94ef 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -479,7 +479,28 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) return best; } -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status) +{ + int rc = 0; + + if (ipsec_sa->hard_limit_bytes > 0 && + odp_atomic_load_u64(&ipsec_sa->bytes) > + ipsec_sa->hard_limit_bytes) { + status->error.hard_exp_bytes = 1; + rc = -1; + } + if (ipsec_sa->hard_limit_packets > 0 && + odp_atomic_load_u64(&ipsec_sa->packets) > + ipsec_sa->hard_limit_packets) { + status->error.hard_exp_packets = 1; + rc = -1; + } + + return rc; +} + +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status) { uint64_t bytes = odp_atomic_fetch_add_u64(&ipsec_sa->bytes, len) + len; From patchwork Mon Nov 13 14:00:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118767 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1846141qgn; Mon, 13 Nov 2017 06:15:56 -0800 (PST) X-Google-Smtp-Source: AGs4zMasBmRUPuSrz/seC2m22vaoh9sM14P+rVaV9TnOLESv26CWURB1th9Hp+6y+RX8+CyYI4bD X-Received: by 10.55.43.134 with SMTP id r6mr12958731qkr.266.1510582555888; Mon, 13 Nov 2017 06:15:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582555; cv=none; d=google.com; s=arc-20160816; b=OJUhEikO+5hIXp6M2s81mREZxUxwtGxvt4o3oOBdz/s4nG3JjbDKZP7o7AwWyZ7sTA E6/ETSf/FV1DNvrH1yV83fCnWvN2H6uc2rRReKN1tPJKMztzR6iFvHKyq80jZZ9wp9eH DGN8TT4qWRYPJATyZzhkTUZEAruL7RFfmYn1WnX+Tennwac70lMdJfbECNFTqrKl1rDa aDjbjQWrll+f4Wgn/UNyBF1IgQUj4U0K5ncRujuI5VOrbiAiso7CPnFY2Cd/APlfrUj4 D3xpCRnkSy2euiz5ZcHhDCFS+wVaNKwikLANteww3vuHO2Rp3LlfnxZPWY6zYX31hyjU 8tsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=i0RTBcAVukMR8iw7aCls92hTf37HY0zmYgNqTmcvF6I=; b=C/b4okjPeXOA0RqqmNF2UQIOOglp2G28/Tg/rIJtBreoDXFcqCdx8xYQzyaW5bRNbl 77QN4VG2wgTha5LneQvRHa4gLS5yuxtwfeFm4+XitaLI0Mfj2HqaxrzvZFbxHnIqbB3X YZJzuaVklNLI+dMoSyyA95wZE7z4GZpm2bl+wdJCftiyqNaPVxHhKAmIjgrs5rVcglKV V/FmIHFjCuQcBIzS8qYVLanaDvsm9zC4PqsmqMTZsgMTFL7d3bF/5H8/z/E3jjLmD2zy BzdZ14c6MUSZvLkktdqyOcApahfi6nbmr995LKYdmpVJwU/aZ+do63XhaoFrBJ3GGfhK BQIA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id e86si4200255qkj.357.2017.11.13.06.15.55; Mon, 13 Nov 2017 06:15:55 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 7395361033; Mon, 13 Nov 2017 14:15:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 8ECC661052; Mon, 13 Nov 2017 14:02:19 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id C7A6E60B47; Mon, 13 Nov 2017 14:01:40 +0000 (UTC) Received: from forward106o.mail.yandex.net (forward106o.mail.yandex.net [37.140.190.187]) by lists.linaro.org (Postfix) with ESMTPS id 0170460DC1 for ; Mon, 13 Nov 2017 14:00:36 +0000 (UTC) Received: from mxback9j.mail.yandex.net (mxback9j.mail.yandex.net [IPv6:2a02:6b8:0:1619::112]) by forward106o.mail.yandex.net (Yandex) with ESMTP id E75B3781010 for ; Mon, 13 Nov 2017 17:00:34 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback9j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id iVjnC52Tdy-0YC0MYNa; Mon, 13 Nov 2017 17:00:34 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0YkqCwL0; Mon, 13 Nov 2017 17:00:34 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:21 +0300 Message-Id: <1510581630-13993-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 7/16] linux-gen: ipsec: add replay window support to SAD X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ .../linux-generic/include/odp_ipsec_internal.h | 20 ++++++++ platform/linux-generic/odp_ipsec_sad.c | 60 ++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 68ab195c7..0a7f96256 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -81,6 +81,9 @@ int _odp_ipsec_status_send(odp_queue_t queue, #define IPSEC_MAX_SALT_LEN 4 /**< Maximum salt length in bytes */ +/* 32 is minimum required by the standard. We do not support more */ +#define IPSEC_ANTIREPLAY_WS 32 + /** * Maximum number of available SAs */ @@ -127,6 +130,9 @@ struct ipsec_sa_s { /* Only for outbound */ unsigned use_counter_iv : 1; + + /* Only for inbound */ + unsigned antireplay : 1; }; }; @@ -134,6 +140,7 @@ struct ipsec_sa_s { struct { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; + odp_atomic_u64_t antireplay; } in; struct { @@ -200,6 +207,19 @@ int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); +/* Run pre-check on sequence number of the packet. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); + +/* Run check on sequence number of the packet and update window if necessary. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); /** * Try inline IPsec processing of provided packet. * diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index e42bf94ef..c30119249 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -215,6 +215,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) param->inbound.lookup_param.dst_addr, sizeof(ipsec_sa->in.lookup_dst_ip)); + if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) + return ODP_IPSEC_SA_INVALID; + ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); + odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } @@ -528,3 +532,59 @@ int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, return rc; } + +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + /* Try to be as quick as possible, we will discard packets later */ + if (ipsec_sa->antireplay && + seq + IPSEC_ANTIREPLAY_WS <= + (odp_atomic_load_u64(&ipsec_sa->in.antireplay) & 0xffffffff)) { + status->error.antireplay = 1; + return -1; + } + + return 0; +} + +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + int cas = 0; + uint64_t state, new_state; + + if (!ipsec_sa->antireplay) + return 0; + + state = odp_atomic_load_u64(&ipsec_sa->in.antireplay); + + while (0 == cas) { + uint32_t max_seq = state & 0xffffffff; + uint32_t mask = state >> 32; + + if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) { + status->error.antireplay = 1; + return -1; + } + + if (seq > max_seq) { + mask <<= seq - max_seq; + mask |= 1; + max_seq = seq; + } else { + if (mask & (1U << (max_seq - seq))) { + status->error.antireplay = 1; + return -1; + } + + mask |= (1U << (max_seq - seq)); + } + + new_state = (((uint64_t)mask) << 32) | max_seq; + + cas = odp_atomic_cas_acq_rel_u64(&ipsec_sa->in.antireplay, + &state, new_state); + } + + return 0; +} From patchwork Mon Nov 13 14:00:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118777 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1851241qgn; Mon, 13 Nov 2017 06:20:21 -0800 (PST) X-Google-Smtp-Source: AGs4zMZfsA8I73U0RYkECkfI7NXk4ypS2gZt1Geuadcs4qss9a//RvJ1gUdun2faGcjueDYnVwKE X-Received: by 10.55.157.133 with SMTP id g127mr13491737qke.280.1510582820935; Mon, 13 Nov 2017 06:20:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582820; cv=none; d=google.com; s=arc-20160816; b=qeMyalXPhNFaq36lPYPLuuf1nVnpkg/DyxiETXeTMrIuXOOMJtbYBgGEMpLBkTXx4f psjeIBtlw2OZ7U/u3G+G/0KgUcg3TLc5d686hgybWERZIQ1+58VMIPSYFst9f5FTkEqm 2bYN+UiskNL2ojPZdS9oGwLO/YljbGDIJPoJ14sQ4THj9W0i66h4TmEIEh0TCiJSG1NT OpXSGyWnKT8S4C+VTx5Rna4bwxLhJvfY/mxd7+ETlJTbMn4RLun7r9HsdYP0eQZsD8PY 70vVuQM6gXFcxndCTk3TRLSb87muSflk5jjVeJeZz2YB/VWYlWwVot4vQor6kUku2u+4 TtPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=4JPs8D0Jog5lAgmfvHlwn3tFKoQWCGbaCqkCxQ5k758=; b=CD/xpP4ozNmgX4/5zXcReAGBWBcNLG/kyJvBriQd3bZs5CDDFLuik05aInpzY6d2z6 SNVzyoRXMyxlUWQsJF5c4e3ZM60kb5CwNNiCBwgnuy6xo0T5pe6z8xzxlV9FG+Nlps43 gruLs5LC9aPab9Cdn/ENKZQ0DBp1O4TCJnWvzQp4OxXOwfyiMyT+i2yjKrV6jhOu1ycD ELLr+fT9hk1lzofmQOGXl42spygi4/cucGLotERLA6aeOqaUYTt/Ruk9c7v3OAI9j34r ejxlT1p7R5JgiIPZC3SDi3VNDCyCn0w3hkgS/23/HwtnSxWfc+Bg086ogJtEH86c671l hdgQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id j94si731504qkh.331.2017.11.13.06.20.20; Mon, 13 Nov 2017 06:20:20 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 863B060991; Mon, 13 Nov 2017 14:20:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 4C3EC61203; Mon, 13 Nov 2017 14:03:06 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id BE0CF61039; Mon, 13 Nov 2017 14:01:45 +0000 (UTC) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [5.45.198.243]) by lists.linaro.org (Postfix) with ESMTPS id 4E06460F70 for ; Mon, 13 Nov 2017 14:00:36 +0000 (UTC) Received: from mxback2j.mail.yandex.net (mxback2j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10b]) by forward102j.mail.yandex.net (Yandex) with ESMTP id 4A6AE5602D14 for ; Mon, 13 Nov 2017 17:00:35 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback2j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id aHqgF3Z2tI-0ZFmt0S9; Mon, 13 Nov 2017 17:00:35 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0YkqMvD9; Mon, 13 Nov 2017 17:00:34 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:22 +0300 Message-Id: <1510581630-13993-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 8/16] linux-gen: ipsec: support replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ platform/linux-generic/odp_ipsec.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index dc6359d6e..1f9d410db 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -42,6 +42,8 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; + capa->max_antireplay_ws = IPSEC_ANTIREPLAY_WS; + rc = odp_crypto_capability(&crypto_capa); if (rc < 0) return rc; @@ -402,6 +404,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = 0; ip->ttl = 0; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + param.auth_range.offset = ip_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN; @@ -412,6 +420,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_replay_precheck(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; @@ -450,6 +463,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; + if (_odp_ipsec_sa_replay_update(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -809,6 +827,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ah.next_header = ip->proto; ip->proto = _ODP_IPPROTO_AH; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_AHHDR_LEN, &ah); From patchwork Mon Nov 13 14:00:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118771 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1848608qgn; Mon, 13 Nov 2017 06:18:01 -0800 (PST) X-Google-Smtp-Source: AGs4zMYg0uVcOwsTXNcuSB3B/Y4uzxHGPMSGfZBbCWA4dC1zesTXSDaGUyEW5T7SXTaV4HGQ1ILq X-Received: by 10.237.42.100 with SMTP id k33mr14373760qtf.222.1510582681585; Mon, 13 Nov 2017 06:18:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582681; cv=none; d=google.com; s=arc-20160816; b=VI0Saak6ObFtym967by5wVa9DimIEtb44T7in6SWxpYlFRWeHksR5Q1HZz3mOnYsy/ bRPoEq0hTKDxAO6p4GSKsFOkrFdCQnufbyh4r+lwz7/MGS5HRD65CRzmnfbDS16FuOCw HBL/gdIq1RkfUx6UOcaeQFm+unDHWrHWII/1if5iUzFeU680X2G50EyLi3Cwp097VJzo NoEw0T06xSU+uYK0rjrz8dKWPiCCSm1UtqciDi4P3vOBWiU3iJw/m8vbpMcb7Bct6jWX zYx5P9a2NsELhbC6fWh8nbxM07dc+T+vEkWc+Mt1uprOk3LtEncSJPz/cUERo2CO3zLn 4KyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=k6ahkpEuLxfFnf+/KLYoUS+iBImVIYimtR5R0rP6b2g=; b=QH/l+NUeaSjRVHO2eo2HHwnG34VWve6B6KdWgVyuYHZsWTHSfy3jvQz57tgfjFNacz +iMAH7x/Tm1uTzSLfk6Prpx5fb5Ylc+b2++8aLoD3zCDJqM2FYtc1EktJsOJBFPDh4up FKyjQJp6iX7Nt5Vdi+t+CNCM3k5HZdp+C6uh3z53XcPwsXFuIz9SaYfTh5j6HZWW/5qf gF2kohdrvPVm/T/FfOdU6ESVkE85QkF5fBc/NgQK5OsfuStjIZtfdOPFVUCtkO/fYljf d3kjuL6AucEP4BXDkAFGQ/MuGWzw+qYCHQV8jws8KPLfpRd0E2y6HyZg+c2KMncPUksj NT4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id e46si6947292qte.431.2017.11.13.06.18.01; Mon, 13 Nov 2017 06:18:01 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 3CB3C61041; Mon, 13 Nov 2017 14:18:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 82DEB610D7; Mon, 13 Nov 2017 14:02:44 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 75A2660D73; Mon, 13 Nov 2017 14:01:43 +0000 (UTC) Received: from forward103p.mail.yandex.net (forward103p.mail.yandex.net [77.88.28.106]) by lists.linaro.org (Postfix) with ESMTPS id 188A260FFA for ; Mon, 13 Nov 2017 14:00:37 +0000 (UTC) Received: from mxback13j.mail.yandex.net (mxback13j.mail.yandex.net [IPv6:2a02:6b8:0:1619::88]) by forward103p.mail.yandex.net (Yandex) with ESMTP id 081CC21833B6 for ; Mon, 13 Nov 2017 17:00:36 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback13j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id gPiboK3vnz-0Zb4Z1of; Mon, 13 Nov 2017 17:00:35 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0ZkqDist; Mon, 13 Nov 2017 17:00:35 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:23 +0300 Message-Id: <1510581630-13993-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 9/16] validation: ipsec: add replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ test/validation/api/ipsec/ipsec_test_in.c | 204 ++++++++++++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 87 +++++++++++++ 2 files changed, 291 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 25fc00e11..598a83e3f 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -284,6 +284,202 @@ static void test_in_esp_null_sha256_tun(void) ipsec_sa_destroy(sa); } +static void test_in_ah_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ah_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ah_esp_pkt(void) { odp_ipsec_sa_param_t param; @@ -797,6 +993,14 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_noreplay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_replay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_noreplay, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_replay, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 2fb06b2b7..593a8f450 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -278,6 +278,50 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x12, 0x35, + 0x04, 0xef, 0x71, 0x73, 0xa1, 0xd4, 0x71, 0x3f, + 0xd6, 0x78, 0xfe, 0xa2, 0x59, 0xe9, 0x93, 0x70, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { .len = 170, .l2_offset = 0, @@ -412,6 +456,49 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x12, 0x35, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0x2f, 0xfb, 0xdd, 0x9d, 0xc0, 0xca, 0xb8, 0x0a, + 0xaa, 0xf1, 0x59, 0x31, 0x4e, 0xef, 0x62, 0x50, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { .len = 170, .l2_offset = 0, From patchwork Mon Nov 13 14:00:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118778 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1851850qgn; Mon, 13 Nov 2017 06:20:52 -0800 (PST) X-Google-Smtp-Source: AGs4zMbkGlzFCPRED36Vy/HOGD4cmQCWHbkfC41E292u7oBZICm0vpr9pNnpZGHBSAzjhT9a2oxy X-Received: by 10.200.37.107 with SMTP id 40mr14704215qtn.85.1510582852568; Mon, 13 Nov 2017 06:20:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582852; cv=none; d=google.com; s=arc-20160816; b=Ncvb+IEvcDwEWULxlJhZpxbKoSZW1Ef6xQ9DejRZFpZb7VkGdI/XCyjDTIBWBFTer0 SwykdgZ+ERkcgjH6QEIp3Bbc33tjBuAJYaQE8s54tLIQXrg89F4/yWB1Ii47tcZwy9EO 0EjCoGIF1oNRiFMW0RvHWi7+sVXkg40Zq/yt7L1QJj5+Wr30whRHDpaxwrR0ZC9zmyhK WQ4yeHUDmSjEeUnLa6iSTAStYXAapFdtfmlXqoEB+kH4iKMJk4LSL/ITaeUL/OATEXMI ix15eTqOMsFZtdh9H7jgEc1OGXD3wt72JzyMxGGBZot7H34HwGTow/s34yBZUrH57ctk eVEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=AtPuHPou6/V2tU1/sR+dtx7Rl1q0jf5MNO8cpYrNFso=; b=ojcn2qIxcfuMjiIQIvpEK79BzcUC7S+yvaUYvqKTezcnTlmTuhxPUxhNhu9aIsYx3s LaOlCPdZiVscsrJHIgJUa0ZrmROuamXQrKHnMNA6cPvY4xgAwqqPbuuxqlqBSqkZrV2O PAa9g9LFITBQwZ8r7UFmM8xIs8jsxIOXpfqWvNlPP4LEe0d7Sp+hEgLFhVV6mriyfpIs cnEcPH2lPgKeDGxqNr6dk/0GKgWd0t2E+1LNQvDzV0WL9ujYZBPXARbZUMpYzno/dolP 5Dz6vG7wOaghB9tTJNguzo1AllUhTN52ngIOTc7U4p+FEnLl0XCWXEVbHsYXzHjKJWdG rmaw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id d188si858907qke.403.2017.11.13.06.20.52; Mon, 13 Nov 2017 06:20:52 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 447CF61021; Mon, 13 Nov 2017 14:20:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 9F6B56156A; Mon, 13 Nov 2017 14:03:08 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 761DC61105; Mon, 13 Nov 2017 14:02:48 +0000 (UTC) Received: from forward103o.mail.yandex.net (forward103o.mail.yandex.net [37.140.190.177]) by lists.linaro.org (Postfix) with ESMTPS id C94A461001 for ; Mon, 13 Nov 2017 14:00:43 +0000 (UTC) Received: from mxback9j.mail.yandex.net (mxback9j.mail.yandex.net [IPv6:2a02:6b8:0:1619::112]) by forward103o.mail.yandex.net (Yandex) with ESMTP id D05285881C09 for ; Mon, 13 Nov 2017 17:00:36 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback9j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id FHALVgTqAd-0aCOeBFX; Mon, 13 Nov 2017 17:00:36 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0akKeHXp; Mon, 13 Nov 2017 17:00:36 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:24 +0300 Message-Id: <1510581630-13993-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 10/16] linux-gen: ipsec: mark IPsec packets with errors with error flag X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add new ipsec_err error flag, which is set by IPsec code if there was an error during IPsec packet processing. This allow application code to quickly check packets using odp_packet_has_error() function and use fast path if there was none. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ .../linux-generic/include/odp_packet_internal.h | 1 + platform/linux-generic/odp_ipsec.c | 104 ++++++++++++--------- 2 files changed, 60 insertions(+), 45 deletions(-) diff --git a/platform/linux-generic/include/odp_packet_internal.h b/platform/linux-generic/include/odp_packet_internal.h index fc10d61c8..e62854b1e 100644 --- a/platform/linux-generic/include/odp_packet_internal.h +++ b/platform/linux-generic/include/odp_packet_internal.h @@ -55,6 +55,7 @@ typedef union { uint32_t tcp_err:1; /**< TCP error, checks TBD */ uint32_t udp_err:1; /**< UDP error, checks TBD */ uint32_t l4_chksum:1; /**< L4 checksum error */ + uint32_t ipsec_err:1; /**< IPsec error */ }; } error_flags_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 1f9d410db..f8085756f 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -272,6 +272,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, uint8_t ip_ttl; /**< Saved IP TTL value */ uint16_t ip_frag_offset; /**< Saved IP flags value */ odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); ODP_ASSERT(NULL != ip); @@ -287,7 +288,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.proto = 1; - goto out; + goto err; } /* Check IP header for IPSec protocols and look it up */ @@ -297,7 +298,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(esp), &esp) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_SA_INVALID == sa) { @@ -310,7 +311,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_lookup(&lookup); if (NULL == ipsec_sa) { status->error.sa_lookup = 1; - goto out; + goto err; } } else { ipsec_sa = _odp_ipsec_sa_use(sa); @@ -318,7 +319,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ipsec_sa->proto != ODP_IPSEC_ESP || ipsec_sa->spi != odp_be_to_cpu_32(esp.spi)) { status->error.proto = 1; - goto out; + goto err; } } @@ -328,7 +329,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa->esp_iv_len, iv + ipsec_sa->salt_length) < 0) { status->error.alg = 1; - goto out; + goto err; } hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; @@ -362,7 +363,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(ah), &ah) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_SA_INVALID == sa) { @@ -375,7 +376,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_lookup(&lookup); if (NULL == ipsec_sa) { status->error.sa_lookup = 1; - goto out; + goto err; } } else { ipsec_sa = _odp_ipsec_sa_use(sa); @@ -383,7 +384,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ipsec_sa->proto != ODP_IPSEC_AH || ipsec_sa->spi != odp_be_to_cpu_32(ah.spi)) { status->error.proto = 1; - goto out; + goto err; } } @@ -417,16 +418,16 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, stats_length = param.auth_range.length; } else { status->error.proto = 1; - goto out; + goto err; } if (_odp_ipsec_sa_replay_precheck(ipsec_sa, odp_be_to_cpu_32(aad.seq_no), status) < 0) - goto out; + goto err; if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) - goto out; + goto err; param.session = ipsec_sa->session; @@ -434,14 +435,14 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } rc = odp_crypto_result(&crypto, pkt); if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } if (!crypto.ok) { @@ -457,16 +458,16 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ODP_CRYPTO_HW_ERR_NONE)) status->error.auth = 1; - goto out; + goto err; } if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) - goto out; + goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, odp_be_to_cpu_32(aad.seq_no), status) < 0) - goto out; + goto err; ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); @@ -484,18 +485,18 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, esptrl_offset, sizeof(esptrl), &esptrl) < 0) { status->error.proto = 1; - goto out; + goto err; } if (ip_offset + esptrl.pad_len > esptrl_offset) { status->error.proto = 1; - goto out; + goto err; } if (_odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, ipsec_padding, esptrl.pad_len) != 0) { status->error.proto = 1; - goto out; + goto err; } ip->proto = esptrl.next_header; @@ -509,7 +510,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(ah), &ah) < 0) { status->error.alg = 1; - goto out; + goto err; } ip->proto = ah.next_header; @@ -520,12 +521,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); } else { status->error.proto = 1; - goto out; + goto err; } if (odp_packet_trunc_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { @@ -536,7 +537,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_trunc_head(&pkt, ip_hdr_len + hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } } else { odp_packet_move_data(pkt, hdr_len, 0, @@ -544,7 +545,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_trunc_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } } @@ -559,15 +560,21 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, _odp_ipv4_csum_update(pkt); } - if (!status->error.all) { - odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + pkt_hdr = odp_packet_hdr(pkt); + + packet_parse_reset(pkt_hdr); - packet_parse_reset(pkt_hdr); + packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), + ip_offset, _ODP_ETHTYPE_IPV4); + + *pkt_out = pkt; + + return ipsec_sa; + +err: + pkt_hdr = odp_packet_hdr(pkt); + pkt_hdr->p.error_flags.ipsec_err = 1; - packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - ip_offset, _ODP_ETHTYPE_IPV4); - } -out: *pkt_out = pkt; return ipsec_sa; @@ -606,6 +613,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, uint8_t ip_ttl; /**< Saved IP TTL value */ uint16_t ip_frag_offset; /**< Saved IP flags value */ odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); ODP_ASSERT(NULL != ip); @@ -623,7 +631,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode && _ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { @@ -659,7 +667,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); @@ -705,7 +713,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, 1); /* Check for overrun */ if (ctr == 0) - goto out; + goto err; memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); memcpy(iv + ipsec_sa->salt_length, &ctr, @@ -719,7 +727,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (len != ipsec_sa->esp_iv_len) { status->error.alg = 1; - goto out; + goto err; } } @@ -727,12 +735,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); @@ -805,12 +813,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); @@ -852,12 +860,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, stats_length = param.auth_range.length; } else { status->error.alg = 1; - goto out; + goto err; } /* No need to run precheck here, we know that packet is authentic */ if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) - goto out; + goto err; param.session = ipsec_sa->session; @@ -865,14 +873,14 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } rc = odp_crypto_result(&crypto, pkt); if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } if (!crypto.ok) { @@ -888,7 +896,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ODP_CRYPTO_HW_ERR_NONE)) status->error.auth = 1; - goto out; + goto err; } ip = odp_packet_l3_ptr(pkt, NULL); @@ -902,7 +910,13 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, _odp_ipv4_csum_update(pkt); -out: + *pkt_out = pkt; + return ipsec_sa; + +err: + pkt_hdr = odp_packet_hdr(pkt); + + pkt_hdr->p.error_flags.ipsec_err = 1; *pkt_out = pkt; return ipsec_sa; From patchwork Mon Nov 13 14:00:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118773 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1849407qgn; Mon, 13 Nov 2017 06:18:45 -0800 (PST) X-Google-Smtp-Source: AGs4zMZicjh4I72XCArv1zVucF2SK6Ra/H1pgfjZxzsb5ygx/Rgm4fM2bnNx6ps0NKV5uRiRRdkc X-Received: by 10.55.187.199 with SMTP id l190mr13587482qkf.149.1510582725330; Mon, 13 Nov 2017 06:18:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582725; cv=none; d=google.com; s=arc-20160816; b=noUkVP+HnQf2OU/khb1r9O5lWWZMDQurq5bbqvTxDPMkw/xQvycJiQwP3lhQzWRP7A L+bASd7qfrwZhiNPqiXgja9GEabH/8DMxrkv24217A66fEGxd4qypWmKfNJjbWAjNsOG A9/g3QI3Xo2pLg59jJnL1XkFyIplMLYy/6S3ue8ybNbL3BKwbymHp2EJh8VJ/X0SlYp/ YzYTuj2R3KsHiNtk/CZTxhSQREWB2wEojtYw7/80/1+NhM423Jng6QwlAZuAlQsRJ+RK AYC30lhMTmUj1BaPKf5Bj1jifObBozJpWLQnPv/3LLeOhvaUCAUQ2ChHUnNPff1pq4wr 387g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=yPsZ7/WwURoJDTC6RPyHmhndVQZt3ldPYD3WiVwDlNU=; b=kGeqbVzWMBzy1F4z13gCfYgawEhcjIgFWWg9/FkC5vQ8ewv7Jkcf0AQtBeMZNTA+q0 /C+fBVpOeRCNoLtk78tl2ld6zx9FZVy26zOisF3qitnS1/7CijKzwZYsaEfoYgT1Zxqo oj72GqmpHqk7eu8n3FgVXPId/wIwTCoWSlyQzwyG2I0SaidrQYNzPHZZTDFuvtLke31i P/uqi/YA9LCNPLWrYeWHchrysgKMAY3YbC7X6mIETmoLkeASN6qxOF9N/Mqt8GmKQa/2 iUxqnOSjqoRO2dUjeq3tv7N5cjkRk2Mu1zdYPnzgfC4kNueN+8HIOWyDub2M0BMcumdE l4PA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id l13si1344245qtf.336.2017.11.13.06.18.45; Mon, 13 Nov 2017 06:18:45 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 041A860C64; Mon, 13 Nov 2017 14:18:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id AE411610AF; Mon, 13 Nov 2017 14:02:50 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A440F60D73; Mon, 13 Nov 2017 14:01:44 +0000 (UTC) Received: from forward105p.mail.yandex.net (forward105p.mail.yandex.net [77.88.28.108]) by lists.linaro.org (Postfix) with ESMTPS id C1B3160C47 for ; Mon, 13 Nov 2017 14:00:38 +0000 (UTC) Received: from mxback3g.mail.yandex.net (mxback3g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:164]) by forward105p.mail.yandex.net (Yandex) with ESMTP id 63920408197F for ; Mon, 13 Nov 2017 17:00:37 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback3g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id a5dz4M2DWH-0bgu5Ccv; Mon, 13 Nov 2017 17:00:37 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0akeSJgJ; Mon, 13 Nov 2017 17:00:36 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:25 +0300 Message-Id: <1510581630-13993-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 11/16] validation: check that erroneous IPsec packets have error flag set X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Verify that odp_packet_has_error() returns true for IPsec packets with error status in result. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ test/validation/api/ipsec/ipsec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 853bd88a9..6c5623580 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -613,6 +613,8 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + CU_ASSERT(!result.status.error.all == + !odp_packet_has_error(pkto[i])); CU_ASSERT_EQUAL(suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE, result.flag.inline_mode); @@ -652,6 +654,8 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + CU_ASSERT(!result.status.error.all == + !odp_packet_has_error(pkto[i])); CU_ASSERT_EQUAL(sa, result.sa); CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); From patchwork Mon Nov 13 14:00:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118775 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1850430qgn; Mon, 13 Nov 2017 06:19:36 -0800 (PST) X-Google-Smtp-Source: AGs4zMa+V+i9F6B2v/2HkQpX0cLDO9z1A9qIARKraa1ZByDEn2cPUB8MCjKgW/bnGsNBQbHhh6eF X-Received: by 10.200.25.207 with SMTP id s15mr6965510qtk.94.1510582776774; Mon, 13 Nov 2017 06:19:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582776; cv=none; d=google.com; s=arc-20160816; b=N6ywbqi0bUJ9Kqxk5CNoaT0DKWPkjCwWt6LFNs+gJEZnMvEPW15hX0w8wgzsikyQoc XdtxWXjfh8c4jvMCsf26k4chx4QMjzNSH28dS1rFr+TPbGojEWwd9kWVr4gLACiBgSf2 tmMHIYCjIV0J3eCzv9l3RcWjlZVKeRZWhn+WrNSN96uc5kww1+Ji2zvjgFOn1CDoL7xv hpItBP+xI68+K1OwitBFwYCTK2yf1BumGQqLGYyAzI1Ot7IuHcQerV0wXJ+xbc7rCNHg vvU+klLI+1rBv8MXSL5fKbMU0UOc41BcP6hmzDq6jOt2T09Hik15B9viDf6Y/9+2y4gr tzvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=6mX9WS22g55FieTHAcNqD/OVVLdqbVMA/FxneWoMbBY=; b=G6poWtWsyR+O1ldsQxZNkkkG/7qxYcDd1eKcR1d0IS6wCPApAcele6mTTo+qrTt1dv tQ57Z3QQcz5VISpjZBff/q4bPw36PpcxKWNq8SU4903ZlYkIdnVwvD1bgvcHtaGgCQV3 wXjnVkSEHcU5+XOTeVpNgQ2wtbVdqZ4/KZ3Mq9SkfYhUDeyQyidWIL9scN6Hr0F/aJwk mXlnPP5mjywi7lajJo1hxcV1aO9DTDt52q91Xct+gOg20XTIADlmE3r/8JgNPTxS+bao 6GbVnkyG3tWV03+PL3zz0GLmtvpBQa4cSb2txgPaL//Vm9EBWsM7bguw1byNzkm68NoC fJ2g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o77si11786610qka.115.2017.11.13.06.19.36; Mon, 13 Nov 2017 06:19:36 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 653BC6102F; Mon, 13 Nov 2017 14:19:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 03C5461105; Mon, 13 Nov 2017 14:02:58 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 371A861039; Mon, 13 Nov 2017 14:01:45 +0000 (UTC) Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net [5.45.198.241]) by lists.linaro.org (Postfix) with ESMTPS id C16F360965 for ; Mon, 13 Nov 2017 14:00:38 +0000 (UTC) Received: from mxback7g.mail.yandex.net (mxback7g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:168]) by forward101j.mail.yandex.net (Yandex) with ESMTP id B58851240ED2 for ; Mon, 13 Nov 2017 17:00:37 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback7g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id SHNOrkF1F6-0bLqCadQ; Mon, 13 Nov 2017 17:00:37 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0bk4IUJo; Mon, 13 Nov 2017 17:00:37 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:26 +0300 Message-Id: <1510581630-13993-13-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 12/16] linux-gen: ipsec: validate ip header total length X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Check that IP packet length from the header is not bogus. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ platform/linux-generic/odp_ipsec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index f8085756f..aadc671f9 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -286,6 +286,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_offset = ip_offset + ip_hdr_len; + if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.proto = 1; goto err; @@ -634,6 +639,11 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto err; } + if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { _odp_ipv4hdr_t out_ip; uint16_t tot_len; From patchwork Mon Nov 13 14:00:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118779 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1852661qgn; Mon, 13 Nov 2017 06:21:34 -0800 (PST) X-Google-Smtp-Source: AGs4zMb6cjn2LIhUMqG+REtNrrhvYM7Sx8l8T2pk6g5QM6/lINGmLJ2i9/ax3LQCa2naGaVx076Z X-Received: by 10.200.4.37 with SMTP id v37mr14215228qtg.313.1510582894883; Mon, 13 Nov 2017 06:21:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510582894; cv=none; d=google.com; s=arc-20160816; b=vJVfGzFJP2pKC0Zv6ZBTzP8bMJJ/ABcG4AmAjY1hdAWXt5ixu6og29juyJ0ZThgj/2 Qi3Iv5La6CVdJsYUazPUswpZGI66YTGknyye3VEGZhhEEqAqhSj4igDFq8oicn8LH/kZ UAF+MlqUyKWgTd1Bod7Z/KYKA8D6O3W1hplYmDk44gc4+ebIzKHyM3pKho9B6Bq6F8Hc 8Vt4mRnfy9n222rmkQ7inUCj9cZCO4lUu639HY/bQwmgeRxpFqjqy3Fq/AiKK8VzEl7z 3orydis1f7r+aG5E0tYe+kFHkAoqChQxuZeT/tq6MqxtPh4rwE+VsAIyhfwoG5NBtYQP WHTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=AkOZvbmaogyf+zXxBYq09xpzSU7gXZH+778posPn0Eo=; b=mzcsGfpIdcx0arS1Kn0MAQ7T9acKFabxXIsPmXsFM8SioJE4DaWNp8xy+gD7xSalNn ikism1Q9KjgVoYYT9R2Ba3x2jZ7HoEvS5oxf0zYi/gu+MI8/0739lCyrzJD7a02BiGNZ nFvjuzcCyAK4p4wy6Ac1nJzK/oNwjtTXpugd2MWCoYpiWoTDBoSP/qY389kqJMCd0Wkx Yu6CJGPK9Ckd+breMqg8MiPQmyKWvzg2LZaH2Q+BL/kWCtk/Ns5/HbZjm/m7d+wZjeTj Nqo+b9lXt25glIc2lNfqo+zFEp6UcWhMiUVA7RCyNG+huBU9FfZF/y45yScPMlUZtwVU 1EIQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o11si2832852qto.480.2017.11.13.06.21.34; Mon, 13 Nov 2017 06:21:34 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 91EC760C61; Mon, 13 Nov 2017 14:21:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 115DD6162F; Mon, 13 Nov 2017 14:03:43 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 76D4761020; Mon, 13 Nov 2017 14:03:29 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id C6D276100E for ; Mon, 13 Nov 2017 14:00:44 +0000 (UTC) Received: from mxback12g.mail.yandex.net (mxback12g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:91]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 575474442D57 for ; Mon, 13 Nov 2017 17:00:43 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback12g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id Z4M3C42xFt-0hmaT8MG; Mon, 13 Nov 2017 17:00:43 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0bkKJDlE; Mon, 13 Nov 2017 17:00:37 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:27 +0300 Message-Id: <1510581630-13993-14-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 13/16] linux-gen: ipsec: correct frag_offset for tunneled packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Generated outer header should have frag_offset = 0, MF = 0. Change code accordingly. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ platform/linux-generic/odp_ipsec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index aadc671f9..4c032b9c0 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -663,10 +663,10 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, 1); if (ipsec_sa->copy_df) - out_ip.frag_offset = ip->frag_offset; + out_ip.frag_offset = ip->frag_offset & 0x4000; else - out_ip.frag_offset = (ip->frag_offset & ~0x4000) | - (ipsec_sa->out.tun_df << 14); + out_ip.frag_offset = + ((uint16_t)ipsec_sa->out.tun_df) << 14; out_ip.ttl = ipsec_sa->out.tun_ttl; out_ip.proto = _ODP_IPV4; /* Will be filled later by packet checksum update */ From patchwork Mon Nov 13 14:00:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118782 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1857216qgn; Mon, 13 Nov 2017 06:25:57 -0800 (PST) X-Google-Smtp-Source: AGs4zMbQls2JV73vpjGa1VmceB6v5G9k3h/+snCVRQj1TcMClVZHf6416xgTC62mmSTCL0B4Ougp X-Received: by 10.200.54.176 with SMTP id a45mr4722993qtc.176.1510583157154; Mon, 13 Nov 2017 06:25:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510583157; cv=none; d=google.com; s=arc-20160816; b=0nLIgYY+fHpBvmiXhhtLiD+Gk/FY75V3sHT6FxGvmryvdiDLpVsCGtKbu+1GNpD1jR opted1mLizxLYwSEONKnJaO36DtP+QRknYu7kctVz3E9d2i6C20A0IE4TezphQEKesDf Fqp0oGhUEMPL4Fo+SjGfo9QErjhFpQolTTdP8a+4uxUIuEGoncEjaZxMIM3jfQ3IsFT1 +uJm0TLNzOTZWQm+2FJwKj0MLJFxxnnxuZwn8f8CXceLK/jBTrnuuiDZ9X3dTw1vs4/B HpIFYwDdWRgAG7S6nlPsFs/NsEDhF6Sal1tPv8UJktrTZ5fzd62w6ghKbn8EdvtVEy/f I4eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=8bDAz050R9IF59FbGy/A9D0tqMi6qUcqnxLjZ0QeEDY=; b=R6eMu7r6vCVWWScPWfIk2omV/WSYhm6D89gkzLM8mNPzaUVkk5mUDcCbSP4cKW6ojp kk1d/eWVJYJTUrGAmQfbyAjeFd0jFflV0omqWTl9pDYzqHFDjS1VGlcqvP32g+qyC9X7 5AzOpvNUKZs0bQr8h5OlYQkjfYX1m2g+A8CvKOrSRiXTIDKCstwAm9Qm71f98rVLsPvs eZCrq/0kGIbPKrgBBKxjfBIR8AGSRHp2omBtoMiurDLzjwC8t0JvuCU3ArefqmOjlcA/ 2GSfb2BwI4a3pqScpJLGezr3H0CI1BUNCXitvTsSUX6ECZsVzU17I/fpocw/RKZ5+HOZ eV+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id x15si1166656qtc.234.2017.11.13.06.25.56; Mon, 13 Nov 2017 06:25:57 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id C30EF6104B; Mon, 13 Nov 2017 14:25:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 7A6B86164D; Mon, 13 Nov 2017 14:03:50 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 37AEA6101A; Mon, 13 Nov 2017 14:03:36 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id 470EB61010 for ; Mon, 13 Nov 2017 14:00:45 +0000 (UTC) Received: from mxback13j.mail.yandex.net (mxback13j.mail.yandex.net [IPv6:2a02:6b8:0:1619::88]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 220FB6A82022 for ; Mon, 13 Nov 2017 17:00:44 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback13j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 4IlW9ZwpVJ-0ibenZQg; Mon, 13 Nov 2017 17:00:44 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0hkqqwrh; Mon, 13 Nov 2017 17:00:43 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:28 +0300 Message-Id: <1510581630-13993-15-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 14/16] linux-gen: ipsec: don't leak SA on creation error X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix them by always releasing SA in error case. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ platform/linux-generic/odp_ipsec_sad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index c30119249..425175692 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -296,7 +296,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->icv_len = 16; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } switch (crypto_param.cipher_alg) { @@ -329,7 +329,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) crypto_param.iv.length = 12; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } if (1 == ipsec_sa->use_counter_iv && From patchwork Mon Nov 13 14:00:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118781 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1856646qgn; Mon, 13 Nov 2017 06:25:22 -0800 (PST) X-Google-Smtp-Source: AGs4zMY4aRFFX23TRyGVP1l9tDX/HbyIFJjWm2U9Hypp980k3/ow4Te6ygFhHGfIVOFEUaCnMka1 X-Received: by 10.200.41.19 with SMTP id y19mr14500047qty.300.1510583122086; Mon, 13 Nov 2017 06:25:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510583122; cv=none; d=google.com; s=arc-20160816; b=GPluWDESw+k+Abj0d2CkxaH5PLZtqFIsVeqXjbHXn10N+Fy2lbk7xDHqL9fPElq35g rLuc+j14xD92PwAln8V4BX5epUa3BWkYWy1NrPQjCHAnRqLthf7Y+z0ZpTWuaVNpotr8 ZsKCHwMdbpFHeLAWs2GX5lAeyD+WcoXH8EmcE1Mqk7ctqS3CuPyiFk6/AfnKnagWrmY3 QxvN4zcsOdwhTOiy6ChJ/G+BoRRY8V/cDSxE+ncm2GgQuaEECzKuGDJkAt56Fx1DRiFo iY8ecUMd0pJLpthk2pAes8C9K9wFqPn2W2hGyjQcsx6HxLXvQLH8xjF11gaYdIxcWIOx NJ1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=ArsQPrLOWfUsC8viw3tysqAh+erA23TNtjkx7kjjZvU=; b=mA/xtMkO2EqVkaQHqiaryI2UYPTI58e6LjFLTROxFQMurN4RtRQfygcBCd+zZsfzWB BgB5alumVd1bonIzA3RNMBgxBTpyXb7MD2JeyPPrmIhhZ1y7Mu1gmnUdmwnnclKPq3d9 23eFzNkVjGcwyUAiGNV3ej76gQkdNUsXtWM78f6wWpuRCFZbibZZ5cAAZD+GfR3C9YuP 3Zg9M2Z29kYnQ+X+WFS3dcvFFfWL5tjoWoEUxgu6Wg3OTyYNIPYn+4waWIS1tgfiEbJV Yd3ecteBdW5d/gTG4z6yROQi2DuF9cs7K234bE/90AScoQYGZyabpUpjRhi0NXtpZP0q EoWQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id j3si2021116qtf.102.2017.11.13.06.25.21; Mon, 13 Nov 2017 06:25:22 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id BAF226104C; Mon, 13 Nov 2017 14:25:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 5308561636; Mon, 13 Nov 2017 14:03:49 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5EDD76101A; Mon, 13 Nov 2017 14:03:32 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id E2DF361012 for ; Mon, 13 Nov 2017 14:00:45 +0000 (UTC) Received: from mxback17j.mail.yandex.net (mxback17j.mail.yandex.net [IPv6:2a02:6b8:0:1619::93]) by forward101p.mail.yandex.net (Yandex) with ESMTP id C53066A81C9E for ; Mon, 13 Nov 2017 17:00:44 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback17j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 03kgOiYuPD-0iTSxwSL; Mon, 13 Nov 2017 17:00:44 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0ik40IbE; Mon, 13 Nov 2017 17:00:44 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:29 +0300 Message-Id: <1510581630-13993-16-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 15/16] linux-gen: ipsec: add AES-CTR cipher support X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add support for encrypting packets with AES-CTR cipher. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ platform/linux-generic/include/odp_ipsec_internal.h | 1 + platform/linux-generic/odp_ipsec.c | 13 +++++++++++++ platform/linux-generic/odp_ipsec_sad.c | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 0a7f96256..b50b65be6 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -127,6 +127,7 @@ struct ipsec_sa_s { unsigned dec_ttl : 1; unsigned copy_dscp : 1; unsigned copy_df : 1; + unsigned aes_ctr_iv : 1; /* Only for outbound */ unsigned use_counter_iv : 1; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 4c032b9c0..9533ca422 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -337,6 +337,13 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; } + if (ipsec_sa->aes_ctr_iv) { + iv[12] = 0; + iv[13] = 0; + iv[14] = 0; + iv[15] = 1; + } + hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; @@ -729,6 +736,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, memcpy(iv + ipsec_sa->salt_length, &ctr, ipsec_sa->esp_iv_len); + if (ipsec_sa->aes_ctr_iv) { + iv[12] = 0; + iv[13] = 0; + iv[14] = 0; + iv[15] = 1; + } } else if (ipsec_sa->esp_iv_len) { uint32_t len; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 425175692..8eaa4f902 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -319,6 +319,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->esp_block_len = 16; crypto_param.iv.length = 16; break; + case ODP_CIPHER_ALG_AES_CTR: + ipsec_sa->use_counter_iv = 1; + ipsec_sa->aes_ctr_iv = 1; + ipsec_sa->esp_iv_len = 8; + ipsec_sa->esp_block_len = 16; + crypto_param.iv.length = 16; + break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_GCM: #endif From patchwork Mon Nov 13 14:00:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118783 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1857879qgn; Mon, 13 Nov 2017 06:26:35 -0800 (PST) X-Google-Smtp-Source: AGs4zMZ+xDGS9MOxMp7MsBEfo0G5Tqbgfjlnn5sF4adn71KurmJ0O2sK7wFK1R8oJvxCYpLvSmuU X-Received: by 10.55.5.13 with SMTP id 13mr13101784qkf.11.1510583195276; Mon, 13 Nov 2017 06:26:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510583195; cv=none; d=google.com; s=arc-20160816; b=hTIaPCSr1e0kljSK1wVsYqgCIK/X7mJZG+KDfmHTqQy2vk30A9/cyD9QhlzJUeaPOi 1hcm4rp475aUtXRpBNKfHJe7hmaCY33gFK+4Rq+f4knqXx+ngwAQteTwwVb0nYEOyDJK MxrriFPnKAG82BlCyQjPp2T+Vjla47+vj3Ea3NMCfrrt2Qv0oBTFiTq81CVLAyXo6PRg O9nudCkW3bgysoG+hghRFG6ArdUZ9JwBHgvhtLMZqfOwcNxydRkHsYUh7Mq5eqfuBvMo ENkxIa848rrXMQ4SS3+ght3GI6rXYsEjkqbQU7JpeDf+6lAOMIbxFCIT3vivkVyW8f6B 1X5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=QaH8QJ+KhTrXIEh+03spgGVEmSGwA0zjTi9sothdgU8=; b=a8sHkQ42x/c66ZMS+dtX5RFwsYfhLxhbpyeBCFu7iRtZGKLwGH8qGhB69TgqDWeZcw +pX2vvAg8bsDVYNSYjBGhxfhYPvEo16OS0lsvH9f9S7F+z13AU32XbxrEgrX9agsZScI g4sQ7868FAsG1RdEKyplCQnY3pQdSn55YEjXNPo/uPbaf/7R3E2hkHn8inuoYrxYPRpW coG6oLRhy72S0MN+GMAt2CLiPoobQ2gqv2M4WSmNx7PDy104Estw2pCI6RUCfzu0jhUg +XeFYTDFiiMm9mkk1X0jib1h2AswX9GKkCENmZlrVy0m4ac0HYWp42K9y8XsjlI28zqH GMJg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id w30si292141qte.219.2017.11.13.06.26.34; Mon, 13 Nov 2017 06:26:35 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id D5F7761052; Mon, 13 Nov 2017 14:26:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id DCF016185A; Mon, 13 Nov 2017 14:03:58 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id ED66861012; Mon, 13 Nov 2017 14:03:37 +0000 (UTC) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [77.88.28.109]) by lists.linaro.org (Postfix) with ESMTPS id 3E21761018 for ; Mon, 13 Nov 2017 14:00:47 +0000 (UTC) Received: from mxback3j.mail.yandex.net (mxback3j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10c]) by forward106p.mail.yandex.net (Yandex) with ESMTP id C3D3A2D82EBC for ; Mon, 13 Nov 2017 17:00:45 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback3j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id pQkcC87oWh-0jMqSKhV; Mon, 13 Nov 2017 17:00:45 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 955rfAmciQ-0jk4akws; Mon, 13 Nov 2017 17:00:45 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 17:00:30 +0300 Message-Id: <1510581630-13993-17-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> References: <1510581630-13993-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v16 16/16] validation: ipsec: add AES-CTR tests X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d **/ test/validation/api/ipsec/ipsec.c | 10 +++++++ test/validation/api/ipsec/ipsec.h | 1 + test/validation/api/ipsec/ipsec_test_in.c | 32 ++++++++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 44 ++++++++++++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 39 ++++++++++++++++++++++++++ 5 files changed, 126 insertions(+) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 6c5623580..277d393ab 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -168,6 +168,10 @@ int ipsec_check(odp_bool_t ah, if (!capa.ciphers.bit.aes_cbc) return ODP_TEST_INACTIVE; break; + case ODP_CIPHER_ALG_AES_CTR: + if (!capa.ciphers.bit.aes_ctr) + return ODP_TEST_INACTIVE; + break; case ODP_CIPHER_ALG_AES_GCM: if (!capa.ciphers.bit.aes_gcm) return ODP_TEST_INACTIVE; @@ -259,6 +263,12 @@ int ipsec_check_esp_aes_cbc_128_sha256(void) ODP_AUTH_ALG_SHA256_HMAC); } +int ipsec_check_esp_aes_ctr_128_null(void) +{ + return ipsec_check_esp(ODP_CIPHER_ALG_AES_CTR, 128, + ODP_AUTH_ALG_NULL); +} + int ipsec_check_esp_aes_gcm_128(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 128, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index d1c6854b7..d45063672 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -83,6 +83,7 @@ int ipsec_check_ah_sha256(void); int ipsec_check_esp_null_sha256(void); int ipsec_check_esp_aes_cbc_128_null(void); int ipsec_check_esp_aes_cbc_128_sha256(void); +int ipsec_check_esp_aes_ctr_128_null(void); int ipsec_check_esp_aes_gcm_128(void); int ipsec_check_esp_aes_gcm_256(void); diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 598a83e3f..8c883262a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -191,6 +191,36 @@ static void test_in_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } +static void test_in_esp_aes_ctr_null(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_AES_CTR, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL, + &key_mcgrew_gcm_salt_3); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_aes_ctr_null_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_lookup_ah_sha256(void) { odp_ipsec_sa_param_t param; @@ -987,6 +1017,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_ctr_null, + ipsec_check_esp_aes_ctr_128_null), ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 39a3c30ff..b543271bf 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -277,6 +277,48 @@ static void test_out_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } +static void test_out_esp_aes_ctr_null(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + odp_ipsec_sa_t sa2; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_AES_CTR, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL, + &key_mcgrew_gcm_salt_3); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_AES_CTR, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL, + &key_mcgrew_gcm_salt_3); + + sa2 = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_out_in_one(&test, sa, sa2); + + ipsec_sa_destroy(sa2); + ipsec_sa_destroy(sa); +} + static void test_out_esp_aes_gcm128(void) { odp_ipsec_sa_param_t param; @@ -342,6 +384,8 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_ctr_null, + ipsec_check_esp_aes_ctr_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_gcm128, ipsec_check_esp_aes_gcm_128), ODP_TEST_INFO_NULL, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 593a8f450..fbf7d366c 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -583,6 +583,45 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { + .len = 162, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xe2, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + /* data */ + 0x39, 0xab, 0xe5, 0xae, 0x74, 0x57, 0x76, 0x7f, + 0x1d, 0x1f, 0xce, 0xe8, 0xca, 0xf1, 0x87, 0xf5, + 0xfd, 0x9e, 0x1d, 0x20, 0x38, 0x30, 0x8a, 0xe5, + 0xb9, 0x55, 0x80, 0x7b, 0xfd, 0x9d, 0xb9, 0x99, + 0x85, 0xcd, 0xb5, 0x30, 0x86, 0xaa, 0xe1, 0x7a, + 0x69, 0xe5, 0xfa, 0x38, 0xf3, 0x0f, 0x91, 0x18, + 0x75, 0x7b, 0x5f, 0x4e, 0x69, 0x17, 0xaa, 0xe7, + 0x84, 0x6c, 0x40, 0x31, 0xec, 0x87, 0x4c, 0x8c, + 0xb3, 0xb4, 0x9f, 0x7e, 0xea, 0x83, 0x6f, 0xc6, + 0x11, 0xd5, 0xce, 0xbe, 0x65, 0x37, 0x1c, 0xb6, + 0xd3, 0xcb, 0x51, 0xa8, 0xa4, 0x0e, 0x3e, 0xe6, + 0x26, 0xd8, 0x17, 0xec, 0x8b, 0xca, 0x79, 0x96, + 0xa0, 0xcd, 0x6f, 0xdd, 0x9e, 0xe9, 0x6a, 0xc0, + 0xf2, 0x6c, 0xdb, 0xfd, 0x99, 0xa2, 0xb5, 0xbf, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = { .len = 98, .l2_offset = 0,