From patchwork Thu Nov 30 12:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120154 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp583849qgn; Thu, 30 Nov 2017 04:11:10 -0800 (PST) X-Google-Smtp-Source: AGs4zMa6VofcMBSDWVCzYZCFC8txGF1EBrnlmrDyPOAwaq5BvH306+3wpu1Uidqf+zqVX38Gb6Kl X-Received: by 10.200.58.231 with SMTP id x94mr736696qte.245.1512043870687; Thu, 30 Nov 2017 04:11:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512043870; cv=none; d=google.com; s=arc-20160816; b=n3uUwNigMdDV4zj0Sz2MpUtRqPRIpdrz1wYEeAemyyf4ZGM6Ew20Aq3Temaylf2Txa U7J/y6hqNwhp0N1Wc/55mlmNX5nFNl+1UEq3MZvwKfg3KBmKuNZ/lX3jYdodhaB2EoiW M0jFF1ZVvQO4/X07cqdZNk69tzsHMwGExHXcLmIf1NTvt0ysySvc8OQ7ycMadwmAtvnZ cV4FyGEtlclp11uDcks7OLiQlW2dvZk5la7GtOkX7FvBtjMoBRAQ5t5OVzAkmm+YP1FO KAIhkSUFnzyZqpe2LYz26PWmRCZERDuR2BbMT/xEqragQKn0zvJQvgZ1LriDeuP3f8cX wQ+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=/TsT+vxfKzQZ44lPykoUsTJ/lkz/pCM3X7SiCZA6334=; b=VUOMkiQJstRIB+tZOqGkjBgyae4RFHCby2bSpdqQQG22YeVbuXondwmX8nuJFUBCnc +rgPcrt4Rky3y2xWd4gEVqR/NmqHJin+hkKQz2BV5CqCHiG2T0BXrhAaFLaa9c3/m5tn QaL0RODPN38aWfY2RnVA2QybGQfqRXtJWz2nOynXOSVNgUpKotczSiQ5iEGqAmgEomHv IPklGqqDbXJmyAyL3/G2OgOm6abzz3O9/DMH2CG9X2YEx9qg8nVbclgTOK2emD9DEYlE GcgO99cSJ3DT8fa+qvN8myww79HCCe4hLDlIFH08vdioqx647WoNr197w5FuSK1lfKqK mAOg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id l65si3018894qkh.62.2017.11.30.04.11.10; Thu, 30 Nov 2017 04:11:10 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 33F0860988; Thu, 30 Nov 2017 12:11:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 509376098B; Thu, 30 Nov 2017 12:03:06 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id B0F5D60958; Thu, 30 Nov 2017 12:02:19 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id 64B2B607F9 for ; Thu, 30 Nov 2017 12:00:24 +0000 (UTC) Received: from mxback6g.mail.yandex.net (mxback6g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:167]) by forward104p.mail.yandex.net (Yandex) with ESMTP id C6F0E1868D5 for ; Thu, 30 Nov 2017 15:00:22 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback6g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id S4XdJOKMg9-0M1q26P7; Thu, 30 Nov 2017 15:00:22 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0K2usJlb; Thu, 30 Nov 2017 15:00:20 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:06 +0300 Message-Id: <1512043220-8803-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 1/15] validation: ipsec: add ipv4 name parts X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov In preparation to add IPv6 support, add ipv4 everywhere (to test packets and to test names). Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ test/validation/api/ipsec/ipsec_test_in.c | 230 ++++++++++++++--------------- test/validation/api/ipsec/ipsec_test_out.c | 125 +++++----------- test/validation/api/ipsec/test_vectors.h | 38 +++-- 3 files changed, 178 insertions(+), 215 deletions(-) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 294e4a5d6..daafaf69a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -10,7 +10,7 @@ #include "test_vectors.h" -static void test_in_ah_sha256(void) +static void test_in_ipv4_ah_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -26,12 +26,12 @@ static void test_in_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -40,7 +40,7 @@ static void test_in_ah_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_tun(void) +static void test_in_ipv4_ah_sha256_tun_ipv4(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -57,12 +57,12 @@ static void test_in_ah_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -71,7 +71,7 @@ static void test_in_ah_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_tun_notun(void) +static void test_in_ipv4_ah_sha256_tun_ipv4_notun(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -87,12 +87,12 @@ static void test_in_ah_sha256_tun_notun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ipip }, + .pkt_out = &pkt_ipv4_icmp_0_ipip }, }, }; @@ -101,7 +101,7 @@ static void test_in_ah_sha256_tun_notun(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256(void) +static void test_in_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -117,12 +117,12 @@ static void test_in_esp_null_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -131,7 +131,7 @@ static void test_in_esp_null_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_cbc_null(void) +static void test_in_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -147,12 +147,12 @@ static void test_in_esp_aes_cbc_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_cbc_null_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_null_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -161,7 +161,7 @@ static void test_in_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_cbc_sha256(void) +static void test_in_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -177,12 +177,12 @@ static void test_in_esp_aes_cbc_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_cbc_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -191,7 +191,7 @@ static void test_in_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_ctr_null(void) +static void test_in_ipv4_esp_aes_ctr_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -207,12 +207,12 @@ static void test_in_esp_aes_ctr_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_ctr_null_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_ctr_null_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -221,7 +221,7 @@ static void test_in_esp_aes_ctr_null(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_ah_sha256(void) +static void test_in_ipv4_ah_sha256_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -237,13 +237,13 @@ static void test_in_lookup_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .lookup = 1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -252,7 +252,7 @@ static void test_in_lookup_ah_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_esp_null_sha256(void) +static void test_in_ipv4_esp_null_sha256_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -268,13 +268,13 @@ static void test_in_lookup_esp_null_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .lookup = 1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -283,7 +283,7 @@ static void test_in_lookup_esp_null_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_tun(void) +static void test_in_ipv4_esp_null_sha256_tun_ipv4(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -300,12 +300,12 @@ static void test_in_esp_null_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_tun_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -314,7 +314,7 @@ static void test_in_esp_null_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_noreplay(void) +static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -331,22 +331,22 @@ static void test_in_ah_sha256_noreplay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -358,7 +358,7 @@ static void test_in_ah_sha256_noreplay(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_replay(void) +static void test_in_ipv4_ah_sha256_replay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -375,17 +375,17 @@ static void test_in_ah_sha256_replay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_repl = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -395,12 +395,12 @@ static void test_in_ah_sha256_replay(void) }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -412,7 +412,7 @@ static void test_in_ah_sha256_replay(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_noreplay(void) +static void test_in_ipv4_esp_null_sha256_noreplay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -429,22 +429,22 @@ static void test_in_esp_null_sha256_noreplay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -456,7 +456,7 @@ static void test_in_esp_null_sha256_noreplay(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_replay(void) +static void test_in_ipv4_esp_null_sha256_replay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -473,17 +473,17 @@ static void test_in_esp_null_sha256_replay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_repl = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -493,12 +493,12 @@ static void test_in_esp_null_sha256_replay(void) }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -510,13 +510,13 @@ static void test_in_esp_null_sha256_replay(void) ipsec_sa_destroy(sa); } -static void test_in_ah_esp_pkt(void) +static void test_in_ipv4_ah_esp_pkt(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; /* This test will not work properly inbound inline mode. - * test_in_lookup_ah_esp_pkt will be used instead. */ + * test_in_ipv4_ah_esp_pkt_lookup will be used instead. */ if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) return; @@ -531,7 +531,7 @@ static void test_in_ah_esp_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -545,13 +545,13 @@ static void test_in_ah_esp_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_esp_ah_pkt(void) +static void test_in_ipv4_esp_ah_pkt(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; /* This test will not work properly inbound inline mode. - * test_in_lookup_esp_ah_pkt will be used instead. */ + * test_in_ipv4_esp_ah_pkt_lookup will be used instead. */ if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) return; @@ -566,7 +566,7 @@ static void test_in_esp_ah_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -580,7 +580,7 @@ static void test_in_esp_ah_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_ah_esp_pkt(void) +static void test_in_ipv4_ah_esp_pkt_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -596,7 +596,7 @@ static void test_in_lookup_ah_esp_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .lookup = 1, .out_pkt = 1, .out = { @@ -611,7 +611,7 @@ static void test_in_lookup_ah_esp_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_esp_ah_pkt(void) +static void test_in_ipv4_esp_ah_pkt_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -627,7 +627,7 @@ static void test_in_lookup_esp_ah_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .lookup = 1, .out_pkt = 1, .out = { @@ -642,7 +642,7 @@ static void test_in_lookup_esp_ah_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_bad1(void) +static void test_in_ipv4_ah_sha256_bad1(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -658,7 +658,7 @@ static void test_in_ah_sha256_bad1(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1_bad1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1_bad1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -672,7 +672,7 @@ static void test_in_ah_sha256_bad1(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_bad2(void) +static void test_in_ipv4_ah_sha256_bad2(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -688,7 +688,7 @@ static void test_in_ah_sha256_bad2(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1_bad2, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1_bad2, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -702,7 +702,7 @@ static void test_in_ah_sha256_bad2(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_bad1(void) +static void test_in_ipv4_esp_null_sha256_bad1(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -718,7 +718,7 @@ static void test_in_esp_null_sha256_bad1(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1_bad1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1_bad1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -732,7 +732,7 @@ static void test_in_esp_null_sha256_bad1(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_5_esp(void) +static void test_in_ipv4_rfc3602_5_esp(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -762,7 +762,7 @@ static void test_in_rfc3602_5_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_6_esp(void) +static void test_in_ipv4_rfc3602_6_esp(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -792,7 +792,7 @@ static void test_in_rfc3602_6_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_7_esp(void) +static void test_in_ipv4_rfc3602_7_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -823,7 +823,7 @@ static void test_in_rfc3602_7_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_8_esp(void) +static void test_in_ipv4_rfc3602_8_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -854,7 +854,7 @@ static void test_in_rfc3602_8_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_2_esp(void) +static void test_in_ipv4_mcgrew_gcm_2_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -885,7 +885,7 @@ static void test_in_mcgrew_gcm_2_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_3_esp(void) +static void test_in_ipv4_mcgrew_gcm_3_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -916,7 +916,7 @@ static void test_in_mcgrew_gcm_3_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_4_esp(void) +static void test_in_ipv4_mcgrew_gcm_4_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -947,7 +947,7 @@ static void test_in_mcgrew_gcm_4_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_12_esp(void) +static void test_in_ipv4_mcgrew_gcm_12_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -978,7 +978,7 @@ static void test_in_mcgrew_gcm_12_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_15_esp(void) +static void test_in_ipv4_mcgrew_gcm_15_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -1009,7 +1009,7 @@ static void test_in_mcgrew_gcm_15_esp(void) ipsec_sa_destroy(sa); } -static void test_in_ah_aes_gmac_128(void) +static void test_in_ipv4_ah_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -1025,12 +1025,12 @@ static void test_in_ah_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_aes_gmac_128_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_aes_gmac_128_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -1039,7 +1039,7 @@ static void test_in_ah_aes_gmac_128(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_aes_gmac_128(void) +static void test_in_ipv4_esp_null_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -1055,12 +1055,12 @@ static void test_in_esp_null_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_aes_gmac_128_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -1078,71 +1078,71 @@ static void ipsec_test_capability(void) odp_testinfo_t ipsec_in_suite[] = { ODP_TEST_INFO(ipsec_test_capability), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_5_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_5_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_6_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_6_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_7_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_7_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_8_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_8_esp, ipsec_check_esp_aes_cbc_128_null), /* test 1, 5, 6, 8 -- 11 -- ESN */ /* test 7 -- invalid, plaintext packet includes trl into IP length */ - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_2_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_2_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_3_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_3_esp, ipsec_check_esp_aes_gcm_256), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_4_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_4_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_12_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_12_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_15_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_15_esp, ipsec_check_esp_null_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun_notun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4_notun, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_null, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_ctr_null, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_ctr_null, ipsec_check_esp_aes_ctr_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_lookup, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_lookup, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_noreplay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_replay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_noreplay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_noreplay, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_replay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_replay, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_esp_pkt, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_ah_pkt, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_esp_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_esp_pkt_lookup, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_ah_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_ah_pkt_lookup, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad1, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_bad1, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad2, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_bad2, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_bad1, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_bad1, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_aes_gmac_128, ipsec_check_ah_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 7d4ea4a73..757b90059 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -10,7 +10,7 @@ #include "test_vectors.h" -static void test_out_ah_sha256(void) +static void test_out_ipv4_ah_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -26,12 +26,12 @@ static void test_out_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, }, }; @@ -45,7 +45,7 @@ static void test_out_ah_sha256(void) (c << 8) | \ (d << 0)) -static void test_out_ah_sha256_tun(void) +static void test_out_ipv4_ah_sha256_tun_ipv4(void) { uint32_t src = IPV4ADDR(10, 0, 111, 2); uint32_t dst = IPV4ADDR(10, 0, 222, 2); @@ -69,12 +69,12 @@ static void test_out_ah_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_tun_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1 }, }, }; @@ -83,7 +83,7 @@ static void test_out_ah_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256_out(void) +static void test_out_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -99,12 +99,12 @@ static void test_out_esp_null_sha256_out(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_null_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, }, }; @@ -113,7 +113,7 @@ static void test_out_esp_null_sha256_out(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256_tun_out(void) +static void test_out_ipv4_esp_null_sha256_tun_ipv4(void) { uint32_t src = IPV4ADDR(10, 0, 111, 2); uint32_t dst = IPV4ADDR(10, 0, 222, 2); @@ -137,12 +137,13 @@ static void test_out_esp_null_sha256_tun_out(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_tun_null_sha256_1 }, + .pkt_out = + &pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1 }, }, }; @@ -151,49 +152,7 @@ static void test_out_esp_null_sha256_tun_out(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256(void) -{ - odp_ipsec_sa_param_t param; - odp_ipsec_sa_t sa; - odp_ipsec_sa_t sa2; - - ipsec_sa_param_fill(¶m, - false, false, 123, NULL, - ODP_CIPHER_ALG_NULL, NULL, - ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, - NULL); - - sa = odp_ipsec_sa_create(¶m); - - CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); - - ipsec_sa_param_fill(¶m, - true, false, 123, NULL, - ODP_CIPHER_ALG_NULL, NULL, - ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, - NULL); - - sa2 = odp_ipsec_sa_create(¶m); - - CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); - - ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, - .out_pkt = 1, - .out = { - { .status.warn.all = 0, - .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, - }, - }; - - ipsec_check_out_in_one(&test, sa, sa2); - - ipsec_sa_destroy(sa2); - ipsec_sa_destroy(sa); -} - -static void test_out_esp_aes_cbc_null(void) +static void test_out_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -220,12 +179,12 @@ static void test_out_esp_aes_cbc_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -235,7 +194,7 @@ static void test_out_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_cbc_sha256(void) +static void test_out_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -262,12 +221,12 @@ static void test_out_esp_aes_cbc_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -277,7 +236,7 @@ static void test_out_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_ctr_null(void) +static void test_out_ipv4_esp_aes_ctr_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -304,12 +263,12 @@ static void test_out_esp_aes_ctr_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -319,7 +278,7 @@ static void test_out_esp_aes_ctr_null(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_gcm128(void) +static void test_out_ipv4_esp_aes_gcm128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -346,12 +305,12 @@ static void test_out_esp_aes_gcm128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -361,7 +320,7 @@ static void test_out_esp_aes_gcm128(void) ipsec_sa_destroy(sa); } -static void test_out_ah_aes_gmac_128(void) +static void test_out_ipv4_ah_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -377,12 +336,12 @@ static void test_out_ah_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_aes_gmac_128_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_aes_gmac_128_1 }, }, }; @@ -391,7 +350,7 @@ static void test_out_ah_aes_gmac_128(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_aes_gmac_128(void) +static void test_out_ipv4_esp_null_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -407,12 +366,12 @@ static void test_out_esp_null_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_null_aes_gmac_128_1 }, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1 }, }, }; @@ -430,27 +389,25 @@ static void ipsec_test_capability(void) odp_testinfo_t ipsec_out_suite[] = { ODP_TEST_INFO(ipsec_test_capability), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_out, - ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_tun_out, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_null, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_ctr_null, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_ctr_null, ipsec_check_esp_aes_ctr_128_null), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_gcm128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_gcm128, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_aes_gmac_128, ipsec_check_ah_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 7fb7d5a84..51aa97ccb 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -49,7 +49,7 @@ KEY(key_mcgrew_gcm_15, 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda, 0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34); KEY(key_mcgrew_gcm_salt_15, 0x22, 0x43, 0x3c, 0x64); -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0 = { .len = 142, .l2_offset = 0, .l3_offset = 14, @@ -82,7 +82,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ipip = { .len = 162, .l2_offset = 0, .l3_offset = 14, @@ -120,7 +120,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -159,7 +159,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1 = { .len = 190, .l2_offset = 0, .l3_offset = 14, @@ -203,7 +204,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad1 = { .len = 168, .l2_offset = 0, .l3_offset = 14, @@ -242,7 +243,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad2 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -281,7 +282,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1235 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -325,7 +326,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -368,7 +369,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1 = { .len = 190, .l2_offset = 0, .l3_offset = 14, @@ -416,7 +418,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -459,7 +462,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_sha256_1235 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -502,7 +506,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_aes_cbc_null_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -542,7 +546,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_aes_cbc_sha256_1 = { .len = 186, .l2_offset = 0, .l3_offset = 14, @@ -586,7 +591,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_aes_ctr_null_1 = { .len = 162, .l2_offset = 0, .l3_offset = 14, @@ -625,7 +630,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_aes_gmac_128_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_aes_gmac_128_1 = { .len = 178, .l2_offset = 0, .l3_offset = 14, @@ -665,7 +670,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_aes_gmac_128_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_aes_gmac_128_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1 = { .len = 178, .l2_offset = 0, .l3_offset = 14, From patchwork Thu Nov 30 12:00:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120153 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp579521qgn; Thu, 30 Nov 2017 04:07:23 -0800 (PST) X-Google-Smtp-Source: AGs4zMaHr0U+1ZmVrtxHcs+g3584XnrClXWKBhvzPwYqwEsprBreU/J/HsssAtz70mMLi8Xy5L7X X-Received: by 10.202.74.78 with SMTP id x75mr4167687oia.355.1512043643528; Thu, 30 Nov 2017 04:07:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512043643; cv=none; d=google.com; s=arc-20160816; b=jBQpSQXILPU4/cPX+7dGHq/KMsPIYHV+8ZP8AkeP825Wki5cvxcZTjYUz0024zMXFG tMN2VKmaehyN2B7Y5Xxkh/Ww9tfy5eg6tZJIersyOS44orxUFD6wqW8OXcgS9PSl1cBM ia3GYK1DsOuQtbIXh4/qsLFMAKHKo5UCXU6QY+p33/yDlXCfoiKQCJh/dgUhenVIPA8t VGHC8m+W4VfmxbBd9eSkOSC3FWfnW0bekcK3w2t/xUuRme10AbI9WOmyruqJHXTfj49H hB7Z+60FLcLYa8rmsN2DYN7DEEW2/j8T/6nEtLhxgOVsKcyXbfiM3CHnkTazzQTifLa0 z08g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=iUPO8A8FDdZ1S3LXa2ZA0P+oXzOzwwdArQFO7uAysqE=; b=xb8MNk9frj1CFpQO7e8IjZVeDNAFkNPCUrET2QJDG4YncTM5a5HFPddprvZd+su15A NhAEZhCpgVDjH0aq9Ldi5cPP+U6jhAj/UcYSoFHm9IFswi2KNskge1+nxx7wvwFqDiP3 4xEQYHkaGbXXiZFaaslo9msEVw3FsvM94E1YwzSM35b5JM2nrEYux52ZWpNimH9U8xnv xH8fJu6Aojgb8auTQjVgGMPi2PQN+i17kGP8mZXXtNb8KbMbqbWNrTnP0UHCzmRVziTR QtMqKO/rs+6Fz7ULxL2QwCdiLN1OOhvKn1lRo/a5MxXPdteeiCo0u//guTy9c8Eq9Btd 4YnA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id l191si1289031oib.494.2017.11.30.04.07.23; Thu, 30 Nov 2017 04:07:23 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id DE62460965; Thu, 30 Nov 2017 12:07:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id B58486096A; Thu, 30 Nov 2017 12:02:47 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 0968C60956; Thu, 30 Nov 2017 12:02:16 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id 3226B60965 for ; Thu, 30 Nov 2017 12:00:26 +0000 (UTC) Received: from mxback20j.mail.yandex.net (mxback20j.mail.yandex.net [IPv6:2a02:6b8:0:1619::114]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 87F8E4443875 for ; Thu, 30 Nov 2017 15:00:24 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback20j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id IFuoNWLhj2-0Ou4SgFF; Thu, 30 Nov 2017 15:00:24 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0M2e0j5w; Thu, 30 Nov 2017 15:00:22 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:07 +0300 Message-Id: <1512043220-8803-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 2/15] linux-gen: modularize IPsec implementation X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov To ease adding IPv6/IPcomp/etc modularize IPsec implementation, refactoring out functions handling ESP/AH and header parsing/tunneling. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ platform/linux-generic/odp_ipsec.c | 1089 ++++++++++++++++++++---------------- 1 file changed, 597 insertions(+), 492 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index b17e4cd7b..6ce5bc781 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -123,8 +123,8 @@ static inline int _odp_ipv4_csum(odp_packet_t pkt, return 0; } -/** @internal Checksum offset in IPv4 header */ -#define _ODP_IPV4HDR_CSUM_OFFSET 10 +#define _ODP_IPV4HDR_CSUM_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, chksum) +#define _ODP_IPV4HDR_PROTO_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, proto) /** * Calculate and fill in IPv4 checksum @@ -158,7 +158,7 @@ static inline int _odp_ipv4_csum_update(odp_packet_t pkt) 2, &chksum); } -#define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL(ip->ver_ihl) * 4) +#define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL((ip)->ver_ihl) * 4) static inline void ipv4_adjust_len(_odp_ipv4hdr_t *ip, int adj) { @@ -218,200 +218,310 @@ static inline odp_pktio_parser_layer_t parse_layer(odp_ipsec_proto_layer_t l) return ODP_PKTIO_PARSER_LAYER_NONE; } -static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, - odp_ipsec_sa_t sa, - odp_packet_t *pkt_out, - odp_ipsec_op_status_t *status) -{ - ipsec_sa_t *ipsec_sa = NULL; - uint32_t ip_offset = odp_packet_l3_offset(pkt); - _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); - uint16_t ip_hdr_len = ipv4_hdr_len(ip); - odp_crypto_packet_op_param_t param; - int rc; +typedef struct { + _odp_ipv4hdr_t *ip; unsigned stats_length; - uint16_t ipsec_offset; /**< Offset of IPsec header from - buffer start */ - uint8_t iv[IPSEC_MAX_IV_LEN]; /**< ESP IV storage */ - ipsec_aad_t aad; /**< AAD, note ESN is not fully supported */ - unsigned hdr_len; /**< Length of IPsec headers */ - unsigned trl_len; /**< Length of IPsec trailers */ - uint8_t ip_tos; /**< Saved IP TOS value */ - uint8_t ip_ttl; /**< Saved IP TTL value */ - uint16_t ip_frag_offset; /**< Saved IP flags value */ - odp_crypto_packet_result_t crypto; /**< Crypto operation result */ - odp_packet_hdr_t *pkt_hdr; + uint16_t ip_offset; + uint16_t ip_hdr_len; + uint16_t ip_tot_len; + union { + struct { + uint16_t ip_df; + uint8_t ip_tos; + } out_tunnel; + struct { + uint16_t hdr_len; + uint16_t trl_len; + } in; + }; + union { + struct { + uint8_t tos; + uint8_t ttl; + uint16_t frag_offset; + } ah_ipv4; + }; + ipsec_aad_t aad; + uint8_t iv[IPSEC_MAX_IV_LEN]; +} ipsec_state_t; + +static int ipsec_parse_ipv4(ipsec_state_t *state) +{ + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(state->ip->frag_offset))) + return -1; - ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); - ODP_ASSERT(NULL != ip); + state->ip_hdr_len = ipv4_hdr_len(state->ip); + state->ip_tot_len = odp_be_to_cpu_16(state->ip->tot_len); - ip_tos = 0; - ip_ttl = 0; - ip_frag_offset = 0; + return 0; +} - /* Initialize parameters block */ - memset(¶m, 0, sizeof(param)); +static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, + odp_ipsec_protocol_t proto, + uint32_t spi, + void *dst_addr, + odp_ipsec_op_status_t *status) +{ + ipsec_sa_t *ipsec_sa; + + if (ODP_IPSEC_SA_INVALID == sa) { + ipsec_sa_lookup_t lookup; + + lookup.proto = proto; + lookup.spi = spi; + lookup.dst_addr = dst_addr; + + ipsec_sa = _odp_ipsec_sa_lookup(&lookup); + if (NULL == ipsec_sa) { + status->error.sa_lookup = 1; + return NULL; + } + } else { + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); + if (ipsec_sa->proto != proto || + ipsec_sa->spi != spi) { + status->error.proto = 1; + return ipsec_sa; + } + } + + return ipsec_sa; +} - ipsec_offset = ip_offset + ip_hdr_len; +static int ipsec_in_iv(odp_packet_t pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + uint16_t iv_offset) +{ + memcpy(state->iv, ipsec_sa->salt, ipsec_sa->salt_length); + if (odp_packet_copy_to_mem(pkt, + iv_offset, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length) < 0) + return -1; - if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + if (ipsec_sa->aes_ctr_iv) { + state->iv[12] = 0; + state->iv[13] = 0; + state->iv[14] = 0; + state->iv[15] = 1; + } + + return 0; +} + +static int ipsec_in_esp(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t **_ipsec_sa, + odp_ipsec_sa_t sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_esphdr_t esp; + uint16_t ipsec_offset; + ipsec_sa_t *ipsec_sa; + + ipsec_offset = state->ip_offset + state->ip_hdr_len; + + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, + sizeof(esp), &esp) < 0) { status->error.alg = 1; - goto err; + return -1; } - if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { - status->error.proto = 1; - goto err; + ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_ESP, + odp_be_to_cpu_32(esp.spi), + &state->ip->dst_addr, status); + *_ipsec_sa = ipsec_sa; + if (status->error.all) + return -1; + + if (ipsec_in_iv(*pkt, state, ipsec_sa, + ipsec_offset + _ODP_ESPHDR_LEN) < 0) { + status->error.alg = 1; + return -1; } - /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == ip->proto) { - _odp_esphdr_t esp; + state->in.hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; + state->in.trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(esp), &esp) < 0) { - status->error.alg = 1; - goto err; - } + param->cipher_range.offset = ipsec_offset + state->in.hdr_len; + param->cipher_range.length = state->ip_tot_len - + state->ip_hdr_len - + state->in.hdr_len - + ipsec_sa->icv_len; + param->override_iv_ptr = state->iv; - if (ODP_IPSEC_SA_INVALID == sa) { - ipsec_sa_lookup_t lookup; + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; - lookup.proto = ODP_IPSEC_ESP; - lookup.spi = odp_be_to_cpu_32(esp.spi); - lookup.dst_addr = &ip->dst_addr; + param->aad.ptr = (uint8_t *)&state->aad; - ipsec_sa = _odp_ipsec_sa_lookup(&lookup); - if (NULL == ipsec_sa) { - status->error.sa_lookup = 1; - goto err; - } - } else { - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); - if (ipsec_sa->proto != ODP_IPSEC_ESP || - ipsec_sa->spi != odp_be_to_cpu_32(esp.spi)) { - status->error.proto = 1; - goto err; - } - } + param->auth_range.offset = ipsec_offset; + param->auth_range.length = state->ip_tot_len - + state->ip_hdr_len - + ipsec_sa->icv_len; + param->hash_result_offset = state->ip_offset + + state->ip_tot_len - + ipsec_sa->icv_len; - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - if (odp_packet_copy_to_mem(pkt, - ipsec_offset + _ODP_ESPHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length) < 0) { - status->error.alg = 1; - goto err; - } + state->stats_length = param->cipher_range.length; - if (ipsec_sa->aes_ctr_iv) { - iv[12] = 0; - iv[13] = 0; - iv[14] = 0; - iv[15] = 1; - } + return 0; +} - hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; - trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; +static int ipsec_in_esp_post(odp_packet_t pkt, + ipsec_state_t *state) +{ + _odp_esptrl_t esptrl; + uint32_t esptrl_offset = state->ip_offset + + state->ip_tot_len - + state->in.trl_len; + + if (odp_packet_copy_to_mem(pkt, esptrl_offset, + sizeof(esptrl), &esptrl) < 0 || + state->ip_offset + esptrl.pad_len > esptrl_offset || + _odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, + ipsec_padding, esptrl.pad_len) != 0) + return -1; - param.cipher_range.offset = ipsec_offset + hdr_len; - param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - hdr_len - - ipsec_sa->icv_len; - param.override_iv_ptr = iv; + state->ip->proto = esptrl.next_header; + state->in.trl_len += esptrl.pad_len; - aad.spi = esp.spi; - aad.seq_no = esp.seq_no; + return 0; +} - param.aad.ptr = (uint8_t *)&aad; +static int ipsec_in_ah(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t **_ipsec_sa, + odp_ipsec_sa_t sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_ahhdr_t ah; + uint16_t ipsec_offset; + ipsec_sa_t *ipsec_sa; - param.auth_range.offset = ipsec_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - ipsec_sa->icv_len; - param.hash_result_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - ipsec_sa->icv_len; + ipsec_offset = state->ip_offset + state->ip_hdr_len; - stats_length = param.cipher_range.length; - } else if (_ODP_IPPROTO_AH == ip->proto) { - _odp_ahhdr_t ah; + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, + sizeof(ah), &ah) < 0) { + status->error.alg = 1; + return -1; + } - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(ah), &ah) < 0) { - status->error.alg = 1; - goto err; - } + ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_AH, + odp_be_to_cpu_32(ah.spi), + &state->ip->dst_addr, status); + *_ipsec_sa = ipsec_sa; + if (status->error.all) + return -1; - if (ODP_IPSEC_SA_INVALID == sa) { - ipsec_sa_lookup_t lookup; + if (ipsec_in_iv(*pkt, state, ipsec_sa, + ipsec_offset + _ODP_AHHDR_LEN) < 0) { + status->error.alg = 1; + return -1; + } - lookup.proto = ODP_IPSEC_AH; - lookup.spi = odp_be_to_cpu_32(ah.spi); - lookup.dst_addr = &ip->dst_addr; + param->override_iv_ptr = state->iv; - ipsec_sa = _odp_ipsec_sa_lookup(&lookup); - if (NULL == ipsec_sa) { - status->error.sa_lookup = 1; - goto err; - } - } else { - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); - if (ipsec_sa->proto != ODP_IPSEC_AH || - ipsec_sa->spi != odp_be_to_cpu_32(ah.spi)) { - status->error.proto = 1; - goto err; - } - } + state->in.hdr_len = (ah.ah_len + 2) * 4; + state->in.trl_len = 0; - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - if (odp_packet_copy_to_mem(pkt, - ipsec_offset + _ODP_AHHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length) < 0) { - status->error.alg = 1; - goto err; - } - param.override_iv_ptr = iv; + /* Save everything to context */ + state->ah_ipv4.tos = state->ip->tos; + state->ah_ipv4.frag_offset = state->ip->frag_offset; + state->ah_ipv4.ttl = state->ip->ttl; + + /* FIXME: zero copy of header, passing it to crypto! */ + /* + * If authenticating, zero the mutable fields build the request + */ + state->ip->chksum = 0; + state->ip->tos = 0; + state->ip->frag_offset = 0; + state->ip->ttl = 0; - hdr_len = (ah.ah_len + 2) * 4; - trl_len = 0; + state->aad.spi = ah.spi; + state->aad.seq_no = ah.seq_no; - /* Save everything to context */ - ip_tos = ip->tos; - ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); - ip_ttl = ip->ttl; + param->aad.ptr = (uint8_t *)&state->aad; - /* FIXME: zero copy of header, passing it to crypto! */ - /* - * If authenticating, zero the mutable fields build the request - */ - ip->chksum = 0; - ip->tos = 0; - ip->frag_offset = 0; - ip->ttl = 0; + param->auth_range.offset = state->ip_offset; + param->auth_range.length = state->ip_tot_len; + param->hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len; - aad.spi = ah.spi; - aad.seq_no = ah.seq_no; + state->stats_length = param->auth_range.length; - param.aad.ptr = (uint8_t *)&aad; + return 0; +} + +static int ipsec_in_ah_post(odp_packet_t pkt, + ipsec_state_t *state) +{ + _odp_ahhdr_t ah; + uint16_t ipsec_offset; - param.auth_range.offset = ip_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); - param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len; + ipsec_offset = state->ip_offset + state->ip_hdr_len; - stats_length = param.auth_range.length; + if (odp_packet_copy_to_mem(pkt, ipsec_offset, + sizeof(ah), &ah) < 0) + return -1; + + state->ip->proto = ah.next_header; + + /* Restore mutable fields */ + state->ip->ttl = state->ah_ipv4.ttl; + state->ip->tos = state->ah_ipv4.tos; + state->ip->frag_offset = state->ah_ipv4.frag_offset; + + return 0; +} + +static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, + odp_ipsec_sa_t sa, + odp_packet_t *pkt_out, + odp_ipsec_op_status_t *status) +{ + ipsec_state_t state; + ipsec_sa_t *ipsec_sa = NULL; + odp_crypto_packet_op_param_t param; + int rc; + odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; + + state.ip_offset = odp_packet_l3_offset(pkt); + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); + + state.ip = odp_packet_l3_ptr(pkt, NULL); + ODP_ASSERT(NULL != state.ip); + + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); + + rc = ipsec_parse_ipv4(&state); + if (rc < 0 || + state.ip_tot_len + state.ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + + /* Check IP header for IPSec protocols and look it up */ + if (_ODP_IPPROTO_ESP == state.ip->proto) { + rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); + } else if (_ODP_IPPROTO_AH == state.ip->proto) { + rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else { status->error.proto = 1; goto err; } + if (rc < 0) + goto err; if (_odp_ipsec_sa_replay_precheck(ipsec_sa, - odp_be_to_cpu_32(aad.seq_no), + odp_be_to_cpu_32(state.aad.seq_no), status) < 0) goto err; @@ -450,70 +560,30 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; } - if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + if (_odp_ipsec_sa_stats_update(ipsec_sa, + state.stats_length, + status) < 0) goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, - odp_be_to_cpu_32(aad.seq_no), + odp_be_to_cpu_32(state.aad.seq_no), status) < 0) goto err; - ip_offset = odp_packet_l3_offset(pkt); - ip = odp_packet_l3_ptr(pkt, NULL); - ip_hdr_len = ipv4_hdr_len(ip); - - if (_ODP_IPPROTO_ESP == ip->proto) { - /* - * Finish cipher by finding ESP trailer and processing - */ - _odp_esptrl_t esptrl; - uint32_t esptrl_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - trl_len; - - if (odp_packet_copy_to_mem(pkt, esptrl_offset, - sizeof(esptrl), &esptrl) < 0) { - status->error.proto = 1; - goto err; - } - - if (ip_offset + esptrl.pad_len > esptrl_offset) { - status->error.proto = 1; - goto err; - } - - if (_odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, - ipsec_padding, esptrl.pad_len) != 0) { - status->error.proto = 1; - goto err; - } + state.ip = odp_packet_l3_ptr(pkt, NULL); - ip->proto = esptrl.next_header; - trl_len += esptrl.pad_len; - } else if (_ODP_IPPROTO_AH == ip->proto) { - /* - * Finish auth - */ - _odp_ahhdr_t ah; - - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(ah), &ah) < 0) { - status->error.alg = 1; - goto err; - } - - ip->proto = ah.next_header; - - /* Restore mutable fields */ - ip->ttl = ip_ttl; - ip->tos = ip_tos; - ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); - } else { + if (ODP_IPSEC_ESP == ipsec_sa->proto) + rc = ipsec_in_esp_post(pkt, &state); + else if (ODP_IPSEC_AH == ipsec_sa->proto) + rc = ipsec_in_ah_post(pkt, &state); + else + rc = -1; + if (rc < 0) { status->error.proto = 1; goto err; } - if (odp_packet_trunc_tail(&pkt, trl_len, NULL, NULL) < 0) { + if (odp_packet_trunc_tail(&pkt, state.in.trl_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } @@ -521,32 +591,36 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { /* We have a tunneled IPv4 packet, strip outer and IPsec * headers */ - odp_packet_move_data(pkt, ip_hdr_len + hdr_len, 0, - ip_offset); - if (odp_packet_trunc_head(&pkt, ip_hdr_len + hdr_len, + odp_packet_move_data(pkt, state.ip_hdr_len + state.in.hdr_len, + 0, + state.ip_offset); + if (odp_packet_trunc_head(&pkt, state.ip_hdr_len + + state.in.hdr_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } + + if (odp_packet_len(pkt) > sizeof(*state.ip)) { + state.ip = odp_packet_l3_ptr(pkt, NULL); + state.ip->ttl -= ipsec_sa->dec_ttl; + _odp_ipv4_csum_update(pkt); + } } else { - odp_packet_move_data(pkt, hdr_len, 0, - ip_offset + ip_hdr_len); - if (odp_packet_trunc_head(&pkt, hdr_len, + odp_packet_move_data(pkt, state.in.hdr_len, 0, + state.ip_offset + state.ip_hdr_len); + if (odp_packet_trunc_head(&pkt, state.in.hdr_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } - } - - /* Finalize the IPv4 header */ - if (odp_packet_len(pkt) > sizeof(*ip)) { - ip = odp_packet_l3_ptr(pkt, NULL); - - if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) - ipv4_adjust_len(ip, -(hdr_len + trl_len)); - ip->ttl -= ipsec_sa->dec_ttl; - _odp_ipv4_csum_update(pkt); + if (odp_packet_len(pkt) > sizeof(*state.ip)) { + state.ip = odp_packet_l3_ptr(pkt, NULL); + ipv4_adjust_len(state.ip, + -(state.in.hdr_len + state.in.trl_len)); + _odp_ipv4_csum_update(pkt); + } } pkt_hdr = odp_packet_hdr(pkt); @@ -554,7 +628,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, packet_parse_reset(pkt_hdr); packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - ip_offset, _ODP_ETHTYPE_IPV4); + state.ip_offset, _ODP_ETHTYPE_IPV4); *pkt_out = pkt; @@ -577,317 +651,353 @@ uint32_t ipsec_seq_no(ipsec_sa_t *ipsec_sa) } /* Helper for calculating encode length using data length and block size */ -#define ESP_ENCODE_LEN(x, b) ((((x) + ((b) - 1)) / (b)) * (b)) +#define IPSEC_PAD_LEN(x, b) ((((x) + ((b) - 1)) / (b)) * (b)) -static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, - odp_ipsec_sa_t sa, - odp_packet_t *pkt_out, - odp_ipsec_out_opt_t *opt ODP_UNUSED, - odp_ipsec_op_status_t *status) +static int ipsec_out_tunnel_parse_ipv4(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) { - ipsec_sa_t *ipsec_sa = NULL; - uint32_t ip_offset = odp_packet_l3_offset(pkt); - _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); - uint16_t ip_hdr_len = ipv4_hdr_len(ip); - odp_crypto_packet_op_param_t param; - unsigned stats_length; - int rc; - uint16_t ipsec_offset; /**< Offset of IPsec header from - buffer start */ - uint8_t iv[IPSEC_MAX_IV_LEN]; /**< ESP IV storage */ - ipsec_aad_t aad; /**< AAD, note ESN is not fully supported */ - unsigned hdr_len; /**< Length of IPsec headers */ - unsigned trl_len; /**< Length of IPsec trailers */ - uint8_t ip_tos; /**< Saved IP TOS value */ - uint8_t ip_ttl; /**< Saved IP TTL value */ - uint16_t ip_frag_offset; /**< Saved IP flags value */ - odp_crypto_packet_result_t crypto; /**< Crypto operation result */ - odp_packet_hdr_t *pkt_hdr; + _odp_ipv4hdr_t *ipv4hdr = state->ip; + uint16_t flags = odp_be_to_cpu_16(ipv4hdr->frag_offset); - ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); - ODP_ASSERT(NULL != ip); + ipv4hdr->ttl -= ipsec_sa->dec_ttl; + state->out_tunnel.ip_tos = ipv4hdr->tos; + state->out_tunnel.ip_df = _ODP_IPV4HDR_FLAGS_DONT_FRAG(flags); - ip_tos = 0; - ip_ttl = 0; - ip_frag_offset = 0; + return 0; +} - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); +static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv4hdr_t out_ip; + uint16_t flags; + + out_ip.ver_ihl = 0x45; + if (ipsec_sa->copy_dscp) + out_ip.tos = state->out_tunnel.ip_tos; + else + out_ip.tos = (state->out_tunnel.ip_tos & + ~_ODP_IP_TOS_DSCP_MASK) | + (ipsec_sa->out.tun_dscp << + _ODP_IP_TOS_DSCP_SHIFT); + state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; + state->ip_tot_len += _ODP_IPV4HDR_LEN; + + out_ip.tot_len = odp_cpu_to_be_16(state->ip_tot_len); + /* No need to convert to BE: ID just should not be duplicated */ + out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, + 1); + if (ipsec_sa->copy_df) + flags = state->out_tunnel.ip_df; + else + flags = ((uint16_t)ipsec_sa->out.tun_df) << 14; + out_ip.frag_offset = odp_cpu_to_be_16(flags); + out_ip.ttl = ipsec_sa->out.tun_ttl; + out_ip.proto = _ODP_IPPROTO_IPIP; + /* Will be filled later by packet checksum update */ + out_ip.chksum = 0; + out_ip.src_addr = ipsec_sa->out.tun_src_ip; + out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; + + if (odp_packet_extend_head(pkt, _ODP_IPV4HDR_LEN, + NULL, NULL) < 0) + return -1; - /* Initialize parameters block */ - memset(¶m, 0, sizeof(param)); + odp_packet_move_data(*pkt, 0, _ODP_IPV4HDR_LEN, state->ip_offset); - if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode && - _ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { - status->error.alg = 1; - goto err; - } + odp_packet_copy_from_mem(*pkt, state->ip_offset, + _ODP_IPV4HDR_LEN, &out_ip); - if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { - status->error.alg = 1; - goto err; - } + odp_packet_l4_offset_set(*pkt, state->ip_offset + _ODP_IPV4HDR_LEN); - if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { - _odp_ipv4hdr_t out_ip; - uint16_t tot_len; + state->ip = odp_packet_l3_ptr(*pkt, NULL); + state->ip_hdr_len = _ODP_IPV4HDR_LEN; - ip->ttl -= ipsec_sa->dec_ttl; + return 0; +} - out_ip.ver_ihl = 0x45; - if (ipsec_sa->copy_dscp) - out_ip.tos = ip->tos; - else - out_ip.tos = (ip->tos & ~_ODP_IP_TOS_DSCP_MASK) | - (ipsec_sa->out.tun_dscp << - _ODP_IP_TOS_DSCP_SHIFT); - tot_len = odp_be_to_cpu_16(ip->tot_len) + _ODP_IPV4HDR_LEN; - out_ip.tot_len = odp_cpu_to_be_16(tot_len); - /* No need to convert to BE: ID just should not be duplicated */ - out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, - 1); - if (ipsec_sa->copy_df) - out_ip.frag_offset = ip->frag_offset & 0x4000; - else - out_ip.frag_offset = - ((uint16_t)ipsec_sa->out.tun_df) << 14; - out_ip.ttl = ipsec_sa->out.tun_ttl; - out_ip.proto = _ODP_IPV4; - /* Will be filled later by packet checksum update */ - out_ip.chksum = 0; - out_ip.src_addr = ipsec_sa->out.tun_src_ip; - out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; - - if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, - NULL, NULL) < 0) { - status->error.alg = 1; - goto err; +static int ipsec_out_iv(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + return -1; + + memcpy(state->iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(state->iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + if (ipsec_sa->aes_ctr_iv) { + state->iv[12] = 0; + state->iv[13] = 0; + state->iv[14] = 0; + state->iv[15] = 1; } + } else if (ipsec_sa->esp_iv_len) { + uint32_t len; - odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); + len = odp_random_data(state->iv, ipsec_sa->esp_iv_len, + ODP_RANDOM_CRYPTO); - odp_packet_copy_from_mem(pkt, ip_offset, - _ODP_IPV4HDR_LEN, &out_ip); + if (len != ipsec_sa->esp_iv_len) + return -1; + } - odp_packet_l4_offset_set(pkt, ip_offset + _ODP_IPV4HDR_LEN); + return 0; +} - ip = odp_packet_l3_ptr(pkt, NULL); - ip_hdr_len = _ODP_IPV4HDR_LEN; +static int ipsec_out_esp(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_esphdr_t esp; + _odp_esptrl_t esptrl; + uint32_t encrypt_len; + uint16_t ip_data_len = state->ip_tot_len - + state->ip_hdr_len; + uint32_t pad_block = ipsec_sa->esp_block_len; + uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; + unsigned hdr_len; + unsigned trl_len; + + /* ESP trailer should be 32-bit right aligned */ + if (pad_block < 4) + pad_block = 4; + + encrypt_len = IPSEC_PAD_LEN(ip_data_len + _ODP_ESPTRL_LEN, + pad_block); + + hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; + trl_len = encrypt_len - + ip_data_len + + ipsec_sa->icv_len; + + if (ipsec_out_iv(state, ipsec_sa) < 0) { + status->error.alg = 1; + return -1; } - ipsec_offset = ip_offset + ip_hdr_len; + param->override_iv_ptr = state->iv; - if (ipsec_sa->proto == ODP_IPSEC_ESP) { - _odp_esphdr_t esp; - _odp_esptrl_t esptrl; - uint32_t encrypt_len; - uint16_t ip_data_len = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len; - uint32_t pad_block = ipsec_sa->esp_block_len; + if (odp_packet_extend_tail(pkt, trl_len, NULL, NULL) < 0 || + odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } - /* ESP trailer should be 32-bit right aligned */ - if (pad_block < 4) - pad_block = 4; + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); + + state->ip = odp_packet_l3_ptr(*pkt, NULL); + + /* Set IPv4 length before authentication */ + ipv4_adjust_len(state->ip, hdr_len + trl_len); + state->ip_tot_len += hdr_len + trl_len; + + uint32_t esptrl_offset = state->ip_offset + + state->ip_hdr_len + + hdr_len + + encrypt_len - + _ODP_ESPTRL_LEN; + + memset(&esp, 0, sizeof(esp)); + esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); + esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; + + param->aad.ptr = (uint8_t *)&state->aad; + + memset(&esptrl, 0, sizeof(esptrl)); + esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; + esptrl.next_header = state->ip->proto; + state->ip->proto = _ODP_IPPROTO_ESP; + + odp_packet_copy_from_mem(*pkt, + ipsec_offset, _ODP_ESPHDR_LEN, + &esp); + odp_packet_copy_from_mem(*pkt, + ipsec_offset + _ODP_ESPHDR_LEN, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length); + odp_packet_copy_from_mem(*pkt, + esptrl_offset - esptrl.pad_len, + esptrl.pad_len, ipsec_padding); + odp_packet_copy_from_mem(*pkt, + esptrl_offset, _ODP_ESPTRL_LEN, + &esptrl); + + param->cipher_range.offset = ipsec_offset + hdr_len; + param->cipher_range.length = state->ip_tot_len - + state->ip_hdr_len - + hdr_len - + ipsec_sa->icv_len; + + param->auth_range.offset = ipsec_offset; + param->auth_range.length = state->ip_tot_len - + state->ip_hdr_len - + ipsec_sa->icv_len; + param->hash_result_offset = state->ip_offset + + state->ip_tot_len - + ipsec_sa->icv_len; + + state->stats_length = param->cipher_range.length; - encrypt_len = ESP_ENCODE_LEN(ip_data_len + _ODP_ESPTRL_LEN, - pad_block); + return 0; +} - hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; - trl_len = encrypt_len - - ip_data_len + - ipsec_sa->icv_len; +static int ipsec_out_ah(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_ahhdr_t ah; + unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + + ipsec_sa->icv_len; + uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; - if (ipsec_sa->use_counter_iv) { - uint64_t ctr; + /* Save IPv4 stuff */ + state->ah_ipv4.tos = state->ip->tos; + state->ah_ipv4.frag_offset = state->ip->frag_offset; + state->ah_ipv4.ttl = state->ip->ttl; - /* Both GCM and CTR use 8-bit counters */ - ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } - ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, - 1); - /* Check for overrun */ - if (ctr == 0) - goto err; + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - memcpy(iv + ipsec_sa->salt_length, &ctr, - ipsec_sa->esp_iv_len); + state->ip = odp_packet_l3_ptr(*pkt, NULL); - if (ipsec_sa->aes_ctr_iv) { - iv[12] = 0; - iv[13] = 0; - iv[14] = 0; - iv[15] = 1; - } - } else if (ipsec_sa->esp_iv_len) { - uint32_t len; + /* Set IPv4 length before authentication */ + ipv4_adjust_len(state->ip, hdr_len); + state->ip_tot_len += hdr_len; - len = odp_random_data(iv, ipsec_sa->esp_iv_len, - ODP_RANDOM_CRYPTO); + memset(&ah, 0, sizeof(ah)); + ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); + ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; + ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + ah.next_header = state->ip->proto; + state->ip->proto = _ODP_IPPROTO_AH; - if (len != ipsec_sa->esp_iv_len) { - status->error.alg = 1; - goto err; - } - } + state->aad.spi = ah.spi; + state->aad.seq_no = ah.seq_no; - param.override_iv_ptr = iv; + param->aad.ptr = (uint8_t *)&state->aad; - if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + /* For GMAC */ + if (ipsec_out_iv(state, ipsec_sa) < 0) { + status->error.alg = 1; + return -1; + } - if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + param->override_iv_ptr = state->iv; - odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); - - ip = odp_packet_l3_ptr(pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(ip, hdr_len + trl_len); - - uint32_t esptrl_offset = ip_offset + - ip_hdr_len + - hdr_len + - encrypt_len - - _ODP_ESPTRL_LEN; - - memset(&esp, 0, sizeof(esp)); - esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); - esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - - aad.spi = esp.spi; - aad.seq_no = esp.seq_no; - - param.aad.ptr = (uint8_t *)&aad; - - memset(&esptrl, 0, sizeof(esptrl)); - esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; - esptrl.next_header = ip->proto; - ip->proto = _ODP_IPPROTO_ESP; - - odp_packet_copy_from_mem(pkt, - ipsec_offset, _ODP_ESPHDR_LEN, - &esp); - odp_packet_copy_from_mem(pkt, - ipsec_offset + _ODP_ESPHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length); - odp_packet_copy_from_mem(pkt, - esptrl_offset - esptrl.pad_len, - esptrl.pad_len, ipsec_padding); - odp_packet_copy_from_mem(pkt, - esptrl_offset, _ODP_ESPTRL_LEN, - &esptrl); - - param.cipher_range.offset = ipsec_offset + hdr_len; - param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - hdr_len - - ipsec_sa->icv_len; - - param.auth_range.offset = ipsec_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - ipsec_sa->icv_len; - param.hash_result_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - ipsec_sa->icv_len; - - stats_length = param.cipher_range.length; - } else if (ipsec_sa->proto == ODP_IPSEC_AH) { - _odp_ahhdr_t ah; - - hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + - ipsec_sa->icv_len; - trl_len = 0; - - /* Save IPv4 stuff */ - ip_tos = ip->tos; - ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); - ip_ttl = ip->ttl; - - if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + odp_packet_copy_from_mem(*pkt, + ipsec_offset, _ODP_AHHDR_LEN, + &ah); + odp_packet_copy_from_mem(*pkt, + ipsec_offset + _ODP_AHHDR_LEN, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length); + _odp_packet_set_data(*pkt, + ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len, + 0, ipsec_sa->icv_len); - if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + state->ip->chksum = 0; + state->ip->tos = 0; + state->ip->frag_offset = 0; + state->ip->ttl = 0; - odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); + param->auth_range.offset = state->ip_offset; + param->auth_range.length = state->ip_tot_len; + param->hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len; - ip = odp_packet_l3_ptr(pkt, NULL); + state->stats_length = param->auth_range.length; - /* Set IPv4 length before authentication */ - ipv4_adjust_len(ip, hdr_len + trl_len); + return 0; +} - memset(&ah, 0, sizeof(ah)); - ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); - ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; - ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - ah.next_header = ip->proto; - ip->proto = _ODP_IPPROTO_AH; +static void ipsec_out_ah_post(ipsec_state_t *state) +{ + state->ip->ttl = state->ah_ipv4.ttl; + state->ip->tos = state->ah_ipv4.tos; + state->ip->frag_offset = state->ah_ipv4.frag_offset; +} - aad.spi = ah.spi; - aad.seq_no = ah.seq_no; +static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, + odp_ipsec_sa_t sa, + odp_packet_t *pkt_out, + odp_ipsec_out_opt_t *opt ODP_UNUSED, + odp_ipsec_op_status_t *status) +{ + ipsec_state_t state; + ipsec_sa_t *ipsec_sa; + odp_crypto_packet_op_param_t param; + int rc; + odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; - param.aad.ptr = (uint8_t *)&aad; + state.ip_offset = odp_packet_l3_offset(pkt); + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); - /* For GMAC */ - if (ipsec_sa->use_counter_iv) { - uint64_t ctr; + state.ip = odp_packet_l3_ptr(pkt, NULL); + ODP_ASSERT(NULL != state.ip); - ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); - ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, - 1); - /* Check for overrun */ - if (ctr == 0) - goto err; + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - memcpy(iv + ipsec_sa->salt_length, &ctr, - ipsec_sa->esp_iv_len); - param.override_iv_ptr = iv; + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) { + rc = ipsec_parse_ipv4(&state); + if (state.ip_tot_len + state.ip_offset != odp_packet_len(pkt)) + rc = -1; + } else { + rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + if (rc < 0) { + status->error.alg = 1; + goto err; } - odp_packet_copy_from_mem(pkt, - ipsec_offset, _ODP_AHHDR_LEN, - &ah); - odp_packet_copy_from_mem(pkt, - ipsec_offset + _ODP_AHHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length); - _odp_packet_set_data(pkt, - ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len, - 0, ipsec_sa->icv_len); - - ip->chksum = 0; - ip->tos = 0; - ip->frag_offset = 0; - ip->ttl = 0; - - param.auth_range.offset = ip_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); - param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len; - - stats_length = param.auth_range.length; + rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + } + if (rc < 0) { + status->error.alg = 1; + goto err; + } + + if (ODP_IPSEC_ESP == ipsec_sa->proto) { + rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status); + } else if (ODP_IPSEC_AH == ipsec_sa->proto) { + rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status); } else { status->error.alg = 1; goto err; } + if (rc < 0) + goto err; /* No need to run precheck here, we know that packet is authentic */ - if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + if (_odp_ipsec_sa_stats_update(ipsec_sa, + state.stats_length, + status) < 0) goto err; param.session = ipsec_sa->session; @@ -922,14 +1032,9 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto err; } - ip = odp_packet_l3_ptr(pkt, NULL); - /* Finalize the IPv4 header */ - if (ip->proto == _ODP_IPPROTO_AH) { - ip->ttl = ip_ttl; - ip->tos = ip_tos; - ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); - } + if (ODP_IPSEC_AH == ipsec_sa->proto) + ipsec_out_ah_post(&state); _odp_ipv4_csum_update(pkt); From patchwork Thu Nov 30 12:00:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120152 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp578489qgn; Thu, 30 Nov 2017 04:06:30 -0800 (PST) X-Google-Smtp-Source: AGs4zMZP6hOJ+CIJTAe4iSlPRFKCPUrS+yKGqCU0OgncVJojHK2tRqVrjji4SAqOiS04sMdmeUB7 X-Received: by 10.200.37.61 with SMTP id 58mr3068385qtm.187.1512043590305; Thu, 30 Nov 2017 04:06:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512043590; cv=none; d=google.com; s=arc-20160816; b=M/hn+gQEMN3iL0aozXxXeNkRRwPK036VQWaOl4CzVl5TsPaxM3h36bNToxfgl1QgtE dPuspJAByhCBOv78DhhF3CIw8g5XmK5DoQu7YdRwtgiHs56Gx+rvc/0huEFyUW7mqggs vVSq1+owx0kUA3Iw+iF1xLfX42nrCIAed9bEpV0Ju3gH6PsSgsEyzro0kk2fNqRB2UBz Muew6PlCRYB0SxEYH8lsQn823UlCp+9NCnqGpSDo8Tsbg1NebKMY8EBQimxHC+Cs9YPT uUp5nhEZ4HDPgZklU+4lHPz/BweNgTc5eBWa3pri800J6t0EKaY/XfJyr1gwoyrCMesS rgZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=tq6lh6FZCKuxNIpSrqXvymrsFitSZ8/l9QKPlOowJSA=; b=pSsdtpup7kfESVKsgqDk+Ro67IaHY9Ef1JBIa0JrU0/07V1MgObt6927HYzDgJY0yv 3BHi3i0PNGwYCGK9v7PjOR1ys93mV6Se4vv2p4YWI1qIyuMYRX1NFkAomK4LThGtVASW d7jJiR8DAmX8Vd+e8a2EMVoxtS2nV7WPSuyJE45ZN3hiki2FxKHdmpRKPieLKkpQ5LOE VDshx1e4RCVcAXRwF3E+ylvKv2vW/w9637/4XifX4AmgP5qtEdCT+rGiSMLR/lzUZ6+z wXvGZLSbARED6+7ynLR956SUI4nIALoGEOujQVMpqxHxqW3Mn376/htMWA2vo5VsCQOy okAA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id z9si4064868qtb.124.2017.11.30.04.06.29; Thu, 30 Nov 2017 04:06:30 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id D2F1F60964; Thu, 30 Nov 2017 12:06:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 5B3D76096B; Thu, 30 Nov 2017 12:02:44 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6C40160956; Thu, 30 Nov 2017 12:02:15 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id 9C3EA6096D for ; Thu, 30 Nov 2017 12:00:26 +0000 (UTC) Received: from mxback4j.mail.yandex.net (mxback4j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10d]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 7B14844452CC for ; Thu, 30 Nov 2017 15:00:25 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback4j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id LAJacOGEmo-0PDOIcns; Thu, 30 Nov 2017 15:00:25 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0O24MvJX; Thu, 30 Nov 2017 15:00:24 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:08 +0300 Message-Id: <1512043220-8803-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 3/15] validation: ipsec: fix next_header field in mcgrew gcm test vectors X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Test vectors from draft-mcgrew-gcm-test-01 contain invalid next_header field in ESP trailers (0x01 = ICMP instead of 0x04 = IPv4). Correct test vectors. Test 12 is disabled till NoNH packets are properly supported in a defined way. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ test/validation/api/ipsec/ipsec_test_in.c | 4 ++++ test/validation/api/ipsec/test_vectors.h | 30 +++++++++++++++--------------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index daafaf69a..5af98112a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -947,6 +947,7 @@ static void test_in_ipv4_mcgrew_gcm_4_esp(void) ipsec_sa_destroy(sa); } +#if 0 static void test_in_ipv4_mcgrew_gcm_12_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; @@ -977,6 +978,7 @@ static void test_in_ipv4_mcgrew_gcm_12_esp(void) ipsec_sa_destroy(sa); } +#endif static void test_in_ipv4_mcgrew_gcm_15_esp(void) { @@ -1094,8 +1096,10 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_aes_gcm_256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_4_esp, ipsec_check_esp_aes_gcm_128), +#if 0 ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_12_esp, ipsec_check_esp_aes_gcm_128), +#endif ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_15_esp, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 51aa97ccb..c057f7765 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -1021,9 +1021,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_2_esp = { 0x3d, 0xe8, 0x18, 0x27, 0xc1, 0x0e, 0x9a, 0x4f, 0x51, 0x33, 0x0d, 0x0e, 0xec, 0x41, 0x66, 0x42, 0xcf, 0xbb, 0x85, 0xa5, 0xb4, 0x7e, 0x48, 0xa4, - 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd1, - 0x83, 0xb7, 0x0d, 0x3a, 0xa8, 0xbc, 0x6e, 0xe4, - 0xc3, 0x09, 0xe9, 0xd8, 0x5a, 0x41, 0xad, 0x4a, + 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd4, + 0x26, 0xf8, 0x39, 0x1b, 0x99, 0x27, 0xd0, 0xfc, + 0xc9, 0x84, 0x56, 0x1b, 0xbb, 0xce, 0x9f, 0xc0, }, }; @@ -1078,9 +1078,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_3_esp = { 0x06, 0xef, 0xae, 0x9d, 0x65, 0xa5, 0xd7, 0x63, 0x74, 0x8a, 0x63, 0x79, 0x85, 0x77, 0x1d, 0x34, 0x7f, 0x05, 0x45, 0x65, 0x9f, 0x14, 0xe9, 0x9d, - 0xef, 0x84, 0x2d, 0x8e, 0xb3, 0x35, 0xf4, 0xee, - 0xcf, 0xdb, 0xf8, 0x31, 0x82, 0x4b, 0x4c, 0x49, - 0x15, 0x95, 0x6c, 0x96, + 0xef, 0x84, 0x2d, 0x8b, 0x42, 0xf5, 0x64, 0xf5, + 0x2d, 0xfd, 0xd6, 0xee, 0xf4, 0xf9, 0x2e, 0xad, + 0xba, 0xc2, 0x39, 0x90, }, }; @@ -1137,9 +1137,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_4_esp = { 0x45, 0x64, 0x76, 0x49, 0x27, 0x19, 0xff, 0xb6, 0x4d, 0xe7, 0xd9, 0xdc, 0xa1, 0xe1, 0xd8, 0x94, 0xbc, 0x3b, 0xd5, 0x78, 0x73, 0xed, 0x4d, 0x18, - 0x1d, 0x19, 0xd4, 0xd5, 0xc8, 0xc1, 0x8a, 0xf3, - 0xf8, 0x21, 0xd4, 0x96, 0xee, 0xb0, 0x96, 0xe9, - 0x8a, 0xd2, 0xb6, 0x9e, 0x47, 0x99, 0xc7, 0x1d, + 0x1d, 0x19, 0xd4, 0xd5, 0xc8, 0xc1, 0x8a, 0xf6, + 0xfe, 0x1d, 0x73, 0x72, 0x22, 0x8a, 0x69, 0xf4, + 0x0d, 0xeb, 0x37, 0x3d, 0xdc, 0x01, 0x67, 0x6b, }, }; @@ -1177,9 +1177,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_12_esp = { 0x43, 0x45, 0x7e, 0x91, 0x82, 0x44, 0x3b, 0xc6, /* Data */ - 0x43, 0x7f, 0x86, 0x6b, 0xcb, 0x3f, 0x69, 0x9f, - 0xe9, 0xb0, 0x82, 0x2b, 0xac, 0x96, 0x1c, 0x45, - 0x04, 0xbe, 0xf2, 0x70, + 0x43, 0x7f, 0x86, 0x51, 0x7e, 0xa5, 0x95, 0xd2, + 0xca, 0x00, 0x4c, 0x33, 0x38, 0x8c, 0x46, 0x77, + 0x0c, 0x59, 0x0a, 0xd6, }, }; @@ -1234,9 +1234,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = { 0x02, 0x00, 0x07, 0x00, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, - 0x01, 0x02, 0x02, 0x01, 0xf2, 0xa9, 0xa8, 0x36, - 0xe1, 0x55, 0x10, 0x6a, 0xa8, 0xdc, 0xd6, 0x18, - 0xe4, 0x09, 0x9a, 0xaa, + 0x01, 0x02, 0x02, 0x04, 0x59, 0x4f, 0x40, 0x55, + 0x42, 0x8d, 0x39, 0x9a, 0x9d, 0x66, 0xc1, 0x5e, + 0x77, 0x02, 0x3a, 0x98, }, }; From patchwork Thu Nov 30 12:00:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120162 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp593913qgn; Thu, 30 Nov 2017 04:20:24 -0800 (PST) X-Google-Smtp-Source: AGs4zMa2KHNpgKLG3RaUSuOD8X6uSYH506pYdHkbgxdJMXT7zZ3RzKIAtmTlkjgFXKss+2YBt4e6 X-Received: by 10.55.32.74 with SMTP id g71mr2098876qkg.287.1512044424737; Thu, 30 Nov 2017 04:20:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044424; cv=none; d=google.com; s=arc-20160816; b=JfcEyzlOZLRxRSH5jcjhuqqCAkwT3U3Df2ekRukgd/NMXUAfQOuQVUNpxySF0N7DHX qCvJA0rOZgJ0cCaaDmHbRZhVGTKR8naC6ZdhcnRpYvVcDFEKJlgpkqx43FOCt/qrv5X0 JAbO8Qkrayje3Lv22lE7WaDtDYNiz5/oKaHgdltvmSCyXFrv1C8MZIA4e8XXnuxzGcvd 6Kxn1OJlqBa1sI2m/eI/xYEPQCaLJHE3RYy/NDGEbaqJu8XB2Xvu5TNb0sJ/BXrkHku3 mzfDhFMVeS4YgQxsrh6LIZOFRpBso19Ax0HNalhf9ChQ7+eRc9PmxCu7JrpluZi9hKKi gJLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Mu4BJWOaSJlSmfHS4dAwJwLgkOSC+Gq00SIialuWDto=; b=f5DaN4XDo16YNQNUnm0Qf6UBT6EKfgalV4mXZ0nvM4lu9DKel4/FmLKSBEOObYT0Dr hH9nc2I/lNqBBIrETxSbaEfazovO6w3zGO+APPiz6tqRt6+r7ktQ4sSxUr83EPMPx5mA 68+KvXKhplFltCi72UEihAoWCJaZ/Bu1Gb33gmuDO9/7ZRGsDXv3eIil/i+2rzFnxK2Z P4VE7D7XwZllrCB8MtbwhdIa/BKwL8vGzWBJ8biTrRjXiX808Mh4UXgr6WQ3AvS38pID ryU+zqwo0Qy1Jf4cPeejxCXvOQMUTwKesdPFJ9YhXLaiVwoJNRw/JQYnT2Kb+v51g7kV sOkg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id v68si4345906qkc.41.2017.11.30.04.20.24; Thu, 30 Nov 2017 04:20:24 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6B7B2609A5; Thu, 30 Nov 2017 12:20:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 480BB60948; Thu, 30 Nov 2017 12:03:41 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 8713660956; Thu, 30 Nov 2017 12:02:16 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id 2E3CA6096F for ; Thu, 30 Nov 2017 12:00:27 +0000 (UTC) Received: from mxback7g.mail.yandex.net (mxback7g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:168]) by forward104p.mail.yandex.net (Yandex) with ESMTP id 22D4A18621C for ; Thu, 30 Nov 2017 15:00:26 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback7g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id N7vREaiHOX-0QKWbVFx; Thu, 30 Nov 2017 15:00:26 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0P24Fmx9; Thu, 30 Nov 2017 15:00:25 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:09 +0300 Message-Id: <1512043220-8803-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 4/15] linux-gen: don't include odp_ipsec_internal.h in odp_packet_internal.h X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Such include adds unnecessary build dependencies. Just include , which is enough. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ platform/linux-generic/include/odp_packet_internal.h | 2 +- platform/linux-generic/pktio/loop.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp_packet_internal.h b/platform/linux-generic/include/odp_packet_internal.h index ab31d0704..58b7ffe7f 100644 --- a/platform/linux-generic/include/odp_packet_internal.h +++ b/platform/linux-generic/include/odp_packet_internal.h @@ -25,7 +25,7 @@ extern "C" { #include #include #include -#include +#include #include #include diff --git a/platform/linux-generic/pktio/loop.c b/platform/linux-generic/pktio/loop.c index 8bb4b4f14..199aa482f 100644 --- a/platform/linux-generic/pktio/loop.c +++ b/platform/linux-generic/pktio/loop.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include From patchwork Thu Nov 30 12:00:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120155 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp586423qgn; Thu, 30 Nov 2017 04:13:21 -0800 (PST) X-Google-Smtp-Source: AGs4zMYCcyB3VxNoGHVMOgubhqPlaOXumvxjC5WOuhHjq7VJM8wlVMNpN3bTttu/rmkqPyi4KT1q X-Received: by 10.237.59.22 with SMTP id p22mr3084357qte.34.1512044001789; Thu, 30 Nov 2017 04:13:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044001; cv=none; d=google.com; s=arc-20160816; b=Xr8umlszv88jhOnFQzGGM3hmAGYWpAsLyHZOQAWgWNHtshq5EgARDHRcVI+V3jeiLH ZeCNuZo1mldBBrEs/LZ/a7hA5BQ4CeHzZ0foqPmzF44fyivae8z7UuKrtmQHvEajh+cH mhkMGjdvPISVpTxCSsch0y3gr8QpjUbYoNc2RaBt2RNWlgpIJxClPSqC1M8OJ9U2rxMq LzfeCmSworkwA+sN5JNlqsPT/bg22fQxpeF7eUJK4FVniUIYOLike2lSfcmvVW1kBFQR KA38JAtPMQo6/hy3VfPCw9uQTgpw9q4tTewX+rWaCaodHWLQqp9gONL+WLTGGCfgy/wC o5kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Sq9HaVr0xo6cbOLv9pUfWHaZ87yPOc/eNVlxpwZL3+c=; b=zt3NjF5vxqkTGo/ZLyzqdqXM/mZjuFGcomfdo2V+BnqVsf7UVwmiyc8KyUTf+7Icet pX+SIwkmCwrj++qprYVIjhFwqHaoQWQ7YOrFy++7VKW2dMbaBAp/8JdPsMSieULSOLBe Aa6I8aRtFIOAcjKntewVviIYJ/yVe5XcvoGW0Ee6AfSbwuEcAx+Ic6R5h75GcFtlYiZK IqRmbl2DbQCXIs3WA8kLt85tFF3EQ9AoTiQYHNIBAmP3HDPtoy/rl4DMZi1L9OgQphrg 8sWx56ozyzdLCmpbbj/uxbzxmX/r323xWmkzO5qaT8rDs1IGKmsIzs5KluQVxepWXJMO iEJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 32si2879588qtr.415.2017.11.30.04.13.21; Thu, 30 Nov 2017 04:13:21 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6508A609FE; Thu, 30 Nov 2017 12:13:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 87F4160993; Thu, 30 Nov 2017 12:03:07 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 0AD7560956; Thu, 30 Nov 2017 12:02:20 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id 25AAC6096A for ; Thu, 30 Nov 2017 12:00:28 +0000 (UTC) Received: from mxback7j.mail.yandex.net (mxback7j.mail.yandex.net [IPv6:2a02:6b8:0:1619::110]) by forward106j.mail.yandex.net (Yandex) with ESMTP id 9D7B31803A33 for ; Thu, 30 Nov 2017 15:00:26 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback7j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id kaDWSbIWJW-0QtOAOek; Thu, 30 Nov 2017 15:00:26 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0Q2qFbwP; Thu, 30 Nov 2017 15:00:26 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:10 +0300 Message-Id: <1512043220-8803-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 5/15] linux-gen: protocols: ip: add more ipv6 defines X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ platform/linux-generic/include/protocols/ip.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/platform/linux-generic/include/protocols/ip.h b/platform/linux-generic/include/protocols/ip.h index 0fc391abe..7b6b736a6 100644 --- a/platform/linux-generic/include/protocols/ip.h +++ b/platform/linux-generic/include/protocols/ip.h @@ -161,11 +161,13 @@ typedef struct ODP_PACKED { #define _ODP_IPPROTO_IPIP 0x04 /**< IP Encapsulation within IP (4) */ #define _ODP_IPPROTO_TCP 0x06 /**< Transmission Control Protocol (6) */ #define _ODP_IPPROTO_UDP 0x11 /**< User Datagram Protocol (17) */ +#define _ODP_IPPROTO_IPV6 0x29 /**< IPv6 Routing header (41) */ #define _ODP_IPPROTO_ROUTE 0x2B /**< IPv6 Routing header (43) */ #define _ODP_IPPROTO_FRAG 0x2C /**< IPv6 Fragment (44) */ #define _ODP_IPPROTO_AH 0x33 /**< Authentication Header (51) */ #define _ODP_IPPROTO_ESP 0x32 /**< Encapsulating Security Payload (50) */ #define _ODP_IPPROTO_ICMPv6 0x3A /**< Internet Control Message Protocol (58) */ +#define _ODP_IPPROTO_DEST 0x3C /**< IPv6 Destination header (60) */ #define _ODP_IPPROTO_SCTP 0x84 /**< Stream Control Transmission protocol (132) */ #define _ODP_IPPROTO_INVALID 0xFF /**< Reserved invalid by IANA */ From patchwork Thu Nov 30 12:00:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120157 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp588063qgn; Thu, 30 Nov 2017 04:14:52 -0800 (PST) X-Google-Smtp-Source: AGs4zMb1F64/4w5oKjXnFAKQMQ2SGfsB/EErEYH2ny8B3sTTGqwsCvNozMw/lx/sDqMwYpvXjqxx X-Received: by 10.55.195.216 with SMTP id r85mr2123035qkl.218.1512044092766; Thu, 30 Nov 2017 04:14:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044092; cv=none; d=google.com; s=arc-20160816; b=eDVATX/Av53SfycQI3DUfJtRipqNhuO73EoP5PN+d0arf0RLEWeUxMhDeFAEKBzT+f vcqKk7ws1hbBotNrlP0wL6BMoHytv3OMFLEYYSWwGqMrIEMtfeqS6MLPTefLDVKPkJvP vmDELcT595K2/Opbn7JlhwdIfX5Un3Iy8n283zxN4i0VwXpeUIcmM6UY4JAj2lx8dWJI H8rKGIV2CNYI/ePOJzZxfmeJhevkvzTsT2tgybiVcUmOKfFgCrEvzrmdP+YeVAnBv1nU 9pwzprsMpGLPXUSo5B5+Wo2X3kvVUULWNLMTjfk1KBnRCKoBYw1S7etcqaqyaOQwIquc d9xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=lNfTgDiTavkbLGIu9VKo8QeKOkWLW+F2SZ6iDw/KjSw=; b=GncRmQa9sk/iOpuSqCkIrYsLWMj3AJy/3Ni9HRDpNwB2sOS5wSRvBZk0pAfXQV3/dk A/fH4uEGhlcI/p5CQDFM29Xzjtprvw0+U6yGZNl3M9KmGEybQ4b6gr4psBcWsJIk2L7B oSEyIutkKO6Kr2R/F1N5M+mdodqm0YkYL0EAglt84viVygr+EC/RKgxMpTPoNte9R8qz DxLvUcjmCSRAXBVB0Wr2t40ViDEWnZzIAKlDoR2IVfw8xzU5RtBv97hPwxc+mWg+/mEN rCkgDlzm6S4RtEoz5e3w181trmxsVICDbcXghBuIYz/42PxFHuWBzJZG3UmTKfpBDp25 G1pA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id q33si2548695qtj.263.2017.11.30.04.14.52; Thu, 30 Nov 2017 04:14:52 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 4D51860966; Thu, 30 Nov 2017 12:14:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 27509609A1; Thu, 30 Nov 2017 12:03:23 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id B056B60959; Thu, 30 Nov 2017 12:02:26 +0000 (UTC) Received: from forward100o.mail.yandex.net (forward100o.mail.yandex.net [37.140.190.180]) by lists.linaro.org (Postfix) with ESMTPS id 35D2160972 for ; Thu, 30 Nov 2017 12:00:30 +0000 (UTC) Received: from mxback18j.mail.yandex.net (mxback18j.mail.yandex.net [IPv6:2a02:6b8:0:1619::94]) by forward100o.mail.yandex.net (Yandex) with ESMTP id 2C9652A255D5 for ; Thu, 30 Nov 2017 15:00:28 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback18j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id jmz4eA6Kpl-0R6erxTk; Thu, 30 Nov 2017 15:00:28 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0Q2el3dJ; Thu, 30 Nov 2017 15:00:26 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:11 +0300 Message-Id: <1512043220-8803-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 6/15] linux-gen: ipsec: implement IPv6 protocol support X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Implement support for handling IPv6 packets and IPv6 tunnels. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ .../linux-generic/include/odp_ipsec_internal.h | 44 +- platform/linux-generic/odp_ipsec.c | 468 ++++++++++++++++----- platform/linux-generic/odp_ipsec_sad.c | 67 ++- 3 files changed, 440 insertions(+), 139 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 06447870b..b294e7c4a 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -24,6 +24,8 @@ extern "C" { #include #include +#include + /** @ingroup odp_ipsec * @{ */ @@ -127,10 +129,12 @@ struct ipsec_sa_s { unsigned dec_ttl : 1; unsigned copy_dscp : 1; unsigned copy_df : 1; + unsigned copy_flabel : 1; unsigned aes_ctr_iv : 1; /* Only for outbound */ unsigned use_counter_iv : 1; + unsigned tun_ipv4 : 1; /* Only for inbound */ unsigned antireplay : 1; @@ -140,23 +144,38 @@ struct ipsec_sa_s { union { struct { odp_ipsec_lookup_mode_t lookup_mode; - odp_u32be_t lookup_dst_ip; + odp_ipsec_ip_version_t lookup_ver; + union { + odp_u32be_t lookup_dst_ipv4; + uint8_t lookup_dst_ipv6[_ODP_IPV6ADDR_LEN]; + }; odp_atomic_u64_t antireplay; } in; struct { - odp_u32be_t tun_src_ip; - odp_u32be_t tun_dst_ip; - - /* 32-bit from which low 16 are used */ - odp_atomic_u32_t tun_hdr_id; - odp_atomic_u32_t seq; - odp_atomic_u64_t counter; /* for CTR/GCM */ + odp_atomic_u32_t seq; - uint8_t tun_ttl; - uint8_t tun_dscp; - uint8_t tun_df; + union { + struct { + odp_u32be_t src_ip; + odp_u32be_t dst_ip; + + /* 32-bit from which low 16 are used */ + odp_atomic_u32_t hdr_id; + + uint8_t ttl; + uint8_t dscp; + uint8_t df; + } tun_ipv4; + struct { + uint8_t src_ip[_ODP_IPV6ADDR_LEN]; + uint8_t dst_ip[_ODP_IPV6ADDR_LEN]; + uint8_t hlimit; + uint8_t dscp; + uint32_t flabel; + } tun_ipv6; + }; } out; }; }; @@ -171,7 +190,8 @@ typedef struct odp_ipsec_sa_lookup_s { /** SPI value */ uint32_t spi; - /* FIXME: IPv4 vs IPv6 */ + /** IP protocol version */ + odp_ipsec_ip_version_t ver; /** IP destination address (NETWORK ENDIAN) */ void *dst_addr; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6ce5bc781..ae2fa10a4 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -125,6 +125,8 @@ static inline int _odp_ipv4_csum(odp_packet_t pkt, #define _ODP_IPV4HDR_CSUM_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, chksum) #define _ODP_IPV4HDR_PROTO_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, proto) +#define _ODP_IPV6HDR_NHDR_OFFSET ODP_OFFSETOF(_odp_ipv6hdr_t, next_hdr) +#define _ODP_IPV6HDREXT_NHDR_OFFSET ODP_OFFSETOF(_odp_ipv6hdr_ext_t, next_hdr) /** * Calculate and fill in IPv4 checksum @@ -159,11 +161,6 @@ static inline int _odp_ipv4_csum_update(odp_packet_t pkt) } #define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL((ip)->ver_ihl) * 4) -static inline -void ipv4_adjust_len(_odp_ipv4hdr_t *ip, int adj) -{ - ip->tot_len = odp_cpu_to_be_16(odp_be_to_cpu_16(ip->tot_len) + adj); -} static const uint8_t ipsec_padding[255] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -219,13 +216,17 @@ static inline odp_pktio_parser_layer_t parse_layer(odp_ipsec_proto_layer_t l) } typedef struct { - _odp_ipv4hdr_t *ip; + void *ip; unsigned stats_length; uint16_t ip_offset; uint16_t ip_hdr_len; uint16_t ip_tot_len; + uint16_t ip_next_hdr_offset; + uint8_t ip_next_hdr; + unsigned is_ipv4 : 1; union { struct { + uint32_t ip_flabel; uint16_t ip_df; uint8_t ip_tos; } out_tunnel; @@ -233,25 +234,76 @@ typedef struct { uint16_t hdr_len; uint16_t trl_len; } in; + odp_u32be_t ipv4_addr; + uint8_t ipv6_addr[_ODP_IPV6ADDR_LEN]; }; union { struct { uint8_t tos; uint8_t ttl; - uint16_t frag_offset; + odp_u16be_t frag_offset; } ah_ipv4; + struct { + odp_u32be_t ver_tc_flow; + uint8_t hop_limit; + } ah_ipv6; }; ipsec_aad_t aad; uint8_t iv[IPSEC_MAX_IV_LEN]; } ipsec_state_t; -static int ipsec_parse_ipv4(ipsec_state_t *state) +static int ipsec_parse_ipv4(ipsec_state_t *state, odp_packet_t pkt) { - if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(state->ip->frag_offset))) + _odp_ipv4hdr_t ipv4hdr; + + odp_packet_copy_to_mem(pkt, state->ip_offset, + _ODP_IPV4HDR_LEN, &ipv4hdr); + + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ipv4hdr.frag_offset))) return -1; - state->ip_hdr_len = ipv4_hdr_len(state->ip); - state->ip_tot_len = odp_be_to_cpu_16(state->ip->tot_len); + state->ip_hdr_len = ipv4_hdr_len(&ipv4hdr); + state->ip_tot_len = odp_be_to_cpu_16(ipv4hdr.tot_len); + state->ip_next_hdr = ipv4hdr.proto; + state->ip_next_hdr_offset = state->ip_offset + + _ODP_IPV4HDR_PROTO_OFFSET; + state->ipv4_addr = ipv4hdr.dst_addr; + + return 0; +} + +static int ipsec_parse_ipv6(ipsec_state_t *state, odp_packet_t pkt) +{ + _odp_ipv6hdr_t ipv6hdr; + _odp_ipv6hdr_ext_t ipv6hdrext; + + odp_packet_copy_to_mem(pkt, state->ip_offset, + _ODP_IPV6HDR_LEN, &ipv6hdr); + + state->ip_hdr_len = _ODP_IPV6HDR_LEN; + state->ip_next_hdr = ipv6hdr.next_hdr; + state->ip_next_hdr_offset = state->ip_offset + _ODP_IPV6HDR_NHDR_OFFSET; + /* FIXME: Jumbo frames */ + state->ip_tot_len = odp_be_to_cpu_16(ipv6hdr.payload_len) + + _ODP_IPV6HDR_LEN; + memcpy(state->ipv6_addr, &ipv6hdr.dst_addr, _ODP_IPV6ADDR_LEN); + + while (state->ip_next_hdr == _ODP_IPPROTO_HOPOPTS || + state->ip_next_hdr == _ODP_IPPROTO_DEST || + state->ip_next_hdr == _ODP_IPPROTO_ROUTE) { + odp_packet_copy_to_mem(pkt, + state->ip_offset + state->ip_hdr_len, + sizeof(ipv6hdrext), + &ipv6hdrext); + state->ip_next_hdr = ipv6hdrext.next_hdr; + state->ip_next_hdr_offset = state->ip_offset + + state->ip_hdr_len + + _ODP_IPV6HDREXT_NHDR_OFFSET; + state->ip_hdr_len += (ipv6hdrext.ext_len + 1) * 8; + } + + if (_ODP_IPPROTO_FRAG == state->ip_next_hdr) + return -1; return 0; } @@ -259,6 +311,7 @@ static int ipsec_parse_ipv4(ipsec_state_t *state) static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, odp_ipsec_protocol_t proto, uint32_t spi, + odp_ipsec_ip_version_t ver, void *dst_addr, odp_ipsec_op_status_t *status) { @@ -269,6 +322,7 @@ static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, lookup.proto = proto; lookup.spi = spi; + lookup.ver = ver; lookup.dst_addr = dst_addr; ipsec_sa = _odp_ipsec_sa_lookup(&lookup); @@ -332,7 +386,9 @@ static int ipsec_in_esp(odp_packet_t *pkt, ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_ESP, odp_be_to_cpu_32(esp.spi), - &state->ip->dst_addr, status); + state->is_ipv4 ? ODP_IPSEC_IPV4 : + ODP_IPSEC_IPV6, + &state->ipv4_addr, status); *_ipsec_sa = ipsec_sa; if (status->error.all) return -1; @@ -386,8 +442,10 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; - state->ip->proto = esptrl.next_header; + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, + 1, &esptrl.next_header); state->in.trl_len += esptrl.pad_len; + state->ip_next_hdr = esptrl.next_header; return 0; } @@ -413,7 +471,9 @@ static int ipsec_in_ah(odp_packet_t *pkt, ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_AH, odp_be_to_cpu_32(ah.spi), - &state->ip->dst_addr, status); + state->is_ipv4 ? ODP_IPSEC_IPV4 : + ODP_IPSEC_IPV6, + &state->ipv4_addr, status); *_ipsec_sa = ipsec_sa; if (status->error.all) return -1; @@ -429,19 +489,31 @@ static int ipsec_in_ah(odp_packet_t *pkt, state->in.hdr_len = (ah.ah_len + 2) * 4; state->in.trl_len = 0; - /* Save everything to context */ - state->ah_ipv4.tos = state->ip->tos; - state->ah_ipv4.frag_offset = state->ip->frag_offset; - state->ah_ipv4.ttl = state->ip->ttl; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + /* Save everything to context */ + state->ah_ipv4.tos = ipv4hdr->tos; + state->ah_ipv4.frag_offset = ipv4hdr->frag_offset; + state->ah_ipv4.ttl = ipv4hdr->ttl; + + /* FIXME: zero copy of header, passing it to crypto! */ + /* + * If authenticating, zero the mutable fields build the request + */ + ipv4hdr->chksum = 0; + ipv4hdr->tos = 0; + ipv4hdr->frag_offset = 0; + ipv4hdr->ttl = 0; + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; - /* FIXME: zero copy of header, passing it to crypto! */ - /* - * If authenticating, zero the mutable fields build the request - */ - state->ip->chksum = 0; - state->ip->tos = 0; - state->ip->frag_offset = 0; - state->ip->ttl = 0; + state->ah_ipv6.ver_tc_flow = ipv6hdr->ver_tc_flow; + state->ah_ipv6.hop_limit = ipv6hdr->hop_limit; + ipv6hdr->ver_tc_flow = + odp_cpu_to_be_32(6 << _ODP_IPV6HDR_VERSION_SHIFT); + ipv6hdr->hop_limit = 0; + } state->aad.spi = ah.spi; state->aad.seq_no = ah.seq_no; @@ -470,12 +542,23 @@ static int ipsec_in_ah_post(odp_packet_t pkt, sizeof(ah), &ah) < 0) return -1; - state->ip->proto = ah.next_header; + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, + 1, &ah.next_header); /* Restore mutable fields */ - state->ip->ttl = state->ah_ipv4.ttl; - state->ip->tos = state->ah_ipv4.tos; - state->ip->frag_offset = state->ah_ipv4.frag_offset; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + ipv4hdr->ttl = state->ah_ipv4.ttl; + ipv4hdr->tos = state->ah_ipv4.tos; + ipv4hdr->frag_offset = state->ah_ipv4.frag_offset; + } else { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv6hdr->ver_tc_flow = state->ah_ipv6.ver_tc_flow; + ipv6hdr->hop_limit = state->ah_ipv6.hop_limit; + } + state->ip_next_hdr = ah.next_header; return 0; } @@ -501,7 +584,17 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); - rc = ipsec_parse_ipv4(&state); + /* + * FIXME: maybe use packet flag as below ??? + * This adds requirement that input packets contain not only valid + * l3/l4 offsets, but also valid packet flags + * state.is_ipv4 = odp_packet_has_ipv4(pkt); + */ + state.is_ipv4 = (((uint8_t *)state.ip)[0] >> 4) == 0x4; + if (state.is_ipv4) + rc = ipsec_parse_ipv4(&state, pkt); + else + rc = ipsec_parse_ipv6(&state, pkt); if (rc < 0 || state.ip_tot_len + state.ip_offset > odp_packet_len(pkt)) { status->error.alg = 1; @@ -509,9 +602,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, } /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == state.ip->proto) { + if (_ODP_IPPROTO_ESP == state.ip_next_hdr) { rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); - } else if (_ODP_IPPROTO_AH == state.ip->proto) { + } else if (_ODP_IPPROTO_AH == state.ip_next_hdr) { rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else { status->error.proto = 1; @@ -587,6 +680,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } + state.ip_tot_len -= state.in.trl_len; if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { /* We have a tunneled IPv4 packet, strip outer and IPsec @@ -600,11 +694,14 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } - - if (odp_packet_len(pkt) > sizeof(*state.ip)) { - state.ip = odp_packet_l3_ptr(pkt, NULL); - state.ip->ttl -= ipsec_sa->dec_ttl; - _odp_ipv4_csum_update(pkt); + state.ip_tot_len -= state.ip_hdr_len + state.in.hdr_len; + if (_ODP_IPPROTO_IPIP == state.ip_next_hdr) { + state.is_ipv4 = 1; + } else if (_ODP_IPPROTO_IPV6 == state.ip_next_hdr) { + state.is_ipv4 = 0; + } else { + status->error.proto = 1; + goto err; } } else { odp_packet_move_data(pkt, state.in.hdr_len, 0, @@ -614,13 +711,30 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } + state.ip_tot_len -= state.in.hdr_len; + } - if (odp_packet_len(pkt) > sizeof(*state.ip)) { - state.ip = odp_packet_l3_ptr(pkt, NULL); - ipv4_adjust_len(state.ip, - -(state.in.hdr_len + state.in.trl_len)); - _odp_ipv4_csum_update(pkt); - } + /* Finalize the IPv4 header */ + if (state.is_ipv4 && odp_packet_len(pkt) > _ODP_IPV4HDR_LEN) { + _odp_ipv4hdr_t *ipv4hdr = odp_packet_l3_ptr(pkt, NULL); + + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) + ipv4hdr->tot_len = odp_cpu_to_be_16(state.ip_tot_len); + else + ipv4hdr->ttl -= ipsec_sa->dec_ttl; + _odp_ipv4_csum_update(pkt); + } else if (!state.is_ipv4 && odp_packet_len(pkt) > _ODP_IPV6HDR_LEN) { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) + ipv6hdr->payload_len = + odp_cpu_to_be_16(state.ip_tot_len - + _ODP_IPV6HDR_LEN); + else + ipv6hdr->hop_limit -= ipsec_sa->dec_ttl; + } else { + status->error.proto = 1; + goto err; } pkt_hdr = odp_packet_hdr(pkt); @@ -628,7 +742,10 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, packet_parse_reset(pkt_hdr); packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - state.ip_offset, _ODP_ETHTYPE_IPV4); + state.ip_offset, + state.is_ipv4 ? + _ODP_ETHTYPE_IPV4 : + _ODP_ETHTYPE_IPV6); *pkt_out = pkt; @@ -662,6 +779,24 @@ static int ipsec_out_tunnel_parse_ipv4(ipsec_state_t *state, ipv4hdr->ttl -= ipsec_sa->dec_ttl; state->out_tunnel.ip_tos = ipv4hdr->tos; state->out_tunnel.ip_df = _ODP_IPV4HDR_FLAGS_DONT_FRAG(flags); + state->out_tunnel.ip_flabel = 0; + + return 0; +} + +static int ipsec_out_tunnel_parse_ipv6(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + ipv6hdr->hop_limit -= ipsec_sa->dec_ttl; + state->out_tunnel.ip_tos = (ipv6hdr->ver_tc_flow & + _ODP_IPV6HDR_TC_MASK) >> + _ODP_IPV6HDR_TC_SHIFT; + state->out_tunnel.ip_df = 0; + state->out_tunnel.ip_flabel = (ipv6hdr->ver_tc_flow & + _ODP_IPV6HDR_FLOW_LABEL_MASK) >> + _ODP_IPV6HDR_FLOW_LABEL_SHIFT; return 0; } @@ -679,26 +814,25 @@ static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, else out_ip.tos = (state->out_tunnel.ip_tos & ~_ODP_IP_TOS_DSCP_MASK) | - (ipsec_sa->out.tun_dscp << + (ipsec_sa->out.tun_ipv4.dscp << _ODP_IP_TOS_DSCP_SHIFT); state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; state->ip_tot_len += _ODP_IPV4HDR_LEN; out_ip.tot_len = odp_cpu_to_be_16(state->ip_tot_len); /* No need to convert to BE: ID just should not be duplicated */ - out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, + out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_ipv4.hdr_id, 1); if (ipsec_sa->copy_df) flags = state->out_tunnel.ip_df; else - flags = ((uint16_t)ipsec_sa->out.tun_df) << 14; + flags = ((uint16_t)ipsec_sa->out.tun_ipv4.df) << 14; out_ip.frag_offset = odp_cpu_to_be_16(flags); - out_ip.ttl = ipsec_sa->out.tun_ttl; - out_ip.proto = _ODP_IPPROTO_IPIP; + out_ip.ttl = ipsec_sa->out.tun_ipv4.ttl; /* Will be filled later by packet checksum update */ out_ip.chksum = 0; - out_ip.src_addr = ipsec_sa->out.tun_src_ip; - out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; + out_ip.src_addr = ipsec_sa->out.tun_ipv4.src_ip; + out_ip.dst_addr = ipsec_sa->out.tun_ipv4.dst_ip; if (odp_packet_extend_head(pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) @@ -713,6 +847,70 @@ static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, state->ip = odp_packet_l3_ptr(*pkt, NULL); state->ip_hdr_len = _ODP_IPV4HDR_LEN; + if (state->is_ipv4) + state->ip_next_hdr = _ODP_IPPROTO_IPIP; + else + state->ip_next_hdr = _ODP_IPPROTO_IPV6; + state->ip_next_hdr_offset = state->ip_offset + + _ODP_IPV4HDR_PROTO_OFFSET; + + state->is_ipv4 = 1; + + return 0; +} + +static int ipsec_out_tunnel_ipv6(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv6hdr_t out_ip; + uint32_t ver; + + ver = 6 << _ODP_IPV6HDR_VERSION_SHIFT; + if (ipsec_sa->copy_dscp) + ver |= state->out_tunnel.ip_tos << _ODP_IPV6HDR_TC_SHIFT; + else + ver |= ((state->out_tunnel.ip_tos & + ~_ODP_IP_TOS_DSCP_MASK) | + (ipsec_sa->out.tun_ipv6.dscp << + _ODP_IP_TOS_DSCP_SHIFT)) << + _ODP_IPV6HDR_TC_SHIFT; + if (ipsec_sa->copy_flabel) + ver |= state->out_tunnel.ip_flabel; + else + ver |= ipsec_sa->out.tun_ipv6.flabel; + out_ip.ver_tc_flow = odp_cpu_to_be_32(ver); + + state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; + out_ip.payload_len = odp_cpu_to_be_16(state->ip_tot_len); + state->ip_tot_len += _ODP_IPV6HDR_LEN; + + out_ip.hop_limit = ipsec_sa->out.tun_ipv6.hlimit; + memcpy(&out_ip.src_addr, ipsec_sa->out.tun_ipv6.src_ip, + _ODP_IPV6ADDR_LEN); + memcpy(&out_ip.dst_addr, ipsec_sa->out.tun_ipv6.dst_ip, + _ODP_IPV6ADDR_LEN); + + if (odp_packet_extend_head(pkt, _ODP_IPV6HDR_LEN, + NULL, NULL) < 0) + return -1; + + odp_packet_move_data(*pkt, 0, _ODP_IPV6HDR_LEN, state->ip_offset); + + odp_packet_copy_from_mem(*pkt, state->ip_offset, + sizeof(out_ip), &out_ip); + + odp_packet_l4_offset_set(*pkt, state->ip_offset + _ODP_IPV6HDR_LEN); + + state->ip = odp_packet_l3_ptr(*pkt, NULL); + state->ip_hdr_len = _ODP_IPV6HDR_LEN; + if (state->is_ipv4) + state->ip_next_hdr = _ODP_IPPROTO_IPIP; + else + state->ip_next_hdr = _ODP_IPPROTO_IPV6; + state->ip_next_hdr_offset = state->ip_offset + _ODP_IPV6HDR_NHDR_OFFSET; + + state->is_ipv4 = 0; return 0; } @@ -770,6 +968,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; unsigned hdr_len; unsigned trl_len; + uint8_t proto = _ODP_IPPROTO_ESP; /* ESP trailer should be 32-bit right aligned */ if (pad_block < 4) @@ -790,6 +989,32 @@ static int ipsec_out_esp(odp_packet_t *pkt, param->override_iv_ptr = state->iv; + memset(&esp, 0, sizeof(esp)); + esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); + esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; + + param->aad.ptr = (uint8_t *)&state->aad; + + memset(&esptrl, 0, sizeof(esptrl)); + esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; + esptrl.next_header = state->ip_next_hdr; + + odp_packet_copy_from_mem(*pkt, state->ip_next_hdr_offset, 1, &proto); + state->ip_tot_len += hdr_len + trl_len; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + ipv4hdr->tot_len = odp_cpu_to_be_16(state->ip_tot_len); + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + ipv6hdr->payload_len = odp_cpu_to_be_16(state->ip_tot_len - + _ODP_IPV6HDR_LEN); + } + if (odp_packet_extend_tail(pkt, trl_len, NULL, NULL) < 0 || odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; @@ -798,32 +1023,12 @@ static int ipsec_out_esp(odp_packet_t *pkt, odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - state->ip = odp_packet_l3_ptr(*pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(state->ip, hdr_len + trl_len); - state->ip_tot_len += hdr_len + trl_len; - uint32_t esptrl_offset = state->ip_offset + state->ip_hdr_len + hdr_len + encrypt_len - _ODP_ESPTRL_LEN; - memset(&esp, 0, sizeof(esp)); - esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); - esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; - - memset(&esptrl, 0, sizeof(esptrl)); - esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; - esptrl.next_header = state->ip->proto; - state->ip->proto = _ODP_IPPROTO_ESP; - odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); @@ -857,6 +1062,12 @@ static int ipsec_out_esp(odp_packet_t *pkt, return 0; } +static void ipsec_out_esp_post(ipsec_state_t *state, odp_packet_t pkt) +{ + if (state->is_ipv4) + _odp_ipv4_csum_update(pkt); +} + static int ipsec_out_ah(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, @@ -867,31 +1078,44 @@ static int ipsec_out_ah(odp_packet_t *pkt, unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + ipsec_sa->icv_len; uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; - - /* Save IPv4 stuff */ - state->ah_ipv4.tos = state->ip->tos; - state->ah_ipv4.frag_offset = state->ip->frag_offset; - state->ah_ipv4.ttl = state->ip->ttl; - - if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - return -1; - } - - odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - - state->ip = odp_packet_l3_ptr(*pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(state->ip, hdr_len); - state->ip_tot_len += hdr_len; + uint8_t proto = _ODP_IPPROTO_AH; memset(&ah, 0, sizeof(ah)); ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); - ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - ah.next_header = state->ip->proto; - state->ip->proto = _ODP_IPPROTO_AH; + ah.next_header = state->ip_next_hdr; + + odp_packet_copy_from_mem(*pkt, state->ip_next_hdr_offset, 1, &proto); + /* Save IP stuff */ + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + state->ah_ipv4.tos = ipv4hdr->tos; + state->ah_ipv4.frag_offset = ipv4hdr->frag_offset; + state->ah_ipv4.ttl = ipv4hdr->ttl; + ipv4hdr->chksum = 0; + ipv4hdr->tos = 0; + ipv4hdr->frag_offset = 0; + ipv4hdr->ttl = 0; + hdr_len = IPSEC_PAD_LEN(hdr_len, 4); + state->ip_tot_len += hdr_len; + ipv4hdr->tot_len = odp_cpu_to_be_16(state->ip_tot_len); + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + state->ah_ipv6.ver_tc_flow = ipv6hdr->ver_tc_flow; + state->ah_ipv6.hop_limit = ipv6hdr->hop_limit; + ipv6hdr->ver_tc_flow = + odp_cpu_to_be_32(6 << _ODP_IPV6HDR_VERSION_SHIFT); + ipv6hdr->hop_limit = 0; + + hdr_len = IPSEC_PAD_LEN(hdr_len, 8); + state->ip_tot_len += hdr_len; + ipv6hdr->payload_len = odp_cpu_to_be_16(state->ip_tot_len - + _ODP_IPV6HDR_LEN); + } + + ah.ah_len = hdr_len / 4 - 2; state->aad.spi = ah.spi; state->aad.seq_no = ah.seq_no; @@ -906,6 +1130,13 @@ static int ipsec_out_ah(odp_packet_t *pkt, param->override_iv_ptr = state->iv; + if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } + + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_AHHDR_LEN, &ah); @@ -916,12 +1147,8 @@ static int ipsec_out_ah(odp_packet_t *pkt, _odp_packet_set_data(*pkt, ipsec_offset + _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len, - 0, ipsec_sa->icv_len); - - state->ip->chksum = 0; - state->ip->tos = 0; - state->ip->frag_offset = 0; - state->ip->ttl = 0; + 0, + hdr_len - _ODP_AHHDR_LEN - ipsec_sa->esp_iv_len); param->auth_range.offset = state->ip_offset; param->auth_range.length = state->ip_tot_len; @@ -933,11 +1160,22 @@ static int ipsec_out_ah(odp_packet_t *pkt, return 0; } -static void ipsec_out_ah_post(ipsec_state_t *state) +static void ipsec_out_ah_post(ipsec_state_t *state, odp_packet_t pkt) { - state->ip->ttl = state->ah_ipv4.ttl; - state->ip->tos = state->ah_ipv4.tos; - state->ip->frag_offset = state->ah_ipv4.frag_offset; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv4hdr->ttl = state->ah_ipv4.ttl; + ipv4hdr->tos = state->ah_ipv4.tos; + ipv4hdr->frag_offset = state->ah_ipv4.frag_offset; + + _odp_ipv4_csum_update(pkt); + } else { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv6hdr->ver_tc_flow = state->ah_ipv6.ver_tc_flow; + ipv6hdr->hop_limit = state->ah_ipv6.hop_limit; + } } static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, @@ -965,18 +1203,30 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); + state.is_ipv4 = (((uint8_t *)state.ip)[0] >> 4) == 0x4; + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) { - rc = ipsec_parse_ipv4(&state); + if (state.is_ipv4) + rc = ipsec_parse_ipv4(&state, pkt); + else + rc = ipsec_parse_ipv6(&state, pkt); + if (state.ip_tot_len + state.ip_offset != odp_packet_len(pkt)) rc = -1; } else { - rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + if (state.is_ipv4) + rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + else + rc = ipsec_out_tunnel_parse_ipv6(&state, ipsec_sa); if (rc < 0) { status->error.alg = 1; goto err; } - rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + if (ipsec_sa->tun_ipv4) + rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + else + rc = ipsec_out_tunnel_ipv6(&pkt, &state, ipsec_sa); } if (rc < 0) { status->error.alg = 1; @@ -1033,8 +1283,10 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, } /* Finalize the IPv4 header */ - if (ODP_IPSEC_AH == ipsec_sa->proto) - ipsec_out_ah_post(&state); + if (ODP_IPSEC_ESP == ipsec_sa->proto) + ipsec_out_esp_post(&state, pkt); + else if (ODP_IPSEC_AH == ipsec_sa->proto) + ipsec_out_ah_post(&state, pkt); _odp_ipv4_csum_update(pkt); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 0287d6f73..812ad0c46 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -211,10 +211,18 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; - if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) - memcpy(&ipsec_sa->in.lookup_dst_ip, - param->inbound.lookup_param.dst_addr, - sizeof(ipsec_sa->in.lookup_dst_ip)); + if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) { + ipsec_sa->in.lookup_ver = + param->inbound.lookup_param.ip_version; + if (ODP_IPSEC_IPV4 == ipsec_sa->in.lookup_ver) + memcpy(&ipsec_sa->in.lookup_dst_ipv4, + param->inbound.lookup_param.dst_addr, + sizeof(ipsec_sa->in.lookup_dst_ipv4)); + else + memcpy(&ipsec_sa->in.lookup_dst_ipv6, + param->inbound.lookup_param.dst_addr, + sizeof(ipsec_sa->in.lookup_dst_ipv6)); + } if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) return ODP_IPSEC_SA_INVALID; @@ -226,6 +234,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->dec_ttl = param->opt.dec_ttl; ipsec_sa->copy_dscp = param->opt.copy_dscp; ipsec_sa->copy_df = param->opt.copy_df; + ipsec_sa->copy_flabel = param->opt.copy_flabel; odp_atomic_store_u64(&ipsec_sa->bytes, 0); odp_atomic_store_u64(&ipsec_sa->packets, 0); @@ -236,19 +245,36 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode && ODP_IPSEC_DIR_OUTBOUND == param->dir) { - if (param->outbound.tunnel.type != ODP_IPSEC_TUNNEL_IPV4) - goto error; - - memcpy(&ipsec_sa->out.tun_src_ip, - param->outbound.tunnel.ipv4.src_addr, - sizeof(ipsec_sa->out.tun_src_ip)); - memcpy(&ipsec_sa->out.tun_dst_ip, - param->outbound.tunnel.ipv4.dst_addr, - sizeof(ipsec_sa->out.tun_dst_ip)); - odp_atomic_init_u32(&ipsec_sa->out.tun_hdr_id, 0); - ipsec_sa->out.tun_ttl = param->outbound.tunnel.ipv4.ttl; - ipsec_sa->out.tun_dscp = param->outbound.tunnel.ipv4.dscp; - ipsec_sa->out.tun_df = param->outbound.tunnel.ipv4.df; + if (ODP_IPSEC_TUNNEL_IPV4 == param->outbound.tunnel.type) { + ipsec_sa->tun_ipv4 = 1; + memcpy(&ipsec_sa->out.tun_ipv4.src_ip, + param->outbound.tunnel.ipv4.src_addr, + sizeof(ipsec_sa->out.tun_ipv4.src_ip)); + memcpy(&ipsec_sa->out.tun_ipv4.dst_ip, + param->outbound.tunnel.ipv4.dst_addr, + sizeof(ipsec_sa->out.tun_ipv4.dst_ip)); + odp_atomic_init_u32(&ipsec_sa->out.tun_ipv4.hdr_id, 0); + ipsec_sa->out.tun_ipv4.ttl = + param->outbound.tunnel.ipv4.ttl; + ipsec_sa->out.tun_ipv4.dscp = + param->outbound.tunnel.ipv4.dscp; + ipsec_sa->out.tun_ipv4.df = + param->outbound.tunnel.ipv4.df; + } else { + ipsec_sa->tun_ipv4 = 0; + memcpy(&ipsec_sa->out.tun_ipv6.src_ip, + param->outbound.tunnel.ipv6.src_addr, + sizeof(ipsec_sa->out.tun_ipv6.src_ip)); + memcpy(&ipsec_sa->out.tun_ipv6.dst_ip, + param->outbound.tunnel.ipv6.dst_addr, + sizeof(ipsec_sa->out.tun_ipv6.dst_ip)); + ipsec_sa->out.tun_ipv6.hlimit = + param->outbound.tunnel.ipv6.hlimit; + ipsec_sa->out.tun_ipv6.dscp = + param->outbound.tunnel.ipv6.dscp; + ipsec_sa->out.tun_ipv6.flabel = + param->outbound.tunnel.ipv6.flabel; + } } odp_crypto_session_param_init(&crypto_param); @@ -485,8 +511,11 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode && lookup->proto == ipsec_sa->proto && lookup->spi == ipsec_sa->spi && - !memcmp(lookup->dst_addr, &ipsec_sa->in.lookup_dst_ip, - sizeof(ipsec_sa->in.lookup_dst_ip))) { + lookup->ver == ipsec_sa->in.lookup_ver && + !memcmp(lookup->dst_addr, &ipsec_sa->in.lookup_dst_ipv4, + lookup->ver == ODP_IPSEC_IPV4 ? + _ODP_IPV4ADDR_LEN : + _ODP_IPV6ADDR_LEN)) { if (NULL != best) _odp_ipsec_sa_unuse(best); return ipsec_sa; From patchwork Thu Nov 30 12:00:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120159 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp590392qgn; Thu, 30 Nov 2017 04:16:59 -0800 (PST) X-Google-Smtp-Source: AGs4zMbuHgciLHjccKFeluSyai7XrFL/fN5oXLEv/hS3xO1h1VwRn7Xlvuxj2A9sncXl/hDi7E25 X-Received: by 10.233.235.81 with SMTP id b78mr2129166qkg.288.1512044219813; Thu, 30 Nov 2017 04:16:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044219; cv=none; d=google.com; s=arc-20160816; b=WV5SSZmpwqouArjuSFNHnwC3yDCRhQkkISjRDMe4eEwTt0JDjX+oov6XOaBDBBkGSG bPsI1dDiFMQxBk76jKCHiSiNnQNGUTvW02Rec5dejhTkglSr3UpKkwfc2m7oAkuu6d+P TTY/yGDYTFaODT9n4YeWptf62BuikI/zHpv0x5tNyiokh+fFvoWV7vFd8bQ44+qz+roj fUvMoAsJgME4ltIEBGqSolH4SYCqcKEog/pVUa0Y+jHAv+Uh8PZQBlBRwhKWV/X2HgUT spzHek9i34tT54AxymlriVo3HPgDTFJWr/g7+YWp9q5ef8m6/v5GV/4UbgUWQR0Gq35Z VMsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=zpyEaHbZTIADjbdHRleTPs0OoGZZBOsJQfU05A7Id9U=; b=YH7dwnfU8unWAiyMUUDva0A34vpNZgMs4y/+Kl/G2IvSQqYi8eLr8HUQ339e15Rjdn EMTt1Oa2+GtN0fjZhF99OARetNPK212t5HpeLcafJRCNxFHps4zVjb6UIhETnJqp18b9 0AIKeYd3PSix8be0QI7yg7P6w29f595o9FpmprimnsU7EPkpxtHNwvumil/MrYmv7SfP rQtjhMDYVK3b7mFNFvt7UL6S6t0PI7Askfe3pUEZ15ZLZZDqpT/vBV2BMYemor5xFa8o S6yjmwvOUnJMN9kO7jQNszjIb1LYi5uM2fIGGhXFIyoHZnL0fVWfZ5xAZbxRVbB5/FT8 gWhg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id g82si500559qke.10.2017.11.30.04.16.59; Thu, 30 Nov 2017 04:16:59 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 752BC6098E; Thu, 30 Nov 2017 12:16:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 6DB3A609B1; Thu, 30 Nov 2017 12:03:28 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3703660959; Thu, 30 Nov 2017 12:02:28 +0000 (UTC) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248]) by lists.linaro.org (Postfix) with ESMTPS id E28DD60905 for ; Thu, 30 Nov 2017 12:00:38 +0000 (UTC) Received: from mxback5o.mail.yandex.net (mxback5o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1f]) by forward105j.mail.yandex.net (Yandex) with ESMTP id 93435182037 for ; Thu, 30 Nov 2017 15:00:36 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback5o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id E8iok1Y8Gk-0Tma3BJE; Thu, 30 Nov 2017 15:00:30 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0S2WMcJa; Thu, 30 Nov 2017 15:00:28 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:12 +0300 Message-Id: <1512043220-8803-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 7/15] validation: ipsec: add tests for IPv6 functionality X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ test/validation/api/ipsec/ipsec_test_in.c | 262 +++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 331 +++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 443 +++++++++++++++++++++++++++++ 3 files changed, 1036 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 5af98112a..15e1fe14f 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -71,6 +71,37 @@ static void test_in_ipv4_ah_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_ah_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_tun_ipv4_notun(void) { odp_ipsec_sa_param_t param; @@ -314,6 +345,37 @@ static void test_in_ipv4_esp_null_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_esp_null_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; @@ -1071,6 +1133,190 @@ static void test_in_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_in_ipv6_ah_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_ah_sha256_tun_ipv4(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_ah_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256_tun_ipv4(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -1106,6 +1352,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4_notun, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256, @@ -1122,6 +1370,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, @@ -1148,5 +1398,17 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256_tun_ipv4, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv4, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 757b90059..f4e71dced 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -83,6 +83,50 @@ static void test_out_ipv4_ah_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_ah_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; @@ -152,6 +196,51 @@ static void test_out_ipv4_esp_null_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_esp_null_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; @@ -380,6 +469,232 @@ static void test_out_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_out_ipv6_ah_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_ah_sha256_tun_ipv4(void) +{ + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV4, + .ipv4.src_addr = &src, + .ipv4.dst_addr = &dst, + .ipv4.ttl = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_ah_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256_tun_ipv4(void) +{ + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV4, + .ipv4.src_addr = &src, + .ipv4.dst_addr = &dst, + .ipv4.ttl = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = &src, + .ipv6.dst_addr = &dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -393,10 +708,14 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, @@ -409,5 +728,17 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv4, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv4, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index c057f7765..211f349d0 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -204,6 +204,54 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1 = { + .len = 214, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x33, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* AH */ + 0x04, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x2b, 0x45, 0xbe, 0xd2, 0x9c, 0x9c, 0x3e, 0x0d, + 0xe0, 0x32, 0xaf, 0xa0, 0x2d, 0x26, 0xe1, 0x91, + 0x00, 0x00, 0x00, 0x00, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad1 = { .len = 168, .l2_offset = 0, @@ -418,6 +466,57 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1 = { + .len = 210, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x9c, 0x32, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x04, + + /* ICV */ + 0x73, 0x8d, 0xf6, 0x9a, 0x26, 0x06, 0x4d, 0xa1, + 0x88, 0x37, 0x65, 0xab, 0x0d, 0xe9, 0x95, 0x3b, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, @@ -717,6 +816,350 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0_ah_sha256_1 = { + .len = 202, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x94, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x33, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* AH */ + 0x3a, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0xd9, 0x14, 0x87, 0x27, 0x20, 0x1a, 0xc2, 0x66, + 0xc1, 0xca, 0x99, 0x2b, 0x8a, 0xae, 0x2f, 0x27, + 0x00, 0x00, 0x00, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1 = { + .len = 218, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xcc, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0x18, 0xfb, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* AH */ + 0x29, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x7f, 0xde, 0x8a, 0x48, 0xc5, 0xc5, 0xfa, 0x52, + 0xb8, 0xf6, 0xc2, 0xe3, 0x8f, 0x10, 0xb2, 0x47, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1 = { + .len = 242, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xbc, 0x33, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* AH */ + 0x29, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x62, 0x96, 0x2b, 0x40, 0x3e, 0x53, 0x76, 0x4a, + 0x4d, 0x7f, 0xf6, 0x22, 0x35, 0x3c, 0x74, 0xe2, + 0x00, 0x00, 0x00, 0x00, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0_esp_null_sha256_1 = { + .len = 198, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x32, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x3a, + + /* ICV */ + 0x20, 0xa6, 0x89, 0x7b, 0x0a, 0x52, 0x5b, 0xca, + 0x98, 0x56, 0xd1, 0xfe, 0x56, 0xc7, 0xa4, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1 = { + .len = 218, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xcc, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0x18, 0xfc, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x29, + + /* ICV */ + 0xd0, 0x96, 0x6e, 0xda, 0xc5, 0x08, 0xcc, 0x0e, + 0xd1, 0x22, 0xa5, 0xed, 0x13, 0x07, 0xd9, 0xcd, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1 = { + .len = 238, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xb8, 0x32, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x29, + + /* ICV */ + 0xd0, 0x96, 0x6e, 0xda, 0xc5, 0x08, 0xcc, 0x0e, + 0xd1, 0x22, 0xa5, 0xed, 0x13, 0x07, 0xd9, 0xcd, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = { .len = 98, .l2_offset = 0, From patchwork Thu Nov 30 12:00:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120160 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp592590qgn; Thu, 30 Nov 2017 04:19:07 -0800 (PST) X-Google-Smtp-Source: AGs4zMa44gPueM4Q+c+siAOUrud3oNp3xDudK+5ugj80utw/LXY7z5RhZ8c/BDXDhSeLp8Mxd/GL X-Received: by 10.157.55.199 with SMTP id x65mr5078653otb.136.1512044347767; Thu, 30 Nov 2017 04:19:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044347; cv=none; d=google.com; s=arc-20160816; b=OXHJgkgyKZUEi+IBejdZZkIFJ4OJiwshn6NLuCujMEux0zTVTFy8P9V9qHPPgpH65W 31u6RzOZJRRhyc1qF2vkgZFhe6nfoB+oOR2rgtIElMg82pI1OnHveWwAsWydt6EaPTk6 bqZnnvPPiLRPSBl7NK1r7j+W3JopUy7X7k6Y7JXlqWvxfXzceWV1kXBXAd+lYH2OtZ20 8dpK233cxiNiDTcjpPDya2pq9Ff998duauOIMGucHz8H07zYfUAzk656xe4qIF77cXQH PTc4iudv9H5QwtHfPWnJG+sBn64InrjN2jq6zGioOJlKJDPvWma+aGSigiDumbKE7IvI JA+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=DjlsONlLa33cI6BjzTy7WJ+SqfDc/X4NyTAo9g75hCQ=; b=DqskF6Vdc7Vk8rPgZXFjOjXo/WbL62Br2G1s8Du6CNUyB9D9rJBkoKTRbPFWsWFa5w xVzVjgytZ2qzeHmyL5S9Y9a/qNuuBmWw5kLaCxAE9PFY6K3TOyM+ivKU1em4wL+axUMw 8GDWtk468NtgtmCOuVY2FTtUQqjXO8o/x+3lrf9C+SBKFhaQkFFgC7MuWmd3a/s9P3yt 12MMVzP3/xD0j4ipEMBKwo8uVX/FWggqaFxgri2GyYIKvP8fSOfEJV1UQAnnCSejDi6o CCVzsl64cLTDzIHFwio5H//ewlRIBxXP7n6tu1GkYjbyXp7pGh+TaOxBcNP7FxlY//dK eRRQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id i191si1401037oib.430.2017.11.30.04.19.07; Thu, 30 Nov 2017 04:19:07 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 49CFA609A1; Thu, 30 Nov 2017 12:19:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id C6E14609B5; Thu, 30 Nov 2017 12:03:34 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3396B60905; Thu, 30 Nov 2017 12:02:32 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id 08FD46090A for ; Thu, 30 Nov 2017 12:00:42 +0000 (UTC) Received: from mxback6o.mail.yandex.net (mxback6o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::20]) by forward100p.mail.yandex.net (Yandex) with ESMTP id ED58A5103747 for ; Thu, 30 Nov 2017 15:00:40 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback6o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id rbw8A0whvv-0eGW47Yf; Thu, 30 Nov 2017 15:00:40 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0d24NRnp; Thu, 30 Nov 2017 15:00:40 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:13 +0300 Message-Id: <1512043220-8803-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 8/15] linux-gen: ipsec: simplify seq no handling X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov There is no point in filling artificial AAD struct for AH just for the sake of sequence number checking. Instead use AAD just for ESP and provide separate seq_no field. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ platform/linux-generic/odp_ipsec.c | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index ae2fa10a4..a48312fe9 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -233,6 +233,7 @@ typedef struct { struct { uint16_t hdr_len; uint16_t trl_len; + odp_u32be_t seq_no; } in; odp_u32be_t ipv4_addr; uint8_t ipv6_addr[_ODP_IPV6ADDR_LEN]; @@ -247,8 +248,10 @@ typedef struct { odp_u32be_t ver_tc_flow; uint8_t hop_limit; } ah_ipv6; + struct { + ipsec_aad_t aad; + } esp; }; - ipsec_aad_t aad; uint8_t iv[IPSEC_MAX_IV_LEN]; } ipsec_state_t; @@ -409,10 +412,11 @@ static int ipsec_in_esp(odp_packet_t *pkt, ipsec_sa->icv_len; param->override_iv_ptr = state->iv; - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; + state->esp.aad.spi = esp.spi; + state->esp.aad.seq_no = esp.seq_no; + state->in.seq_no = odp_be_to_cpu_32(esp.seq_no); - param->aad.ptr = (uint8_t *)&state->aad; + param->aad.ptr = (uint8_t *)&state->esp.aad; param->auth_range.offset = ipsec_offset; param->auth_range.length = state->ip_tot_len - @@ -515,10 +519,7 @@ static int ipsec_in_ah(odp_packet_t *pkt, ipv6hdr->hop_limit = 0; } - state->aad.spi = ah.spi; - state->aad.seq_no = ah.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; + state->in.seq_no = odp_be_to_cpu_32(ah.seq_no); param->auth_range.offset = state->ip_offset; param->auth_range.length = state->ip_tot_len; @@ -614,7 +615,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; if (_odp_ipsec_sa_replay_precheck(ipsec_sa, - odp_be_to_cpu_32(state.aad.seq_no), + state.in.seq_no, status) < 0) goto err; @@ -659,7 +660,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, - odp_be_to_cpu_32(state.aad.seq_no), + state.in.seq_no, status) < 0) goto err; @@ -993,10 +994,10 @@ static int ipsec_out_esp(odp_packet_t *pkt, esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; + state->esp.aad.spi = esp.spi; + state->esp.aad.seq_no = esp.seq_no; - param->aad.ptr = (uint8_t *)&state->aad; + param->aad.ptr = (uint8_t *)&state->esp.aad; memset(&esptrl, 0, sizeof(esptrl)); esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; @@ -1117,11 +1118,6 @@ static int ipsec_out_ah(odp_packet_t *pkt, ah.ah_len = hdr_len / 4 - 2; - state->aad.spi = ah.spi; - state->aad.seq_no = ah.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; - /* For GMAC */ if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; From patchwork Thu Nov 30 12:00:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120156 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp587184qgn; Thu, 30 Nov 2017 04:14:01 -0800 (PST) X-Google-Smtp-Source: AGs4zMYjBn7FRCYXVzzU7DAEVvjyZOXcUaDh34HBvWCo98VieRXlhwUQ4t+PgmoPYev3Xk4cx2UV X-Received: by 10.55.170.130 with SMTP id t124mr2317633qke.84.1512044041660; Thu, 30 Nov 2017 04:14:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044041; cv=none; d=google.com; s=arc-20160816; b=gFSOr62Ws3BdwoHOP2c7PElm1hAWSl7oldRSJGrD7p95a+8QjYP4wSeMCyDu3LOQc+ LlwTPw7KQXAd3won7nvb2v8y414yPF+JlcynVEyXfjz/1fytTdegVQJA8wHlf1FrfGTD oDg4PVNf5M7pXJ4lSudpSYxXxJtDaTJtKsng7vdi0/i6NDlgrFPuAMj0aQncZJTEHqOX TaMnpZfLkImapxDo/OpCqZGdzbIUfoDKpIksuAjg2EYQMYEyfSWZFZ3FHp7MwVgHEB2Z d2s337x4kjSUymsCsNubprrBlXc6B7IWYOIaheDhJfA4+9QoexcMYzNF9hnRtQdJVkto emSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=dtXrcK4OZTqW8DI2jHttKLL7H7E0nG2fgHiCtWRA74M=; b=ObhWhakQfsx6z9i9Q7qiDkVMSCjPTpDKilU439Wz3Rm4xZl863rzJdfbn/KEtGQimH DG1+CQP+N6lNy7mCZLYkQgMkG+pLdYfkZO+t86HB2reqrH6Dm0mmjoxqkOKVXLKtKgIU jsEiNh8FxKX04q2tLsP7aIgK/jjGiBbIx0Al3CVm7fJ8ZnDak7jMj/9EJ3FB1B/JWDdz ioHwnCdWN4b7iDa5ew7L7FxO4Hd1KV5gZkYf6vhPIMpKOvSTeQKHM65WER+bg9crfAvg 7CxrPm6O36/k1f6ywhGd7pBrbdLNfEsYK4NVETKY8+fwbtGENOX55fvifvD+XFqCVqBt IdZg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id q144si757957qke.366.2017.11.30.04.14.01; Thu, 30 Nov 2017 04:14:01 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 4379960996; Thu, 30 Nov 2017 12:14:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D5D096099A; Thu, 30 Nov 2017 12:03:09 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 42D3360959; Thu, 30 Nov 2017 12:02:26 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id C489B60966 for ; Thu, 30 Nov 2017 12:00:43 +0000 (UTC) Received: from mxback5j.mail.yandex.net (mxback5j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10e]) by forward105o.mail.yandex.net (Yandex) with ESMTP id AEAF44443098 for ; Thu, 30 Nov 2017 15:00:42 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback5j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 4WfqqRZGW7-0gaWvWQc; Thu, 30 Nov 2017 15:00:42 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0f2GuVPe; Thu, 30 Nov 2017 15:00:41 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:14 +0300 Message-Id: <1512043220-8803-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 9/15] linux-gen: add support for UDP-encapsulated ESP packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ .../linux-generic/include/odp_ipsec_internal.h | 1 + platform/linux-generic/include/protocols/udp.h | 2 + platform/linux-generic/odp_ipsec.c | 53 +++++++++++++++++++++- platform/linux-generic/odp_ipsec_sad.c | 1 + 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index b294e7c4a..822c9016b 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -131,6 +131,7 @@ struct ipsec_sa_s { unsigned copy_df : 1; unsigned copy_flabel : 1; unsigned aes_ctr_iv : 1; + unsigned udp_encap : 1; /* Only for outbound */ unsigned use_counter_iv : 1; diff --git a/platform/linux-generic/include/protocols/udp.h b/platform/linux-generic/include/protocols/udp.h index 535aba855..85984c992 100644 --- a/platform/linux-generic/include/protocols/udp.h +++ b/platform/linux-generic/include/protocols/udp.h @@ -38,6 +38,8 @@ typedef struct ODP_PACKED { ODP_STATIC_ASSERT(sizeof(_odp_udphdr_t) == _ODP_UDPHDR_LEN, "_ODP_UDPHDR_T__SIZE_ERROR"); +#define _ODP_UDP_IPSEC_PORT 4500 + /** * @} */ diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index a48312fe9..2f4c69924 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -18,6 +18,7 @@ #include #include #include +#include #include @@ -378,9 +379,29 @@ static int ipsec_in_esp(odp_packet_t *pkt, _odp_esphdr_t esp; uint16_t ipsec_offset; ipsec_sa_t *ipsec_sa; + odp_bool_t udp_encap = false; ipsec_offset = state->ip_offset + state->ip_hdr_len; + if (_ODP_IPPROTO_UDP == state->ip_next_hdr) { + _odp_udphdr_t udp; + uint16_t ip_data_len = state->ip_tot_len - + state->ip_hdr_len; + + odp_packet_copy_to_mem(*pkt, ipsec_offset, + _ODP_UDPHDR_LEN, &udp); + + if (udp.dst_port != odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT) || + udp.length != odp_cpu_to_be_16(ip_data_len)) { + status->error.proto = 1; + return -1; + } + + ipsec_offset += _ODP_UDPHDR_LEN; + state->ip_hdr_len += _ODP_UDPHDR_LEN; + udp_encap = true; + } + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, sizeof(esp), &esp) < 0) { status->error.alg = 1; @@ -396,6 +417,11 @@ static int ipsec_in_esp(odp_packet_t *pkt, if (status->error.all) return -1; + if (!!ipsec_sa->udp_encap != udp_encap) { + status->error.proto = 1; + return -1; + } + if (ipsec_in_iv(*pkt, state, ipsec_sa, ipsec_offset + _ODP_ESPHDR_LEN) < 0) { status->error.alg = 1; @@ -446,6 +472,11 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; + if (udp_encap) { + state->ip_hdr_len -= _ODP_UDPHDR_LEN; + state->in.hdr_len += _ODP_UDPHDR_LEN; + } + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, 1, &esptrl.next_header); state->in.trl_len += esptrl.pad_len; @@ -603,7 +634,8 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, } /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == state.ip_next_hdr) { + if (_ODP_IPPROTO_ESP == state.ip_next_hdr || + _ODP_IPPROTO_UDP == state.ip_next_hdr) { rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else if (_ODP_IPPROTO_AH == state.ip_next_hdr) { rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); @@ -962,6 +994,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, { _odp_esphdr_t esp; _odp_esptrl_t esptrl; + _odp_udphdr_t udphdr; uint32_t encrypt_len; uint16_t ip_data_len = state->ip_tot_len - state->ip_hdr_len; @@ -983,6 +1016,16 @@ static int ipsec_out_esp(odp_packet_t *pkt, ip_data_len + ipsec_sa->icv_len; + if (ipsec_sa->udp_encap) { + hdr_len += _ODP_UDPHDR_LEN; + proto = _ODP_IPPROTO_UDP; + udphdr.src_port = odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT); + udphdr.dst_port = odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT); + udphdr.length = odp_cpu_to_be_16(ip_data_len + + hdr_len + trl_len); + udphdr.chksum = 0; /* should be 0 by RFC */ + } + if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; return -1; @@ -1030,6 +1073,14 @@ static int ipsec_out_esp(odp_packet_t *pkt, encrypt_len - _ODP_ESPTRL_LEN; + if (ipsec_sa->udp_encap) { + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_UDPHDR_LEN, + &udphdr); + ipsec_offset += _ODP_UDPHDR_LEN; + hdr_len -= _ODP_UDPHDR_LEN; + state->ip_hdr_len += _ODP_UDPHDR_LEN; + } + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 812ad0c46..82b3c4522 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -235,6 +235,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->copy_dscp = param->opt.copy_dscp; ipsec_sa->copy_df = param->opt.copy_df; ipsec_sa->copy_flabel = param->opt.copy_flabel; + ipsec_sa->udp_encap = param->opt.udp_encap; odp_atomic_store_u64(&ipsec_sa->bytes, 0); odp_atomic_store_u64(&ipsec_sa->packets, 0); From patchwork Thu Nov 30 12:00:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120161 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp593284qgn; Thu, 30 Nov 2017 04:19:49 -0800 (PST) X-Google-Smtp-Source: AGs4zMYxpdPIDd4+vZn150tgGl5jn51JZUjL2QHzKqQieeNATSw7R7Yo0Q9CF7kY+vfJ4hD18NKU X-Received: by 10.55.201.155 with SMTP id m27mr2249746qkl.299.1512044389075; Thu, 30 Nov 2017 04:19:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044389; cv=none; d=google.com; s=arc-20160816; b=Em/r/6lLiKFUTVnz3AuefgsC67L3+CPlbtoSZEqLfved5xFBhQr2GH8AhujiNSY2CT 3pZFhvxIqRIgE5XrcsWkcugdCPeKnosqCr/gdJUK1IyJ2BPgVM8Jb7PX83izJdXiw3u3 aYcZK2Uyt3nGuwh3SjG5TT1UF962vth0/z+rc3TZkvY1cii64bo+z+Tl109VmNvawfnO Iu1kRX/DQcHhHL6MFszTkjnPp7zUo/R8MSJ7PR7AIOKUKuLQqbWRwcXC88bz81yGu0A3 7wBywt6kyNaPHBz9q9/9SRWPp5aN8jLepey5zHyUB62iegpxGItoMdzXXVhmZ0Pt9BVw vGjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=QZUyr/HSgAXtXmWHoVu35X5Ufbgk/X9+ne1NfLkcMCk=; b=O4k3dsCGsMLyxoiOL7ROD7wLaIbsPfcDeBS/DqvEy2C4rt+NngX8KTYXdPW2PAZg/6 6+S9XzkWlaQi3Ofz6VGNySO8U/tn55PDjFcTROvnu0WQ9fqTxE1BBsYvMUFucSGzV2Ll 3k83xz/3frjj72Mr7bQTrxMhe08CH5NZmYBKRqSNjtBYUWZ+hasrYQ2mCtDaemmunwF4 81evSRcwI1P6pkiDT4ALMqsbZieaye7631XjkcIPZYnSKNG4CxmJHc6uqZ/NSkFLszGA w1+fEAUaV9PgqB/QAPG8m420dI1Fd+I5wFFvHXUojDU+FWPxufXV0XaZuqljhZ5clqBQ t4aw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id i79si4293998qkh.199.2017.11.30.04.19.48; Thu, 30 Nov 2017 04:19:49 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 88D21609A5; Thu, 30 Nov 2017 12:19:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 04BD2609C4; Thu, 30 Nov 2017 12:03:37 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 4D8226090A; Thu, 30 Nov 2017 12:02:32 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id D7BEB60973 for ; Thu, 30 Nov 2017 12:00:45 +0000 (UTC) Received: from mxback3j.mail.yandex.net (mxback3j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10c]) by forward104p.mail.yandex.net (Yandex) with ESMTP id AF6F71869D1 for ; Thu, 30 Nov 2017 15:00:44 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback3j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id dvRkaMKuGq-0i14XPVT; Thu, 30 Nov 2017 15:00:44 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0h24rgeg; Thu, 30 Nov 2017 15:00:44 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:15 +0300 Message-Id: <1512043220-8803-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 10/15] linux-gen: packet: add flag for UDP-encapsulated IPsec packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ platform/linux-generic/include/odp/api/plat/packet_types.h | 1 + platform/linux-generic/odp_ipsec.c | 2 +- platform/linux-generic/odp_packet.c | 11 +++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp/api/plat/packet_types.h b/platform/linux-generic/include/odp/api/plat/packet_types.h index 82fc66e53..128e83148 100644 --- a/platform/linux-generic/include/odp/api/plat/packet_types.h +++ b/platform/linux-generic/include/odp/api/plat/packet_types.h @@ -151,6 +151,7 @@ typedef union { uint64_t l3_chksum_done:1; /**< L3 checksum validation done */ uint64_t l4_chksum_done:1; /**< L4 checksum validation done */ + uint64_t ipsec_udp:1; /**< UDP-encapsulated IPsec packet */ }; } _odp_packet_input_flags_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 2f4c69924..8bf4ced4c 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -472,7 +472,7 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; - if (udp_encap) { + if (_ODP_IPPROTO_UDP == state->ip_next_hdr) { state->ip_hdr_len -= _ODP_UDPHDR_LEN; state->in.hdr_len += _ODP_UDPHDR_LEN; } diff --git a/platform/linux-generic/odp_packet.c b/platform/linux-generic/odp_packet.c index bdcb482fa..167f8cbc6 100644 --- a/platform/linux-generic/odp_packet.c +++ b/platform/linux-generic/odp_packet.c @@ -2141,6 +2141,17 @@ static inline void parse_udp(packet_parser_t *prs, if (odp_unlikely(udplen < sizeof(_odp_udphdr_t))) prs->error_flags.udp_err = 1; + if (odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT) == udp->dst_port && + udplen > 4) { + uint32_t val; + + memcpy(&val, udp + 1, 4); + if (val != 0) { + prs->input_flags.ipsec = 1; + prs->input_flags.ipsec_udp = 1; + } + } + if (offset) *offset += sizeof(_odp_udphdr_t); *parseptr += sizeof(_odp_udphdr_t); From patchwork Thu Nov 30 12:00:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120165 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp596345qgn; Thu, 30 Nov 2017 04:22:36 -0800 (PST) X-Google-Smtp-Source: AGs4zMa//RH5gmIp4fus9eT2bMLVaLiGsQu6LmJZeI7IqgJBkvflMX+m77NVEg0SoYPvVKiIx2tC X-Received: by 10.55.33.13 with SMTP id h13mr2374252qkh.176.1512044556728; Thu, 30 Nov 2017 04:22:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044556; cv=none; d=google.com; s=arc-20160816; b=XywYmWw3sByCM9jMKnIq7pLmWZJYBv3G1L8DNHVdKgF7fUHiBGtymm/ZZ0hLjgeATN WNa+gNkkkcUcwIZWjTZuICYyO4cgb9cS6k9J2usn92i6hEsqvA3eGg0oHghZrgDoSSK/ qZ7AJ4Kp9W6g72Ab/P08UE7XYOIQq83D2DwFRY6Y5IhtP6rmR7AgRS6LS5ZkvjYbCKbL cEPOjsNYzygoXkIgLo0nmTZhp5I1NfRDkNF/MaK685SVsAmnBLALbbc3Y2+jtaCXyBCZ Tp30rtkXlAYWXfjjxk6plOh3yuvM9oWFt3Kh25Oq8IaUYlSsM1U8rnh/qXOOegHxc/ZF 8BsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=x5BYvO5uA047hCgrUnSlpO0E9e2eZtDeE4pgAjjc1b8=; b=fHf0JuEwtykFmcgGEZfyHRNz70WjXrs9kI7awKfYQg6Es7+pt+0k8+tU7tz8DncTCN jP+c4Q1KjkaWJolrL+Rhz+od0ypSRCWFZZMqBzMNrZJWX+QdXAz3JCQMyWxIob+ZwQkg KRCEH4dUrvxzWH/vd2iD/csqeZwG3+BnnrdEHK4ZctxwSkJwpbe5boclRJpKsGMZ2qD8 7a7az2mp4x347Rj/JpySyHY+SUKhP32zcEximKrJ2iHwDatwjXVUKlAQjFjgyoSuKhoB Yxj6ZUZlYw2JfYAo6lIV/3vGoJg11jeHJzHEi7GiCVWzdZPas/kOGqi2Uf6F4Xg2m0vl NVfQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o15si1998273qta.170.2017.11.30.04.22.36; Thu, 30 Nov 2017 04:22:36 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6AFDC60976; Thu, 30 Nov 2017 12:22:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 0CBCE60982; Thu, 30 Nov 2017 12:03:59 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id CB67860927; Thu, 30 Nov 2017 12:03:39 +0000 (UTC) Received: from forward104j.mail.yandex.net (forward104j.mail.yandex.net [5.45.198.247]) by lists.linaro.org (Postfix) with ESMTPS id 224FA60927 for ; Thu, 30 Nov 2017 12:00:52 +0000 (UTC) Received: from mxback10g.mail.yandex.net (mxback10g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:171]) by forward104j.mail.yandex.net (Yandex) with ESMTP id 8580F438F6 for ; Thu, 30 Nov 2017 15:00:50 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback10g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 8R2y7KRkAX-0ob0QQ7F; Thu, 30 Nov 2017 15:00:50 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0j2efXT4; Thu, 30 Nov 2017 15:00:46 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:16 +0300 Message-Id: <1512043220-8803-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 11/15] validation: add UDP-encapsulated IPsec test cases X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ test/validation/api/ipsec/ipsec_test_in.c | 134 +++++++++++++++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 66 ++++++++++++++ test/validation/api/ipsec/test_vectors.h | 99 +++++++++++++++++++++ 3 files changed, 299 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 15e1fe14f..6262f4cb5 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -376,6 +376,69 @@ static void test_in_ipv4_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv4_esp_udp_null_sha256_lookup(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; @@ -1317,6 +1380,69 @@ static void test_in_ipv6_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_in_ipv6_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_udp_null_sha256_lookup(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -1372,6 +1498,10 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_udp_null_sha256_lookup, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, @@ -1410,5 +1540,9 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_udp_null_sha256_lookup, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index f4e71dced..2ee8a1319 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -283,6 +283,37 @@ static void test_out_ipv4_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; @@ -695,6 +726,37 @@ static void test_out_ipv6_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_out_ipv6_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -716,6 +778,8 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, @@ -740,5 +804,7 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 211f349d0..a6b8616b6 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -517,6 +517,53 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_udp_null_sha256_1 = { + .len = 178, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x11, 0xab, 0xf3, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* UDP encap */ + 0x11, 0x94, 0x11, 0x94, 0x00, 0x90, 0x00, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0xe9, 0x81, 0xcd, 0x65, 0x9b, 0x25, 0x0b, 0x33, + 0xe2, 0xf3, 0x83, 0xf1, 0x6d, 0x14, 0xb4, 0x1f, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, @@ -1683,4 +1730,56 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = { }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_udp_null_sha256_1 = { + .len = 206, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x98, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x11, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* UDP encap */ + 0x11, 0x94, 0x11, 0x94, 0x00, 0x90, 0x00, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x3a, + + /* ICV */ + 0x20, 0xa6, 0x89, 0x7b, 0x0a, 0x52, 0x5b, 0xca, + 0x98, 0x56, 0xd1, 0xfe, 0x56, 0xc7, 0xa4, 0x5b, + }, +}; + #endif From patchwork Thu Nov 30 12:00:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120164 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp595529qgn; Thu, 30 Nov 2017 04:21:47 -0800 (PST) X-Google-Smtp-Source: AGs4zMYOMZJ/DIM+EdYP00nc5mP5WWTzQZ6tdoASNyVHL5bqIhTTfdel8mN8lzcpEFCnKAkeY0y5 X-Received: by 10.55.27.88 with SMTP id b85mr2319453qkb.144.1512044506976; Thu, 30 Nov 2017 04:21:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044506; cv=none; d=google.com; s=arc-20160816; b=TFvaG2jjATyIy+ejdMYrkvzj0joMLc1RJndjlmM/0JPj1eSyAK0GQNdYDdKfa3DAou +K0fKsqlp1DvbZHSjxsDiuo4cgNbqHtVRI4luiaJF2ddeTkwA99xzy3ZNgwpntLrUQO2 icA39DFeKc4YTz9D/HnDk8hB0c3v/oLPEH+ouHTiKhN+Tk7zGhkMNySgEenfk2nXvpD6 e3Z2NTDnaV/EV3n0sRu8GwWwy8TgNgXtpNB15XneGhExKYce1qLEyVrktxjRcUNzJtJF Sr2UcZyp61q3MANPTNbMigcYQY50aF3cUjWeBgB7jD2iwA2GZpsdEBhuNYN5cUc/Pr8v UGpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=5X+O3OOk6xLskE/dQYV/caYo+x/KQ1ja6Z8vTPfdKuU=; b=a4yQiO2ciXw9n8G8eQvOM74yWKRpmDC9ZCN+01ASPJLZPFJmI/uz5vHd109Q1S4VIY ywmUHwdguFZ0a3Wm8kDz23zKFzCBt1mjOq15mfzh3PuMoe6H5uSRFVOFRWYydWvyFVGK zZcJytl05fx/rsovlaDVmBEaMU9HsVIoryOEUhYDgbB4cjjKrL5XQMWo/jCnzkelKqP2 654lFmAfggyBGpS+816eQgzSUTh6usO3Z9UkMjNrxF0ksIlpzBZ1wso474bW6waI8kHZ G4H/gbtP/6h/dSd4+4f5nsw1lBzwPqcfBcEDM8TXfbRoiNzMj+RLcD7SEajQCQ87BAWb yMWg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id a20si1009362qtk.136.2017.11.30.04.21.46; Thu, 30 Nov 2017 04:21:46 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 9EE1560950; Thu, 30 Nov 2017 12:21:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id C19B760969; Thu, 30 Nov 2017 12:03:52 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id AA7D060981; Thu, 30 Nov 2017 12:03:38 +0000 (UTC) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [37.140.190.181]) by lists.linaro.org (Postfix) with ESMTPS id 937896097D for ; Thu, 30 Nov 2017 12:00:52 +0000 (UTC) Received: from mxback5g.mail.yandex.net (mxback5g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:166]) by forward101o.mail.yandex.net (Yandex) with ESMTP id 2B2881347B92 for ; Thu, 30 Nov 2017 15:00:51 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback5g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id PaxsITGMGs-0pga76jM; Thu, 30 Nov 2017 15:00:51 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0o2WJIDj; Thu, 30 Nov 2017 15:00:50 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:17 +0300 Message-Id: <1512043220-8803-13-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 12/15] linux-gen: ipsec: store mtu and frag_mode in SA X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ platform/linux-generic/include/odp_ipsec_internal.h | 2 ++ platform/linux-generic/odp_ipsec_sad.c | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 822c9016b..c6f241fac 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -156,6 +156,8 @@ struct ipsec_sa_s { struct { odp_atomic_u64_t counter; /* for CTR/GCM */ odp_atomic_u32_t seq; + odp_ipsec_frag_mode_t frag_mode; + uint32_t mtu; union { struct { diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 82b3c4522..2d6321166 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -230,6 +230,8 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); + ipsec_sa->out.frag_mode = param->outbound.frag_mode; + ipsec_sa->out.mtu = param->outbound.mtu; } ipsec_sa->dec_ttl = param->opt.dec_ttl; ipsec_sa->copy_dscp = param->opt.copy_dscp; @@ -489,10 +491,16 @@ uint64_t odp_ipsec_sa_to_u64(odp_ipsec_sa_t sa) int odp_ipsec_sa_mtu_update(odp_ipsec_sa_t sa, uint32_t mtu) { - (void)sa; - (void)mtu; + ipsec_sa_t *ipsec_sa; + + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); - return -1; + ipsec_sa->out.mtu = mtu; + + _odp_ipsec_sa_unuse(ipsec_sa); + + return 0; } ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) From patchwork Thu Nov 30 12:00:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120163 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp594666qgn; Thu, 30 Nov 2017 04:21:02 -0800 (PST) X-Google-Smtp-Source: AGs4zMY0F5SVTQY2vDoVjZ3kRugX+LyOzWRVvDWaMahUnNANJy/tyFZNF+dw9qNVdQzrtbCZ9zLK X-Received: by 10.200.55.75 with SMTP id p11mr3082966qtb.298.1512044462665; Thu, 30 Nov 2017 04:21:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044462; cv=none; d=google.com; s=arc-20160816; b=nr6Ji0hN+0B0v6BjJUkYJqaFA2puMsL89Z4aKbB6zfPkI8IvfrSA2lwWoJpUepOVd6 s0F1x2BctpPiYPczGbcoU/jR6HBs81X6+fESID1IaoRoNCesoHzPzjbytxUVQa3AH6ND TRH+umMbOjc0ND88TTixln9ljKOW9Y+MtgqhieC/gV42b7HuJ1IY13Qibpp3bSz+GLzN 5wAOFOAUAfVotaP9wIKJv5sBrxUW0frUPtavrjq90UMty5F3tOL19TlXtuGsVPFh161a fwsyySAYA9Z+k9abVqsRMu5Fzyxtzm1Yy6OoVj7BuakV5QC0Q6lYMtaePP0dWATS2h5u ojcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=xsz7svs1ri6nzQNNDGRDxnTu/3AG6P8/9qLaaxLB8Ao=; b=kcGP821n7NgR+m0F01ixw/07QMk4wCZEIYgHJ/3BTcizqcm8OSwwbhStuZDhaxX/gD j+McMxo53LPzRhZGng2EthXLRPXDXIm9tyqDvmv6yaS31DtlM3fotJNQfgupMIIzPcDs M/4hWR5H6XkjVU8UImiu8efNmFvRfsXefUdKD9BlFu2iFUBKP0DCQKfgWsOLjJOTdVMp 109RguyjqSGDRhWkmnvbjtp7aSupRdS6E659kPAMfR+zzXfIEraFqOFdNm38loUn4JJj upD67F3X5vzD4Alh8D3z9X27INcEjWo318so8QxySAjwHw05iM3yVEtubs/rdUS0tqLi kgMA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id b31si4089353qtc.303.2017.11.30.04.21.02; Thu, 30 Nov 2017 04:21:02 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 442E260948; Thu, 30 Nov 2017 12:21:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 720656094A; Thu, 30 Nov 2017 12:03:46 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E49FE609CA; Thu, 30 Nov 2017 12:03:37 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id DFC6560981 for ; Thu, 30 Nov 2017 12:00:52 +0000 (UTC) Received: from mxback10g.mail.yandex.net (mxback10g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:171]) by forward100p.mail.yandex.net (Yandex) with ESMTP id C9DE551036C1 for ; Thu, 30 Nov 2017 15:00:51 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback10g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id IeCu0WJM23-0pbOKIT9; Thu, 30 Nov 2017 15:00:51 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0p24gqAk; Thu, 30 Nov 2017 15:00:51 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:18 +0300 Message-Id: <1512043220-8803-14-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 13/15] api, linux-gen: ipsec: constify in/out params X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Mark all input and out params as constants Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ include/odp/api/spec/ipsec.h | 6 +++--- platform/linux-generic/odp_ipsec.c | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 4a33af8ea..cd168d080 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -1021,13 +1021,13 @@ typedef struct odp_ipsec_out_param_t { int num_opt; /** Pointer to an array of IPSEC SAs */ - odp_ipsec_sa_t *sa; + const odp_ipsec_sa_t *sa; /** Pointer to an array of outbound operation options * * May be NULL when num_opt is zero. */ - odp_ipsec_out_opt_t *opt; + const odp_ipsec_out_opt_t *opt; } odp_ipsec_out_param_t; @@ -1055,7 +1055,7 @@ typedef struct odp_ipsec_in_param_t { * * May be NULL when num_sa is zero. */ - odp_ipsec_sa_t *sa; + const odp_ipsec_sa_t *sa; } odp_ipsec_in_param_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 8bf4ced4c..3c539b515 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -1228,7 +1228,7 @@ static void ipsec_out_ah_post(ipsec_state_t *state, odp_packet_t pkt) static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, odp_ipsec_sa_t sa, odp_packet_t *pkt_out, - odp_ipsec_out_opt_t *opt ODP_UNUSED, + const odp_ipsec_out_opt_t *opt ODP_UNUSED, odp_ipsec_op_status_t *status) { ipsec_state_t state; @@ -1402,7 +1402,7 @@ int odp_ipsec_in(const odp_packet_t pkt_in[], int num_in, return in_pkt; } -static odp_ipsec_out_opt_t default_opt = { +static const odp_ipsec_out_opt_t default_opt = { .mode = ODP_IPSEC_FRAG_DISABLED, }; @@ -1426,7 +1426,7 @@ int odp_ipsec_out(const odp_packet_t pkt_in[], int num_in, odp_ipsec_sa_t sa; ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; - odp_ipsec_out_opt_t *opt; + const odp_ipsec_out_opt_t *opt; memset(&status, 0, sizeof(status)); @@ -1534,7 +1534,7 @@ int odp_ipsec_out_enq(const odp_packet_t pkt_in[], int num_in, odp_ipsec_sa_t sa; ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; - odp_ipsec_out_opt_t *opt; + const odp_ipsec_out_opt_t *opt; odp_queue_t queue; memset(&status, 0, sizeof(status)); @@ -1626,7 +1626,7 @@ int odp_ipsec_out_inline(const odp_packet_t pkt_in[], int num_in, odp_ipsec_sa_t sa; ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; - odp_ipsec_out_opt_t *opt; + const odp_ipsec_out_opt_t *opt; uint32_t hdr_len, offset; const void *ptr; From patchwork Thu Nov 30 12:00:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120166 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp597379qgn; Thu, 30 Nov 2017 04:23:42 -0800 (PST) X-Google-Smtp-Source: AGs4zMZFK5AW/nuPOdBayXObAD6Cobs80fYlGSrtOZBaiDhWnG5W41RG3gQQv2XoDjhdWk4NPndi X-Received: by 10.237.33.248 with SMTP id m53mr3069674qtc.39.1512044622576; Thu, 30 Nov 2017 04:23:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044622; cv=none; d=google.com; s=arc-20160816; b=JEN5SHBebqIw8gYYmv/0AdfgOdvOHxdukk6srDooWJ134ICF7QdXAvKXSL9IrIOzF6 JRHMPn/RVgCYJCPlTwdh7loGDG2hY+iUh3CtpTcGq5zGeeG62H8h97LwbB3IRLdunCZd jyZSewrICAK0/bzpDQT4yAG6Ttfbr2WIwN6FFe3VxfXn7aeqM+btD/1rehR3Bo17MdbT iVDb2ZriNCws0CUTXpiRcRRqrcGmSsqPbtc2lFW7fn1MXCp26MiakkcMVZYdf2mQEd0b gs8AX3eL6XzP4ok2zBeCPpqMGGNcNEq1p0UHzCLvYsvskV/yyO80BeP4/uw2koF2d6vh UQtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=UdF8uLfxVMYlaGNBToaJ8Qecur4c8PlP388wTVVcNWg=; b=rOI5Vug+1ONavwjX3BVdDs5TmC0Hp9aHvcnaKLhM/AOkWmJlu8eEAvZc9DwO8+yQmn G3gvnDfybwCpUDc6cV/ZIntRpQKLroN7ARr62n2Z6+njwZCdPUV13qbpnRQ28mphP/UO ZVe7+QT7qH7GCVVEnQZCtZ7cOHJ1QGrXnUdNlbzjEgaFuL2uCBP/exVfiZL09xtk7pW2 jRnsfDjlKZ5n8ayYQmj2loHOxzWNwebcFZtvRZEpRfumSpQaL1zisFaxiZhjbP8Khsiq p3xF7si8B/m7nn1DskdEwnP1dmO/6EC0Et4QRRhiOBxjsLwa/ED+KScr3Q6nod7yOF93 tpMA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id k188si4200783qkc.302.2017.11.30.04.23.42; Thu, 30 Nov 2017 04:23:42 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 331D86096A; Thu, 30 Nov 2017 12:23:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 61B88609D0; Thu, 30 Nov 2017 12:04:01 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 19F2E60969; Thu, 30 Nov 2017 12:03:45 +0000 (UTC) Received: from forward103p.mail.yandex.net (forward103p.mail.yandex.net [77.88.28.106]) by lists.linaro.org (Postfix) with ESMTPS id DECB160976 for ; Thu, 30 Nov 2017 12:00:53 +0000 (UTC) Received: from mxback8j.mail.yandex.net (mxback8j.mail.yandex.net [IPv6:2a02:6b8:0:1619::111]) by forward103p.mail.yandex.net (Yandex) with ESMTP id 7D8272185D3E for ; Thu, 30 Nov 2017 15:00:52 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback8j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id rNajTuLqbe-0qx0Lajo; Thu, 30 Nov 2017 15:00:52 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0p24qtnj; Thu, 30 Nov 2017 15:00:51 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:19 +0300 Message-Id: <1512043220-8803-15-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 14/15] linux-gen: ipsec: support ODP_IPSEC_FRAG_CHECK X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Support checking MTU after IPsec transformation. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ platform/linux-generic/odp_ipsec.c | 39 ++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 3c539b515..a393c5051 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -990,7 +990,8 @@ static int ipsec_out_esp(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, odp_crypto_packet_op_param_t *param, - odp_ipsec_op_status_t *status) + odp_ipsec_op_status_t *status, + uint32_t mtu) { _odp_esphdr_t esp; _odp_esptrl_t esptrl; @@ -1026,6 +1027,11 @@ static int ipsec_out_esp(odp_packet_t *pkt, udphdr.chksum = 0; /* should be 0 by RFC */ } + if (state->ip_tot_len + hdr_len + trl_len > mtu) { + status->error.mtu = 1; + return -1; + } + if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; return -1; @@ -1124,7 +1130,8 @@ static int ipsec_out_ah(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, odp_crypto_packet_op_param_t *param, - odp_ipsec_op_status_t *status) + odp_ipsec_op_status_t *status, + uint32_t mtu) { _odp_ahhdr_t ah; unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + @@ -1132,6 +1139,11 @@ static int ipsec_out_ah(odp_packet_t *pkt, uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; uint8_t proto = _ODP_IPPROTO_AH; + if (state->ip_tot_len + hdr_len > mtu) { + status->error.mtu = 1; + return -1; + } + memset(&ah, 0, sizeof(ah)); ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); @@ -1228,7 +1240,7 @@ static void ipsec_out_ah_post(ipsec_state_t *state, odp_packet_t pkt) static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, odp_ipsec_sa_t sa, odp_packet_t *pkt_out, - const odp_ipsec_out_opt_t *opt ODP_UNUSED, + const odp_ipsec_out_opt_t *opt, odp_ipsec_op_status_t *status) { ipsec_state_t state; @@ -1237,6 +1249,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, int rc; odp_crypto_packet_result_t crypto; /**< Crypto operation result */ odp_packet_hdr_t *pkt_hdr; + uint32_t mtu; state.ip_offset = odp_packet_l3_offset(pkt); ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); @@ -1247,6 +1260,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_use(sa); ODP_ASSERT(NULL != ipsec_sa); + if ((opt && opt->mode == ODP_IPSEC_FRAG_CHECK) || + (!opt && ipsec_sa->out.frag_mode == ODP_IPSEC_FRAG_CHECK)) + mtu = ipsec_sa->out.mtu; + else + mtu = UINT32_MAX; + /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); @@ -1281,9 +1300,9 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, } if (ODP_IPSEC_ESP == ipsec_sa->proto) { - rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status); + rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status, mtu); } else if (ODP_IPSEC_AH == ipsec_sa->proto) { - rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status); + rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status, mtu); } else { status->error.alg = 1; goto err; @@ -1402,10 +1421,6 @@ int odp_ipsec_in(const odp_packet_t pkt_in[], int num_in, return in_pkt; } -static const odp_ipsec_out_opt_t default_opt = { - .mode = ODP_IPSEC_FRAG_DISABLED, -}; - int odp_ipsec_out(const odp_packet_t pkt_in[], int num_in, odp_packet_t pkt_out[], int *num_out, const odp_ipsec_out_param_t *param) @@ -1434,7 +1449,7 @@ int odp_ipsec_out(const odp_packet_t pkt_in[], int num_in, ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; @@ -1543,7 +1558,7 @@ int odp_ipsec_out_enq(const odp_packet_t pkt_in[], int num_in, ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; @@ -1640,7 +1655,7 @@ int odp_ipsec_out_inline(const odp_packet_t pkt_in[], int num_in, } if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; From patchwork Thu Nov 30 12:00:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120167 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp600597qgn; Thu, 30 Nov 2017 04:27:10 -0800 (PST) X-Google-Smtp-Source: AGs4zMbyI3fMu0tAhqc+QMd1JwO6k/vwJUVHZoF9OAtxPX+YzFIC10cSfRGqSS8xivAuIClw44mX X-Received: by 10.55.41.36 with SMTP id p36mr2178487qkh.251.1512044830534; Thu, 30 Nov 2017 04:27:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512044830; cv=none; d=google.com; s=arc-20160816; b=XaGrG0Z6PD6kwptEzWGNzrAYSqqdqz6sQnWGCxlpl8AbUCAaR5eyYIMQ72tfdldrkP wRSrZsgOiq7yVecyVhQNoawZowVW1JVm0f8a0peDjpU5pscGqSeNy62vZ6dwS22sn0Xr C1ZIvnUd1nf1Pf6jHHEk20el1dGRZ0HmxCbnjTOPcN/ZBSjQL0M4F4Qc/k+wIN3+cG75 75zEn2Tw2DW+h7IpiEmS9G67g04glIM63BmX4Zd5ly6R9iUt8sEbqd4ppF4hi6edjoHh bBZLOdBu1/xgQBf8hzSzSwVII5PYKpw2CEZQKB8pqeBBN9Qb+dKtSOmRUmETe/h0/Rbt NHOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=QcALU5uiGh9CJtohfbwqppguiMSlYEWbf+DIumR95+Y=; b=zpH+/Tp8E5PEwazvFgFbKIRxRod2HRtmRhMrJ4LGEc4+C1wttpJIihwsg9HLfnGol0 dyKXaejgUut0WuUIAWT/dkikmntZli6nnupa+0c0KAaA9tbvq4UU/FWoN09G52lv2Sj5 C6YuxYD+HlwEdQ11UasX6bVjg0mkC6TADFnDzDCTJrYdejbZeQHGuSldBAsmc1uDl/MI LMTeP3jpTG0wwFmuR93NkFW6BBKpDnB9xgVUUgk4IMdyo3jeJguju9j1MHFP1p1gWlfh SbSYF5qIJztDf1Fkk9iZYNOC1LGypziI2VFcXZsoyxGb6xs8T1vi+R2LZlTwsJgFBdZ3 8rhA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id y2si4188707qta.362.2017.11.30.04.27.10; Thu, 30 Nov 2017 04:27:10 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2F6F5609A7; Thu, 30 Nov 2017 12:27:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id C8C09609FD; Thu, 30 Nov 2017 12:04:29 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 4201160969; Thu, 30 Nov 2017 12:03:46 +0000 (UTC) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [77.88.28.109]) by lists.linaro.org (Postfix) with ESMTPS id A83296097C for ; Thu, 30 Nov 2017 12:00:54 +0000 (UTC) Received: from mxback6o.mail.yandex.net (mxback6o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::20]) by forward106p.mail.yandex.net (Yandex) with ESMTP id 4F75C2D833AF for ; Thu, 30 Nov 2017 15:00:53 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback6o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id BtvbMxIGoV-0rG0ZgOE; Thu, 30 Nov 2017 15:00:53 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id LFgKy9hcr4-0q2Gb8j5; Thu, 30 Nov 2017 15:00:52 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 15:00:20 +0300 Message-Id: <1512043220-8803-16-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> References: <1512043220-8803-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v7 15/15] validation: ipsec: add ODP_IPSEC_FRAG_CHECK checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 32adfc64ec5b4cc2948ab55456aeba75ae6816ff **/ test/validation/api/ipsec/ipsec.c | 4 +- test/validation/api/ipsec/ipsec.h | 2 + test/validation/api/ipsec/ipsec_test_out.c | 194 +++++++++++++++++++++++++++++ 3 files changed, 198 insertions(+), 2 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 7b39c2c5a..4cd12b892 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -556,8 +556,8 @@ static int ipsec_send_out_one(const ipsec_test_part *part, memset(¶m, 0, sizeof(param)); param.num_sa = 1; param.sa = &sa; - param.num_opt = 0; - param.opt = NULL; + param.num_opt = part->num_opt; + param.opt = &part->opt; if (ODP_IPSEC_OP_MODE_SYNC == suite_context.outbound_op_mode) { CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&pkt, 1, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index 9a24dd38c..f2ebd388c 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -45,6 +45,8 @@ typedef struct { typedef struct { const ipsec_test_packet *pkt_in; odp_bool_t lookup; + int num_opt; + odp_ipsec_out_opt_t opt; int out_pkt; struct { odp_ipsec_op_status_t status; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 2ee8a1319..4751e6ec8 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -500,6 +500,192 @@ static void test_out_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_ah_sha256_frag_check(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .num_opt = 1, + .opt = { .mode = ODP_IPSEC_FRAG_DISABLED, }, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_ah_sha256_frag_check_2(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + odp_ipsec_sa_mtu_update(sa, 256); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_esp_null_sha256_frag_check(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .num_opt = 1, + .opt = { .mode = ODP_IPSEC_FRAG_DISABLED, }, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_esp_null_sha256_frag_check_2(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + odp_ipsec_sa_mtu_update(sa, 256); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv6_ah_sha256(void) { odp_ipsec_sa_param_t param; @@ -792,6 +978,14 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check_2, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_frag_check, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_frag_check_2, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv4,