From patchwork Tue Dec 12 16:00:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121548 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4308823qgn; Tue, 12 Dec 2017 08:04:17 -0800 (PST) X-Google-Smtp-Source: ACJfBovdqi2176t2F+tDz8ORMCZ10l9jgD2rhPJs7ALTioZfaslEo4Jb2DdPcuXpfvaCBncOV1QE X-Received: by 10.37.186.203 with SMTP id a11mr3130109ybk.253.1513094656923; Tue, 12 Dec 2017 08:04:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513094656; cv=none; d=google.com; s=arc-20160816; b=gtUtq9+5LtcFTvHhvCdfathMrBaVaCDlcmeCzHYW3g+UMM767xLQRz61TjAqN4Gfsq MX+raXL2kMzbWAXlaijTHSeoDBLU9fdafjhJMI7JeFjF5TZ3JzP2/orExrtkeE6gjZmk teQvMbjkv62mgKOUSxRNUwL85W5f9m04Ia01fNXQrEjgpcX+uG/T600M2h1mMBbN9BN3 NtBYLbJdTWpOr0ufuKD+B005JfUjxeYIVqMxlj5AwVsUzD09yjZ3eJppMPiDz0trcC3C pQRMS482j2qfnEcsjaMsJRuTVJx8hKsl51RkFQEHP1huFcJ+dBUnvwNN2KDpCBkc3/yN yNHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=A4cwBfIqo5vYtQZDTCsUJ0iZtG/w6VJclRs5YmcBeOQ=; b=sq4CWm0/oJq5KcW4g+a8nMjeen5EblwEMkLlhW7lVH6HLem0vLFJ1tOXtl+/jgyeU/ Vg4I5CHkqiio6QbKt6Me9L8bXlIXEmwFpVLNgBJXfF6G3fYcK1EcYNRy+dM9JCEZG/EA lK8eq9GCqupMCXR83lS+rDwQ7gFOrF6yVc64E+iYXpSdHWPoe/nzmI6h3CrDYIdHIxmA xIHPAjzornPYb/pTX4sbqcO7oE4BrFJ1ao5Qr7t6nKuynu/8HVvdewd3tRomIoW8wX8L LrVE2U++xMYHpXTCVBVG3sM/avoSG7igKNHSk25KvKmBcGouY56Ra4nMJ2eB59w3ke/O DKTw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id r52si1218537qtb.66.2017.12.12.08.04.16; Tue, 12 Dec 2017 08:04:16 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 7DAA06096A; Tue, 12 Dec 2017 16:04:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D869B60825; Tue, 12 Dec 2017 16:02:42 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A42CA607E5; Tue, 12 Dec 2017 16:02:24 +0000 (UTC) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248]) by lists.linaro.org (Postfix) with ESMTPS id 477B860825 for ; Tue, 12 Dec 2017 16:00:27 +0000 (UTC) Received: from mxback7g.mail.yandex.net (mxback7g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:168]) by forward105j.mail.yandex.net (Yandex) with ESMTP id BEDEF182584 for ; Tue, 12 Dec 2017 19:00:25 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback7g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id ruC0bLtVFA-0P0iAKWF; Tue, 12 Dec 2017 19:00:25 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0OFq4dgg; Tue, 12 Dec 2017 19:00:24 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:08 +0300 Message-Id: <1513094423-671-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 1/16] validation: ipsec: add ipv4 name parts X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov In preparation to add IPv6 support, add ipv4 everywhere (to test packets and to test names). Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ test/validation/api/ipsec/ipsec_test_in.c | 230 ++++++++++++++--------------- test/validation/api/ipsec/ipsec_test_out.c | 125 +++++----------- test/validation/api/ipsec/test_vectors.h | 38 +++-- 3 files changed, 178 insertions(+), 215 deletions(-) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 294e4a5d6..daafaf69a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -10,7 +10,7 @@ #include "test_vectors.h" -static void test_in_ah_sha256(void) +static void test_in_ipv4_ah_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -26,12 +26,12 @@ static void test_in_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -40,7 +40,7 @@ static void test_in_ah_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_tun(void) +static void test_in_ipv4_ah_sha256_tun_ipv4(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -57,12 +57,12 @@ static void test_in_ah_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -71,7 +71,7 @@ static void test_in_ah_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_tun_notun(void) +static void test_in_ipv4_ah_sha256_tun_ipv4_notun(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -87,12 +87,12 @@ static void test_in_ah_sha256_tun_notun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ipip }, + .pkt_out = &pkt_ipv4_icmp_0_ipip }, }, }; @@ -101,7 +101,7 @@ static void test_in_ah_sha256_tun_notun(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256(void) +static void test_in_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -117,12 +117,12 @@ static void test_in_esp_null_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -131,7 +131,7 @@ static void test_in_esp_null_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_cbc_null(void) +static void test_in_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -147,12 +147,12 @@ static void test_in_esp_aes_cbc_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_cbc_null_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_null_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -161,7 +161,7 @@ static void test_in_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_cbc_sha256(void) +static void test_in_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -177,12 +177,12 @@ static void test_in_esp_aes_cbc_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_cbc_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -191,7 +191,7 @@ static void test_in_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_ctr_null(void) +static void test_in_ipv4_esp_aes_ctr_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -207,12 +207,12 @@ static void test_in_esp_aes_ctr_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_ctr_null_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_ctr_null_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -221,7 +221,7 @@ static void test_in_esp_aes_ctr_null(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_ah_sha256(void) +static void test_in_ipv4_ah_sha256_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -237,13 +237,13 @@ static void test_in_lookup_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .lookup = 1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -252,7 +252,7 @@ static void test_in_lookup_ah_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_esp_null_sha256(void) +static void test_in_ipv4_esp_null_sha256_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -268,13 +268,13 @@ static void test_in_lookup_esp_null_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .lookup = 1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -283,7 +283,7 @@ static void test_in_lookup_esp_null_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_tun(void) +static void test_in_ipv4_esp_null_sha256_tun_ipv4(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -300,12 +300,12 @@ static void test_in_esp_null_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_tun_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -314,7 +314,7 @@ static void test_in_esp_null_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_noreplay(void) +static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -331,22 +331,22 @@ static void test_in_ah_sha256_noreplay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -358,7 +358,7 @@ static void test_in_ah_sha256_noreplay(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_replay(void) +static void test_in_ipv4_ah_sha256_replay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -375,17 +375,17 @@ static void test_in_ah_sha256_replay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_repl = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -395,12 +395,12 @@ static void test_in_ah_sha256_replay(void) }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -412,7 +412,7 @@ static void test_in_ah_sha256_replay(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_noreplay(void) +static void test_in_ipv4_esp_null_sha256_noreplay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -429,22 +429,22 @@ static void test_in_esp_null_sha256_noreplay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -456,7 +456,7 @@ static void test_in_esp_null_sha256_noreplay(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_replay(void) +static void test_in_ipv4_esp_null_sha256_replay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -473,17 +473,17 @@ static void test_in_esp_null_sha256_replay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_repl = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -493,12 +493,12 @@ static void test_in_esp_null_sha256_replay(void) }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -510,13 +510,13 @@ static void test_in_esp_null_sha256_replay(void) ipsec_sa_destroy(sa); } -static void test_in_ah_esp_pkt(void) +static void test_in_ipv4_ah_esp_pkt(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; /* This test will not work properly inbound inline mode. - * test_in_lookup_ah_esp_pkt will be used instead. */ + * test_in_ipv4_ah_esp_pkt_lookup will be used instead. */ if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) return; @@ -531,7 +531,7 @@ static void test_in_ah_esp_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -545,13 +545,13 @@ static void test_in_ah_esp_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_esp_ah_pkt(void) +static void test_in_ipv4_esp_ah_pkt(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; /* This test will not work properly inbound inline mode. - * test_in_lookup_esp_ah_pkt will be used instead. */ + * test_in_ipv4_esp_ah_pkt_lookup will be used instead. */ if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) return; @@ -566,7 +566,7 @@ static void test_in_esp_ah_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -580,7 +580,7 @@ static void test_in_esp_ah_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_ah_esp_pkt(void) +static void test_in_ipv4_ah_esp_pkt_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -596,7 +596,7 @@ static void test_in_lookup_ah_esp_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .lookup = 1, .out_pkt = 1, .out = { @@ -611,7 +611,7 @@ static void test_in_lookup_ah_esp_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_esp_ah_pkt(void) +static void test_in_ipv4_esp_ah_pkt_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -627,7 +627,7 @@ static void test_in_lookup_esp_ah_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .lookup = 1, .out_pkt = 1, .out = { @@ -642,7 +642,7 @@ static void test_in_lookup_esp_ah_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_bad1(void) +static void test_in_ipv4_ah_sha256_bad1(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -658,7 +658,7 @@ static void test_in_ah_sha256_bad1(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1_bad1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1_bad1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -672,7 +672,7 @@ static void test_in_ah_sha256_bad1(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_bad2(void) +static void test_in_ipv4_ah_sha256_bad2(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -688,7 +688,7 @@ static void test_in_ah_sha256_bad2(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1_bad2, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1_bad2, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -702,7 +702,7 @@ static void test_in_ah_sha256_bad2(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_bad1(void) +static void test_in_ipv4_esp_null_sha256_bad1(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -718,7 +718,7 @@ static void test_in_esp_null_sha256_bad1(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1_bad1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1_bad1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -732,7 +732,7 @@ static void test_in_esp_null_sha256_bad1(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_5_esp(void) +static void test_in_ipv4_rfc3602_5_esp(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -762,7 +762,7 @@ static void test_in_rfc3602_5_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_6_esp(void) +static void test_in_ipv4_rfc3602_6_esp(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -792,7 +792,7 @@ static void test_in_rfc3602_6_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_7_esp(void) +static void test_in_ipv4_rfc3602_7_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -823,7 +823,7 @@ static void test_in_rfc3602_7_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_8_esp(void) +static void test_in_ipv4_rfc3602_8_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -854,7 +854,7 @@ static void test_in_rfc3602_8_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_2_esp(void) +static void test_in_ipv4_mcgrew_gcm_2_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -885,7 +885,7 @@ static void test_in_mcgrew_gcm_2_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_3_esp(void) +static void test_in_ipv4_mcgrew_gcm_3_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -916,7 +916,7 @@ static void test_in_mcgrew_gcm_3_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_4_esp(void) +static void test_in_ipv4_mcgrew_gcm_4_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -947,7 +947,7 @@ static void test_in_mcgrew_gcm_4_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_12_esp(void) +static void test_in_ipv4_mcgrew_gcm_12_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -978,7 +978,7 @@ static void test_in_mcgrew_gcm_12_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_15_esp(void) +static void test_in_ipv4_mcgrew_gcm_15_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -1009,7 +1009,7 @@ static void test_in_mcgrew_gcm_15_esp(void) ipsec_sa_destroy(sa); } -static void test_in_ah_aes_gmac_128(void) +static void test_in_ipv4_ah_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -1025,12 +1025,12 @@ static void test_in_ah_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_aes_gmac_128_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_aes_gmac_128_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -1039,7 +1039,7 @@ static void test_in_ah_aes_gmac_128(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_aes_gmac_128(void) +static void test_in_ipv4_esp_null_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -1055,12 +1055,12 @@ static void test_in_esp_null_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_aes_gmac_128_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -1078,71 +1078,71 @@ static void ipsec_test_capability(void) odp_testinfo_t ipsec_in_suite[] = { ODP_TEST_INFO(ipsec_test_capability), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_5_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_5_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_6_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_6_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_7_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_7_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_8_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_8_esp, ipsec_check_esp_aes_cbc_128_null), /* test 1, 5, 6, 8 -- 11 -- ESN */ /* test 7 -- invalid, plaintext packet includes trl into IP length */ - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_2_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_2_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_3_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_3_esp, ipsec_check_esp_aes_gcm_256), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_4_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_4_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_12_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_12_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_15_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_15_esp, ipsec_check_esp_null_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun_notun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4_notun, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_null, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_ctr_null, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_ctr_null, ipsec_check_esp_aes_ctr_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_lookup, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_lookup, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_noreplay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_replay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_noreplay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_noreplay, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_replay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_replay, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_esp_pkt, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_ah_pkt, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_esp_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_esp_pkt_lookup, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_ah_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_ah_pkt_lookup, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad1, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_bad1, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad2, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_bad2, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_bad1, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_bad1, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_aes_gmac_128, ipsec_check_ah_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 7d4ea4a73..757b90059 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -10,7 +10,7 @@ #include "test_vectors.h" -static void test_out_ah_sha256(void) +static void test_out_ipv4_ah_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -26,12 +26,12 @@ static void test_out_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, }, }; @@ -45,7 +45,7 @@ static void test_out_ah_sha256(void) (c << 8) | \ (d << 0)) -static void test_out_ah_sha256_tun(void) +static void test_out_ipv4_ah_sha256_tun_ipv4(void) { uint32_t src = IPV4ADDR(10, 0, 111, 2); uint32_t dst = IPV4ADDR(10, 0, 222, 2); @@ -69,12 +69,12 @@ static void test_out_ah_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_tun_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1 }, }, }; @@ -83,7 +83,7 @@ static void test_out_ah_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256_out(void) +static void test_out_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -99,12 +99,12 @@ static void test_out_esp_null_sha256_out(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_null_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, }, }; @@ -113,7 +113,7 @@ static void test_out_esp_null_sha256_out(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256_tun_out(void) +static void test_out_ipv4_esp_null_sha256_tun_ipv4(void) { uint32_t src = IPV4ADDR(10, 0, 111, 2); uint32_t dst = IPV4ADDR(10, 0, 222, 2); @@ -137,12 +137,13 @@ static void test_out_esp_null_sha256_tun_out(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_tun_null_sha256_1 }, + .pkt_out = + &pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1 }, }, }; @@ -151,49 +152,7 @@ static void test_out_esp_null_sha256_tun_out(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256(void) -{ - odp_ipsec_sa_param_t param; - odp_ipsec_sa_t sa; - odp_ipsec_sa_t sa2; - - ipsec_sa_param_fill(¶m, - false, false, 123, NULL, - ODP_CIPHER_ALG_NULL, NULL, - ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, - NULL); - - sa = odp_ipsec_sa_create(¶m); - - CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); - - ipsec_sa_param_fill(¶m, - true, false, 123, NULL, - ODP_CIPHER_ALG_NULL, NULL, - ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, - NULL); - - sa2 = odp_ipsec_sa_create(¶m); - - CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); - - ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, - .out_pkt = 1, - .out = { - { .status.warn.all = 0, - .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, - }, - }; - - ipsec_check_out_in_one(&test, sa, sa2); - - ipsec_sa_destroy(sa2); - ipsec_sa_destroy(sa); -} - -static void test_out_esp_aes_cbc_null(void) +static void test_out_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -220,12 +179,12 @@ static void test_out_esp_aes_cbc_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -235,7 +194,7 @@ static void test_out_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_cbc_sha256(void) +static void test_out_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -262,12 +221,12 @@ static void test_out_esp_aes_cbc_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -277,7 +236,7 @@ static void test_out_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_ctr_null(void) +static void test_out_ipv4_esp_aes_ctr_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -304,12 +263,12 @@ static void test_out_esp_aes_ctr_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -319,7 +278,7 @@ static void test_out_esp_aes_ctr_null(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_gcm128(void) +static void test_out_ipv4_esp_aes_gcm128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -346,12 +305,12 @@ static void test_out_esp_aes_gcm128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -361,7 +320,7 @@ static void test_out_esp_aes_gcm128(void) ipsec_sa_destroy(sa); } -static void test_out_ah_aes_gmac_128(void) +static void test_out_ipv4_ah_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -377,12 +336,12 @@ static void test_out_ah_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_aes_gmac_128_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_aes_gmac_128_1 }, }, }; @@ -391,7 +350,7 @@ static void test_out_ah_aes_gmac_128(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_aes_gmac_128(void) +static void test_out_ipv4_esp_null_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -407,12 +366,12 @@ static void test_out_esp_null_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_null_aes_gmac_128_1 }, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1 }, }, }; @@ -430,27 +389,25 @@ static void ipsec_test_capability(void) odp_testinfo_t ipsec_out_suite[] = { ODP_TEST_INFO(ipsec_test_capability), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_out, - ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_tun_out, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_null, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_ctr_null, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_ctr_null, ipsec_check_esp_aes_ctr_128_null), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_gcm128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_gcm128, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_aes_gmac_128, ipsec_check_ah_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 7fb7d5a84..51aa97ccb 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -49,7 +49,7 @@ KEY(key_mcgrew_gcm_15, 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda, 0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34); KEY(key_mcgrew_gcm_salt_15, 0x22, 0x43, 0x3c, 0x64); -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0 = { .len = 142, .l2_offset = 0, .l3_offset = 14, @@ -82,7 +82,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ipip = { .len = 162, .l2_offset = 0, .l3_offset = 14, @@ -120,7 +120,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -159,7 +159,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1 = { .len = 190, .l2_offset = 0, .l3_offset = 14, @@ -203,7 +204,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad1 = { .len = 168, .l2_offset = 0, .l3_offset = 14, @@ -242,7 +243,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad2 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -281,7 +282,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1235 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -325,7 +326,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -368,7 +369,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1 = { .len = 190, .l2_offset = 0, .l3_offset = 14, @@ -416,7 +418,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -459,7 +462,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_sha256_1235 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -502,7 +506,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_aes_cbc_null_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -542,7 +546,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_aes_cbc_sha256_1 = { .len = 186, .l2_offset = 0, .l3_offset = 14, @@ -586,7 +591,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_aes_ctr_null_1 = { .len = 162, .l2_offset = 0, .l3_offset = 14, @@ -625,7 +630,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_aes_gmac_128_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_aes_gmac_128_1 = { .len = 178, .l2_offset = 0, .l3_offset = 14, @@ -665,7 +670,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_aes_gmac_128_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_aes_gmac_128_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1 = { .len = 178, .l2_offset = 0, .l3_offset = 14, From patchwork Tue Dec 12 16:00:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121549 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4312909qgn; Tue, 12 Dec 2017 08:07:04 -0800 (PST) X-Google-Smtp-Source: ACJfBouCpL2Ql8sAENBBV8lpzpbiTdt5EPcRO75M6GK18EWU9YhkDPcl/TEHp5Fnjboj6KV2S8ds X-Received: by 10.36.16.206 with SMTP id 197mr164947ity.1.1513094824263; Tue, 12 Dec 2017 08:07:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513094824; cv=none; d=google.com; s=arc-20160816; b=hsckbuJpYQpttM9JjiNqR8DI8xrN699kTJMp5kJlcHK7Wwp7PMy4YIljBMnoRrQa1J Nn2pkqOYhV39EZQz4bQqyBDBjymu3rpk8YVFBE5KRl6pDpWnjZm2gA1d1Q+q1nVgQLSa DXfJd14OwlWZRu2moSX05pnnuJMhx6CfgxplnIoyqyV2YMYFf7pM/XhFV+3AyMZUnJ5T 5KXLw2GVfH+RpLzV5Hpq6mGl1q5QmqylV9YpJEdhtVWG13AP5pKUEpOx3xjs22l+exTM 7Z7MIe1Jp8FzZlzcbOPhSOvM5YicWxLaYNxnyGpSW5L8vC5jPCu/jLgpfhCWtWX26se7 8axg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=2Da/xV/pWc0p6Y8HJF7epF4qnoUDNIXJGIt8Hm3qbYI=; b=pobM5AUjmeysBXiiqb4Y9dq0ZDav+ztxIhqBc4rNYyg6MyzwXPl9M8SIx2MESmbbJM p47mcYeHEvflW6JHxQGLewXCD8MbUZkmWP0RbCPKjJLlv4nINXXp5kLIhxmWHEb9wskM N6OnCAMeKIPJ/6PDDpAIlqc/7OQWoy0dzGLx8gSLz1Z4txXpT1gG8YhLkLJ4dnUs72Xr vSQxDO0SVhtGHqB2Pg+PSdCQOj97tuTNIKVxr9++5pkrbEZgBKW+l0dQhDwSkMJ/wSBg ZdYRLKizn5khPgiepvh1BLE3dMj4REQ2uIizFPI5lirhNr1TU08dM+Hg6XTHOkcuJcZH t+iQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 68si2930322iov.125.2017.12.12.08.07.03; Tue, 12 Dec 2017 08:07:04 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id A8509609BF; Tue, 12 Dec 2017 16:07:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3DD47608FA; Tue, 12 Dec 2017 16:02:53 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6042E6083F; Tue, 12 Dec 2017 16:02:37 +0000 (UTC) Received: from forward104j.mail.yandex.net (forward104j.mail.yandex.net [5.45.198.247]) by lists.linaro.org (Postfix) with ESMTPS id E6BF36083F for ; Tue, 12 Dec 2017 16:00:27 +0000 (UTC) Received: from mxback14j.mail.yandex.net (mxback14j.mail.yandex.net [IPv6:2a02:6b8:0:1619::90]) by forward104j.mail.yandex.net (Yandex) with ESMTP id D1C7243411 for ; Tue, 12 Dec 2017 19:00:26 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback14j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id zUVrSDWxmn-0Ql0T8wO; Tue, 12 Dec 2017 19:00:26 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0PFCIq2f; Tue, 12 Dec 2017 19:00:25 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:09 +0300 Message-Id: <1513094423-671-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 2/16] linux-gen: modularize IPsec implementation X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov To ease adding IPv6/IPcomp/etc modularize IPsec implementation, refactoring out functions handling ESP/AH and header parsing/tunneling. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ platform/linux-generic/odp_ipsec.c | 1089 ++++++++++++++++++++---------------- 1 file changed, 597 insertions(+), 492 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 8735e6052..2b9de5771 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -123,8 +123,8 @@ static inline int _odp_ipv4_csum(odp_packet_t pkt, return 0; } -/** @internal Checksum offset in IPv4 header */ -#define _ODP_IPV4HDR_CSUM_OFFSET 10 +#define _ODP_IPV4HDR_CSUM_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, chksum) +#define _ODP_IPV4HDR_PROTO_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, proto) /** * Calculate and fill in IPv4 checksum @@ -158,7 +158,7 @@ static inline int _odp_ipv4_csum_update(odp_packet_t pkt) 2, &chksum); } -#define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL(ip->ver_ihl) * 4) +#define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL((ip)->ver_ihl) * 4) static inline void ipv4_adjust_len(_odp_ipv4hdr_t *ip, int adj) { @@ -218,200 +218,310 @@ static inline odp_pktio_parser_layer_t parse_layer(odp_ipsec_proto_layer_t l) return ODP_PKTIO_PARSER_LAYER_NONE; } -static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, - odp_ipsec_sa_t sa, - odp_packet_t *pkt_out, - odp_ipsec_op_status_t *status) -{ - ipsec_sa_t *ipsec_sa = NULL; - uint32_t ip_offset = odp_packet_l3_offset(pkt); - _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); - uint16_t ip_hdr_len = ipv4_hdr_len(ip); - odp_crypto_packet_op_param_t param; - int rc; +typedef struct { + _odp_ipv4hdr_t *ip; unsigned stats_length; - uint16_t ipsec_offset; /**< Offset of IPsec header from - buffer start */ - uint8_t iv[IPSEC_MAX_IV_LEN]; /**< ESP IV storage */ - ipsec_aad_t aad; /**< AAD, note ESN is not fully supported */ - unsigned hdr_len; /**< Length of IPsec headers */ - unsigned trl_len; /**< Length of IPsec trailers */ - uint8_t ip_tos; /**< Saved IP TOS value */ - uint8_t ip_ttl; /**< Saved IP TTL value */ - uint16_t ip_frag_offset; /**< Saved IP flags value */ - odp_crypto_packet_result_t crypto; /**< Crypto operation result */ - odp_packet_hdr_t *pkt_hdr; + uint16_t ip_offset; + uint16_t ip_hdr_len; + uint16_t ip_tot_len; + union { + struct { + uint16_t ip_df; + uint8_t ip_tos; + } out_tunnel; + struct { + uint16_t hdr_len; + uint16_t trl_len; + } in; + }; + union { + struct { + uint8_t tos; + uint8_t ttl; + uint16_t frag_offset; + } ah_ipv4; + }; + ipsec_aad_t aad; + uint8_t iv[IPSEC_MAX_IV_LEN]; +} ipsec_state_t; + +static int ipsec_parse_ipv4(ipsec_state_t *state) +{ + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(state->ip->frag_offset))) + return -1; - ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); - ODP_ASSERT(NULL != ip); + state->ip_hdr_len = ipv4_hdr_len(state->ip); + state->ip_tot_len = odp_be_to_cpu_16(state->ip->tot_len); - ip_tos = 0; - ip_ttl = 0; - ip_frag_offset = 0; + return 0; +} - /* Initialize parameters block */ - memset(¶m, 0, sizeof(param)); +static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, + odp_ipsec_protocol_t proto, + uint32_t spi, + void *dst_addr, + odp_ipsec_op_status_t *status) +{ + ipsec_sa_t *ipsec_sa; + + if (ODP_IPSEC_SA_INVALID == sa) { + ipsec_sa_lookup_t lookup; + + lookup.proto = proto; + lookup.spi = spi; + lookup.dst_addr = dst_addr; + + ipsec_sa = _odp_ipsec_sa_lookup(&lookup); + if (NULL == ipsec_sa) { + status->error.sa_lookup = 1; + return NULL; + } + } else { + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); + if (ipsec_sa->proto != proto || + ipsec_sa->spi != spi) { + status->error.proto = 1; + return ipsec_sa; + } + } + + return ipsec_sa; +} - ipsec_offset = ip_offset + ip_hdr_len; +static int ipsec_in_iv(odp_packet_t pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + uint16_t iv_offset) +{ + memcpy(state->iv, ipsec_sa->salt, ipsec_sa->salt_length); + if (odp_packet_copy_to_mem(pkt, + iv_offset, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length) < 0) + return -1; - if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + if (ipsec_sa->aes_ctr_iv) { + state->iv[12] = 0; + state->iv[13] = 0; + state->iv[14] = 0; + state->iv[15] = 1; + } + + return 0; +} + +static int ipsec_in_esp(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t **_ipsec_sa, + odp_ipsec_sa_t sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_esphdr_t esp; + uint16_t ipsec_offset; + ipsec_sa_t *ipsec_sa; + + ipsec_offset = state->ip_offset + state->ip_hdr_len; + + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, + sizeof(esp), &esp) < 0) { status->error.alg = 1; - goto err; + return -1; } - if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { - status->error.proto = 1; - goto err; + ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_ESP, + odp_be_to_cpu_32(esp.spi), + &state->ip->dst_addr, status); + *_ipsec_sa = ipsec_sa; + if (status->error.all) + return -1; + + if (ipsec_in_iv(*pkt, state, ipsec_sa, + ipsec_offset + _ODP_ESPHDR_LEN) < 0) { + status->error.alg = 1; + return -1; } - /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == ip->proto) { - _odp_esphdr_t esp; + state->in.hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; + state->in.trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(esp), &esp) < 0) { - status->error.alg = 1; - goto err; - } + param->cipher_range.offset = ipsec_offset + state->in.hdr_len; + param->cipher_range.length = state->ip_tot_len - + state->ip_hdr_len - + state->in.hdr_len - + ipsec_sa->icv_len; + param->override_iv_ptr = state->iv; - if (ODP_IPSEC_SA_INVALID == sa) { - ipsec_sa_lookup_t lookup; + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; - lookup.proto = ODP_IPSEC_ESP; - lookup.spi = odp_be_to_cpu_32(esp.spi); - lookup.dst_addr = &ip->dst_addr; + param->aad.ptr = (uint8_t *)&state->aad; - ipsec_sa = _odp_ipsec_sa_lookup(&lookup); - if (NULL == ipsec_sa) { - status->error.sa_lookup = 1; - goto err; - } - } else { - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); - if (ipsec_sa->proto != ODP_IPSEC_ESP || - ipsec_sa->spi != odp_be_to_cpu_32(esp.spi)) { - status->error.proto = 1; - goto err; - } - } + param->auth_range.offset = ipsec_offset; + param->auth_range.length = state->ip_tot_len - + state->ip_hdr_len - + ipsec_sa->icv_len; + param->hash_result_offset = state->ip_offset + + state->ip_tot_len - + ipsec_sa->icv_len; - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - if (odp_packet_copy_to_mem(pkt, - ipsec_offset + _ODP_ESPHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length) < 0) { - status->error.alg = 1; - goto err; - } + state->stats_length = param->cipher_range.length; - if (ipsec_sa->aes_ctr_iv) { - iv[12] = 0; - iv[13] = 0; - iv[14] = 0; - iv[15] = 1; - } + return 0; +} - hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; - trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; +static int ipsec_in_esp_post(odp_packet_t pkt, + ipsec_state_t *state) +{ + _odp_esptrl_t esptrl; + uint32_t esptrl_offset = state->ip_offset + + state->ip_tot_len - + state->in.trl_len; + + if (odp_packet_copy_to_mem(pkt, esptrl_offset, + sizeof(esptrl), &esptrl) < 0 || + state->ip_offset + esptrl.pad_len > esptrl_offset || + _odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, + ipsec_padding, esptrl.pad_len) != 0) + return -1; - param.cipher_range.offset = ipsec_offset + hdr_len; - param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - hdr_len - - ipsec_sa->icv_len; - param.override_iv_ptr = iv; + state->ip->proto = esptrl.next_header; + state->in.trl_len += esptrl.pad_len; - aad.spi = esp.spi; - aad.seq_no = esp.seq_no; + return 0; +} - param.aad.ptr = (uint8_t *)&aad; +static int ipsec_in_ah(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t **_ipsec_sa, + odp_ipsec_sa_t sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_ahhdr_t ah; + uint16_t ipsec_offset; + ipsec_sa_t *ipsec_sa; - param.auth_range.offset = ipsec_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - ipsec_sa->icv_len; - param.hash_result_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - ipsec_sa->icv_len; + ipsec_offset = state->ip_offset + state->ip_hdr_len; - stats_length = param.cipher_range.length; - } else if (_ODP_IPPROTO_AH == ip->proto) { - _odp_ahhdr_t ah; + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, + sizeof(ah), &ah) < 0) { + status->error.alg = 1; + return -1; + } - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(ah), &ah) < 0) { - status->error.alg = 1; - goto err; - } + ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_AH, + odp_be_to_cpu_32(ah.spi), + &state->ip->dst_addr, status); + *_ipsec_sa = ipsec_sa; + if (status->error.all) + return -1; - if (ODP_IPSEC_SA_INVALID == sa) { - ipsec_sa_lookup_t lookup; + if (ipsec_in_iv(*pkt, state, ipsec_sa, + ipsec_offset + _ODP_AHHDR_LEN) < 0) { + status->error.alg = 1; + return -1; + } - lookup.proto = ODP_IPSEC_AH; - lookup.spi = odp_be_to_cpu_32(ah.spi); - lookup.dst_addr = &ip->dst_addr; + param->override_iv_ptr = state->iv; - ipsec_sa = _odp_ipsec_sa_lookup(&lookup); - if (NULL == ipsec_sa) { - status->error.sa_lookup = 1; - goto err; - } - } else { - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); - if (ipsec_sa->proto != ODP_IPSEC_AH || - ipsec_sa->spi != odp_be_to_cpu_32(ah.spi)) { - status->error.proto = 1; - goto err; - } - } + state->in.hdr_len = (ah.ah_len + 2) * 4; + state->in.trl_len = 0; - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - if (odp_packet_copy_to_mem(pkt, - ipsec_offset + _ODP_AHHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length) < 0) { - status->error.alg = 1; - goto err; - } - param.override_iv_ptr = iv; + /* Save everything to context */ + state->ah_ipv4.tos = state->ip->tos; + state->ah_ipv4.frag_offset = state->ip->frag_offset; + state->ah_ipv4.ttl = state->ip->ttl; + + /* FIXME: zero copy of header, passing it to crypto! */ + /* + * If authenticating, zero the mutable fields build the request + */ + state->ip->chksum = 0; + state->ip->tos = 0; + state->ip->frag_offset = 0; + state->ip->ttl = 0; - hdr_len = (ah.ah_len + 2) * 4; - trl_len = 0; + state->aad.spi = ah.spi; + state->aad.seq_no = ah.seq_no; - /* Save everything to context */ - ip_tos = ip->tos; - ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); - ip_ttl = ip->ttl; + param->aad.ptr = (uint8_t *)&state->aad; - /* FIXME: zero copy of header, passing it to crypto! */ - /* - * If authenticating, zero the mutable fields build the request - */ - ip->chksum = 0; - ip->tos = 0; - ip->frag_offset = 0; - ip->ttl = 0; + param->auth_range.offset = state->ip_offset; + param->auth_range.length = state->ip_tot_len; + param->hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len; - aad.spi = ah.spi; - aad.seq_no = ah.seq_no; + state->stats_length = param->auth_range.length; - param.aad.ptr = (uint8_t *)&aad; + return 0; +} + +static int ipsec_in_ah_post(odp_packet_t pkt, + ipsec_state_t *state) +{ + _odp_ahhdr_t ah; + uint16_t ipsec_offset; - param.auth_range.offset = ip_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); - param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len; + ipsec_offset = state->ip_offset + state->ip_hdr_len; - stats_length = param.auth_range.length; + if (odp_packet_copy_to_mem(pkt, ipsec_offset, + sizeof(ah), &ah) < 0) + return -1; + + state->ip->proto = ah.next_header; + + /* Restore mutable fields */ + state->ip->ttl = state->ah_ipv4.ttl; + state->ip->tos = state->ah_ipv4.tos; + state->ip->frag_offset = state->ah_ipv4.frag_offset; + + return 0; +} + +static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, + odp_ipsec_sa_t sa, + odp_packet_t *pkt_out, + odp_ipsec_op_status_t *status) +{ + ipsec_state_t state; + ipsec_sa_t *ipsec_sa = NULL; + odp_crypto_packet_op_param_t param; + int rc; + odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; + + state.ip_offset = odp_packet_l3_offset(pkt); + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); + + state.ip = odp_packet_l3_ptr(pkt, NULL); + ODP_ASSERT(NULL != state.ip); + + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); + + rc = ipsec_parse_ipv4(&state); + if (rc < 0 || + state.ip_tot_len + state.ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + + /* Check IP header for IPSec protocols and look it up */ + if (_ODP_IPPROTO_ESP == state.ip->proto) { + rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); + } else if (_ODP_IPPROTO_AH == state.ip->proto) { + rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else { status->error.proto = 1; goto err; } + if (rc < 0) + goto err; if (_odp_ipsec_sa_replay_precheck(ipsec_sa, - odp_be_to_cpu_32(aad.seq_no), + odp_be_to_cpu_32(state.aad.seq_no), status) < 0) goto err; @@ -450,70 +560,30 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; } - if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + if (_odp_ipsec_sa_stats_update(ipsec_sa, + state.stats_length, + status) < 0) goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, - odp_be_to_cpu_32(aad.seq_no), + odp_be_to_cpu_32(state.aad.seq_no), status) < 0) goto err; - ip_offset = odp_packet_l3_offset(pkt); - ip = odp_packet_l3_ptr(pkt, NULL); - ip_hdr_len = ipv4_hdr_len(ip); - - if (_ODP_IPPROTO_ESP == ip->proto) { - /* - * Finish cipher by finding ESP trailer and processing - */ - _odp_esptrl_t esptrl; - uint32_t esptrl_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - trl_len; - - if (odp_packet_copy_to_mem(pkt, esptrl_offset, - sizeof(esptrl), &esptrl) < 0) { - status->error.proto = 1; - goto err; - } - - if (ip_offset + esptrl.pad_len > esptrl_offset) { - status->error.proto = 1; - goto err; - } - - if (_odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, - ipsec_padding, esptrl.pad_len) != 0) { - status->error.proto = 1; - goto err; - } + state.ip = odp_packet_l3_ptr(pkt, NULL); - ip->proto = esptrl.next_header; - trl_len += esptrl.pad_len; - } else if (_ODP_IPPROTO_AH == ip->proto) { - /* - * Finish auth - */ - _odp_ahhdr_t ah; - - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(ah), &ah) < 0) { - status->error.alg = 1; - goto err; - } - - ip->proto = ah.next_header; - - /* Restore mutable fields */ - ip->ttl = ip_ttl; - ip->tos = ip_tos; - ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); - } else { + if (ODP_IPSEC_ESP == ipsec_sa->proto) + rc = ipsec_in_esp_post(pkt, &state); + else if (ODP_IPSEC_AH == ipsec_sa->proto) + rc = ipsec_in_ah_post(pkt, &state); + else + rc = -1; + if (rc < 0) { status->error.proto = 1; goto err; } - if (odp_packet_trunc_tail(&pkt, trl_len, NULL, NULL) < 0) { + if (odp_packet_trunc_tail(&pkt, state.in.trl_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } @@ -521,32 +591,36 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { /* We have a tunneled IPv4 packet, strip outer and IPsec * headers */ - odp_packet_move_data(pkt, ip_hdr_len + hdr_len, 0, - ip_offset); - if (odp_packet_trunc_head(&pkt, ip_hdr_len + hdr_len, + odp_packet_move_data(pkt, state.ip_hdr_len + state.in.hdr_len, + 0, + state.ip_offset); + if (odp_packet_trunc_head(&pkt, state.ip_hdr_len + + state.in.hdr_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } + + if (odp_packet_len(pkt) > sizeof(*state.ip)) { + state.ip = odp_packet_l3_ptr(pkt, NULL); + state.ip->ttl -= ipsec_sa->dec_ttl; + _odp_ipv4_csum_update(pkt); + } } else { - odp_packet_move_data(pkt, hdr_len, 0, - ip_offset + ip_hdr_len); - if (odp_packet_trunc_head(&pkt, hdr_len, + odp_packet_move_data(pkt, state.in.hdr_len, 0, + state.ip_offset + state.ip_hdr_len); + if (odp_packet_trunc_head(&pkt, state.in.hdr_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } - } - - /* Finalize the IPv4 header */ - if (odp_packet_len(pkt) > sizeof(*ip)) { - ip = odp_packet_l3_ptr(pkt, NULL); - - if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) - ipv4_adjust_len(ip, -(hdr_len + trl_len)); - ip->ttl -= ipsec_sa->dec_ttl; - _odp_ipv4_csum_update(pkt); + if (odp_packet_len(pkt) > sizeof(*state.ip)) { + state.ip = odp_packet_l3_ptr(pkt, NULL); + ipv4_adjust_len(state.ip, + -(state.in.hdr_len + state.in.trl_len)); + _odp_ipv4_csum_update(pkt); + } } pkt_hdr = odp_packet_hdr(pkt); @@ -554,7 +628,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, packet_parse_reset(pkt_hdr); packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - ip_offset, _ODP_ETHTYPE_IPV4); + state.ip_offset, _ODP_ETHTYPE_IPV4); *pkt_out = pkt; @@ -577,317 +651,353 @@ uint32_t ipsec_seq_no(ipsec_sa_t *ipsec_sa) } /* Helper for calculating encode length using data length and block size */ -#define ESP_ENCODE_LEN(x, b) ((((x) + ((b) - 1)) / (b)) * (b)) +#define IPSEC_PAD_LEN(x, b) ((((x) + ((b) - 1)) / (b)) * (b)) -static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, - odp_ipsec_sa_t sa, - odp_packet_t *pkt_out, - const odp_ipsec_out_opt_t *opt ODP_UNUSED, - odp_ipsec_op_status_t *status) +static int ipsec_out_tunnel_parse_ipv4(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) { - ipsec_sa_t *ipsec_sa = NULL; - uint32_t ip_offset = odp_packet_l3_offset(pkt); - _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); - uint16_t ip_hdr_len = ipv4_hdr_len(ip); - odp_crypto_packet_op_param_t param; - unsigned stats_length; - int rc; - uint16_t ipsec_offset; /**< Offset of IPsec header from - buffer start */ - uint8_t iv[IPSEC_MAX_IV_LEN]; /**< ESP IV storage */ - ipsec_aad_t aad; /**< AAD, note ESN is not fully supported */ - unsigned hdr_len; /**< Length of IPsec headers */ - unsigned trl_len; /**< Length of IPsec trailers */ - uint8_t ip_tos; /**< Saved IP TOS value */ - uint8_t ip_ttl; /**< Saved IP TTL value */ - uint16_t ip_frag_offset; /**< Saved IP flags value */ - odp_crypto_packet_result_t crypto; /**< Crypto operation result */ - odp_packet_hdr_t *pkt_hdr; + _odp_ipv4hdr_t *ipv4hdr = state->ip; + uint16_t flags = odp_be_to_cpu_16(ipv4hdr->frag_offset); - ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); - ODP_ASSERT(NULL != ip); + ipv4hdr->ttl -= ipsec_sa->dec_ttl; + state->out_tunnel.ip_tos = ipv4hdr->tos; + state->out_tunnel.ip_df = _ODP_IPV4HDR_FLAGS_DONT_FRAG(flags); - ip_tos = 0; - ip_ttl = 0; - ip_frag_offset = 0; + return 0; +} - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); +static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv4hdr_t out_ip; + uint16_t flags; + + out_ip.ver_ihl = 0x45; + if (ipsec_sa->copy_dscp) + out_ip.tos = state->out_tunnel.ip_tos; + else + out_ip.tos = (state->out_tunnel.ip_tos & + ~_ODP_IP_TOS_DSCP_MASK) | + (ipsec_sa->out.tun_dscp << + _ODP_IP_TOS_DSCP_SHIFT); + state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; + state->ip_tot_len += _ODP_IPV4HDR_LEN; + + out_ip.tot_len = odp_cpu_to_be_16(state->ip_tot_len); + /* No need to convert to BE: ID just should not be duplicated */ + out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, + 1); + if (ipsec_sa->copy_df) + flags = state->out_tunnel.ip_df; + else + flags = ((uint16_t)ipsec_sa->out.tun_df) << 14; + out_ip.frag_offset = odp_cpu_to_be_16(flags); + out_ip.ttl = ipsec_sa->out.tun_ttl; + out_ip.proto = _ODP_IPPROTO_IPIP; + /* Will be filled later by packet checksum update */ + out_ip.chksum = 0; + out_ip.src_addr = ipsec_sa->out.tun_src_ip; + out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; + + if (odp_packet_extend_head(pkt, _ODP_IPV4HDR_LEN, + NULL, NULL) < 0) + return -1; - /* Initialize parameters block */ - memset(¶m, 0, sizeof(param)); + odp_packet_move_data(*pkt, 0, _ODP_IPV4HDR_LEN, state->ip_offset); - if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode && - _ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { - status->error.alg = 1; - goto err; - } + odp_packet_copy_from_mem(*pkt, state->ip_offset, + _ODP_IPV4HDR_LEN, &out_ip); - if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { - status->error.alg = 1; - goto err; - } + odp_packet_l4_offset_set(*pkt, state->ip_offset + _ODP_IPV4HDR_LEN); - if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { - _odp_ipv4hdr_t out_ip; - uint16_t tot_len; + state->ip = odp_packet_l3_ptr(*pkt, NULL); + state->ip_hdr_len = _ODP_IPV4HDR_LEN; - ip->ttl -= ipsec_sa->dec_ttl; + return 0; +} - out_ip.ver_ihl = 0x45; - if (ipsec_sa->copy_dscp) - out_ip.tos = ip->tos; - else - out_ip.tos = (ip->tos & ~_ODP_IP_TOS_DSCP_MASK) | - (ipsec_sa->out.tun_dscp << - _ODP_IP_TOS_DSCP_SHIFT); - tot_len = odp_be_to_cpu_16(ip->tot_len) + _ODP_IPV4HDR_LEN; - out_ip.tot_len = odp_cpu_to_be_16(tot_len); - /* No need to convert to BE: ID just should not be duplicated */ - out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, - 1); - if (ipsec_sa->copy_df) - out_ip.frag_offset = ip->frag_offset & 0x4000; - else - out_ip.frag_offset = - ((uint16_t)ipsec_sa->out.tun_df) << 14; - out_ip.ttl = ipsec_sa->out.tun_ttl; - out_ip.proto = _ODP_IPV4; - /* Will be filled later by packet checksum update */ - out_ip.chksum = 0; - out_ip.src_addr = ipsec_sa->out.tun_src_ip; - out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; - - if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, - NULL, NULL) < 0) { - status->error.alg = 1; - goto err; +static int ipsec_out_iv(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + return -1; + + memcpy(state->iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(state->iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + if (ipsec_sa->aes_ctr_iv) { + state->iv[12] = 0; + state->iv[13] = 0; + state->iv[14] = 0; + state->iv[15] = 1; } + } else if (ipsec_sa->esp_iv_len) { + uint32_t len; - odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); + len = odp_random_data(state->iv, ipsec_sa->esp_iv_len, + ODP_RANDOM_CRYPTO); - odp_packet_copy_from_mem(pkt, ip_offset, - _ODP_IPV4HDR_LEN, &out_ip); + if (len != ipsec_sa->esp_iv_len) + return -1; + } - odp_packet_l4_offset_set(pkt, ip_offset + _ODP_IPV4HDR_LEN); + return 0; +} - ip = odp_packet_l3_ptr(pkt, NULL); - ip_hdr_len = _ODP_IPV4HDR_LEN; +static int ipsec_out_esp(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_esphdr_t esp; + _odp_esptrl_t esptrl; + uint32_t encrypt_len; + uint16_t ip_data_len = state->ip_tot_len - + state->ip_hdr_len; + uint32_t pad_block = ipsec_sa->esp_block_len; + uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; + unsigned hdr_len; + unsigned trl_len; + + /* ESP trailer should be 32-bit right aligned */ + if (pad_block < 4) + pad_block = 4; + + encrypt_len = IPSEC_PAD_LEN(ip_data_len + _ODP_ESPTRL_LEN, + pad_block); + + hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; + trl_len = encrypt_len - + ip_data_len + + ipsec_sa->icv_len; + + if (ipsec_out_iv(state, ipsec_sa) < 0) { + status->error.alg = 1; + return -1; } - ipsec_offset = ip_offset + ip_hdr_len; + param->override_iv_ptr = state->iv; - if (ipsec_sa->proto == ODP_IPSEC_ESP) { - _odp_esphdr_t esp; - _odp_esptrl_t esptrl; - uint32_t encrypt_len; - uint16_t ip_data_len = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len; - uint32_t pad_block = ipsec_sa->esp_block_len; + if (odp_packet_extend_tail(pkt, trl_len, NULL, NULL) < 0 || + odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } - /* ESP trailer should be 32-bit right aligned */ - if (pad_block < 4) - pad_block = 4; + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); + + state->ip = odp_packet_l3_ptr(*pkt, NULL); + + /* Set IPv4 length before authentication */ + ipv4_adjust_len(state->ip, hdr_len + trl_len); + state->ip_tot_len += hdr_len + trl_len; + + uint32_t esptrl_offset = state->ip_offset + + state->ip_hdr_len + + hdr_len + + encrypt_len - + _ODP_ESPTRL_LEN; + + memset(&esp, 0, sizeof(esp)); + esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); + esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; + + param->aad.ptr = (uint8_t *)&state->aad; + + memset(&esptrl, 0, sizeof(esptrl)); + esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; + esptrl.next_header = state->ip->proto; + state->ip->proto = _ODP_IPPROTO_ESP; + + odp_packet_copy_from_mem(*pkt, + ipsec_offset, _ODP_ESPHDR_LEN, + &esp); + odp_packet_copy_from_mem(*pkt, + ipsec_offset + _ODP_ESPHDR_LEN, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length); + odp_packet_copy_from_mem(*pkt, + esptrl_offset - esptrl.pad_len, + esptrl.pad_len, ipsec_padding); + odp_packet_copy_from_mem(*pkt, + esptrl_offset, _ODP_ESPTRL_LEN, + &esptrl); + + param->cipher_range.offset = ipsec_offset + hdr_len; + param->cipher_range.length = state->ip_tot_len - + state->ip_hdr_len - + hdr_len - + ipsec_sa->icv_len; + + param->auth_range.offset = ipsec_offset; + param->auth_range.length = state->ip_tot_len - + state->ip_hdr_len - + ipsec_sa->icv_len; + param->hash_result_offset = state->ip_offset + + state->ip_tot_len - + ipsec_sa->icv_len; + + state->stats_length = param->cipher_range.length; - encrypt_len = ESP_ENCODE_LEN(ip_data_len + _ODP_ESPTRL_LEN, - pad_block); + return 0; +} - hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; - trl_len = encrypt_len - - ip_data_len + - ipsec_sa->icv_len; +static int ipsec_out_ah(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_ahhdr_t ah; + unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + + ipsec_sa->icv_len; + uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; - if (ipsec_sa->use_counter_iv) { - uint64_t ctr; + /* Save IPv4 stuff */ + state->ah_ipv4.tos = state->ip->tos; + state->ah_ipv4.frag_offset = state->ip->frag_offset; + state->ah_ipv4.ttl = state->ip->ttl; - /* Both GCM and CTR use 8-bit counters */ - ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } - ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, - 1); - /* Check for overrun */ - if (ctr == 0) - goto err; + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - memcpy(iv + ipsec_sa->salt_length, &ctr, - ipsec_sa->esp_iv_len); + state->ip = odp_packet_l3_ptr(*pkt, NULL); - if (ipsec_sa->aes_ctr_iv) { - iv[12] = 0; - iv[13] = 0; - iv[14] = 0; - iv[15] = 1; - } - } else if (ipsec_sa->esp_iv_len) { - uint32_t len; + /* Set IPv4 length before authentication */ + ipv4_adjust_len(state->ip, hdr_len); + state->ip_tot_len += hdr_len; - len = odp_random_data(iv, ipsec_sa->esp_iv_len, - ODP_RANDOM_CRYPTO); + memset(&ah, 0, sizeof(ah)); + ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); + ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; + ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + ah.next_header = state->ip->proto; + state->ip->proto = _ODP_IPPROTO_AH; - if (len != ipsec_sa->esp_iv_len) { - status->error.alg = 1; - goto err; - } - } + state->aad.spi = ah.spi; + state->aad.seq_no = ah.seq_no; - param.override_iv_ptr = iv; + param->aad.ptr = (uint8_t *)&state->aad; - if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + /* For GMAC */ + if (ipsec_out_iv(state, ipsec_sa) < 0) { + status->error.alg = 1; + return -1; + } - if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + param->override_iv_ptr = state->iv; - odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); - - ip = odp_packet_l3_ptr(pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(ip, hdr_len + trl_len); - - uint32_t esptrl_offset = ip_offset + - ip_hdr_len + - hdr_len + - encrypt_len - - _ODP_ESPTRL_LEN; - - memset(&esp, 0, sizeof(esp)); - esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); - esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - - aad.spi = esp.spi; - aad.seq_no = esp.seq_no; - - param.aad.ptr = (uint8_t *)&aad; - - memset(&esptrl, 0, sizeof(esptrl)); - esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; - esptrl.next_header = ip->proto; - ip->proto = _ODP_IPPROTO_ESP; - - odp_packet_copy_from_mem(pkt, - ipsec_offset, _ODP_ESPHDR_LEN, - &esp); - odp_packet_copy_from_mem(pkt, - ipsec_offset + _ODP_ESPHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length); - odp_packet_copy_from_mem(pkt, - esptrl_offset - esptrl.pad_len, - esptrl.pad_len, ipsec_padding); - odp_packet_copy_from_mem(pkt, - esptrl_offset, _ODP_ESPTRL_LEN, - &esptrl); - - param.cipher_range.offset = ipsec_offset + hdr_len; - param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - hdr_len - - ipsec_sa->icv_len; - - param.auth_range.offset = ipsec_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - ipsec_sa->icv_len; - param.hash_result_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - ipsec_sa->icv_len; - - stats_length = param.cipher_range.length; - } else if (ipsec_sa->proto == ODP_IPSEC_AH) { - _odp_ahhdr_t ah; - - hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + - ipsec_sa->icv_len; - trl_len = 0; - - /* Save IPv4 stuff */ - ip_tos = ip->tos; - ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); - ip_ttl = ip->ttl; - - if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + odp_packet_copy_from_mem(*pkt, + ipsec_offset, _ODP_AHHDR_LEN, + &ah); + odp_packet_copy_from_mem(*pkt, + ipsec_offset + _ODP_AHHDR_LEN, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length); + _odp_packet_set_data(*pkt, + ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len, + 0, ipsec_sa->icv_len); - if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + state->ip->chksum = 0; + state->ip->tos = 0; + state->ip->frag_offset = 0; + state->ip->ttl = 0; - odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); + param->auth_range.offset = state->ip_offset; + param->auth_range.length = state->ip_tot_len; + param->hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len; - ip = odp_packet_l3_ptr(pkt, NULL); + state->stats_length = param->auth_range.length; - /* Set IPv4 length before authentication */ - ipv4_adjust_len(ip, hdr_len + trl_len); + return 0; +} - memset(&ah, 0, sizeof(ah)); - ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); - ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; - ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - ah.next_header = ip->proto; - ip->proto = _ODP_IPPROTO_AH; +static void ipsec_out_ah_post(ipsec_state_t *state) +{ + state->ip->ttl = state->ah_ipv4.ttl; + state->ip->tos = state->ah_ipv4.tos; + state->ip->frag_offset = state->ah_ipv4.frag_offset; +} - aad.spi = ah.spi; - aad.seq_no = ah.seq_no; +static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, + odp_ipsec_sa_t sa, + odp_packet_t *pkt_out, + const odp_ipsec_out_opt_t *opt ODP_UNUSED, + odp_ipsec_op_status_t *status) +{ + ipsec_state_t state; + ipsec_sa_t *ipsec_sa; + odp_crypto_packet_op_param_t param; + int rc; + odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; - param.aad.ptr = (uint8_t *)&aad; + state.ip_offset = odp_packet_l3_offset(pkt); + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); - /* For GMAC */ - if (ipsec_sa->use_counter_iv) { - uint64_t ctr; + state.ip = odp_packet_l3_ptr(pkt, NULL); + ODP_ASSERT(NULL != state.ip); - ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); - ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, - 1); - /* Check for overrun */ - if (ctr == 0) - goto err; + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - memcpy(iv + ipsec_sa->salt_length, &ctr, - ipsec_sa->esp_iv_len); - param.override_iv_ptr = iv; + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) { + rc = ipsec_parse_ipv4(&state); + if (state.ip_tot_len + state.ip_offset != odp_packet_len(pkt)) + rc = -1; + } else { + rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + if (rc < 0) { + status->error.alg = 1; + goto err; } - odp_packet_copy_from_mem(pkt, - ipsec_offset, _ODP_AHHDR_LEN, - &ah); - odp_packet_copy_from_mem(pkt, - ipsec_offset + _ODP_AHHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length); - _odp_packet_set_data(pkt, - ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len, - 0, ipsec_sa->icv_len); - - ip->chksum = 0; - ip->tos = 0; - ip->frag_offset = 0; - ip->ttl = 0; - - param.auth_range.offset = ip_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); - param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len; - - stats_length = param.auth_range.length; + rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + } + if (rc < 0) { + status->error.alg = 1; + goto err; + } + + if (ODP_IPSEC_ESP == ipsec_sa->proto) { + rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status); + } else if (ODP_IPSEC_AH == ipsec_sa->proto) { + rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status); } else { status->error.alg = 1; goto err; } + if (rc < 0) + goto err; /* No need to run precheck here, we know that packet is authentic */ - if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + if (_odp_ipsec_sa_stats_update(ipsec_sa, + state.stats_length, + status) < 0) goto err; param.session = ipsec_sa->session; @@ -922,14 +1032,9 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto err; } - ip = odp_packet_l3_ptr(pkt, NULL); - /* Finalize the IPv4 header */ - if (ip->proto == _ODP_IPPROTO_AH) { - ip->ttl = ip_ttl; - ip->tos = ip_tos; - ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); - } + if (ODP_IPSEC_AH == ipsec_sa->proto) + ipsec_out_ah_post(&state); _odp_ipv4_csum_update(pkt); From patchwork Tue Dec 12 16:00:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121550 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4315979qgn; Tue, 12 Dec 2017 08:09:29 -0800 (PST) X-Google-Smtp-Source: ACJfBosz8PNPf73rZ80dUIJJPnzB6CIhtX99nYeCTzLKQQPQQkMsUt5PWrrGui0tuMg/8JYoSwvh X-Received: by 10.55.15.208 with SMTP id 77mr5765949qkp.193.1513094968971; Tue, 12 Dec 2017 08:09:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513094968; cv=none; d=google.com; s=arc-20160816; b=k4fuNcEEomEol6CAG3SelGALKEL4gUdMAw9NANsAq3sgwTnYyCEn5w6pvbNNsv3BYC vTOwt6+7Q7EZbnVAS6sC5C99yUCeyaMA1DFoWHtl4jux+T4Z67Tc0aMXXPwGY9KLGzFz 5loZhyELFDNWh5QDSS1kqh5N0B7siNV1RKAon7wJK3DC26HAmS3JuWp8aAfsMPglQ9y+ qXmc8e+fYTvmXZWyXRxWs//AmRXkeeb0rbiXZk4LMlz5UWakfsm4q1w80E1Kape5jQTs 33/XWwoKGxY6SZyE1MjkjaBdbEcWX7sk/svwQwOTNhkWq88egUk8FgirkyQEGDtsY6mX bduA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=8BOpnTaHXGAyPKeYIEB25no0TcG5Ty98CItRyEsRl8s=; b=hg6C1JqrGNbHdKoLlV5w9c5xYrQDWeKka+LAH1apv3RawhFig55h0GlqNODqf8bhDl U6LqrB5CAKkIGCavBQXmKDQgiTJBKRcTIM2JwJ1jlJGGK+JdTg0IEQeXiDu0xdEAJfZk WrRWRT2FwAVT6zBpR5R5NzaU+VydDbj9w+Dt8b2J2rsrFVLoOlR2h3GkTdRyQpvIEj6F DfLWI49pNvGZ04+hxg1j5Hu1mLWX//H8q/N86M0Wi4j/nxy1qFSABOrhZwTh7HH+en3/ vko37oDp/OKBsBdyurg9+rshyvdEJdsFCMrwnFr59hV7UJIcWI/R5dlANreIRTwys7N/ /X8g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id v68si1613904qkc.41.2017.12.12.08.09.28; Tue, 12 Dec 2017 08:09:28 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 85F9E607C5; Tue, 12 Dec 2017 16:09:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 8AFD5608FD; Tue, 12 Dec 2017 16:02:56 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 4CB376091B; Tue, 12 Dec 2017 16:02:45 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id 861AB60841 for ; Tue, 12 Dec 2017 16:00:28 +0000 (UTC) Received: from mxback13g.mail.yandex.net (mxback13g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:92]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 77BF46A848AE for ; Tue, 12 Dec 2017 19:00:27 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback13g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id sLgg66YsXq-0RV0Th39; Tue, 12 Dec 2017 19:00:27 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0QFCA6Os; Tue, 12 Dec 2017 19:00:26 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:10 +0300 Message-Id: <1513094423-671-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 3/16] validation: ipsec: fix next_header field in mcgrew gcm test vectors X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Test vectors from draft-mcgrew-gcm-test-01 contain invalid next_header field in ESP trailers (0x01 = ICMP instead of 0x04 = IPv4). Correct test vectors. Test 12 is disabled till NoNH packets are properly supported in a defined way. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ test/validation/api/ipsec/ipsec_test_in.c | 4 ++++ test/validation/api/ipsec/test_vectors.h | 30 +++++++++++++++--------------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index daafaf69a..5af98112a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -947,6 +947,7 @@ static void test_in_ipv4_mcgrew_gcm_4_esp(void) ipsec_sa_destroy(sa); } +#if 0 static void test_in_ipv4_mcgrew_gcm_12_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; @@ -977,6 +978,7 @@ static void test_in_ipv4_mcgrew_gcm_12_esp(void) ipsec_sa_destroy(sa); } +#endif static void test_in_ipv4_mcgrew_gcm_15_esp(void) { @@ -1094,8 +1096,10 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_aes_gcm_256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_4_esp, ipsec_check_esp_aes_gcm_128), +#if 0 ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_12_esp, ipsec_check_esp_aes_gcm_128), +#endif ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_15_esp, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 51aa97ccb..c057f7765 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -1021,9 +1021,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_2_esp = { 0x3d, 0xe8, 0x18, 0x27, 0xc1, 0x0e, 0x9a, 0x4f, 0x51, 0x33, 0x0d, 0x0e, 0xec, 0x41, 0x66, 0x42, 0xcf, 0xbb, 0x85, 0xa5, 0xb4, 0x7e, 0x48, 0xa4, - 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd1, - 0x83, 0xb7, 0x0d, 0x3a, 0xa8, 0xbc, 0x6e, 0xe4, - 0xc3, 0x09, 0xe9, 0xd8, 0x5a, 0x41, 0xad, 0x4a, + 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd4, + 0x26, 0xf8, 0x39, 0x1b, 0x99, 0x27, 0xd0, 0xfc, + 0xc9, 0x84, 0x56, 0x1b, 0xbb, 0xce, 0x9f, 0xc0, }, }; @@ -1078,9 +1078,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_3_esp = { 0x06, 0xef, 0xae, 0x9d, 0x65, 0xa5, 0xd7, 0x63, 0x74, 0x8a, 0x63, 0x79, 0x85, 0x77, 0x1d, 0x34, 0x7f, 0x05, 0x45, 0x65, 0x9f, 0x14, 0xe9, 0x9d, - 0xef, 0x84, 0x2d, 0x8e, 0xb3, 0x35, 0xf4, 0xee, - 0xcf, 0xdb, 0xf8, 0x31, 0x82, 0x4b, 0x4c, 0x49, - 0x15, 0x95, 0x6c, 0x96, + 0xef, 0x84, 0x2d, 0x8b, 0x42, 0xf5, 0x64, 0xf5, + 0x2d, 0xfd, 0xd6, 0xee, 0xf4, 0xf9, 0x2e, 0xad, + 0xba, 0xc2, 0x39, 0x90, }, }; @@ -1137,9 +1137,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_4_esp = { 0x45, 0x64, 0x76, 0x49, 0x27, 0x19, 0xff, 0xb6, 0x4d, 0xe7, 0xd9, 0xdc, 0xa1, 0xe1, 0xd8, 0x94, 0xbc, 0x3b, 0xd5, 0x78, 0x73, 0xed, 0x4d, 0x18, - 0x1d, 0x19, 0xd4, 0xd5, 0xc8, 0xc1, 0x8a, 0xf3, - 0xf8, 0x21, 0xd4, 0x96, 0xee, 0xb0, 0x96, 0xe9, - 0x8a, 0xd2, 0xb6, 0x9e, 0x47, 0x99, 0xc7, 0x1d, + 0x1d, 0x19, 0xd4, 0xd5, 0xc8, 0xc1, 0x8a, 0xf6, + 0xfe, 0x1d, 0x73, 0x72, 0x22, 0x8a, 0x69, 0xf4, + 0x0d, 0xeb, 0x37, 0x3d, 0xdc, 0x01, 0x67, 0x6b, }, }; @@ -1177,9 +1177,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_12_esp = { 0x43, 0x45, 0x7e, 0x91, 0x82, 0x44, 0x3b, 0xc6, /* Data */ - 0x43, 0x7f, 0x86, 0x6b, 0xcb, 0x3f, 0x69, 0x9f, - 0xe9, 0xb0, 0x82, 0x2b, 0xac, 0x96, 0x1c, 0x45, - 0x04, 0xbe, 0xf2, 0x70, + 0x43, 0x7f, 0x86, 0x51, 0x7e, 0xa5, 0x95, 0xd2, + 0xca, 0x00, 0x4c, 0x33, 0x38, 0x8c, 0x46, 0x77, + 0x0c, 0x59, 0x0a, 0xd6, }, }; @@ -1234,9 +1234,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = { 0x02, 0x00, 0x07, 0x00, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, - 0x01, 0x02, 0x02, 0x01, 0xf2, 0xa9, 0xa8, 0x36, - 0xe1, 0x55, 0x10, 0x6a, 0xa8, 0xdc, 0xd6, 0x18, - 0xe4, 0x09, 0x9a, 0xaa, + 0x01, 0x02, 0x02, 0x04, 0x59, 0x4f, 0x40, 0x55, + 0x42, 0x8d, 0x39, 0x9a, 0x9d, 0x66, 0xc1, 0x5e, + 0x77, 0x02, 0x3a, 0x98, }, }; From patchwork Tue Dec 12 16:00:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121552 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4320072qgn; Tue, 12 Dec 2017 08:12:58 -0800 (PST) X-Google-Smtp-Source: ACJfBovHeOnWAdAQ0jyt8B4ZFJ72i6bT5Z4BqmisLG0ulkQUkBPguwmRlTKGpbuoeydINBSXHzmv X-Received: by 10.200.40.66 with SMTP id 2mr6203197qtr.177.1513095178464; Tue, 12 Dec 2017 08:12:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095178; cv=none; d=google.com; s=arc-20160816; b=i1JLclDmZmDuLhnv3xBvaFidcX4q4+EEEF+6dqkhLcCz5Q52eay9hFbyUTWotGTyjw h7q7h7T9xx3SGbJaqp74ZZmbvoelOVlSKsgI/PL4HNd32GhnuO2KSf2ifyzmf6tSUHIc vIH0n885Y62tLzIR1WW9ZRHxlKakwCy/qre/zysGNIJ2PBULlfxiqAThQWocSks0CBin 1nq4f52kSWzGUrCWcswzxVhjh62kn24Zl0Ywj8GaeGZgDX6YIByNPAzJegPPt+T1O8cg /d5C7nnLFhePnjjwIsbem5AkBV3CYpaAllRlgGoL/ANhVrjG9MAnXikhha5WmEVrehW0 Tl6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=E96uWnefYeQQlGoOZWCbC52B/zhHZ+YRRh6uGcPkVWw=; b=mNOPbUlhlqLgJqk1BaQYHFytMve+YpzXIVo7Jv20+gCIcH5Af06rHXwXUTud9HmB4i uS91fZglhUPdTuvUPUgQSyTq4mTHlpI7/WYwIfOKAE354noxS3b1I3z/87gSybbsxjAe iuqjg21rQBhv923d31ybG5+g0CvOfgX2a4UhMnEQ7isl3q9y0hWhryMe5j+DbVZVUAOd dcOlu9lvvOAGNU9BbelUhbVrO7KDzPbvhe/52Tab6e6jtZS7wKTElOqGOlEfYNmb2qC1 pIP9j9nvpGRyGK4bh5/RDIVSGjqMCfBZHN8+ZxhTHLrU3shG5YjrJ658uo5rEGRM069w N/9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id m10si5609517qkh.244.2017.12.12.08.12.58; Tue, 12 Dec 2017 08:12:58 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 0E4B1608E8; Tue, 12 Dec 2017 16:12:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 7322960943; Tue, 12 Dec 2017 16:03:14 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 75E7860800; Tue, 12 Dec 2017 16:03:05 +0000 (UTC) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [77.88.28.109]) by lists.linaro.org (Postfix) with ESMTPS id 7BF4D6084F for ; Tue, 12 Dec 2017 16:00:29 +0000 (UTC) Received: from mxback4g.mail.yandex.net (mxback4g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:165]) by forward106p.mail.yandex.net (Yandex) with ESMTP id F09832D84459 for ; Tue, 12 Dec 2017 19:00:27 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback4g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id imMQUTxKya-0Ri44Ks4; Tue, 12 Dec 2017 19:00:27 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0RFaicRw; Tue, 12 Dec 2017 19:00:27 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:11 +0300 Message-Id: <1513094423-671-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 4/16] linux-gen: don't include odp_ipsec_internal.h in odp_packet_internal.h X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Such include adds unnecessary build dependencies. Just include , which is enough. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ platform/linux-generic/include/odp_packet_internal.h | 2 +- platform/linux-generic/pktio/loop.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp_packet_internal.h b/platform/linux-generic/include/odp_packet_internal.h index a16ec3161..0f661679e 100644 --- a/platform/linux-generic/include/odp_packet_internal.h +++ b/platform/linux-generic/include/odp_packet_internal.h @@ -25,7 +25,7 @@ extern "C" { #include #include #include -#include +#include #include #include diff --git a/platform/linux-generic/pktio/loop.c b/platform/linux-generic/pktio/loop.c index 96df72724..f887e1a2d 100644 --- a/platform/linux-generic/pktio/loop.c +++ b/platform/linux-generic/pktio/loop.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include From patchwork Tue Dec 12 16:00:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121551 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4319353qgn; Tue, 12 Dec 2017 08:12:20 -0800 (PST) X-Google-Smtp-Source: ACJfBostNi0GpZSAfaXbPbfZivJei4tt+tOB73BxgKEcRUBzXwPBsWSQx6eo3MWMQgCDTa+4uR2P X-Received: by 10.55.72.6 with SMTP id v6mr6170684qka.333.1513095140486; Tue, 12 Dec 2017 08:12:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095140; cv=none; d=google.com; s=arc-20160816; b=DDrjs6pCK8eNt4eDyfBExGt6VV2BVV0ticAW637v5zY9Ql1Vg3ygbynUVbC7FfEyeX VixReXGPvTzJkxyIAwlOZ9XAr7ijnPYgfxdMRuhlWpB1yiMklF8HnCvQS9l6pHb+83yf +ZjdpOvFBZqXfdxIgHdCV+jLSEtnygAVICBSjcUHkqLftmKQuBoGH1ooR7GTUVXrlcIV xIghfvvqCRIBYGIV+VMUxcYblJrXnAAc3RW6arnV1ImHD1glWIRYjiDu7WaTBKVJ+I/J 8arypRDE42Q7CiPJl/v5+XafHJ4m7IjfV8E7ZSnBOhPJVJpd3KYBdtoxdc9TRyIOQvYU Vg3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=MdllFgDA9f1dK+fsM2PfjevK3EE5vKrNYWtYAaNmVvw=; b=F/uKqjkubwK5weeJzSSKeZhxL0i9fED8yRRGDPcNVsAfwOBBfvWf21D0UROVfmYLnA VwBdoB7ZZnJj89WMFhhbKw+yZU0WrNEePTpVe9wn8ExU0PUMr7Ft4EgZSw/DiokBi1xP zEo370bBNWOlwog7vetHlkNbBb5Qs3VHmTsUKufM6BYzk7lNIokoJloo0NXRYLpSzQlZ 6jys1ZP4z5rHW2LkAYyWtce2fjny8icnZw5F6aaRZS+ncRlxkA2uTqrSwzw+EAeSKaW/ kW7CnPJvDkeh9ZlCooXlqfsrTxArho/TgbmpWW04XzAZ9AwCY4mNiTnituiNTzXlsWUD LD0A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id b38si1106401qkh.102.2017.12.12.08.12.19; Tue, 12 Dec 2017 08:12:20 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 5AA13608FD; Tue, 12 Dec 2017 16:12:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 4695C60800; Tue, 12 Dec 2017 16:03:08 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 383F560953; Tue, 12 Dec 2017 16:03:02 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id A435160888 for ; Tue, 12 Dec 2017 16:00:29 +0000 (UTC) Received: from mxback13j.mail.yandex.net (mxback13j.mail.yandex.net [IPv6:2a02:6b8:0:1619::88]) by forward106j.mail.yandex.net (Yandex) with ESMTP id 6687A1804BB4 for ; Tue, 12 Dec 2017 19:00:28 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback13j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id PN6wnGz59H-0SA0vEJf; Tue, 12 Dec 2017 19:00:28 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0SFOimAd; Tue, 12 Dec 2017 19:00:28 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:12 +0300 Message-Id: <1513094423-671-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 5/16] linux-gen: protocols: ip: add more ipv6 defines X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ platform/linux-generic/include/protocols/ip.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/platform/linux-generic/include/protocols/ip.h b/platform/linux-generic/include/protocols/ip.h index 0fc391abe..7b6b736a6 100644 --- a/platform/linux-generic/include/protocols/ip.h +++ b/platform/linux-generic/include/protocols/ip.h @@ -161,11 +161,13 @@ typedef struct ODP_PACKED { #define _ODP_IPPROTO_IPIP 0x04 /**< IP Encapsulation within IP (4) */ #define _ODP_IPPROTO_TCP 0x06 /**< Transmission Control Protocol (6) */ #define _ODP_IPPROTO_UDP 0x11 /**< User Datagram Protocol (17) */ +#define _ODP_IPPROTO_IPV6 0x29 /**< IPv6 Routing header (41) */ #define _ODP_IPPROTO_ROUTE 0x2B /**< IPv6 Routing header (43) */ #define _ODP_IPPROTO_FRAG 0x2C /**< IPv6 Fragment (44) */ #define _ODP_IPPROTO_AH 0x33 /**< Authentication Header (51) */ #define _ODP_IPPROTO_ESP 0x32 /**< Encapsulating Security Payload (50) */ #define _ODP_IPPROTO_ICMPv6 0x3A /**< Internet Control Message Protocol (58) */ +#define _ODP_IPPROTO_DEST 0x3C /**< IPv6 Destination header (60) */ #define _ODP_IPPROTO_SCTP 0x84 /**< Stream Control Transmission protocol (132) */ #define _ODP_IPPROTO_INVALID 0xFF /**< Reserved invalid by IANA */ From patchwork Tue Dec 12 16:00:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121553 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4320908qgn; Tue, 12 Dec 2017 08:13:41 -0800 (PST) X-Google-Smtp-Source: ACJfBotCtbUs0rLed2odaMz5JrHkSryUcAdfsQp6MJBvu+5uZIgnZo3ko1MqVLl61TRgKKTU5aDi X-Received: by 10.200.50.196 with SMTP id a4mr1235888qtb.214.1513095221518; Tue, 12 Dec 2017 08:13:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095221; cv=none; d=google.com; s=arc-20160816; b=ipHsGqJMHz/oVDPcjWYfLNW2Sl8RCpVxvsXCjtBb0fM4DL/2ad/20NuTdZRzKdPaoD 2/Ej2pbBOCPsPFA09em1C0kkwAJ4JCumLV74vAFTTgc9hm5WHOXpKzTDWq5AWO2RLJ77 F0e1bAcVL0nI+8FG5lA2ogtTBn9VbXG7ECuBPTYGxvyUhPP+rNKQCSJtG7f6TkqmYhPF NdEbR/BNt5v3HE2sKv6QJAeLKMUA0lI4py4emvi6PQQjGMrPRB6s2ajSMeculohV9Rpn yKRIuBTRAjTf9MzUtXUkenD7l84Svx+aNiPIEaGrHNa0WZG0UkZDR8qLpRmg1kCsgPkM 1VKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=KIXkCwoJgSRyTMZqdfoKQdiDW1zagO5Pch8wDl11obg=; b=RV4VJ2LM4OfMN0KgZcooO7QuVopmirYvqPBEKULMpZ7eGo6x80mStvwpYQz4U/PZ3B 6cj5aru9hd6YJ3wPmketmkRtxC5tbdJpfOLjl/KsVMXKemeDsAj/n11gZDqLN79oJ/Zf 3tHXR4aoDVc2DrawAhUEoN9thK2acX30MdFlZWZ8HWoKcWnHDxukXzSdc5dIj84Sj3pd ETQ124zMrRSnkMG/dMzZWr13B2ge6/xOnXDCWJZPb8/2zl78mZCEhR5XFsw3voEWGmlM JG9h+k0LJRQAr1cJv4zN8qAZM+AGVgN48nDmw9BCj/A1fFZYwViRIzaI2rgQ2+mMzqNT oLeQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o67si997351qkd.88.2017.12.12.08.13.41; Tue, 12 Dec 2017 08:13:41 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 3252C608F2; Tue, 12 Dec 2017 16:13:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id B1BB960888; Tue, 12 Dec 2017 16:03:18 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 91B3060800; Tue, 12 Dec 2017 16:03:06 +0000 (UTC) Received: from forward102p.mail.yandex.net (forward102p.mail.yandex.net [77.88.28.102]) by lists.linaro.org (Postfix) with ESMTPS id 084DA6086F for ; Tue, 12 Dec 2017 16:00:31 +0000 (UTC) Received: from mxback17j.mail.yandex.net (mxback17j.mail.yandex.net [IPv6:2a02:6b8:0:1619::93]) by forward102p.mail.yandex.net (Yandex) with ESMTP id 792E5430475F for ; Tue, 12 Dec 2017 19:00:29 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback17j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 2p1qZQdjIS-0TG46SAU; Tue, 12 Dec 2017 19:00:29 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0SFCrkQV; Tue, 12 Dec 2017 19:00:28 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:13 +0300 Message-Id: <1513094423-671-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 6/16] linux-gen: ipsec: implement IPv6 protocol support X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Implement support for handling IPv6 packets and IPv6 tunnels. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ .../linux-generic/include/odp_ipsec_internal.h | 44 +- platform/linux-generic/odp_ipsec.c | 468 ++++++++++++++++----- platform/linux-generic/odp_ipsec_sad.c | 67 ++- 3 files changed, 440 insertions(+), 139 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 06447870b..b294e7c4a 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -24,6 +24,8 @@ extern "C" { #include #include +#include + /** @ingroup odp_ipsec * @{ */ @@ -127,10 +129,12 @@ struct ipsec_sa_s { unsigned dec_ttl : 1; unsigned copy_dscp : 1; unsigned copy_df : 1; + unsigned copy_flabel : 1; unsigned aes_ctr_iv : 1; /* Only for outbound */ unsigned use_counter_iv : 1; + unsigned tun_ipv4 : 1; /* Only for inbound */ unsigned antireplay : 1; @@ -140,23 +144,38 @@ struct ipsec_sa_s { union { struct { odp_ipsec_lookup_mode_t lookup_mode; - odp_u32be_t lookup_dst_ip; + odp_ipsec_ip_version_t lookup_ver; + union { + odp_u32be_t lookup_dst_ipv4; + uint8_t lookup_dst_ipv6[_ODP_IPV6ADDR_LEN]; + }; odp_atomic_u64_t antireplay; } in; struct { - odp_u32be_t tun_src_ip; - odp_u32be_t tun_dst_ip; - - /* 32-bit from which low 16 are used */ - odp_atomic_u32_t tun_hdr_id; - odp_atomic_u32_t seq; - odp_atomic_u64_t counter; /* for CTR/GCM */ + odp_atomic_u32_t seq; - uint8_t tun_ttl; - uint8_t tun_dscp; - uint8_t tun_df; + union { + struct { + odp_u32be_t src_ip; + odp_u32be_t dst_ip; + + /* 32-bit from which low 16 are used */ + odp_atomic_u32_t hdr_id; + + uint8_t ttl; + uint8_t dscp; + uint8_t df; + } tun_ipv4; + struct { + uint8_t src_ip[_ODP_IPV6ADDR_LEN]; + uint8_t dst_ip[_ODP_IPV6ADDR_LEN]; + uint8_t hlimit; + uint8_t dscp; + uint32_t flabel; + } tun_ipv6; + }; } out; }; }; @@ -171,7 +190,8 @@ typedef struct odp_ipsec_sa_lookup_s { /** SPI value */ uint32_t spi; - /* FIXME: IPv4 vs IPv6 */ + /** IP protocol version */ + odp_ipsec_ip_version_t ver; /** IP destination address (NETWORK ENDIAN) */ void *dst_addr; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 2b9de5771..714844675 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -125,6 +125,8 @@ static inline int _odp_ipv4_csum(odp_packet_t pkt, #define _ODP_IPV4HDR_CSUM_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, chksum) #define _ODP_IPV4HDR_PROTO_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, proto) +#define _ODP_IPV6HDR_NHDR_OFFSET ODP_OFFSETOF(_odp_ipv6hdr_t, next_hdr) +#define _ODP_IPV6HDREXT_NHDR_OFFSET ODP_OFFSETOF(_odp_ipv6hdr_ext_t, next_hdr) /** * Calculate and fill in IPv4 checksum @@ -159,11 +161,6 @@ static inline int _odp_ipv4_csum_update(odp_packet_t pkt) } #define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL((ip)->ver_ihl) * 4) -static inline -void ipv4_adjust_len(_odp_ipv4hdr_t *ip, int adj) -{ - ip->tot_len = odp_cpu_to_be_16(odp_be_to_cpu_16(ip->tot_len) + adj); -} static const uint8_t ipsec_padding[255] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -219,13 +216,17 @@ static inline odp_pktio_parser_layer_t parse_layer(odp_ipsec_proto_layer_t l) } typedef struct { - _odp_ipv4hdr_t *ip; + void *ip; unsigned stats_length; uint16_t ip_offset; uint16_t ip_hdr_len; uint16_t ip_tot_len; + uint16_t ip_next_hdr_offset; + uint8_t ip_next_hdr; + unsigned is_ipv4 : 1; union { struct { + uint32_t ip_flabel; uint16_t ip_df; uint8_t ip_tos; } out_tunnel; @@ -233,25 +234,76 @@ typedef struct { uint16_t hdr_len; uint16_t trl_len; } in; + odp_u32be_t ipv4_addr; + uint8_t ipv6_addr[_ODP_IPV6ADDR_LEN]; }; union { struct { uint8_t tos; uint8_t ttl; - uint16_t frag_offset; + odp_u16be_t frag_offset; } ah_ipv4; + struct { + odp_u32be_t ver_tc_flow; + uint8_t hop_limit; + } ah_ipv6; }; ipsec_aad_t aad; uint8_t iv[IPSEC_MAX_IV_LEN]; } ipsec_state_t; -static int ipsec_parse_ipv4(ipsec_state_t *state) +static int ipsec_parse_ipv4(ipsec_state_t *state, odp_packet_t pkt) { - if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(state->ip->frag_offset))) + _odp_ipv4hdr_t ipv4hdr; + + odp_packet_copy_to_mem(pkt, state->ip_offset, + _ODP_IPV4HDR_LEN, &ipv4hdr); + + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ipv4hdr.frag_offset))) return -1; - state->ip_hdr_len = ipv4_hdr_len(state->ip); - state->ip_tot_len = odp_be_to_cpu_16(state->ip->tot_len); + state->ip_hdr_len = ipv4_hdr_len(&ipv4hdr); + state->ip_tot_len = odp_be_to_cpu_16(ipv4hdr.tot_len); + state->ip_next_hdr = ipv4hdr.proto; + state->ip_next_hdr_offset = state->ip_offset + + _ODP_IPV4HDR_PROTO_OFFSET; + state->ipv4_addr = ipv4hdr.dst_addr; + + return 0; +} + +static int ipsec_parse_ipv6(ipsec_state_t *state, odp_packet_t pkt) +{ + _odp_ipv6hdr_t ipv6hdr; + _odp_ipv6hdr_ext_t ipv6hdrext; + + odp_packet_copy_to_mem(pkt, state->ip_offset, + _ODP_IPV6HDR_LEN, &ipv6hdr); + + state->ip_hdr_len = _ODP_IPV6HDR_LEN; + state->ip_next_hdr = ipv6hdr.next_hdr; + state->ip_next_hdr_offset = state->ip_offset + _ODP_IPV6HDR_NHDR_OFFSET; + /* FIXME: Jumbo frames */ + state->ip_tot_len = odp_be_to_cpu_16(ipv6hdr.payload_len) + + _ODP_IPV6HDR_LEN; + memcpy(state->ipv6_addr, &ipv6hdr.dst_addr, _ODP_IPV6ADDR_LEN); + + while (state->ip_next_hdr == _ODP_IPPROTO_HOPOPTS || + state->ip_next_hdr == _ODP_IPPROTO_DEST || + state->ip_next_hdr == _ODP_IPPROTO_ROUTE) { + odp_packet_copy_to_mem(pkt, + state->ip_offset + state->ip_hdr_len, + sizeof(ipv6hdrext), + &ipv6hdrext); + state->ip_next_hdr = ipv6hdrext.next_hdr; + state->ip_next_hdr_offset = state->ip_offset + + state->ip_hdr_len + + _ODP_IPV6HDREXT_NHDR_OFFSET; + state->ip_hdr_len += (ipv6hdrext.ext_len + 1) * 8; + } + + if (_ODP_IPPROTO_FRAG == state->ip_next_hdr) + return -1; return 0; } @@ -259,6 +311,7 @@ static int ipsec_parse_ipv4(ipsec_state_t *state) static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, odp_ipsec_protocol_t proto, uint32_t spi, + odp_ipsec_ip_version_t ver, void *dst_addr, odp_ipsec_op_status_t *status) { @@ -269,6 +322,7 @@ static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, lookup.proto = proto; lookup.spi = spi; + lookup.ver = ver; lookup.dst_addr = dst_addr; ipsec_sa = _odp_ipsec_sa_lookup(&lookup); @@ -332,7 +386,9 @@ static int ipsec_in_esp(odp_packet_t *pkt, ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_ESP, odp_be_to_cpu_32(esp.spi), - &state->ip->dst_addr, status); + state->is_ipv4 ? ODP_IPSEC_IPV4 : + ODP_IPSEC_IPV6, + &state->ipv4_addr, status); *_ipsec_sa = ipsec_sa; if (status->error.all) return -1; @@ -386,8 +442,10 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; - state->ip->proto = esptrl.next_header; + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, + 1, &esptrl.next_header); state->in.trl_len += esptrl.pad_len; + state->ip_next_hdr = esptrl.next_header; return 0; } @@ -413,7 +471,9 @@ static int ipsec_in_ah(odp_packet_t *pkt, ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_AH, odp_be_to_cpu_32(ah.spi), - &state->ip->dst_addr, status); + state->is_ipv4 ? ODP_IPSEC_IPV4 : + ODP_IPSEC_IPV6, + &state->ipv4_addr, status); *_ipsec_sa = ipsec_sa; if (status->error.all) return -1; @@ -429,19 +489,31 @@ static int ipsec_in_ah(odp_packet_t *pkt, state->in.hdr_len = (ah.ah_len + 2) * 4; state->in.trl_len = 0; - /* Save everything to context */ - state->ah_ipv4.tos = state->ip->tos; - state->ah_ipv4.frag_offset = state->ip->frag_offset; - state->ah_ipv4.ttl = state->ip->ttl; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + /* Save everything to context */ + state->ah_ipv4.tos = ipv4hdr->tos; + state->ah_ipv4.frag_offset = ipv4hdr->frag_offset; + state->ah_ipv4.ttl = ipv4hdr->ttl; + + /* FIXME: zero copy of header, passing it to crypto! */ + /* + * If authenticating, zero the mutable fields build the request + */ + ipv4hdr->chksum = 0; + ipv4hdr->tos = 0; + ipv4hdr->frag_offset = 0; + ipv4hdr->ttl = 0; + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; - /* FIXME: zero copy of header, passing it to crypto! */ - /* - * If authenticating, zero the mutable fields build the request - */ - state->ip->chksum = 0; - state->ip->tos = 0; - state->ip->frag_offset = 0; - state->ip->ttl = 0; + state->ah_ipv6.ver_tc_flow = ipv6hdr->ver_tc_flow; + state->ah_ipv6.hop_limit = ipv6hdr->hop_limit; + ipv6hdr->ver_tc_flow = + odp_cpu_to_be_32(6 << _ODP_IPV6HDR_VERSION_SHIFT); + ipv6hdr->hop_limit = 0; + } state->aad.spi = ah.spi; state->aad.seq_no = ah.seq_no; @@ -470,12 +542,23 @@ static int ipsec_in_ah_post(odp_packet_t pkt, sizeof(ah), &ah) < 0) return -1; - state->ip->proto = ah.next_header; + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, + 1, &ah.next_header); /* Restore mutable fields */ - state->ip->ttl = state->ah_ipv4.ttl; - state->ip->tos = state->ah_ipv4.tos; - state->ip->frag_offset = state->ah_ipv4.frag_offset; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + ipv4hdr->ttl = state->ah_ipv4.ttl; + ipv4hdr->tos = state->ah_ipv4.tos; + ipv4hdr->frag_offset = state->ah_ipv4.frag_offset; + } else { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv6hdr->ver_tc_flow = state->ah_ipv6.ver_tc_flow; + ipv6hdr->hop_limit = state->ah_ipv6.hop_limit; + } + state->ip_next_hdr = ah.next_header; return 0; } @@ -501,7 +584,17 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); - rc = ipsec_parse_ipv4(&state); + /* + * FIXME: maybe use packet flag as below ??? + * This adds requirement that input packets contain not only valid + * l3/l4 offsets, but also valid packet flags + * state.is_ipv4 = odp_packet_has_ipv4(pkt); + */ + state.is_ipv4 = (((uint8_t *)state.ip)[0] >> 4) == 0x4; + if (state.is_ipv4) + rc = ipsec_parse_ipv4(&state, pkt); + else + rc = ipsec_parse_ipv6(&state, pkt); if (rc < 0 || state.ip_tot_len + state.ip_offset > odp_packet_len(pkt)) { status->error.alg = 1; @@ -509,9 +602,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, } /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == state.ip->proto) { + if (_ODP_IPPROTO_ESP == state.ip_next_hdr) { rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); - } else if (_ODP_IPPROTO_AH == state.ip->proto) { + } else if (_ODP_IPPROTO_AH == state.ip_next_hdr) { rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else { status->error.proto = 1; @@ -587,6 +680,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } + state.ip_tot_len -= state.in.trl_len; if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { /* We have a tunneled IPv4 packet, strip outer and IPsec @@ -600,11 +694,14 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } - - if (odp_packet_len(pkt) > sizeof(*state.ip)) { - state.ip = odp_packet_l3_ptr(pkt, NULL); - state.ip->ttl -= ipsec_sa->dec_ttl; - _odp_ipv4_csum_update(pkt); + state.ip_tot_len -= state.ip_hdr_len + state.in.hdr_len; + if (_ODP_IPPROTO_IPIP == state.ip_next_hdr) { + state.is_ipv4 = 1; + } else if (_ODP_IPPROTO_IPV6 == state.ip_next_hdr) { + state.is_ipv4 = 0; + } else { + status->error.proto = 1; + goto err; } } else { odp_packet_move_data(pkt, state.in.hdr_len, 0, @@ -614,13 +711,30 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } + state.ip_tot_len -= state.in.hdr_len; + } - if (odp_packet_len(pkt) > sizeof(*state.ip)) { - state.ip = odp_packet_l3_ptr(pkt, NULL); - ipv4_adjust_len(state.ip, - -(state.in.hdr_len + state.in.trl_len)); - _odp_ipv4_csum_update(pkt); - } + /* Finalize the IPv4 header */ + if (state.is_ipv4 && odp_packet_len(pkt) > _ODP_IPV4HDR_LEN) { + _odp_ipv4hdr_t *ipv4hdr = odp_packet_l3_ptr(pkt, NULL); + + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) + ipv4hdr->tot_len = odp_cpu_to_be_16(state.ip_tot_len); + else + ipv4hdr->ttl -= ipsec_sa->dec_ttl; + _odp_ipv4_csum_update(pkt); + } else if (!state.is_ipv4 && odp_packet_len(pkt) > _ODP_IPV6HDR_LEN) { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) + ipv6hdr->payload_len = + odp_cpu_to_be_16(state.ip_tot_len - + _ODP_IPV6HDR_LEN); + else + ipv6hdr->hop_limit -= ipsec_sa->dec_ttl; + } else { + status->error.proto = 1; + goto err; } pkt_hdr = odp_packet_hdr(pkt); @@ -628,7 +742,10 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, packet_parse_reset(pkt_hdr); packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - state.ip_offset, _ODP_ETHTYPE_IPV4); + state.ip_offset, + state.is_ipv4 ? + _ODP_ETHTYPE_IPV4 : + _ODP_ETHTYPE_IPV6); *pkt_out = pkt; @@ -662,6 +779,24 @@ static int ipsec_out_tunnel_parse_ipv4(ipsec_state_t *state, ipv4hdr->ttl -= ipsec_sa->dec_ttl; state->out_tunnel.ip_tos = ipv4hdr->tos; state->out_tunnel.ip_df = _ODP_IPV4HDR_FLAGS_DONT_FRAG(flags); + state->out_tunnel.ip_flabel = 0; + + return 0; +} + +static int ipsec_out_tunnel_parse_ipv6(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + ipv6hdr->hop_limit -= ipsec_sa->dec_ttl; + state->out_tunnel.ip_tos = (ipv6hdr->ver_tc_flow & + _ODP_IPV6HDR_TC_MASK) >> + _ODP_IPV6HDR_TC_SHIFT; + state->out_tunnel.ip_df = 0; + state->out_tunnel.ip_flabel = (ipv6hdr->ver_tc_flow & + _ODP_IPV6HDR_FLOW_LABEL_MASK) >> + _ODP_IPV6HDR_FLOW_LABEL_SHIFT; return 0; } @@ -679,26 +814,25 @@ static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, else out_ip.tos = (state->out_tunnel.ip_tos & ~_ODP_IP_TOS_DSCP_MASK) | - (ipsec_sa->out.tun_dscp << + (ipsec_sa->out.tun_ipv4.dscp << _ODP_IP_TOS_DSCP_SHIFT); state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; state->ip_tot_len += _ODP_IPV4HDR_LEN; out_ip.tot_len = odp_cpu_to_be_16(state->ip_tot_len); /* No need to convert to BE: ID just should not be duplicated */ - out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, + out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_ipv4.hdr_id, 1); if (ipsec_sa->copy_df) flags = state->out_tunnel.ip_df; else - flags = ((uint16_t)ipsec_sa->out.tun_df) << 14; + flags = ((uint16_t)ipsec_sa->out.tun_ipv4.df) << 14; out_ip.frag_offset = odp_cpu_to_be_16(flags); - out_ip.ttl = ipsec_sa->out.tun_ttl; - out_ip.proto = _ODP_IPPROTO_IPIP; + out_ip.ttl = ipsec_sa->out.tun_ipv4.ttl; /* Will be filled later by packet checksum update */ out_ip.chksum = 0; - out_ip.src_addr = ipsec_sa->out.tun_src_ip; - out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; + out_ip.src_addr = ipsec_sa->out.tun_ipv4.src_ip; + out_ip.dst_addr = ipsec_sa->out.tun_ipv4.dst_ip; if (odp_packet_extend_head(pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) @@ -713,6 +847,70 @@ static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, state->ip = odp_packet_l3_ptr(*pkt, NULL); state->ip_hdr_len = _ODP_IPV4HDR_LEN; + if (state->is_ipv4) + state->ip_next_hdr = _ODP_IPPROTO_IPIP; + else + state->ip_next_hdr = _ODP_IPPROTO_IPV6; + state->ip_next_hdr_offset = state->ip_offset + + _ODP_IPV4HDR_PROTO_OFFSET; + + state->is_ipv4 = 1; + + return 0; +} + +static int ipsec_out_tunnel_ipv6(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv6hdr_t out_ip; + uint32_t ver; + + ver = 6 << _ODP_IPV6HDR_VERSION_SHIFT; + if (ipsec_sa->copy_dscp) + ver |= state->out_tunnel.ip_tos << _ODP_IPV6HDR_TC_SHIFT; + else + ver |= ((state->out_tunnel.ip_tos & + ~_ODP_IP_TOS_DSCP_MASK) | + (ipsec_sa->out.tun_ipv6.dscp << + _ODP_IP_TOS_DSCP_SHIFT)) << + _ODP_IPV6HDR_TC_SHIFT; + if (ipsec_sa->copy_flabel) + ver |= state->out_tunnel.ip_flabel; + else + ver |= ipsec_sa->out.tun_ipv6.flabel; + out_ip.ver_tc_flow = odp_cpu_to_be_32(ver); + + state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; + out_ip.payload_len = odp_cpu_to_be_16(state->ip_tot_len); + state->ip_tot_len += _ODP_IPV6HDR_LEN; + + out_ip.hop_limit = ipsec_sa->out.tun_ipv6.hlimit; + memcpy(&out_ip.src_addr, ipsec_sa->out.tun_ipv6.src_ip, + _ODP_IPV6ADDR_LEN); + memcpy(&out_ip.dst_addr, ipsec_sa->out.tun_ipv6.dst_ip, + _ODP_IPV6ADDR_LEN); + + if (odp_packet_extend_head(pkt, _ODP_IPV6HDR_LEN, + NULL, NULL) < 0) + return -1; + + odp_packet_move_data(*pkt, 0, _ODP_IPV6HDR_LEN, state->ip_offset); + + odp_packet_copy_from_mem(*pkt, state->ip_offset, + sizeof(out_ip), &out_ip); + + odp_packet_l4_offset_set(*pkt, state->ip_offset + _ODP_IPV6HDR_LEN); + + state->ip = odp_packet_l3_ptr(*pkt, NULL); + state->ip_hdr_len = _ODP_IPV6HDR_LEN; + if (state->is_ipv4) + state->ip_next_hdr = _ODP_IPPROTO_IPIP; + else + state->ip_next_hdr = _ODP_IPPROTO_IPV6; + state->ip_next_hdr_offset = state->ip_offset + _ODP_IPV6HDR_NHDR_OFFSET; + + state->is_ipv4 = 0; return 0; } @@ -770,6 +968,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; unsigned hdr_len; unsigned trl_len; + uint8_t proto = _ODP_IPPROTO_ESP; /* ESP trailer should be 32-bit right aligned */ if (pad_block < 4) @@ -790,6 +989,32 @@ static int ipsec_out_esp(odp_packet_t *pkt, param->override_iv_ptr = state->iv; + memset(&esp, 0, sizeof(esp)); + esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); + esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; + + param->aad.ptr = (uint8_t *)&state->aad; + + memset(&esptrl, 0, sizeof(esptrl)); + esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; + esptrl.next_header = state->ip_next_hdr; + + odp_packet_copy_from_mem(*pkt, state->ip_next_hdr_offset, 1, &proto); + state->ip_tot_len += hdr_len + trl_len; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + ipv4hdr->tot_len = odp_cpu_to_be_16(state->ip_tot_len); + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + ipv6hdr->payload_len = odp_cpu_to_be_16(state->ip_tot_len - + _ODP_IPV6HDR_LEN); + } + if (odp_packet_extend_tail(pkt, trl_len, NULL, NULL) < 0 || odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; @@ -798,32 +1023,12 @@ static int ipsec_out_esp(odp_packet_t *pkt, odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - state->ip = odp_packet_l3_ptr(*pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(state->ip, hdr_len + trl_len); - state->ip_tot_len += hdr_len + trl_len; - uint32_t esptrl_offset = state->ip_offset + state->ip_hdr_len + hdr_len + encrypt_len - _ODP_ESPTRL_LEN; - memset(&esp, 0, sizeof(esp)); - esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); - esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; - - memset(&esptrl, 0, sizeof(esptrl)); - esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; - esptrl.next_header = state->ip->proto; - state->ip->proto = _ODP_IPPROTO_ESP; - odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); @@ -857,6 +1062,12 @@ static int ipsec_out_esp(odp_packet_t *pkt, return 0; } +static void ipsec_out_esp_post(ipsec_state_t *state, odp_packet_t pkt) +{ + if (state->is_ipv4) + _odp_ipv4_csum_update(pkt); +} + static int ipsec_out_ah(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, @@ -867,31 +1078,44 @@ static int ipsec_out_ah(odp_packet_t *pkt, unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + ipsec_sa->icv_len; uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; - - /* Save IPv4 stuff */ - state->ah_ipv4.tos = state->ip->tos; - state->ah_ipv4.frag_offset = state->ip->frag_offset; - state->ah_ipv4.ttl = state->ip->ttl; - - if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - return -1; - } - - odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - - state->ip = odp_packet_l3_ptr(*pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(state->ip, hdr_len); - state->ip_tot_len += hdr_len; + uint8_t proto = _ODP_IPPROTO_AH; memset(&ah, 0, sizeof(ah)); ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); - ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - ah.next_header = state->ip->proto; - state->ip->proto = _ODP_IPPROTO_AH; + ah.next_header = state->ip_next_hdr; + + odp_packet_copy_from_mem(*pkt, state->ip_next_hdr_offset, 1, &proto); + /* Save IP stuff */ + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + state->ah_ipv4.tos = ipv4hdr->tos; + state->ah_ipv4.frag_offset = ipv4hdr->frag_offset; + state->ah_ipv4.ttl = ipv4hdr->ttl; + ipv4hdr->chksum = 0; + ipv4hdr->tos = 0; + ipv4hdr->frag_offset = 0; + ipv4hdr->ttl = 0; + hdr_len = IPSEC_PAD_LEN(hdr_len, 4); + state->ip_tot_len += hdr_len; + ipv4hdr->tot_len = odp_cpu_to_be_16(state->ip_tot_len); + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + state->ah_ipv6.ver_tc_flow = ipv6hdr->ver_tc_flow; + state->ah_ipv6.hop_limit = ipv6hdr->hop_limit; + ipv6hdr->ver_tc_flow = + odp_cpu_to_be_32(6 << _ODP_IPV6HDR_VERSION_SHIFT); + ipv6hdr->hop_limit = 0; + + hdr_len = IPSEC_PAD_LEN(hdr_len, 8); + state->ip_tot_len += hdr_len; + ipv6hdr->payload_len = odp_cpu_to_be_16(state->ip_tot_len - + _ODP_IPV6HDR_LEN); + } + + ah.ah_len = hdr_len / 4 - 2; state->aad.spi = ah.spi; state->aad.seq_no = ah.seq_no; @@ -906,6 +1130,13 @@ static int ipsec_out_ah(odp_packet_t *pkt, param->override_iv_ptr = state->iv; + if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } + + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_AHHDR_LEN, &ah); @@ -916,12 +1147,8 @@ static int ipsec_out_ah(odp_packet_t *pkt, _odp_packet_set_data(*pkt, ipsec_offset + _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len, - 0, ipsec_sa->icv_len); - - state->ip->chksum = 0; - state->ip->tos = 0; - state->ip->frag_offset = 0; - state->ip->ttl = 0; + 0, + hdr_len - _ODP_AHHDR_LEN - ipsec_sa->esp_iv_len); param->auth_range.offset = state->ip_offset; param->auth_range.length = state->ip_tot_len; @@ -933,11 +1160,22 @@ static int ipsec_out_ah(odp_packet_t *pkt, return 0; } -static void ipsec_out_ah_post(ipsec_state_t *state) +static void ipsec_out_ah_post(ipsec_state_t *state, odp_packet_t pkt) { - state->ip->ttl = state->ah_ipv4.ttl; - state->ip->tos = state->ah_ipv4.tos; - state->ip->frag_offset = state->ah_ipv4.frag_offset; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv4hdr->ttl = state->ah_ipv4.ttl; + ipv4hdr->tos = state->ah_ipv4.tos; + ipv4hdr->frag_offset = state->ah_ipv4.frag_offset; + + _odp_ipv4_csum_update(pkt); + } else { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv6hdr->ver_tc_flow = state->ah_ipv6.ver_tc_flow; + ipv6hdr->hop_limit = state->ah_ipv6.hop_limit; + } } static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, @@ -965,18 +1203,30 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); + state.is_ipv4 = (((uint8_t *)state.ip)[0] >> 4) == 0x4; + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) { - rc = ipsec_parse_ipv4(&state); + if (state.is_ipv4) + rc = ipsec_parse_ipv4(&state, pkt); + else + rc = ipsec_parse_ipv6(&state, pkt); + if (state.ip_tot_len + state.ip_offset != odp_packet_len(pkt)) rc = -1; } else { - rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + if (state.is_ipv4) + rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + else + rc = ipsec_out_tunnel_parse_ipv6(&state, ipsec_sa); if (rc < 0) { status->error.alg = 1; goto err; } - rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + if (ipsec_sa->tun_ipv4) + rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + else + rc = ipsec_out_tunnel_ipv6(&pkt, &state, ipsec_sa); } if (rc < 0) { status->error.alg = 1; @@ -1033,8 +1283,10 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, } /* Finalize the IPv4 header */ - if (ODP_IPSEC_AH == ipsec_sa->proto) - ipsec_out_ah_post(&state); + if (ODP_IPSEC_ESP == ipsec_sa->proto) + ipsec_out_esp_post(&state, pkt); + else if (ODP_IPSEC_AH == ipsec_sa->proto) + ipsec_out_ah_post(&state, pkt); _odp_ipv4_csum_update(pkt); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 0287d6f73..812ad0c46 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -211,10 +211,18 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; - if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) - memcpy(&ipsec_sa->in.lookup_dst_ip, - param->inbound.lookup_param.dst_addr, - sizeof(ipsec_sa->in.lookup_dst_ip)); + if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) { + ipsec_sa->in.lookup_ver = + param->inbound.lookup_param.ip_version; + if (ODP_IPSEC_IPV4 == ipsec_sa->in.lookup_ver) + memcpy(&ipsec_sa->in.lookup_dst_ipv4, + param->inbound.lookup_param.dst_addr, + sizeof(ipsec_sa->in.lookup_dst_ipv4)); + else + memcpy(&ipsec_sa->in.lookup_dst_ipv6, + param->inbound.lookup_param.dst_addr, + sizeof(ipsec_sa->in.lookup_dst_ipv6)); + } if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) return ODP_IPSEC_SA_INVALID; @@ -226,6 +234,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->dec_ttl = param->opt.dec_ttl; ipsec_sa->copy_dscp = param->opt.copy_dscp; ipsec_sa->copy_df = param->opt.copy_df; + ipsec_sa->copy_flabel = param->opt.copy_flabel; odp_atomic_store_u64(&ipsec_sa->bytes, 0); odp_atomic_store_u64(&ipsec_sa->packets, 0); @@ -236,19 +245,36 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode && ODP_IPSEC_DIR_OUTBOUND == param->dir) { - if (param->outbound.tunnel.type != ODP_IPSEC_TUNNEL_IPV4) - goto error; - - memcpy(&ipsec_sa->out.tun_src_ip, - param->outbound.tunnel.ipv4.src_addr, - sizeof(ipsec_sa->out.tun_src_ip)); - memcpy(&ipsec_sa->out.tun_dst_ip, - param->outbound.tunnel.ipv4.dst_addr, - sizeof(ipsec_sa->out.tun_dst_ip)); - odp_atomic_init_u32(&ipsec_sa->out.tun_hdr_id, 0); - ipsec_sa->out.tun_ttl = param->outbound.tunnel.ipv4.ttl; - ipsec_sa->out.tun_dscp = param->outbound.tunnel.ipv4.dscp; - ipsec_sa->out.tun_df = param->outbound.tunnel.ipv4.df; + if (ODP_IPSEC_TUNNEL_IPV4 == param->outbound.tunnel.type) { + ipsec_sa->tun_ipv4 = 1; + memcpy(&ipsec_sa->out.tun_ipv4.src_ip, + param->outbound.tunnel.ipv4.src_addr, + sizeof(ipsec_sa->out.tun_ipv4.src_ip)); + memcpy(&ipsec_sa->out.tun_ipv4.dst_ip, + param->outbound.tunnel.ipv4.dst_addr, + sizeof(ipsec_sa->out.tun_ipv4.dst_ip)); + odp_atomic_init_u32(&ipsec_sa->out.tun_ipv4.hdr_id, 0); + ipsec_sa->out.tun_ipv4.ttl = + param->outbound.tunnel.ipv4.ttl; + ipsec_sa->out.tun_ipv4.dscp = + param->outbound.tunnel.ipv4.dscp; + ipsec_sa->out.tun_ipv4.df = + param->outbound.tunnel.ipv4.df; + } else { + ipsec_sa->tun_ipv4 = 0; + memcpy(&ipsec_sa->out.tun_ipv6.src_ip, + param->outbound.tunnel.ipv6.src_addr, + sizeof(ipsec_sa->out.tun_ipv6.src_ip)); + memcpy(&ipsec_sa->out.tun_ipv6.dst_ip, + param->outbound.tunnel.ipv6.dst_addr, + sizeof(ipsec_sa->out.tun_ipv6.dst_ip)); + ipsec_sa->out.tun_ipv6.hlimit = + param->outbound.tunnel.ipv6.hlimit; + ipsec_sa->out.tun_ipv6.dscp = + param->outbound.tunnel.ipv6.dscp; + ipsec_sa->out.tun_ipv6.flabel = + param->outbound.tunnel.ipv6.flabel; + } } odp_crypto_session_param_init(&crypto_param); @@ -485,8 +511,11 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode && lookup->proto == ipsec_sa->proto && lookup->spi == ipsec_sa->spi && - !memcmp(lookup->dst_addr, &ipsec_sa->in.lookup_dst_ip, - sizeof(ipsec_sa->in.lookup_dst_ip))) { + lookup->ver == ipsec_sa->in.lookup_ver && + !memcmp(lookup->dst_addr, &ipsec_sa->in.lookup_dst_ipv4, + lookup->ver == ODP_IPSEC_IPV4 ? + _ODP_IPV4ADDR_LEN : + _ODP_IPV6ADDR_LEN)) { if (NULL != best) _odp_ipsec_sa_unuse(best); return ipsec_sa; From patchwork Tue Dec 12 16:00:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121556 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4326294qgn; Tue, 12 Dec 2017 08:18:27 -0800 (PST) X-Google-Smtp-Source: ACJfBotlnMB8Z3fAVWHpqhhr+iCgvwHKjNtg0sxhrQQLsdBjKWxVU9pypPwAeLS92RnZ/rPHsp6B X-Received: by 10.55.100.149 with SMTP id y143mr6179317qkb.252.1513095507321; Tue, 12 Dec 2017 08:18:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095507; cv=none; d=google.com; s=arc-20160816; b=hekUkZcz0V/+E2mVVC0N7WVgwHf2D89HP1iMqZliPvEVzrHnGaOn06pM8JvohEtbHi byckWo0DvW8g1HtB7jTfq6rdKNup4YFb3zy+eEvj/JNBHrkkW5dsS1+gxvcGZpxUjXNU 56/95LO4CWyFDYmsF1eYioqAiHU2sj4P+JoX+MzXTTfSv0+aQavEj+fjUTt8N77lBPrP rTQobUDfg5UVtLOqUZtEEqjPrZ/OkmevXowBte04ir5f93DYBUSeZc/zLYvcegL5qKwm 7RzVXwNKhiWyFFRs/qnwLtboT6tjq79TshjX0UUwsTk+AN3teIF3asljfftyizBqaeP6 hAzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=um+OfMOHhsHMw058SFBV5hdcQRtcxqAM9OMB8t+dyzY=; b=RKeoIObDhM7sjYKrOwsI84Vc7jXezZeFFJwkbuFwhn6LNlDlZqRmjM+OdXkTb4SgjO fBv/+ZGKc4Z5cnKQRj16f+nsGSmImtEoT2GuQG9Q6Y6zOkwucUdv9fBPQJzIibV5kVAU RhW8PODRdZ41Nxol/DFfytiGOTpm4pvPyteBsnS0k5g2nN45C1rRlv0sMP4I90iqrQ9Q 8vzxwHDgCE3y9fO/xfsnCwBjsJvPW9lzMIU5Rds1q3c3Ura7gbmrUuc+kTY7BWu7dNVX aZWXSL1lt4yG0Ue9My5pOtii1mo7JSHWtqdw58yZjNvLXpHtYohA3MBEYck3v1t86N/r uqPw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o23si5235275qtk.462.2017.12.12.08.18.27; Tue, 12 Dec 2017 08:18:27 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 0516B6086F; Tue, 12 Dec 2017 16:18:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id EE44460825; Tue, 12 Dec 2017 16:04:26 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 21E98608A4; Tue, 12 Dec 2017 16:04:00 +0000 (UTC) Received: from forward103p.mail.yandex.net (forward103p.mail.yandex.net [77.88.28.106]) by lists.linaro.org (Postfix) with ESMTPS id 349B560880 for ; Tue, 12 Dec 2017 16:00:32 +0000 (UTC) Received: from mxback9j.mail.yandex.net (mxback9j.mail.yandex.net [IPv6:2a02:6b8:0:1619::112]) by forward103p.mail.yandex.net (Yandex) with ESMTP id 7F32721836A3 for ; Tue, 12 Dec 2017 19:00:30 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback9j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id C8V9NU7gDL-0UMSHGGX; Tue, 12 Dec 2017 19:00:30 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0TFCg8VO; Tue, 12 Dec 2017 19:00:29 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:14 +0300 Message-Id: <1513094423-671-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 7/16] validation: ipsec: add tests for IPv6 functionality X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ test/validation/api/ipsec/ipsec_test_in.c | 262 +++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 331 +++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 443 +++++++++++++++++++++++++++++ 3 files changed, 1036 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 5af98112a..15e1fe14f 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -71,6 +71,37 @@ static void test_in_ipv4_ah_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_ah_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_tun_ipv4_notun(void) { odp_ipsec_sa_param_t param; @@ -314,6 +345,37 @@ static void test_in_ipv4_esp_null_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_esp_null_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; @@ -1071,6 +1133,190 @@ static void test_in_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_in_ipv6_ah_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_ah_sha256_tun_ipv4(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_ah_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256_tun_ipv4(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -1106,6 +1352,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4_notun, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256, @@ -1122,6 +1370,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, @@ -1148,5 +1398,17 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256_tun_ipv4, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv4, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 757b90059..f4e71dced 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -83,6 +83,50 @@ static void test_out_ipv4_ah_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_ah_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; @@ -152,6 +196,51 @@ static void test_out_ipv4_esp_null_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_esp_null_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; @@ -380,6 +469,232 @@ static void test_out_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_out_ipv6_ah_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_ah_sha256_tun_ipv4(void) +{ + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV4, + .ipv4.src_addr = &src, + .ipv4.dst_addr = &dst, + .ipv4.ttl = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_ah_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256_tun_ipv4(void) +{ + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV4, + .ipv4.src_addr = &src, + .ipv4.dst_addr = &dst, + .ipv4.ttl = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = &src, + .ipv6.dst_addr = &dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -393,10 +708,14 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, @@ -409,5 +728,17 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv4, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv4, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index c057f7765..211f349d0 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -204,6 +204,54 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1 = { + .len = 214, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x33, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* AH */ + 0x04, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x2b, 0x45, 0xbe, 0xd2, 0x9c, 0x9c, 0x3e, 0x0d, + 0xe0, 0x32, 0xaf, 0xa0, 0x2d, 0x26, 0xe1, 0x91, + 0x00, 0x00, 0x00, 0x00, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad1 = { .len = 168, .l2_offset = 0, @@ -418,6 +466,57 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1 = { + .len = 210, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x9c, 0x32, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x04, + + /* ICV */ + 0x73, 0x8d, 0xf6, 0x9a, 0x26, 0x06, 0x4d, 0xa1, + 0x88, 0x37, 0x65, 0xab, 0x0d, 0xe9, 0x95, 0x3b, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, @@ -717,6 +816,350 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0_ah_sha256_1 = { + .len = 202, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x94, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x33, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* AH */ + 0x3a, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0xd9, 0x14, 0x87, 0x27, 0x20, 0x1a, 0xc2, 0x66, + 0xc1, 0xca, 0x99, 0x2b, 0x8a, 0xae, 0x2f, 0x27, + 0x00, 0x00, 0x00, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1 = { + .len = 218, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xcc, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0x18, 0xfb, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* AH */ + 0x29, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x7f, 0xde, 0x8a, 0x48, 0xc5, 0xc5, 0xfa, 0x52, + 0xb8, 0xf6, 0xc2, 0xe3, 0x8f, 0x10, 0xb2, 0x47, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1 = { + .len = 242, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xbc, 0x33, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* AH */ + 0x29, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x62, 0x96, 0x2b, 0x40, 0x3e, 0x53, 0x76, 0x4a, + 0x4d, 0x7f, 0xf6, 0x22, 0x35, 0x3c, 0x74, 0xe2, + 0x00, 0x00, 0x00, 0x00, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0_esp_null_sha256_1 = { + .len = 198, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x32, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x3a, + + /* ICV */ + 0x20, 0xa6, 0x89, 0x7b, 0x0a, 0x52, 0x5b, 0xca, + 0x98, 0x56, 0xd1, 0xfe, 0x56, 0xc7, 0xa4, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1 = { + .len = 218, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xcc, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0x18, 0xfc, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x29, + + /* ICV */ + 0xd0, 0x96, 0x6e, 0xda, 0xc5, 0x08, 0xcc, 0x0e, + 0xd1, 0x22, 0xa5, 0xed, 0x13, 0x07, 0xd9, 0xcd, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1 = { + .len = 238, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xb8, 0x32, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x29, + + /* ICV */ + 0xd0, 0x96, 0x6e, 0xda, 0xc5, 0x08, 0xcc, 0x0e, + 0xd1, 0x22, 0xa5, 0xed, 0x13, 0x07, 0xd9, 0xcd, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = { .len = 98, .l2_offset = 0, From patchwork Tue Dec 12 16:00:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121554 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4324340qgn; Tue, 12 Dec 2017 08:16:43 -0800 (PST) X-Google-Smtp-Source: ACJfBotAzcFzmIhGHf9aMYO6STjFcH91sabnEnwFL+d88jpay+CbuErztjF2Yesoe6LOf9DTfOzf X-Received: by 10.55.192.90 with SMTP id o87mr6322008qki.15.1513095403672; Tue, 12 Dec 2017 08:16:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095403; cv=none; d=google.com; s=arc-20160816; b=S19Ev/LsbFK9y8f9WdSNACvacI4aDzXVoCeuusGqyedEAJgbh2LDFAYPK+KpYL96mU NPaRSqdfq1zt1A04Z9dYvb89dFoWrs/Tkz0/zaR1Ymkr7/5pULc6Dk2m6K6nB/DxU4J6 p5I/a+6QgB3dEk5JDTl/Zy0eyDgQCGudAr+0npDqh36O6Z04EgsCUZbVfcIyYn0Oxm5L jMtif2aMRRVRO0c5rJfLIr1S0vg1qhtcTrKCvi4UdRCntSqqB4kRXbmdLkGVqoFejRU2 Yz7KnXSKiZFXdIkompeAGV2cVX6mCppq8lMNMZEr+Dz+QdCyedR/VgMaxNaa4iKjfiPU b3zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=ypjdrJhzGowJSqO0yXwyNurhq8fj1B1UpZ+3ftppGn0=; b=AGAlZwL7J5nU8s5PlKLNQkqBNz8mJ8Y0iWoyNsAuG5DlKym0ZilvbSs4bAcgfvhsdH 15ddUcyN3nuYPv5PkWN2KEKdaJMv9Qip0nyY6F7OFGi7drJEB53gRjGEmzm4z45BLaEl XEIoXWUo3UWNA/9rP54G5uA3E2PsxixMwqjQkTenuCE8mS3wnKg9hmNwCkW+C5AYFkvW DFSHOxpUQXgIpDBPyzVTbp0X4G/+HvEI7tXDe81coqirZBxd8CqY1PUKKwkhIt0q0g/U iFSYX7yZuAZ04i4z51DPwCuI+wmBXkrvjUETCfOP5NfcKwn9yklTubvAfRPV5o6w8Xr8 E92w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 47si5395qtr.200.2017.12.12.08.16.43; Tue, 12 Dec 2017 08:16:43 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 22DB26091B; Tue, 12 Dec 2017 16:16:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 4D42260880; Tue, 12 Dec 2017 16:04:00 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 29F53608A4; Tue, 12 Dec 2017 16:03:54 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id B17A5608A4 for ; Tue, 12 Dec 2017 16:00:32 +0000 (UTC) Received: from mxback4j.mail.yandex.net (mxback4j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10d]) by forward104p.mail.yandex.net (Yandex) with ESMTP id 06B2D1834DE for ; Tue, 12 Dec 2017 19:00:31 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback4j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 35reFxfYzD-0UJ8v1dZ; Tue, 12 Dec 2017 19:00:30 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0UFO3DtJ; Tue, 12 Dec 2017 19:00:30 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:15 +0300 Message-Id: <1513094423-671-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 8/16] linux-gen: ipsec: simplify seq no handling X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov There is no point in filling artificial AAD struct for AH just for the sake of sequence number checking. Instead use AAD just for ESP and provide separate seq_no field. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ platform/linux-generic/odp_ipsec.c | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 714844675..66342f1b0 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -233,6 +233,7 @@ typedef struct { struct { uint16_t hdr_len; uint16_t trl_len; + odp_u32be_t seq_no; } in; odp_u32be_t ipv4_addr; uint8_t ipv6_addr[_ODP_IPV6ADDR_LEN]; @@ -247,8 +248,10 @@ typedef struct { odp_u32be_t ver_tc_flow; uint8_t hop_limit; } ah_ipv6; + struct { + ipsec_aad_t aad; + } esp; }; - ipsec_aad_t aad; uint8_t iv[IPSEC_MAX_IV_LEN]; } ipsec_state_t; @@ -409,10 +412,11 @@ static int ipsec_in_esp(odp_packet_t *pkt, ipsec_sa->icv_len; param->override_iv_ptr = state->iv; - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; + state->esp.aad.spi = esp.spi; + state->esp.aad.seq_no = esp.seq_no; + state->in.seq_no = odp_be_to_cpu_32(esp.seq_no); - param->aad.ptr = (uint8_t *)&state->aad; + param->aad.ptr = (uint8_t *)&state->esp.aad; param->auth_range.offset = ipsec_offset; param->auth_range.length = state->ip_tot_len - @@ -515,10 +519,7 @@ static int ipsec_in_ah(odp_packet_t *pkt, ipv6hdr->hop_limit = 0; } - state->aad.spi = ah.spi; - state->aad.seq_no = ah.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; + state->in.seq_no = odp_be_to_cpu_32(ah.seq_no); param->auth_range.offset = state->ip_offset; param->auth_range.length = state->ip_tot_len; @@ -614,7 +615,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; if (_odp_ipsec_sa_replay_precheck(ipsec_sa, - odp_be_to_cpu_32(state.aad.seq_no), + state.in.seq_no, status) < 0) goto err; @@ -659,7 +660,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, - odp_be_to_cpu_32(state.aad.seq_no), + state.in.seq_no, status) < 0) goto err; @@ -993,10 +994,10 @@ static int ipsec_out_esp(odp_packet_t *pkt, esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; + state->esp.aad.spi = esp.spi; + state->esp.aad.seq_no = esp.seq_no; - param->aad.ptr = (uint8_t *)&state->aad; + param->aad.ptr = (uint8_t *)&state->esp.aad; memset(&esptrl, 0, sizeof(esptrl)); esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; @@ -1117,11 +1118,6 @@ static int ipsec_out_ah(odp_packet_t *pkt, ah.ah_len = hdr_len / 4 - 2; - state->aad.spi = ah.spi; - state->aad.seq_no = ah.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; - /* For GMAC */ if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; From patchwork Tue Dec 12 16:00:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121555 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4325180qgn; Tue, 12 Dec 2017 08:17:31 -0800 (PST) X-Google-Smtp-Source: ACJfBovDwU8PEhV7NiqTSYBLmVfvXWz48w/9IXdadD/ZitMgqbBYjUfk1hf2xqyuJ9GIma/iZr0M X-Received: by 10.200.13.1 with SMTP id q1mr5856476qti.166.1513095451290; Tue, 12 Dec 2017 08:17:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095451; cv=none; d=google.com; s=arc-20160816; b=SRc5LvVjt5Q+bnnwGd8zsFUpjx672gZDqhQ9ydnAkKNu5olaSJqI41SE0I5ieZcweS Ud8rDAynpslUdlXJ0nfuZfVAINtr8a5Is0ezyA/10G1T6i5WCvNqaBef7zW1xH2gMSGZ fmJSobU9xgSJlMm4erdMWwpk/DIxG5So7UD5lRvmB6k/EunzEn/XYPCltwuuI4wlPAH0 szpaANJStAJM7Lgo0OzjX+TDV6sl2yUqCOKiLbs4KQq5EuNgRuK5yM6rlU1I+uMX4mzf 6IiGZK83rJBjS8vYEN+cVO/IDXFMo28LLyk7mU/wrmFAyw6nSxK0tYmpQSffTM76OnK8 ouow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=vnWuk9n2TCbaPgfvprpbIR0cPJf65bYpCWDG2/szZqc=; b=f2oxjykhFiEm4RQOAvolsFPGyShK7QfDSdABUm6fHAZzhzbpReFHM8oeLIHjhPc/k5 DwiLVWQ2uxLRQq/SWJUbMBqyOuiYSs28h7e3jirfh8YELFla3rKzlKKuP+L/DkRTiayR ZxmaZAkSHBu2YuC9pLbz+7q58WN5bA3LtYEYaY3Us+Xx55kEmEGLYOoSq6hThzSA7we9 bfHNMvwn+gP9VBZ+UUOZq9SRePtP+lX97Af4DsjlUz4UEjEEnm+rJvw/qMHwPdYfO4FI 3mQSFzVadnN6DY7oNQlHqBZ8Nh4Ju/dHvMNnZD5E6RE+hjZxbfPuUP/8MO7KiABRMNm3 cqZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id b13si14926008qta.396.2017.12.12.08.17.30; Tue, 12 Dec 2017 08:17:31 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id D610C60907; Tue, 12 Dec 2017 16:17:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 98C1760902; Tue, 12 Dec 2017 16:04:08 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 8E4A160958; Tue, 12 Dec 2017 16:03:56 +0000 (UTC) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [5.45.198.243]) by lists.linaro.org (Postfix) with ESMTPS id 0D8BF604C8 for ; Tue, 12 Dec 2017 16:00:39 +0000 (UTC) Received: from mxback5o.mail.yandex.net (mxback5o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1f]) by forward102j.mail.yandex.net (Yandex) with ESMTP id 92E6D5604990 for ; Tue, 12 Dec 2017 19:00:37 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback5o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id dpoSxIPf0b-0VFqYJRf; Tue, 12 Dec 2017 19:00:31 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0VFOeI48; Tue, 12 Dec 2017 19:00:31 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:16 +0300 Message-Id: <1513094423-671-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 9/16] linux-gen: add support for UDP-encapsulated ESP packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ .../linux-generic/include/odp_ipsec_internal.h | 1 + platform/linux-generic/include/protocols/udp.h | 2 + platform/linux-generic/odp_ipsec.c | 53 +++++++++++++++++++++- platform/linux-generic/odp_ipsec_sad.c | 1 + 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index b294e7c4a..822c9016b 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -131,6 +131,7 @@ struct ipsec_sa_s { unsigned copy_df : 1; unsigned copy_flabel : 1; unsigned aes_ctr_iv : 1; + unsigned udp_encap : 1; /* Only for outbound */ unsigned use_counter_iv : 1; diff --git a/platform/linux-generic/include/protocols/udp.h b/platform/linux-generic/include/protocols/udp.h index 535aba855..85984c992 100644 --- a/platform/linux-generic/include/protocols/udp.h +++ b/platform/linux-generic/include/protocols/udp.h @@ -38,6 +38,8 @@ typedef struct ODP_PACKED { ODP_STATIC_ASSERT(sizeof(_odp_udphdr_t) == _ODP_UDPHDR_LEN, "_ODP_UDPHDR_T__SIZE_ERROR"); +#define _ODP_UDP_IPSEC_PORT 4500 + /** * @} */ diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 66342f1b0..f2130fc49 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -18,6 +18,7 @@ #include #include #include +#include #include @@ -378,9 +379,29 @@ static int ipsec_in_esp(odp_packet_t *pkt, _odp_esphdr_t esp; uint16_t ipsec_offset; ipsec_sa_t *ipsec_sa; + odp_bool_t udp_encap = false; ipsec_offset = state->ip_offset + state->ip_hdr_len; + if (_ODP_IPPROTO_UDP == state->ip_next_hdr) { + _odp_udphdr_t udp; + uint16_t ip_data_len = state->ip_tot_len - + state->ip_hdr_len; + + odp_packet_copy_to_mem(*pkt, ipsec_offset, + _ODP_UDPHDR_LEN, &udp); + + if (udp.dst_port != odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT) || + udp.length != odp_cpu_to_be_16(ip_data_len)) { + status->error.proto = 1; + return -1; + } + + ipsec_offset += _ODP_UDPHDR_LEN; + state->ip_hdr_len += _ODP_UDPHDR_LEN; + udp_encap = true; + } + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, sizeof(esp), &esp) < 0) { status->error.alg = 1; @@ -396,6 +417,11 @@ static int ipsec_in_esp(odp_packet_t *pkt, if (status->error.all) return -1; + if (!!ipsec_sa->udp_encap != udp_encap) { + status->error.proto = 1; + return -1; + } + if (ipsec_in_iv(*pkt, state, ipsec_sa, ipsec_offset + _ODP_ESPHDR_LEN) < 0) { status->error.alg = 1; @@ -446,6 +472,11 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; + if (udp_encap) { + state->ip_hdr_len -= _ODP_UDPHDR_LEN; + state->in.hdr_len += _ODP_UDPHDR_LEN; + } + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, 1, &esptrl.next_header); state->in.trl_len += esptrl.pad_len; @@ -603,7 +634,8 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, } /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == state.ip_next_hdr) { + if (_ODP_IPPROTO_ESP == state.ip_next_hdr || + _ODP_IPPROTO_UDP == state.ip_next_hdr) { rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else if (_ODP_IPPROTO_AH == state.ip_next_hdr) { rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); @@ -962,6 +994,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, { _odp_esphdr_t esp; _odp_esptrl_t esptrl; + _odp_udphdr_t udphdr; uint32_t encrypt_len; uint16_t ip_data_len = state->ip_tot_len - state->ip_hdr_len; @@ -983,6 +1016,16 @@ static int ipsec_out_esp(odp_packet_t *pkt, ip_data_len + ipsec_sa->icv_len; + if (ipsec_sa->udp_encap) { + hdr_len += _ODP_UDPHDR_LEN; + proto = _ODP_IPPROTO_UDP; + udphdr.src_port = odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT); + udphdr.dst_port = odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT); + udphdr.length = odp_cpu_to_be_16(ip_data_len + + hdr_len + trl_len); + udphdr.chksum = 0; /* should be 0 by RFC */ + } + if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; return -1; @@ -1030,6 +1073,14 @@ static int ipsec_out_esp(odp_packet_t *pkt, encrypt_len - _ODP_ESPTRL_LEN; + if (ipsec_sa->udp_encap) { + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_UDPHDR_LEN, + &udphdr); + ipsec_offset += _ODP_UDPHDR_LEN; + hdr_len -= _ODP_UDPHDR_LEN; + state->ip_hdr_len += _ODP_UDPHDR_LEN; + } + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 812ad0c46..82b3c4522 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -235,6 +235,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->copy_dscp = param->opt.copy_dscp; ipsec_sa->copy_df = param->opt.copy_df; ipsec_sa->copy_flabel = param->opt.copy_flabel; + ipsec_sa->udp_encap = param->opt.udp_encap; odp_atomic_store_u64(&ipsec_sa->bytes, 0); odp_atomic_store_u64(&ipsec_sa->packets, 0); From patchwork Tue Dec 12 16:00:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121557 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4326909qgn; Tue, 12 Dec 2017 08:18:59 -0800 (PST) X-Google-Smtp-Source: ACJfBotUa5qM+6LVu52aEk5SEWoYSkus7aMzkths4O+05U6vX/yGmisdf4xtbwOIKxiOwrEzLJ0I X-Received: by 10.200.15.24 with SMTP id e24mr6428208qtk.100.1513095539143; Tue, 12 Dec 2017 08:18:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095539; cv=none; d=google.com; s=arc-20160816; b=BXS2zh6F9VOh2ymEH5Q1ZIp/Bpz+zcpVAKA5Q7jdzjZlOPRd322k3F3g9ezqu4eXUR Z4q5zOOH/gowA9Ql/fcckgWV7BqJKefiaZONTjXScwt9KzYHX1jsKd9ZylwkBMRH0VCJ d/LTPNStAZTAHDk0Z3KeTokHqAFKu6riH8ymzmwUgJkxt+FKDvmMX3aLokJKKoxwBWif 9cVM5DbNdK3NGbl/mEoJPDMkeiIKZdZZ/Plh5TpJu5vtNRbSA6vOyFHpXNvymhzfbO8g RvS5oai8v7uJVpXRWF/L+VUAA33EG++LiAAoFSjfZ4y7J13Lv6QNiihK1YSon6dWVIKF fUxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=/OCq94MkPCMX69qy9Y9//rb3sgfm1+nwizRDOmiOgCM=; b=dL+8pJvvNyF4vpDyvxkjpQZCV1y0yh8TgRGKf/WvAfFAPLDYJ4G0cG/Xd9guJN0lpj kIRdPOjPPo3JXUjN//+vFHkBMTL1oLfRHLM55zlUxctSmUQqM4OUZf6sKlmzGN1lapBR +1RKpRmgyMQNtkL8DzuI7iX3X4US7ijvpI9wY9IKz8tyhapSWIB7qd5uDsH+KG4phXyR Rsd/DlfZYeuLmmUe+JgSgyJCH4oqDk5xRWExe/kjcHA1yGYXscnIGW9TUZMDAcnW0vcj fuFaLnm5fI2cNUFPetjbpQLaLQoB51BaTb2tCFLA4J9Mo83jjKvAVN2hVPK4zlipnMLd h/2Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id n66si5725459qkh.382.2017.12.12.08.18.57; Tue, 12 Dec 2017 08:18:59 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id BC36B6084F; Tue, 12 Dec 2017 16:18:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 478816096F; Tue, 12 Dec 2017 16:04:31 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5075F60965; Tue, 12 Dec 2017 16:04:01 +0000 (UTC) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248]) by lists.linaro.org (Postfix) with ESMTPS id 38173608E8 for ; Tue, 12 Dec 2017 16:00:39 +0000 (UTC) Received: from mxback7j.mail.yandex.net (mxback7j.mail.yandex.net [IPv6:2a02:6b8:0:1619::110]) by forward105j.mail.yandex.net (Yandex) with ESMTP id 2612B18292B for ; Tue, 12 Dec 2017 19:00:38 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback7j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 8gQQAdOv3M-0cImL6PV; Tue, 12 Dec 2017 19:00:38 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0bFeAJQL; Tue, 12 Dec 2017 19:00:37 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:17 +0300 Message-Id: <1513094423-671-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 10/16] linux-gen: packet: add flag for UDP-encapsulated IPsec packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ platform/linux-generic/include/odp/api/plat/packet_types.h | 1 + platform/linux-generic/odp_ipsec.c | 2 +- platform/linux-generic/odp_packet.c | 11 +++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp/api/plat/packet_types.h b/platform/linux-generic/include/odp/api/plat/packet_types.h index 82fc66e53..128e83148 100644 --- a/platform/linux-generic/include/odp/api/plat/packet_types.h +++ b/platform/linux-generic/include/odp/api/plat/packet_types.h @@ -151,6 +151,7 @@ typedef union { uint64_t l3_chksum_done:1; /**< L3 checksum validation done */ uint64_t l4_chksum_done:1; /**< L4 checksum validation done */ + uint64_t ipsec_udp:1; /**< UDP-encapsulated IPsec packet */ }; } _odp_packet_input_flags_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index f2130fc49..43fbafd5d 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -472,7 +472,7 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; - if (udp_encap) { + if (_ODP_IPPROTO_UDP == state->ip_next_hdr) { state->ip_hdr_len -= _ODP_UDPHDR_LEN; state->in.hdr_len += _ODP_UDPHDR_LEN; } diff --git a/platform/linux-generic/odp_packet.c b/platform/linux-generic/odp_packet.c index bdcb482fa..167f8cbc6 100644 --- a/platform/linux-generic/odp_packet.c +++ b/platform/linux-generic/odp_packet.c @@ -2141,6 +2141,17 @@ static inline void parse_udp(packet_parser_t *prs, if (odp_unlikely(udplen < sizeof(_odp_udphdr_t))) prs->error_flags.udp_err = 1; + if (odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT) == udp->dst_port && + udplen > 4) { + uint32_t val; + + memcpy(&val, udp + 1, 4); + if (val != 0) { + prs->input_flags.ipsec = 1; + prs->input_flags.ipsec_udp = 1; + } + } + if (offset) *offset += sizeof(_odp_udphdr_t); *parseptr += sizeof(_odp_udphdr_t); From patchwork Tue Dec 12 16:00:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121559 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4331396qgn; Tue, 12 Dec 2017 08:22:50 -0800 (PST) X-Google-Smtp-Source: ACJfBot/8REWMCNv/Ffbl8yVjKJzvl3Dfdn8elFWuXMZS71kmfqpzLf+5/dm+LMZ057OHjUBIkKB X-Received: by 10.237.55.226 with SMTP id j89mr6116652qtb.173.1513095770292; Tue, 12 Dec 2017 08:22:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095770; cv=none; d=google.com; s=arc-20160816; b=Axk6S5jxuFpWJNIFsafocigYSs0YEHJ1W9u4wPJVXHATSCuQc53fEhWEuGVKrP9Dzl nmq1b5mya64tpv3fUzasp8//ka1Bw+BjQeJeyh0HZqWYgITCfi2qz3gKnzL5v703rqX1 tN1b68Z10XPyMp/KbW7+QueKtn1bPmNmz7OjVE2z6fi5S1lOtqvYe1s+cnyfu2JTwBOH O9wxTxSne+D+W6soDfYC/WFvkfAOi0/L6UKg/r7MfoMpED1cMQzvYxZOHdIK2g9BNZLe aYGCu70cwKVC+rS66XoU6WIUwmxr1B4IO8E7/boz6GFI73EIqpwv7bkiBVa+GNnLzRei pkQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=kEfSQj4RoTs2dA94WPFCQaiQ3hed8A/hyLTh+2lxeh4=; b=bm2qHoT6bE+TZKegbZrvsWuY1jHnxNP1T2x9gGY5X/5xSZf60RKCguc1WV/RtVppsW ze9PMHHMeWujwTHCiOcsXqKNkYkv1yJ6SrbgEnAANgvURyuJQ0N/xGppFzssQIyKbHe8 yuqQoS2jJV9QnU1V7QjGks3ZaRyQ7bWG+lCJYrX6mg7hiih2uvbvA1LDKY6G+7L5JYuN lJXNGEEwNVPUS8haQdwbIuhHSyJ82euIvqytbZws6a+MY6cWYr4pYuVZTqlAfNL8ROKc J3KjmTCaYhxRWLugFC5stHdEmHstpNz1DzQQ1ZA4g0rZKEQ608kzqamoXw5GCsiRxQi1 RylQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id t22si9677056qtt.121.2017.12.12.08.22.50; Tue, 12 Dec 2017 08:22:50 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id ECBB0607FB; Tue, 12 Dec 2017 16:22:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 4579C60996; Tue, 12 Dec 2017 16:05:39 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 75D906064A; Tue, 12 Dec 2017 16:05:24 +0000 (UTC) Received: from forward106o.mail.yandex.net (forward106o.mail.yandex.net [37.140.190.187]) by lists.linaro.org (Postfix) with ESMTPS id 289396064A for ; Tue, 12 Dec 2017 16:00:40 +0000 (UTC) Received: from mxback7o.mail.yandex.net (mxback7o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::21]) by forward106o.mail.yandex.net (Yandex) with ESMTP id BCCA6781B2B for ; Tue, 12 Dec 2017 19:00:38 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback7o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id kzf4QnAaOc-0cxOpIBE; Tue, 12 Dec 2017 19:00:38 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0cFObaCX; Tue, 12 Dec 2017 19:00:38 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:18 +0300 Message-Id: <1513094423-671-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 11/16] validation: add UDP-encapsulated IPsec test cases X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ test/validation/api/ipsec/ipsec_test_in.c | 134 +++++++++++++++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 66 ++++++++++++++ test/validation/api/ipsec/test_vectors.h | 99 +++++++++++++++++++++ 3 files changed, 299 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 15e1fe14f..6262f4cb5 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -376,6 +376,69 @@ static void test_in_ipv4_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv4_esp_udp_null_sha256_lookup(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; @@ -1317,6 +1380,69 @@ static void test_in_ipv6_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_in_ipv6_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_udp_null_sha256_lookup(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -1372,6 +1498,10 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_udp_null_sha256_lookup, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, @@ -1410,5 +1540,9 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_udp_null_sha256_lookup, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index f4e71dced..2ee8a1319 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -283,6 +283,37 @@ static void test_out_ipv4_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; @@ -695,6 +726,37 @@ static void test_out_ipv6_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_out_ipv6_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -716,6 +778,8 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, @@ -740,5 +804,7 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 211f349d0..a6b8616b6 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -517,6 +517,53 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_udp_null_sha256_1 = { + .len = 178, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x11, 0xab, 0xf3, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* UDP encap */ + 0x11, 0x94, 0x11, 0x94, 0x00, 0x90, 0x00, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0xe9, 0x81, 0xcd, 0x65, 0x9b, 0x25, 0x0b, 0x33, + 0xe2, 0xf3, 0x83, 0xf1, 0x6d, 0x14, 0xb4, 0x1f, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, @@ -1683,4 +1730,56 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = { }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_udp_null_sha256_1 = { + .len = 206, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x98, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x11, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* UDP encap */ + 0x11, 0x94, 0x11, 0x94, 0x00, 0x90, 0x00, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x3a, + + /* ICV */ + 0x20, 0xa6, 0x89, 0x7b, 0x0a, 0x52, 0x5b, 0xca, + 0x98, 0x56, 0xd1, 0xfe, 0x56, 0xc7, 0xa4, 0x5b, + }, +}; + #endif From patchwork Tue Dec 12 16:00:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121558 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4329086qgn; Tue, 12 Dec 2017 08:20:54 -0800 (PST) X-Google-Smtp-Source: ACJfBotCiOjPma2Ec8OKFajUsW4sWl2PnvAXAEv84IIs48S3KQALoMjs6763cqiLZyAMOTKUqC1T X-Received: by 10.55.18.92 with SMTP id c89mr6059173qkh.297.1513095653880; Tue, 12 Dec 2017 08:20:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095653; cv=none; d=google.com; s=arc-20160816; b=KRgd4WSK+aMLpVSxZzHKDpoh+reDA7WLaWgzzXDt4ivRf4icmtNh/yHbBMkGOxOyN6 tjWOWLW0JOuvWcK4mBh+Emq/Eip8ypig4B+xdYQyBcK/Ch+rOEjfjmXDkmafnUjkFgrm w6iSaHfPoGKAs9OOQeHkIugzZMmGBIINYtVaSwmOK8dHIyJrp2L/V0pUxc08/TJv3nQC h5t2e+fcvXZ5P9JpPgKi2B0NHNm/POCimqt14SwPJklOwL8sTtx2+hdqsYuo83Sk/HkX mTG6ibHeCqVSHrsc3Dk2RtI1OP3/RBTu8k6w1zYYTqkbucS+eQlEDHgDhZQd3RrGqt0q Dvhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=2A71flASoKAYLuhmZwayB5b9a4jOt8yxr8ut4QWQzhc=; b=kQ9mrJquDbHOvZTpFMVUPH4oEGQVvSDbGNUukqAgrp62fOJXQZ/eluFcn4zHIeWVQ3 SC5Enm2ab/3kiXv1DMfs5AR1Tgk6r4JfACT9pIKA53yaRA/KsUB1ZCwHtH8xgUel2f9J ugweoq2I6hVcvbTNWek4QcbYW73juD1E0vzfi6g3x1EPgQT6nKu5kyQnUxoPAET5Tylq j+sErYEa1t4TtbciyuqYbLW0JcRuMEvf1A1DgC8pp5FvYSGr4P9L8+UUAre/8g1zQ0sL QWkuOVs9vTb9Ff6kdv1INiJVP9KwMBNYYh0/hZ6PMwClxKWeQowLIgQ8Nzs8ANWWVmoq nFFw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id p88si1533819qtd.225.2017.12.12.08.20.53; Tue, 12 Dec 2017 08:20:53 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6E5C860800; Tue, 12 Dec 2017 16:20:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id E7F4F6098A; Tue, 12 Dec 2017 16:05:31 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id D123D608EE; Tue, 12 Dec 2017 16:05:20 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id 5DABE608EE for ; Tue, 12 Dec 2017 16:00:40 +0000 (UTC) Received: from mxback13j.mail.yandex.net (mxback13j.mail.yandex.net [IPv6:2a02:6b8:0:1619::88]) by forward106j.mail.yandex.net (Yandex) with ESMTP id 4C0FB1801865 for ; Tue, 12 Dec 2017 19:00:39 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback13j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id GeoO8yCXby-0dAqVqRc; Tue, 12 Dec 2017 19:00:39 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0cFSMlhT; Tue, 12 Dec 2017 19:00:38 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:19 +0300 Message-Id: <1513094423-671-13-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 12/16] linux-gen: ipsec: store mtu and frag_mode in SA X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ platform/linux-generic/include/odp_ipsec_internal.h | 2 ++ platform/linux-generic/odp_ipsec_sad.c | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 822c9016b..c6f241fac 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -156,6 +156,8 @@ struct ipsec_sa_s { struct { odp_atomic_u64_t counter; /* for CTR/GCM */ odp_atomic_u32_t seq; + odp_ipsec_frag_mode_t frag_mode; + uint32_t mtu; union { struct { diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 82b3c4522..2d6321166 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -230,6 +230,8 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); + ipsec_sa->out.frag_mode = param->outbound.frag_mode; + ipsec_sa->out.mtu = param->outbound.mtu; } ipsec_sa->dec_ttl = param->opt.dec_ttl; ipsec_sa->copy_dscp = param->opt.copy_dscp; @@ -489,10 +491,16 @@ uint64_t odp_ipsec_sa_to_u64(odp_ipsec_sa_t sa) int odp_ipsec_sa_mtu_update(odp_ipsec_sa_t sa, uint32_t mtu) { - (void)sa; - (void)mtu; + ipsec_sa_t *ipsec_sa; + + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); - return -1; + ipsec_sa->out.mtu = mtu; + + _odp_ipsec_sa_unuse(ipsec_sa); + + return 0; } ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) From patchwork Tue Dec 12 16:00:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121560 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4331663qgn; Tue, 12 Dec 2017 08:23:01 -0800 (PST) X-Google-Smtp-Source: ACJfBouIDY5k1giXpckNXNg+GtwqBy+BdXd9zI6eC1CXWKiXMAsaPIniCnWRQ5fztHEc63n85qAM X-Received: by 10.55.126.198 with SMTP id z189mr6391949qkc.100.1513095781626; Tue, 12 Dec 2017 08:23:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095781; cv=none; d=google.com; s=arc-20160816; b=o5S2JtCng1sucnM0JD2YYy8t9d6fpmwoWlutCqpQZznmeu/XN5p0C22j0Y3U+IqU6A dQsy2wMOOT+Q42RPNqzi+Z7Lv5I8f40TxdTNGYR6cuj9xTwzmtCst0BN/q8RmD32WVqg ZuJLlP1y/xwxBXDr/iqWoBBWHJvcXNfvoM06qowLQ1YPzIFkJ0o7qTLAoiEEYPtj/JR/ 5blwmy+3yZStRmo5M+fFEwhzUKK9XBtArRx5ouO12iFNZPmDkTFJazMy0q5G9LsJTMFz bH73ycoKD4Io/GzG+qIlm0rZrbv3kkwAILJLeVRbmuERYZNcOThUSbADVYwCy/89dL3Q WFAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=tx3BuWDEDSehtE1Y3DWh/0cXTpc/Z9Lqt9HhgwBnPuk=; b=BSc0F4JgmU6RzyCjjQ72NUw0kqelXMoFxGH6vUoVAEr5h0Mx25pr5IX8F31NIajbM0 HnD0IHERcHFwMRvAcncdg4wD+eSq2HIIxKYEMQHE8F2wf3NLy+tEZox8dRrJIvq87leh UJbldfsoRft8lBQuBs2xrSqsZ9voEp7sPGKMwqioAdUTZ/SU6uhP9+CzcGS0f6HVh+4I aDiQ6/JzUfGQowN3UdOp0S/B0pEBOFAws4mXRc4rAwzX2Sntivi6F3f4iy3JTvzcdyxZ bWvBt9hMQBw7C8L+NPHTSA/VcWWAm44tixuzxoS8fpuM4aEgGzcZuHAfA5vORJ10QRBX ps/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id x15si1250915qth.269.2017.12.12.08.23.01; Tue, 12 Dec 2017 08:23:01 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 39DA760888; Tue, 12 Dec 2017 16:23:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id E2CD8608AC; Tue, 12 Dec 2017 16:05:45 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id C1ADB6099D; Tue, 12 Dec 2017 16:05:39 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id D876E608E7 for ; Tue, 12 Dec 2017 16:00:40 +0000 (UTC) Received: from mxback8g.mail.yandex.net (mxback8g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:169]) by forward106j.mail.yandex.net (Yandex) with ESMTP id D0C0C180331F for ; Tue, 12 Dec 2017 19:00:39 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback8g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id cufZblr47h-0dtOP9Te; Tue, 12 Dec 2017 19:00:39 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0dFejLLl; Tue, 12 Dec 2017 19:00:39 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:20 +0300 Message-Id: <1513094423-671-14-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 13/16] linux-gen: ipsec: support ODP_IPSEC_FRAG_CHECK X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Support checking MTU after IPsec transformation. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ platform/linux-generic/odp_ipsec.c | 39 ++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 43fbafd5d..6568924a3 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -990,7 +990,8 @@ static int ipsec_out_esp(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, odp_crypto_packet_op_param_t *param, - odp_ipsec_op_status_t *status) + odp_ipsec_op_status_t *status, + uint32_t mtu) { _odp_esphdr_t esp; _odp_esptrl_t esptrl; @@ -1026,6 +1027,11 @@ static int ipsec_out_esp(odp_packet_t *pkt, udphdr.chksum = 0; /* should be 0 by RFC */ } + if (state->ip_tot_len + hdr_len + trl_len > mtu) { + status->error.mtu = 1; + return -1; + } + if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; return -1; @@ -1124,7 +1130,8 @@ static int ipsec_out_ah(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, odp_crypto_packet_op_param_t *param, - odp_ipsec_op_status_t *status) + odp_ipsec_op_status_t *status, + uint32_t mtu) { _odp_ahhdr_t ah; unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + @@ -1132,6 +1139,11 @@ static int ipsec_out_ah(odp_packet_t *pkt, uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; uint8_t proto = _ODP_IPPROTO_AH; + if (state->ip_tot_len + hdr_len > mtu) { + status->error.mtu = 1; + return -1; + } + memset(&ah, 0, sizeof(ah)); ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); @@ -1228,7 +1240,7 @@ static void ipsec_out_ah_post(ipsec_state_t *state, odp_packet_t pkt) static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, odp_ipsec_sa_t sa, odp_packet_t *pkt_out, - const odp_ipsec_out_opt_t *opt ODP_UNUSED, + const odp_ipsec_out_opt_t *opt, odp_ipsec_op_status_t *status) { ipsec_state_t state; @@ -1237,6 +1249,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, int rc; odp_crypto_packet_result_t crypto; /**< Crypto operation result */ odp_packet_hdr_t *pkt_hdr; + uint32_t mtu; state.ip_offset = odp_packet_l3_offset(pkt); ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); @@ -1247,6 +1260,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_use(sa); ODP_ASSERT(NULL != ipsec_sa); + if ((opt && opt->mode == ODP_IPSEC_FRAG_CHECK) || + (!opt && ipsec_sa->out.frag_mode == ODP_IPSEC_FRAG_CHECK)) + mtu = ipsec_sa->out.mtu; + else + mtu = UINT32_MAX; + /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); @@ -1281,9 +1300,9 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, } if (ODP_IPSEC_ESP == ipsec_sa->proto) { - rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status); + rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status, mtu); } else if (ODP_IPSEC_AH == ipsec_sa->proto) { - rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status); + rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status, mtu); } else { status->error.alg = 1; goto err; @@ -1401,10 +1420,6 @@ int odp_ipsec_in(const odp_packet_t pkt_in[], int num_in, return in_pkt; } -static const odp_ipsec_out_opt_t default_opt = { - .mode = ODP_IPSEC_FRAG_DISABLED, -}; - int odp_ipsec_out(const odp_packet_t pkt_in[], int num_in, odp_packet_t pkt_out[], int *num_out, const odp_ipsec_out_param_t *param) @@ -1433,7 +1448,7 @@ int odp_ipsec_out(const odp_packet_t pkt_in[], int num_in, ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; @@ -1540,7 +1555,7 @@ int odp_ipsec_out_enq(const odp_packet_t pkt_in[], int num_in, ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; @@ -1635,7 +1650,7 @@ int odp_ipsec_out_inline(const odp_packet_t pkt_in[], int num_in, } if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; From patchwork Tue Dec 12 16:00:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121562 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4333462qgn; Tue, 12 Dec 2017 08:24:32 -0800 (PST) X-Google-Smtp-Source: ACJfBov9Ka/d2+uLlMkxo+Iqv7wlfC9326lx9unjQfkIdal1SEekp4lOvD0Z2O911I90P0qjTQ56 X-Received: by 10.55.106.131 with SMTP id f125mr5915479qkc.88.1513095872387; Tue, 12 Dec 2017 08:24:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095872; cv=none; d=google.com; s=arc-20160816; b=AAGbydnFMdNe6/Sc/GPz3aIX7vaL812R5huXeo2XP/nvNRzAw89JWSK3CkiGDcm1X0 z+Vv4izcpdRtLQdvRHAVO6ssyyW1DHYRuOAfVxR2UWrmK9oEjQ5n1gRG3WAUGDuSGtXk f1MZ2+fKGlGyIp5HXFDq5jYDmrE7kzobqiLZZHoiPDp8RkVkdzbErD9bmCzkhxXMJPT+ fXHGogbW5sZb4x4Zm2B9EHQSsc3rpn2kFDXNtz6tolMzJFFU8Vni2gBIkXDVn35WgIlM Ox0/gpvFt5tLGwucAjf00COIrfdF0A8klbbjlHrvH1cylaFNH/qAgHENCKEFeCxT33Ti mTwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=ZaxjbeNmdxXGCtD4SnpGd8OO/R5dsLqzLyIiY+AnVss=; b=k6ZBc0zMRzNFfyatxPAd0fekuj7e1LGK3w1pJ8ZN4RUT+mrWq9K50F+cnGvp6QKvBz 8UPskxJT8+iZ2E1ACY0BIfWmMneBHPTcF3EDWBgKAXIC7mwo3IIt/sjNf6T3GlAWWC0x tVgNtxzEV93wlj+tJAN6mrK8XYjNKQrmbkBGwOm4083nKo8rKsUOG8nCvjM8Y+4Y9Nnh KHGNcw1eNqTK1BWSwoSFVfdekBEGt42vEx5t/5kWQJGupIijOR7epiBgEMjh0YONdXeZ mVHKnwD8e4W+1zyaAxBwP4qlvy9J65uAoKoxK552EWPG/Z5CrQsRHsWG1yLUlm50ykdF ehmA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id c67si787875qkf.208.2017.12.12.08.24.32; Tue, 12 Dec 2017 08:24:32 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 0A5776088A; Tue, 12 Dec 2017 16:24:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 8A0B16099C; Tue, 12 Dec 2017 16:05:53 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5213B608ED; Tue, 12 Dec 2017 16:05:43 +0000 (UTC) Received: from forward100o.mail.yandex.net (forward100o.mail.yandex.net [37.140.190.180]) by lists.linaro.org (Postfix) with ESMTPS id DDB36608AC for ; Tue, 12 Dec 2017 16:00:41 +0000 (UTC) Received: from mxback11j.mail.yandex.net (mxback11j.mail.yandex.net [IPv6:2a02:6b8:0:1619::84]) by forward100o.mail.yandex.net (Yandex) with ESMTP id 565C62A23BF0 for ; Tue, 12 Dec 2017 19:00:40 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback11j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 3a4YWH5NeI-0eSC7r6f; Tue, 12 Dec 2017 19:00:40 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0dFCOw1X; Tue, 12 Dec 2017 19:00:39 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:21 +0300 Message-Id: <1513094423-671-15-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 14/16] validation: ipsec: fix out inline with NULL pkt_out X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov pkt_out can be NULL if we expect an error. IPsec outbound inline needs proper outer header to function. Pass L2 header from inbound packet if outbound packet is NULL. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ test/validation/api/ipsec/ipsec.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 7b39c2c5a..aa46a236e 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -583,10 +583,18 @@ static int ipsec_send_out_one(const ipsec_test_part *part, } else { struct odp_ipsec_out_inline_param_t inline_param; odp_queue_t queue; - uint32_t hdr_len = part->out[0].pkt_out->l3_offset; - uint8_t hdr[hdr_len]; + uint32_t hdr_len; + uint8_t hdr[32]; - memcpy(hdr, part->out[0].pkt_out->data, hdr_len); + if (NULL != part->out[0].pkt_out) { + hdr_len = part->out[0].pkt_out->l3_offset; + CU_ASSERT_FATAL(hdr_len <= sizeof(hdr)); + memcpy(hdr, part->out[0].pkt_out->data, hdr_len); + } else { + hdr_len = part->pkt_in->l3_offset; + CU_ASSERT_FATAL(hdr_len <= sizeof(hdr)); + memcpy(hdr, part->pkt_in->data, hdr_len); + } inline_param.pktio = suite_context.pktio; inline_param.outer_hdr.ptr = hdr; inline_param.outer_hdr.len = hdr_len; From patchwork Tue Dec 12 16:00:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121563 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4334082qgn; Tue, 12 Dec 2017 08:25:05 -0800 (PST) X-Google-Smtp-Source: ACJfBotLnkj+zixPN1CmWOtGis1rM3bAGvNbPVOaMZjP5lJZcBCovdlxzuZNGcrTMqLWlYq0hB2R X-Received: by 10.200.27.36 with SMTP id y33mr6502231qtj.291.1513095905296; Tue, 12 Dec 2017 08:25:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095905; cv=none; d=google.com; s=arc-20160816; b=qJF7GBXbSzW0cpeGYvafTsigdQH4Gb/ifEOsFLm+hxLtEG+TmhOwkgte0x9ZDQ2snQ ZpEoXhrRmOrPT/apC++m3WGEz820K10+QbZZX9vq16NA9NXPft+nsXKzJMs5PhPK1IAZ AlLsHXWpKvPaseq5YbETIOh8bmEbGDRlSDONko8FpdUxdPsbjdzCic88CHJgsYzqRsOY DDi2uVAxfh5uuD70y+VXpxyVioAWPROkgmckBBgcSa/UamMHYnco1b4ZJVv1us5gzhSk FE90TPbMInHpoWkcKTYjXbmpjzIHjwdVGttBGHRgmt5L6IoLajQwGHBnDL23OErLjWW8 z8sQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=D1TSa/c7qh4IEUFv8/XFczWclZI8soU/fhvjHiSe7oE=; b=LfEDGVBIwzbpwy9IbHmZwnJ285nglPCPeIkyOifd4cioXhKP44KIuioJ6kqNpDJmGD qkQdY23aYqHq9i/xSwbvQL4+S4uIbINAYjTVUfKtmg3sOuqqFsmtMaarszNDmAw+XsvH y2wIbp1VE2MSkS9bCwbJXqwMqsEUqYxxFBFvJLlEgljtuXT6GanGivlQHyoHMUOGHaYW aPEUmyU4dG5Y2GaCS2HlBhLday9fIvC8m5Twi/siMLu677rvB9p5rWSbpp+IyGutPR7y cxVQgR3FlYtpKXm30DDSxuYmT51S0GNWJPV30BfqbhGOekWwTMesuCA6MR5zY4+35SOJ qlGA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 89si306567qtf.448.2017.12.12.08.25.04; Tue, 12 Dec 2017 08:25:05 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 72E8C6084F; Tue, 12 Dec 2017 16:25:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id E3805608F6; Tue, 12 Dec 2017 16:05:57 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3B49460983; Tue, 12 Dec 2017 16:05:47 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id 0FBF560696 for ; Tue, 12 Dec 2017 16:00:48 +0000 (UTC) Received: from mxback13j.mail.yandex.net (mxback13j.mail.yandex.net [IPv6:2a02:6b8:0:1619::88]) by forward100p.mail.yandex.net (Yandex) with ESMTP id EE2805101693 for ; Tue, 12 Dec 2017 19:00:40 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback13j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id R0R1q3lwXV-0eAmMw7t; Tue, 12 Dec 2017 19:00:40 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0eFStTHH; Tue, 12 Dec 2017 19:00:40 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:22 +0300 Message-Id: <1513094423-671-16-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 15/16] validation: ipsec: add ODP_IPSEC_FRAG_CHECK checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ test/validation/api/ipsec/ipsec.c | 4 +- test/validation/api/ipsec/ipsec.h | 2 + test/validation/api/ipsec/ipsec_test_out.c | 194 +++++++++++++++++++++++++++++ 3 files changed, 198 insertions(+), 2 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index aa46a236e..097216730 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -556,8 +556,8 @@ static int ipsec_send_out_one(const ipsec_test_part *part, memset(¶m, 0, sizeof(param)); param.num_sa = 1; param.sa = &sa; - param.num_opt = 0; - param.opt = NULL; + param.num_opt = part->num_opt; + param.opt = &part->opt; if (ODP_IPSEC_OP_MODE_SYNC == suite_context.outbound_op_mode) { CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&pkt, 1, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index 9a24dd38c..f2ebd388c 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -45,6 +45,8 @@ typedef struct { typedef struct { const ipsec_test_packet *pkt_in; odp_bool_t lookup; + int num_opt; + odp_ipsec_out_opt_t opt; int out_pkt; struct { odp_ipsec_op_status_t status; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 2ee8a1319..4751e6ec8 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -500,6 +500,192 @@ static void test_out_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_ah_sha256_frag_check(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .num_opt = 1, + .opt = { .mode = ODP_IPSEC_FRAG_DISABLED, }, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_ah_sha256_frag_check_2(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + odp_ipsec_sa_mtu_update(sa, 256); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_esp_null_sha256_frag_check(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .num_opt = 1, + .opt = { .mode = ODP_IPSEC_FRAG_DISABLED, }, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_esp_null_sha256_frag_check_2(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + odp_ipsec_sa_mtu_update(sa, 256); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv6_ah_sha256(void) { odp_ipsec_sa_param_t param; @@ -792,6 +978,14 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check_2, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_frag_check, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_frag_check_2, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv4, From patchwork Tue Dec 12 16:00:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121561 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4332679qgn; Tue, 12 Dec 2017 08:23:52 -0800 (PST) X-Google-Smtp-Source: ACJfBotHkwwnNHyk0ENztXb0RsC3qDBZejFUfQgAuFZlxuQujT3Tq/QaNXkAqgn7aO7rTMW9Sia0 X-Received: by 10.55.109.4 with SMTP id i4mr5917881qkc.17.1513095832509; Tue, 12 Dec 2017 08:23:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513095832; cv=none; d=google.com; s=arc-20160816; b=CrGpoUgH9Y/moTZNdAYBzkjH+zOZ9vs23f8ftphWwyHTXnFVsrebhaaYEVZEDrqTPo R0OMJDP3Lhr3bXADV/Or2K7RX5MSCqXPd9vSJPgUP3cNUxX4tnzPtnpJ5XYdnaVAbMiH LpjrnrfRZ6VTuQZU3xwEvAilqyo3UwA875PIR7LdTSfF5EpRaLZqDyoPPyn9AuVF+d8K N6JHqWZfxkiAOeZcGd6/bxUvFy96qvTRB7orcs1ry9qXYkeJtRR4iZovIau6eyKsmMm2 Z/Rag7HFXQbraclwd4Cg4Rtbh8psPzolOM993RuGm0xDg7ln/RAgWhZaRKmrtcnSr6AU hrxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=7EYvM/CvsPNRByW33pxnZ5SWisXvwlifBm0yevtICp8=; b=Xc0Dur9K3uJSDmZLNX8K+ekW/xLierd2zo2jI3BgJ99VbUTcNjVAKiKfvZq/YOxtTE G4bZBncjmWQSkAkXTJHYzqgsLOd/aWALUo7CfO/bM07mqC4sckVbt8S1eoL94qbxGuPK HaJSZ1y5gM6CUpErAtWsjbYzdYq8Q+QdtW2IMTxfQeiZ8qGUH0OA3Aunafxjbu1QQqg6 IGBXU7zdqWMOmBrjo4lpDBOXNTtCOmDq+OLN82hqaxM0QCITvkkZahUNnV+OVA9hWBd/ v7VasrfrDeGOenrn0wIQbeqJQFN8lVgaVVzpKoCmXwbKFpJ9NIUZh7DIy++AcvtGnkHg RiXg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id d26si9298374qta.64.2017.12.12.08.23.52; Tue, 12 Dec 2017 08:23:52 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 36273608DF; Tue, 12 Dec 2017 16:23:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 43556608ED; Tue, 12 Dec 2017 16:05:49 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id B4C16608ED; Tue, 12 Dec 2017 16:05:42 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id A97F6608ED for ; Tue, 12 Dec 2017 16:00:42 +0000 (UTC) Received: from mxback7j.mail.yandex.net (mxback7j.mail.yandex.net [IPv6:2a02:6b8:0:1619::110]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 78B526A838DE for ; Tue, 12 Dec 2017 19:00:41 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback7j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id T6ydH33CBw-0fIOVS9c; Tue, 12 Dec 2017 19:00:41 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id P8VUaNg7sx-0eF4ngcO; Tue, 12 Dec 2017 19:00:41 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 19:00:23 +0300 Message-Id: <1513094423-671-17-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513094423-671-1-git-send-email-odpbot@yandex.ru> References: <1513094423-671-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v11 16/16] linux-gen: ipsec: pass checksum flags to packet parsing code X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Pass checksum and protocol parsing flags to packet parsing code. Checksum checks are not yet implemented by odp_packet_parse, it will be done later. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: 2212038b2ceac423819d283ce07106fabe438631 **/ platform/linux-generic/odp_ipsec.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6568924a3..c27de1d51 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -605,6 +605,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, odp_crypto_packet_op_param_t param; int rc; odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_parse_param_t parse_param; odp_packet_hdr_t *pkt_hdr; state.ip_offset = odp_packet_l3_offset(pkt); @@ -770,15 +771,15 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; } - pkt_hdr = odp_packet_hdr(pkt); - - packet_parse_reset(pkt_hdr); + parse_param.proto = state.is_ipv4 ? + ODP_PROTO_IPV4: + ODP_PROTO_IPV6; + parse_param.layer = ipsec_config.inbound.parse; + parse_param.chksums = ipsec_config.inbound.chksums; - packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - state.ip_offset, - state.is_ipv4 ? - _ODP_ETHTYPE_IPV4 : - _ODP_ETHTYPE_IPV6); + /* We do not care about return code here. + * Parsing error should not result in IPsec error. */ + odp_packet_parse(pkt, state.ip_offset, &parse_param); *pkt_out = pkt;