From patchwork Tue Dec 12 17:00:32 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121576 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4379964qgn; Tue, 12 Dec 2017 09:06:37 -0800 (PST) X-Google-Smtp-Source: ACJfBovJaQ7SI0MH01cpYGiXWYyl8fzbCZokTrHOo7F4tLdSlC29mJOAoYMV0xOuhxQvXrEaTE52 X-Received: by 10.55.130.3 with SMTP id e3mr6227857qkd.248.1513098396837; Tue, 12 Dec 2017 09:06:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513098396; cv=none; d=google.com; s=arc-20160816; b=w8pSeiXZ9YwEiWRKAI8xqqKlaPbkyky8/Cps1JJtLdZLXM337VNp9uY/9I3Yx+WMgs v273X1zAyc8om453eHXCNZgKM1M5rzZI1bQefgk+UwzlGaggIZjRCsJl6puNXteWnGQ+ uKi7s1OKQIXnCoaOAecj9vPjLFjwdUReavpf/sVUxlfYwaC1YppNHqVVRoMQF47q2Va2 gQLdDOGelYyZK5VHiacitIaAmsZfS14DOgOLhqBZdAloPssoKs1MUJ4MgEPmkHIqH9k3 bn+P++r2SF8GZueXfXZFi9Hp1SivDXvJQd2dy3os3Oi7w1UDqMSDhqZjbtLoxcVOlwrC MBaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=WMSgvxIOuDfAxlMP8tIAWnUEkEh+qor54Fi9+ChbnT8=; b=TfIgZz8jDpu5Fv0PzmxgColjAgNU/qgOQiHq3gDVATCLRjQdW2R+uPP/lTBQwvgebw p8B803SxBS1enSuR9sBCIKdXUF8UeUpfaiemkELt+w6xCJOuc/Y03iAs4rmKXlgAyeUW EiqzJ0ANmLonbjvm4jWvxHdu6ly5O2wYquLUzfWf/clojcFfv6gPadk6/+fOOwGv1VhZ +yncV+ohJQr/z0a/CSLiKAFoNplM3UGNJskl+IFvmAJKrtIxpLJ1ekOYnXd16KbMdLSN JWqiFICXlJT6C3k58V099rARkXdWyFpLah6Esk9srsyOw/62PjAPLd1G9VFzcUReZICW ZxtA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id v6si6418196qtv.466.2017.12.12.09.06.36; Tue, 12 Dec 2017 09:06:36 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6BB726084F; Tue, 12 Dec 2017 17:06:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 95F086083F; Tue, 12 Dec 2017 17:01:52 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 367F760607; Tue, 12 Dec 2017 17:01:26 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id 4603560646 for ; Tue, 12 Dec 2017 17:00:51 +0000 (UTC) Received: from mxback3o.mail.yandex.net (mxback3o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1d]) by forward100p.mail.yandex.net (Yandex) with ESMTP id 9B5965102992 for ; Tue, 12 Dec 2017 20:00:49 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback3o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 2cYtJ8Op3o-0n80FEPs; Tue, 12 Dec 2017 20:00:49 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-0m9OhRow; Tue, 12 Dec 2017 20:00:48 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:32 +0300 Message-Id: <1513098047-19804-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 1/16] validation: ipsec: add ipv4 name parts X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov In preparation to add IPv6 support, add ipv4 everywhere (to test packets and to test names). Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ test/validation/api/ipsec/ipsec_test_in.c | 230 ++++++++++++++--------------- test/validation/api/ipsec/ipsec_test_out.c | 125 +++++----------- test/validation/api/ipsec/test_vectors.h | 38 +++-- 3 files changed, 178 insertions(+), 215 deletions(-) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 294e4a5d6..daafaf69a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -10,7 +10,7 @@ #include "test_vectors.h" -static void test_in_ah_sha256(void) +static void test_in_ipv4_ah_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -26,12 +26,12 @@ static void test_in_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -40,7 +40,7 @@ static void test_in_ah_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_tun(void) +static void test_in_ipv4_ah_sha256_tun_ipv4(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -57,12 +57,12 @@ static void test_in_ah_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -71,7 +71,7 @@ static void test_in_ah_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_tun_notun(void) +static void test_in_ipv4_ah_sha256_tun_ipv4_notun(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -87,12 +87,12 @@ static void test_in_ah_sha256_tun_notun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ipip }, + .pkt_out = &pkt_ipv4_icmp_0_ipip }, }, }; @@ -101,7 +101,7 @@ static void test_in_ah_sha256_tun_notun(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256(void) +static void test_in_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -117,12 +117,12 @@ static void test_in_esp_null_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -131,7 +131,7 @@ static void test_in_esp_null_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_cbc_null(void) +static void test_in_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -147,12 +147,12 @@ static void test_in_esp_aes_cbc_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_cbc_null_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_null_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -161,7 +161,7 @@ static void test_in_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_cbc_sha256(void) +static void test_in_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -177,12 +177,12 @@ static void test_in_esp_aes_cbc_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_cbc_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -191,7 +191,7 @@ static void test_in_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_ctr_null(void) +static void test_in_ipv4_esp_aes_ctr_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -207,12 +207,12 @@ static void test_in_esp_aes_ctr_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_ctr_null_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_ctr_null_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -221,7 +221,7 @@ static void test_in_esp_aes_ctr_null(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_ah_sha256(void) +static void test_in_ipv4_ah_sha256_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -237,13 +237,13 @@ static void test_in_lookup_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .lookup = 1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -252,7 +252,7 @@ static void test_in_lookup_ah_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_esp_null_sha256(void) +static void test_in_ipv4_esp_null_sha256_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -268,13 +268,13 @@ static void test_in_lookup_esp_null_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .lookup = 1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -283,7 +283,7 @@ static void test_in_lookup_esp_null_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_tun(void) +static void test_in_ipv4_esp_null_sha256_tun_ipv4(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -300,12 +300,12 @@ static void test_in_esp_null_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_tun_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -314,7 +314,7 @@ static void test_in_esp_null_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_noreplay(void) +static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -331,22 +331,22 @@ static void test_in_ah_sha256_noreplay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -358,7 +358,7 @@ static void test_in_ah_sha256_noreplay(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_replay(void) +static void test_in_ipv4_ah_sha256_replay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -375,17 +375,17 @@ static void test_in_ah_sha256_replay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_repl = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -395,12 +395,12 @@ static void test_in_ah_sha256_replay(void) }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -412,7 +412,7 @@ static void test_in_ah_sha256_replay(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_noreplay(void) +static void test_in_ipv4_esp_null_sha256_noreplay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -429,22 +429,22 @@ static void test_in_esp_null_sha256_noreplay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -456,7 +456,7 @@ static void test_in_esp_null_sha256_noreplay(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_replay(void) +static void test_in_ipv4_esp_null_sha256_replay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -473,17 +473,17 @@ static void test_in_esp_null_sha256_replay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_repl = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -493,12 +493,12 @@ static void test_in_esp_null_sha256_replay(void) }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -510,13 +510,13 @@ static void test_in_esp_null_sha256_replay(void) ipsec_sa_destroy(sa); } -static void test_in_ah_esp_pkt(void) +static void test_in_ipv4_ah_esp_pkt(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; /* This test will not work properly inbound inline mode. - * test_in_lookup_ah_esp_pkt will be used instead. */ + * test_in_ipv4_ah_esp_pkt_lookup will be used instead. */ if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) return; @@ -531,7 +531,7 @@ static void test_in_ah_esp_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -545,13 +545,13 @@ static void test_in_ah_esp_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_esp_ah_pkt(void) +static void test_in_ipv4_esp_ah_pkt(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; /* This test will not work properly inbound inline mode. - * test_in_lookup_esp_ah_pkt will be used instead. */ + * test_in_ipv4_esp_ah_pkt_lookup will be used instead. */ if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) return; @@ -566,7 +566,7 @@ static void test_in_esp_ah_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -580,7 +580,7 @@ static void test_in_esp_ah_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_ah_esp_pkt(void) +static void test_in_ipv4_ah_esp_pkt_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -596,7 +596,7 @@ static void test_in_lookup_ah_esp_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .lookup = 1, .out_pkt = 1, .out = { @@ -611,7 +611,7 @@ static void test_in_lookup_ah_esp_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_esp_ah_pkt(void) +static void test_in_ipv4_esp_ah_pkt_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -627,7 +627,7 @@ static void test_in_lookup_esp_ah_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .lookup = 1, .out_pkt = 1, .out = { @@ -642,7 +642,7 @@ static void test_in_lookup_esp_ah_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_bad1(void) +static void test_in_ipv4_ah_sha256_bad1(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -658,7 +658,7 @@ static void test_in_ah_sha256_bad1(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1_bad1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1_bad1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -672,7 +672,7 @@ static void test_in_ah_sha256_bad1(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_bad2(void) +static void test_in_ipv4_ah_sha256_bad2(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -688,7 +688,7 @@ static void test_in_ah_sha256_bad2(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1_bad2, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1_bad2, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -702,7 +702,7 @@ static void test_in_ah_sha256_bad2(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_bad1(void) +static void test_in_ipv4_esp_null_sha256_bad1(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -718,7 +718,7 @@ static void test_in_esp_null_sha256_bad1(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1_bad1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1_bad1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -732,7 +732,7 @@ static void test_in_esp_null_sha256_bad1(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_5_esp(void) +static void test_in_ipv4_rfc3602_5_esp(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -762,7 +762,7 @@ static void test_in_rfc3602_5_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_6_esp(void) +static void test_in_ipv4_rfc3602_6_esp(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -792,7 +792,7 @@ static void test_in_rfc3602_6_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_7_esp(void) +static void test_in_ipv4_rfc3602_7_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -823,7 +823,7 @@ static void test_in_rfc3602_7_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_8_esp(void) +static void test_in_ipv4_rfc3602_8_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -854,7 +854,7 @@ static void test_in_rfc3602_8_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_2_esp(void) +static void test_in_ipv4_mcgrew_gcm_2_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -885,7 +885,7 @@ static void test_in_mcgrew_gcm_2_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_3_esp(void) +static void test_in_ipv4_mcgrew_gcm_3_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -916,7 +916,7 @@ static void test_in_mcgrew_gcm_3_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_4_esp(void) +static void test_in_ipv4_mcgrew_gcm_4_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -947,7 +947,7 @@ static void test_in_mcgrew_gcm_4_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_12_esp(void) +static void test_in_ipv4_mcgrew_gcm_12_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -978,7 +978,7 @@ static void test_in_mcgrew_gcm_12_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_15_esp(void) +static void test_in_ipv4_mcgrew_gcm_15_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -1009,7 +1009,7 @@ static void test_in_mcgrew_gcm_15_esp(void) ipsec_sa_destroy(sa); } -static void test_in_ah_aes_gmac_128(void) +static void test_in_ipv4_ah_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -1025,12 +1025,12 @@ static void test_in_ah_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_aes_gmac_128_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_aes_gmac_128_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -1039,7 +1039,7 @@ static void test_in_ah_aes_gmac_128(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_aes_gmac_128(void) +static void test_in_ipv4_esp_null_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -1055,12 +1055,12 @@ static void test_in_esp_null_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_aes_gmac_128_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -1078,71 +1078,71 @@ static void ipsec_test_capability(void) odp_testinfo_t ipsec_in_suite[] = { ODP_TEST_INFO(ipsec_test_capability), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_5_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_5_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_6_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_6_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_7_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_7_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_8_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_8_esp, ipsec_check_esp_aes_cbc_128_null), /* test 1, 5, 6, 8 -- 11 -- ESN */ /* test 7 -- invalid, plaintext packet includes trl into IP length */ - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_2_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_2_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_3_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_3_esp, ipsec_check_esp_aes_gcm_256), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_4_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_4_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_12_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_12_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_15_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_15_esp, ipsec_check_esp_null_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun_notun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4_notun, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_null, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_ctr_null, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_ctr_null, ipsec_check_esp_aes_ctr_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_lookup, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_lookup, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_noreplay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_replay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_noreplay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_noreplay, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_replay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_replay, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_esp_pkt, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_ah_pkt, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_esp_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_esp_pkt_lookup, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_ah_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_ah_pkt_lookup, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad1, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_bad1, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad2, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_bad2, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_bad1, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_bad1, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_aes_gmac_128, ipsec_check_ah_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 7d4ea4a73..757b90059 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -10,7 +10,7 @@ #include "test_vectors.h" -static void test_out_ah_sha256(void) +static void test_out_ipv4_ah_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -26,12 +26,12 @@ static void test_out_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, }, }; @@ -45,7 +45,7 @@ static void test_out_ah_sha256(void) (c << 8) | \ (d << 0)) -static void test_out_ah_sha256_tun(void) +static void test_out_ipv4_ah_sha256_tun_ipv4(void) { uint32_t src = IPV4ADDR(10, 0, 111, 2); uint32_t dst = IPV4ADDR(10, 0, 222, 2); @@ -69,12 +69,12 @@ static void test_out_ah_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_tun_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1 }, }, }; @@ -83,7 +83,7 @@ static void test_out_ah_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256_out(void) +static void test_out_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -99,12 +99,12 @@ static void test_out_esp_null_sha256_out(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_null_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, }, }; @@ -113,7 +113,7 @@ static void test_out_esp_null_sha256_out(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256_tun_out(void) +static void test_out_ipv4_esp_null_sha256_tun_ipv4(void) { uint32_t src = IPV4ADDR(10, 0, 111, 2); uint32_t dst = IPV4ADDR(10, 0, 222, 2); @@ -137,12 +137,13 @@ static void test_out_esp_null_sha256_tun_out(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_tun_null_sha256_1 }, + .pkt_out = + &pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1 }, }, }; @@ -151,49 +152,7 @@ static void test_out_esp_null_sha256_tun_out(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256(void) -{ - odp_ipsec_sa_param_t param; - odp_ipsec_sa_t sa; - odp_ipsec_sa_t sa2; - - ipsec_sa_param_fill(¶m, - false, false, 123, NULL, - ODP_CIPHER_ALG_NULL, NULL, - ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, - NULL); - - sa = odp_ipsec_sa_create(¶m); - - CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); - - ipsec_sa_param_fill(¶m, - true, false, 123, NULL, - ODP_CIPHER_ALG_NULL, NULL, - ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, - NULL); - - sa2 = odp_ipsec_sa_create(¶m); - - CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); - - ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, - .out_pkt = 1, - .out = { - { .status.warn.all = 0, - .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, - }, - }; - - ipsec_check_out_in_one(&test, sa, sa2); - - ipsec_sa_destroy(sa2); - ipsec_sa_destroy(sa); -} - -static void test_out_esp_aes_cbc_null(void) +static void test_out_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -220,12 +179,12 @@ static void test_out_esp_aes_cbc_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -235,7 +194,7 @@ static void test_out_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_cbc_sha256(void) +static void test_out_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -262,12 +221,12 @@ static void test_out_esp_aes_cbc_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -277,7 +236,7 @@ static void test_out_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_ctr_null(void) +static void test_out_ipv4_esp_aes_ctr_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -304,12 +263,12 @@ static void test_out_esp_aes_ctr_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -319,7 +278,7 @@ static void test_out_esp_aes_ctr_null(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_gcm128(void) +static void test_out_ipv4_esp_aes_gcm128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -346,12 +305,12 @@ static void test_out_esp_aes_gcm128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -361,7 +320,7 @@ static void test_out_esp_aes_gcm128(void) ipsec_sa_destroy(sa); } -static void test_out_ah_aes_gmac_128(void) +static void test_out_ipv4_ah_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -377,12 +336,12 @@ static void test_out_ah_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_aes_gmac_128_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_aes_gmac_128_1 }, }, }; @@ -391,7 +350,7 @@ static void test_out_ah_aes_gmac_128(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_aes_gmac_128(void) +static void test_out_ipv4_esp_null_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -407,12 +366,12 @@ static void test_out_esp_null_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_null_aes_gmac_128_1 }, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1 }, }, }; @@ -430,27 +389,25 @@ static void ipsec_test_capability(void) odp_testinfo_t ipsec_out_suite[] = { ODP_TEST_INFO(ipsec_test_capability), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_out, - ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_tun_out, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_null, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_ctr_null, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_ctr_null, ipsec_check_esp_aes_ctr_128_null), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_gcm128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_gcm128, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_aes_gmac_128, ipsec_check_ah_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 7fb7d5a84..51aa97ccb 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -49,7 +49,7 @@ KEY(key_mcgrew_gcm_15, 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda, 0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34); KEY(key_mcgrew_gcm_salt_15, 0x22, 0x43, 0x3c, 0x64); -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0 = { .len = 142, .l2_offset = 0, .l3_offset = 14, @@ -82,7 +82,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ipip = { .len = 162, .l2_offset = 0, .l3_offset = 14, @@ -120,7 +120,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -159,7 +159,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1 = { .len = 190, .l2_offset = 0, .l3_offset = 14, @@ -203,7 +204,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad1 = { .len = 168, .l2_offset = 0, .l3_offset = 14, @@ -242,7 +243,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad2 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -281,7 +282,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1235 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -325,7 +326,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -368,7 +369,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1 = { .len = 190, .l2_offset = 0, .l3_offset = 14, @@ -416,7 +418,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -459,7 +462,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_sha256_1235 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -502,7 +506,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_aes_cbc_null_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -542,7 +546,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_aes_cbc_sha256_1 = { .len = 186, .l2_offset = 0, .l3_offset = 14, @@ -586,7 +591,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_aes_ctr_null_1 = { .len = 162, .l2_offset = 0, .l3_offset = 14, @@ -625,7 +630,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_aes_gmac_128_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_aes_gmac_128_1 = { .len = 178, .l2_offset = 0, .l3_offset = 14, @@ -665,7 +670,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_aes_gmac_128_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_aes_gmac_128_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1 = { .len = 178, .l2_offset = 0, .l3_offset = 14, From patchwork Tue Dec 12 17:00:33 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121577 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4383073qgn; Tue, 12 Dec 2017 09:09:06 -0800 (PST) X-Google-Smtp-Source: ACJfBosFxsdP/Zr2yeyALqSO4WH57h17IrQKx/227kk4aOhzS78QaEThnRISgKDeajqBIjvFDGUw X-Received: by 10.237.37.85 with SMTP id w21mr6593141qtc.268.1513098546728; Tue, 12 Dec 2017 09:09:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513098546; cv=none; d=google.com; s=arc-20160816; b=qT+H/jgAIUWX+ZzcAPykDzjiCjq5P5QKu7rev3LbxfBuBJMmjIiUeJpaT0cAN/MaRW bUbD33CX/feJlNayXPb0Tgg2/M2qViimzJ4frQRUeB61H2qn+ugBeHHBe1QUScFS2jkX V7dHpXO4dAHqMi6fB8M3pcH7sQuhTLEtCELIQUKMHysAGSWgQI8fpkzF55nkJUXOefCH U8rIYF7qn2nX8KmvdPSfcCBodBF07j1futJchfFYGF9F1I7XmOorgR4KM/tqTCqm7u7/ dFlPURdVzXlVXs293WjoW8lNoUbzSYDgWDrySkIeRyiSwLZlduYuMTGFjSNDzBsbexjY PQ3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=dBLfq6olMxedgReP2YeIQLeRyr+XBeIREMx5pZDhPUQ=; b=nETpZVIPBiLi9YusQz9wCnrgTSWQCN/sJf0O+I6XhSIOXrZ7U5soXoOMMdJvpi4Gaq NI/BgB3UtCApR80irlgj6P9LNEBe39Kwm00J+Aqge5lpTfdZkgp/Wy6nfLIK+uHTnHtS 1JMIArCW8DD0OL7Iahr8hs5CrdrtjQvRZrFfBcgkrKSmlSFf4tAyQ2l/PNrcyp84zbQo ucgdxNbDfvBNGjXYBSCiUQJXYYNpMPLL/kJZH7+7T3hR2rJ88iA7nWQ79fLAnXH0Cdqs /HnIq1zvHCtwB4pJOjVS5nadw+nwDT898fnlEaze2XXAyaQXW686AtCJJOMOfdWp55WU RCyA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id b185si2185698qkf.373.2017.12.12.09.09.06; Tue, 12 Dec 2017 09:09:06 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 4D6EF608F7; Tue, 12 Dec 2017 17:09:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id F016560928; Tue, 12 Dec 2017 17:01:58 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 0C0C1608F2; Tue, 12 Dec 2017 17:01:29 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id E845560655 for ; Tue, 12 Dec 2017 17:00:51 +0000 (UTC) Received: from mxback17j.mail.yandex.net (mxback17j.mail.yandex.net [IPv6:2a02:6b8:0:1619::93]) by forward106j.mail.yandex.net (Yandex) with ESMTP id E23D518039A0 for ; Tue, 12 Dec 2017 20:00:50 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback17j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id t3zdnzvcaM-0oGumCNA; Tue, 12 Dec 2017 20:00:50 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-0n9iq3vZ; Tue, 12 Dec 2017 20:00:49 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:33 +0300 Message-Id: <1513098047-19804-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 2/16] linux-gen: modularize IPsec implementation X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov To ease adding IPv6/IPcomp/etc modularize IPsec implementation, refactoring out functions handling ESP/AH and header parsing/tunneling. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ platform/linux-generic/odp_ipsec.c | 1089 ++++++++++++++++++++---------------- 1 file changed, 597 insertions(+), 492 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 8735e6052..2b9de5771 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -123,8 +123,8 @@ static inline int _odp_ipv4_csum(odp_packet_t pkt, return 0; } -/** @internal Checksum offset in IPv4 header */ -#define _ODP_IPV4HDR_CSUM_OFFSET 10 +#define _ODP_IPV4HDR_CSUM_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, chksum) +#define _ODP_IPV4HDR_PROTO_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, proto) /** * Calculate and fill in IPv4 checksum @@ -158,7 +158,7 @@ static inline int _odp_ipv4_csum_update(odp_packet_t pkt) 2, &chksum); } -#define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL(ip->ver_ihl) * 4) +#define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL((ip)->ver_ihl) * 4) static inline void ipv4_adjust_len(_odp_ipv4hdr_t *ip, int adj) { @@ -218,200 +218,310 @@ static inline odp_pktio_parser_layer_t parse_layer(odp_ipsec_proto_layer_t l) return ODP_PKTIO_PARSER_LAYER_NONE; } -static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, - odp_ipsec_sa_t sa, - odp_packet_t *pkt_out, - odp_ipsec_op_status_t *status) -{ - ipsec_sa_t *ipsec_sa = NULL; - uint32_t ip_offset = odp_packet_l3_offset(pkt); - _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); - uint16_t ip_hdr_len = ipv4_hdr_len(ip); - odp_crypto_packet_op_param_t param; - int rc; +typedef struct { + _odp_ipv4hdr_t *ip; unsigned stats_length; - uint16_t ipsec_offset; /**< Offset of IPsec header from - buffer start */ - uint8_t iv[IPSEC_MAX_IV_LEN]; /**< ESP IV storage */ - ipsec_aad_t aad; /**< AAD, note ESN is not fully supported */ - unsigned hdr_len; /**< Length of IPsec headers */ - unsigned trl_len; /**< Length of IPsec trailers */ - uint8_t ip_tos; /**< Saved IP TOS value */ - uint8_t ip_ttl; /**< Saved IP TTL value */ - uint16_t ip_frag_offset; /**< Saved IP flags value */ - odp_crypto_packet_result_t crypto; /**< Crypto operation result */ - odp_packet_hdr_t *pkt_hdr; + uint16_t ip_offset; + uint16_t ip_hdr_len; + uint16_t ip_tot_len; + union { + struct { + uint16_t ip_df; + uint8_t ip_tos; + } out_tunnel; + struct { + uint16_t hdr_len; + uint16_t trl_len; + } in; + }; + union { + struct { + uint8_t tos; + uint8_t ttl; + uint16_t frag_offset; + } ah_ipv4; + }; + ipsec_aad_t aad; + uint8_t iv[IPSEC_MAX_IV_LEN]; +} ipsec_state_t; + +static int ipsec_parse_ipv4(ipsec_state_t *state) +{ + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(state->ip->frag_offset))) + return -1; - ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); - ODP_ASSERT(NULL != ip); + state->ip_hdr_len = ipv4_hdr_len(state->ip); + state->ip_tot_len = odp_be_to_cpu_16(state->ip->tot_len); - ip_tos = 0; - ip_ttl = 0; - ip_frag_offset = 0; + return 0; +} - /* Initialize parameters block */ - memset(¶m, 0, sizeof(param)); +static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, + odp_ipsec_protocol_t proto, + uint32_t spi, + void *dst_addr, + odp_ipsec_op_status_t *status) +{ + ipsec_sa_t *ipsec_sa; + + if (ODP_IPSEC_SA_INVALID == sa) { + ipsec_sa_lookup_t lookup; + + lookup.proto = proto; + lookup.spi = spi; + lookup.dst_addr = dst_addr; + + ipsec_sa = _odp_ipsec_sa_lookup(&lookup); + if (NULL == ipsec_sa) { + status->error.sa_lookup = 1; + return NULL; + } + } else { + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); + if (ipsec_sa->proto != proto || + ipsec_sa->spi != spi) { + status->error.proto = 1; + return ipsec_sa; + } + } + + return ipsec_sa; +} - ipsec_offset = ip_offset + ip_hdr_len; +static int ipsec_in_iv(odp_packet_t pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + uint16_t iv_offset) +{ + memcpy(state->iv, ipsec_sa->salt, ipsec_sa->salt_length); + if (odp_packet_copy_to_mem(pkt, + iv_offset, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length) < 0) + return -1; - if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + if (ipsec_sa->aes_ctr_iv) { + state->iv[12] = 0; + state->iv[13] = 0; + state->iv[14] = 0; + state->iv[15] = 1; + } + + return 0; +} + +static int ipsec_in_esp(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t **_ipsec_sa, + odp_ipsec_sa_t sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_esphdr_t esp; + uint16_t ipsec_offset; + ipsec_sa_t *ipsec_sa; + + ipsec_offset = state->ip_offset + state->ip_hdr_len; + + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, + sizeof(esp), &esp) < 0) { status->error.alg = 1; - goto err; + return -1; } - if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { - status->error.proto = 1; - goto err; + ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_ESP, + odp_be_to_cpu_32(esp.spi), + &state->ip->dst_addr, status); + *_ipsec_sa = ipsec_sa; + if (status->error.all) + return -1; + + if (ipsec_in_iv(*pkt, state, ipsec_sa, + ipsec_offset + _ODP_ESPHDR_LEN) < 0) { + status->error.alg = 1; + return -1; } - /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == ip->proto) { - _odp_esphdr_t esp; + state->in.hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; + state->in.trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(esp), &esp) < 0) { - status->error.alg = 1; - goto err; - } + param->cipher_range.offset = ipsec_offset + state->in.hdr_len; + param->cipher_range.length = state->ip_tot_len - + state->ip_hdr_len - + state->in.hdr_len - + ipsec_sa->icv_len; + param->override_iv_ptr = state->iv; - if (ODP_IPSEC_SA_INVALID == sa) { - ipsec_sa_lookup_t lookup; + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; - lookup.proto = ODP_IPSEC_ESP; - lookup.spi = odp_be_to_cpu_32(esp.spi); - lookup.dst_addr = &ip->dst_addr; + param->aad.ptr = (uint8_t *)&state->aad; - ipsec_sa = _odp_ipsec_sa_lookup(&lookup); - if (NULL == ipsec_sa) { - status->error.sa_lookup = 1; - goto err; - } - } else { - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); - if (ipsec_sa->proto != ODP_IPSEC_ESP || - ipsec_sa->spi != odp_be_to_cpu_32(esp.spi)) { - status->error.proto = 1; - goto err; - } - } + param->auth_range.offset = ipsec_offset; + param->auth_range.length = state->ip_tot_len - + state->ip_hdr_len - + ipsec_sa->icv_len; + param->hash_result_offset = state->ip_offset + + state->ip_tot_len - + ipsec_sa->icv_len; - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - if (odp_packet_copy_to_mem(pkt, - ipsec_offset + _ODP_ESPHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length) < 0) { - status->error.alg = 1; - goto err; - } + state->stats_length = param->cipher_range.length; - if (ipsec_sa->aes_ctr_iv) { - iv[12] = 0; - iv[13] = 0; - iv[14] = 0; - iv[15] = 1; - } + return 0; +} - hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; - trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; +static int ipsec_in_esp_post(odp_packet_t pkt, + ipsec_state_t *state) +{ + _odp_esptrl_t esptrl; + uint32_t esptrl_offset = state->ip_offset + + state->ip_tot_len - + state->in.trl_len; + + if (odp_packet_copy_to_mem(pkt, esptrl_offset, + sizeof(esptrl), &esptrl) < 0 || + state->ip_offset + esptrl.pad_len > esptrl_offset || + _odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, + ipsec_padding, esptrl.pad_len) != 0) + return -1; - param.cipher_range.offset = ipsec_offset + hdr_len; - param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - hdr_len - - ipsec_sa->icv_len; - param.override_iv_ptr = iv; + state->ip->proto = esptrl.next_header; + state->in.trl_len += esptrl.pad_len; - aad.spi = esp.spi; - aad.seq_no = esp.seq_no; + return 0; +} - param.aad.ptr = (uint8_t *)&aad; +static int ipsec_in_ah(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t **_ipsec_sa, + odp_ipsec_sa_t sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_ahhdr_t ah; + uint16_t ipsec_offset; + ipsec_sa_t *ipsec_sa; - param.auth_range.offset = ipsec_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - ipsec_sa->icv_len; - param.hash_result_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - ipsec_sa->icv_len; + ipsec_offset = state->ip_offset + state->ip_hdr_len; - stats_length = param.cipher_range.length; - } else if (_ODP_IPPROTO_AH == ip->proto) { - _odp_ahhdr_t ah; + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, + sizeof(ah), &ah) < 0) { + status->error.alg = 1; + return -1; + } - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(ah), &ah) < 0) { - status->error.alg = 1; - goto err; - } + ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_AH, + odp_be_to_cpu_32(ah.spi), + &state->ip->dst_addr, status); + *_ipsec_sa = ipsec_sa; + if (status->error.all) + return -1; - if (ODP_IPSEC_SA_INVALID == sa) { - ipsec_sa_lookup_t lookup; + if (ipsec_in_iv(*pkt, state, ipsec_sa, + ipsec_offset + _ODP_AHHDR_LEN) < 0) { + status->error.alg = 1; + return -1; + } - lookup.proto = ODP_IPSEC_AH; - lookup.spi = odp_be_to_cpu_32(ah.spi); - lookup.dst_addr = &ip->dst_addr; + param->override_iv_ptr = state->iv; - ipsec_sa = _odp_ipsec_sa_lookup(&lookup); - if (NULL == ipsec_sa) { - status->error.sa_lookup = 1; - goto err; - } - } else { - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); - if (ipsec_sa->proto != ODP_IPSEC_AH || - ipsec_sa->spi != odp_be_to_cpu_32(ah.spi)) { - status->error.proto = 1; - goto err; - } - } + state->in.hdr_len = (ah.ah_len + 2) * 4; + state->in.trl_len = 0; - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - if (odp_packet_copy_to_mem(pkt, - ipsec_offset + _ODP_AHHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length) < 0) { - status->error.alg = 1; - goto err; - } - param.override_iv_ptr = iv; + /* Save everything to context */ + state->ah_ipv4.tos = state->ip->tos; + state->ah_ipv4.frag_offset = state->ip->frag_offset; + state->ah_ipv4.ttl = state->ip->ttl; + + /* FIXME: zero copy of header, passing it to crypto! */ + /* + * If authenticating, zero the mutable fields build the request + */ + state->ip->chksum = 0; + state->ip->tos = 0; + state->ip->frag_offset = 0; + state->ip->ttl = 0; - hdr_len = (ah.ah_len + 2) * 4; - trl_len = 0; + state->aad.spi = ah.spi; + state->aad.seq_no = ah.seq_no; - /* Save everything to context */ - ip_tos = ip->tos; - ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); - ip_ttl = ip->ttl; + param->aad.ptr = (uint8_t *)&state->aad; - /* FIXME: zero copy of header, passing it to crypto! */ - /* - * If authenticating, zero the mutable fields build the request - */ - ip->chksum = 0; - ip->tos = 0; - ip->frag_offset = 0; - ip->ttl = 0; + param->auth_range.offset = state->ip_offset; + param->auth_range.length = state->ip_tot_len; + param->hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len; - aad.spi = ah.spi; - aad.seq_no = ah.seq_no; + state->stats_length = param->auth_range.length; - param.aad.ptr = (uint8_t *)&aad; + return 0; +} + +static int ipsec_in_ah_post(odp_packet_t pkt, + ipsec_state_t *state) +{ + _odp_ahhdr_t ah; + uint16_t ipsec_offset; - param.auth_range.offset = ip_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); - param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len; + ipsec_offset = state->ip_offset + state->ip_hdr_len; - stats_length = param.auth_range.length; + if (odp_packet_copy_to_mem(pkt, ipsec_offset, + sizeof(ah), &ah) < 0) + return -1; + + state->ip->proto = ah.next_header; + + /* Restore mutable fields */ + state->ip->ttl = state->ah_ipv4.ttl; + state->ip->tos = state->ah_ipv4.tos; + state->ip->frag_offset = state->ah_ipv4.frag_offset; + + return 0; +} + +static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, + odp_ipsec_sa_t sa, + odp_packet_t *pkt_out, + odp_ipsec_op_status_t *status) +{ + ipsec_state_t state; + ipsec_sa_t *ipsec_sa = NULL; + odp_crypto_packet_op_param_t param; + int rc; + odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; + + state.ip_offset = odp_packet_l3_offset(pkt); + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); + + state.ip = odp_packet_l3_ptr(pkt, NULL); + ODP_ASSERT(NULL != state.ip); + + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); + + rc = ipsec_parse_ipv4(&state); + if (rc < 0 || + state.ip_tot_len + state.ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + + /* Check IP header for IPSec protocols and look it up */ + if (_ODP_IPPROTO_ESP == state.ip->proto) { + rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); + } else if (_ODP_IPPROTO_AH == state.ip->proto) { + rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else { status->error.proto = 1; goto err; } + if (rc < 0) + goto err; if (_odp_ipsec_sa_replay_precheck(ipsec_sa, - odp_be_to_cpu_32(aad.seq_no), + odp_be_to_cpu_32(state.aad.seq_no), status) < 0) goto err; @@ -450,70 +560,30 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; } - if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + if (_odp_ipsec_sa_stats_update(ipsec_sa, + state.stats_length, + status) < 0) goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, - odp_be_to_cpu_32(aad.seq_no), + odp_be_to_cpu_32(state.aad.seq_no), status) < 0) goto err; - ip_offset = odp_packet_l3_offset(pkt); - ip = odp_packet_l3_ptr(pkt, NULL); - ip_hdr_len = ipv4_hdr_len(ip); - - if (_ODP_IPPROTO_ESP == ip->proto) { - /* - * Finish cipher by finding ESP trailer and processing - */ - _odp_esptrl_t esptrl; - uint32_t esptrl_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - trl_len; - - if (odp_packet_copy_to_mem(pkt, esptrl_offset, - sizeof(esptrl), &esptrl) < 0) { - status->error.proto = 1; - goto err; - } - - if (ip_offset + esptrl.pad_len > esptrl_offset) { - status->error.proto = 1; - goto err; - } - - if (_odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, - ipsec_padding, esptrl.pad_len) != 0) { - status->error.proto = 1; - goto err; - } + state.ip = odp_packet_l3_ptr(pkt, NULL); - ip->proto = esptrl.next_header; - trl_len += esptrl.pad_len; - } else if (_ODP_IPPROTO_AH == ip->proto) { - /* - * Finish auth - */ - _odp_ahhdr_t ah; - - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(ah), &ah) < 0) { - status->error.alg = 1; - goto err; - } - - ip->proto = ah.next_header; - - /* Restore mutable fields */ - ip->ttl = ip_ttl; - ip->tos = ip_tos; - ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); - } else { + if (ODP_IPSEC_ESP == ipsec_sa->proto) + rc = ipsec_in_esp_post(pkt, &state); + else if (ODP_IPSEC_AH == ipsec_sa->proto) + rc = ipsec_in_ah_post(pkt, &state); + else + rc = -1; + if (rc < 0) { status->error.proto = 1; goto err; } - if (odp_packet_trunc_tail(&pkt, trl_len, NULL, NULL) < 0) { + if (odp_packet_trunc_tail(&pkt, state.in.trl_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } @@ -521,32 +591,36 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { /* We have a tunneled IPv4 packet, strip outer and IPsec * headers */ - odp_packet_move_data(pkt, ip_hdr_len + hdr_len, 0, - ip_offset); - if (odp_packet_trunc_head(&pkt, ip_hdr_len + hdr_len, + odp_packet_move_data(pkt, state.ip_hdr_len + state.in.hdr_len, + 0, + state.ip_offset); + if (odp_packet_trunc_head(&pkt, state.ip_hdr_len + + state.in.hdr_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } + + if (odp_packet_len(pkt) > sizeof(*state.ip)) { + state.ip = odp_packet_l3_ptr(pkt, NULL); + state.ip->ttl -= ipsec_sa->dec_ttl; + _odp_ipv4_csum_update(pkt); + } } else { - odp_packet_move_data(pkt, hdr_len, 0, - ip_offset + ip_hdr_len); - if (odp_packet_trunc_head(&pkt, hdr_len, + odp_packet_move_data(pkt, state.in.hdr_len, 0, + state.ip_offset + state.ip_hdr_len); + if (odp_packet_trunc_head(&pkt, state.in.hdr_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } - } - - /* Finalize the IPv4 header */ - if (odp_packet_len(pkt) > sizeof(*ip)) { - ip = odp_packet_l3_ptr(pkt, NULL); - - if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) - ipv4_adjust_len(ip, -(hdr_len + trl_len)); - ip->ttl -= ipsec_sa->dec_ttl; - _odp_ipv4_csum_update(pkt); + if (odp_packet_len(pkt) > sizeof(*state.ip)) { + state.ip = odp_packet_l3_ptr(pkt, NULL); + ipv4_adjust_len(state.ip, + -(state.in.hdr_len + state.in.trl_len)); + _odp_ipv4_csum_update(pkt); + } } pkt_hdr = odp_packet_hdr(pkt); @@ -554,7 +628,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, packet_parse_reset(pkt_hdr); packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - ip_offset, _ODP_ETHTYPE_IPV4); + state.ip_offset, _ODP_ETHTYPE_IPV4); *pkt_out = pkt; @@ -577,317 +651,353 @@ uint32_t ipsec_seq_no(ipsec_sa_t *ipsec_sa) } /* Helper for calculating encode length using data length and block size */ -#define ESP_ENCODE_LEN(x, b) ((((x) + ((b) - 1)) / (b)) * (b)) +#define IPSEC_PAD_LEN(x, b) ((((x) + ((b) - 1)) / (b)) * (b)) -static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, - odp_ipsec_sa_t sa, - odp_packet_t *pkt_out, - const odp_ipsec_out_opt_t *opt ODP_UNUSED, - odp_ipsec_op_status_t *status) +static int ipsec_out_tunnel_parse_ipv4(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) { - ipsec_sa_t *ipsec_sa = NULL; - uint32_t ip_offset = odp_packet_l3_offset(pkt); - _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); - uint16_t ip_hdr_len = ipv4_hdr_len(ip); - odp_crypto_packet_op_param_t param; - unsigned stats_length; - int rc; - uint16_t ipsec_offset; /**< Offset of IPsec header from - buffer start */ - uint8_t iv[IPSEC_MAX_IV_LEN]; /**< ESP IV storage */ - ipsec_aad_t aad; /**< AAD, note ESN is not fully supported */ - unsigned hdr_len; /**< Length of IPsec headers */ - unsigned trl_len; /**< Length of IPsec trailers */ - uint8_t ip_tos; /**< Saved IP TOS value */ - uint8_t ip_ttl; /**< Saved IP TTL value */ - uint16_t ip_frag_offset; /**< Saved IP flags value */ - odp_crypto_packet_result_t crypto; /**< Crypto operation result */ - odp_packet_hdr_t *pkt_hdr; + _odp_ipv4hdr_t *ipv4hdr = state->ip; + uint16_t flags = odp_be_to_cpu_16(ipv4hdr->frag_offset); - ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); - ODP_ASSERT(NULL != ip); + ipv4hdr->ttl -= ipsec_sa->dec_ttl; + state->out_tunnel.ip_tos = ipv4hdr->tos; + state->out_tunnel.ip_df = _ODP_IPV4HDR_FLAGS_DONT_FRAG(flags); - ip_tos = 0; - ip_ttl = 0; - ip_frag_offset = 0; + return 0; +} - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); +static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv4hdr_t out_ip; + uint16_t flags; + + out_ip.ver_ihl = 0x45; + if (ipsec_sa->copy_dscp) + out_ip.tos = state->out_tunnel.ip_tos; + else + out_ip.tos = (state->out_tunnel.ip_tos & + ~_ODP_IP_TOS_DSCP_MASK) | + (ipsec_sa->out.tun_dscp << + _ODP_IP_TOS_DSCP_SHIFT); + state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; + state->ip_tot_len += _ODP_IPV4HDR_LEN; + + out_ip.tot_len = odp_cpu_to_be_16(state->ip_tot_len); + /* No need to convert to BE: ID just should not be duplicated */ + out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, + 1); + if (ipsec_sa->copy_df) + flags = state->out_tunnel.ip_df; + else + flags = ((uint16_t)ipsec_sa->out.tun_df) << 14; + out_ip.frag_offset = odp_cpu_to_be_16(flags); + out_ip.ttl = ipsec_sa->out.tun_ttl; + out_ip.proto = _ODP_IPPROTO_IPIP; + /* Will be filled later by packet checksum update */ + out_ip.chksum = 0; + out_ip.src_addr = ipsec_sa->out.tun_src_ip; + out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; + + if (odp_packet_extend_head(pkt, _ODP_IPV4HDR_LEN, + NULL, NULL) < 0) + return -1; - /* Initialize parameters block */ - memset(¶m, 0, sizeof(param)); + odp_packet_move_data(*pkt, 0, _ODP_IPV4HDR_LEN, state->ip_offset); - if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode && - _ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { - status->error.alg = 1; - goto err; - } + odp_packet_copy_from_mem(*pkt, state->ip_offset, + _ODP_IPV4HDR_LEN, &out_ip); - if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { - status->error.alg = 1; - goto err; - } + odp_packet_l4_offset_set(*pkt, state->ip_offset + _ODP_IPV4HDR_LEN); - if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { - _odp_ipv4hdr_t out_ip; - uint16_t tot_len; + state->ip = odp_packet_l3_ptr(*pkt, NULL); + state->ip_hdr_len = _ODP_IPV4HDR_LEN; - ip->ttl -= ipsec_sa->dec_ttl; + return 0; +} - out_ip.ver_ihl = 0x45; - if (ipsec_sa->copy_dscp) - out_ip.tos = ip->tos; - else - out_ip.tos = (ip->tos & ~_ODP_IP_TOS_DSCP_MASK) | - (ipsec_sa->out.tun_dscp << - _ODP_IP_TOS_DSCP_SHIFT); - tot_len = odp_be_to_cpu_16(ip->tot_len) + _ODP_IPV4HDR_LEN; - out_ip.tot_len = odp_cpu_to_be_16(tot_len); - /* No need to convert to BE: ID just should not be duplicated */ - out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, - 1); - if (ipsec_sa->copy_df) - out_ip.frag_offset = ip->frag_offset & 0x4000; - else - out_ip.frag_offset = - ((uint16_t)ipsec_sa->out.tun_df) << 14; - out_ip.ttl = ipsec_sa->out.tun_ttl; - out_ip.proto = _ODP_IPV4; - /* Will be filled later by packet checksum update */ - out_ip.chksum = 0; - out_ip.src_addr = ipsec_sa->out.tun_src_ip; - out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; - - if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, - NULL, NULL) < 0) { - status->error.alg = 1; - goto err; +static int ipsec_out_iv(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + return -1; + + memcpy(state->iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(state->iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + if (ipsec_sa->aes_ctr_iv) { + state->iv[12] = 0; + state->iv[13] = 0; + state->iv[14] = 0; + state->iv[15] = 1; } + } else if (ipsec_sa->esp_iv_len) { + uint32_t len; - odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); + len = odp_random_data(state->iv, ipsec_sa->esp_iv_len, + ODP_RANDOM_CRYPTO); - odp_packet_copy_from_mem(pkt, ip_offset, - _ODP_IPV4HDR_LEN, &out_ip); + if (len != ipsec_sa->esp_iv_len) + return -1; + } - odp_packet_l4_offset_set(pkt, ip_offset + _ODP_IPV4HDR_LEN); + return 0; +} - ip = odp_packet_l3_ptr(pkt, NULL); - ip_hdr_len = _ODP_IPV4HDR_LEN; +static int ipsec_out_esp(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_esphdr_t esp; + _odp_esptrl_t esptrl; + uint32_t encrypt_len; + uint16_t ip_data_len = state->ip_tot_len - + state->ip_hdr_len; + uint32_t pad_block = ipsec_sa->esp_block_len; + uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; + unsigned hdr_len; + unsigned trl_len; + + /* ESP trailer should be 32-bit right aligned */ + if (pad_block < 4) + pad_block = 4; + + encrypt_len = IPSEC_PAD_LEN(ip_data_len + _ODP_ESPTRL_LEN, + pad_block); + + hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; + trl_len = encrypt_len - + ip_data_len + + ipsec_sa->icv_len; + + if (ipsec_out_iv(state, ipsec_sa) < 0) { + status->error.alg = 1; + return -1; } - ipsec_offset = ip_offset + ip_hdr_len; + param->override_iv_ptr = state->iv; - if (ipsec_sa->proto == ODP_IPSEC_ESP) { - _odp_esphdr_t esp; - _odp_esptrl_t esptrl; - uint32_t encrypt_len; - uint16_t ip_data_len = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len; - uint32_t pad_block = ipsec_sa->esp_block_len; + if (odp_packet_extend_tail(pkt, trl_len, NULL, NULL) < 0 || + odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } - /* ESP trailer should be 32-bit right aligned */ - if (pad_block < 4) - pad_block = 4; + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); + + state->ip = odp_packet_l3_ptr(*pkt, NULL); + + /* Set IPv4 length before authentication */ + ipv4_adjust_len(state->ip, hdr_len + trl_len); + state->ip_tot_len += hdr_len + trl_len; + + uint32_t esptrl_offset = state->ip_offset + + state->ip_hdr_len + + hdr_len + + encrypt_len - + _ODP_ESPTRL_LEN; + + memset(&esp, 0, sizeof(esp)); + esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); + esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; + + param->aad.ptr = (uint8_t *)&state->aad; + + memset(&esptrl, 0, sizeof(esptrl)); + esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; + esptrl.next_header = state->ip->proto; + state->ip->proto = _ODP_IPPROTO_ESP; + + odp_packet_copy_from_mem(*pkt, + ipsec_offset, _ODP_ESPHDR_LEN, + &esp); + odp_packet_copy_from_mem(*pkt, + ipsec_offset + _ODP_ESPHDR_LEN, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length); + odp_packet_copy_from_mem(*pkt, + esptrl_offset - esptrl.pad_len, + esptrl.pad_len, ipsec_padding); + odp_packet_copy_from_mem(*pkt, + esptrl_offset, _ODP_ESPTRL_LEN, + &esptrl); + + param->cipher_range.offset = ipsec_offset + hdr_len; + param->cipher_range.length = state->ip_tot_len - + state->ip_hdr_len - + hdr_len - + ipsec_sa->icv_len; + + param->auth_range.offset = ipsec_offset; + param->auth_range.length = state->ip_tot_len - + state->ip_hdr_len - + ipsec_sa->icv_len; + param->hash_result_offset = state->ip_offset + + state->ip_tot_len - + ipsec_sa->icv_len; + + state->stats_length = param->cipher_range.length; - encrypt_len = ESP_ENCODE_LEN(ip_data_len + _ODP_ESPTRL_LEN, - pad_block); + return 0; +} - hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; - trl_len = encrypt_len - - ip_data_len + - ipsec_sa->icv_len; +static int ipsec_out_ah(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_ahhdr_t ah; + unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + + ipsec_sa->icv_len; + uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; - if (ipsec_sa->use_counter_iv) { - uint64_t ctr; + /* Save IPv4 stuff */ + state->ah_ipv4.tos = state->ip->tos; + state->ah_ipv4.frag_offset = state->ip->frag_offset; + state->ah_ipv4.ttl = state->ip->ttl; - /* Both GCM and CTR use 8-bit counters */ - ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } - ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, - 1); - /* Check for overrun */ - if (ctr == 0) - goto err; + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - memcpy(iv + ipsec_sa->salt_length, &ctr, - ipsec_sa->esp_iv_len); + state->ip = odp_packet_l3_ptr(*pkt, NULL); - if (ipsec_sa->aes_ctr_iv) { - iv[12] = 0; - iv[13] = 0; - iv[14] = 0; - iv[15] = 1; - } - } else if (ipsec_sa->esp_iv_len) { - uint32_t len; + /* Set IPv4 length before authentication */ + ipv4_adjust_len(state->ip, hdr_len); + state->ip_tot_len += hdr_len; - len = odp_random_data(iv, ipsec_sa->esp_iv_len, - ODP_RANDOM_CRYPTO); + memset(&ah, 0, sizeof(ah)); + ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); + ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; + ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + ah.next_header = state->ip->proto; + state->ip->proto = _ODP_IPPROTO_AH; - if (len != ipsec_sa->esp_iv_len) { - status->error.alg = 1; - goto err; - } - } + state->aad.spi = ah.spi; + state->aad.seq_no = ah.seq_no; - param.override_iv_ptr = iv; + param->aad.ptr = (uint8_t *)&state->aad; - if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + /* For GMAC */ + if (ipsec_out_iv(state, ipsec_sa) < 0) { + status->error.alg = 1; + return -1; + } - if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + param->override_iv_ptr = state->iv; - odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); - - ip = odp_packet_l3_ptr(pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(ip, hdr_len + trl_len); - - uint32_t esptrl_offset = ip_offset + - ip_hdr_len + - hdr_len + - encrypt_len - - _ODP_ESPTRL_LEN; - - memset(&esp, 0, sizeof(esp)); - esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); - esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - - aad.spi = esp.spi; - aad.seq_no = esp.seq_no; - - param.aad.ptr = (uint8_t *)&aad; - - memset(&esptrl, 0, sizeof(esptrl)); - esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; - esptrl.next_header = ip->proto; - ip->proto = _ODP_IPPROTO_ESP; - - odp_packet_copy_from_mem(pkt, - ipsec_offset, _ODP_ESPHDR_LEN, - &esp); - odp_packet_copy_from_mem(pkt, - ipsec_offset + _ODP_ESPHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length); - odp_packet_copy_from_mem(pkt, - esptrl_offset - esptrl.pad_len, - esptrl.pad_len, ipsec_padding); - odp_packet_copy_from_mem(pkt, - esptrl_offset, _ODP_ESPTRL_LEN, - &esptrl); - - param.cipher_range.offset = ipsec_offset + hdr_len; - param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - hdr_len - - ipsec_sa->icv_len; - - param.auth_range.offset = ipsec_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - ipsec_sa->icv_len; - param.hash_result_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - ipsec_sa->icv_len; - - stats_length = param.cipher_range.length; - } else if (ipsec_sa->proto == ODP_IPSEC_AH) { - _odp_ahhdr_t ah; - - hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + - ipsec_sa->icv_len; - trl_len = 0; - - /* Save IPv4 stuff */ - ip_tos = ip->tos; - ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); - ip_ttl = ip->ttl; - - if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + odp_packet_copy_from_mem(*pkt, + ipsec_offset, _ODP_AHHDR_LEN, + &ah); + odp_packet_copy_from_mem(*pkt, + ipsec_offset + _ODP_AHHDR_LEN, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length); + _odp_packet_set_data(*pkt, + ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len, + 0, ipsec_sa->icv_len); - if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + state->ip->chksum = 0; + state->ip->tos = 0; + state->ip->frag_offset = 0; + state->ip->ttl = 0; - odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); + param->auth_range.offset = state->ip_offset; + param->auth_range.length = state->ip_tot_len; + param->hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len; - ip = odp_packet_l3_ptr(pkt, NULL); + state->stats_length = param->auth_range.length; - /* Set IPv4 length before authentication */ - ipv4_adjust_len(ip, hdr_len + trl_len); + return 0; +} - memset(&ah, 0, sizeof(ah)); - ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); - ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; - ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - ah.next_header = ip->proto; - ip->proto = _ODP_IPPROTO_AH; +static void ipsec_out_ah_post(ipsec_state_t *state) +{ + state->ip->ttl = state->ah_ipv4.ttl; + state->ip->tos = state->ah_ipv4.tos; + state->ip->frag_offset = state->ah_ipv4.frag_offset; +} - aad.spi = ah.spi; - aad.seq_no = ah.seq_no; +static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, + odp_ipsec_sa_t sa, + odp_packet_t *pkt_out, + const odp_ipsec_out_opt_t *opt ODP_UNUSED, + odp_ipsec_op_status_t *status) +{ + ipsec_state_t state; + ipsec_sa_t *ipsec_sa; + odp_crypto_packet_op_param_t param; + int rc; + odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; - param.aad.ptr = (uint8_t *)&aad; + state.ip_offset = odp_packet_l3_offset(pkt); + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); - /* For GMAC */ - if (ipsec_sa->use_counter_iv) { - uint64_t ctr; + state.ip = odp_packet_l3_ptr(pkt, NULL); + ODP_ASSERT(NULL != state.ip); - ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); - ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, - 1); - /* Check for overrun */ - if (ctr == 0) - goto err; + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - memcpy(iv + ipsec_sa->salt_length, &ctr, - ipsec_sa->esp_iv_len); - param.override_iv_ptr = iv; + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) { + rc = ipsec_parse_ipv4(&state); + if (state.ip_tot_len + state.ip_offset != odp_packet_len(pkt)) + rc = -1; + } else { + rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + if (rc < 0) { + status->error.alg = 1; + goto err; } - odp_packet_copy_from_mem(pkt, - ipsec_offset, _ODP_AHHDR_LEN, - &ah); - odp_packet_copy_from_mem(pkt, - ipsec_offset + _ODP_AHHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length); - _odp_packet_set_data(pkt, - ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len, - 0, ipsec_sa->icv_len); - - ip->chksum = 0; - ip->tos = 0; - ip->frag_offset = 0; - ip->ttl = 0; - - param.auth_range.offset = ip_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); - param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len; - - stats_length = param.auth_range.length; + rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + } + if (rc < 0) { + status->error.alg = 1; + goto err; + } + + if (ODP_IPSEC_ESP == ipsec_sa->proto) { + rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status); + } else if (ODP_IPSEC_AH == ipsec_sa->proto) { + rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status); } else { status->error.alg = 1; goto err; } + if (rc < 0) + goto err; /* No need to run precheck here, we know that packet is authentic */ - if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + if (_odp_ipsec_sa_stats_update(ipsec_sa, + state.stats_length, + status) < 0) goto err; param.session = ipsec_sa->session; @@ -922,14 +1032,9 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto err; } - ip = odp_packet_l3_ptr(pkt, NULL); - /* Finalize the IPv4 header */ - if (ip->proto == _ODP_IPPROTO_AH) { - ip->ttl = ip_ttl; - ip->tos = ip_tos; - ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); - } + if (ODP_IPSEC_AH == ipsec_sa->proto) + ipsec_out_ah_post(&state); _odp_ipv4_csum_update(pkt); From patchwork Tue Dec 12 17:00:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121574 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4377418qgn; Tue, 12 Dec 2017 09:04:54 -0800 (PST) X-Google-Smtp-Source: ACJfBovva+ByFB+eTjZgChoqqbDAegtdjXS4H/IR7Iak9bQPmdBPGTxV/7SoHHtb0ST1hCQCKp5W X-Received: by 10.55.146.65 with SMTP id u62mr6531911qkd.112.1513098294488; Tue, 12 Dec 2017 09:04:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513098294; cv=none; d=google.com; s=arc-20160816; b=H9Z6LdWbdhFu9WbACXGu1dPRP+o7QcZud8aQE8g7VvdB4wUztZAfn7UH+lJ/o3Duys 3sDn0+WP3RowlLHWYdfX7tyInxplsdu6XQkEQd3x76Qz1obSEvbhbqUmEkNrqVArVi8I IjaJQB6cd7cWqElWRgOd3xezInABAd01lZQBxfT/sCsZofPANa5wcB+ybPdG8U5xO2sr i7OOYr6659jcwyhQM5YhY9z//Z4uc/pyyZh7Z1hZrcarsXiBeS6iSQR89lzjvY+a8DZM GmYxzbmyYz92JQb47VKD7oHenipwDTOONrD/S+kIgR6+BxxfF6x0/qz8nsslbrcI5Xcv GPiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=09bQZnLNLSX2UsRErA6gwKPI0MQ8aVAaAbZr9w5tFaY=; b=pKGJNnEY8kogt3868d57obug7+02/OXz0LfWQCjWjxIKtQ1LfasmMqq8j2XkSUx4/4 OPxAjmGAcxH9CygrYoTgzN7DXjSL5wkijHi9qN5XWP1Pi6LRF9nxj0cBBRQyB51l4Gmz 3dOCEiND8THDaB2bGBr+wrX6mBu329bNN7TealhLxaBqe5y82AXc5DuDJnNv5qWhwKUi 9216ruc4QqpriggSxeRrgBcKP4o835iAZeuuSZDAYVyisA9OM3USPX+J2OY3TrwGS46N g9/RAkJq8aFhKNFnYwOqPgjCY4FHvZGR4fQEKzxFlizpSNECWhaa0ialwXJ/Z7E3jZqF IlEQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 96si12396595qks.35.2017.12.12.09.04.54; Tue, 12 Dec 2017 09:04:54 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2072A60607; Tue, 12 Dec 2017 17:04:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id E83B260825; Tue, 12 Dec 2017 17:01:34 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A8CAA60840; Tue, 12 Dec 2017 17:01:22 +0000 (UTC) Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net [5.45.198.241]) by lists.linaro.org (Postfix) with ESMTPS id 7EF5560607 for ; Tue, 12 Dec 2017 17:00:52 +0000 (UTC) Received: from mxback20j.mail.yandex.net (mxback20j.mail.yandex.net [IPv6:2a02:6b8:0:1619::114]) by forward101j.mail.yandex.net (Yandex) with ESMTP id 725F41242989 for ; Tue, 12 Dec 2017 20:00:51 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback20j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 86gRwOZBhI-0p78aX1c; Tue, 12 Dec 2017 20:00:51 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-0o9axnZh; Tue, 12 Dec 2017 20:00:50 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:34 +0300 Message-Id: <1513098047-19804-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 3/16] validation: ipsec: fix next_header field in mcgrew gcm test vectors X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Test vectors from draft-mcgrew-gcm-test-01 contain invalid next_header field in ESP trailers (0x01 = ICMP instead of 0x04 = IPv4). Correct test vectors. Test 12 is disabled till NoNH packets are properly supported in a defined way. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ test/validation/api/ipsec/ipsec_test_in.c | 4 ++++ test/validation/api/ipsec/test_vectors.h | 30 +++++++++++++++--------------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index daafaf69a..5af98112a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -947,6 +947,7 @@ static void test_in_ipv4_mcgrew_gcm_4_esp(void) ipsec_sa_destroy(sa); } +#if 0 static void test_in_ipv4_mcgrew_gcm_12_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; @@ -977,6 +978,7 @@ static void test_in_ipv4_mcgrew_gcm_12_esp(void) ipsec_sa_destroy(sa); } +#endif static void test_in_ipv4_mcgrew_gcm_15_esp(void) { @@ -1094,8 +1096,10 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_aes_gcm_256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_4_esp, ipsec_check_esp_aes_gcm_128), +#if 0 ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_12_esp, ipsec_check_esp_aes_gcm_128), +#endif ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_15_esp, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 51aa97ccb..c057f7765 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -1021,9 +1021,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_2_esp = { 0x3d, 0xe8, 0x18, 0x27, 0xc1, 0x0e, 0x9a, 0x4f, 0x51, 0x33, 0x0d, 0x0e, 0xec, 0x41, 0x66, 0x42, 0xcf, 0xbb, 0x85, 0xa5, 0xb4, 0x7e, 0x48, 0xa4, - 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd1, - 0x83, 0xb7, 0x0d, 0x3a, 0xa8, 0xbc, 0x6e, 0xe4, - 0xc3, 0x09, 0xe9, 0xd8, 0x5a, 0x41, 0xad, 0x4a, + 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd4, + 0x26, 0xf8, 0x39, 0x1b, 0x99, 0x27, 0xd0, 0xfc, + 0xc9, 0x84, 0x56, 0x1b, 0xbb, 0xce, 0x9f, 0xc0, }, }; @@ -1078,9 +1078,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_3_esp = { 0x06, 0xef, 0xae, 0x9d, 0x65, 0xa5, 0xd7, 0x63, 0x74, 0x8a, 0x63, 0x79, 0x85, 0x77, 0x1d, 0x34, 0x7f, 0x05, 0x45, 0x65, 0x9f, 0x14, 0xe9, 0x9d, - 0xef, 0x84, 0x2d, 0x8e, 0xb3, 0x35, 0xf4, 0xee, - 0xcf, 0xdb, 0xf8, 0x31, 0x82, 0x4b, 0x4c, 0x49, - 0x15, 0x95, 0x6c, 0x96, + 0xef, 0x84, 0x2d, 0x8b, 0x42, 0xf5, 0x64, 0xf5, + 0x2d, 0xfd, 0xd6, 0xee, 0xf4, 0xf9, 0x2e, 0xad, + 0xba, 0xc2, 0x39, 0x90, }, }; @@ -1137,9 +1137,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_4_esp = { 0x45, 0x64, 0x76, 0x49, 0x27, 0x19, 0xff, 0xb6, 0x4d, 0xe7, 0xd9, 0xdc, 0xa1, 0xe1, 0xd8, 0x94, 0xbc, 0x3b, 0xd5, 0x78, 0x73, 0xed, 0x4d, 0x18, - 0x1d, 0x19, 0xd4, 0xd5, 0xc8, 0xc1, 0x8a, 0xf3, - 0xf8, 0x21, 0xd4, 0x96, 0xee, 0xb0, 0x96, 0xe9, - 0x8a, 0xd2, 0xb6, 0x9e, 0x47, 0x99, 0xc7, 0x1d, + 0x1d, 0x19, 0xd4, 0xd5, 0xc8, 0xc1, 0x8a, 0xf6, + 0xfe, 0x1d, 0x73, 0x72, 0x22, 0x8a, 0x69, 0xf4, + 0x0d, 0xeb, 0x37, 0x3d, 0xdc, 0x01, 0x67, 0x6b, }, }; @@ -1177,9 +1177,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_12_esp = { 0x43, 0x45, 0x7e, 0x91, 0x82, 0x44, 0x3b, 0xc6, /* Data */ - 0x43, 0x7f, 0x86, 0x6b, 0xcb, 0x3f, 0x69, 0x9f, - 0xe9, 0xb0, 0x82, 0x2b, 0xac, 0x96, 0x1c, 0x45, - 0x04, 0xbe, 0xf2, 0x70, + 0x43, 0x7f, 0x86, 0x51, 0x7e, 0xa5, 0x95, 0xd2, + 0xca, 0x00, 0x4c, 0x33, 0x38, 0x8c, 0x46, 0x77, + 0x0c, 0x59, 0x0a, 0xd6, }, }; @@ -1234,9 +1234,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = { 0x02, 0x00, 0x07, 0x00, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, - 0x01, 0x02, 0x02, 0x01, 0xf2, 0xa9, 0xa8, 0x36, - 0xe1, 0x55, 0x10, 0x6a, 0xa8, 0xdc, 0xd6, 0x18, - 0xe4, 0x09, 0x9a, 0xaa, + 0x01, 0x02, 0x02, 0x04, 0x59, 0x4f, 0x40, 0x55, + 0x42, 0x8d, 0x39, 0x9a, 0x9d, 0x66, 0xc1, 0x5e, + 0x77, 0x02, 0x3a, 0x98, }, }; From patchwork Tue Dec 12 17:00:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121575 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4378819qgn; Tue, 12 Dec 2017 09:05:49 -0800 (PST) X-Google-Smtp-Source: ACJfBovqdYCgJhSbVR0D/iPFs8JY8xz3imI/qeAjLMQ6fuXbg3Bp61da8OtHYkwd9PvCFMjvWCL6 X-Received: by 10.55.98.134 with SMTP id w128mr6046227qkb.292.1513098349188; Tue, 12 Dec 2017 09:05:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513098349; cv=none; d=google.com; s=arc-20160816; b=Ukihyh58s+UVkfB+7PriFQUd8GGJWL80/VVFnfO2k8LDn3DtXWGZGX6RwU10oRdAIL TZWNFcAqihUhOoEhsa45LcwQhLvwtwyF7ogzlkSEKxWKtnKUY6KF/baPi+ZFGvjATm2Z woqj8h9INZaSsm1caxdY+w7CBsoijWz/C3X+WHopAGWt8n3i1b2+C2nXlyE9mUQ58s4m tgkokhwLuPrR4ZQwReB0nL2RufMftb0b/LRtDtm7KBhrIbcnJqqfJUdlMa1zx8doHKV7 ErNxiFUx3Oyuye5F2M0Tlwns7ISRna9dktBCACKW4se+ovMSjMTSfKh4m3LknvZ4DFgi tGOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=NSEtj5Dcj9VsH63vLkFI82i9qiIYwmI1UfJp/p1L7Vs=; b=EfHg2OkePHnw90UNjJEpXYu3ofvCTbKd0bjJC2P0SFYt4mCpaVN2ZBb/5DfX1/Vowi +hgPMB5WxbVMF7pNav9mCLQ/KQuXUG73/xcJ2viESEeUui3qr5ozZbDU0UHabs1bgyTe r2Hb/8qKEhtoHytcijfxq19cQWr4JOtRSzA6/Y5kG1gbH0ThENJZVIsXxSSq3upZd/HK C6bQKjLyxyhbW4OP9SxPZPjCQlfrz92fejtOPem00GPWflTTO2CAlB5MWvMdnjbBTy9a 1f1LwRP5GI48nOwxOqABg4byg4wwtmIZ9YNBxzY3dS19l0Xnp99LvmuPchE7qaZhubch 0lmw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id m6si5756488qtb.254.2017.12.12.09.05.46; Tue, 12 Dec 2017 09:05:49 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6549060819; Tue, 12 Dec 2017 17:05:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 446D8608FF; Tue, 12 Dec 2017 17:01:42 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5BC1B60607; Tue, 12 Dec 2017 17:01:23 +0000 (UTC) Received: from forward100j.mail.yandex.net (forward100j.mail.yandex.net [5.45.198.240]) by lists.linaro.org (Postfix) with ESMTPS id 4F9E96074A for ; Tue, 12 Dec 2017 17:00:53 +0000 (UTC) Received: from mxback5j.mail.yandex.net (mxback5j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10e]) by forward100j.mail.yandex.net (Yandex) with ESMTP id C50675D834AA for ; Tue, 12 Dec 2017 20:00:51 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback5j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id lKxGlCne4u-0pRSCX4m; Tue, 12 Dec 2017 20:00:51 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-0p9832nK; Tue, 12 Dec 2017 20:00:51 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:35 +0300 Message-Id: <1513098047-19804-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 4/16] linux-gen: don't include odp_ipsec_internal.h in odp_packet_internal.h X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Such include adds unnecessary build dependencies. Just include , which is enough. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ platform/linux-generic/include/odp_packet_internal.h | 2 +- platform/linux-generic/pktio/loop.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp_packet_internal.h b/platform/linux-generic/include/odp_packet_internal.h index a16ec3161..0f661679e 100644 --- a/platform/linux-generic/include/odp_packet_internal.h +++ b/platform/linux-generic/include/odp_packet_internal.h @@ -25,7 +25,7 @@ extern "C" { #include #include #include -#include +#include #include #include diff --git a/platform/linux-generic/pktio/loop.c b/platform/linux-generic/pktio/loop.c index 96df72724..f887e1a2d 100644 --- a/platform/linux-generic/pktio/loop.c +++ b/platform/linux-generic/pktio/loop.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include From patchwork Tue Dec 12 17:00:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121580 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4388339qgn; Tue, 12 Dec 2017 09:13:28 -0800 (PST) X-Google-Smtp-Source: ACJfBos/2122O72k2CqRdzewDbtP3FwrSa/FEzXVRAw7UGJgk7tmfgVhwfJJtmaXKf4bDknHPRZn X-Received: by 10.200.34.239 with SMTP id g44mr6800090qta.11.1513098808317; Tue, 12 Dec 2017 09:13:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513098808; cv=none; d=google.com; s=arc-20160816; b=E+U++PBXKEatPULl+mXnTzpgtAE+IYHNX8khXUVMj+y1TNaZ8OGGHuKmvKymHSE6dX LqBCT8jVegn9lRKKMa3DsIVQMeH35PTdzyo3jhQ/SsyK/pdggOvOkIagOO8fi3itJ3Gz pAfrj4Z8aZxegSXUFe++J4EURpZ71aRrbtLLCc92fQOK/U8QRI5/Ei62wVh/EC8j/u2Q 4Ur8cLMxWGFNnVPT6TEQDugae2O052DtRdZy+kUV7755TJMGp84VLFiH5uhNMYmUE1wJ +9hf1LUjCIsbjEV7VvGY5f+4PSQeZd29vuUsgBx6+KsLKsBthPX3zuSA5BwhhwdlWwKi 6UwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=2ylr3GltaMVp5WLY3E75Y+XVHajSFv69n6hJqZTyukU=; b=DePAowTWDkEjBWJdFlPoe5Q0DtdcvCveyQEbptto5Bp3InClDG9H7WiwKCw27fv8Bx o5V4h3H024B56otGxY3i77xCq6nokJvciJDAEGGKzj5Bon5hM3odffu8HiO8UQqR0uof pD681GPVJ+CamraIalYjQqhu9C8I6HiXLWkJYVBR5p1LeoNzyVcKkyC0J8Ftra6PCIdf 0ROO5vVVMdqguYwh7sI38+i8BsKDgbLKBGI1RBCXT+X5fXA1EzCxP0ws9Pgv0BdgEpgb hBGrVCtmN+dPwkShWjT7sdkfyedjIssvZYQ+ImuEk1mwAvorNNza346qeeqLBpAuWg9k IUQA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id d10si67268qkg.301.2017.12.12.09.13.28; Tue, 12 Dec 2017 09:13:28 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id E1C15609E3; Tue, 12 Dec 2017 17:13:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 1EA5E6088A; Tue, 12 Dec 2017 17:02:20 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3CC4060955; Tue, 12 Dec 2017 17:02:16 +0000 (UTC) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248]) by lists.linaro.org (Postfix) with ESMTPS id 6C19D60819 for ; Tue, 12 Dec 2017 17:00:59 +0000 (UTC) Received: from mxback5o.mail.yandex.net (mxback5o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1f]) by forward105j.mail.yandex.net (Yandex) with ESMTP id 53BAF1843D5 for ; Tue, 12 Dec 2017 20:00:58 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback5o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 6eAIQKgsJA-0qFO8Rfe; Tue, 12 Dec 2017 20:00:52 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-0p9axMJj; Tue, 12 Dec 2017 20:00:51 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:36 +0300 Message-Id: <1513098047-19804-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 5/16] linux-gen: protocols: ip: add more ipv6 defines X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ platform/linux-generic/include/protocols/ip.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/platform/linux-generic/include/protocols/ip.h b/platform/linux-generic/include/protocols/ip.h index 0fc391abe..7b6b736a6 100644 --- a/platform/linux-generic/include/protocols/ip.h +++ b/platform/linux-generic/include/protocols/ip.h @@ -161,11 +161,13 @@ typedef struct ODP_PACKED { #define _ODP_IPPROTO_IPIP 0x04 /**< IP Encapsulation within IP (4) */ #define _ODP_IPPROTO_TCP 0x06 /**< Transmission Control Protocol (6) */ #define _ODP_IPPROTO_UDP 0x11 /**< User Datagram Protocol (17) */ +#define _ODP_IPPROTO_IPV6 0x29 /**< IPv6 Routing header (41) */ #define _ODP_IPPROTO_ROUTE 0x2B /**< IPv6 Routing header (43) */ #define _ODP_IPPROTO_FRAG 0x2C /**< IPv6 Fragment (44) */ #define _ODP_IPPROTO_AH 0x33 /**< Authentication Header (51) */ #define _ODP_IPPROTO_ESP 0x32 /**< Encapsulating Security Payload (50) */ #define _ODP_IPPROTO_ICMPv6 0x3A /**< Internet Control Message Protocol (58) */ +#define _ODP_IPPROTO_DEST 0x3C /**< IPv6 Destination header (60) */ #define _ODP_IPPROTO_SCTP 0x84 /**< Stream Control Transmission protocol (132) */ #define _ODP_IPPROTO_INVALID 0xFF /**< Reserved invalid by IANA */ From patchwork Tue Dec 12 17:00:37 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121582 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4389223qgn; Tue, 12 Dec 2017 09:14:18 -0800 (PST) X-Google-Smtp-Source: ACJfBosnLKPtA1ocNLS0JsScxh0r1Q7PcpuebSA05/20vfN1oQz9N8YDlSo4itShGJJ4T9mvPWSm X-Received: by 10.55.143.134 with SMTP id r128mr6131903qkd.320.1513098858206; Tue, 12 Dec 2017 09:14:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513098858; cv=none; d=google.com; s=arc-20160816; b=WLC6sjygPbZNI0Jn3ObIVhNdX9DwVN+ZHOeWlNAWefP8JE7h9TwQ4oc9p95RYX6srP MXlpM+L/E1NZzfn2mNjxN0DZz+34nIZpIQGwK47FRHNZAYE8+znVniktQ9SpzUkJPZlD dczu738WU+aRplsw60h7+R7ddUpI9KyN3xkk30mZcDzu2eqmmINDOBAYRXpX2lJY2b44 jKQo+xH5vXlrpcnLC38jW1qzwFRmXDbixq2V/bI4d5pzdYTDdl2gSm/qxF/8G2nAGwy/ GjTVKDdiBvM4SA97b89UbpcpEh5UUilX7oGwpcp5C5+dFC8CqEg7xxLwRkjz/uYagvuQ G2Dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=GVrSBmbhxvdAmtymp73Qf3+rd+YblRau2PDiy48ar/U=; b=JrWLuS30CEcK5BRDrug6ndpdwiY2K/qJwJ6Rjg2//VPtV7BNmmwAoE99oZyUe5M7mI dEtVGH7xW0wLyLeJEabIaSCKEUYPyQto4cV+oMHc9s78lTqW1CWzfQUDZdjDYBBLBpD7 19qzDZHZPgRmYAa5EdAlR+RsGmfDhgy/X4sch6IQAFYQ1lIMz8+289d4ffffjB0a1SNc jjjv74gHxeujnlNnNPTfOI3lRwr36F5XG6oaoX6HP3KKwAg6uz1MP1XAnaMcGYxkrBh1 y00K51N9iGwi+uXgItiRSEPheL10BY2QdJ+wd+Fl+ux/dUwFZP4XJ1zMTwlF4OD8gVHQ a+ig== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id c6si14496388qtb.368.2017.12.12.09.14.17; Tue, 12 Dec 2017 09:14:18 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id B93AC60954; Tue, 12 Dec 2017 17:14:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 7429B6095E; Tue, 12 Dec 2017 17:02:29 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 2386260954; Tue, 12 Dec 2017 17:02:19 +0000 (UTC) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [77.88.28.109]) by lists.linaro.org (Postfix) with ESMTPS id C558E607FB for ; Tue, 12 Dec 2017 17:01:00 +0000 (UTC) Received: from mxback13j.mail.yandex.net (mxback13j.mail.yandex.net [IPv6:2a02:6b8:0:1619::88]) by forward106p.mail.yandex.net (Yandex) with ESMTP id 50DA62D847E7 for ; Tue, 12 Dec 2017 20:00:59 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback13j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id OkYyhQ5Sko-0xASmqIR; Tue, 12 Dec 2017 20:00:59 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-0w9WPNqB; Tue, 12 Dec 2017 20:00:58 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:37 +0300 Message-Id: <1513098047-19804-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 6/16] linux-gen: ipsec: implement IPv6 protocol support X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Implement support for handling IPv6 packets and IPv6 tunnels. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ .../linux-generic/include/odp_ipsec_internal.h | 44 +- platform/linux-generic/odp_ipsec.c | 468 ++++++++++++++++----- platform/linux-generic/odp_ipsec_sad.c | 67 ++- 3 files changed, 440 insertions(+), 139 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 06447870b..b294e7c4a 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -24,6 +24,8 @@ extern "C" { #include #include +#include + /** @ingroup odp_ipsec * @{ */ @@ -127,10 +129,12 @@ struct ipsec_sa_s { unsigned dec_ttl : 1; unsigned copy_dscp : 1; unsigned copy_df : 1; + unsigned copy_flabel : 1; unsigned aes_ctr_iv : 1; /* Only for outbound */ unsigned use_counter_iv : 1; + unsigned tun_ipv4 : 1; /* Only for inbound */ unsigned antireplay : 1; @@ -140,23 +144,38 @@ struct ipsec_sa_s { union { struct { odp_ipsec_lookup_mode_t lookup_mode; - odp_u32be_t lookup_dst_ip; + odp_ipsec_ip_version_t lookup_ver; + union { + odp_u32be_t lookup_dst_ipv4; + uint8_t lookup_dst_ipv6[_ODP_IPV6ADDR_LEN]; + }; odp_atomic_u64_t antireplay; } in; struct { - odp_u32be_t tun_src_ip; - odp_u32be_t tun_dst_ip; - - /* 32-bit from which low 16 are used */ - odp_atomic_u32_t tun_hdr_id; - odp_atomic_u32_t seq; - odp_atomic_u64_t counter; /* for CTR/GCM */ + odp_atomic_u32_t seq; - uint8_t tun_ttl; - uint8_t tun_dscp; - uint8_t tun_df; + union { + struct { + odp_u32be_t src_ip; + odp_u32be_t dst_ip; + + /* 32-bit from which low 16 are used */ + odp_atomic_u32_t hdr_id; + + uint8_t ttl; + uint8_t dscp; + uint8_t df; + } tun_ipv4; + struct { + uint8_t src_ip[_ODP_IPV6ADDR_LEN]; + uint8_t dst_ip[_ODP_IPV6ADDR_LEN]; + uint8_t hlimit; + uint8_t dscp; + uint32_t flabel; + } tun_ipv6; + }; } out; }; }; @@ -171,7 +190,8 @@ typedef struct odp_ipsec_sa_lookup_s { /** SPI value */ uint32_t spi; - /* FIXME: IPv4 vs IPv6 */ + /** IP protocol version */ + odp_ipsec_ip_version_t ver; /** IP destination address (NETWORK ENDIAN) */ void *dst_addr; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 2b9de5771..714844675 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -125,6 +125,8 @@ static inline int _odp_ipv4_csum(odp_packet_t pkt, #define _ODP_IPV4HDR_CSUM_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, chksum) #define _ODP_IPV4HDR_PROTO_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, proto) +#define _ODP_IPV6HDR_NHDR_OFFSET ODP_OFFSETOF(_odp_ipv6hdr_t, next_hdr) +#define _ODP_IPV6HDREXT_NHDR_OFFSET ODP_OFFSETOF(_odp_ipv6hdr_ext_t, next_hdr) /** * Calculate and fill in IPv4 checksum @@ -159,11 +161,6 @@ static inline int _odp_ipv4_csum_update(odp_packet_t pkt) } #define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL((ip)->ver_ihl) * 4) -static inline -void ipv4_adjust_len(_odp_ipv4hdr_t *ip, int adj) -{ - ip->tot_len = odp_cpu_to_be_16(odp_be_to_cpu_16(ip->tot_len) + adj); -} static const uint8_t ipsec_padding[255] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -219,13 +216,17 @@ static inline odp_pktio_parser_layer_t parse_layer(odp_ipsec_proto_layer_t l) } typedef struct { - _odp_ipv4hdr_t *ip; + void *ip; unsigned stats_length; uint16_t ip_offset; uint16_t ip_hdr_len; uint16_t ip_tot_len; + uint16_t ip_next_hdr_offset; + uint8_t ip_next_hdr; + unsigned is_ipv4 : 1; union { struct { + uint32_t ip_flabel; uint16_t ip_df; uint8_t ip_tos; } out_tunnel; @@ -233,25 +234,76 @@ typedef struct { uint16_t hdr_len; uint16_t trl_len; } in; + odp_u32be_t ipv4_addr; + uint8_t ipv6_addr[_ODP_IPV6ADDR_LEN]; }; union { struct { uint8_t tos; uint8_t ttl; - uint16_t frag_offset; + odp_u16be_t frag_offset; } ah_ipv4; + struct { + odp_u32be_t ver_tc_flow; + uint8_t hop_limit; + } ah_ipv6; }; ipsec_aad_t aad; uint8_t iv[IPSEC_MAX_IV_LEN]; } ipsec_state_t; -static int ipsec_parse_ipv4(ipsec_state_t *state) +static int ipsec_parse_ipv4(ipsec_state_t *state, odp_packet_t pkt) { - if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(state->ip->frag_offset))) + _odp_ipv4hdr_t ipv4hdr; + + odp_packet_copy_to_mem(pkt, state->ip_offset, + _ODP_IPV4HDR_LEN, &ipv4hdr); + + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ipv4hdr.frag_offset))) return -1; - state->ip_hdr_len = ipv4_hdr_len(state->ip); - state->ip_tot_len = odp_be_to_cpu_16(state->ip->tot_len); + state->ip_hdr_len = ipv4_hdr_len(&ipv4hdr); + state->ip_tot_len = odp_be_to_cpu_16(ipv4hdr.tot_len); + state->ip_next_hdr = ipv4hdr.proto; + state->ip_next_hdr_offset = state->ip_offset + + _ODP_IPV4HDR_PROTO_OFFSET; + state->ipv4_addr = ipv4hdr.dst_addr; + + return 0; +} + +static int ipsec_parse_ipv6(ipsec_state_t *state, odp_packet_t pkt) +{ + _odp_ipv6hdr_t ipv6hdr; + _odp_ipv6hdr_ext_t ipv6hdrext; + + odp_packet_copy_to_mem(pkt, state->ip_offset, + _ODP_IPV6HDR_LEN, &ipv6hdr); + + state->ip_hdr_len = _ODP_IPV6HDR_LEN; + state->ip_next_hdr = ipv6hdr.next_hdr; + state->ip_next_hdr_offset = state->ip_offset + _ODP_IPV6HDR_NHDR_OFFSET; + /* FIXME: Jumbo frames */ + state->ip_tot_len = odp_be_to_cpu_16(ipv6hdr.payload_len) + + _ODP_IPV6HDR_LEN; + memcpy(state->ipv6_addr, &ipv6hdr.dst_addr, _ODP_IPV6ADDR_LEN); + + while (state->ip_next_hdr == _ODP_IPPROTO_HOPOPTS || + state->ip_next_hdr == _ODP_IPPROTO_DEST || + state->ip_next_hdr == _ODP_IPPROTO_ROUTE) { + odp_packet_copy_to_mem(pkt, + state->ip_offset + state->ip_hdr_len, + sizeof(ipv6hdrext), + &ipv6hdrext); + state->ip_next_hdr = ipv6hdrext.next_hdr; + state->ip_next_hdr_offset = state->ip_offset + + state->ip_hdr_len + + _ODP_IPV6HDREXT_NHDR_OFFSET; + state->ip_hdr_len += (ipv6hdrext.ext_len + 1) * 8; + } + + if (_ODP_IPPROTO_FRAG == state->ip_next_hdr) + return -1; return 0; } @@ -259,6 +311,7 @@ static int ipsec_parse_ipv4(ipsec_state_t *state) static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, odp_ipsec_protocol_t proto, uint32_t spi, + odp_ipsec_ip_version_t ver, void *dst_addr, odp_ipsec_op_status_t *status) { @@ -269,6 +322,7 @@ static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, lookup.proto = proto; lookup.spi = spi; + lookup.ver = ver; lookup.dst_addr = dst_addr; ipsec_sa = _odp_ipsec_sa_lookup(&lookup); @@ -332,7 +386,9 @@ static int ipsec_in_esp(odp_packet_t *pkt, ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_ESP, odp_be_to_cpu_32(esp.spi), - &state->ip->dst_addr, status); + state->is_ipv4 ? ODP_IPSEC_IPV4 : + ODP_IPSEC_IPV6, + &state->ipv4_addr, status); *_ipsec_sa = ipsec_sa; if (status->error.all) return -1; @@ -386,8 +442,10 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; - state->ip->proto = esptrl.next_header; + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, + 1, &esptrl.next_header); state->in.trl_len += esptrl.pad_len; + state->ip_next_hdr = esptrl.next_header; return 0; } @@ -413,7 +471,9 @@ static int ipsec_in_ah(odp_packet_t *pkt, ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_AH, odp_be_to_cpu_32(ah.spi), - &state->ip->dst_addr, status); + state->is_ipv4 ? ODP_IPSEC_IPV4 : + ODP_IPSEC_IPV6, + &state->ipv4_addr, status); *_ipsec_sa = ipsec_sa; if (status->error.all) return -1; @@ -429,19 +489,31 @@ static int ipsec_in_ah(odp_packet_t *pkt, state->in.hdr_len = (ah.ah_len + 2) * 4; state->in.trl_len = 0; - /* Save everything to context */ - state->ah_ipv4.tos = state->ip->tos; - state->ah_ipv4.frag_offset = state->ip->frag_offset; - state->ah_ipv4.ttl = state->ip->ttl; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + /* Save everything to context */ + state->ah_ipv4.tos = ipv4hdr->tos; + state->ah_ipv4.frag_offset = ipv4hdr->frag_offset; + state->ah_ipv4.ttl = ipv4hdr->ttl; + + /* FIXME: zero copy of header, passing it to crypto! */ + /* + * If authenticating, zero the mutable fields build the request + */ + ipv4hdr->chksum = 0; + ipv4hdr->tos = 0; + ipv4hdr->frag_offset = 0; + ipv4hdr->ttl = 0; + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; - /* FIXME: zero copy of header, passing it to crypto! */ - /* - * If authenticating, zero the mutable fields build the request - */ - state->ip->chksum = 0; - state->ip->tos = 0; - state->ip->frag_offset = 0; - state->ip->ttl = 0; + state->ah_ipv6.ver_tc_flow = ipv6hdr->ver_tc_flow; + state->ah_ipv6.hop_limit = ipv6hdr->hop_limit; + ipv6hdr->ver_tc_flow = + odp_cpu_to_be_32(6 << _ODP_IPV6HDR_VERSION_SHIFT); + ipv6hdr->hop_limit = 0; + } state->aad.spi = ah.spi; state->aad.seq_no = ah.seq_no; @@ -470,12 +542,23 @@ static int ipsec_in_ah_post(odp_packet_t pkt, sizeof(ah), &ah) < 0) return -1; - state->ip->proto = ah.next_header; + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, + 1, &ah.next_header); /* Restore mutable fields */ - state->ip->ttl = state->ah_ipv4.ttl; - state->ip->tos = state->ah_ipv4.tos; - state->ip->frag_offset = state->ah_ipv4.frag_offset; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + ipv4hdr->ttl = state->ah_ipv4.ttl; + ipv4hdr->tos = state->ah_ipv4.tos; + ipv4hdr->frag_offset = state->ah_ipv4.frag_offset; + } else { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv6hdr->ver_tc_flow = state->ah_ipv6.ver_tc_flow; + ipv6hdr->hop_limit = state->ah_ipv6.hop_limit; + } + state->ip_next_hdr = ah.next_header; return 0; } @@ -501,7 +584,17 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); - rc = ipsec_parse_ipv4(&state); + /* + * FIXME: maybe use packet flag as below ??? + * This adds requirement that input packets contain not only valid + * l3/l4 offsets, but also valid packet flags + * state.is_ipv4 = odp_packet_has_ipv4(pkt); + */ + state.is_ipv4 = (((uint8_t *)state.ip)[0] >> 4) == 0x4; + if (state.is_ipv4) + rc = ipsec_parse_ipv4(&state, pkt); + else + rc = ipsec_parse_ipv6(&state, pkt); if (rc < 0 || state.ip_tot_len + state.ip_offset > odp_packet_len(pkt)) { status->error.alg = 1; @@ -509,9 +602,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, } /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == state.ip->proto) { + if (_ODP_IPPROTO_ESP == state.ip_next_hdr) { rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); - } else if (_ODP_IPPROTO_AH == state.ip->proto) { + } else if (_ODP_IPPROTO_AH == state.ip_next_hdr) { rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else { status->error.proto = 1; @@ -587,6 +680,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } + state.ip_tot_len -= state.in.trl_len; if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { /* We have a tunneled IPv4 packet, strip outer and IPsec @@ -600,11 +694,14 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } - - if (odp_packet_len(pkt) > sizeof(*state.ip)) { - state.ip = odp_packet_l3_ptr(pkt, NULL); - state.ip->ttl -= ipsec_sa->dec_ttl; - _odp_ipv4_csum_update(pkt); + state.ip_tot_len -= state.ip_hdr_len + state.in.hdr_len; + if (_ODP_IPPROTO_IPIP == state.ip_next_hdr) { + state.is_ipv4 = 1; + } else if (_ODP_IPPROTO_IPV6 == state.ip_next_hdr) { + state.is_ipv4 = 0; + } else { + status->error.proto = 1; + goto err; } } else { odp_packet_move_data(pkt, state.in.hdr_len, 0, @@ -614,13 +711,30 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } + state.ip_tot_len -= state.in.hdr_len; + } - if (odp_packet_len(pkt) > sizeof(*state.ip)) { - state.ip = odp_packet_l3_ptr(pkt, NULL); - ipv4_adjust_len(state.ip, - -(state.in.hdr_len + state.in.trl_len)); - _odp_ipv4_csum_update(pkt); - } + /* Finalize the IPv4 header */ + if (state.is_ipv4 && odp_packet_len(pkt) > _ODP_IPV4HDR_LEN) { + _odp_ipv4hdr_t *ipv4hdr = odp_packet_l3_ptr(pkt, NULL); + + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) + ipv4hdr->tot_len = odp_cpu_to_be_16(state.ip_tot_len); + else + ipv4hdr->ttl -= ipsec_sa->dec_ttl; + _odp_ipv4_csum_update(pkt); + } else if (!state.is_ipv4 && odp_packet_len(pkt) > _ODP_IPV6HDR_LEN) { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) + ipv6hdr->payload_len = + odp_cpu_to_be_16(state.ip_tot_len - + _ODP_IPV6HDR_LEN); + else + ipv6hdr->hop_limit -= ipsec_sa->dec_ttl; + } else { + status->error.proto = 1; + goto err; } pkt_hdr = odp_packet_hdr(pkt); @@ -628,7 +742,10 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, packet_parse_reset(pkt_hdr); packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - state.ip_offset, _ODP_ETHTYPE_IPV4); + state.ip_offset, + state.is_ipv4 ? + _ODP_ETHTYPE_IPV4 : + _ODP_ETHTYPE_IPV6); *pkt_out = pkt; @@ -662,6 +779,24 @@ static int ipsec_out_tunnel_parse_ipv4(ipsec_state_t *state, ipv4hdr->ttl -= ipsec_sa->dec_ttl; state->out_tunnel.ip_tos = ipv4hdr->tos; state->out_tunnel.ip_df = _ODP_IPV4HDR_FLAGS_DONT_FRAG(flags); + state->out_tunnel.ip_flabel = 0; + + return 0; +} + +static int ipsec_out_tunnel_parse_ipv6(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + ipv6hdr->hop_limit -= ipsec_sa->dec_ttl; + state->out_tunnel.ip_tos = (ipv6hdr->ver_tc_flow & + _ODP_IPV6HDR_TC_MASK) >> + _ODP_IPV6HDR_TC_SHIFT; + state->out_tunnel.ip_df = 0; + state->out_tunnel.ip_flabel = (ipv6hdr->ver_tc_flow & + _ODP_IPV6HDR_FLOW_LABEL_MASK) >> + _ODP_IPV6HDR_FLOW_LABEL_SHIFT; return 0; } @@ -679,26 +814,25 @@ static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, else out_ip.tos = (state->out_tunnel.ip_tos & ~_ODP_IP_TOS_DSCP_MASK) | - (ipsec_sa->out.tun_dscp << + (ipsec_sa->out.tun_ipv4.dscp << _ODP_IP_TOS_DSCP_SHIFT); state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; state->ip_tot_len += _ODP_IPV4HDR_LEN; out_ip.tot_len = odp_cpu_to_be_16(state->ip_tot_len); /* No need to convert to BE: ID just should not be duplicated */ - out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, + out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_ipv4.hdr_id, 1); if (ipsec_sa->copy_df) flags = state->out_tunnel.ip_df; else - flags = ((uint16_t)ipsec_sa->out.tun_df) << 14; + flags = ((uint16_t)ipsec_sa->out.tun_ipv4.df) << 14; out_ip.frag_offset = odp_cpu_to_be_16(flags); - out_ip.ttl = ipsec_sa->out.tun_ttl; - out_ip.proto = _ODP_IPPROTO_IPIP; + out_ip.ttl = ipsec_sa->out.tun_ipv4.ttl; /* Will be filled later by packet checksum update */ out_ip.chksum = 0; - out_ip.src_addr = ipsec_sa->out.tun_src_ip; - out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; + out_ip.src_addr = ipsec_sa->out.tun_ipv4.src_ip; + out_ip.dst_addr = ipsec_sa->out.tun_ipv4.dst_ip; if (odp_packet_extend_head(pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) @@ -713,6 +847,70 @@ static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, state->ip = odp_packet_l3_ptr(*pkt, NULL); state->ip_hdr_len = _ODP_IPV4HDR_LEN; + if (state->is_ipv4) + state->ip_next_hdr = _ODP_IPPROTO_IPIP; + else + state->ip_next_hdr = _ODP_IPPROTO_IPV6; + state->ip_next_hdr_offset = state->ip_offset + + _ODP_IPV4HDR_PROTO_OFFSET; + + state->is_ipv4 = 1; + + return 0; +} + +static int ipsec_out_tunnel_ipv6(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv6hdr_t out_ip; + uint32_t ver; + + ver = 6 << _ODP_IPV6HDR_VERSION_SHIFT; + if (ipsec_sa->copy_dscp) + ver |= state->out_tunnel.ip_tos << _ODP_IPV6HDR_TC_SHIFT; + else + ver |= ((state->out_tunnel.ip_tos & + ~_ODP_IP_TOS_DSCP_MASK) | + (ipsec_sa->out.tun_ipv6.dscp << + _ODP_IP_TOS_DSCP_SHIFT)) << + _ODP_IPV6HDR_TC_SHIFT; + if (ipsec_sa->copy_flabel) + ver |= state->out_tunnel.ip_flabel; + else + ver |= ipsec_sa->out.tun_ipv6.flabel; + out_ip.ver_tc_flow = odp_cpu_to_be_32(ver); + + state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; + out_ip.payload_len = odp_cpu_to_be_16(state->ip_tot_len); + state->ip_tot_len += _ODP_IPV6HDR_LEN; + + out_ip.hop_limit = ipsec_sa->out.tun_ipv6.hlimit; + memcpy(&out_ip.src_addr, ipsec_sa->out.tun_ipv6.src_ip, + _ODP_IPV6ADDR_LEN); + memcpy(&out_ip.dst_addr, ipsec_sa->out.tun_ipv6.dst_ip, + _ODP_IPV6ADDR_LEN); + + if (odp_packet_extend_head(pkt, _ODP_IPV6HDR_LEN, + NULL, NULL) < 0) + return -1; + + odp_packet_move_data(*pkt, 0, _ODP_IPV6HDR_LEN, state->ip_offset); + + odp_packet_copy_from_mem(*pkt, state->ip_offset, + sizeof(out_ip), &out_ip); + + odp_packet_l4_offset_set(*pkt, state->ip_offset + _ODP_IPV6HDR_LEN); + + state->ip = odp_packet_l3_ptr(*pkt, NULL); + state->ip_hdr_len = _ODP_IPV6HDR_LEN; + if (state->is_ipv4) + state->ip_next_hdr = _ODP_IPPROTO_IPIP; + else + state->ip_next_hdr = _ODP_IPPROTO_IPV6; + state->ip_next_hdr_offset = state->ip_offset + _ODP_IPV6HDR_NHDR_OFFSET; + + state->is_ipv4 = 0; return 0; } @@ -770,6 +968,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; unsigned hdr_len; unsigned trl_len; + uint8_t proto = _ODP_IPPROTO_ESP; /* ESP trailer should be 32-bit right aligned */ if (pad_block < 4) @@ -790,6 +989,32 @@ static int ipsec_out_esp(odp_packet_t *pkt, param->override_iv_ptr = state->iv; + memset(&esp, 0, sizeof(esp)); + esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); + esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; + + param->aad.ptr = (uint8_t *)&state->aad; + + memset(&esptrl, 0, sizeof(esptrl)); + esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; + esptrl.next_header = state->ip_next_hdr; + + odp_packet_copy_from_mem(*pkt, state->ip_next_hdr_offset, 1, &proto); + state->ip_tot_len += hdr_len + trl_len; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + ipv4hdr->tot_len = odp_cpu_to_be_16(state->ip_tot_len); + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + ipv6hdr->payload_len = odp_cpu_to_be_16(state->ip_tot_len - + _ODP_IPV6HDR_LEN); + } + if (odp_packet_extend_tail(pkt, trl_len, NULL, NULL) < 0 || odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; @@ -798,32 +1023,12 @@ static int ipsec_out_esp(odp_packet_t *pkt, odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - state->ip = odp_packet_l3_ptr(*pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(state->ip, hdr_len + trl_len); - state->ip_tot_len += hdr_len + trl_len; - uint32_t esptrl_offset = state->ip_offset + state->ip_hdr_len + hdr_len + encrypt_len - _ODP_ESPTRL_LEN; - memset(&esp, 0, sizeof(esp)); - esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); - esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; - - memset(&esptrl, 0, sizeof(esptrl)); - esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; - esptrl.next_header = state->ip->proto; - state->ip->proto = _ODP_IPPROTO_ESP; - odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); @@ -857,6 +1062,12 @@ static int ipsec_out_esp(odp_packet_t *pkt, return 0; } +static void ipsec_out_esp_post(ipsec_state_t *state, odp_packet_t pkt) +{ + if (state->is_ipv4) + _odp_ipv4_csum_update(pkt); +} + static int ipsec_out_ah(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, @@ -867,31 +1078,44 @@ static int ipsec_out_ah(odp_packet_t *pkt, unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + ipsec_sa->icv_len; uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; - - /* Save IPv4 stuff */ - state->ah_ipv4.tos = state->ip->tos; - state->ah_ipv4.frag_offset = state->ip->frag_offset; - state->ah_ipv4.ttl = state->ip->ttl; - - if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - return -1; - } - - odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - - state->ip = odp_packet_l3_ptr(*pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(state->ip, hdr_len); - state->ip_tot_len += hdr_len; + uint8_t proto = _ODP_IPPROTO_AH; memset(&ah, 0, sizeof(ah)); ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); - ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - ah.next_header = state->ip->proto; - state->ip->proto = _ODP_IPPROTO_AH; + ah.next_header = state->ip_next_hdr; + + odp_packet_copy_from_mem(*pkt, state->ip_next_hdr_offset, 1, &proto); + /* Save IP stuff */ + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + state->ah_ipv4.tos = ipv4hdr->tos; + state->ah_ipv4.frag_offset = ipv4hdr->frag_offset; + state->ah_ipv4.ttl = ipv4hdr->ttl; + ipv4hdr->chksum = 0; + ipv4hdr->tos = 0; + ipv4hdr->frag_offset = 0; + ipv4hdr->ttl = 0; + hdr_len = IPSEC_PAD_LEN(hdr_len, 4); + state->ip_tot_len += hdr_len; + ipv4hdr->tot_len = odp_cpu_to_be_16(state->ip_tot_len); + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + state->ah_ipv6.ver_tc_flow = ipv6hdr->ver_tc_flow; + state->ah_ipv6.hop_limit = ipv6hdr->hop_limit; + ipv6hdr->ver_tc_flow = + odp_cpu_to_be_32(6 << _ODP_IPV6HDR_VERSION_SHIFT); + ipv6hdr->hop_limit = 0; + + hdr_len = IPSEC_PAD_LEN(hdr_len, 8); + state->ip_tot_len += hdr_len; + ipv6hdr->payload_len = odp_cpu_to_be_16(state->ip_tot_len - + _ODP_IPV6HDR_LEN); + } + + ah.ah_len = hdr_len / 4 - 2; state->aad.spi = ah.spi; state->aad.seq_no = ah.seq_no; @@ -906,6 +1130,13 @@ static int ipsec_out_ah(odp_packet_t *pkt, param->override_iv_ptr = state->iv; + if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } + + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_AHHDR_LEN, &ah); @@ -916,12 +1147,8 @@ static int ipsec_out_ah(odp_packet_t *pkt, _odp_packet_set_data(*pkt, ipsec_offset + _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len, - 0, ipsec_sa->icv_len); - - state->ip->chksum = 0; - state->ip->tos = 0; - state->ip->frag_offset = 0; - state->ip->ttl = 0; + 0, + hdr_len - _ODP_AHHDR_LEN - ipsec_sa->esp_iv_len); param->auth_range.offset = state->ip_offset; param->auth_range.length = state->ip_tot_len; @@ -933,11 +1160,22 @@ static int ipsec_out_ah(odp_packet_t *pkt, return 0; } -static void ipsec_out_ah_post(ipsec_state_t *state) +static void ipsec_out_ah_post(ipsec_state_t *state, odp_packet_t pkt) { - state->ip->ttl = state->ah_ipv4.ttl; - state->ip->tos = state->ah_ipv4.tos; - state->ip->frag_offset = state->ah_ipv4.frag_offset; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv4hdr->ttl = state->ah_ipv4.ttl; + ipv4hdr->tos = state->ah_ipv4.tos; + ipv4hdr->frag_offset = state->ah_ipv4.frag_offset; + + _odp_ipv4_csum_update(pkt); + } else { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv6hdr->ver_tc_flow = state->ah_ipv6.ver_tc_flow; + ipv6hdr->hop_limit = state->ah_ipv6.hop_limit; + } } static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, @@ -965,18 +1203,30 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); + state.is_ipv4 = (((uint8_t *)state.ip)[0] >> 4) == 0x4; + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) { - rc = ipsec_parse_ipv4(&state); + if (state.is_ipv4) + rc = ipsec_parse_ipv4(&state, pkt); + else + rc = ipsec_parse_ipv6(&state, pkt); + if (state.ip_tot_len + state.ip_offset != odp_packet_len(pkt)) rc = -1; } else { - rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + if (state.is_ipv4) + rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + else + rc = ipsec_out_tunnel_parse_ipv6(&state, ipsec_sa); if (rc < 0) { status->error.alg = 1; goto err; } - rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + if (ipsec_sa->tun_ipv4) + rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + else + rc = ipsec_out_tunnel_ipv6(&pkt, &state, ipsec_sa); } if (rc < 0) { status->error.alg = 1; @@ -1033,8 +1283,10 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, } /* Finalize the IPv4 header */ - if (ODP_IPSEC_AH == ipsec_sa->proto) - ipsec_out_ah_post(&state); + if (ODP_IPSEC_ESP == ipsec_sa->proto) + ipsec_out_esp_post(&state, pkt); + else if (ODP_IPSEC_AH == ipsec_sa->proto) + ipsec_out_ah_post(&state, pkt); _odp_ipv4_csum_update(pkt); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 0287d6f73..812ad0c46 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -211,10 +211,18 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; - if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) - memcpy(&ipsec_sa->in.lookup_dst_ip, - param->inbound.lookup_param.dst_addr, - sizeof(ipsec_sa->in.lookup_dst_ip)); + if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) { + ipsec_sa->in.lookup_ver = + param->inbound.lookup_param.ip_version; + if (ODP_IPSEC_IPV4 == ipsec_sa->in.lookup_ver) + memcpy(&ipsec_sa->in.lookup_dst_ipv4, + param->inbound.lookup_param.dst_addr, + sizeof(ipsec_sa->in.lookup_dst_ipv4)); + else + memcpy(&ipsec_sa->in.lookup_dst_ipv6, + param->inbound.lookup_param.dst_addr, + sizeof(ipsec_sa->in.lookup_dst_ipv6)); + } if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) return ODP_IPSEC_SA_INVALID; @@ -226,6 +234,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->dec_ttl = param->opt.dec_ttl; ipsec_sa->copy_dscp = param->opt.copy_dscp; ipsec_sa->copy_df = param->opt.copy_df; + ipsec_sa->copy_flabel = param->opt.copy_flabel; odp_atomic_store_u64(&ipsec_sa->bytes, 0); odp_atomic_store_u64(&ipsec_sa->packets, 0); @@ -236,19 +245,36 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode && ODP_IPSEC_DIR_OUTBOUND == param->dir) { - if (param->outbound.tunnel.type != ODP_IPSEC_TUNNEL_IPV4) - goto error; - - memcpy(&ipsec_sa->out.tun_src_ip, - param->outbound.tunnel.ipv4.src_addr, - sizeof(ipsec_sa->out.tun_src_ip)); - memcpy(&ipsec_sa->out.tun_dst_ip, - param->outbound.tunnel.ipv4.dst_addr, - sizeof(ipsec_sa->out.tun_dst_ip)); - odp_atomic_init_u32(&ipsec_sa->out.tun_hdr_id, 0); - ipsec_sa->out.tun_ttl = param->outbound.tunnel.ipv4.ttl; - ipsec_sa->out.tun_dscp = param->outbound.tunnel.ipv4.dscp; - ipsec_sa->out.tun_df = param->outbound.tunnel.ipv4.df; + if (ODP_IPSEC_TUNNEL_IPV4 == param->outbound.tunnel.type) { + ipsec_sa->tun_ipv4 = 1; + memcpy(&ipsec_sa->out.tun_ipv4.src_ip, + param->outbound.tunnel.ipv4.src_addr, + sizeof(ipsec_sa->out.tun_ipv4.src_ip)); + memcpy(&ipsec_sa->out.tun_ipv4.dst_ip, + param->outbound.tunnel.ipv4.dst_addr, + sizeof(ipsec_sa->out.tun_ipv4.dst_ip)); + odp_atomic_init_u32(&ipsec_sa->out.tun_ipv4.hdr_id, 0); + ipsec_sa->out.tun_ipv4.ttl = + param->outbound.tunnel.ipv4.ttl; + ipsec_sa->out.tun_ipv4.dscp = + param->outbound.tunnel.ipv4.dscp; + ipsec_sa->out.tun_ipv4.df = + param->outbound.tunnel.ipv4.df; + } else { + ipsec_sa->tun_ipv4 = 0; + memcpy(&ipsec_sa->out.tun_ipv6.src_ip, + param->outbound.tunnel.ipv6.src_addr, + sizeof(ipsec_sa->out.tun_ipv6.src_ip)); + memcpy(&ipsec_sa->out.tun_ipv6.dst_ip, + param->outbound.tunnel.ipv6.dst_addr, + sizeof(ipsec_sa->out.tun_ipv6.dst_ip)); + ipsec_sa->out.tun_ipv6.hlimit = + param->outbound.tunnel.ipv6.hlimit; + ipsec_sa->out.tun_ipv6.dscp = + param->outbound.tunnel.ipv6.dscp; + ipsec_sa->out.tun_ipv6.flabel = + param->outbound.tunnel.ipv6.flabel; + } } odp_crypto_session_param_init(&crypto_param); @@ -485,8 +511,11 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode && lookup->proto == ipsec_sa->proto && lookup->spi == ipsec_sa->spi && - !memcmp(lookup->dst_addr, &ipsec_sa->in.lookup_dst_ip, - sizeof(ipsec_sa->in.lookup_dst_ip))) { + lookup->ver == ipsec_sa->in.lookup_ver && + !memcmp(lookup->dst_addr, &ipsec_sa->in.lookup_dst_ipv4, + lookup->ver == ODP_IPSEC_IPV4 ? + _ODP_IPV4ADDR_LEN : + _ODP_IPV6ADDR_LEN)) { if (NULL != best) _odp_ipsec_sa_unuse(best); return ipsec_sa; From patchwork Tue Dec 12 17:00:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121591 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4395690qgn; Tue, 12 Dec 2017 09:20:17 -0800 (PST) X-Google-Smtp-Source: ACJfBotZkJ6mFlYJ5OPkvHRyGTPhUEBCYK8Luoahod1uUGcOXLjzqO9JqhcOZbOKUbI7yhWFjD0Y X-Received: by 10.55.33.13 with SMTP id h13mr6473641qkh.176.1513099217816; Tue, 12 Dec 2017 09:20:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513099217; cv=none; d=google.com; s=arc-20160816; b=iiK1b9KDBcr4yWFFnBmNclcjGTEhqFNgdRXQmbrJ+VgNVNEr+73pLqEa7++0RQE/19 a23ErLYJcHZkhBGhJiLaIXvmZhA24LJK+iOnS0vOYCqxKdBlWz0aYILOoXpttO6kaL4w NNpr4O7MBwu6SS1KC7Jr3BHxAj9xgdC31pqZiHMl/Qn34fZ0jWE8NcYZECum+EsK75Nh KaAK28GOf6KhN+3/c2Gsvn2AeQ3oY5HwWCadxaPWT3uxkifiwknVk+UtyQcNsJEfJEnu nmW4Vbdt9eKZRd3msaiWquIIAnlwvUvj7iJDBVxOEJeTVxVvFjbJa0cWHdlYO91tFz6H 9HuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=7w953natUDebcat4ynSxVDwOUKsgvBwnVIf2o/V3QVM=; b=dNcyV/eh40W/BPR5fJtSuqSwnQrvrbDpZ1hn1V1ZPQa4EkiU15D+WARstMW56LAxTC BWkt9sxn0ixS52XJj70a1nIJHMHF/ZCvBmYNFVyEVdI9EyhoGePjMxIbrwaXAPafmcay +sUEsV64gza4GfRdOMZ/ooAzxZh0khUm5/azkuW4GZZL9D/c/xU3+uTZONdH5GS/B/mD umIU0tUyAZwNff0OAgUJtGU9mfaFwWS4+r8ZZAoh6UnzLAbdbJDt3Kc8pB8pixqiKv5O 1oWvTM+tLYOhSr6u3xc54iiHmEbQdZvCCdk2sGKV3/4SRzjcbtrS1S3OD4m0/V6eM5Jc +Emg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id s7si2029957qte.344.2017.12.12.09.20.17; Tue, 12 Dec 2017 09:20:17 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6D41860956; Tue, 12 Dec 2017 17:20:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 384BC6071D; Tue, 12 Dec 2017 17:03:16 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 953106095D; Tue, 12 Dec 2017 17:02:53 +0000 (UTC) Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net [37.140.190.182]) by lists.linaro.org (Postfix) with ESMTPS id C1A706086F for ; Tue, 12 Dec 2017 17:01:01 +0000 (UTC) Received: from mxback15j.mail.yandex.net (mxback15j.mail.yandex.net [IPv6:2a02:6b8:0:1619::91]) by forward102o.mail.yandex.net (Yandex) with ESMTP id 4A9115A04250 for ; Tue, 12 Dec 2017 20:01:00 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback15j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id ChB4XdHk1A-10JqRWOG; Tue, 12 Dec 2017 20:01:00 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-0x9ixEcT; Tue, 12 Dec 2017 20:00:59 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:38 +0300 Message-Id: <1513098047-19804-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 7/16] validation: ipsec: add tests for IPv6 functionality X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ test/validation/api/ipsec/ipsec_test_in.c | 262 +++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 331 +++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 443 +++++++++++++++++++++++++++++ 3 files changed, 1036 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 5af98112a..15e1fe14f 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -71,6 +71,37 @@ static void test_in_ipv4_ah_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_ah_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_tun_ipv4_notun(void) { odp_ipsec_sa_param_t param; @@ -314,6 +345,37 @@ static void test_in_ipv4_esp_null_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_esp_null_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; @@ -1071,6 +1133,190 @@ static void test_in_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_in_ipv6_ah_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_ah_sha256_tun_ipv4(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_ah_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256_tun_ipv4(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -1106,6 +1352,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4_notun, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256, @@ -1122,6 +1370,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, @@ -1148,5 +1398,17 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256_tun_ipv4, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv4, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 757b90059..f4e71dced 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -83,6 +83,50 @@ static void test_out_ipv4_ah_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_ah_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; @@ -152,6 +196,51 @@ static void test_out_ipv4_esp_null_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_esp_null_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; @@ -380,6 +469,232 @@ static void test_out_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_out_ipv6_ah_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_ah_sha256_tun_ipv4(void) +{ + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV4, + .ipv4.src_addr = &src, + .ipv4.dst_addr = &dst, + .ipv4.ttl = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_ah_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256_tun_ipv4(void) +{ + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV4, + .ipv4.src_addr = &src, + .ipv4.dst_addr = &dst, + .ipv4.ttl = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = &src, + .ipv6.dst_addr = &dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -393,10 +708,14 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, @@ -409,5 +728,17 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv4, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv4, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index c057f7765..211f349d0 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -204,6 +204,54 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1 = { + .len = 214, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x33, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* AH */ + 0x04, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x2b, 0x45, 0xbe, 0xd2, 0x9c, 0x9c, 0x3e, 0x0d, + 0xe0, 0x32, 0xaf, 0xa0, 0x2d, 0x26, 0xe1, 0x91, + 0x00, 0x00, 0x00, 0x00, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad1 = { .len = 168, .l2_offset = 0, @@ -418,6 +466,57 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1 = { + .len = 210, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x9c, 0x32, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x04, + + /* ICV */ + 0x73, 0x8d, 0xf6, 0x9a, 0x26, 0x06, 0x4d, 0xa1, + 0x88, 0x37, 0x65, 0xab, 0x0d, 0xe9, 0x95, 0x3b, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, @@ -717,6 +816,350 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0_ah_sha256_1 = { + .len = 202, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x94, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x33, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* AH */ + 0x3a, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0xd9, 0x14, 0x87, 0x27, 0x20, 0x1a, 0xc2, 0x66, + 0xc1, 0xca, 0x99, 0x2b, 0x8a, 0xae, 0x2f, 0x27, + 0x00, 0x00, 0x00, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1 = { + .len = 218, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xcc, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0x18, 0xfb, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* AH */ + 0x29, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x7f, 0xde, 0x8a, 0x48, 0xc5, 0xc5, 0xfa, 0x52, + 0xb8, 0xf6, 0xc2, 0xe3, 0x8f, 0x10, 0xb2, 0x47, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1 = { + .len = 242, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xbc, 0x33, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* AH */ + 0x29, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x62, 0x96, 0x2b, 0x40, 0x3e, 0x53, 0x76, 0x4a, + 0x4d, 0x7f, 0xf6, 0x22, 0x35, 0x3c, 0x74, 0xe2, + 0x00, 0x00, 0x00, 0x00, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0_esp_null_sha256_1 = { + .len = 198, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x32, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x3a, + + /* ICV */ + 0x20, 0xa6, 0x89, 0x7b, 0x0a, 0x52, 0x5b, 0xca, + 0x98, 0x56, 0xd1, 0xfe, 0x56, 0xc7, 0xa4, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1 = { + .len = 218, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xcc, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0x18, 0xfc, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x29, + + /* ICV */ + 0xd0, 0x96, 0x6e, 0xda, 0xc5, 0x08, 0xcc, 0x0e, + 0xd1, 0x22, 0xa5, 0xed, 0x13, 0x07, 0xd9, 0xcd, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1 = { + .len = 238, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xb8, 0x32, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x29, + + /* ICV */ + 0xd0, 0x96, 0x6e, 0xda, 0xc5, 0x08, 0xcc, 0x0e, + 0xd1, 0x22, 0xa5, 0xed, 0x13, 0x07, 0xd9, 0xcd, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = { .len = 98, .l2_offset = 0, From patchwork Tue Dec 12 17:00:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121587 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4392346qgn; Tue, 12 Dec 2017 09:17:05 -0800 (PST) X-Google-Smtp-Source: ACJfBovtCpVwm2DldgteDXTzjS46efIxQssft+3TkWE6H3K45XxLhXq/kxs6dOPwFM/JkLDiIjtA X-Received: by 10.55.120.199 with SMTP id t190mr6474244qkc.63.1513099025054; Tue, 12 Dec 2017 09:17:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513099025; cv=none; d=google.com; s=arc-20160816; b=ySsp27t61nDFfe+UPnbb/46Yg/QBOdPGhClvY/VCWX/eXbfBnArJRu9wdKipJ73vLu UsipeT27sgUlbt+5IX4A9rziFidkS30jNl4R5rN2fjuvzwXec1c2GRmtnCmALDHFr2Eq 4atzNxO9m7dmTQi9qD/0xKANHVQxhxS8lO8FarkDXAHSZ5dc2DncmnYx3tcQj4eY5AHr RyWyy7kGBf8IFlbQSM0Rl3+InUtx5UhmhNEb0fymSZ4uWPkba3tBrzaUkiHAGFbRQbXG tm/tcE5V+1VakgZkHDzrMnpTunwmZrJjyEWVDSb3NJFZjZt6sUMuYK0EVDJwkGPeeoCO q5Rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=jiu1ZuPvLFtXe2qvF40bm3Bx958Khs4jSYOdhKNqg2Y=; b=zJSMhsuMPuzYtSvhsQc4wyERyHLPluENdR0wIVd5VjzJcwNIA4UGg83k71uWF2gf0B FrDgazNIw5UPVUqtl6dto/0zX5px/Aw16zqtriAaBR0KpRMS8wjacTVji1O5hFyCk+zW AQISZbDUVGz54/OLEIUsuJ4qfJcEEmMm2OgzmwVgfEQxO40c+4BKUFT6ytsIIPLhdbUa bqYKBPgW6YavCMmxCr9mW3IWFTI8R1CJPtnxjH0epxeTRBXVeE/XOJ/HCNsN4FeoKAUB hV8KOYIGA9pKqt9prBWvR+nrSZ4EVePktJ8213B/fvvKuXFIiGdpIV1LSMJushbzCqs8 na4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id y26si14181852qtj.329.2017.12.12.09.17.04; Tue, 12 Dec 2017 09:17:05 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 82949608EE; Tue, 12 Dec 2017 17:17:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id E54BB608ED; Tue, 12 Dec 2017 17:02:51 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 58E3660958; Tue, 12 Dec 2017 17:02:47 +0000 (UTC) Received: from forward104o.mail.yandex.net (forward104o.mail.yandex.net [37.140.190.179]) by lists.linaro.org (Postfix) with ESMTPS id 64DCA6084F for ; Tue, 12 Dec 2017 17:01:02 +0000 (UTC) Received: from mxback1g.mail.yandex.net (mxback1g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:162]) by forward104o.mail.yandex.net (Yandex) with ESMTP id B02C9702A8A for ; Tue, 12 Dec 2017 20:01:00 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback1g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id Wre5TI77iW-10MSNfu5; Tue, 12 Dec 2017 20:01:00 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-1090Gt0U; Tue, 12 Dec 2017 20:01:00 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:39 +0300 Message-Id: <1513098047-19804-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 8/16] linux-gen: ipsec: simplify seq no handling X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov There is no point in filling artificial AAD struct for AH just for the sake of sequence number checking. Instead use AAD just for ESP and provide separate seq_no field. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ platform/linux-generic/odp_ipsec.c | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 714844675..66342f1b0 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -233,6 +233,7 @@ typedef struct { struct { uint16_t hdr_len; uint16_t trl_len; + odp_u32be_t seq_no; } in; odp_u32be_t ipv4_addr; uint8_t ipv6_addr[_ODP_IPV6ADDR_LEN]; @@ -247,8 +248,10 @@ typedef struct { odp_u32be_t ver_tc_flow; uint8_t hop_limit; } ah_ipv6; + struct { + ipsec_aad_t aad; + } esp; }; - ipsec_aad_t aad; uint8_t iv[IPSEC_MAX_IV_LEN]; } ipsec_state_t; @@ -409,10 +412,11 @@ static int ipsec_in_esp(odp_packet_t *pkt, ipsec_sa->icv_len; param->override_iv_ptr = state->iv; - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; + state->esp.aad.spi = esp.spi; + state->esp.aad.seq_no = esp.seq_no; + state->in.seq_no = odp_be_to_cpu_32(esp.seq_no); - param->aad.ptr = (uint8_t *)&state->aad; + param->aad.ptr = (uint8_t *)&state->esp.aad; param->auth_range.offset = ipsec_offset; param->auth_range.length = state->ip_tot_len - @@ -515,10 +519,7 @@ static int ipsec_in_ah(odp_packet_t *pkt, ipv6hdr->hop_limit = 0; } - state->aad.spi = ah.spi; - state->aad.seq_no = ah.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; + state->in.seq_no = odp_be_to_cpu_32(ah.seq_no); param->auth_range.offset = state->ip_offset; param->auth_range.length = state->ip_tot_len; @@ -614,7 +615,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; if (_odp_ipsec_sa_replay_precheck(ipsec_sa, - odp_be_to_cpu_32(state.aad.seq_no), + state.in.seq_no, status) < 0) goto err; @@ -659,7 +660,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, - odp_be_to_cpu_32(state.aad.seq_no), + state.in.seq_no, status) < 0) goto err; @@ -993,10 +994,10 @@ static int ipsec_out_esp(odp_packet_t *pkt, esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; + state->esp.aad.spi = esp.spi; + state->esp.aad.seq_no = esp.seq_no; - param->aad.ptr = (uint8_t *)&state->aad; + param->aad.ptr = (uint8_t *)&state->esp.aad; memset(&esptrl, 0, sizeof(esptrl)); esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; @@ -1117,11 +1118,6 @@ static int ipsec_out_ah(odp_packet_t *pkt, ah.ah_len = hdr_len / 4 - 2; - state->aad.spi = ah.spi; - state->aad.seq_no = ah.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; - /* For GMAC */ if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; From patchwork Tue Dec 12 17:00:40 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121589 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4393875qgn; Tue, 12 Dec 2017 09:18:33 -0800 (PST) X-Google-Smtp-Source: ACJfBosKkbRNmexd+MZRobRzz4kRdgY6YJdgQeLoKI9RN9I5lG5My5daCcweurHlJc/8fpyWT0bA X-Received: by 10.200.56.137 with SMTP id f9mr6208775qtc.116.1513099113183; Tue, 12 Dec 2017 09:18:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513099113; cv=none; d=google.com; s=arc-20160816; b=ucnYF9As9B2rJ3AP4aUMsK7xkCgtsQYfy3HD7JLLoPXPfvNSBj5Aol2jpnmMfn1QVM ARB7GtNmbAsjrJ2GDbvy5E7dLTUpW5bqcmraLETMuUQKUq944TQcR9wR++1CZ5P/vH31 eoHPjpshQiHayhEPsgH3BXxbM4ijFesm5UuQ6nAHY5TFjIQzOtJvaDoxUgUXaWuFSPVz XYdH3AmvEfJUX2oGIlH5wPELWjBWULu/K8Jyfi8jL+QGQXQriVyN/MssTxlzCIcfqOke Vb0vGnM21rZviMzGd6rAbI7iHfs2GZE26LhB7rhh8vvEzWYfKQ69DuSV1LDnOBL37c+Y GQqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=2pjRzgQ+mN6s2/eg95B+5ycVO965mTaBkY6r4sTWPAs=; b=oVmgh4NhDnxuNEqM/j/W6qTxRoIy2MwBiOxOvt1Nww2t/zDqtWH46+nZbiIVaIKl7J W6w/EqHu38wkIapJjm6X+Byko2wd5IRI7Vw+WuRswxJBFYcmD0iJCnjVaal6ygKpo+z8 0EwlSAvPOGbKUo7WlrUzufLxvPBckzF0ZAXo+KrM9/mai9gayQaKCJhSB6Q+ves0AfVR OS+N9asEkvzzksHG63hon7kU/LC2S33XW2nmTGo3q8NAiDa+W1ObvX7PiomK1WyIpk3I ZBCIu3IB1wal2DXpNxvDBkpfFjQEBHX8/4w8WVEclfSdv+BjdskV4F8nK8G+K53sgN88 3AIg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id r63si1734843qkb.240.2017.12.12.09.18.32; Tue, 12 Dec 2017 09:18:33 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id DC44E608FF; Tue, 12 Dec 2017 17:18:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 8488260973; Tue, 12 Dec 2017 17:02:58 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3D714608A4; Tue, 12 Dec 2017 17:02:48 +0000 (UTC) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [77.88.28.109]) by lists.linaro.org (Postfix) with ESMTPS id 626B060841 for ; Tue, 12 Dec 2017 17:01:02 +0000 (UTC) Received: from mxback14g.mail.yandex.net (mxback14g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:93]) by forward106p.mail.yandex.net (Yandex) with ESMTP id 5B6E32D847E2 for ; Tue, 12 Dec 2017 20:01:01 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback14g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id cuhdMwdejE-110entTC; Tue, 12 Dec 2017 20:01:01 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-109uEjkW; Tue, 12 Dec 2017 20:01:00 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:40 +0300 Message-Id: <1513098047-19804-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 9/16] linux-gen: add support for UDP-encapsulated ESP packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ .../linux-generic/include/odp_ipsec_internal.h | 1 + platform/linux-generic/include/protocols/udp.h | 2 + platform/linux-generic/odp_ipsec.c | 53 +++++++++++++++++++++- platform/linux-generic/odp_ipsec_sad.c | 1 + 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index b294e7c4a..822c9016b 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -131,6 +131,7 @@ struct ipsec_sa_s { unsigned copy_df : 1; unsigned copy_flabel : 1; unsigned aes_ctr_iv : 1; + unsigned udp_encap : 1; /* Only for outbound */ unsigned use_counter_iv : 1; diff --git a/platform/linux-generic/include/protocols/udp.h b/platform/linux-generic/include/protocols/udp.h index 535aba855..85984c992 100644 --- a/platform/linux-generic/include/protocols/udp.h +++ b/platform/linux-generic/include/protocols/udp.h @@ -38,6 +38,8 @@ typedef struct ODP_PACKED { ODP_STATIC_ASSERT(sizeof(_odp_udphdr_t) == _ODP_UDPHDR_LEN, "_ODP_UDPHDR_T__SIZE_ERROR"); +#define _ODP_UDP_IPSEC_PORT 4500 + /** * @} */ diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 66342f1b0..f2130fc49 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -18,6 +18,7 @@ #include #include #include +#include #include @@ -378,9 +379,29 @@ static int ipsec_in_esp(odp_packet_t *pkt, _odp_esphdr_t esp; uint16_t ipsec_offset; ipsec_sa_t *ipsec_sa; + odp_bool_t udp_encap = false; ipsec_offset = state->ip_offset + state->ip_hdr_len; + if (_ODP_IPPROTO_UDP == state->ip_next_hdr) { + _odp_udphdr_t udp; + uint16_t ip_data_len = state->ip_tot_len - + state->ip_hdr_len; + + odp_packet_copy_to_mem(*pkt, ipsec_offset, + _ODP_UDPHDR_LEN, &udp); + + if (udp.dst_port != odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT) || + udp.length != odp_cpu_to_be_16(ip_data_len)) { + status->error.proto = 1; + return -1; + } + + ipsec_offset += _ODP_UDPHDR_LEN; + state->ip_hdr_len += _ODP_UDPHDR_LEN; + udp_encap = true; + } + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, sizeof(esp), &esp) < 0) { status->error.alg = 1; @@ -396,6 +417,11 @@ static int ipsec_in_esp(odp_packet_t *pkt, if (status->error.all) return -1; + if (!!ipsec_sa->udp_encap != udp_encap) { + status->error.proto = 1; + return -1; + } + if (ipsec_in_iv(*pkt, state, ipsec_sa, ipsec_offset + _ODP_ESPHDR_LEN) < 0) { status->error.alg = 1; @@ -446,6 +472,11 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; + if (udp_encap) { + state->ip_hdr_len -= _ODP_UDPHDR_LEN; + state->in.hdr_len += _ODP_UDPHDR_LEN; + } + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, 1, &esptrl.next_header); state->in.trl_len += esptrl.pad_len; @@ -603,7 +634,8 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, } /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == state.ip_next_hdr) { + if (_ODP_IPPROTO_ESP == state.ip_next_hdr || + _ODP_IPPROTO_UDP == state.ip_next_hdr) { rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else if (_ODP_IPPROTO_AH == state.ip_next_hdr) { rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); @@ -962,6 +994,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, { _odp_esphdr_t esp; _odp_esptrl_t esptrl; + _odp_udphdr_t udphdr; uint32_t encrypt_len; uint16_t ip_data_len = state->ip_tot_len - state->ip_hdr_len; @@ -983,6 +1016,16 @@ static int ipsec_out_esp(odp_packet_t *pkt, ip_data_len + ipsec_sa->icv_len; + if (ipsec_sa->udp_encap) { + hdr_len += _ODP_UDPHDR_LEN; + proto = _ODP_IPPROTO_UDP; + udphdr.src_port = odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT); + udphdr.dst_port = odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT); + udphdr.length = odp_cpu_to_be_16(ip_data_len + + hdr_len + trl_len); + udphdr.chksum = 0; /* should be 0 by RFC */ + } + if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; return -1; @@ -1030,6 +1073,14 @@ static int ipsec_out_esp(odp_packet_t *pkt, encrypt_len - _ODP_ESPTRL_LEN; + if (ipsec_sa->udp_encap) { + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_UDPHDR_LEN, + &udphdr); + ipsec_offset += _ODP_UDPHDR_LEN; + hdr_len -= _ODP_UDPHDR_LEN; + state->ip_hdr_len += _ODP_UDPHDR_LEN; + } + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 812ad0c46..82b3c4522 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -235,6 +235,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->copy_dscp = param->opt.copy_dscp; ipsec_sa->copy_df = param->opt.copy_df; ipsec_sa->copy_flabel = param->opt.copy_flabel; + ipsec_sa->udp_encap = param->opt.udp_encap; odp_atomic_store_u64(&ipsec_sa->bytes, 0); odp_atomic_store_u64(&ipsec_sa->packets, 0); From patchwork Tue Dec 12 17:00:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121588 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4393107qgn; Tue, 12 Dec 2017 09:17:46 -0800 (PST) X-Google-Smtp-Source: ACJfBou6ke3Uxxu4UAwU2i1P8yYve5cYGN/DBD3NHqxP7JZXK9RtZx8e6wZ1B/PtXPBKq4P3tsBx X-Received: by 10.37.65.151 with SMTP id o145mr3507591yba.481.1513099066292; Tue, 12 Dec 2017 09:17:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513099066; cv=none; d=google.com; s=arc-20160816; b=gbfOUJ5Jlp+m0fRFC70HnZSyVVjnRacoUtv9KMMuyO6nEqVxpPrXEJARTNiWi7x1k2 4iaz7vhcn8nBUFF43ara4ggP6c1fkcItKDYEx6Ebvc/mAeZIKsC6qpbH9XjzPB1+zCgD l9tIYD/kKRqkYTQb89OHf4q+MWDZ9TsqEBCv47qwk398wq76z5VNEx3jOy1OFutBDJRb +ewAFWlRJEJfeIAu/Vz1t6ZHx625cMiSUAjiacflP7fdfbRegSSonowV7Aqxkm9pArWf rCxQ42I9VEETXUYvgZLnMQ4SQvXgPO9ktQW3HO2hDkSU8Na79cgTg2iRdIQxxyrZABOq 5aSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=5KRh/T8D5nFaIhDaGeKtxI2pbnO+JgXfeQGR9dXn+XA=; b=im/pn9P7+N8ol0BydZlxrOb8oXRdn9IFpnrPNCzU6SXZ4YDWr9VsGguuq+agKHMMq9 AG1r8bKYoUbyiUakhRVGb3lSGF74HgpDuXfHvRi/uTTs2gr1PF6ET07H8nUPHZslAMpX d2MdBqn8WIlWQrX11dZzJwY6R9REXTWpB3h8/FUMRSzd655Klgq568u0M196ZtiokNjG S9PnVWDvJBChdIbnRGeXkJ0W3FkolHenOMTC1n15JuWniUH4ruO7zyb/WNoKy1DEe2Zk 5z03JrDOOVrRuLDNMo4e9jlUCYsIAaElCzFPFx7WvUtSPaooDU/hgIsUpMEPXKhTCbxt 9aWQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id p4si5225797qkc.331.2017.12.12.09.17.46; Tue, 12 Dec 2017 09:17:46 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 02FB360902; Tue, 12 Dec 2017 17:17:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 383C6608A4; Tue, 12 Dec 2017 17:02:54 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 134E4608ED; Tue, 12 Dec 2017 17:02:48 +0000 (UTC) Received: from forward105p.mail.yandex.net (forward105p.mail.yandex.net [77.88.28.108]) by lists.linaro.org (Postfix) with ESMTPS id B7B5C608A4 for ; Tue, 12 Dec 2017 17:01:03 +0000 (UTC) Received: from mxback1j.mail.yandex.net (mxback1j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10a]) by forward105p.mail.yandex.net (Yandex) with ESMTP id BAE22408450A for ; Tue, 12 Dec 2017 20:01:01 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback1j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 3CC5DrrtXM-11PaD51w; Tue, 12 Dec 2017 20:01:01 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-119iWwvo; Tue, 12 Dec 2017 20:01:01 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:41 +0300 Message-Id: <1513098047-19804-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 10/16] linux-gen: packet: add flag for UDP-encapsulated IPsec packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ platform/linux-generic/include/odp/api/plat/packet_types.h | 1 + platform/linux-generic/odp_ipsec.c | 2 +- platform/linux-generic/odp_packet.c | 11 +++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp/api/plat/packet_types.h b/platform/linux-generic/include/odp/api/plat/packet_types.h index 82fc66e53..128e83148 100644 --- a/platform/linux-generic/include/odp/api/plat/packet_types.h +++ b/platform/linux-generic/include/odp/api/plat/packet_types.h @@ -151,6 +151,7 @@ typedef union { uint64_t l3_chksum_done:1; /**< L3 checksum validation done */ uint64_t l4_chksum_done:1; /**< L4 checksum validation done */ + uint64_t ipsec_udp:1; /**< UDP-encapsulated IPsec packet */ }; } _odp_packet_input_flags_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index f2130fc49..43fbafd5d 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -472,7 +472,7 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; - if (udp_encap) { + if (_ODP_IPPROTO_UDP == state->ip_next_hdr) { state->ip_hdr_len -= _ODP_UDPHDR_LEN; state->in.hdr_len += _ODP_UDPHDR_LEN; } diff --git a/platform/linux-generic/odp_packet.c b/platform/linux-generic/odp_packet.c index bdcb482fa..167f8cbc6 100644 --- a/platform/linux-generic/odp_packet.c +++ b/platform/linux-generic/odp_packet.c @@ -2141,6 +2141,17 @@ static inline void parse_udp(packet_parser_t *prs, if (odp_unlikely(udplen < sizeof(_odp_udphdr_t))) prs->error_flags.udp_err = 1; + if (odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT) == udp->dst_port && + udplen > 4) { + uint32_t val; + + memcpy(&val, udp + 1, 4); + if (val != 0) { + prs->input_flags.ipsec = 1; + prs->input_flags.ipsec_udp = 1; + } + } + if (offset) *offset += sizeof(_odp_udphdr_t); *parseptr += sizeof(_odp_udphdr_t); From patchwork Tue Dec 12 17:00:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121592 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4398216qgn; Tue, 12 Dec 2017 09:22:32 -0800 (PST) X-Google-Smtp-Source: ACJfBouenzIGGqehqHrgujItjAY8ImJdlOJcm92vOIoq6I5U2lypo9oDXtG5cz/REFqfrKQaznUk X-Received: by 10.200.48.147 with SMTP id v19mr6192269qta.320.1513099352425; Tue, 12 Dec 2017 09:22:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513099352; cv=none; d=google.com; s=arc-20160816; b=gSuA0sdParVcYVtuV8JVOasyK15reQVBqAgVJvyHzsrdZUJ1S56j0ePxQwD66J8yI6 SRi+MjmvtlHqEIQ123b2qWiFeZc4Zh0wJUhKq2/MU1cz3VDahhIL5HJxT8ePlXpHkSJh gHaBFLVYvR0EvXyORXi26YQu+I0XJdynCd5q1GHxYdCNjAyeE5RLktn0RljTXpRXKHaI JMzE8qFiL8Jy7mKIzegFhJb2lspDoovUghuw6PayPh9R0TS8XpWOW2/cGoQOt5JXLp4B NWyBZ4r76cpRv0+dkI0NMcieS3TVaiJD6s7f+c0vJto9DDjxDUrqDEUw0AnQvrclTEVI uHug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=mzYc/kjRIQ34VYYm1WQhP3qXPj4Fd+AWQT8RPoEtGFI=; b=vSJM8NNpikeBAIamhCx8Mc0/1XMnrXOYeI5AGO0GdVydPxxkRdOTdScEdZUlmmFfOd 2y5if0wpDS9KJg03O5smjuQp6lmFkgMhboEXID6KcHU8cYC2I3cBWfZM9thYHTujRmUN e4ENs76EbaS4DfFpQX/mkHIizL5NCv+pEqL151eoSZehZUbkOzF5a756oSEyo/5dTQaA fma5RYMnnLcAb0i9/pB8NnF/hVzoSMt2aUl5N29ZKXJkelV7CJZ0w8Q/cRgBceZkctyY 2ywW0aMg3aMxk++p6kChBShmRDrWCtMQ5zrMqoxL70cBZ279nK/3U4Pj5l9ITi14ISUD nsyg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id k42si4967610qtf.429.2017.12.12.09.22.32; Tue, 12 Dec 2017 09:22:32 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 1D33860800; Tue, 12 Dec 2017 17:22:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 8230C608F6; Tue, 12 Dec 2017 17:03:27 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 2D29F6097E; Tue, 12 Dec 2017 17:03:09 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id 820B86071D for ; Tue, 12 Dec 2017 17:01:05 +0000 (UTC) Received: from mxback20j.mail.yandex.net (mxback20j.mail.yandex.net [IPv6:2a02:6b8:0:1619::114]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 5C7CE6A840B7 for ; Tue, 12 Dec 2017 20:01:02 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback20j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id rE4HxYJyE0-1274OIn6; Tue, 12 Dec 2017 20:01:02 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-119mURAm; Tue, 12 Dec 2017 20:01:01 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:42 +0300 Message-Id: <1513098047-19804-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 11/16] validation: add UDP-encapsulated IPsec test cases X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ test/validation/api/ipsec/ipsec_test_in.c | 134 +++++++++++++++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 66 ++++++++++++++ test/validation/api/ipsec/test_vectors.h | 99 +++++++++++++++++++++ 3 files changed, 299 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 15e1fe14f..6262f4cb5 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -376,6 +376,69 @@ static void test_in_ipv4_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv4_esp_udp_null_sha256_lookup(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; @@ -1317,6 +1380,69 @@ static void test_in_ipv6_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_in_ipv6_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_udp_null_sha256_lookup(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -1372,6 +1498,10 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_udp_null_sha256_lookup, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, @@ -1410,5 +1540,9 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_udp_null_sha256_lookup, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index f4e71dced..2ee8a1319 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -283,6 +283,37 @@ static void test_out_ipv4_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; @@ -695,6 +726,37 @@ static void test_out_ipv6_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_out_ipv6_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -716,6 +778,8 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, @@ -740,5 +804,7 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 211f349d0..a6b8616b6 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -517,6 +517,53 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_udp_null_sha256_1 = { + .len = 178, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x11, 0xab, 0xf3, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* UDP encap */ + 0x11, 0x94, 0x11, 0x94, 0x00, 0x90, 0x00, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0xe9, 0x81, 0xcd, 0x65, 0x9b, 0x25, 0x0b, 0x33, + 0xe2, 0xf3, 0x83, 0xf1, 0x6d, 0x14, 0xb4, 0x1f, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, @@ -1683,4 +1730,56 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = { }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_udp_null_sha256_1 = { + .len = 206, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x98, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x11, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* UDP encap */ + 0x11, 0x94, 0x11, 0x94, 0x00, 0x90, 0x00, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x3a, + + /* ICV */ + 0x20, 0xa6, 0x89, 0x7b, 0x0a, 0x52, 0x5b, 0xca, + 0x98, 0x56, 0xd1, 0xfe, 0x56, 0xc7, 0xa4, 0x5b, + }, +}; + #endif From patchwork Tue Dec 12 17:00:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121596 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4399513qgn; Tue, 12 Dec 2017 09:23:41 -0800 (PST) X-Google-Smtp-Source: ACJfBouU0Tz14BxOMJrnvbiNch1BbAxPbkTUSVmCWTHLDEooon+8nqxqsmXtdwt3u0w/YxDArlKr X-Received: by 10.55.138.68 with SMTP id m65mr6178273qkd.129.1513099421300; Tue, 12 Dec 2017 09:23:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513099421; cv=none; d=google.com; s=arc-20160816; b=Z1EHLRJET54b/9DRK+5vz6m6lVT2EBoHz6vl39s24wjNu6ktcOoyYSW6fE5CSPG5uB +YQYmEA8MrIgczAQx1yR2rUVEYQs6kbrKhMoUh8Feegcyl7p18kGvE8mG3g953hJ68mJ kPMAO87vfsRJH3UJKwLeTVnb7Wzi7V3xwD+uSklzpuaqUdmLJpiC8djceILuSqKXEKFa VPi3st1H59eUAMr/bw9q51XyZppKHrrGSnGdrhVWVGfL5oq8ku0xt800bt6SIM60LHZD NoQmdEpg+SaaY6CgmemHMhwFge7JuzcdxFLbdacA3BZ4dKhtMncsgIaUJEk5PbEtcbok lD8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Gb3rx4bDqjpm2NjbB8A/fwQGeBD4HTo4kNb43OQInqg=; b=xeWDeentJRj+s5A9m54GPqOU9mJnZaa959DjTk8Jb4+RV7brg7In4G4N/lz2b6OIGs Z03vLRwtYS310KRKVOS798ll4RvrQUzF349m6WopnFU2OqsU3yYU9NVVbC8gAqYupBNW RAamjA1QsjvtBgTQuEmQ4UC8dYPfuIs2jZ2Rp8n6xTLrJgLo4kVddxr47OX5m+snYFQG h+GcMA2iJinRy2v1tzMpTur/XejSsiD675pj3Vg0yVPkNLcLxRFob0xsjaLRRBT4G8Ni Llgasg2DfS74hcx+cu61aNUG/6eLn8qaxn9tf6dkiapprRoMl/cCmp8rCX7VlS4JYCGS fosw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id f30si1594180qtf.297.2017.12.12.09.23.41; Tue, 12 Dec 2017 09:23:41 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id E471660840; Tue, 12 Dec 2017 17:23:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id C5D1260981; Tue, 12 Dec 2017 17:03:33 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 2D7946097F; Tue, 12 Dec 2017 17:03:17 +0000 (UTC) Received: from forward100j.mail.yandex.net (forward100j.mail.yandex.net [5.45.198.240]) by lists.linaro.org (Postfix) with ESMTPS id 4B1FD608BC for ; Tue, 12 Dec 2017 17:01:06 +0000 (UTC) Received: from mxback2j.mail.yandex.net (mxback2j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10b]) by forward100j.mail.yandex.net (Yandex) with ESMTP id DA68F5D8394D for ; Tue, 12 Dec 2017 20:01:02 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback2j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id EjW1RDl6Se-12iK4bgA; Tue, 12 Dec 2017 20:01:02 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-129mxMkq; Tue, 12 Dec 2017 20:01:02 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:43 +0300 Message-Id: <1513098047-19804-13-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 12/16] linux-gen: ipsec: store mtu and frag_mode in SA X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ platform/linux-generic/include/odp_ipsec_internal.h | 2 ++ platform/linux-generic/odp_ipsec_sad.c | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 822c9016b..c6f241fac 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -156,6 +156,8 @@ struct ipsec_sa_s { struct { odp_atomic_u64_t counter; /* for CTR/GCM */ odp_atomic_u32_t seq; + odp_ipsec_frag_mode_t frag_mode; + uint32_t mtu; union { struct { diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 82b3c4522..2d6321166 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -230,6 +230,8 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); + ipsec_sa->out.frag_mode = param->outbound.frag_mode; + ipsec_sa->out.mtu = param->outbound.mtu; } ipsec_sa->dec_ttl = param->opt.dec_ttl; ipsec_sa->copy_dscp = param->opt.copy_dscp; @@ -489,10 +491,16 @@ uint64_t odp_ipsec_sa_to_u64(odp_ipsec_sa_t sa) int odp_ipsec_sa_mtu_update(odp_ipsec_sa_t sa, uint32_t mtu) { - (void)sa; - (void)mtu; + ipsec_sa_t *ipsec_sa; + + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); - return -1; + ipsec_sa->out.mtu = mtu; + + _odp_ipsec_sa_unuse(ipsec_sa); + + return 0; } ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) From patchwork Tue Dec 12 17:00:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121590 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4394795qgn; Tue, 12 Dec 2017 09:19:24 -0800 (PST) X-Google-Smtp-Source: ACJfBouMOWhxjs9gXvesSHJrbixOnipDpRbjPUnhGlMeE6XqADhd0rkNLmomGKGY91vEOT2QUqIz X-Received: by 10.55.16.162 with SMTP id 34mr6613776qkq.78.1513099164586; Tue, 12 Dec 2017 09:19:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513099164; cv=none; d=google.com; s=arc-20160816; b=Em9K/tPYJu6sOdf3tkFrMmeTfr0PbN176YKK7+e/9bfXqaiQzyoGYRZjkKPyV4SPZS dLjffjgD+Mm0KC0pxtoeFs6xyR+CQ+07roF98A+iW0gMwHvCac08mVXMiuhZck4+f6On 9GAVa0rV0xyFrQbPeIK03M5Z9znGeaaZ1ty7ZZZ9SDK4r7M4dpQVqC+IN+WPdG3KNAnp ciEYhQj5ExAIXceg0/OeBIPKFodzde3yWXkhCiAaN87UFuBA0QvkQuYbpDqKpL/EaKL3 Yc3NyltbalNuWU3r6G6q3mP/zRGa+U9E5sp5RZWzaeXij12CYElcCDvYJXQVD0D1WTuR k1dQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=MIuZb5cCQSr3bCEYI0xCB/vol5viLYKFFDjQIHwDmsI=; b=Q26xfGHSi1+MK5NKS3MWEd/HjGgXZUuvk8Zco+R7dkgJcidEbwOYXQZHoKMtHxzguz GCRxYJdDkrlfDAonJC4Et7fypQAWwM+/KyPbD0Fs97fmGW1w9vVBq2ZyFvyrJlQu9KTE VR4pYVsnopMtxT/GkFIAcGqzA7ZvipusNE6FGOLVnKwCOdwcWaIGVlyyk5HlQQGwNdrH +89zJeRCW9W+uYtLMDn9OKFuRgDZu2ylGyuGK2BEgvnkURwL6qVZZiJjT3xT5DXXRL82 t/TarDzdw+cY5hUVUoymL8PuM/dEe8q2uNSzdYjJxpfWkDz00O5aogcYydMTLANcpj5L YKhw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id y3si3333067qtd.478.2017.12.12.09.19.24; Tue, 12 Dec 2017 09:19:24 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2F87360950; Tue, 12 Dec 2017 17:19:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D16B56096D; Tue, 12 Dec 2017 17:03:06 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 7309F6096A; Tue, 12 Dec 2017 17:02:52 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id E991F608E8 for ; Tue, 12 Dec 2017 17:01:04 +0000 (UTC) Received: from mxback8o.mail.yandex.net (mxback8o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::22]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 5793D4442F59 for ; Tue, 12 Dec 2017 20:01:03 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback8o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id GvqwF9OUTf-13wmTkgL; Tue, 12 Dec 2017 20:01:03 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-129CMguO; Tue, 12 Dec 2017 20:01:02 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:44 +0300 Message-Id: <1513098047-19804-14-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 13/16] linux-gen: ipsec: support ODP_IPSEC_FRAG_CHECK X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Support checking MTU after IPsec transformation. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ platform/linux-generic/odp_ipsec.c | 39 ++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 43fbafd5d..6568924a3 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -990,7 +990,8 @@ static int ipsec_out_esp(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, odp_crypto_packet_op_param_t *param, - odp_ipsec_op_status_t *status) + odp_ipsec_op_status_t *status, + uint32_t mtu) { _odp_esphdr_t esp; _odp_esptrl_t esptrl; @@ -1026,6 +1027,11 @@ static int ipsec_out_esp(odp_packet_t *pkt, udphdr.chksum = 0; /* should be 0 by RFC */ } + if (state->ip_tot_len + hdr_len + trl_len > mtu) { + status->error.mtu = 1; + return -1; + } + if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; return -1; @@ -1124,7 +1130,8 @@ static int ipsec_out_ah(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, odp_crypto_packet_op_param_t *param, - odp_ipsec_op_status_t *status) + odp_ipsec_op_status_t *status, + uint32_t mtu) { _odp_ahhdr_t ah; unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + @@ -1132,6 +1139,11 @@ static int ipsec_out_ah(odp_packet_t *pkt, uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; uint8_t proto = _ODP_IPPROTO_AH; + if (state->ip_tot_len + hdr_len > mtu) { + status->error.mtu = 1; + return -1; + } + memset(&ah, 0, sizeof(ah)); ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); @@ -1228,7 +1240,7 @@ static void ipsec_out_ah_post(ipsec_state_t *state, odp_packet_t pkt) static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, odp_ipsec_sa_t sa, odp_packet_t *pkt_out, - const odp_ipsec_out_opt_t *opt ODP_UNUSED, + const odp_ipsec_out_opt_t *opt, odp_ipsec_op_status_t *status) { ipsec_state_t state; @@ -1237,6 +1249,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, int rc; odp_crypto_packet_result_t crypto; /**< Crypto operation result */ odp_packet_hdr_t *pkt_hdr; + uint32_t mtu; state.ip_offset = odp_packet_l3_offset(pkt); ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); @@ -1247,6 +1260,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_use(sa); ODP_ASSERT(NULL != ipsec_sa); + if ((opt && opt->mode == ODP_IPSEC_FRAG_CHECK) || + (!opt && ipsec_sa->out.frag_mode == ODP_IPSEC_FRAG_CHECK)) + mtu = ipsec_sa->out.mtu; + else + mtu = UINT32_MAX; + /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); @@ -1281,9 +1300,9 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, } if (ODP_IPSEC_ESP == ipsec_sa->proto) { - rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status); + rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status, mtu); } else if (ODP_IPSEC_AH == ipsec_sa->proto) { - rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status); + rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status, mtu); } else { status->error.alg = 1; goto err; @@ -1401,10 +1420,6 @@ int odp_ipsec_in(const odp_packet_t pkt_in[], int num_in, return in_pkt; } -static const odp_ipsec_out_opt_t default_opt = { - .mode = ODP_IPSEC_FRAG_DISABLED, -}; - int odp_ipsec_out(const odp_packet_t pkt_in[], int num_in, odp_packet_t pkt_out[], int *num_out, const odp_ipsec_out_param_t *param) @@ -1433,7 +1448,7 @@ int odp_ipsec_out(const odp_packet_t pkt_in[], int num_in, ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; @@ -1540,7 +1555,7 @@ int odp_ipsec_out_enq(const odp_packet_t pkt_in[], int num_in, ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; @@ -1635,7 +1650,7 @@ int odp_ipsec_out_inline(const odp_packet_t pkt_in[], int num_in, } if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; From patchwork Tue Dec 12 17:00:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121603 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4400205qgn; Tue, 12 Dec 2017 09:24:18 -0800 (PST) X-Google-Smtp-Source: ACJfBouIe0tfFTDXkbsHIRlFyzWQWQCZOeBRJ/AS1oTdbVevJ3BpVCFyXMrsGQiOwLvaU6cGr5qb X-Received: by 10.200.25.207 with SMTP id s15mr6478360qtk.94.1513099458524; Tue, 12 Dec 2017 09:24:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513099458; cv=none; d=google.com; s=arc-20160816; b=yjoGErG0p8ozUa7b1udoElW/Kk9YoLa6Czpbbhgg5n5UGbPDWGVW+aorGG+zCmB2Jo zYXJmn02ASj87sV6YNx/UddFTSaK5n1uO05eI0EwuFc5iCP++3bJDhjPQDX9M44qjbhy qQ8tbCEaW4IaAVAKONfY6PicEab18aAbVc8NFJbdloGg1JwitoKZSY8Z+s0VgaQJCA9v Cok09MeecS2Y30tJYfzRbx6V8edzcBjRRWJ79g8dSRdOaAqAMiNmXbyY43RupffMFJfP dfAYT0V1mHCtbWy75rEeuDrkxdF6WpvVZItr2CXword8zWpHN1xzlw63f1VHqJBjF5/t sifA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=u6EMfavceIOrAW1do5qX23NazJ7/iTGyXZsD/kn/SD0=; b=HoNdwmM52htkTq9ZGhI1A9QZGQcy1PKf/e1yIkHltwBl2093Lj+K4JtImRROemYn0W po3w7oRzT0LA+aAy2eWsURy1k35ICAS889vnkIzjrw3pDZo0+ms6YHF73AA6E9eKQRQs kn1fxuhiMKnCvFinskcar1kAIImtQR9mBtYsWZUaVnijpgLS/c8/UE2ey7kRS/ax2+vW bc+OGJHOSSzhUBmExobTlG4K86wkqACBPLpO9/iCkqpKAHC49ogeSKeXpntmcfk2+gxR mP9Gwm8VtkiUJW39tlFgxyWp814p4f9Keb+yJOmPh7NmoJPCLO5/Ti7QvrnYAjCdp7st H6XQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id e185si12610794qkc.351.2017.12.12.09.24.18; Tue, 12 Dec 2017 09:24:18 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 15A796084F; Tue, 12 Dec 2017 17:24:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 09B9060993; Tue, 12 Dec 2017 17:03:37 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 16A226097F; Tue, 12 Dec 2017 17:03:19 +0000 (UTC) Received: from forward103j.mail.yandex.net (forward103j.mail.yandex.net [5.45.198.246]) by lists.linaro.org (Postfix) with ESMTPS id 2A33D608EE for ; Tue, 12 Dec 2017 17:01:11 +0000 (UTC) Received: from mxback5o.mail.yandex.net (mxback5o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1f]) by forward103j.mail.yandex.net (Yandex) with ESMTP id B7A2534C1A2C for ; Tue, 12 Dec 2017 20:01:09 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback5o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id PhdMbr4EO9-13FSqxps; Tue, 12 Dec 2017 20:01:03 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-139C8UBT; Tue, 12 Dec 2017 20:01:03 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:45 +0300 Message-Id: <1513098047-19804-15-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 14/16] validation: ipsec: fix out inline with NULL pkt_out X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov pkt_out can be NULL if we expect an error. IPsec outbound inline needs proper outer header to function. Pass L2 header from inbound packet if outbound packet is NULL. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ test/validation/api/ipsec/ipsec.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 7b39c2c5a..aa46a236e 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -583,10 +583,18 @@ static int ipsec_send_out_one(const ipsec_test_part *part, } else { struct odp_ipsec_out_inline_param_t inline_param; odp_queue_t queue; - uint32_t hdr_len = part->out[0].pkt_out->l3_offset; - uint8_t hdr[hdr_len]; + uint32_t hdr_len; + uint8_t hdr[32]; - memcpy(hdr, part->out[0].pkt_out->data, hdr_len); + if (NULL != part->out[0].pkt_out) { + hdr_len = part->out[0].pkt_out->l3_offset; + CU_ASSERT_FATAL(hdr_len <= sizeof(hdr)); + memcpy(hdr, part->out[0].pkt_out->data, hdr_len); + } else { + hdr_len = part->pkt_in->l3_offset; + CU_ASSERT_FATAL(hdr_len <= sizeof(hdr)); + memcpy(hdr, part->pkt_in->data, hdr_len); + } inline_param.pktio = suite_context.pktio; inline_param.outer_hdr.ptr = hdr; inline_param.outer_hdr.len = hdr_len; From patchwork Tue Dec 12 17:00:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121605 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4401299qgn; Tue, 12 Dec 2017 09:25:06 -0800 (PST) X-Google-Smtp-Source: ACJfBotXWWHd5NhRlKpSLi5SHv6tXJ+iK94qvT6bXJ3kHrXdNbJquFemDRnqRtvSTXCk2T3VsL7h X-Received: by 10.55.146.65 with SMTP id u62mr6626675qkd.112.1513099506792; Tue, 12 Dec 2017 09:25:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513099506; cv=none; d=google.com; s=arc-20160816; b=H3m8tkjiaFpbNhYpJCKIj5uUTRDxLqGQqn+XpK6+pjT6PafYCbGY1U4BPd1HwesxD1 atYJ0W1hI1yKru5QEzAjpRMC9iXLiM/QgY1mMpaZcj1v4XqkhOsieBOb4ZcEg2vgur+C PnyoXlMg19+6sMJ/XsuTzuTDo+yd2FZ8aI+GeW3V1EeTdi6qm65equ2dk/WZskIqULOy rzf3AVG8RYfqT0KzTqWg1a7TJfDIP+Kiws/kB6oWeUsQ6I/yfEwnrBCK0HPVEb4BPA3H t7hPFld047M1KGlbsIsg1/4kuDYnmxkHzR49kVORIcZb8DvmbIOifi4l+nZDGiM6OJ69 7Ncg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Lu9diwUfTAM1glfsW/eCBhzenP0HvDHLOZRbU7qGiVc=; b=ugwDYEeG5UwPB8digho8E6LaBFyW1+Rueo3/S2IUuszNq9i2mf/GpQerea8yjgMFgq HKS+eFB8tc9IHR3NPKGbmnwALHGiFalpv7o45q54kQyzyxDfD0ZIvpL4tveWzyrKa3cn hT1jdNTsa2510fZBxxmZDd0tR+ge1SR2RVeAQ4iCHt6oScItDe8nByt5TIIkUbU6RLfS WQgksXpYccbEYCe0qVFyjNjekWY1J1rJszK61phN84J3n8S8gUceoUCXOBvinHSaeYVe B6VPAKtsOHQ0Ng0iF01wUFoToi63PzcuWTp8rwHzUeMHxHy1DLy+H6hUA9U5IO2za7w+ 2apQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id a34si6934876qta.238.2017.12.12.09.25.06; Tue, 12 Dec 2017 09:25:06 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 52E15608A4; Tue, 12 Dec 2017 17:25:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 1D123609BE; Tue, 12 Dec 2017 17:03:54 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E0247609A7; Tue, 12 Dec 2017 17:03:42 +0000 (UTC) Received: from forward100o.mail.yandex.net (forward100o.mail.yandex.net [37.140.190.180]) by lists.linaro.org (Postfix) with ESMTPS id 4114760732 for ; Tue, 12 Dec 2017 17:01:17 +0000 (UTC) Received: from mxback9j.mail.yandex.net (mxback9j.mail.yandex.net [IPv6:2a02:6b8:0:1619::112]) by forward100o.mail.yandex.net (Yandex) with ESMTP id 4FEE12A23024 for ; Tue, 12 Dec 2017 20:01:10 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback9j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id i15Yzg6R9y-1AMuSVx8; Tue, 12 Dec 2017 20:01:10 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-199WaoEA; Tue, 12 Dec 2017 20:01:09 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:46 +0300 Message-Id: <1513098047-19804-16-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 15/16] validation: ipsec: add ODP_IPSEC_FRAG_CHECK checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ test/validation/api/ipsec/ipsec.c | 4 +- test/validation/api/ipsec/ipsec.h | 2 + test/validation/api/ipsec/ipsec_test_out.c | 194 +++++++++++++++++++++++++++++ 3 files changed, 198 insertions(+), 2 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index aa46a236e..097216730 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -556,8 +556,8 @@ static int ipsec_send_out_one(const ipsec_test_part *part, memset(¶m, 0, sizeof(param)); param.num_sa = 1; param.sa = &sa; - param.num_opt = 0; - param.opt = NULL; + param.num_opt = part->num_opt; + param.opt = &part->opt; if (ODP_IPSEC_OP_MODE_SYNC == suite_context.outbound_op_mode) { CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&pkt, 1, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index 9a24dd38c..f2ebd388c 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -45,6 +45,8 @@ typedef struct { typedef struct { const ipsec_test_packet *pkt_in; odp_bool_t lookup; + int num_opt; + odp_ipsec_out_opt_t opt; int out_pkt; struct { odp_ipsec_op_status_t status; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 2ee8a1319..4751e6ec8 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -500,6 +500,192 @@ static void test_out_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_ah_sha256_frag_check(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .num_opt = 1, + .opt = { .mode = ODP_IPSEC_FRAG_DISABLED, }, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_ah_sha256_frag_check_2(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + odp_ipsec_sa_mtu_update(sa, 256); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_esp_null_sha256_frag_check(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .num_opt = 1, + .opt = { .mode = ODP_IPSEC_FRAG_DISABLED, }, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_esp_null_sha256_frag_check_2(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + odp_ipsec_sa_mtu_update(sa, 256); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv6_ah_sha256(void) { odp_ipsec_sa_param_t param; @@ -792,6 +978,14 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check_2, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_frag_check, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_frag_check_2, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv4, From patchwork Tue Dec 12 17:00:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 121604 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4400965qgn; Tue, 12 Dec 2017 09:24:54 -0800 (PST) X-Google-Smtp-Source: ACJfBovPuNIdN2lgdGwgXFHcmR02Lf8P0tqbWZ/1Sv5aSOOm2q5c4HZna6o74taxbxba0u4XUPxv X-Received: by 10.55.33.13 with SMTP id h13mr6495052qkh.176.1513099494128; Tue, 12 Dec 2017 09:24:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513099494; cv=none; d=google.com; s=arc-20160816; b=Po0MXjcv92OB5U6CI6HWpP/CawOcRS25y/w99cJNMJK9uMOWWknOtEK3hagMZMmPZ9 TugH6Bmaoqy0rH/dBw0SBWRHiDE6j6rjwyfl7W9TRbmDG5T+y/VS1UfsETgYFajA79W9 5AxrXh2H8RJ//3G09NqkFr553z1DlpBuAQUK0MNO3Vsd1jbsk5oglnMHFoEk9dnb58cN YTYPcMX7ilUm/JCHzsf9WJaYdAyZmS0+pc0g5KnOjG2PcGRicZZ6mJmdAl7nsh9ot3ln 7j4rjKRGZq09QFtjzRxgmuwvZWhKDjeFiCiUF1iAkwxfD8KEz5pbbPywM17RAUknnzg2 mwYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Rd9OxvpmhOXN4z9liReQsv0Xa1LPM/Z5LMVMUnMVKlw=; b=RYzZG/yedJYraj0CGZH69cdI1e8iqfafQo0xGT79mLNbrzKVKhAOPlEiGucvgo6Xea fgNsg7cmBk/k6qt532Md2BKNE2cKUT32RDUgam6hw49Fj1U+VLodQ84loSrAqBe5+U7o maVyqXE7jGkLfoPAzDNHQ0xIShVnfeTAnX73zggYoUvsZIw1H45NXMlMx6Y75ymkFBBT cmiDivh7q5e+fXhKp5KVX3XqmL0U8vuAYWbg5KnZhJ+uGPaOJpEBTutRYgjyLrFjc5oN PsX6YmfrwhNDw9b5ihGmWR+bWA+jsg/IGFdvyKkCGylucBazU0/V4oe/nwaL/hrTUGCl I8IA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id z188si11698645qka.0.2017.12.12.09.24.53; Tue, 12 Dec 2017 09:24:54 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id CF805608ED; Tue, 12 Dec 2017 17:24:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 6DDAE609A2; Tue, 12 Dec 2017 17:03:48 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 8DCE960988; Tue, 12 Dec 2017 17:03:30 +0000 (UTC) Received: from forward106o.mail.yandex.net (forward106o.mail.yandex.net [37.140.190.187]) by lists.linaro.org (Postfix) with ESMTPS id B8554608FD for ; Tue, 12 Dec 2017 17:01:13 +0000 (UTC) Received: from mxback15g.mail.yandex.net (mxback15g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:94]) by forward106o.mail.yandex.net (Yandex) with ESMTP id 47CDA784490 for ; Tue, 12 Dec 2017 20:01:11 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback15g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 1AJyfWAymr-1BSqHtJI; Tue, 12 Dec 2017 20:01:11 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id O5YE7TQVzQ-1A9uQOfW; Tue, 12 Dec 2017 20:01:10 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 12 Dec 2017 20:00:47 +0300 Message-Id: <1513098047-19804-17-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> References: <1513098047-19804-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v13 16/16] linux-gen: ipsec: pass checksum flags to packet parsing code X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Pass checksum and protocol parsing flags to packet parsing code. Checksum checks are not yet implemented by odp_packet_parse, it will be done later. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 65d690fbcf03c6a4d5eb3f01bde36807833feaaa ** Merge commit sha: a17bf2b46352969fad4fbaf801dc8b5da0de7a78 **/ platform/linux-generic/odp_ipsec.c | 35 +++++++++-------------------------- 1 file changed, 9 insertions(+), 26 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6568924a3..48ae77512 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -198,24 +198,6 @@ static const uint8_t ipsec_padding[255] = { 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, }; -static inline odp_pktio_parser_layer_t parse_layer(odp_ipsec_proto_layer_t l) -{ - switch (l) { - case ODP_IPSEC_LAYER_NONE: - return ODP_PKTIO_PARSER_LAYER_NONE; - case ODP_IPSEC_LAYER_L2: - return ODP_PKTIO_PARSER_LAYER_L2; - case ODP_IPSEC_LAYER_L3: - return ODP_PKTIO_PARSER_LAYER_L3; - case ODP_IPSEC_LAYER_L4: - return ODP_PKTIO_PARSER_LAYER_L4; - case ODP_IPSEC_LAYER_ALL: - return ODP_PKTIO_PARSER_LAYER_ALL; - } - - return ODP_PKTIO_PARSER_LAYER_NONE; -} - typedef struct { void *ip; unsigned stats_length; @@ -605,6 +587,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, odp_crypto_packet_op_param_t param; int rc; odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_parse_param_t parse_param; odp_packet_hdr_t *pkt_hdr; state.ip_offset = odp_packet_l3_offset(pkt); @@ -770,15 +753,15 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; } - pkt_hdr = odp_packet_hdr(pkt); - - packet_parse_reset(pkt_hdr); + parse_param.proto = state.is_ipv4 ? + ODP_PROTO_IPV4 : + ODP_PROTO_IPV6; + parse_param.layer = (odp_proto_layer_t)ipsec_config.inbound.parse; + parse_param.chksums = ipsec_config.inbound.chksums; - packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - state.ip_offset, - state.is_ipv4 ? - _ODP_ETHTYPE_IPV4 : - _ODP_ETHTYPE_IPV6); + /* We do not care about return code here. + * Parsing error should not result in IPsec error. */ + odp_packet_parse(pkt, state.ip_offset, &parse_param); *pkt_out = pkt;