Message ID | 1500908444-7531-6-git-send-email-odpbot@yandex.ru |
---|---|
State | New |
Headers | show |
Series | [API-NEXT,v5,1/9] linux-gen: pktio: loop: support IPsec outbound inline | expand |
2017-07-24 23:00 GMT+08:00 Github ODP bot <odpbot@yandex.ru>: > From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> > > Add several basic tests for IPsec API. > > Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> > --- > /** Email created from pull request 81 (lumag:ipsec-packet-impl-2) > ** https://github.com/Linaro/odp/pull/81 > ** Patch: https://github.com/Linaro/odp/pull/81.patch > ** Base sha: db7cc41aeb559dd296f3a6d8570aa10326a31d5e > ** Merge commit sha: ba0b39db1fc90b24a3db1e85e00c2c485b235a47 > **/ > test/common_plat/validation/api/ipsec/Makefile.am | 11 +- > test/common_plat/validation/api/ipsec/ipsec.c | 876 > ++++++++++++++++++++- > test/common_plat/validation/api/ipsec/ipsec.h | 68 +- > .../validation/api/ipsec/ipsec_test_in.c | 831 > +++++++++++++++++++ > .../validation/api/ipsec/ipsec_test_out.c | 347 ++++++++ > .../validation/api/ipsec/test_vectors.h | 728 > +++++++++++++++++ > 6 files changed, 2850 insertions(+), 11 deletions(-) > create mode 100644 test/common_plat/validation/api/ipsec/ipsec_test_in.c > create mode 100644 test/common_plat/validation/api/ipsec/ipsec_test_out.c > create mode 100644 test/common_plat/validation/api/ipsec/test_vectors.h > > diff --git a/test/common_plat/validation/api/ipsec/Makefile.am > b/test/common_plat/validation/api/ipsec/Makefile.am > index 106b8dce..9dba31fd 100644 > --- a/test/common_plat/validation/api/ipsec/Makefile.am > +++ b/test/common_plat/validation/api/ipsec/Makefile.am > @@ -1,10 +1,15 @@ > include ../Makefile.inc > > +AM_CPPFLAGS += -Wno-error=missing-field-initializers > + > noinst_LTLIBRARIES = libtestipsec.la > -libtestipsec_la_SOURCES = ipsec.c > +libtestipsec_la_SOURCES = \ > + test_vectors.h \ > + ipsec_test_in.c \ > + ipsec_test_out.c \ > + ipsec.h \ > + ipsec.c > > test_PROGRAMS = ipsec_main$(EXEEXT) > dist_ipsec_main_SOURCES = ipsec_main.c > ipsec_main_LDADD = libtestipsec.la $(LIBCUNIT_COMMON) $(LIBODP) > - > -EXTRA_DIST = ipsec.h > diff --git a/test/common_plat/validation/api/ipsec/ipsec.c > b/test/common_plat/validation/api/ipsec/ipsec.c > index 78348032..910901d6 100644 > --- a/test/common_plat/validation/api/ipsec/ipsec.c > +++ b/test/common_plat/validation/api/ipsec/ipsec.c > @@ -10,6 +10,629 @@ > > #include "ipsec.h" > > +#include "test_vectors.h" > + > +struct suite_context_s suite_context; > + > +#define PKT_POOL_NUM 64 > +#define PKT_POOL_LEN (1 * 1024) > + > +static > +odp_pktio_t pktio_create(odp_queue_type_t q_type, odp_pool_t pool) > +{ > + odp_pktio_t pktio; > + odp_pktio_param_t pktio_param; > + odp_pktin_queue_param_t pktin_param; > + odp_pktio_capability_t capa; > + > + int ret; > + > + if (pool == ODP_POOL_INVALID) > + return ODP_PKTIO_INVALID; > + > + odp_pktio_param_init(&pktio_param); > + if (q_type == ODP_QUEUE_TYPE_PLAIN) > + pktio_param.in_mode = ODP_PKTIN_MODE_QUEUE; > + else > + pktio_param.in_mode = ODP_PKTIN_MODE_SCHED; > + > + pktio = odp_pktio_open("loop", pool, &pktio_param); > + if (pktio == ODP_PKTIO_INVALID) { > + ret = odp_pool_destroy(pool); > + if (ret) > + fprintf(stderr, "unable to destroy pool.\n"); > + return ODP_PKTIO_INVALID; > + } > + > + if (odp_pktio_capability(pktio, &capa)) { > + fprintf(stderr, "pktio capabilities failed.\n"); > + return ODP_PKTIO_INVALID; > + } > + > + odp_pktin_queue_param_init(&pktin_param); > + pktin_param.queue_param.sched.sync = ODP_SCHED_SYNC_ATOMIC; > + > + if (odp_pktin_queue_config(pktio, &pktin_param)) { > + fprintf(stderr, "pktin queue config failed.\n"); > + return ODP_PKTIO_INVALID; > + } > + > + if (odp_pktout_queue_config(pktio, NULL)) { > + fprintf(stderr, "pktout queue config failed.\n"); > + return ODP_PKTIO_INVALID; > + } > + > + return pktio; > +} > + > +static > +int pktio_start(odp_bool_t in, odp_bool_t out) > +{ > + odp_pktio_t pktio; > + odp_pktio_capability_t capa; > + odp_pktio_config_t config; > + > + pktio = odp_pktio_lookup("loop"); > + if (ODP_PKTIO_INVALID == pktio) > + return -1; > + if (odp_pktio_capability(pktio, &capa)) > + return -1; > + /* If inline is not supported, return here. Tests will be marked as > + * inactive when testing for IPsec capabilities. */ > + if (in && !capa.config.inbound_ipsec) > + return 0; > + if (out && !capa.config.outbound_ipsec) > + return 0; > + > + odp_pktio_config_init(&config); > + config.parser.layer = ODP_PKTIO_PARSER_LAYER_ALL; > + config.inbound_ipsec = in; > + config.outbound_ipsec = out; > + > + if (odp_pktio_config(pktio, &config)) > + return -1; > + if (odp_pktio_start(pktio)) > + return -1; > + > + suite_context.pktio = pktio; > + > + return 1; > +} > + > +static > +void pktio_stop(odp_pktio_t pktio) > +{ > + if (odp_pktio_stop(pktio)) > + fprintf(stderr, "IPsec pktio stop failed.\n"); > + > + while (1) { > + odp_event_t ev = odp_schedule(NULL, ODP_SCHED_NO_WAIT); > + > + if (ev != ODP_EVENT_INVALID) > + odp_event_free(ev); > + else > + break; > + } > +} > + > +int ipsec_check(odp_bool_t ah, > + odp_cipher_alg_t cipher, > + odp_auth_alg_t auth) > +{ > + odp_ipsec_capability_t capa; > + odp_crypto_cipher_capability_t cipher_capa; > + odp_crypto_auth_capability_t auth_capa; > + > + if (odp_ipsec_capability(&capa) < 0) > + return ODP_TEST_INACTIVE; > + > + if ((ODP_IPSEC_OP_MODE_SYNC == suite_context.inbound_op_mode && > + ODP_SUPPORT_NO == capa.op_mode_sync) || > + (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode && > + ODP_SUPPORT_NO == capa.op_mode_sync) || > + (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && > + ODP_SUPPORT_NO == capa.op_mode_async) || > + (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode && > + ODP_SUPPORT_NO == capa.op_mode_async) || > + (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && > + ODP_SUPPORT_NO == capa.op_mode_inline_in) || > + (ODP_IPSEC_OP_MODE_INLINE == suite_context.outbound_op_mode && > + ODP_SUPPORT_NO == capa.op_mode_inline_out)) > + return ODP_TEST_INACTIVE; > + > + if (ah && (ODP_SUPPORT_NO == capa.proto_ah)) > + return ODP_TEST_INACTIVE; > + > + /* Cipher algorithms */ > + switch (cipher) { > + case ODP_CIPHER_ALG_NULL: > + if (!capa.ciphers.bit.null) > + return ODP_TEST_INACTIVE; > + break; > + case ODP_CIPHER_ALG_DES: > + if (!capa.ciphers.bit.des) > + return ODP_TEST_INACTIVE; > + break; > + case ODP_CIPHER_ALG_3DES_CBC: > + if (!capa.ciphers.bit.trides_cbc) > + return ODP_TEST_INACTIVE; > + break; > + case ODP_CIPHER_ALG_AES_CBC: > + if (!capa.ciphers.bit.aes_cbc) > + return ODP_TEST_INACTIVE; > + break; > + case ODP_CIPHER_ALG_AES_GCM: > + if (!capa.ciphers.bit.aes_gcm) > + return ODP_TEST_INACTIVE; > + break; > + default: > + fprintf(stderr, "Unsupported cipher algorithm\n"); > + return ODP_TEST_INACTIVE; > + } > + > + /* Authentication algorithms */ > + switch (auth) { > + case ODP_AUTH_ALG_NULL: > + if (!capa.auths.bit.null) > + return ODP_TEST_INACTIVE; > + break; > + case ODP_AUTH_ALG_MD5_HMAC: > + if (!capa.auths.bit.md5_hmac) > + return ODP_TEST_INACTIVE; > + break; > + case ODP_AUTH_ALG_SHA1_HMAC: > + if (!capa.auths.bit.sha1_hmac) > + return ODP_TEST_INACTIVE; > + break; > + case ODP_AUTH_ALG_SHA256_HMAC: > + if (!capa.auths.bit.sha256_hmac) > + return ODP_TEST_INACTIVE; > + break; > + case ODP_AUTH_ALG_SHA512_HMAC: > + if (!capa.auths.bit.sha512_hmac) > + return ODP_TEST_INACTIVE; > + break; > + case ODP_AUTH_ALG_AES_GCM: > + if (!capa.auths.bit.aes_gcm) > + return ODP_TEST_INACTIVE; > + break; > + default: > + fprintf(stderr, "Unsupported authentication algorithm\n"); > + return ODP_TEST_INACTIVE; > + } > + > + if (odp_ipsec_cipher_capability(cipher, &cipher_capa, 1) <= 0) { > + fprintf(stderr, "Wrong cipher capabilities\n"); > + return ODP_TEST_INACTIVE; > + } > + > + if (odp_ipsec_auth_capability(auth, &auth_capa, 1) <= 0) { > + fprintf(stderr, "Wrong auth capabilities\n"); > + return ODP_TEST_INACTIVE; > + } > + > + return ODP_TEST_ACTIVE; > +} > + > +int ipsec_check_ah_sha256(void) > +{ > + return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC); > +} > + > +int ipsec_check_esp_null_sha256(void) > +{ > + return ipsec_check_esp(ODP_CIPHER_ALG_NULL, > + ODP_AUTH_ALG_SHA256_HMAC); > +} > + > +int ipsec_check_esp_aes_cbc_null(void) > +{ > + return ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, > + ODP_AUTH_ALG_NULL); > +} > + > +int ipsec_check_esp_aes_cbc_sha256(void) > +{ > + return ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, > + ODP_AUTH_ALG_SHA256_HMAC); > +} > + > +void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, > + odp_bool_t in, > + odp_bool_t ah, > + uint32_t spi, > + odp_ipsec_tunnel_param_t *tun, > + odp_cipher_alg_t cipher_alg, > + const odp_crypto_key_t *cipher_key, > + odp_auth_alg_t auth_alg, > + const odp_crypto_key_t *auth_key) > +{ > + odp_ipsec_sa_param_init(param); > + param->dir = in ? ODP_IPSEC_DIR_INBOUND : > + ODP_IPSEC_DIR_OUTBOUND; > + if (in) > + param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI; > + > + param->proto = ah ? ODP_IPSEC_AH : > + ODP_IPSEC_ESP; > + > + if (tun) { > + param->mode = ODP_IPSEC_MODE_TUNNEL; > + if (!in) > + param->outbound.tunnel = *tun; > + } else { > + param->mode = ODP_IPSEC_MODE_TRANSPORT; > + } > + > + param->spi = spi; > + > + param->dest_queue = suite_context.queue; > + > + if (cipher_key) { > + param->crypto.cipher_alg = cipher_alg; > + param->crypto.cipher_key = *cipher_key; > + } > + > + if (auth_key) { > + param->crypto.auth_alg = auth_alg; > + param->crypto.auth_key = *auth_key; > + } > +} > + > +void ipsec_sa_destroy(odp_ipsec_sa_t sa) > +{ > + odp_event_t event; > + odp_ipsec_status_t status; > + > + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa)); > + > + if (ODP_QUEUE_INVALID != suite_context.queue) { > + do { > + event = odp_queue_deq(suite_context.queue); > For SCHED queue type,direct call odp_queue_deq() is not allowed. > + } while (event == ODP_EVENT_INVALID); > + > + CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_STATUS, > odp_event_type(event)); > + > + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_status(&status, > event)); > + > + CU_ASSERT_EQUAL(ODP_IPSEC_STATUS_SA_DISABLE, status.id); > + CU_ASSERT_EQUAL(sa, status.sa); > + CU_ASSERT_EQUAL(0, status.result); > + CU_ASSERT_EQUAL(0, status.warn.all); > + > + odp_event_free(event); > + } > + > + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa)); > +} > + > +#define PACKET_USER_PTR ((void *)0x1212fefe) > + > +odp_packet_t ipsec_packet(const ipsec_test_packet *itp) > +{ > + odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len); > + > + CU_ASSERT_NOT_EQUAL(ODP_PACKET_INVALID, pkt); > + if (ODP_PACKET_INVALID == pkt) > + return pkt; > + > + CU_ASSERT_EQUAL(0, odp_packet_copy_from_mem(pkt, 0, itp->len, > + itp->data)); > + if (itp->l2_offset != ODP_PACKET_OFFSET_INVALID) > + CU_ASSERT_EQUAL(0, odp_packet_l2_offset_set(pkt, > + > itp->l2_offset)); > + if (itp->l3_offset != ODP_PACKET_OFFSET_INVALID) > + CU_ASSERT_EQUAL(0, odp_packet_l3_offset_set(pkt, > + > itp->l3_offset)); > + if (itp->l4_offset != ODP_PACKET_OFFSET_INVALID) > + CU_ASSERT_EQUAL(0, odp_packet_l4_offset_set(pkt, > + > itp->l4_offset)); > + > + odp_packet_user_ptr_set(pkt, PACKET_USER_PTR); > + > + return pkt; > +} > + > +/* > + * Compare packages ignoring everything before L3 header > + */ > +odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t > pkt) > +{ > + uint32_t len = (ODP_PACKET_INVALID == pkt) ? 1 : > odp_packet_len(pkt); > + uint32_t l3, l4; > + uint8_t data[len]; > + > + if (!itp) > + return true; > + > + if (ODP_PACKET_INVALID == pkt) > + return false; > + > + CU_ASSERT_EQUAL(PACKET_USER_PTR, odp_packet_user_ptr(pkt)); > + > + l3 = odp_packet_l3_offset(pkt); > + l4 = odp_packet_l4_offset(pkt); > + odp_packet_copy_to_mem(pkt, 0, len, data); > + > + if (len - l3 != itp->len - itp->l3_offset) > + return false; > + > + if (l4 - l3 != itp->l4_offset - itp->l3_offset) > + return false; > + > + return memcmp(data + l3, > + itp->data + itp->l3_offset, > + len - l3) ? false : true; > +} > + > +static > +int ipsec_send_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, > + odp_packet_t *pkto) > +{ > + odp_ipsec_in_param_t param; > + int num_out = part->out_pkt; > + odp_packet_t pkt; > + int i; > + > + pkt = ipsec_packet(part->pkt_in); > + > + memset(¶m, 0, sizeof(param)); > + if (!part->lookup) { > + param.num_sa = 1; > + param.sa = &sa; > + } else { > + param.num_sa = 0; > + param.sa = NULL; > + } > + > + if (ODP_IPSEC_OP_MODE_SYNC == suite_context.inbound_op_mode) { > + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_in(&pkt, 1, > + pkto, &num_out, > + ¶m)); > + CU_ASSERT_EQUAL(num_out, part->out_pkt); > + } else if (ODP_IPSEC_OP_MODE_ASYNC == > suite_context.inbound_op_mode) { > + CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); > + > + for (i = 0; i < num_out; i++) { > + odp_event_t event; > + odp_event_subtype_t subtype; > + > + do { > + event = odp_queue_deq(suite_context. > queue); > + } while (event == ODP_EVENT_INVALID); > + > + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, > + odp_event_types(event, &subtype)); > + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype); > + pkto[i] = odp_ipsec_packet_from_event(event); > + } > + } else { > + odp_pktout_queue_t pktout; > + > + CU_ASSERT_EQUAL_FATAL(1, odp_pktout_queue(suite_ > context.pktio, > + &pktout, 1)); > + > + CU_ASSERT_EQUAL(1, odp_pktout_send(pktout, &pkt, 1)); > + > + for (i = 0; i < num_out;) { > + odp_event_t ev; > + odp_event_subtype_t subtype; > + odp_queue_t queue; > + > + ev = odp_schedule(&queue, ODP_SCHED_WAIT); > + CU_ASSERT_NOT_EQUAL(ODP_EVENT_INVALID, ev); > + > + if (ODP_EVENT_INVALID == ev) > + continue; > + > + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, > + odp_event_types(ev, &subtype)); > + if (queue == suite_context.queue) { > + CU_ASSERT(!part->out[i]. > status.error.sa_lookup); > + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, > + subtype); > + } else { > + CU_ASSERT(part->out[i].status. > error.sa_lookup); > + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC, > + subtype); > + } > + pkto[i++] = odp_ipsec_packet_from_event(ev); > + } > + } > + > + return num_out; > +} > + > +static > +int ipsec_send_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, > + odp_packet_t *pkto) > +{ > + odp_ipsec_out_param_t param; > + int num_out = part->out_pkt; > + odp_packet_t pkt; > + int i; > + > + pkt = ipsec_packet(part->pkt_in); > + > + memset(¶m, 0, sizeof(param)); > + param.num_sa = 1; > + param.sa = &sa; > + param.num_opt = 0; > + param.opt = NULL; > + > + if (ODP_IPSEC_OP_MODE_SYNC == suite_context.outbound_op_mode) { > + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&pkt, 1, > + pkto, > &num_out, > + ¶m)); > + CU_ASSERT_EQUAL(num_out, part->out_pkt); > + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode) > { > + CU_ASSERT_EQUAL(1, odp_ipsec_out_enq(&pkt, 1, ¶m)); > + > + for (i = 0; i < num_out; i++) { > + odp_event_t event; > + odp_event_subtype_t subtype; > + > + do { > + event = odp_queue_deq(suite_context. > queue); > + } while (event == ODP_EVENT_INVALID); > + > + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, > + odp_event_types(event, &subtype)); > + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype); > + pkto[i] = odp_ipsec_packet_from_event(event); > + } > + } else { > + struct odp_ipsec_out_inline_param_t inline_param; > + > + inline_param.pktio = suite_context.pktio; > + inline_param.outer_hdr.ptr = part->out[0].pkt_out->data; > + inline_param.outer_hdr.len = part->out[0].pkt_out->l3_ > offset; > + > + CU_ASSERT_EQUAL(1, odp_ipsec_out_inline(&pkt, 1, ¶m, > + &inline_param)); > + > + for (i = 0; i < num_out;) { > + odp_event_t ev; > + odp_event_subtype_t subtype; > + odp_queue_t queue; > + > + ev = odp_schedule(&queue, ODP_SCHED_WAIT); > + CU_ASSERT_NOT_EQUAL(ODP_EVENT_INVALID, ev); > + > + if (ODP_EVENT_INVALID == ev) > + continue; > + > + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, > + odp_event_types(ev, &subtype)); > + if (queue == suite_context.queue) { > + CU_ASSERT(part->out[i].status.error.all); > + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, > + subtype); > + } else { > + CU_ASSERT(!part->out[i].status.error.all); > + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC, > + subtype); > + } > + pkto[i++] = odp_ipsec_packet_from_event(ev); > + } > + } > + > + return num_out; > +} > + > +void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) > +{ > + int num_out = part->out_pkt; > + odp_packet_t pkto[num_out]; > + int i; > + > + num_out = ipsec_send_in_one(part, sa, pkto); > + > + for (i = 0; i < num_out; i++) { > + odp_ipsec_packet_result_t result; > + > + if (ODP_PACKET_INVALID == pkto[i]) { > + CU_FAIL("ODP_PACKET_INVALID received"); > + continue; > + } > + > + if (ODP_EVENT_PACKET_IPSEC != > + odp_event_subtype(odp_packet_to_event(pkto[i]))) { > + /* Inline packet went through loop */ > + CU_ASSERT_EQUAL(1, part->out[i].status.error.sa_ > lookup); > + } else { > + CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, > pkto[i])); > + CU_ASSERT_EQUAL(part->out[i].status.error.all, > + result.status.error.all); > + CU_ASSERT_EQUAL(sa, result.sa); > + } > + CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out, > + pkto[i])); > + odp_packet_free(pkto[i]); > + } > +} > + > +void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) > +{ > + int num_out = part->out_pkt; > + odp_packet_t pkto[num_out]; > + int i; > + > + num_out = ipsec_send_out_one(part, sa, pkto); > + > + for (i = 0; i < num_out; i++) { > + odp_ipsec_packet_result_t result; > + > + if (ODP_PACKET_INVALID == pkto[i]) { > + CU_FAIL("ODP_PACKET_INVALID received"); > + continue; > + } > + > + if (ODP_EVENT_PACKET_IPSEC != > + odp_event_subtype(odp_packet_to_event(pkto[i]))) { > + /* Inline packet went through loop */ > + CU_ASSERT_EQUAL(0, part->out[i].status.error.all); > + } else { > + /* IPsec packet */ > + CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, > pkto[i])); > + CU_ASSERT_EQUAL(part->out[i].status.error.all, > + result.status.error.all); > + CU_ASSERT_EQUAL(sa, result.sa); > + } > + CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out, > + pkto[i])); > + odp_packet_free(pkto[i]); > + } > +} > + > +void ipsec_check_out_in_one(const ipsec_test_part *part, > + odp_ipsec_sa_t sa, > + odp_ipsec_sa_t sa_in) > +{ > + int num_out = part->out_pkt; > + odp_packet_t pkto[num_out]; > + int i; > + > + num_out = ipsec_send_out_one(part, sa, pkto); > + > + for (i = 0; i < num_out; i++) { > + ipsec_test_part part_in = *part; > + ipsec_test_packet pkt_in; > + odp_ipsec_packet_result_t result; > + > + if (ODP_PACKET_INVALID == pkto[i]) { > + CU_FAIL("ODP_PACKET_INVALID received"); > + continue; > + } > + > + if (ODP_EVENT_PACKET_IPSEC != > + odp_event_subtype(odp_packet_to_event(pkto[i]))) { > + /* Inline packet went through loop */ > + CU_ASSERT_EQUAL(0, part->out[i].status.error.all); > + } else { > + /* IPsec packet */ > + CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, > pkto[i])); > + CU_ASSERT_EQUAL(part->out[i].status.error.all, > + result.status.error.all); > + CU_ASSERT_EQUAL(sa, result.sa); > + } > + CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <= > + sizeof(pkt_in.data)); > + > + pkt_in.len = odp_packet_len(pkto[i]); > + pkt_in.l2_offset = odp_packet_l2_offset(pkto[i]); > + pkt_in.l3_offset = odp_packet_l3_offset(pkto[i]); > + pkt_in.l4_offset = odp_packet_l4_offset(pkto[i]); > + odp_packet_copy_to_mem(pkto[i], 0, > + pkt_in.len, > + pkt_in.data); > + part_in.pkt_in = &pkt_in; > + ipsec_check_in_one(&part_in, sa_in); > + odp_packet_free(pkto[i]); > + } > +} > + > +static > void ipsec_test_capability(void) > { > odp_ipsec_capability_t capa; > @@ -22,11 +645,260 @@ odp_testinfo_t ipsec_suite[] = { > ODP_TEST_INFO_NULL > }; > > +static > +int ODP_UNUSED ipsec_sync_init(void) > +{ > + suite_context.pool = odp_pool_lookup("packet_pool"); > + if (suite_context.pool == ODP_POOL_INVALID) > + return -1; > + > + suite_context.queue = ODP_QUEUE_INVALID; > + suite_context.pktio = ODP_PKTIO_INVALID; > + suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_SYNC; > + suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_SYNC; > + > + return 0; > +} > + > +static > +int ODP_UNUSED ipsec_async_init(void) > +{ > + suite_context.pool = odp_pool_lookup("packet_pool"); > + if (suite_context.pool == ODP_POOL_INVALID) > + return -1; > + suite_context.queue = odp_queue_lookup("ipsec-out"); > + if (suite_context.queue == ODP_QUEUE_INVALID) > + return -1; > + > + suite_context.pktio = ODP_PKTIO_INVALID; > + suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC; > + suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC; > + > + return 0; > +} > + > +static > +int ODP_UNUSED ipsec_in_inline_init(void) > +{ > + int rc; > + > + suite_context.pool = odp_pool_lookup("packet_pool"); > + if (suite_context.pool == ODP_POOL_INVALID) > + return -1; > + suite_context.queue = odp_queue_lookup("ipsec-out-sched"); > + if (suite_context.queue == ODP_QUEUE_INVALID) > + return -1; > + rc = pktio_start(true, false); > + if (rc <= 0) > + return rc; > + if (suite_context.pktio == ODP_PKTIO_INVALID) > + return -1; > + > + suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_INLINE; > + suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC; > + > + return 0; > +} > + > +static > +int ODP_UNUSED ipsec_out_inline_init(void) > +{ > + int rc; > + > + suite_context.pool = odp_pool_lookup("packet_pool"); > + if (suite_context.pool == ODP_POOL_INVALID) > + return -1; > + suite_context.queue = odp_queue_lookup("ipsec-out"); > + if (suite_context.queue == ODP_QUEUE_INVALID) > + return -1; > + rc = pktio_start(false, true); > + if (rc <= 0) > + return rc; > + if (suite_context.pktio == ODP_PKTIO_INVALID) > + return -1; > + > + suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC; > + suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_INLINE; > + > + return 0; > +} > + > +static > +int ipsec_suite_term(odp_testinfo_t *suite) > +{ > + int i; > + int first = 1; > + > + if (suite_context.pktio != ODP_PKTIO_INVALID) > + pktio_stop(suite_context.pktio); > + > + for (i = 0; suite[i].pName; i++) { > + if (suite[i].check_active && > + suite[i].check_active() == ODP_TEST_INACTIVE) { > + if (first) { > + first = 0; > + printf("\n\n Inactive tests:\n"); > + } > + printf(" %s\n", suite[i].pName); > + } > + } > + > + return 0; > +} > + > +static > +int ipsec_in_term(void) > +{ > + return ipsec_suite_term(ipsec_in_suite); > +} > + > +static > +int ipsec_out_term(void) > +{ > + return ipsec_suite_term(ipsec_out_suite); > +} > + > odp_suiteinfo_t ipsec_suites[] = { > {"IPsec", NULL, NULL, ipsec_suite}, > + {"IPsec-sync-in", ipsec_sync_init, ipsec_in_term, ipsec_in_suite}, > + {"IPsec-sync-out", ipsec_sync_init, ipsec_out_term, > ipsec_out_suite}, > + {"IPsec-async-in", ipsec_async_init, ipsec_in_term, > ipsec_in_suite}, > + {"IPsec-async-out", ipsec_async_init, ipsec_out_term, > ipsec_out_suite}, > + {"IPsec-inline-in", ipsec_in_inline_init, ipsec_in_term, > + ipsec_in_suite}, > + {"IPsec-inline-out", ipsec_out_inline_init, ipsec_out_term, > + ipsec_out_suite}, > ODP_SUITE_INFO_NULL, > }; > > +static > +int ipsec_init(odp_instance_t *inst) > +{ > + odp_pool_param_t params; > + odp_pool_t pool; > + odp_queue_param_t queue_param; > + odp_queue_t out_queue; > + odp_pool_capability_t pool_capa; > + odp_pktio_t pktio; > + > + if (0 != odp_init_global(inst, NULL, NULL)) { > + fprintf(stderr, "error: odp_init_global() failed.\n"); > + return -1; > + } > + > + if (0 != odp_init_local(*inst, ODP_THREAD_CONTROL)) { > + fprintf(stderr, "error: odp_init_local() failed.\n"); > + return -1; > + } > + > + if (odp_pool_capability(&pool_capa) < 0) { > + fprintf(stderr, "error: odp_pool_capability() failed.\n"); > + return -1; > + } > + > + odp_pool_param_init(¶ms); > + params.pkt.seg_len = PKT_POOL_LEN; > + params.pkt.len = PKT_POOL_LEN; > + params.pkt.num = PKT_POOL_NUM; > + params.type = ODP_POOL_PACKET; > + > + if (pool_capa.pkt.max_seg_len && > + PKT_POOL_LEN > pool_capa.pkt.max_seg_len) { > + fprintf(stderr, "Warning: small packet segment length\n"); > + params.pkt.seg_len = pool_capa.pkt.max_seg_len; > + } > + > + if (pool_capa.pkt.max_len && > + PKT_POOL_LEN > pool_capa.pkt.max_len) { > + fprintf(stderr, "Pool max packet length too small\n"); > + return -1; > + } > + > + pool = odp_pool_create("packet_pool", ¶ms); > + > + if (ODP_POOL_INVALID == pool) { > + fprintf(stderr, "Packet pool creation failed.\n"); > + return -1; > + } > + out_queue = odp_queue_create("ipsec-out", NULL); > + if (ODP_QUEUE_INVALID == out_queue) { > + fprintf(stderr, "IPsec outq creation failed.\n"); > + return -1; > + } > + > + odp_queue_param_init(&queue_param); > + queue_param.type = ODP_QUEUE_TYPE_SCHED; > + queue_param.sched.sync = ODP_SCHED_SYNC_PARALLEL; > + queue_param.sched.prio = ODP_SCHED_PRIO_HIGHEST; > + queue_param.sched.group = ODP_SCHED_GROUP_ALL; > + > + out_queue = odp_queue_create("ipsec-out-sched", &queue_param); > + if (ODP_QUEUE_INVALID == out_queue) { > + fprintf(stderr, "IPsec sched outq creation failed.\n"); > + return -1; > + } > + > + pktio = pktio_create(ODP_QUEUE_TYPE_SCHED, pool); > + if (ODP_PKTIO_INVALID == pktio) { > + fprintf(stderr, "IPsec pktio creation failed.\n"); > + return -1; > + } > + > + return 0; > +} > + > +static > +int ipsec_term(odp_instance_t inst) > +{ > + odp_pool_t pool; > + odp_queue_t out_queue; > + odp_pktio_t pktio; > + > + pktio = odp_pktio_lookup("loop"); > + if (ODP_PKTIO_INVALID != pktio) { > + if (odp_pktio_close(pktio)) > + fprintf(stderr, "IPsec pktio close failed.\n"); > + } else { > + fprintf(stderr, "IPsec pktio not found.\n"); > + } > + > + out_queue = odp_queue_lookup("ipsec-out-sched"); > + if (ODP_QUEUE_INVALID != out_queue) { > + if (odp_queue_destroy(out_queue)) > + fprintf(stderr, "IPsec sched outq destroy > failed.\n"); > + } else { > + fprintf(stderr, "IPsec sched outq not found.\n"); > + } > + > + out_queue = odp_queue_lookup("ipsec-out"); > + if (ODP_QUEUE_INVALID != out_queue) { > + if (odp_queue_destroy(out_queue)) > + fprintf(stderr, "IPsec outq destroy failed.\n"); > + } else { > + fprintf(stderr, "IPsec outq not found.\n"); > + } > + > + pool = odp_pool_lookup("packet_pool"); > + if (ODP_POOL_INVALID != pool) { > + if (odp_pool_destroy(pool)) > + fprintf(stderr, "Packet pool destroy failed.\n"); > + } else { > + fprintf(stderr, "Packet pool not found.\n"); > + } > + > + if (0 != odp_term_local()) { > + fprintf(stderr, "error: odp_term_local() failed.\n"); > + return -1; > + } > + > + if (0 != odp_term_global(inst)) { > + fprintf(stderr, "error: odp_term_global() failed.\n"); > + return -1; > + } > + > + return 0; > +} > + > int ipsec_main(int argc, char *argv[]) > { > int ret; > @@ -35,8 +907,10 @@ int ipsec_main(int argc, char *argv[]) > if (odp_cunit_parse_options(argc, argv)) > return -1; > > - ret = odp_cunit_register(ipsec_suites); > + odp_cunit_register_global_init(ipsec_init); > + odp_cunit_register_global_term(ipsec_term); > > + ret = odp_cunit_register(ipsec_suites); > if (ret == 0) > ret = odp_cunit_run(); > > diff --git a/test/common_plat/validation/api/ipsec/ipsec.h > b/test/common_plat/validation/api/ipsec/ipsec.h > index 290a186f..8ffe9f31 100644 > --- a/test/common_plat/validation/api/ipsec/ipsec.h > +++ b/test/common_plat/validation/api/ipsec/ipsec.h > @@ -9,16 +9,70 @@ > > #include <odp_cunit_common.h> > > -/* test functions: */ > -void ipsec_test_capability(void); > - > /* test arrays: */ > -extern odp_testinfo_t ipsec_suite[]; > - > -/* test registry: */ > -extern odp_suiteinfo_t ipsec_suites[]; > +extern odp_testinfo_t ipsec_in_suite[]; > +extern odp_testinfo_t ipsec_out_suite[]; > > /* main test program: */ > int ipsec_main(int argc, char *argv[]); > > +struct suite_context_s { > + odp_ipsec_op_mode_t inbound_op_mode; > + odp_ipsec_op_mode_t outbound_op_mode; > + odp_pool_t pool; > + odp_queue_t queue; > + odp_pktio_t pktio; > +}; > + > +extern struct suite_context_s suite_context; > + > +typedef struct { > + uint32_t len; > + uint32_t l2_offset; > + uint32_t l3_offset; > + uint32_t l4_offset; > + uint8_t data[256]; > +} ipsec_test_packet; > + > +typedef struct { > + const ipsec_test_packet *pkt_in; > + odp_bool_t lookup; > + int out_pkt; > + struct { > + odp_ipsec_op_status_t status; > + const ipsec_test_packet *pkt_out; > + } out[1]; > +} ipsec_test_part; > + > +void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, > + odp_bool_t in, > + odp_bool_t ah, > + uint32_t spi, > + odp_ipsec_tunnel_param_t *tun, > + odp_cipher_alg_t cipher_alg, > + const odp_crypto_key_t *cipher_key, > + odp_auth_alg_t auth_alg, > + const odp_crypto_key_t *auth_key); > + > +void ipsec_sa_destroy(odp_ipsec_sa_t sa); > +odp_packet_t ipsec_packet(const ipsec_test_packet *itp); > +odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t > pkt); > +void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa); > +void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa); > +void ipsec_check_out_in_one(const ipsec_test_part *part, > + odp_ipsec_sa_t sa, > + odp_ipsec_sa_t sa_in); > + > +int ipsec_check(odp_bool_t ah, > + odp_cipher_alg_t cipher, > + odp_auth_alg_t auth); > +#define ipsec_check_ah(auth) \ > + ipsec_check(true, ODP_CIPHER_ALG_NULL, auth) > +#define ipsec_check_esp(cipher, auth) \ > + ipsec_check(false, cipher, auth) > +int ipsec_check_ah_sha256(void); > +int ipsec_check_esp_null_sha256(void); > +int ipsec_check_esp_aes_cbc_null(void); > +int ipsec_check_esp_aes_cbc_sha256(void); > + > #endif > diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_in.c > b/test/common_plat/validation/api/ipsec/ipsec_test_in.c > new file mode 100644 > index 00000000..bd9a47f1 > --- /dev/null > +++ b/test/common_plat/validation/api/ipsec/ipsec_test_in.c > @@ -0,0 +1,831 @@ > +/* Copyright (c) 2017, Linaro Limited > + * All rights reserved. > + * > + * SPDX-License-Identifier: BSD-3-Clause > + */ > + > +#include "ipsec.h" > + > +#include "test_vectors.h" > + > +static > +void test_in_ah_sha256(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, true, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_ah_sha256_1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_ah_sha256_tun(void) > +{ > + odp_ipsec_tunnel_param_t tunnel = {}; > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, true, 123, &tunnel, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_ah_sha256_tun_notun(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, true, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0_ipip }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_esp_null_sha256(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_esp_aes_cbc_null(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, NULL, > + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, > + ODP_AUTH_ALG_NULL, NULL); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_esp_aes_cbc_null_1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_esp_aes_cbc_sha256(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, NULL, > + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_esp_aes_cbc_sha256_1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_lookup_ah_sha256(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, true, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_ah_sha256_1, > + .lookup = 1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_lookup_esp_null_sha256(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, > + .lookup = 1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_esp_null_sha256_tun(void) > +{ > + odp_ipsec_tunnel_param_t tunnel = {}; > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, &tunnel, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_esp_tun_null_sha256_1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_ah_esp_pkt(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + /* This test will not work properly inbound inline mode. > + * test_in_lookup_ah_esp_pkt will be used instead. */ > + if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) > + return; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, true, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.proto = 1, > + .pkt_out = NULL }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_esp_ah_pkt(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + /* This test will not work properly inbound inline mode. > + * test_in_lookup_esp_ah_pkt will be used instead. */ > + if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) > + return; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_ah_sha256_1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.proto = 1, > + .pkt_out = NULL }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_lookup_ah_esp_pkt(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, true, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, > + .lookup = 1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.sa_lookup = 1, > + .pkt_out = NULL }, > + }, > + }; > + > + ipsec_check_in_one(&test, ODP_IPSEC_SA_INVALID); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_lookup_esp_ah_pkt(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_ah_sha256_1, > + .lookup = 1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.sa_lookup = 1, > + .pkt_out = NULL }, > + }, > + }; > + > + ipsec_check_in_one(&test, ODP_IPSEC_SA_INVALID); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_ah_sha256_bad1(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, true, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_ah_sha256_1_bad1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.auth = 1, > + .pkt_out = NULL }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_ah_sha256_bad2(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, true, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_ah_sha256_1_bad2, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.auth = 1, > + .pkt_out = NULL }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_esp_null_sha256_bad1(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0_esp_null_sha256_1_bad1, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.auth = 1, > + .pkt_out = NULL }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_rfc3602_5_esp(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 0x4321, NULL, > + ODP_CIPHER_ALG_AES_CBC, &key_rfc3602, > + ODP_AUTH_ALG_NULL, NULL); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_rfc3602_5_esp, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_rfc3602_5 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_rfc3602_6_esp(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 0x4321, NULL, > + ODP_CIPHER_ALG_AES_CBC, &key_rfc3602, > + ODP_AUTH_ALG_NULL, NULL); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_rfc3602_6_esp, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_rfc3602_6 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_rfc3602_7_esp(void) > +{ > + odp_ipsec_tunnel_param_t tunnel = {}; > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 0x8765, &tunnel, > + ODP_CIPHER_ALG_AES_CBC, &key_rfc3602_2, > + ODP_AUTH_ALG_NULL, NULL); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_rfc3602_7_esp, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_rfc3602_7 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_in_rfc3602_8_esp(void) > +{ > + odp_ipsec_tunnel_param_t tunnel = {}; > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + true, false, 0x8765, &tunnel, > + ODP_CIPHER_ALG_AES_CBC, &key_rfc3602_2, > + ODP_AUTH_ALG_NULL, NULL); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_rfc3602_8_esp, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_rfc3602_8 }, > + }, > + }; > + > + ipsec_check_in_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +odp_testinfo_t ipsec_in_suite[] = { > + ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_5_esp, > + ipsec_check_esp_aes_cbc_null), > + ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_6_esp, > + ipsec_check_esp_aes_cbc_null), > + ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_7_esp, > + ipsec_check_esp_aes_cbc_null), > + ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_8_esp, > + ipsec_check_esp_aes_cbc_null), > + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256, > + ipsec_check_ah_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun, > + ipsec_check_ah_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun_notun, > + ipsec_check_ah_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256, > + ipsec_check_esp_null_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_null, > + ipsec_check_esp_aes_cbc_null), > + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, > + ipsec_check_esp_aes_cbc_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, > + ipsec_check_ah_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, > + ipsec_check_esp_null_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, > + ipsec_check_esp_null_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, > + ipsec_check_ah_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, > + ipsec_check_esp_null_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_esp_pkt, > + ipsec_check_ah_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_ah_pkt, > + ipsec_check_esp_null_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad1, > + ipsec_check_ah_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad2, > + ipsec_check_ah_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_bad1, > + ipsec_check_esp_null_sha256), > + ODP_TEST_INFO_NULL, > +}; > diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_out.c > b/test/common_plat/validation/api/ipsec/ipsec_test_out.c > new file mode 100644 > index 00000000..a62f2549 > --- /dev/null > +++ b/test/common_plat/validation/api/ipsec/ipsec_test_out.c > @@ -0,0 +1,347 @@ > +/* Copyright (c) 2017, Linaro Limited > + * All rights reserved. > + * > + * SPDX-License-Identifier: BSD-3-Clause > + */ > + > +#include "ipsec.h" > + > +#include "test_vectors.h" > + > +static > +void test_out_ah_sha256(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + false, true, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0_ah_sha256_1 }, > + }, > + }; > + > + ipsec_check_out_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +#define IPV4ADDR(a, b, c, d) odp_cpu_to_be_32((a << 24) | \ > + (b << 16) | \ > + (c << 8) | \ > + (d << 0)) > + > +static > +void test_out_ah_sha256_tun(void) > +{ > + uint32_t src = IPV4ADDR(10, 0, 111, 2); > + uint32_t dst = IPV4ADDR(10, 0, 222, 2); > + odp_ipsec_tunnel_param_t tunnel = { > + .type = ODP_IPSEC_TUNNEL_IPV4, > + .ipv4.src_addr = &src, > + .ipv4.dst_addr = &dst, > + .ipv4.ttl = 64, > + }; > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + false, true, 123, &tunnel, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0_ah_tun_sha256_1 }, > + }, > + }; > + > + ipsec_check_out_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_out_esp_null_sha256_out(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + false, false, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0_esp_null_sha256_1 }, > + }, > + }; > + > + ipsec_check_out_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_out_esp_null_sha256_tun_out(void) > +{ > + uint32_t src = IPV4ADDR(10, 0, 111, 2); > + uint32_t dst = IPV4ADDR(10, 0, 222, 2); > + odp_ipsec_tunnel_param_t tunnel = { > + .type = ODP_IPSEC_TUNNEL_IPV4, > + .ipv4.src_addr = &src, > + .ipv4.dst_addr = &dst, > + .ipv4.ttl = 64, > + }; > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + false, false, 123, &tunnel, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0_esp_tun_null_sha256_1 }, > + }, > + }; > + > + ipsec_check_out_one(&test, sa); > + > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_out_esp_null_sha256(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + odp_ipsec_sa_t sa2; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + false, false, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, NULL, > + ODP_CIPHER_ALG_NULL, NULL, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa2 = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_out_in_one(&test, sa, sa2); > + > + ipsec_sa_destroy(sa2); > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_out_esp_aes_cbc_null(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + odp_ipsec_sa_t sa2; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + false, false, 123, NULL, > + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, > + ODP_AUTH_ALG_NULL, NULL); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, NULL, > + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, > + ODP_AUTH_ALG_NULL, NULL); > + > + sa2 = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_out_in_one(&test, sa, sa2); > + > + ipsec_sa_destroy(sa2); > + ipsec_sa_destroy(sa); > +} > + > +static > +void test_out_esp_aes_cbc_sha256(void) > +{ > + odp_ipsec_config_t ipsec_config; > + odp_ipsec_sa_param_t param; > + odp_ipsec_sa_t sa; > + odp_ipsec_sa_t sa2; > + > + odp_ipsec_config_init(&ipsec_config); > + ipsec_config.inbound_mode = suite_context.inbound_op_mode; > + ipsec_config.outbound_mode = suite_context.outbound_op_mode; > + ipsec_config.inbound.default_queue = suite_context.queue; > + > + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_ > config)); > + > + ipsec_sa_param_fill(¶m, > + false, false, 123, NULL, > + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); > + > + ipsec_sa_param_fill(¶m, > + true, false, 123, NULL, > + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, > + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); > + > + sa2 = odp_ipsec_sa_create(¶m); > + > + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); > + > + ipsec_test_part test = { > + .pkt_in = &pkt_icmp_0, > + .out_pkt = 1, > + .out = { > + { .status.warn.all = 0, > + .status.error.all = 0, > + .pkt_out = &pkt_icmp_0 }, > + }, > + }; > + > + ipsec_check_out_in_one(&test, sa, sa2); > + > + ipsec_sa_destroy(sa2); > + ipsec_sa_destroy(sa); > +} > + > +odp_testinfo_t ipsec_out_suite[] = { > + ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256, > + ipsec_check_ah_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256_tun, > + ipsec_check_ah_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_out, > + ipsec_check_esp_null_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_tun_out, > + ipsec_check_esp_null_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256, > + ipsec_check_esp_null_sha256), > + ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_null, > + ipsec_check_esp_aes_cbc_null), > + ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, > + ipsec_check_esp_aes_cbc_sha256), > + ODP_TEST_INFO_NULL, > +}; > diff --git a/test/common_plat/validation/api/ipsec/test_vectors.h > b/test/common_plat/validation/api/ipsec/test_vectors.h > new file mode 100644 > index 00000000..facd0636 > --- /dev/null > +++ b/test/common_plat/validation/api/ipsec/test_vectors.h > @@ -0,0 +1,728 @@ > +/* Copyright (c) 2017, Linaro Limited > + * All rights reserved. > + * > + * SPDX-License-Identifier: BSD-3-Clause > + */ > + > +#ifndef _ODP_TEST_IPSEC_VECTORS_H_ > +#define _ODP_TEST_IPSEC_VECTORS_H_ > + > +#define KEY(name, ...) \ > + static uint8_t name ## _data[] = { __VA_ARGS__ }; \ > + static const ODP_UNUSED odp_crypto_key_t name = { \ > + .data = name ## _data, \ > + .length = sizeof(name ## _data), \ > + } > + > +KEY(key_a5_128, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, > + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5); > +KEY(key_5a_128, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, > + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a); > +KEY(key_a5_256, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, > + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, > + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, > + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5); > +KEY(key_5a_256, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, > + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, > + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, > + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a); > + > +KEY(key_rfc3602, 0x90, 0xd3, 0x82, 0xb4, 0x10, 0xee, 0xba, 0x7a, > + 0xd9, 0x38, 0xc4, 0x6c, 0xec, 0x1a, 0x82, 0xbf); > +KEY(key_rfc3602_2, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, > + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef); > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { > + .len = 142, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* ICMP */ > + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, > + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, > + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, > + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, > + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, > + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, > + 0x58, 0x59, 0x5a, 0x5b, > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = { > + .len = 162, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x04, 0x19, 0x62, 0x0a, 0x00, 0x6f, 0x02, > + 0x0a, 0x00, 0xde, 0x02, > + > + /* Inner IP */ > + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* ICMP */ > + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, > + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, > + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, > + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, > + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, > + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, > + 0x58, 0x59, 0x5a, 0x5b > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { > + .len = 170, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* AH */ > + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, > + 0x00, 0x00, 0x00, 0x01, > + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, > + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, > + > + /* ICMP */ > + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, > + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, > + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, > + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, > + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, > + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, > + 0x58, 0x59, 0x5a, 0x5b, > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = { > + .len = 190, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0xb0, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x33, 0x19, 0x17, 0x0a, 0x00, 0x6f, 0x02, > + 0x0a, 0x00, 0xde, 0x02, > + > + /* AH */ > + 0x04, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, > + 0x00, 0x00, 0x00, 0x01, > + 0xd5, 0x35, 0x9b, 0x21, 0xe6, 0x14, 0x9b, 0x42, > + 0x1f, 0x00, 0xfa, 0x36, 0x73, 0x4c, 0x53, 0xcf, > + > + /* Inner IP */ > + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* ICMP */ > + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, > + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, > + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, > + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, > + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, > + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, > + 0x58, 0x59, 0x5a, 0x5b, > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { > + .len = 168, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* AH */ > + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, > + 0x00, 0x00, 0x00, 0x01, > + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, > + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, > + > + /* ICMP */ > + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, > + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, > + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, > + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, > + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, > + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, > + 0x58, 0x59, > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { > + .len = 170, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* AH */ > + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, > + 0x00, 0x00, 0x00, 0x01, > + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, > + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, > + > + /* ICMP */ > + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, > + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, > + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, > + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, > + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, > + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, > + 0x58, 0x59, 0x5a, 0x5d, > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { > + .len = 170, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* ESP */ > + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, > + > + /* ICMP */ > + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, > + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, > + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, > + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, > + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, > + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, > + 0x58, 0x59, 0x5a, 0x5b, > + > + /* ESP TRL */ > + 0x01, 0x02, 0x02, 0x01, > + > + /* ICV */ > + 0xe9, 0x81, 0xcd, 0x65, 0x9b, 0x25, 0x0b, 0x33, > + 0xe2, 0xf3, 0x83, 0xf1, 0x6d, 0x14, 0xb4, 0x1f, > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 > = { > + .len = 190, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0xb0, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x32, 0x19, 0x18, 0x0a, 0x00, 0x6f, 0x02, > + 0x0a, 0x00, 0xde, 0x02, > + > + /* ESP */ > + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, > + > + /* Inner IP */ > + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* ICMP */ > + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, > + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, > + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, > + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, > + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, > + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, > + 0x58, 0x59, 0x5a, 0x5b, > + > + /* ESP TRL */ > + 0x01, 0x02, 0x02, 0x04, > + > + /* ICV */ > + 0x73, 0x8d, 0xf6, 0x9a, 0x26, 0x06, 0x4d, 0xa1, > + 0x88, 0x37, 0x65, 0xab, 0x0d, 0xe9, 0x95, 0x3b, > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 > = { > + .len = 170, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* ESP */ > + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, > + > + /* ICMP */ > + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, > + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, > + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, > + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, > + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, > + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, > + 0x58, 0x59, 0x5a, 0x5b, > + > + /* ESP TRL */ > + 0x01, 0x02, 0x02, 0x01, > + > + /* ICV */ > + 0x18, 0x00, 0x14, 0x3a, 0x54, 0x72, 0x98, 0xe8, > + 0xc7, 0x2d, 0xfa, 0xeb, 0x70, 0xe0, 0x24, 0xdf, > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = > { > + .len = 170, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* ESP */ > + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, > + > + /* IV */ > + 0x96, 0xfa, 0x74, 0x56, 0x78, 0xe4, 0xbb, 0x0c, > + 0x9e, 0x6e, 0x4a, 0xeb, 0x44, 0xd9, 0xf2, 0xe6, > + > + /* data */ > + 0x2f, 0xb3, 0xa6, 0xfe, 0x2c, 0x2e, 0xce, 0x65, > + 0x3a, 0x57, 0xe3, 0x09, 0x5d, 0x66, 0x36, 0x32, > + 0xb1, 0xc2, 0x59, 0x58, 0xb6, 0xe5, 0x9e, 0xa2, > + 0x07, 0xf8, 0x26, 0x4a, 0x64, 0xf5, 0x16, 0x01, > + 0x51, 0x8e, 0xe5, 0x4b, 0x07, 0x2c, 0x4b, 0x23, > + 0xfa, 0x4e, 0x6e, 0xdb, 0x35, 0xc7, 0x1d, 0x30, > + 0x42, 0xd9, 0x0f, 0xba, 0x8a, 0x69, 0x7e, 0x29, > + 0xe7, 0xbd, 0x15, 0xe9, 0x35, 0x9e, 0x81, 0xe7, > + 0x9e, 0xc9, 0x7d, 0x66, 0x99, 0x58, 0xec, 0x45, > + 0x29, 0xd0, 0xa4, 0xfd, 0xf1, 0xe7, 0x5b, 0x3e, > + 0x2a, 0x77, 0x1d, 0x8f, 0x2b, 0x73, 0xba, 0xf8, > + 0x72, 0xd2, 0xa0, 0x0b, 0x90, 0xb9, 0x73, 0x9c, > + 0xde, 0x3c, 0xc3, 0xb8, 0x91, 0x97, 0xc4, 0x28, > + 0xfa, 0x6d, 0xa8, 0x41, 0xb6, 0x83, 0xc8, 0xaa, > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 > = { > + .len = 186, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, 0x00, > + 0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02, > + 0xc0, 0xa8, 0xde, 0x02, > + > + /* ESP */ > + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, > + > + /* IV */ > + 0x96, 0xfa, 0x74, 0x56, 0x78, 0xe4, 0xbb, 0x0c, > + 0x9e, 0x6e, 0x4a, 0xeb, 0x44, 0xd9, 0xf2, 0xe6, > + > + /* data */ > + 0x2f, 0xb3, 0xa6, 0xfe, 0x2c, 0x2e, 0xce, 0x65, > + 0x3a, 0x57, 0xe3, 0x09, 0x5d, 0x66, 0x36, 0x32, > + 0xb1, 0xc2, 0x59, 0x58, 0xb6, 0xe5, 0x9e, 0xa2, > + 0x07, 0xf8, 0x26, 0x4a, 0x64, 0xf5, 0x16, 0x01, > + 0x51, 0x8e, 0xe5, 0x4b, 0x07, 0x2c, 0x4b, 0x23, > + 0xfa, 0x4e, 0x6e, 0xdb, 0x35, 0xc7, 0x1d, 0x30, > + 0x42, 0xd9, 0x0f, 0xba, 0x8a, 0x69, 0x7e, 0x29, > + 0xe7, 0xbd, 0x15, 0xe9, 0x35, 0x9e, 0x81, 0xe7, > + 0x9e, 0xc9, 0x7d, 0x66, 0x99, 0x58, 0xec, 0x45, > + 0x29, 0xd0, 0xa4, 0xfd, 0xf1, 0xe7, 0x5b, 0x3e, > + 0x2a, 0x77, 0x1d, 0x8f, 0x2b, 0x73, 0xba, 0xf8, > + 0x72, 0xd2, 0xa0, 0x0b, 0x90, 0xb9, 0x73, 0x9c, > + 0xde, 0x3c, 0xc3, 0xb8, 0x91, 0x97, 0xc4, 0x28, > + 0xfa, 0x6d, 0xa8, 0x41, 0xb6, 0x83, 0xc8, 0xaa, > + > + /* IV */ > + 0x8a, 0x39, 0x10, 0x07, 0x02, 0x97, 0xbb, 0x1c, > + 0x59, 0xb7, 0x70, 0x33, 0xa4, 0x26, 0xa2, 0xb8 > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = { > + .len = 98, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH - not a part of RFC, added for simplicity */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x54, 0x08, 0xf2, 0x00, 0x00, > + 0x40, 0x01, 0xf9, 0xfe, 0xc0, 0xa8, 0x7b, 0x03, > + 0xc0, 0xa8, 0x7b, 0x64, > + > + /* ICMP */ > + 0x08, 0x00, 0x0e, 0xbd, 0xa7, 0x0a, 0x00, 0x00, > + 0x8e, 0x9c, 0x08, 0x3d, 0xb9, 0x5b, 0x07, 0x00, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + > + }, > +}; > + > +static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5_esp = { > + .len = 138, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH - not a part of RFC, added for simplicity */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x7c, 0x08, 0xf2, 0x00, 0x00, > + 0x40, 0x32, 0xf9, 0xa5, 0xc0, 0xa8, 0x7b, 0x03, > + 0xc0, 0xa8, 0x7b, 0x64, > + > + /* ESP */ > + 0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x01, > + > + /* IV */ > + 0xe9, 0x6e, 0x8c, 0x08, 0xab, 0x46, 0x57, 0x63, > + 0xfd, 0x09, 0x8d, 0x45, 0xdd, 0x3f, 0xf8, 0x93, > + > + /* data */ > + 0xf6, 0x63, 0xc2, 0x5d, 0x32, 0x5c, 0x18, 0xc6, > + 0xa9, 0x45, 0x3e, 0x19, 0x4e, 0x12, 0x08, 0x49, > + 0xa4, 0x87, 0x0b, 0x66, 0xcc, 0x6b, 0x99, 0x65, > + 0x33, 0x00, 0x13, 0xb4, 0x89, 0x8d, 0xc8, 0x56, > + 0xa4, 0x69, 0x9e, 0x52, 0x3a, 0x55, 0xdb, 0x08, > + 0x0b, 0x59, 0xec, 0x3a, 0x8e, 0x4b, 0x7e, 0x52, > + 0x77, 0x5b, 0x07, 0xd1, 0xdb, 0x34, 0xed, 0x9c, > + 0x53, 0x8a, 0xb5, 0x0c, 0x55, 0x1b, 0x87, 0x4a, > + 0xa2, 0x69, 0xad, 0xd0, 0x47, 0xad, 0x2d, 0x59, > + 0x13, 0xac, 0x19, 0xb7, 0xcf, 0xba, 0xd4, 0xa6, > + }, > +}; > + > +static const ipsec_test_packet pkt_rfc3602_6 = { > + .len = 62, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH - not a part of RFC, added for simplicity */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x30, 0x08, 0xfe, 0x00, 0x00, > + 0x40, 0x01, 0xfa, 0x16, 0xc0, 0xa8, 0x7b, 0x03, > + 0xc0, 0xa8, 0x7b, 0x64, > + > + /* ICMP */ > + 0x08, 0x00, 0xb5, 0xe8, 0xa8, 0x0a, 0x05, 0x00, > + 0xa6, 0x9c, 0x08, 0x3d, 0x0b, 0x66, 0x0e, 0x00, > + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, > + 0x77, 0x77, 0x77, 0x77, > + }, > +}; > + > +static const ipsec_test_packet pkt_rfc3602_6_esp = { > + .len = 90, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH - not a part of RFC, added for simplicity */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x4c, 0x08, 0xfe, 0x00, 0x00, > + 0x40, 0x32, 0xf9, 0xc9, 0xc0, 0xa8, 0x7b, 0x03, > + 0xc0, 0xa8, 0x7b, 0x64, > + > + /* ESP */ > + 0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x08, > + > + /* IV */ > + 0x69, 0xd0, 0x8d, 0xf7, 0xd2, 0x03, 0x32, 0x9d, > + 0xb0, 0x93, 0xfc, 0x49, 0x24, 0xe5, 0xbd, 0x80, > + > + /* data */ > + 0xf5, 0x19, 0x95, 0x88, 0x1e, 0xc4, 0xe0, 0xc4, > + 0x48, 0x89, 0x87, 0xce, 0x74, 0x2e, 0x81, 0x09, > + 0x68, 0x9b, 0xb3, 0x79, 0xd2, 0xd7, 0x50, 0xc0, > + 0xd9, 0x15, 0xdc, 0xa3, 0x46, 0xa8, 0x9f, 0x75, > + }, > +}; > + > +static const ipsec_test_packet pkt_rfc3602_7 = { > + .len = 98, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH - not a part of RFC, added for simplicity */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x54, 0x09, 0x04, 0x00, 0x00, > + 0x40, 0x01, 0xf9, 0x88, 0xc0, 0xa8, 0x7b, 0x03, > + 0xc0, 0xa8, 0x7b, 0xc8, > + > + /* ICMP */ > + 0x08, 0x00, 0x9f, 0x76, 0xa9, 0x0a, 0x01, 0x00, > + 0xb4, 0x9c, 0x08, 0x3d, 0x02, 0xa2, 0x04, 0x00, > + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, > + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, > + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, > + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, > + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, > + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, > + }, > +}; > + > +static const ipsec_test_packet pkt_rfc3602_7_esp = { > + .len = 154, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH - not a part of RFC, added for simplicity */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x8c, 0x09, 0x05, 0x00, 0x00, > + 0x40, 0x32, 0xf9, 0x1e, 0xc0, 0xa8, 0x7b, 0x03, > + 0xc0, 0xa8, 0x7b, 0xc8, > + > + /* ESP */ > + 0x00, 0x00, 0x87, 0x65, 0x00, 0x00, 0x00, 0x02, > + > + /* IV */ > + 0xf4, 0xe7, 0x65, 0x24, 0x4f, 0x64, 0x07, 0xad, > + 0xf1, 0x3d, 0xc1, 0x38, 0x0f, 0x67, 0x3f, 0x37, > + > + /* data */ > + 0x77, 0x3b, 0x52, 0x41, 0xa4, 0xc4, 0x49, 0x22, > + 0x5e, 0x4f, 0x3c, 0xe5, 0xed, 0x61, 0x1b, 0x0c, > + 0x23, 0x7c, 0xa9, 0x6c, 0xf7, 0x4a, 0x93, 0x01, > + 0x3c, 0x1b, 0x0e, 0xa1, 0xa0, 0xcf, 0x70, 0xf8, > + 0xe4, 0xec, 0xae, 0xc7, 0x8a, 0xc5, 0x3a, 0xad, > + 0x7a, 0x0f, 0x02, 0x2b, 0x85, 0x92, 0x43, 0xc6, > + 0x47, 0x75, 0x2e, 0x94, 0xa8, 0x59, 0x35, 0x2b, > + 0x8a, 0x4d, 0x4d, 0x2d, 0xec, 0xd1, 0x36, 0xe5, > + 0xc1, 0x77, 0xf1, 0x32, 0xad, 0x3f, 0xbf, 0xb2, > + 0x20, 0x1a, 0xc9, 0x90, 0x4c, 0x74, 0xee, 0x0a, > + 0x10, 0x9e, 0x0c, 0xa1, 0xe4, 0xdf, 0xe9, 0xd5, > + 0xa1, 0x00, 0xb8, 0x42, 0xf1, 0xc2, 0x2f, 0x0d, > + }, > +}; > + > +static const ipsec_test_packet pkt_rfc3602_8 = { > + .len = 82, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH - not a part of RFC, added for simplicity */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x44, 0x09, 0x0c, 0x00, 0x00, > + 0x40, 0x01, 0xf9, 0x90, 0xc0, 0xa8, 0x7b, 0x03, > + 0xc0, 0xa8, 0x7b, 0xc8, > + > + /* ICMP */ > + 0x08, 0x00, 0xd6, 0x3c, 0xaa, 0x0a, 0x02, 0x00, > + 0xc6, 0x9c, 0x08, 0x3d, 0xa3, 0xde, 0x03, 0x00, > + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, > + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, > + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, > + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, > + }, > +}; > + > +static const ipsec_test_packet pkt_rfc3602_8_esp = { > + .len = 138, > + .l2_offset = 0, > + .l3_offset = 14, > + .l4_offset = 34, > + .data = { > + /* ETH - not a part of RFC, added for simplicity */ > + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, > + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, > + > + /* IP */ > + 0x45, 0x00, 0x00, 0x7c, 0x09, 0x0d, 0x00, 0x00, > + 0x40, 0x32, 0xf9, 0x26, 0xc0, 0xa8, 0x7b, 0x03, > + 0xc0, 0xa8, 0x7b, 0xc8, > + > + /* ESP */ > + 0x00, 0x00, 0x87, 0x65, 0x00, 0x00, 0x00, 0x05, > + > + /* IV */ > + 0x85, 0xd4, 0x72, 0x24, 0xb5, 0xf3, 0xdd, 0x5d, > + 0x21, 0x01, 0xd4, 0xea, 0x8d, 0xff, 0xab, 0x22, > + > + /* data */ > + 0x15, 0xb9, 0x26, 0x83, 0x81, 0x95, 0x96, 0xa8, > + 0x04, 0x72, 0x32, 0xcc, 0x00, 0xf7, 0x04, 0x8f, > + 0xe4, 0x53, 0x18, 0xe1, 0x1f, 0x8a, 0x0f, 0x62, > + 0xed, 0xe3, 0xc3, 0xfc, 0x61, 0x20, 0x3b, 0xb5, > + 0x0f, 0x98, 0x0a, 0x08, 0xc9, 0x84, 0x3f, 0xd3, > + 0xa1, 0xb0, 0x6d, 0x5c, 0x07, 0xff, 0x96, 0x39, > + 0xb7, 0xeb, 0x7d, 0xfb, 0x35, 0x12, 0xe5, 0xde, > + 0x43, 0x5e, 0x72, 0x07, 0xed, 0x97, 0x1e, 0xf3, > + 0xd2, 0x72, 0x6d, 0x9b, 0x5e, 0xf6, 0xaf, 0xfc, > + 0x6d, 0x17, 0xa0, 0xde, 0xcb, 0xb1, 0x38, 0x92, > + }, > +}; > + > +#endif > > -- Thanks, Kevin
diff --git a/test/common_plat/validation/api/ipsec/Makefile.am b/test/common_plat/validation/api/ipsec/Makefile.am index 106b8dce..9dba31fd 100644 --- a/test/common_plat/validation/api/ipsec/Makefile.am +++ b/test/common_plat/validation/api/ipsec/Makefile.am @@ -1,10 +1,15 @@ include ../Makefile.inc +AM_CPPFLAGS += -Wno-error=missing-field-initializers + noinst_LTLIBRARIES = libtestipsec.la -libtestipsec_la_SOURCES = ipsec.c +libtestipsec_la_SOURCES = \ + test_vectors.h \ + ipsec_test_in.c \ + ipsec_test_out.c \ + ipsec.h \ + ipsec.c test_PROGRAMS = ipsec_main$(EXEEXT) dist_ipsec_main_SOURCES = ipsec_main.c ipsec_main_LDADD = libtestipsec.la $(LIBCUNIT_COMMON) $(LIBODP) - -EXTRA_DIST = ipsec.h diff --git a/test/common_plat/validation/api/ipsec/ipsec.c b/test/common_plat/validation/api/ipsec/ipsec.c index 78348032..910901d6 100644 --- a/test/common_plat/validation/api/ipsec/ipsec.c +++ b/test/common_plat/validation/api/ipsec/ipsec.c @@ -10,6 +10,629 @@ #include "ipsec.h" +#include "test_vectors.h" + +struct suite_context_s suite_context; + +#define PKT_POOL_NUM 64 +#define PKT_POOL_LEN (1 * 1024) + +static +odp_pktio_t pktio_create(odp_queue_type_t q_type, odp_pool_t pool) +{ + odp_pktio_t pktio; + odp_pktio_param_t pktio_param; + odp_pktin_queue_param_t pktin_param; + odp_pktio_capability_t capa; + + int ret; + + if (pool == ODP_POOL_INVALID) + return ODP_PKTIO_INVALID; + + odp_pktio_param_init(&pktio_param); + if (q_type == ODP_QUEUE_TYPE_PLAIN) + pktio_param.in_mode = ODP_PKTIN_MODE_QUEUE; + else + pktio_param.in_mode = ODP_PKTIN_MODE_SCHED; + + pktio = odp_pktio_open("loop", pool, &pktio_param); + if (pktio == ODP_PKTIO_INVALID) { + ret = odp_pool_destroy(pool); + if (ret) + fprintf(stderr, "unable to destroy pool.\n"); + return ODP_PKTIO_INVALID; + } + + if (odp_pktio_capability(pktio, &capa)) { + fprintf(stderr, "pktio capabilities failed.\n"); + return ODP_PKTIO_INVALID; + } + + odp_pktin_queue_param_init(&pktin_param); + pktin_param.queue_param.sched.sync = ODP_SCHED_SYNC_ATOMIC; + + if (odp_pktin_queue_config(pktio, &pktin_param)) { + fprintf(stderr, "pktin queue config failed.\n"); + return ODP_PKTIO_INVALID; + } + + if (odp_pktout_queue_config(pktio, NULL)) { + fprintf(stderr, "pktout queue config failed.\n"); + return ODP_PKTIO_INVALID; + } + + return pktio; +} + +static +int pktio_start(odp_bool_t in, odp_bool_t out) +{ + odp_pktio_t pktio; + odp_pktio_capability_t capa; + odp_pktio_config_t config; + + pktio = odp_pktio_lookup("loop"); + if (ODP_PKTIO_INVALID == pktio) + return -1; + if (odp_pktio_capability(pktio, &capa)) + return -1; + /* If inline is not supported, return here. Tests will be marked as + * inactive when testing for IPsec capabilities. */ + if (in && !capa.config.inbound_ipsec) + return 0; + if (out && !capa.config.outbound_ipsec) + return 0; + + odp_pktio_config_init(&config); + config.parser.layer = ODP_PKTIO_PARSER_LAYER_ALL; + config.inbound_ipsec = in; + config.outbound_ipsec = out; + + if (odp_pktio_config(pktio, &config)) + return -1; + if (odp_pktio_start(pktio)) + return -1; + + suite_context.pktio = pktio; + + return 1; +} + +static +void pktio_stop(odp_pktio_t pktio) +{ + if (odp_pktio_stop(pktio)) + fprintf(stderr, "IPsec pktio stop failed.\n"); + + while (1) { + odp_event_t ev = odp_schedule(NULL, ODP_SCHED_NO_WAIT); + + if (ev != ODP_EVENT_INVALID) + odp_event_free(ev); + else + break; + } +} + +int ipsec_check(odp_bool_t ah, + odp_cipher_alg_t cipher, + odp_auth_alg_t auth) +{ + odp_ipsec_capability_t capa; + odp_crypto_cipher_capability_t cipher_capa; + odp_crypto_auth_capability_t auth_capa; + + if (odp_ipsec_capability(&capa) < 0) + return ODP_TEST_INACTIVE; + + if ((ODP_IPSEC_OP_MODE_SYNC == suite_context.inbound_op_mode && + ODP_SUPPORT_NO == capa.op_mode_sync) || + (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode && + ODP_SUPPORT_NO == capa.op_mode_sync) || + (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_SUPPORT_NO == capa.op_mode_async) || + (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode && + ODP_SUPPORT_NO == capa.op_mode_async) || + (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_SUPPORT_NO == capa.op_mode_inline_in) || + (ODP_IPSEC_OP_MODE_INLINE == suite_context.outbound_op_mode && + ODP_SUPPORT_NO == capa.op_mode_inline_out)) + return ODP_TEST_INACTIVE; + + if (ah && (ODP_SUPPORT_NO == capa.proto_ah)) + return ODP_TEST_INACTIVE; + + /* Cipher algorithms */ + switch (cipher) { + case ODP_CIPHER_ALG_NULL: + if (!capa.ciphers.bit.null) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_DES: + if (!capa.ciphers.bit.des) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_3DES_CBC: + if (!capa.ciphers.bit.trides_cbc) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_AES_CBC: + if (!capa.ciphers.bit.aes_cbc) + return ODP_TEST_INACTIVE; + break; + case ODP_CIPHER_ALG_AES_GCM: + if (!capa.ciphers.bit.aes_gcm) + return ODP_TEST_INACTIVE; + break; + default: + fprintf(stderr, "Unsupported cipher algorithm\n"); + return ODP_TEST_INACTIVE; + } + + /* Authentication algorithms */ + switch (auth) { + case ODP_AUTH_ALG_NULL: + if (!capa.auths.bit.null) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_MD5_HMAC: + if (!capa.auths.bit.md5_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_SHA1_HMAC: + if (!capa.auths.bit.sha1_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_SHA256_HMAC: + if (!capa.auths.bit.sha256_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_SHA512_HMAC: + if (!capa.auths.bit.sha512_hmac) + return ODP_TEST_INACTIVE; + break; + case ODP_AUTH_ALG_AES_GCM: + if (!capa.auths.bit.aes_gcm) + return ODP_TEST_INACTIVE; + break; + default: + fprintf(stderr, "Unsupported authentication algorithm\n"); + return ODP_TEST_INACTIVE; + } + + if (odp_ipsec_cipher_capability(cipher, &cipher_capa, 1) <= 0) { + fprintf(stderr, "Wrong cipher capabilities\n"); + return ODP_TEST_INACTIVE; + } + + if (odp_ipsec_auth_capability(auth, &auth_capa, 1) <= 0) { + fprintf(stderr, "Wrong auth capabilities\n"); + return ODP_TEST_INACTIVE; + } + + return ODP_TEST_ACTIVE; +} + +int ipsec_check_ah_sha256(void) +{ + return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC); +} + +int ipsec_check_esp_null_sha256(void) +{ + return ipsec_check_esp(ODP_CIPHER_ALG_NULL, + ODP_AUTH_ALG_SHA256_HMAC); +} + +int ipsec_check_esp_aes_cbc_null(void) +{ + return ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, + ODP_AUTH_ALG_NULL); +} + +int ipsec_check_esp_aes_cbc_sha256(void) +{ + return ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, + ODP_AUTH_ALG_SHA256_HMAC); +} + +void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, + odp_bool_t in, + odp_bool_t ah, + uint32_t spi, + odp_ipsec_tunnel_param_t *tun, + odp_cipher_alg_t cipher_alg, + const odp_crypto_key_t *cipher_key, + odp_auth_alg_t auth_alg, + const odp_crypto_key_t *auth_key) +{ + odp_ipsec_sa_param_init(param); + param->dir = in ? ODP_IPSEC_DIR_INBOUND : + ODP_IPSEC_DIR_OUTBOUND; + if (in) + param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI; + + param->proto = ah ? ODP_IPSEC_AH : + ODP_IPSEC_ESP; + + if (tun) { + param->mode = ODP_IPSEC_MODE_TUNNEL; + if (!in) + param->outbound.tunnel = *tun; + } else { + param->mode = ODP_IPSEC_MODE_TRANSPORT; + } + + param->spi = spi; + + param->dest_queue = suite_context.queue; + + if (cipher_key) { + param->crypto.cipher_alg = cipher_alg; + param->crypto.cipher_key = *cipher_key; + } + + if (auth_key) { + param->crypto.auth_alg = auth_alg; + param->crypto.auth_key = *auth_key; + } +} + +void ipsec_sa_destroy(odp_ipsec_sa_t sa) +{ + odp_event_t event; + odp_ipsec_status_t status; + + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa)); + + if (ODP_QUEUE_INVALID != suite_context.queue) { + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_IPSEC_STATUS, odp_event_type(event)); + + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_status(&status, event)); + + CU_ASSERT_EQUAL(ODP_IPSEC_STATUS_SA_DISABLE, status.id); + CU_ASSERT_EQUAL(sa, status.sa); + CU_ASSERT_EQUAL(0, status.result); + CU_ASSERT_EQUAL(0, status.warn.all); + + odp_event_free(event); + } + + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa)); +} + +#define PACKET_USER_PTR ((void *)0x1212fefe) + +odp_packet_t ipsec_packet(const ipsec_test_packet *itp) +{ + odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len); + + CU_ASSERT_NOT_EQUAL(ODP_PACKET_INVALID, pkt); + if (ODP_PACKET_INVALID == pkt) + return pkt; + + CU_ASSERT_EQUAL(0, odp_packet_copy_from_mem(pkt, 0, itp->len, + itp->data)); + if (itp->l2_offset != ODP_PACKET_OFFSET_INVALID) + CU_ASSERT_EQUAL(0, odp_packet_l2_offset_set(pkt, + itp->l2_offset)); + if (itp->l3_offset != ODP_PACKET_OFFSET_INVALID) + CU_ASSERT_EQUAL(0, odp_packet_l3_offset_set(pkt, + itp->l3_offset)); + if (itp->l4_offset != ODP_PACKET_OFFSET_INVALID) + CU_ASSERT_EQUAL(0, odp_packet_l4_offset_set(pkt, + itp->l4_offset)); + + odp_packet_user_ptr_set(pkt, PACKET_USER_PTR); + + return pkt; +} + +/* + * Compare packages ignoring everything before L3 header + */ +odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t pkt) +{ + uint32_t len = (ODP_PACKET_INVALID == pkt) ? 1 : odp_packet_len(pkt); + uint32_t l3, l4; + uint8_t data[len]; + + if (!itp) + return true; + + if (ODP_PACKET_INVALID == pkt) + return false; + + CU_ASSERT_EQUAL(PACKET_USER_PTR, odp_packet_user_ptr(pkt)); + + l3 = odp_packet_l3_offset(pkt); + l4 = odp_packet_l4_offset(pkt); + odp_packet_copy_to_mem(pkt, 0, len, data); + + if (len - l3 != itp->len - itp->l3_offset) + return false; + + if (l4 - l3 != itp->l4_offset - itp->l3_offset) + return false; + + return memcmp(data + l3, + itp->data + itp->l3_offset, + len - l3) ? false : true; +} + +static +int ipsec_send_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, + odp_packet_t *pkto) +{ + odp_ipsec_in_param_t param; + int num_out = part->out_pkt; + odp_packet_t pkt; + int i; + + pkt = ipsec_packet(part->pkt_in); + + memset(¶m, 0, sizeof(param)); + if (!part->lookup) { + param.num_sa = 1; + param.sa = &sa; + } else { + param.num_sa = 0; + param.sa = NULL; + } + + if (ODP_IPSEC_OP_MODE_SYNC == suite_context.inbound_op_mode) { + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_in(&pkt, 1, + pkto, &num_out, + ¶m)); + CU_ASSERT_EQUAL(num_out, part->out_pkt); + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode) { + CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); + + for (i = 0; i < num_out; i++) { + odp_event_t event; + odp_event_subtype_t subtype; + + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(event, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype); + pkto[i] = odp_ipsec_packet_from_event(event); + } + } else { + odp_pktout_queue_t pktout; + + CU_ASSERT_EQUAL_FATAL(1, odp_pktout_queue(suite_context.pktio, + &pktout, 1)); + + CU_ASSERT_EQUAL(1, odp_pktout_send(pktout, &pkt, 1)); + + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + odp_queue_t queue; + + ev = odp_schedule(&queue, ODP_SCHED_WAIT); + CU_ASSERT_NOT_EQUAL(ODP_EVENT_INVALID, ev); + + if (ODP_EVENT_INVALID == ev) + continue; + + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + if (queue == suite_context.queue) { + CU_ASSERT(!part->out[i].status.error.sa_lookup); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + } else { + CU_ASSERT(part->out[i].status.error.sa_lookup); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC, + subtype); + } + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + } + + return num_out; +} + +static +int ipsec_send_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa, + odp_packet_t *pkto) +{ + odp_ipsec_out_param_t param; + int num_out = part->out_pkt; + odp_packet_t pkt; + int i; + + pkt = ipsec_packet(part->pkt_in); + + memset(¶m, 0, sizeof(param)); + param.num_sa = 1; + param.sa = &sa; + param.num_opt = 0; + param.opt = NULL; + + if (ODP_IPSEC_OP_MODE_SYNC == suite_context.outbound_op_mode) { + CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&pkt, 1, + pkto, &num_out, + ¶m)); + CU_ASSERT_EQUAL(num_out, part->out_pkt); + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.outbound_op_mode) { + CU_ASSERT_EQUAL(1, odp_ipsec_out_enq(&pkt, 1, ¶m)); + + for (i = 0; i < num_out; i++) { + odp_event_t event; + odp_event_subtype_t subtype; + + do { + event = odp_queue_deq(suite_context.queue); + } while (event == ODP_EVENT_INVALID); + + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(event, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype); + pkto[i] = odp_ipsec_packet_from_event(event); + } + } else { + struct odp_ipsec_out_inline_param_t inline_param; + + inline_param.pktio = suite_context.pktio; + inline_param.outer_hdr.ptr = part->out[0].pkt_out->data; + inline_param.outer_hdr.len = part->out[0].pkt_out->l3_offset; + + CU_ASSERT_EQUAL(1, odp_ipsec_out_inline(&pkt, 1, ¶m, + &inline_param)); + + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + odp_queue_t queue; + + ev = odp_schedule(&queue, ODP_SCHED_WAIT); + CU_ASSERT_NOT_EQUAL(ODP_EVENT_INVALID, ev); + + if (ODP_EVENT_INVALID == ev) + continue; + + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + if (queue == suite_context.queue) { + CU_ASSERT(part->out[i].status.error.all); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + } else { + CU_ASSERT(!part->out[i].status.error.all); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC, + subtype); + } + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + } + + return num_out; +} + +void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) +{ + int num_out = part->out_pkt; + odp_packet_t pkto[num_out]; + int i; + + num_out = ipsec_send_in_one(part, sa, pkto); + + for (i = 0; i < num_out; i++) { + odp_ipsec_packet_result_t result; + + if (ODP_PACKET_INVALID == pkto[i]) { + CU_FAIL("ODP_PACKET_INVALID received"); + continue; + } + + if (ODP_EVENT_PACKET_IPSEC != + odp_event_subtype(odp_packet_to_event(pkto[i]))) { + /* Inline packet went through loop */ + CU_ASSERT_EQUAL(1, part->out[i].status.error.sa_lookup); + } else { + CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); + CU_ASSERT_EQUAL(part->out[i].status.error.all, + result.status.error.all); + CU_ASSERT_EQUAL(sa, result.sa); + } + CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out, + pkto[i])); + odp_packet_free(pkto[i]); + } +} + +void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) +{ + int num_out = part->out_pkt; + odp_packet_t pkto[num_out]; + int i; + + num_out = ipsec_send_out_one(part, sa, pkto); + + for (i = 0; i < num_out; i++) { + odp_ipsec_packet_result_t result; + + if (ODP_PACKET_INVALID == pkto[i]) { + CU_FAIL("ODP_PACKET_INVALID received"); + continue; + } + + if (ODP_EVENT_PACKET_IPSEC != + odp_event_subtype(odp_packet_to_event(pkto[i]))) { + /* Inline packet went through loop */ + CU_ASSERT_EQUAL(0, part->out[i].status.error.all); + } else { + /* IPsec packet */ + CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); + CU_ASSERT_EQUAL(part->out[i].status.error.all, + result.status.error.all); + CU_ASSERT_EQUAL(sa, result.sa); + } + CU_ASSERT(ipsec_check_packet(part->out[i].pkt_out, + pkto[i])); + odp_packet_free(pkto[i]); + } +} + +void ipsec_check_out_in_one(const ipsec_test_part *part, + odp_ipsec_sa_t sa, + odp_ipsec_sa_t sa_in) +{ + int num_out = part->out_pkt; + odp_packet_t pkto[num_out]; + int i; + + num_out = ipsec_send_out_one(part, sa, pkto); + + for (i = 0; i < num_out; i++) { + ipsec_test_part part_in = *part; + ipsec_test_packet pkt_in; + odp_ipsec_packet_result_t result; + + if (ODP_PACKET_INVALID == pkto[i]) { + CU_FAIL("ODP_PACKET_INVALID received"); + continue; + } + + if (ODP_EVENT_PACKET_IPSEC != + odp_event_subtype(odp_packet_to_event(pkto[i]))) { + /* Inline packet went through loop */ + CU_ASSERT_EQUAL(0, part->out[i].status.error.all); + } else { + /* IPsec packet */ + CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); + CU_ASSERT_EQUAL(part->out[i].status.error.all, + result.status.error.all); + CU_ASSERT_EQUAL(sa, result.sa); + } + CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <= + sizeof(pkt_in.data)); + + pkt_in.len = odp_packet_len(pkto[i]); + pkt_in.l2_offset = odp_packet_l2_offset(pkto[i]); + pkt_in.l3_offset = odp_packet_l3_offset(pkto[i]); + pkt_in.l4_offset = odp_packet_l4_offset(pkto[i]); + odp_packet_copy_to_mem(pkto[i], 0, + pkt_in.len, + pkt_in.data); + part_in.pkt_in = &pkt_in; + ipsec_check_in_one(&part_in, sa_in); + odp_packet_free(pkto[i]); + } +} + +static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -22,11 +645,260 @@ odp_testinfo_t ipsec_suite[] = { ODP_TEST_INFO_NULL }; +static +int ODP_UNUSED ipsec_sync_init(void) +{ + suite_context.pool = odp_pool_lookup("packet_pool"); + if (suite_context.pool == ODP_POOL_INVALID) + return -1; + + suite_context.queue = ODP_QUEUE_INVALID; + suite_context.pktio = ODP_PKTIO_INVALID; + suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_SYNC; + suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_SYNC; + + return 0; +} + +static +int ODP_UNUSED ipsec_async_init(void) +{ + suite_context.pool = odp_pool_lookup("packet_pool"); + if (suite_context.pool == ODP_POOL_INVALID) + return -1; + suite_context.queue = odp_queue_lookup("ipsec-out"); + if (suite_context.queue == ODP_QUEUE_INVALID) + return -1; + + suite_context.pktio = ODP_PKTIO_INVALID; + suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC; + suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC; + + return 0; +} + +static +int ODP_UNUSED ipsec_in_inline_init(void) +{ + int rc; + + suite_context.pool = odp_pool_lookup("packet_pool"); + if (suite_context.pool == ODP_POOL_INVALID) + return -1; + suite_context.queue = odp_queue_lookup("ipsec-out-sched"); + if (suite_context.queue == ODP_QUEUE_INVALID) + return -1; + rc = pktio_start(true, false); + if (rc <= 0) + return rc; + if (suite_context.pktio == ODP_PKTIO_INVALID) + return -1; + + suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_INLINE; + suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC; + + return 0; +} + +static +int ODP_UNUSED ipsec_out_inline_init(void) +{ + int rc; + + suite_context.pool = odp_pool_lookup("packet_pool"); + if (suite_context.pool == ODP_POOL_INVALID) + return -1; + suite_context.queue = odp_queue_lookup("ipsec-out"); + if (suite_context.queue == ODP_QUEUE_INVALID) + return -1; + rc = pktio_start(false, true); + if (rc <= 0) + return rc; + if (suite_context.pktio == ODP_PKTIO_INVALID) + return -1; + + suite_context.inbound_op_mode = ODP_IPSEC_OP_MODE_ASYNC; + suite_context.outbound_op_mode = ODP_IPSEC_OP_MODE_INLINE; + + return 0; +} + +static +int ipsec_suite_term(odp_testinfo_t *suite) +{ + int i; + int first = 1; + + if (suite_context.pktio != ODP_PKTIO_INVALID) + pktio_stop(suite_context.pktio); + + for (i = 0; suite[i].pName; i++) { + if (suite[i].check_active && + suite[i].check_active() == ODP_TEST_INACTIVE) { + if (first) { + first = 0; + printf("\n\n Inactive tests:\n"); + } + printf(" %s\n", suite[i].pName); + } + } + + return 0; +} + +static +int ipsec_in_term(void) +{ + return ipsec_suite_term(ipsec_in_suite); +} + +static +int ipsec_out_term(void) +{ + return ipsec_suite_term(ipsec_out_suite); +} + odp_suiteinfo_t ipsec_suites[] = { {"IPsec", NULL, NULL, ipsec_suite}, + {"IPsec-sync-in", ipsec_sync_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-sync-out", ipsec_sync_init, ipsec_out_term, ipsec_out_suite}, + {"IPsec-async-in", ipsec_async_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-async-out", ipsec_async_init, ipsec_out_term, ipsec_out_suite}, + {"IPsec-inline-in", ipsec_in_inline_init, ipsec_in_term, + ipsec_in_suite}, + {"IPsec-inline-out", ipsec_out_inline_init, ipsec_out_term, + ipsec_out_suite}, ODP_SUITE_INFO_NULL, }; +static +int ipsec_init(odp_instance_t *inst) +{ + odp_pool_param_t params; + odp_pool_t pool; + odp_queue_param_t queue_param; + odp_queue_t out_queue; + odp_pool_capability_t pool_capa; + odp_pktio_t pktio; + + if (0 != odp_init_global(inst, NULL, NULL)) { + fprintf(stderr, "error: odp_init_global() failed.\n"); + return -1; + } + + if (0 != odp_init_local(*inst, ODP_THREAD_CONTROL)) { + fprintf(stderr, "error: odp_init_local() failed.\n"); + return -1; + } + + if (odp_pool_capability(&pool_capa) < 0) { + fprintf(stderr, "error: odp_pool_capability() failed.\n"); + return -1; + } + + odp_pool_param_init(¶ms); + params.pkt.seg_len = PKT_POOL_LEN; + params.pkt.len = PKT_POOL_LEN; + params.pkt.num = PKT_POOL_NUM; + params.type = ODP_POOL_PACKET; + + if (pool_capa.pkt.max_seg_len && + PKT_POOL_LEN > pool_capa.pkt.max_seg_len) { + fprintf(stderr, "Warning: small packet segment length\n"); + params.pkt.seg_len = pool_capa.pkt.max_seg_len; + } + + if (pool_capa.pkt.max_len && + PKT_POOL_LEN > pool_capa.pkt.max_len) { + fprintf(stderr, "Pool max packet length too small\n"); + return -1; + } + + pool = odp_pool_create("packet_pool", ¶ms); + + if (ODP_POOL_INVALID == pool) { + fprintf(stderr, "Packet pool creation failed.\n"); + return -1; + } + out_queue = odp_queue_create("ipsec-out", NULL); + if (ODP_QUEUE_INVALID == out_queue) { + fprintf(stderr, "IPsec outq creation failed.\n"); + return -1; + } + + odp_queue_param_init(&queue_param); + queue_param.type = ODP_QUEUE_TYPE_SCHED; + queue_param.sched.sync = ODP_SCHED_SYNC_PARALLEL; + queue_param.sched.prio = ODP_SCHED_PRIO_HIGHEST; + queue_param.sched.group = ODP_SCHED_GROUP_ALL; + + out_queue = odp_queue_create("ipsec-out-sched", &queue_param); + if (ODP_QUEUE_INVALID == out_queue) { + fprintf(stderr, "IPsec sched outq creation failed.\n"); + return -1; + } + + pktio = pktio_create(ODP_QUEUE_TYPE_SCHED, pool); + if (ODP_PKTIO_INVALID == pktio) { + fprintf(stderr, "IPsec pktio creation failed.\n"); + return -1; + } + + return 0; +} + +static +int ipsec_term(odp_instance_t inst) +{ + odp_pool_t pool; + odp_queue_t out_queue; + odp_pktio_t pktio; + + pktio = odp_pktio_lookup("loop"); + if (ODP_PKTIO_INVALID != pktio) { + if (odp_pktio_close(pktio)) + fprintf(stderr, "IPsec pktio close failed.\n"); + } else { + fprintf(stderr, "IPsec pktio not found.\n"); + } + + out_queue = odp_queue_lookup("ipsec-out-sched"); + if (ODP_QUEUE_INVALID != out_queue) { + if (odp_queue_destroy(out_queue)) + fprintf(stderr, "IPsec sched outq destroy failed.\n"); + } else { + fprintf(stderr, "IPsec sched outq not found.\n"); + } + + out_queue = odp_queue_lookup("ipsec-out"); + if (ODP_QUEUE_INVALID != out_queue) { + if (odp_queue_destroy(out_queue)) + fprintf(stderr, "IPsec outq destroy failed.\n"); + } else { + fprintf(stderr, "IPsec outq not found.\n"); + } + + pool = odp_pool_lookup("packet_pool"); + if (ODP_POOL_INVALID != pool) { + if (odp_pool_destroy(pool)) + fprintf(stderr, "Packet pool destroy failed.\n"); + } else { + fprintf(stderr, "Packet pool not found.\n"); + } + + if (0 != odp_term_local()) { + fprintf(stderr, "error: odp_term_local() failed.\n"); + return -1; + } + + if (0 != odp_term_global(inst)) { + fprintf(stderr, "error: odp_term_global() failed.\n"); + return -1; + } + + return 0; +} + int ipsec_main(int argc, char *argv[]) { int ret; @@ -35,8 +907,10 @@ int ipsec_main(int argc, char *argv[]) if (odp_cunit_parse_options(argc, argv)) return -1; - ret = odp_cunit_register(ipsec_suites); + odp_cunit_register_global_init(ipsec_init); + odp_cunit_register_global_term(ipsec_term); + ret = odp_cunit_register(ipsec_suites); if (ret == 0) ret = odp_cunit_run(); diff --git a/test/common_plat/validation/api/ipsec/ipsec.h b/test/common_plat/validation/api/ipsec/ipsec.h index 290a186f..8ffe9f31 100644 --- a/test/common_plat/validation/api/ipsec/ipsec.h +++ b/test/common_plat/validation/api/ipsec/ipsec.h @@ -9,16 +9,70 @@ #include <odp_cunit_common.h> -/* test functions: */ -void ipsec_test_capability(void); - /* test arrays: */ -extern odp_testinfo_t ipsec_suite[]; - -/* test registry: */ -extern odp_suiteinfo_t ipsec_suites[]; +extern odp_testinfo_t ipsec_in_suite[]; +extern odp_testinfo_t ipsec_out_suite[]; /* main test program: */ int ipsec_main(int argc, char *argv[]); +struct suite_context_s { + odp_ipsec_op_mode_t inbound_op_mode; + odp_ipsec_op_mode_t outbound_op_mode; + odp_pool_t pool; + odp_queue_t queue; + odp_pktio_t pktio; +}; + +extern struct suite_context_s suite_context; + +typedef struct { + uint32_t len; + uint32_t l2_offset; + uint32_t l3_offset; + uint32_t l4_offset; + uint8_t data[256]; +} ipsec_test_packet; + +typedef struct { + const ipsec_test_packet *pkt_in; + odp_bool_t lookup; + int out_pkt; + struct { + odp_ipsec_op_status_t status; + const ipsec_test_packet *pkt_out; + } out[1]; +} ipsec_test_part; + +void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, + odp_bool_t in, + odp_bool_t ah, + uint32_t spi, + odp_ipsec_tunnel_param_t *tun, + odp_cipher_alg_t cipher_alg, + const odp_crypto_key_t *cipher_key, + odp_auth_alg_t auth_alg, + const odp_crypto_key_t *auth_key); + +void ipsec_sa_destroy(odp_ipsec_sa_t sa); +odp_packet_t ipsec_packet(const ipsec_test_packet *itp); +odp_bool_t ipsec_check_packet(const ipsec_test_packet *itp, odp_packet_t pkt); +void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa); +void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa); +void ipsec_check_out_in_one(const ipsec_test_part *part, + odp_ipsec_sa_t sa, + odp_ipsec_sa_t sa_in); + +int ipsec_check(odp_bool_t ah, + odp_cipher_alg_t cipher, + odp_auth_alg_t auth); +#define ipsec_check_ah(auth) \ + ipsec_check(true, ODP_CIPHER_ALG_NULL, auth) +#define ipsec_check_esp(cipher, auth) \ + ipsec_check(false, cipher, auth) +int ipsec_check_ah_sha256(void); +int ipsec_check_esp_null_sha256(void); +int ipsec_check_esp_aes_cbc_null(void); +int ipsec_check_esp_aes_cbc_sha256(void); + #endif diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_in.c b/test/common_plat/validation/api/ipsec/ipsec_test_in.c new file mode 100644 index 00000000..bd9a47f1 --- /dev/null +++ b/test/common_plat/validation/api/ipsec/ipsec_test_in.c @@ -0,0 +1,831 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "ipsec.h" + +#include "test_vectors.h" + +static +void test_in_ah_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_sha256_tun(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_sha256_tun_notun(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0_ipip }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_null_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_aes_cbc_null(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_aes_cbc_null_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_aes_cbc_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_aes_cbc_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_lookup_ah_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_lookup_esp_null_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_null_sha256_tun(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_tun_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_esp_pkt(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + /* This test will not work properly inbound inline mode. + * test_in_lookup_ah_esp_pkt will be used instead. */ + if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) + return; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.proto = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_ah_pkt(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + /* This test will not work properly inbound inline mode. + * test_in_lookup_esp_ah_pkt will be used instead. */ + if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) + return; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.proto = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_lookup_ah_esp_pkt(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.sa_lookup = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_check_in_one(&test, ODP_IPSEC_SA_INVALID); + + ipsec_sa_destroy(sa); +} + +static +void test_in_lookup_esp_ah_pkt(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.sa_lookup = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_check_in_one(&test, ODP_IPSEC_SA_INVALID); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_sha256_bad1(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1_bad1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.auth = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_ah_sha256_bad2(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1_bad2, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.auth = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_esp_null_sha256_bad1(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1_bad1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.auth = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_rfc3602_5_esp(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 0x4321, NULL, + ODP_CIPHER_ALG_AES_CBC, &key_rfc3602, + ODP_AUTH_ALG_NULL, NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_rfc3602_5_esp, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_rfc3602_5 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_rfc3602_6_esp(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 0x4321, NULL, + ODP_CIPHER_ALG_AES_CBC, &key_rfc3602, + ODP_AUTH_ALG_NULL, NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_rfc3602_6_esp, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_rfc3602_6 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_rfc3602_7_esp(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 0x8765, &tunnel, + ODP_CIPHER_ALG_AES_CBC, &key_rfc3602_2, + ODP_AUTH_ALG_NULL, NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_rfc3602_7_esp, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_rfc3602_7 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_in_rfc3602_8_esp(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + true, false, 0x8765, &tunnel, + ODP_CIPHER_ALG_AES_CBC, &key_rfc3602_2, + ODP_AUTH_ALG_NULL, NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_rfc3602_8_esp, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_rfc3602_8 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +odp_testinfo_t ipsec_in_suite[] = { + ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_5_esp, + ipsec_check_esp_aes_cbc_null), + ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_6_esp, + ipsec_check_esp_aes_cbc_null), + ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_7_esp, + ipsec_check_esp_aes_cbc_null), + ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_8_esp, + ipsec_check_esp_aes_cbc_null), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun_notun, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_null, + ipsec_check_esp_aes_cbc_null), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, + ipsec_check_esp_aes_cbc_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_esp_pkt, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_ah_pkt, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad1, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad2, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_bad1, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_NULL, +}; diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_out.c b/test/common_plat/validation/api/ipsec/ipsec_test_out.c new file mode 100644 index 00000000..a62f2549 --- /dev/null +++ b/test/common_plat/validation/api/ipsec/ipsec_test_out.c @@ -0,0 +1,347 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "ipsec.h" + +#include "test_vectors.h" + +static +void test_out_ah_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +#define IPV4ADDR(a, b, c, d) odp_cpu_to_be_32((a << 24) | \ + (b << 16) | \ + (c << 8) | \ + (d << 0)) + +static +void test_out_ah_sha256_tun(void) +{ + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV4, + .ipv4.src_addr = &src, + .ipv4.dst_addr = &dst, + .ipv4.ttl = 64, + }; + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0_ah_tun_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_out_esp_null_sha256_out(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_out_esp_null_sha256_tun_out(void) +{ + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV4, + .ipv4.src_addr = &src, + .ipv4.dst_addr = &dst, + .ipv4.ttl = 64, + }; + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0_esp_tun_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static +void test_out_esp_null_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + odp_ipsec_sa_t sa2; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa2 = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_out_in_one(&test, sa, sa2); + + ipsec_sa_destroy(sa2); + ipsec_sa_destroy(sa); +} + +static +void test_out_esp_aes_cbc_null(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + odp_ipsec_sa_t sa2; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL); + + sa2 = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_out_in_one(&test, sa, sa2); + + ipsec_sa_destroy(sa2); + ipsec_sa_destroy(sa); +} + +static +void test_out_esp_aes_cbc_sha256(void) +{ + odp_ipsec_config_t ipsec_config; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + odp_ipsec_sa_t sa2; + + odp_ipsec_config_init(&ipsec_config); + ipsec_config.inbound_mode = suite_context.inbound_op_mode; + ipsec_config.outbound_mode = suite_context.outbound_op_mode; + ipsec_config.inbound.default_queue = suite_context.queue; + + CU_ASSERT_EQUAL_FATAL(ODP_IPSEC_OK, odp_ipsec_config(&ipsec_config)); + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_AES_CBC, &key_a5_128, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256); + + sa2 = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_out_in_one(&test, sa, sa2); + + ipsec_sa_destroy(sa2); + ipsec_sa_destroy(sa); +} + +odp_testinfo_t ipsec_out_suite[] = { + ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256_tun, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_out, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_tun_out, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_null, + ipsec_check_esp_aes_cbc_null), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, + ipsec_check_esp_aes_cbc_sha256), + ODP_TEST_INFO_NULL, +}; diff --git a/test/common_plat/validation/api/ipsec/test_vectors.h b/test/common_plat/validation/api/ipsec/test_vectors.h new file mode 100644 index 00000000..facd0636 --- /dev/null +++ b/test/common_plat/validation/api/ipsec/test_vectors.h @@ -0,0 +1,728 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef _ODP_TEST_IPSEC_VECTORS_H_ +#define _ODP_TEST_IPSEC_VECTORS_H_ + +#define KEY(name, ...) \ + static uint8_t name ## _data[] = { __VA_ARGS__ }; \ + static const ODP_UNUSED odp_crypto_key_t name = { \ + .data = name ## _data, \ + .length = sizeof(name ## _data), \ + } + +KEY(key_a5_128, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5); +KEY(key_5a_128, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a); +KEY(key_a5_256, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, + 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5, 0xa5); +KEY(key_5a_256, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, + 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a); + +KEY(key_rfc3602, 0x90, 0xd3, 0x82, 0xb4, 0x10, 0xee, 0xba, 0x7a, + 0xd9, 0x38, 0xc4, 0x6c, 0xec, 0x1a, 0x82, 0xbf); +KEY(key_rfc3602_2, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef); + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { + .len = 142, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = { + .len = 162, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x04, 0x19, 0x62, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = { + .len = 190, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xb0, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0x19, 0x17, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* AH */ + 0x04, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0xd5, 0x35, 0x9b, 0x21, 0xe6, 0x14, 0x9b, 0x42, + 0x1f, 0x00, 0xfa, 0x36, 0x73, 0x4c, 0x53, 0xcf, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { + .len = 168, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9a, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3, + 0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5d, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0xe9, 0x81, 0xcd, 0x65, 0x9b, 0x25, 0x0b, 0x33, + 0xe2, 0xf3, 0x83, 0xf1, 0x6d, 0x14, 0xb4, 0x1f, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 = { + .len = 190, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xb0, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0x19, 0x18, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x04, + + /* ICV */ + 0x73, 0x8d, 0xf6, 0x9a, 0x26, 0x06, 0x4d, 0xa1, + 0x88, 0x37, 0x65, 0xab, 0x0d, 0xe9, 0x95, 0x3b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0x18, 0x00, 0x14, 0x3a, 0x54, 0x72, 0x98, 0xe8, + 0xc7, 0x2d, 0xfa, 0xeb, 0x70, 0xe0, 0x24, 0xdf, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0x96, 0xfa, 0x74, 0x56, 0x78, 0xe4, 0xbb, 0x0c, + 0x9e, 0x6e, 0x4a, 0xeb, 0x44, 0xd9, 0xf2, 0xe6, + + /* data */ + 0x2f, 0xb3, 0xa6, 0xfe, 0x2c, 0x2e, 0xce, 0x65, + 0x3a, 0x57, 0xe3, 0x09, 0x5d, 0x66, 0x36, 0x32, + 0xb1, 0xc2, 0x59, 0x58, 0xb6, 0xe5, 0x9e, 0xa2, + 0x07, 0xf8, 0x26, 0x4a, 0x64, 0xf5, 0x16, 0x01, + 0x51, 0x8e, 0xe5, 0x4b, 0x07, 0x2c, 0x4b, 0x23, + 0xfa, 0x4e, 0x6e, 0xdb, 0x35, 0xc7, 0x1d, 0x30, + 0x42, 0xd9, 0x0f, 0xba, 0x8a, 0x69, 0x7e, 0x29, + 0xe7, 0xbd, 0x15, 0xe9, 0x35, 0x9e, 0x81, 0xe7, + 0x9e, 0xc9, 0x7d, 0x66, 0x99, 0x58, 0xec, 0x45, + 0x29, 0xd0, 0xa4, 0xfd, 0xf1, 0xe7, 0x5b, 0x3e, + 0x2a, 0x77, 0x1d, 0x8f, 0x2b, 0x73, 0xba, 0xf8, + 0x72, 0xd2, 0xa0, 0x0b, 0x90, 0xb9, 0x73, 0x9c, + 0xde, 0x3c, 0xc3, 0xb8, 0x91, 0x97, 0xc4, 0x28, + 0xfa, 0x6d, 0xa8, 0x41, 0xb6, 0x83, 0xc8, 0xaa, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { + .len = 186, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xac, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xca, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0x96, 0xfa, 0x74, 0x56, 0x78, 0xe4, 0xbb, 0x0c, + 0x9e, 0x6e, 0x4a, 0xeb, 0x44, 0xd9, 0xf2, 0xe6, + + /* data */ + 0x2f, 0xb3, 0xa6, 0xfe, 0x2c, 0x2e, 0xce, 0x65, + 0x3a, 0x57, 0xe3, 0x09, 0x5d, 0x66, 0x36, 0x32, + 0xb1, 0xc2, 0x59, 0x58, 0xb6, 0xe5, 0x9e, 0xa2, + 0x07, 0xf8, 0x26, 0x4a, 0x64, 0xf5, 0x16, 0x01, + 0x51, 0x8e, 0xe5, 0x4b, 0x07, 0x2c, 0x4b, 0x23, + 0xfa, 0x4e, 0x6e, 0xdb, 0x35, 0xc7, 0x1d, 0x30, + 0x42, 0xd9, 0x0f, 0xba, 0x8a, 0x69, 0x7e, 0x29, + 0xe7, 0xbd, 0x15, 0xe9, 0x35, 0x9e, 0x81, 0xe7, + 0x9e, 0xc9, 0x7d, 0x66, 0x99, 0x58, 0xec, 0x45, + 0x29, 0xd0, 0xa4, 0xfd, 0xf1, 0xe7, 0x5b, 0x3e, + 0x2a, 0x77, 0x1d, 0x8f, 0x2b, 0x73, 0xba, 0xf8, + 0x72, 0xd2, 0xa0, 0x0b, 0x90, 0xb9, 0x73, 0x9c, + 0xde, 0x3c, 0xc3, 0xb8, 0x91, 0x97, 0xc4, 0x28, + 0xfa, 0x6d, 0xa8, 0x41, 0xb6, 0x83, 0xc8, 0xaa, + + /* IV */ + 0x8a, 0x39, 0x10, 0x07, 0x02, 0x97, 0xbb, 0x1c, + 0x59, 0xb7, 0x70, 0x33, 0xa4, 0x26, 0xa2, 0xb8 + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = { + .len = 98, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH - not a part of RFC, added for simplicity */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x54, 0x08, 0xf2, 0x00, 0x00, + 0x40, 0x01, 0xf9, 0xfe, 0xc0, 0xa8, 0x7b, 0x03, + 0xc0, 0xa8, 0x7b, 0x64, + + /* ICMP */ + 0x08, 0x00, 0x0e, 0xbd, 0xa7, 0x0a, 0x00, 0x00, + 0x8e, 0x9c, 0x08, 0x3d, 0xb9, 0x5b, 0x07, 0x00, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5_esp = { + .len = 138, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH - not a part of RFC, added for simplicity */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x7c, 0x08, 0xf2, 0x00, 0x00, + 0x40, 0x32, 0xf9, 0xa5, 0xc0, 0xa8, 0x7b, 0x03, + 0xc0, 0xa8, 0x7b, 0x64, + + /* ESP */ + 0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0xe9, 0x6e, 0x8c, 0x08, 0xab, 0x46, 0x57, 0x63, + 0xfd, 0x09, 0x8d, 0x45, 0xdd, 0x3f, 0xf8, 0x93, + + /* data */ + 0xf6, 0x63, 0xc2, 0x5d, 0x32, 0x5c, 0x18, 0xc6, + 0xa9, 0x45, 0x3e, 0x19, 0x4e, 0x12, 0x08, 0x49, + 0xa4, 0x87, 0x0b, 0x66, 0xcc, 0x6b, 0x99, 0x65, + 0x33, 0x00, 0x13, 0xb4, 0x89, 0x8d, 0xc8, 0x56, + 0xa4, 0x69, 0x9e, 0x52, 0x3a, 0x55, 0xdb, 0x08, + 0x0b, 0x59, 0xec, 0x3a, 0x8e, 0x4b, 0x7e, 0x52, + 0x77, 0x5b, 0x07, 0xd1, 0xdb, 0x34, 0xed, 0x9c, + 0x53, 0x8a, 0xb5, 0x0c, 0x55, 0x1b, 0x87, 0x4a, + 0xa2, 0x69, 0xad, 0xd0, 0x47, 0xad, 0x2d, 0x59, + 0x13, 0xac, 0x19, 0xb7, 0xcf, 0xba, 0xd4, 0xa6, + }, +}; + +static const ipsec_test_packet pkt_rfc3602_6 = { + .len = 62, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH - not a part of RFC, added for simplicity */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x30, 0x08, 0xfe, 0x00, 0x00, + 0x40, 0x01, 0xfa, 0x16, 0xc0, 0xa8, 0x7b, 0x03, + 0xc0, 0xa8, 0x7b, 0x64, + + /* ICMP */ + 0x08, 0x00, 0xb5, 0xe8, 0xa8, 0x0a, 0x05, 0x00, + 0xa6, 0x9c, 0x08, 0x3d, 0x0b, 0x66, 0x0e, 0x00, + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + 0x77, 0x77, 0x77, 0x77, + }, +}; + +static const ipsec_test_packet pkt_rfc3602_6_esp = { + .len = 90, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH - not a part of RFC, added for simplicity */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x4c, 0x08, 0xfe, 0x00, 0x00, + 0x40, 0x32, 0xf9, 0xc9, 0xc0, 0xa8, 0x7b, 0x03, + 0xc0, 0xa8, 0x7b, 0x64, + + /* ESP */ + 0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x08, + + /* IV */ + 0x69, 0xd0, 0x8d, 0xf7, 0xd2, 0x03, 0x32, 0x9d, + 0xb0, 0x93, 0xfc, 0x49, 0x24, 0xe5, 0xbd, 0x80, + + /* data */ + 0xf5, 0x19, 0x95, 0x88, 0x1e, 0xc4, 0xe0, 0xc4, + 0x48, 0x89, 0x87, 0xce, 0x74, 0x2e, 0x81, 0x09, + 0x68, 0x9b, 0xb3, 0x79, 0xd2, 0xd7, 0x50, 0xc0, + 0xd9, 0x15, 0xdc, 0xa3, 0x46, 0xa8, 0x9f, 0x75, + }, +}; + +static const ipsec_test_packet pkt_rfc3602_7 = { + .len = 98, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH - not a part of RFC, added for simplicity */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x54, 0x09, 0x04, 0x00, 0x00, + 0x40, 0x01, 0xf9, 0x88, 0xc0, 0xa8, 0x7b, 0x03, + 0xc0, 0xa8, 0x7b, 0xc8, + + /* ICMP */ + 0x08, 0x00, 0x9f, 0x76, 0xa9, 0x0a, 0x01, 0x00, + 0xb4, 0x9c, 0x08, 0x3d, 0x02, 0xa2, 0x04, 0x00, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + }, +}; + +static const ipsec_test_packet pkt_rfc3602_7_esp = { + .len = 154, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH - not a part of RFC, added for simplicity */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x8c, 0x09, 0x05, 0x00, 0x00, + 0x40, 0x32, 0xf9, 0x1e, 0xc0, 0xa8, 0x7b, 0x03, + 0xc0, 0xa8, 0x7b, 0xc8, + + /* ESP */ + 0x00, 0x00, 0x87, 0x65, 0x00, 0x00, 0x00, 0x02, + + /* IV */ + 0xf4, 0xe7, 0x65, 0x24, 0x4f, 0x64, 0x07, 0xad, + 0xf1, 0x3d, 0xc1, 0x38, 0x0f, 0x67, 0x3f, 0x37, + + /* data */ + 0x77, 0x3b, 0x52, 0x41, 0xa4, 0xc4, 0x49, 0x22, + 0x5e, 0x4f, 0x3c, 0xe5, 0xed, 0x61, 0x1b, 0x0c, + 0x23, 0x7c, 0xa9, 0x6c, 0xf7, 0x4a, 0x93, 0x01, + 0x3c, 0x1b, 0x0e, 0xa1, 0xa0, 0xcf, 0x70, 0xf8, + 0xe4, 0xec, 0xae, 0xc7, 0x8a, 0xc5, 0x3a, 0xad, + 0x7a, 0x0f, 0x02, 0x2b, 0x85, 0x92, 0x43, 0xc6, + 0x47, 0x75, 0x2e, 0x94, 0xa8, 0x59, 0x35, 0x2b, + 0x8a, 0x4d, 0x4d, 0x2d, 0xec, 0xd1, 0x36, 0xe5, + 0xc1, 0x77, 0xf1, 0x32, 0xad, 0x3f, 0xbf, 0xb2, + 0x20, 0x1a, 0xc9, 0x90, 0x4c, 0x74, 0xee, 0x0a, + 0x10, 0x9e, 0x0c, 0xa1, 0xe4, 0xdf, 0xe9, 0xd5, + 0xa1, 0x00, 0xb8, 0x42, 0xf1, 0xc2, 0x2f, 0x0d, + }, +}; + +static const ipsec_test_packet pkt_rfc3602_8 = { + .len = 82, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH - not a part of RFC, added for simplicity */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x44, 0x09, 0x0c, 0x00, 0x00, + 0x40, 0x01, 0xf9, 0x90, 0xc0, 0xa8, 0x7b, 0x03, + 0xc0, 0xa8, 0x7b, 0xc8, + + /* ICMP */ + 0x08, 0x00, 0xd6, 0x3c, 0xaa, 0x0a, 0x02, 0x00, + 0xc6, 0x9c, 0x08, 0x3d, 0xa3, 0xde, 0x03, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + }, +}; + +static const ipsec_test_packet pkt_rfc3602_8_esp = { + .len = 138, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH - not a part of RFC, added for simplicity */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x7c, 0x09, 0x0d, 0x00, 0x00, + 0x40, 0x32, 0xf9, 0x26, 0xc0, 0xa8, 0x7b, 0x03, + 0xc0, 0xa8, 0x7b, 0xc8, + + /* ESP */ + 0x00, 0x00, 0x87, 0x65, 0x00, 0x00, 0x00, 0x05, + + /* IV */ + 0x85, 0xd4, 0x72, 0x24, 0xb5, 0xf3, 0xdd, 0x5d, + 0x21, 0x01, 0xd4, 0xea, 0x8d, 0xff, 0xab, 0x22, + + /* data */ + 0x15, 0xb9, 0x26, 0x83, 0x81, 0x95, 0x96, 0xa8, + 0x04, 0x72, 0x32, 0xcc, 0x00, 0xf7, 0x04, 0x8f, + 0xe4, 0x53, 0x18, 0xe1, 0x1f, 0x8a, 0x0f, 0x62, + 0xed, 0xe3, 0xc3, 0xfc, 0x61, 0x20, 0x3b, 0xb5, + 0x0f, 0x98, 0x0a, 0x08, 0xc9, 0x84, 0x3f, 0xd3, + 0xa1, 0xb0, 0x6d, 0x5c, 0x07, 0xff, 0x96, 0x39, + 0xb7, 0xeb, 0x7d, 0xfb, 0x35, 0x12, 0xe5, 0xde, + 0x43, 0x5e, 0x72, 0x07, 0xed, 0x97, 0x1e, 0xf3, + 0xd2, 0x72, 0x6d, 0x9b, 0x5e, 0xf6, 0xaf, 0xfc, + 0x6d, 0x17, 0xa0, 0xde, 0xcb, 0xb1, 0x38, 0x92, + }, +}; + +#endif