[PATCH 2/3] test/crypto: add AH test vectors

From: Archana Muniganti <marchana@marvell.com>
To: <gakhil@marvell.com>, <radu.nicolau@intel.com>,
	<roy.fan.zhang@intel.com>,  <hemant.agrawal@nxp.com>,
	<konstantin.ananyev@intel.com>
Cc: Archana Muniganti <marchana@marvell.com>, <anoobj@marvell.com>,
	<ktejasree@marvell.com>, <adwivedi@marvell.com>,
	<jerinj@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 2/3] test/crypto: add AH test vectors
Date: Fri, 8 Apr 2022 15:46:24 +0530	[thread overview]
Message-ID: <20220408101625.12020-3-marchana@marvell.com> (raw)
In-Reply-To: <20220408101625.12020-1-marchana@marvell.com>

Added tunnel and transport AH known test vectors for
SHA256 HMAC.

Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
 app/test/test_cryptodev.c                     |  33 ++-
 ...st_cryptodev_security_ipsec_test_vectors.h | 210 ++++++++++++++++++
 doc/guides/rel_notes/release_22_03.rst        |   1 +
 3 files changed, 240 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index eda4a5b6f1..e152d45e1c 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -9139,6 +9139,8 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 				0x0000, 0x001a};
 	uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174,
 				0xe82c, 0x4887};
+	const struct rte_ipv4_hdr *ipv4 =
+			(const struct rte_ipv4_hdr *)td[0].output_text.data;
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct rte_security_capability_idx sec_cap_idx;
@@ -9147,11 +9149,10 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 	uint8_t dev_id = ts_params->valid_devs[0];
 	enum rte_security_ipsec_sa_direction dir;
 	struct ipsec_test_data *res_d_tmp = NULL;
-	uint32_t src = RTE_IPV4(192, 168, 1, 0);
-	uint32_t dst = RTE_IPV4(192, 168, 1, 1);
 	int salt_len, i, ret = TEST_SUCCESS;
 	struct rte_security_ctx *ctx;
 	uint8_t *input_text;
+	uint32_t src, dst;
 	uint32_t verify;
 
 	ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
@@ -9165,6 +9166,9 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
 	dir = ipsec_xform.direction;
 	verify = flags->tunnel_hdr_verify;
 
+	memcpy(&src, &ipv4->src_addr, sizeof(ipv4->src_addr));
+	memcpy(&dst, &ipv4->dst_addr, sizeof(ipv4->dst_addr));
+
 	if ((dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && verify) {
 		if (verify == RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR)
 			src += 1;
@@ -9431,8 +9435,9 @@ test_ipsec_proto_known_vec(const void *test_data)
 
 	memcpy(&td_outb, test_data, sizeof(td_outb));
 
-	if (td_outb.aead ||
-	    td_outb.xform.chain.cipher.cipher.algo != RTE_CRYPTO_CIPHER_NULL) {
+	if ((td_outb.ipsec_xform.proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) &&
+	    (td_outb.aead || (td_outb.xform.chain.cipher.cipher.algo !=
+			RTE_CRYPTO_CIPHER_NULL))) {
 		/* Disable IV gen to be able to test with known vectors */
 		td_outb.ipsec_xform.options.iv_gen_disable = 1;
 	}
@@ -15082,6 +15087,16 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec,
 			&pkt_null_aes_xcbc),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (AH tunnel mode IPv4 HMAC-SHA256)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec,
+			&pkt_ah_tunnel_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Outbound known vector (AH transport mode IPv4 HMAC-SHA256)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec,
+			&pkt_ah_transport_sha256),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Outbound fragmented packet",
 			ut_setup_security, ut_teardown,
@@ -15132,6 +15147,16 @@ static struct unit_test_suite ipsec_proto_testsuite  = {
 			ut_setup_security, ut_teardown,
 			test_ipsec_proto_known_vec_inb,
 			&pkt_null_aes_xcbc),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (AH tunnel mode IPv4 HMAC-SHA256)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb,
+			&pkt_ah_tunnel_sha256),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Inbound known vector (AH transport mode IPv4 HMAC-SHA256)",
+			ut_setup_security, ut_teardown,
+			test_ipsec_proto_known_vec_inb,
+			&pkt_ah_transport_sha256),
 		TEST_CASE_NAMED_ST(
 			"Combined test alg list",
 			ut_setup_security, ut_teardown,
diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h
index fe2fd855df..f50986e9b4 100644
--- a/app/test/test_cryptodev_security_ipsec_test_vectors.h
+++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h
@@ -1153,4 +1153,214 @@ struct ipsec_test_data pkt_null_aes_xcbc = {
 	},
 };
 
+struct ipsec_test_data pkt_ah_tunnel_sha256 = {
+	.auth_key = {
+		.data = {
+			0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+			0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+			0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+			0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* IP */
+			0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
+			0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,
+			0xc0, 0xa8, 0xde, 0x02,
+
+			/* ICMP */
+			0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+			0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b,
+		},
+		.len = 128,
+	},
+	.output_text = {
+		.data = {
+			/* IP outer header */
+			0x45, 0x00, 0x00, 0xb0, 0x00, 0x01, 0x00, 0x00,
+			0x00, 0x33, 0x59, 0x16, 0x0a, 0x00, 0x6f, 0x02,
+			0x0a, 0x00, 0xde, 0x02,
+
+			/* AH */
+			0x04, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+			0x00, 0x00, 0x00, 0x01,
+			0x59, 0xfd, 0xb4, 0xdb, 0x70, 0x57, 0x4f, 0x27,
+			0x72, 0xfe, 0xc9, 0xdc, 0xb2, 0xf0, 0xab, 0xea,
+
+			/* Inner IP */
+			0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
+			0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,
+			0xc0, 0xa8, 0xde, 0x02,
+
+			/* ICMP */
+			0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+			0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b,
+		},
+		.len = 176,
+	},
+
+	.ipsec_xform = {
+		.spi = 0x7b,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.options.ip_csum_enable = 0,
+		.options.l4_csum_enable = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+		.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+	.auth_only = true,
+
+	.xform = {
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+				.key.length = 32,
+				.digest_length = 16,
+			},
+		},
+	},
+};
+
+struct ipsec_test_data pkt_ah_transport_sha256 = {
+	.auth_key = {
+		.data = {
+			0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+			0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+			0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+			0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a, 0x5a,
+		},
+	},
+	.input_text = {
+		.data = {
+			/* IP */
+			0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
+			0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02,
+			0xc0, 0xa8, 0xde, 0x02,
+
+			/* ICMP */
+			0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+			0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b,
+		},
+		.len = 128,
+	},
+	.output_text = {
+		.data = {
+			/* IP outer header */
+			0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00,
+			0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02,
+			0xc0, 0xa8, 0xde, 0x02,
+
+			/* AH */
+			0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+			0x00, 0x00, 0x00, 0x01,
+			0x6c, 0x2e, 0xf7, 0x1f, 0x7c, 0x70, 0x39, 0xa3,
+			0x4a, 0x77, 0x01, 0x47, 0x9e, 0x45, 0x73, 0x51,
+
+			/* ICMP */
+			0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00,
+			0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe,
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b,
+		},
+		.len = 156,
+	},
+
+	.ipsec_xform = {
+		.spi = 0x7b,
+		.options.esn = 0,
+		.options.udp_encap = 0,
+		.options.copy_dscp = 0,
+		.options.copy_flabel = 0,
+		.options.copy_df = 0,
+		.options.dec_ttl = 0,
+		.options.ecn = 0,
+		.options.stats = 0,
+		.options.tunnel_hdr_verify = 0,
+		.options.ip_csum_enable = 0,
+		.options.l4_csum_enable = 0,
+		.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+		.proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
+		.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+		.replay_win_sz = 0,
+	},
+
+	.aead = false,
+	.auth_only = true,
+
+	.xform = {
+		.chain.auth = {
+			.next = NULL,
+			.type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			.auth = {
+				.op = RTE_CRYPTO_AUTH_OP_GENERATE,
+				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+				.key.length = 32,
+				.digest_length = 16,
+			},
+		},
+	},
+};
+
 #endif /* TEST_CRYPTODEV_SECURITY_IPSEC_TEST_VECTORS_H_ */
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index 9eaf9919ca..8874440af2 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -193,6 +193,7 @@ New Features
 * **Updated lookaside protocol (IPsec) tests in dpdk-test.**
 
   * Added tests to verify IPSec AH in combined mode.
+  * Added AH known test vectors for SHA256 HMAC.
 
 Removed Items
 -------------
-- 
2.22.0

