diff mbox series

[API-NEXT,v2,15/16] validation: ipsec: add ChaCha20-Poly1305 test vectors

Message ID 1517130009-11837-16-git-send-email-odpbot@yandex.ru
State Superseded
Headers show
Series [API-NEXT,v2,1/16] api: crypto: clarify special nature of gcm and gmac | expand

Commit Message

Github ODP bot Jan. 28, 2018, 9 a.m. UTC
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 434 (lumag:crypto-upd)
 ** https://github.com/Linaro/odp/pull/434
 ** Patch: https://github.com/Linaro/odp/pull/434.patch
 ** Base sha: 0bdad6d2562166eec4abeb957b6bb5067de9fe94
 ** Merge commit sha: 8947b874421e06f87f32ec66357967a71e46e986
 **/
 test/validation/api/ipsec/ipsec.c          | 14 +++++++
 test/validation/api/ipsec/ipsec.h          |  1 +
 test/validation/api/ipsec/ipsec_test_in.c  | 33 +++++++++++++++
 test/validation/api/ipsec/ipsec_test_out.c | 44 ++++++++++++++++++++
 test/validation/api/ipsec/test_vectors.h   | 66 ++++++++++++++++++++++++++++++
 5 files changed, 158 insertions(+)
diff mbox series

Patch

diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c
index 5d3112a27..31bd557fe 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -177,6 +177,10 @@  int ipsec_check(odp_bool_t ah,
 		if (!capa.ciphers.bit.aes_gcm)
 			return ODP_TEST_INACTIVE;
 		break;
+	case ODP_CIPHER_ALG_CHACHA20_POLY1305:
+		if (!capa.ciphers.bit.chacha20_poly1305)
+			return ODP_TEST_INACTIVE;
+		break;
 	default:
 		fprintf(stderr, "Unsupported cipher algorithm\n");
 		return ODP_TEST_INACTIVE;
@@ -212,6 +216,10 @@  int ipsec_check(odp_bool_t ah,
 		if (!capa.auths.bit.aes_gmac)
 			return ODP_TEST_INACTIVE;
 		break;
+	case ODP_AUTH_ALG_CHACHA20_POLY1305:
+		if (!capa.auths.bit.chacha20_poly1305)
+			return ODP_TEST_INACTIVE;
+		break;
 	default:
 		fprintf(stderr, "Unsupported authentication algorithm\n");
 		return ODP_TEST_INACTIVE;
@@ -313,6 +321,12 @@  int ipsec_check_esp_null_aes_gmac_128(void)
 				ODP_AUTH_ALG_AES_GMAC, 128);
 }
 
+int ipsec_check_esp_chacha20_poly1305(void)
+{
+	return  ipsec_check_esp(ODP_CIPHER_ALG_CHACHA20_POLY1305, 256,
+				ODP_AUTH_ALG_CHACHA20_POLY1305, 0);
+}
+
 void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
 			 odp_bool_t in,
 			 odp_bool_t ah,
diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h
index 31ebed789..7ba9ef10e 100644
--- a/test/validation/api/ipsec/ipsec.h
+++ b/test/validation/api/ipsec/ipsec.h
@@ -91,5 +91,6 @@  int ipsec_check_esp_aes_gcm_128(void);
 int ipsec_check_esp_aes_gcm_256(void);
 int ipsec_check_ah_aes_gmac_128(void);
 int ipsec_check_esp_null_aes_gmac_128(void);
+int ipsec_check_esp_chacha20_poly1305(void);
 
 #endif
diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c
index 8a82abe49..8138defb5 100644
--- a/test/validation/api/ipsec/ipsec_test_in.c
+++ b/test/validation/api/ipsec/ipsec_test_in.c
@@ -1136,6 +1136,37 @@  static void test_in_ipv4_mcgrew_gcm_15_esp(void)
 	ipsec_sa_destroy(sa);
 }
 
+static void test_in_ipv4_rfc7634_chacha(void)
+{
+	odp_ipsec_tunnel_param_t tunnel = {};
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 0x01020304, &tunnel,
+			    ODP_CIPHER_ALG_CHACHA20_POLY1305, &key_rfc7634,
+			    ODP_AUTH_ALG_CHACHA20_POLY1305, NULL,
+			    &key_rfc7634_salt);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_ipv4_rfc7634_esp,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_ipv4_rfc7634},
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
 static void test_in_ipv4_ah_aes_gmac_128(void)
 {
 	odp_ipsec_sa_param_t param;
@@ -1474,6 +1505,8 @@  odp_testinfo_t ipsec_in_suite[] = {
 #endif
 	ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_15_esp,
 				  ipsec_check_esp_null_aes_gmac_128),
+	ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc7634_chacha,
+				  ipsec_check_esp_chacha20_poly1305),
 	ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256,
 				  ipsec_check_ah_sha256),
 	ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4,
diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c
index 971fbbf8d..0f49c7e1f 100644
--- a/test/validation/api/ipsec/ipsec_test_out.c
+++ b/test/validation/api/ipsec/ipsec_test_out.c
@@ -500,6 +500,48 @@  static void test_out_ipv4_esp_null_aes_gmac_128(void)
 	ipsec_sa_destroy(sa);
 }
 
+static void test_out_ipv4_esp_chacha20_poly1305(void)
+{
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+	odp_ipsec_sa_t sa2;
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 123, NULL,
+			    ODP_CIPHER_ALG_CHACHA20_POLY1305, &key_rfc7634,
+			    ODP_AUTH_ALG_CHACHA20_POLY1305, NULL,
+			    &key_rfc7634_salt);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_CHACHA20_POLY1305, &key_rfc7634,
+			    ODP_AUTH_ALG_CHACHA20_POLY1305, NULL,
+			    &key_rfc7634_salt);
+
+	sa2 = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_ipv4_icmp_0,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_ipv4_icmp_0 },
+		},
+	};
+
+	ipsec_check_out_in_one(&test, sa, sa2);
+
+	ipsec_sa_destroy(sa2);
+	ipsec_sa_destroy(sa);
+}
+
 static void test_out_ipv4_ah_sha256_frag_check(void)
 {
 	odp_ipsec_sa_param_t param;
@@ -978,6 +1020,8 @@  odp_testinfo_t ipsec_out_suite[] = {
 				  ipsec_check_ah_aes_gmac_128),
 	ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128,
 				  ipsec_check_esp_null_aes_gmac_128),
+	ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_chacha20_poly1305,
+				  ipsec_check_esp_chacha20_poly1305),
 	ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check,
 				  ipsec_check_ah_sha256),
 	ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check_2,
diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h
index 4732d6ca5..f14fdb2b3 100644
--- a/test/validation/api/ipsec/test_vectors.h
+++ b/test/validation/api/ipsec/test_vectors.h
@@ -48,6 +48,11 @@  KEY(key_mcgrew_gcm_salt_12, 0xd9, 0x66, 0x42, 0x67);
 KEY(key_mcgrew_gcm_15, 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda,
 		       0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34);
 KEY(key_mcgrew_gcm_salt_15, 0x22, 0x43, 0x3c, 0x64);
+KEY(key_rfc7634, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+		 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+		 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+		 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f);
+KEY(key_rfc7634_salt, 0xa0, 0xa1, 0xa2, 0xa3);
 
 static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0 = {
 	.len = 142,
@@ -1730,6 +1735,67 @@  static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = {
 	},
 };
 
+static const ODP_UNUSED ipsec_test_packet pkt_ipv4_rfc7634 = {
+	.len = 98,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x54, 0xa6, 0xf2, 0x00, 0x00,
+		0x40, 0x01, 0xe7, 0x78, 0xc6, 0x33, 0x64, 0x05,
+		0xc0, 0x00, 0x02, 0x05,
+
+		/* ICMP */
+		0x08, 0x00, 0x5b, 0x7a, 0x3a, 0x08, 0x00, 0x00,
+		0x55, 0x3b, 0xec, 0x10, 0x00, 0x07, 0x36, 0x27,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+	},
+};
+
+static const ODP_UNUSED ipsec_test_packet pkt_ipv4_rfc7634_esp = {
+	.len = 154,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x8c, 0x23, 0x45, 0x00, 0x00,
+		0x40, 0x32, 0xde, 0x5b, 0xcb, 0x00, 0x71, 0x99,
+		0xcb, 0x00, 0x71, 0x05,
+
+		/* ESP */
+		0x01, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x05,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x24, 0x03, 0x94, 0x28, 0xb9, 0x7f, 0x41, 0x7e,
+		0x3c, 0x13, 0x75, 0x3a, 0x4f, 0x05, 0x08, 0x7b,
+		0x67, 0xc3, 0x52, 0xe6, 0xa7, 0xfa, 0xb1, 0xb9,
+		0x82, 0xd4, 0x66, 0xef, 0x40, 0x7a, 0xe5, 0xc6,
+		0x14, 0xee, 0x80, 0x99, 0xd5, 0x28, 0x44, 0xeb,
+		0x61, 0xaa, 0x95, 0xdf, 0xab, 0x4c, 0x02, 0xf7,
+		0x2a, 0xa7, 0x1e, 0x7c, 0x4c, 0x4f, 0x64, 0xc9,
+		0xbe, 0xfe, 0x2f, 0xac, 0xc6, 0x38, 0xe8, 0xf3,
+		0xcb, 0xec, 0x16, 0x3f, 0xac, 0x46, 0x9b, 0x50,
+		0x27, 0x73, 0xf6, 0xfb, 0x94, 0xe6, 0x64, 0xda,
+		0x91, 0x65, 0xb8, 0x28, 0x29, 0xf6, 0x41, 0xe0,
+		0x76, 0xaa, 0xa8, 0x26, 0x6b, 0x7f, 0xb0, 0xf7,
+		0xb1, 0x1b, 0x36, 0x99, 0x07, 0xe1, 0xad, 0x43,
+	},
+};
+
 static const ODP_UNUSED ipsec_test_packet
 		pkt_ipv6_icmp_0_esp_udp_null_sha256_1 = {
 	.len = 206,