From patchwork Thu Nov 30 13:00:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120176 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp641682qgn; Thu, 30 Nov 2017 05:05:09 -0800 (PST) X-Google-Smtp-Source: AGs4zMYoqOoXeEzC8wpmiugrVm56SVBJaNLVV1zGA3jC2U8EsQkIPbVZIV2jaA0YB4ztDy+skla2 X-Received: by 10.200.52.232 with SMTP id x37mr3302929qtb.287.1512047109502; Thu, 30 Nov 2017 05:05:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047109; cv=none; d=google.com; s=arc-20160816; b=FeIh7SDAHGEHQzTgksYooXAnPIhX15ctDVQVdiqL0u7dS1jX/jA0NntKNydHT8qfRo He4ub9x0QjSooeE61nsdDPEnV2adAb8hMpnR/I42CNa/QTom+4iMslS7wANkN1MOizRn 2AeCD0nN6AmG1xNLYWVIkYfvzAnY75fv8lv3dNoNjl3YDEaTs4StEDNPN/0bvNUJY0Ow jMlrWesRoBCeF8aq6ctah4hkZAlcHt5H7W2GitRD9JmD38TqETyu8p7cYDw6D/FVSqQ8 9I/EzyvwIi0qBduSBKA+quNPMQeb0RFazY6DIL2ZYGfJsFO8D+M7PdD5GAGMxHVVId3q 4xww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=jHTxFFYA8pwcA0rGAcrvEFStHU+lmeOauj8+WISUJ18=; b=UUEVr74n60nwvQ1Mawz7eixrv1+X8nhA6QhprJLVyONrU0TY7kiDBPAAiI8PJnGl7A nR+uX8YQV96yd0LtTG7OXJZKCzCz48FCIVVwGOLLndEdP4V414or4ag342dNUGcXaXIq 8PQQM0eSMtnJKyBNcNSe5scpNkFYdM0PIC/goH8NnEj/Lh5xWsJGqlGiuwVyXQiXTEtR ExSYwp8/p292fHPYTwafRnFFRaSck8Cp80bBhZtilMVFEoz8G34ilhYsyO3jno0zgDEI BFlHlCrwAN9YiPBOm/X2iALP1z9MbKU8oNnS8T3IEDkHBY5CKPzCc/GZAnPaI03gUal7 fWCA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id e64si3252530qtd.147.2017.11.30.05.05.09; Thu, 30 Nov 2017 05:05:09 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 1F99560991; Thu, 30 Nov 2017 13:05:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 7879160951; Thu, 30 Nov 2017 13:01:15 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A376F607F9; Thu, 30 Nov 2017 13:00:38 +0000 (UTC) Received: from forward102p.mail.yandex.net (forward102p.mail.yandex.net [77.88.28.102]) by lists.linaro.org (Postfix) with ESMTPS id E64C7607F9 for ; Thu, 30 Nov 2017 13:00:19 +0000 (UTC) Received: from mxback2o.mail.yandex.net (mxback2o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1c]) by forward102p.mail.yandex.net (Yandex) with ESMTP id 192B243028C5 for ; Thu, 30 Nov 2017 16:00:18 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback2o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id PwmbcR5OJL-0HqeZDYP; Thu, 30 Nov 2017 16:00:18 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0GGa99ga; Thu, 30 Nov 2017 16:00:16 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:00 +0300 Message-Id: <1512046815-10630-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 1/16] validation: ipsec: add ipv4 name parts X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov In preparation to add IPv6 support, add ipv4 everywhere (to test packets and to test names). Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ test/validation/api/ipsec/ipsec_test_in.c | 230 ++++++++++++++--------------- test/validation/api/ipsec/ipsec_test_out.c | 125 +++++----------- test/validation/api/ipsec/test_vectors.h | 38 +++-- 3 files changed, 178 insertions(+), 215 deletions(-) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 294e4a5d6..daafaf69a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -10,7 +10,7 @@ #include "test_vectors.h" -static void test_in_ah_sha256(void) +static void test_in_ipv4_ah_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -26,12 +26,12 @@ static void test_in_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -40,7 +40,7 @@ static void test_in_ah_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_tun(void) +static void test_in_ipv4_ah_sha256_tun_ipv4(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -57,12 +57,12 @@ static void test_in_ah_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -71,7 +71,7 @@ static void test_in_ah_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_tun_notun(void) +static void test_in_ipv4_ah_sha256_tun_ipv4_notun(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -87,12 +87,12 @@ static void test_in_ah_sha256_tun_notun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_tun_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ipip }, + .pkt_out = &pkt_ipv4_icmp_0_ipip }, }, }; @@ -101,7 +101,7 @@ static void test_in_ah_sha256_tun_notun(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256(void) +static void test_in_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -117,12 +117,12 @@ static void test_in_esp_null_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -131,7 +131,7 @@ static void test_in_esp_null_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_cbc_null(void) +static void test_in_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -147,12 +147,12 @@ static void test_in_esp_aes_cbc_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_cbc_null_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_null_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -161,7 +161,7 @@ static void test_in_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_cbc_sha256(void) +static void test_in_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -177,12 +177,12 @@ static void test_in_esp_aes_cbc_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_cbc_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_cbc_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -191,7 +191,7 @@ static void test_in_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_aes_ctr_null(void) +static void test_in_ipv4_esp_aes_ctr_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -207,12 +207,12 @@ static void test_in_esp_aes_ctr_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_aes_ctr_null_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_aes_ctr_null_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -221,7 +221,7 @@ static void test_in_esp_aes_ctr_null(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_ah_sha256(void) +static void test_in_ipv4_ah_sha256_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -237,13 +237,13 @@ static void test_in_lookup_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .lookup = 1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -252,7 +252,7 @@ static void test_in_lookup_ah_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_esp_null_sha256(void) +static void test_in_ipv4_esp_null_sha256_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -268,13 +268,13 @@ static void test_in_lookup_esp_null_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .lookup = 1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -283,7 +283,7 @@ static void test_in_lookup_esp_null_sha256(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_tun(void) +static void test_in_ipv4_esp_null_sha256_tun_ipv4(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -300,12 +300,12 @@ static void test_in_esp_null_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_tun_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -314,7 +314,7 @@ static void test_in_esp_null_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_noreplay(void) +static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -331,22 +331,22 @@ static void test_in_ah_sha256_noreplay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -358,7 +358,7 @@ static void test_in_ah_sha256_noreplay(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_replay(void) +static void test_in_ipv4_ah_sha256_replay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -375,17 +375,17 @@ static void test_in_ah_sha256_replay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_repl = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -395,12 +395,12 @@ static void test_in_ah_sha256_replay(void) }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -412,7 +412,7 @@ static void test_in_ah_sha256_replay(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_noreplay(void) +static void test_in_ipv4_esp_null_sha256_noreplay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -429,22 +429,22 @@ static void test_in_esp_null_sha256_noreplay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -456,7 +456,7 @@ static void test_in_esp_null_sha256_noreplay(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_replay(void) +static void test_in_ipv4_esp_null_sha256_replay(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -473,17 +473,17 @@ static void test_in_esp_null_sha256_replay(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; ipsec_test_part test_repl = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -493,12 +493,12 @@ static void test_in_esp_null_sha256_replay(void) }; ipsec_test_part test_1235 = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1235, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -510,13 +510,13 @@ static void test_in_esp_null_sha256_replay(void) ipsec_sa_destroy(sa); } -static void test_in_ah_esp_pkt(void) +static void test_in_ipv4_ah_esp_pkt(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; /* This test will not work properly inbound inline mode. - * test_in_lookup_ah_esp_pkt will be used instead. */ + * test_in_ipv4_ah_esp_pkt_lookup will be used instead. */ if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) return; @@ -531,7 +531,7 @@ static void test_in_ah_esp_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -545,13 +545,13 @@ static void test_in_ah_esp_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_esp_ah_pkt(void) +static void test_in_ipv4_esp_ah_pkt(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; /* This test will not work properly inbound inline mode. - * test_in_lookup_esp_ah_pkt will be used instead. */ + * test_in_ipv4_esp_ah_pkt_lookup will be used instead. */ if (suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE) return; @@ -566,7 +566,7 @@ static void test_in_esp_ah_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -580,7 +580,7 @@ static void test_in_esp_ah_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_ah_esp_pkt(void) +static void test_in_ipv4_ah_esp_pkt_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -596,7 +596,7 @@ static void test_in_lookup_ah_esp_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1, .lookup = 1, .out_pkt = 1, .out = { @@ -611,7 +611,7 @@ static void test_in_lookup_ah_esp_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_lookup_esp_ah_pkt(void) +static void test_in_ipv4_esp_ah_pkt_lookup(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -627,7 +627,7 @@ static void test_in_lookup_esp_ah_pkt(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1, .lookup = 1, .out_pkt = 1, .out = { @@ -642,7 +642,7 @@ static void test_in_lookup_esp_ah_pkt(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_bad1(void) +static void test_in_ipv4_ah_sha256_bad1(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -658,7 +658,7 @@ static void test_in_ah_sha256_bad1(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1_bad1, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1_bad1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -672,7 +672,7 @@ static void test_in_ah_sha256_bad1(void) ipsec_sa_destroy(sa); } -static void test_in_ah_sha256_bad2(void) +static void test_in_ipv4_ah_sha256_bad2(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -688,7 +688,7 @@ static void test_in_ah_sha256_bad2(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_sha256_1_bad2, + .pkt_in = &pkt_ipv4_icmp_0_ah_sha256_1_bad2, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -702,7 +702,7 @@ static void test_in_ah_sha256_bad2(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_sha256_bad1(void) +static void test_in_ipv4_esp_null_sha256_bad1(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -718,7 +718,7 @@ static void test_in_esp_null_sha256_bad1(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_sha256_1_bad1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_sha256_1_bad1, .out_pkt = 1, .out = { { .status.warn.all = 0, @@ -732,7 +732,7 @@ static void test_in_esp_null_sha256_bad1(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_5_esp(void) +static void test_in_ipv4_rfc3602_5_esp(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -762,7 +762,7 @@ static void test_in_rfc3602_5_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_6_esp(void) +static void test_in_ipv4_rfc3602_6_esp(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -792,7 +792,7 @@ static void test_in_rfc3602_6_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_7_esp(void) +static void test_in_ipv4_rfc3602_7_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -823,7 +823,7 @@ static void test_in_rfc3602_7_esp(void) ipsec_sa_destroy(sa); } -static void test_in_rfc3602_8_esp(void) +static void test_in_ipv4_rfc3602_8_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -854,7 +854,7 @@ static void test_in_rfc3602_8_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_2_esp(void) +static void test_in_ipv4_mcgrew_gcm_2_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -885,7 +885,7 @@ static void test_in_mcgrew_gcm_2_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_3_esp(void) +static void test_in_ipv4_mcgrew_gcm_3_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -916,7 +916,7 @@ static void test_in_mcgrew_gcm_3_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_4_esp(void) +static void test_in_ipv4_mcgrew_gcm_4_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -947,7 +947,7 @@ static void test_in_mcgrew_gcm_4_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_12_esp(void) +static void test_in_ipv4_mcgrew_gcm_12_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -978,7 +978,7 @@ static void test_in_mcgrew_gcm_12_esp(void) ipsec_sa_destroy(sa); } -static void test_in_mcgrew_gcm_15_esp(void) +static void test_in_ipv4_mcgrew_gcm_15_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; odp_ipsec_sa_param_t param; @@ -1009,7 +1009,7 @@ static void test_in_mcgrew_gcm_15_esp(void) ipsec_sa_destroy(sa); } -static void test_in_ah_aes_gmac_128(void) +static void test_in_ipv4_ah_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -1025,12 +1025,12 @@ static void test_in_ah_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_ah_aes_gmac_128_1, + .pkt_in = &pkt_ipv4_icmp_0_ah_aes_gmac_128_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -1039,7 +1039,7 @@ static void test_in_ah_aes_gmac_128(void) ipsec_sa_destroy(sa); } -static void test_in_esp_null_aes_gmac_128(void) +static void test_in_ipv4_esp_null_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -1055,12 +1055,12 @@ static void test_in_esp_null_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0_esp_null_aes_gmac_128_1, + .pkt_in = &pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -1078,71 +1078,71 @@ static void ipsec_test_capability(void) odp_testinfo_t ipsec_in_suite[] = { ODP_TEST_INFO(ipsec_test_capability), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_5_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_5_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_6_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_6_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_7_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_7_esp, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_rfc3602_8_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_rfc3602_8_esp, ipsec_check_esp_aes_cbc_128_null), /* test 1, 5, 6, 8 -- 11 -- ESN */ /* test 7 -- invalid, plaintext packet includes trl into IP length */ - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_2_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_2_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_3_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_3_esp, ipsec_check_esp_aes_gcm_256), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_4_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_4_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_12_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_12_esp, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_15_esp, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_15_esp, ipsec_check_esp_null_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun_notun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4_notun, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_null, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_ctr_null, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_aes_ctr_null, ipsec_check_esp_aes_ctr_128_null), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_lookup, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_lookup, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_noreplay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_replay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_noreplay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_noreplay, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_replay, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_replay, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_esp_pkt, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_ah_pkt, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_esp_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_esp_pkt_lookup, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_ah_pkt, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_ah_pkt_lookup, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad1, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_bad1, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_bad2, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_bad2, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_bad1, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_bad1, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_in_ah_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_aes_gmac_128, ipsec_check_ah_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 7d4ea4a73..757b90059 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -10,7 +10,7 @@ #include "test_vectors.h" -static void test_out_ah_sha256(void) +static void test_out_ipv4_ah_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -26,12 +26,12 @@ static void test_out_ah_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, }, }; @@ -45,7 +45,7 @@ static void test_out_ah_sha256(void) (c << 8) | \ (d << 0)) -static void test_out_ah_sha256_tun(void) +static void test_out_ipv4_ah_sha256_tun_ipv4(void) { uint32_t src = IPV4ADDR(10, 0, 111, 2); uint32_t dst = IPV4ADDR(10, 0, 222, 2); @@ -69,12 +69,12 @@ static void test_out_ah_sha256_tun(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_tun_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1 }, }, }; @@ -83,7 +83,7 @@ static void test_out_ah_sha256_tun(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256_out(void) +static void test_out_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -99,12 +99,12 @@ static void test_out_esp_null_sha256_out(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_null_sha256_1 }, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, }, }; @@ -113,7 +113,7 @@ static void test_out_esp_null_sha256_out(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256_tun_out(void) +static void test_out_ipv4_esp_null_sha256_tun_ipv4(void) { uint32_t src = IPV4ADDR(10, 0, 111, 2); uint32_t dst = IPV4ADDR(10, 0, 222, 2); @@ -137,12 +137,13 @@ static void test_out_esp_null_sha256_tun_out(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_tun_null_sha256_1 }, + .pkt_out = + &pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1 }, }, }; @@ -151,49 +152,7 @@ static void test_out_esp_null_sha256_tun_out(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_sha256(void) -{ - odp_ipsec_sa_param_t param; - odp_ipsec_sa_t sa; - odp_ipsec_sa_t sa2; - - ipsec_sa_param_fill(¶m, - false, false, 123, NULL, - ODP_CIPHER_ALG_NULL, NULL, - ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, - NULL); - - sa = odp_ipsec_sa_create(¶m); - - CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); - - ipsec_sa_param_fill(¶m, - true, false, 123, NULL, - ODP_CIPHER_ALG_NULL, NULL, - ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, - NULL); - - sa2 = odp_ipsec_sa_create(¶m); - - CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); - - ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, - .out_pkt = 1, - .out = { - { .status.warn.all = 0, - .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, - }, - }; - - ipsec_check_out_in_one(&test, sa, sa2); - - ipsec_sa_destroy(sa2); - ipsec_sa_destroy(sa); -} - -static void test_out_esp_aes_cbc_null(void) +static void test_out_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -220,12 +179,12 @@ static void test_out_esp_aes_cbc_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -235,7 +194,7 @@ static void test_out_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_cbc_sha256(void) +static void test_out_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -262,12 +221,12 @@ static void test_out_esp_aes_cbc_sha256(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -277,7 +236,7 @@ static void test_out_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_ctr_null(void) +static void test_out_ipv4_esp_aes_ctr_null(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -304,12 +263,12 @@ static void test_out_esp_aes_ctr_null(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -319,7 +278,7 @@ static void test_out_esp_aes_ctr_null(void) ipsec_sa_destroy(sa); } -static void test_out_esp_aes_gcm128(void) +static void test_out_ipv4_esp_aes_gcm128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -346,12 +305,12 @@ static void test_out_esp_aes_gcm128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0 }, + .pkt_out = &pkt_ipv4_icmp_0 }, }, }; @@ -361,7 +320,7 @@ static void test_out_esp_aes_gcm128(void) ipsec_sa_destroy(sa); } -static void test_out_ah_aes_gmac_128(void) +static void test_out_ipv4_ah_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -377,12 +336,12 @@ static void test_out_ah_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_ah_aes_gmac_128_1 }, + .pkt_out = &pkt_ipv4_icmp_0_ah_aes_gmac_128_1 }, }, }; @@ -391,7 +350,7 @@ static void test_out_ah_aes_gmac_128(void) ipsec_sa_destroy(sa); } -static void test_out_esp_null_aes_gmac_128(void) +static void test_out_ipv4_esp_null_aes_gmac_128(void) { odp_ipsec_sa_param_t param; odp_ipsec_sa_t sa; @@ -407,12 +366,12 @@ static void test_out_esp_null_aes_gmac_128(void) CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); ipsec_test_part test = { - .pkt_in = &pkt_icmp_0, + .pkt_in = &pkt_ipv4_icmp_0, .out_pkt = 1, .out = { { .status.warn.all = 0, .status.error.all = 0, - .pkt_out = &pkt_icmp_0_esp_null_aes_gmac_128_1 }, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1 }, }, }; @@ -430,27 +389,25 @@ static void ipsec_test_capability(void) odp_testinfo_t ipsec_out_suite[] = { ODP_TEST_INFO(ipsec_test_capability), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_sha256_tun, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_out, - ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256_tun_out, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_null, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_ctr_null, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_ctr_null, ipsec_check_esp_aes_ctr_128_null), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_gcm128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_gcm128, ipsec_check_esp_aes_gcm_128), - ODP_TEST_INFO_CONDITIONAL(test_out_ah_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_aes_gmac_128, ipsec_check_ah_aes_gmac_128), - ODP_TEST_INFO_CONDITIONAL(test_out_esp_null_aes_gmac_128, + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 7fb7d5a84..51aa97ccb 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -49,7 +49,7 @@ KEY(key_mcgrew_gcm_15, 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda, 0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34); KEY(key_mcgrew_gcm_salt_15, 0x22, 0x43, 0x3c, 0x64); -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0 = { .len = 142, .l2_offset = 0, .l3_offset = 14, @@ -82,7 +82,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ipip = { .len = 162, .l2_offset = 0, .l3_offset = 14, @@ -120,7 +120,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ipip = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -159,7 +159,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_ah_tun_ipv4_sha256_1 = { .len = 190, .l2_offset = 0, .l3_offset = 14, @@ -203,7 +204,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_tun_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad1 = { .len = 168, .l2_offset = 0, .l3_offset = 14, @@ -242,7 +243,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad2 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -281,7 +282,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1235 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -325,7 +326,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -368,7 +369,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_tun_ipv4_null_sha256_1 = { .len = 190, .l2_offset = 0, .l3_offset = 14, @@ -416,7 +418,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_tun_null_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -459,7 +462,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_sha256_1235 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -502,7 +506,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_aes_cbc_null_1 = { .len = 170, .l2_offset = 0, .l3_offset = 14, @@ -542,7 +546,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_aes_cbc_sha256_1 = { .len = 186, .l2_offset = 0, .l3_offset = 14, @@ -586,7 +591,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_aes_ctr_null_1 = { .len = 162, .l2_offset = 0, .l3_offset = 14, @@ -625,7 +630,7 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_aes_gmac_128_1 = { +static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_aes_gmac_128_1 = { .len = 178, .l2_offset = 0, .l3_offset = 14, @@ -665,7 +670,8 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_aes_gmac_128_1 = { }, }; -static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_aes_gmac_128_1 = { +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_null_aes_gmac_128_1 = { .len = 178, .l2_offset = 0, .l3_offset = 14, From patchwork Thu Nov 30 13:00:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120178 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp644912qgn; Thu, 30 Nov 2017 05:07:30 -0800 (PST) X-Google-Smtp-Source: AGs4zMaOUcMwzJttOB+wpeU6YbZISqNZpOHBuE/eHZn03WWDv4RLN8qwMKSGtQjvEDFC3uAsEzHl X-Received: by 10.200.27.200 with SMTP id m8mr3152933qtk.102.1512047249937; Thu, 30 Nov 2017 05:07:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047249; cv=none; d=google.com; s=arc-20160816; b=tItDTYnnWZpPdQzMqP4SzuuvOJO9tAVZgdHvDaYfGcxyD+ecR8PyaEnudpnRum0I2F Y6/u9/RftlDiykmmMvgiS4qDqVmoPxmwCBLUf7QRpgMGI81KGkz4R9z8ucapLnYRESHJ RbPRZoUNPJvlfQqciXHZG5X2VlmtovEZ7RuzS+ARl25rRCGGMH/v325ZZbMgJ6VeNds+ oFv3dbjsrCX4vK82XQGYo4Ly51HL3vukjyjWBLQim9JCCc9OVJc+tAMkrdioIA7nW+90 5WHrLGC11I7c2vjYAW6/O70YS1GyhcPq4T4xXgg29025MUJygRdL2vs0q3Yf+8sJdcxd Ez4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=3x0n8hu/DAcigpInqkf7FeJXJHjeh42kWyZNA6DPD/I=; b=Iwlzg8JXGPG8ZKhw92kt2StuuBl00FICRaU/bZ4jbCcpzyJyWvWVqZJW04hqflFRcp uiY+MXpAgNcmA2Ck1gllrk0VxT6VrugS9DW5QsGmf918S6Q39DUsJ56ESzuk68KbpFbC EO3CmC6JZcYlt6LxAZfJmoa/d+uMIdEJxunSWfs99uhJmluANC8VeCLxbj9PMYXBaFLU mHhh2Nbp5HLk8OIXDlR9o2gPdZaUOojyJeO96TG9KLV+Sr2jbqHgRPz+1bdDWVV62dti Av+EZi1jpXfB+uXH0Xk8hLsOWTBoNUEJkOQb1A/smPJSvNwr4s4wKGKZvb0aze2Y6ngS Z6aQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id j53si3140133qta.133.2017.11.30.05.07.29; Thu, 30 Nov 2017 05:07:29 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 7CBD4609A5; Thu, 30 Nov 2017 13:07:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id CE2CD6092D; Thu, 30 Nov 2017 13:01:20 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 810AF6094B; Thu, 30 Nov 2017 13:00:42 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id 491CE604A1 for ; Thu, 30 Nov 2017 13:00:21 +0000 (UTC) Received: from mxback15g.mail.yandex.net (mxback15g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:94]) by forward105o.mail.yandex.net (Yandex) with ESMTP id A37704446575 for ; Thu, 30 Nov 2017 16:00:19 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback15g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id zwdSkwZl50-0JTuihBc; Thu, 30 Nov 2017 16:00:19 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0IGOdS4j; Thu, 30 Nov 2017 16:00:18 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:01 +0300 Message-Id: <1512046815-10630-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 2/16] linux-gen: modularize IPsec implementation X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov To ease adding IPv6/IPcomp/etc modularize IPsec implementation, refactoring out functions handling ESP/AH and header parsing/tunneling. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ platform/linux-generic/odp_ipsec.c | 1089 ++++++++++++++++++++---------------- 1 file changed, 597 insertions(+), 492 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index b17e4cd7b..6ce5bc781 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -123,8 +123,8 @@ static inline int _odp_ipv4_csum(odp_packet_t pkt, return 0; } -/** @internal Checksum offset in IPv4 header */ -#define _ODP_IPV4HDR_CSUM_OFFSET 10 +#define _ODP_IPV4HDR_CSUM_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, chksum) +#define _ODP_IPV4HDR_PROTO_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, proto) /** * Calculate and fill in IPv4 checksum @@ -158,7 +158,7 @@ static inline int _odp_ipv4_csum_update(odp_packet_t pkt) 2, &chksum); } -#define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL(ip->ver_ihl) * 4) +#define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL((ip)->ver_ihl) * 4) static inline void ipv4_adjust_len(_odp_ipv4hdr_t *ip, int adj) { @@ -218,200 +218,310 @@ static inline odp_pktio_parser_layer_t parse_layer(odp_ipsec_proto_layer_t l) return ODP_PKTIO_PARSER_LAYER_NONE; } -static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, - odp_ipsec_sa_t sa, - odp_packet_t *pkt_out, - odp_ipsec_op_status_t *status) -{ - ipsec_sa_t *ipsec_sa = NULL; - uint32_t ip_offset = odp_packet_l3_offset(pkt); - _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); - uint16_t ip_hdr_len = ipv4_hdr_len(ip); - odp_crypto_packet_op_param_t param; - int rc; +typedef struct { + _odp_ipv4hdr_t *ip; unsigned stats_length; - uint16_t ipsec_offset; /**< Offset of IPsec header from - buffer start */ - uint8_t iv[IPSEC_MAX_IV_LEN]; /**< ESP IV storage */ - ipsec_aad_t aad; /**< AAD, note ESN is not fully supported */ - unsigned hdr_len; /**< Length of IPsec headers */ - unsigned trl_len; /**< Length of IPsec trailers */ - uint8_t ip_tos; /**< Saved IP TOS value */ - uint8_t ip_ttl; /**< Saved IP TTL value */ - uint16_t ip_frag_offset; /**< Saved IP flags value */ - odp_crypto_packet_result_t crypto; /**< Crypto operation result */ - odp_packet_hdr_t *pkt_hdr; + uint16_t ip_offset; + uint16_t ip_hdr_len; + uint16_t ip_tot_len; + union { + struct { + uint16_t ip_df; + uint8_t ip_tos; + } out_tunnel; + struct { + uint16_t hdr_len; + uint16_t trl_len; + } in; + }; + union { + struct { + uint8_t tos; + uint8_t ttl; + uint16_t frag_offset; + } ah_ipv4; + }; + ipsec_aad_t aad; + uint8_t iv[IPSEC_MAX_IV_LEN]; +} ipsec_state_t; + +static int ipsec_parse_ipv4(ipsec_state_t *state) +{ + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(state->ip->frag_offset))) + return -1; - ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); - ODP_ASSERT(NULL != ip); + state->ip_hdr_len = ipv4_hdr_len(state->ip); + state->ip_tot_len = odp_be_to_cpu_16(state->ip->tot_len); - ip_tos = 0; - ip_ttl = 0; - ip_frag_offset = 0; + return 0; +} - /* Initialize parameters block */ - memset(¶m, 0, sizeof(param)); +static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, + odp_ipsec_protocol_t proto, + uint32_t spi, + void *dst_addr, + odp_ipsec_op_status_t *status) +{ + ipsec_sa_t *ipsec_sa; + + if (ODP_IPSEC_SA_INVALID == sa) { + ipsec_sa_lookup_t lookup; + + lookup.proto = proto; + lookup.spi = spi; + lookup.dst_addr = dst_addr; + + ipsec_sa = _odp_ipsec_sa_lookup(&lookup); + if (NULL == ipsec_sa) { + status->error.sa_lookup = 1; + return NULL; + } + } else { + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); + if (ipsec_sa->proto != proto || + ipsec_sa->spi != spi) { + status->error.proto = 1; + return ipsec_sa; + } + } + + return ipsec_sa; +} - ipsec_offset = ip_offset + ip_hdr_len; +static int ipsec_in_iv(odp_packet_t pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + uint16_t iv_offset) +{ + memcpy(state->iv, ipsec_sa->salt, ipsec_sa->salt_length); + if (odp_packet_copy_to_mem(pkt, + iv_offset, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length) < 0) + return -1; - if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + if (ipsec_sa->aes_ctr_iv) { + state->iv[12] = 0; + state->iv[13] = 0; + state->iv[14] = 0; + state->iv[15] = 1; + } + + return 0; +} + +static int ipsec_in_esp(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t **_ipsec_sa, + odp_ipsec_sa_t sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_esphdr_t esp; + uint16_t ipsec_offset; + ipsec_sa_t *ipsec_sa; + + ipsec_offset = state->ip_offset + state->ip_hdr_len; + + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, + sizeof(esp), &esp) < 0) { status->error.alg = 1; - goto err; + return -1; } - if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { - status->error.proto = 1; - goto err; + ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_ESP, + odp_be_to_cpu_32(esp.spi), + &state->ip->dst_addr, status); + *_ipsec_sa = ipsec_sa; + if (status->error.all) + return -1; + + if (ipsec_in_iv(*pkt, state, ipsec_sa, + ipsec_offset + _ODP_ESPHDR_LEN) < 0) { + status->error.alg = 1; + return -1; } - /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == ip->proto) { - _odp_esphdr_t esp; + state->in.hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; + state->in.trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(esp), &esp) < 0) { - status->error.alg = 1; - goto err; - } + param->cipher_range.offset = ipsec_offset + state->in.hdr_len; + param->cipher_range.length = state->ip_tot_len - + state->ip_hdr_len - + state->in.hdr_len - + ipsec_sa->icv_len; + param->override_iv_ptr = state->iv; - if (ODP_IPSEC_SA_INVALID == sa) { - ipsec_sa_lookup_t lookup; + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; - lookup.proto = ODP_IPSEC_ESP; - lookup.spi = odp_be_to_cpu_32(esp.spi); - lookup.dst_addr = &ip->dst_addr; + param->aad.ptr = (uint8_t *)&state->aad; - ipsec_sa = _odp_ipsec_sa_lookup(&lookup); - if (NULL == ipsec_sa) { - status->error.sa_lookup = 1; - goto err; - } - } else { - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); - if (ipsec_sa->proto != ODP_IPSEC_ESP || - ipsec_sa->spi != odp_be_to_cpu_32(esp.spi)) { - status->error.proto = 1; - goto err; - } - } + param->auth_range.offset = ipsec_offset; + param->auth_range.length = state->ip_tot_len - + state->ip_hdr_len - + ipsec_sa->icv_len; + param->hash_result_offset = state->ip_offset + + state->ip_tot_len - + ipsec_sa->icv_len; - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - if (odp_packet_copy_to_mem(pkt, - ipsec_offset + _ODP_ESPHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length) < 0) { - status->error.alg = 1; - goto err; - } + state->stats_length = param->cipher_range.length; - if (ipsec_sa->aes_ctr_iv) { - iv[12] = 0; - iv[13] = 0; - iv[14] = 0; - iv[15] = 1; - } + return 0; +} - hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; - trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; +static int ipsec_in_esp_post(odp_packet_t pkt, + ipsec_state_t *state) +{ + _odp_esptrl_t esptrl; + uint32_t esptrl_offset = state->ip_offset + + state->ip_tot_len - + state->in.trl_len; + + if (odp_packet_copy_to_mem(pkt, esptrl_offset, + sizeof(esptrl), &esptrl) < 0 || + state->ip_offset + esptrl.pad_len > esptrl_offset || + _odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, + ipsec_padding, esptrl.pad_len) != 0) + return -1; - param.cipher_range.offset = ipsec_offset + hdr_len; - param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - hdr_len - - ipsec_sa->icv_len; - param.override_iv_ptr = iv; + state->ip->proto = esptrl.next_header; + state->in.trl_len += esptrl.pad_len; - aad.spi = esp.spi; - aad.seq_no = esp.seq_no; + return 0; +} - param.aad.ptr = (uint8_t *)&aad; +static int ipsec_in_ah(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t **_ipsec_sa, + odp_ipsec_sa_t sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_ahhdr_t ah; + uint16_t ipsec_offset; + ipsec_sa_t *ipsec_sa; - param.auth_range.offset = ipsec_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - ipsec_sa->icv_len; - param.hash_result_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - ipsec_sa->icv_len; + ipsec_offset = state->ip_offset + state->ip_hdr_len; - stats_length = param.cipher_range.length; - } else if (_ODP_IPPROTO_AH == ip->proto) { - _odp_ahhdr_t ah; + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, + sizeof(ah), &ah) < 0) { + status->error.alg = 1; + return -1; + } - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(ah), &ah) < 0) { - status->error.alg = 1; - goto err; - } + ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_AH, + odp_be_to_cpu_32(ah.spi), + &state->ip->dst_addr, status); + *_ipsec_sa = ipsec_sa; + if (status->error.all) + return -1; - if (ODP_IPSEC_SA_INVALID == sa) { - ipsec_sa_lookup_t lookup; + if (ipsec_in_iv(*pkt, state, ipsec_sa, + ipsec_offset + _ODP_AHHDR_LEN) < 0) { + status->error.alg = 1; + return -1; + } - lookup.proto = ODP_IPSEC_AH; - lookup.spi = odp_be_to_cpu_32(ah.spi); - lookup.dst_addr = &ip->dst_addr; + param->override_iv_ptr = state->iv; - ipsec_sa = _odp_ipsec_sa_lookup(&lookup); - if (NULL == ipsec_sa) { - status->error.sa_lookup = 1; - goto err; - } - } else { - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); - if (ipsec_sa->proto != ODP_IPSEC_AH || - ipsec_sa->spi != odp_be_to_cpu_32(ah.spi)) { - status->error.proto = 1; - goto err; - } - } + state->in.hdr_len = (ah.ah_len + 2) * 4; + state->in.trl_len = 0; - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - if (odp_packet_copy_to_mem(pkt, - ipsec_offset + _ODP_AHHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length) < 0) { - status->error.alg = 1; - goto err; - } - param.override_iv_ptr = iv; + /* Save everything to context */ + state->ah_ipv4.tos = state->ip->tos; + state->ah_ipv4.frag_offset = state->ip->frag_offset; + state->ah_ipv4.ttl = state->ip->ttl; + + /* FIXME: zero copy of header, passing it to crypto! */ + /* + * If authenticating, zero the mutable fields build the request + */ + state->ip->chksum = 0; + state->ip->tos = 0; + state->ip->frag_offset = 0; + state->ip->ttl = 0; - hdr_len = (ah.ah_len + 2) * 4; - trl_len = 0; + state->aad.spi = ah.spi; + state->aad.seq_no = ah.seq_no; - /* Save everything to context */ - ip_tos = ip->tos; - ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); - ip_ttl = ip->ttl; + param->aad.ptr = (uint8_t *)&state->aad; - /* FIXME: zero copy of header, passing it to crypto! */ - /* - * If authenticating, zero the mutable fields build the request - */ - ip->chksum = 0; - ip->tos = 0; - ip->frag_offset = 0; - ip->ttl = 0; + param->auth_range.offset = state->ip_offset; + param->auth_range.length = state->ip_tot_len; + param->hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len; - aad.spi = ah.spi; - aad.seq_no = ah.seq_no; + state->stats_length = param->auth_range.length; - param.aad.ptr = (uint8_t *)&aad; + return 0; +} + +static int ipsec_in_ah_post(odp_packet_t pkt, + ipsec_state_t *state) +{ + _odp_ahhdr_t ah; + uint16_t ipsec_offset; - param.auth_range.offset = ip_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); - param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len; + ipsec_offset = state->ip_offset + state->ip_hdr_len; - stats_length = param.auth_range.length; + if (odp_packet_copy_to_mem(pkt, ipsec_offset, + sizeof(ah), &ah) < 0) + return -1; + + state->ip->proto = ah.next_header; + + /* Restore mutable fields */ + state->ip->ttl = state->ah_ipv4.ttl; + state->ip->tos = state->ah_ipv4.tos; + state->ip->frag_offset = state->ah_ipv4.frag_offset; + + return 0; +} + +static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, + odp_ipsec_sa_t sa, + odp_packet_t *pkt_out, + odp_ipsec_op_status_t *status) +{ + ipsec_state_t state; + ipsec_sa_t *ipsec_sa = NULL; + odp_crypto_packet_op_param_t param; + int rc; + odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; + + state.ip_offset = odp_packet_l3_offset(pkt); + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); + + state.ip = odp_packet_l3_ptr(pkt, NULL); + ODP_ASSERT(NULL != state.ip); + + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); + + rc = ipsec_parse_ipv4(&state); + if (rc < 0 || + state.ip_tot_len + state.ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + + /* Check IP header for IPSec protocols and look it up */ + if (_ODP_IPPROTO_ESP == state.ip->proto) { + rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); + } else if (_ODP_IPPROTO_AH == state.ip->proto) { + rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else { status->error.proto = 1; goto err; } + if (rc < 0) + goto err; if (_odp_ipsec_sa_replay_precheck(ipsec_sa, - odp_be_to_cpu_32(aad.seq_no), + odp_be_to_cpu_32(state.aad.seq_no), status) < 0) goto err; @@ -450,70 +560,30 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; } - if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + if (_odp_ipsec_sa_stats_update(ipsec_sa, + state.stats_length, + status) < 0) goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, - odp_be_to_cpu_32(aad.seq_no), + odp_be_to_cpu_32(state.aad.seq_no), status) < 0) goto err; - ip_offset = odp_packet_l3_offset(pkt); - ip = odp_packet_l3_ptr(pkt, NULL); - ip_hdr_len = ipv4_hdr_len(ip); - - if (_ODP_IPPROTO_ESP == ip->proto) { - /* - * Finish cipher by finding ESP trailer and processing - */ - _odp_esptrl_t esptrl; - uint32_t esptrl_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - trl_len; - - if (odp_packet_copy_to_mem(pkt, esptrl_offset, - sizeof(esptrl), &esptrl) < 0) { - status->error.proto = 1; - goto err; - } - - if (ip_offset + esptrl.pad_len > esptrl_offset) { - status->error.proto = 1; - goto err; - } - - if (_odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, - ipsec_padding, esptrl.pad_len) != 0) { - status->error.proto = 1; - goto err; - } + state.ip = odp_packet_l3_ptr(pkt, NULL); - ip->proto = esptrl.next_header; - trl_len += esptrl.pad_len; - } else if (_ODP_IPPROTO_AH == ip->proto) { - /* - * Finish auth - */ - _odp_ahhdr_t ah; - - if (odp_packet_copy_to_mem(pkt, ipsec_offset, - sizeof(ah), &ah) < 0) { - status->error.alg = 1; - goto err; - } - - ip->proto = ah.next_header; - - /* Restore mutable fields */ - ip->ttl = ip_ttl; - ip->tos = ip_tos; - ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); - } else { + if (ODP_IPSEC_ESP == ipsec_sa->proto) + rc = ipsec_in_esp_post(pkt, &state); + else if (ODP_IPSEC_AH == ipsec_sa->proto) + rc = ipsec_in_ah_post(pkt, &state); + else + rc = -1; + if (rc < 0) { status->error.proto = 1; goto err; } - if (odp_packet_trunc_tail(&pkt, trl_len, NULL, NULL) < 0) { + if (odp_packet_trunc_tail(&pkt, state.in.trl_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } @@ -521,32 +591,36 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { /* We have a tunneled IPv4 packet, strip outer and IPsec * headers */ - odp_packet_move_data(pkt, ip_hdr_len + hdr_len, 0, - ip_offset); - if (odp_packet_trunc_head(&pkt, ip_hdr_len + hdr_len, + odp_packet_move_data(pkt, state.ip_hdr_len + state.in.hdr_len, + 0, + state.ip_offset); + if (odp_packet_trunc_head(&pkt, state.ip_hdr_len + + state.in.hdr_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } + + if (odp_packet_len(pkt) > sizeof(*state.ip)) { + state.ip = odp_packet_l3_ptr(pkt, NULL); + state.ip->ttl -= ipsec_sa->dec_ttl; + _odp_ipv4_csum_update(pkt); + } } else { - odp_packet_move_data(pkt, hdr_len, 0, - ip_offset + ip_hdr_len); - if (odp_packet_trunc_head(&pkt, hdr_len, + odp_packet_move_data(pkt, state.in.hdr_len, 0, + state.ip_offset + state.ip_hdr_len); + if (odp_packet_trunc_head(&pkt, state.in.hdr_len, NULL, NULL) < 0) { status->error.alg = 1; goto err; } - } - - /* Finalize the IPv4 header */ - if (odp_packet_len(pkt) > sizeof(*ip)) { - ip = odp_packet_l3_ptr(pkt, NULL); - - if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) - ipv4_adjust_len(ip, -(hdr_len + trl_len)); - ip->ttl -= ipsec_sa->dec_ttl; - _odp_ipv4_csum_update(pkt); + if (odp_packet_len(pkt) > sizeof(*state.ip)) { + state.ip = odp_packet_l3_ptr(pkt, NULL); + ipv4_adjust_len(state.ip, + -(state.in.hdr_len + state.in.trl_len)); + _odp_ipv4_csum_update(pkt); + } } pkt_hdr = odp_packet_hdr(pkt); @@ -554,7 +628,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, packet_parse_reset(pkt_hdr); packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - ip_offset, _ODP_ETHTYPE_IPV4); + state.ip_offset, _ODP_ETHTYPE_IPV4); *pkt_out = pkt; @@ -577,317 +651,353 @@ uint32_t ipsec_seq_no(ipsec_sa_t *ipsec_sa) } /* Helper for calculating encode length using data length and block size */ -#define ESP_ENCODE_LEN(x, b) ((((x) + ((b) - 1)) / (b)) * (b)) +#define IPSEC_PAD_LEN(x, b) ((((x) + ((b) - 1)) / (b)) * (b)) -static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, - odp_ipsec_sa_t sa, - odp_packet_t *pkt_out, - odp_ipsec_out_opt_t *opt ODP_UNUSED, - odp_ipsec_op_status_t *status) +static int ipsec_out_tunnel_parse_ipv4(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) { - ipsec_sa_t *ipsec_sa = NULL; - uint32_t ip_offset = odp_packet_l3_offset(pkt); - _odp_ipv4hdr_t *ip = odp_packet_l3_ptr(pkt, NULL); - uint16_t ip_hdr_len = ipv4_hdr_len(ip); - odp_crypto_packet_op_param_t param; - unsigned stats_length; - int rc; - uint16_t ipsec_offset; /**< Offset of IPsec header from - buffer start */ - uint8_t iv[IPSEC_MAX_IV_LEN]; /**< ESP IV storage */ - ipsec_aad_t aad; /**< AAD, note ESN is not fully supported */ - unsigned hdr_len; /**< Length of IPsec headers */ - unsigned trl_len; /**< Length of IPsec trailers */ - uint8_t ip_tos; /**< Saved IP TOS value */ - uint8_t ip_ttl; /**< Saved IP TTL value */ - uint16_t ip_frag_offset; /**< Saved IP flags value */ - odp_crypto_packet_result_t crypto; /**< Crypto operation result */ - odp_packet_hdr_t *pkt_hdr; + _odp_ipv4hdr_t *ipv4hdr = state->ip; + uint16_t flags = odp_be_to_cpu_16(ipv4hdr->frag_offset); - ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); - ODP_ASSERT(NULL != ip); + ipv4hdr->ttl -= ipsec_sa->dec_ttl; + state->out_tunnel.ip_tos = ipv4hdr->tos; + state->out_tunnel.ip_df = _ODP_IPV4HDR_FLAGS_DONT_FRAG(flags); - ip_tos = 0; - ip_ttl = 0; - ip_frag_offset = 0; + return 0; +} - ipsec_sa = _odp_ipsec_sa_use(sa); - ODP_ASSERT(NULL != ipsec_sa); +static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv4hdr_t out_ip; + uint16_t flags; + + out_ip.ver_ihl = 0x45; + if (ipsec_sa->copy_dscp) + out_ip.tos = state->out_tunnel.ip_tos; + else + out_ip.tos = (state->out_tunnel.ip_tos & + ~_ODP_IP_TOS_DSCP_MASK) | + (ipsec_sa->out.tun_dscp << + _ODP_IP_TOS_DSCP_SHIFT); + state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; + state->ip_tot_len += _ODP_IPV4HDR_LEN; + + out_ip.tot_len = odp_cpu_to_be_16(state->ip_tot_len); + /* No need to convert to BE: ID just should not be duplicated */ + out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, + 1); + if (ipsec_sa->copy_df) + flags = state->out_tunnel.ip_df; + else + flags = ((uint16_t)ipsec_sa->out.tun_df) << 14; + out_ip.frag_offset = odp_cpu_to_be_16(flags); + out_ip.ttl = ipsec_sa->out.tun_ttl; + out_ip.proto = _ODP_IPPROTO_IPIP; + /* Will be filled later by packet checksum update */ + out_ip.chksum = 0; + out_ip.src_addr = ipsec_sa->out.tun_src_ip; + out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; + + if (odp_packet_extend_head(pkt, _ODP_IPV4HDR_LEN, + NULL, NULL) < 0) + return -1; - /* Initialize parameters block */ - memset(¶m, 0, sizeof(param)); + odp_packet_move_data(*pkt, 0, _ODP_IPV4HDR_LEN, state->ip_offset); - if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode && - _ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { - status->error.alg = 1; - goto err; - } + odp_packet_copy_from_mem(*pkt, state->ip_offset, + _ODP_IPV4HDR_LEN, &out_ip); - if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { - status->error.alg = 1; - goto err; - } + odp_packet_l4_offset_set(*pkt, state->ip_offset + _ODP_IPV4HDR_LEN); - if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { - _odp_ipv4hdr_t out_ip; - uint16_t tot_len; + state->ip = odp_packet_l3_ptr(*pkt, NULL); + state->ip_hdr_len = _ODP_IPV4HDR_LEN; - ip->ttl -= ipsec_sa->dec_ttl; + return 0; +} - out_ip.ver_ihl = 0x45; - if (ipsec_sa->copy_dscp) - out_ip.tos = ip->tos; - else - out_ip.tos = (ip->tos & ~_ODP_IP_TOS_DSCP_MASK) | - (ipsec_sa->out.tun_dscp << - _ODP_IP_TOS_DSCP_SHIFT); - tot_len = odp_be_to_cpu_16(ip->tot_len) + _ODP_IPV4HDR_LEN; - out_ip.tot_len = odp_cpu_to_be_16(tot_len); - /* No need to convert to BE: ID just should not be duplicated */ - out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, - 1); - if (ipsec_sa->copy_df) - out_ip.frag_offset = ip->frag_offset & 0x4000; - else - out_ip.frag_offset = - ((uint16_t)ipsec_sa->out.tun_df) << 14; - out_ip.ttl = ipsec_sa->out.tun_ttl; - out_ip.proto = _ODP_IPV4; - /* Will be filled later by packet checksum update */ - out_ip.chksum = 0; - out_ip.src_addr = ipsec_sa->out.tun_src_ip; - out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; - - if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, - NULL, NULL) < 0) { - status->error.alg = 1; - goto err; +static int ipsec_out_iv(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + return -1; + + memcpy(state->iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(state->iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + if (ipsec_sa->aes_ctr_iv) { + state->iv[12] = 0; + state->iv[13] = 0; + state->iv[14] = 0; + state->iv[15] = 1; } + } else if (ipsec_sa->esp_iv_len) { + uint32_t len; - odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); + len = odp_random_data(state->iv, ipsec_sa->esp_iv_len, + ODP_RANDOM_CRYPTO); - odp_packet_copy_from_mem(pkt, ip_offset, - _ODP_IPV4HDR_LEN, &out_ip); + if (len != ipsec_sa->esp_iv_len) + return -1; + } - odp_packet_l4_offset_set(pkt, ip_offset + _ODP_IPV4HDR_LEN); + return 0; +} - ip = odp_packet_l3_ptr(pkt, NULL); - ip_hdr_len = _ODP_IPV4HDR_LEN; +static int ipsec_out_esp(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_esphdr_t esp; + _odp_esptrl_t esptrl; + uint32_t encrypt_len; + uint16_t ip_data_len = state->ip_tot_len - + state->ip_hdr_len; + uint32_t pad_block = ipsec_sa->esp_block_len; + uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; + unsigned hdr_len; + unsigned trl_len; + + /* ESP trailer should be 32-bit right aligned */ + if (pad_block < 4) + pad_block = 4; + + encrypt_len = IPSEC_PAD_LEN(ip_data_len + _ODP_ESPTRL_LEN, + pad_block); + + hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; + trl_len = encrypt_len - + ip_data_len + + ipsec_sa->icv_len; + + if (ipsec_out_iv(state, ipsec_sa) < 0) { + status->error.alg = 1; + return -1; } - ipsec_offset = ip_offset + ip_hdr_len; + param->override_iv_ptr = state->iv; - if (ipsec_sa->proto == ODP_IPSEC_ESP) { - _odp_esphdr_t esp; - _odp_esptrl_t esptrl; - uint32_t encrypt_len; - uint16_t ip_data_len = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len; - uint32_t pad_block = ipsec_sa->esp_block_len; + if (odp_packet_extend_tail(pkt, trl_len, NULL, NULL) < 0 || + odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } - /* ESP trailer should be 32-bit right aligned */ - if (pad_block < 4) - pad_block = 4; + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); + + state->ip = odp_packet_l3_ptr(*pkt, NULL); + + /* Set IPv4 length before authentication */ + ipv4_adjust_len(state->ip, hdr_len + trl_len); + state->ip_tot_len += hdr_len + trl_len; + + uint32_t esptrl_offset = state->ip_offset + + state->ip_hdr_len + + hdr_len + + encrypt_len - + _ODP_ESPTRL_LEN; + + memset(&esp, 0, sizeof(esp)); + esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); + esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; + + param->aad.ptr = (uint8_t *)&state->aad; + + memset(&esptrl, 0, sizeof(esptrl)); + esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; + esptrl.next_header = state->ip->proto; + state->ip->proto = _ODP_IPPROTO_ESP; + + odp_packet_copy_from_mem(*pkt, + ipsec_offset, _ODP_ESPHDR_LEN, + &esp); + odp_packet_copy_from_mem(*pkt, + ipsec_offset + _ODP_ESPHDR_LEN, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length); + odp_packet_copy_from_mem(*pkt, + esptrl_offset - esptrl.pad_len, + esptrl.pad_len, ipsec_padding); + odp_packet_copy_from_mem(*pkt, + esptrl_offset, _ODP_ESPTRL_LEN, + &esptrl); + + param->cipher_range.offset = ipsec_offset + hdr_len; + param->cipher_range.length = state->ip_tot_len - + state->ip_hdr_len - + hdr_len - + ipsec_sa->icv_len; + + param->auth_range.offset = ipsec_offset; + param->auth_range.length = state->ip_tot_len - + state->ip_hdr_len - + ipsec_sa->icv_len; + param->hash_result_offset = state->ip_offset + + state->ip_tot_len - + ipsec_sa->icv_len; + + state->stats_length = param->cipher_range.length; - encrypt_len = ESP_ENCODE_LEN(ip_data_len + _ODP_ESPTRL_LEN, - pad_block); + return 0; +} - hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; - trl_len = encrypt_len - - ip_data_len + - ipsec_sa->icv_len; +static int ipsec_out_ah(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa, + odp_crypto_packet_op_param_t *param, + odp_ipsec_op_status_t *status) +{ + _odp_ahhdr_t ah; + unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + + ipsec_sa->icv_len; + uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; - if (ipsec_sa->use_counter_iv) { - uint64_t ctr; + /* Save IPv4 stuff */ + state->ah_ipv4.tos = state->ip->tos; + state->ah_ipv4.frag_offset = state->ip->frag_offset; + state->ah_ipv4.ttl = state->ip->ttl; - /* Both GCM and CTR use 8-bit counters */ - ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } - ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, - 1); - /* Check for overrun */ - if (ctr == 0) - goto err; + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - memcpy(iv + ipsec_sa->salt_length, &ctr, - ipsec_sa->esp_iv_len); + state->ip = odp_packet_l3_ptr(*pkt, NULL); - if (ipsec_sa->aes_ctr_iv) { - iv[12] = 0; - iv[13] = 0; - iv[14] = 0; - iv[15] = 1; - } - } else if (ipsec_sa->esp_iv_len) { - uint32_t len; + /* Set IPv4 length before authentication */ + ipv4_adjust_len(state->ip, hdr_len); + state->ip_tot_len += hdr_len; - len = odp_random_data(iv, ipsec_sa->esp_iv_len, - ODP_RANDOM_CRYPTO); + memset(&ah, 0, sizeof(ah)); + ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); + ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; + ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + ah.next_header = state->ip->proto; + state->ip->proto = _ODP_IPPROTO_AH; - if (len != ipsec_sa->esp_iv_len) { - status->error.alg = 1; - goto err; - } - } + state->aad.spi = ah.spi; + state->aad.seq_no = ah.seq_no; - param.override_iv_ptr = iv; + param->aad.ptr = (uint8_t *)&state->aad; - if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + /* For GMAC */ + if (ipsec_out_iv(state, ipsec_sa) < 0) { + status->error.alg = 1; + return -1; + } - if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + param->override_iv_ptr = state->iv; - odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); - - ip = odp_packet_l3_ptr(pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(ip, hdr_len + trl_len); - - uint32_t esptrl_offset = ip_offset + - ip_hdr_len + - hdr_len + - encrypt_len - - _ODP_ESPTRL_LEN; - - memset(&esp, 0, sizeof(esp)); - esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); - esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - - aad.spi = esp.spi; - aad.seq_no = esp.seq_no; - - param.aad.ptr = (uint8_t *)&aad; - - memset(&esptrl, 0, sizeof(esptrl)); - esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; - esptrl.next_header = ip->proto; - ip->proto = _ODP_IPPROTO_ESP; - - odp_packet_copy_from_mem(pkt, - ipsec_offset, _ODP_ESPHDR_LEN, - &esp); - odp_packet_copy_from_mem(pkt, - ipsec_offset + _ODP_ESPHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length); - odp_packet_copy_from_mem(pkt, - esptrl_offset - esptrl.pad_len, - esptrl.pad_len, ipsec_padding); - odp_packet_copy_from_mem(pkt, - esptrl_offset, _ODP_ESPTRL_LEN, - &esptrl); - - param.cipher_range.offset = ipsec_offset + hdr_len; - param.cipher_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - hdr_len - - ipsec_sa->icv_len; - - param.auth_range.offset = ipsec_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - - ip_hdr_len - - ipsec_sa->icv_len; - param.hash_result_offset = ip_offset + - odp_be_to_cpu_16(ip->tot_len) - - ipsec_sa->icv_len; - - stats_length = param.cipher_range.length; - } else if (ipsec_sa->proto == ODP_IPSEC_AH) { - _odp_ahhdr_t ah; - - hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + - ipsec_sa->icv_len; - trl_len = 0; - - /* Save IPv4 stuff */ - ip_tos = ip->tos; - ip_frag_offset = odp_be_to_cpu_16(ip->frag_offset); - ip_ttl = ip->ttl; - - if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + odp_packet_copy_from_mem(*pkt, + ipsec_offset, _ODP_AHHDR_LEN, + &ah); + odp_packet_copy_from_mem(*pkt, + ipsec_offset + _ODP_AHHDR_LEN, + ipsec_sa->esp_iv_len, + state->iv + ipsec_sa->salt_length); + _odp_packet_set_data(*pkt, + ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len, + 0, ipsec_sa->icv_len); - if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - goto err; - } + state->ip->chksum = 0; + state->ip->tos = 0; + state->ip->frag_offset = 0; + state->ip->ttl = 0; - odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); + param->auth_range.offset = state->ip_offset; + param->auth_range.length = state->ip_tot_len; + param->hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + + ipsec_sa->esp_iv_len; - ip = odp_packet_l3_ptr(pkt, NULL); + state->stats_length = param->auth_range.length; - /* Set IPv4 length before authentication */ - ipv4_adjust_len(ip, hdr_len + trl_len); + return 0; +} - memset(&ah, 0, sizeof(ah)); - ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); - ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; - ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - ah.next_header = ip->proto; - ip->proto = _ODP_IPPROTO_AH; +static void ipsec_out_ah_post(ipsec_state_t *state) +{ + state->ip->ttl = state->ah_ipv4.ttl; + state->ip->tos = state->ah_ipv4.tos; + state->ip->frag_offset = state->ah_ipv4.frag_offset; +} - aad.spi = ah.spi; - aad.seq_no = ah.seq_no; +static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, + odp_ipsec_sa_t sa, + odp_packet_t *pkt_out, + odp_ipsec_out_opt_t *opt ODP_UNUSED, + odp_ipsec_op_status_t *status) +{ + ipsec_state_t state; + ipsec_sa_t *ipsec_sa; + odp_crypto_packet_op_param_t param; + int rc; + odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; - param.aad.ptr = (uint8_t *)&aad; + state.ip_offset = odp_packet_l3_offset(pkt); + ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); - /* For GMAC */ - if (ipsec_sa->use_counter_iv) { - uint64_t ctr; + state.ip = odp_packet_l3_ptr(pkt, NULL); + ODP_ASSERT(NULL != state.ip); - ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); - ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, - 1); - /* Check for overrun */ - if (ctr == 0) - goto err; + /* Initialize parameters block */ + memset(¶m, 0, sizeof(param)); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - memcpy(iv + ipsec_sa->salt_length, &ctr, - ipsec_sa->esp_iv_len); - param.override_iv_ptr = iv; + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) { + rc = ipsec_parse_ipv4(&state); + if (state.ip_tot_len + state.ip_offset != odp_packet_len(pkt)) + rc = -1; + } else { + rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + if (rc < 0) { + status->error.alg = 1; + goto err; } - odp_packet_copy_from_mem(pkt, - ipsec_offset, _ODP_AHHDR_LEN, - &ah); - odp_packet_copy_from_mem(pkt, - ipsec_offset + _ODP_AHHDR_LEN, - ipsec_sa->esp_iv_len, - iv + ipsec_sa->salt_length); - _odp_packet_set_data(pkt, - ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len, - 0, ipsec_sa->icv_len); - - ip->chksum = 0; - ip->tos = 0; - ip->frag_offset = 0; - ip->ttl = 0; - - param.auth_range.offset = ip_offset; - param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); - param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN + - ipsec_sa->esp_iv_len; - - stats_length = param.auth_range.length; + rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + } + if (rc < 0) { + status->error.alg = 1; + goto err; + } + + if (ODP_IPSEC_ESP == ipsec_sa->proto) { + rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status); + } else if (ODP_IPSEC_AH == ipsec_sa->proto) { + rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status); } else { status->error.alg = 1; goto err; } + if (rc < 0) + goto err; /* No need to run precheck here, we know that packet is authentic */ - if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + if (_odp_ipsec_sa_stats_update(ipsec_sa, + state.stats_length, + status) < 0) goto err; param.session = ipsec_sa->session; @@ -922,14 +1032,9 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto err; } - ip = odp_packet_l3_ptr(pkt, NULL); - /* Finalize the IPv4 header */ - if (ip->proto == _ODP_IPPROTO_AH) { - ip->ttl = ip_ttl; - ip->tos = ip_tos; - ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); - } + if (ODP_IPSEC_AH == ipsec_sa->proto) + ipsec_out_ah_post(&state); _odp_ipv4_csum_update(pkt); From patchwork Thu Nov 30 13:00:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120175 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp640141qgn; Thu, 30 Nov 2017 05:04:05 -0800 (PST) X-Google-Smtp-Source: AGs4zMYTTbo+SVtVJTUSwFczBtr3LESjLTbalTOp0MwFcLBw2AMrJr07O1J3auRJpnLkXGH5GlDp X-Received: by 10.200.63.140 with SMTP id d12mr3329632qtk.253.1512047044803; Thu, 30 Nov 2017 05:04:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047044; cv=none; d=google.com; s=arc-20160816; b=gG6Z4MqDkiQNW6b8tWYlsTX7rochmxpiqofL4KuGthQJ7O6yxfWmgEXCXDECConKB8 C1tgovmrCwKe0IG2OJsdeK7qsUiduYUfQyqsfJzR4yGyGiM/1NKnmD276Sb4Aiq1mIT5 Vwrb40DTnKXBXNfwPQp2aKWkbC/OtLON2rZvA2czlXrWx9RBPqJnRW/ZjQ3bWMjmN28E k4U4gnPSZp8BqLl6vcIh5OPUlpSWuW0KHJYwwbWeelwAq3RS8GXVNVc9k0TPGyegxsb9 CU5q+f034bTvJtS3zCkBnDArhSPt40HGms6+uT7T/OLfSTSLyV1Sw+4AS3pk87Kmp7Ox B3fA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=fRit8iF0td6S4iEdyoRGX/Hv3EgK8jC0EJc+e9kANWQ=; b=as5+vPcz1oORuQdgT9/zSni+XRy9M20GpKGT0mnnQn9Us8OinXmtSkIYm5D3KJV9Oe J/Ebt+zr+g8b7yIhiykTJ5tsfgBJrs+OE6mdDv8z3fjJU4rTlN0oe++SbqD/RpraBwo1 t/3qmMsIObGEp9K2yVhCrFlymXqoZxcryTep3LZ3uHJ8meF6BPZobCm12FLwmTHNY2s5 9oP3mLJQZpAGmf+Js0SFyydvV0nRH3EdR3uVq1HcGkyxePoh7vs8Xoa5LRXDSjhWjZBg O8HZRfIznb0kF/m9pkantgDLqbfPZK4dOED1yvPKaE1RWy2QfelphahIOiMZF4GF7paH YCdg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id f27si3095803qkf.11.2017.11.30.05.04.04; Thu, 30 Nov 2017 05:04:04 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 7036260A0B; Thu, 30 Nov 2017 13:04:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 182E360959; Thu, 30 Nov 2017 13:01:08 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id B58236093E; Thu, 30 Nov 2017 13:00:33 +0000 (UTC) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [37.140.190.181]) by lists.linaro.org (Postfix) with ESMTPS id DD040607FB for ; Thu, 30 Nov 2017 13:00:21 +0000 (UTC) Received: from mxback8g.mail.yandex.net (mxback8g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:169]) by forward101o.mail.yandex.net (Yandex) with ESMTP id 560A51345595 for ; Thu, 30 Nov 2017 16:00:20 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback8g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id AFsFguVsLV-0KdubEiT; Thu, 30 Nov 2017 16:00:20 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0JGOGWkq; Thu, 30 Nov 2017 16:00:19 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:02 +0300 Message-Id: <1512046815-10630-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 3/16] validation: ipsec: fix next_header field in mcgrew gcm test vectors X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Test vectors from draft-mcgrew-gcm-test-01 contain invalid next_header field in ESP trailers (0x01 = ICMP instead of 0x04 = IPv4). Correct test vectors. Test 12 is disabled till NoNH packets are properly supported in a defined way. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ test/validation/api/ipsec/ipsec_test_in.c | 4 ++++ test/validation/api/ipsec/test_vectors.h | 30 +++++++++++++++--------------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index daafaf69a..5af98112a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -947,6 +947,7 @@ static void test_in_ipv4_mcgrew_gcm_4_esp(void) ipsec_sa_destroy(sa); } +#if 0 static void test_in_ipv4_mcgrew_gcm_12_esp(void) { odp_ipsec_tunnel_param_t tunnel = {}; @@ -977,6 +978,7 @@ static void test_in_ipv4_mcgrew_gcm_12_esp(void) ipsec_sa_destroy(sa); } +#endif static void test_in_ipv4_mcgrew_gcm_15_esp(void) { @@ -1094,8 +1096,10 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_aes_gcm_256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_4_esp, ipsec_check_esp_aes_gcm_128), +#if 0 ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_12_esp, ipsec_check_esp_aes_gcm_128), +#endif ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_mcgrew_gcm_15_esp, ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 51aa97ccb..c057f7765 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -1021,9 +1021,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_2_esp = { 0x3d, 0xe8, 0x18, 0x27, 0xc1, 0x0e, 0x9a, 0x4f, 0x51, 0x33, 0x0d, 0x0e, 0xec, 0x41, 0x66, 0x42, 0xcf, 0xbb, 0x85, 0xa5, 0xb4, 0x7e, 0x48, 0xa4, - 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd1, - 0x83, 0xb7, 0x0d, 0x3a, 0xa8, 0xbc, 0x6e, 0xe4, - 0xc3, 0x09, 0xe9, 0xd8, 0x5a, 0x41, 0xad, 0x4a, + 0xec, 0x3b, 0x9b, 0xa9, 0x5d, 0x91, 0x8b, 0xd4, + 0x26, 0xf8, 0x39, 0x1b, 0x99, 0x27, 0xd0, 0xfc, + 0xc9, 0x84, 0x56, 0x1b, 0xbb, 0xce, 0x9f, 0xc0, }, }; @@ -1078,9 +1078,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_3_esp = { 0x06, 0xef, 0xae, 0x9d, 0x65, 0xa5, 0xd7, 0x63, 0x74, 0x8a, 0x63, 0x79, 0x85, 0x77, 0x1d, 0x34, 0x7f, 0x05, 0x45, 0x65, 0x9f, 0x14, 0xe9, 0x9d, - 0xef, 0x84, 0x2d, 0x8e, 0xb3, 0x35, 0xf4, 0xee, - 0xcf, 0xdb, 0xf8, 0x31, 0x82, 0x4b, 0x4c, 0x49, - 0x15, 0x95, 0x6c, 0x96, + 0xef, 0x84, 0x2d, 0x8b, 0x42, 0xf5, 0x64, 0xf5, + 0x2d, 0xfd, 0xd6, 0xee, 0xf4, 0xf9, 0x2e, 0xad, + 0xba, 0xc2, 0x39, 0x90, }, }; @@ -1137,9 +1137,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_4_esp = { 0x45, 0x64, 0x76, 0x49, 0x27, 0x19, 0xff, 0xb6, 0x4d, 0xe7, 0xd9, 0xdc, 0xa1, 0xe1, 0xd8, 0x94, 0xbc, 0x3b, 0xd5, 0x78, 0x73, 0xed, 0x4d, 0x18, - 0x1d, 0x19, 0xd4, 0xd5, 0xc8, 0xc1, 0x8a, 0xf3, - 0xf8, 0x21, 0xd4, 0x96, 0xee, 0xb0, 0x96, 0xe9, - 0x8a, 0xd2, 0xb6, 0x9e, 0x47, 0x99, 0xc7, 0x1d, + 0x1d, 0x19, 0xd4, 0xd5, 0xc8, 0xc1, 0x8a, 0xf6, + 0xfe, 0x1d, 0x73, 0x72, 0x22, 0x8a, 0x69, 0xf4, + 0x0d, 0xeb, 0x37, 0x3d, 0xdc, 0x01, 0x67, 0x6b, }, }; @@ -1177,9 +1177,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_12_esp = { 0x43, 0x45, 0x7e, 0x91, 0x82, 0x44, 0x3b, 0xc6, /* Data */ - 0x43, 0x7f, 0x86, 0x6b, 0xcb, 0x3f, 0x69, 0x9f, - 0xe9, 0xb0, 0x82, 0x2b, 0xac, 0x96, 0x1c, 0x45, - 0x04, 0xbe, 0xf2, 0x70, + 0x43, 0x7f, 0x86, 0x51, 0x7e, 0xa5, 0x95, 0xd2, + 0xca, 0x00, 0x4c, 0x33, 0x38, 0x8c, 0x46, 0x77, + 0x0c, 0x59, 0x0a, 0xd6, }, }; @@ -1234,9 +1234,9 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = { 0x02, 0x00, 0x07, 0x00, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, - 0x01, 0x02, 0x02, 0x01, 0xf2, 0xa9, 0xa8, 0x36, - 0xe1, 0x55, 0x10, 0x6a, 0xa8, 0xdc, 0xd6, 0x18, - 0xe4, 0x09, 0x9a, 0xaa, + 0x01, 0x02, 0x02, 0x04, 0x59, 0x4f, 0x40, 0x55, + 0x42, 0x8d, 0x39, 0x9a, 0x9d, 0x66, 0xc1, 0x5e, + 0x77, 0x02, 0x3a, 0x98, }, }; From patchwork Thu Nov 30 13:00:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120174 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp638420qgn; Thu, 30 Nov 2017 05:03:00 -0800 (PST) X-Google-Smtp-Source: AGs4zMb3y31GaJFplnHFV3YtHM5xkWYLaQ5DOpBYOZn1svRkP19TOb5Zzjonq1dvKM7M38MU4kgy X-Received: by 10.200.55.155 with SMTP id d27mr3352028qtc.115.1512046980100; Thu, 30 Nov 2017 05:03:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512046980; cv=none; d=google.com; s=arc-20160816; b=R+d97lcTwP2kHje3pkz6I1KD/rdlXiqq3nPNvuhUFCOLqKMgKgP9ul9cNEkqYUUBcC ZNlXqLLcHULVLVilSRK4xTOUImgRmqbHGWFxiCjkvW8Len+sr5RxGvmAl2CDTXYxs2Uz ABWqK9fvC+ocvuV2Wi+HfKlpFU6dOkWgbcUJOWjultuaOufDo7ifQdejHOSbEYuGz5DT 9Ym5I86WTaBibWei4S71H3XGoe5PFv4OGAH5vW74npdPhXspd0ArHjSmBlsmRLRHMF6d d3j0pYcAUox7HfSPJeols6Bqy+ykns/ze7eiqGj5EwiHbe+vDRDQ8Bz7chGBOxZ8vJhw KaCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Ja/mSE0aP/ym9tO6Abu3FcmveGnDbye7DatBson5PXA=; b=gcUmJIfVStKn9Xz6gNgB0j95cAGIvhRw8HCl5M7PPp2pmDta0MKgTfBVpJ34hGy7WG I9+HvA9xNKbQ76vhs+kq83jWAjDQYqfYBNr1nE9SlnP4ccntAKoWANr7pN2YxsZBnv4o xe7ZEkgVW/rAp4v63kyM/oypHs3ZfhQDYg9h/+EFsQql78DZ9lyMVMIuUOCrZIKsESg8 slc3xZac38OeJLic0d7hBASjLXKOQrDLgVa+BhVv/drfGvkYhCSdTpcX2zBJWnFoe60k 7nvUNJDZs67QQY+FvodxUGbofmbKI7eKZjKq8o7IUNtVZ2/IoHnl7ssPZ4rKP07uuhtx HlzQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id f13si4070355qtj.435.2017.11.30.05.02.59; Thu, 30 Nov 2017 05:03:00 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id BDA2F60A0B; Thu, 30 Nov 2017 13:02:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id C646660905; Thu, 30 Nov 2017 13:00:57 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5B72660943; Thu, 30 Nov 2017 13:00:33 +0000 (UTC) Received: from forward102p.mail.yandex.net (forward102p.mail.yandex.net [77.88.28.102]) by lists.linaro.org (Postfix) with ESMTPS id 041726082E for ; Thu, 30 Nov 2017 13:00:22 +0000 (UTC) Received: from mxback2o.mail.yandex.net (mxback2o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1c]) by forward102p.mail.yandex.net (Yandex) with ESMTP id DF166430705B for ; Thu, 30 Nov 2017 16:00:20 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback2o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id dZpsHYlAA7-0Kq4dmSL; Thu, 30 Nov 2017 16:00:20 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0KGaujDg; Thu, 30 Nov 2017 16:00:20 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:03 +0300 Message-Id: <1512046815-10630-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 4/16] linux-gen: don't include odp_ipsec_internal.h in odp_packet_internal.h X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Such include adds unnecessary build dependencies. Just include , which is enough. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ platform/linux-generic/include/odp_packet_internal.h | 2 +- platform/linux-generic/pktio/loop.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp_packet_internal.h b/platform/linux-generic/include/odp_packet_internal.h index ab31d0704..58b7ffe7f 100644 --- a/platform/linux-generic/include/odp_packet_internal.h +++ b/platform/linux-generic/include/odp_packet_internal.h @@ -25,7 +25,7 @@ extern "C" { #include #include #include -#include +#include #include #include diff --git a/platform/linux-generic/pktio/loop.c b/platform/linux-generic/pktio/loop.c index 8bb4b4f14..199aa482f 100644 --- a/platform/linux-generic/pktio/loop.c +++ b/platform/linux-generic/pktio/loop.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include From patchwork Thu Nov 30 13:00:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120173 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp637092qgn; Thu, 30 Nov 2017 05:02:07 -0800 (PST) X-Google-Smtp-Source: AGs4zMbhrEFcOMZhaOWNhwFe5GgW4FPDh6U9M/gucEVxDjvRj08DR2iRBY/zWC+HcU3O9yb8YDfC X-Received: by 10.200.26.13 with SMTP id v13mr3328305qtj.107.1512046927626; Thu, 30 Nov 2017 05:02:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512046927; cv=none; d=google.com; s=arc-20160816; b=d+oX5Q62jhez/BaPubrOGtbnsiq8wTv0uYKpn6/t3iZ+Rwa7vVKLCkDpgzXF5MRH+b YRqT2LBo8KtMf76hOldPdRRSzEiPYamL/0GOihwhr2T8iE1yc52bcDLn7jf2QU7qk2U+ ECHMpWY7BTra394EkmAlINqbx2VCsPMLrA/0/Z/ahGFNw0w82jadXB9Btdx6GNDvAPxS 27e3UjUGeM1brkc/V/oCni4dWMvdhdepin5Qio0F04XHPwl0XgRW7j5xLuKHYbotMWW5 UGGmoX8ri2ejJ2U4cIIoDN7yjdKewK+yiTpixzeCykWH/hVU8LG4J2Z1UVFGsww6y+Wy R3HA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=2hlz/cryh98T6mn1fzN9GLCulxSwrDPMeSA1MOII13s=; b=Nk6P2fVlkVQn5Ed7PnRnRHnZ4oaGd6qgw1rSTeK/8djjdoh2hGZ3ZjQIKnEEHwIEA8 5m/mvqy/TE2GvvHVgQvKbHAui5AxOsPK3ufbrH9UfzM2j+wviROSSmes38Xn7RKx2wxd p7VUewryBmQtvtZD9ZHeXM93LynRNM1fHuomeLdJh0vPo0wXGNFGWG9k2i4QaJHQ1TRK EsvU3U9RMpVW3TORRh08xAO5wPgdAClmRR+9OoNsJ+e59o4ckVuzElj1MjLv5VyvGY23 aAUNesrrA1UsBMLDSU9wZzHHcfnBWOycHYsMCPF0mmaGieb2SVxDMv7zeqtsobtvL2JM bC5w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id z93si2228555qtd.79.2017.11.30.05.02.07; Thu, 30 Nov 2017 05:02:07 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 305A2609A5; Thu, 30 Nov 2017 13:02:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 74F3F6074A; Thu, 30 Nov 2017 13:00:44 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A77CA60902; Thu, 30 Nov 2017 13:00:32 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id D9E4E60902 for ; Thu, 30 Nov 2017 13:00:22 +0000 (UTC) Received: from mxback8j.mail.yandex.net (mxback8j.mail.yandex.net [IPv6:2a02:6b8:0:1619::111]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 960DC4446891 for ; Thu, 30 Nov 2017 16:00:21 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback8j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 0F7y3bD2DQ-0LxG6xrd; Thu, 30 Nov 2017 16:00:21 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0KGmIfNX; Thu, 30 Nov 2017 16:00:20 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:04 +0300 Message-Id: <1512046815-10630-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 5/16] linux-gen: protocols: ip: add more ipv6 defines X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ platform/linux-generic/include/protocols/ip.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/platform/linux-generic/include/protocols/ip.h b/platform/linux-generic/include/protocols/ip.h index 0fc391abe..7b6b736a6 100644 --- a/platform/linux-generic/include/protocols/ip.h +++ b/platform/linux-generic/include/protocols/ip.h @@ -161,11 +161,13 @@ typedef struct ODP_PACKED { #define _ODP_IPPROTO_IPIP 0x04 /**< IP Encapsulation within IP (4) */ #define _ODP_IPPROTO_TCP 0x06 /**< Transmission Control Protocol (6) */ #define _ODP_IPPROTO_UDP 0x11 /**< User Datagram Protocol (17) */ +#define _ODP_IPPROTO_IPV6 0x29 /**< IPv6 Routing header (41) */ #define _ODP_IPPROTO_ROUTE 0x2B /**< IPv6 Routing header (43) */ #define _ODP_IPPROTO_FRAG 0x2C /**< IPv6 Fragment (44) */ #define _ODP_IPPROTO_AH 0x33 /**< Authentication Header (51) */ #define _ODP_IPPROTO_ESP 0x32 /**< Encapsulating Security Payload (50) */ #define _ODP_IPPROTO_ICMPv6 0x3A /**< Internet Control Message Protocol (58) */ +#define _ODP_IPPROTO_DEST 0x3C /**< IPv6 Destination header (60) */ #define _ODP_IPPROTO_SCTP 0x84 /**< Stream Control Transmission protocol (132) */ #define _ODP_IPPROTO_INVALID 0xFF /**< Reserved invalid by IANA */ From patchwork Thu Nov 30 13:00:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120183 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp652380qgn; Thu, 30 Nov 2017 05:13:30 -0800 (PST) X-Google-Smtp-Source: AGs4zMY5nPZXAc2eecyiff9/OjstQh+Mh4Bf2dUdmE9EQ4NvQqJdNA6nDKBrent9ue1SC8ov9H/1 X-Received: by 10.55.21.39 with SMTP id f39mr2562897qkh.263.1512047610460; Thu, 30 Nov 2017 05:13:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047610; cv=none; d=google.com; s=arc-20160816; b=er/ln76T6HzHMtqWldioH6OgC4yB5FR67TtgEA0gaBukbnbXUDzKwthsPz9PDuoZLP 1DS2hyizM2/4NYONBe1rRQ0LulAz2n6/7B/Z7O7S0LzBVF8aRXVe2KQVaai8LGC22akO BprjR8w8svdAW/fUiHa58vMlYK/6wkojpMLYGqnyQ8F1e5mYkGTIRkw62uc3XX9tTICm 16UKhdMyx4mPRTysrPvAFiHmMOb5Wzjur6D6GgRlbxD1T/0w6/ulBiRpyvsPnUsej/0F Mi/KFISvyNyhqXAaBmaf8TqiwgsVFqO2lVm/6Cf2JKybhdRJrgEZGw7sZivxvvOOF46z xM5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=BC6jgfeEGX7ecaxk0YqLGFE82ByRT1Ib9yrWPKUAw7M=; b=SpM8M6Imp6ZdbDl241nKcaRpIquO9w8V6NBR/Z9ZJzOl50NYwX9zcLxTk4xkqJ90/E 9OhpMB6bLmqln2iD2uc8BAQdl43dgJqADszIhAvl6c42O8QNYqWpClkbHZUMDTAZdh5d w1XnfAvoynjhopfpo6L8KRc4WMbDKOJtnP7YcdflDDEZ8iyUrsoWIMvqAMZjUM2duT5G 4iYdKgl12BzAmkbs+4Gd2l84wr4MHBmpMcRWO364LCU89XSRNzbfirxgM1w1Dw+zBRsx LpQUVwJsQBvntIGJsgu8KYTMSzpuZuzcxANpgb+JxEDE0XysRANLp72lWpsoNaR2WPls 2ikg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id z188si172945qka.0.2017.11.30.05.13.30; Thu, 30 Nov 2017 05:13:30 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id F08556092C; Thu, 30 Nov 2017 13:13:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 7615A6098B; Thu, 30 Nov 2017 13:01:49 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 8AC9E6092C; Thu, 30 Nov 2017 13:00:51 +0000 (UTC) Received: from forward100j.mail.yandex.net (forward100j.mail.yandex.net [5.45.198.240]) by lists.linaro.org (Postfix) with ESMTPS id 04FA060905 for ; Thu, 30 Nov 2017 13:00:25 +0000 (UTC) Received: from mxback1o.mail.yandex.net (mxback1o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1b]) by forward100j.mail.yandex.net (Yandex) with ESMTP id 68F905D834E3 for ; Thu, 30 Nov 2017 16:00:23 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback1o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id jPquQiLVft-0NDGsfOa; Thu, 30 Nov 2017 16:00:23 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0LGOqHm2; Thu, 30 Nov 2017 16:00:21 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:05 +0300 Message-Id: <1512046815-10630-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 6/16] linux-gen: ipsec: implement IPv6 protocol support X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Implement support for handling IPv6 packets and IPv6 tunnels. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ .../linux-generic/include/odp_ipsec_internal.h | 44 +- platform/linux-generic/odp_ipsec.c | 468 ++++++++++++++++----- platform/linux-generic/odp_ipsec_sad.c | 67 ++- 3 files changed, 440 insertions(+), 139 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 06447870b..b294e7c4a 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -24,6 +24,8 @@ extern "C" { #include #include +#include + /** @ingroup odp_ipsec * @{ */ @@ -127,10 +129,12 @@ struct ipsec_sa_s { unsigned dec_ttl : 1; unsigned copy_dscp : 1; unsigned copy_df : 1; + unsigned copy_flabel : 1; unsigned aes_ctr_iv : 1; /* Only for outbound */ unsigned use_counter_iv : 1; + unsigned tun_ipv4 : 1; /* Only for inbound */ unsigned antireplay : 1; @@ -140,23 +144,38 @@ struct ipsec_sa_s { union { struct { odp_ipsec_lookup_mode_t lookup_mode; - odp_u32be_t lookup_dst_ip; + odp_ipsec_ip_version_t lookup_ver; + union { + odp_u32be_t lookup_dst_ipv4; + uint8_t lookup_dst_ipv6[_ODP_IPV6ADDR_LEN]; + }; odp_atomic_u64_t antireplay; } in; struct { - odp_u32be_t tun_src_ip; - odp_u32be_t tun_dst_ip; - - /* 32-bit from which low 16 are used */ - odp_atomic_u32_t tun_hdr_id; - odp_atomic_u32_t seq; - odp_atomic_u64_t counter; /* for CTR/GCM */ + odp_atomic_u32_t seq; - uint8_t tun_ttl; - uint8_t tun_dscp; - uint8_t tun_df; + union { + struct { + odp_u32be_t src_ip; + odp_u32be_t dst_ip; + + /* 32-bit from which low 16 are used */ + odp_atomic_u32_t hdr_id; + + uint8_t ttl; + uint8_t dscp; + uint8_t df; + } tun_ipv4; + struct { + uint8_t src_ip[_ODP_IPV6ADDR_LEN]; + uint8_t dst_ip[_ODP_IPV6ADDR_LEN]; + uint8_t hlimit; + uint8_t dscp; + uint32_t flabel; + } tun_ipv6; + }; } out; }; }; @@ -171,7 +190,8 @@ typedef struct odp_ipsec_sa_lookup_s { /** SPI value */ uint32_t spi; - /* FIXME: IPv4 vs IPv6 */ + /** IP protocol version */ + odp_ipsec_ip_version_t ver; /** IP destination address (NETWORK ENDIAN) */ void *dst_addr; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6ce5bc781..ae2fa10a4 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -125,6 +125,8 @@ static inline int _odp_ipv4_csum(odp_packet_t pkt, #define _ODP_IPV4HDR_CSUM_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, chksum) #define _ODP_IPV4HDR_PROTO_OFFSET ODP_OFFSETOF(_odp_ipv4hdr_t, proto) +#define _ODP_IPV6HDR_NHDR_OFFSET ODP_OFFSETOF(_odp_ipv6hdr_t, next_hdr) +#define _ODP_IPV6HDREXT_NHDR_OFFSET ODP_OFFSETOF(_odp_ipv6hdr_ext_t, next_hdr) /** * Calculate and fill in IPv4 checksum @@ -159,11 +161,6 @@ static inline int _odp_ipv4_csum_update(odp_packet_t pkt) } #define ipv4_hdr_len(ip) (_ODP_IPV4HDR_IHL((ip)->ver_ihl) * 4) -static inline -void ipv4_adjust_len(_odp_ipv4hdr_t *ip, int adj) -{ - ip->tot_len = odp_cpu_to_be_16(odp_be_to_cpu_16(ip->tot_len) + adj); -} static const uint8_t ipsec_padding[255] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -219,13 +216,17 @@ static inline odp_pktio_parser_layer_t parse_layer(odp_ipsec_proto_layer_t l) } typedef struct { - _odp_ipv4hdr_t *ip; + void *ip; unsigned stats_length; uint16_t ip_offset; uint16_t ip_hdr_len; uint16_t ip_tot_len; + uint16_t ip_next_hdr_offset; + uint8_t ip_next_hdr; + unsigned is_ipv4 : 1; union { struct { + uint32_t ip_flabel; uint16_t ip_df; uint8_t ip_tos; } out_tunnel; @@ -233,25 +234,76 @@ typedef struct { uint16_t hdr_len; uint16_t trl_len; } in; + odp_u32be_t ipv4_addr; + uint8_t ipv6_addr[_ODP_IPV6ADDR_LEN]; }; union { struct { uint8_t tos; uint8_t ttl; - uint16_t frag_offset; + odp_u16be_t frag_offset; } ah_ipv4; + struct { + odp_u32be_t ver_tc_flow; + uint8_t hop_limit; + } ah_ipv6; }; ipsec_aad_t aad; uint8_t iv[IPSEC_MAX_IV_LEN]; } ipsec_state_t; -static int ipsec_parse_ipv4(ipsec_state_t *state) +static int ipsec_parse_ipv4(ipsec_state_t *state, odp_packet_t pkt) { - if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(state->ip->frag_offset))) + _odp_ipv4hdr_t ipv4hdr; + + odp_packet_copy_to_mem(pkt, state->ip_offset, + _ODP_IPV4HDR_LEN, &ipv4hdr); + + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ipv4hdr.frag_offset))) return -1; - state->ip_hdr_len = ipv4_hdr_len(state->ip); - state->ip_tot_len = odp_be_to_cpu_16(state->ip->tot_len); + state->ip_hdr_len = ipv4_hdr_len(&ipv4hdr); + state->ip_tot_len = odp_be_to_cpu_16(ipv4hdr.tot_len); + state->ip_next_hdr = ipv4hdr.proto; + state->ip_next_hdr_offset = state->ip_offset + + _ODP_IPV4HDR_PROTO_OFFSET; + state->ipv4_addr = ipv4hdr.dst_addr; + + return 0; +} + +static int ipsec_parse_ipv6(ipsec_state_t *state, odp_packet_t pkt) +{ + _odp_ipv6hdr_t ipv6hdr; + _odp_ipv6hdr_ext_t ipv6hdrext; + + odp_packet_copy_to_mem(pkt, state->ip_offset, + _ODP_IPV6HDR_LEN, &ipv6hdr); + + state->ip_hdr_len = _ODP_IPV6HDR_LEN; + state->ip_next_hdr = ipv6hdr.next_hdr; + state->ip_next_hdr_offset = state->ip_offset + _ODP_IPV6HDR_NHDR_OFFSET; + /* FIXME: Jumbo frames */ + state->ip_tot_len = odp_be_to_cpu_16(ipv6hdr.payload_len) + + _ODP_IPV6HDR_LEN; + memcpy(state->ipv6_addr, &ipv6hdr.dst_addr, _ODP_IPV6ADDR_LEN); + + while (state->ip_next_hdr == _ODP_IPPROTO_HOPOPTS || + state->ip_next_hdr == _ODP_IPPROTO_DEST || + state->ip_next_hdr == _ODP_IPPROTO_ROUTE) { + odp_packet_copy_to_mem(pkt, + state->ip_offset + state->ip_hdr_len, + sizeof(ipv6hdrext), + &ipv6hdrext); + state->ip_next_hdr = ipv6hdrext.next_hdr; + state->ip_next_hdr_offset = state->ip_offset + + state->ip_hdr_len + + _ODP_IPV6HDREXT_NHDR_OFFSET; + state->ip_hdr_len += (ipv6hdrext.ext_len + 1) * 8; + } + + if (_ODP_IPPROTO_FRAG == state->ip_next_hdr) + return -1; return 0; } @@ -259,6 +311,7 @@ static int ipsec_parse_ipv4(ipsec_state_t *state) static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, odp_ipsec_protocol_t proto, uint32_t spi, + odp_ipsec_ip_version_t ver, void *dst_addr, odp_ipsec_op_status_t *status) { @@ -269,6 +322,7 @@ static inline ipsec_sa_t *ipsec_get_sa(odp_ipsec_sa_t sa, lookup.proto = proto; lookup.spi = spi; + lookup.ver = ver; lookup.dst_addr = dst_addr; ipsec_sa = _odp_ipsec_sa_lookup(&lookup); @@ -332,7 +386,9 @@ static int ipsec_in_esp(odp_packet_t *pkt, ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_ESP, odp_be_to_cpu_32(esp.spi), - &state->ip->dst_addr, status); + state->is_ipv4 ? ODP_IPSEC_IPV4 : + ODP_IPSEC_IPV6, + &state->ipv4_addr, status); *_ipsec_sa = ipsec_sa; if (status->error.all) return -1; @@ -386,8 +442,10 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; - state->ip->proto = esptrl.next_header; + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, + 1, &esptrl.next_header); state->in.trl_len += esptrl.pad_len; + state->ip_next_hdr = esptrl.next_header; return 0; } @@ -413,7 +471,9 @@ static int ipsec_in_ah(odp_packet_t *pkt, ipsec_sa = ipsec_get_sa(sa, ODP_IPSEC_AH, odp_be_to_cpu_32(ah.spi), - &state->ip->dst_addr, status); + state->is_ipv4 ? ODP_IPSEC_IPV4 : + ODP_IPSEC_IPV6, + &state->ipv4_addr, status); *_ipsec_sa = ipsec_sa; if (status->error.all) return -1; @@ -429,19 +489,31 @@ static int ipsec_in_ah(odp_packet_t *pkt, state->in.hdr_len = (ah.ah_len + 2) * 4; state->in.trl_len = 0; - /* Save everything to context */ - state->ah_ipv4.tos = state->ip->tos; - state->ah_ipv4.frag_offset = state->ip->frag_offset; - state->ah_ipv4.ttl = state->ip->ttl; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + /* Save everything to context */ + state->ah_ipv4.tos = ipv4hdr->tos; + state->ah_ipv4.frag_offset = ipv4hdr->frag_offset; + state->ah_ipv4.ttl = ipv4hdr->ttl; + + /* FIXME: zero copy of header, passing it to crypto! */ + /* + * If authenticating, zero the mutable fields build the request + */ + ipv4hdr->chksum = 0; + ipv4hdr->tos = 0; + ipv4hdr->frag_offset = 0; + ipv4hdr->ttl = 0; + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; - /* FIXME: zero copy of header, passing it to crypto! */ - /* - * If authenticating, zero the mutable fields build the request - */ - state->ip->chksum = 0; - state->ip->tos = 0; - state->ip->frag_offset = 0; - state->ip->ttl = 0; + state->ah_ipv6.ver_tc_flow = ipv6hdr->ver_tc_flow; + state->ah_ipv6.hop_limit = ipv6hdr->hop_limit; + ipv6hdr->ver_tc_flow = + odp_cpu_to_be_32(6 << _ODP_IPV6HDR_VERSION_SHIFT); + ipv6hdr->hop_limit = 0; + } state->aad.spi = ah.spi; state->aad.seq_no = ah.seq_no; @@ -470,12 +542,23 @@ static int ipsec_in_ah_post(odp_packet_t pkt, sizeof(ah), &ah) < 0) return -1; - state->ip->proto = ah.next_header; + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, + 1, &ah.next_header); /* Restore mutable fields */ - state->ip->ttl = state->ah_ipv4.ttl; - state->ip->tos = state->ah_ipv4.tos; - state->ip->frag_offset = state->ah_ipv4.frag_offset; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + ipv4hdr->ttl = state->ah_ipv4.ttl; + ipv4hdr->tos = state->ah_ipv4.tos; + ipv4hdr->frag_offset = state->ah_ipv4.frag_offset; + } else { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv6hdr->ver_tc_flow = state->ah_ipv6.ver_tc_flow; + ipv6hdr->hop_limit = state->ah_ipv6.hop_limit; + } + state->ip_next_hdr = ah.next_header; return 0; } @@ -501,7 +584,17 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); - rc = ipsec_parse_ipv4(&state); + /* + * FIXME: maybe use packet flag as below ??? + * This adds requirement that input packets contain not only valid + * l3/l4 offsets, but also valid packet flags + * state.is_ipv4 = odp_packet_has_ipv4(pkt); + */ + state.is_ipv4 = (((uint8_t *)state.ip)[0] >> 4) == 0x4; + if (state.is_ipv4) + rc = ipsec_parse_ipv4(&state, pkt); + else + rc = ipsec_parse_ipv6(&state, pkt); if (rc < 0 || state.ip_tot_len + state.ip_offset > odp_packet_len(pkt)) { status->error.alg = 1; @@ -509,9 +602,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, } /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == state.ip->proto) { + if (_ODP_IPPROTO_ESP == state.ip_next_hdr) { rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); - } else if (_ODP_IPPROTO_AH == state.ip->proto) { + } else if (_ODP_IPPROTO_AH == state.ip_next_hdr) { rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else { status->error.proto = 1; @@ -587,6 +680,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } + state.ip_tot_len -= state.in.trl_len; if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { /* We have a tunneled IPv4 packet, strip outer and IPsec @@ -600,11 +694,14 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } - - if (odp_packet_len(pkt) > sizeof(*state.ip)) { - state.ip = odp_packet_l3_ptr(pkt, NULL); - state.ip->ttl -= ipsec_sa->dec_ttl; - _odp_ipv4_csum_update(pkt); + state.ip_tot_len -= state.ip_hdr_len + state.in.hdr_len; + if (_ODP_IPPROTO_IPIP == state.ip_next_hdr) { + state.is_ipv4 = 1; + } else if (_ODP_IPPROTO_IPV6 == state.ip_next_hdr) { + state.is_ipv4 = 0; + } else { + status->error.proto = 1; + goto err; } } else { odp_packet_move_data(pkt, state.in.hdr_len, 0, @@ -614,13 +711,30 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, status->error.alg = 1; goto err; } + state.ip_tot_len -= state.in.hdr_len; + } - if (odp_packet_len(pkt) > sizeof(*state.ip)) { - state.ip = odp_packet_l3_ptr(pkt, NULL); - ipv4_adjust_len(state.ip, - -(state.in.hdr_len + state.in.trl_len)); - _odp_ipv4_csum_update(pkt); - } + /* Finalize the IPv4 header */ + if (state.is_ipv4 && odp_packet_len(pkt) > _ODP_IPV4HDR_LEN) { + _odp_ipv4hdr_t *ipv4hdr = odp_packet_l3_ptr(pkt, NULL); + + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) + ipv4hdr->tot_len = odp_cpu_to_be_16(state.ip_tot_len); + else + ipv4hdr->ttl -= ipsec_sa->dec_ttl; + _odp_ipv4_csum_update(pkt); + } else if (!state.is_ipv4 && odp_packet_len(pkt) > _ODP_IPV6HDR_LEN) { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) + ipv6hdr->payload_len = + odp_cpu_to_be_16(state.ip_tot_len - + _ODP_IPV6HDR_LEN); + else + ipv6hdr->hop_limit -= ipsec_sa->dec_ttl; + } else { + status->error.proto = 1; + goto err; } pkt_hdr = odp_packet_hdr(pkt); @@ -628,7 +742,10 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, packet_parse_reset(pkt_hdr); packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - state.ip_offset, _ODP_ETHTYPE_IPV4); + state.ip_offset, + state.is_ipv4 ? + _ODP_ETHTYPE_IPV4 : + _ODP_ETHTYPE_IPV6); *pkt_out = pkt; @@ -662,6 +779,24 @@ static int ipsec_out_tunnel_parse_ipv4(ipsec_state_t *state, ipv4hdr->ttl -= ipsec_sa->dec_ttl; state->out_tunnel.ip_tos = ipv4hdr->tos; state->out_tunnel.ip_df = _ODP_IPV4HDR_FLAGS_DONT_FRAG(flags); + state->out_tunnel.ip_flabel = 0; + + return 0; +} + +static int ipsec_out_tunnel_parse_ipv6(ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + ipv6hdr->hop_limit -= ipsec_sa->dec_ttl; + state->out_tunnel.ip_tos = (ipv6hdr->ver_tc_flow & + _ODP_IPV6HDR_TC_MASK) >> + _ODP_IPV6HDR_TC_SHIFT; + state->out_tunnel.ip_df = 0; + state->out_tunnel.ip_flabel = (ipv6hdr->ver_tc_flow & + _ODP_IPV6HDR_FLOW_LABEL_MASK) >> + _ODP_IPV6HDR_FLOW_LABEL_SHIFT; return 0; } @@ -679,26 +814,25 @@ static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, else out_ip.tos = (state->out_tunnel.ip_tos & ~_ODP_IP_TOS_DSCP_MASK) | - (ipsec_sa->out.tun_dscp << + (ipsec_sa->out.tun_ipv4.dscp << _ODP_IP_TOS_DSCP_SHIFT); state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; state->ip_tot_len += _ODP_IPV4HDR_LEN; out_ip.tot_len = odp_cpu_to_be_16(state->ip_tot_len); /* No need to convert to BE: ID just should not be duplicated */ - out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, + out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_ipv4.hdr_id, 1); if (ipsec_sa->copy_df) flags = state->out_tunnel.ip_df; else - flags = ((uint16_t)ipsec_sa->out.tun_df) << 14; + flags = ((uint16_t)ipsec_sa->out.tun_ipv4.df) << 14; out_ip.frag_offset = odp_cpu_to_be_16(flags); - out_ip.ttl = ipsec_sa->out.tun_ttl; - out_ip.proto = _ODP_IPPROTO_IPIP; + out_ip.ttl = ipsec_sa->out.tun_ipv4.ttl; /* Will be filled later by packet checksum update */ out_ip.chksum = 0; - out_ip.src_addr = ipsec_sa->out.tun_src_ip; - out_ip.dst_addr = ipsec_sa->out.tun_dst_ip; + out_ip.src_addr = ipsec_sa->out.tun_ipv4.src_ip; + out_ip.dst_addr = ipsec_sa->out.tun_ipv4.dst_ip; if (odp_packet_extend_head(pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) @@ -713,6 +847,70 @@ static int ipsec_out_tunnel_ipv4(odp_packet_t *pkt, state->ip = odp_packet_l3_ptr(*pkt, NULL); state->ip_hdr_len = _ODP_IPV4HDR_LEN; + if (state->is_ipv4) + state->ip_next_hdr = _ODP_IPPROTO_IPIP; + else + state->ip_next_hdr = _ODP_IPPROTO_IPV6; + state->ip_next_hdr_offset = state->ip_offset + + _ODP_IPV4HDR_PROTO_OFFSET; + + state->is_ipv4 = 1; + + return 0; +} + +static int ipsec_out_tunnel_ipv6(odp_packet_t *pkt, + ipsec_state_t *state, + ipsec_sa_t *ipsec_sa) +{ + _odp_ipv6hdr_t out_ip; + uint32_t ver; + + ver = 6 << _ODP_IPV6HDR_VERSION_SHIFT; + if (ipsec_sa->copy_dscp) + ver |= state->out_tunnel.ip_tos << _ODP_IPV6HDR_TC_SHIFT; + else + ver |= ((state->out_tunnel.ip_tos & + ~_ODP_IP_TOS_DSCP_MASK) | + (ipsec_sa->out.tun_ipv6.dscp << + _ODP_IP_TOS_DSCP_SHIFT)) << + _ODP_IPV6HDR_TC_SHIFT; + if (ipsec_sa->copy_flabel) + ver |= state->out_tunnel.ip_flabel; + else + ver |= ipsec_sa->out.tun_ipv6.flabel; + out_ip.ver_tc_flow = odp_cpu_to_be_32(ver); + + state->ip_tot_len = odp_packet_len(*pkt) - state->ip_offset; + out_ip.payload_len = odp_cpu_to_be_16(state->ip_tot_len); + state->ip_tot_len += _ODP_IPV6HDR_LEN; + + out_ip.hop_limit = ipsec_sa->out.tun_ipv6.hlimit; + memcpy(&out_ip.src_addr, ipsec_sa->out.tun_ipv6.src_ip, + _ODP_IPV6ADDR_LEN); + memcpy(&out_ip.dst_addr, ipsec_sa->out.tun_ipv6.dst_ip, + _ODP_IPV6ADDR_LEN); + + if (odp_packet_extend_head(pkt, _ODP_IPV6HDR_LEN, + NULL, NULL) < 0) + return -1; + + odp_packet_move_data(*pkt, 0, _ODP_IPV6HDR_LEN, state->ip_offset); + + odp_packet_copy_from_mem(*pkt, state->ip_offset, + sizeof(out_ip), &out_ip); + + odp_packet_l4_offset_set(*pkt, state->ip_offset + _ODP_IPV6HDR_LEN); + + state->ip = odp_packet_l3_ptr(*pkt, NULL); + state->ip_hdr_len = _ODP_IPV6HDR_LEN; + if (state->is_ipv4) + state->ip_next_hdr = _ODP_IPPROTO_IPIP; + else + state->ip_next_hdr = _ODP_IPPROTO_IPV6; + state->ip_next_hdr_offset = state->ip_offset + _ODP_IPV6HDR_NHDR_OFFSET; + + state->is_ipv4 = 0; return 0; } @@ -770,6 +968,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; unsigned hdr_len; unsigned trl_len; + uint8_t proto = _ODP_IPPROTO_ESP; /* ESP trailer should be 32-bit right aligned */ if (pad_block < 4) @@ -790,6 +989,32 @@ static int ipsec_out_esp(odp_packet_t *pkt, param->override_iv_ptr = state->iv; + memset(&esp, 0, sizeof(esp)); + esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); + esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); + + state->aad.spi = esp.spi; + state->aad.seq_no = esp.seq_no; + + param->aad.ptr = (uint8_t *)&state->aad; + + memset(&esptrl, 0, sizeof(esptrl)); + esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; + esptrl.next_header = state->ip_next_hdr; + + odp_packet_copy_from_mem(*pkt, state->ip_next_hdr_offset, 1, &proto); + state->ip_tot_len += hdr_len + trl_len; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + ipv4hdr->tot_len = odp_cpu_to_be_16(state->ip_tot_len); + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + ipv6hdr->payload_len = odp_cpu_to_be_16(state->ip_tot_len - + _ODP_IPV6HDR_LEN); + } + if (odp_packet_extend_tail(pkt, trl_len, NULL, NULL) < 0 || odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; @@ -798,32 +1023,12 @@ static int ipsec_out_esp(odp_packet_t *pkt, odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - state->ip = odp_packet_l3_ptr(*pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(state->ip, hdr_len + trl_len); - state->ip_tot_len += hdr_len + trl_len; - uint32_t esptrl_offset = state->ip_offset + state->ip_hdr_len + hdr_len + encrypt_len - _ODP_ESPTRL_LEN; - memset(&esp, 0, sizeof(esp)); - esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); - esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; - - memset(&esptrl, 0, sizeof(esptrl)); - esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; - esptrl.next_header = state->ip->proto; - state->ip->proto = _ODP_IPPROTO_ESP; - odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); @@ -857,6 +1062,12 @@ static int ipsec_out_esp(odp_packet_t *pkt, return 0; } +static void ipsec_out_esp_post(ipsec_state_t *state, odp_packet_t pkt) +{ + if (state->is_ipv4) + _odp_ipv4_csum_update(pkt); +} + static int ipsec_out_ah(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, @@ -867,31 +1078,44 @@ static int ipsec_out_ah(odp_packet_t *pkt, unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + ipsec_sa->icv_len; uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; - - /* Save IPv4 stuff */ - state->ah_ipv4.tos = state->ip->tos; - state->ah_ipv4.frag_offset = state->ip->frag_offset; - state->ah_ipv4.ttl = state->ip->ttl; - - if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { - status->error.alg = 1; - return -1; - } - - odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); - - state->ip = odp_packet_l3_ptr(*pkt, NULL); - - /* Set IPv4 length before authentication */ - ipv4_adjust_len(state->ip, hdr_len); - state->ip_tot_len += hdr_len; + uint8_t proto = _ODP_IPPROTO_AH; memset(&ah, 0, sizeof(ah)); ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); - ah.ah_len = 1 + (ipsec_sa->esp_iv_len + ipsec_sa->icv_len) / 4; ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - ah.next_header = state->ip->proto; - state->ip->proto = _ODP_IPPROTO_AH; + ah.next_header = state->ip_next_hdr; + + odp_packet_copy_from_mem(*pkt, state->ip_next_hdr_offset, 1, &proto); + /* Save IP stuff */ + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = state->ip; + + state->ah_ipv4.tos = ipv4hdr->tos; + state->ah_ipv4.frag_offset = ipv4hdr->frag_offset; + state->ah_ipv4.ttl = ipv4hdr->ttl; + ipv4hdr->chksum = 0; + ipv4hdr->tos = 0; + ipv4hdr->frag_offset = 0; + ipv4hdr->ttl = 0; + hdr_len = IPSEC_PAD_LEN(hdr_len, 4); + state->ip_tot_len += hdr_len; + ipv4hdr->tot_len = odp_cpu_to_be_16(state->ip_tot_len); + } else { + _odp_ipv6hdr_t *ipv6hdr = state->ip; + + state->ah_ipv6.ver_tc_flow = ipv6hdr->ver_tc_flow; + state->ah_ipv6.hop_limit = ipv6hdr->hop_limit; + ipv6hdr->ver_tc_flow = + odp_cpu_to_be_32(6 << _ODP_IPV6HDR_VERSION_SHIFT); + ipv6hdr->hop_limit = 0; + + hdr_len = IPSEC_PAD_LEN(hdr_len, 8); + state->ip_tot_len += hdr_len; + ipv6hdr->payload_len = odp_cpu_to_be_16(state->ip_tot_len - + _ODP_IPV6HDR_LEN); + } + + ah.ah_len = hdr_len / 4 - 2; state->aad.spi = ah.spi; state->aad.seq_no = ah.seq_no; @@ -906,6 +1130,13 @@ static int ipsec_out_ah(odp_packet_t *pkt, param->override_iv_ptr = state->iv; + if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { + status->error.alg = 1; + return -1; + } + + odp_packet_move_data(*pkt, 0, hdr_len, ipsec_offset); + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_AHHDR_LEN, &ah); @@ -916,12 +1147,8 @@ static int ipsec_out_ah(odp_packet_t *pkt, _odp_packet_set_data(*pkt, ipsec_offset + _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len, - 0, ipsec_sa->icv_len); - - state->ip->chksum = 0; - state->ip->tos = 0; - state->ip->frag_offset = 0; - state->ip->ttl = 0; + 0, + hdr_len - _ODP_AHHDR_LEN - ipsec_sa->esp_iv_len); param->auth_range.offset = state->ip_offset; param->auth_range.length = state->ip_tot_len; @@ -933,11 +1160,22 @@ static int ipsec_out_ah(odp_packet_t *pkt, return 0; } -static void ipsec_out_ah_post(ipsec_state_t *state) +static void ipsec_out_ah_post(ipsec_state_t *state, odp_packet_t pkt) { - state->ip->ttl = state->ah_ipv4.ttl; - state->ip->tos = state->ah_ipv4.tos; - state->ip->frag_offset = state->ah_ipv4.frag_offset; + if (state->is_ipv4) { + _odp_ipv4hdr_t *ipv4hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv4hdr->ttl = state->ah_ipv4.ttl; + ipv4hdr->tos = state->ah_ipv4.tos; + ipv4hdr->frag_offset = state->ah_ipv4.frag_offset; + + _odp_ipv4_csum_update(pkt); + } else { + _odp_ipv6hdr_t *ipv6hdr = odp_packet_l3_ptr(pkt, NULL); + + ipv6hdr->ver_tc_flow = state->ah_ipv6.ver_tc_flow; + ipv6hdr->hop_limit = state->ah_ipv6.hop_limit; + } } static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, @@ -965,18 +1203,30 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); + state.is_ipv4 = (((uint8_t *)state.ip)[0] >> 4) == 0x4; + if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode) { - rc = ipsec_parse_ipv4(&state); + if (state.is_ipv4) + rc = ipsec_parse_ipv4(&state, pkt); + else + rc = ipsec_parse_ipv6(&state, pkt); + if (state.ip_tot_len + state.ip_offset != odp_packet_len(pkt)) rc = -1; } else { - rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + if (state.is_ipv4) + rc = ipsec_out_tunnel_parse_ipv4(&state, ipsec_sa); + else + rc = ipsec_out_tunnel_parse_ipv6(&state, ipsec_sa); if (rc < 0) { status->error.alg = 1; goto err; } - rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + if (ipsec_sa->tun_ipv4) + rc = ipsec_out_tunnel_ipv4(&pkt, &state, ipsec_sa); + else + rc = ipsec_out_tunnel_ipv6(&pkt, &state, ipsec_sa); } if (rc < 0) { status->error.alg = 1; @@ -1033,8 +1283,10 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, } /* Finalize the IPv4 header */ - if (ODP_IPSEC_AH == ipsec_sa->proto) - ipsec_out_ah_post(&state); + if (ODP_IPSEC_ESP == ipsec_sa->proto) + ipsec_out_esp_post(&state, pkt); + else if (ODP_IPSEC_AH == ipsec_sa->proto) + ipsec_out_ah_post(&state, pkt); _odp_ipv4_csum_update(pkt); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 0287d6f73..812ad0c46 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -211,10 +211,18 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; - if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) - memcpy(&ipsec_sa->in.lookup_dst_ip, - param->inbound.lookup_param.dst_addr, - sizeof(ipsec_sa->in.lookup_dst_ip)); + if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) { + ipsec_sa->in.lookup_ver = + param->inbound.lookup_param.ip_version; + if (ODP_IPSEC_IPV4 == ipsec_sa->in.lookup_ver) + memcpy(&ipsec_sa->in.lookup_dst_ipv4, + param->inbound.lookup_param.dst_addr, + sizeof(ipsec_sa->in.lookup_dst_ipv4)); + else + memcpy(&ipsec_sa->in.lookup_dst_ipv6, + param->inbound.lookup_param.dst_addr, + sizeof(ipsec_sa->in.lookup_dst_ipv6)); + } if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) return ODP_IPSEC_SA_INVALID; @@ -226,6 +234,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->dec_ttl = param->opt.dec_ttl; ipsec_sa->copy_dscp = param->opt.copy_dscp; ipsec_sa->copy_df = param->opt.copy_df; + ipsec_sa->copy_flabel = param->opt.copy_flabel; odp_atomic_store_u64(&ipsec_sa->bytes, 0); odp_atomic_store_u64(&ipsec_sa->packets, 0); @@ -236,19 +245,36 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode && ODP_IPSEC_DIR_OUTBOUND == param->dir) { - if (param->outbound.tunnel.type != ODP_IPSEC_TUNNEL_IPV4) - goto error; - - memcpy(&ipsec_sa->out.tun_src_ip, - param->outbound.tunnel.ipv4.src_addr, - sizeof(ipsec_sa->out.tun_src_ip)); - memcpy(&ipsec_sa->out.tun_dst_ip, - param->outbound.tunnel.ipv4.dst_addr, - sizeof(ipsec_sa->out.tun_dst_ip)); - odp_atomic_init_u32(&ipsec_sa->out.tun_hdr_id, 0); - ipsec_sa->out.tun_ttl = param->outbound.tunnel.ipv4.ttl; - ipsec_sa->out.tun_dscp = param->outbound.tunnel.ipv4.dscp; - ipsec_sa->out.tun_df = param->outbound.tunnel.ipv4.df; + if (ODP_IPSEC_TUNNEL_IPV4 == param->outbound.tunnel.type) { + ipsec_sa->tun_ipv4 = 1; + memcpy(&ipsec_sa->out.tun_ipv4.src_ip, + param->outbound.tunnel.ipv4.src_addr, + sizeof(ipsec_sa->out.tun_ipv4.src_ip)); + memcpy(&ipsec_sa->out.tun_ipv4.dst_ip, + param->outbound.tunnel.ipv4.dst_addr, + sizeof(ipsec_sa->out.tun_ipv4.dst_ip)); + odp_atomic_init_u32(&ipsec_sa->out.tun_ipv4.hdr_id, 0); + ipsec_sa->out.tun_ipv4.ttl = + param->outbound.tunnel.ipv4.ttl; + ipsec_sa->out.tun_ipv4.dscp = + param->outbound.tunnel.ipv4.dscp; + ipsec_sa->out.tun_ipv4.df = + param->outbound.tunnel.ipv4.df; + } else { + ipsec_sa->tun_ipv4 = 0; + memcpy(&ipsec_sa->out.tun_ipv6.src_ip, + param->outbound.tunnel.ipv6.src_addr, + sizeof(ipsec_sa->out.tun_ipv6.src_ip)); + memcpy(&ipsec_sa->out.tun_ipv6.dst_ip, + param->outbound.tunnel.ipv6.dst_addr, + sizeof(ipsec_sa->out.tun_ipv6.dst_ip)); + ipsec_sa->out.tun_ipv6.hlimit = + param->outbound.tunnel.ipv6.hlimit; + ipsec_sa->out.tun_ipv6.dscp = + param->outbound.tunnel.ipv6.dscp; + ipsec_sa->out.tun_ipv6.flabel = + param->outbound.tunnel.ipv6.flabel; + } } odp_crypto_session_param_init(&crypto_param); @@ -485,8 +511,11 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode && lookup->proto == ipsec_sa->proto && lookup->spi == ipsec_sa->spi && - !memcmp(lookup->dst_addr, &ipsec_sa->in.lookup_dst_ip, - sizeof(ipsec_sa->in.lookup_dst_ip))) { + lookup->ver == ipsec_sa->in.lookup_ver && + !memcmp(lookup->dst_addr, &ipsec_sa->in.lookup_dst_ipv4, + lookup->ver == ODP_IPSEC_IPV4 ? + _ODP_IPV4ADDR_LEN : + _ODP_IPV6ADDR_LEN)) { if (NULL != best) _odp_ipsec_sa_unuse(best); return ipsec_sa; From patchwork Thu Nov 30 13:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120184 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp654890qgn; Thu, 30 Nov 2017 05:15:39 -0800 (PST) X-Google-Smtp-Source: AGs4zMYhD+Pjczz8hiBNjRY9RVbASTNzhiaGlPCk1Vw8t55ElOFQvsa/9k8MU+qZc+T2eutWPhgP X-Received: by 10.200.37.253 with SMTP id f58mr3177704qtf.60.1512047739246; Thu, 30 Nov 2017 05:15:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047739; cv=none; d=google.com; s=arc-20160816; b=F7R9ZsEmGxHqzrBcbWUJ98thYV8+REmnAtJ/qRFAvzZ97JTVVZS+vGG89+Wi6knTxA ULq1K2uZrB81gnbaEdvtGiFb+wvYZjYnwaP2oEdcl2MabagFWqnouL7PtKSndC6YdQx2 7hZXeKzkT3fJoLWBh9yRepEdGHknmP8kHhVWrOJKdJ1cK+mykZdi28qObonPPqEgznOi rjU2dmXb3lF8Au4Vc4eBZbRlEtYJG/5k/NyEE2xWpaPfP1uqQHZgHhn+K5/NUz+Sj4Yw E9UHYGosL1b1ODt/J0plBfHK5Cc+eoOBNU5ZaiNoLY/R3I7BNtP0VH+KCYz/2yrOUnNl t8WQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=N9ebWcBXoMekxLDi9b5DXXG2Q24rSoIONwE9yUf2rf8=; b=Cv6LIZqGF78UEaW3+PoBTZzLQUWj10AFGR+Eni3+oENaoAxj/hO/ybiEfC0U9Up1BU za74WR6BF9w4Ogf/6jpP/JhFCJR1josjIJgeR/FbM6vnedaBp8oU2JTVFIisy3pSJ96i Gw4UJUVXxo7M5czVil5zwJw8mFkcMyDe6en7JD8aEL+rR+Vj4viV2efOOIBfYrBEICb/ 5hlqqbvPGCHfd9il53pX//uNwdWb6sQFZuuguRxWwW60DB08slh9P7rcWLCPBbuciro/ u3cRbCPp3ZJ6VOrDOl/H9bPLVme93MmDfRNhqJn/YiyDpFuYh43NSYDQi60uquhULlve UCvQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id m30si4140624qtd.198.2017.11.30.05.15.38; Thu, 30 Nov 2017 05:15:39 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id CDD7760976; Thu, 30 Nov 2017 13:15:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id C9BA360997; Thu, 30 Nov 2017 13:01:56 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id D0F0D6090A; Thu, 30 Nov 2017 13:00:51 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id 9E9366090A for ; Thu, 30 Nov 2017 13:00:26 +0000 (UTC) Received: from mxback7o.mail.yandex.net (mxback7o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::21]) by forward106j.mail.yandex.net (Yandex) with ESMTP id 0AC3C1801BCA for ; Thu, 30 Nov 2017 16:00:25 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback7o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id aNvptUMl4X-0OduO4LR; Thu, 30 Nov 2017 16:00:24 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0NGODXLb; Thu, 30 Nov 2017 16:00:23 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:06 +0300 Message-Id: <1512046815-10630-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 7/16] validation: ipsec: add tests for IPv6 functionality X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ test/validation/api/ipsec/ipsec_test_in.c | 262 +++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 331 +++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 443 +++++++++++++++++++++++++++++ 3 files changed, 1036 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 5af98112a..15e1fe14f 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -71,6 +71,37 @@ static void test_in_ipv4_ah_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_ah_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_tun_ipv4_notun(void) { odp_ipsec_sa_param_t param; @@ -314,6 +345,37 @@ static void test_in_ipv4_esp_null_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_esp_null_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; @@ -1071,6 +1133,190 @@ static void test_in_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_in_ipv6_ah_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_ah_sha256_tun_ipv4(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_ah_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256_tun_ipv4(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_null_sha256_tun_ipv6(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -1106,6 +1352,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_tun_ipv4_notun, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256, @@ -1122,6 +1370,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, @@ -1148,5 +1398,17 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256_tun_ipv4, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv4, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 757b90059..f4e71dced 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -83,6 +83,50 @@ static void test_out_ipv4_ah_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_ah_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_null_sha256(void) { odp_ipsec_sa_param_t param; @@ -152,6 +196,51 @@ static void test_out_ipv4_esp_null_sha256_tun_ipv4(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_esp_null_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_aes_cbc_null(void) { odp_ipsec_sa_param_t param; @@ -380,6 +469,232 @@ static void test_out_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_out_ipv6_ah_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_ah_sha256_tun_ipv4(void) +{ + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV4, + .ipv4.src_addr = &src, + .ipv4.dst_addr = &dst, + .ipv4.ttl = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_ah_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = src, + .ipv6.dst_addr = dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256_tun_ipv4(void) +{ + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV4, + .ipv4.src_addr = &src, + .ipv4.dst_addr = &dst, + .ipv4.ttl = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv6_esp_null_sha256_tun_ipv6(void) +{ + uint8_t src[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + }; + uint8_t dst[16] = { + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + }; + odp_ipsec_tunnel_param_t tunnel = { + .type = ODP_IPSEC_TUNNEL_IPV6, + .ipv6.src_addr = &src, + .ipv6.dst_addr = &dst, + .ipv6.hlimit = 64, + }; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = + &pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -393,10 +708,14 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv4, ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256, ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv4, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, @@ -409,5 +728,17 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv4, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv6, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv4, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv6, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index c057f7765..211f349d0 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -204,6 +204,54 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_ah_tun_ipv6_sha256_1 = { + .len = 214, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x33, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* AH */ + 0x04, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x2b, 0x45, 0xbe, 0xd2, 0x9c, 0x9c, 0x3e, 0x0d, + 0xe0, 0x32, 0xaf, 0xa0, 0x2d, 0x26, 0xe1, 0x91, + 0x00, 0x00, 0x00, 0x00, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_ah_sha256_1_bad1 = { .len = 168, .l2_offset = 0, @@ -418,6 +466,57 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_tun_ipv6_null_sha256_1 = { + .len = 210, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x9c, 0x32, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* Inner IP */ + 0x45, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x01, 0xac, 0x27, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x04, + + /* ICV */ + 0x73, 0x8d, 0xf6, 0x9a, 0x26, 0x06, 0x4d, 0xa1, + 0x88, 0x37, 0x65, 0xab, 0x0d, 0xe9, 0x95, 0x3b, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, @@ -717,6 +816,350 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0_ah_sha256_1 = { + .len = 202, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x94, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x33, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* AH */ + 0x3a, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0xd9, 0x14, 0x87, 0x27, 0x20, 0x1a, 0xc2, 0x66, + 0xc1, 0xca, 0x99, 0x2b, 0x8a, 0xae, 0x2f, 0x27, + 0x00, 0x00, 0x00, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_ah_tun_ipv4_sha256_1 = { + .len = 218, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xcc, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0x18, 0xfb, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* AH */ + 0x29, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x7f, 0xde, 0x8a, 0x48, 0xc5, 0xc5, 0xfa, 0x52, + 0xb8, 0xf6, 0xc2, 0xe3, 0x8f, 0x10, 0xb2, 0x47, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_ah_tun_ipv6_sha256_1 = { + .len = 242, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xbc, 0x33, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* AH */ + 0x29, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x00, 0x01, + 0x62, 0x96, 0x2b, 0x40, 0x3e, 0x53, 0x76, 0x4a, + 0x4d, 0x7f, 0xf6, 0x22, 0x35, 0x3c, 0x74, 0xe2, + 0x00, 0x00, 0x00, 0x00, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet pkt_ipv6_icmp_0_esp_null_sha256_1 = { + .len = 198, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x90, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x32, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x3a, + + /* ICV */ + 0x20, 0xa6, 0x89, 0x7b, 0x0a, 0x52, 0x5b, 0xca, + 0x98, 0x56, 0xd1, 0xfe, 0x56, 0xc7, 0xa4, 0x5b, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_tun_ipv4_null_sha256_1 = { + .len = 218, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xcc, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0x18, 0xfc, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x29, + + /* ICV */ + 0xd0, 0x96, 0x6e, 0xda, 0xc5, 0x08, 0xcc, 0x0e, + 0xd1, 0x22, 0xa5, 0xed, 0x13, 0x07, 0xd9, 0xcd, + }, +}; + +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_tun_ipv6_null_sha256_1 = { + .len = 238, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 54, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0xb8, 0x32, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x74, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x3a, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x29, + + /* ICV */ + 0xd0, 0x96, 0x6e, 0xda, 0xc5, 0x08, 0xcc, 0x0e, + 0xd1, 0x22, 0xa5, 0xed, 0x13, 0x07, 0xd9, 0xcd, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = { .len = 98, .l2_offset = 0, From patchwork Thu Nov 30 13:00:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120181 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp650485qgn; Thu, 30 Nov 2017 05:12:03 -0800 (PST) X-Google-Smtp-Source: AGs4zMaRvgBVSXwm3C0NOLKNqiED0DfjEN+mzMQOGVxYoUfwZ1vbpLZqnabyn5Ej0UM4Y8FNd+QD X-Received: by 10.237.47.228 with SMTP id m91mr3381476qtd.205.1512047523472; Thu, 30 Nov 2017 05:12:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047523; cv=none; d=google.com; s=arc-20160816; b=YMXGpLFo/Aut7vVNB1tmQhPwkuf7wHXEi+bhTDDc6dXEiLxcPRibzNaxKx9va7h0TQ sWMTwt95TaPYC4osh3L4UIvePw3jRMuPZFcxCIpqpcxjiocjfGVSuh1yNzKqYPPrCZ9F wVCVT942sde7ujJXKhxeGel8fGMBAdoXCHk5uoBINHuaB0BuVl0Nab1hSZi2ssSW4cTW jmM6hnBvoHyZoetEakgWci4m9yCJ9kCZf5JDH6vZztMoAwQTBNAZ2w17QAhVpUyTY3Rm E0MpZ+Nzu1StDlfsnXIzgztCEgeRxIT2FMpHgieYAZyyOaURheh7HlU4OCYZ4fh/Hpl3 SmDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=+OOArJVeczh3+ODoBuBw2NULMSV8QO0cSS3HOFZFJn0=; b=eQvz2gUNVEq97i8T0YqgZXqqDEplJjrhM5DCt3mivKrdSQt44HskAXfKKVdRM98Y50 cehp4bq0cLmRvKnR87uV+u+POPsK7nYmBZ9jyoQr/CSjlLNXD/35V1TCDt1nNZ30eYhg Nc78hxYfw2XWGdnnIjAurbfQ6Psy467Ui5GdFfXFB6JUOl5DdQ4RaYe75y8KuJEEJdlI /uNXfA50rk06VjaCTSUFevvK1j1rNxYand/7lH9S+nkR6IrJwXGC26HcFGaLIyRO6/QC 0W9lK/kEu3+XOwFvFa7vTkYWz3KwgQPILIGO/JihPe1vzmA80ofzPnXZWN7uXjZ6AI2V TdVA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id i38si2028566qte.179.2017.11.30.05.12.03; Thu, 30 Nov 2017 05:12:03 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 3180760A38; Thu, 30 Nov 2017 13:12:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id BD97B6097D; Thu, 30 Nov 2017 13:01:38 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 356626092D; Thu, 30 Nov 2017 13:00:50 +0000 (UTC) Received: from forward103p.mail.yandex.net (forward103p.mail.yandex.net [77.88.28.106]) by lists.linaro.org (Postfix) with ESMTPS id 0671260927 for ; Thu, 30 Nov 2017 13:00:27 +0000 (UTC) Received: from mxback19j.mail.yandex.net (mxback19j.mail.yandex.net [IPv6:2a02:6b8:0:1619::95]) by forward103p.mail.yandex.net (Yandex) with ESMTP id 7B1BE2182261 for ; Thu, 30 Nov 2017 16:00:25 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback19j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id JTOxvlqLkZ-0P3CORjm; Thu, 30 Nov 2017 16:00:25 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0PGOrpvF; Thu, 30 Nov 2017 16:00:25 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:07 +0300 Message-Id: <1512046815-10630-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 8/16] linux-gen: ipsec: simplify seq no handling X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov There is no point in filling artificial AAD struct for AH just for the sake of sequence number checking. Instead use AAD just for ESP and provide separate seq_no field. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ platform/linux-generic/odp_ipsec.c | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index ae2fa10a4..a48312fe9 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -233,6 +233,7 @@ typedef struct { struct { uint16_t hdr_len; uint16_t trl_len; + odp_u32be_t seq_no; } in; odp_u32be_t ipv4_addr; uint8_t ipv6_addr[_ODP_IPV6ADDR_LEN]; @@ -247,8 +248,10 @@ typedef struct { odp_u32be_t ver_tc_flow; uint8_t hop_limit; } ah_ipv6; + struct { + ipsec_aad_t aad; + } esp; }; - ipsec_aad_t aad; uint8_t iv[IPSEC_MAX_IV_LEN]; } ipsec_state_t; @@ -409,10 +412,11 @@ static int ipsec_in_esp(odp_packet_t *pkt, ipsec_sa->icv_len; param->override_iv_ptr = state->iv; - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; + state->esp.aad.spi = esp.spi; + state->esp.aad.seq_no = esp.seq_no; + state->in.seq_no = odp_be_to_cpu_32(esp.seq_no); - param->aad.ptr = (uint8_t *)&state->aad; + param->aad.ptr = (uint8_t *)&state->esp.aad; param->auth_range.offset = ipsec_offset; param->auth_range.length = state->ip_tot_len - @@ -515,10 +519,7 @@ static int ipsec_in_ah(odp_packet_t *pkt, ipv6hdr->hop_limit = 0; } - state->aad.spi = ah.spi; - state->aad.seq_no = ah.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; + state->in.seq_no = odp_be_to_cpu_32(ah.seq_no); param->auth_range.offset = state->ip_offset; param->auth_range.length = state->ip_tot_len; @@ -614,7 +615,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; if (_odp_ipsec_sa_replay_precheck(ipsec_sa, - odp_be_to_cpu_32(state.aad.seq_no), + state.in.seq_no, status) < 0) goto err; @@ -659,7 +660,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, - odp_be_to_cpu_32(state.aad.seq_no), + state.in.seq_no, status) < 0) goto err; @@ -993,10 +994,10 @@ static int ipsec_out_esp(odp_packet_t *pkt, esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); esp.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); - state->aad.spi = esp.spi; - state->aad.seq_no = esp.seq_no; + state->esp.aad.spi = esp.spi; + state->esp.aad.seq_no = esp.seq_no; - param->aad.ptr = (uint8_t *)&state->aad; + param->aad.ptr = (uint8_t *)&state->esp.aad; memset(&esptrl, 0, sizeof(esptrl)); esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; @@ -1117,11 +1118,6 @@ static int ipsec_out_ah(odp_packet_t *pkt, ah.ah_len = hdr_len / 4 - 2; - state->aad.spi = ah.spi; - state->aad.seq_no = ah.seq_no; - - param->aad.ptr = (uint8_t *)&state->aad; - /* For GMAC */ if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; From patchwork Thu Nov 30 13:00:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120190 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp660172qgn; Thu, 30 Nov 2017 05:20:16 -0800 (PST) X-Google-Smtp-Source: AGs4zMaVvA5+gB0+VRIBfYcmyn5AfE5RclQZnYqYcjlsZA2gsayVKIh7QMsxbsklJjSuCIR50OR0 X-Received: by 10.200.40.189 with SMTP id i58mr3450170qti.128.1512048016133; Thu, 30 Nov 2017 05:20:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512048016; cv=none; d=google.com; s=arc-20160816; b=Da+jSCt1FspRbuhZO5d9dLYx9i19/QBrSEgY6Hcv50dgFrCxE0Y+f8tvKkINXuOPd2 tDVxTIXrBddphB/6ydihgCIcM3x/D767Pb9jbUk36kKxJ6Cxj/az6AkID7f5Q1LatEJJ LKrn4uW/zUGBEfBe6KQOsTXnyQhEY4C3uZCWCe4JrbFbT3j4GIZqfbABV3wHdveDgLRq bumAE4E3jP+I3E8s9ezG27iDwuKdHwvQWbwVIcU2PV/YYxWP7N4PZ3+kt32BsfLsFzKy 8k8yh6FiI/nJ8e9fsrV+ZrO89+rScZb/pI49bFjiD9s24wWq51SPqleCqRtmGlFSqqIO YTEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=5QH67zte3bsk/5xP3mopB3FoRJWpRJfFRZnmXPmZp+o=; b=NkoGMPRA4VqWmAfFY/ScdA1kfr6gJ2TRwhZjrUxN8mTnyFjDMeYgr0mPhOuGGJKSeJ 0Q94iVQA8oNJ2K7tMlIadAt7JKICb3qSBeWFYDDkkVpRY52UD7Xl0CoaYvicLyebg270 OqUMTNMPFzAl+7LYoM8WJx8najdHfklyJsMbjjDWiqggWJxneqHI41gKKK5SBLv2hs6K XKezMFdt5QIK9wIomYmz8ZKtZR+2tkqFPbVkJAbr+1AhjtPjKRSEJrq47RAJ7bgjlX5X taCeY8J8n0XPLPPbLpMXnc7mutv2v0D2nbs1pQo2UpiE9Uup8CnhcIsfh75Gr1tdE44e JFHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id j29si1627447qkh.383.2017.11.30.05.20.15; Thu, 30 Nov 2017 05:20:16 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id C6427609D8; Thu, 30 Nov 2017 13:20:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id E515D609AC; Thu, 30 Nov 2017 13:02:15 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 55C4560902; Thu, 30 Nov 2017 13:01:58 +0000 (UTC) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [5.45.198.243]) by lists.linaro.org (Postfix) with ESMTPS id 0E36060902 for ; Thu, 30 Nov 2017 13:00:33 +0000 (UTC) Received: from mxback19j.mail.yandex.net (mxback19j.mail.yandex.net [IPv6:2a02:6b8:0:1619::95]) by forward102j.mail.yandex.net (Yandex) with ESMTP id 059E956027A7 for ; Thu, 30 Nov 2017 16:00:26 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback19j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id gPzWb4usWv-0P3mOM5s; Thu, 30 Nov 2017 16:00:25 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0PGWetvb; Thu, 30 Nov 2017 16:00:25 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:08 +0300 Message-Id: <1512046815-10630-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 9/16] linux-gen: add support for UDP-encapsulated ESP packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ .../linux-generic/include/odp_ipsec_internal.h | 1 + platform/linux-generic/include/protocols/udp.h | 2 + platform/linux-generic/odp_ipsec.c | 53 +++++++++++++++++++++- platform/linux-generic/odp_ipsec_sad.c | 1 + 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index b294e7c4a..822c9016b 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -131,6 +131,7 @@ struct ipsec_sa_s { unsigned copy_df : 1; unsigned copy_flabel : 1; unsigned aes_ctr_iv : 1; + unsigned udp_encap : 1; /* Only for outbound */ unsigned use_counter_iv : 1; diff --git a/platform/linux-generic/include/protocols/udp.h b/platform/linux-generic/include/protocols/udp.h index 535aba855..85984c992 100644 --- a/platform/linux-generic/include/protocols/udp.h +++ b/platform/linux-generic/include/protocols/udp.h @@ -38,6 +38,8 @@ typedef struct ODP_PACKED { ODP_STATIC_ASSERT(sizeof(_odp_udphdr_t) == _ODP_UDPHDR_LEN, "_ODP_UDPHDR_T__SIZE_ERROR"); +#define _ODP_UDP_IPSEC_PORT 4500 + /** * @} */ diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index a48312fe9..2f4c69924 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -18,6 +18,7 @@ #include #include #include +#include #include @@ -378,9 +379,29 @@ static int ipsec_in_esp(odp_packet_t *pkt, _odp_esphdr_t esp; uint16_t ipsec_offset; ipsec_sa_t *ipsec_sa; + odp_bool_t udp_encap = false; ipsec_offset = state->ip_offset + state->ip_hdr_len; + if (_ODP_IPPROTO_UDP == state->ip_next_hdr) { + _odp_udphdr_t udp; + uint16_t ip_data_len = state->ip_tot_len - + state->ip_hdr_len; + + odp_packet_copy_to_mem(*pkt, ipsec_offset, + _ODP_UDPHDR_LEN, &udp); + + if (udp.dst_port != odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT) || + udp.length != odp_cpu_to_be_16(ip_data_len)) { + status->error.proto = 1; + return -1; + } + + ipsec_offset += _ODP_UDPHDR_LEN; + state->ip_hdr_len += _ODP_UDPHDR_LEN; + udp_encap = true; + } + if (odp_packet_copy_to_mem(*pkt, ipsec_offset, sizeof(esp), &esp) < 0) { status->error.alg = 1; @@ -396,6 +417,11 @@ static int ipsec_in_esp(odp_packet_t *pkt, if (status->error.all) return -1; + if (!!ipsec_sa->udp_encap != udp_encap) { + status->error.proto = 1; + return -1; + } + if (ipsec_in_iv(*pkt, state, ipsec_sa, ipsec_offset + _ODP_ESPHDR_LEN) < 0) { status->error.alg = 1; @@ -446,6 +472,11 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; + if (udp_encap) { + state->ip_hdr_len -= _ODP_UDPHDR_LEN; + state->in.hdr_len += _ODP_UDPHDR_LEN; + } + odp_packet_copy_from_mem(pkt, state->ip_next_hdr_offset, 1, &esptrl.next_header); state->in.trl_len += esptrl.pad_len; @@ -603,7 +634,8 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, } /* Check IP header for IPSec protocols and look it up */ - if (_ODP_IPPROTO_ESP == state.ip_next_hdr) { + if (_ODP_IPPROTO_ESP == state.ip_next_hdr || + _ODP_IPPROTO_UDP == state.ip_next_hdr) { rc = ipsec_in_esp(&pkt, &state, &ipsec_sa, sa, ¶m, status); } else if (_ODP_IPPROTO_AH == state.ip_next_hdr) { rc = ipsec_in_ah(&pkt, &state, &ipsec_sa, sa, ¶m, status); @@ -962,6 +994,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, { _odp_esphdr_t esp; _odp_esptrl_t esptrl; + _odp_udphdr_t udphdr; uint32_t encrypt_len; uint16_t ip_data_len = state->ip_tot_len - state->ip_hdr_len; @@ -983,6 +1016,16 @@ static int ipsec_out_esp(odp_packet_t *pkt, ip_data_len + ipsec_sa->icv_len; + if (ipsec_sa->udp_encap) { + hdr_len += _ODP_UDPHDR_LEN; + proto = _ODP_IPPROTO_UDP; + udphdr.src_port = odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT); + udphdr.dst_port = odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT); + udphdr.length = odp_cpu_to_be_16(ip_data_len + + hdr_len + trl_len); + udphdr.chksum = 0; /* should be 0 by RFC */ + } + if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; return -1; @@ -1030,6 +1073,14 @@ static int ipsec_out_esp(odp_packet_t *pkt, encrypt_len - _ODP_ESPTRL_LEN; + if (ipsec_sa->udp_encap) { + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_UDPHDR_LEN, + &udphdr); + ipsec_offset += _ODP_UDPHDR_LEN; + hdr_len -= _ODP_UDPHDR_LEN; + state->ip_hdr_len += _ODP_UDPHDR_LEN; + } + odp_packet_copy_from_mem(*pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 812ad0c46..82b3c4522 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -235,6 +235,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->copy_dscp = param->opt.copy_dscp; ipsec_sa->copy_df = param->opt.copy_df; ipsec_sa->copy_flabel = param->opt.copy_flabel; + ipsec_sa->udp_encap = param->opt.udp_encap; odp_atomic_store_u64(&ipsec_sa->bytes, 0); odp_atomic_store_u64(&ipsec_sa->packets, 0); From patchwork Thu Nov 30 13:00:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120180 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp649554qgn; Thu, 30 Nov 2017 05:11:15 -0800 (PST) X-Google-Smtp-Source: AGs4zMakjGMtBkYqllR3VB4isaCHwCYlH3aearS2vFQFZbrehLVLwZvRRlE9Q009xhSC7LeUKe2n X-Received: by 10.233.230.1 with SMTP id z1mr2614167qkf.325.1512047475829; Thu, 30 Nov 2017 05:11:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047475; cv=none; d=google.com; s=arc-20160816; b=kXgKsJ9Onr1N+/AZUBxZNoF1JzFkPXk4VZI2RlXghV4zQLi7dZX4+lsLgFv/P2wmVl w0Kd6EtDLCmL70ukKMwDikYl7BkeF7PF/Nh/tkYkPqulRReXQwM9QcyvfULUsvlUjQWL CfUgVHrgPCF0TW4ljWvuu7v9XFi4+RovSDfPC5gKjNbr/mkH/lrz4Q9Xtm8Mxapt9oIh 42gZxEUvObRIIycN/guWUtQdpXDxz9P+8t2flOiyN6mmXH9EPKbQPjYip03aCZh6KUTA hcrr6vZGubwaxwOR5QgywyU7hLFWXel5qDDAgaLZ8NPIYQfn07mKXgTkuHGk2m1uE4DH Uv7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=ft3ziNNDtLd3jXEs6ylFbb0drOA6FpNU86Pyrmbf+Lo=; b=yEO2cHx4KEffIXvS20R+Sy9F21wwCewFJsTW5hmx/ymX3ZY/ykumhzSU1G4eVmQ9CN BXaIRFZqqyKDfHmnz6mWPgANkl1oLPrAeDcUeZlWqUya9oVunQ6uZakKN/6Iaw8RX6br 6bF+WmDbpBVpX42HfyHwzKSi+fenwhqUPrvVpvgMNrhYHycnfiNxEF8f+zojt6MSWkDf 6r10U/zyaGqk9MTNbYoBh7Z4ZDmEe6Nkst6Z+op3GMm3GDwTFIDws5mSkbQzziI11xqN DUOQR5gD7vFRIj1k48sDroG+vQjDUxfYstvWve2W7Er4MHnUg9LRUeo9IMNbgPw3pItb qFAw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id m6si4355811qtb.254.2017.11.30.05.11.15; Thu, 30 Nov 2017 05:11:15 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 8A31A60A07; Thu, 30 Nov 2017 13:11:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 703DD60977; Thu, 30 Nov 2017 13:01:28 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 8C62A60950; Thu, 30 Nov 2017 13:00:49 +0000 (UTC) Received: from forward103j.mail.yandex.net (forward103j.mail.yandex.net [5.45.198.246]) by lists.linaro.org (Postfix) with ESMTPS id CBE2F6092C for ; Thu, 30 Nov 2017 13:00:27 +0000 (UTC) Received: from mxback2j.mail.yandex.net (mxback2j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10b]) by forward103j.mail.yandex.net (Yandex) with ESMTP id 859EB34C6A05 for ; Thu, 30 Nov 2017 16:00:26 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback2j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id haAHoGFWQ4-0Qx8KbxO; Thu, 30 Nov 2017 16:00:26 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0QGCbGmd; Thu, 30 Nov 2017 16:00:26 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:09 +0300 Message-Id: <1512046815-10630-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 10/16] linux-gen: packet: add flag for UDP-encapsulated IPsec packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ platform/linux-generic/include/odp/api/plat/packet_types.h | 1 + platform/linux-generic/odp_ipsec.c | 2 +- platform/linux-generic/odp_packet.c | 11 +++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/platform/linux-generic/include/odp/api/plat/packet_types.h b/platform/linux-generic/include/odp/api/plat/packet_types.h index 82fc66e53..128e83148 100644 --- a/platform/linux-generic/include/odp/api/plat/packet_types.h +++ b/platform/linux-generic/include/odp/api/plat/packet_types.h @@ -151,6 +151,7 @@ typedef union { uint64_t l3_chksum_done:1; /**< L3 checksum validation done */ uint64_t l4_chksum_done:1; /**< L4 checksum validation done */ + uint64_t ipsec_udp:1; /**< UDP-encapsulated IPsec packet */ }; } _odp_packet_input_flags_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 2f4c69924..8bf4ced4c 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -472,7 +472,7 @@ static int ipsec_in_esp_post(odp_packet_t pkt, ipsec_padding, esptrl.pad_len) != 0) return -1; - if (udp_encap) { + if (_ODP_IPPROTO_UDP == state->ip_next_hdr) { state->ip_hdr_len -= _ODP_UDPHDR_LEN; state->in.hdr_len += _ODP_UDPHDR_LEN; } diff --git a/platform/linux-generic/odp_packet.c b/platform/linux-generic/odp_packet.c index bdcb482fa..167f8cbc6 100644 --- a/platform/linux-generic/odp_packet.c +++ b/platform/linux-generic/odp_packet.c @@ -2141,6 +2141,17 @@ static inline void parse_udp(packet_parser_t *prs, if (odp_unlikely(udplen < sizeof(_odp_udphdr_t))) prs->error_flags.udp_err = 1; + if (odp_cpu_to_be_16(_ODP_UDP_IPSEC_PORT) == udp->dst_port && + udplen > 4) { + uint32_t val; + + memcpy(&val, udp + 1, 4); + if (val != 0) { + prs->input_flags.ipsec = 1; + prs->input_flags.ipsec_udp = 1; + } + } + if (offset) *offset += sizeof(_odp_udphdr_t); *parseptr += sizeof(_odp_udphdr_t); From patchwork Thu Nov 30 13:00:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120179 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp647808qgn; Thu, 30 Nov 2017 05:09:52 -0800 (PST) X-Google-Smtp-Source: AGs4zMb0NHV+YIvuqpOmDFI/lEudUOlvj7WT9NH0JfT84p1AlxL11Ckk+9yUigpm3j9c1ie3NxRd X-Received: by 10.200.24.185 with SMTP id s54mr3398629qtj.285.1512047392866; Thu, 30 Nov 2017 05:09:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047392; cv=none; d=google.com; s=arc-20160816; b=q8TAwezaSFGkpVH2qlHsB4WKiydxI0HNrbL7plXxFfAkF6EOFx1o8bCVwigd1tK+J0 ZarSfrO6mdqw+4nS1EE0t5/dhVAc4iA7IitPAA7nHaiOLfMx3Ff8lNHGRvIko+S4CZ8m pZeqqdyBoyTVx0LZO6LloXujadpqG6W2dx2pEqfYPmFLjRiEzLTivmqiMPtijr+Tu1Ui 9q7veWq5/NtpgmYpSizMls9+dO+AR5edukX9x938+y7fwF0HFP8xJsL8ClVAC0xMvysr CER88Y15fmODPYV7HZVEVVbbzBHaUg4kEzXScB6UnD6YRNQRDeMfqTLN/PSpTmJK9eVA Mwnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Xu+7Mh8WduA+yjIhW/0YymTo7z3NZHyu/R8Od02q1Wc=; b=vsXNPogJgFYRud+lW8K3bKF7IFRauKCGzslWk0yBOO9HFmkRrx+30o0lMbUTbCAIya OCCiwCMqN62HKV8s+k2jFJI+48QW30b6ifMPXOBs0507PHmez5AfD/5ftHp4bthY1UYN C/AvxOl2rntlgkyPbCNuq6W3xLHL89ZkwaNAFuuOODKUvZZB80kNd82OXiIO3NA9RX8L LbQHw938ex2LBTHzcj8VMXqAOPg5/1Cl6U+/mIKVfy189Th01uliK7I7uL1cSEXMgzzk rqKJUXx6iW+P5rN/qhf5D6F5+Jv/I947x4u+dndBCML5T1h10jT1trdLDhOD3GB0bkDm e3Bg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id r7si1252494qtd.4.2017.11.30.05.09.52; Thu, 30 Nov 2017 05:09:52 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 701C160969; Thu, 30 Nov 2017 13:09:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 1B77F6096B; Thu, 30 Nov 2017 13:01:25 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id EFB2A60951; Thu, 30 Nov 2017 13:00:47 +0000 (UTC) Received: from forward103j.mail.yandex.net (forward103j.mail.yandex.net [5.45.198.246]) by lists.linaro.org (Postfix) with ESMTPS id 738FF6092D for ; Thu, 30 Nov 2017 13:00:28 +0000 (UTC) Received: from mxback6j.mail.yandex.net (mxback6j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10f]) by forward103j.mail.yandex.net (Yandex) with ESMTP id 618BF34C44DE for ; Thu, 30 Nov 2017 16:00:27 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback6j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id csDFizdbgr-0RG4PD7u; Thu, 30 Nov 2017 16:00:27 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0QGmBFlI; Thu, 30 Nov 2017 16:00:26 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:10 +0300 Message-Id: <1512046815-10630-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 11/16] validation: add UDP-encapsulated IPsec test cases X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ test/validation/api/ipsec/ipsec_test_in.c | 134 +++++++++++++++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 66 ++++++++++++++ test/validation/api/ipsec/test_vectors.h | 99 +++++++++++++++++++++ 3 files changed, 299 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 15e1fe14f..6262f4cb5 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -376,6 +376,69 @@ static void test_in_ipv4_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_in_ipv4_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv4_esp_udp_null_sha256_lookup(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ipv4_ah_sha256_noreplay(void) { odp_ipsec_sa_param_t param; @@ -1317,6 +1380,69 @@ static void test_in_ipv6_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_in_ipv6_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ipv6_esp_udp_null_sha256_lookup(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1, + .lookup = 1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -1372,6 +1498,10 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_esp_udp_null_sha256_lookup, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_noreplay, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_ah_sha256_replay, @@ -1410,5 +1540,9 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_udp_null_sha256_lookup, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index f4e71dced..2ee8a1319 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -283,6 +283,37 @@ static void test_out_ipv4_esp_aes_cbc_null(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_udp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv4_esp_aes_cbc_sha256(void) { odp_ipsec_sa_param_t param; @@ -695,6 +726,37 @@ static void test_out_ipv6_esp_null_sha256_tun_ipv6(void) ipsec_sa_destroy(sa); } +static void test_out_ipv6_esp_udp_null_sha256(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.opt.udp_encap = 1; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv6_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv6_icmp_0_esp_udp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -716,6 +778,8 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_null, ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_aes_cbc_sha256, @@ -740,5 +804,7 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_null_sha256_tun_ipv6, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_esp_udp_null_sha256, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 211f349d0..a6b8616b6 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -517,6 +517,53 @@ static const ODP_UNUSED ipsec_test_packet }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv4_icmp_0_esp_udp_null_sha256_1 = { + .len = 178, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x11, 0xab, 0xf3, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* UDP encap */ + 0x11, 0x94, 0x11, 0x94, 0x00, 0x90, 0x00, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0xe9, 0x81, 0xcd, 0x65, 0x9b, 0x25, 0x0b, 0x33, + 0xe2, 0xf3, 0x83, 0xf1, 0x6d, 0x14, 0xb4, 0x1f, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_ipv4_icmp_0_esp_null_sha256_1_bad1 = { .len = 170, @@ -1683,4 +1730,56 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = { }, }; +static const ODP_UNUSED ipsec_test_packet + pkt_ipv6_icmp_0_esp_udp_null_sha256_1 = { + .len = 206, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 62, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x86, 0xdd, + + /* IP v6 */ + 0x60, 0x00, 0x00, 0x00, 0x00, 0x98, 0x00, 0x40, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x11, 0x43, 0xff, 0xfe, 0x4a, 0xd7, 0x0a, + 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, + + /* Hop-by-Hop */ + 0x11, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, + + /* UDP encap */ + 0x11, 0x94, 0x11, 0x94, 0x00, 0x90, 0x00, 0x00, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x3a, + + /* ICV */ + 0x20, 0xa6, 0x89, 0x7b, 0x0a, 0x52, 0x5b, 0xca, + 0x98, 0x56, 0xd1, 0xfe, 0x56, 0xc7, 0xa4, 0x5b, + }, +}; + #endif From patchwork Thu Nov 30 13:00:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120182 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp651471qgn; Thu, 30 Nov 2017 05:12:49 -0800 (PST) X-Google-Smtp-Source: AGs4zMZVjOW/ShkSMLYJRQASxdB71l65gDyvoKb8pCvOyRAKMJJt12b0mmpW5mqfFSQ8LuIYi3Qp X-Received: by 10.55.221.80 with SMTP id n77mr2590536qki.279.1512047569129; Thu, 30 Nov 2017 05:12:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047569; cv=none; d=google.com; s=arc-20160816; b=M83cGCjGT0r0R0RYMvblBM3ejxHB51vkEEmODNXWa7dimHucopnS2iOv0ZhseVrcTE eKXvUp05RomBdUpfAM6YEZ2/jscLeMrPuySUmy5b3uC5RZjHu2hEt6BhqtozSDpSfszh gRHd3Z7SqFfPqV0EtbKBCz440c/xdowwK/1j7LR5SwJ3nePpR5YG8UZdtYMPLPnDwfZh tAvqkbx7CiXpiJfEFKyyDWrFUlxqU0NDkgyk+K4tjH+wkwyb6N/EHcJBKtZyxRfyZs5W 0EbRDcWnV7UvGwYWjKbxeH46bYGbXdI1zjL0KxinPWTfOMMPlhUrYBm7Ux/+J848RqVW 774w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=soyQvONBMmVDouG+JFW1dInH7gO79o87Hx7HDxIgTYk=; b=ixDFcCd23/2T2fvoQd3Qv0xUZ7SR9loDtg68GGE34PJEsO7ibIO6At+rd63r4hBJ0V dSFHSi2JM8pzLz1NJs1s+VpayTy67OTYVlS1X/LU3FCWV23N7M2wsje6u1jTDdRt70IW mwLOeFaZ7snGHo/P3z69xlxlxMD6ybKlFRoWuNsgMvhcC1wx6ByM3HUGabOF+1lz/fky gyJfm/HtHwEC0k42zKGHqR94ZhV5KDQs/QjsfWc+emjxUODrCVBTPux6rLvw4Sty4/CW vrwPecMhchLF4nrG/ihrqk63d5zwMeZo8XHtGJOhzmc/dHZCSx2Nm8wR4ri8f7iw/VFI tA7g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id d200si742247qkc.60.2017.11.30.05.12.48; Thu, 30 Nov 2017 05:12:49 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id BDA1B6097C; Thu, 30 Nov 2017 13:12:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 1913260982; Thu, 30 Nov 2017 13:01:46 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 4A3DC6092C; Thu, 30 Nov 2017 13:00:50 +0000 (UTC) Received: from forward102p.mail.yandex.net (forward102p.mail.yandex.net [77.88.28.102]) by lists.linaro.org (Postfix) with ESMTPS id 10E2D60190 for ; Thu, 30 Nov 2017 13:00:29 +0000 (UTC) Received: from mxback4o.mail.yandex.net (mxback4o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1e]) by forward102p.mail.yandex.net (Yandex) with ESMTP id F2D0D4306B2D for ; Thu, 30 Nov 2017 16:00:27 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback4o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id iwD2xyR7Am-0RJ4E9j4; Thu, 30 Nov 2017 16:00:27 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0RGabuiV; Thu, 30 Nov 2017 16:00:27 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:11 +0300 Message-Id: <1512046815-10630-13-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 12/16] linux-gen: ipsec: store mtu and frag_mode in SA X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ platform/linux-generic/include/odp_ipsec_internal.h | 2 ++ platform/linux-generic/odp_ipsec_sad.c | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 822c9016b..c6f241fac 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -156,6 +156,8 @@ struct ipsec_sa_s { struct { odp_atomic_u64_t counter; /* for CTR/GCM */ odp_atomic_u32_t seq; + odp_ipsec_frag_mode_t frag_mode; + uint32_t mtu; union { struct { diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 82b3c4522..2d6321166 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -230,6 +230,8 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); + ipsec_sa->out.frag_mode = param->outbound.frag_mode; + ipsec_sa->out.mtu = param->outbound.mtu; } ipsec_sa->dec_ttl = param->opt.dec_ttl; ipsec_sa->copy_dscp = param->opt.copy_dscp; @@ -489,10 +491,16 @@ uint64_t odp_ipsec_sa_to_u64(odp_ipsec_sa_t sa) int odp_ipsec_sa_mtu_update(odp_ipsec_sa_t sa, uint32_t mtu) { - (void)sa; - (void)mtu; + ipsec_sa_t *ipsec_sa; + + ipsec_sa = _odp_ipsec_sa_use(sa); + ODP_ASSERT(NULL != ipsec_sa); - return -1; + ipsec_sa->out.mtu = mtu; + + _odp_ipsec_sa_unuse(ipsec_sa); + + return 0; } ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) From patchwork Thu Nov 30 13:00:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120193 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp661220qgn; Thu, 30 Nov 2017 05:21:12 -0800 (PST) X-Google-Smtp-Source: AGs4zMbc2LqC6a7vcch9S9FHTig8miSLzVPb2nQzbrn3DrKsrqrnfl461hpWTMvSLE0X7YZVol7t X-Received: by 10.200.24.221 with SMTP id o29mr3399412qtk.281.1512048072697; Thu, 30 Nov 2017 05:21:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512048072; cv=none; d=google.com; s=arc-20160816; b=gLc0Av56shDIVGedvLHtN7cNADW2qzMgh5N19m7oaVjCJv5p6JtIBDdZppTL83SPch KUv/hmYD1hmW58sdMmNcsZdzYqe1QPqN9gtMcJsft4E/78TsDn8aXtQewjK31onvY+Bd KIiBZWFiSCFqUW5naOLLVAWtax/5cDhzVrTTVFaz2vxjc78ayxF/2Mv20KSkTd8se/wj PdbIjDCIBDw1udPXhRAkPeaNVI1rAJRDUgXdA1cvfUW9PgKjzuggagblOTnkc1XKrlHv 8ifnNf6lSfSEZE6rz+B85jAy93TQfZNzn7uHxJ+d7G9SsoIXPk2nW6fwfLtrCsPkoWBT W4Jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=gFppNeynTp8q0YAh21C0BWVJdNXUzFUD7fuq7C5g7As=; b=mp+sJb96R3z6OBSwvOQteBqvHOm5brP1TZsWK8yz3Z9HAUCisXqdCbvxutluo+dI8g f57Kopx+yBa7NPMhu3SXVuPhtxLq5VvyZzM+f8hpmr20pyAekbaedmytqq0A001P79/s 9m/91l6+F8fz0FrEZvvzbQk5CYBX86sdN7RO0DFIknI3ZyiA9W1Dhvm0zGFXFL7hdwiz HiXxXQ0MF1Yjd7cdMYQKBbrVchac+tWpwjJnwgaEaH+HxNYpR4BkAdXUlXk44eOxrstu 7Rqc5h7bwpH3MNfMDAy+fm3OeYaF+Do84h9Gi+7l6KEB4oEecgbo9Ri3nKk1pBXDlWqQ Jz1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id a20si1119970qtk.136.2017.11.30.05.21.12; Thu, 30 Nov 2017 05:21:12 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6CA3F609B1; Thu, 30 Nov 2017 13:21:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 21D3B609C0; Thu, 30 Nov 2017 13:02:22 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 18BE360902; Thu, 30 Nov 2017 13:02:00 +0000 (UTC) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [37.140.190.181]) by lists.linaro.org (Postfix) with ESMTPS id 1934A6082E for ; Thu, 30 Nov 2017 13:00:38 +0000 (UTC) Received: from mxback9o.mail.yandex.net (mxback9o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::23]) by forward101o.mail.yandex.net (Yandex) with ESMTP id 8B2091341942 for ; Thu, 30 Nov 2017 16:00:28 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback9o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id jGLiTCPNxP-0SW0vcaD; Thu, 30 Nov 2017 16:00:28 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0SG0lXla; Thu, 30 Nov 2017 16:00:28 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:12 +0300 Message-Id: <1512046815-10630-14-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 13/16] api, linux-gen: ipsec: constify in/out params X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Mark all input and out params as constants Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ include/odp/api/spec/ipsec.h | 6 +++--- platform/linux-generic/odp_ipsec.c | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 4a33af8ea..cd168d080 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -1021,13 +1021,13 @@ typedef struct odp_ipsec_out_param_t { int num_opt; /** Pointer to an array of IPSEC SAs */ - odp_ipsec_sa_t *sa; + const odp_ipsec_sa_t *sa; /** Pointer to an array of outbound operation options * * May be NULL when num_opt is zero. */ - odp_ipsec_out_opt_t *opt; + const odp_ipsec_out_opt_t *opt; } odp_ipsec_out_param_t; @@ -1055,7 +1055,7 @@ typedef struct odp_ipsec_in_param_t { * * May be NULL when num_sa is zero. */ - odp_ipsec_sa_t *sa; + const odp_ipsec_sa_t *sa; } odp_ipsec_in_param_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 8bf4ced4c..3c539b515 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -1228,7 +1228,7 @@ static void ipsec_out_ah_post(ipsec_state_t *state, odp_packet_t pkt) static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, odp_ipsec_sa_t sa, odp_packet_t *pkt_out, - odp_ipsec_out_opt_t *opt ODP_UNUSED, + const odp_ipsec_out_opt_t *opt ODP_UNUSED, odp_ipsec_op_status_t *status) { ipsec_state_t state; @@ -1402,7 +1402,7 @@ int odp_ipsec_in(const odp_packet_t pkt_in[], int num_in, return in_pkt; } -static odp_ipsec_out_opt_t default_opt = { +static const odp_ipsec_out_opt_t default_opt = { .mode = ODP_IPSEC_FRAG_DISABLED, }; @@ -1426,7 +1426,7 @@ int odp_ipsec_out(const odp_packet_t pkt_in[], int num_in, odp_ipsec_sa_t sa; ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; - odp_ipsec_out_opt_t *opt; + const odp_ipsec_out_opt_t *opt; memset(&status, 0, sizeof(status)); @@ -1534,7 +1534,7 @@ int odp_ipsec_out_enq(const odp_packet_t pkt_in[], int num_in, odp_ipsec_sa_t sa; ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; - odp_ipsec_out_opt_t *opt; + const odp_ipsec_out_opt_t *opt; odp_queue_t queue; memset(&status, 0, sizeof(status)); @@ -1626,7 +1626,7 @@ int odp_ipsec_out_inline(const odp_packet_t pkt_in[], int num_in, odp_ipsec_sa_t sa; ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; - odp_ipsec_out_opt_t *opt; + const odp_ipsec_out_opt_t *opt; uint32_t hdr_len, offset; const void *ptr; From patchwork Thu Nov 30 13:00:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120186 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp658140qgn; Thu, 30 Nov 2017 05:18:28 -0800 (PST) X-Google-Smtp-Source: AGs4zMbcMbOMZRHl5MFOFgwKkEzFr7EpEOV0yqt0bgke2/ldvy2QyJuunM4BHrHCBacbEXE6zIyf X-Received: by 10.55.15.18 with SMTP id z18mr2560680qkg.200.1512047908649; Thu, 30 Nov 2017 05:18:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047908; cv=none; d=google.com; s=arc-20160816; b=tvpq1ML5ot92vDrFSBgugRhTsti2nnL7nxyF/IV1NCBaz88+9RykmN/K8ApEyNKya0 wCrXyuRZM12b0+rRF9aF3MkI5fo3CIhXvc2NoqNvf267B1MzTq7yJKYQBLlgYKMeY6Eq bY8X4LiLnnZrukdui8bMdeT2IIpk1ypDP4GYHyRUWXODmgEsVhYE7YhlUgXFy8w0XrUs 8mbnKfM4mqsb5ZV/SXTnQ3ZtXvv92apQPnt1bXy5F4NKQgJ3BhOhrjEsunwDmHYXiccT 4Tg7hsZuTCjahdjzw2NlAzQz2FubocQGGpViJICV4seqDe/Bw3NoF17ppMdXRbEq1lcR HcQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=wgvmMfdDd8ZxkwN7DxhPSm/p+9xxRhH02gLGch5fQBw=; b=BjOYMk3grwGQx1C/RA9AwpQC3mvGW6IxCnZ/Wqx87Q5mL7Gds7qARf4RAFFMRtJXeF firvWzWHnrE/20NbnUTUefBKtes1FqEVasNPJj+tTPmAwjHSS9mo5pCGtQUM89Mqwt6G HTm636s//n9GE/hXfiOxHk8Yzs++o99qlky18jgjxw3RRYLpQNP6ZMF61adNsd/W51bk netHg52b0885xMumr5Z+fJtp+AyYukPXPIteLdBP2B4xbGfH4zGU2/bL9/kU2mCknNv7 gx9AH2h5rBlZ1M8i/pYH9Jlkzjqjldnzf9ecyW38Kq7I6f/cTT9JeOUueuaE/8yK+zaf /EFg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id q189si4147056qkd.451.2017.11.30.05.18.28; Thu, 30 Nov 2017 05:18:28 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 58C2B60999; Thu, 30 Nov 2017 13:18:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 620986099E; Thu, 30 Nov 2017 13:02:06 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 0EB1160905; Thu, 30 Nov 2017 13:00:54 +0000 (UTC) Received: from forward104o.mail.yandex.net (forward104o.mail.yandex.net [37.140.190.179]) by lists.linaro.org (Postfix) with ESMTPS id 80DD460593 for ; Thu, 30 Nov 2017 13:00:30 +0000 (UTC) Received: from mxback4j.mail.yandex.net (mxback4j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10d]) by forward104o.mail.yandex.net (Yandex) with ESMTP id 284C0702C33 for ; Thu, 30 Nov 2017 16:00:29 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback4j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id TqYsGNSNwO-0TDug9a4; Thu, 30 Nov 2017 16:00:29 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0SGCicVL; Thu, 30 Nov 2017 16:00:28 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:13 +0300 Message-Id: <1512046815-10630-15-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 14/16] linux-gen: ipsec: support ODP_IPSEC_FRAG_CHECK X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Support checking MTU after IPsec transformation. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ platform/linux-generic/odp_ipsec.c | 39 ++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 3c539b515..a393c5051 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -990,7 +990,8 @@ static int ipsec_out_esp(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, odp_crypto_packet_op_param_t *param, - odp_ipsec_op_status_t *status) + odp_ipsec_op_status_t *status, + uint32_t mtu) { _odp_esphdr_t esp; _odp_esptrl_t esptrl; @@ -1026,6 +1027,11 @@ static int ipsec_out_esp(odp_packet_t *pkt, udphdr.chksum = 0; /* should be 0 by RFC */ } + if (state->ip_tot_len + hdr_len + trl_len > mtu) { + status->error.mtu = 1; + return -1; + } + if (ipsec_out_iv(state, ipsec_sa) < 0) { status->error.alg = 1; return -1; @@ -1124,7 +1130,8 @@ static int ipsec_out_ah(odp_packet_t *pkt, ipsec_state_t *state, ipsec_sa_t *ipsec_sa, odp_crypto_packet_op_param_t *param, - odp_ipsec_op_status_t *status) + odp_ipsec_op_status_t *status, + uint32_t mtu) { _odp_ahhdr_t ah; unsigned hdr_len = _ODP_AHHDR_LEN + ipsec_sa->esp_iv_len + @@ -1132,6 +1139,11 @@ static int ipsec_out_ah(odp_packet_t *pkt, uint16_t ipsec_offset = state->ip_offset + state->ip_hdr_len; uint8_t proto = _ODP_IPPROTO_AH; + if (state->ip_tot_len + hdr_len > mtu) { + status->error.mtu = 1; + return -1; + } + memset(&ah, 0, sizeof(ah)); ah.spi = odp_cpu_to_be_32(ipsec_sa->spi); ah.seq_no = odp_cpu_to_be_32(ipsec_seq_no(ipsec_sa)); @@ -1228,7 +1240,7 @@ static void ipsec_out_ah_post(ipsec_state_t *state, odp_packet_t pkt) static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, odp_ipsec_sa_t sa, odp_packet_t *pkt_out, - const odp_ipsec_out_opt_t *opt ODP_UNUSED, + const odp_ipsec_out_opt_t *opt, odp_ipsec_op_status_t *status) { ipsec_state_t state; @@ -1237,6 +1249,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, int rc; odp_crypto_packet_result_t crypto; /**< Crypto operation result */ odp_packet_hdr_t *pkt_hdr; + uint32_t mtu; state.ip_offset = odp_packet_l3_offset(pkt); ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != state.ip_offset); @@ -1247,6 +1260,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_use(sa); ODP_ASSERT(NULL != ipsec_sa); + if ((opt && opt->mode == ODP_IPSEC_FRAG_CHECK) || + (!opt && ipsec_sa->out.frag_mode == ODP_IPSEC_FRAG_CHECK)) + mtu = ipsec_sa->out.mtu; + else + mtu = UINT32_MAX; + /* Initialize parameters block */ memset(¶m, 0, sizeof(param)); @@ -1281,9 +1300,9 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, } if (ODP_IPSEC_ESP == ipsec_sa->proto) { - rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status); + rc = ipsec_out_esp(&pkt, &state, ipsec_sa, ¶m, status, mtu); } else if (ODP_IPSEC_AH == ipsec_sa->proto) { - rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status); + rc = ipsec_out_ah(&pkt, &state, ipsec_sa, ¶m, status, mtu); } else { status->error.alg = 1; goto err; @@ -1402,10 +1421,6 @@ int odp_ipsec_in(const odp_packet_t pkt_in[], int num_in, return in_pkt; } -static const odp_ipsec_out_opt_t default_opt = { - .mode = ODP_IPSEC_FRAG_DISABLED, -}; - int odp_ipsec_out(const odp_packet_t pkt_in[], int num_in, odp_packet_t pkt_out[], int *num_out, const odp_ipsec_out_param_t *param) @@ -1434,7 +1449,7 @@ int odp_ipsec_out(const odp_packet_t pkt_in[], int num_in, ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; @@ -1543,7 +1558,7 @@ int odp_ipsec_out_enq(const odp_packet_t pkt_in[], int num_in, ODP_ASSERT(ODP_IPSEC_SA_INVALID != sa); if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; @@ -1640,7 +1655,7 @@ int odp_ipsec_out_inline(const odp_packet_t pkt_in[], int num_in, } if (0 == param->num_opt) - opt = &default_opt; + opt = NULL; else opt = ¶m->opt[opt_idx]; From patchwork Thu Nov 30 13:00:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120185 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp657361qgn; Thu, 30 Nov 2017 05:17:48 -0800 (PST) X-Google-Smtp-Source: AGs4zMYsR+3brb8he5XQjDsIh3G4e100Uf7uCSXbJVJOYbDXDd2sYsPN5Aa+7neXOCuhYIMD57xe X-Received: by 10.237.59.22 with SMTP id p22mr3354569qte.34.1512047868291; Thu, 30 Nov 2017 05:17:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047868; cv=none; d=google.com; s=arc-20160816; b=ihm0UTYVhG8bYJtqZwDmJOb6JXVyxXjOfRnihQkDalp8PW6rfoDjEEhsYbOEkz4Cgp 2KlQGnTnOdvDk8DraDjyCSSgs5BZSxyDllj5yMpfuuqhJBYTSf9PaQTdDYZUwUyQ+/I3 Ip8lPlwHNnpeccNplZcisFzUe4eXpDhnMGnV+8KYikCMsXEWHSdvtWiRKt8L9sPStm1e FMt1yyGjJLkB/nCaRDfX9Br/Hox+UZhDK5DnKcTWcSYV2Z/cP+rGlPH7gQEdP5wSCqI8 nwjFKzgnFeUED5+0UuAAHvvW2GAUYKHVJkxhZbbNQFuEnZclsb2jvASIQP9cRFQKo5jF P75Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=RaU7wbhvxgZlxsgWSlWo+lIwb0w4vU8qRCNgYXIBEvk=; b=ya4KS+gopXXP29ZybqKFo4OpDXGZpf5RLny9t3dZfjlxiqUzg/bsTdcvADTexq2xzx wn5/OdeBalSoWjeGBtrG3I48kqCeNIBmwbuhWm0e515KXtW9ZruzoSy/HPAN20RilTyi j2bGJCGHuY4e9HVC20+4BXOrQNqnsR9/S09Q1ihzFDOhLrqcykATp1vAtGqUU9rhWX1v AO2ayiW6NgAkUqY2tQTjWX+zuAuJo8QDu73zcr6j1SjJx6N0TUeN9/2RyuTjaKsOFYFa rQT/nKbpQBwIqEDfDqKh62VoaBoqZPUwQG8FefXb5Cr42dbj2Z0WrtBCTfJnlBrthcPj mx8A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id l13si279083qtf.336.2017.11.30.05.17.48; Thu, 30 Nov 2017 05:17:48 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id F33B860983; Thu, 30 Nov 2017 13:17:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 1EA5D6098D; Thu, 30 Nov 2017 13:02:03 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 88AFE607EC; Thu, 30 Nov 2017 13:00:53 +0000 (UTC) Received: from forward100j.mail.yandex.net (forward100j.mail.yandex.net [5.45.198.240]) by lists.linaro.org (Postfix) with ESMTPS id A5B31607EC for ; Thu, 30 Nov 2017 13:00:30 +0000 (UTC) Received: from mxback4g.mail.yandex.net (mxback4g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:165]) by forward100j.mail.yandex.net (Yandex) with ESMTP id 95C385D8433A for ; Thu, 30 Nov 2017 16:00:29 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback4g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id tJiKibEfwK-0TYuEuKl; Thu, 30 Nov 2017 16:00:29 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0TGmsjoS; Thu, 30 Nov 2017 16:00:29 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:14 +0300 Message-Id: <1512046815-10630-16-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 15/16] validation: ipsec: fix out inline with NULL pkt_out X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov pkt_out can be NULL if we expect an error. IPsec outbound inline needs proper outer header to function. Pass L2 header from inbound packet if outbound packet is NULL. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ test/validation/api/ipsec/ipsec.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 7b39c2c5a..aa46a236e 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -583,10 +583,18 @@ static int ipsec_send_out_one(const ipsec_test_part *part, } else { struct odp_ipsec_out_inline_param_t inline_param; odp_queue_t queue; - uint32_t hdr_len = part->out[0].pkt_out->l3_offset; - uint8_t hdr[hdr_len]; + uint32_t hdr_len; + uint8_t hdr[32]; - memcpy(hdr, part->out[0].pkt_out->data, hdr_len); + if (NULL != part->out[0].pkt_out) { + hdr_len = part->out[0].pkt_out->l3_offset; + CU_ASSERT_FATAL(hdr_len <= sizeof(hdr)); + memcpy(hdr, part->out[0].pkt_out->data, hdr_len); + } else { + hdr_len = part->pkt_in->l3_offset; + CU_ASSERT_FATAL(hdr_len <= sizeof(hdr)); + memcpy(hdr, part->pkt_in->data, hdr_len); + } inline_param.pktio = suite_context.pktio; inline_param.outer_hdr.ptr = hdr; inline_param.outer_hdr.len = hdr_len; From patchwork Thu Nov 30 13:00:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 120187 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp659005qgn; Thu, 30 Nov 2017 05:19:13 -0800 (PST) X-Google-Smtp-Source: AGs4zMaZ0Fq9SPrkjwH8tjmuRNsUUSES/CtaBsLMHVMHHi+O8Zwp/GfLxKO9a54+W7c/iGfO4fOS X-Received: by 10.55.174.132 with SMTP id x126mr2732169qke.101.1512047953083; Thu, 30 Nov 2017 05:19:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512047953; cv=none; d=google.com; s=arc-20160816; b=ZYR/dvAmSd7yKIa2o9FlTg1+/6CiLnkbIUFocrnKA4gLCKWMhzXl0XVLCiVs8ZhmUq ZAAE13nwrr7Id27iQ7zAvNWmts8jnlrCkFdl+pi/XWcwj0cJqVQwFAcaw0kQRsbnC56C +yIia/4rZoN+MGPznWEA6c1SaQM4nRT6OgQEBRV66jVt/+hiV9VpU4IjaBoSTS1yDFFI Y7Kh1wjaUcqiamYs7JAkERdeER2hKYuKbyfzfxNBsN2zVgClK7raNxDor9rs+iUDrFG9 HS3dcYr6AzZBL7Z+92zmTY44KLsSi/rMVADZpFb+tgSWGV1IPJf0468jP6B5mmp8b6KQ 54PA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=BuVTBRhkBtA7mghOM175J0SSoYaog1pck7rZaFgPRjw=; b=NVwVD9HMg1FKI25HvmK/GVeqHJyDQp0gcbU6ehG87JUD2AfLP/HUGSsPACkkWBCCs3 aPMCdPnMh2fcpd+nYQ8+FEO4YpjSd729iFzH4n/wLTOYi5cvw5lJfp7GCcTQ81YIyK03 q16pf7BKTj0H2dTaSDmj/2/ZBUq5QXtBPwGvl3ASjWqUl7Ky0peYkxQnhzV3Jlkj5y5H 4nnJsJJaNIA5TpTMYwilLdZ4pS04I/D8xM86w9ToIXA1+MtixK9LBAqhnP6LKIyAqeGA /Of8qrfIw75DvT+qWn6vN+sRXT8JNouGAOKerqJ8s1YdnU1cz2F4j8Am4AHHV761lzb4 yUOQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 5si4268404qkf.210.2017.11.30.05.19.12; Thu, 30 Nov 2017 05:19:13 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id A8DE06099C; Thu, 30 Nov 2017 13:19:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id B54EB609A2; Thu, 30 Nov 2017 13:02:12 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 7AF1760997; Thu, 30 Nov 2017 13:01:53 +0000 (UTC) Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net [37.140.190.182]) by lists.linaro.org (Postfix) with ESMTPS id B990F60939 for ; Thu, 30 Nov 2017 13:00:31 +0000 (UTC) Received: from mxback2g.mail.yandex.net (mxback2g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:163]) by forward102o.mail.yandex.net (Yandex) with ESMTP id 47EE25A073DE for ; Thu, 30 Nov 2017 16:00:30 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback2g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id lTkY0QgHi6-0UHiOPkD; Thu, 30 Nov 2017 16:00:30 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nOB9mYWTNF-0TGOkmgZ; Thu, 30 Nov 2017 16:00:29 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 30 Nov 2017 16:00:15 +0300 Message-Id: <1512046815-10630-17-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> References: <1512046815-10630-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 304 Subject: [lng-odp] [PATCH API-NEXT v8 16/16] validation: ipsec: add ODP_IPSEC_FRAG_CHECK checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 304 (lumag:ipsec-ipv6-2) ** https://github.com/Linaro/odp/pull/304 ** Patch: https://github.com/Linaro/odp/pull/304.patch ** Base sha: 4cb02e1caccb9179575e95448fd46979e17d0905 ** Merge commit sha: 6f6906b608f0626d119b255b3733a4a0863aa8d1 **/ test/validation/api/ipsec/ipsec.c | 4 +- test/validation/api/ipsec/ipsec.h | 2 + test/validation/api/ipsec/ipsec_test_out.c | 194 +++++++++++++++++++++++++++++ 3 files changed, 198 insertions(+), 2 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index aa46a236e..097216730 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -556,8 +556,8 @@ static int ipsec_send_out_one(const ipsec_test_part *part, memset(¶m, 0, sizeof(param)); param.num_sa = 1; param.sa = &sa; - param.num_opt = 0; - param.opt = NULL; + param.num_opt = part->num_opt; + param.opt = &part->opt; if (ODP_IPSEC_OP_MODE_SYNC == suite_context.outbound_op_mode) { CU_ASSERT_EQUAL(part->out_pkt, odp_ipsec_out(&pkt, 1, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index 9a24dd38c..f2ebd388c 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -45,6 +45,8 @@ typedef struct { typedef struct { const ipsec_test_packet *pkt_in; odp_bool_t lookup; + int num_opt; + odp_ipsec_out_opt_t opt; int out_pkt; struct { odp_ipsec_op_status_t status; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 2ee8a1319..4751e6ec8 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -500,6 +500,192 @@ static void test_out_ipv4_esp_null_aes_gmac_128(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_ah_sha256_frag_check(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .num_opt = 1, + .opt = { .mode = ODP_IPSEC_FRAG_DISABLED, }, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_ah_sha256_frag_check_2(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_ah_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + odp_ipsec_sa_mtu_update(sa, 256); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_esp_null_sha256_frag_check(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .num_opt = 1, + .opt = { .mode = ODP_IPSEC_FRAG_DISABLED, }, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + +static void test_out_ipv4_esp_null_sha256_frag_check_2(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + + param.outbound.frag_mode = ODP_IPSEC_FRAG_CHECK; + param.outbound.mtu = 100; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.mtu = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test2 = { + .pkt_in = &pkt_ipv4_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_ipv4_icmp_0_esp_null_sha256_1 }, + }, + }; + + ipsec_check_out_one(&test, sa); + + odp_ipsec_sa_mtu_update(sa, 256); + + ipsec_check_out_one(&test2, sa); + + ipsec_sa_destroy(sa); +} + static void test_out_ipv6_ah_sha256(void) { odp_ipsec_sa_param_t param; @@ -792,6 +978,14 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_ah_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_aes_gmac_128, ipsec_check_esp_null_aes_gmac_128), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_ah_sha256_frag_check_2, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_frag_check, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_esp_null_sha256_frag_check_2, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv6_ah_sha256_tun_ipv4,