diff mbox series

[API-NEXT,v4,8/8] validation: ipsec: support AES-GMAC-ESP validation

Message ID 1510488007-21101-9-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [API-NEXT,v4,1/8] linux-gen: ipsec: use counter instead of random IV for GCM | expand

Commit Message

Github ODP bot Nov. 12, 2017, noon UTC
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Add AES-GMAC-ESP testcase based on draft-mcgrew-gcm-test-01.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969
 ** Merge commit sha: 9fff58cf77d87306efed89f77e84f957850623d5
 **/
 test/validation/api/ipsec/ipsec.c          | 10 +++++
 test/validation/api/ipsec/ipsec.h          |  1 +
 test/validation/api/ipsec/ipsec_test_in.c  | 33 ++++++++++++++++
 test/validation/api/ipsec/ipsec_test_out.c | 44 ++++++++++++++++++++++
 test/validation/api/ipsec/test_vectors.h   | 60 ++++++++++++++++++++++++++++++
 5 files changed, 148 insertions(+)
diff mbox series

Patch

diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c
index fb5f7863e..8d63c36a1 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -201,6 +201,10 @@  int ipsec_check(odp_bool_t ah,
 		if (!capa.auths.bit.aes_gcm)
 			return ODP_TEST_INACTIVE;
 		break;
+	case ODP_AUTH_ALG_AES_GMAC:
+		if (!capa.auths.bit.aes_gmac)
+			return ODP_TEST_INACTIVE;
+		break;
 	default:
 		fprintf(stderr, "Unsupported authentication algorithm\n");
 		return ODP_TEST_INACTIVE;
@@ -284,6 +288,12 @@  int ipsec_check_esp_aes_gcm_256(void)
 				ODP_AUTH_ALG_AES_GCM, 0);
 }
 
+int ipsec_check_esp_null_aes_gmac_128(void)
+{
+	return  ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0,
+				ODP_AUTH_ALG_AES_GMAC, 128);
+}
+
 void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
 			 odp_bool_t in,
 			 odp_bool_t ah,
diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h
index 9dd0feabf..4532fe7ce 100644
--- a/test/validation/api/ipsec/ipsec.h
+++ b/test/validation/api/ipsec/ipsec.h
@@ -86,5 +86,6 @@  int ipsec_check_esp_aes_cbc_128_null(void);
 int ipsec_check_esp_aes_cbc_128_sha256(void);
 int ipsec_check_esp_aes_gcm_128(void);
 int ipsec_check_esp_aes_gcm_256(void);
+int ipsec_check_esp_null_aes_gmac_128(void);
 
 #endif
diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c
index 25fc00e11..8e692f678 100644
--- a/test/validation/api/ipsec/ipsec_test_in.c
+++ b/test/validation/api/ipsec/ipsec_test_in.c
@@ -752,6 +752,37 @@  static void test_in_mcgrew_gcm_12_esp(void)
 	ipsec_sa_destroy(sa);
 }
 
+static void test_in_mcgrew_gcm_15_esp(void)
+{
+	odp_ipsec_tunnel_param_t tunnel = {};
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 0x00004321, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_AES_GMAC, &key_mcgrew_gcm_15,
+			    &key_mcgrew_gcm_salt_15);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_mcgrew_gcm_test_15_esp,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_mcgrew_gcm_test_15},
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
 static void ipsec_test_capability(void)
 {
 	odp_ipsec_capability_t capa;
@@ -779,6 +810,8 @@  odp_testinfo_t ipsec_in_suite[] = {
 				  ipsec_check_esp_aes_gcm_128),
 	ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_12_esp,
 				  ipsec_check_esp_aes_gcm_128),
+	ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_15_esp,
+				  ipsec_check_esp_null_aes_gmac_128),
 	ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256,
 				  ipsec_check_ah_sha256),
 	ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun,
diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c
index 39a3c30ff..7be07d095 100644
--- a/test/validation/api/ipsec/ipsec_test_out.c
+++ b/test/validation/api/ipsec/ipsec_test_out.c
@@ -319,6 +319,48 @@  static void test_out_esp_aes_gcm128(void)
 	ipsec_sa_destroy(sa);
 }
 
+static void test_out_esp_aes_null_gmac128(void)
+{
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+	odp_ipsec_sa_t sa2;
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_AES_GMAC, &key_a5_128,
+			    &key_mcgrew_gcm_salt_2);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 123, NULL,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_AES_GMAC, &key_a5_128,
+			    &key_mcgrew_gcm_salt_2);
+
+	sa2 = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_icmp_0,
+		.out_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .pkt_out = &pkt_icmp_0 },
+		},
+	};
+
+	ipsec_check_out_in_one(&test, sa, sa2);
+
+	ipsec_sa_destroy(sa2);
+	ipsec_sa_destroy(sa);
+}
+
 static void ipsec_test_capability(void)
 {
 	odp_ipsec_capability_t capa;
@@ -344,5 +386,7 @@  odp_testinfo_t ipsec_out_suite[] = {
 				  ipsec_check_esp_aes_cbc_128_sha256),
 	ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_gcm128,
 				  ipsec_check_esp_aes_gcm_128),
+	ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_null_gmac128,
+				  ipsec_check_esp_null_aes_gmac_128),
 	ODP_TEST_INFO_NULL,
 };
diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h
index 2fb06b2b7..20e737c99 100644
--- a/test/validation/api/ipsec/test_vectors.h
+++ b/test/validation/api/ipsec/test_vectors.h
@@ -45,6 +45,9 @@  KEY(key_mcgrew_gcm_salt_4, 0x00, 0x00, 0x00, 0x00);
 KEY(key_mcgrew_gcm_12, 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
 		       0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47);
 KEY(key_mcgrew_gcm_salt_12, 0xd9, 0x66, 0x42, 0x67);
+KEY(key_mcgrew_gcm_15, 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda,
+		       0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34);
+KEY(key_mcgrew_gcm_salt_15, 0x22, 0x43, 0x3c, 0x64);
 
 static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = {
 	.len = 142,
@@ -962,4 +965,61 @@  static const ipsec_test_packet pkt_mcgrew_gcm_test_12_esp = {
 	},
 };
 
+static const ipsec_test_packet pkt_mcgrew_gcm_test_15 = {
+	.len = 62,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x30, 0xda, 0x3a, 0x00, 0x00,
+		0x80, 0x01, 0xdf, 0x3b, 0xc0, 0xa8, 0x00, 0x05,
+		0xc0, 0xa8, 0x00, 0x01,
+
+		/* ICMP */
+		0x08, 0x00, 0xc6, 0xcd, 0x02, 0x00, 0x07, 0x00,
+		0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68,
+		0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+		0x71, 0x72, 0x73, 0x74,
+	},
+};
+
+static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = {
+	.len = 118,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH - not a part of RFC, added for simplicity */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP - not a part of RFC, added for simplicity */
+		0x45, 0x00, 0x00, 0x68, 0x69, 0x8f, 0x00, 0x00,
+		0x80, 0x32, 0x4d, 0xb2, 0xc0, 0xa8, 0x01, 0x02,
+		0xc0, 0xa8, 0x01, 0x01,
+
+		/* ESP */
+		0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x07,
+
+		/* IV */
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x30, 0xda, 0x3a, 0x00, 0x00,
+		0x80, 0x01, 0xdf, 0x3b, 0xc0, 0xa8, 0x00, 0x05,
+		0xc0, 0xa8, 0x00, 0x01, 0x08, 0x00, 0xc6, 0xcd,
+		0x02, 0x00, 0x07, 0x00, 0x61, 0x62, 0x63, 0x64,
+		0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+		0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74,
+		0x01, 0x02, 0x02, 0x01, 0xf2, 0xa9, 0xa8, 0x36,
+		0xe1, 0x55, 0x10, 0x6a, 0xa8, 0xdc, 0xd6, 0x18,
+		0xe4, 0x09, 0x9a, 0xaa,
+	},
+};
+
 #endif