diff options
author | Anoob Joseph <anoobj@marvell.com> | 2021-10-08 08:38:24 +0000 |
---|---|---|
committer | Petri Savolainen <petri.savolainen@nokia.com> | 2021-10-20 11:19:36 +0300 |
commit | 89155e3bbf32fb30813085c04b9ebc68d1dda6b5 (patch) | |
tree | 0dd23532cd1c0d1f212e9802eeb3f7268437bbf4 /test/validation | |
parent | 9dac56af1d53cbb1f35d64aa87ab21cdec829101 (diff) |
validation: ipsec: add aes-xcbc tests
Add known vectors for NULL-AES-XCBC.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Reviewed-by: Janne Peltonen <janne.peltonen@nokia.com>
Diffstat (limited to 'test/validation')
-rw-r--r-- | test/validation/api/ipsec/ipsec.c | 6 | ||||
-rw-r--r-- | test/validation/api/ipsec/ipsec.h | 1 | ||||
-rw-r--r-- | test/validation/api/ipsec/ipsec_test_in.c | 38 | ||||
-rw-r--r-- | test/validation/api/ipsec/ipsec_test_out.c | 46 | ||||
-rw-r--r-- | test/validation/api/ipsec/test_vectors.h | 57 |
5 files changed, 148 insertions, 0 deletions
diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index d458c257f..e90315d5f 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -329,6 +329,12 @@ int ipsec_check_esp_aes_gcm_128_reass_ipv6(void) return ODP_TEST_INACTIVE; } +int ipsec_check_esp_null_aes_xcbc(void) +{ + return ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0, + ODP_AUTH_ALG_AES_XCBC_MAC, 128); +} + void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, odp_bool_t in, odp_bool_t ah, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index c136f9fd6..cbb533913 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -154,5 +154,6 @@ int ipsec_check_esp_chacha20_poly1305(void); int ipsec_check_test_sa_update_seq_num(void); int ipsec_check_esp_aes_gcm_128_reass_ipv4(void); int ipsec_check_esp_aes_gcm_128_reass_ipv6(void); +int ipsec_check_esp_null_aes_xcbc(void); #endif diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index fb3d0221e..508d7aaa5 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -2209,6 +2209,42 @@ static void test_in_ipv6_esp_reass_incomp(void) ipsec_sa_destroy(out_sa); } +static void test_in_ipv4_null_aes_xcbc_esp(void) +{ + odp_ipsec_tunnel_param_t tunnel; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + memset(&tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + + ipsec_sa_param_fill(¶m, + true, false, 0x100, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_AES_XCBC_MAC, &key_auth_aes_xcbc_128, + NULL, NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_null_aes_xcbc_esp, + .num_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .l3_type = ODP_PROTO_L3_TYPE_IPV4, + .l4_type = ODP_PROTO_L4_TYPE_UDP, + .pkt_res = &pkt_ipv4_null_aes_xcbc_plain, + }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -2329,5 +2365,7 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_aes_gcm_128_reass_ipv6), ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_reass_incomp, ipsec_check_esp_aes_gcm_128_reass_ipv6), + ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_null_aes_xcbc_esp, + ipsec_check_esp_null_aes_xcbc), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 733db10b9..aab480bdd 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -1377,6 +1377,50 @@ static void test_out_ipv4_udp_esp_null_sha256(void) ipsec_sa_destroy(sa); } +static void test_out_ipv4_null_aes_xcbc(void) +{ + odp_ipsec_tunnel_param_t tunnel; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + memset(&tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + uint32_t src = IPV4ADDR(10, 0, 111, 2); + uint32_t dst = IPV4ADDR(10, 0, 222, 2); + + memset(&tunnel, 0, sizeof(odp_ipsec_tunnel_param_t)); + tunnel.type = ODP_IPSEC_TUNNEL_IPV4; + tunnel.ipv4.src_addr = &src; + tunnel.ipv4.dst_addr = &dst; + tunnel.ipv4.ttl = 64; + + ipsec_sa_param_fill(¶m, + false, false, 0x100, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_AES_XCBC_MAC, &key_auth_aes_xcbc_128, + NULL, NULL); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_ipv4_null_aes_xcbc_plain, + .num_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .l3_type = ODP_PROTO_L3_TYPE_IPV4, + .l4_type = _ODP_PROTO_L4_TYPE_UNDEF, + .pkt_res = &pkt_ipv4_null_aes_xcbc_esp, + }, + }, + }; + + ipsec_check_out_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_sa_info(void) { uint32_t src = IPV4ADDR(10, 0, 111, 2); @@ -1849,6 +1893,8 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_udp_esp_null_sha256, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_null_aes_xcbc, + ipsec_check_esp_null_aes_xcbc), ODP_TEST_INFO_CONDITIONAL(test_sa_info, ipsec_check_esp_aes_cbc_128_sha1), ODP_TEST_INFO_CONDITIONAL(test_test_sa_update_seq_num, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 136794c75..b032ef973 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -75,6 +75,8 @@ KEY(key_rfc7634, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f); KEY(key_rfc7634_salt, 0xa0, 0xa1, 0xa2, 0xa3); KEY(key_3byte_salt, 0x01, 0x02, 0x03); +KEY(key_auth_aes_xcbc_128, 0x61, 0x31, 0x62, 0x32, 0x63, 0x33, 0x64, 0x34, + 0x65, 0x35, 0x66, 0x36, 0x67, 0x37, 0x68, 0x38); /* DES keys have parity bits so that each byte has odd parity */ KEY(key_des_64, 0xa4, 0xa4, 0xa4, 0xa4, 0xa4, 0xa4, 0xa4, 0xa4); @@ -2108,4 +2110,59 @@ static const ipsec_test_packet pkt_ipv4_udp_esp_null_sha256 = { }, }; +static const ipsec_test_packet pkt_ipv4_null_aes_xcbc_esp = { + .len = 106, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x5c, 0x06, 0x00, 0x00, 0x00, + 0x40, 0x32, 0x13, 0x6c, 0x0a, 0x00, 0x6f, 0x02, + 0x0a, 0x00, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, + + /* IP */ + 0x45, 0x00, 0x00, 0x2f, 0x49, 0x37, 0x00, 0x00, + 0x40, 0x11, 0x22, 0x84, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, 0x08, 0x00, 0x08, 0x00, + 0x00, 0x1b, 0x6d, 0x99, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + + /* ESP trailer */ + 0x01, 0x02, 0x03, 0x03, 0x04, + + /* ICV */ + 0xf1, 0x52, 0x64, 0xd1, 0x9b, 0x62, 0x24, 0xdd, + 0xcc, 0x14, 0xf5, 0xc1, + }, +}; + +static const ipsec_test_packet pkt_ipv4_null_aes_xcbc_plain = { + .len = 61, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x2f, 0x49, 0x37, 0x00, 0x00, + 0x40, 0x11, 0x22, 0x84, 0x0d, 0x00, 0x00, 0x02, + 0x02, 0x00, 0x00, 0x02, 0x08, 0x00, 0x08, 0x00, + 0x00, 0x1b, 0x6d, 0x99, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, + }, +}; + #endif |