validation: ipsec: add aes-xcbc tests

Add known vectors for NULL-AES-XCBC.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Reviewed-by: Janne Peltonen <janne.peltonen@nokia.com>

5 files changed, 148 insertions, 0 deletions

diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c
index d458c257f..e90315d5f 100644
--- a/test/validation/api/ipsec/ipsec.c
+++ b/test/validation/api/ipsec/ipsec.c
@@ -329,6 +329,12 @@ int ipsec_check_esp_aes_gcm_128_reass_ipv6(void)
 	return ODP_TEST_INACTIVE;
 }
 
+int ipsec_check_esp_null_aes_xcbc(void)
+{
+	return  ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0,
+				ODP_AUTH_ALG_AES_XCBC_MAC, 128);
+}
+
 void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param,
 			 odp_bool_t in,
 			 odp_bool_t ah,
diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h
index c136f9fd6..cbb533913 100644
--- a/test/validation/api/ipsec/ipsec.h
+++ b/test/validation/api/ipsec/ipsec.h
@@ -154,5 +154,6 @@ int ipsec_check_esp_chacha20_poly1305(void);
 int ipsec_check_test_sa_update_seq_num(void);
 int ipsec_check_esp_aes_gcm_128_reass_ipv4(void);
 int ipsec_check_esp_aes_gcm_128_reass_ipv6(void);
+int ipsec_check_esp_null_aes_xcbc(void);
 
 #endif
diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c
index fb3d0221e..508d7aaa5 100644
--- a/test/validation/api/ipsec/ipsec_test_in.c
+++ b/test/validation/api/ipsec/ipsec_test_in.c
@@ -2209,6 +2209,42 @@ static void test_in_ipv6_esp_reass_incomp(void)
 	ipsec_sa_destroy(out_sa);
 }
 
+static void test_in_ipv4_null_aes_xcbc_esp(void)
+{
+	odp_ipsec_tunnel_param_t tunnel;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	memset(&tunnel, 0, sizeof(odp_ipsec_tunnel_param_t));
+
+	ipsec_sa_param_fill(&param,
+			    true, false, 0x100, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_AES_XCBC_MAC, &key_auth_aes_xcbc_128,
+			    NULL, NULL);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_ipv4_null_aes_xcbc_esp,
+		.num_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .l3_type = ODP_PROTO_L3_TYPE_IPV4,
+			  .l4_type = ODP_PROTO_L4_TYPE_UDP,
+			  .pkt_res = &pkt_ipv4_null_aes_xcbc_plain,
+			},
+		},
+	};
+
+	ipsec_check_in_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
 static void ipsec_test_capability(void)
 {
 	odp_ipsec_capability_t capa;
@@ -2329,5 +2365,7 @@ odp_testinfo_t ipsec_in_suite[] = {
 				  ipsec_check_esp_aes_gcm_128_reass_ipv6),
 	ODP_TEST_INFO_CONDITIONAL(test_in_ipv6_esp_reass_incomp,
 				  ipsec_check_esp_aes_gcm_128_reass_ipv6),
+	ODP_TEST_INFO_CONDITIONAL(test_in_ipv4_null_aes_xcbc_esp,
+				  ipsec_check_esp_null_aes_xcbc),
 	ODP_TEST_INFO_NULL,
 };
diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c
index 733db10b9..aab480bdd 100644
--- a/test/validation/api/ipsec/ipsec_test_out.c
+++ b/test/validation/api/ipsec/ipsec_test_out.c
@@ -1377,6 +1377,50 @@ static void test_out_ipv4_udp_esp_null_sha256(void)
 	ipsec_sa_destroy(sa);
 }
 
+static void test_out_ipv4_null_aes_xcbc(void)
+{
+	odp_ipsec_tunnel_param_t tunnel;
+	odp_ipsec_sa_param_t param;
+	odp_ipsec_sa_t sa;
+
+	memset(&tunnel, 0, sizeof(odp_ipsec_tunnel_param_t));
+	uint32_t src = IPV4ADDR(10, 0, 111, 2);
+	uint32_t dst = IPV4ADDR(10, 0, 222, 2);
+
+	memset(&tunnel, 0, sizeof(odp_ipsec_tunnel_param_t));
+	tunnel.type = ODP_IPSEC_TUNNEL_IPV4;
+	tunnel.ipv4.src_addr = &src;
+	tunnel.ipv4.dst_addr = &dst;
+	tunnel.ipv4.ttl = 64;
+
+	ipsec_sa_param_fill(&param,
+			    false, false, 0x100, &tunnel,
+			    ODP_CIPHER_ALG_NULL, NULL,
+			    ODP_AUTH_ALG_AES_XCBC_MAC, &key_auth_aes_xcbc_128,
+			    NULL, NULL);
+
+	sa = odp_ipsec_sa_create(&param);
+
+	CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa);
+
+	ipsec_test_part test = {
+		.pkt_in = &pkt_ipv4_null_aes_xcbc_plain,
+		.num_pkt = 1,
+		.out = {
+			{ .status.warn.all = 0,
+			  .status.error.all = 0,
+			  .l3_type = ODP_PROTO_L3_TYPE_IPV4,
+			  .l4_type = _ODP_PROTO_L4_TYPE_UNDEF,
+			  .pkt_res = &pkt_ipv4_null_aes_xcbc_esp,
+			},
+		},
+	};
+
+	ipsec_check_out_one(&test, sa);
+
+	ipsec_sa_destroy(sa);
+}
+
 static void test_sa_info(void)
 {
 	uint32_t src = IPV4ADDR(10, 0, 111, 2);
@@ -1849,6 +1893,8 @@ odp_testinfo_t ipsec_out_suite[] = {
 				  ipsec_check_esp_null_sha256),
 	ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_udp_esp_null_sha256,
 				  ipsec_check_esp_null_sha256),
+	ODP_TEST_INFO_CONDITIONAL(test_out_ipv4_null_aes_xcbc,
+				  ipsec_check_esp_null_aes_xcbc),
 	ODP_TEST_INFO_CONDITIONAL(test_sa_info,
 				  ipsec_check_esp_aes_cbc_128_sha1),
 	ODP_TEST_INFO_CONDITIONAL(test_test_sa_update_seq_num,
diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h
index 136794c75..b032ef973 100644
--- a/test/validation/api/ipsec/test_vectors.h
+++ b/test/validation/api/ipsec/test_vectors.h
@@ -75,6 +75,8 @@ KEY(key_rfc7634, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
 		 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f);
 KEY(key_rfc7634_salt, 0xa0, 0xa1, 0xa2, 0xa3);
 KEY(key_3byte_salt, 0x01, 0x02, 0x03);
+KEY(key_auth_aes_xcbc_128, 0x61, 0x31, 0x62, 0x32, 0x63, 0x33, 0x64, 0x34,
+			   0x65, 0x35, 0x66, 0x36, 0x67, 0x37, 0x68, 0x38);
 
 /* DES keys have parity bits so that each byte has odd parity */
 KEY(key_des_64, 0xa4, 0xa4, 0xa4, 0xa4, 0xa4, 0xa4, 0xa4, 0xa4);
@@ -2108,4 +2110,59 @@ static const ipsec_test_packet pkt_ipv4_udp_esp_null_sha256 = {
 	},
 };
 
+static const ipsec_test_packet pkt_ipv4_null_aes_xcbc_esp = {
+	.len = 106,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x5c, 0x06, 0x00, 0x00, 0x00,
+		0x40, 0x32, 0x13, 0x6c, 0x0a, 0x00, 0x6f, 0x02,
+		0x0a, 0x00, 0xde, 0x02,
+
+		/* ESP */
+		0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x2f, 0x49, 0x37, 0x00, 0x00,
+		0x40, 0x11, 0x22, 0x84, 0x0d, 0x00, 0x00, 0x02,
+		0x02, 0x00, 0x00, 0x02, 0x08, 0x00, 0x08, 0x00,
+		0x00, 0x1b, 0x6d, 0x99, 0x58, 0x58, 0x58, 0x58,
+		0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+		0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+
+		/* ESP trailer */
+		0x01, 0x02, 0x03, 0x03, 0x04,
+
+		/* ICV */
+		0xf1, 0x52, 0x64, 0xd1, 0x9b, 0x62, 0x24, 0xdd,
+		0xcc, 0x14, 0xf5, 0xc1,
+	},
+};
+
+static const ipsec_test_packet pkt_ipv4_null_aes_xcbc_plain = {
+	.len = 61,
+	.l2_offset = 0,
+	.l3_offset = 14,
+	.l4_offset = 34,
+	.data = {
+		/* ETH */
+		0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1,
+		0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00,
+
+		/* IP */
+		0x45, 0x00, 0x00, 0x2f, 0x49, 0x37, 0x00, 0x00,
+		0x40, 0x11, 0x22, 0x84, 0x0d, 0x00, 0x00, 0x02,
+		0x02, 0x00, 0x00, 0x02, 0x08, 0x00, 0x08, 0x00,
+		0x00, 0x1b, 0x6d, 0x99, 0x58, 0x58, 0x58, 0x58,
+		0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+		0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58,
+	},
+};
+
 #endif