From patchwork Tue Jun 23 10:14:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72018 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1DD7AA0350; Tue, 23 Jun 2020 12:36:40 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E22D41D612; Tue, 23 Jun 2020 12:36:37 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 0EA721D609 for ; Tue, 23 Jun 2020 12:36:34 +0200 (CEST) IronPort-SDR: Ed9GMuANqcP3mHcpvSLpFxNrWRsiMAbj+9qjpuHlnbjaAX79RY3JeALIOsbrdgeLZWJczu5P1B yZwNdIdhG8qA== X-IronPort-AV: E=McAfee;i="6000,8403,9660"; a="205529742" X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="205529742" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2020 03:36:34 -0700 IronPort-SDR: UTCjqmfx8yI/53Z6nC/uNqpnXKGEziNfV5arW/cJ8451egJETmYER49Ylrk4X9WwUQDNa6EtYN IHL5Rq4p8M1Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="264755995" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga008.fm.intel.com with ESMTP; 23 Jun 2020 03:36:29 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 23 Jun 2020 11:14:18 +0100 Message-Id: <20200623101423.9215-2-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200623101423.9215-1-david.coyle@intel.com> References: <20200604151324.50704-1-david.coyle@intel.com> <20200623101423.9215-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v2 1/6] cryptodev: add security operation to crypto operation X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add a new security operation field to the crypto operation to allow protocol specific parameters be defined for a crypto operation. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- lib/librte_cryptodev/rte_crypto.h | 19 +++++++++++++++++-- lib/librte_cryptodev/rte_cryptodev.c | 5 ++++- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h index fd5ef3a87..da0635e73 100644 --- a/lib/librte_cryptodev/rte_crypto.h +++ b/lib/librte_cryptodev/rte_crypto.h @@ -31,8 +31,10 @@ enum rte_crypto_op_type { /**< Undefined operation type */ RTE_CRYPTO_OP_TYPE_SYMMETRIC, /**< Symmetric operation */ - RTE_CRYPTO_OP_TYPE_ASYMMETRIC + RTE_CRYPTO_OP_TYPE_ASYMMETRIC, /**< Asymmetric operation */ + RTE_CRYPTO_OP_TYPE_SECURITY + /**< Security operation */ }; /** Status of crypto operation */ @@ -121,9 +123,16 @@ struct rte_crypto_op { struct rte_crypto_asym_op asym[0]; /**< Asymmetric operation parameters */ + uint8_t security[0]; + /**< Security operation parameters + * - Must be accessed through a rte_security_op pointer + */ }; /**< operation specific parameters */ }; +/** Maximum size of security crypto op */ +#define RTE_CRYPTO_OP_SECURITY_MAX_SZ (88U) + /** * Reset the fields of a crypto operation to their default values. * @@ -143,7 +152,10 @@ __rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type) break; case RTE_CRYPTO_OP_TYPE_ASYMMETRIC: memset(op->asym, 0, sizeof(struct rte_crypto_asym_op)); - break; + break; + case RTE_CRYPTO_OP_TYPE_SECURITY: + memset(op->security, 0, RTE_CRYPTO_OP_SECURITY_MAX_SZ); + break; case RTE_CRYPTO_OP_TYPE_UNDEFINED: default: break; @@ -317,6 +329,9 @@ __rte_crypto_op_get_priv_data(struct rte_crypto_op *op, uint32_t size) if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) return (void *)((uint8_t *)(op + 1) + sizeof(struct rte_crypto_asym_op)); + if (op->type == RTE_CRYPTO_OP_TYPE_SECURITY) + return (void *)((uint8_t *)(op + 1) + + RTE_CRYPTO_OP_SECURITY_MAX_SZ); } } diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c index e37b83afd..41128f437 100644 --- a/lib/librte_cryptodev/rte_cryptodev.c +++ b/lib/librte_cryptodev/rte_cryptodev.c @@ -1871,9 +1871,12 @@ rte_crypto_op_pool_create(const char *name, enum rte_crypto_op_type type, elt_size += sizeof(struct rte_crypto_sym_op); } else if (type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) { elt_size += sizeof(struct rte_crypto_asym_op); + } else if (type == RTE_CRYPTO_OP_TYPE_SECURITY) { + elt_size += RTE_CRYPTO_OP_SECURITY_MAX_SZ; } else if (type == RTE_CRYPTO_OP_TYPE_UNDEFINED) { elt_size += RTE_MAX(sizeof(struct rte_crypto_sym_op), - sizeof(struct rte_crypto_asym_op)); + RTE_MAX(sizeof(struct rte_crypto_asym_op), + RTE_CRYPTO_OP_SECURITY_MAX_SZ)); } else { CDEV_LOG_ERR("Invalid op_type\n"); return NULL; From patchwork Tue Jun 23 10:14:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72019 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 59C94A0350; Tue, 23 Jun 2020 12:36:47 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 3393F1D627; Tue, 23 Jun 2020 12:36:43 +0200 (CEST) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by dpdk.org (Postfix) with ESMTP id 49CB21D5EF for ; Tue, 23 Jun 2020 12:36:41 +0200 (CEST) IronPort-SDR: okZ0HCqrto2UQpXKK3pzTI1UW71mONF33VgGJpzCj1k5V7yhONVzRoK8QMmNbUNehXA0JZoJC/ ZvTveZFhe4Ag== X-IronPort-AV: E=McAfee;i="6000,8403,9660"; a="131435883" X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="131435883" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2020 03:36:40 -0700 IronPort-SDR: oBPyMiL+F1PWFwFb808j+SLWAyTeZue0qtK8hEb/czowNKhr2mYMVii0cvMLPexEVBzav0mZrQ m5vT9xU2dpew== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="264756011" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga008.fm.intel.com with ESMTP; 23 Jun 2020 03:36:34 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 23 Jun 2020 11:14:19 +0100 Message-Id: <20200623101423.9215-3-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200623101423.9215-1-david.coyle@intel.com> References: <20200604151324.50704-1-david.coyle@intel.com> <20200623101423.9215-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v2 2/6] security: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support for DOCSIS protocol to rte_security library. This support currently comprises the combination of Crypto and CRC operations. A security operation definition is also added. This allow security protocol related parameters be specified at the operation level. For DOCSIS, these parameters include CRC length and offset. The security operation is accessed via a crypto operation. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- lib/librte_security/rte_security.c | 7 ++ lib/librte_security/rte_security.h | 116 ++++++++++++++++++++++++++++- 2 files changed, 120 insertions(+), 3 deletions(-) diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c index dc9a3e89c..e3844bf7e 100644 --- a/lib/librte_security/rte_security.c +++ b/lib/librte_security/rte_security.c @@ -173,6 +173,13 @@ rte_security_capability_get(struct rte_security_ctx *instance, if (capability->pdcp.domain == idx->pdcp.domain) return capability; + } else if (idx->protocol == + RTE_SECURITY_PROTOCOL_DOCSIS) { + if (capability->docsis.direction == + idx->docsis.direction && + capability->docsis.crc_size == + idx->docsis.crc_size) + return capability; } } } diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index 747830d67..25e3179e9 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -293,6 +293,30 @@ struct rte_security_pdcp_xform { uint32_t hfn_ovrd; }; +/** DOCSIS direction */ +enum rte_security_docsis_direction { + RTE_SECURITY_DOCSIS_UPLINK, + /**< Uplink + * - Decryption, followed by CRC Verification + */ + RTE_SECURITY_DOCSIS_DOWNLINK, + /**< Downlink + * - CRC Generation, followed by Encryption + */ +}; + +/** + * DOCSIS security session configuration. + * + * This structure contains data required to create a DOCSIS security session. + */ +struct rte_security_docsis_xform { + enum rte_security_docsis_direction direction; + /** DOCSIS direction */ + uint16_t crc_size; + /**< CRC size in bytes */ +}; + /** * Security session action type. */ @@ -325,6 +349,8 @@ enum rte_security_session_protocol { /**< MACSec Protocol */ RTE_SECURITY_PROTOCOL_PDCP, /**< PDCP Protocol */ + RTE_SECURITY_PROTOCOL_DOCSIS, + /**< DOCSIS Protocol */ }; /** @@ -340,6 +366,7 @@ struct rte_security_session_conf { struct rte_security_ipsec_xform ipsec; struct rte_security_macsec_xform macsec; struct rte_security_pdcp_xform pdcp; + struct rte_security_docsis_xform docsis; }; /**< Configuration parameters for security session */ struct rte_crypto_sym_xform *crypto_xform; @@ -355,6 +382,63 @@ struct rte_security_session { /**< Opaque user defined data */ }; +/** + * DOCSIS operation parameters + */ +struct rte_security_docsis_op { + struct rte_crypto_sym_op crypto_sym; + /**< Symmetric crypto operation parameters */ + + struct { + uint16_t offset; + /**< + * Starting point for CRC processing, specified + * as the number of bytes from start of the packet in + * the source mbuf in crypto_sym + */ + uint16_t length; + /**< + * The length, in bytes, of the source mbuf on which the + * CRC will be computed + */ + } crc; + /**< CRC operation parameters */ + + uint64_t reserved; + /**< Reserved for future use */ +}; + +/** + * Security operation types + */ +enum rte_security_op_type { + RTE_SECURITY_OP_TYPE_DOCSIS = 1 + /**< DOCSIS operation */ +}; + +/** + * Security operation parameters + * + * @note If the size of this struct changes, it may be also necessary to update + * the RTE_CRYPTO_OP_SECURITY_MAX_SZ define + */ +struct rte_security_op { + enum rte_security_op_type type; + /**< Type of operation */ + RTE_STD_C11 + union { + struct rte_security_docsis_op docsis; + }; + /**< Parameters for security operation */ +}; + +/* Macro to check the size of a struct at compile time */ +#define _SECURITY_STRUCT_LEN_CHECK(n, X) enum security_static_assert_enum_##X \ + { security_static_assert_##X = (n)/((sizeof(struct X) <= (n)) ? 1 : 0) } + +/* Check the size of the rte_security_op struct */ +_SECURITY_STRUCT_LEN_CHECK(RTE_CRYPTO_OP_SECURITY_MAX_SZ, rte_security_op); + /** * Create security session as specified by the session configuration * @@ -496,12 +580,22 @@ static inline int rte_security_attach_session(struct rte_crypto_op *op, struct rte_security_session *sess) { - if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) - return -EINVAL; + struct rte_security_op *s_op; + int ret = -EINVAL; + + if (likely(op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC)) { + ret = __rte_security_attach_session(op->sym, sess); + } else if (op->type == RTE_CRYPTO_OP_TYPE_SECURITY) { + s_op = (struct rte_security_op *)&op->security; + if (s_op->type == RTE_SECURITY_OP_TYPE_DOCSIS) + ret = __rte_security_attach_session( + &s_op->docsis.crypto_sym, + sess); + } op->sess_type = RTE_CRYPTO_OP_SECURITY_SESSION; - return __rte_security_attach_session(op->sym, sess); + return ret; } struct rte_security_macsec_stats { @@ -523,6 +617,10 @@ struct rte_security_pdcp_stats { uint64_t reserved; }; +struct rte_security_docsis_stats { + uint64_t reserved; +}; + struct rte_security_stats { enum rte_security_session_protocol protocol; /**< Security protocol to be configured */ @@ -532,6 +630,7 @@ struct rte_security_stats { struct rte_security_macsec_stats macsec; struct rte_security_ipsec_stats ipsec; struct rte_security_pdcp_stats pdcp; + struct rte_security_docsis_stats docsis; }; }; @@ -591,6 +690,13 @@ struct rte_security_capability { /**< Capability flags, see RTE_SECURITY_PDCP_* */ } pdcp; /**< PDCP capability */ + struct { + enum rte_security_docsis_direction direction; + /**< DOCSIS direction */ + uint16_t crc_size; + /**< CRC size in bytes */ + } docsis; + /**< DOCSIS capability */ }; const struct rte_cryptodev_capabilities *crypto_capabilities; @@ -649,6 +755,10 @@ struct rte_security_capability_idx { enum rte_security_pdcp_domain domain; uint32_t capa_flags; } pdcp; + struct { + enum rte_security_docsis_direction direction; + uint16_t crc_size; + } docsis; }; }; From patchwork Tue Jun 23 10:14:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72020 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id C6D4AA0350; Tue, 23 Jun 2020 12:36:58 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id EDC601D63F; Tue, 23 Jun 2020 12:36:48 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id CC6581D631 for ; Tue, 23 Jun 2020 12:36:46 +0200 (CEST) IronPort-SDR: SaL5zEOMGFe5uJh3FRwwyCiTFIGI1todHLTML6YsLMXHCG2SIF/H7EQeY7secixLMf6A6u/ND6 dqVo93iks0Jw== X-IronPort-AV: E=McAfee;i="6000,8403,9660"; a="145527134" X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="145527134" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2020 03:36:45 -0700 IronPort-SDR: jx/VCSsAiKKwAzIGgVHiqzwX/vVFw8B/BBkPtDgDBaWFvk2Eq2LdLIm6EO9FRRlErJ+fRgMqSp zF81oAdvIusg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="264756025" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga008.fm.intel.com with ESMTP; 23 Jun 2020 03:36:40 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 23 Jun 2020 11:14:20 +0100 Message-Id: <20200623101423.9215-4-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200623101423.9215-1-david.coyle@intel.com> References: <20200604151324.50704-1-david.coyle@intel.com> <20200623101423.9215-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v2 3/6] crypto/aesni_mb: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support to the AESNI-MB PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- .../crypto/aesni_mb/aesni_mb_pmd_private.h | 19 +- drivers/crypto/aesni_mb/meson.build | 2 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 316 +++++++++++++++++- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 127 +++++++ 4 files changed, 457 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 347b4b7e0..b4ad27792 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -7,6 +7,12 @@ #include +#if defined(RTE_LIBRTE_SECURITY) && IMB_VERSION_NUM >= IMB_VERSION(0, 54, 0) +#define AESNI_MB_DOCSIS_SEC_ENABLED 1 +#include +#include +#endif + enum aesni_mb_vector_mode { RTE_AESNI_MB_NOT_SUPPORTED = 0, RTE_AESNI_MB_SSE, @@ -272,8 +278,19 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, struct aesni_mb_session *sess, const struct rte_crypto_sym_xform *xform); -/** device specific operations function pointer structure */ +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +extern int +aesni_mb_set_docsis_sec_session_parameters( + __rte_unused struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, + void *sess); +#endif + +/** device specific operations function pointer structures */ extern struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops; +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +extern struct rte_security_ops *rte_aesni_mb_pmd_sec_ops; +#endif extern uint32_t aesni_mb_cpu_crypto_process_bulk(struct rte_cryptodev *dev, diff --git a/drivers/crypto/aesni_mb/meson.build b/drivers/crypto/aesni_mb/meson.build index e557e0103..419b4743f 100644 --- a/drivers/crypto/aesni_mb/meson.build +++ b/drivers/crypto/aesni_mb/meson.build @@ -22,4 +22,4 @@ else endif sources = files('rte_aesni_mb_pmd.c', 'rte_aesni_mb_pmd_ops.c') -deps += ['bus_vdev'] +deps += ['bus_vdev', 'net', 'security'] diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 2d688f4d3..1fc0c83c3 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "aesni_mb_pmd_private.h" @@ -720,6 +721,136 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr, return 0; } +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +/** Check DOCSIS security session configuration is valid */ +static int +check_docsis_sec_session(struct rte_security_session_conf *conf) +{ + struct rte_crypto_sym_xform *crypto_sym = conf->crypto_xform; + struct rte_security_docsis_xform *docsis = &conf->docsis; + + /* CRC generate -> Cipher encrypt */ + if (docsis->direction == RTE_SECURITY_DOCSIS_DOWNLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == AES_128_BYTES || + crypto_sym->cipher.key.length == AES_256_BYTES) && + crypto_sym->cipher.iv.length == AES_BLOCK_SIZE && + crypto_sym->next == NULL && + docsis->crc_size == RTE_ETHER_CRC_LEN) { + return 0; + } + /* Cipher decrypt -> CRC verify */ + } else if (docsis->direction == RTE_SECURITY_DOCSIS_UPLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == AES_128_BYTES || + crypto_sym->cipher.key.length == AES_256_BYTES) && + crypto_sym->cipher.iv.length == AES_BLOCK_SIZE && + crypto_sym->next == NULL && + docsis->crc_size == RTE_ETHER_CRC_LEN) { + return 0; + } + } + + return -EINVAL; +} + +/** Set DOCSIS security session auth (CRC) parameters */ +static int +aesni_mb_set_docsis_sec_session_auth_parameters(struct aesni_mb_session *sess, + struct rte_security_docsis_xform *xform) +{ + if (xform == NULL) { + AESNI_MB_LOG(ERR, "Invalid DOCSIS xform"); + return -EINVAL; + } + + /* Select CRC generate/verify */ + if (xform->direction == RTE_SECURITY_DOCSIS_UPLINK) { + sess->auth.algo = IMB_AUTH_DOCSIS_CRC32; + sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY; + } else if (xform->direction == RTE_SECURITY_DOCSIS_DOWNLINK) { + sess->auth.algo = IMB_AUTH_DOCSIS_CRC32; + sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE; + } else { + AESNI_MB_LOG(ERR, "Unsupported DOCSIS direction"); + return -ENOTSUP; + } + + sess->auth.req_digest_len = xform->crc_size; + sess->auth.gen_digest_len = xform->crc_size; + + return 0; +} + +/** + * Parse DOCSIS security session configuration and set private session + * parameters + */ +int +aesni_mb_set_docsis_sec_session_parameters( + __rte_unused struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, + void *sess) +{ + struct rte_security_docsis_xform *docsis_xform; + struct rte_crypto_sym_xform *cipher_xform; + struct aesni_mb_session *aesni_sess = sess; + struct aesni_mb_private *internals = dev->data->dev_private; + int ret; + + ret = check_docsis_sec_session(conf); + if (ret) { + AESNI_MB_LOG(ERR, "Unsupported DOCSIS security configuration"); + return ret; + } + + switch (conf->docsis.direction) { + case RTE_SECURITY_DOCSIS_UPLINK: + aesni_sess->chain_order = CIPHER_HASH; + docsis_xform = &conf->docsis; + cipher_xform = conf->crypto_xform; + break; + case RTE_SECURITY_DOCSIS_DOWNLINK: + aesni_sess->chain_order = HASH_CIPHER; + cipher_xform = conf->crypto_xform; + docsis_xform = &conf->docsis; + break; + default: + return -EINVAL; + } + + /* Default IV length = 0 */ + aesni_sess->iv.length = 0; + + ret = aesni_mb_set_docsis_sec_session_auth_parameters(aesni_sess, + docsis_xform); + if (ret != 0) { + AESNI_MB_LOG(ERR, "Invalid/unsupported DOCSIS parameters"); + return -EINVAL; + } + + ret = aesni_mb_set_session_cipher_parameters(internals->mb_mgr, + aesni_sess, cipher_xform); + + if (ret != 0) { + AESNI_MB_LOG(ERR, "Invalid/unsupported cipher parameters"); + return -EINVAL; + } + + return 0; +} +#endif + /** * burst enqueue, place crypto operations on ingress queue for processing. * @@ -1158,6 +1289,131 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, return 0; } +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +/** Get multi buffer session for a security op */ +static inline struct aesni_mb_session * +get_sec_op_session(struct rte_crypto_op *op, + struct rte_crypto_sym_op *crypto_sym) +{ + struct aesni_mb_session *sess = NULL; + + if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + if (likely(crypto_sym->sec_session != NULL)) + sess = (struct aesni_mb_session *) + get_sec_session_private_data( + crypto_sym->sec_session); + } + + if (unlikely(sess == NULL)) + op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; + + return sess; +} + +/** + * Process a crypto operation containing a security op and complete a + * JOB_AES_HMAC job structure for submission to the multi buffer library for + * processing. + */ +static inline int +set_sec_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, + struct rte_crypto_op *op, uint8_t *digest_idx) +{ + struct rte_mbuf *m_src, *m_dst; + struct rte_security_op *s_op; + struct rte_security_docsis_op *d_op; + struct rte_crypto_sym_op *sym; + struct aesni_mb_session *session; + + s_op = (struct rte_security_op *)&op->security; + + /* Only DOCSIS protocol operations supported now */ + if (s_op->type != RTE_SECURITY_OP_TYPE_DOCSIS) { + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + return -1; + } + + d_op = &s_op->docsis; + sym = &d_op->crypto_sym; + + session = get_sec_op_session(op, sym); + if (unlikely(session == NULL)) { + op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; + return -1; + } + + m_src = sym->m_src; + + if (likely(sym->m_dst == NULL || sym->m_dst == m_src)) { + /* in-place operation */ + m_dst = m_src; + } else { + /* out-of-place operation not supported */ + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + return -ENOTSUP; + } + + /* Set crypto operation */ + job->chain_order = session->chain_order; + + /* Set cipher parameters */ + job->cipher_direction = session->cipher.direction; + job->cipher_mode = session->cipher.mode; + + job->aes_key_len_in_bytes = session->cipher.key_length_in_bytes; + job->aes_enc_key_expanded = session->cipher.expanded_aes_keys.encode; + job->aes_dec_key_expanded = session->cipher.expanded_aes_keys.decode; + + /* Set IV parameters */ + job->iv_len_in_bytes = session->iv.length; + job->iv = (uint8_t *)op + session->iv.offset; + + /* Set authentication parameters */ + job->hash_alg = session->auth.algo; + + /* Set digest output location */ + job->auth_tag_output = qp->temp_digests[*digest_idx]; + *digest_idx = (*digest_idx + 1) % MAX_JOBS; + + /* Set digest length */ + job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len; + + /* Set data parameters */ + job->src = rte_pktmbuf_mtod(m_src, uint8_t *); + job->dst = rte_pktmbuf_mtod_offset(m_dst, uint8_t *, + sym->cipher.data.offset); + + job->cipher_start_src_offset_in_bytes = sym->cipher.data.offset; + job->msg_len_to_cipher_in_bytes = sym->cipher.data.length; + + job->hash_start_src_offset_in_bytes = d_op->crc.offset; + job->msg_len_to_hash_in_bytes = d_op->crc.length; + + job->user_data = op; + + return 0; +} + +static inline void +verify_docsis_sec_crc(JOB_AES_HMAC *job, uint16_t crc_len, uint8_t *status) +{ + uint16_t crc_offset; + uint8_t *crc; + + if (!job->msg_len_to_hash_in_bytes) + return; + + crc_offset = job->hash_start_src_offset_in_bytes + + job->msg_len_to_hash_in_bytes - + job->cipher_start_src_offset_in_bytes; + crc = job->dst + crc_offset; + + /* Verify CRC (at the end of the message) */ + if (memcmp(job->auth_tag_output, crc, crc_len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; +} +#endif + static inline void verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { @@ -1196,9 +1452,27 @@ static inline struct rte_crypto_op * post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) { struct rte_crypto_op *op = (struct rte_crypto_op *)job->user_data; - struct aesni_mb_session *sess = get_sym_session_private_data( - op->sym->session, - cryptodev_driver_id); + struct aesni_mb_session *sess = NULL; + +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + struct rte_security_op *sec_op = NULL; + + if (unlikely(op->type == RTE_CRYPTO_OP_TYPE_SECURITY)) { + /* + * Assuming at this point that if it's a security type op, that + * this is for DOCSIS + */ + sec_op = (struct rte_security_op *)&op->security; + struct rte_crypto_sym_op *crypto_sym = + &sec_op->docsis.crypto_sym; + sess = get_sec_session_private_data(crypto_sym->sec_session); + } else +#endif + { + sess = get_sym_session_private_data(op->sym->session, + cryptodev_driver_id); + } + if (unlikely(sess == NULL)) { op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; return op; @@ -1220,6 +1494,12 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) op->sym->aead.digest.data, sess->auth.req_digest_len, &op->status); +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + else if (sec_op != NULL) + verify_docsis_sec_crc(job, + sess->auth.req_digest_len, + &op->status); +#endif else verify_digest(job, op->sym->auth.digest.data, @@ -1382,7 +1662,14 @@ aesni_mb_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops, if (retval < 0) break; - retval = set_mb_job_params(job, qp, op, &digest_idx); +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + if (unlikely(op->type == RTE_CRYPTO_OP_TYPE_SECURITY)) + retval = set_sec_mb_job_params(job, qp, op, + &digest_idx); + else +#endif + retval = set_mb_job_params(job, qp, op, &digest_idx); + if (unlikely(retval != 0)) { qp->stats.dequeue_err_count++; set_job_null_op(job, op); @@ -1619,6 +1906,9 @@ cryptodev_aesni_mb_create(const char *name, struct aesni_mb_private *internals; enum aesni_mb_vector_mode vector_mode; MB_MGR *mb_mgr; +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + struct rte_security_ctx *security_instance; +#endif dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params); if (dev == NULL) { @@ -1647,7 +1937,23 @@ cryptodev_aesni_mb_create(const char *name, RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO | - RTE_CRYPTODEV_FF_SYM_SESSIONLESS; + RTE_CRYPTODEV_FF_SYM_SESSIONLESS +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + | RTE_CRYPTODEV_FF_SECURITY +#endif + ; + +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED + security_instance = rte_malloc("aesni_mb_sec", + sizeof(struct rte_security_ctx), 0); + if (security_instance == NULL) + AESNI_MB_LOG(ERR, "rte_security_ctx memory alloc failed\n"); + + security_instance->device = (void *)dev; + security_instance->ops = rte_aesni_mb_pmd_sec_ops; + security_instance->sess_cnt = 0; + dev->security_ctx = security_instance; +#endif /* Check CPU for support for AES instruction set */ if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AES)) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 8c5e0cd92..4294d416c 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include "aesni_mb_pmd_private.h" @@ -499,6 +500,57 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +static const struct rte_cryptodev_capabilities + aesni_mb_pmd_security_crypto_cap[] = { + { /* AES DOCSIS BPI */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 16 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +static const struct rte_security_capability aesni_mb_pmd_security_cap[] = { + { /* DOCSIS Uplink */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK, + .crc_size = RTE_ETHER_CRC_LEN + }, + .crypto_capabilities = aesni_mb_pmd_security_crypto_cap + }, + { /* DOCSIS Downlink */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_DOWNLINK, + .crc_size = RTE_ETHER_CRC_LEN + }, + .crypto_capabilities = aesni_mb_pmd_security_crypto_cap + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; +#endif /** Configure device */ static int @@ -810,3 +862,78 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = { }; struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops; + +#ifdef AESNI_MB_DOCSIS_SEC_ENABLED +/** + * Configure a aesni multi-buffer session from a security session + * configuration + */ +static int +aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; + int ret; + + if (rte_mempool_get(mempool, &sess_private_data)) { + AESNI_MB_LOG(ERR, "Couldn't get object from session mempool"); + return -ENOMEM; + } + + if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + AESNI_MB_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + + ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf, + sess_private_data); + + if (ret != 0) { + AESNI_MB_LOG(ERR, "Failed to configure session parameters"); + + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sec_session_private_data(sess, sess_private_data); + + return ret; +} + +/** Clear the memory of session so it doesn't leave key material behind */ +static int +aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused, + struct rte_security_session *sess) +{ + void *sess_priv = get_sec_session_private_data(sess); + + if (sess_priv) { + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + memset(sess, 0, sizeof(struct aesni_mb_session)); + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, sess_priv); + } + return 0; +} + +/** Get security capabilities for aesni multi-buffer */ +static const struct rte_security_capability * +aesni_mb_pmd_sec_capa_get(void *device __rte_unused) +{ + return aesni_mb_pmd_security_cap; +} + +static struct rte_security_ops aesni_mb_pmd_sec_ops = { + .session_create = aesni_mb_pmd_sec_sess_create, + .session_update = NULL, + .session_stats_get = NULL, + .session_destroy = aesni_mb_pmd_sec_sess_destroy, + .set_pkt_metadata = NULL, + .capabilities_get = aesni_mb_pmd_sec_capa_get +}; + +struct rte_security_ops *rte_aesni_mb_pmd_sec_ops = &aesni_mb_pmd_sec_ops; +#endif From patchwork Tue Jun 23 10:14:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72021 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id C9286A0350; Tue, 23 Jun 2020 12:37:08 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 784E21D644; Tue, 23 Jun 2020 12:36:54 +0200 (CEST) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by dpdk.org (Postfix) with ESMTP id 2E9D71D632 for ; Tue, 23 Jun 2020 12:36:52 +0200 (CEST) IronPort-SDR: oOFkjngNrT9fb9M+Kg0oCEqidsuH7GEofmnYVX4UNwdDzALwIYhiGB2U3bgwsPb1VXmAwnd9Eg IYXC5YOAqN2A== X-IronPort-AV: E=McAfee;i="6000,8403,9660"; a="131435896" X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="131435896" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2020 03:36:51 -0700 IronPort-SDR: CIYlwzcvPDNWt+bPDtCFaXToSSnUhAosT4V6JESgmVS1rVoMAcEW06831PoEJzuMayar/y5iQ5 u/XbNyhzbelw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="264756041" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga008.fm.intel.com with ESMTP; 23 Jun 2020 03:36:45 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 23 Jun 2020 11:14:21 +0100 Message-Id: <20200623101423.9215-5-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200623101423.9215-1-david.coyle@intel.com> References: <20200604151324.50704-1-david.coyle@intel.com> <20200623101423.9215-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v2 4/6] crypto/qat: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support to the QAT SYM PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- drivers/common/qat/Makefile | 3 + drivers/crypto/qat/meson.build | 2 + drivers/crypto/qat/qat_sym.c | 139 ++++++++++++++------ drivers/crypto/qat/qat_sym.h | 82 ++++++++++-- drivers/crypto/qat/qat_sym_capabilities.h | 44 +++++++ drivers/crypto/qat/qat_sym_pmd.c | 53 +++++++- drivers/crypto/qat/qat_sym_pmd.h | 4 + drivers/crypto/qat/qat_sym_session.c | 148 ++++++++++++++++++++++ drivers/crypto/qat/qat_sym_session.h | 12 ++ 9 files changed, 438 insertions(+), 49 deletions(-) diff --git a/drivers/common/qat/Makefile b/drivers/common/qat/Makefile index 28bd5668f..85d420709 100644 --- a/drivers/common/qat/Makefile +++ b/drivers/common/qat/Makefile @@ -35,6 +35,9 @@ endif ifeq ($(CONFIG_RTE_LIBRTE_PMD_QAT_SYM),y) LDLIBS += -lrte_cryptodev LDLIBS += -lcrypto +ifeq ($(CONFIG_RTE_LIBRTE_SECURITY),y) + LDLIBS += -lrte_net +endif CFLAGS += -DBUILD_QAT_SYM SRCS-y += qat_sym.c SRCS-y += qat_sym_session.c diff --git a/drivers/crypto/qat/meson.build b/drivers/crypto/qat/meson.build index fc65923a7..a225f374a 100644 --- a/drivers/crypto/qat/meson.build +++ b/drivers/crypto/qat/meson.build @@ -8,6 +8,8 @@ reason = '' # sentinal value to suppress printout dep = dependency('libcrypto', required: false) qat_includes += include_directories('.') qat_deps += 'cryptodev' +qat_deps += 'net' +qat_deps += 'security' if dep.found() # Add our sources files to the list qat_sources += files('qat_sym_pmd.c', diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 25b6dd5f4..98983c985 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -9,6 +9,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_sym.h" @@ -44,11 +47,10 @@ bpi_cipher_decrypt(uint8_t *src, uint8_t *dst, static inline uint32_t -qat_bpicipher_preprocess(struct qat_sym_session *ctx, - struct rte_crypto_op *op) +qat_bpicipher_preprocess(struct qat_sym_session *ctx, struct rte_crypto_op *op, + struct rte_crypto_sym_op *sym_op) { int block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg); - struct rte_crypto_sym_op *sym_op = op->sym; uint8_t last_block_len = block_len > 0 ? sym_op->cipher.data.length % block_len : 0; @@ -99,6 +101,29 @@ qat_bpicipher_preprocess(struct qat_sym_session *ctx, return sym_op->cipher.data.length - last_block_len; } +#ifdef RTE_LIBRTE_SECURITY +static inline void +qat_crc_generate(struct qat_sym_session *ctx, + struct rte_security_docsis_op *doc_op, + struct rte_crypto_sym_op *sym_op) +{ + uint8_t *crc_data; + uint32_t *crc; + + if (ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT && + doc_op != NULL && + doc_op->crc.length != 0) { + + crc_data = (uint8_t *) rte_pktmbuf_mtod_offset( + sym_op->m_src, uint8_t *, + doc_op->crc.offset); + crc = (uint32_t *)(crc_data + doc_op->crc.length); + *crc = rte_net_crc_calc(crc_data, doc_op->crc.length, + RTE_NET_CRC32_ETH); + } +} +#endif + static inline void set_cipher_iv(uint16_t iv_length, uint16_t iv_offset, struct icp_qat_fw_la_cipher_req_params *cipher_param, @@ -162,25 +187,56 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, uint8_t do_sgl = 0; uint8_t in_place = 1; int alignment_adjustment = 0; + struct rte_crypto_sym_op *sym; +#ifdef RTE_LIBRTE_SECURITY + struct rte_security_op *sec_op; + struct rte_security_docsis_op *doc_op = NULL; +#endif + struct rte_crypto_op *op = (struct rte_crypto_op *)in_op; struct qat_sym_op_cookie *cookie = (struct qat_sym_op_cookie *)op_cookie; - if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) { - QAT_DP_LOG(ERR, "QAT PMD only supports symmetric crypto " - "operation requests, op (%p) is not a " - "symmetric operation.", op); - return -EINVAL; - } - if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) { QAT_DP_LOG(ERR, "QAT PMD only supports session oriented" " requests, op (%p) is sessionless.", op); return -EINVAL; } - ctx = (struct qat_sym_session *)get_sym_session_private_data( - op->sym->session, cryptodev_qat_driver_id); + if (likely(op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)) { + sym = op->sym; + ctx = (struct qat_sym_session *)get_sym_session_private_data( + sym->session, cryptodev_qat_driver_id); +#ifdef RTE_LIBRTE_SECURITY + } else if (op->type == RTE_CRYPTO_OP_TYPE_SECURITY && + op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + sec_op = (struct rte_security_op *)&op->security; + if (sec_op->type == RTE_SECURITY_OP_TYPE_DOCSIS) { + doc_op = &sec_op->docsis; + sym = &doc_op->crypto_sym; + ctx = (struct qat_sym_session *) + get_sec_session_private_data(sym->sec_session); + } else { + QAT_DP_LOG(ERR, "QAT PMD only supports security" + " operation requests for DOCSIS, op" + " (%p) is not for DOCSIS.", op); + return -EINVAL; + } +#endif + } else { + QAT_DP_LOG(ERR, "QAT PMD only supports symmetric crypto " + "%soperation requests, op (%p) is not a " + "symmetric %soperation or the associated " + "session type is invalid.", +#ifdef RTE_LIBRTE_SECURITY + "and security ", op, "or security " +#else + "", op, "" +#endif + ); + return -EINVAL; + } if (unlikely(ctx == NULL)) { QAT_DP_LOG(ERR, "Session was not created for this device"); @@ -231,27 +287,34 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) { if (unlikely( - (op->sym->cipher.data.length % BYTE_LENGTH != 0) || - (op->sym->cipher.data.offset % BYTE_LENGTH != 0))) { + (sym->cipher.data.length % BYTE_LENGTH != 0) || + (sym->cipher.data.offset % BYTE_LENGTH != 0))) { QAT_DP_LOG(ERR, "SNOW3G/KASUMI/ZUC in QAT PMD only supports byte aligned values"); op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; return -EINVAL; } - cipher_len = op->sym->cipher.data.length >> 3; - cipher_ofs = op->sym->cipher.data.offset >> 3; + cipher_len = sym->cipher.data.length >> 3; + cipher_ofs = sym->cipher.data.offset >> 3; } else if (ctx->bpi_ctx) { - /* DOCSIS - only send complete blocks to device + /* DOCSIS processing */ + +#ifdef RTE_LIBRTE_SECURITY + /* Calculate CRC */ + qat_crc_generate(ctx, doc_op, sym); +#endif + + /* Only send complete blocks to device. * Process any partial block using CFB mode. * Even if 0 complete blocks, still send this to device * to get into rx queue for post-process and dequeuing */ - cipher_len = qat_bpicipher_preprocess(ctx, op); - cipher_ofs = op->sym->cipher.data.offset; + cipher_len = qat_bpicipher_preprocess(ctx, op, sym); + cipher_ofs = sym->cipher.data.offset; } else { - cipher_len = op->sym->cipher.data.length; - cipher_ofs = op->sym->cipher.data.offset; + cipher_len = sym->cipher.data.length; + cipher_ofs = sym->cipher.data.offset; } set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset, @@ -428,58 +491,58 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, min_ofs = op->sym->aead.data.offset; } - if (op->sym->m_src->nb_segs > 1 || - (op->sym->m_dst && op->sym->m_dst->nb_segs > 1)) + if (sym->m_src->nb_segs > 1 || + (sym->m_dst && sym->m_dst->nb_segs > 1)) do_sgl = 1; /* adjust for chain case */ if (do_cipher && do_auth) min_ofs = cipher_ofs < auth_ofs ? cipher_ofs : auth_ofs; - if (unlikely(min_ofs >= rte_pktmbuf_data_len(op->sym->m_src) && do_sgl)) + if (unlikely(min_ofs >= rte_pktmbuf_data_len(sym->m_src) && do_sgl)) min_ofs = 0; - if (unlikely((op->sym->m_dst != NULL) && - (op->sym->m_dst != op->sym->m_src))) { + if (unlikely((sym->m_dst != NULL) && + (sym->m_dst != sym->m_src))) { /* Out-of-place operation (OOP) * Don't align DMA start. DMA the minimum data-set * so as not to overwrite data in dest buffer */ in_place = 0; src_buf_start = - rte_pktmbuf_iova_offset(op->sym->m_src, min_ofs); + rte_pktmbuf_iova_offset(sym->m_src, min_ofs); dst_buf_start = - rte_pktmbuf_iova_offset(op->sym->m_dst, min_ofs); + rte_pktmbuf_iova_offset(sym->m_dst, min_ofs); } else { /* In-place operation * Start DMA at nearest aligned address below min_ofs */ src_buf_start = - rte_pktmbuf_iova_offset(op->sym->m_src, min_ofs) + rte_pktmbuf_iova_offset(sym->m_src, min_ofs) & QAT_64_BTYE_ALIGN_MASK; - if (unlikely((rte_pktmbuf_iova(op->sym->m_src) - - rte_pktmbuf_headroom(op->sym->m_src)) + if (unlikely((rte_pktmbuf_iova(sym->m_src) - + rte_pktmbuf_headroom(sym->m_src)) > src_buf_start)) { /* alignment has pushed addr ahead of start of mbuf * so revert and take the performance hit */ src_buf_start = - rte_pktmbuf_iova_offset(op->sym->m_src, + rte_pktmbuf_iova_offset(sym->m_src, min_ofs); } dst_buf_start = src_buf_start; /* remember any adjustment for later, note, can be +/- */ alignment_adjustment = src_buf_start - - rte_pktmbuf_iova_offset(op->sym->m_src, min_ofs); + rte_pktmbuf_iova_offset(sym->m_src, min_ofs); } if (do_cipher || do_aead) { cipher_param->cipher_offset = (uint32_t)rte_pktmbuf_iova_offset( - op->sym->m_src, cipher_ofs) - src_buf_start; + sym->m_src, cipher_ofs) - src_buf_start; cipher_param->cipher_length = cipher_len; } else { cipher_param->cipher_offset = 0; @@ -557,8 +620,8 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, ICP_QAT_FW_COMN_PTR_TYPE_SET(qat_req->comn_hdr.comn_req_flags, QAT_COMN_PTR_TYPE_SGL); - ret = qat_sgl_fill_array(op->sym->m_src, - (int64_t)(src_buf_start - rte_pktmbuf_iova(op->sym->m_src)), + ret = qat_sgl_fill_array(sym->m_src, + (int64_t)(src_buf_start - rte_pktmbuf_iova(sym->m_src)), &cookie->qat_sgl_src, qat_req->comn_mid.src_length, QAT_SYM_SGL_MAX_NUMBER); @@ -599,9 +662,9 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, /* Handle Single-Pass GCM */ if (ctx->is_single_pass) { - cipher_param->spc_aad_addr = op->sym->aead.aad.phys_addr; + cipher_param->spc_aad_addr = sym->aead.aad.phys_addr; cipher_param->spc_auth_res_addr = - op->sym->aead.digest.phys_addr; + sym->aead.digest.phys_addr; } #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h index bc6426c32..1a99a68fe 100644 --- a/drivers/crypto/qat/qat_sym.h +++ b/drivers/crypto/qat/qat_sym.h @@ -6,6 +6,9 @@ #define _QAT_SYM_H_ #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #ifdef BUILD_QAT_SYM #include @@ -76,10 +79,10 @@ bpi_cipher_encrypt(uint8_t *src, uint8_t *dst, static inline uint32_t qat_bpicipher_postprocess(struct qat_sym_session *ctx, - struct rte_crypto_op *op) + struct rte_crypto_op *op, + struct rte_crypto_sym_op *sym_op) { int block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg); - struct rte_crypto_sym_op *sym_op = op->sym; uint8_t last_block_len = block_len > 0 ? sym_op->cipher.data.length % block_len : 0; @@ -132,14 +135,52 @@ qat_bpicipher_postprocess(struct qat_sym_session *ctx, return sym_op->cipher.data.length - last_block_len; } +#ifdef RTE_LIBRTE_SECURITY static inline void -qat_sym_process_response(void **op, uint8_t *resp) +qat_crc_verify(struct qat_sym_session *ctx, struct rte_crypto_op *op, + struct rte_security_docsis_op *doc_op, + struct rte_crypto_sym_op *sym_op) { + uint32_t crc = 0; + uint8_t *crc_data; + uint32_t crc_offset; + + if (ctx->qat_dir == ICP_QAT_HW_CIPHER_DECRYPT && + doc_op != NULL && + doc_op->crc.length != 0) { + + crc_offset = doc_op->crc.offset; + crc_data = (uint8_t *) rte_pktmbuf_mtod_offset( + sym_op->m_src, uint8_t *, crc_offset); + + if (unlikely((sym_op->m_dst != NULL) + && (sym_op->m_dst != sym_op->m_src))) + /* out-of-place operation (OOP) */ + crc_data = (uint8_t *) rte_pktmbuf_mtod_offset( + sym_op->m_dst, uint8_t *, crc_offset); + + crc = rte_net_crc_calc(crc_data, doc_op->crc.length, + RTE_NET_CRC32_ETH); + if (crc != *(uint32_t *)(crc_data + doc_op->crc.length)) + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; + } +} +#endif + +static inline void +qat_sym_process_response(void **op, uint8_t *resp) +{ struct icp_qat_fw_comn_resp *resp_msg = (struct icp_qat_fw_comn_resp *)resp; struct rte_crypto_op *rx_op = (struct rte_crypto_op *)(uintptr_t) (resp_msg->opaque_data); + struct rte_crypto_sym_op *sym_op; + struct qat_sym_session *sess; +#ifdef RTE_LIBRTE_SECURITY + struct rte_security_op *sec_op; + struct rte_security_docsis_op *doc_op = NULL; +#endif #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG QAT_DP_HEXDUMP_LOG(DEBUG, "qat_response:", (uint8_t *)resp_msg, @@ -152,15 +193,36 @@ qat_sym_process_response(void **op, uint8_t *resp) rx_op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } else { - struct qat_sym_session *sess = (struct qat_sym_session *) - get_sym_session_private_data( - rx_op->sym->session, - cryptodev_qat_driver_id); - +#ifdef RTE_LIBRTE_SECURITY + if (unlikely(rx_op->type == RTE_CRYPTO_OP_TYPE_SECURITY)) { + /* + * Assuming at this point that if it's a security + * op, that this is for DOCSIS + */ + sec_op = (struct rte_security_op *)&rx_op->security; + doc_op = &sec_op->docsis; + sess = (struct qat_sym_session *) + get_sec_session_private_data( + doc_op->crypto_sym.sec_session); + sym_op = &doc_op->crypto_sym; + } else +#endif + { + sess = (struct qat_sym_session *) + get_sym_session_private_data( + rx_op->sym->session, + cryptodev_qat_driver_id); + sym_op = rx_op->sym; + } - if (sess->bpi_ctx) - qat_bpicipher_postprocess(sess, rx_op); rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + + if (sess->bpi_ctx) { + qat_bpicipher_postprocess(sess, rx_op, sym_op); +#ifdef RTE_LIBRTE_SECURITY + qat_crc_verify(sess, rx_op, doc_op, sym_op); +#endif + } } *op = (void *)rx_op; } diff --git a/drivers/crypto/qat/qat_sym_capabilities.h b/drivers/crypto/qat/qat_sym_capabilities.h index ff691ce35..4c33188cb 100644 --- a/drivers/crypto/qat/qat_sym_capabilities.h +++ b/drivers/crypto/qat/qat_sym_capabilities.h @@ -699,4 +699,48 @@ }, } \ } +#ifdef RTE_LIBRTE_SECURITY +#define QAT_SECURITY_SYM_CAPABILITIES \ + { /* AES DOCSIS BPI */ \ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \ + {.sym = { \ + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, \ + {.cipher = { \ + .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,\ + .block_size = 16, \ + .key_size = { \ + .min = 16, \ + .max = 32, \ + .increment = 16 \ + }, \ + .iv_size = { \ + .min = 16, \ + .max = 16, \ + .increment = 0 \ + } \ + }, } \ + }, } \ + } + +#define QAT_SECURITY_CAPABILITIES(sym) \ + [0] = { /* DOCSIS Uplink */ \ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, \ + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, \ + .docsis = { \ + .direction = RTE_SECURITY_DOCSIS_UPLINK, \ + .crc_size = RTE_ETHER_CRC_LEN \ + }, \ + .crypto_capabilities = (sym) \ + }, \ + [1] = { /* DOCSIS Downlink */ \ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, \ + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, \ + .docsis = { \ + .direction = RTE_SECURITY_DOCSIS_DOWNLINK, \ + .crc_size = RTE_ETHER_CRC_LEN \ + }, \ + .crypto_capabilities = (sym) \ + } +#endif + #endif /* _QAT_SYM_CAPABILITIES_H_ */ diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c index e887c880f..711d1585f 100644 --- a/drivers/crypto/qat/qat_sym_pmd.c +++ b/drivers/crypto/qat/qat_sym_pmd.c @@ -8,6 +8,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_logs.h" #include "qat_sym.h" @@ -29,6 +32,21 @@ static const struct rte_cryptodev_capabilities qat_gen2_sym_capabilities[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +#ifdef RTE_LIBRTE_SECURITY +static const struct rte_cryptodev_capabilities + qat_security_sym_capabilities[] = { + QAT_SECURITY_SYM_CAPABILITIES, + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +static const struct rte_security_capability qat_security_capabilities[] = { + QAT_SECURITY_CAPABILITIES(qat_security_sym_capabilities), + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; +#endif + static int qat_sym_qp_release(struct rte_cryptodev *dev, uint16_t queue_pair_id); @@ -237,6 +255,23 @@ static struct rte_cryptodev_ops crypto_qat_ops = { .sym_session_clear = qat_sym_session_clear }; +#ifdef RTE_LIBRTE_SECURITY +static const struct rte_security_capability * +qat_security_cap_get(void *device __rte_unused) +{ + return qat_security_capabilities; +} + +static struct rte_security_ops security_qat_ops = { + .session_create = qat_security_session_create, + .session_update = NULL, + .session_stats_get = NULL, + .session_destroy = qat_security_session_destroy, + .set_pkt_metadata = NULL, + .capabilities_get = qat_security_cap_get +}; +#endif + static uint16_t qat_sym_pmd_enqueue_op_burst(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops) @@ -276,6 +311,9 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev, char name[RTE_CRYPTODEV_NAME_MAX_LEN]; struct rte_cryptodev *cryptodev; struct qat_sym_dev_private *internals; +#ifdef RTE_LIBRTE_SECURITY + struct rte_security_ctx *security_instance; +#endif snprintf(name, RTE_CRYPTODEV_NAME_MAX_LEN, "%s_%s", qat_pci_dev->name, "sym"); @@ -308,7 +346,20 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev, RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | - RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED | + RTE_CRYPTODEV_FF_SECURITY; + +#ifdef RTE_LIBRTE_SECURITY + security_instance = rte_malloc("qat_sec", + sizeof(struct rte_security_ctx), 0); + if (security_instance == NULL) + QAT_LOG(ERR, "rte_security_ctx memory alloc failed\n"); + + security_instance->device = (void *)cryptodev; + security_instance->ops = &security_qat_ops; + security_instance->sess_cnt = 0; + cryptodev->security_ctx = security_instance; +#endif internals = cryptodev->data->dev_private; internals->qat_dev = qat_pci_dev; diff --git a/drivers/crypto/qat/qat_sym_pmd.h b/drivers/crypto/qat/qat_sym_pmd.h index a5a31e512..c625fef4a 100644 --- a/drivers/crypto/qat/qat_sym_pmd.h +++ b/drivers/crypto/qat/qat_sym_pmd.h @@ -7,7 +7,11 @@ #ifdef BUILD_QAT_SYM +#include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_sym_capabilities.h" #include "qat_device.h" diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 58bdbd343..0dc5a9ea9 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -14,6 +14,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_logs.h" #include "qat_sym_session.h" @@ -2092,3 +2095,148 @@ int qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg) } return 0; } + +#ifdef RTE_LIBRTE_SECURITY +static int +qat_sec_session_check_docsis(struct rte_security_session_conf *conf) +{ + struct rte_crypto_sym_xform *crypto_sym = conf->crypto_xform; + struct rte_security_docsis_xform *docsis = &conf->docsis; + + /* CRC generate -> Cipher encrypt */ + if (docsis->direction == RTE_SECURITY_DOCSIS_DOWNLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_128_KEY_SZ || + crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_256_KEY_SZ) && + crypto_sym->cipher.iv.length == ICP_QAT_HW_AES_BLK_SZ && + crypto_sym->next == NULL && + docsis->crc_size == RTE_ETHER_CRC_LEN) { + return 0; + } + /* Cipher decrypt -> CRC verify */ + } else if (docsis->direction == RTE_SECURITY_DOCSIS_UPLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_128_KEY_SZ || + crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_256_KEY_SZ) && + crypto_sym->cipher.iv.length == ICP_QAT_HW_AES_BLK_SZ && + crypto_sym->next == NULL && + docsis->crc_size == RTE_ETHER_CRC_LEN) { + return 0; + } + } + + return -EINVAL; +} + +static int +qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, void *session_private) +{ + int ret; + int qat_cmd_id; + struct rte_crypto_sym_xform *xform = NULL; + struct qat_sym_session *session = session_private; + + ret = qat_sec_session_check_docsis(conf); + if (ret) { + QAT_LOG(ERR, "Unsupported DOCSIS security configuration"); + return ret; + } + + xform = conf->crypto_xform; + + /* Set context descriptor physical address */ + session->cd_paddr = rte_mempool_virt2iova(session) + + offsetof(struct qat_sym_session, cd); + + session->min_qat_dev_gen = QAT_GEN1; + + /* Get requested QAT command id */ + qat_cmd_id = qat_get_cmd_id(xform); + if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) { + QAT_LOG(ERR, "Unsupported xform chain requested"); + return -ENOTSUP; + } + session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id; + switch (session->qat_cmd) { + case ICP_QAT_FW_LA_CMD_CIPHER: + ret = qat_sym_session_configure_cipher(dev, xform, session); + if (ret < 0) + return ret; + break; + default: + QAT_LOG(ERR, "Unsupported Service %u", + session->qat_cmd); + return -ENOTSUP; + } + + return 0; +} + +int +qat_security_session_create(void *dev, + struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; + int ret; + + if (rte_mempool_get(mempool, &sess_private_data)) { + QAT_LOG(ERR, "Couldn't get object from session mempool"); + return -ENOMEM; + } + + if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + QAT_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + + ret = qat_sec_session_set_docsis_parameters(cdev, conf, + sess_private_data); + if (ret != 0) { + QAT_LOG(ERR, "Failed to configure session parameters"); + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sec_session_private_data(sess, sess_private_data); + + return ret; +} + +int +qat_security_session_destroy(void *dev __rte_unused, + struct rte_security_session *sess) +{ + void *sess_priv = get_sec_session_private_data(sess); + struct qat_sym_session *s = (struct qat_sym_session *)sess_priv; + + if (sess_priv) { + if (s->bpi_ctx) + bpi_cipher_ctx_free(s->bpi_ctx); + memset(s, 0, qat_sym_session_get_private_size(dev)); + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, sess_priv); + } + return 0; +} +#endif diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h index e6538f627..721f8fcd3 100644 --- a/drivers/crypto/qat/qat_sym_session.h +++ b/drivers/crypto/qat/qat_sym_session.h @@ -6,6 +6,9 @@ #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_common.h" #include "icp_qat_hw.h" @@ -156,4 +159,13 @@ qat_cipher_get_block_size(enum icp_qat_hw_cipher_algo qat_cipher_alg); int qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg); +#ifdef RTE_LIBRTE_SECURITY +int +qat_security_session_create(void *dev, struct rte_security_session_conf *conf, + struct rte_security_session *sess, struct rte_mempool *mempool); +int +qat_security_session_destroy(void *dev __rte_unused, + struct rte_security_session *sess); +#endif + #endif /* _QAT_SYM_SESSION_H_ */ From patchwork Tue Jun 23 10:14:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72022 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 30B4EA0350; Tue, 23 Jun 2020 12:37:21 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1B80D1D650; Tue, 23 Jun 2020 12:37:02 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by dpdk.org (Postfix) with ESMTP id 52D8E1D653 for ; Tue, 23 Jun 2020 12:36:58 +0200 (CEST) IronPort-SDR: iozqvm8PHrMcRjfwUVonc+ihnCi96JDaM3ut7QScbBzWsoIko+HfR2alyfZn0mGM9NyN/Rk/G9 u8kd1tRPoCSw== X-IronPort-AV: E=McAfee;i="6000,8403,9660"; a="124286895" X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="124286895" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2020 03:36:57 -0700 IronPort-SDR: Ul763s0jxB+6EyToITm5YHrhfXXRyd2dxq8yBEWsyhabnRIBdAAU2zw6O6RcCRo8J8iaZmFCwt CnosqLP46CGA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="264756063" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga008.fm.intel.com with ESMTP; 23 Jun 2020 03:36:51 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 23 Jun 2020 11:14:22 +0100 Message-Id: <20200623101423.9215-6-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200623101423.9215-1-david.coyle@intel.com> References: <20200604151324.50704-1-david.coyle@intel.com> <20200623101423.9215-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v2 5/6] test/crypto: add DOCSIS security test cases X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add uplink and downlink DOCSIS unit test cases and vectors, to test the combined DOCSIS Crypto-CRC support that has been added to the rte_security and rte_cryptodev libraries. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- app/test/test_cryptodev.c | 552 ++++++ ...t_cryptodev_security_docsis_test_vectors.h | 1544 +++++++++++++++++ 2 files changed, 2096 insertions(+) create mode 100644 app/test/test_cryptodev_security_docsis_test_vectors.h diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 8f631468b..59b12f596 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -42,6 +43,7 @@ #ifdef RTE_LIBRTE_SECURITY #include "test_cryptodev_security_pdcp_test_vectors.h" #include "test_cryptodev_security_pdcp_test_func.h" +#include "test_cryptodev_security_docsis_test_vectors.h" #endif #define VDEV_ARGS_SIZE 100 @@ -59,6 +61,9 @@ struct crypto_testsuite_params { struct rte_mempool *mbuf_pool; struct rte_mempool *large_mbuf_pool; struct rte_mempool *op_mpool; +#ifdef RTE_LIBRTE_SECURITY + struct rte_mempool *security_op_mpool; +#endif struct rte_mempool *session_mpool; struct rte_mempool *session_priv_mpool; struct rte_cryptodev_config conf; @@ -72,6 +77,9 @@ struct crypto_unittest_params { struct rte_crypto_sym_xform cipher_xform; struct rte_crypto_sym_xform auth_xform; struct rte_crypto_sym_xform aead_xform; +#ifdef RTE_LIBRTE_SECURITY + struct rte_security_docsis_xform docsis_xform; +#endif union { struct rte_cryptodev_sym_session *sess; @@ -308,6 +316,19 @@ testsuite_setup(void) return TEST_FAILED; } +#ifdef RTE_LIBRTE_SECURITY + ts_params->security_op_mpool = rte_crypto_op_pool_create( + "MBUF_SECURITY_OP_POOL", + RTE_CRYPTO_OP_TYPE_SECURITY, + NUM_MBUFS, MBUF_CACHE_SIZE, + MAXIMUM_IV_LENGTH, + rte_socket_id()); + if (ts_params->security_op_mpool == NULL) { + RTE_LOG(ERR, USER1, "Can't create SECURITY_OP_POOL\n"); + return TEST_FAILED; + } +#endif + /* Create an AESNI MB device if required */ if (gbl_driver_id == rte_cryptodev_driver_id_get( RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD))) { @@ -7067,6 +7088,34 @@ test_authenticated_encryption(const struct aead_test_data *tdata) } #ifdef RTE_LIBRTE_SECURITY +static int +security_proto_supported(enum rte_security_session_protocol proto) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + + const struct rte_security_capability *capabilities; + const struct rte_security_capability *capability; + uint16_t i = 0; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx( + ts_params->valid_devs[0]); + + + capabilities = rte_security_capabilities_get(ctx); + + if (capabilities == NULL) + return -ENOTSUP; + + while ((capability = &capabilities[i++])->action != + RTE_SECURITY_ACTION_TYPE_NONE) { + if (capability->protocol == proto) + return 0; + } + + return -ENOTSUP; +} + /* Basic algorithm run function for async inplace mode. * Creates a session from input parameters and runs one operation * on input_vec. Checks the output of the crypto operation against @@ -7670,6 +7719,9 @@ test_PDCP_PROTO_all(void) if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY)) return -ENOTSUP; + if (security_proto_supported(RTE_SECURITY_PROTOCOL_PDCP) < 0) + return -ENOTSUP; + status = test_PDCP_PROTO_cplane_encap_all(); status += test_PDCP_PROTO_cplane_decap_all(); status += test_PDCP_PROTO_uplane_encap_all(); @@ -7684,6 +7736,504 @@ test_PDCP_PROTO_all(void) else return TEST_SUCCESS; } + +static int +test_docsis_proto_uplink(int i, struct docsis_test_data *d_td) +{ + struct rte_security_op *sec_op; + struct rte_security_docsis_op *doc_op; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + uint8_t *plaintext, *ciphertext; + uint8_t *iv_ptr; + int cipher_len = 0; + int crc_len = 0, crc_data_len; + int ret = TEST_SUCCESS; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx( + ts_params->valid_devs[0]); + + /* Verify the capabilities */ + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + const struct rte_cryptodev_capabilities *crypto_cap; + const struct rte_cryptodev_symmetric_capability *sym_cap; + int j = 0; + + sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS; + sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_UPLINK; + sec_cap_idx.docsis.crc_size = RTE_ETHER_CRC_LEN; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) + return -ENOTSUP; + + while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + crypto_cap->sym.xform_type == + RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_cap->sym.cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI) { + sym_cap = &crypto_cap->sym; + if (rte_cryptodev_sym_capability_check_cipher(sym_cap, + d_td->key.len, + d_td->iv.len) == 0) + break; + } + } + + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) + return -ENOTSUP; + + /* Setup source mbuf payload */ + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + d_td->ciphertext.len); + + memcpy(ciphertext, d_td->ciphertext.data, d_td->ciphertext.len); + + /* Set session action type */ + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + /* Setup cipher session parameters */ + ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI; + ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + ut_params->cipher_xform.cipher.key.data = d_td->key.data; + ut_params->cipher_xform.cipher.key.length = d_td->key.len; + ut_params->cipher_xform.cipher.iv.length = d_td->iv.len; + ut_params->cipher_xform.cipher.iv.offset = sizeof(struct rte_crypto_op) + + sizeof(struct rte_security_op); + ut_params->cipher_xform.next = NULL; + + /* Setup DOCSIS session parameters */ + ut_params->docsis_xform.direction = RTE_SECURITY_DOCSIS_UPLINK; + ut_params->docsis_xform.crc_size = RTE_ETHER_CRC_LEN; + + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = ut_params->docsis_xform, + .crypto_xform = &ut_params->cipher_xform, + }; + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_priv_mpool); + + if (!ut_params->sec_session) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "failed to allocate session"); + ret = TEST_FAILED; + goto on_err; + } + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->security_op_mpool, + RTE_CRYPTO_OP_TYPE_SECURITY); + if (!ut_params->op) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to allocate security crypto operation"); + ret = TEST_FAILED; + goto on_err; + } + + /* Populate DOCSIS security operation */ + sec_op = (struct rte_security_op *)&ut_params->op->security; + sec_op->type = RTE_SECURITY_OP_TYPE_DOCSIS; + doc_op = &sec_op->docsis; + + /* Setup CRC operation parameters */ + crc_len = d_td->ciphertext.no_crc == false ? + (d_td->ciphertext.len - + d_td->ciphertext.crc_offset - + RTE_ETHER_CRC_LEN) : + 0; + crc_len = crc_len > 0 ? crc_len : 0; + crc_data_len = crc_len == 0 ? 0 : RTE_ETHER_CRC_LEN; + doc_op->crc.length = crc_len; + doc_op->crc.offset = d_td->ciphertext.crc_offset; + + /* Setup cipher operation parameters */ + cipher_len = d_td->ciphertext.no_cipher == false ? + (d_td->ciphertext.len - + d_td->ciphertext.cipher_offset) : + 0; + cipher_len = cipher_len > 0 ? cipher_len : 0; + doc_op->crypto_sym.cipher.data.length = cipher_len; + doc_op->crypto_sym.cipher.data.offset = d_td->ciphertext.cipher_offset; + + /* Setup cipher IV */ + iv_ptr = (uint8_t *)ut_params->op + sizeof(struct rte_crypto_op) + + sizeof(struct rte_security_op); + rte_memcpy(iv_ptr, d_td->iv.data, d_td->iv.len); + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, ut_params->sec_session); + + /* Set crypto operation mbufs */ + sec_op->docsis.crypto_sym.m_src = ut_params->ibuf; + sec_op->docsis.crypto_sym.m_dst = NULL; + + /* Process crypto operation */ + if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) == + NULL) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to process security crypto op"); + ret = TEST_FAILED; + goto on_err; + } + + if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "crypto op processing failed"); + ret = TEST_FAILED; + goto on_err; + } + + /* Validate plaintext */ + plaintext = ciphertext; + + if (memcmp(plaintext, d_td->plaintext.data, + d_td->plaintext.len - crc_data_len)) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "plaintext not as expected\n"); + rte_hexdump(stdout, "expected", d_td->plaintext.data, + d_td->plaintext.len); + rte_hexdump(stdout, "actual", plaintext, d_td->plaintext.len); + ret = TEST_FAILED; + goto on_err; + } + +on_err: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + return ret; +} + +static int +test_docsis_proto_downlink(int i, struct docsis_test_data *d_td) +{ + struct rte_security_op *sec_op; + struct rte_security_docsis_op *doc_op; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + uint8_t *plaintext, *ciphertext; + uint8_t *iv_ptr; + int cipher_len = 0; + int crc_len = 0; + int ret = TEST_SUCCESS; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx( + ts_params->valid_devs[0]); + + /* Verify the capabilities */ + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + const struct rte_cryptodev_capabilities *crypto_cap; + const struct rte_cryptodev_symmetric_capability *sym_cap; + int j = 0; + + sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_DOCSIS; + sec_cap_idx.docsis.direction = RTE_SECURITY_DOCSIS_DOWNLINK; + sec_cap_idx.docsis.crc_size = RTE_ETHER_CRC_LEN; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) + return -ENOTSUP; + + while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + crypto_cap->sym.xform_type == + RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_cap->sym.cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI) { + sym_cap = &crypto_cap->sym; + if (rte_cryptodev_sym_capability_check_cipher(sym_cap, + d_td->key.len, + d_td->iv.len) == 0) + break; + } + } + + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) + return -ENOTSUP; + + /* Setup source mbuf payload */ + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + d_td->plaintext.len); + + memcpy(plaintext, d_td->plaintext.data, d_td->plaintext.len); + + /* Set session action type */ + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + /* Setup cipher session parameters */ + ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI; + ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; + ut_params->cipher_xform.cipher.key.data = d_td->key.data; + ut_params->cipher_xform.cipher.key.length = d_td->key.len; + ut_params->cipher_xform.cipher.iv.length = d_td->iv.len; + ut_params->cipher_xform.cipher.iv.offset = sizeof(struct rte_crypto_op) + + sizeof(struct rte_security_op); + ut_params->cipher_xform.next = NULL; + + /* Setup DOCSIS session parameters */ + ut_params->docsis_xform.direction = RTE_SECURITY_DOCSIS_DOWNLINK; + ut_params->docsis_xform.crc_size = RTE_ETHER_CRC_LEN; + + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = ut_params->docsis_xform, + .crypto_xform = &ut_params->cipher_xform, + }; + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_priv_mpool); + + if (!ut_params->sec_session) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "failed to allocate session"); + ret = TEST_FAILED; + goto on_err; + } + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->security_op_mpool, + RTE_CRYPTO_OP_TYPE_SECURITY); + if (!ut_params->op) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to allocate security crypto operation"); + ret = TEST_FAILED; + goto on_err; + } + + /* Populate DOCSIS security operation */ + sec_op = (struct rte_security_op *)&ut_params->op->security; + sec_op->type = RTE_SECURITY_OP_TYPE_DOCSIS; + doc_op = &sec_op->docsis; + + /* Setup CRC operation parameters */ + crc_len = d_td->plaintext.no_crc == false ? + (d_td->plaintext.len - + d_td->plaintext.crc_offset - + RTE_ETHER_CRC_LEN) : + 0; + crc_len = crc_len > 0 ? crc_len : 0; + doc_op->crc.length = crc_len; + doc_op->crc.offset = d_td->plaintext.crc_offset; + + /* Setup cipher operation parameters */ + cipher_len = d_td->plaintext.no_cipher == false ? + (d_td->plaintext.len - + d_td->plaintext.cipher_offset) : + 0; + cipher_len = cipher_len > 0 ? cipher_len : 0; + doc_op->crypto_sym.cipher.data.length = cipher_len; + doc_op->crypto_sym.cipher.data.offset = d_td->plaintext.cipher_offset; + + /* Setup cipher IV */ + iv_ptr = (uint8_t *)ut_params->op + sizeof(struct rte_crypto_op) + + sizeof(struct rte_security_op); + rte_memcpy(iv_ptr, d_td->iv.data, d_td->iv.len); + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, ut_params->sec_session); + + /* Set crypto operation mbufs */ + sec_op->docsis.crypto_sym.m_src = ut_params->ibuf; + sec_op->docsis.crypto_sym.m_dst = NULL; + + /* Process crypto operation */ + if (process_crypto_request(ts_params->valid_devs[0], ut_params->op) == + NULL) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, + "failed to process security crypto op"); + ret = TEST_FAILED; + goto on_err; + } + + if (ut_params->op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "crypto op processing failed"); + ret = TEST_FAILED; + goto on_err; + } + + /* Validate ciphertext */ + ciphertext = plaintext; + + if (memcmp(ciphertext, d_td->ciphertext.data, d_td->ciphertext.len)) { + printf("TestCase %s(%d) line %d: %s\n", + __func__, i, __LINE__, "ciphertext not as expected\n"); + rte_hexdump(stdout, "expected", d_td->ciphertext.data, + d_td->ciphertext.len); + rte_hexdump(stdout, "actual", ciphertext, d_td->ciphertext.len); + ret = TEST_FAILED; + goto on_err; + } + +on_err: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + return ret; +} + +#define TEST_DOCSIS_COUNT(func) do { \ + int ret = func; \ + if (ret == TEST_SUCCESS) { \ + printf("\t%2d)", n++); \ + printf("+++++ PASSED:" #func"\n"); \ + p++; \ + } else if (ret == -ENOTSUP) { \ + printf("\t%2d)", n++); \ + printf("~~~~~ UNSUPP:" #func"\n"); \ + u++; \ + } else { \ + printf("\t%2d)", n++); \ + printf("----- FAILED:" #func"\n"); \ + f++; \ + } \ +} while (0) + +static int +test_DOCSIS_PROTO_uplink_all(void) +{ + int p = 0, u = 0, f = 0, n = 0; + + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(1, &docsis_test_case_1)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(2, &docsis_test_case_2)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(3, &docsis_test_case_3)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(4, &docsis_test_case_4)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(5, &docsis_test_case_5)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(6, &docsis_test_case_6)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(7, &docsis_test_case_7)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(8, &docsis_test_case_8)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(9, &docsis_test_case_9)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(10, &docsis_test_case_10)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(11, &docsis_test_case_11)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(12, &docsis_test_case_12)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(13, &docsis_test_case_13)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(14, &docsis_test_case_14)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(15, &docsis_test_case_15)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(16, &docsis_test_case_16)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(17, &docsis_test_case_17)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(18, &docsis_test_case_18)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(19, &docsis_test_case_19)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(20, &docsis_test_case_20)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(21, &docsis_test_case_21)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(22, &docsis_test_case_22)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(23, &docsis_test_case_23)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(24, &docsis_test_case_24)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(25, &docsis_test_case_25)); + TEST_DOCSIS_COUNT(test_docsis_proto_uplink(26, &docsis_test_case_26)); + + if (f) + printf("## %s: %d passed out of %d (%d unsupported)\n", + __func__, p, n, u); + + return f; +}; + +static int +test_DOCSIS_PROTO_downlink_all(void) +{ + int p = 0, u = 0, f = 0, n = 0; + + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(1, &docsis_test_case_1)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(2, &docsis_test_case_2)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(3, &docsis_test_case_3)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(4, &docsis_test_case_4)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(5, &docsis_test_case_5)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(6, &docsis_test_case_6)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(7, &docsis_test_case_7)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(8, &docsis_test_case_8)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(9, &docsis_test_case_9)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(10, &docsis_test_case_10)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(11, &docsis_test_case_11)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(12, &docsis_test_case_12)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(13, &docsis_test_case_13)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(14, &docsis_test_case_14)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(15, &docsis_test_case_15)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(16, &docsis_test_case_16)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(17, &docsis_test_case_17)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(18, &docsis_test_case_18)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(19, &docsis_test_case_19)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(20, &docsis_test_case_20)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(21, &docsis_test_case_21)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(22, &docsis_test_case_22)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(23, &docsis_test_case_23)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(24, &docsis_test_case_24)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(25, &docsis_test_case_25)); + TEST_DOCSIS_COUNT(test_docsis_proto_downlink(26, &docsis_test_case_26)); + + if (f) + printf("## %s: %d passed out of %d (%d unsupported)\n", + __func__, p, n, u); + + return f; +}; + +static int +test_DOCSIS_PROTO_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + int status; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + uint64_t feat_flags = dev_info.feature_flags; + + if (!(feat_flags & RTE_CRYPTODEV_FF_SECURITY)) + return -ENOTSUP; + + if (security_proto_supported(RTE_SECURITY_PROTOCOL_DOCSIS) < 0) + return -ENOTSUP; + + status = test_DOCSIS_PROTO_uplink_all(); + status += test_DOCSIS_PROTO_downlink_all(); + + if (status) + return TEST_FAILED; + else + return TEST_SUCCESS; +} #endif static int @@ -12342,6 +12892,8 @@ static struct unit_test_suite cryptodev_testsuite = { #ifdef RTE_LIBRTE_SECURITY TEST_CASE_ST(ut_setup, ut_teardown, test_PDCP_PROTO_all), + TEST_CASE_ST(ut_setup, ut_teardown, + test_DOCSIS_PROTO_all), #endif TEST_CASES_END() /**< NULL terminate unit test array */ } diff --git a/app/test/test_cryptodev_security_docsis_test_vectors.h b/app/test/test_cryptodev_security_docsis_test_vectors.h new file mode 100644 index 000000000..2ed57bd56 --- /dev/null +++ b/app/test/test_cryptodev_security_docsis_test_vectors.h @@ -0,0 +1,1544 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Intel Corporation + */ + +#ifndef TEST_CRYPTODEV_SECURITY_DOCSIS_TEST_VECTORS_H_ +#define TEST_CRYPTODEV_SECURITY_DOCSIS_TEST_VECTORS_H_ + +/* + * DOCSIS test data and cases + * - encrypt direction: CRC-Crypto + * - decrypt direction: Crypto-CRC + */ + +struct docsis_test_data { + struct { + uint8_t data[32]; + unsigned int len; + } key; + + struct { + uint8_t data[16] __rte_aligned(16); + unsigned int len; + } iv; + + struct { + uint8_t data[1024]; + unsigned int len; + unsigned int cipher_offset; + unsigned int crc_offset; + bool no_cipher; + bool no_crc; + } plaintext; + + struct { + uint8_t data[1024]; + unsigned int len; + unsigned int cipher_offset; + unsigned int crc_offset; + bool no_cipher; + bool no_crc; + } ciphertext; +}; + +struct docsis_test_data docsis_test_case_1 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x7A, 0xF0, + /* CRC */ + 0x61, 0xF8, 0x63, 0x42 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_2 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x7A, 0xF0, 0xDF, + /* CRC */ + 0xFE, 0x12, 0x99, 0xE5 + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_3 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xD6, 0xE2, 0x70, 0x5C, + 0xE6, 0x4D, 0xCC, 0x8C, 0x47, 0xB7, 0x09, 0xD6, + /* CRC */ + 0x54, 0x85, 0xF8, 0x32 + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_4 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x92, 0x6A, 0xC2, 0xDC, + 0xEE, 0x3B, 0x31, 0xEC, 0x03, 0xDE, 0x95, 0x33, + 0x5E, + /* CRC */ + 0xFE, 0x47, 0x3E, 0x22 + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_5 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x77, 0x74, 0x56, 0x05, + 0xD1, 0x14, 0xA2, 0x8D, 0x2C, 0x9A, 0x11, 0xFC, + 0x7D, 0xB0, 0xE7, 0x18, 0xCE, 0x75, 0x7C, 0x89, + 0x14, 0x56, 0xE2, 0xF2, 0xB7, 0x47, 0x08, 0x27, + 0xF7, 0x08, 0x7A, 0x13, 0x90, 0x81, 0x75, 0xB0, + 0xC7, 0x91, 0x04, 0x83, 0xAD, 0x11, 0x46, 0x46, + 0xF8, 0x54, 0x87, 0xA0, 0x42, 0xF3, 0x71, 0xA9, + 0x8A, 0xCD, 0x59, 0x77, 0x67, 0x11, 0x1A, 0x87, + /* CRC */ + 0xAB, 0xED, 0x2C, 0x26 + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_6 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x77, 0x74, 0x56, 0x05, + 0xD1, 0x14, 0xA2, 0x8D, 0x2C, 0x9A, 0x11, 0xFC, + 0x7D, 0xB0, 0xE7, 0x18, 0xCE, 0x75, 0x7C, 0x89, + 0x14, 0x56, 0xE2, 0xF2, 0xB7, 0x47, 0x08, 0x27, + 0xF7, 0x08, 0x7A, 0x13, 0x90, 0x81, 0x75, 0xB0, + 0xC7, 0x91, 0x04, 0x83, 0xAD, 0x11, 0x46, 0x46, + 0xF8, 0x54, 0x87, 0xA0, 0xA4, 0x0C, 0xC2, 0xF0, + 0x81, 0x49, 0xA8, 0xA6, 0x6C, 0x48, 0xEB, 0x1F, + 0x4B, + /* CRC */ + 0x2F, 0xD4, 0x48, 0x18 + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_7 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x3B, 0x9F, 0x72, 0x4C, 0xB5, 0x72, + 0x3E, 0x56, 0x54, 0x49, 0x13, 0x53, 0xC4, 0xAA, + 0xCD, 0xEA, 0x6A, 0x88, 0x99, 0x07, 0x86, 0xF4, + 0xCF, 0x03, 0x4E, 0xDF, 0x65, 0x61, 0x47, 0x5B, + 0x2F, 0x81, 0x09, 0x12, 0x9A, 0xC2, 0x24, 0x8C, + 0x09, + /* CRC */ + 0x11, 0xB4, 0x06, 0x33 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_8 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x7A, 0xF0, + /* CRC */ + 0x8A, 0x0F, 0x74, 0xE8 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_9 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x3B, 0x9F, 0x72, 0x4C, 0xB5, 0x72, + 0x3E, 0x56, 0x54, 0x49, 0x13, 0x53, 0xC4, 0xAA, + 0xCD, 0xEA, 0x6A, 0x88, 0x99, 0x07, 0x86, 0xF4, + 0xCF, 0x03, 0x4E, 0xDF, 0x65, 0x61, 0x47, 0x5B, + 0x2F, 0x81, 0x09, 0x12, 0x9A, 0xC2, 0x24, 0x8C, + 0x09, + /* CRC */ + 0x5D, 0x2B, 0x12, 0xF4 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_10 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0x14, 0x08, 0xE8, 0x55 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_11 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xB3, 0x60, 0xEB, 0x38 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_12 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_13 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 16 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_14 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x6A, 0x86, + /* CRC */ + 0x9B, 0xB3, 0x1A, 0x26 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_15 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x6A, 0x86, 0x25, + /* CRC */ + 0xB5, 0x6B, 0xFD, 0xCB + }, + .len = 25, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_16 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xF6, 0xA1, 0x2E, 0x0A, + 0xBB, 0x27, 0x82, 0x4F, 0x99, 0x0A, 0xE2, 0x3F, + /* CRC */ + 0xEB, 0xB7, 0x89, 0xB0 + }, + .len = 34, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_17 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xE1, 0x30, 0x38, 0xC8, + 0xC4, 0x59, 0x8D, 0x43, 0x9A, 0xBE, 0xBE, 0x73, + 0xC3, + /*CRC */ + 0x8C, 0xE1, 0x89, 0x8B + }, + .len = 35, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_18 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xE9, 0x12, 0x3B, 0x12, + 0x36, 0x56, 0x95, 0xA6, 0x97, 0xF1, 0x74, 0x68, + 0xBA, 0x58, 0x77, 0xEA, 0x43, 0x11, 0x85, 0xD4, + 0x7A, 0xF8, 0x1C, 0x11, 0x50, 0xD1, 0xF1, 0xBD, + 0x15, 0x4D, 0x99, 0xB5, 0x39, 0x74, 0x84, 0xDF, + 0xD4, 0x8B, 0xDC, 0xB7, 0x58, 0x1B, 0x22, 0xAB, + 0xF3, 0x29, 0xC6, 0xCB, 0x26, 0x07, 0x36, 0x6B, + 0x8C, 0xAC, 0x6E, 0x99, 0x37, 0x94, 0xDF, 0x31, + /* CRC */ + 0xA1, 0x7D, 0x70, 0xBB + }, + .len = 82, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_19 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0xE9, 0x12, 0x3B, 0x12, + 0x36, 0x56, 0x95, 0xA6, 0x97, 0xF1, 0x74, 0x68, + 0xBA, 0x58, 0x77, 0xEA, 0x43, 0x11, 0x85, 0xD4, + 0x7A, 0xF8, 0x1C, 0x11, 0x50, 0xD1, 0xF1, 0xBD, + 0x15, 0x4D, 0x99, 0xB5, 0x39, 0x74, 0x84, 0xDF, + 0xD4, 0x8B, 0xDC, 0xB7, 0x58, 0x1B, 0x22, 0xAB, + 0xF3, 0x29, 0xC6, 0xCB, 0x13, 0xED, 0x08, 0xF5, + 0x1B, 0x4B, 0xD8, 0x79, 0x93, 0x26, 0x69, 0x03, + 0x23, + /* CRC */ + 0xC8, 0x8E, 0x02, 0x3A + }, + .len = 83, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_20 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x54, 0xB4, 0x55, 0x68, 0x06, 0xBF, + 0x00, 0x8B, 0x5F, 0x2C, 0x10, 0x4A, 0xBF, 0x5A, + 0xF2, 0x20, 0xD9, 0x77, 0x7F, 0x2D, 0x2B, 0x11, + 0xAC, 0xAF, 0x21, 0x36, 0xD2, 0xD4, 0x80, 0xF2, + 0x4F, 0x14, 0xA0, 0x3A, 0x66, 0xE5, 0xC5, 0xE2, + 0x15, + /* CRC */ + 0x0C, 0x89, 0x76, 0x26 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_21 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x6A, 0x86, + /* CRC */ + 0x70, 0x44, 0x0D, 0x8C + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_22 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0x54, 0xB4, 0x55, 0x68, 0x06, 0xBF, + 0x00, 0x8B, 0x5F, 0x2C, 0x10, 0x4A, 0xBF, 0x5A, + 0xF2, 0x20, 0xD9, 0x77, 0x7F, 0x2D, 0x2B, 0x11, + 0xAC, 0xAF, 0x21, 0x36, 0xD2, 0xD4, 0x80, 0xF2, + 0x4F, 0x14, 0xA0, 0x3A, 0x66, 0xE5, 0xC5, 0xE2, + 0x15, + /* CRC */ + 0x40, 0x16, 0x62, 0xE1 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = false, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_23 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0x14, 0x08, 0xE8, 0x55 + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_24 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xB3, 0x60, 0xEB, 0x38 + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = false + } +}; + +struct docsis_test_data docsis_test_case_25 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 24, + .cipher_offset = 18, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +struct docsis_test_data docsis_test_case_26 = { + .key = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 + }, + .len = 32 + }, + .iv = { + .data = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + .len = 16 + }, + .plaintext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + }, + .ciphertext = { + .data = { + /* DOCSIS header */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Ethernet frame */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x06, 0x05, + 0x04, 0x03, 0x02, 0x01, 0x08, 0x00, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, + /* CRC */ + 0xFF, 0xFF, 0xFF, 0xFF + }, + .len = 83, + .cipher_offset = 40, + .crc_offset = 6, + .no_cipher = true, + .no_crc = true + } +}; + +#endif /* TEST_CRYPTODEV_SECURITY_DOCSIS_TEST_VECTORS_H_ */ From patchwork Tue Jun 23 10:14:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Coyle, David" X-Patchwork-Id: 72023 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 17A17A0350; Tue, 23 Jun 2020 12:37:34 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E004B1D665; Tue, 23 Jun 2020 12:37:05 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by dpdk.org (Postfix) with ESMTP id B30C21D634 for ; Tue, 23 Jun 2020 12:37:03 +0200 (CEST) IronPort-SDR: XnrtuHBIIJ+d/3q+Eo3UcIGekBcsMnGqcLnuIN8PWWKl73Zf9n4HrTqHQijOi0dt5UDNBTM6LM 3pIBXna+42Dw== X-IronPort-AV: E=McAfee;i="6000,8403,9660"; a="124286903" X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="124286903" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2020 03:37:02 -0700 IronPort-SDR: S98Zz63kKz4NMClFQ6Y1bMPi8AjUx/N3/bk5CVwiqokE3hAaodMUcb2JtreZCDIcAM6RpWkZ1T 3/516tHaqDag== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="264756096" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga008.fm.intel.com with ESMTP; 23 Jun 2020 03:36:57 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 23 Jun 2020 11:14:23 +0100 Message-Id: <20200623101423.9215-7-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200623101423.9215-1-david.coyle@intel.com> References: <20200604151324.50704-1-david.coyle@intel.com> <20200623101423.9215-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v2 6/6] test/security: add DOCSIS capability check tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add unit tests for DOCSIS capabilitity checks. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- app/test/test_security.c | 139 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) diff --git a/app/test/test_security.c b/app/test/test_security.c index 3076a4c5a..1ea0cb10b 100644 --- a/app/test/test_security.c +++ b/app/test/test_security.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include @@ -2268,6 +2269,138 @@ test_capability_get_pdcp_match(void) return TEST_SUCCESS; } +/** + * Test execution of rte_security_capability_get when capabilities table does + * not contain entry with matching DOCSIS direction field + */ +static int +test_capability_get_docsis_mismatch_direction(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_DOWNLINK, + .crc_size = RTE_ETHER_CRC_LEN, + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = + RTE_SECURITY_DOCSIS_UPLINK, + .crc_size = RTE_ETHER_CRC_LEN, + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table does + * not contain entry with matching DOCSIS CRC length + */ +static int +test_capability_get_docsis_mismatch_crc_len(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_DOWNLINK, + .crc_size = 0, + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = + RTE_SECURITY_DOCSIS_DOWNLINK, + .crc_size = RTE_ETHER_CRC_LEN, + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, NULL, "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + +/** + * Test execution of rte_security_capability_get when capabilities table + * contains matching DOCSIS entry + */ +static int +test_capability_get_docsis_match(void) +{ + struct security_unittest_params *ut_params = &unittest_params; + struct rte_security_capability_idx idx = { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = RTE_SECURITY_DOCSIS_UPLINK, + .crc_size = RTE_ETHER_CRC_LEN, + }, + }; + struct rte_security_capability capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, + .docsis = { + .direction = + RTE_SECURITY_DOCSIS_UPLINK, + .crc_size = RTE_ETHER_CRC_LEN, + }, + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE, + }, + }; + + mock_capabilities_get_exp.device = NULL; + mock_capabilities_get_exp.ret = capabilities; + + const struct rte_security_capability *ret; + ret = rte_security_capability_get(&ut_params->ctx, &idx); + TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_capability_get, + ret, &capabilities[1], "%p"); + TEST_ASSERT_MOCK_CALLS(mock_capabilities_get_exp, 1); + + return TEST_SUCCESS; +} + /** * Declaration of testcases */ @@ -2410,6 +2543,12 @@ static struct unit_test_suite security_testsuite = { test_capability_get_pdcp_mismatch_domain), TEST_CASE_ST(ut_setup_with_session, ut_teardown, test_capability_get_pdcp_match), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_docsis_mismatch_direction), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_docsis_mismatch_crc_len), + TEST_CASE_ST(ut_setup_with_session, ut_teardown, + test_capability_get_docsis_match), TEST_CASES_END() /**< NULL terminate unit test array */ }