security: add MACsec VLAN cases

Akhil Goyal Wed, 07 Jun 2023 23:56:09 -0700

Added cases to verify MACsec processing with VLAN
tags inserted. Vectors are added to verify 1/2/3
VLAN tags in clear or encrypted data.


Signed-off-by: Akhil Goyal <gak...@marvell.com>
---
 app/test/test_security_inline_macsec.c        |  67 ++++++
 .../test_security_inline_macsec_vectors.h     | 217 ++++++++++++++++++
 2 files changed, 284 insertions(+)

diff --git a/app/test/test_security_inline_macsec.c 
b/app/test/test_security_inline_macsec.c
index 621074a928..854ead75a0 100644
--- a/app/test/test_security_inline_macsec.c
+++ b/app/test/test_security_inline_macsec.c
@@ -1119,6 +1119,69 @@ test_inline_macsec_multi_flow(const void *data 
__rte_unused)
        return err;
 }
 
+static int
+test_inline_macsec_with_vlan(const void *data __rte_unused)
+{
+       const struct mcs_test_vector *cur_td;
+       struct mcs_test_opts opts = {0};
+       int err, all_err = 0;
+       int i, size;
+
+       opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+       opts.protect_frames = true;
+       opts.sa_in_use = 1;
+       opts.nb_td = 1;
+       opts.mtu = RTE_ETHER_MTU;
+
+       size = (sizeof(list_mcs_vlan_vectors) / 
sizeof((list_mcs_vlan_vectors)[0]));
+
+       for (i = 0; i < size; i++) {
+               cur_td = &list_mcs_vlan_vectors[i];
+               if (i == 0) {
+                       opts.sectag_insert_mode = 1;
+               } else if (i == 1) {
+                       opts.sectag_insert_mode = 0; /* offset from special 
E-type */
+                       opts.nb_vlan = 1;
+               } else if (i == 2) {
+                       opts.sectag_insert_mode = 0; /* offset from special 
E-type */
+                       opts.nb_vlan = 2;
+               }
+               err = test_macsec(&cur_td, MCS_ENCAP, &opts);
+               if (err) {
+                       printf("\n VLAN Encap case %d failed", 
cur_td->test_idx);
+                       err = -1;
+               } else {
+                       printf("\n VLAN Encap case %d passed", 
cur_td->test_idx);
+                       err = 0;
+               }
+               all_err += err;
+       }
+       for (i = 0; i < size; i++) {
+               cur_td = &list_mcs_vlan_vectors[i];
+               if (i == 0) {
+                       opts.sectag_insert_mode = 1;
+               } else if (i == 1) {
+                       opts.sectag_insert_mode = 0; /* offset from special 
E-type */
+                       opts.nb_vlan = 1;
+               } else if (i == 2) {
+                       opts.sectag_insert_mode = 0; /* offset from special 
E-type */
+                       opts.nb_vlan = 2;
+               }
+               err = test_macsec(&cur_td, MCS_DECAP, &opts);
+               if (err) {
+                       printf("\n VLAN Decap case %d failed", 
cur_td->test_idx);
+                       err = -1;
+               } else {
+                       printf("\n VLAN Decap case %d passed", 
cur_td->test_idx);
+                       err = 0;
+               }
+               all_err += err;
+       }
+
+       printf("\n%s: Success: %d, Failure: %d\n", __func__, (2 * size) + 
all_err, -all_err);
+       return all_err;
+}
+
 static int
 ut_setup_inline_macsec(void)
 {
@@ -1292,6 +1355,10 @@ static struct unit_test_suite inline_macsec_testsuite  = 
{
                        "MACsec auth + verify known vector",
                        ut_setup_inline_macsec, ut_teardown_inline_macsec,
                        test_inline_macsec_auth_verify_all),
+               TEST_CASE_NAMED_ST(
+                       "MACsec Encap and decap with VLAN",
+                       ut_setup_inline_macsec, ut_teardown_inline_macsec,
+                       test_inline_macsec_with_vlan),
 
                TEST_CASES_END() /**< NULL terminate unit test array */
        },
diff --git a/app/test/test_security_inline_macsec_vectors.h 
b/app/test/test_security_inline_macsec_vectors.h
index 8d9c2cae77..4bcb82783c 100644
--- a/app/test/test_security_inline_macsec_vectors.h
+++ b/app/test/test_security_inline_macsec_vectors.h
@@ -2185,5 +2185,222 @@ uint8_t 
secure_user_data[MCS_MULTI_FLOW_TD_SECURE_DATA_SZ] = {
                0x2A, 0x5D, 0x6C, 0x2B, 0x96, 0x04, 0x94, 0xC3,
 };
 
+static const struct mcs_test_vector list_mcs_vlan_vectors[] = {
+/* No clear tag, VLAN after macsec header */
+{
+       .test_idx = 1,
+       .alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+       .ssci = 0,
+       .xpn = 0, /* Most significant 32 bits */
+       .salt = {0},
+       .sa_key = {
+               .data = {
+                       0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+                       0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+               },
+               .len = 16,
+       },
+       .plain_pkt = {
+               .data = {/* MAC DA */
+                       0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+                       /* MAC SA */
+                       0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+                       /* User Data with VLAN Tag */
+                       0x81, 0x00, 0x00, 0x02, 0x08, 0x00, 0x45, 0x00,
+                       0x00, 0x54, 0xF2, 0xFA, 0x40, 0x00, 0x40, 0x01,
+                       0xF7, 0x83, 0x14, 0x14, 0x14, 0x02, 0x14, 0x14,
+                       0x14, 0x01, 0x08, 0x00, 0xE9, 0xC5, 0x02, 0xAF,
+                       0x00, 0x01, 0xCB, 0x51, 0x6D, 0x38, 0x00, 0x00,
+                       0x00, 0x00, 0x13, 0x2D, 0x01, 0x00, 0x00, 0x00,
+                       0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
+                       0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D,
+                       0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
+                       0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D,
+                       0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+                       0x36, 0x37,
+               },
+               .len = 102,
+       },
+       .secure_pkt = {
+               .data = {/* MAC DA */
+                       0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+                       /* MAC SA */
+                       0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+                       /* MACsec EtherType */
+                       0x88, 0xE5,
+                       /* TCI and AN */
+                       0x20,
+                       /* SL */
+                       0x00,
+                       /* PN */
+                       0x00, 0x00, 0x00, 0x06,
+                       /* SCI */
+                       0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01,
+                       /* Secure Data */
+                       0x81, 0x00, 0x00, 0x02, 0x08, 0x00, 0x45, 0x00,
+                       0x00, 0x54, 0xF2, 0xFA, 0x40, 0x00, 0x40, 0x01,
+                       0xF7, 0x83, 0x14, 0x14, 0x14, 0x02, 0x14, 0x14,
+                       0x14, 0x01, 0x08, 0x00, 0xE9, 0xC5, 0x02, 0xAF,
+                       0x00, 0x01, 0xCB, 0x51, 0x6D, 0x38, 0x00, 0x00,
+                       0x00, 0x00, 0x13, 0x2D, 0x01, 0x00, 0x00, 0x00,
+                       0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
+                       0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D,
+                       0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
+                       0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D,
+                       0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+                       0x36, 0x37,
+                       /* ICV */
+                       0x21, 0x68, 0xF1, 0x21, 0x19, 0xB7, 0xDF, 0x73,
+                       0x6F, 0x2A, 0x11, 0xEA, 0x8A, 0xBC, 0x8A, 0x79,
+               },
+               .len = 134,
+       },
+},
+/* 1 vlan tag followed by MACsec */
+{
+       .test_idx = 2,
+       .alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+       .ssci = 0,
+       .xpn = 0, /* Most significant 32 bits */
+       .salt = {0},
+       .sa_key = {
+               .data = {
+                       0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+                       0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+               },
+               .len = 16,
+       },
+       .plain_pkt = {
+               .data = {/* MAC DA */
+                       0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+                       /* MAC SA */
+                       0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+                       /* User Data */
+                       0x81, 0x00, 0x00, 0x02,
+                       0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x88, 0x71,
+                       0x40, 0x00, 0x40, 0x01, 0x62, 0x0D, 0x14, 0x14,
+                       0x14, 0x02, 0x14, 0x14, 0x14, 0x01, 0x08, 0x00,
+                       0x77, 0xA6, 0x02, 0xB3, 0x00, 0x01, 0xBE, 0x52,
+                       0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x8C, 0x47,
+                       0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11,
+                       0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+                       0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21,
+                       0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
+                       0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31,
+                       0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+               },
+               .len = 102,
+       },
+       .secure_pkt = {
+               .data = {/* MAC DA */
+                       0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+                       /* MAC SA */
+                       0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+                       /* VLAN Tag before MACsec */
+                       0x81, 0x00, 0x00, 0x02,
+                       /* MACsec EtherType */
+                       0x88, 0xE5,
+                       /* TCI and AN */
+                       0x20,
+                       /* SL */
+                       0x00,
+                       /* PN */
+                       0x00, 0x00, 0x00, 0x07,
+                       /* SCI */
+                       0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01,
+                       /* Secure Data */
+                       0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x88, 0x71,
+                       0x40, 0x00, 0x40, 0x01, 0x62, 0x0D, 0x14, 0x14,
+                       0x14, 0x02, 0x14, 0x14, 0x14, 0x01, 0x08, 0x00,
+                       0x77, 0xA6, 0x02, 0xB3, 0x00, 0x01, 0xBE, 0x52,
+                       0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x8C, 0x47,
+                       0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11,
+                       0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+                       0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21,
+                       0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
+                       0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31,
+                       0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+                       /* ICV */
+                       0xF1, 0xC0, 0xA2, 0x6E, 0x99, 0xE5, 0xAB, 0x97,
+                       0x78, 0x79, 0x7D, 0x13, 0x35, 0x5E, 0x39, 0x4F,
+               },
+               .len = 134,
+       },
+},
+/* 2 vlan tag followed by MACsec */
+{
+       .test_idx = 3,
+       .alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+       .ssci = 0,
+       .xpn = 0, /* Most significant 32 bits */
+       .salt = {0},
+       .sa_key = {
+               .data = {
+                       0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+                       0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+               },
+               .len = 16,
+       },
+       .plain_pkt = {
+               .data = {/* MAC DA */
+                       0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+                       /* MAC SA */
+                       0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+                       /* User Data */
+                       0x88, 0xA8, 0x00, 0x04, 0x81, 0x00, 0x00, 0x02,
+                       0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x70, 0x5B,
+                       0x40, 0x00, 0x40, 0x01, 0x29, 0xF9, 0x28, 0x28,
+                       0x28, 0x04, 0x28, 0x28, 0x28, 0x01, 0x08, 0x00,
+                       0x08, 0x02, 0x02, 0xE2, 0x00, 0x01, 0x60, 0x58,
+                       0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x5C, 0xB7,
+                       0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11,
+                       0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+                       0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21,
+                       0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
+                       0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31,
+                       0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+               },
+               .len = 106,
+       },
+       .secure_pkt = {
+               .data = {/* MAC DA */
+                       0xCA, 0xCB, 0xCD, 0x41, 0x42, 0x43,
+                       /* MAC SA */
+                       0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23,
+                       /* VLAN Tags before MACsec */
+                       0x88, 0xA8, 0x00, 0x04,
+                       0x81, 0x00, 0x00, 0x02,
+                       /* MACsec EtherType */
+                       0x88, 0xE5,
+                       /* TCI and AN */
+                       0x20,
+                       /* SL */
+                       0x00,
+                       /* PN */
+                       0x00, 0x00, 0x00, 0x0E,
+                       /* SCI */
+                       0xCA, 0xCB, 0xCD, 0x21, 0x22, 0x23, 0x00, 0x01,
+                       /* Secure Data */
+                       0x08, 0x00, 0x45, 0x00, 0x00, 0x54, 0x70, 0x5B,
+                       0x40, 0x00, 0x40, 0x01, 0x29, 0xF9, 0x28, 0x28,
+                       0x28, 0x04, 0x28, 0x28, 0x28, 0x01, 0x08, 0x00,
+                       0x08, 0x02, 0x02, 0xE2, 0x00, 0x01, 0x60, 0x58,
+                       0x6D, 0x38, 0x00, 0x00, 0x00, 0x00, 0x5C, 0xB7,
+                       0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11,
+                       0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+                       0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21,
+                       0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
+                       0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31,
+                       0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+                       /* ICV */
+                       0xCC, 0x38, 0x21, 0x3A, 0xEE, 0x5F, 0xE3, 0x7F,
+                       0xA1, 0xBA, 0xBD, 0xBD, 0x65, 0x5B, 0xB3, 0xE5,
+               },
+               .len = 138,
+       },
+},
+};
+
+
 
 #endif
-- 
2.25.1

[PATCH v3 06/13] test/security: add MACsec VLAN cases

Reply via email to