15df0478dSAnoob Joseph /* SPDX-License-Identifier: BSD-3-Clause
25df0478dSAnoob Joseph * Copyright(C) 2023 Marvell.
35df0478dSAnoob Joseph */
45df0478dSAnoob Joseph
55df0478dSAnoob Joseph #include <rte_crypto.h>
69157ccb8SAnoob Joseph #include <rte_dtls.h>
79157ccb8SAnoob Joseph #include <rte_tls.h>
85df0478dSAnoob Joseph
95df0478dSAnoob Joseph #include "test.h"
105df0478dSAnoob Joseph #include "test_cryptodev_security_tls_record.h"
115df0478dSAnoob Joseph #include "test_cryptodev_security_tls_record_test_vectors.h"
12eaac2b60SVidya Sagar Velumuri #include "test_security_proto.h"
135df0478dSAnoob Joseph
145df0478dSAnoob Joseph int
test_tls_record_status_check(struct rte_crypto_op * op,const struct tls_record_test_data * td)15999089baSAakash Sasidharan test_tls_record_status_check(struct rte_crypto_op *op,
16999089baSAakash Sasidharan const struct tls_record_test_data *td)
175df0478dSAnoob Joseph {
185df0478dSAnoob Joseph int ret = TEST_SUCCESS;
195df0478dSAnoob Joseph
20999089baSAakash Sasidharan if ((td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_READ) &&
21999089baSAakash Sasidharan td->ar_packet) {
22999089baSAakash Sasidharan if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) {
23999089baSAakash Sasidharan printf("Anti replay test case failed\n");
24999089baSAakash Sasidharan return TEST_FAILED;
25999089baSAakash Sasidharan } else {
26999089baSAakash Sasidharan return TEST_SUCCESS;
27999089baSAakash Sasidharan }
28999089baSAakash Sasidharan }
29999089baSAakash Sasidharan
305df0478dSAnoob Joseph if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS)
315df0478dSAnoob Joseph ret = TEST_FAILED;
325df0478dSAnoob Joseph
335df0478dSAnoob Joseph return ret;
345df0478dSAnoob Joseph }
355df0478dSAnoob Joseph
365df0478dSAnoob Joseph int
test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform * tls_record_xform,const struct rte_security_capability * sec_cap,bool silent)375df0478dSAnoob Joseph test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform,
385df0478dSAnoob Joseph const struct rte_security_capability *sec_cap, bool silent)
395df0478dSAnoob Joseph {
405df0478dSAnoob Joseph /* Verify security capabilities */
415df0478dSAnoob Joseph
425df0478dSAnoob Joseph RTE_SET_USED(tls_record_xform);
435df0478dSAnoob Joseph RTE_SET_USED(sec_cap);
445df0478dSAnoob Joseph RTE_SET_USED(silent);
455df0478dSAnoob Joseph
465df0478dSAnoob Joseph return 0;
475df0478dSAnoob Joseph }
485df0478dSAnoob Joseph
495df0478dSAnoob Joseph void
test_tls_record_td_read_from_write(const struct tls_record_test_data * td_out,struct tls_record_test_data * td_in)505df0478dSAnoob Joseph test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out,
515df0478dSAnoob Joseph struct tls_record_test_data *td_in)
525df0478dSAnoob Joseph {
535df0478dSAnoob Joseph memcpy(td_in, td_out, sizeof(*td_in));
545df0478dSAnoob Joseph
555df0478dSAnoob Joseph /* Populate output text of td_in with input text of td_out */
565df0478dSAnoob Joseph memcpy(td_in->output_text.data, td_out->input_text.data, td_out->input_text.len);
575df0478dSAnoob Joseph td_in->output_text.len = td_out->input_text.len;
585df0478dSAnoob Joseph
595df0478dSAnoob Joseph /* Populate input text of td_in with output text of td_out */
605df0478dSAnoob Joseph memcpy(td_in->input_text.data, td_out->output_text.data, td_out->output_text.len);
615df0478dSAnoob Joseph td_in->input_text.len = td_out->output_text.len;
625df0478dSAnoob Joseph
635df0478dSAnoob Joseph td_in->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ;
645df0478dSAnoob Joseph
655df0478dSAnoob Joseph if (td_in->aead) {
665df0478dSAnoob Joseph td_in->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
675df0478dSAnoob Joseph } else {
685df0478dSAnoob Joseph td_in->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
695df0478dSAnoob Joseph td_in->xform.chain.cipher.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
705df0478dSAnoob Joseph }
715df0478dSAnoob Joseph }
725df0478dSAnoob Joseph
73d2379dd8SVidya Sagar Velumuri int
test_tls_record_td_prepare(const struct crypto_param * param1,const struct crypto_param * param2,const struct tls_record_test_flags * flags,struct tls_record_test_data * td_array,int nb_td,unsigned int data_len)74eaac2b60SVidya Sagar Velumuri test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2,
75eaac2b60SVidya Sagar Velumuri const struct tls_record_test_flags *flags,
76cf93f07bSAakash Sasidharan struct tls_record_test_data *td_array,
77cf93f07bSAakash Sasidharan int nb_td, unsigned int data_len)
78eaac2b60SVidya Sagar Velumuri {
799157ccb8SAnoob Joseph int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0;
80eaac2b60SVidya Sagar Velumuri struct tls_record_test_data *td = NULL;
81eaac2b60SVidya Sagar Velumuri
82d2379dd8SVidya Sagar Velumuri if ((flags->tls_version == RTE_SECURITY_VERSION_TLS_1_3) &&
83d2379dd8SVidya Sagar Velumuri (param1->type != RTE_CRYPTO_SYM_XFORM_AEAD))
84d2379dd8SVidya Sagar Velumuri return TEST_SKIPPED;
85d2379dd8SVidya Sagar Velumuri
86eaac2b60SVidya Sagar Velumuri memset(td_array, 0, nb_td * sizeof(*td));
87eaac2b60SVidya Sagar Velumuri
88eaac2b60SVidya Sagar Velumuri for (i = 0; i < nb_td; i++) {
89eaac2b60SVidya Sagar Velumuri td = &td_array[i];
90eaac2b60SVidya Sagar Velumuri
91eaac2b60SVidya Sagar Velumuri /* Prepare fields based on param */
92eaac2b60SVidya Sagar Velumuri
93eaac2b60SVidya Sagar Velumuri if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
94eaac2b60SVidya Sagar Velumuri /* Copy template for packet & key fields */
95d2379dd8SVidya Sagar Velumuri switch (flags->tls_version) {
96d2379dd8SVidya Sagar Velumuri case RTE_SECURITY_VERSION_TLS_1_2:
97eaac2b60SVidya Sagar Velumuri memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td));
98d2379dd8SVidya Sagar Velumuri break;
99d2379dd8SVidya Sagar Velumuri case RTE_SECURITY_VERSION_DTLS_1_2:
100d2379dd8SVidya Sagar Velumuri memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td));
101d2379dd8SVidya Sagar Velumuri break;
102d2379dd8SVidya Sagar Velumuri case RTE_SECURITY_VERSION_TLS_1_3:
103d2379dd8SVidya Sagar Velumuri memcpy(td, &tls13_test_data_aes_128_gcm, sizeof(*td));
104d2379dd8SVidya Sagar Velumuri break;
105d2379dd8SVidya Sagar Velumuri }
106eaac2b60SVidya Sagar Velumuri
107eaac2b60SVidya Sagar Velumuri td->aead = true;
108eaac2b60SVidya Sagar Velumuri td->xform.aead.aead.algo = param1->alg.aead;
109eaac2b60SVidya Sagar Velumuri td->xform.aead.aead.key.length = param1->key_length;
110eaac2b60SVidya Sagar Velumuri td->xform.aead.aead.digest_length = param1->digest_length;
111eaac2b60SVidya Sagar Velumuri } else {
112eaac2b60SVidya Sagar Velumuri /* Copy template for packet & key fields */
113cf93f07bSAakash Sasidharan if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2)
114cf93f07bSAakash Sasidharan memcpy(td, &dtls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td));
115cf93f07bSAakash Sasidharan else
116eaac2b60SVidya Sagar Velumuri memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td));
117eaac2b60SVidya Sagar Velumuri
118eaac2b60SVidya Sagar Velumuri td->aead = false;
119eaac2b60SVidya Sagar Velumuri td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
120eaac2b60SVidya Sagar Velumuri td->xform.chain.cipher.cipher.key.length = param1->key_length;
121eaac2b60SVidya Sagar Velumuri td->xform.chain.cipher.cipher.iv.length = param1->iv_length;
122eaac2b60SVidya Sagar Velumuri td->xform.chain.auth.auth.algo = param2->alg.auth;
123eaac2b60SVidya Sagar Velumuri td->xform.chain.auth.auth.key.length = param2->key_length;
124eaac2b60SVidya Sagar Velumuri td->xform.chain.auth.auth.digest_length = param2->digest_length;
125eaac2b60SVidya Sagar Velumuri }
126eaac2b60SVidya Sagar Velumuri
12779a58624SVidya Sagar Velumuri if (flags->data_walkthrough || flags->zero_len) {
128cf93f07bSAakash Sasidharan test_sec_proto_pattern_set(td->input_text.data, data_len);
129cf93f07bSAakash Sasidharan td->input_text.len = data_len;
130cf93f07bSAakash Sasidharan }
131cf93f07bSAakash Sasidharan
1323b19ea79SVidya Sagar Velumuri if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM)
1333b19ea79SVidya Sagar Velumuri td->app_type = RTE_TLS_TYPE_MAX;
13479a58624SVidya Sagar Velumuri else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE)
13579a58624SVidya Sagar Velumuri td->app_type = RTE_TLS_TYPE_HANDSHAKE;
1363b19ea79SVidya Sagar Velumuri
1379157ccb8SAnoob Joseph tls_pkt_size = td->input_text.len;
1389157ccb8SAnoob Joseph
1399157ccb8SAnoob Joseph if (!td->aead) {
1409157ccb8SAnoob Joseph mac_len = td->xform.chain.auth.auth.digest_length;
141d2379dd8SVidya Sagar Velumuri min_padding = 1;
1429157ccb8SAnoob Joseph switch (td->xform.chain.cipher.cipher.algo) {
1439157ccb8SAnoob Joseph case RTE_CRYPTO_CIPHER_3DES_CBC:
1449157ccb8SAnoob Joseph roundup_len = 8;
1459157ccb8SAnoob Joseph exp_nonce_len = 8;
1469157ccb8SAnoob Joseph break;
1479157ccb8SAnoob Joseph case RTE_CRYPTO_CIPHER_AES_CBC:
1489157ccb8SAnoob Joseph roundup_len = 16;
1499157ccb8SAnoob Joseph exp_nonce_len = 16;
1509157ccb8SAnoob Joseph break;
1519157ccb8SAnoob Joseph default:
1529157ccb8SAnoob Joseph roundup_len = 0;
1539157ccb8SAnoob Joseph exp_nonce_len = 0;
1549157ccb8SAnoob Joseph break;
1559157ccb8SAnoob Joseph }
1569157ccb8SAnoob Joseph } else {
1579157ccb8SAnoob Joseph mac_len = td->xform.aead.aead.digest_length;
158d2379dd8SVidya Sagar Velumuri min_padding = 0;
1595540192cSAakash Sasidharan roundup_len = 0;
160d2379dd8SVidya Sagar Velumuri if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3)
161d2379dd8SVidya Sagar Velumuri exp_nonce_len = 0;
162d2379dd8SVidya Sagar Velumuri else
1639157ccb8SAnoob Joseph exp_nonce_len = 8;
1649157ccb8SAnoob Joseph }
1659157ccb8SAnoob Joseph
1669157ccb8SAnoob Joseph switch (td->tls_record_xform.ver) {
1679157ccb8SAnoob Joseph case RTE_SECURITY_VERSION_TLS_1_2:
168d2379dd8SVidya Sagar Velumuri hdr_len = sizeof(struct rte_tls_hdr);
169d2379dd8SVidya Sagar Velumuri break;
1709157ccb8SAnoob Joseph case RTE_SECURITY_VERSION_TLS_1_3:
1719157ccb8SAnoob Joseph hdr_len = sizeof(struct rte_tls_hdr);
172d2379dd8SVidya Sagar Velumuri /* Add 1 byte for content type in packet */
173d2379dd8SVidya Sagar Velumuri tls_pkt_size += 1;
1749157ccb8SAnoob Joseph break;
1759157ccb8SAnoob Joseph case RTE_SECURITY_VERSION_DTLS_1_2:
1769157ccb8SAnoob Joseph hdr_len = sizeof(struct rte_dtls_hdr);
1779157ccb8SAnoob Joseph break;
1789157ccb8SAnoob Joseph default:
179d2379dd8SVidya Sagar Velumuri return TEST_SKIPPED;
1809157ccb8SAnoob Joseph }
1819157ccb8SAnoob Joseph
1829157ccb8SAnoob Joseph tls_pkt_size += mac_len;
1839157ccb8SAnoob Joseph
1849157ccb8SAnoob Joseph /* Padding */
1859157ccb8SAnoob Joseph tls_pkt_size += min_padding;
1865540192cSAakash Sasidharan
1875540192cSAakash Sasidharan if (roundup_len)
1889157ccb8SAnoob Joseph tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len);
1899157ccb8SAnoob Joseph
1909157ccb8SAnoob Joseph /* Explicit nonce */
1919157ccb8SAnoob Joseph tls_pkt_size += exp_nonce_len;
1929157ccb8SAnoob Joseph
1939157ccb8SAnoob Joseph /* Add TLS header */
1949157ccb8SAnoob Joseph tls_pkt_size += hdr_len;
1959157ccb8SAnoob Joseph
1969157ccb8SAnoob Joseph td->output_text.len = tls_pkt_size;
1979157ccb8SAnoob Joseph
198999089baSAakash Sasidharan }
199d2379dd8SVidya Sagar Velumuri return TEST_SUCCESS;
200eaac2b60SVidya Sagar Velumuri }
201eaac2b60SVidya Sagar Velumuri
202eaac2b60SVidya Sagar Velumuri void
test_tls_record_td_update(struct tls_record_test_data td_inb[],const struct tls_record_test_data td_outb[],int nb_td,const struct tls_record_test_flags * flags)203eaac2b60SVidya Sagar Velumuri test_tls_record_td_update(struct tls_record_test_data td_inb[],
204eaac2b60SVidya Sagar Velumuri const struct tls_record_test_data td_outb[], int nb_td,
205eaac2b60SVidya Sagar Velumuri const struct tls_record_test_flags *flags)
206eaac2b60SVidya Sagar Velumuri {
207eaac2b60SVidya Sagar Velumuri int i;
208eaac2b60SVidya Sagar Velumuri
209eaac2b60SVidya Sagar Velumuri for (i = 0; i < nb_td; i++) {
210eaac2b60SVidya Sagar Velumuri memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
211eaac2b60SVidya Sagar Velumuri td_outb[i].input_text.len);
212eaac2b60SVidya Sagar Velumuri td_inb[i].output_text.len = td_outb->input_text.len;
213eaac2b60SVidya Sagar Velumuri
21490f8ee2bSVidya Sagar Velumuri /* Corrupt the content type in the TLS header of encrypted packet */
21590f8ee2bSVidya Sagar Velumuri if (flags->pkt_corruption)
21690f8ee2bSVidya Sagar Velumuri td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0];
21790f8ee2bSVidya Sagar Velumuri
218*625110efSVidya Sagar Velumuri /* Corrupt a byte in the last but one block */
219*625110efSVidya Sagar Velumuri if (flags->padding_corruption) {
220*625110efSVidya Sagar Velumuri int offset = td_inb[i].input_text.len - TLS_RECORD_PAD_CORRUPT_OFFSET;
221*625110efSVidya Sagar Velumuri
222*625110efSVidya Sagar Velumuri td_inb[i].input_text.data[offset] = ~td_inb[i].input_text.data[offset];
223*625110efSVidya Sagar Velumuri }
224*625110efSVidya Sagar Velumuri
225eaac2b60SVidya Sagar Velumuri /* Clear outbound specific flags */
226eaac2b60SVidya Sagar Velumuri td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
227eaac2b60SVidya Sagar Velumuri }
228eaac2b60SVidya Sagar Velumuri
229eaac2b60SVidya Sagar Velumuri RTE_SET_USED(flags);
230eaac2b60SVidya Sagar Velumuri }
231eaac2b60SVidya Sagar Velumuri
2325df0478dSAnoob Joseph static int
test_tls_record_td_verify(uint8_t * output_text,uint32_t len,const struct tls_record_test_data * td,bool silent)2335df0478dSAnoob Joseph test_tls_record_td_verify(uint8_t *output_text, uint32_t len, const struct tls_record_test_data *td,
2345df0478dSAnoob Joseph bool silent)
2355df0478dSAnoob Joseph {
2365df0478dSAnoob Joseph if (len != td->output_text.len) {
2375df0478dSAnoob Joseph printf("Output length (%d) not matching with expected (%d)\n",
2385df0478dSAnoob Joseph len, td->output_text.len);
2395df0478dSAnoob Joseph return TEST_FAILED;
2405df0478dSAnoob Joseph }
2415df0478dSAnoob Joseph
2425df0478dSAnoob Joseph if (memcmp(output_text, td->output_text.data, len)) {
2435df0478dSAnoob Joseph if (silent)
2445df0478dSAnoob Joseph return TEST_FAILED;
2455df0478dSAnoob Joseph
2465df0478dSAnoob Joseph printf("[%s : %d] %s\n", __func__, __LINE__, "Output text not as expected\n");
2475df0478dSAnoob Joseph
2485df0478dSAnoob Joseph rte_hexdump(stdout, "expected", td->output_text.data, len);
2495df0478dSAnoob Joseph rte_hexdump(stdout, "actual", output_text, len);
2505df0478dSAnoob Joseph return TEST_FAILED;
2515df0478dSAnoob Joseph }
2525df0478dSAnoob Joseph
2535df0478dSAnoob Joseph return TEST_SUCCESS;
2545df0478dSAnoob Joseph }
2555df0478dSAnoob Joseph
2565df0478dSAnoob Joseph static int
test_tls_record_res_d_prepare(const uint8_t * output_text,uint32_t len,const struct tls_record_test_data * td,struct tls_record_test_data * res_d)2575df0478dSAnoob Joseph test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len,
2585df0478dSAnoob Joseph const struct tls_record_test_data *td,
2595df0478dSAnoob Joseph struct tls_record_test_data *res_d)
2605df0478dSAnoob Joseph {
2615df0478dSAnoob Joseph memcpy(res_d, td, sizeof(*res_d));
2625df0478dSAnoob Joseph
2635df0478dSAnoob Joseph memcpy(&res_d->input_text.data, output_text, len);
2645df0478dSAnoob Joseph res_d->input_text.len = len;
26579a58624SVidya Sagar Velumuri res_d->output_text.len = td->input_text.len;
2665df0478dSAnoob Joseph
2675df0478dSAnoob Joseph res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ;
2685df0478dSAnoob Joseph if (res_d->aead) {
2695df0478dSAnoob Joseph res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
2705df0478dSAnoob Joseph } else {
2715df0478dSAnoob Joseph res_d->xform.chain.cipher.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
2725df0478dSAnoob Joseph res_d->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
2735df0478dSAnoob Joseph }
2745df0478dSAnoob Joseph
2755df0478dSAnoob Joseph return TEST_SUCCESS;
2765df0478dSAnoob Joseph }
277cf93f07bSAakash Sasidharan
2789157ccb8SAnoob Joseph static int
tls_record_hdr_verify(const struct tls_record_test_data * td,const uint8_t * output_text,const struct tls_record_test_flags * flags)27976fb3725SVidya Sagar Velumuri tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text,
28076fb3725SVidya Sagar Velumuri const struct tls_record_test_flags *flags)
2819157ccb8SAnoob Joseph {
2829157ccb8SAnoob Joseph uint16_t length, hdr_len;
2839157ccb8SAnoob Joseph uint8_t content_type;
2849157ccb8SAnoob Joseph
2859157ccb8SAnoob Joseph if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_2) {
2869157ccb8SAnoob Joseph const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text;
2879157ccb8SAnoob Joseph if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) {
2889157ccb8SAnoob Joseph printf("Incorrect header version [expected - %4x, received - %4x]\n",
2899157ccb8SAnoob Joseph RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version));
2909157ccb8SAnoob Joseph return TEST_FAILED;
2919157ccb8SAnoob Joseph }
2929157ccb8SAnoob Joseph content_type = hdr->type;
2939157ccb8SAnoob Joseph length = rte_be_to_cpu_16(hdr->length);
2949157ccb8SAnoob Joseph hdr_len = sizeof(struct rte_tls_hdr);
2959157ccb8SAnoob Joseph } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) {
2969157ccb8SAnoob Joseph const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text;
297361dbff3SVidya Sagar Velumuri if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) {
2989157ccb8SAnoob Joseph printf("Incorrect header version [expected - %4x, received - %4x]\n",
299361dbff3SVidya Sagar Velumuri RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version));
3009157ccb8SAnoob Joseph return TEST_FAILED;
3019157ccb8SAnoob Joseph }
3029157ccb8SAnoob Joseph content_type = hdr->type;
3039157ccb8SAnoob Joseph length = rte_be_to_cpu_16(hdr->length);
3049157ccb8SAnoob Joseph hdr_len = sizeof(struct rte_tls_hdr);
3059157ccb8SAnoob Joseph } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_DTLS_1_2) {
3069157ccb8SAnoob Joseph const struct rte_dtls_hdr *hdr = (const struct rte_dtls_hdr *)output_text;
3079157ccb8SAnoob Joseph if (rte_be_to_cpu_16(hdr->version) != RTE_DTLS_VERSION_1_2) {
3089157ccb8SAnoob Joseph printf("Incorrect header version [expected - %4x, received - %4x]\n",
3099157ccb8SAnoob Joseph RTE_DTLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version));
3109157ccb8SAnoob Joseph return TEST_FAILED;
3119157ccb8SAnoob Joseph }
3129157ccb8SAnoob Joseph content_type = hdr->type;
3139157ccb8SAnoob Joseph length = rte_be_to_cpu_16(hdr->length);
3149157ccb8SAnoob Joseph hdr_len = sizeof(struct rte_dtls_hdr);
3159157ccb8SAnoob Joseph } else {
3169157ccb8SAnoob Joseph return TEST_FAILED;
3179157ccb8SAnoob Joseph }
3189157ccb8SAnoob Joseph
319361dbff3SVidya Sagar Velumuri if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) {
320361dbff3SVidya Sagar Velumuri if (content_type != RTE_TLS_TYPE_APPDATA) {
321361dbff3SVidya Sagar Velumuri printf("Incorrect content type in packet [expected - %d, received - %d]\n",
322361dbff3SVidya Sagar Velumuri td->app_type, content_type);
323361dbff3SVidya Sagar Velumuri return TEST_FAILED;
324361dbff3SVidya Sagar Velumuri }
325361dbff3SVidya Sagar Velumuri } else {
3269157ccb8SAnoob Joseph if (content_type != td->app_type) {
3279157ccb8SAnoob Joseph printf("Incorrect content type in packet [expected - %d, received - %d]\n",
3289157ccb8SAnoob Joseph td->app_type, content_type);
3299157ccb8SAnoob Joseph return TEST_FAILED;
3309157ccb8SAnoob Joseph }
331361dbff3SVidya Sagar Velumuri }
3329157ccb8SAnoob Joseph
33376fb3725SVidya Sagar Velumuri if (!flags->opt_padding) {
3349157ccb8SAnoob Joseph if (length != td->output_text.len - hdr_len) {
3359157ccb8SAnoob Joseph printf("Incorrect packet length [expected - %d, received - %d]\n",
3369157ccb8SAnoob Joseph td->output_text.len - hdr_len, length);
3379157ccb8SAnoob Joseph return TEST_FAILED;
3389157ccb8SAnoob Joseph }
33976fb3725SVidya Sagar Velumuri } else {
34076fb3725SVidya Sagar Velumuri int pad_len = (flags->opt_padding * 8) > 256 ? 256 : (flags->opt_padding * 8);
34176fb3725SVidya Sagar Velumuri int expect_len = td->output_text.len - hdr_len + pad_len;
34276fb3725SVidya Sagar Velumuri
34376fb3725SVidya Sagar Velumuri if (length - expect_len > 32) {
34476fb3725SVidya Sagar Velumuri printf("Incorrect packet length [expected - %d, received - %d]\n",
34576fb3725SVidya Sagar Velumuri expect_len, length);
34676fb3725SVidya Sagar Velumuri return TEST_FAILED;
34776fb3725SVidya Sagar Velumuri }
34876fb3725SVidya Sagar Velumuri
34976fb3725SVidya Sagar Velumuri }
3509157ccb8SAnoob Joseph
3519157ccb8SAnoob Joseph return TEST_SUCCESS;
3529157ccb8SAnoob Joseph }
3535df0478dSAnoob Joseph
3545df0478dSAnoob Joseph int
test_tls_record_post_process(const struct rte_mbuf * m,const struct tls_record_test_data * td,struct tls_record_test_data * res_d,bool silent,const struct tls_record_test_flags * flags)3555df0478dSAnoob Joseph test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
35676fb3725SVidya Sagar Velumuri struct tls_record_test_data *res_d, bool silent,
35776fb3725SVidya Sagar Velumuri const struct tls_record_test_flags *flags)
3585df0478dSAnoob Joseph {
359cf93f07bSAakash Sasidharan uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN];
3605df0478dSAnoob Joseph uint32_t len = rte_pktmbuf_pkt_len(m), data_len;
3615df0478dSAnoob Joseph const struct rte_mbuf *seg;
3625df0478dSAnoob Joseph const uint8_t *output;
3639157ccb8SAnoob Joseph int ret;
3645df0478dSAnoob Joseph
365cf93f07bSAakash Sasidharan memset(output_text, 0, TEST_SEC_CIPHERTEXT_MAX_LEN);
3665df0478dSAnoob Joseph
3675df0478dSAnoob Joseph /*
3685df0478dSAnoob Joseph * Actual data in packet might be less in error cases, hence take minimum of pkt_len and sum
3695df0478dSAnoob Joseph * of data_len. This is done to run through negative test cases.
3705df0478dSAnoob Joseph */
3715df0478dSAnoob Joseph data_len = 0;
3725df0478dSAnoob Joseph seg = m;
3735df0478dSAnoob Joseph while (seg) {
3745df0478dSAnoob Joseph data_len += seg->data_len;
3755df0478dSAnoob Joseph seg = seg->next;
3765df0478dSAnoob Joseph }
3775df0478dSAnoob Joseph
3785df0478dSAnoob Joseph len = RTE_MIN(len, data_len);
379cf93f07bSAakash Sasidharan TEST_ASSERT(len <= TEST_SEC_CIPHERTEXT_MAX_LEN, "Invalid packet length: %u", len);
3805df0478dSAnoob Joseph
3815df0478dSAnoob Joseph /* Copy mbuf payload to continuous buffer */
3825df0478dSAnoob Joseph output = rte_pktmbuf_read(m, 0, len, output_text);
3835df0478dSAnoob Joseph if (output != output_text) {
3845df0478dSAnoob Joseph /* Single segment mbuf, copy manually */
3855df0478dSAnoob Joseph memcpy(output_text, output, len);
3865df0478dSAnoob Joseph }
3875df0478dSAnoob Joseph
3889157ccb8SAnoob Joseph if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) {
38976fb3725SVidya Sagar Velumuri ret = tls_record_hdr_verify(td, output_text, flags);
3909157ccb8SAnoob Joseph if (ret != TEST_SUCCESS)
3919157ccb8SAnoob Joseph return ret;
3929157ccb8SAnoob Joseph }
3939157ccb8SAnoob Joseph
3945df0478dSAnoob Joseph /*
3955df0478dSAnoob Joseph * In case of known vector tests & all record read (decrypt) tests, res_d provided would be
3965df0478dSAnoob Joseph * NULL and output data need to be validated against expected. For record read (decrypt),
3975df0478dSAnoob Joseph * output_text would be plain payload and for record write (encrypt), output_text would TLS
3985df0478dSAnoob Joseph * record. Validate by comparing against known vectors.
3995df0478dSAnoob Joseph *
4005df0478dSAnoob Joseph * In case of combined mode tests, the output_text from TLS write (encrypt) operation (ie,
4015df0478dSAnoob Joseph * TLS record) would need to be decrypted using a TLS read operation to obtain the plain
4025df0478dSAnoob Joseph * text. Copy output_text to result data, 'res_d', so that inbound processing can be done.
4035df0478dSAnoob Joseph */
4045df0478dSAnoob Joseph
4055df0478dSAnoob Joseph if (res_d == NULL)
4065df0478dSAnoob Joseph return test_tls_record_td_verify(output_text, len, td, silent);
4075df0478dSAnoob Joseph else
4085df0478dSAnoob Joseph return test_tls_record_res_d_prepare(output_text, len, td, res_d);
4095df0478dSAnoob Joseph }
410