1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(C) 2023 Marvell. 3 */ 4 5 #ifndef _TEST_CRYPTODEV_SECURITY_TLS_RECORD_H_ 6 #define _TEST_CRYPTODEV_SECURITY_TLS_RECORD_H_ 7 8 #include <rte_cryptodev.h> 9 #include <rte_security.h> 10 11 #include "test_security_proto.h" 12 13 /* TLS 1.2 Ciphertext length can be up to (2^14 + 2048 + 5 (TLS Header)) Bytes */ 14 #define TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (4096u) 15 static_assert(TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, 16 "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); 17 18 /* TLS 1.2 Plaintext length can be up to (2^14 + 1024) Bytes */ 19 #define TLS_1_2_RECORD_PLAINTEXT_MAX_LEN (3072u) 20 static_assert(TLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, 21 "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); 22 23 /* DTLS 1.2 Ciphertext length is similar to TLS 1.2 */ 24 #define DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (4096u) 25 static_assert(DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, 26 "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); 27 28 /* DTLS 1.2 Plaintext length is similar to TLS 1.2 */ 29 #define DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN (3072u) 30 static_assert(DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, 31 "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); 32 33 /* TLS 1.3 Ciphertext length can be up to (2^14 + 256 + 5 (TLS Header)) Bytes */ 34 #define TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN (4096u) 35 static_assert(TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, 36 "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); 37 38 /* TLS 1.3 Plaintext length can be up to 2^14 Bytes */ 39 #define TLS_1_3_RECORD_PLAINTEXT_MAX_LEN (3072u) 40 static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, 41 "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); 42 43 #define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) 44 45 enum tls_record_test_content_type { 46 TLS_RECORD_TEST_CONTENT_TYPE_APP, 47 /* For verifying zero packet length */ 48 TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, 49 /* For verifying handling of custom content types */ 50 TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, 51 }; 52 53 struct tls_record_test_data { 54 struct { 55 uint8_t data[32]; 56 } key; 57 58 struct { 59 uint8_t data[64]; 60 } auth_key; 61 62 struct { 63 uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; 64 unsigned int len; 65 } input_text; 66 67 struct { 68 uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; 69 unsigned int len; 70 } output_text; 71 72 struct { 73 uint8_t data[12]; 74 unsigned int len; 75 } imp_nonce; 76 77 struct { 78 uint8_t data[16]; 79 } iv; 80 81 union { 82 struct { 83 struct rte_crypto_sym_xform cipher; 84 struct rte_crypto_sym_xform auth; 85 } chain; 86 struct rte_crypto_sym_xform aead; 87 } xform; 88 89 struct rte_security_tls_record_xform tls_record_xform; 90 uint8_t app_type; 91 bool aead; 92 bool ar_packet; 93 }; 94 95 struct tls_record_test_flags { 96 bool display_alg; 97 bool data_walkthrough; 98 bool pkt_corruption; 99 bool zero_len; 100 uint8_t nb_segs_in_mbuf; 101 enum rte_security_tls_version tls_version; 102 enum tls_record_test_content_type content_type; 103 int ar_win_size; 104 }; 105 106 extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; 107 extern struct tls_record_test_data tls_test_data_aes_128_gcm_v2; 108 extern struct tls_record_test_data tls_test_data_aes_256_gcm; 109 extern struct tls_record_test_data dtls_test_data_aes_128_gcm; 110 extern struct tls_record_test_data dtls_test_data_aes_256_gcm; 111 extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac; 112 extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac; 113 extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac; 114 extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac; 115 extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac; 116 extern struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac; 117 extern struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac; 118 extern struct tls_record_test_data tls_test_data_chacha20_poly1305; 119 extern struct tls_record_test_data dtls_test_data_chacha20_poly1305; 120 extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac; 121 extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac; 122 extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac; 123 extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; 124 extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; 125 extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; 126 extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; 127 extern struct tls_record_test_data tls13_test_data_aes_128_gcm; 128 extern struct tls_record_test_data tls13_test_data_aes_256_gcm; 129 extern struct tls_record_test_data tls13_test_data_chacha20_poly1305; 130 131 int test_tls_record_status_check(struct rte_crypto_op *op, 132 const struct tls_record_test_data *td); 133 134 int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform, 135 const struct rte_security_capability *sec_cap, bool silent); 136 137 void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, 138 struct tls_record_test_data *td_in); 139 140 int test_tls_record_td_prepare(const struct crypto_param *param1, 141 const struct crypto_param *param2, 142 const struct tls_record_test_flags *flags, 143 struct tls_record_test_data *td_array, int nb_td, 144 unsigned int data_len); 145 146 void test_tls_record_td_update(struct tls_record_test_data td_inb[], 147 const struct tls_record_test_data td_outb[], int nb_td, 148 const struct tls_record_test_flags *flags); 149 150 int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, 151 struct tls_record_test_data *res_d, bool silent); 152 #endif 153