File: test_cryptodev_security_tls_record.h

package info (click to toggle)
dpdk 25.11-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 127,892 kB
  • sloc: ansic: 2,358,479; python: 16,426; sh: 4,474; makefile: 1,713; awk: 70
file content (158 lines) | stat: -rw-r--r-- 5,960 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
/* SPDX-License-Identifier: BSD-3-Clause
 * Copyright(C) 2023 Marvell.
 */

#ifndef _TEST_CRYPTODEV_SECURITY_TLS_RECORD_H_
#define _TEST_CRYPTODEV_SECURITY_TLS_RECORD_H_

#include <rte_cryptodev.h>
#include <rte_security.h>

#include "test_security_proto.h"

/* TLS 1.2 Ciphertext length can be up to (2^14 + 2048 + 5 (TLS Header)) Bytes */
#define TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN  (18437u)
static_assert(TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN,
	      "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!");

/* TLS 1.2 Plaintext length can be up to (2^14 + 1024) Bytes */
#define TLS_1_2_RECORD_PLAINTEXT_MAX_LEN   (17408u)
static_assert(TLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
	      "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");

/* DTLS 1.2 Ciphertext length is similar to TLS 1.2 */
#define DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (18437u)
static_assert(DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN,
	      "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!");

/* DTLS 1.2 Plaintext length is similar to TLS 1.2 */
#define DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN  (17408u)
static_assert(DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
	      "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");

/* TLS 1.3 Ciphertext length can be up to (2^14 + 256 + 5 (TLS Header)) Bytes */
#define TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN  (16645u)
static_assert(TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN,
	      "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!");

/* TLS 1.3 Plaintext length can be up to 2^14 Bytes */
#define TLS_1_3_RECORD_PLAINTEXT_MAX_LEN   (16384u)
static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
	      "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");

#define TLS_RECORD_PLAINTEXT_MIN_LEN       (1u)
#define TLS_RECORD_PAD_CORRUPT_OFFSET      20

enum tls_record_test_content_type {
	TLS_RECORD_TEST_CONTENT_TYPE_APP,
	/* For verifying zero packet length */
	TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE,
	/* For verifying handling of custom content types */
	TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM,
};

struct tls_record_test_data {
	struct {
		uint8_t data[32];
	} key;

	struct {
		uint8_t data[64];
	} auth_key;

	struct {
		uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN];
		unsigned int len;
	} input_text;

	struct {
		uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN];
		unsigned int len;
	} output_text;

	struct {
		uint8_t data[12];
		unsigned int len;
	} imp_nonce;

	struct {
		uint8_t data[16];
	} iv;

	union {
		struct {
			struct rte_crypto_sym_xform cipher;
			struct rte_crypto_sym_xform auth;
		} chain;
		struct rte_crypto_sym_xform aead;
	} xform;

	struct rte_security_tls_record_xform tls_record_xform;
	uint8_t app_type;
	bool aead;
	bool ar_packet;
};

struct tls_record_test_flags {
	bool display_alg;
	bool data_walkthrough;
	bool pkt_corruption;
	bool zero_len;
	bool padding_corruption;
	bool out_of_place;
	bool skip_sess_destroy;
	uint8_t nb_segs_in_mbuf;
	uint8_t opt_padding;
	enum rte_security_tls_version tls_version;
	enum tls_record_test_content_type content_type;
	int ar_win_size;
};

extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;
extern struct tls_record_test_data tls_test_data_aes_128_gcm_v2;
extern struct tls_record_test_data tls_test_data_aes_256_gcm;
extern struct tls_record_test_data dtls_test_data_aes_128_gcm;
extern struct tls_record_test_data dtls_test_data_aes_256_gcm;
extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac;
extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac;
extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac;
extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac;
extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac;
extern struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac;
extern struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac;
extern struct tls_record_test_data tls_test_data_chacha20_poly1305;
extern struct tls_record_test_data dtls_test_data_chacha20_poly1305;
extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac;
extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac;
extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac;
extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac;
extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac;
extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac;
extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac;
extern struct tls_record_test_data tls13_test_data_aes_128_gcm;
extern struct tls_record_test_data tls13_test_data_aes_256_gcm;
extern struct tls_record_test_data tls13_test_data_chacha20_poly1305;

int test_tls_record_status_check(struct rte_crypto_op *op,
				 const struct tls_record_test_data *td);

int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform,
				    const struct rte_security_capability *sec_cap, bool silent);

void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out,
					struct tls_record_test_data *td_in);

int test_tls_record_td_prepare(const struct crypto_param *param1,
			       const struct crypto_param *param2,
			       const struct tls_record_test_flags *flags,
			       struct tls_record_test_data *td_array, int nb_td,
			       unsigned int data_len);

void test_tls_record_td_update(struct tls_record_test_data td_inb[],
			       const struct tls_record_test_data td_outb[], int nb_td,
			       const struct tls_record_test_flags *flags);

int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
				 struct tls_record_test_data *res_d, bool silent,
				 const struct tls_record_test_flags *flags);
#endif