From patchwork Thu Dec 7 13:02:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 464 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DC44F43699; Thu, 7 Dec 2023 14:02:25 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6C15140295; Thu, 7 Dec 2023 14:02:25 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 0DE7B4025C for ; Thu, 7 Dec 2023 14:02:23 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B79PGlU032068; Thu, 7 Dec 2023 05:02:23 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=dTg/fQeVkeTUHRamaVC5AehS2Z5HtZyHAGt2Xy8pxe0=; b=ZkUbzqaeVh3PLkdxbnv8W+q0++hP/7mOnpKc/qPVKjCk6aImCyyR+uTnRgJTPBA4koVB C9/FJJyJOvCQIWvwbx/ua4+TtpITvcKuslPt7iSeXC0TAS6Y6sghEUn6W7IiO1Vfiuq9 pKmAt6ivL/Gvq9M5jateDAfPQPl4qmvirh0sZK4XSzB8G34bZjSnUqyskF9iblG8JQ7F XMaQAVa4oMweWcNWKROXO8PM9kFcQgTfbBmj8f5Dhkb8PSkYxQeifOptggdZV1XnhyGA 63rPOyxuUQVZsrL/ephGiDR3bypvokkO2/5PHpYwW4tCGHbOy//ARPL3BHmSbNJE2fUL YQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3uubdd8n3w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:22 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:20 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:19 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 4CF3C3F70B2; Thu, 7 Dec 2023 05:02:17 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , Vidya Sagar Velumuri Subject: [PATCH 00/14] Add TLS record test suite Date: Thu, 7 Dec 2023 18:32:02 +0530 Message-ID: <20231207130216.140-1-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: HtmsRZOR8bGTZtV75TcNoB11cjOZ6Kij X-Proofpoint-GUID: HtmsRZOR8bGTZtV75TcNoB11cjOZ6Kij X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add TLS record test suite in cryptodev autotest framework. The test suite would run based on capabilities exposed by the cryptodev. The test suite framework is similar to the framework used in case of IPsec tests. To avoid duplication of code, protocol independent code is moved to common files and the functions are renamed accordingly. TLS record test suite has known vector tests as well as combined mode tests. Known vector tests leverages vectors generated with kTLS and gnuTLS utilities. The test suite supports testing both operations (read or decrypt, write or encrypt) with a single vector. Write or encrypt test would get skipped if cryptodev doesn't support disabling of IV generation. Combined mode tests are targetted at testing protocol features with all combinations of cipher-authentication algorithms. Combined mode performs record write operation first and feeds that back to record read operation. Individual test cases may update the input to record write operation based on the test case and the test framework validates the output obtained (not complete text, but protocol specific fields such as TLS header). Once it is validated, the output will be submitted for record read operation which would give back the original data. Currently this framework supports testing of multi-segmented mbuf as input with TLS record. The same would be enhanced to support more cases such as ICV corruption, incorrect padding etc. Enhancements planned for future, - Add TLS 1.3 suite - Add negative tests such as ICV corruption and incorrect padding - Add session expiry tests - Add anti-replay tests with DTLS Sample output with crypto_cn10k: + ------------------------------------------------------- + [67/18944] + ------------------------------------------------------- + + Test Suite : TLS 1.2 Record Protocol Unit Test Suite + ------------------------------------------------------- + + TestCase [ 0] : Write record known vector AES-GCM-128 (vector 1) succeeded + TestCase [ 1] : Write record known vector AES-GCM-128 (vector 2) succeeded + TestCase [ 2] : Write record known vector AES-GCM-256 succeeded + TestCase [ 3] : Write record known vector AES-CBC-128-SHA1 succeeded + TestCase [ 4] : Write record known vector AES-128-CBC-SHA256 succeeded + TestCase [ 5] : Write record known vector AES-256-CBC-SHA1 succeeded + TestCase [ 6] : Write record known vector AES-256-CBC-SHA256 succeeded + TestCase [ 7] : Write record known vector 3DES-CBC-SHA1-HMAC succeeded USER1: Cipher crypto capabilities not supported + TestCase [ 8] : Write record known vector NULL-SHA1-HMAC skipped USER1: Crypto capabilities not supported + TestCase [ 9] : Write record known vector CHACHA20-POLY1305 skipped + TestCase [10] : Read record known vector AES-GCM-128 (vector 1) succeeded + TestCase [11] : Read record known vector AES-GCM-128 (vector 2) succeeded + TestCase [12] : Read record known vector AES-GCM-256 succeeded + TestCase [13] : Read record known vector AES-128-CBC-SHA1 succeeded + TestCase [14] : Read record known vector AES-128-CBC-SHA256 succeeded + TestCase [15] : Read record known vector AES-256-CBC-SHA1 succeeded + TestCase [16] : Read record known vector AES-256-CBC-SHA256 succeeded + TestCase [17] : Read record known vector 3DES-CBC-SHA1-HMAC succeeded USER1: Cipher crypto capabilities not supported + TestCase [18] : Read record known vector NULL-SHA1-HMAC skipped USER1: Crypto capabilities not supported + TestCase [19] : Read record known vector CHACHA20-POLY1305 skipped 3des-cbc [192] sha1-hmac [20B ICV] aes-cbc [128] sha1-hmac [20B ICV] aes-cbc [128] sha2-256-hmac [32B ICV] aes-cbc [256] sha1-hmac [20B ICV] aes-cbc [256] sha2-256-hmac [32B ICV] + TestCase [20] : Combined test alg list succeeded + TestCase [21] : Multi-segmented mode succeeded + ------------------------------------------------------- + + Test Suite Summary : TLS 1.2 Record Protocol Unit Test Suite + ------------------------------------------------------- + + Tests Total : 22 + Tests Skipped : 4 + Tests Executed : 22 + Tests Unsupported: 0 + Tests Passed : 18 + Tests Failed : 0 + ------------------------------------------------------- + + ------------------------------------------------------- + + Test Suite : DTLS 1.2 Record Protocol Unit Test Suite + ------------------------------------------------------- + + TestCase [ 0] : Write record known vector AES-GCM-128 succeeded + TestCase [ 1] : Write record known vector AES-GCM-256 succeeded + TestCase [ 2] : Write record known vector AES-128-CBC-SHA1 succeeded + TestCase [ 3] : Write record known vector AES-128-CBC-SHA256 succeeded + TestCase [ 4] : Write record known vector AES-256-CBC-SHA1 succeeded + TestCase [ 5] : Write record known vector AES-256-CBC-SHA256 succeeded + TestCase [ 6] : Write record known vector 3DES-CBC-SHA1-HMAC succeeded USER1: Cipher crypto capabilities not supported + TestCase [ 7] : Write record known vector NULL-SHA1-HMAC skipped USER1: Crypto capabilities not supported + TestCase [ 8] : Write record known vector CHACHA20-POLY1305 skipped + TestCase [ 9] : Read record known vector AES-GCM-128 succeeded + TestCase [10] : Read record known vector AES-GCM-256 succeeded + TestCase [11] : Read record known vector AES-128-CBC-SHA1 succeeded + TestCase [12] : Read record known vector AES-128-CBC-SHA256 succeeded + TestCase [13] : Read record known vector AES-256-CBC-SHA1 succeeded + TestCase [14] : Read record known vector AES-256-CBC-SHA256 succeeded + TestCase [15] : Read record known vector 3DES-CBC-SHA1-HMAC succeeded USER1: Cipher crypto capabilities not supported + TestCase [16] : Read record known vector NULL-SHA1-HMAC skipped USER1: Crypto capabilities not supported + TestCase [17] : Read record known vector CHACHA20-POLY1305 skipped 3des-cbc [192] sha1-hmac [20B ICV] aes-cbc [128] sha1-hmac [20B ICV] aes-cbc [128] sha2-256-hmac [32B ICV] aes-cbc [256] sha1-hmac [20B ICV] aes-cbc [256] sha2-256-hmac [32B ICV] + TestCase [18] : Combined test alg list succeeded + TestCase [19] : Multi-segmented mode succeeded + ------------------------------------------------------- + + Test Suite Summary : DTLS 1.2 Record Protocol Unit Test Suite + ------------------------------------------------------- + + Tests Total : 20 + Tests Skipped : 4 + Tests Executed : 20 + Tests Unsupported: 0 + Tests Passed : 16 + Tests Failed : 0 + ------------------------------------------------------- + Akhil Goyal (3): test/crypto: add TLS1.2 vectors test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors test/security: add TLS 1.2 and DTLS 1.2 vectors Anoob Joseph (5): test/crypto: move security caps checks to separate file test/crypto: move algorithm display routines to common test/security: add sha1-hmac to auth list test/crypto: add TLS record tests test/crypto: add verification of TLS headers Tejasree Kondoj (2): test/crypto: add AES-GCM 128 TLS 1.2 vector test/crypto: add multi segmented cases Vidya Sagar Velumuri (4): test/crypto: move algorithm list to common test/crypto: move algorithm framework to common test/crypto: add combined mode cases test/security: add more algos to combined tests app/test-security-perf/meson.build | 1 + app/test-security-perf/test_security_perf.c | 35 +- app/test/meson.build | 2 + app/test/test_cryptodev.c | 596 ++++++- app/test/test_cryptodev.h | 2 + app/test/test_cryptodev_security_ipsec.c | 164 +- app/test/test_cryptodev_security_ipsec.h | 157 +- app/test/test_cryptodev_security_tls_record.c | 327 ++++ app/test/test_cryptodev_security_tls_record.h | 101 ++ ...yptodev_security_tls_record_test_vectors.h | 1584 +++++++++++++++++ app/test/test_security_inline_proto.c | 42 +- app/test/test_security_proto.c | 154 ++ app/test/test_security_proto.h | 186 ++ doc/guides/rel_notes/release_24_03.rst | 4 + 14 files changed, 2960 insertions(+), 395 deletions(-) create mode 100644 app/test/test_cryptodev_security_tls_record.c create mode 100644 app/test/test_cryptodev_security_tls_record.h create mode 100644 app/test/test_cryptodev_security_tls_record_test_vectors.h create mode 100644 app/test/test_security_proto.c create mode 100644 app/test/test_security_proto.h