From patchwork Thu Dec 7 13:02:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134913 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B343043699; Thu, 7 Dec 2023 14:02:31 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7F46142EF4; Thu, 7 Dec 2023 14:02:27 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id C8FC242EF1 for ; Thu, 7 Dec 2023 14:02:25 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B76LnVn016466; Thu, 7 Dec 2023 05:02:25 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=cn3d8h7Vp+rBBgcCRgrjSgfRqqhsdqIQIVT9og//Byo=; b=d0Fcx7zyej7MAAMpb/qTF+4Zd1xk85qGvTO/W/2ydQR5j8JHdYD2jM2QuAI2zKlObgG4 oCVeGQ8RKxQD2wXhW7SSxvu9ztIbzQRgmHJ5hQNBd32h5xPFHuz7z3B1MdPo0JrAQyoR mIwPLOYjDVwAXHiZs8Up1cS1ECaU2QQf3pC23mtWMJW/S8z4PnK2HwSddhIQlfiwuMwQ gsN80P3q8RC/yRVIwfgZgxkWBAkMurmqSARllqU70dOxix0wm6GPO8pDg202EbVMfrU+ n830tJMiHyfkRZnKBLeUHoclWsLU6aaDAnwCk8hN83wcs8k9pAd5PsY0GtvjfxyhiYGE 4A== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3uu8qe98j4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:24 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:23 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:23 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 5FDAA3F7051; Thu, 7 Dec 2023 05:02:20 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , Vidya Sagar Velumuri Subject: [PATCH 01/14] test/crypto: move security caps checks to separate file Date: Thu, 7 Dec 2023 18:32:03 +0530 Message-ID: <20231207130216.140-2-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: Z6Ju6yZSRAr_8mVGBpkfUI1uvCHuQHer X-Proofpoint-ORIG-GUID: Z6Ju6yZSRAr_8mVGBpkfUI1uvCHuQHer X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Move routines performing security caps verifications to a separate file to allow the usage of same for other protocol tests such as TLS record. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test-security-perf/meson.build | 1 + app/test-security-perf/test_security_perf.c | 17 ++--- app/test/meson.build | 1 + app/test/test_cryptodev.c | 17 ++--- app/test/test_cryptodev_security_ipsec.c | 78 ------------------- app/test/test_cryptodev_security_ipsec.h | 12 --- app/test/test_security_inline_proto.c | 12 +-- app/test/test_security_proto.c | 83 +++++++++++++++++++++ app/test/test_security_proto.h | 20 +++++ 9 files changed, 121 insertions(+), 120 deletions(-) create mode 100644 app/test/test_security_proto.c create mode 100644 app/test/test_security_proto.h diff --git a/app/test-security-perf/meson.build b/app/test-security-perf/meson.build index 076999022e..547de9c908 100644 --- a/app/test-security-perf/meson.build +++ b/app/test-security-perf/meson.build @@ -10,5 +10,6 @@ endif sources = files( 'test_security_perf.c', '../test/test_cryptodev_security_ipsec.c', + '../test/test_security_proto.c', ) deps += ['security', 'cmdline'] diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c index 4dfaca4800..c64f20e76c 100644 --- a/app/test-security-perf/test_security_perf.c +++ b/app/test-security-perf/test_security_perf.c @@ -16,6 +16,7 @@ #include #include #include +#include #define NB_DESC 4096 #define DEF_NB_SESSIONS (16 * 10 * 1024) /* 16 * 10K tunnels */ @@ -258,9 +259,7 @@ sec_conf_init(struct lcore_conf *conf, conf->aead_xform.aead.iv.offset = IV_OFFSET; /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_aead_verify( - sec_cap, - &conf->aead_xform) != 0) { + if (test_sec_crypto_caps_aead_verify(sec_cap, &conf->aead_xform) != 0) { RTE_LOG(ERR, USER1, "Crypto capabilities not supported\n"); return -1; @@ -270,9 +269,7 @@ sec_conf_init(struct lcore_conf *conf, sizeof(conf->auth_xform)); conf->auth_xform.auth.key.data = td[0].auth_key.data; - if (test_ipsec_crypto_caps_auth_verify( - sec_cap, - &conf->auth_xform) != 0) { + if (test_sec_crypto_caps_auth_verify(sec_cap, &conf->auth_xform) != 0) { RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); return -1; @@ -288,17 +285,13 @@ sec_conf_init(struct lcore_conf *conf, /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_cipher_verify( - sec_cap, - &conf->cipher_xform) != 0) { + if (test_sec_crypto_caps_cipher_verify(sec_cap, &conf->cipher_xform) != 0) { RTE_LOG(ERR, USER1, "Cipher crypto capabilities not supported\n"); return -1; } - if (test_ipsec_crypto_caps_auth_verify( - sec_cap, - &conf->auth_xform) != 0) { + if (test_sec_crypto_caps_auth_verify(sec_cap, &conf->auth_xform) != 0) { RTE_LOG(ERR, USER1, "Auth crypto capabilities not supported\n"); return -1; diff --git a/app/test/meson.build b/app/test/meson.build index dcc93f4a43..58e120a6ab 100644 --- a/app/test/meson.build +++ b/app/test/meson.build @@ -169,6 +169,7 @@ source_file_deps = { 'test_security.c': ['net', 'security'], 'test_security_inline_macsec.c': ['ethdev', 'security'], 'test_security_inline_proto.c': ['ethdev', 'security', 'eventdev'] + test_cryptodev_deps, + 'test_security_proto.c' : ['cryptodev', 'security'], 'test_seqlock.c': [], 'test_service_cores.c': [], 'test_spinlock.c': [], diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 58561ededf..9644566acc 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -53,6 +53,7 @@ #include "test_cryptodev_security_pdcp_sdap_test_vectors.h" #include "test_cryptodev_security_pdcp_test_func.h" #include "test_cryptodev_security_docsis_test_vectors.h" +#include "test_security_proto.h" #define SDAP_DISABLED 0 #define SDAP_ENABLED 1 @@ -10229,9 +10230,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], ut_params->aead_xform.aead.iv.offset = IV_OFFSET; /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_aead_verify( - sec_cap, - &ut_params->aead_xform) != 0) { + if (test_sec_crypto_caps_aead_verify(sec_cap, &ut_params->aead_xform) != 0) { if (!silent) RTE_LOG(INFO, USER1, "Crypto capabilities not supported\n"); @@ -10242,9 +10241,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], sizeof(ut_params->auth_xform)); ut_params->auth_xform.auth.key.data = td[0].auth_key.data; - if (test_ipsec_crypto_caps_auth_verify( - sec_cap, - &ut_params->auth_xform) != 0) { + if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) { if (!silent) RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); @@ -10261,18 +10258,14 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_cipher_verify( - sec_cap, - &ut_params->cipher_xform) != 0) { + if (test_sec_crypto_caps_cipher_verify(sec_cap, &ut_params->cipher_xform) != 0) { if (!silent) RTE_LOG(INFO, USER1, "Cipher crypto capabilities not supported\n"); return TEST_SKIPPED; } - if (test_ipsec_crypto_caps_auth_verify( - sec_cap, - &ut_params->auth_xform) != 0) { + if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) { if (!silent) RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 205714b270..01e0a45ffd 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -224,84 +224,6 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, return 0; } -int -test_ipsec_crypto_caps_aead_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *aead) -{ - const struct rte_cryptodev_symmetric_capability *sym_cap; - const struct rte_cryptodev_capabilities *crypto_cap; - int j = 0; - - while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != - RTE_CRYPTO_OP_TYPE_UNDEFINED) { - if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && - crypto_cap->sym.xform_type == aead->type && - crypto_cap->sym.aead.algo == aead->aead.algo) { - sym_cap = &crypto_cap->sym; - if (rte_cryptodev_sym_capability_check_aead(sym_cap, - aead->aead.key.length, - aead->aead.digest_length, - aead->aead.aad_length, - aead->aead.iv.length) == 0) - return 0; - } - } - - return -ENOTSUP; -} - -int -test_ipsec_crypto_caps_cipher_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *cipher) -{ - const struct rte_cryptodev_symmetric_capability *sym_cap; - const struct rte_cryptodev_capabilities *cap; - int j = 0; - - while ((cap = &sec_cap->crypto_capabilities[j++])->op != - RTE_CRYPTO_OP_TYPE_UNDEFINED) { - if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && - cap->sym.xform_type == cipher->type && - cap->sym.cipher.algo == cipher->cipher.algo) { - sym_cap = &cap->sym; - if (rte_cryptodev_sym_capability_check_cipher(sym_cap, - cipher->cipher.key.length, - cipher->cipher.iv.length) == 0) - return 0; - } - } - - return -ENOTSUP; -} - -int -test_ipsec_crypto_caps_auth_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *auth) -{ - const struct rte_cryptodev_symmetric_capability *sym_cap; - const struct rte_cryptodev_capabilities *cap; - int j = 0; - - while ((cap = &sec_cap->crypto_capabilities[j++])->op != - RTE_CRYPTO_OP_TYPE_UNDEFINED) { - if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && - cap->sym.xform_type == auth->type && - cap->sym.auth.algo == auth->auth.algo) { - sym_cap = &cap->sym; - if (rte_cryptodev_sym_capability_check_auth(sym_cap, - auth->auth.key.length, - auth->auth.digest_length, - auth->auth.iv.length) == 0) - return 0; - } - } - - return -ENOTSUP; -} - void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, struct ipsec_test_data *td_in) diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index d7fc562751..dc1b4c4a80 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -263,18 +263,6 @@ int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, bool silent); -int test_ipsec_crypto_caps_aead_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *aead); - -int test_ipsec_crypto_caps_cipher_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *cipher); - -int test_ipsec_crypto_caps_auth_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *auth); - void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, struct ipsec_test_data *td_in); diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index 78a2064b65..9644a3c39c 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -12,6 +12,7 @@ #include "test.h" #include "test_security_inline_proto_vectors.h" +#include "test_security_proto.h" #ifdef RTE_EXEC_ENV_WINDOWS static int @@ -248,8 +249,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, sizeof(struct rte_crypto_sym_xform)); sess_conf->crypto_xform->aead.key.data = sa->key.data; /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_aead_verify(sec_cap, - sess_conf->crypto_xform) != 0) { + if (test_sec_crypto_caps_aead_verify(sec_cap, sess_conf->crypto_xform) != 0) { RTE_LOG(INFO, USER1, "Crypto capabilities not supported\n"); return TEST_SKIPPED; @@ -268,14 +268,14 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, sess_conf->crypto_xform->next->auth.key.data = sa->auth_key.data; /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_cipher_verify(sec_cap, + if (test_sec_crypto_caps_cipher_verify(sec_cap, sess_conf->crypto_xform) != 0) { RTE_LOG(INFO, USER1, "Cipher crypto capabilities not supported\n"); return TEST_SKIPPED; } - if (test_ipsec_crypto_caps_auth_verify(sec_cap, + if (test_sec_crypto_caps_auth_verify(sec_cap, sess_conf->crypto_xform->next) != 0) { RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); @@ -294,14 +294,14 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, sa->key.data; /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_cipher_verify(sec_cap, + if (test_sec_crypto_caps_cipher_verify(sec_cap, sess_conf->crypto_xform->next) != 0) { RTE_LOG(INFO, USER1, "Cipher crypto capabilities not supported\n"); return TEST_SKIPPED; } - if (test_ipsec_crypto_caps_auth_verify(sec_cap, + if (test_sec_crypto_caps_auth_verify(sec_cap, sess_conf->crypto_xform) != 0) { RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c new file mode 100644 index 0000000000..bc4c5e11d2 --- /dev/null +++ b/app/test/test_security_proto.c @@ -0,0 +1,83 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ + +#include +#include + +#include "test_security_proto.h" + +int +test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *aead) +{ + const struct rte_cryptodev_symmetric_capability *sym_cap; + const struct rte_cryptodev_capabilities *crypto_cap; + int j = 0; + + while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + crypto_cap->sym.xform_type == aead->type && + crypto_cap->sym.aead.algo == aead->aead.algo) { + sym_cap = &crypto_cap->sym; + if (rte_cryptodev_sym_capability_check_aead(sym_cap, + aead->aead.key.length, + aead->aead.digest_length, + aead->aead.aad_length, + aead->aead.iv.length) == 0) + return 0; + } + } + + return -ENOTSUP; +} + +int +test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *cipher) +{ + const struct rte_cryptodev_symmetric_capability *sym_cap; + const struct rte_cryptodev_capabilities *cap; + int j = 0; + + while ((cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + cap->sym.xform_type == cipher->type && + cap->sym.cipher.algo == cipher->cipher.algo) { + sym_cap = &cap->sym; + if (rte_cryptodev_sym_capability_check_cipher(sym_cap, + cipher->cipher.key.length, + cipher->cipher.iv.length) == 0) + return 0; + } + } + + return -ENOTSUP; +} + +int +test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *auth) +{ + const struct rte_cryptodev_symmetric_capability *sym_cap; + const struct rte_cryptodev_capabilities *cap; + int j = 0; + + while ((cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + cap->sym.xform_type == auth->type && + cap->sym.auth.algo == auth->auth.algo) { + sym_cap = &cap->sym; + if (rte_cryptodev_sym_capability_check_auth(sym_cap, + auth->auth.key.length, + auth->auth.digest_length, + auth->auth.iv.length) == 0) + return 0; + } + } + + return -ENOTSUP; +} diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h new file mode 100644 index 0000000000..b91181384b --- /dev/null +++ b/app/test/test_security_proto.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ + +#ifndef _TEST_SECURITY_PROTO_H_ +#define _TEST_SECURITY_PROTO_H_ + +#include +#include + +int test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *aead); + +int test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *cipher); + +int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *auth); + +#endif From patchwork Thu Dec 7 13:02:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134914 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5F09843699; Thu, 7 Dec 2023 14:02:42 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0BFBE42EFE; Thu, 7 Dec 2023 14:02:31 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 259634025C for ; Thu, 7 Dec 2023 14:02:29 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B79PGbG032087; Thu, 7 Dec 2023 05:02:28 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=w/NDtx3MDufcIisaLMsx2CzuEC5Wnj/Dsg/Ac9xcZmo=; b=NaVk05rJTQDBitsYdMsfDZY7AC0uPcxh5fmKxj/nDpxLbkZciSet37KbkefB+8Dlb6S4 F5CoGaJm5mCJWZJJd43bjr6eTV/l6PRTmQpb3ZOmDxSS3ayC+arc8Ki7CjxX5GcjalnJ /JQRtycdrvFFPCn6tgkJe9P1RmtUeJAWEcI+5Kn2m9Bx/xJBcKtrW0u86XHL7JgUGQoK Fmeu/p5WPyL8mAcfGLrqI1IoxKrcpqgj+aKdSdfTdsjE+nz1k2KhXbDgtt9EPK582jMq Eo+tpZ/NFWF26yUI1p/cv1Kok6IoeJGcq+WRVSjoqrmi3A9c9L8b2qbfrSF7EGtpE42V VQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3uubdd8n4f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:28 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:26 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:26 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id BBB5A3F7093; Thu, 7 Dec 2023 05:02:23 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Vidya Sagar Velumuri , Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , Subject: [PATCH 02/14] test/crypto: move algorithm list to common Date: Thu, 7 Dec 2023 18:32:04 +0530 Message-ID: <20231207130216.140-3-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 1zNRd5zLbEkzFKlEzKRvbhOaK4XyFUcE X-Proofpoint-GUID: 1zNRd5zLbEkzFKlEzKRvbhOaK4XyFUcE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri The algorithm list and associated structs are used for IPsec combined mode tests. The same list can be employed for other security protocol testing as well. Move the same to test_security_proto.h for the same. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev_security_ipsec.h | 126 +---------------------- app/test/test_security_proto.h | 124 ++++++++++++++++++++++ 2 files changed, 126 insertions(+), 124 deletions(-) diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index dc1b4c4a80..77cb5fa7f9 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -8,6 +8,8 @@ #include #include +#include "test_security_proto.h" + #define IPSEC_TEST_PACKETS_MAX 32 #define IPSEC_TEXT_MAX_LEN 16384u @@ -115,130 +117,6 @@ struct ipsec_test_flags { bool rx_inject; }; -struct crypto_param { - enum rte_crypto_sym_xform_type type; - union { - enum rte_crypto_cipher_algorithm cipher; - enum rte_crypto_auth_algorithm auth; - enum rte_crypto_aead_algorithm aead; - } alg; - uint16_t key_length; - uint16_t iv_length; - uint16_t digest_length; -}; - -static const struct crypto_param aead_list[] = { - { - .type = RTE_CRYPTO_SYM_XFORM_AEAD, - .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, - .key_length = 16, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_AEAD, - .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, - .key_length = 24, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_AEAD, - .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, - .key_length = 32, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_AEAD, - .alg.aead = RTE_CRYPTO_AEAD_AES_CCM, - .key_length = 32 - }, -}; - -static const struct crypto_param cipher_list[] = { - { - .type = RTE_CRYPTO_SYM_XFORM_CIPHER, - .alg.cipher = RTE_CRYPTO_CIPHER_NULL, - .key_length = 0, - .iv_length = 0, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_CIPHER, - .alg.cipher = RTE_CRYPTO_CIPHER_DES_CBC, - .key_length = 8, - .iv_length = 8, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_CIPHER, - .alg.cipher = RTE_CRYPTO_CIPHER_3DES_CBC, - .key_length = 24, - .iv_length = 8, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_CIPHER, - .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC, - .key_length = 16, - .iv_length = 16, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_CIPHER, - .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, - .key_length = 16, - .iv_length = 16, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_CIPHER, - .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, - .key_length = 24, - .iv_length = 16, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_CIPHER, - .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, - .key_length = 32, - .iv_length = 16, - }, -}; - -static const struct crypto_param auth_list[] = { - { - .type = RTE_CRYPTO_SYM_XFORM_AUTH, - .alg.auth = RTE_CRYPTO_AUTH_NULL, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_AUTH, - .alg.auth = RTE_CRYPTO_AUTH_MD5_HMAC, - .key_length = 16, - .digest_length = 12, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_AUTH, - .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC, - .key_length = 32, - .digest_length = 16, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_AUTH, - .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC, - .key_length = 48, - .digest_length = 24, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_AUTH, - .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC, - .key_length = 64, - .digest_length = 32, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_AUTH, - .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC, - .key_length = 16, - .digest_length = 12, - }, - { - .type = RTE_CRYPTO_SYM_XFORM_AUTH, - .alg.auth = RTE_CRYPTO_AUTH_AES_GMAC, - .key_length = 16, - .digest_length = 16, - .iv_length = 12, - }, -}; - struct crypto_param_comb { const struct crypto_param *param1; const struct crypto_param *param2; diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index b91181384b..e8d6193530 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -8,6 +8,130 @@ #include #include +struct crypto_param { + enum rte_crypto_sym_xform_type type; + union { + enum rte_crypto_cipher_algorithm cipher; + enum rte_crypto_auth_algorithm auth; + enum rte_crypto_aead_algorithm aead; + } alg; + uint16_t key_length; + uint16_t iv_length; + uint16_t digest_length; +}; + +static const struct crypto_param aead_list[] = { + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 16, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 24, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, + .key_length = 32, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .alg.aead = RTE_CRYPTO_AEAD_AES_CCM, + .key_length = 32 + }, +}; + +static const struct crypto_param cipher_list[] = { + { + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .alg.cipher = RTE_CRYPTO_CIPHER_NULL, + .key_length = 0, + .iv_length = 0, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .alg.cipher = RTE_CRYPTO_CIPHER_DES_CBC, + .key_length = 8, + .iv_length = 8, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .alg.cipher = RTE_CRYPTO_CIPHER_3DES_CBC, + .key_length = 24, + .iv_length = 8, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC, + .key_length = 16, + .iv_length = 16, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, + .key_length = 16, + .iv_length = 16, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, + .key_length = 24, + .iv_length = 16, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, + .key_length = 32, + .iv_length = 16, + }, +}; + +static const struct crypto_param auth_list[] = { + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_NULL, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_MD5_HMAC, + .key_length = 16, + .digest_length = 12, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC, + .key_length = 32, + .digest_length = 16, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key_length = 48, + .digest_length = 24, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_SHA512_HMAC, + .key_length = 64, + .digest_length = 32, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_AES_XCBC_MAC, + .key_length = 16, + .digest_length = 12, + }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_AES_GMAC, + .key_length = 16, + .digest_length = 16, + .iv_length = 12, + }, +}; + int test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap, struct rte_crypto_sym_xform *aead); From patchwork Thu Dec 7 13:02:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134915 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BAB2243699; Thu, 7 Dec 2023 14:02:51 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3C57542F01; Thu, 7 Dec 2023 14:02:34 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 89E3442EF9 for ; Thu, 7 Dec 2023 14:02:33 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B79PGlY032068; Thu, 7 Dec 2023 05:02:33 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=52v5upLckfw4zt114makwr30nXDC5nm94Zen5ja3mCk=; b=Z1L8v7ROJeIA5N3AQcJ9LzN5oW3WntlJe22TZP2GALFuqPEh3AMKW8BlVSDC5/+HbEMW V3DZYCNINMK8LAXkBEB+nLkOqLeYrJSLxmZOMrI5TRYog/Y88Xy9hUFvQsLxPbwze2Q1 xr8NNZRUADY+1cckM2AlGyyMpJDOXOodA1sXOFkbodIytOGoXq2CABdKAXUkOWzOIjrN HIVQA90+YZIlXD2vMwTOoJ/Lxz9ZWtvUh0QgXppD7jGnhsCxCs6T5YWlfj00fMNKm+2+ MOKLKzItHdPoQmTfLMf3xIjRaAPe1jR/jjOn8iVhXKjmT2mMrsfqC/c7xcYkDD1f7xJG nA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3uubdd8n4q-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:32 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:29 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:29 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id C9A153F7051; Thu, 7 Dec 2023 05:02:26 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , Vidya Sagar Velumuri Subject: [PATCH 03/14] test/crypto: move algorithm display routines to common Date: Thu, 7 Dec 2023 18:32:05 +0530 Message-ID: <20231207130216.140-4-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: BgCBLV1RriMTyiMDV_7Hv66RL-ibnCrJ X-Proofpoint-GUID: BgCBLV1RriMTyiMDV_7Hv66RL-ibnCrJ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org The functions that are used for printing algorithms in case of IPsec can be moved to the common header, test_security_proto.h. The same could be used for other security protocol testing. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test-security-perf/test_security_perf.c | 3 +-- app/test/test_cryptodev.c | 6 ++--- app/test/test_cryptodev_security_ipsec.c | 26 --------------------- app/test/test_cryptodev_security_ipsec.h | 3 --- app/test/test_security_inline_proto.c | 9 +++---- app/test/test_security_proto.c | 25 ++++++++++++++++++++ app/test/test_security_proto.h | 2 ++ 7 files changed, 33 insertions(+), 41 deletions(-) diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c index c64f20e76c..84726de7b0 100644 --- a/app/test-security-perf/test_security_perf.c +++ b/app/test-security-perf/test_security_perf.c @@ -532,8 +532,7 @@ main(int argc, char **argv) for (ctx.td_idx = 0; ctx.td_idx < RTE_DIM(alg_list); ctx.td_idx++) { printf("\n\n Algorithm combination:"); - test_ipsec_display_alg(alg_list[ctx.td_idx].param1, - alg_list[ctx.td_idx].param2); + test_sec_alg_display(alg_list[ctx.td_idx].param1, alg_list[ctx.td_idx].param2); printf(" ----------------------"); printf("\n%20s%20s%20s%20s%20s%20s\n\n", diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9644566acc..218761f0a9 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -10540,8 +10540,7 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) return TEST_FAILED; if (flags->display_alg) - test_ipsec_display_alg(alg_list[i].param1, - alg_list[i].param2); + test_sec_alg_display(alg_list[i].param1, alg_list[i].param2); pass_cnt++; } @@ -10586,8 +10585,7 @@ test_ipsec_ah_proto_all(const struct ipsec_test_flags *flags) return TEST_FAILED; if (flags->display_alg) - test_ipsec_display_alg(ah_alg_list[i].param1, - ah_alg_list[i].param2); + test_sec_alg_display(ah_alg_list[i].param1, ah_alg_list[i].param2); pass_cnt++; } diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 01e0a45ffd..dafe3244e8 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -549,32 +549,6 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], } } -void -test_ipsec_display_alg(const struct crypto_param *param1, - const struct crypto_param *param2) -{ - if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { - printf("\t%s [%d]", - rte_cryptodev_get_aead_algo_string(param1->alg.aead), - param1->key_length * 8); - } else if (param1->type == RTE_CRYPTO_SYM_XFORM_AUTH) { - printf("\t%s", - rte_cryptodev_get_auth_algo_string(param1->alg.auth)); - if (param1->alg.auth != RTE_CRYPTO_AUTH_NULL) - printf(" [%dB ICV]", param1->digest_length); - } else { - printf("\t%s", - rte_cryptodev_get_cipher_algo_string(param1->alg.cipher)); - if (param1->alg.cipher != RTE_CRYPTO_CIPHER_NULL) - printf(" [%d]", param1->key_length * 8); - printf(" %s", - rte_cryptodev_get_auth_algo_string(param2->alg.auth)); - if (param2->alg.auth != RTE_CRYPTO_AUTH_NULL) - printf(" [%dB ICV]", param2->digest_length); - } - printf("\n"); -} - static int test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) { diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 77cb5fa7f9..41aa865a0f 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -155,9 +155,6 @@ void test_ipsec_td_update(struct ipsec_test_data td_inb[], int nb_td, const struct ipsec_test_flags *flags); -void test_ipsec_display_alg(const struct crypto_param *param1, - const struct crypto_param *param2); - int test_ipsec_post_process(const struct rte_mbuf *m, const struct ipsec_test_data *td, struct ipsec_test_data *res_d, bool silent, diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index 9644a3c39c..6cda9fe7aa 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -1345,8 +1345,7 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) if (ret == TEST_FAILED) { printf("\n TEST FAILED"); - test_ipsec_display_alg(alg_list[i].param1, - alg_list[i].param2); + test_sec_alg_display(alg_list[i].param1, alg_list[i].param2); fail_cnt++; continue; } @@ -1360,15 +1359,13 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) if (ret == TEST_FAILED) { printf("\n TEST FAILED"); - test_ipsec_display_alg(alg_list[i].param1, - alg_list[i].param2); + test_sec_alg_display(alg_list[i].param1, alg_list[i].param2); fail_cnt++; continue; } if (flags->display_alg) - test_ipsec_display_alg(alg_list[i].param1, - alg_list[i].param2); + test_sec_alg_display(alg_list[i].param1, alg_list[i].param2); pass_cnt++; } diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c index bc4c5e11d2..d62302a8dd 100644 --- a/app/test/test_security_proto.c +++ b/app/test/test_security_proto.c @@ -81,3 +81,28 @@ test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap, return -ENOTSUP; } + +void +test_sec_alg_display(const struct crypto_param *param1, const struct crypto_param *param2) +{ + if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + printf("\t%s [%d]", + rte_cryptodev_get_aead_algo_string(param1->alg.aead), + param1->key_length * 8); + } else if (param1->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + printf("\t%s", + rte_cryptodev_get_auth_algo_string(param1->alg.auth)); + if (param1->alg.auth != RTE_CRYPTO_AUTH_NULL) + printf(" [%dB ICV]", param1->digest_length); + } else { + printf("\t%s", + rte_cryptodev_get_cipher_algo_string(param1->alg.cipher)); + if (param1->alg.cipher != RTE_CRYPTO_CIPHER_NULL) + printf(" [%d]", param1->key_length * 8); + printf(" %s", + rte_cryptodev_get_auth_algo_string(param2->alg.auth)); + if (param2->alg.auth != RTE_CRYPTO_AUTH_NULL) + printf(" [%dB ICV]", param2->digest_length); + } + printf("\n"); +} diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index e8d6193530..596402fff9 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -141,4 +141,6 @@ int test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap, struct rte_crypto_sym_xform *auth); +void test_sec_alg_display(const struct crypto_param *param1, const struct crypto_param *param2); + #endif From patchwork Thu Dec 7 13:02:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134916 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7C90543699; Thu, 7 Dec 2023 14:03:03 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5670842F06; Thu, 7 Dec 2023 14:02:36 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 2B71342F04 for ; Thu, 7 Dec 2023 14:02:35 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B76M4lc017013; Thu, 7 Dec 2023 05:02:34 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=bTcszR5Lf22peMbEa+GsWvy4RxxvQwBqcCWMXoIfS0o=; b=Ty1w1Rartq2SviZNUeU4l8zS3Y7iwN2QLW3eJUzSVCExnyx5lPgNTYQXExwDDrfBf92L ZttZA25RdkzLRbs4lZrrt0BxwF8JI7eTTFCS7DO4hbNCgM2mILT8qs1p0E/bWVy3joCL bQvaRK9XMaVGClawB7ytOcGxA8rJaFYiUVEzyW9BoEnoBPvpJCWlu308yY/Ox81udsm2 rPDKAxff3ktlWDy+kLTFQXd3Mo4s02Kgz8QkTx9s1XP1x/Z4camNG7VwapPhaerH+a1o UwdtxxU/nVjei3H2sRnKYehEHWN42/ixj3YmT9wtRqwxscbawBTq7GrRnXOBibIKohVd Rw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3uu8qe98jc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:33 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:32 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:32 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id AF39E3F70AE; Thu, 7 Dec 2023 05:02:29 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , Vidya Sagar Velumuri Subject: [PATCH 04/14] test/security: add sha1-hmac to auth list Date: Thu, 7 Dec 2023 18:32:06 +0530 Message-ID: <20231207130216.140-5-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: IGYvenLtwgTS5WuopegSmgIqWK4svRRl X-Proofpoint-ORIG-GUID: IGYvenLtwgTS5WuopegSmgIqWK4svRRl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add SHA1-HMAC with 12B digest to the auth list. This algorithm would be used in IPsec tests and combined tests would run on devices that support the capabilities. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test/test_security_proto.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index 596402fff9..d6a00018e3 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -99,6 +99,12 @@ static const struct crypto_param auth_list[] = { .key_length = 16, .digest_length = 12, }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_SHA1_HMAC, + .key_length = 20, + .digest_length = 12, + }, { .type = RTE_CRYPTO_SYM_XFORM_AUTH, .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC, From patchwork Thu Dec 7 13:02:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134917 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2B3BC43699; Thu, 7 Dec 2023 14:03:13 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6BAB542EF8; Thu, 7 Dec 2023 14:02:40 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 2C0F542F09 for ; Thu, 7 Dec 2023 14:02:39 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B79PGbO032087; Thu, 7 Dec 2023 05:02:38 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=a4Sw30HAtRs47lV4EF17Fe5LxLAGe9TN6jVfdrlK9+A=; b=lOMaNndrZ84JWmOlgFlWfNIOKgtrT9DAqcC08IRXLkwC58s388VF5xdffNObJS+uVVa7 nTYlYRF4XO/GNHrpSWnmOnFbSLz/jDcTj2344Iexwrwz2GovLkFMUhFaK7JZiQEoanDs nE+3xzWBzoPT9E1v1OpKLJUV6KAt5QUBdoh0FVOiobFqk3KKA/M+c+bhAlnFnVbKd5gd oOU9iIeqrpNGQEiHRwAZd8Fm34TkPYZlxgp9/hkCiJQrgyRn5nLOIMF+a0o3xXma6goZ oa9ERAnDmWNFBOvpNTBFqAzDB4PDX9uq5hQpIMpEMuu92TLxKtpA65HA4QE2PFVO+wmz kg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3uubdd8n58-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:38 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:35 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:35 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 9F9D03F7051; Thu, 7 Dec 2023 05:02:32 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Vidya Sagar Velumuri , Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , Subject: [PATCH 05/14] test/crypto: move algorithm framework to common Date: Thu, 7 Dec 2023 18:32:07 +0530 Message-ID: <20231207130216.140-6-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: ff_pBlxt4N5QAorA9BDyYnFJwdyhkEOv X-Proofpoint-GUID: ff_pBlxt4N5QAorA9BDyYnFJwdyhkEOv X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Move algorithm list and the associated framework to common files (test_security_proto.c & .h) to be able to use same framework for other security offload tests such as TLS record. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test-security-perf/test_security_perf.c | 17 +++--- app/test/test_cryptodev.c | 35 ++++++------ app/test/test_cryptodev_security_ipsec.c | 60 +++------------------ app/test/test_cryptodev_security_ipsec.h | 16 ------ app/test/test_security_inline_proto.c | 27 +++++----- app/test/test_security_proto.c | 46 ++++++++++++++++ app/test/test_security_proto.h | 16 ++++++ 7 files changed, 109 insertions(+), 108 deletions(-) diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c index 84726de7b0..b0d55cbab0 100644 --- a/app/test-security-perf/test_security_perf.c +++ b/app/test-security-perf/test_security_perf.c @@ -474,8 +474,8 @@ args_parse(int argc, char **argv) int main(int argc, char **argv) { - struct ipsec_test_data td_outb[RTE_DIM(alg_list)]; - struct ipsec_test_data td_inb[RTE_DIM(alg_list)]; + struct ipsec_test_data td_outb[RTE_DIM(sec_alg_list)]; + struct ipsec_test_data td_inb[RTE_DIM(sec_alg_list)]; struct ipsec_test_flags flags; uint32_t lcore_id; uint8_t nb_lcores; @@ -513,11 +513,11 @@ main(int argc, char **argv) if (ret) goto cryptodev_fini; - test_ipsec_alg_list_populate(); + test_sec_alg_list_populate(); - for (i = 0; i < RTE_DIM(alg_list); i++) { - test_ipsec_td_prepare(alg_list[i].param1, - alg_list[i].param2, + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + test_ipsec_td_prepare(sec_alg_list[i].param1, + sec_alg_list[i].param2, &flags, &td_outb[i], 1); @@ -529,10 +529,11 @@ main(int argc, char **argv) if (ctx.is_inbound) ctx.td = td_inb; - for (ctx.td_idx = 0; ctx.td_idx < RTE_DIM(alg_list); ctx.td_idx++) { + for (ctx.td_idx = 0; ctx.td_idx < RTE_DIM(sec_alg_list); ctx.td_idx++) { printf("\n\n Algorithm combination:"); - test_sec_alg_display(alg_list[ctx.td_idx].param1, alg_list[ctx.td_idx].param2); + test_sec_alg_display(sec_alg_list[ctx.td_idx].param1, + sec_alg_list[ctx.td_idx].param2); printf(" ----------------------"); printf("\n%20s%20s%20s%20s%20s%20s\n\n", diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 218761f0a9..fbb97d5456 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -838,8 +838,8 @@ ipsec_proto_testsuite_setup(void) ret = TEST_SKIPPED; } - test_ipsec_alg_list_populate(); - test_ipsec_ah_alg_list_populate(); + test_sec_alg_list_populate(); + test_sec_auth_only_alg_list_populate(); /* * Stop the device. Device would be started again by individual test @@ -10483,19 +10483,19 @@ test_ipsec_proto_known_vec_inb_rx_inject(const void *test_data) static int test_ipsec_proto_all(const struct ipsec_test_flags *flags) { - struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; - struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_outb[TEST_SEC_PKTS_MAX]; + struct ipsec_test_data td_inb[TEST_SEC_PKTS_MAX]; unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; if (flags->iv_gen || flags->sa_expiry_pkts_soft || flags->sa_expiry_pkts_hard) - nb_pkts = IPSEC_TEST_PACKETS_MAX; + nb_pkts = TEST_SEC_PKTS_MAX; - for (i = 0; i < RTE_DIM(alg_list); i++) { - test_ipsec_td_prepare(alg_list[i].param1, - alg_list[i].param2, + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + test_ipsec_td_prepare(sec_alg_list[i].param1, + sec_alg_list[i].param2, flags, td_outb, nb_pkts); @@ -10540,7 +10540,7 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) return TEST_FAILED; if (flags->display_alg) - test_sec_alg_display(alg_list[i].param1, alg_list[i].param2); + test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); pass_cnt++; } @@ -10554,14 +10554,14 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) static int test_ipsec_ah_proto_all(const struct ipsec_test_flags *flags) { - struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; - struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_outb[TEST_SEC_PKTS_MAX]; + struct ipsec_test_data td_inb[TEST_SEC_PKTS_MAX]; unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; - for (i = 0; i < RTE_DIM(ah_alg_list); i++) { - test_ipsec_td_prepare(ah_alg_list[i].param1, - ah_alg_list[i].param2, + for (i = 0; i < RTE_DIM(sec_auth_only_alg_list); i++) { + test_ipsec_td_prepare(sec_auth_only_alg_list[i].param1, + sec_auth_only_alg_list[i].param2, flags, td_outb, nb_pkts); @@ -10585,7 +10585,8 @@ test_ipsec_ah_proto_all(const struct ipsec_test_flags *flags) return TEST_FAILED; if (flags->display_alg) - test_sec_alg_display(ah_alg_list[i].param1, ah_alg_list[i].param2); + test_sec_alg_display(sec_auth_only_alg_list[i].param1, + sec_auth_only_alg_list[i].param2); pass_cnt++; } @@ -11087,8 +11088,8 @@ test_ipsec_pkt_replay(const void *test_data, const uint64_t esn[], bool replayed_pkt[], uint32_t nb_pkts, bool esn_en, uint64_t winsz) { - struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; - struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_outb[TEST_SEC_PKTS_MAX]; + struct ipsec_test_data td_inb[TEST_SEC_PKTS_MAX]; struct ipsec_test_flags flags; uint32_t i = 0, ret = 0; diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index dafe3244e8..1aba1ad993 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -21,12 +21,6 @@ #define IPVERSION 4 #endif -struct crypto_param_comb alg_list[RTE_DIM(aead_list) + - (RTE_DIM(cipher_list) * - RTE_DIM(auth_list))]; - -struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)]; - static bool is_valid_ipv4_pkt(const struct rte_ipv4_hdr *pkt) { @@ -61,46 +55,6 @@ is_valid_ipv6_pkt(const struct rte_ipv6_hdr *pkt) return true; } -void -test_ipsec_alg_list_populate(void) -{ - unsigned long i, j, index = 0; - - for (i = 0; i < RTE_DIM(aead_list); i++) { - alg_list[index].param1 = &aead_list[i]; - alg_list[index].param2 = NULL; - index++; - } - - for (i = 0; i < RTE_DIM(cipher_list); i++) { - for (j = 0; j < RTE_DIM(auth_list); j++) { - alg_list[index].param1 = &cipher_list[i]; - alg_list[index].param2 = &auth_list[j]; - index++; - } - } -} - -void -test_ipsec_ah_alg_list_populate(void) -{ - unsigned long i, index = 0; - - for (i = 1; i < RTE_DIM(auth_list); i++) { - ah_alg_list[index].param1 = &auth_list[i]; - ah_alg_list[index].param2 = NULL; - index++; - } - - for (i = 1; i < RTE_DIM(auth_list); i++) { - /* NULL cipher */ - ah_alg_list[index].param1 = &cipher_list[0]; - - ah_alg_list[index].param2 = &auth_list[i]; - index++; - } -} - int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, @@ -447,8 +401,7 @@ test_ipsec_td_prepare(const struct crypto_param *param1, td->ipsec_xform.options.iv_gen_disable = 0; if (flags->sa_expiry_pkts_soft) - td->ipsec_xform.life.packets_soft_limit = - IPSEC_TEST_PACKETS_MAX - 1; + td->ipsec_xform.life.packets_soft_limit = TEST_SEC_PKTS_MAX - 1; if (flags->ip_csum) { td->ipsec_xform.options.ip_csum_enable = 1; @@ -526,8 +479,7 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], } if (flags->sa_expiry_pkts_hard) - td_inb[i].ipsec_xform.life.packets_hard_limit = - IPSEC_TEST_PACKETS_MAX - 1; + td_inb[i].ipsec_xform.life.packets_hard_limit = TEST_SEC_PKTS_MAX - 1; if (flags->udp_encap) td_inb[i].ipsec_xform.options.udp_encap = 1; @@ -570,7 +522,7 @@ test_ipsec_tunnel_hdr_len_get(const struct ipsec_test_data *td) static int test_ipsec_iv_verify_push(const uint8_t *output_text, const struct ipsec_test_data *td) { - static uint8_t iv_queue[IV_LEN_MAX * IPSEC_TEST_PACKETS_MAX]; + static uint8_t iv_queue[IV_LEN_MAX * TEST_SEC_PKTS_MAX]; int i, iv_pos, iv_len; static int index; uint8_t *iv_tmp; @@ -601,7 +553,7 @@ test_ipsec_iv_verify_push(const uint8_t *output_text, const struct ipsec_test_da memcpy(iv_tmp, output_text, iv_len); index++; - if (index == IPSEC_TEST_PACKETS_MAX) + if (index == TEST_SEC_PKTS_MAX) index = 0; return TEST_SUCCESS; @@ -1101,7 +1053,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td, if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->sa_expiry_pkts_hard && - pkt_num == IPSEC_TEST_PACKETS_MAX) { + pkt_num == TEST_SEC_PKTS_MAX) { if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { printf("SA hard expiry (pkts) test failed\n"); return TEST_FAILED; @@ -1133,7 +1085,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td, } } - if (flags->sa_expiry_pkts_soft && pkt_num == IPSEC_TEST_PACKETS_MAX) { + if (flags->sa_expiry_pkts_soft && pkt_num == TEST_SEC_PKTS_MAX) { if (!(op->aux_flags & RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY)) { printf("SA soft expiry (pkts) test failed\n"); diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 41aa865a0f..3c69471099 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -10,7 +10,6 @@ #include "test_security_proto.h" -#define IPSEC_TEST_PACKETS_MAX 32 #define IPSEC_TEXT_MAX_LEN 16384u struct ipsec_test_data { @@ -117,26 +116,11 @@ struct ipsec_test_flags { bool rx_inject; }; -struct crypto_param_comb { - const struct crypto_param *param1; - const struct crypto_param *param2; -}; - extern struct ipsec_test_data pkt_aes_256_gcm; extern struct ipsec_test_data pkt_aes_256_gcm_v6; extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256; extern struct ipsec_test_data pkt_aes_128_cbc_hmac_sha256_v6; -extern struct crypto_param_comb alg_list[RTE_DIM(aead_list) + - (RTE_DIM(cipher_list) * - RTE_DIM(auth_list))]; - -extern struct crypto_param_comb ah_alg_list[2 * (RTE_DIM(auth_list) - 1)]; - -void test_ipsec_alg_list_populate(void); - -void test_ipsec_ah_alg_list_populate(void); - int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, bool silent); diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index 6cda9fe7aa..481382b64e 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -1295,11 +1295,11 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) flags->sa_expiry_bytes_soft || flags->sa_expiry_bytes_hard || flags->sa_expiry_pkts_hard) - nb_pkts = IPSEC_TEST_PACKETS_MAX; + nb_pkts = TEST_SEC_PKTS_MAX; - for (i = 0; i < RTE_DIM(alg_list); i++) { - test_ipsec_td_prepare(alg_list[i].param1, - alg_list[i].param2, + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + test_ipsec_td_prepare(sec_alg_list[i].param1, + sec_alg_list[i].param2, flags, &td_outb, 1); if (!td_outb.aead) { @@ -1331,8 +1331,7 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) (((td_outb.output_text.len + RTE_ETHER_HDR_LEN) * nb_pkts) >> 3) - 1; if (flags->sa_expiry_pkts_hard) - td_outb.ipsec_xform.life.packets_hard_limit = - IPSEC_TEST_PACKETS_MAX - 1; + td_outb.ipsec_xform.life.packets_hard_limit = TEST_SEC_PKTS_MAX - 1; if (flags->sa_expiry_bytes_hard) td_outb.ipsec_xform.life.bytes_hard_limit = (((td_outb.output_text.len + RTE_ETHER_HDR_LEN) @@ -1345,7 +1344,7 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) if (ret == TEST_FAILED) { printf("\n TEST FAILED"); - test_sec_alg_display(alg_list[i].param1, alg_list[i].param2); + test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); fail_cnt++; continue; } @@ -1359,13 +1358,13 @@ test_ipsec_inline_proto_all(const struct ipsec_test_flags *flags) if (ret == TEST_FAILED) { printf("\n TEST FAILED"); - test_sec_alg_display(alg_list[i].param1, alg_list[i].param2); + test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); fail_cnt++; continue; } if (flags->display_alg) - test_sec_alg_display(alg_list[i].param1, alg_list[i].param2); + test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); pass_cnt++; } @@ -1742,7 +1741,8 @@ inline_ipsec_testsuite_setup(void) ret, port_id); return ret; } - test_ipsec_alg_list_populate(); + + test_sec_alg_list_populate(); /* Change the plaintext size for tests without Known vectors */ if (sg_mode) { @@ -2003,7 +2003,8 @@ event_inline_ipsec_testsuite_setup(void) } event_mode_enabled = true; - test_ipsec_alg_list_populate(); + + test_sec_alg_list_populate(); return 0; } @@ -2685,8 +2686,8 @@ test_ipsec_inline_pkt_replay(const void *test_data, const uint64_t esn[], bool replayed_pkt[], uint32_t nb_pkts, bool esn_en, uint64_t winsz) { - struct ipsec_test_data td_outb[IPSEC_TEST_PACKETS_MAX]; - struct ipsec_test_data td_inb[IPSEC_TEST_PACKETS_MAX]; + struct ipsec_test_data td_outb[TEST_SEC_PKTS_MAX]; + struct ipsec_test_data td_inb[TEST_SEC_PKTS_MAX]; struct ipsec_test_flags flags; uint32_t i, ret = 0; diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c index d62302a8dd..d242c852af 100644 --- a/app/test/test_security_proto.c +++ b/app/test/test_security_proto.c @@ -7,6 +7,52 @@ #include "test_security_proto.h" +struct crypto_param_comb sec_alg_list[RTE_DIM(aead_list) + + (RTE_DIM(cipher_list) * + RTE_DIM(auth_list))]; + +struct crypto_param_comb sec_auth_only_alg_list[2 * (RTE_DIM(auth_list) - 1)]; + +void +test_sec_alg_list_populate(void) +{ + unsigned long i, j, index = 0; + + for (i = 0; i < RTE_DIM(aead_list); i++) { + sec_alg_list[index].param1 = &aead_list[i]; + sec_alg_list[index].param2 = NULL; + index++; + } + + for (i = 0; i < RTE_DIM(cipher_list); i++) { + for (j = 0; j < RTE_DIM(auth_list); j++) { + sec_alg_list[index].param1 = &cipher_list[i]; + sec_alg_list[index].param2 = &auth_list[j]; + index++; + } + } +} + +void +test_sec_auth_only_alg_list_populate(void) +{ + unsigned long i, index = 0; + + for (i = 1; i < RTE_DIM(auth_list); i++) { + sec_auth_only_alg_list[index].param1 = &auth_list[i]; + sec_auth_only_alg_list[index].param2 = NULL; + index++; + } + + for (i = 1; i < RTE_DIM(auth_list); i++) { + /* NULL cipher */ + sec_auth_only_alg_list[index].param1 = &cipher_list[0]; + + sec_auth_only_alg_list[index].param2 = &auth_list[i]; + index++; + } +} + int test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap, struct rte_crypto_sym_xform *aead) diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index d6a00018e3..6797e8b8c2 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -8,6 +8,8 @@ #include #include +#define TEST_SEC_PKTS_MAX 32 + struct crypto_param { enum rte_crypto_sym_xform_type type; union { @@ -138,6 +140,20 @@ static const struct crypto_param auth_list[] = { }, }; +struct crypto_param_comb { + const struct crypto_param *param1; + const struct crypto_param *param2; +}; + +extern struct crypto_param_comb sec_alg_list[RTE_DIM(aead_list) + + (RTE_DIM(cipher_list) * RTE_DIM(auth_list))]; + +extern struct crypto_param_comb sec_auth_only_alg_list[2 * (RTE_DIM(auth_list) - 1)]; + +void test_sec_alg_list_populate(void); + +void test_sec_auth_only_alg_list_populate(void); + int test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap, struct rte_crypto_sym_xform *aead); From patchwork Thu Dec 7 13:02:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134918 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6D51E43699; Thu, 7 Dec 2023 14:03:25 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id EFBFD42F15; Thu, 7 Dec 2023 14:02:42 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id ED18C42F0B for ; Thu, 7 Dec 2023 14:02:40 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B76M57I017039; Thu, 7 Dec 2023 05:02:40 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=DqgfsLpYLLmVVZlAeX/wxwotoKAReTX8rcy5HzQypqI=; b=FPF+EvHiCbJ1+wn215rJaDdazsLESOYAOcrHUAsFfB91+92jQECi5e6sqFqVae0QT2fh qwk1vrGb26IG2HP8g6EmAD4KDfIPNNYuq0J3iSEZWuQGkeLouEDp7ZHLq7t67JBbDoQ6 /IQmyXvETrUBwXV1sGBOkD/2zTNKnSAJJGV/Es8qV989WpF38KAJub7UvFtmq7uO4MM/ 3VU8TRpCh/i7/ezi5vzmaVJKDvHiEnz2I1oSpKwgYl7B6WKCzW9aZQEEFldfAwG1J/T1 DhmmRSKPaFIBFpHqEUkAi5Uvp3fQuMPfVOyrNhOj1stAFsv4rmQOUpuw/WHfB4S6IZ6A Sg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3uu8qe98ka-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:39 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:38 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:38 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id CA9C83F70B2; Thu, 7 Dec 2023 05:02:35 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , Vidya Sagar Velumuri Subject: [PATCH 06/14] test/crypto: add TLS record tests Date: Thu, 7 Dec 2023 18:32:08 +0530 Message-ID: <20231207130216.140-7-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: NEj-PnZk8DQjHaSCcM7lXtV2f59XGht6 X-Proofpoint-ORIG-GUID: NEj-PnZk8DQjHaSCcM7lXtV2f59XGht6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add framework for testing TLS record cases. The framework supports testing with known vector tests in both session types (read & write). Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test/meson.build | 1 + app/test/test_cryptodev.c | 282 +++++++++++++++++- app/test/test_cryptodev.h | 2 + app/test/test_cryptodev_security_tls_record.c | 151 ++++++++++ app/test/test_cryptodev_security_tls_record.h | 71 +++++ ...yptodev_security_tls_record_test_vectors.h | 16 + 6 files changed, 515 insertions(+), 8 deletions(-) create mode 100644 app/test/test_cryptodev_security_tls_record.c create mode 100644 app/test/test_cryptodev_security_tls_record.h create mode 100644 app/test/test_cryptodev_security_tls_record_test_vectors.h diff --git a/app/test/meson.build b/app/test/meson.build index 58e120a6ab..f9e81eda2e 100644 --- a/app/test/meson.build +++ b/app/test/meson.build @@ -56,6 +56,7 @@ source_file_deps = { 'test_cryptodev_crosscheck.c': test_cryptodev_deps, 'test_cryptodev_security_ipsec.c': test_cryptodev_deps, 'test_cryptodev_security_pdcp.c': test_cryptodev_deps, + 'test_cryptodev_security_tls_record.c': ['cryptodev', 'security'], 'test_cycles.c': [], 'test_debug.c': [], 'test_devargs.c': ['kvargs'], diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fbb97d5456..cd83370790 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -53,6 +53,7 @@ #include "test_cryptodev_security_pdcp_sdap_test_vectors.h" #include "test_cryptodev_security_pdcp_test_func.h" #include "test_cryptodev_security_docsis_test_vectors.h" +#include "test_cryptodev_security_tls_record.h" #include "test_security_proto.h" #define SDAP_DISABLED 0 @@ -807,7 +808,7 @@ crypto_gen_testsuite_setup(void) #ifdef RTE_LIB_SECURITY static int -ipsec_proto_testsuite_setup(void) +sec_proto_testsuite_setup(enum rte_security_session_protocol protocol) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; @@ -817,8 +818,8 @@ ipsec_proto_testsuite_setup(void) rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) { - RTE_LOG(INFO, USER1, "Feature flag requirements for IPsec Proto " - "testsuite not met\n"); + RTE_LOG(INFO, USER1, + "Feature flag requirements for security protocol testsuite not met\n"); return TEST_SKIPPED; } @@ -830,11 +831,9 @@ ipsec_proto_testsuite_setup(void) /* Set action type */ ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; - if (security_proto_supported( - RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, - RTE_SECURITY_PROTOCOL_IPSEC) < 0) { - RTE_LOG(INFO, USER1, "Capability requirements for IPsec Proto " - "test not met\n"); + if (security_proto_supported(RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, protocol) < 0) { + RTE_LOG(INFO, USER1, + "Capability requirements for security protocol test not met\n"); ret = TEST_SKIPPED; } @@ -850,6 +849,18 @@ ipsec_proto_testsuite_setup(void) return ret; } +static int +ipsec_proto_testsuite_setup(void) +{ + return sec_proto_testsuite_setup(RTE_SECURITY_PROTOCOL_IPSEC); +} + +static int +tls_record_proto_testsuite_setup(void) +{ + return sec_proto_testsuite_setup(RTE_SECURITY_PROTOCOL_TLS_RECORD); +} + static int pdcp_proto_testsuite_setup(void) { @@ -11654,6 +11665,244 @@ test_docsis_proto_downlink(const void *data) return ret; } + +static void +test_tls_record_imp_nonce_update(const struct tls_record_test_data *td, + struct rte_security_tls_record_xform *tls_record_xform) +{ + unsigned int imp_nonce_len; + uint8_t *imp_nonce; + + switch (tls_record_xform->ver) { + case RTE_SECURITY_VERSION_TLS_1_2: + imp_nonce_len = RTE_SECURITY_TLS_1_2_IMP_NONCE_LEN; + imp_nonce = tls_record_xform->tls_1_2.imp_nonce; + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + imp_nonce_len = RTE_SECURITY_DTLS_1_2_IMP_NONCE_LEN; + imp_nonce = tls_record_xform->dtls_1_2.imp_nonce; + break; + case RTE_SECURITY_VERSION_TLS_1_3: + imp_nonce_len = RTE_SECURITY_TLS_1_3_IMP_NONCE_LEN; + imp_nonce = tls_record_xform->tls_1_3.imp_nonce; + break; + default: + return; + } + + imp_nonce_len = RTE_MIN(imp_nonce_len, td[0].imp_nonce.len); + memcpy(imp_nonce, td[0].imp_nonce.data, imp_nonce_len); +} + +static int +test_tls_record_proto_process(const struct tls_record_test_data td[], + struct tls_record_test_data res_d[], int nb_td, bool silent, + const struct tls_record_test_flags *flags) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct crypto_unittest_params *ut_params = &unittest_params; + struct rte_security_tls_record_xform tls_record_xform; + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + enum rte_security_tls_sess_type sess_type; + uint8_t dev_id = ts_params->valid_devs[0]; + struct rte_security_ctx *ctx; + int i, ret = TEST_SUCCESS; + + ut_params->type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + gbl_action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + + /* Use first test data to create session */ + + /* Copy TLS record xform */ + memcpy(&tls_record_xform, &td[0].tls_record_xform, sizeof(tls_record_xform)); + + sess_type = tls_record_xform.type; + + ctx = rte_cryptodev_get_sec_ctx(dev_id); + + sec_cap_idx.action = ut_params->type; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD; + sec_cap_idx.tls_record.type = tls_record_xform.type; + sec_cap_idx.tls_record.ver = tls_record_xform.ver; + + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) + return TEST_SKIPPED; + + /* Copy cipher session parameters */ + if (td[0].aead) { + memcpy(&ut_params->aead_xform, &td[0].xform.aead, sizeof(ut_params->aead_xform)); + ut_params->aead_xform.aead.key.data = td[0].key.data; + ut_params->aead_xform.aead.iv.offset = IV_OFFSET; + + /* Verify crypto capabilities */ + if (test_sec_crypto_caps_aead_verify(sec_cap, &ut_params->aead_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Crypto capabilities not supported\n"); + return TEST_SKIPPED; + } + } else { + memcpy(&ut_params->cipher_xform, &td[0].xform.chain.cipher, + sizeof(ut_params->cipher_xform)); + memcpy(&ut_params->auth_xform, &td[0].xform.chain.auth, + sizeof(ut_params->auth_xform)); + ut_params->cipher_xform.cipher.key.data = td[0].key.data; + ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET; + ut_params->auth_xform.auth.key.data = td[0].auth_key.data; + + /* Verify crypto capabilities */ + + if (test_sec_crypto_caps_cipher_verify(sec_cap, &ut_params->cipher_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Cipher crypto capabilities not supported\n"); + return TEST_SKIPPED; + } + + if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); + return TEST_SKIPPED; + } + } + + if (test_tls_record_sec_caps_verify(&tls_record_xform, sec_cap, silent) != 0) + return TEST_SKIPPED; + + struct rte_security_session_conf sess_conf = { + .action_type = ut_params->type, + .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD, + }; + + if (td[0].aead) + test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); + + sess_conf.tls_record = tls_record_xform; + + if (td[0].aead) { + sess_conf.crypto_xform = &ut_params->aead_xform; + } else { + if (sess_type == RTE_SECURITY_TLS_SESS_TYPE_READ) { + sess_conf.crypto_xform = &ut_params->cipher_xform; + ut_params->cipher_xform.next = &ut_params->auth_xform; + } else { + sess_conf.crypto_xform = &ut_params->auth_xform; + ut_params->auth_xform.next = &ut_params->cipher_xform; + } + } + + /* Create security session */ + ut_params->sec_session = rte_security_session_create(ctx, &sess_conf, + ts_params->session_mpool); + if (ut_params->sec_session == NULL) + return TEST_SKIPPED; + + for (i = 0; i < nb_td; i++) { + /* Setup source mbuf payload */ + ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, + 1, 0); + pktmbuf_write(ut_params->ibuf, 0, td[i].input_text.len, td[i].input_text.data); + + /* Generate crypto op data structure */ + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, + RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (ut_params->op == NULL) { + printf("Could not allocate crypto op"); + ret = TEST_FAILED; + goto crypto_op_free; + } + + /* Attach session to operation */ + rte_security_attach_session(ut_params->op, ut_params->sec_session); + + /* Set crypto operation mbufs */ + ut_params->op->sym->m_src = ut_params->ibuf; + ut_params->op->sym->m_dst = NULL; + ut_params->op->param1.tls_record.content_type = td[i].app_type; + + /* Copy IV in crypto operation when IV generation is disabled */ + if (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE && + tls_record_xform.options.iv_gen_disable == 1) { + uint8_t *iv; + int len; + + iv = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET); + if (td[i].aead) + len = td[i].xform.aead.aead.iv.length - 4; + else + len = td[i].xform.chain.cipher.cipher.iv.length; + memcpy(iv, td[i].iv.data, len); + } + + /* Process crypto operation */ + process_crypto_request(dev_id, ut_params->op); + + ret = test_tls_record_status_check(ut_params->op); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + ret = test_tls_record_post_process(ut_params->ibuf, &td[i], NULL, silent); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + + + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + } + +crypto_op_free: + rte_crypto_op_free(ut_params->op); + ut_params->op = NULL; + + rte_pktmbuf_free(ut_params->ibuf); + ut_params->ibuf = NULL; + + if (ut_params->sec_session) + rte_security_session_destroy(ctx, ut_params->sec_session); + ut_params->sec_session = NULL; + + RTE_SET_USED(res_d); + RTE_SET_USED(flags); + + return ret; +} + +static int +test_tls_record_proto_known_vec(const void *test_data) +{ + struct tls_record_test_data td_write; + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + memcpy(&td_write, test_data, sizeof(td_write)); + + /* Disable IV gen to be able to test with known vectors */ + td_write.tls_record_xform.options.iv_gen_disable = 1; + + return test_tls_record_proto_process(&td_write, NULL, 1, false, &flags); +} + +static int +test_tls_record_proto_known_vec_read(const void *test_data) +{ + const struct tls_record_test_data *td = test_data; + struct tls_record_test_flags flags; + struct tls_record_test_data td_inb; + + memset(&flags, 0, sizeof(flags)); + + if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) + test_tls_record_td_read_from_write(td, &td_inb); + else + memcpy(&td_inb, td, sizeof(td_inb)); + + return test_tls_record_proto_process(&td_inb, NULL, 1, false, &flags); +} + #endif static int @@ -16560,6 +16809,22 @@ static struct unit_test_suite pdcp_proto_testsuite = { } }; +static struct unit_test_suite tls12_record_proto_testsuite = { + .suite_name = "TLS 1.2 Record Protocol Unit Test Suite", + .setup = tls_record_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Known vector TBD", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data1), + TEST_CASE_NAMED_WITH_DATA( + "Known vector TBD", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls_test_data1), + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + #define ADD_UPLINK_TESTCASE(data) \ TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security, \ ut_teardown, test_docsis_proto_uplink, (const void *) &data), \ @@ -17567,6 +17832,7 @@ run_cryptodev_testsuite(const char *pmd_name) &ipsec_proto_testsuite, &pdcp_proto_testsuite, &docsis_proto_testsuite, + &tls12_record_proto_testsuite, #endif &end_testsuite }; diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index f2c417a267..f27d9697fd 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -4,6 +4,8 @@ #ifndef TEST_CRYPTODEV_H_ #define TEST_CRYPTODEV_H_ +#include + #define HEX_DUMP 0 #define FALSE 0 diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c new file mode 100644 index 0000000000..be8f5270cc --- /dev/null +++ b/app/test/test_cryptodev_security_tls_record.c @@ -0,0 +1,151 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ + +#include + +#include "test.h" +#include "test_cryptodev_security_tls_record.h" +#include "test_cryptodev_security_tls_record_test_vectors.h" + +int +test_tls_record_status_check(struct rte_crypto_op *op) +{ + int ret = TEST_SUCCESS; + + if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) + ret = TEST_FAILED; + + return ret; +} + +int +test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform, + const struct rte_security_capability *sec_cap, bool silent) +{ + /* Verify security capabilities */ + + RTE_SET_USED(tls_record_xform); + RTE_SET_USED(sec_cap); + RTE_SET_USED(silent); + + return 0; +} + +void +test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, + struct tls_record_test_data *td_in) +{ + memcpy(td_in, td_out, sizeof(*td_in)); + + /* Populate output text of td_in with input text of td_out */ + memcpy(td_in->output_text.data, td_out->input_text.data, td_out->input_text.len); + td_in->output_text.len = td_out->input_text.len; + + /* Populate input text of td_in with output text of td_out */ + memcpy(td_in->input_text.data, td_out->output_text.data, td_out->output_text.len); + td_in->input_text.len = td_out->output_text.len; + + td_in->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ; + + if (td_in->aead) { + td_in->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; + } else { + td_in->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; + td_in->xform.chain.cipher.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + } +} + +static int +test_tls_record_td_verify(uint8_t *output_text, uint32_t len, const struct tls_record_test_data *td, + bool silent) +{ + if (len != td->output_text.len) { + printf("Output length (%d) not matching with expected (%d)\n", + len, td->output_text.len); + return TEST_FAILED; + } + + if (memcmp(output_text, td->output_text.data, len)) { + if (silent) + return TEST_FAILED; + + printf("[%s : %d] %s\n", __func__, __LINE__, "Output text not as expected\n"); + + rte_hexdump(stdout, "expected", td->output_text.data, len); + rte_hexdump(stdout, "actual", output_text, len); + return TEST_FAILED; + } + + return TEST_SUCCESS; +} + +static int +test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, + const struct tls_record_test_data *td, + struct tls_record_test_data *res_d) +{ + memcpy(res_d, td, sizeof(*res_d)); + + memcpy(&res_d->input_text.data, output_text, len); + res_d->input_text.len = len; + + res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ; + if (res_d->aead) { + res_d->xform.aead.aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT; + } else { + res_d->xform.chain.cipher.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + res_d->xform.chain.auth.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; + } + + return TEST_SUCCESS; +} + +int +test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, + struct tls_record_test_data *res_d, bool silent) +{ + uint32_t len = rte_pktmbuf_pkt_len(m), data_len; + uint8_t output_text[TLS_RECORD_MAX_LEN]; + const struct rte_mbuf *seg; + const uint8_t *output; + + memset(output_text, 0, TLS_RECORD_MAX_LEN); + + /* + * Actual data in packet might be less in error cases, hence take minimum of pkt_len and sum + * of data_len. This is done to run through negative test cases. + */ + data_len = 0; + seg = m; + while (seg) { + data_len += seg->data_len; + seg = seg->next; + } + + len = RTE_MIN(len, data_len); + TEST_ASSERT(len <= TLS_RECORD_MAX_LEN, "Invalid packet length: %u", len); + + /* Copy mbuf payload to continuous buffer */ + output = rte_pktmbuf_read(m, 0, len, output_text); + if (output != output_text) { + /* Single segment mbuf, copy manually */ + memcpy(output_text, output, len); + } + + /* + * In case of known vector tests & all record read (decrypt) tests, res_d provided would be + * NULL and output data need to be validated against expected. For record read (decrypt), + * output_text would be plain payload and for record write (encrypt), output_text would TLS + * record. Validate by comparing against known vectors. + * + * In case of combined mode tests, the output_text from TLS write (encrypt) operation (ie, + * TLS record) would need to be decrypted using a TLS read operation to obtain the plain + * text. Copy output_text to result data, 'res_d', so that inbound processing can be done. + */ + + if (res_d == NULL) + return test_tls_record_td_verify(output_text, len, td, silent); + else + return test_tls_record_res_d_prepare(output_text, len, td, res_d); +} diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h new file mode 100644 index 0000000000..9a0cf70218 --- /dev/null +++ b/app/test/test_cryptodev_security_tls_record.h @@ -0,0 +1,71 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ + +#ifndef _TEST_CRYPTODEV_SECURITY_TLS_RECORD_H_ +#define _TEST_CRYPTODEV_SECURITY_TLS_RECORD_H_ + +#include +#include + +#define TLS_RECORD_MAX_LEN 16384u + +struct tls_record_test_data { + struct { + uint8_t data[32]; + } key; + + struct { + uint8_t data[64]; + } auth_key; + + struct { + uint8_t data[TLS_RECORD_MAX_LEN]; + unsigned int len; + } input_text; + + struct { + uint8_t data[TLS_RECORD_MAX_LEN]; + unsigned int len; + } output_text; + + struct { + uint8_t data[12]; + unsigned int len; + } imp_nonce; + + struct { + uint8_t data[16]; + } iv; + + union { + struct { + struct rte_crypto_sym_xform cipher; + struct rte_crypto_sym_xform auth; + } chain; + struct rte_crypto_sym_xform aead; + } xform; + + struct rte_security_tls_record_xform tls_record_xform; + uint8_t app_type; + bool aead; +}; + +struct tls_record_test_flags { + bool display_alg; +}; + +extern struct tls_record_test_data tls_test_data1; + +int test_tls_record_status_check(struct rte_crypto_op *op); + +int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform, + const struct rte_security_capability *sec_cap, bool silent); + +void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, + struct tls_record_test_data *td_in); + +int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, + struct tls_record_test_data *res_d, bool silent); + +#endif diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h new file mode 100644 index 0000000000..5aa0d27fda --- /dev/null +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -0,0 +1,16 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2023 Marvell + */ + +#ifndef _TEST_CRYPTODEV_SECURITY_TLS_RECORD_TEST_VECTORS_H_ +#define _TEST_CRYPTODEV_SECURITY_TLS_RECORD_TEST_VECTORS_H_ + +#include +#include + +#include "test_cryptodev.h" +#include "test_cryptodev_security_tls_record.h" + +struct tls_record_test_data tls_test_data1; + +#endif From patchwork Thu Dec 7 13:02:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134919 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AF73C43699; Thu, 7 Dec 2023 14:03:35 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 16ACD42F1B; Thu, 7 Dec 2023 14:02:46 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 27E5A42F1B for ; Thu, 7 Dec 2023 14:02:44 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B79PGlc032068; Thu, 7 Dec 2023 05:02:43 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=MuoFfaWUzEPf0c0RRBjgXbivR8JffuTQaWxE+kkLyFM=; b=hjWFK6Jq26s8VKK0+KlV7Qi1AEq0wgqPkHTMC03vQSqFOPyS8pmsuMsxDrfqCTDcVnoe afV8vsJCYQYpO7k5coaRWonqDl4jFdfkSVL1SKHZtYM45K8wVH9j0e7ULsk4BV5MA+zo gUj3z2yMJMAEO7R5KKc8uSVcNOkhZSdx5hVL0j3R6T9JReec3HK6d750Brv9RiUUI7BL jEB9mUCGhIkqYQc+ZsLu/Jcsn5Oawxbx85+HXVUfAI9pGNBu5DnpudHQ8NUxh895NjOI E3Epe7Sr1ohoUsXocBhcZ8x50V3JrHhScUxTZryBtBwSZA9RZrspjooNA18fsZNyZBOC 2A== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3uubdd8n5v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:43 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:41 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:41 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id AF9F83F70AD; Thu, 7 Dec 2023 05:02:38 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Tejasree Kondoj , Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , "Vidya Sagar Velumuri" Subject: [PATCH 07/14] test/crypto: add AES-GCM 128 TLS 1.2 vector Date: Thu, 7 Dec 2023 18:32:09 +0530 Message-ID: <20231207130216.140-8-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: XkRlQ8p98ZdA4BHdlNN_nbTyKm8eHo-c X-Proofpoint-GUID: XkRlQ8p98ZdA4BHdlNN_nbTyKm8eHo-c X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Tejasree Kondoj Add AES-GCM-128 test vector generated with kTLS. Signed-off-by: Tejasree Kondoj Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 8 +-- app/test/test_cryptodev_security_tls_record.h | 2 +- ...yptodev_security_tls_record_test_vectors.h | 67 ++++++++++++++++++- 3 files changed, 71 insertions(+), 6 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index cd83370790..e7e4b93c20 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -16814,13 +16814,13 @@ static struct unit_test_suite tls12_record_proto_testsuite = { .setup = tls_record_proto_testsuite_setup, .unit_test_cases = { TEST_CASE_NAMED_WITH_DATA( - "Known vector TBD", + "Write record known vector AES-GCM-128 (vector 1)", ut_setup_security, ut_teardown, - test_tls_record_proto_known_vec, &tls_test_data1), + test_tls_record_proto_known_vec, &tls_test_data_aes_128_gcm_v1), TEST_CASE_NAMED_WITH_DATA( - "Known vector TBD", + "Read record known vector AES-GCM-128 (vector 1)", ut_setup_security, ut_teardown, - test_tls_record_proto_known_vec_read, &tls_test_data1), + test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_gcm_v1), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 9a0cf70218..b9cadd5cd4 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -55,7 +55,7 @@ struct tls_record_test_flags { bool display_alg; }; -extern struct tls_record_test_data tls_test_data1; +extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; int test_tls_record_status_check(struct rte_crypto_op *op); diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index 5aa0d27fda..52e97e8557 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -11,6 +11,71 @@ #include "test_cryptodev.h" #include "test_cryptodev_security_tls_record.h" -struct tls_record_test_data tls_test_data1; +/* TLS 1.2 AES-GCM 128 vector generated with kTLS. */ +struct tls_record_test_data tls_test_data_aes_128_gcm_v1 = { + .key = { + .data = { + 0x77, 0xc4, 0x9b, 0x0c, 0x2b, 0xe2, 0xd2, 0x4e, + 0xf5, 0x36, 0xb4, 0xea, 0x16, 0xb0, 0xed, 0x1f + }, + }, + .input_text = { + .data = { + 0x61, 0x62, 0x63, 0x64, 0x31, 0x32, 0x33, 0x34, + 0x61, 0x62, 0x63, 0x64, 0x31, 0x32, 0x33, 0x34, + 0xa + }, + .len = 17, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x29, + 0x3a, 0xcd, 0x41, 0x5d, 0x42, 0xac, 0xce, 0x36, + 0xad, 0xd1, 0x83, 0xa0, 0x16, 0x84, 0xce, 0x84, + 0xfc, 0xc2, 0xa7, 0x6b, 0xa1, 0x89, 0x5d, 0xf2, + 0xeb, + 0x9b, 0x90, 0x01, 0x56, 0xf8, 0x9d, 0xac, 0x0c, + 0xa8, 0x95, 0xba, 0xcc, 0x1f, 0xf3, 0x36, 0x2b + }, + .len = 46, + }, + .imp_nonce = { + .data = { + 0xda, 0xf8, 0x8f, 0x12 + }, + .len = 4, + }, + + .iv = { + .data = { + 0x3a, 0xcd, 0x41, 0x5d, 0x42, 0xac, 0xce, 0x36 + }, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 13, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = true, + .app_type = 0x17, +}; #endif From patchwork Thu Dec 7 13:02:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134920 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C37BE43699; Thu, 7 Dec 2023 14:03:44 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3B15C42F23; Thu, 7 Dec 2023 14:02:50 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 95CE942F0C for ; Thu, 7 Dec 2023 14:02:48 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B76M49N017005; Thu, 7 Dec 2023 05:02:47 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=FVa9Q8gbWPzE1WSctp/gbKQECdKSGu+pxG9jffquUZ8=; b=fDqQ4HrbPSEyMXdcWwZEqNqUkt/l6OrFVWv3EO55nfWPnZf3n1rblHrvQ8lsYIsoyf/5 PuefDI1hdeDRg7SI/QfTF94uBbok2Icz3b+o6d6EOQ497lzds9KDRAmRU9iftK79YLiB 10GMVfvPNO8BWpnKeFTBy1TnpuQRwBBOjy4XiPrmumalug59MHfbAZyca2TnSBZ8dtS4 Trjsvk4tLc3aUfu91Mgz3Xsmye10qeNcGUmSeoD/RUNVSMcoHcTlj72801bxvFAQfSCB rI0XEDLpsIVMsWDDPJb8h8PBrRZsq3FLcMgNLW86Wz7gV1xhXSjV/55B3tNX/Dy8WBzb 7w== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3uu8qe98m9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:47 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:44 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:44 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id D5B9C3F7093; Thu, 7 Dec 2023 05:02:41 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , Vidya Sagar Velumuri Subject: [PATCH 08/14] test/crypto: add TLS1.2 vectors Date: Thu, 7 Dec 2023 18:32:10 +0530 Message-ID: <20231207130216.140-9-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 1E47LsbxTbBCswbkvlcMkTFkWw5j9jiF X-Proofpoint-ORIG-GUID: 1E47LsbxTbBCswbkvlcMkTFkWw5j9jiF X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added TLS 1.2 test vectors for AES-128-CBC-SHA1 Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 8 ++ app/test/test_cryptodev_security_tls_record.h | 1 + ...yptodev_security_tls_record_test_vectors.h | 91 +++++++++++++++++++ 3 files changed, 100 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index e7e4b93c20..a82f971135 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -16817,10 +16817,18 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Write record known vector AES-GCM-128 (vector 1)", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &tls_test_data_aes_128_gcm_v1), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-128-CBC-SHA1", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_128_cbc_sha1_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector AES-GCM-128 (vector 1)", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_gcm_v1), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-128-CBC-SHA1", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_cbc_sha1_hmac), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index b9cadd5cd4..3e42db2c03 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -56,6 +56,7 @@ struct tls_record_test_flags { }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; +extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac; int test_tls_record_status_check(struct rte_crypto_op *op); diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index 52e97e8557..85ad2df500 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -78,4 +78,95 @@ struct tls_record_test_data tls_test_data_aes_128_gcm_v1 = { .app_type = 0x17, }; +struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac = { + .key = { + .data = { + 0xee, 0x2b, 0x2a, 0x59, 0xbf, 0x60, 0x36, 0xba, + 0xe4, 0xdc, 0x7d, 0x8b, 0xc7, 0x0d, 0xbb, 0x85, + }, + }, + .auth_key = { + .data = { + 0xcf, 0x4f, 0xc1, 0x7d, 0x6d, 0x4c, 0x0d, 0x13, + 0x3d, 0x8f, 0x95, 0xb5, 0xdd, 0xb0, 0x85, 0x08, + 0x38, 0x2c, 0xa1, 0xa0, + }, + }, + .input_text = { + .data = { + /* plain text data */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, + 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, 0x31, + 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x0a, + }, + .len = 48, + }, + .output_text = { + .data = { + /* TLS header */ + 0x17, 0x03, 0x03, 0x00, 0x60, + /* Encrypted data */ + 0x30, 0x76, 0x10, 0x2e, 0xb2, 0xe3, 0xb6, 0x93, + 0x70, 0xd4, 0xdf, 0x2a, 0x4f, 0x92, 0x1d, 0x3c, + 0x9a, 0x87, 0x38, 0xb0, 0x8e, 0x82, 0xf1, 0x33, + 0xa2, 0x5e, 0xce, 0xaf, 0x51, 0xf1, 0x51, 0x17, + 0x4f, 0x63, 0x55, 0x60, 0xa5, 0x3f, 0xc5, 0x42, + 0x9a, 0x80, 0x7a, 0x19, 0xb9, 0x77, 0x5b, 0x6f, + 0x1b, 0x2e, 0x2c, 0x0a, 0xa1, 0xa9, 0xf4, 0xb1, + 0xc7, 0x12, 0x7d, 0xfc, 0x92, 0x2f, 0xf4, 0xfc, + 0x20, 0x16, 0x1a, 0xa3, 0x94, 0xc6, 0xfe, 0x64, + 0x8d, 0x16, 0xd2, 0x52, 0x56, 0x83, 0x75, 0x3f, + 0x5b, 0x89, 0xf4, 0x29, 0x72, 0x46, 0x19, 0xd2, + 0xae, 0xea, 0xe3, 0xfc, 0x23, 0xd9, 0x00, 0x6c, + }, + .len = 101, + }, + .iv = { + .data = { + 0x30, 0x76, 0x10, 0x2e, 0xb2, 0xe3, 0xb6, 0x93, + 0x70, 0xd4, 0xdf, 0x2a, 0x4f, 0x92, 0x1d, 0x3c, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .key.length = 20, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 20, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 16, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + #endif From patchwork Thu Dec 7 13:02:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134921 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 500A843699; Thu, 7 Dec 2023 14:03:55 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9FA5C42F3B; Thu, 7 Dec 2023 14:02:51 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 413B342F25 for ; Thu, 7 Dec 2023 14:02:50 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B79PDlF031920; Thu, 7 Dec 2023 05:02:49 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=KqNmo4JJcupRZWLxM3n7ILwhyBZgstmhrf6O7XSieUY=; b=eg8444biYfA/VE2FzUvv/TpDWOmXae4ntgRbDFYCn8zKSn8nziV+Uqvj0McvYG1y3kYm UVI5j5XVAgkkc0y54O1cVqBBVAxM6NRiHTWmuj+J2KvKz0Pn2uN6E/SgEw+eWkq/L7nE cgJf6lX4RNLzwzXKBbPQOSoPNtB3R/F3nZH6WzrmB3+rclZW7sfN/He/KEbMaqpSvU9m zQjzgu02ZBH9LA6/QoA68+C8acQ/rv+XBuIbqo8sEiCjd/IgAHrNzrzsRbTeNaP0v1+5 jqlbfuYbaVjuEE/BzXqw0UUOpO2nWENMhSy4tiHDSvvtIMhp6S/aKOZ68Z+IR1hfE72y Cw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3uubdd8n6a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:49 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:47 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:47 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id C22613F7051; Thu, 7 Dec 2023 05:02:44 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , Vidya Sagar Velumuri Subject: [PATCH 09/14] test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors Date: Thu, 7 Dec 2023 18:32:11 +0530 Message-ID: <20231207130216.140-10-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: ZUqoj7k19lDSBkt8rDRuSn-YIixMuT_G X-Proofpoint-GUID: ZUqoj7k19lDSBkt8rDRuSn-YIixMuT_G X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added test vectors for TLS1.2 and DTLS 1.2 for AES-128-GCM and AES-256-GCM. These vectors are generated using GnuTLS server and client applications. Signed-off-by: Akhil Goyal Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 43 ++- app/test/test_cryptodev_security_tls_record.h | 4 + ...yptodev_security_tls_record_test_vectors.h | 286 ++++++++++++++++++ 3 files changed, 332 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index a82f971135..0360f30bd1 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -16818,13 +16818,29 @@ static struct unit_test_suite tls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &tls_test_data_aes_128_gcm_v1), TEST_CASE_NAMED_WITH_DATA( - "Write record known vector AES-128-CBC-SHA1", + "Write record known vector AES-GCM-128 (vector 2)", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_128_gcm_v2), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-CBC-128-SHA1", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &tls_test_data_aes_128_cbc_sha1_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector AES-GCM-128 (vector 1)", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_gcm_v1), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-128 (vector 2)", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_gcm_v2), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls_test_data_aes_256_gcm), TEST_CASE_NAMED_WITH_DATA( "Read record known vector AES-128-CBC-SHA1", ut_setup_security, ut_teardown, @@ -16833,6 +16849,30 @@ static struct unit_test_suite tls12_record_proto_testsuite = { } }; +static struct unit_test_suite dtls12_record_proto_testsuite = { + .suite_name = "DTLS 1.2 Record Protocol Unit Test Suite", + .setup = tls_record_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &dtls_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &dtls_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &dtls_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_gcm), + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + #define ADD_UPLINK_TESTCASE(data) \ TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security, \ ut_teardown, test_docsis_proto_uplink, (const void *) &data), \ @@ -17841,6 +17881,7 @@ run_cryptodev_testsuite(const char *pmd_name) &pdcp_proto_testsuite, &docsis_proto_testsuite, &tls12_record_proto_testsuite, + &dtls12_record_proto_testsuite, #endif &end_testsuite }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 3e42db2c03..18d689253b 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -56,6 +56,10 @@ struct tls_record_test_flags { }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; +extern struct tls_record_test_data tls_test_data_aes_128_gcm_v2; +extern struct tls_record_test_data tls_test_data_aes_256_gcm; +extern struct tls_record_test_data dtls_test_data_aes_128_gcm; +extern struct tls_record_test_data dtls_test_data_aes_256_gcm; extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac; int test_tls_record_status_check(struct rte_crypto_op *op); diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index 85ad2df500..fb060275fb 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -78,6 +78,148 @@ struct tls_record_test_data tls_test_data_aes_128_gcm_v1 = { .app_type = 0x17, }; +/* TLS 1.2 AES-128-GCM */ +struct tls_record_test_data tls_test_data_aes_128_gcm_v2 = { + .key = { + .data = { + 0x64, 0xda, 0xc6, 0x34, 0xd4, 0x88, 0x59, 0x57, + 0x2d, 0x7c, 0xcc, 0x6d, 0xb2, 0x88, 0x40, 0x4c, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0xa, + }, + .len = 36, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0xb2, 0x8f, 0x1e, 0x8d, 0xe3, 0x67, 0xfd, 0xfa, + 0x68, 0x5a, 0xf4, 0x0f, 0x68, 0xdc, 0x5b, 0x6f, + 0x88, 0xd0, 0x1b, 0x3c, 0x84, 0xad, 0x01, 0xcf, + 0xd2, 0xab, 0x8b, 0x59, 0xbd, 0x66, 0x93, 0xd2, + 0x6f, 0xbd, 0xb2, 0xf0, 0xc7, 0xa3, 0x26, 0x78, + 0x35, 0xda, 0xe1, 0x4b, 0xb3, 0x3b, 0x21, 0x08, + 0xd2, 0x9b, 0x5c, 0x16, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0xdf, 0x13, 0xc5, 0x7c, + }, + .len = 4, + }, + .iv = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 + }, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 13, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = true, + .app_type = 0x17, +}; + +/* TLS 1.2 AES-256-GCM */ +struct tls_record_test_data tls_test_data_aes_256_gcm = { + .key = { + .data = { + 0x14, 0x8d, 0x98, 0x26, 0xc3, 0x9f, 0xae, 0x1a, + 0x52, 0x38, 0x7c, 0xfe, 0xcd, 0x2e, 0x7f, 0x28, + 0x1f, 0x11, 0x07, 0x02, 0x83, 0xa0, 0x24, 0x78, + 0x09, 0x83, 0x65, 0xb9, 0x99, 0x1b, 0x2c, 0x3a, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x54, 0x4c, 0x53, 0x20, + 0x31, 0x2e, 0x32, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0xa, + }, + .len = 36, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x37, 0xed, 0x76, 0x33, 0xb3, 0xcd, 0x66, 0x76, + 0x68, 0x2d, 0xc2, 0xb2, 0x83, 0x91, 0x15, 0xdf, + 0xc3, 0x13, 0x14, 0x83, 0x99, 0x4c, 0x0c, 0xcc, + 0xc0, 0x41, 0x6f, 0x54, 0x8d, 0xd5, 0x6f, 0xe7, + 0xe9, 0x7d, 0x9c, 0xed, 0xe8, 0xd6, 0x92, 0xac, + 0xa5, 0xc2, 0x93, 0xdf, 0xdc, 0xf7, 0x80, 0x3c, + 0xc6, 0xc3, 0x6e, 0x7f, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0xff, 0x9d, 0x56, 0x96, + }, + .len = 4, + }, + .iv = { + .data = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 + }, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 32, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 13, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = true, + .app_type = 0x17, +}; + struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac = { .key = { .data = { @@ -169,4 +311,148 @@ struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac = { .app_type = 0x17, }; +/* DTLS 1.2 AES-128-GCM */ +struct tls_record_test_data dtls_test_data_aes_128_gcm = { + .key = { + .data = { + 0xde, 0x1f, 0xf3, 0x6f, 0x76, 0x9a, 0x99, 0x71, + 0x19, 0x5f, 0x03, 0x36, 0x64, 0x7d, 0xb2, 0x1e, + }, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x3d, 0x00, 0x01, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0xe8, 0x02, 0xd6, + 0xa6, 0x78, 0x71, 0x50, 0x8f, 0x26, 0x43, 0x5d, + 0xf7, 0x50, 0x5a, 0x45, 0x8b, 0xc9, 0x7f, 0xa7, + 0x12, 0x51, 0x3a, 0x72, 0x0c, 0xfa, 0x21, 0xff, + 0x8c, 0xc9, 0x3f, 0x25, 0x08, 0xb5, 0xe8, 0x7d, + 0x5f, 0xbc, 0xa8, 0xb9, 0xd3, 0xe3, 0x15, 0xb0, + 0x9b, 0xbd, 0x82, 0x9b, 0x77, 0x14, 0x17, 0x2a, + 0x28, 0xbb, + }, + .len = 74, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, + 0x2d, 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, + 0x6d, 0x70, 0x6c, 0x65, 0xa, + }, + .len = 37, + }, + .imp_nonce = { + .data = { + 0x66, 0xb2, 0x04, 0x1d, + }, + .len = 4, + }, + .iv = { + .data = { + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 13, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = true, + .app_type = 0x17, +}; + +/* DTLS 1.2 AES-256-GCM */ +struct tls_record_test_data dtls_test_data_aes_256_gcm = { + .key = { + .data = { + 0x9e, 0x0d, 0xe9, 0x57, 0x4d, 0x24, 0xa7, 0x15, + 0x0d, 0x49, 0xf0, 0x87, 0xa6, 0xf1, 0x3e, 0x33, + 0x8c, 0xb8, 0x86, 0xb6, 0xbb, 0x72, 0x93, 0xa2, + 0x5e, 0xcb, 0x31, 0xe3, 0x60, 0xc6, 0x7e, 0x11, + }, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x39, 0x00, 0x01, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0xf9, 0xed, 0xe7, + 0xe2, 0x53, 0x97, 0x9a, 0x3c, 0xc7, 0x66, 0x21, + 0x62, 0xfb, 0x29, 0x27, 0x8d, 0xc6, 0x11, 0xa3, + 0x69, 0x89, 0xdc, 0x34, 0x50, 0x6d, 0x2f, 0xf7, + 0x58, 0xd5, 0xc7, 0x71, 0xf4, 0x6d, 0x07, 0xae, + 0x35, 0x39, 0x7b, 0xa8, 0xc3, 0x38, 0x71, 0xb8, + 0xee, 0xb0, 0x18, 0xc6, 0xb5, 0x49, + }, + .len = 70, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x65, 0x78, 0x61, + 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x74, 0x65, 0x73, + 0x74, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 33, + }, + .imp_nonce = { + .data = { + 0x24, 0x58, 0x29, 0x71, + }, + .len = 4, + }, + .iv = { + .data = { + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 32, + .iv.length = 12, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 13, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = true, + .app_type = 0x17, +}; + #endif From patchwork Thu Dec 7 13:02:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134922 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 36C5743699; Thu, 7 Dec 2023 14:04:03 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id ADFD642F41; Thu, 7 Dec 2023 14:02:53 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 98A6542F41 for ; Thu, 7 Dec 2023 14:02:52 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B76M5Pv017036; Thu, 7 Dec 2023 05:02:51 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=gJ4zPORkk5LUCKnydJLlu/7mz0BQceZ45W32NrZn7XM=; b=DabkRu4/v1+GmQfKhYNASsSBIVMFjwHjjmjRFUepNd0I8qX9m0VxAHDNKXZL2J5+mdQp sZBH9K5n6LtFoRpvON1Mq2eS6DEcAFZDWxLazJEryvLauXM0nRpImlGzArFAOcufful4 qcYLRR/fKGMzuMFY1ivytT3m+tLkFCVsCJpFYWkB4zp6UWhhUmeSj/po24qg/zMrNtYZ /U64ORh9kIj4RbGdkZrGYqCIGHHcCQYPiB4mnN4JuuWi1vR0CxD22/nSzKSXgWWLwDLe mZLIFJsZ9wYon5L7oWnjFzRoLLzJGbYXFcqYli3gNs67/g338m3CC2KQT3j3ERKFd9xo 1g== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3uu8qe98mg-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:51 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:50 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:50 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id B09463F7093; Thu, 7 Dec 2023 05:02:47 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Vidya Sagar Velumuri , Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , Subject: [PATCH 10/14] test/crypto: add combined mode cases Date: Thu, 7 Dec 2023 18:32:12 +0530 Message-ID: <20231207130216.140-11-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 7YHNUiAWyDbJ2mtAVpg80pB-fNnnsxsK X-Proofpoint-ORIG-GUID: 7YHNUiAWyDbJ2mtAVpg80pB-fNnnsxsK X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add cases to try TLS record write(encrypt) + read(decrypt) operations. This is used for testing TLS record features with all algorithms supported by the security device. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 67 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 60 +++++++++++++++++ app/test/test_cryptodev_security_tls_record.h | 11 +++ 3 files changed, 136 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 0360f30bd1..6070e7f336 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11704,6 +11704,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], struct rte_security_tls_record_xform tls_record_xform; struct rte_security_capability_idx sec_cap_idx; const struct rte_security_capability *sec_cap; + struct tls_record_test_data *res_d_tmp = NULL; enum rte_security_tls_sess_type sess_type; uint8_t dev_id = ts_params->valid_devs[0]; struct rte_security_ctx *ctx; @@ -11841,7 +11842,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (ret != TEST_SUCCESS) goto crypto_op_free; - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], NULL, silent); + if (res_d != NULL) + res_d_tmp = &res_d[i]; + + ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, silent); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -11864,7 +11868,6 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_security_session_destroy(ctx, ut_params->sec_session); ut_params->sec_session = NULL; - RTE_SET_USED(res_d); RTE_SET_USED(flags); return ret; @@ -11903,6 +11906,58 @@ test_tls_record_proto_known_vec_read(const void *test_data) return test_tls_record_proto_process(&td_inb, NULL, 1, false, &flags); } +static int +test_tls_record_proto_all(const struct tls_record_test_flags *flags) +{ + struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; + struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; + unsigned int i, nb_pkts = 1, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, + td_outb, nb_pkts); + + ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); + + ret = test_tls_record_proto_process(td_inb, NULL, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_tls_record_proto_display_list(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + + return test_tls_record_proto_all(&flags); +} + #endif static int @@ -16845,6 +16900,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Read record known vector AES-128-CBC-SHA1", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_cbc_sha1_hmac), + TEST_CASE_NAMED_ST( + "Combined test alg list", + ut_setup_security, ut_teardown, + test_tls_record_proto_display_list), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -16869,6 +16928,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Read record known vector AES-GCM-256", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_gcm), + TEST_CASE_NAMED_ST( + "Combined test alg list", + ut_setup_security, ut_teardown, + test_tls_record_proto_display_list), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index be8f5270cc..6f106050c2 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -7,6 +7,7 @@ #include "test.h" #include "test_cryptodev_security_tls_record.h" #include "test_cryptodev_security_tls_record_test_vectors.h" +#include "test_security_proto.h" int test_tls_record_status_check(struct rte_crypto_op *op) @@ -56,6 +57,65 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, } } +void +test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, + const struct tls_record_test_flags *flags, + struct tls_record_test_data *td_array, int nb_td) +{ + struct tls_record_test_data *td = NULL; + int i; + + memset(td_array, 0, nb_td * sizeof(*td)); + + for (i = 0; i < nb_td; i++) { + td = &td_array[i]; + + /* Prepare fields based on param */ + + if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + /* Copy template for packet & key fields */ + memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + + td->aead = true; + td->xform.aead.aead.algo = param1->alg.aead; + td->xform.aead.aead.key.length = param1->key_length; + td->xform.aead.aead.digest_length = param1->digest_length; + } else { + /* Copy template for packet & key fields */ + memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + + td->aead = false; + td->xform.chain.cipher.cipher.algo = param1->alg.cipher; + td->xform.chain.cipher.cipher.key.length = param1->key_length; + td->xform.chain.cipher.cipher.iv.length = param1->iv_length; + td->xform.chain.auth.auth.algo = param2->alg.auth; + td->xform.chain.auth.auth.key.length = param2->key_length; + td->xform.chain.auth.auth.digest_length = param2->digest_length; + } + } + + RTE_SET_USED(flags); +} + +void +test_tls_record_td_update(struct tls_record_test_data td_inb[], + const struct tls_record_test_data td_outb[], int nb_td, + const struct tls_record_test_flags *flags) +{ + int i; + + for (i = 0; i < nb_td; i++) { + memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data, + td_outb[i].input_text.len); + td_inb[i].output_text.len = td_outb->input_text.len; + + /* Clear outbound specific flags */ + td_inb[i].tls_record_xform.options.iv_gen_disable = 0; + } + + RTE_SET_USED(flags); +} + static int test_tls_record_td_verify(uint8_t *output_text, uint32_t len, const struct tls_record_test_data *td, bool silent) diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 18d689253b..68dd55fef2 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -8,6 +8,8 @@ #include #include +#include "test_security_proto.h" + #define TLS_RECORD_MAX_LEN 16384u struct tls_record_test_data { @@ -70,6 +72,15 @@ int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_re void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, struct tls_record_test_data *td_in); +void test_tls_record_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct tls_record_test_flags *flags, + struct tls_record_test_data *td_array, int nb_td); + +void test_tls_record_td_update(struct tls_record_test_data td_inb[], + const struct tls_record_test_data td_outb[], int nb_td, + const struct tls_record_test_flags *flags); + int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent); From patchwork Thu Dec 7 13:02:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134923 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9AABC43699; Thu, 7 Dec 2023 14:04:10 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DB9A842F47; Thu, 7 Dec 2023 14:02:56 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9CF7642F49 for ; Thu, 7 Dec 2023 14:02:55 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B79PGfa032074; Thu, 7 Dec 2023 05:02:55 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=u5z/S5wcVKEVQ7qP0OsRHQJo75n4qoFiLnM2xPw97IQ=; b=HB0dcfkynHwIT6f5rJ8DyHCg0kmnwGgDHLDXfMHzop1STK8Ts2wIrOzvTwk5k1iNXdTG MJf99/OP1Xq1qG/+EOs8vPX86RhuVEg2vH0SYJuo8HXvoaxaJrfE/yRN4zTL2jWOdjm5 SVbt7U1Fks4INMwZN1u0FfZW2wlFQHJTSuIeDFOA1w7DtpRHsAUMgP/tjthtvC/+0cS3 vEvUdo+HMBEraI/YLZaP5Br2MrMszmJSaU5Pl5SeIszGuhJZdrig0wiHvKs3LYjpzxDn 018fdMS2N2iGM+Z2B3cx2SOMQ1ndfOUpF2nG6goCuO5xJfh1O5AjhxQ2IfI4x7nX0Bvr WA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3uubdd8n6j-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:54 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:53 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:53 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id A4B4F3F7051; Thu, 7 Dec 2023 05:02:50 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , Vidya Sagar Velumuri Subject: [PATCH 11/14] test/crypto: add verification of TLS headers Date: Thu, 7 Dec 2023 18:32:13 +0530 Message-ID: <20231207130216.140-12-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: E08M3jqWi4ojqFACjgfJODP4OyAnw9iS X-Proofpoint-GUID: E08M3jqWi4ojqFACjgfJODP4OyAnw9iS X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add verification of TLS headers in protocol offload tests. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev_security_tls_record.c | 118 +++++++++++++++++- 1 file changed, 117 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 6f106050c2..bcb2eba4ff 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -3,6 +3,8 @@ */ #include +#include +#include #include "test.h" #include "test_cryptodev_security_tls_record.h" @@ -62,8 +64,8 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt const struct tls_record_test_flags *flags, struct tls_record_test_data *td_array, int nb_td) { + int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; - int i; memset(td_array, 0, nb_td * sizeof(*td)); @@ -94,6 +96,59 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } + tls_pkt_size = td->input_text.len; + + if (!td->aead) { + mac_len = td->xform.chain.auth.auth.digest_length; + switch (td->xform.chain.cipher.cipher.algo) { + case RTE_CRYPTO_CIPHER_3DES_CBC: + roundup_len = 8; + exp_nonce_len = 8; + break; + case RTE_CRYPTO_CIPHER_AES_CBC: + roundup_len = 16; + exp_nonce_len = 16; + break; + default: + roundup_len = 0; + exp_nonce_len = 0; + break; + } + } else { + mac_len = td->xform.aead.aead.digest_length; + exp_nonce_len = 8; + } + + switch (td->tls_record_xform.ver) { + case RTE_SECURITY_VERSION_TLS_1_2: + case RTE_SECURITY_VERSION_TLS_1_3: + hdr_len = sizeof(struct rte_tls_hdr); + min_padding = 1; + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + hdr_len = sizeof(struct rte_dtls_hdr); + min_padding = 0; + break; + default: + hdr_len = 0; + min_padding = 0; + break; + } + + tls_pkt_size += mac_len; + + /* Padding */ + tls_pkt_size += min_padding; + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + + /* Explicit nonce */ + tls_pkt_size += exp_nonce_len; + + /* Add TLS header */ + tls_pkt_size += hdr_len; + + td->output_text.len = tls_pkt_size; + RTE_SET_USED(flags); } @@ -160,6 +215,60 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, return TEST_SUCCESS; } +static int +tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) +{ + uint16_t length, hdr_len; + uint8_t content_type; + + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_2) { + const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text; + if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) { + printf("Incorrect header version [expected - %4x, received - %4x]\n", + RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version)); + return TEST_FAILED; + } + content_type = hdr->type; + length = rte_be_to_cpu_16(hdr->length); + hdr_len = sizeof(struct rte_tls_hdr); + } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { + const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text; + if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_3) { + printf("Incorrect header version [expected - %4x, received - %4x]\n", + RTE_TLS_VERSION_1_3, rte_be_to_cpu_16(hdr->version)); + return TEST_FAILED; + } + content_type = hdr->type; + length = rte_be_to_cpu_16(hdr->length); + hdr_len = sizeof(struct rte_tls_hdr); + } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_DTLS_1_2) { + const struct rte_dtls_hdr *hdr = (const struct rte_dtls_hdr *)output_text; + if (rte_be_to_cpu_16(hdr->version) != RTE_DTLS_VERSION_1_2) { + printf("Incorrect header version [expected - %4x, received - %4x]\n", + RTE_DTLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version)); + return TEST_FAILED; + } + content_type = hdr->type; + length = rte_be_to_cpu_16(hdr->length); + hdr_len = sizeof(struct rte_dtls_hdr); + } else { + return TEST_FAILED; + } + + if (content_type != td->app_type) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } + + if (length != td->output_text.len - hdr_len) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + td->output_text.len - hdr_len, length); + return TEST_FAILED; + } + + return TEST_SUCCESS; +} int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, @@ -169,6 +278,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t uint8_t output_text[TLS_RECORD_MAX_LEN]; const struct rte_mbuf *seg; const uint8_t *output; + int ret; memset(output_text, 0, TLS_RECORD_MAX_LEN); @@ -193,6 +303,12 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t memcpy(output_text, output, len); } + if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) { + ret = tls_record_hdr_verify(td, output_text); + if (ret != TEST_SUCCESS) + return ret; + } + /* * In case of known vector tests & all record read (decrypt) tests, res_d provided would be * NULL and output data need to be validated against expected. For record read (decrypt), From patchwork Thu Dec 7 13:02:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134924 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8334D43699; Thu, 7 Dec 2023 14:04:19 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 806E642F53; Thu, 7 Dec 2023 14:03:00 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id B6ABA42F53 for ; Thu, 7 Dec 2023 14:02:59 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B76M5Q1017036; Thu, 7 Dec 2023 05:02:59 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=XZ2uqnRpve9jWBiTvpbEEiaFiLbPB3JpKkbXFhdRCBE=; b=StFIErLAFC8LKQ45smJk0PNDf4kXm+eImKQ2ttqYHeq9VtiH8YiYdolxpgEvfn1eRIdE jdZq3y6ROSeFQthseYyVnx+Vs4z4XM2YZbJZzFs6gmUSF1H7OP/kXRS8rbDzxpWfNB+Z zsd2MHVx1FfcEDuhS8ec04JjT22lU82/pReiM815W5oeXvOdHuP83SN6LZPQikasqcW1 llIrbYq6f4/JbPQoO0ofjKCNqP4wF39g/l54mUSmFVa4MO5eMhB+e8JF6whQTAfK4H27 3q1M/64eDAwrmD118lgkAA9ITkshmzKwD2EP/cmzGjCyr1dTKKMovcGJKGJi1TSYWTVM zQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3uu8qe98nf-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:58 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:56 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:56 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 8A4EE3F70AD; Thu, 7 Dec 2023 05:02:53 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Vidya Sagar Velumuri , Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , Subject: [PATCH 12/14] test/security: add more algos to combined tests Date: Thu, 7 Dec 2023 18:32:14 +0530 Message-ID: <20231207130216.140-13-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: VBKc1158XNFjTzNF-a1dJGp9mMJgqrDq X-Proofpoint-ORIG-GUID: VBKc1158XNFjTzNF-a1dJGp9mMJgqrDq X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add following algos to combined mode cases. These are intended primarily for TLS record combined mode tests. - AES256-CBC - SHA256-HMAC - SHA1-HMAC [20B] Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test/test_security_proto.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index 6797e8b8c2..efa023b99d 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -70,6 +70,12 @@ static const struct crypto_param cipher_list[] = { .key_length = 16, .iv_length = 16, }, + { + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .alg.cipher = RTE_CRYPTO_CIPHER_AES_CBC, + .key_length = 32, + .iv_length = 16, + }, { .type = RTE_CRYPTO_SYM_XFORM_CIPHER, .alg.cipher = RTE_CRYPTO_CIPHER_AES_CTR, @@ -107,12 +113,24 @@ static const struct crypto_param auth_list[] = { .key_length = 20, .digest_length = 12, }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_SHA1_HMAC, + .key_length = 20, + .digest_length = 20, + }, { .type = RTE_CRYPTO_SYM_XFORM_AUTH, .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC, .key_length = 32, .digest_length = 16, }, + { + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .alg.auth = RTE_CRYPTO_AUTH_SHA256_HMAC, + .key_length = 32, + .digest_length = 32, + }, { .type = RTE_CRYPTO_SYM_XFORM_AUTH, .alg.auth = RTE_CRYPTO_AUTH_SHA384_HMAC, From patchwork Thu Dec 7 13:02:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134925 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6B5C043699; Thu, 7 Dec 2023 14:04:27 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A3CF642F57; Thu, 7 Dec 2023 14:03:03 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 241AD42F63 for ; Thu, 7 Dec 2023 14:03:01 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B76M046016978; Thu, 7 Dec 2023 05:03:01 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=O/dFA8I/soSQexTNrig/Eke5tINU3E1sGsMWvTJyJ0I=; b=MrTALKN9/12EmyO0Tf7bITeUjcdl3TFmC0DqTTx7kpKHe61sTEkajYjGscFeSD2qqS0B dLz3ywNwW2CJ0aok+XCSvV68d+upE2PiFYYQleyTLxqAfSZIGqNFZtm5MszrQ6AexScp wWAMmw+injmJkszsMuJmiLDIWn7VO3LQpm95ucCbVqUTecyHBxn5KjJ0YVzBEJI2ZvRj mG4dohhsqW2lCh/gly97+UAzCnUlO9qLgJi7JgUVw4DanaVsSRWjnHLKAVYHaVD87ZQ1 CCfsj8KTnipTmKLa2SR6XbtqJIh1NjblFNxC1LECvn0z12OoXBNK1i9WqSbqfkYI3uRP SQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3uu8qe98nt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:03:00 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:59 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:59 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 71D9A3F7051; Thu, 7 Dec 2023 05:02:56 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , Vidya Sagar Velumuri Subject: [PATCH 13/14] test/security: add TLS 1.2 and DTLS 1.2 vectors Date: Thu, 7 Dec 2023 18:32:15 +0530 Message-ID: <20231207130216.140-14-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: ZHpCviIdgwEfP_GxUws377AahaKSe4D4 X-Proofpoint-ORIG-GUID: ZHpCviIdgwEfP_GxUws377AahaKSe4D4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Add TLS v1.2 vectors generated using gnuTLS for AES-256, SHA256, 3DES, CHACHA-POLY Add DTLS v1.2 test vectors generated using gnuTLS for AES-128-CBC, AES-256-CBC, SHA1, SHA256, 3DES-CBC, CHACHA20-POLY1305 and NULL cipher Signed-off-by: Akhil Goyal Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 121 ++ app/test/test_cryptodev_security_tls_record.h | 13 + ...yptodev_security_tls_record_test_vectors.h | 1126 +++++++++++++++++ 3 files changed, 1260 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 6070e7f336..86e2ccd483 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -16884,6 +16884,31 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Write record known vector AES-CBC-128-SHA1", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &tls_test_data_aes_128_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-128-CBC-SHA256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_128_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA1", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector 3DES-CBC-SHA1-HMAC", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_3des_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector NULL-SHA1-HMAC", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_null_cipher_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_chacha20_poly1305), + TEST_CASE_NAMED_WITH_DATA( "Read record known vector AES-GCM-128 (vector 1)", ut_setup_security, ut_teardown, @@ -16900,6 +16925,33 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Read record known vector AES-128-CBC-SHA1", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls_test_data_aes_128_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-128-CBC-SHA256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &tls_test_data_aes_128_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA1", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls_test_data_aes_256_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector 3DES-CBC-SHA1-HMAC", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls_test_data_3des_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector NULL-SHA1-HMAC", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls_test_data_null_cipher_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls_test_data_chacha20_poly1305), + TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, @@ -16920,6 +16972,40 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Write record known vector AES-GCM-256", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &dtls_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-128-CBC-SHA1", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_aes_128_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-128-CBC-SHA256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_aes_128_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA1", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_aes_256_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector 3DES-CBC-SHA1-HMAC", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_3des_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector NULL-SHA1-HMAC", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_null_cipher_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &dtls_test_data_chacha20_poly1305), TEST_CASE_NAMED_WITH_DATA( "Read record known vector AES-GCM-128", ut_setup_security, ut_teardown, @@ -16928,6 +17014,41 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Read record known vector AES-GCM-256", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-128-CBC-SHA1", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_aes_128_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-128-CBC-SHA256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_aes_128_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA1", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_aes_256_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector 3DES-CBC-SHA1-HMAC", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_3des_cbc_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector NULL-SHA1-HMAC", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_null_cipher_sha1_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &dtls_test_data_chacha20_poly1305), + TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 68dd55fef2..82a1776265 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -63,6 +63,19 @@ extern struct tls_record_test_data tls_test_data_aes_256_gcm; extern struct tls_record_test_data dtls_test_data_aes_128_gcm; extern struct tls_record_test_data dtls_test_data_aes_256_gcm; extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac; +extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac; +extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac; +extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac; +extern struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac; +extern struct tls_record_test_data tls_test_data_chacha20_poly1305; +extern struct tls_record_test_data dtls_test_data_chacha20_poly1305; +extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac; +extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac; +extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac; +extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; +extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; int test_tls_record_status_check(struct rte_crypto_op *op); diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index fb060275fb..f10f28bb96 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -455,4 +455,1130 @@ struct tls_record_test_data dtls_test_data_aes_256_gcm = { .app_type = 0x17, }; +struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac = { + .auth_key = { + .data = { + 0xd7, 0x8c, 0xe2, 0xda, 0x51, 0x2a, 0xd3, 0x9c, + 0xb4, 0x6c, 0xa1, 0xcf, 0x3f, 0x13, 0xf6, 0x1d, + 0x9e, 0x40, 0x6f, 0x38, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20, + 0x4e, 0x55, 0x4c, 0x4c, 0x20, 0x53, 0x48, 0x41, + 0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 41, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3d, + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20, + 0x4e, 0x55, 0x4c, 0x4c, 0x20, 0x53, 0x48, 0x41, + 0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, + 0x0a, 0x80, 0xa3, 0x85, 0x16, 0x85, 0xbf, 0x31, + 0xca, 0xac, 0x18, 0x8c, 0x4e, 0xd3, 0x02, 0x75, + 0x4e, 0xc9, 0xeb, 0x26, 0xab, + }, + .len = 66, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .key.length = 20, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 20, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_NULL, + .key.length = 0, + .iv.length = 0, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + +struct tls_record_test_data tls_test_data_chacha20_poly1305 = { + .key = { + .data = { + 0xe3, 0x5b, 0x21, 0x49, 0x5d, 0xfa, 0x6d, 0xb5, + 0x93, 0xbf, 0xd3, 0xde, 0xa0, 0xef, 0x8b, 0xb2, + 0x86, 0xf3, 0xae, 0x20, 0x7c, 0x4d, 0x98, 0xda, + 0x20, 0x03, 0x3f, 0x57, 0x9f, 0x45, 0xdc, 0x8f, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x31, 0x2e, 0x32, 0x20, 0x43, + 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x2d, + 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, + 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x0a, + }, + .len = 48, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x40, + 0xdc, 0x3d, 0x81, 0xa1, 0xda, 0x88, 0x24, 0xcf, + 0xeb, 0xd3, 0x38, 0x99, 0x3d, 0x0f, 0xfa, 0xdc, + 0xac, 0x17, 0x8f, 0xa4, 0x20, 0xff, 0x08, 0x3a, + 0x04, 0x70, 0x52, 0xcf, 0x9e, 0x25, 0xf5, 0x98, + 0xf0, 0x5b, 0x0f, 0x80, 0xb1, 0x77, 0x6d, 0x7a, + 0x20, 0x73, 0xf6, 0x10, 0x1b, 0x5e, 0xfd, 0xc4, + 0x3c, 0xe1, 0x40, 0xa1, 0x7c, 0x43, 0xde, 0x13, + 0x6e, 0x43, 0xe2, 0x81, 0x16, 0x9c, 0xf0, 0x4a, + }, + .len = 69, + }, + .imp_nonce = { + .data = { + 0x2e, 0x86, 0x13, 0x09, 0x34, 0xe8, 0xa7, 0x3f, + 0xda, 0x87, 0x68, 0xcb + }, + .len = 12, + }, + .iv = { + .data = { + 0xdc, 0x3d, 0x81, 0xa1, 0xda, 0x88, 0x24, 0xcf, + }, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .key.length = 32, + .iv.length = 8, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 13, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = true, + .app_type = 0x17, +}; + +struct tls_record_test_data dtls_test_data_chacha20_poly1305 = { + .key = { + .data = { + 0x11, 0x6b, 0x4e, 0x91, 0x74, 0x57, 0x15, 0x94, + 0xca, 0x11, 0x2e, 0xe8, 0xb2, 0x48, 0xf1, 0x9b, + 0x49, 0xbd, 0xbf, 0x91, 0x13, 0x4c, 0x83, 0xd7, + 0x24, 0xb1, 0xa1, 0x0e, 0xc1, 0x54, 0xe6, 0xe2, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, + 0x30, 0x2d, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, + 0x30, 0x35, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, + 0x72, 0x0a, + }, + .len = 50, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x42, + 0xd5, 0x38, 0xd0, 0x1e, 0x7e, 0x9d, 0x69, 0xa1, + 0xf9, 0x7c, 0x1f, 0xad, 0x64, 0x24, 0xac, 0x07, + 0x37, 0x3d, 0x7b, 0x8b, 0x63, 0x6e, 0x9d, 0x63, + 0xa2, 0xd2, 0x05, 0x91, 0x1c, 0xa2, 0x5f, 0xbd, + 0x3e, 0x5d, 0x82, 0x37, 0xb4, 0x46, 0x8d, 0x7f, + 0x1c, 0x20, 0xb4, 0x5c, 0xb2, 0x05, 0xdb, 0x84, + 0x77, 0xad, 0x9c, 0xbd, 0x09, 0x14, 0x50, 0x9e, + 0xad, 0xc3, 0xc6, 0xfe, 0x2f, 0x13, 0xf6, 0x79, + 0x65, 0x70, + }, + .len = 79, + }, + .imp_nonce = { + .data = { + 0x5b, 0xb2, 0x29, 0x02, 0x14, 0x1d, 0xf1, 0x86, + 0x5a, 0xe5, 0x70, 0x3f, + }, + .len = 12, + }, + .iv = { + .data = { + 0xd5, 0x38, 0xd0, 0x1e, 0x7e, 0x9d, 0x69, 0xa1, + }, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .key.length = 32, + .iv.length = 8, + .iv.offset = IV_OFFSET, + .digest_length = 16, + .aad_length = 21, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = true, + .app_type = 0x17, +}; + +struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac = { + .auth_key = { + .data = { + 0xb1, 0x1d, 0x4f, 0x46, 0x23, 0x42, 0x51, 0x51, + 0xda, 0x91, 0x59, 0x01, 0xde, 0x9e, 0x0c, 0x27, + 0xe6, 0x8a, 0xdc, 0xf8, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x4e, 0x55, 0x4c, 0x4c, 0x20, 0x63, 0x69, + 0x70, 0x68, 0x65, 0x72, 0x20, 0x53, 0x48, 0x41, + 0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x0a, + }, + .len = 49, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x45, + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x4e, 0x55, 0x4c, 0x4c, 0x20, 0x63, 0x69, + 0x70, 0x68, 0x65, 0x72, 0x20, 0x53, 0x48, 0x41, + 0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, + 0x0a, 0xfc, 0x24, 0x2f, 0x1c, 0x74, 0xda, 0x3d, + 0xb3, 0xa9, 0x81, 0x51, 0xcb, 0x9b, 0xb6, 0x7e, + 0x25, 0xa6, 0x53, 0x04, 0x2f, + }, + .len = 82, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .key.length = 20, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 20, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_NULL, + .key.length = 0, + .iv.length = 0, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + +struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac = { + .key = { + .data = { + 0x6f, 0x78, 0x95, 0x1f, 0x08, 0xff, 0xd7, 0xa6, + 0x7f, 0x64, 0x70, 0xa8, 0x10, 0xde, 0xce, 0xca, + }, + }, + .auth_key = { + .data = { + 0x8e, 0x8a, 0xae, 0xa2, 0xe9, 0x8e, 0x4a, 0xa2, + 0x7a, 0xa7, 0x24, 0x76, 0xf1, 0x48, 0x20, 0x25, + 0x8b, 0x04, 0xd7, 0x2d, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 49, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x60, + 0x3a, 0x0f, 0xaf, 0x47, 0x0d, 0x9e, 0x0f, 0x47, + 0x88, 0x23, 0x4e, 0xa0, 0x05, 0x1e, 0x35, 0x99, + 0x03, 0xa8, 0x32, 0x8f, 0x3d, 0x5d, 0xd6, 0xb1, + 0xf1, 0x93, 0x40, 0x16, 0xed, 0x3a, 0xea, 0x0d, + 0xb0, 0x03, 0xcd, 0x56, 0x8f, 0x96, 0x26, 0x00, + 0xb3, 0x54, 0xaf, 0x18, 0xbc, 0x95, 0xfe, 0x3e, + 0x5d, 0xfa, 0x57, 0xa0, 0x8d, 0x95, 0x8f, 0xd2, + 0xab, 0x2e, 0x58, 0x5c, 0xe8, 0x37, 0xff, 0xc5, + 0x00, 0x62, 0xfa, 0x19, 0xfd, 0x39, 0x4f, 0xc2, + 0x10, 0xd3, 0x98, 0x72, 0xec, 0x2f, 0x00, 0x2b, + 0x1c, 0xb9, 0xf4, 0xe2, 0xf4, 0xd4, 0xbf, 0x5b, + 0x77, 0x45, 0x42, 0x57, 0x77, 0x26, 0xff, 0x41, + }, + .len = 109, + }, + .iv = { + .data = { + 0x3a, 0x0f, 0xaf, 0x47, 0x0d, 0x9e, 0x0f, 0x47, + 0x88, 0x23, 0x4e, 0xa0, 0x05, 0x1e, 0x35, 0x99, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .key.length = 20, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 20, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 16, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + +struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac = { + .key = { + .data = { + 0x4c, 0x3f, 0x7e, 0x56, 0xdf, 0x60, 0x0e, 0xfa, + 0x47, 0x8b, 0xb5, 0x44, 0x7f, 0x47, 0xfa, 0x22, + }, + }, + .auth_key = { + .data = { + 0x5b, 0xaa, 0x3c, 0x1a, 0x60, 0x9b, 0x15, 0x04, + 0x02, 0xda, 0xdb, 0x96, 0x5e, 0xd9, 0x7b, 0x7a, + 0xa4, 0xca, 0xd6, 0xab, 0x0b, 0x55, 0x87, 0xef, + 0x20, 0xcd, 0x2e, 0xd5, 0xe4, 0x70, 0xae, 0x36, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x32, 0x35, 0x36, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x70, + 0x9c, 0xfe, 0xdf, 0x4f, 0xaf, 0x86, 0x46, 0xc7, + 0x97, 0xaa, 0x2e, 0xe4, 0xd8, 0x51, 0xa8, 0xbb, + 0x22, 0x25, 0x09, 0xa7, 0x25, 0xb1, 0xa1, 0xe1, + 0xcc, 0xcb, 0x3f, 0x08, 0xae, 0xa9, 0xae, 0xa1, + 0x43, 0xe0, 0xf5, 0x6b, 0x98, 0xda, 0x98, 0x09, + 0x99, 0xfa, 0x8c, 0x01, 0xd8, 0x90, 0x0d, 0x42, + 0xcc, 0x5f, 0x1d, 0x52, 0x48, 0xbe, 0xd2, 0x4e, + 0x62, 0xf5, 0x64, 0x89, 0x2f, 0x05, 0x91, 0x4e, + 0x54, 0x3a, 0x58, 0x1c, 0x99, 0xb0, 0xa5, 0x4a, + 0xc1, 0x42, 0xa1, 0x87, 0xa3, 0x00, 0x17, 0x6f, + 0xa8, 0xf8, 0x9d, 0xae, 0xaf, 0x40, 0xf8, 0x72, + 0xbf, 0xad, 0xbe, 0x68, 0x74, 0x20, 0xe5, 0xe9, + 0x1b, 0x1d, 0x17, 0x28, 0xf7, 0xb2, 0xf8, 0x01, + 0xc5, 0xcb, 0xca, 0xc5, 0xda, 0x70, 0x1c, 0x7d, + }, + .len = 125, + }, + .iv = { + .data = { + 0x9c, 0xfe, 0xdf, 0x4f, 0xaf, 0x86, 0x46, 0xc7, + 0x97, 0xaa, 0x2e, 0xe4, 0xd8, 0x51, 0xa8, 0xbb, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 32, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 16, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + +struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac = { + .key = { + .data = { + 0xd5, 0x5d, 0xae, 0xb4, 0xb4, 0x6f, 0xef, 0xd9, + 0x08, 0xbd, 0x61, 0xf7, 0x95, 0x50, 0x72, 0x85, + 0x4f, 0x4f, 0x3a, 0x1a, 0x55, 0x5b, 0xa9, 0x65, + 0xcb, 0x54, 0x29, 0xdb, 0xdb, 0xdc, 0xb9, 0x66, + }, + }, + .auth_key = { + .data = { + 0x9f, 0xb0, 0xcb, 0xe1, 0xca, 0xc4, 0x13, 0xa0, + 0x57, 0xa8, 0x5b, 0xd6, 0x5e, 0xe7, 0x8d, 0xfb, + 0xe9, 0x99, 0x05, 0x88, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x31, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 49, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x60, + 0x55, 0xdd, 0x04, 0x79, 0xa9, 0xc2, 0x62, 0x2c, + 0xc1, 0x89, 0x8e, 0xc4, 0x0a, 0x3f, 0x80, 0x2c, + 0x14, 0xcc, 0xa4, 0x01, 0xf3, 0x4f, 0x33, 0x10, + 0xe0, 0x7a, 0xc1, 0x5b, 0xeb, 0x51, 0xd6, 0x34, + 0x51, 0xaf, 0x81, 0x6c, 0xeb, 0xce, 0x97, 0xa2, + 0x27, 0x02, 0x66, 0xb6, 0x35, 0x4c, 0x1c, 0xbd, + 0x5e, 0x8d, 0x1b, 0x12, 0x42, 0xad, 0xf3, 0x43, + 0x52, 0x6d, 0x1b, 0xb5, 0x4f, 0x7c, 0x48, 0xd8, + 0xae, 0xf2, 0x5e, 0xe0, 0xe6, 0x57, 0x3f, 0x61, + 0xa0, 0x8d, 0x3d, 0x42, 0x3c, 0x33, 0xb9, 0x39, + 0x84, 0x06, 0x49, 0xd8, 0xd4, 0xfc, 0x7d, 0x0f, + 0x30, 0x6d, 0x7b, 0x98, 0xee, 0xd3, 0xbd, 0x35, + }, + .len = 109, + }, + .iv = { + .data = { + 0x55, 0xdd, 0x04, 0x79, 0xa9, 0xc2, 0x62, 0x2c, + 0xc1, 0x89, 0x8e, 0xc4, 0x0a, 0x3f, 0x80, 0x2c, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .key.length = 20, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 20, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + +struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac = { + .key = { + .data = { + 0xaa, 0x18, 0xb6, 0x7b, 0xf1, 0x74, 0xf5, 0x8d, + 0xab, 0x6e, 0xfc, 0x12, 0x59, 0x5b, 0xab, 0x6f, + 0xe7, 0x23, 0xc9, 0x80, 0x2e, 0x5d, 0xba, 0x73, + 0x93, 0xd7, 0xe3, 0xc9, 0x86, 0xd7, 0x9c, 0x8e, + }, + }, + .auth_key = { + .data = { + 0x78, 0x92, 0x52, 0xb3, 0x2a, 0x2f, 0x3e, 0xdf, + 0xf0, 0xdd, 0x91, 0xd3, 0xf4, 0xeb, 0xd5, 0xdd, + 0x97, 0x7c, 0x24, 0xb4, 0xec, 0x28, 0xf6, 0xbd, + 0x8f, 0x7b, 0xdf, 0x97, 0x32, 0xdf, 0x81, 0xde, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x32, 0x35, 0x36, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x70, + 0x8f, 0x07, 0x1c, 0x60, 0x41, 0xbd, 0x77, 0x0c, + 0x0b, 0x42, 0xbe, 0x95, 0x80, 0xc5, 0xdb, 0x1c, + 0x46, 0xe4, 0x16, 0x83, 0xf7, 0x89, 0xe4, 0x82, + 0xae, 0xaa, 0x8b, 0xc6, 0x91, 0x1a, 0x34, 0x9c, + 0x23, 0x48, 0x83, 0x4c, 0x21, 0xf4, 0xed, 0xf8, + 0x74, 0x1e, 0xd6, 0x9a, 0x76, 0x6d, 0xa3, 0x53, + 0x56, 0xda, 0x78, 0x22, 0xea, 0x77, 0x87, 0xd0, + 0xb5, 0x73, 0x7c, 0x53, 0x14, 0xdf, 0xc1, 0x84, + 0x93, 0x97, 0xa4, 0x1d, 0x32, 0x1c, 0x57, 0x9a, + 0xdd, 0x29, 0x0d, 0x41, 0x4d, 0x44, 0x4c, 0x7f, + 0x7c, 0xd7, 0xa2, 0x8b, 0xaf, 0xfd, 0x76, 0x24, + 0x81, 0x03, 0x11, 0x9e, 0xd0, 0x62, 0xc1, 0xfd, + 0xc4, 0xe1, 0xf9, 0x88, 0xae, 0xf8, 0x7e, 0x25, + 0xbf, 0xfb, 0xea, 0xa6, 0xe9, 0x70, 0x33, 0x6a, + }, + .len = 125, + }, + .iv = { + .data = { + 0x8f, 0x07, 0x1c, 0x60, 0x41, 0xbd, 0x77, 0x0c, + 0x0b, 0x42, 0xbe, 0x95, 0x80, 0xc5, 0xdb, 0x1c, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 32, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + +struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac = { + .key = { + .data = { + 0x2f, 0x60, 0xdc, 0xe6, 0x75, 0x71, 0xaa, 0x11, + 0xb6, 0x37, 0xc3, 0x8e, 0xc4, 0x72, 0x19, 0xec, + 0xc7, 0xd5, 0x43, 0x9b, 0x35, 0xe9, 0x5f, 0xc4, + }, + }, + .auth_key = { + .data = { + 0x3e, 0xaa, 0x47, 0xfc, 0x45, 0x1c, 0x49, 0xe0, + 0xf1, 0x76, 0x82, 0x70, 0xb2, 0xbd, 0x43, 0x49, + 0xc5, 0x31, 0x2b, 0xf0, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x33, 0x44, 0x45, 0x53, 0x2d, 0x43, 0x42, + 0x43, 0x20, 0x53, 0x48, 0x41, 0x31, 0x20, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x76, + 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 46, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x50, + 0xe1, 0xae, 0x8c, 0x7d, 0x1c, 0x50, 0x3d, 0xb4, + 0xf6, 0xd0, 0x63, 0xc2, 0x70, 0x4e, 0x01, 0x2d, + 0x78, 0x0e, 0xbc, 0x88, 0xf3, 0xf6, 0xaa, 0x75, + 0xf8, 0x72, 0xe3, 0x4b, 0x3f, 0x3e, 0xf7, 0x91, + 0x5c, 0x20, 0xd9, 0x66, 0x1d, 0x76, 0xa7, 0x4e, + 0x14, 0x50, 0x51, 0x79, 0x37, 0xc2, 0xbb, 0x7a, + 0xdb, 0x89, 0x3d, 0xaa, 0x98, 0x68, 0x67, 0x17, + 0xb2, 0x68, 0x30, 0x25, 0x98, 0xa4, 0x26, 0xa1, + 0xaf, 0x91, 0x18, 0x16, 0x2e, 0x66, 0x75, 0xb7, + 0xd5, 0x59, 0x66, 0x13, 0x40, 0xce, 0x5e, 0xe0, + }, + .len = 93, + }, + .iv = { + .data = { + 0xe1, 0xae, 0x8c, 0x7d, 0x1c, 0x50, 0x3d, 0xb4, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .key.length = 20, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 20, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_3DES_CBC, + .key.length = 24, + .iv.length = 8, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + +struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac = { + .key = { + .data = { + 0x77, 0xe2, 0xad, 0x5f, 0x3a, 0xac, 0xae, 0xaf, + 0x29, 0x4c, 0x94, 0xe0, 0x27, 0x99, 0x1a, 0x6c, + }, + }, + .auth_key = { + .data = { + 0x1e, 0xbb, 0x70, 0xaf, 0x09, 0x9d, 0x1b, 0xbd, + 0xd9, 0xce, 0x48, 0x9b, 0x42, 0x52, 0x53, 0x1b, + 0x16, 0x37, 0xdb, 0xc5, 0x0a, 0x0f, 0x01, 0xa4, + 0x57, 0x22, 0x84, 0x95, 0xa5, 0xea, 0x33, 0x61, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, + 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, 0x32, + 0x35, 0x36, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, + 0x72, 0xa, + }, + .len = 50, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x70, + 0xe4, 0xe7, 0xdf, 0x4b, 0x35, 0x8d, 0xcd, 0xc2, + 0x0c, 0x83, 0x54, 0xb9, 0x7c, 0x11, 0x39, 0xcc, + 0xb8, 0x52, 0xd8, 0x79, 0x39, 0x0e, 0x5e, 0xe8, + 0x13, 0x5e, 0xd0, 0x7e, 0x19, 0xd1, 0xbb, 0x5c, + 0x33, 0xdd, 0x95, 0xc9, 0x71, 0x22, 0xa1, 0xae, + 0x21, 0x99, 0x89, 0xde, 0x9a, 0x88, 0xdd, 0x53, + 0x46, 0x7c, 0xa4, 0xdd, 0x21, 0xb6, 0xe1, 0x19, + 0x41, 0xc9, 0xd2, 0x27, 0xa3, 0xec, 0x3f, 0x9a, + 0xd5, 0x53, 0x07, 0x0c, 0x1f, 0xb8, 0x3d, 0xdf, + 0xaf, 0x87, 0xa2, 0x67, 0x97, 0xd0, 0x3f, 0xf5, + 0x25, 0x9c, 0xfd, 0x9d, 0x40, 0x22, 0x91, 0xb7, + 0xed, 0xb0, 0xfc, 0x93, 0xd9, 0xa6, 0x1c, 0x04, + 0x5f, 0xc8, 0x55, 0x4c, 0x32, 0x5f, 0x0b, 0x65, + 0x87, 0xd1, 0x79, 0x72, 0xc3, 0x44, 0x89, 0x2e, + }, + .len = 117, + }, + .iv = { + .data = { + 0xe4, 0xe7, 0xdf, 0x4b, 0x35, 0x8d, 0xcd, 0xc2, + 0x0c, 0x83, 0x54, 0xb9, 0x7c, 0x11, 0x39, 0xcc, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 32, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 16, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + +struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac = { + .key = { + .data = { + 0xa3, 0x43, 0x65, 0xb7, 0xb1, 0x86, 0x96, 0xc9, + 0xa7, 0x98, 0xe9, 0xcc, 0x3e, 0x97, 0x7b, 0xba, + 0x52, 0x5f, 0x9c, 0x0d, 0x25, 0x1d, 0x07, 0x1f, + 0x97, 0xf8, 0xfa, 0x06, 0x1c, 0x1c, 0x23, 0xed, + }, + }, + .auth_key = { + .data = { + 0x8e, 0xec, 0x48, 0x7b, 0xe9, 0xf2, 0xbb, 0x47, + 0x82, 0x01, 0x49, 0xa3, 0x79, 0x30, 0x47, 0xb8, + 0xd7, 0x28, 0x94, 0x08, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, + 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, 0x31, + 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0xa, + }, + .len = 41, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x50, + 0x7a, 0xc6, 0x7e, 0x16, 0x63, 0x2f, 0x11, 0xd4, + 0x14, 0x22, 0x8f, 0xfa, 0x0a, 0x60, 0xe1, 0x58, + 0x11, 0xa3, 0xa3, 0xef, 0x8a, 0x04, 0xab, 0x87, + 0x20, 0x67, 0xc1, 0x99, 0xde, 0x8a, 0xe9, 0x5a, + 0x1c, 0xd6, 0xbd, 0x46, 0x99, 0xeb, 0x60, 0xad, + 0x06, 0xf4, 0xfe, 0x8f, 0x50, 0x5f, 0x18, 0x52, + 0x0c, 0x70, 0x25, 0xf2, 0xcc, 0x65, 0xff, 0x88, + 0x17, 0xe9, 0xe6, 0xf9, 0x5e, 0x6f, 0xf8, 0xaa, + 0x58, 0xf0, 0x49, 0xb5, 0xb3, 0x5c, 0x0f, 0x62, + 0x06, 0x45, 0x08, 0x4e, 0x98, 0x2e, 0x71, 0x26, + }, + .len = 85, + }, + .iv = { + .data = { + 0x7a, 0xc6, 0x7e, 0x16, 0x63, 0x2f, 0x11, 0xd4, + 0x14, 0x22, 0x8f, 0xfa, 0x0a, 0x60, 0xe1, 0x58, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .key.length = 20, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 20, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + +struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac = { + .key = { + .data = { + 0xed, 0x63, 0xb2, 0xad, 0xa5, 0xb7, 0x95, 0xf1, + 0xf2, 0x64, 0x83, 0xac, 0xd4, 0xbb, 0x37, 0x31, + 0xec, 0xf7, 0x8a, 0xa9, 0xdd, 0x19, 0x6d, 0x47, + 0x12, 0xb4, 0xa0, 0x5b, 0x8f, 0x6f, 0xa7, 0x5d, + }, + }, + .auth_key = { + .data = { + 0xe3, 0x0f, 0x07, 0x9c, 0xee, 0x5a, 0xe6, 0xdd, + 0xd1, 0xc5, 0x49, 0x9a, 0x94, 0x22, 0xd3, 0xee, + 0x13, 0x41, 0x5b, 0x2b, 0x2a, 0x88, 0x89, 0xc9, + 0xd8, 0xeb, 0xbf, 0x16, 0x4d, 0x89, 0xcb, 0x5a, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, + 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, 0x32, + 0x35, 0x36, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, + 0x72, 0xa, + }, + .len = 50, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x70, + 0x83, 0x7c, 0x06, 0xa9, 0x9f, 0x57, 0xf3, 0x53, + 0xc2, 0xca, 0xd5, 0xe0, 0x8d, 0xd0, 0x6d, 0x13, + 0xe9, 0x09, 0xff, 0xf7, 0x56, 0xd6, 0x9b, 0x73, + 0xd5, 0xea, 0x43, 0x55, 0xd1, 0xab, 0x25, 0x66, + 0x6e, 0x06, 0x0a, 0x98, 0xa2, 0x83, 0x4d, 0x91, + 0xef, 0x36, 0x2c, 0xde, 0x69, 0xf5, 0xbc, 0x7f, + 0xf6, 0x98, 0x85, 0xab, 0x89, 0x0f, 0x1e, 0xcb, + 0x54, 0x87, 0xae, 0xab, 0xc6, 0x2e, 0xb9, 0x4c, + 0xa5, 0x16, 0x7f, 0x04, 0x92, 0x2a, 0x59, 0x61, + 0x3c, 0x2e, 0x40, 0x6b, 0xb6, 0xb1, 0x2f, 0x04, + 0x66, 0x55, 0xd1, 0x12, 0x9c, 0x35, 0xb5, 0xbd, + 0xbc, 0x0e, 0xa1, 0xb1, 0x88, 0xe5, 0x4f, 0xdd, + 0x11, 0x47, 0x61, 0xed, 0x85, 0xca, 0xbb, 0x3e, + 0xec, 0xf5, 0xea, 0x49, 0x07, 0x86, 0x1f, 0x2a, + }, + .len = 117, + }, + .iv = { + .data = { + 0x83, 0x7c, 0x06, 0xa9, 0x9f, 0x57, 0xf3, 0x53, + 0xc2, 0xca, 0xd5, 0xe0, 0x8d, 0xd0, 0x6d, 0x13, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 32, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + +struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { + .key = { + .data = { + 0x71, 0x61, 0x3c, 0x0f, 0xbd, 0x54, 0x25, 0xea, + 0x18, 0x1e, 0xae, 0xb8, 0x6d, 0xed, 0xc7, 0xff, + 0x0e, 0x8d, 0x19, 0x20, 0x9e, 0xba, 0x88, 0xbb, + }, + }, + .auth_key = { + .data = { + 0x32, 0x06, 0xea, 0x9c, 0xa8, 0x7a, 0xf5, 0x75, + 0xc5, 0xea, 0xd2, 0x4e, 0x2b, 0x7a, 0xf9, 0x20, + 0x0b, 0xa5, 0x83, 0x53, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, 0x20, + 0x33, 0x44, 0x45, 0x53, 0x2d, 0x43, 0x42, 0x43, + 0x20, 0x53, 0x48, 0x41, 0x31, 0x20, 0x65, 0x78, + 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 45, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x50, + 0x6f, 0xcf, 0x77, 0x13, 0xc3, 0xa2, 0x31, 0x30, + 0x3f, 0xe7, 0x1d, 0x7a, 0xaa, 0xaa, 0x1f, 0x19, + 0xc1, 0xb7, 0x6b, 0xa3, 0x54, 0x24, 0x9c, 0xa6, + 0xe6, 0x8c, 0xf3, 0xef, 0xc5, 0xd4, 0x47, 0xde, + 0x13, 0xe0, 0xf3, 0x2f, 0x91, 0xa1, 0xb9, 0xb0, + 0x4f, 0x16, 0xd3, 0xa9, 0x45, 0xba, 0xd9, 0x37, + 0x07, 0x8d, 0xc6, 0x05, 0x83, 0x07, 0x75, 0x8c, + 0x4b, 0xf5, 0xa4, 0xa0, 0xf8, 0x36, 0xfe, 0x9f, + 0x18, 0xb5, 0x83, 0xb5, 0x47, 0x33, 0x64, 0xdc, + 0x2f, 0xac, 0x95, 0x2a, 0x72, 0xa9, 0x3c, 0xc6, + }, + .len = 85, + }, + .iv = { + .data = { + 0x6f, 0xcf, 0x77, 0x13, 0xc3, 0xa2, 0x31, 0x30, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .key.length = 20, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 20, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_3DES_CBC, + .key.length = 24, + .iv.length = 8, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + #endif From patchwork Thu Dec 7 13:02:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134926 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 49E2743699; Thu, 7 Dec 2023 14:04:40 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3962B42EF1; Thu, 7 Dec 2023 14:03:07 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id D31B542EF1 for ; Thu, 7 Dec 2023 14:03:05 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B79PG3B032040; Thu, 7 Dec 2023 05:03:05 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=rqnepvuZqbVSPRe5AeYlqxxetx/prT86J2i14at4mXs=; b=eICEiMZayaelOqhMjETviVn8OYwDYOrivb60gq3yK1jWddDPdWnxEap4BAiBYDEN4B+N Ptzb1hbu0KELTwVIXes/JYKrHKL6A8IIZGe9m+pduphspPJf7GPBYg0fri09wzg8jBVR 4gH11yvJsQDkTsQYtoj47gN6vbtCJlfSsyGH5z1DbtpinWgszJLqnZNqKkI4Z8oTpoGi o6qXbs/f/aU8Wmv4czXpTYsajAiJ0parX8JYQ9ZZ2h10ZGvvAR3bvI2PdM4goeFjaBCT xxIVMYuieKeJ8wbAYPG1fLR65EATFwbpJlb8NiJssD2yl9nfUU96VErQFkH4WVUlSFRK 7Q== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3uubdd8n7m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:03:05 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:03:03 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:03:03 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 99DCF3F70B2; Thu, 7 Dec 2023 05:02:59 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Tejasree Kondoj , Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , "Vidya Sagar Velumuri" Subject: [PATCH 14/14] test/crypto: add multi segmented cases Date: Thu, 7 Dec 2023 18:32:16 +0530 Message-ID: <20231207130216.140-15-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: _9d9aNtVvEOCdYrO4TO4oUvpXNrvbdZ2 X-Proofpoint-GUID: _9d9aNtVvEOCdYrO4TO4oUvpXNrvbdZ2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Tejasree Kondoj Add multi segmented buffer test cases in TLS suites. Signed-off-by: Tejasree Kondoj Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 29 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.h | 1 + doc/guides/rel_notes/release_24_03.rst | 4 +++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 86e2ccd483..b208cca4e2 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11699,6 +11699,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], struct tls_record_test_data res_d[], int nb_td, bool silent, const struct tls_record_test_flags *flags) { + int nb_segs = flags->nb_segs_in_mbuf ? flags->nb_segs_in_mbuf : 1; struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; struct rte_security_tls_record_xform tls_record_xform; @@ -11801,7 +11802,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], for (i = 0; i < nb_td; i++) { /* Setup source mbuf payload */ ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, - 1, 0); + nb_segs, 0); pktmbuf_write(ut_params->ibuf, 0, td[i].input_text.len, td[i].input_text.data); /* Generate crypto op data structure */ @@ -11958,6 +11959,24 @@ test_tls_record_proto_display_list(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl(void) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + #endif static int @@ -16956,6 +16975,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_tls_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Multi-segmented mode", + ut_setup_security, ut_teardown, + test_tls_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17053,6 +17076,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_tls_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Multi-segmented mode", + ut_setup_security, ut_teardown, + test_tls_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 82a1776265..0bd83f88f0 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -55,6 +55,7 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; + int nb_segs_in_mbuf; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; diff --git a/doc/guides/rel_notes/release_24_03.rst b/doc/guides/rel_notes/release_24_03.rst index e9c9717706..0d226e9644 100644 --- a/doc/guides/rel_notes/release_24_03.rst +++ b/doc/guides/rel_notes/release_24_03.rst @@ -55,6 +55,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Added TLS record test suite.** + + Added a new test suite in cryptodev autotest framework to test TLS record + security offload by supported cryptodevs. Removed Items -------------