From patchwork Tue Mar 5 07:21:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137962 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7AC4443C4C; Tue, 5 Mar 2024 08:22:26 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5CACA40A89; Tue, 5 Mar 2024 08:22:23 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A97234069D for ; Tue, 5 Mar 2024 08:22:21 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4256kBgG028932; Mon, 4 Mar 2024 23:22:20 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=QUZcyTj5XidC+pbqc55KVF8529MavEbdwy3kwFi1fM8=; b=dZ9 5ltuwJW1kDuooRkO1fyfR4vNSROMdUQkNm2yiehvod4KDUhiEfValZ2QdNJl+52z fDPxtDGu/97tqf4ptpL+Il99xHSfs46iI/xjG+HZSiX+wjNjajPlRPyegxoJGjSR qOhv8KNgPvTBBh0J3TI4+VLMYjHiOu5Z6fCwwMJ42FK4+9u4IZaBGMB9R4KDTnx4 9b+qyWlNiVMLs90HTQ+MXEm22tfI9KitzeRZSFxn1ScCkRoId8dPS2MvIMDxLD+G 6m3GB/gw9lW9ujomCYW8qxmlyxPTgRBMC1dwblU1YjsCJFEYBnVX0QlIqLtWgueJ OiFoHIXaX7uN+dU+XtQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wnxdcr2s6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:20 -0800 (PST) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:19 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:19 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 460D83F707B; Mon, 4 Mar 2024 23:22:17 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang , Anoob Joseph , Vidya Sagar Velumuri CC: , , Subject: [PATCH 01/21] test/security: enable AES-GCM in combined mode TLS Date: Tue, 5 Mar 2024 12:51:53 +0530 Message-ID: <20240305072213.283205-2-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: GNAX9bjwpc4xzLyWvKRTscnuZaQYvCXx X-Proofpoint-GUID: GNAX9bjwpc4xzLyWvKRTscnuZaQYvCXx X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Enable AES-GCM AEAD tests in combined mode TLS test suite. Coverity issue: 414888 Fixes: 9157ccb8f876 ("test/crypto: verify TLS headers") Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev_security_tls_record.c | 10 ++++++++-- app/test/test_security_proto.h | 3 +++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index bcb2eba4ff..14a7a2511e 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -116,6 +116,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } else { mac_len = td->xform.aead.aead.digest_length; + roundup_len = 0; exp_nonce_len = 8; } @@ -123,7 +124,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt case RTE_SECURITY_VERSION_TLS_1_2: case RTE_SECURITY_VERSION_TLS_1_3: hdr_len = sizeof(struct rte_tls_hdr); - min_padding = 1; + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); @@ -139,7 +143,9 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt /* Padding */ tls_pkt_size += min_padding; - tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + + if (roundup_len) + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); /* Explicit nonce */ tls_pkt_size += exp_nonce_len; diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index efa023b99d..5b92daa810 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -27,16 +27,19 @@ static const struct crypto_param aead_list[] = { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 16, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 24, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 32, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, From patchwork Tue Mar 5 07:21:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137963 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8A7F643C4C; Tue, 5 Mar 2024 08:22:34 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 10D4840E7C; Tue, 5 Mar 2024 08:22:27 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 5925140A7D for ; Tue, 5 Mar 2024 08:22:25 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 424LRwqi014925; Mon, 4 Mar 2024 23:22:24 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=kF8VHB7Q0emtzyzSYDBLXB4MUw9KBl5ITHsM+6sQZJg=; b=cJZ CCnMpu3qmOGMV8vgkEVvT4ptZr5ArwT25wJ2b1lu+6mpwM6Fu4i2e6BPfUdxaP59 AxZXoBj3FicvfEg3ijJf6Y6rGAuV7N0LVsmCV3JBet/k0DEmKTnYhk8p+O+ZxMQx BTq1U9VGZPXXvTv1Rk2VJUadHNQAaJKJGkCAKgHuZUjsbltnTZUyQkUvQ+UvBYvM EYHZukg1Gsr+CERd2K8V8VnZHrpkbwN8EZMimq+5cwOsfYpFZdETgOuRV597u8kg QgjGPCY5ZJi5o3ZNFURkJLKRyabMbXeX9H94FQ7NJYfASRBvWKJg4pSY7V66WDID ijN0g4zIoGXPAQdUFZQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr8xc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:24 -0800 (PST) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:23 -0800 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 4 Mar 2024 23:22:22 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:22 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 60E863F706D; Mon, 4 Mar 2024 23:22:20 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang , Anoob Joseph CC: , , , Subject: [PATCH 02/21] test/security: add TLS 1.2 data walkthrough test Date: Tue, 5 Mar 2024 12:51:54 +0530 Message-ID: <20240305072213.283205-3-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: cJqz2JUnPMfxvdlioVUZF_nllb9CdEkD X-Proofpoint-GUID: cJqz2JUnPMfxvdlioVUZF_nllb9CdEkD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add data walkthrough test for TLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 90 +++++++++++++++++-- app/test/test_cryptodev.h | 12 ++- app/test/test_cryptodev_security_tls_record.c | 25 ++++-- app/test/test_cryptodev_security_tls_record.h | 41 ++++++++- app/test/test_security_proto.c | 17 ++++ app/test/test_security_proto.h | 6 ++ 6 files changed, 171 insertions(+), 20 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index c61ae9cfcc..7c6c7d572c 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -858,6 +858,8 @@ ipsec_proto_testsuite_setup(void) static int tls_record_proto_testsuite_setup(void) { + test_sec_proto_pattern_generate(); + return sec_proto_testsuite_setup(RTE_SECURITY_PROTOCOL_TLS_RECORD); } @@ -11958,14 +11960,30 @@ test_tls_record_proto_known_vec_read(const void *test_data) static int test_tls_record_proto_all(const struct tls_record_test_flags *flags) { + unsigned int i, nb_pkts = 1, pass_cnt = 0, payload_len, max_payload_len; struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; - unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; + switch (flags->tls_version) { + case RTE_SECURITY_VERSION_TLS_1_2: + max_payload_len = TLS_1_2_RECORD_PLAINTEXT_MAX_LEN; + break; + case RTE_SECURITY_VERSION_TLS_1_3: + max_payload_len = TLS_1_3_RECORD_PLAINTEXT_MAX_LEN; + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + max_payload_len = DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN; + break; + default: + max_payload_len = 0; + } + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; +again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts); + td_outb, nb_pkts, payload_len); ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) @@ -11983,6 +12001,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_FAILED) return TEST_FAILED; + if (flags->data_walkthrough && (++payload_len <= max_payload_len)) + goto again; + if (flags->display_alg) test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); @@ -11996,22 +12017,69 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) } static int -test_tls_record_proto_display_list(void) +test_tls_1_2_record_proto_data_walkthrough(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.data_walkthrough = true; + flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2; + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_display_list(void) { struct tls_record_test_flags flags; memset(&flags, 0, sizeof(flags)); flags.display_alg = true; + flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2; return test_tls_record_proto_all(&flags); } static int -test_tls_record_proto_sgl(void) +test_tls_1_2_record_proto_sgl(void) { struct tls_record_test_flags flags = { - .nb_segs_in_mbuf = 5 + .nb_segs_in_mbuf = 5, + .tls_version = RTE_SECURITY_VERSION_TLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_display_list(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_sgl(void) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 }; struct crypto_testsuite_params *ts_params = &testsuite_params; struct rte_cryptodev_info dev_info; @@ -17081,11 +17149,15 @@ static struct unit_test_suite tls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, - test_tls_record_proto_display_list), + test_tls_1_2_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Data walkthrough combined test alg list", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_data_walkthrough), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, - test_tls_record_proto_sgl), + test_tls_1_2_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17182,11 +17254,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, - test_tls_record_proto_display_list), + test_dtls_1_2_record_proto_display_list), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, - test_tls_record_proto_sgl), + test_dtls_1_2_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index f27d9697fd..e4e99d00c1 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -5,6 +5,9 @@ #define TEST_CRYPTODEV_H_ #include +#ifdef RTE_LIB_SECURITY +#include "test_security_proto.h" +#endif #define HEX_DUMP 0 @@ -21,9 +24,16 @@ #define DEFAULT_NUM_XFORMS (2) #define NUM_MBUFS (8191) #define MBUF_CACHE_SIZE (256) + +#ifdef RTE_LIB_SECURITY +#define MBUF_DATAPAYLOAD_SIZE RTE_MAX((unsigned int)(4096 + DIGEST_BYTE_LENGTH_SHA512), \ + TEST_SEC_CIPHERTEXT_MAX_LEN) +#else #define MBUF_DATAPAYLOAD_SIZE (4096 + DIGEST_BYTE_LENGTH_SHA512) +#endif + #define MBUF_SIZE (sizeof(struct rte_mbuf) + \ - RTE_PKTMBUF_HEADROOM + MBUF_DATAPAYLOAD_SIZE) + RTE_PKTMBUF_HEADROOM + MBUF_DATAPAYLOAD_SIZE) #define BYTE_LENGTH(x) (x/8) /* HASH DIGEST LENGTHS */ diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 14a7a2511e..3745c6a0d1 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -62,7 +62,8 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, void test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td) + struct tls_record_test_data *td_array, + int nb_td, unsigned int data_len) { int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; @@ -76,7 +77,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) + memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); + else + memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; @@ -84,7 +88,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->xform.aead.aead.digest_length = param1->digest_length; } else { /* Copy template for packet & key fields */ - memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) + memcpy(td, &dtls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + else + memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); td->aead = false; td->xform.chain.cipher.cipher.algo = param1->alg.cipher; @@ -96,6 +103,11 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } + if (flags->data_walkthrough) { + test_sec_proto_pattern_set(td->input_text.data, data_len); + td->input_text.len = data_len; + } + tls_pkt_size = td->input_text.len; if (!td->aead) { @@ -221,6 +233,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, return TEST_SUCCESS; } + static int tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) { @@ -280,13 +293,13 @@ int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent) { + uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN]; uint32_t len = rte_pktmbuf_pkt_len(m), data_len; - uint8_t output_text[TLS_RECORD_MAX_LEN]; const struct rte_mbuf *seg; const uint8_t *output; int ret; - memset(output_text, 0, TLS_RECORD_MAX_LEN); + memset(output_text, 0, TEST_SEC_CIPHERTEXT_MAX_LEN); /* * Actual data in packet might be less in error cases, hence take minimum of pkt_len and sum @@ -300,7 +313,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t } len = RTE_MIN(len, data_len); - TEST_ASSERT(len <= TLS_RECORD_MAX_LEN, "Invalid packet length: %u", len); + TEST_ASSERT(len <= TEST_SEC_CIPHERTEXT_MAX_LEN, "Invalid packet length: %u", len); /* Copy mbuf payload to continuous buffer */ output = rte_pktmbuf_read(m, 0, len, output_text); diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 0bd83f88f0..14f73a5073 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -10,7 +10,37 @@ #include "test_security_proto.h" -#define TLS_RECORD_MAX_LEN 16384u +/* TLS 1.2 Ciphertext length can be up to (2^14 + 2048 + 5 (TLS Header)) Bytes */ +#define TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (18437u) +static_assert(TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.2 Plaintext length can be up to (2^14 + 1024) Bytes */ +#define TLS_1_2_RECORD_PLAINTEXT_MAX_LEN (17408u) +static_assert(TLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* DTLS 1.2 Ciphertext length is similar to TLS 1.2 */ +#define DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (18437u) +static_assert(DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* DTLS 1.2 Plaintext length is similar to TLS 1.2 */ +#define DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN (17408u) +static_assert(DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.3 Ciphertext length can be up to (2^14 + 256 + 5 (TLS Header)) Bytes */ +#define TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN (16645u) +static_assert(TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.3 Plaintext length can be up to 2^14 Bytes */ +#define TLS_1_3_RECORD_PLAINTEXT_MAX_LEN (16384u) +static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +#define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) struct tls_record_test_data { struct { @@ -22,12 +52,12 @@ struct tls_record_test_data { } auth_key; struct { - uint8_t data[TLS_RECORD_MAX_LEN]; + uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; unsigned int len; } input_text; struct { - uint8_t data[TLS_RECORD_MAX_LEN]; + uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; unsigned int len; } output_text; @@ -56,6 +86,8 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; int nb_segs_in_mbuf; + bool data_walkthrough; + enum rte_security_tls_version tls_version; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -89,7 +121,8 @@ void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_ou void test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td); + struct tls_record_test_data *td_array, int nb_td, + unsigned int data_len); void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_data td_outb[], int nb_td, diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c index d242c852af..cf40d5fc9a 100644 --- a/app/test/test_security_proto.c +++ b/app/test/test_security_proto.c @@ -13,6 +13,8 @@ struct crypto_param_comb sec_alg_list[RTE_DIM(aead_list) + struct crypto_param_comb sec_auth_only_alg_list[2 * (RTE_DIM(auth_list) - 1)]; +static uint8_t cleartext_pattern[TEST_SEC_CLEARTEXT_MAX_LEN]; + void test_sec_alg_list_populate(void) { @@ -152,3 +154,18 @@ test_sec_alg_display(const struct crypto_param *param1, const struct crypto_para } printf("\n"); } + +void +test_sec_proto_pattern_generate(void) +{ + unsigned int i; + + for (i = 0; i < TEST_SEC_CLEARTEXT_MAX_LEN; i++) + cleartext_pattern[i] = (i + 1) & 0xff; +} + +void +test_sec_proto_pattern_set(uint8_t *buf, int len) +{ + rte_memcpy(buf, cleartext_pattern, len); +} diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index 5b92daa810..c737443081 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -8,6 +8,8 @@ #include #include +#define TEST_SEC_CLEARTEXT_MAX_LEN (17408u) +#define TEST_SEC_CIPHERTEXT_MAX_LEN (18437u) #define TEST_SEC_PKTS_MAX 32 struct crypto_param { @@ -186,4 +188,8 @@ int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_c void test_sec_alg_display(const struct crypto_param *param1, const struct crypto_param *param2); +void test_sec_proto_pattern_generate(void); + +void test_sec_proto_pattern_set(uint8_t *buf, int len); + #endif From patchwork Tue Mar 5 07:21:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137970 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3ACA543C4C; Tue, 5 Mar 2024 08:23:33 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 358EA42DE4; Tue, 5 Mar 2024 08:22:50 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id D296D42DDF for ; Tue, 5 Mar 2024 08:22:48 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4256jEIp027001; Mon, 4 Mar 2024 23:22:48 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=cp1nBti/Z31OMOH6WZfQl4bZXMCm0LQxrlcP0Ko47Zs=; b=Nat mOld5q/UeZcauzLbo5Ew/VtRI7KFpLfk4kp59c0e/u8STRQlv7qmw+40ojtXK8iK g2NqIimyALaoXI9JwzQZ1zCOPhVeoTJSpZ/APDM0hl0x11M4TJ5uSsPwKd1/YQb7 mh39gLuiUPBUTmEgAYHVzuHN+LjxB+HRJqKOeZVX+1LktsgjCFiv6OC3o7pCCtI0 jq0Yf5eNXXyySAAEIIMCVyzvJBsXyQDRCR2ywV6aJkPx4dQtn4HvioOOncn/Dl58 pQj3bqrOJLzEX+FEX7o2QuWXFM4mCaBjWP/rUO2U9aPBKKoTTb5wh4j/QEHAS/zr J3IWPYcEuKLfJv6NA6w== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wnxdcr2tg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:47 -0800 (PST) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:47 -0800 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 4 Mar 2024 23:22:25 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:25 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 77F193F704E; Mon, 4 Mar 2024 23:22:23 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 03/21] test/security: add DTLS 1.2 data walkthrough test Date: Tue, 5 Mar 2024 12:51:55 +0530 Message-ID: <20240305072213.283205-4-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: bN2HOSrwwLtJhUhnfZgsUWiwMBZcvvQm X-Proofpoint-GUID: bN2HOSrwwLtJhUhnfZgsUWiwMBZcvvQm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add data walkthrough test for DTLS 1.2 Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 17 +++++++++++++++++ app/test/test_cryptodev_security_tls_record.c | 5 ++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 7c6c7d572c..20653beb03 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12061,6 +12061,19 @@ test_tls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_data_walkthrough(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.data_walkthrough = true; + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_display_list(void) { @@ -17255,6 +17268,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Data walkthrough combined test alg list", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_data_walkthrough), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 3745c6a0d1..92bcbff842 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -143,7 +143,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); - min_padding = 0; + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; default: hdr_len = 0; From patchwork Tue Mar 5 07:21:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137964 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AE43643C4C; Tue, 5 Mar 2024 08:22:41 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 577DF410E8; Tue, 5 Mar 2024 08:22:32 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id B05C0410E6 for ; Tue, 5 Mar 2024 08:22:30 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4253i5Oq025178; Mon, 4 Mar 2024 23:22:30 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=fZ1JcPDck1N8xYQ9bbBXESP4sj9F8x2M+ecz9EanFtU=; b=FSj 46GUJmY406skFBxzTnEGCKWz3uUO0cKZP7czc+gR9UecMGlRk6f2/EFazz/WnQEv tqEHwHT9XmY1Ylw31OdUvSet8oa1fGeRGH2fWbeW0msVSjGYUlIgq+mQQql+Wm1J i55SH4lBzSmu/LHcwIPrQV+GzdF8nZ6rZj+PPVJNa8BzWWgNZECLKiDyi/Mif6s2 x5284btKg7lGf9jEnNvN5qvkZHbRtf7AaMVOmJbqZmvf7gy8uvPpv39rYK43OWWS XgRhpRnXK3fxmlXV4xtjH4svl9/cREQUtEI/eM9L3/5LAgXfUjDV1WWqz3OsPGTt 3u5tc8rtH5kM2Wy0TwQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr8xr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:29 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:29 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:29 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 8CBC03F706D; Mon, 4 Mar 2024 23:22:26 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 04/21] test/security: add TLS SG data walkthrough test Date: Tue, 5 Mar 2024 12:51:56 +0530 Message-ID: <20240305072213.283205-5-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: MYms4sNExVDVSDiXmMHBz7PwRKRydYSY X-Proofpoint-GUID: MYms4sNExVDVSDiXmMHBz7PwRKRydYSY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add multi segment packet data walkthrough test for TLS 1.2 and DTLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 42 +++++++++++++++++++ app/test/test_cryptodev_security_tls_record.h | 2 +- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 20653beb03..5922c2162a 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11981,6 +11981,8 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) for (i = 0; i < RTE_DIM(sec_alg_list); i++) { payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; + if (flags->nb_segs_in_mbuf) + payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf); again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, td_outb, nb_pkts, payload_len); @@ -12061,6 +12063,32 @@ test_tls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_version) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .tls_version = tls_version, + .data_walkthrough = true + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_sgl_data_walkthrough(void) +{ + return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -12106,6 +12134,12 @@ test_dtls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_sgl_data_walkthrough(void) +{ + return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2); +} + #endif static int @@ -17171,6 +17205,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl), + TEST_CASE_NAMED_ST( + "Multi-segmented mode data walkthrough", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_sgl_data_walkthrough), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17276,6 +17314,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Multi-segmented mode", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_sgl), + TEST_CASE_NAMED_ST( + "Multi-segmented mode data walkthrough", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sgl_data_walkthrough), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 14f73a5073..34758fb0e1 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -85,7 +85,7 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; - int nb_segs_in_mbuf; + uint8_t nb_segs_in_mbuf; bool data_walkthrough; enum rte_security_tls_version tls_version; }; From patchwork Tue Mar 5 07:21:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137965 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8A1EF43C4C; Tue, 5 Mar 2024 08:22:49 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9597A4111C; Tue, 5 Mar 2024 08:22:35 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id D6F50410FA for ; Tue, 5 Mar 2024 08:22:33 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4254UEuP025179; Mon, 4 Mar 2024 23:22:33 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=0clGZWmA5Zim68FClcGZ0Fyi8lQbS9XI0yUH4Qf4sAc=; b=K3z cDxNYz4mrk6HFoNVNRE00DJ1ef2IpzbI3cF+9vhZabwhrfgTx7ADVotw8u3c4Cqh FBV/iEN5KuIxaaaYFJnvJ66Mg4gsHPRJpB4ZBhLN+NCbYOWm8GLPbFmzORwN8lCp T8u9/i1rOefXn/udfFr7XdaSjzXodqP7Nh7iKY+tZcNe5aPPLHitKv2vyKrgqFcl Aicuse43hlfXsnEG0Y+7GAlypW+N9ZEA7PIeV7GoG+mP+qvB73qChWH1XDre+iEs rCYqBCgN+4KmJw5AebUV51qTD+YmNM2XneVbLq3fF3WByyqbK8soZSnzZVwGOk9w ise04tljKzEqG0Mr/pg== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr8xx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:33 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:32 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:32 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id A4B553F7045; Mon, 4 Mar 2024 23:22:29 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 05/21] test/security: unit test for TLS packet corruption Date: Tue, 5 Mar 2024 12:51:57 +0530 Message-ID: <20240305072213.283205-6-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: k7p6GZIGkhNLJ4YSM1Gs_kzgNAl8H824 X-Proofpoint-GUID: k7p6GZIGkhNLJ4YSM1Gs_kzgNAl8H824 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add test to verify the corrupted TLS packet header Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 27 +++++++++++++++++-- app/test/test_cryptodev_security_tls_record.c | 4 +++ app/test/test_cryptodev_security_tls_record.h | 1 + 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 5922c2162a..04737147e1 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12000,8 +12000,13 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (ret == TEST_FAILED) - return TEST_FAILED; + if (flags->pkt_corruption) { + if (ret == TEST_SUCCESS) + return TEST_FAILED; + } else { + if (ret == TEST_FAILED) + return TEST_FAILED; + } if (flags->data_walkthrough && (++payload_len <= max_payload_len)) goto again; @@ -12089,6 +12094,20 @@ test_tls_1_2_record_proto_sgl_data_walkthrough(void) return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2); } +static int +test_tls_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17209,6 +17228,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "TLS packet header corruption", + ut_setup_security, ut_teardown, + test_tls_record_proto_corrupt_pkt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 92bcbff842..93ff7f36fa 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -185,6 +185,10 @@ test_tls_record_td_update(struct tls_record_test_data td_inb[], td_outb[i].input_text.len); td_inb[i].output_text.len = td_outb->input_text.len; + /* Corrupt the content type in the TLS header of encrypted packet */ + if (flags->pkt_corruption) + td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0]; + /* Clear outbound specific flags */ td_inb[i].tls_record_xform.options.iv_gen_disable = 0; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 34758fb0e1..5faa277740 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -88,6 +88,7 @@ struct tls_record_test_flags { uint8_t nb_segs_in_mbuf; bool data_walkthrough; enum rte_security_tls_version tls_version; + bool pkt_corruption; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; From patchwork Tue Mar 5 07:21:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137966 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 319D143C4C; Tue, 5 Mar 2024 08:23:01 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5467440F16; Tue, 5 Mar 2024 08:22:38 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 3A273427DC for ; Tue, 5 Mar 2024 08:22:37 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4256kBgK028932; Mon, 4 Mar 2024 23:22:36 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=PomvIfqIIDN3s530KOIhpXLeHwNwPff5MSm0VHj8X0o=; b=C3d F/ijn7o8WwKDMbylx6SQ5yQEb5qfKmd/MzbPTqLPzOALUhGKhXMW1gEW7DOP1AUN u9v1QTM2R3IRqrCYph777yBTlOa+YQc3bSGHv7qc22KBuCOSPVnAsiWfie1VP1Q3 TYj9wYqKrgPQBMXMgwmvd7Xf3Rd3Ju22s0KqM1adYOTgjA/rMFlPcdCAR9SE9gMG xJYyVi9PSwBoVcVfmnZzaO+7+/QrPGqooBSSlsCq0eyCaSwGTWl9S2HuS4B3tzun 3crsn38JedM0xCkRUAC7PnIjNCHGTNeP/bxr504jJUbaQoXKYgKXb8M9m7uS6FkY gXcbcqQE6uQZya7kjOw== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wnxdcr2t0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:36 -0800 (PST) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:35 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:35 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id BCD6A3F7045; Mon, 4 Mar 2024 23:22:32 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 06/21] test/security: unit test for custom content verification Date: Tue, 5 Mar 2024 12:51:58 +0530 Message-ID: <20240305072213.283205-7-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: S9r46tBv6z8bTGl1-BUZDZXJ3DFyayqW X-Proofpoint-GUID: S9r46tBv6z8bTGl1-BUZDZXJ3DFyayqW X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit test to verify the TLS header creation with custom content type Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ app/test/test_cryptodev_security_tls_record.c | 3 +++ app/test/test_cryptodev_security_tls_record.h | 9 +++++++++ 3 files changed, 31 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 04737147e1..bee40cd927 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #ifdef RTE_CRYPTO_SCHEDULER @@ -12108,6 +12109,20 @@ test_tls_record_proto_corrupt_pkt(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17232,6 +17247,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "TLS packet header corruption", ut_setup_security, ut_teardown, test_tls_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "Custom content type", + ut_setup_security, ut_teardown, + test_tls_record_proto_custom_content_type), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 93ff7f36fa..9a2af259c9 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -108,6 +108,9 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->input_text.len = data_len; } + if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) + td->app_type = RTE_TLS_TYPE_MAX; + tls_pkt_size = td->input_text.len; if (!td->aead) { diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 5faa277740..b707361fb6 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -42,6 +42,14 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, #define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) +enum tls_record_test_content_type { + TLS_RECORD_TEST_CONTENT_TYPE_APP, + /* For verifying zero packet length */ + TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + /* For verifying handling of custom content types */ + TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, +}; + struct tls_record_test_data { struct { uint8_t data[32]; @@ -89,6 +97,7 @@ struct tls_record_test_flags { bool data_walkthrough; enum rte_security_tls_version tls_version; bool pkt_corruption; + enum tls_record_test_content_type content_type; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; From patchwork Tue Mar 5 07:21:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137967 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 03A9C43C4C; Tue, 5 Mar 2024 08:23:10 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 988DA427E8; Tue, 5 Mar 2024 08:22:41 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 01D63427DC for ; Tue, 5 Mar 2024 08:22:39 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4254UEuT025179; Mon, 4 Mar 2024 23:22:39 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=C7tafcnTDdBl3qxkkiTjMfI0xGCffz3Xqh4OyKrDWQU=; b=VrD FvC4GXhlE3XwsXzO2uM6EhVmicXabxmKnZ5WsME8qgOUt3cSKwta6IgqjLQhEQwU uXcejSio2EjZ5Xtk1SJDyoW1C8/qPa8xSC+appzb0VS3ff1RP0/bj+y+It39m8kB bhSYo3xwnAOSwuCxogdQQ6ywv4XRyH2Wsh3X3YmnxBc2wjqzesQMev7+8bHfoUwM RMBOGJvc+Wk3N0jZQg3sqgX7lwVupBHYKtjVklgCS6rJwkzAyrhv9MSkabODdZm6 ZJWIxE43/R0HqOz2Ow8J//0UXACuCDVdL804sLSaTtOHB0gPuYjYdHNXQgPfALeI ppS/c7QGLXQm/A0coNg== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr8yj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:39 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:38 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:38 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id D28733F7045; Mon, 4 Mar 2024 23:22:35 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 07/21] test/cryptodev: allow zero packet length buffers Date: Tue, 5 Mar 2024 12:51:59 +0530 Message-ID: <20240305072213.283205-8-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: pu4qhxS_LE8NT2jmKyJW0BdXb40T5Qsr X-Proofpoint-GUID: pu4qhxS_LE8NT2jmKyJW0BdXb40T5Qsr X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Anoob Joseph The function 'create_segmented_mbuf' is updated to support zero packet length mbufs. This allows testing of zero packet length payload with TLS record processing. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.h | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index e4e99d00c1..7d877ddfe5 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -192,15 +192,8 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, int nb_segs, uint8_t pattern) { struct rte_mbuf *m = NULL, *mbuf = NULL; + int size, t_len, data_len = 0; uint8_t *dst; - int data_len = 0; - int i, size; - int t_len; - - if (pkt_len < 1) { - printf("Packet size must be 1 or more (is %d)\n", pkt_len); - return NULL; - } if (nb_segs < 1) { printf("Number of segments must be 1 or more (is %d)\n", @@ -212,17 +205,17 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, size = pkt_len; /* Create chained mbuf_src and fill it generated data */ - for (i = 0; size > 0; i++) { + do { m = rte_pktmbuf_alloc(mbuf_pool); - if (i == 0) - mbuf = m; - if (m == NULL) { printf("Cannot create segment for source mbuf"); goto fail; } + if (mbuf == NULL) + mbuf = m; + /* Make sure if tailroom is zeroed */ memset(m->buf_addr, pattern, m->buf_len); @@ -239,7 +232,8 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, size -= data_len; - } + } while (size > 0); + return mbuf; fail: From patchwork Tue Mar 5 07:22:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137968 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C58B143C4C; Tue, 5 Mar 2024 08:23:17 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D0E7A42D7D; Tue, 5 Mar 2024 08:22:44 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 8CE08410EE for ; Tue, 5 Mar 2024 08:22:43 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42546Lgr025169; Mon, 4 Mar 2024 23:22:43 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=n5Fkt7QrZh1rOX1uPBw/41ot5jfvEYkeFnmA0jJQVQw=; b=E+n vmPOwC3wLGaFA2/d7tfJDyVx1PwxW9nwGwuI3LyOgDjrKFrALelEbrHZWxhfLx0I cendeB7GoKk3B+ATIhOJjmh7cRDq6z3/zF0BUjcn6MsIqytaB7YPx+CyP593Qbym 3ynuV7CXFuxyn7VyBCb5nzp089s5fZN8AObKDqs0TSVI6XGVqAH6vrsaoV9iS9lO yeu9xFg1mgGL88Kqc3ychNegDTYt1r6eKYLrIFbn/fTr4HeNAWBB8CxCQg7tgCy6 RdIChGLfjhVFmU351Kjzc5ap5eJ2r5iOgFT2DhpGVqtFI/g0MfL+Nq8fCdB1yJ0f lWbAJ3lrIFE3wYRCxVQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr8yr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:42 -0800 (PST) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:41 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:41 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id EA97B3F7045; Mon, 4 Mar 2024 23:22:38 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 08/21] test/security: unit test to verify zero TLS records Date: Tue, 5 Mar 2024 12:52:00 +0530 Message-ID: <20240305072213.283205-9-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: aFW1DgekQQFMDBJBLf07LNElVfhezi68 X-Proofpoint-GUID: aFW1DgekQQFMDBJBLf07LNElVfhezi68 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the zero len TLS records. Zero len packets are allowed when content type is app data while zero packet length with other content type (such as handshake) would result in an error. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 51 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 5 +- app/test/test_cryptodev_security_tls_record.h | 2 +- 3 files changed, 55 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index bee40cd927..31f4c08d6a 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11984,6 +11984,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; if (flags->nb_segs_in_mbuf) payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf); + + if (flags->zero_len) + payload_len = 0; again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, td_outb, nb_pkts, payload_len); @@ -11992,8 +11995,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (ret == TEST_FAILED) + if (flags->zero_len && + ((flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) || + (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) || + (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE))) { + if (ret == TEST_SUCCESS) + return TEST_FAILED; + goto skip_decrypt; + } else if (ret == TEST_FAILED) { return TEST_FAILED; + } test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); @@ -12009,6 +12020,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) return TEST_FAILED; } +skip_decrypt: if (flags->data_walkthrough && (++payload_len <= max_payload_len)) goto again; @@ -12123,6 +12135,35 @@ test_tls_record_proto_custom_content_type(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17251,6 +17292,14 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Custom content type", ut_setup_security, ut_teardown, test_tls_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "Zero len TLS record with content type as app", + ut_setup_security, ut_teardown, + test_tls_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "Zero len TLS record with content type as ctrl", + ut_setup_security, ut_teardown, + test_tls_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 9a2af259c9..c5410a4c92 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -103,13 +103,15 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } - if (flags->data_walkthrough) { + if (flags->data_walkthrough || flags->zero_len) { test_sec_proto_pattern_set(td->input_text.data, data_len); td->input_text.len = data_len; } if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) td->app_type = RTE_TLS_TYPE_MAX; + else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) + td->app_type = RTE_TLS_TYPE_HANDSHAKE; tls_pkt_size = td->input_text.len; @@ -232,6 +234,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, memcpy(&res_d->input_text.data, output_text, len); res_d->input_text.len = len; + res_d->output_text.len = td->input_text.len; res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ; if (res_d->aead) { diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index b707361fb6..e7ba31c449 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -98,6 +98,7 @@ struct tls_record_test_flags { enum rte_security_tls_version tls_version; bool pkt_corruption; enum tls_record_test_content_type content_type; + bool zero_len; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -140,5 +141,4 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[], int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent); - #endif From patchwork Tue Mar 5 07:22:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137969 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 94FEB43C4C; Tue, 5 Mar 2024 08:23:25 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0FD4842DC9; Tue, 5 Mar 2024 08:22:48 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 1B37942DC9 for ; Tue, 5 Mar 2024 08:22:46 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42547Uih025193; Mon, 4 Mar 2024 23:22:45 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=gBIWOOxYPoxqOYRjQtNUzaeRboZ6Ih23oDP8wwrYXbo=; b=BKH ecpdM8B4gSOhfSbeFC3D41cko9AR/xTxJlF3GSVdbo3sJ+YBDnu8jtM0aj/qCLZD +lUrnjCwimxITw/ojnqM254lp/3dbki4nN++0OKyhbTbq/Kia/4UGUB3HA/7yBpA mMEEq3O9m8bSATr7CuTgZIPVBj03TLS5mwuRTj5NMtmIq4GcsclTOFq2H5J7rjz8 rWNKPDdDab3dshmwuDRTTwU/Juu/ygM3iamujFLR/qJDahhoG7Kl7e6F7+PZW77j 0b9Brj1coIHiPPYcNROCB9g36A81VZxsF+O7wiC62gQv+J4ooM6FcH/ECjhnjCpX spOji61HyrlSFlt+TVQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr8yw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:45 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:44 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:44 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 0BD753F7045; Mon, 4 Mar 2024 23:22:41 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 09/21] test/security: add unit tests for DTLS-1.2 Date: Tue, 5 Mar 2024 12:52:01 +0530 Message-ID: <20240305072213.283205-10-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: m7bqd0NOXUSzW0-D6RGFtmGi7hHtwoTw X-Proofpoint-GUID: m7bqd0NOXUSzW0-D6RGFtmGi7hHtwoTw X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify 1. DTLS record with zero length 2. DTLS record with header corruption 3. DTLS record with content type as custom Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 77 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 31f4c08d6a..6e860b06b2 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12215,6 +12215,67 @@ test_dtls_1_2_record_proto_sgl_data_walkthrough(void) return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2); } +static int +test_dtls_1_2_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + #endif static int @@ -17409,6 +17470,22 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "Packet corruption", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "Custom content type", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "Zero len DTLS record with content type as app", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "Zero len DTLS record with content type as ctrl", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 5 07:22:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137971 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9A29443C4C; Tue, 5 Mar 2024 08:23:42 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 36EFA42DED; Tue, 5 Mar 2024 08:22:53 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 59A4D42DED for ; Tue, 5 Mar 2024 08:22:49 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4256jEIq027001; Mon, 4 Mar 2024 23:22:48 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=icjD1ovGHv3QD4ms3PM+oU11DNolDm9yUC89cLbQ1yU=; b=IpW a4YvhHsz+X+VnwpFMZ7Xb6TSGoWiDeftUqvijUWlTd/d8q+rCDGSQzaPIhuR7v5V gVSxn3rvnqcjkwiJsvSAeaLFOOjcRHzm056eyESkw9tnrtTmgCKwe3YXtXk/NT4E Ve6J5tMlufn057snsKs565ymu4QKUlNvBewIpOLosgrCa7ly9zPLMNw7xX2eZS5K oppZPGQB3B6taadMVU6zsHt5P92P7pPxu8ueypO56ESJzTotmEjadkVEN3gIt5ue fIz44zxF44n/Iu4akalsbyCpFPxXNpm77eplqSpZdz4tUYtMS06DkJ+/zAv8+oLQ KIIFvum49+fHwG2GsOg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wnxdcr2tg-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:48 -0800 (PST) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:47 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:47 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 2315B3F7045; Mon, 4 Mar 2024 23:22:44 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 10/21] test/security: add TLS/DTLS 1.2 AES-256-SHA384 vectors Date: Tue, 5 Mar 2024 12:52:02 +0530 Message-ID: <20240305072213.283205-11-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: JnK3d_XMLotbC7uLQJYZWbjaK6YkVr86 X-Proofpoint-GUID: JnK3d_XMLotbC7uLQJYZWbjaK6YkVr86 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added vectors for TLS 1.2 and DTLS 1.2 using algos AES-256-CBC and HMAC-SHA384 Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 19 ++ app/test/test_cryptodev_security_tls_record.h | 2 + ...yptodev_security_tls_record_test_vectors.h | 200 ++++++++++++++++++ 3 files changed, 221 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 6e860b06b2..44dc99b088 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17273,6 +17273,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Write record known vector AES-256-CBC-SHA256", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Write record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17316,6 +17320,11 @@ static struct unit_test_suite tls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &tls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17397,6 +17406,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Write record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17439,6 +17453,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index e7ba31c449..22572537ef 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -110,6 +110,7 @@ extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac; extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac; extern struct tls_record_test_data tls_test_data_chacha20_poly1305; @@ -118,6 +119,7 @@ extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index f10f28bb96..27b07cd54a 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -1129,6 +1129,107 @@ struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac = { .app_type = 0x17, }; +struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac = { + .key = { + .data = { + 0x1d, 0xe5, 0x19, 0x18, 0x57, 0xa0, 0xee, 0x79, + 0x84, 0x61, 0x92, 0x9d, 0x3d, 0xce, 0x42, 0x92, + 0x4a, 0x98, 0x23, 0x3b, 0xf8, 0xec, 0x29, 0x47, + 0xb3, 0xae, 0x1f, 0x22, 0xd2, 0x8d, 0xbe, 0x2c, + }, + }, + .auth_key = { + .data = { + 0xf8, 0xbd, 0x28, 0xf9, 0x4a, 0xde, 0x1d, 0xde, + 0x8c, 0xf5, 0xe9, 0x49, 0x34, 0x2a, 0x1a, 0xd0, + 0x0d, 0xe3, 0x64, 0xb2, 0x54, 0xd6, 0xd6, 0x40, + 0x90, 0x5d, 0x16, 0xc1, 0xf2, 0x77, 0x14, 0x90, + 0xe6, 0xfa, 0xbc, 0x9d, 0xe2, 0x72, 0x12, 0xec, + 0xb6, 0x05, 0xec, 0xdd, 0x1d, 0x23, 0xb3, 0x8e, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x33, 0x38, 0x34, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x0a, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x80, + 0x63, 0xe2, 0x70, 0xce, 0x45, 0x93, 0x18, 0xa3, + 0xa6, 0xd6, 0xf5, 0x50, 0x9f, 0x07, 0x9d, 0xab, + 0x88, 0x41, 0xee, 0x5b, 0x32, 0x1e, 0x85, 0xaf, + 0x33, 0x7b, 0x59, 0x8a, 0xe9, 0x41, 0x11, 0x6a, + 0xbb, 0x7d, 0x16, 0x6c, 0xbb, 0x66, 0x5e, 0xf5, + 0xfb, 0x5f, 0x03, 0xf9, 0x75, 0x7d, 0xb9, 0xff, + 0x70, 0xc3, 0x4a, 0x19, 0xe5, 0x25, 0xa0, 0x5d, + 0xad, 0x45, 0xef, 0xce, 0xd8, 0x2a, 0xde, 0xf0, + 0x0c, 0xca, 0x1c, 0x6b, 0x5a, 0x31, 0x8f, 0x49, + 0xff, 0x7d, 0xf3, 0x71, 0x15, 0x06, 0x07, 0x9d, + 0x6a, 0x5f, 0x5c, 0xd8, 0x2a, 0xa5, 0x0e, 0x61, + 0xde, 0x18, 0x6b, 0x7d, 0xc8, 0x74, 0x58, 0x18, + 0xf1, 0xac, 0xde, 0xb9, 0x6d, 0x8a, 0x44, 0xad, + 0x10, 0xf8, 0x63, 0x15, 0xcf, 0x25, 0x2f, 0x82, + 0x2f, 0xda, 0x74, 0x45, 0x02, 0xda, 0x61, 0x3c, + 0x2f, 0xf9, 0xa5, 0x92, 0x2a, 0x7c, 0x5e, 0x5d, + }, + .len = 141, + }, + .iv = { + .data = { + 0x63, 0xe2, 0x70, 0xce, 0x45, 0x93, 0x18, 0xa3, + 0xa6, 0xd6, 0xf5, 0x50, 0x9f, 0x07, 0x9d, 0xab, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key.length = 48, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 48, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac = { .key = { .data = { @@ -1494,6 +1595,105 @@ struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac = { .app_type = 0x17, }; +struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac = { + .key = { + .data = { + 0x48, 0x70, 0xc7, 0x93, 0x77, 0xe3, 0x4c, 0x8c, + 0x27, 0x00, 0x64, 0x06, 0x3e, 0xc6, 0x47, 0x64, + 0xcc, 0xee, 0xa4, 0x9a, 0x1a, 0xe7, 0x3a, 0xc6, + 0xef, 0xe5, 0xe6, 0x2c, 0x15, 0xe3, 0xac, 0x16, + }, + }, + .auth_key = { + .data = { + 0x23, 0x95, 0x84, 0x30, 0xaf, 0x2b, 0x07, 0xfe, + 0x12, 0x83, 0x87, 0x28, 0x2b, 0x38, 0xb9, 0x02, + 0xc0, 0x27, 0x59, 0x3e, 0xa7, 0xbd, 0xce, 0xcb, + 0xe1, 0x8a, 0xe9, 0x43, 0x5d, 0xed, 0xb4, 0xf2, + 0x11, 0x4d, 0x19, 0xbb, 0x0f, 0x1b, 0x76, 0x86, + 0xfb, 0xb5, 0xda, 0xfd, 0x38, 0xfe, 0x7d, 0x02, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, + 0x20, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x33, 0x38, 0x34, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x0a, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x80, + 0xc4, 0x90, 0xd7, 0x74, 0x5e, 0x26, 0xc8, 0x43, + 0x12, 0x45, 0x48, 0xc1, 0x0f, 0xb1, 0x18, 0xd8, + 0x1e, 0x5b, 0x1e, 0x50, 0x3e, 0x19, 0x25, 0x41, + 0x35, 0xc7, 0x7c, 0x14, 0x99, 0x7b, 0x97, 0x80, + 0x60, 0x9d, 0xf8, 0xf1, 0xac, 0x43, 0x7b, 0x5c, + 0xb6, 0xe2, 0xc4, 0x8f, 0x3f, 0xd7, 0x1b, 0xd4, + 0x61, 0x90, 0x40, 0xe3, 0xd5, 0x60, 0xac, 0xee, + 0x62, 0x53, 0x1f, 0x1f, 0x75, 0xf6, 0x2c, 0xda, + 0x1a, 0xed, 0x4a, 0x6a, 0x11, 0xeb, 0x9b, 0x1c, + 0x39, 0x0d, 0x6e, 0x8a, 0xf8, 0x3d, 0x45, 0x08, + 0x3e, 0x24, 0x17, 0x3e, 0xcf, 0x74, 0xcf, 0x6a, + 0xcb, 0x37, 0xdf, 0x25, 0xc6, 0xa5, 0xe4, 0x1e, + 0x53, 0x28, 0x71, 0xcf, 0xac, 0x1e, 0xad, 0x77, + 0x8c, 0xfc, 0x80, 0x19, 0x9c, 0xcc, 0x00, 0x60, + 0xc6, 0x82, 0xa0, 0xb8, 0x5e, 0x42, 0xd1, 0xff, + 0x14, 0x0a, 0x92, 0x5c, 0xde, 0x8a, 0x15, 0x7a, + }, + .len = 133, + }, + .iv = { + .data = { + 0xc4, 0x90, 0xd7, 0x74, 0x5e, 0x26, 0xc8, 0x43, + 0x12, 0x45, 0x48, 0xc1, 0x0f, 0xb1, 0x18, 0xd8, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key.length = 48, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 48, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { .key = { .data = { From patchwork Tue Mar 5 07:22:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137972 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BDB8F43C4C; Tue, 5 Mar 2024 08:23:50 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F24AD42E06; Tue, 5 Mar 2024 08:22:54 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 75C0D42E02 for ; Tue, 5 Mar 2024 08:22:52 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42546Lgt025169; Mon, 4 Mar 2024 23:22:52 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=pa9b6g0t90YXjHncUjMd1PfS7VLFRmDQDxZgTzWXabM=; b=HPl SPM0dBu5Ot6onXJ89Etu1fm1XsmUVjzlAdqmiu99aitKM5krpC/IZinSDRKAnYP9 Jbv8/k5EEQcYRzIoxFlSKaOX6SzAVDBaVr9HcqcS5J4mebD/RxvbdQOYVq+3vneu Rpk3+YbMsj9A1zQ6ZgTRScMJ/N/YunpPwQMIIOHBtDm2X+cSfMk/h4IAyRUuOEZN 1dd/Jr8+lFm4tL8A7O3PjdW5r838iUhFpMW/ikH+A9S7auybJok8q/ppSIA7Vapm QZvUia3ScXrImW6ZLoDsdDIE5bln3sCjZhJJpzFqcKx8MDL3ZvzM5/G2Jp6pHkN6 U61ofot7XbjxOhwjDkQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr905-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:51 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:50 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:50 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 3C0273F7045; Mon, 4 Mar 2024 23:22:47 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 11/21] test/security: add DTLS 1.2 anti-replay tests Date: Tue, 5 Mar 2024 12:52:03 +0530 Message-ID: <20240305072213.283205-12-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: o6cHzSzPSWmR7GjXHEd3nfp0D8JhdOsk X-Proofpoint-GUID: o6cHzSzPSWmR7GjXHEd3nfp0D8JhdOsk X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add anti-replay test for DTLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 115 ++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 132 ++++++++++-------- app/test/test_cryptodev_security_tls_record.h | 11 +- 3 files changed, 188 insertions(+), 70 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 44dc99b088..44d749a501 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11827,6 +11827,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD, }; + if ((tls_record_xform.ver == RTE_SECURITY_VERSION_DTLS_1_2) && + (sess_type == RTE_SECURITY_TLS_SESS_TYPE_READ)) + sess_conf.tls_record.dtls_1_2.ar_win_sz = flags->ar_win_size; + if (td[0].aead) test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); @@ -11851,6 +11855,17 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], return TEST_SKIPPED; for (i = 0; i < nb_td; i++) { + if (flags->ar_win_size && + (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE)) { + sess_conf.tls_record.dtls_1_2.seq_no = + td[i].tls_record_xform.dtls_1_2.seq_no; + ret = rte_security_session_update(ctx, ut_params->sec_session, &sess_conf); + if (ret) { + printf("Could not update sequence number in session\n"); + return TEST_SKIPPED; + } + } + /* Setup source mbuf payload */ ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, nb_segs, 0); @@ -11890,17 +11905,19 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); - ret = test_tls_record_status_check(ut_params->op); + ret = test_tls_record_status_check(ut_params->op, &td[i]); if (ret != TEST_SUCCESS) goto crypto_op_free; if (res_d != NULL) res_d_tmp = &res_d[i]; - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, silent); - if (ret != TEST_SUCCESS) - goto crypto_op_free; - + if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { + ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, + silent); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + } rte_crypto_op_free(ut_params->op); ut_params->op = NULL; @@ -12190,6 +12207,90 @@ test_dtls_1_2_record_proto_display_list(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_pkt_replay(const uint64_t seq_no[], + bool replayed_pkt[], uint32_t nb_pkts, + struct tls_record_test_flags *flags) +{ + struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; + struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; + unsigned int i, idx, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, + td_outb, nb_pkts, 0); + + for (idx = 0; idx < nb_pkts; idx++) + td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx]; + + ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); + + for (idx = 0; idx < nb_pkts; idx++) { + td_inb[idx].tls_record_xform.dtls_1_2.ar_win_sz = flags->ar_win_size; + /* Set antireplay flag for packets to be dropped */ + td_inb[idx].ar_packet = replayed_pkt[idx]; + } + + ret = test_tls_record_proto_process(td_inb, NULL, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_dtls_1_2_record_proto_antireplay(void) +{ + struct tls_record_test_flags flags; + uint64_t winsz = 64, seq_no[5]; + uint32_t nb_pkts = 5; + bool replayed_pkt[5]; + + memset(&flags, 0, sizeof(flags)); + + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + flags.ar_win_size = winsz; + + /* 1. Advance the TOP of the window to WS * 2 */ + seq_no[0] = winsz * 2; + /* 2. Test sequence number within the new window(WS + 1) */ + seq_no[1] = winsz + 1; + /* 3. Test sequence number less than the window BOTTOM */ + seq_no[2] = winsz; + /* 4. Test sequence number in the middle of the window */ + seq_no[3] = winsz + (winsz / 2); + /* 5. Test replay of the packet in the middle of the window */ + seq_no[4] = winsz + (winsz / 2); + + replayed_pkt[0] = false; + replayed_pkt[1] = false; + replayed_pkt[2] = true; + replayed_pkt[3] = false; + replayed_pkt[4] = true; + + return test_dtls_pkt_replay(seq_no, replayed_pkt, nb_pkts, &flags); +} + static int test_dtls_1_2_record_proto_sgl(void) { @@ -17505,6 +17606,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Zero len DTLS record with content type as ctrl", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_zero_len_non_app), + TEST_CASE_NAMED_ST( + "Antireplay with window size 64", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index c5410a4c92..907e043ddd 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -12,10 +12,21 @@ #include "test_security_proto.h" int -test_tls_record_status_check(struct rte_crypto_op *op) +test_tls_record_status_check(struct rte_crypto_op *op, + const struct tls_record_test_data *td) { int ret = TEST_SUCCESS; + if ((td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_READ) && + td->ar_packet) { + if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { + printf("Anti replay test case failed\n"); + return TEST_FAILED; + } else { + return TEST_SUCCESS; + } + } + if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) ret = TEST_FAILED; @@ -101,81 +112,80 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->xform.chain.auth.auth.key.length = param2->key_length; td->xform.chain.auth.auth.digest_length = param2->digest_length; } - } - - if (flags->data_walkthrough || flags->zero_len) { - test_sec_proto_pattern_set(td->input_text.data, data_len); - td->input_text.len = data_len; - } - - if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) - td->app_type = RTE_TLS_TYPE_MAX; - else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) - td->app_type = RTE_TLS_TYPE_HANDSHAKE; - tls_pkt_size = td->input_text.len; + if (flags->data_walkthrough || flags->zero_len) { + test_sec_proto_pattern_set(td->input_text.data, data_len); + td->input_text.len = data_len; + } - if (!td->aead) { - mac_len = td->xform.chain.auth.auth.digest_length; - switch (td->xform.chain.cipher.cipher.algo) { - case RTE_CRYPTO_CIPHER_3DES_CBC: - roundup_len = 8; + if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) + td->app_type = RTE_TLS_TYPE_MAX; + else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) + td->app_type = RTE_TLS_TYPE_HANDSHAKE; + + tls_pkt_size = td->input_text.len; + + if (!td->aead) { + mac_len = td->xform.chain.auth.auth.digest_length; + switch (td->xform.chain.cipher.cipher.algo) { + case RTE_CRYPTO_CIPHER_3DES_CBC: + roundup_len = 8; + exp_nonce_len = 8; + break; + case RTE_CRYPTO_CIPHER_AES_CBC: + roundup_len = 16; + exp_nonce_len = 16; + break; + default: + roundup_len = 0; + exp_nonce_len = 0; + break; + } + } else { + mac_len = td->xform.aead.aead.digest_length; + roundup_len = 0; exp_nonce_len = 8; + } + + switch (td->tls_record_xform.ver) { + case RTE_SECURITY_VERSION_TLS_1_2: + case RTE_SECURITY_VERSION_TLS_1_3: + hdr_len = sizeof(struct rte_tls_hdr); + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; - case RTE_CRYPTO_CIPHER_AES_CBC: - roundup_len = 16; - exp_nonce_len = 16; + case RTE_SECURITY_VERSION_DTLS_1_2: + hdr_len = sizeof(struct rte_dtls_hdr); + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; default: - roundup_len = 0; - exp_nonce_len = 0; + hdr_len = 0; + min_padding = 0; break; } - } else { - mac_len = td->xform.aead.aead.digest_length; - roundup_len = 0; - exp_nonce_len = 8; - } - - switch (td->tls_record_xform.ver) { - case RTE_SECURITY_VERSION_TLS_1_2: - case RTE_SECURITY_VERSION_TLS_1_3: - hdr_len = sizeof(struct rte_tls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; - break; - case RTE_SECURITY_VERSION_DTLS_1_2: - hdr_len = sizeof(struct rte_dtls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; - break; - default: - hdr_len = 0; - min_padding = 0; - break; - } - tls_pkt_size += mac_len; + tls_pkt_size += mac_len; - /* Padding */ - tls_pkt_size += min_padding; + /* Padding */ + tls_pkt_size += min_padding; - if (roundup_len) - tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + if (roundup_len) + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); - /* Explicit nonce */ - tls_pkt_size += exp_nonce_len; + /* Explicit nonce */ + tls_pkt_size += exp_nonce_len; - /* Add TLS header */ - tls_pkt_size += hdr_len; + /* Add TLS header */ + tls_pkt_size += hdr_len; - td->output_text.len = tls_pkt_size; + td->output_text.len = tls_pkt_size; - RTE_SET_USED(flags); + } } void diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 22572537ef..e706e38e46 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -89,16 +89,18 @@ struct tls_record_test_data { struct rte_security_tls_record_xform tls_record_xform; uint8_t app_type; bool aead; + bool ar_packet; }; struct tls_record_test_flags { bool display_alg; - uint8_t nb_segs_in_mbuf; bool data_walkthrough; - enum rte_security_tls_version tls_version; bool pkt_corruption; - enum tls_record_test_content_type content_type; bool zero_len; + uint8_t nb_segs_in_mbuf; + enum rte_security_tls_version tls_version; + enum tls_record_test_content_type content_type; + int ar_win_size; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -123,7 +125,8 @@ extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; -int test_tls_record_status_check(struct rte_crypto_op *op); +int test_tls_record_status_check(struct rte_crypto_op *op, + const struct tls_record_test_data *td); int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform, const struct rte_security_capability *sec_cap, bool silent); From patchwork Tue Mar 5 07:22:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137973 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CAF0C43C4C; Tue, 5 Mar 2024 08:23:58 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 028B642E15; Tue, 5 Mar 2024 08:22:57 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id E331E42E05 for ; Tue, 5 Mar 2024 08:22:55 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4254UEuV025179; Mon, 4 Mar 2024 23:22:55 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=LUSS1MOZ0wvHZ7eFb/Hhm2OMBu3tLBrtY4dr1U8i3wQ=; b=Rug dKFyIfnK3jdyQoMS/I5xmGnku/deVlsJsjCINBxuJ/EnmQo2EIOJpDJquGsJVLdy adqP9XSJypbr2XV1UDgXVH/RDx41IikvLsl7e1q1Pqp54ix8kFW6SAlFsn/pwt/u ShmiGGslzsLOoIYTS4u1rH3AwwSxGk/I3tuViOHZG/IvgvxNv0ZZYZbAp8EfTedZ weD5TYD5CwtDzCaeYYlEabFnMT98QAHzOt9nZgR8a7nRqMnIR1qlsXOSEACPCfC9 rC5lOZ1Q8S0/Tmf/c4P5jNiQU2R1epddPIBMnGJjogWAKB5tiKj+6cjFzzAP9Dhd Sl2+2NrBH3S6H0igHhA== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr90e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:55 -0800 (PST) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:53 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:53 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 51D5D3F7045; Mon, 4 Mar 2024 23:22:51 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 12/21] test/security: add more DTLS anti-replay window sz Date: Tue, 5 Mar 2024 12:52:04 +0530 Message-ID: <20240305072213.283205-13-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: YntxCStfNc25yehr152veqNNcYkdTxNi X-Proofpoint-GUID: YntxCStfNc25yehr152veqNNcYkdTxNi X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add anti-replay tests for window sizes 128, 256, 512, 1024, 2048 and 4096 window sizes in DTLS 1.2 suite. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 72 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 44d749a501..9b11f34767 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12259,12 +12259,12 @@ test_dtls_pkt_replay(const uint64_t seq_no[], } static int -test_dtls_1_2_record_proto_antireplay(void) +test_dtls_1_2_record_proto_antireplay(uint64_t winsz) { struct tls_record_test_flags flags; - uint64_t winsz = 64, seq_no[5]; uint32_t nb_pkts = 5; bool replayed_pkt[5]; + uint64_t seq_no[5]; memset(&flags, 0, sizeof(flags)); @@ -12291,6 +12291,48 @@ test_dtls_1_2_record_proto_antireplay(void) return test_dtls_pkt_replay(seq_no, replayed_pkt, nb_pkts, &flags); } +static int +test_dtls_1_2_record_proto_antireplay64(void) +{ + return test_dtls_1_2_record_proto_antireplay(64); +} + +static int +test_dtls_1_2_record_proto_antireplay128(void) +{ + return test_dtls_1_2_record_proto_antireplay(128); +} + +static int +test_dtls_1_2_record_proto_antireplay256(void) +{ + return test_dtls_1_2_record_proto_antireplay(256); +} + +static int +test_dtls_1_2_record_proto_antireplay512(void) +{ + return test_dtls_1_2_record_proto_antireplay(512); +} + +static int +test_dtls_1_2_record_proto_antireplay1024(void) +{ + return test_dtls_1_2_record_proto_antireplay(1024); +} + +static int +test_dtls_1_2_record_proto_antireplay2048(void) +{ + return test_dtls_1_2_record_proto_antireplay(2048); +} + +static int +test_dtls_1_2_record_proto_antireplay4096(void) +{ + return test_dtls_1_2_record_proto_antireplay(4096); +} + static int test_dtls_1_2_record_proto_sgl(void) { @@ -17609,7 +17651,31 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Antireplay with window size 64", ut_setup_security, ut_teardown, - test_dtls_1_2_record_proto_antireplay), + test_dtls_1_2_record_proto_antireplay64), + TEST_CASE_NAMED_ST( + "Antireplay with window size 128", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay128), + TEST_CASE_NAMED_ST( + "Antireplay with window size 256", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay256), + TEST_CASE_NAMED_ST( + "Antireplay with window size 512", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay512), + TEST_CASE_NAMED_ST( + "Antireplay with window size 1024", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay1024), + TEST_CASE_NAMED_ST( + "Antireplay with window size 2048", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay2048), + TEST_CASE_NAMED_ST( + "Antireplay with window size 4096", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay4096), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 5 07:22:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137974 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A4AD543C4C; Tue, 5 Mar 2024 08:24:08 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9D43C42E29; Tue, 5 Mar 2024 08:22:59 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 76631427E0 for ; Tue, 5 Mar 2024 08:22:58 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4254UEO0025170; Mon, 4 Mar 2024 23:22:58 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=JELIBNpBgLbLJhtjtZIM3O4o2Fg6QQT4MSVLZdo96LQ=; b=O8g 6X5GYPYNSPe3PJB0tCOC7m7I5IEFZWhsDbHggj8u+nZSZfcipytlV0mn1Weq39v0 j8ocOLJCOz9t4v/bVtkYZf5qtoeA6BHPC/kAkMJXndrEjboZmrhcaTHtr3MJbTtM E0SKP6WeJelcU9nbSunylocghvdP9iLas/VWbXuo9OSqh/1lNBHUOl0/s3SGVo39 c/VQAS6Fgd3gRAr8duLPqQ5OVp3a81asa6WY9K6jYImnKKplK0lcitZ8po+w6xdo TK9bvlSq8PAz6/5PFy867gjtO4EImyFG5wRPY1bIJyp4m1ZotavwTb5sQos5VnWb N3UCXDSWoJDu9w28SeA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr90m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:22:57 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:22:57 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:22:57 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 67BCE3F7045; Mon, 4 Mar 2024 23:22:54 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 13/21] test/crypto: update verification of header Date: Tue, 5 Mar 2024 12:52:05 +0530 Message-ID: <20240305072213.283205-14-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: qyUDDphOa7ckfY4Bhzuf5MNJR1X23ArP X-Proofpoint-GUID: qyUDDphOa7ckfY4Bhzuf5MNJR1X23ArP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri In TLS 1.3, the version in the header would be TLS 1.2 and the content type would be APP irrespective of the type of the payload. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev_security_tls_record.c | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 907e043ddd..498c4923e0 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -275,9 +275,9 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp hdr_len = sizeof(struct rte_tls_hdr); } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text; - if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_3) { + if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) { printf("Incorrect header version [expected - %4x, received - %4x]\n", - RTE_TLS_VERSION_1_3, rte_be_to_cpu_16(hdr->version)); + RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version)); return TEST_FAILED; } content_type = hdr->type; @@ -297,10 +297,18 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp return TEST_FAILED; } - if (content_type != td->app_type) { - printf("Incorrect content type in packet [expected - %d, received - %d]\n", - td->app_type, content_type); - return TEST_FAILED; + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { + if (content_type != RTE_TLS_TYPE_APPDATA) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } + } else { + if (content_type != td->app_type) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } } if (length != td->output_text.len - hdr_len) { From patchwork Tue Mar 5 07:22:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137975 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8A4BB43C4C; Tue, 5 Mar 2024 08:24:15 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CBBE0402B5; Tue, 5 Mar 2024 08:23:02 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9681F42E39 for ; Tue, 5 Mar 2024 08:23:01 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 424LRwqq014925; Mon, 4 Mar 2024 23:23:01 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=g4kcWT8O+VpATnniIOetwdEjvLcCg6pOu52Dlklivw4=; b=a2m gBjk/icC7Jj2CIDur0kB7/zVT+qfddNA1hi1VR+aaVt1zIYB0ejwZCqqy5lG0Plr lUve6WLHJa58C8DtKIDEVL3uKLLWsF2mVqkIR2oCq8TVUc68x7M/yl9Fqq//EMJU YYY5ovFdkmk23igOL6Bf2GRX6xxV29SWK/S0AS6wDAX3ol82D+y7os3XmVtQmjny Q5bV7dLfnvfuy/ENwZ6uKzwyXt7fM+J5bDt53eEqv7/5DM0ZJzPa738elqvcm6jl ACKkIAUbZO4WycFt2iYn8WHrH24Uu07moHKYQ6iDFZNUWAfWn+eGe0Lm9GWxrsSC sCj96JJA0UjmYSFbv4A== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr90s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:23:00 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:23:00 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:23:00 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 7F8333F7045; Mon, 4 Mar 2024 23:22:57 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 14/21] test/crypto: add TLS 1.3 vectors Date: Tue, 5 Mar 2024 12:52:06 +0530 Message-ID: <20240305072213.283205-15-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: tqmD9UIYLxPklDRkFmIbZOnoouAplw_i X-Proofpoint-GUID: tqmD9UIYLxPklDRkFmIbZOnoouAplw_i X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added vectors and test suite for TLS 1.3 AES-128-GCM, AES-256-GCM and CHACHA20-POLY1305 vectors. The vectors are generated using gnuTLS client server application. Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 35 +++ app/test/test_cryptodev_security_tls_record.h | 3 + ...yptodev_security_tls_record_test_vectors.h | 205 ++++++++++++++++++ 3 files changed, 243 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9b11f34767..70375cc6fa 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17680,6 +17680,40 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { } }; +static struct unit_test_suite tls13_record_proto_testsuite = { + .suite_name = "TLS 1.3 Record Protocol Unit Test Suite", + .setup = tls_record_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_chacha20_poly1305), + + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_chacha20_poly1305), + + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + #define ADD_UPLINK_TESTCASE(data) \ TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security, \ ut_teardown, test_docsis_proto_uplink, (const void *) &data), \ @@ -18699,6 +18733,7 @@ run_cryptodev_testsuite(const char *pmd_name) &docsis_proto_testsuite, &tls12_record_proto_testsuite, &dtls12_record_proto_testsuite, + &tls13_record_proto_testsuite, #endif &end_testsuite }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index e706e38e46..05bd7a9862 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -124,6 +124,9 @@ extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; +extern struct tls_record_test_data tls13_test_data_aes_128_gcm; +extern struct tls_record_test_data tls13_test_data_aes_256_gcm; +extern struct tls_record_test_data tls13_test_data_chacha20_poly1305; int test_tls_record_status_check(struct rte_crypto_op *op, const struct tls_record_test_data *td); diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index 27b07cd54a..8af17b07e5 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -1781,4 +1781,209 @@ struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { .app_type = 0x17, }; +/* TLS 1.3 AES-128-GCM */ +struct tls_record_test_data tls13_test_data_aes_128_gcm = { + .key = { + .data = { + 0x03, 0x12, 0xf5, 0x86, 0xe4, 0xd0, 0x27, 0xc7, + 0x47, 0x82, 0x44, 0xca, 0xd3, 0xce, 0x06, 0x6c, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 43, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0x52, 0xb5, 0x24, 0xce, 0x5c, 0x29, 0x0f, 0x0a, + 0x3a, 0xc0, 0x60, 0xaf, 0xba, 0xe3, 0x0d, 0x28, + 0x6c, 0xbb, 0x3e, 0x5f, 0xde, 0x4a, 0xcd, 0xf1, + 0x30, 0x12, 0xa9, 0x42, 0x95, 0x55, 0xf5, 0x2c, + 0xb7, 0xb6, 0x60, 0x82, 0xa2, 0x1d, 0x34, 0x33, + 0x0a, 0xd7, 0x48, 0x40, 0xef, 0xab, 0x70, 0xa7, + 0xb2, 0x58, 0x41, 0xdb, 0xf6, 0x37, 0xe4, 0x6d, + 0xa3, 0x1e, 0xbf, 0x6f, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0x8d, 0x1f, 0xa0, 0x14, 0xc7, 0x66, 0x9f, 0x93, + 0x74, 0x3f, 0x46, 0x52, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + +/* TLS 1.3 AES-256-GCM */ +struct tls_record_test_data tls13_test_data_aes_256_gcm = { + .key = { + .data = { + 0xc9, 0xc2, 0xa2, 0x4c, 0x4e, 0x36, 0x19, 0x6e, + 0xd8, 0xf5, 0xb9, 0x14, 0x30, 0xfc, 0xe0, 0xef, + 0x29, 0xb0, 0x00, 0xd1, 0x2d, 0xfc, 0x5a, 0x76, + 0x50, 0xf4, 0xf3, 0xb1, 0x82, 0x21, 0x57, 0x82, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 43, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0xc9, 0xb0, 0x44, 0x23, 0xd5, 0xe2, 0xbd, 0x1d, + 0xf1, 0x96, 0x53, 0x2c, 0x8c, 0xe2, 0xa3, 0x00, + 0x7b, 0x2a, 0xb1, 0xa1, 0xd6, 0x79, 0x58, 0xb5, + 0x35, 0x1f, 0xbb, 0x98, 0x03, 0xe1, 0x82, 0xa2, + 0x1e, 0x26, 0x81, 0xbe, 0x77, 0x65, 0xaf, 0x7d, + 0x9f, 0x52, 0xec, 0x3a, 0x18, 0x2d, 0x36, 0xab, + 0xdc, 0xa9, 0xfb, 0xd3, 0xa8, 0xd5, 0xbc, 0x98, + 0xa4, 0xab, 0x70, 0xe9, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0xd4, 0x78, 0xf2, 0x90, 0x61, 0x5d, 0x8c, 0x63, + 0x4b, 0xf4, 0x72, 0xf3, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + +struct tls_record_test_data tls13_test_data_chacha20_poly1305 = { + .key = { + .data = { + 0xec, 0x7d, 0x7a, 0x3f, 0x91, 0xdd, 0xb9, 0x70, + 0x95, 0x3b, 0x99, 0xb0, 0xe7, 0x66, 0xda, 0xdc, + 0x85, 0xbb, 0xfc, 0xc8, 0x50, 0xe9, 0x61, 0x88, + 0xc8, 0x1e, 0xf0, 0x61, 0xb0, 0xcd, 0x6c, 0x3d, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, + 0x2d, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, + 0x35, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 49, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x42, + 0x9a, 0xc1, 0xd9, 0x0e, 0xf9, 0x4c, 0x51, 0x8c, + 0xb4, 0xa7, 0x54, 0x57, 0x56, 0xba, 0xbb, 0xf7, + 0xd7, 0x1d, 0x49, 0x5a, 0x42, 0xd2, 0xab, 0x75, + 0x3f, 0xb1, 0x5f, 0xb5, 0x2b, 0x2b, 0xa3, 0xc5, + 0x61, 0x32, 0x7e, 0x62, 0x1e, 0xf5, 0x56, 0xff, + 0x84, 0x8e, 0x9a, 0x99, 0x06, 0xba, 0x3b, 0xc0, + 0x15, 0x4c, 0xf5, 0xb1, 0x5e, 0xcc, 0xff, 0x42, + 0x79, 0x4b, 0xa9, 0x23, 0x16, 0x08, 0xc3, 0x9a, + 0x52, 0x2a, + }, + .len = 71, + }, + .imp_nonce = { + .data = { + 0x3c, 0x28, 0xa0, 0xb8, 0xf8, 0x74, 0x35, 0xfe, + 0xd2, 0xa0, 0x31, 0x28, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + #endif From patchwork Tue Mar 5 07:22:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137976 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0939C43C4C; Tue, 5 Mar 2024 08:24:22 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E71D542E1D; Tue, 5 Mar 2024 08:23:06 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 096F742E1B for ; Tue, 5 Mar 2024 08:23:04 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4256j8IW026951; Mon, 4 Mar 2024 23:23:04 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=kNiQvZ2pZsi+UHGUlXL40rjlVwXHfHmjBKdR4o1k9ak=; b=L4T XOKzo/uh0Gred/Tq7ON9Tu7Oymizkr9ZFG69Lbg8EVQoADzt5ngpJuKcfBaftkrH Qy8y8rWOoTbrCWK/K+jehpk2BlfkUXrIOgwo+LpuQ5zby54y5c40oEUG6MkIRY9B 6o8s4EUf7OmRHIJy7ONUfj5c+dIuZ11g5UNixJhE+Jd009hOpfOJtNKH4lOk9zQn t7a02tQMzClXv8Mx7fik0NVAkWXSxSh75AmwrwgR/JfIab08FalXqcUhF1dXxe65 0x7gHMKZmkU7DrVTCPuw+dEcfRiWRSBng/JZGzKUwa2WwSgCqVS9l+oilnNZ3i7g bpSdwxLdSwpYU3mmcKQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wnxdcr2vj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:23:04 -0800 (PST) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:23:03 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:23:03 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 9799C3F7045; Mon, 4 Mar 2024 23:23:00 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 15/21] test/crypto: update framework to verify tls-1.3 Date: Tue, 5 Mar 2024 12:52:07 +0530 Message-ID: <20240305072213.283205-16-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 7HAnIjPxWALtOevXBKVqDnk_7Y5sA5Up X-Proofpoint-GUID: 7HAnIjPxWALtOevXBKVqDnk_7Y5sA5Up X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Update the fields in preparation of test descriptor. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 17 +++++--- app/test/test_cryptodev_security_tls_record.c | 43 ++++++++++++------- app/test/test_cryptodev_security_tls_record.h | 10 ++--- 3 files changed, 43 insertions(+), 27 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 70375cc6fa..edcd67dabf 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11889,8 +11889,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->op->param1.tls_record.content_type = td[i].app_type; /* Copy IV in crypto operation when IV generation is disabled */ - if (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE && - tls_record_xform.options.iv_gen_disable == 1) { + if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) && + (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) && + (tls_record_xform.options.iv_gen_disable == 1)) { uint8_t *iv; int len; @@ -12005,8 +12006,10 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (flags->zero_len) payload_len = 0; again: - test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts, payload_len); + ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, + flags, td_outb, nb_pkts, payload_len); + if (ret == TEST_SKIPPED) + continue; ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) @@ -12218,8 +12221,10 @@ test_dtls_pkt_replay(const uint64_t seq_no[], int ret; for (i = 0; i < RTE_DIM(sec_alg_list); i++) { - test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts, 0); + ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, + flags, td_outb, nb_pkts, 0); + if (ret == TEST_SKIPPED) + continue; for (idx = 0; idx < nb_pkts; idx++) td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx]; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 498c4923e0..96d0a94731 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -70,7 +70,7 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, } } -void +int test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, struct tls_record_test_data *td_array, @@ -79,6 +79,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; + if ((flags->tls_version == RTE_SECURITY_VERSION_TLS_1_3) && + (param1->type != RTE_CRYPTO_SYM_XFORM_AEAD)) + return TEST_SKIPPED; + memset(td_array, 0, nb_td * sizeof(*td)); for (i = 0; i < nb_td; i++) { @@ -88,10 +92,17 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) - memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); - else + switch (flags->tls_version) { + case RTE_SECURITY_VERSION_TLS_1_2: memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); + break; + case RTE_SECURITY_VERSION_TLS_1_3: + memcpy(td, &tls13_test_data_aes_128_gcm, sizeof(*td)); + break; + } td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; @@ -127,6 +138,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (!td->aead) { mac_len = td->xform.chain.auth.auth.digest_length; + min_padding = 1; switch (td->xform.chain.cipher.cipher.algo) { case RTE_CRYPTO_CIPHER_3DES_CBC: roundup_len = 8; @@ -143,30 +155,28 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } else { mac_len = td->xform.aead.aead.digest_length; + min_padding = 0; roundup_len = 0; - exp_nonce_len = 8; + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) + exp_nonce_len = 0; + else + exp_nonce_len = 8; } switch (td->tls_record_xform.ver) { case RTE_SECURITY_VERSION_TLS_1_2: + hdr_len = sizeof(struct rte_tls_hdr); + break; case RTE_SECURITY_VERSION_TLS_1_3: hdr_len = sizeof(struct rte_tls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; + /* Add 1 byte for content type in packet */ + tls_pkt_size += 1; break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; break; default: - hdr_len = 0; - min_padding = 0; - break; + return TEST_SKIPPED; } tls_pkt_size += mac_len; @@ -186,6 +196,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->output_text.len = tls_pkt_size; } + return TEST_SUCCESS; } void diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 05bd7a9862..21d25c02bf 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -137,11 +137,11 @@ int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_re void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, struct tls_record_test_data *td_in); -void test_tls_record_td_prepare(const struct crypto_param *param1, - const struct crypto_param *param2, - const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td, - unsigned int data_len); +int test_tls_record_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct tls_record_test_flags *flags, + struct tls_record_test_data *td_array, int nb_td, + unsigned int data_len); void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_data td_outb[], int nb_td, From patchwork Tue Mar 5 07:22:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137977 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B456243C4C; Tue, 5 Mar 2024 08:24:28 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 51D5942E3C; Tue, 5 Mar 2024 08:23:09 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id BF5BA42DDF for ; Tue, 5 Mar 2024 08:23:07 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4256j0uZ002389; Mon, 4 Mar 2024 23:23:07 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=ywTdvmmCFRtTGSygZisod6ctFB9jk+YzTaRDiwtyrxk=; b=h4b WIjRY3luzMjy9iDHOS3vhgd8PP97AKRsFeWwKZ+AfEStpZWKUox9Jb+QwrMI4k9m K9tlByDnjARiI/gX4xFj7phAWMYqFYQbLNLF3QI1OZk39DPCoXrBGGNe7qXl3e73 /U7eXXOK+5Hcyxdzq8L8Zp5FiMuSgDi4QHuyWdwzpXch08ARiYWYPBte+GA1PH9J KjGz+2sxkXRkRZ3j6tRbDCIqfZwJUwrzN1COaHObGvLR9w6nAJqjoRDw8ke4BOaF 6HEDhPj1UJt9t0YRtUuTdcwWhkAqgoCh8qVEv7kzqvIO+XYrdahwv0CDr0Idx/ju cavV9+LEWR24k2t2OKQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr918-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:23:07 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:23:06 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:23:06 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id AE1F93F706D; Mon, 4 Mar 2024 23:23:03 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 16/21] test/crypto: test to verify hdr corruption in TLS Date: Tue, 5 Mar 2024 12:52:08 +0530 Message-ID: <20240305072213.283205-17-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 9--gDQm0DOhgZQE3IjU5-1D7LiEq1vxc X-Proofpoint-GUID: 9--gDQm0DOhgZQE3IjU5-1D7LiEq1vxc X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with header corruption. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index edcd67dabf..8cc4d9fee0 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12424,6 +12424,20 @@ test_dtls_1_2_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_1_3_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17714,7 +17728,10 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "Read record known vector CHACHA20-POLY1305", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls13_test_data_chacha20_poly1305), - + TEST_CASE_NAMED_ST( + "TLS-1.3 record header corruption", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_corrupt_pkt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 5 07:22:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137978 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 64B3343C4C; Tue, 5 Mar 2024 08:24:38 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DF74E42E4A; Tue, 5 Mar 2024 08:23:12 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 7AB9742E1B for ; Tue, 5 Mar 2024 08:23:11 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42547Uil025193; Mon, 4 Mar 2024 23:23:11 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=G7eyah1TO9OQTtbp7nWouoWQA5XL1wlWPiHq88/1Svc=; b=IZ6 mW9ox08AHd2kUj/0fqYYKe2O/Nadd32RETfqXHsnAqbNBrlRwB+hOpGfOBDGGPuH N+7P3Fsp3tHTH1rFk2hQz83ec2Cf8GxVDbywZzxHVWM42oRgPYl3r7tud7Tt+iiQ hBynj3ZWVrbw9PWzUQ7kyPZyPa3onUmQpvTG9MAPJ5G+tbeWdV8+5YQWWpWAIg9O iVU1lOKXB/ypruXy4t2fzMRWIQbkVRLqM4SFEUsht3Tha6JZ2din9piKd9vmohqU jevFh61+zRFhqSTeDutN3fGG8/kKDDjxJWMSUnvQskfgRiNSVsuK5ELfgUYWXOV+ TgfqXPRfqnzIv6n/hBQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr91f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:23:10 -0800 (PST) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:23:09 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:23:09 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id C3BD83F7045; Mon, 4 Mar 2024 23:23:06 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 17/21] test/crypto: test to verify custom content type in TLS Date: Tue, 5 Mar 2024 12:52:09 +0530 Message-ID: <20240305072213.283205-18-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: HSSp4Ek0cP_JnQcazcMxjcZoXASOAbz8 X-Proofpoint-GUID: HSSp4Ek0cP_JnQcazcMxjcZoXASOAbz8 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with content type as custom. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 8cc4d9fee0..d683c28af3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12438,6 +12438,21 @@ test_tls_1_3_record_proto_corrupt_pkt(void) return test_tls_record_proto_all(&flags); } + +static int +test_tls_1_3_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17732,6 +17747,10 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "TLS-1.3 record header corruption", ut_setup_security, ut_teardown, test_tls_1_3_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "TLS-1.3 record header with custom content type", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_custom_content_type), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 5 07:22:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137979 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 01B0043C4C; Tue, 5 Mar 2024 08:24:45 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1B756410FA; Tue, 5 Mar 2024 08:23:15 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 24C1242E4C for ; Tue, 5 Mar 2024 08:23:14 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4256j0ua002389; Mon, 4 Mar 2024 23:23:13 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=vjYhrxpHKWFzaZ46inlZIxT7vDLcNOcEojtDLK4FSxE=; b=kvQ WITH6hwTzCzQI2sBG4sUNLTZiqqfNag0EKavZPdGOZo/GEIeX0D3SHqVeY0pLRMn VgL6O0ObbYzaaLO8JT6Af1ZyFkGbUapfEQAnvfJZ/unnQ4NxdGwUOmUo6VDC3OEi jQBxe+2fCeStk21bubgdtt0vb2jgzBn6nqKJM5ZTmBv2sj/lUxNsOMVaq5jlCUuy PuGGLfj5x1SYXivEypKYA27+GXiAUeRY2UyWriKoB6eSdc7OIPx7jPe1kqs+wwWY 5feb1LNKJEwtW4612rhQ2r31Mp0kalxi+KL7CyVxVnxB7WrI1LGUDM5V/8Bzxs76 WUa+qFa+mMeVtbNgoCQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr91j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:23:13 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:23:12 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:23:12 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id D9D3D3F7045; Mon, 4 Mar 2024 23:23:09 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 18/21] test/crypto: test to verify zero len record in TLS Date: Tue, 5 Mar 2024 12:52:10 +0530 Message-ID: <20240305072213.283205-19-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: -RhYR2fhN5nTGsEcu01aSBzWrrVYpqqn X-Proofpoint-GUID: -RhYR2fhN5nTGsEcu01aSBzWrrVYpqqn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with zero length. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index d683c28af3..23a3773f33 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12453,6 +12453,37 @@ test_tls_1_3_record_proto_custom_content_type(void) return test_tls_record_proto_all(&flags); } + +static int +test_tls_1_3_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_3_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17751,6 +17782,14 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "TLS-1.3 record header with custom content type", ut_setup_security, ut_teardown, test_tls_1_3_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "TLS-1.3 record with zero len and content type as app", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "TLS-1.3 record with zero len and content type as ctrl", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 5 07:22:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137980 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1106A43C4C; Tue, 5 Mar 2024 08:24:52 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4053F42E51; Tue, 5 Mar 2024 08:23:19 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 811EF40EF0 for ; Tue, 5 Mar 2024 08:23:17 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4256j94m026980; Mon, 4 Mar 2024 23:23:16 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=f2gJBdPNgaUvdfILsgqcHfypod9GL9TO4h2IVKCMszk=; b=jgh bsScBdDAEE0D9ETYLSg/njM2cR4V4DCsfs5H8O7I24q+ihNY7iZFlNFkkyb1/xpv ZhiDL2ThoV34DpidFLAe9PBT2TPdGeFcrSvJEa98Y6chHXMLnCOeLfGZTWeFWfRY JBYEUHvDTyYXKB0B+hpTytSWyqXATB7fwcIyM6LYONUX9Z6P4QsyTJOLeJTZmDA0 Hmsvksad78Mvg/0j0fJ4VJpmEMqWUrnseYoK9Sb3HmtonzO80ieHYzQmdN2G98Dz BaslCqANmBSht9Tec0uVHcdQBHmesCuhHRCeCbNM1vXBqQX3ikAGdK3dRBgezcgK Wy+PVlkDPJ7HXYGuTRw== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wnxdcr2w9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:23:16 -0800 (PST) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:23:15 -0800 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 4 Mar 2024 23:23:15 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:23:15 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id F28B33F7045; Mon, 4 Mar 2024 23:23:12 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 19/21] test/crypto: unit tests to verify padding in TLS Date: Tue, 5 Mar 2024 12:52:11 +0530 Message-ID: <20240305072213.283205-20-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: DO31b-ymKNR4a_Nr4afANVtOmw9iWmKA X-Proofpoint-GUID: DO31b-ymKNR4a_Nr4afANVtOmw9iWmKA X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the padding for TLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 85 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 28 ++++-- app/test/test_cryptodev_security_tls_record.h | 5 +- 3 files changed, 109 insertions(+), 9 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 23a3773f33..dfee18c0e3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11834,6 +11834,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (td[0].aead) test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); + if (flags->opt_padding) + tls_record_xform.options.extra_padding_enable = 1; + sess_conf.tls_record = tls_record_xform; if (td[0].aead) { @@ -11888,6 +11891,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->op->sym->m_dst = NULL; ut_params->op->param1.tls_record.content_type = td[i].app_type; + if (flags->opt_padding) + ut_params->op->aux_flags = flags->opt_padding; + /* Copy IV in crypto operation when IV generation is disabled */ if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) && (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) && @@ -11915,7 +11921,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, - silent); + silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; } @@ -12184,6 +12190,59 @@ test_tls_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_opt_padding(uint8_t padding, uint8_t num_segs, + enum rte_security_tls_version tls_version) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = num_segs, + .tls_version = tls_version, + .opt_padding = padding + }; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_record_proto_dm_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_dm_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 2, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_2(void) +{ + return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_max(void) +{ + return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17578,6 +17637,30 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Zero len TLS record with content type as ctrl", ut_setup_security, ut_teardown, test_tls_record_proto_zero_len_non_app), + TEST_CASE_NAMED_ST( + "TLS record DM mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_dm_opt_padding), + TEST_CASE_NAMED_ST( + "TLS record DM mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_dm_opt_padding_1), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_1), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_2), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > max range", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_max), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 96d0a94731..03d9efefc3 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -269,7 +269,8 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, } static int -tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) +tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text, + const struct tls_record_test_flags *flags) { uint16_t length, hdr_len; uint8_t content_type; @@ -322,10 +323,22 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp } } - if (length != td->output_text.len - hdr_len) { - printf("Incorrect packet length [expected - %d, received - %d]\n", - td->output_text.len - hdr_len, length); - return TEST_FAILED; + if (!flags->opt_padding) { + if (length != td->output_text.len - hdr_len) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + td->output_text.len - hdr_len, length); + return TEST_FAILED; + } + } else { + int pad_len = (flags->opt_padding * 8) > 256 ? 256 : (flags->opt_padding * 8); + int expect_len = td->output_text.len - hdr_len + pad_len; + + if (length - expect_len > 32) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + expect_len, length); + return TEST_FAILED; + } + } return TEST_SUCCESS; @@ -333,7 +346,8 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, - struct tls_record_test_data *res_d, bool silent) + struct tls_record_test_data *res_d, bool silent, + const struct tls_record_test_flags *flags) { uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN]; uint32_t len = rte_pktmbuf_pkt_len(m), data_len; @@ -365,7 +379,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t } if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) { - ret = tls_record_hdr_verify(td, output_text); + ret = tls_record_hdr_verify(td, output_text, flags); if (ret != TEST_SUCCESS) return ret; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 21d25c02bf..385064157a 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -97,7 +97,9 @@ struct tls_record_test_flags { bool data_walkthrough; bool pkt_corruption; bool zero_len; + bool padding_corruption; uint8_t nb_segs_in_mbuf; + uint8_t opt_padding; enum rte_security_tls_version tls_version; enum tls_record_test_content_type content_type; int ar_win_size; @@ -148,5 +150,6 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_flags *flags); int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, - struct tls_record_test_data *res_d, bool silent); + struct tls_record_test_data *res_d, bool silent, + const struct tls_record_test_flags *flags); #endif From patchwork Tue Mar 5 07:22:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137981 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AE52A43C4C; Tue, 5 Mar 2024 08:24:58 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7FE9942E14; Tue, 5 Mar 2024 08:23:21 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 07EC542DF8 for ; Tue, 5 Mar 2024 08:23:19 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 424LRwqu014925; Mon, 4 Mar 2024 23:23:19 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=OI8uvnqR9u2yfdtrpxNo08KausJt7d3uoComq6wYp+A=; b=Pt5 KA+tQXFIf2klQZyfqCKWI2xWdzu7xNhw3i2Wg8koXzZ7uwc+yYxp1yeADdNMKbrj LB8QbE4IqFwN1wsgLEzSd5aMCNWCuCMUHN86SM/1jrn/6sahf92Y8qw+3Eq8k14t pCm/Mfz6CTnwbuUV+bIlRwe+fg/yY05cxfHJM42Fl7Vp2Hh+BbTxcni9hzHz6Yjb bSltjWfhg77gxnfhnlyQJ6t0slxtxMiG0vbiCThndIijLzfJKI/tsH1+pfR1G4uQ UN/3Qa3yM7SGDC37xgy1netvK5+VtdABgrI7eVLkOldZ4CVu4XqSStDgR58emgLG aw3cRwkVHFvFRY0UIaw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr91w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:23:19 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:23:18 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:23:18 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 1406F3F7079; Mon, 4 Mar 2024 23:23:15 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 20/21] test/crypto: unit tests for padding in DTLS-1.2 Date: Tue, 5 Mar 2024 12:52:12 +0530 Message-ID: <20240305072213.283205-21-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: Xsnyy-uAhDNIlq10eykurQ2nAB3W69xg X-Proofpoint-GUID: Xsnyy-uAhDNIlq10eykurQ2nAB3W69xg X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the padding for DTLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 60 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index dfee18c0e3..2e564489e9 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12483,6 +12483,42 @@ test_dtls_1_2_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_dm_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_dm_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 5, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_2(void) +{ + return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_max(void) +{ + return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_DTLS_1_2); +} + static int test_tls_1_3_record_proto_corrupt_pkt(void) { @@ -17824,6 +17860,30 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Antireplay with window size 4096", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_antireplay4096), + TEST_CASE_NAMED_ST( + "DTLS record DM mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_dm_opt_padding), + TEST_CASE_NAMED_ST( + "DTLS record DM mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_dm_opt_padding_1), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_1), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_2), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > max range", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_max), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 5 07:22:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 137982 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B2EC843C4C; Tue, 5 Mar 2024 08:25:05 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A5B4442E55; Tue, 5 Mar 2024 08:23:24 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 5582542E55 for ; Tue, 5 Mar 2024 08:23:23 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42547Uio025193; Mon, 4 Mar 2024 23:23:22 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=ToIxO0hKpni26VrSr5gRE37xxvZuY1gDcikQA9uCAbI=; b=cRB qO5aver4q6FfPDbjcaKeXw7JMwr96vh44Y1Zo4fiykcfDboSMq81VDU4q3BCjgTm oeIIIbNl2i7RwE7DdFtqZlhc/NJap+h13XYn9Se6j9rSpxdZlwxX1rfKVA0hmEuV NFdJXkSr9VwKzTT9R6PXDewdWdDNDF4YmdynyucjaXsh51Nj4HIh1DhD6hRT3TtE b48KxwBayxxj2dDKieMQ6HJOJxJGfVC3ejUnzCUjjH8mke0zcM9257fZ7MdmBUdP IHs/OaUI9jn/k51YRNpPkwECBr9/+g6Z+rn03ef9+LtMTIy19i3FF6D4OYpq7rPs wWRkR33zKhuDeTRbVvQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr92a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Mar 2024 23:23:22 -0800 (PST) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 4 Mar 2024 23:23:21 -0800 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 4 Mar 2024 23:23:21 -0800 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 2B0113F7045; Mon, 4 Mar 2024 23:23:18 -0800 (PST) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH 21/21] test/security: add out of place sgl test case for TLS 1.2 Date: Tue, 5 Mar 2024 12:52:13 +0530 Message-ID: <20240305072213.283205-22-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 9cZyqDXTMogWh8yIPfFCDCjwPJ6JW0Ej X-Proofpoint-GUID: 9cZyqDXTMogWh8yIPfFCDCjwPJ6JW0Ej X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add TLS 1.2 out-of-place multi-segmented packet test. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 52 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.h | 1 + 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 2e564489e9..92500f59ca 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11873,6 +11873,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, nb_segs, 0); pktmbuf_write(ut_params->ibuf, 0, td[i].input_text.len, td[i].input_text.data); + if (flags->out_of_place) + ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool, + td[i].output_text.len, nb_segs, 0); + else + ut_params->obuf = NULL; /* Generate crypto op data structure */ ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, @@ -11888,7 +11893,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], /* Set crypto operation mbufs */ ut_params->op->sym->m_src = ut_params->ibuf; - ut_params->op->sym->m_dst = NULL; + ut_params->op->sym->m_dst = ut_params->obuf; ut_params->op->param1.tls_record.content_type = td[i].app_type; if (flags->opt_padding) @@ -11920,7 +11925,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], res_d_tmp = &res_d[i]; if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, + struct rte_mbuf *buf = flags->out_of_place ? ut_params->obuf : + ut_params->ibuf; + + ret = test_tls_record_post_process(buf, &td[i], res_d_tmp, silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -11929,6 +11937,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_crypto_op_free(ut_params->op); ut_params->op = NULL; + if (flags->out_of_place) { + rte_pktmbuf_free(ut_params->obuf); + ut_params->obuf = NULL; + } + rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; } @@ -11937,6 +11950,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_crypto_op_free(ut_params->op); ut_params->op = NULL; + if (flags->out_of_place) { + rte_pktmbuf_free(ut_params->obuf); + ut_params->obuf = NULL; + } + rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; @@ -12127,6 +12145,32 @@ test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_ver return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl_oop(enum rte_security_tls_version tls_version) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .out_of_place = true, + .tls_version = tls_version + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_sgl_oop(void) +{ + return test_tls_record_proto_sgl_oop(RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_tls_1_2_record_proto_sgl_data_walkthrough(void) { @@ -17657,6 +17701,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "Multi-segmented mode out of place", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_sgl_oop), TEST_CASE_NAMED_ST( "TLS packet header corruption", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 385064157a..076568dbf2 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -98,6 +98,7 @@ struct tls_record_test_flags { bool pkt_corruption; bool zero_len; bool padding_corruption; + bool out_of_place; uint8_t nb_segs_in_mbuf; uint8_t opt_padding; enum rte_security_tls_version tls_version;