From patchwork Tue Mar 12 07:17:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138178 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E52B643C8E; Tue, 12 Mar 2024 08:18:17 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6B0FE40A77; Tue, 12 Mar 2024 08:18:16 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id C7A1540A73 for ; Tue, 12 Mar 2024 08:18:14 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601NF004857; Tue, 12 Mar 2024 00:18:14 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=QUZcyTj5XidC+pbqc55KVF8529MavEbdwy3kwFi1fM8=; b=cmA Eqru8kLa24gjo/9q8wzOtHN6sQjgHFsGw6WEWSIcM2lqe7CmLAdIuBpWL6zc9GMt TsFTfUWEXjqUi4y18UxRteXMgZxPgLdPVRJ+DG7V998bKi+hnsqh+n2bL3ulym7L zDOOgbQFmZT8J70U9mnZjw+CHGCzadoL4R8ljeOuipMLTFw3z9OFTvTt84WaXQND IjgZi5c7kyfQr0ngT+Zk6iO7PKjFjfqV1My+uiBQnzvEV/frwc3G6xDt1owVkTwY IItBfDztaLYZGEkQJPu9hZu46ws8w87roCMqM1L0vPAQCTHkhylHqDqHBAg0KtHr QOqPYmnfFpvmc7CrGKw== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv70m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:14 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:12 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 12 Mar 2024 00:18:12 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:12 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 8D8CC3F70A1; Tue, 12 Mar 2024 00:18:09 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang , Anoob Joseph , Vidya Sagar Velumuri CC: , , Subject: [PATCH v2 01/21] test/security: enable AES-GCM in combined mode TLS Date: Tue, 12 Mar 2024 12:47:45 +0530 Message-ID: <20240312071805.1354530-2-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: EZY5Ow3FZOV930zVQG2k0fcMQaQuVZi- X-Proofpoint-GUID: EZY5Ow3FZOV930zVQG2k0fcMQaQuVZi- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Enable AES-GCM AEAD tests in combined mode TLS test suite. Coverity issue: 414888 Fixes: 9157ccb8f876 ("test/crypto: verify TLS headers") Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev_security_tls_record.c | 10 ++++++++-- app/test/test_security_proto.h | 3 +++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index bcb2eba4ff..14a7a2511e 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -116,6 +116,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } else { mac_len = td->xform.aead.aead.digest_length; + roundup_len = 0; exp_nonce_len = 8; } @@ -123,7 +124,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt case RTE_SECURITY_VERSION_TLS_1_2: case RTE_SECURITY_VERSION_TLS_1_3: hdr_len = sizeof(struct rte_tls_hdr); - min_padding = 1; + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); @@ -139,7 +143,9 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt /* Padding */ tls_pkt_size += min_padding; - tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + + if (roundup_len) + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); /* Explicit nonce */ tls_pkt_size += exp_nonce_len; diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index efa023b99d..5b92daa810 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -27,16 +27,19 @@ static const struct crypto_param aead_list[] = { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 16, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 24, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 32, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, From patchwork Tue Mar 12 07:17:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138179 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3A68A43C8E; Tue, 12 Mar 2024 08:18:24 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B716540C35; Tue, 12 Mar 2024 08:18:17 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id F0CBA40A7D for ; Tue, 12 Mar 2024 08:18:16 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C5xx0l004824; Tue, 12 Mar 2024 00:18:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=XewyaIdhlHi1Jw4W3GMQyDYAmcgbQlty9CJ0Ya5xOi8=; b=ELg GOc+oZXjMzaz3N3FMr6pMMQ1VfJcTt4f363uE9YvUUVZvkIVoS6a50l0z7mgiaK6 lJGZmnSi+q901gr9G6doqCnZQ/8irlrf9+taY2aUrzAPaNKJPVxmiFxdfrkYE94L y/qZ2iRaMRNKn0ZO4RHPLmwx8YVHM0rk8mn7sQO9QI6oQMHqMZwLQh2MSYA7L3tc hxj5Har/xPzJHMC70EV3GqWmcHY2jbH/UB9Fu5fELaqjlpwCPMG1huFwNsYvzfyB g7MY0CQtiRFJBoAvnNB7q36KvyZTY8EfOtalhwzXAJxm5R5DE3+vob/DLpGblFQ7 cjD/7qPZDvafmdqM19Q== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv70t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:16 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:15 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:15 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id E87FF3F70A8; Tue, 12 Mar 2024 00:18:12 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang , Anoob Joseph CC: , , , Subject: [PATCH v2 02/21] test/security: add TLS 1.2 data walkthrough test Date: Tue, 12 Mar 2024 12:47:46 +0530 Message-ID: <20240312071805.1354530-3-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: fSkQ37AOxNx7xkyx3eCiSnyrzYDO_H5P X-Proofpoint-GUID: fSkQ37AOxNx7xkyx3eCiSnyrzYDO_H5P X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add data walkthrough test for TLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 90 +++++++++++++++++-- app/test/test_cryptodev.h | 12 ++- app/test/test_cryptodev_security_tls_record.c | 25 ++++-- app/test/test_cryptodev_security_tls_record.h | 41 ++++++++- app/test/test_security_proto.c | 17 ++++ app/test/test_security_proto.h | 6 ++ 6 files changed, 171 insertions(+), 20 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 3b5e784022..c5837ccbdd 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -858,6 +858,8 @@ ipsec_proto_testsuite_setup(void) static int tls_record_proto_testsuite_setup(void) { + test_sec_proto_pattern_generate(); + return sec_proto_testsuite_setup(RTE_SECURITY_PROTOCOL_TLS_RECORD); } @@ -11958,14 +11960,30 @@ test_tls_record_proto_known_vec_read(const void *test_data) static int test_tls_record_proto_all(const struct tls_record_test_flags *flags) { + unsigned int i, nb_pkts = 1, pass_cnt = 0, payload_len, max_payload_len; struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; - unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; + switch (flags->tls_version) { + case RTE_SECURITY_VERSION_TLS_1_2: + max_payload_len = TLS_1_2_RECORD_PLAINTEXT_MAX_LEN; + break; + case RTE_SECURITY_VERSION_TLS_1_3: + max_payload_len = TLS_1_3_RECORD_PLAINTEXT_MAX_LEN; + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + max_payload_len = DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN; + break; + default: + max_payload_len = 0; + } + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; +again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts); + td_outb, nb_pkts, payload_len); ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) @@ -11983,6 +12001,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_FAILED) return TEST_FAILED; + if (flags->data_walkthrough && (++payload_len <= max_payload_len)) + goto again; + if (flags->display_alg) test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); @@ -11996,22 +12017,69 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) } static int -test_tls_record_proto_display_list(void) +test_tls_1_2_record_proto_data_walkthrough(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.data_walkthrough = true; + flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2; + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_display_list(void) { struct tls_record_test_flags flags; memset(&flags, 0, sizeof(flags)); flags.display_alg = true; + flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2; return test_tls_record_proto_all(&flags); } static int -test_tls_record_proto_sgl(void) +test_tls_1_2_record_proto_sgl(void) { struct tls_record_test_flags flags = { - .nb_segs_in_mbuf = 5 + .nb_segs_in_mbuf = 5, + .tls_version = RTE_SECURITY_VERSION_TLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_display_list(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_sgl(void) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 }; struct crypto_testsuite_params *ts_params = &testsuite_params; struct rte_cryptodev_info dev_info; @@ -17081,11 +17149,15 @@ static struct unit_test_suite tls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, - test_tls_record_proto_display_list), + test_tls_1_2_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Data walkthrough combined test alg list", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_data_walkthrough), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, - test_tls_record_proto_sgl), + test_tls_1_2_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17182,11 +17254,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, - test_tls_record_proto_display_list), + test_dtls_1_2_record_proto_display_list), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, - test_tls_record_proto_sgl), + test_dtls_1_2_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index f27d9697fd..e4e99d00c1 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -5,6 +5,9 @@ #define TEST_CRYPTODEV_H_ #include +#ifdef RTE_LIB_SECURITY +#include "test_security_proto.h" +#endif #define HEX_DUMP 0 @@ -21,9 +24,16 @@ #define DEFAULT_NUM_XFORMS (2) #define NUM_MBUFS (8191) #define MBUF_CACHE_SIZE (256) + +#ifdef RTE_LIB_SECURITY +#define MBUF_DATAPAYLOAD_SIZE RTE_MAX((unsigned int)(4096 + DIGEST_BYTE_LENGTH_SHA512), \ + TEST_SEC_CIPHERTEXT_MAX_LEN) +#else #define MBUF_DATAPAYLOAD_SIZE (4096 + DIGEST_BYTE_LENGTH_SHA512) +#endif + #define MBUF_SIZE (sizeof(struct rte_mbuf) + \ - RTE_PKTMBUF_HEADROOM + MBUF_DATAPAYLOAD_SIZE) + RTE_PKTMBUF_HEADROOM + MBUF_DATAPAYLOAD_SIZE) #define BYTE_LENGTH(x) (x/8) /* HASH DIGEST LENGTHS */ diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 14a7a2511e..3745c6a0d1 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -62,7 +62,8 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, void test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td) + struct tls_record_test_data *td_array, + int nb_td, unsigned int data_len) { int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; @@ -76,7 +77,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) + memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); + else + memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; @@ -84,7 +88,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->xform.aead.aead.digest_length = param1->digest_length; } else { /* Copy template for packet & key fields */ - memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) + memcpy(td, &dtls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + else + memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); td->aead = false; td->xform.chain.cipher.cipher.algo = param1->alg.cipher; @@ -96,6 +103,11 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } + if (flags->data_walkthrough) { + test_sec_proto_pattern_set(td->input_text.data, data_len); + td->input_text.len = data_len; + } + tls_pkt_size = td->input_text.len; if (!td->aead) { @@ -221,6 +233,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, return TEST_SUCCESS; } + static int tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) { @@ -280,13 +293,13 @@ int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent) { + uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN]; uint32_t len = rte_pktmbuf_pkt_len(m), data_len; - uint8_t output_text[TLS_RECORD_MAX_LEN]; const struct rte_mbuf *seg; const uint8_t *output; int ret; - memset(output_text, 0, TLS_RECORD_MAX_LEN); + memset(output_text, 0, TEST_SEC_CIPHERTEXT_MAX_LEN); /* * Actual data in packet might be less in error cases, hence take minimum of pkt_len and sum @@ -300,7 +313,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t } len = RTE_MIN(len, data_len); - TEST_ASSERT(len <= TLS_RECORD_MAX_LEN, "Invalid packet length: %u", len); + TEST_ASSERT(len <= TEST_SEC_CIPHERTEXT_MAX_LEN, "Invalid packet length: %u", len); /* Copy mbuf payload to continuous buffer */ output = rte_pktmbuf_read(m, 0, len, output_text); diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 0bd83f88f0..14f73a5073 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -10,7 +10,37 @@ #include "test_security_proto.h" -#define TLS_RECORD_MAX_LEN 16384u +/* TLS 1.2 Ciphertext length can be up to (2^14 + 2048 + 5 (TLS Header)) Bytes */ +#define TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (18437u) +static_assert(TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.2 Plaintext length can be up to (2^14 + 1024) Bytes */ +#define TLS_1_2_RECORD_PLAINTEXT_MAX_LEN (17408u) +static_assert(TLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* DTLS 1.2 Ciphertext length is similar to TLS 1.2 */ +#define DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (18437u) +static_assert(DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* DTLS 1.2 Plaintext length is similar to TLS 1.2 */ +#define DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN (17408u) +static_assert(DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.3 Ciphertext length can be up to (2^14 + 256 + 5 (TLS Header)) Bytes */ +#define TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN (16645u) +static_assert(TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.3 Plaintext length can be up to 2^14 Bytes */ +#define TLS_1_3_RECORD_PLAINTEXT_MAX_LEN (16384u) +static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +#define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) struct tls_record_test_data { struct { @@ -22,12 +52,12 @@ struct tls_record_test_data { } auth_key; struct { - uint8_t data[TLS_RECORD_MAX_LEN]; + uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; unsigned int len; } input_text; struct { - uint8_t data[TLS_RECORD_MAX_LEN]; + uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; unsigned int len; } output_text; @@ -56,6 +86,8 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; int nb_segs_in_mbuf; + bool data_walkthrough; + enum rte_security_tls_version tls_version; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -89,7 +121,8 @@ void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_ou void test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td); + struct tls_record_test_data *td_array, int nb_td, + unsigned int data_len); void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_data td_outb[], int nb_td, diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c index d242c852af..cf40d5fc9a 100644 --- a/app/test/test_security_proto.c +++ b/app/test/test_security_proto.c @@ -13,6 +13,8 @@ struct crypto_param_comb sec_alg_list[RTE_DIM(aead_list) + struct crypto_param_comb sec_auth_only_alg_list[2 * (RTE_DIM(auth_list) - 1)]; +static uint8_t cleartext_pattern[TEST_SEC_CLEARTEXT_MAX_LEN]; + void test_sec_alg_list_populate(void) { @@ -152,3 +154,18 @@ test_sec_alg_display(const struct crypto_param *param1, const struct crypto_para } printf("\n"); } + +void +test_sec_proto_pattern_generate(void) +{ + unsigned int i; + + for (i = 0; i < TEST_SEC_CLEARTEXT_MAX_LEN; i++) + cleartext_pattern[i] = (i + 1) & 0xff; +} + +void +test_sec_proto_pattern_set(uint8_t *buf, int len) +{ + rte_memcpy(buf, cleartext_pattern, len); +} diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index 5b92daa810..c737443081 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -8,6 +8,8 @@ #include #include +#define TEST_SEC_CLEARTEXT_MAX_LEN (17408u) +#define TEST_SEC_CIPHERTEXT_MAX_LEN (18437u) #define TEST_SEC_PKTS_MAX 32 struct crypto_param { @@ -186,4 +188,8 @@ int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_c void test_sec_alg_display(const struct crypto_param *param1, const struct crypto_param *param2); +void test_sec_proto_pattern_generate(void); + +void test_sec_proto_pattern_set(uint8_t *buf, int len); + #endif From patchwork Tue Mar 12 07:17:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138180 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F042943C8E; Tue, 12 Mar 2024 08:18:30 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2FF3940E25; Tue, 12 Mar 2024 08:18:21 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E6D8340E25 for ; Tue, 12 Mar 2024 08:18:19 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42BIWjqd005008; Tue, 12 Mar 2024 00:18:19 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=/9AzlCo2YzprS+oOh8lRIfE7vgCh5VI3gOB6niRhDhw=; b=Hpf MgkDi9LghQMKDkz+ubUTQITpCjAmtHQcC966D6/k6TsCLb9XXUsC5C/Jrs59tGSl zx3GsBjoB8YaJKvNDY3Gygkp1DD46aqB8dkPEwHYlvNtPJhhg9M2seHRxVLXK08n 9SfQYFngYclhcI3dc3Yh2Cq9kc4aZ/QsuVeNJeq8lsIh2ufrxZtQvxBFtUf+PY35 FQTaaI3yHSiWPrI2b/fOYwOAoOGtohj7lBMlwrL+fIo46ZkJjv2GpnAvihMKWIUx I0tmxDqH1OS6S4iidB1zSiF7HoFEl/Vla7Nrd5hzw1GL29NA4Wzs/Rqw6Q4ElGWw MmmfHQczjkE75MO39qg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wt54n29st-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:18 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:18 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:18 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id CD71B3F70A1; Tue, 12 Mar 2024 00:18:15 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 03/21] test/security: add DTLS 1.2 data walkthrough test Date: Tue, 12 Mar 2024 12:47:47 +0530 Message-ID: <20240312071805.1354530-4-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 1k68Ol0xdTKtvahkpdG-1h0iJCnWkhT1 X-Proofpoint-GUID: 1k68Ol0xdTKtvahkpdG-1h0iJCnWkhT1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add data walkthrough test for DTLS 1.2 Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 17 +++++++++++++++++ app/test/test_cryptodev_security_tls_record.c | 5 ++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index c5837ccbdd..e0695e9eb3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12061,6 +12061,19 @@ test_tls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_data_walkthrough(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.data_walkthrough = true; + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_display_list(void) { @@ -17255,6 +17268,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Data walkthrough combined test alg list", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_data_walkthrough), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 3745c6a0d1..92bcbff842 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -143,7 +143,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); - min_padding = 0; + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; default: hdr_len = 0; From patchwork Tue Mar 12 07:17:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138181 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D6C1943C8E; Tue, 12 Mar 2024 08:18:39 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0D42140E7C; Tue, 12 Mar 2024 08:18:24 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9573840E7C for ; Tue, 12 Mar 2024 08:18:22 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601NI004857; Tue, 12 Mar 2024 00:18:22 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=xrblF2TaMYF7bEwcQUUmPGFq0ezv620CIKdc6NlJPfE=; b=E5T xnLQQAFl0EHTer4DlohuoUOemClC54vHLWMalO5CgR1sCZ9exTrSgxMNasNadC4t LVpW45FZ7IGZMYYKDsmThf4vA7X2jzjlh4PpfVEOYOqZl+psZtsAyDLzZDbL5Nur G+sNi+oz8GVJC+R3FOah75+YF7ae5o7szy4BlOGNTks5rb5mkoZXtkfc6zYnJ2ud 82TFkMJ4uNuqanwWa+EzOV8fUbV3pP0cK55i4+K3/VUZnLSvJhdlzov2r1S+0du4 CGiZnEP/U3pYqeFLLOoJpmt22fzHGJOYhfBrtWhQeOD7PN0qPpaE2CiqTqM/LkeJ mpdP0BAQDbseoVX9ANw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv71c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:21 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:21 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id B31E43F7045; Tue, 12 Mar 2024 00:18:18 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 04/21] test/security: add TLS SG data walkthrough test Date: Tue, 12 Mar 2024 12:47:48 +0530 Message-ID: <20240312071805.1354530-5-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 6ufCmeJNEWWomC1D8AVvIfVuUSvfJY6b X-Proofpoint-GUID: 6ufCmeJNEWWomC1D8AVvIfVuUSvfJY6b X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add multi segment packet data walkthrough test for TLS 1.2 and DTLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 42 +++++++++++++++++++ app/test/test_cryptodev_security_tls_record.h | 2 +- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index e0695e9eb3..3591c91130 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11981,6 +11981,8 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) for (i = 0; i < RTE_DIM(sec_alg_list); i++) { payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; + if (flags->nb_segs_in_mbuf) + payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf); again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, td_outb, nb_pkts, payload_len); @@ -12061,6 +12063,32 @@ test_tls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_version) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .tls_version = tls_version, + .data_walkthrough = true + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_sgl_data_walkthrough(void) +{ + return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -12106,6 +12134,12 @@ test_dtls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_sgl_data_walkthrough(void) +{ + return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2); +} + #endif static int @@ -17171,6 +17205,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl), + TEST_CASE_NAMED_ST( + "Multi-segmented mode data walkthrough", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_sgl_data_walkthrough), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17276,6 +17314,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Multi-segmented mode", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_sgl), + TEST_CASE_NAMED_ST( + "Multi-segmented mode data walkthrough", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sgl_data_walkthrough), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 14f73a5073..34758fb0e1 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -85,7 +85,7 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; - int nb_segs_in_mbuf; + uint8_t nb_segs_in_mbuf; bool data_walkthrough; enum rte_security_tls_version tls_version; }; From patchwork Tue Mar 12 07:17:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138182 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 258C943C8E; Tue, 12 Mar 2024 08:18:47 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 47EC540EE1; Tue, 12 Mar 2024 08:18:27 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 7CB0D40E78 for ; Tue, 12 Mar 2024 08:18:25 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601NJ004857; Tue, 12 Mar 2024 00:18:25 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=3PX+gAUyaKcBA7DI6RFfvE/FJvoHn49VqhgOFj4Zx/M=; b=Sem B8Ndl6aA9qcQCOo/X+F79fzslnLHpOjZ2s+UMO3AyE3QP4hR/KEGptidqZRU4kSz m1mpg1pBoWS3Rv20cAAfBew7xwgz5N6MPCw2dOSCB9l2XJh6cE/3lAVmo3vI+eLJ M1gQe50q8PTohG5d1/RKxGFpgzhb6lbCNljc8bjWo8Jgkk8jneCoWcxF+TmJMBG0 q/l6ahvGvklVyVvuyVMjzICp9M9jXZYmzmX2Lxg0TkoC8aRiHkBloaEBitl1IXbB 6YESHw/0tFvHnvQFQaNGtoCnereyUOpKB8jjtLYnilxbzS7xDeYTCAjFBZOWjUwX cVGOw6PhVzOAhtrvJnA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv71k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:24 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:24 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:24 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 970803F7045; Tue, 12 Mar 2024 00:18:21 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 05/21] test/security: unit test for TLS packet corruption Date: Tue, 12 Mar 2024 12:47:49 +0530 Message-ID: <20240312071805.1354530-6-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: CBsdh0iWLhqLCHJpyHmS7cAZ_8u2WxEY X-Proofpoint-GUID: CBsdh0iWLhqLCHJpyHmS7cAZ_8u2WxEY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add test to verify the corrupted TLS packet header Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 27 +++++++++++++++++-- app/test/test_cryptodev_security_tls_record.c | 4 +++ app/test/test_cryptodev_security_tls_record.h | 1 + 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 3591c91130..324ef3c276 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12000,8 +12000,13 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (ret == TEST_FAILED) - return TEST_FAILED; + if (flags->pkt_corruption) { + if (ret == TEST_SUCCESS) + return TEST_FAILED; + } else { + if (ret == TEST_FAILED) + return TEST_FAILED; + } if (flags->data_walkthrough && (++payload_len <= max_payload_len)) goto again; @@ -12089,6 +12094,20 @@ test_tls_1_2_record_proto_sgl_data_walkthrough(void) return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2); } +static int +test_tls_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17209,6 +17228,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "TLS packet header corruption", + ut_setup_security, ut_teardown, + test_tls_record_proto_corrupt_pkt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 92bcbff842..93ff7f36fa 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -185,6 +185,10 @@ test_tls_record_td_update(struct tls_record_test_data td_inb[], td_outb[i].input_text.len); td_inb[i].output_text.len = td_outb->input_text.len; + /* Corrupt the content type in the TLS header of encrypted packet */ + if (flags->pkt_corruption) + td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0]; + /* Clear outbound specific flags */ td_inb[i].tls_record_xform.options.iv_gen_disable = 0; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 34758fb0e1..5faa277740 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -88,6 +88,7 @@ struct tls_record_test_flags { uint8_t nb_segs_in_mbuf; bool data_walkthrough; enum rte_security_tls_version tls_version; + bool pkt_corruption; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; From patchwork Tue Mar 12 07:17:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138183 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8007B43C8E; Tue, 12 Mar 2024 08:18:55 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C041A40F1A; Tue, 12 Mar 2024 08:18:29 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 6646040EF0 for ; Tue, 12 Mar 2024 08:18:28 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C604uq005068; Tue, 12 Mar 2024 00:18:27 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=rIhPLg8kT9YvQHB9wsimISuThM5tftiIpoOHzfeMyWQ=; b=hXO s+TT45zRw34/ulK6br6mICwzoUd72JvBQWS+k+8jQ9Ii6iTwGOdVzAkj5VcbxPgw n23kEwT0ks02F375HiAeglSq9e5MimW0iKLhLKiSi6F32Fro3uVrXWXqZt+/Oh/J 7oxhBzn/wm1DRTjTADGHgirqeACQwXYZNxRIS6CmNiNTz1JJZ1pQbQPZKHYVWtQW 4LlB/IvBZDwXgCn4QEELwRLEvdELFBxvgUcS8EJfE4sNUPHHAA+wu/tR1y6ts+DM GHW+bnAu+h1uGGwirLI2d7mcu1X6XASVRgNhY4w7tup6KIHvskI3a4mR4Y7H7ZBj CAgmK22UjPj5r9nJUWQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv71q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:27 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:27 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:26 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 7AF763F7045; Tue, 12 Mar 2024 00:18:24 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 06/21] test/security: unit test for custom content verification Date: Tue, 12 Mar 2024 12:47:50 +0530 Message-ID: <20240312071805.1354530-7-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: i5HtQwot6qVUtvWTOUzSR9qX5NRBBuzR X-Proofpoint-GUID: i5HtQwot6qVUtvWTOUzSR9qX5NRBBuzR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit test to verify the TLS header creation with custom content type Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ app/test/test_cryptodev_security_tls_record.c | 3 +++ app/test/test_cryptodev_security_tls_record.h | 9 +++++++++ 3 files changed, 31 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 324ef3c276..5cb878b9ba 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #ifdef RTE_CRYPTO_SCHEDULER @@ -12108,6 +12109,20 @@ test_tls_record_proto_corrupt_pkt(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17232,6 +17247,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "TLS packet header corruption", ut_setup_security, ut_teardown, test_tls_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "Custom content type", + ut_setup_security, ut_teardown, + test_tls_record_proto_custom_content_type), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 93ff7f36fa..9a2af259c9 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -108,6 +108,9 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->input_text.len = data_len; } + if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) + td->app_type = RTE_TLS_TYPE_MAX; + tls_pkt_size = td->input_text.len; if (!td->aead) { diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 5faa277740..b707361fb6 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -42,6 +42,14 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, #define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) +enum tls_record_test_content_type { + TLS_RECORD_TEST_CONTENT_TYPE_APP, + /* For verifying zero packet length */ + TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + /* For verifying handling of custom content types */ + TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, +}; + struct tls_record_test_data { struct { uint8_t data[32]; @@ -89,6 +97,7 @@ struct tls_record_test_flags { bool data_walkthrough; enum rte_security_tls_version tls_version; bool pkt_corruption; + enum tls_record_test_content_type content_type; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; From patchwork Tue Mar 12 07:17:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138184 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 359EA43C8E; Tue, 12 Mar 2024 08:19:03 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 02D6140E78; Tue, 12 Mar 2024 08:18:33 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 3BCAA40E78 for ; Tue, 12 Mar 2024 08:18:31 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C5xxgb004827; Tue, 12 Mar 2024 00:18:30 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=C7tafcnTDdBl3qxkkiTjMfI0xGCffz3Xqh4OyKrDWQU=; b=Ow/ UdY4xZHmXvNHGZyYoR+Winvp7HPbfXxaBhoBd7OOevq+jT86UgNAuD1Q1JFuXGTr /N4pvretlcozhXwR/FldZPoGoWl0amHJFFb/joWeNvMUR/uCMqpypBZWAeA2aRAD /5OT7cX/0prHzOyL5zk3n+owAO5jS0nhwOLmxHu1p+2zYoh+GZ0qvk4eWmSpgpBS Fgxmz3/g0BTPFc6WL00P5Xt2cyLZgMYbLdOhRcVvIkxwXgLrsULrlDHKsdiAjlrA L4FOU8qoZL4MqSp0rEfUK/m8QIFrCFRKYQ2SZFNSkma7CAah6sc3zpEvWAhZZKdC WhbLUZUbvSmRFHF9uIQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv71u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:30 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:29 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:29 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 5BD933F7045; Tue, 12 Mar 2024 00:18:27 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 07/21] test/cryptodev: allow zero packet length buffers Date: Tue, 12 Mar 2024 12:47:51 +0530 Message-ID: <20240312071805.1354530-8-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 5Dna_ZuGswYSUPgOY1RwKsI7DGR7sexY X-Proofpoint-GUID: 5Dna_ZuGswYSUPgOY1RwKsI7DGR7sexY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Anoob Joseph The function 'create_segmented_mbuf' is updated to support zero packet length mbufs. This allows testing of zero packet length payload with TLS record processing. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.h | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index e4e99d00c1..7d877ddfe5 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -192,15 +192,8 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, int nb_segs, uint8_t pattern) { struct rte_mbuf *m = NULL, *mbuf = NULL; + int size, t_len, data_len = 0; uint8_t *dst; - int data_len = 0; - int i, size; - int t_len; - - if (pkt_len < 1) { - printf("Packet size must be 1 or more (is %d)\n", pkt_len); - return NULL; - } if (nb_segs < 1) { printf("Number of segments must be 1 or more (is %d)\n", @@ -212,17 +205,17 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, size = pkt_len; /* Create chained mbuf_src and fill it generated data */ - for (i = 0; size > 0; i++) { + do { m = rte_pktmbuf_alloc(mbuf_pool); - if (i == 0) - mbuf = m; - if (m == NULL) { printf("Cannot create segment for source mbuf"); goto fail; } + if (mbuf == NULL) + mbuf = m; + /* Make sure if tailroom is zeroed */ memset(m->buf_addr, pattern, m->buf_len); @@ -239,7 +232,8 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, size -= data_len; - } + } while (size > 0); + return mbuf; fail: From patchwork Tue Mar 12 07:17:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138194 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AEF2C43C8E; Tue, 12 Mar 2024 08:20:12 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5D45742686; Tue, 12 Mar 2024 08:19:20 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 83F2740EF0 for ; Tue, 12 Mar 2024 08:19:06 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601hh004856; Tue, 12 Mar 2024 00:19:06 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=X1WbtLwB2R8qR85DSd3TREy/itJuvVxJ0biCuHSUmTE=; b=KLH SH8c931ZrGskKTHwCjXYTQfz9yXqVcn/q+gFiZuw3cB1ZaaGD7K0HlJLdmL6U2Ge skmVpXrCvrMab1zn94rnhFtHf2ULex95eWelGsoStkW5tOdicwMakIfIl4kIldz+ 2v4XnmOSVhqpEE+kmxRqJDTcPhx9XOOUgZi82YgJfMNfrGLQiowg/JXkPWtubKiW Ky9TRctwmyIcpHfhODmvwD5mhb2L9qEx0Pbdz24KYDyuOH39lVIBN7aaJdVPM3UV FbQOXrE4qWjFdMUb3J2RA2aKnfZijdwYPfSVI2mN8C8xCN9AfC10iM6kFpRmx9+y YG8bizuWGMNkR+monPA== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72q-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:19:05 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:53 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 12 Mar 2024 00:18:32 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:32 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 3F8393F704C; Tue, 12 Mar 2024 00:18:30 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 08/21] test/security: unit test to verify zero TLS records Date: Tue, 12 Mar 2024 12:47:52 +0530 Message-ID: <20240312071805.1354530-9-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: XAhHcPss6UaipQiuaFMHvMJYMFbv_DZZ X-Proofpoint-GUID: XAhHcPss6UaipQiuaFMHvMJYMFbv_DZZ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the zero len TLS records. Zero len packets are allowed when content type is app data while zero packet length with other content type (such as handshake) would result in an error. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 51 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 5 +- app/test/test_cryptodev_security_tls_record.h | 2 +- 3 files changed, 55 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 5cb878b9ba..fa63b9743f 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11984,6 +11984,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; if (flags->nb_segs_in_mbuf) payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf); + + if (flags->zero_len) + payload_len = 0; again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, td_outb, nb_pkts, payload_len); @@ -11992,8 +11995,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (ret == TEST_FAILED) + if (flags->zero_len && + ((flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) || + (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) || + (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE))) { + if (ret == TEST_SUCCESS) + return TEST_FAILED; + goto skip_decrypt; + } else if (ret == TEST_FAILED) { return TEST_FAILED; + } test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); @@ -12009,6 +12020,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) return TEST_FAILED; } +skip_decrypt: if (flags->data_walkthrough && (++payload_len <= max_payload_len)) goto again; @@ -12123,6 +12135,35 @@ test_tls_record_proto_custom_content_type(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17251,6 +17292,14 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Custom content type", ut_setup_security, ut_teardown, test_tls_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "Zero len TLS record with content type as app", + ut_setup_security, ut_teardown, + test_tls_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "Zero len TLS record with content type as ctrl", + ut_setup_security, ut_teardown, + test_tls_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 9a2af259c9..c5410a4c92 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -103,13 +103,15 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } - if (flags->data_walkthrough) { + if (flags->data_walkthrough || flags->zero_len) { test_sec_proto_pattern_set(td->input_text.data, data_len); td->input_text.len = data_len; } if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) td->app_type = RTE_TLS_TYPE_MAX; + else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) + td->app_type = RTE_TLS_TYPE_HANDSHAKE; tls_pkt_size = td->input_text.len; @@ -232,6 +234,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, memcpy(&res_d->input_text.data, output_text, len); res_d->input_text.len = len; + res_d->output_text.len = td->input_text.len; res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ; if (res_d->aead) { diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index b707361fb6..e7ba31c449 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -98,6 +98,7 @@ struct tls_record_test_flags { enum rte_security_tls_version tls_version; bool pkt_corruption; enum tls_record_test_content_type content_type; + bool zero_len; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -140,5 +141,4 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[], int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent); - #endif From patchwork Tue Mar 12 07:17:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138185 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EBC7743C8E; Tue, 12 Mar 2024 08:19:09 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 34E1940F16; Tue, 12 Mar 2024 08:18:39 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 0511B40F16 for ; Tue, 12 Mar 2024 08:18:36 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C5xwPb004821; Tue, 12 Mar 2024 00:18:36 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=s8GiQ4p4y27w+FGTUrBBbmZDYwNTM+C+VaynNW3yuRQ=; b=RtH AzuRiuJ8AskjhSbCDrKw5L2iq6Uew7N2tvNdWPKZH0MKfWADqvTKM9cAYiAiFKte HhYXrUqjFSvaobBn4B0OPMm5G0xhXOon/X3+DTnETI/pM1ltxpVOuohNDsqtIkx0 jbb0y3rprwfTA6i5xZUwhBoTrcQogZ8HNW7bZLpCBzAD3HQXTeILX28ahgCjEt5u 9cm+fOJm6DY2qMQZZ6HNRIeXhL3kCjgFSzjzHMY2FgyTziAC39ngzXhMkmj6GkHY pCN2GQXqcK+ZrMkTY2qxIxJESpWkOj6zr+peMuwy1nIRzEASKgqAkd8tIsZdGZr/ Jx90TaNZJFG2/3tzVBw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv725-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:36 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:35 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:35 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 2486A3F7045; Tue, 12 Mar 2024 00:18:32 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 09/21] test/security: add unit tests for DTLS-1.2 Date: Tue, 12 Mar 2024 12:47:53 +0530 Message-ID: <20240312071805.1354530-10-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: zdpk4XQH3zFFDIkOUaMJ6vi2QPGTjotY X-Proofpoint-GUID: zdpk4XQH3zFFDIkOUaMJ6vi2QPGTjotY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify 1. DTLS record with zero length 2. DTLS record with header corruption 3. DTLS record with content type as custom Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 77 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fa63b9743f..72e7fe3769 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12215,6 +12215,67 @@ test_dtls_1_2_record_proto_sgl_data_walkthrough(void) return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2); } +static int +test_dtls_1_2_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + #endif static int @@ -17409,6 +17470,22 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "Packet corruption", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "Custom content type", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "Zero len DTLS record with content type as app", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "Zero len DTLS record with content type as ctrl", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 07:17:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138186 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B11AD43C8E; Tue, 12 Mar 2024 08:19:17 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 04688410F9; Tue, 12 Mar 2024 08:18:43 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 01A0C410F2 for ; Tue, 12 Mar 2024 08:18:39 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C5xwPc004821; Tue, 12 Mar 2024 00:18:39 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=pD45O9vtRPVOR/sjdmR8SPvvbw+ewzfpkWISoL0RKHY=; b=D9W NhTSdmoWaUVtum/eqzlnKo5V7CR9lHs7MVinItebqOUPCLJ0Ppq2hitAUh/ZCfei 4QKdDQYpa8lseDzdeSFEwh4/0tp7DVxTQK7e8fShcKb1ngSHYMk7aLXWNllkuKX8 1jRnGPpD/gXfrWwqdH+DSVbhOxpPQG3ycdCPcLB4DUawA4Mz1zer8hPg/KV0PLEg un6vOcpGO4vJB2QWuA3GuAMgoQaC0IF5nWSEtm0EcaUFIA+1xPdJOXZY3PsuzWku 0viuwkBidaUm5qyGf/QMH/1UKtlYDT84P59mDBc0TbHIED4zLAaNwprRV19Shnlj HqEa/53333HzzijX65A== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv729-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:39 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:38 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:38 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 0A89E3F7045; Tue, 12 Mar 2024 00:18:35 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 10/21] test/security: add TLS/DTLS 1.2 AES-256-SHA384 vectors Date: Tue, 12 Mar 2024 12:47:54 +0530 Message-ID: <20240312071805.1354530-11-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: ysZwwyRl1sTAsbs3kRckd_qWNtK0dqEK X-Proofpoint-GUID: ysZwwyRl1sTAsbs3kRckd_qWNtK0dqEK X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added vectors for TLS 1.2 and DTLS 1.2 using algos AES-256-CBC and HMAC-SHA384 Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 19 ++ app/test/test_cryptodev_security_tls_record.h | 2 + ...yptodev_security_tls_record_test_vectors.h | 200 ++++++++++++++++++ 3 files changed, 221 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 72e7fe3769..95f2377d4d 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17273,6 +17273,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Write record known vector AES-256-CBC-SHA256", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Write record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17316,6 +17320,11 @@ static struct unit_test_suite tls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &tls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17397,6 +17406,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Write record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17439,6 +17453,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index e7ba31c449..22572537ef 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -110,6 +110,7 @@ extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac; extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac; extern struct tls_record_test_data tls_test_data_chacha20_poly1305; @@ -118,6 +119,7 @@ extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index f10f28bb96..27b07cd54a 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -1129,6 +1129,107 @@ struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac = { .app_type = 0x17, }; +struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac = { + .key = { + .data = { + 0x1d, 0xe5, 0x19, 0x18, 0x57, 0xa0, 0xee, 0x79, + 0x84, 0x61, 0x92, 0x9d, 0x3d, 0xce, 0x42, 0x92, + 0x4a, 0x98, 0x23, 0x3b, 0xf8, 0xec, 0x29, 0x47, + 0xb3, 0xae, 0x1f, 0x22, 0xd2, 0x8d, 0xbe, 0x2c, + }, + }, + .auth_key = { + .data = { + 0xf8, 0xbd, 0x28, 0xf9, 0x4a, 0xde, 0x1d, 0xde, + 0x8c, 0xf5, 0xe9, 0x49, 0x34, 0x2a, 0x1a, 0xd0, + 0x0d, 0xe3, 0x64, 0xb2, 0x54, 0xd6, 0xd6, 0x40, + 0x90, 0x5d, 0x16, 0xc1, 0xf2, 0x77, 0x14, 0x90, + 0xe6, 0xfa, 0xbc, 0x9d, 0xe2, 0x72, 0x12, 0xec, + 0xb6, 0x05, 0xec, 0xdd, 0x1d, 0x23, 0xb3, 0x8e, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x33, 0x38, 0x34, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x0a, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x80, + 0x63, 0xe2, 0x70, 0xce, 0x45, 0x93, 0x18, 0xa3, + 0xa6, 0xd6, 0xf5, 0x50, 0x9f, 0x07, 0x9d, 0xab, + 0x88, 0x41, 0xee, 0x5b, 0x32, 0x1e, 0x85, 0xaf, + 0x33, 0x7b, 0x59, 0x8a, 0xe9, 0x41, 0x11, 0x6a, + 0xbb, 0x7d, 0x16, 0x6c, 0xbb, 0x66, 0x5e, 0xf5, + 0xfb, 0x5f, 0x03, 0xf9, 0x75, 0x7d, 0xb9, 0xff, + 0x70, 0xc3, 0x4a, 0x19, 0xe5, 0x25, 0xa0, 0x5d, + 0xad, 0x45, 0xef, 0xce, 0xd8, 0x2a, 0xde, 0xf0, + 0x0c, 0xca, 0x1c, 0x6b, 0x5a, 0x31, 0x8f, 0x49, + 0xff, 0x7d, 0xf3, 0x71, 0x15, 0x06, 0x07, 0x9d, + 0x6a, 0x5f, 0x5c, 0xd8, 0x2a, 0xa5, 0x0e, 0x61, + 0xde, 0x18, 0x6b, 0x7d, 0xc8, 0x74, 0x58, 0x18, + 0xf1, 0xac, 0xde, 0xb9, 0x6d, 0x8a, 0x44, 0xad, + 0x10, 0xf8, 0x63, 0x15, 0xcf, 0x25, 0x2f, 0x82, + 0x2f, 0xda, 0x74, 0x45, 0x02, 0xda, 0x61, 0x3c, + 0x2f, 0xf9, 0xa5, 0x92, 0x2a, 0x7c, 0x5e, 0x5d, + }, + .len = 141, + }, + .iv = { + .data = { + 0x63, 0xe2, 0x70, 0xce, 0x45, 0x93, 0x18, 0xa3, + 0xa6, 0xd6, 0xf5, 0x50, 0x9f, 0x07, 0x9d, 0xab, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key.length = 48, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 48, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac = { .key = { .data = { @@ -1494,6 +1595,105 @@ struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac = { .app_type = 0x17, }; +struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac = { + .key = { + .data = { + 0x48, 0x70, 0xc7, 0x93, 0x77, 0xe3, 0x4c, 0x8c, + 0x27, 0x00, 0x64, 0x06, 0x3e, 0xc6, 0x47, 0x64, + 0xcc, 0xee, 0xa4, 0x9a, 0x1a, 0xe7, 0x3a, 0xc6, + 0xef, 0xe5, 0xe6, 0x2c, 0x15, 0xe3, 0xac, 0x16, + }, + }, + .auth_key = { + .data = { + 0x23, 0x95, 0x84, 0x30, 0xaf, 0x2b, 0x07, 0xfe, + 0x12, 0x83, 0x87, 0x28, 0x2b, 0x38, 0xb9, 0x02, + 0xc0, 0x27, 0x59, 0x3e, 0xa7, 0xbd, 0xce, 0xcb, + 0xe1, 0x8a, 0xe9, 0x43, 0x5d, 0xed, 0xb4, 0xf2, + 0x11, 0x4d, 0x19, 0xbb, 0x0f, 0x1b, 0x76, 0x86, + 0xfb, 0xb5, 0xda, 0xfd, 0x38, 0xfe, 0x7d, 0x02, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, + 0x20, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x33, 0x38, 0x34, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x0a, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x80, + 0xc4, 0x90, 0xd7, 0x74, 0x5e, 0x26, 0xc8, 0x43, + 0x12, 0x45, 0x48, 0xc1, 0x0f, 0xb1, 0x18, 0xd8, + 0x1e, 0x5b, 0x1e, 0x50, 0x3e, 0x19, 0x25, 0x41, + 0x35, 0xc7, 0x7c, 0x14, 0x99, 0x7b, 0x97, 0x80, + 0x60, 0x9d, 0xf8, 0xf1, 0xac, 0x43, 0x7b, 0x5c, + 0xb6, 0xe2, 0xc4, 0x8f, 0x3f, 0xd7, 0x1b, 0xd4, + 0x61, 0x90, 0x40, 0xe3, 0xd5, 0x60, 0xac, 0xee, + 0x62, 0x53, 0x1f, 0x1f, 0x75, 0xf6, 0x2c, 0xda, + 0x1a, 0xed, 0x4a, 0x6a, 0x11, 0xeb, 0x9b, 0x1c, + 0x39, 0x0d, 0x6e, 0x8a, 0xf8, 0x3d, 0x45, 0x08, + 0x3e, 0x24, 0x17, 0x3e, 0xcf, 0x74, 0xcf, 0x6a, + 0xcb, 0x37, 0xdf, 0x25, 0xc6, 0xa5, 0xe4, 0x1e, + 0x53, 0x28, 0x71, 0xcf, 0xac, 0x1e, 0xad, 0x77, + 0x8c, 0xfc, 0x80, 0x19, 0x9c, 0xcc, 0x00, 0x60, + 0xc6, 0x82, 0xa0, 0xb8, 0x5e, 0x42, 0xd1, 0xff, + 0x14, 0x0a, 0x92, 0x5c, 0xde, 0x8a, 0x15, 0x7a, + }, + .len = 133, + }, + .iv = { + .data = { + 0xc4, 0x90, 0xd7, 0x74, 0x5e, 0x26, 0xc8, 0x43, + 0x12, 0x45, 0x48, 0xc1, 0x0f, 0xb1, 0x18, 0xd8, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key.length = 48, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 48, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { .key = { .data = { From patchwork Tue Mar 12 07:17:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138187 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A7CBD43C8E; Tue, 12 Mar 2024 08:19:24 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BEB5040E8A; Tue, 12 Mar 2024 08:18:48 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id EF521410ED for ; Tue, 12 Mar 2024 08:18:42 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C5xxgd004827; Tue, 12 Mar 2024 00:18:42 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=o5aJwk0tWaDvRS61NEqpkwXCM0pEdmJL3FNmERDug50=; b=cvX iKIIl720DCHS6H0Lo4pGlgvufq/DQsfqtKhrFkqMZSb5tPx5CR1H9gfDMvWJGlGn 7QZlLkx3AsTxMep8CFiF/u6wmq3oZm0OyCLCbndi1hRpwWw+3wTFJnv18179IuGz luKwyWvVeYIsGOXaH551jyXyVTeNQ1NTe65Rrdp0XqIx0SZE2Z1sCtU43v8plXmp j1BdGzwaA/UPfFs0uauotKEa2lIVRMqAjyvxDGqSw1cJnxbnpoXF2u3fVXf9EHB+ EeHnHf0O6Tw1ltSUj9Q/kd0MoqfTA/kbTVtBjPKv43s1humC85wHnKBQHck8G/gI wb2hyxOfuE2ueTyOBAQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:42 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:41 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:41 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id EAD803F7045; Tue, 12 Mar 2024 00:18:38 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 11/21] test/security: add DTLS 1.2 anti-replay tests Date: Tue, 12 Mar 2024 12:47:55 +0530 Message-ID: <20240312071805.1354530-12-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: AT0FKLmmYBlIGkVoK0egN_ViRMxiqVv6 X-Proofpoint-GUID: AT0FKLmmYBlIGkVoK0egN_ViRMxiqVv6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add anti-replay test for DTLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 115 ++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 132 ++++++++++-------- app/test/test_cryptodev_security_tls_record.h | 11 +- 3 files changed, 188 insertions(+), 70 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 95f2377d4d..904bad39d3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11827,6 +11827,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD, }; + if ((tls_record_xform.ver == RTE_SECURITY_VERSION_DTLS_1_2) && + (sess_type == RTE_SECURITY_TLS_SESS_TYPE_READ)) + sess_conf.tls_record.dtls_1_2.ar_win_sz = flags->ar_win_size; + if (td[0].aead) test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); @@ -11851,6 +11855,17 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], return TEST_SKIPPED; for (i = 0; i < nb_td; i++) { + if (flags->ar_win_size && + (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE)) { + sess_conf.tls_record.dtls_1_2.seq_no = + td[i].tls_record_xform.dtls_1_2.seq_no; + ret = rte_security_session_update(ctx, ut_params->sec_session, &sess_conf); + if (ret) { + printf("Could not update sequence number in session\n"); + return TEST_SKIPPED; + } + } + /* Setup source mbuf payload */ ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, nb_segs, 0); @@ -11890,17 +11905,19 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); - ret = test_tls_record_status_check(ut_params->op); + ret = test_tls_record_status_check(ut_params->op, &td[i]); if (ret != TEST_SUCCESS) goto crypto_op_free; if (res_d != NULL) res_d_tmp = &res_d[i]; - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, silent); - if (ret != TEST_SUCCESS) - goto crypto_op_free; - + if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { + ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, + silent); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + } rte_crypto_op_free(ut_params->op); ut_params->op = NULL; @@ -12190,6 +12207,90 @@ test_dtls_1_2_record_proto_display_list(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_pkt_replay(const uint64_t seq_no[], + bool replayed_pkt[], uint32_t nb_pkts, + struct tls_record_test_flags *flags) +{ + struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; + struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; + unsigned int i, idx, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, + td_outb, nb_pkts, 0); + + for (idx = 0; idx < nb_pkts; idx++) + td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx]; + + ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); + + for (idx = 0; idx < nb_pkts; idx++) { + td_inb[idx].tls_record_xform.dtls_1_2.ar_win_sz = flags->ar_win_size; + /* Set antireplay flag for packets to be dropped */ + td_inb[idx].ar_packet = replayed_pkt[idx]; + } + + ret = test_tls_record_proto_process(td_inb, NULL, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_dtls_1_2_record_proto_antireplay(void) +{ + struct tls_record_test_flags flags; + uint64_t winsz = 64, seq_no[5]; + uint32_t nb_pkts = 5; + bool replayed_pkt[5]; + + memset(&flags, 0, sizeof(flags)); + + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + flags.ar_win_size = winsz; + + /* 1. Advance the TOP of the window to WS * 2 */ + seq_no[0] = winsz * 2; + /* 2. Test sequence number within the new window(WS + 1) */ + seq_no[1] = winsz + 1; + /* 3. Test sequence number less than the window BOTTOM */ + seq_no[2] = winsz; + /* 4. Test sequence number in the middle of the window */ + seq_no[3] = winsz + (winsz / 2); + /* 5. Test replay of the packet in the middle of the window */ + seq_no[4] = winsz + (winsz / 2); + + replayed_pkt[0] = false; + replayed_pkt[1] = false; + replayed_pkt[2] = true; + replayed_pkt[3] = false; + replayed_pkt[4] = true; + + return test_dtls_pkt_replay(seq_no, replayed_pkt, nb_pkts, &flags); +} + static int test_dtls_1_2_record_proto_sgl(void) { @@ -17505,6 +17606,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Zero len DTLS record with content type as ctrl", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_zero_len_non_app), + TEST_CASE_NAMED_ST( + "Antireplay with window size 64", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index c5410a4c92..907e043ddd 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -12,10 +12,21 @@ #include "test_security_proto.h" int -test_tls_record_status_check(struct rte_crypto_op *op) +test_tls_record_status_check(struct rte_crypto_op *op, + const struct tls_record_test_data *td) { int ret = TEST_SUCCESS; + if ((td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_READ) && + td->ar_packet) { + if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { + printf("Anti replay test case failed\n"); + return TEST_FAILED; + } else { + return TEST_SUCCESS; + } + } + if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) ret = TEST_FAILED; @@ -101,81 +112,80 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->xform.chain.auth.auth.key.length = param2->key_length; td->xform.chain.auth.auth.digest_length = param2->digest_length; } - } - - if (flags->data_walkthrough || flags->zero_len) { - test_sec_proto_pattern_set(td->input_text.data, data_len); - td->input_text.len = data_len; - } - - if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) - td->app_type = RTE_TLS_TYPE_MAX; - else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) - td->app_type = RTE_TLS_TYPE_HANDSHAKE; - tls_pkt_size = td->input_text.len; + if (flags->data_walkthrough || flags->zero_len) { + test_sec_proto_pattern_set(td->input_text.data, data_len); + td->input_text.len = data_len; + } - if (!td->aead) { - mac_len = td->xform.chain.auth.auth.digest_length; - switch (td->xform.chain.cipher.cipher.algo) { - case RTE_CRYPTO_CIPHER_3DES_CBC: - roundup_len = 8; + if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) + td->app_type = RTE_TLS_TYPE_MAX; + else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) + td->app_type = RTE_TLS_TYPE_HANDSHAKE; + + tls_pkt_size = td->input_text.len; + + if (!td->aead) { + mac_len = td->xform.chain.auth.auth.digest_length; + switch (td->xform.chain.cipher.cipher.algo) { + case RTE_CRYPTO_CIPHER_3DES_CBC: + roundup_len = 8; + exp_nonce_len = 8; + break; + case RTE_CRYPTO_CIPHER_AES_CBC: + roundup_len = 16; + exp_nonce_len = 16; + break; + default: + roundup_len = 0; + exp_nonce_len = 0; + break; + } + } else { + mac_len = td->xform.aead.aead.digest_length; + roundup_len = 0; exp_nonce_len = 8; + } + + switch (td->tls_record_xform.ver) { + case RTE_SECURITY_VERSION_TLS_1_2: + case RTE_SECURITY_VERSION_TLS_1_3: + hdr_len = sizeof(struct rte_tls_hdr); + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; - case RTE_CRYPTO_CIPHER_AES_CBC: - roundup_len = 16; - exp_nonce_len = 16; + case RTE_SECURITY_VERSION_DTLS_1_2: + hdr_len = sizeof(struct rte_dtls_hdr); + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; default: - roundup_len = 0; - exp_nonce_len = 0; + hdr_len = 0; + min_padding = 0; break; } - } else { - mac_len = td->xform.aead.aead.digest_length; - roundup_len = 0; - exp_nonce_len = 8; - } - - switch (td->tls_record_xform.ver) { - case RTE_SECURITY_VERSION_TLS_1_2: - case RTE_SECURITY_VERSION_TLS_1_3: - hdr_len = sizeof(struct rte_tls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; - break; - case RTE_SECURITY_VERSION_DTLS_1_2: - hdr_len = sizeof(struct rte_dtls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; - break; - default: - hdr_len = 0; - min_padding = 0; - break; - } - tls_pkt_size += mac_len; + tls_pkt_size += mac_len; - /* Padding */ - tls_pkt_size += min_padding; + /* Padding */ + tls_pkt_size += min_padding; - if (roundup_len) - tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + if (roundup_len) + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); - /* Explicit nonce */ - tls_pkt_size += exp_nonce_len; + /* Explicit nonce */ + tls_pkt_size += exp_nonce_len; - /* Add TLS header */ - tls_pkt_size += hdr_len; + /* Add TLS header */ + tls_pkt_size += hdr_len; - td->output_text.len = tls_pkt_size; + td->output_text.len = tls_pkt_size; - RTE_SET_USED(flags); + } } void diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 22572537ef..e706e38e46 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -89,16 +89,18 @@ struct tls_record_test_data { struct rte_security_tls_record_xform tls_record_xform; uint8_t app_type; bool aead; + bool ar_packet; }; struct tls_record_test_flags { bool display_alg; - uint8_t nb_segs_in_mbuf; bool data_walkthrough; - enum rte_security_tls_version tls_version; bool pkt_corruption; - enum tls_record_test_content_type content_type; bool zero_len; + uint8_t nb_segs_in_mbuf; + enum rte_security_tls_version tls_version; + enum tls_record_test_content_type content_type; + int ar_win_size; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -123,7 +125,8 @@ extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; -int test_tls_record_status_check(struct rte_crypto_op *op); +int test_tls_record_status_check(struct rte_crypto_op *op, + const struct tls_record_test_data *td); int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform, const struct rte_security_capability *sec_cap, bool silent); From patchwork Tue Mar 12 07:17:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138188 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A209343C8E; Tue, 12 Mar 2024 08:19:32 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D26CA4113C; Tue, 12 Mar 2024 08:18:49 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 00A484111B for ; Tue, 12 Mar 2024 08:18:45 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C602aq004909; Tue, 12 Mar 2024 00:18:45 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=hUtqU/yXA2GB0/nLUN23+hf9RM9VWcLiYWBADHi37hE=; b=ZIf zCZNGk+oKy1k/g4T0CuwLB59+hyo8EjLZ6KyyAqzHdlERKj3s5YlOvFFNa43HiWS GyvIspyCGlPdLrCHTvRa2XH7zZHVVpDBqvUfF5LBETaJm4XYBKnIIV1Lyl+UL1MQ 5nbLcwQZDkmJCLe5U5jjdx8qFeLOHRGwwRKJQAWeXpYjmJMnwMx077L+dux11lL/ FzpW6Uyi76rD9QAWe99qG2C2qQoK5dB+lC6sfee6rsfGbbbcDI6irrIbEhlqx8/0 E5xdi6QrfJ48Ha3A3eD1FhlEobC4TCRhxK0SIXZvpKdGPonOrMa/a3+n++BFtQs5 D7fTTk2c+nKYIlj7gHA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:18:45 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:44 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:44 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id CFCEC3F7045; Tue, 12 Mar 2024 00:18:41 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 12/21] test/security: add more DTLS anti-replay window sz Date: Tue, 12 Mar 2024 12:47:56 +0530 Message-ID: <20240312071805.1354530-13-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: ybJDsAGQlgeJ1xDNKUbRUCx8zS7hpKMR X-Proofpoint-GUID: ybJDsAGQlgeJ1xDNKUbRUCx8zS7hpKMR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add anti-replay tests for window sizes 128, 256, 512, 1024, 2048 and 4096 window sizes in DTLS 1.2 suite. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 72 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 904bad39d3..72d91d23a2 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12259,12 +12259,12 @@ test_dtls_pkt_replay(const uint64_t seq_no[], } static int -test_dtls_1_2_record_proto_antireplay(void) +test_dtls_1_2_record_proto_antireplay(uint64_t winsz) { struct tls_record_test_flags flags; - uint64_t winsz = 64, seq_no[5]; uint32_t nb_pkts = 5; bool replayed_pkt[5]; + uint64_t seq_no[5]; memset(&flags, 0, sizeof(flags)); @@ -12291,6 +12291,48 @@ test_dtls_1_2_record_proto_antireplay(void) return test_dtls_pkt_replay(seq_no, replayed_pkt, nb_pkts, &flags); } +static int +test_dtls_1_2_record_proto_antireplay64(void) +{ + return test_dtls_1_2_record_proto_antireplay(64); +} + +static int +test_dtls_1_2_record_proto_antireplay128(void) +{ + return test_dtls_1_2_record_proto_antireplay(128); +} + +static int +test_dtls_1_2_record_proto_antireplay256(void) +{ + return test_dtls_1_2_record_proto_antireplay(256); +} + +static int +test_dtls_1_2_record_proto_antireplay512(void) +{ + return test_dtls_1_2_record_proto_antireplay(512); +} + +static int +test_dtls_1_2_record_proto_antireplay1024(void) +{ + return test_dtls_1_2_record_proto_antireplay(1024); +} + +static int +test_dtls_1_2_record_proto_antireplay2048(void) +{ + return test_dtls_1_2_record_proto_antireplay(2048); +} + +static int +test_dtls_1_2_record_proto_antireplay4096(void) +{ + return test_dtls_1_2_record_proto_antireplay(4096); +} + static int test_dtls_1_2_record_proto_sgl(void) { @@ -17609,7 +17651,31 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Antireplay with window size 64", ut_setup_security, ut_teardown, - test_dtls_1_2_record_proto_antireplay), + test_dtls_1_2_record_proto_antireplay64), + TEST_CASE_NAMED_ST( + "Antireplay with window size 128", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay128), + TEST_CASE_NAMED_ST( + "Antireplay with window size 256", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay256), + TEST_CASE_NAMED_ST( + "Antireplay with window size 512", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay512), + TEST_CASE_NAMED_ST( + "Antireplay with window size 1024", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay1024), + TEST_CASE_NAMED_ST( + "Antireplay with window size 2048", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay2048), + TEST_CASE_NAMED_ST( + "Antireplay with window size 4096", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay4096), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 07:17:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138191 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CCEAD43C8E; Tue, 12 Mar 2024 08:19:54 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 298EA40DDB; Tue, 12 Mar 2024 08:19:08 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id C4C1E40DDB for ; Tue, 12 Mar 2024 08:19:04 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601hb004856; Tue, 12 Mar 2024 00:19:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=JELIBNpBgLbLJhtjtZIM3O4o2Fg6QQT4MSVLZdo96LQ=; b=RnE Q1fYm7z5FkvGBh3Iz6h+RKW1bizTmZHizngDltBh3B8G2OGnTSXjbajrTsHFAXw+ C6FgxXMW7PiHPKhxBhdlgMWrrsYuRYxEAO9yEQQ14L87tTPWtacr2p2NYMS98q8y dxzSYqbXcL0VeM4EmyGpO+HduEC6LfvDW+jG6bRX5t+vyYDuy2tCgfHxfqqSvCpp N/BGavv+8oFhc8x+m4iF6W26LYc9epwfMjdX+hOybkGvhGm6VpCSCfWsqQJm5ZfF BkWNn3Sg2nyjYI6sWL2SnWYocn0BYCFXNrrgYovVA2YNhG1akK7TKg3LBcPPNCah c4PiOPKgRSvo8eATiVg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:19:04 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:47 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 12 Mar 2024 00:18:47 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:47 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id B14173F7045; Tue, 12 Mar 2024 00:18:44 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 13/21] test/crypto: update verification of header Date: Tue, 12 Mar 2024 12:47:57 +0530 Message-ID: <20240312071805.1354530-14-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: NH9O34BQnu52axzEElXWGPNtpEl6ydlj X-Proofpoint-GUID: NH9O34BQnu52axzEElXWGPNtpEl6ydlj X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri In TLS 1.3, the version in the header would be TLS 1.2 and the content type would be APP irrespective of the type of the payload. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev_security_tls_record.c | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 907e043ddd..498c4923e0 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -275,9 +275,9 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp hdr_len = sizeof(struct rte_tls_hdr); } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text; - if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_3) { + if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) { printf("Incorrect header version [expected - %4x, received - %4x]\n", - RTE_TLS_VERSION_1_3, rte_be_to_cpu_16(hdr->version)); + RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version)); return TEST_FAILED; } content_type = hdr->type; @@ -297,10 +297,18 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp return TEST_FAILED; } - if (content_type != td->app_type) { - printf("Incorrect content type in packet [expected - %d, received - %d]\n", - td->app_type, content_type); - return TEST_FAILED; + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { + if (content_type != RTE_TLS_TYPE_APPDATA) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } + } else { + if (content_type != td->app_type) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } } if (length != td->output_text.len - hdr_len) { From patchwork Tue Mar 12 07:17:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138189 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CDACA43C8E; Tue, 12 Mar 2024 08:19:40 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8D20740EAB; Tue, 12 Mar 2024 08:19:05 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 09B9B40DDB for ; Tue, 12 Mar 2024 08:19:03 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601hY004856; Tue, 12 Mar 2024 00:19:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=IvmALzhuG3HGJY+lhm/kLLH23OKcB1kLxk/L1EcYXMo=; b=i9C LRt/oWegbfebp/HSrfLTXWVpj95dzBt7t7WLy2OuzCZuwZT4iIf8/9fhcOrzo5uk x7Gj62lRVKQNR9PI8A1r1ICaFMEH5fvLy4HercX8vvt1h/wgQPrzLPbPQREuGB0s y2kmO2x7uiIDULaGDrWm9nhxYnktMVEUi9JP14fNbeIiFz/SWb5UKqhXHktI4ci2 5qvGEi0/KKusiOBbz6oy0bZ7HZ20+p5CF377Km/9T0e+/cUMuEuCxcbfjRN2Nqt1 lMroVco0npQHYXA9ZRh5XgA7wWLf3QR3xl+oyrBWMiSGD1DbexV6fXP86VLMGcCl zzv478qLIFIzMtt6qYw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:19:03 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:50 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:50 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 941C83F7045; Tue, 12 Mar 2024 00:18:47 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 14/21] test/crypto: add TLS 1.3 vectors Date: Tue, 12 Mar 2024 12:47:58 +0530 Message-ID: <20240312071805.1354530-15-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: V2GMr5qL7t7lTjinjJAq2JLQ9Fep0IOO X-Proofpoint-GUID: V2GMr5qL7t7lTjinjJAq2JLQ9Fep0IOO X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added vectors and test suite for TLS 1.3 AES-128-GCM, AES-256-GCM and CHACHA20-POLY1305 vectors. The vectors are generated using gnuTLS client server application. Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 35 +++ app/test/test_cryptodev_security_tls_record.h | 3 + ...yptodev_security_tls_record_test_vectors.h | 205 ++++++++++++++++++ 3 files changed, 243 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 72d91d23a2..aa9fffe50e 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17680,6 +17680,40 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { } }; +static struct unit_test_suite tls13_record_proto_testsuite = { + .suite_name = "TLS 1.3 Record Protocol Unit Test Suite", + .setup = tls_record_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_chacha20_poly1305), + + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_chacha20_poly1305), + + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + #define ADD_UPLINK_TESTCASE(data) \ TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security, \ ut_teardown, test_docsis_proto_uplink, (const void *) &data), \ @@ -18699,6 +18733,7 @@ run_cryptodev_testsuite(const char *pmd_name) &docsis_proto_testsuite, &tls12_record_proto_testsuite, &dtls12_record_proto_testsuite, + &tls13_record_proto_testsuite, #endif &end_testsuite }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index e706e38e46..05bd7a9862 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -124,6 +124,9 @@ extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; +extern struct tls_record_test_data tls13_test_data_aes_128_gcm; +extern struct tls_record_test_data tls13_test_data_aes_256_gcm; +extern struct tls_record_test_data tls13_test_data_chacha20_poly1305; int test_tls_record_status_check(struct rte_crypto_op *op, const struct tls_record_test_data *td); diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index 27b07cd54a..8af17b07e5 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -1781,4 +1781,209 @@ struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { .app_type = 0x17, }; +/* TLS 1.3 AES-128-GCM */ +struct tls_record_test_data tls13_test_data_aes_128_gcm = { + .key = { + .data = { + 0x03, 0x12, 0xf5, 0x86, 0xe4, 0xd0, 0x27, 0xc7, + 0x47, 0x82, 0x44, 0xca, 0xd3, 0xce, 0x06, 0x6c, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 43, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0x52, 0xb5, 0x24, 0xce, 0x5c, 0x29, 0x0f, 0x0a, + 0x3a, 0xc0, 0x60, 0xaf, 0xba, 0xe3, 0x0d, 0x28, + 0x6c, 0xbb, 0x3e, 0x5f, 0xde, 0x4a, 0xcd, 0xf1, + 0x30, 0x12, 0xa9, 0x42, 0x95, 0x55, 0xf5, 0x2c, + 0xb7, 0xb6, 0x60, 0x82, 0xa2, 0x1d, 0x34, 0x33, + 0x0a, 0xd7, 0x48, 0x40, 0xef, 0xab, 0x70, 0xa7, + 0xb2, 0x58, 0x41, 0xdb, 0xf6, 0x37, 0xe4, 0x6d, + 0xa3, 0x1e, 0xbf, 0x6f, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0x8d, 0x1f, 0xa0, 0x14, 0xc7, 0x66, 0x9f, 0x93, + 0x74, 0x3f, 0x46, 0x52, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + +/* TLS 1.3 AES-256-GCM */ +struct tls_record_test_data tls13_test_data_aes_256_gcm = { + .key = { + .data = { + 0xc9, 0xc2, 0xa2, 0x4c, 0x4e, 0x36, 0x19, 0x6e, + 0xd8, 0xf5, 0xb9, 0x14, 0x30, 0xfc, 0xe0, 0xef, + 0x29, 0xb0, 0x00, 0xd1, 0x2d, 0xfc, 0x5a, 0x76, + 0x50, 0xf4, 0xf3, 0xb1, 0x82, 0x21, 0x57, 0x82, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 43, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0xc9, 0xb0, 0x44, 0x23, 0xd5, 0xe2, 0xbd, 0x1d, + 0xf1, 0x96, 0x53, 0x2c, 0x8c, 0xe2, 0xa3, 0x00, + 0x7b, 0x2a, 0xb1, 0xa1, 0xd6, 0x79, 0x58, 0xb5, + 0x35, 0x1f, 0xbb, 0x98, 0x03, 0xe1, 0x82, 0xa2, + 0x1e, 0x26, 0x81, 0xbe, 0x77, 0x65, 0xaf, 0x7d, + 0x9f, 0x52, 0xec, 0x3a, 0x18, 0x2d, 0x36, 0xab, + 0xdc, 0xa9, 0xfb, 0xd3, 0xa8, 0xd5, 0xbc, 0x98, + 0xa4, 0xab, 0x70, 0xe9, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0xd4, 0x78, 0xf2, 0x90, 0x61, 0x5d, 0x8c, 0x63, + 0x4b, 0xf4, 0x72, 0xf3, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + +struct tls_record_test_data tls13_test_data_chacha20_poly1305 = { + .key = { + .data = { + 0xec, 0x7d, 0x7a, 0x3f, 0x91, 0xdd, 0xb9, 0x70, + 0x95, 0x3b, 0x99, 0xb0, 0xe7, 0x66, 0xda, 0xdc, + 0x85, 0xbb, 0xfc, 0xc8, 0x50, 0xe9, 0x61, 0x88, + 0xc8, 0x1e, 0xf0, 0x61, 0xb0, 0xcd, 0x6c, 0x3d, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, + 0x2d, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, + 0x35, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 49, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x42, + 0x9a, 0xc1, 0xd9, 0x0e, 0xf9, 0x4c, 0x51, 0x8c, + 0xb4, 0xa7, 0x54, 0x57, 0x56, 0xba, 0xbb, 0xf7, + 0xd7, 0x1d, 0x49, 0x5a, 0x42, 0xd2, 0xab, 0x75, + 0x3f, 0xb1, 0x5f, 0xb5, 0x2b, 0x2b, 0xa3, 0xc5, + 0x61, 0x32, 0x7e, 0x62, 0x1e, 0xf5, 0x56, 0xff, + 0x84, 0x8e, 0x9a, 0x99, 0x06, 0xba, 0x3b, 0xc0, + 0x15, 0x4c, 0xf5, 0xb1, 0x5e, 0xcc, 0xff, 0x42, + 0x79, 0x4b, 0xa9, 0x23, 0x16, 0x08, 0xc3, 0x9a, + 0x52, 0x2a, + }, + .len = 71, + }, + .imp_nonce = { + .data = { + 0x3c, 0x28, 0xa0, 0xb8, 0xf8, 0x74, 0x35, 0xfe, + 0xd2, 0xa0, 0x31, 0x28, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + #endif From patchwork Tue Mar 12 07:17:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138190 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B8CAC43C8E; Tue, 12 Mar 2024 08:19:47 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D330940ED8; Tue, 12 Mar 2024 08:19:06 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 6B85D40EF0 for ; Tue, 12 Mar 2024 08:19:04 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601hZ004856; Tue, 12 Mar 2024 00:19:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=qoDazVqCIErOAqbESGEh122PuI7P+pQqlAhJvYliIaM=; b=Qwm 8pdSEaOMA34dCc1mhG/PJyoW2AwuXBQ+z2tSHlgsixsKlWjLBBLBPkxWfECA7FFg grKJmk+vt9oejicn3XcsvKGtOJnwTOJF/Zlyu8V9uVwxL1f7ssb0T26AWQIyhCPe aJ0k/xxQCvRCwLk7Q28dNOEr2nVLg1ytFu8aB8BsKMMu3AAMnkklCDkHltZC8I+y dO20fxxJ1fca3EvndgJYTH5Kk1G9RxZFPJ4Bp7AZ5oRiudHbY1AABQP3gZoE24o8 0orjvDJtah18Lp7htUZrAossw7SYwgN+p2ta2dDV8tg4nl+kJBqAclDZqJlZueYf bV+xYHubb/0dveGEGsg== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72x-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:19:03 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:53 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:52 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 781CF3F70A1; Tue, 12 Mar 2024 00:18:50 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 15/21] test/crypto: update framework to verify tls-1.3 Date: Tue, 12 Mar 2024 12:47:59 +0530 Message-ID: <20240312071805.1354530-16-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: CDzddVcQTOmcbDrraGq-HWMgtZoTpR1b X-Proofpoint-GUID: CDzddVcQTOmcbDrraGq-HWMgtZoTpR1b X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Update the fields in preparation of test descriptor. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 17 +++++--- app/test/test_cryptodev_security_tls_record.c | 43 ++++++++++++------- app/test/test_cryptodev_security_tls_record.h | 10 ++--- 3 files changed, 43 insertions(+), 27 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index aa9fffe50e..25777c1b1f 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11889,8 +11889,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->op->param1.tls_record.content_type = td[i].app_type; /* Copy IV in crypto operation when IV generation is disabled */ - if (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE && - tls_record_xform.options.iv_gen_disable == 1) { + if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) && + (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) && + (tls_record_xform.options.iv_gen_disable == 1)) { uint8_t *iv; int len; @@ -12005,8 +12006,10 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (flags->zero_len) payload_len = 0; again: - test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts, payload_len); + ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, + flags, td_outb, nb_pkts, payload_len); + if (ret == TEST_SKIPPED) + continue; ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) @@ -12218,8 +12221,10 @@ test_dtls_pkt_replay(const uint64_t seq_no[], int ret; for (i = 0; i < RTE_DIM(sec_alg_list); i++) { - test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts, 0); + ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, + flags, td_outb, nb_pkts, 0); + if (ret == TEST_SKIPPED) + continue; for (idx = 0; idx < nb_pkts; idx++) td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx]; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 498c4923e0..96d0a94731 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -70,7 +70,7 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, } } -void +int test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, struct tls_record_test_data *td_array, @@ -79,6 +79,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; + if ((flags->tls_version == RTE_SECURITY_VERSION_TLS_1_3) && + (param1->type != RTE_CRYPTO_SYM_XFORM_AEAD)) + return TEST_SKIPPED; + memset(td_array, 0, nb_td * sizeof(*td)); for (i = 0; i < nb_td; i++) { @@ -88,10 +92,17 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) - memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); - else + switch (flags->tls_version) { + case RTE_SECURITY_VERSION_TLS_1_2: memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); + break; + case RTE_SECURITY_VERSION_TLS_1_3: + memcpy(td, &tls13_test_data_aes_128_gcm, sizeof(*td)); + break; + } td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; @@ -127,6 +138,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (!td->aead) { mac_len = td->xform.chain.auth.auth.digest_length; + min_padding = 1; switch (td->xform.chain.cipher.cipher.algo) { case RTE_CRYPTO_CIPHER_3DES_CBC: roundup_len = 8; @@ -143,30 +155,28 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } else { mac_len = td->xform.aead.aead.digest_length; + min_padding = 0; roundup_len = 0; - exp_nonce_len = 8; + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) + exp_nonce_len = 0; + else + exp_nonce_len = 8; } switch (td->tls_record_xform.ver) { case RTE_SECURITY_VERSION_TLS_1_2: + hdr_len = sizeof(struct rte_tls_hdr); + break; case RTE_SECURITY_VERSION_TLS_1_3: hdr_len = sizeof(struct rte_tls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; + /* Add 1 byte for content type in packet */ + tls_pkt_size += 1; break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; break; default: - hdr_len = 0; - min_padding = 0; - break; + return TEST_SKIPPED; } tls_pkt_size += mac_len; @@ -186,6 +196,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->output_text.len = tls_pkt_size; } + return TEST_SUCCESS; } void diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 05bd7a9862..21d25c02bf 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -137,11 +137,11 @@ int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_re void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, struct tls_record_test_data *td_in); -void test_tls_record_td_prepare(const struct crypto_param *param1, - const struct crypto_param *param2, - const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td, - unsigned int data_len); +int test_tls_record_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct tls_record_test_flags *flags, + struct tls_record_test_data *td_array, int nb_td, + unsigned int data_len); void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_data td_outb[], int nb_td, From patchwork Tue Mar 12 07:18:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138192 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2AB6B43C8E; Tue, 12 Mar 2024 08:20:01 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D431A410E3; Tue, 12 Mar 2024 08:19:17 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 8F7A940EF0 for ; Tue, 12 Mar 2024 08:19:05 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601hd004856; Tue, 12 Mar 2024 00:19:05 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=bHrEq19FgAEkbHiaqJqghnqAMcdVoXeDUu5m2n0h1Gk=; b=Nz+ zULZnR2/DHMhZ9VrQk2pzofr7rDrZQZCoHiWQKEz3ioMezFZXiXiGhGKZdEHAD6W uiA/TMrvJ9A8JwKloks9UNEWw4UDs1nUQQDd0kcCHcRH3K54tU86QlN4Y4n65qBs wKznr4p1HsXPXfRdKYRiMWNGZvFVMXuJQbX9ow8xaJIaj9MWZ9EV8QqOCfvNVVA/ 4U5o3jQ3jPKuONq2XMVVRK203vfWkzVRHW1bASrIi9Z3GmT4s1A4QSWoflV1PFhc cUmA94OTrv74JBy1kVrotxZ5BZaZkLyGqih7p+O1kRP5dHy9tiKTH2czlhpXITPA +HfkYDYrXZTXc+jSaSg== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72x-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:19:04 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:55 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:55 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 5998A3F70A1; Tue, 12 Mar 2024 00:18:53 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 16/21] test/crypto: test to verify hdr corruption in TLS Date: Tue, 12 Mar 2024 12:48:00 +0530 Message-ID: <20240312071805.1354530-17-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: f3XJ--n9Qu1j-DqhhuQZMhjTJ04SKXUy X-Proofpoint-GUID: f3XJ--n9Qu1j-DqhhuQZMhjTJ04SKXUy X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with header corruption. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 25777c1b1f..9f0a737913 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12424,6 +12424,20 @@ test_dtls_1_2_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_1_3_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17714,7 +17728,10 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "Read record known vector CHACHA20-POLY1305", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls13_test_data_chacha20_poly1305), - + TEST_CASE_NAMED_ST( + "TLS-1.3 record header corruption", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_corrupt_pkt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 07:18:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138193 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6DE5F43C8E; Tue, 12 Mar 2024 08:20:07 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2455F40ED2; Tue, 12 Mar 2024 08:19:19 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 5C9CE40ED8 for ; Tue, 12 Mar 2024 08:19:06 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601hg004856; Tue, 12 Mar 2024 00:19:05 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=5y2J6CebcndISM9cZDkKw+oChKoH/YJrcVIE8ssUy0I=; b=O5/ Pouu5+b1Kk1Flq/zyL0EB/6eI/6TkD/Fy/GojnV3Sz9ZmoBTLO/rmdlG5l+0MIzk TMcLRZYrlJftJrBP+K8Hm+C3EZvLATyI3GA0KxP0W3EqEppZ+lWFDG347e68nwJ7 3kRHuGLcSPpRtSpGYpzDEOjbJ6BkypgAzSeY5zqoOfpDiBn+kWPGxXWqXhmxK5bU ZTFfUC/l0DbNC04UmOfbqsFfz0/oa9teW/8+DDifaWdm3jqR4I2uTkshfbWQ78jJ mj08BoWL3EMWLO7uw7uRhRdBizTIcMGguaOCJIIfVK6EJo0Mrd7iX3Zs/eKkGxqD xWsdiMCoyW2VOo3M2vg== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72x-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:19:05 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:18:58 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:18:58 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 3A3F13F7045; Tue, 12 Mar 2024 00:18:55 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 17/21] test/crypto: test to verify custom content type in TLS Date: Tue, 12 Mar 2024 12:48:01 +0530 Message-ID: <20240312071805.1354530-18-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: P4xj4u43TJOsLsRDh4qr4EsG7DGnsybS X-Proofpoint-GUID: P4xj4u43TJOsLsRDh4qr4EsG7DGnsybS X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with content type as custom. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9f0a737913..fe4fcfbfdb 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12438,6 +12438,21 @@ test_tls_1_3_record_proto_corrupt_pkt(void) return test_tls_record_proto_all(&flags); } + +static int +test_tls_1_3_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17732,6 +17747,10 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "TLS-1.3 record header corruption", ut_setup_security, ut_teardown, test_tls_1_3_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "TLS-1.3 record header with custom content type", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_custom_content_type), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 07:18:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138195 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C9E5043C8E; Tue, 12 Mar 2024 08:20:19 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7C776427D9; Tue, 12 Mar 2024 08:19:21 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id C587841133 for ; Tue, 12 Mar 2024 08:19:06 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601hi004856; Tue, 12 Mar 2024 00:19:06 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=m7mqdFjoWrCEKetDqdlKORbJ3M/8k/8L0RROfpRwkYU=; b=Tb3 K+OauLnlQqCRvu4PvcbMRsZFkHqPb314iwICo1rO8w7udVeOy+XHnAQALpx+rnQk J5LitveVMLIjO6rUktaNq8dk5kKR2hzmFGWqd/6tQl1Mtm3EbFW7vsc54dGsAwXN +fN/vI0vee59yvkTF5pCPPQWbM1HDqZAQCllvKZEONnL0oGHgVxjpRINStzosQmP tDE073JWfRVhv1wVCAfeWX96xbUIemut033VI7Kp1Yk/Twi0DNbyKM2wIPKxi0fg KJqsixZ/7FWNfRLlckNR35+6FR52D/jNBCZ/lw6DryEED+Tams+qvz7W4gp/lAna Po/JHTrz2E2gzHOF9gw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72x-5 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:19:06 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:19:01 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:19:01 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 1B2B23F7045; Tue, 12 Mar 2024 00:18:58 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 18/21] test/crypto: test to verify zero len record in TLS Date: Tue, 12 Mar 2024 12:48:02 +0530 Message-ID: <20240312071805.1354530-19-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: kX6eN8nRWfvcZXnpxrFkNpx3w9JhvFow X-Proofpoint-GUID: kX6eN8nRWfvcZXnpxrFkNpx3w9JhvFow X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with zero length. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fe4fcfbfdb..8ad5033f32 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12453,6 +12453,37 @@ test_tls_1_3_record_proto_custom_content_type(void) return test_tls_record_proto_all(&flags); } + +static int +test_tls_1_3_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_3_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17751,6 +17782,14 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "TLS-1.3 record header with custom content type", ut_setup_security, ut_teardown, test_tls_1_3_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "TLS-1.3 record with zero len and content type as app", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "TLS-1.3 record with zero len and content type as ctrl", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 07:18:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138196 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CF32143C8E; Tue, 12 Mar 2024 08:20:25 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E21E3427E1; Tue, 12 Mar 2024 08:19:22 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 30FF441148 for ; Tue, 12 Mar 2024 08:19:07 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C601hj004856; Tue, 12 Mar 2024 00:19:06 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=1Iz0NwHNOvLRTL0erJopsfWZmcko2vxV6O2LybdWmzs=; b=OaM 6Kmeh3sk/vjYNdaK4r/U41jmmrZ/o1ivrJ9jDrHKsWQnovQmDgGnh5wEIkbCI4jS oNt7lA10EZzL9mO3jJ7J01e9t/uobtEAnCCP1P6CggYqPdjtfHHTSJc2/IWvJdy+ 7nMdjeCTdIwTTFZb2JEJbRr6FHcJQ5mAxhoSRdkejprRjN80MxVu+apb+Iw2545Y QoLNgHe874EpYX7RZPabEc6N7dRoTxlM4cl3UGsVMOd4ttblXGDDwsD7unH/J+11 HUxm0KkJ0g+8MQ8iIwq/EXg9djyo8R1K05P/GT9X2KyWSZXgc8579vJxty6NxANN 5A3XqcbFxJDm4AJfEmQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72x-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:19:06 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:19:04 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:19:04 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 024F23F70A1; Tue, 12 Mar 2024 00:19:01 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 19/21] test/crypto: unit tests to verify padding in TLS Date: Tue, 12 Mar 2024 12:48:03 +0530 Message-ID: <20240312071805.1354530-20-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 7TJhbfwECkjR3Q8q4i1FQwJmbU97QS4t X-Proofpoint-GUID: 7TJhbfwECkjR3Q8q4i1FQwJmbU97QS4t X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the padding for TLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 85 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 28 ++++-- app/test/test_cryptodev_security_tls_record.h | 5 +- 3 files changed, 109 insertions(+), 9 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 8ad5033f32..a324c1607b 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11834,6 +11834,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (td[0].aead) test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); + if (flags->opt_padding) + tls_record_xform.options.extra_padding_enable = 1; + sess_conf.tls_record = tls_record_xform; if (td[0].aead) { @@ -11888,6 +11891,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->op->sym->m_dst = NULL; ut_params->op->param1.tls_record.content_type = td[i].app_type; + if (flags->opt_padding) + ut_params->op->aux_flags = flags->opt_padding; + /* Copy IV in crypto operation when IV generation is disabled */ if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) && (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) && @@ -11915,7 +11921,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, - silent); + silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; } @@ -12184,6 +12190,59 @@ test_tls_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_opt_padding(uint8_t padding, uint8_t num_segs, + enum rte_security_tls_version tls_version) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = num_segs, + .tls_version = tls_version, + .opt_padding = padding + }; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_record_proto_dm_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_dm_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 2, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_2(void) +{ + return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_max(void) +{ + return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17578,6 +17637,30 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Zero len TLS record with content type as ctrl", ut_setup_security, ut_teardown, test_tls_record_proto_zero_len_non_app), + TEST_CASE_NAMED_ST( + "TLS record DM mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_dm_opt_padding), + TEST_CASE_NAMED_ST( + "TLS record DM mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_dm_opt_padding_1), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_1), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_2), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > max range", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_max), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 96d0a94731..03d9efefc3 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -269,7 +269,8 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, } static int -tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) +tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text, + const struct tls_record_test_flags *flags) { uint16_t length, hdr_len; uint8_t content_type; @@ -322,10 +323,22 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp } } - if (length != td->output_text.len - hdr_len) { - printf("Incorrect packet length [expected - %d, received - %d]\n", - td->output_text.len - hdr_len, length); - return TEST_FAILED; + if (!flags->opt_padding) { + if (length != td->output_text.len - hdr_len) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + td->output_text.len - hdr_len, length); + return TEST_FAILED; + } + } else { + int pad_len = (flags->opt_padding * 8) > 256 ? 256 : (flags->opt_padding * 8); + int expect_len = td->output_text.len - hdr_len + pad_len; + + if (length - expect_len > 32) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + expect_len, length); + return TEST_FAILED; + } + } return TEST_SUCCESS; @@ -333,7 +346,8 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, - struct tls_record_test_data *res_d, bool silent) + struct tls_record_test_data *res_d, bool silent, + const struct tls_record_test_flags *flags) { uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN]; uint32_t len = rte_pktmbuf_pkt_len(m), data_len; @@ -365,7 +379,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t } if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) { - ret = tls_record_hdr_verify(td, output_text); + ret = tls_record_hdr_verify(td, output_text, flags); if (ret != TEST_SUCCESS) return ret; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 21d25c02bf..385064157a 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -97,7 +97,9 @@ struct tls_record_test_flags { bool data_walkthrough; bool pkt_corruption; bool zero_len; + bool padding_corruption; uint8_t nb_segs_in_mbuf; + uint8_t opt_padding; enum rte_security_tls_version tls_version; enum tls_record_test_content_type content_type; int ar_win_size; @@ -148,5 +150,6 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_flags *flags); int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, - struct tls_record_test_data *res_d, bool silent); + struct tls_record_test_data *res_d, bool silent, + const struct tls_record_test_flags *flags); #endif From patchwork Tue Mar 12 07:18:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138197 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 630C743C8E; Tue, 12 Mar 2024 08:20:33 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9ACB3427DF; Tue, 12 Mar 2024 08:19:27 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id D8F26415D7 for ; Tue, 12 Mar 2024 08:19:08 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42C5xwBf004813; Tue, 12 Mar 2024 00:19:08 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=KBHB9syhLc7P17UnIjw132Tc/bmdbMR7lOQswGhxKwc=; b=bFv YzyX5ToE2pp7fo072/pLsao49KwSdFVBjKHKNYyfOVuVF2tzfMhRfj5j/4WjoELj BXKKbKEEFmhA9iz99GWINasHPNkkun6AaVsNnxDdyOUIlWquY5yRsQxSzu9wRnHY NUMjf/K/1q+S1+lsm9A1SPe2Mbu7w+oudk4lScacNhpvkvwjqHzJDsI4kUd5jhfK JpIkBYEn9mZoBooPH6AO3WvYMP6X65XzC9itz33vqvjW+nZqP4axZNBWP1wrItCY 8AdNe80yc9pijfRE5nqrz5XaTcloVmoFCkIrGPMwVS3tyUnwnViI0RQ9SV6LMV+e gD9negOgBr87eU8D8mA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv742-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:19:08 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:19:07 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:19:07 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id D87B33F70A1; Tue, 12 Mar 2024 00:19:04 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 20/21] test/crypto: unit tests for padding in DTLS-1.2 Date: Tue, 12 Mar 2024 12:48:04 +0530 Message-ID: <20240312071805.1354530-21-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: VmKBfuCXs4LoIPbav5ocudejCV2rvABt X-Proofpoint-GUID: VmKBfuCXs4LoIPbav5ocudejCV2rvABt X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the padding for DTLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 60 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index a324c1607b..572740cbf9 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12483,6 +12483,42 @@ test_dtls_1_2_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_dm_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_dm_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 5, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_2(void) +{ + return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_max(void) +{ + return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_DTLS_1_2); +} + static int test_tls_1_3_record_proto_corrupt_pkt(void) { @@ -17824,6 +17860,30 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Antireplay with window size 4096", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_antireplay4096), + TEST_CASE_NAMED_ST( + "DTLS record DM mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_dm_opt_padding), + TEST_CASE_NAMED_ST( + "DTLS record DM mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_dm_opt_padding_1), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_1), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_2), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > max range", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_max), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 07:18:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138198 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 42F3143C8E; Tue, 12 Mar 2024 08:20:41 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 10FAA40EE1; Tue, 12 Mar 2024 08:19:35 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id CB1BF40E25 for ; Tue, 12 Mar 2024 08:19:11 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42BIW7PH004799; Tue, 12 Mar 2024 00:19:11 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=2L/wThCTvSHCDbqn+6rQj7RDg4V56ghq520DOEgPpaw=; b=DG9 SosnphKmnUZfLneokbHgpFnBA38H5XTYEQM7jmvUXNduG9eyjY2IkoMA7mLzCqY7 DoW0V6hmflCa2wBnjBAoti6Gn1rDcy9zHe9hw99mTXgI4u9rasPl2HkDty+HEkhX xdSHKapXxF79FQifRcZXY0cXczajqln2YM8iVEzKJ0WPOpQtGVqVVErIQ/7o6yaI /OvSdgEywgW75QvcDYsoa5J/OCpY8YmnBN8WeZdex7ZXDSR8JEQs6ZMRtQSkf+2k 7PpHKqD4hZYVI9MBeuSgxRB8chBzFoQKk0XfIcf8fe+n6H9ZLl8nB66K4jCr2zTh y2sarWUvKK8XUbpW+pw== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wt54n29wg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 00:19:10 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 00:19:10 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 00:19:10 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id C51133F70A1; Tue, 12 Mar 2024 00:19:07 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 21/21] test/security: add out of place sgl test case for TLS 1.2 Date: Tue, 12 Mar 2024 12:48:05 +0530 Message-ID: <20240312071805.1354530-22-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com> References: <20240305072213.283205-1-asasidharan@marvell.com> <20240312071805.1354530-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: oT77iAVaetSw6F-OknvffDLnUiCwvtpW X-Proofpoint-GUID: oT77iAVaetSw6F-OknvffDLnUiCwvtpW X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add TLS 1.2 out-of-place multi-segmented packet test. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 52 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.h | 1 + 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 572740cbf9..1703ebccf1 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11873,6 +11873,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, nb_segs, 0); pktmbuf_write(ut_params->ibuf, 0, td[i].input_text.len, td[i].input_text.data); + if (flags->out_of_place) + ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool, + td[i].output_text.len, nb_segs, 0); + else + ut_params->obuf = NULL; /* Generate crypto op data structure */ ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, @@ -11888,7 +11893,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], /* Set crypto operation mbufs */ ut_params->op->sym->m_src = ut_params->ibuf; - ut_params->op->sym->m_dst = NULL; + ut_params->op->sym->m_dst = ut_params->obuf; ut_params->op->param1.tls_record.content_type = td[i].app_type; if (flags->opt_padding) @@ -11920,7 +11925,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], res_d_tmp = &res_d[i]; if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, + struct rte_mbuf *buf = flags->out_of_place ? ut_params->obuf : + ut_params->ibuf; + + ret = test_tls_record_post_process(buf, &td[i], res_d_tmp, silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -11929,6 +11937,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_crypto_op_free(ut_params->op); ut_params->op = NULL; + if (flags->out_of_place) { + rte_pktmbuf_free(ut_params->obuf); + ut_params->obuf = NULL; + } + rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; } @@ -11937,6 +11950,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_crypto_op_free(ut_params->op); ut_params->op = NULL; + if (flags->out_of_place) { + rte_pktmbuf_free(ut_params->obuf); + ut_params->obuf = NULL; + } + rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; @@ -12127,6 +12145,32 @@ test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_ver return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl_oop(enum rte_security_tls_version tls_version) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .out_of_place = true, + .tls_version = tls_version + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_sgl_oop(void) +{ + return test_tls_record_proto_sgl_oop(RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_tls_1_2_record_proto_sgl_data_walkthrough(void) { @@ -17657,6 +17701,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "Multi-segmented mode out of place", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_sgl_oop), TEST_CASE_NAMED_ST( "TLS packet header corruption", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 385064157a..076568dbf2 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -98,6 +98,7 @@ struct tls_record_test_flags { bool pkt_corruption; bool zero_len; bool padding_corruption; + bool out_of_place; uint8_t nb_segs_in_mbuf; uint8_t opt_padding; enum rte_security_tls_version tls_version;