From patchwork Tue Mar 12 17:51:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138229 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4941343C94; Tue, 12 Mar 2024 18:51:54 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1622542D90; Tue, 12 Mar 2024 18:51:53 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A204F42D72 for ; Tue, 12 Mar 2024 18:51:51 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4RDW015050; Tue, 12 Mar 2024 10:51:50 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=QUZcyTj5XidC+pbqc55KVF8529MavEbdwy3kwFi1fM8=; b=TyH wbnjVxTRsli/BemK4piZK67EQaX90odK5WrxtxMneu2rOHlMLCO9QtVMTtClI4Dp /LspDcOhdbiTOq8+g76BGmp06d1/s1yBEBAsxCggIrRbRNZGYuz5Z8seaBo76hlc PAE0AtATYyDrx2L4+gSXyMZWfV1yUNpp3rq+x5hySOraOmNAyLVxr2IYvJhELbGi gKtFXHUrUbDtL+UaruvcVGUFgaINpmhybjzGIGWie4No7zx8WwiZFtkWdK/MWF58 t4b5q3/FV9hotDZS1vEiQrVZ7LwCh7gotrDjlDxdkiMZzErS7XWGRlqP/Na/WwkF d1Y+5laGqI6Wb06YZ2A== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrfwc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:51:50 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:51:49 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:51:49 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 074B13F70A4; Tue, 12 Mar 2024 10:51:46 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang , Anoob Joseph , Vidya Sagar Velumuri CC: , , Subject: [PATCH v3 01/21] test/security: enable AES-GCM in combined mode TLS Date: Tue, 12 Mar 2024 23:21:23 +0530 Message-ID: <20240312175143.1664699-2-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: mVncx1IexExDOn_dxGtb8TQXoR5Xg410 X-Proofpoint-GUID: mVncx1IexExDOn_dxGtb8TQXoR5Xg410 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Enable AES-GCM AEAD tests in combined mode TLS test suite. Coverity issue: 414888 Fixes: 9157ccb8f876 ("test/crypto: verify TLS headers") Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev_security_tls_record.c | 10 ++++++++-- app/test/test_security_proto.h | 3 +++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index bcb2eba4ff..14a7a2511e 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -116,6 +116,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } else { mac_len = td->xform.aead.aead.digest_length; + roundup_len = 0; exp_nonce_len = 8; } @@ -123,7 +124,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt case RTE_SECURITY_VERSION_TLS_1_2: case RTE_SECURITY_VERSION_TLS_1_3: hdr_len = sizeof(struct rte_tls_hdr); - min_padding = 1; + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); @@ -139,7 +143,9 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt /* Padding */ tls_pkt_size += min_padding; - tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + + if (roundup_len) + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); /* Explicit nonce */ tls_pkt_size += exp_nonce_len; diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index efa023b99d..5b92daa810 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -27,16 +27,19 @@ static const struct crypto_param aead_list[] = { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 16, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 24, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 32, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, From patchwork Tue Mar 12 17:51:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138230 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2F1FA43C94; Tue, 12 Mar 2024 18:52:00 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4ACB642DB2; Tue, 12 Mar 2024 18:51:55 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id D58A442D9F for ; Tue, 12 Mar 2024 18:51:53 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CEHUat025258; Tue, 12 Mar 2024 10:51:53 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=rC1FnbXiVmf0sHJDBsbUPyw+4XEKgDU6J6L/qcjTfbo=; b=b6j C1rigQf8tE6K1RTctlxz0UJcpD+0FAuZE6T0QlUYpu6cVzgTTB/AeLFv+f/VqKde WWln8phQ7OF1h1nhBDiwiMwwDEVRUgVkH38m2KwXDiET0vef7DPI216OV1ZdX230 krWOKPDo+gVmvbjNO/4ZyH2nFNuaYvR6cKSaBt2HqwYRs/2igaOALNMdDOZ4foqW Vm7rCj/TI0qqf9xymFUUefUJLwZvkOUYYFMxKh7ayV0OY9oEgllerJcRlr1xSDrN HBVSBMHpjTYEKHKSryWGA2Q8KJLCMBxEWI729Ai4YGotR6A6J2gfbbk2PFwJf9Ci xuS8yvcjI+hCuf+b5XA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcxfc4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:51:53 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:51:52 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:51:52 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id E19163F70A4; Tue, 12 Mar 2024 10:51:49 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang , Anoob Joseph CC: , , , Subject: [PATCH v3 02/21] test/security: add TLS 1.2 data walkthrough test Date: Tue, 12 Mar 2024 23:21:24 +0530 Message-ID: <20240312175143.1664699-3-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: J6mS2c7iIzfM4aHr7bhI0tkndm6YHYx4 X-Proofpoint-GUID: J6mS2c7iIzfM4aHr7bhI0tkndm6YHYx4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add data walkthrough test for TLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 90 +++++++++++++++++-- app/test/test_cryptodev.h | 12 ++- app/test/test_cryptodev_security_tls_record.c | 25 ++++-- app/test/test_cryptodev_security_tls_record.h | 41 ++++++++- app/test/test_security_proto.c | 17 ++++ app/test/test_security_proto.h | 6 ++ 6 files changed, 171 insertions(+), 20 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 3b5e784022..c5837ccbdd 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -858,6 +858,8 @@ ipsec_proto_testsuite_setup(void) static int tls_record_proto_testsuite_setup(void) { + test_sec_proto_pattern_generate(); + return sec_proto_testsuite_setup(RTE_SECURITY_PROTOCOL_TLS_RECORD); } @@ -11958,14 +11960,30 @@ test_tls_record_proto_known_vec_read(const void *test_data) static int test_tls_record_proto_all(const struct tls_record_test_flags *flags) { + unsigned int i, nb_pkts = 1, pass_cnt = 0, payload_len, max_payload_len; struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; - unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; + switch (flags->tls_version) { + case RTE_SECURITY_VERSION_TLS_1_2: + max_payload_len = TLS_1_2_RECORD_PLAINTEXT_MAX_LEN; + break; + case RTE_SECURITY_VERSION_TLS_1_3: + max_payload_len = TLS_1_3_RECORD_PLAINTEXT_MAX_LEN; + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + max_payload_len = DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN; + break; + default: + max_payload_len = 0; + } + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; +again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts); + td_outb, nb_pkts, payload_len); ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) @@ -11983,6 +12001,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_FAILED) return TEST_FAILED; + if (flags->data_walkthrough && (++payload_len <= max_payload_len)) + goto again; + if (flags->display_alg) test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); @@ -11996,22 +12017,69 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) } static int -test_tls_record_proto_display_list(void) +test_tls_1_2_record_proto_data_walkthrough(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.data_walkthrough = true; + flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2; + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_display_list(void) { struct tls_record_test_flags flags; memset(&flags, 0, sizeof(flags)); flags.display_alg = true; + flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2; return test_tls_record_proto_all(&flags); } static int -test_tls_record_proto_sgl(void) +test_tls_1_2_record_proto_sgl(void) { struct tls_record_test_flags flags = { - .nb_segs_in_mbuf = 5 + .nb_segs_in_mbuf = 5, + .tls_version = RTE_SECURITY_VERSION_TLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_display_list(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_sgl(void) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 }; struct crypto_testsuite_params *ts_params = &testsuite_params; struct rte_cryptodev_info dev_info; @@ -17081,11 +17149,15 @@ static struct unit_test_suite tls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, - test_tls_record_proto_display_list), + test_tls_1_2_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Data walkthrough combined test alg list", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_data_walkthrough), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, - test_tls_record_proto_sgl), + test_tls_1_2_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17182,11 +17254,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, - test_tls_record_proto_display_list), + test_dtls_1_2_record_proto_display_list), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, - test_tls_record_proto_sgl), + test_dtls_1_2_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index f27d9697fd..e4e99d00c1 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -5,6 +5,9 @@ #define TEST_CRYPTODEV_H_ #include +#ifdef RTE_LIB_SECURITY +#include "test_security_proto.h" +#endif #define HEX_DUMP 0 @@ -21,9 +24,16 @@ #define DEFAULT_NUM_XFORMS (2) #define NUM_MBUFS (8191) #define MBUF_CACHE_SIZE (256) + +#ifdef RTE_LIB_SECURITY +#define MBUF_DATAPAYLOAD_SIZE RTE_MAX((unsigned int)(4096 + DIGEST_BYTE_LENGTH_SHA512), \ + TEST_SEC_CIPHERTEXT_MAX_LEN) +#else #define MBUF_DATAPAYLOAD_SIZE (4096 + DIGEST_BYTE_LENGTH_SHA512) +#endif + #define MBUF_SIZE (sizeof(struct rte_mbuf) + \ - RTE_PKTMBUF_HEADROOM + MBUF_DATAPAYLOAD_SIZE) + RTE_PKTMBUF_HEADROOM + MBUF_DATAPAYLOAD_SIZE) #define BYTE_LENGTH(x) (x/8) /* HASH DIGEST LENGTHS */ diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 14a7a2511e..3745c6a0d1 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -62,7 +62,8 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, void test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td) + struct tls_record_test_data *td_array, + int nb_td, unsigned int data_len) { int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; @@ -76,7 +77,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) + memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); + else + memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; @@ -84,7 +88,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->xform.aead.aead.digest_length = param1->digest_length; } else { /* Copy template for packet & key fields */ - memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) + memcpy(td, &dtls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + else + memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); td->aead = false; td->xform.chain.cipher.cipher.algo = param1->alg.cipher; @@ -96,6 +103,11 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } + if (flags->data_walkthrough) { + test_sec_proto_pattern_set(td->input_text.data, data_len); + td->input_text.len = data_len; + } + tls_pkt_size = td->input_text.len; if (!td->aead) { @@ -221,6 +233,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, return TEST_SUCCESS; } + static int tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) { @@ -280,13 +293,13 @@ int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent) { + uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN]; uint32_t len = rte_pktmbuf_pkt_len(m), data_len; - uint8_t output_text[TLS_RECORD_MAX_LEN]; const struct rte_mbuf *seg; const uint8_t *output; int ret; - memset(output_text, 0, TLS_RECORD_MAX_LEN); + memset(output_text, 0, TEST_SEC_CIPHERTEXT_MAX_LEN); /* * Actual data in packet might be less in error cases, hence take minimum of pkt_len and sum @@ -300,7 +313,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t } len = RTE_MIN(len, data_len); - TEST_ASSERT(len <= TLS_RECORD_MAX_LEN, "Invalid packet length: %u", len); + TEST_ASSERT(len <= TEST_SEC_CIPHERTEXT_MAX_LEN, "Invalid packet length: %u", len); /* Copy mbuf payload to continuous buffer */ output = rte_pktmbuf_read(m, 0, len, output_text); diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 0bd83f88f0..80b1c58d03 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -10,7 +10,37 @@ #include "test_security_proto.h" -#define TLS_RECORD_MAX_LEN 16384u +/* TLS 1.2 Ciphertext length can be up to (2^14 + 2048 + 5 (TLS Header)) Bytes */ +#define TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (9216u) +static_assert(TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.2 Plaintext length can be up to (2^14 + 1024) Bytes */ +#define TLS_1_2_RECORD_PLAINTEXT_MAX_LEN (8192u) +static_assert(TLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* DTLS 1.2 Ciphertext length is similar to TLS 1.2 */ +#define DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (9216u) +static_assert(DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* DTLS 1.2 Plaintext length is similar to TLS 1.2 */ +#define DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN (8192u) +static_assert(DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.3 Ciphertext length can be up to (2^14 + 256 + 5 (TLS Header)) Bytes */ +#define TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN (9216u) +static_assert(TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.3 Plaintext length can be up to 2^14 Bytes */ +#define TLS_1_3_RECORD_PLAINTEXT_MAX_LEN (8192u) +static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +#define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) struct tls_record_test_data { struct { @@ -22,12 +52,12 @@ struct tls_record_test_data { } auth_key; struct { - uint8_t data[TLS_RECORD_MAX_LEN]; + uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; unsigned int len; } input_text; struct { - uint8_t data[TLS_RECORD_MAX_LEN]; + uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; unsigned int len; } output_text; @@ -56,6 +86,8 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; int nb_segs_in_mbuf; + bool data_walkthrough; + enum rte_security_tls_version tls_version; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -89,7 +121,8 @@ void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_ou void test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td); + struct tls_record_test_data *td_array, int nb_td, + unsigned int data_len); void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_data td_outb[], int nb_td, diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c index d242c852af..cf40d5fc9a 100644 --- a/app/test/test_security_proto.c +++ b/app/test/test_security_proto.c @@ -13,6 +13,8 @@ struct crypto_param_comb sec_alg_list[RTE_DIM(aead_list) + struct crypto_param_comb sec_auth_only_alg_list[2 * (RTE_DIM(auth_list) - 1)]; +static uint8_t cleartext_pattern[TEST_SEC_CLEARTEXT_MAX_LEN]; + void test_sec_alg_list_populate(void) { @@ -152,3 +154,18 @@ test_sec_alg_display(const struct crypto_param *param1, const struct crypto_para } printf("\n"); } + +void +test_sec_proto_pattern_generate(void) +{ + unsigned int i; + + for (i = 0; i < TEST_SEC_CLEARTEXT_MAX_LEN; i++) + cleartext_pattern[i] = (i + 1) & 0xff; +} + +void +test_sec_proto_pattern_set(uint8_t *buf, int len) +{ + rte_memcpy(buf, cleartext_pattern, len); +} diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index 5b92daa810..22a298e6ca 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -8,6 +8,8 @@ #include #include +#define TEST_SEC_CLEARTEXT_MAX_LEN (8192u) +#define TEST_SEC_CIPHERTEXT_MAX_LEN (9216u) #define TEST_SEC_PKTS_MAX 32 struct crypto_param { @@ -186,4 +188,8 @@ int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_c void test_sec_alg_display(const struct crypto_param *param1, const struct crypto_param *param2); +void test_sec_proto_pattern_generate(void); + +void test_sec_proto_pattern_set(uint8_t *buf, int len); + #endif From patchwork Tue Mar 12 17:51:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138231 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1177343C94; Tue, 12 Mar 2024 18:52:09 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 53E0F42DC7; Tue, 12 Mar 2024 18:52:01 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E251C42DC4 for ; Tue, 12 Mar 2024 18:51:57 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4RaP015042; Tue, 12 Mar 2024 10:51:57 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=/9AzlCo2YzprS+oOh8lRIfE7vgCh5VI3gOB6niRhDhw=; b=Laa GOW5e2ZJF9W0K90g+YNO+q/pj/5wm2g96RR6yMEWb++Lb6GWC5a5KAZOV4dyPELP uJ92jvcuijVql8//lm1Dw5WHF2EWKo94pkPlndt5Mo6nZQHqb1ppTgW+HtUcZLkV DNGIug6Y6xlGsOEsKRI2jwdJj/w9OLZmLUPmcp7FmsrTXJmWWc+RBQ5t1ociyeFY kUX33fNu2/h4XlPbmvuo+MhAZuNjaZcbT6RG19C91eZ26bTYOarkgi0V9sVBrTjh Ji0zWKqHF22IDS7pgQtUTLfXpSCM4Ds2qyVXC2E4NPel68YsQAxFleIH1hKq/Cj3 6ZGsoHjQjliNbcy0rfw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrfww-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:51:56 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:51:55 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:51:55 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id C904E3F70A1; Tue, 12 Mar 2024 10:51:52 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 03/21] test/security: add DTLS 1.2 data walkthrough test Date: Tue, 12 Mar 2024 23:21:25 +0530 Message-ID: <20240312175143.1664699-4-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: j8xM3TvceGabv8RtUruqe7RofW8F76AR X-Proofpoint-GUID: j8xM3TvceGabv8RtUruqe7RofW8F76AR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add data walkthrough test for DTLS 1.2 Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 17 +++++++++++++++++ app/test/test_cryptodev_security_tls_record.c | 5 ++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index c5837ccbdd..e0695e9eb3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12061,6 +12061,19 @@ test_tls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_data_walkthrough(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.data_walkthrough = true; + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_display_list(void) { @@ -17255,6 +17268,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Data walkthrough combined test alg list", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_data_walkthrough), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 3745c6a0d1..92bcbff842 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -143,7 +143,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); - min_padding = 0; + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; default: hdr_len = 0; From patchwork Tue Mar 12 17:51:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138232 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D217F43C94; Tue, 12 Mar 2024 18:52:14 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 719C642DD7; Tue, 12 Mar 2024 18:52:02 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id C55CC42DBD for ; Tue, 12 Mar 2024 18:51:59 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CEHUau025258; Tue, 12 Mar 2024 10:51:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=AyW8CYKvUCNJWMynCUH/aAfpjfq4CnK8F20A9FZKmpM=; b=J3O EEXl/6XxnWI9Ar4MEEkqddCa033KVUYSYZ1Gv3CCAYmbLjGLqGgXiHNpuaEXU4BC qiL0rKj6dUKXkDXCzS+45m51KvgcYf/X/G+9KeJhRIMOQBH3NLGwxamWhl+hpCcG Tx7dep+3pDpOsPT2eGcin13YRU1c3KKDyguED5mIpOx9vcVkMv1n+P3Zc9NiR6po ESVQTLLMtBKb5pd9I8VCIJ57/GGE0dOKQOnQamJ+YR14LHtxe/uS+Vy3zfkdx1X4 kQNSBMw3esSnztI+YLNQAHg4QzFQGu/auyRRCp89IyJQ+Vfu7yoq8VCqgiPjVK8J sPcsqXqqN5BDSJa7DzQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcxfcd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:51:59 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:51:58 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:51:58 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id E605E3F70A1; Tue, 12 Mar 2024 10:51:55 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 04/21] test/security: add TLS SG data walkthrough test Date: Tue, 12 Mar 2024 23:21:26 +0530 Message-ID: <20240312175143.1664699-5-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: mSEFPIPJ0iKYHSMH3NG3ueZxsSE3oTrP X-Proofpoint-GUID: mSEFPIPJ0iKYHSMH3NG3ueZxsSE3oTrP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add multi segment packet data walkthrough test for TLS 1.2 and DTLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 42 +++++++++++++++++++ app/test/test_cryptodev_security_tls_record.h | 2 +- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index e0695e9eb3..3591c91130 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11981,6 +11981,8 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) for (i = 0; i < RTE_DIM(sec_alg_list); i++) { payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; + if (flags->nb_segs_in_mbuf) + payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf); again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, td_outb, nb_pkts, payload_len); @@ -12061,6 +12063,32 @@ test_tls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_version) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .tls_version = tls_version, + .data_walkthrough = true + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_sgl_data_walkthrough(void) +{ + return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -12106,6 +12134,12 @@ test_dtls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_sgl_data_walkthrough(void) +{ + return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2); +} + #endif static int @@ -17171,6 +17205,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl), + TEST_CASE_NAMED_ST( + "Multi-segmented mode data walkthrough", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_sgl_data_walkthrough), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17276,6 +17314,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Multi-segmented mode", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_sgl), + TEST_CASE_NAMED_ST( + "Multi-segmented mode data walkthrough", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sgl_data_walkthrough), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 80b1c58d03..c36e6b35c1 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -85,7 +85,7 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; - int nb_segs_in_mbuf; + uint8_t nb_segs_in_mbuf; bool data_walkthrough; enum rte_security_tls_version tls_version; }; From patchwork Tue Mar 12 17:51:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138233 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 24AE343C94; Tue, 12 Mar 2024 18:52:21 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AA95B42DDC; Tue, 12 Mar 2024 18:52:04 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 7FEB442DDA for ; Tue, 12 Mar 2024 18:52:03 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4R6n015026; Tue, 12 Mar 2024 10:52:02 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=KZWG/aPJxQswGBLiNviLNTUusX7R9eiyD+uMakuPL5U=; b=MK4 Ij0+hLn3bc2zEdNF7zmACq0UU9ejPk9bG/IAYK07iuqyIY5rl0d9af4Tl3SL35MJ pc+6kG/u1PFXuWB4boMxzO4DI85EKX2ot3rR6UP7F3PLH0TuVzkoyGRJtLpfK7PX nmTsNFKXTe7qsDOLxwmULMNTj+tpZ37/WcY8bQVSAiXzGDtcgVDZ3X+1dOsEDogD xUWqAqcaFNAwEBG6E1zICzshHb9GT0VWZorIRSC+7Q73GU2xnYOBUOJq78eAquW8 /uMIha1NIGcULi4ABm8iqSFYFUFsF8SjPpTVM1PugMiKdv7zYqabOmhfzgsgpi4t Ktz1GHDGnCMrX3208tQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrfxc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:02 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:01 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:01 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id C81473F70A1; Tue, 12 Mar 2024 10:51:58 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 05/21] test/security: unit test for TLS packet corruption Date: Tue, 12 Mar 2024 23:21:27 +0530 Message-ID: <20240312175143.1664699-6-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 7RDFL5axTFYNcMqWAvCpfi0vpQBbiw3E X-Proofpoint-GUID: 7RDFL5axTFYNcMqWAvCpfi0vpQBbiw3E X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add test to verify the corrupted TLS packet header Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 27 +++++++++++++++++-- app/test/test_cryptodev_security_tls_record.c | 4 +++ app/test/test_cryptodev_security_tls_record.h | 1 + 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 3591c91130..324ef3c276 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12000,8 +12000,13 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (ret == TEST_FAILED) - return TEST_FAILED; + if (flags->pkt_corruption) { + if (ret == TEST_SUCCESS) + return TEST_FAILED; + } else { + if (ret == TEST_FAILED) + return TEST_FAILED; + } if (flags->data_walkthrough && (++payload_len <= max_payload_len)) goto again; @@ -12089,6 +12094,20 @@ test_tls_1_2_record_proto_sgl_data_walkthrough(void) return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2); } +static int +test_tls_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17209,6 +17228,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "TLS packet header corruption", + ut_setup_security, ut_teardown, + test_tls_record_proto_corrupt_pkt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 92bcbff842..93ff7f36fa 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -185,6 +185,10 @@ test_tls_record_td_update(struct tls_record_test_data td_inb[], td_outb[i].input_text.len); td_inb[i].output_text.len = td_outb->input_text.len; + /* Corrupt the content type in the TLS header of encrypted packet */ + if (flags->pkt_corruption) + td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0]; + /* Clear outbound specific flags */ td_inb[i].tls_record_xform.options.iv_gen_disable = 0; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index c36e6b35c1..bdc3488935 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -88,6 +88,7 @@ struct tls_record_test_flags { uint8_t nb_segs_in_mbuf; bool data_walkthrough; enum rte_security_tls_version tls_version; + bool pkt_corruption; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; From patchwork Tue Mar 12 17:51:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138234 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0507C43C94; Tue, 12 Mar 2024 18:52:28 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E59BD42DE2; Tue, 12 Mar 2024 18:52:06 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id B95DA42DE0 for ; Tue, 12 Mar 2024 18:52:05 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CEHXbI025319; Tue, 12 Mar 2024 10:52:05 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=+j1sV3MoSjX1gN1AKOAl4qNg9AtpExW86OAVV69gaoM=; b=KKq VaKP4q0OI+IYJYNb/C2P1/UuTjKuT8BC8N5NRXfbF3fpLWJV/IfXwPfTHUXaPcQ7 HHcC91ZGulkH4EQgu5SXVCjffe6Pm7M7p2Cujrpyv2ynOBvk20DQ4tUVMcNjVIPJ o4j/kKQ4rewdg5450PdlRz1Q2EP/5Ie4HTmzrzS/GTQufPX3TsPnUorlhX+zkEdw z2XQvcAaQStIos0tq6/hBe7Z0pwie3t8iGR1ieSHGHatE6UNaMM6tzJ7kF5xaaEU fCgyfIFZTd68O2AhlVUwUphNE0/7C3KMPd97ts9c5vdagOF5zyP59cLsRjA96Ayh B32redA4t/PgOe88XOA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcxfcy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:05 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:04 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:04 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id BFEB93F70BC; Tue, 12 Mar 2024 10:52:01 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 06/21] test/security: unit test for custom content verification Date: Tue, 12 Mar 2024 23:21:28 +0530 Message-ID: <20240312175143.1664699-7-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: JEiLSAsUJypA2xrsXvX8-HoJ1Tyb_-zh X-Proofpoint-GUID: JEiLSAsUJypA2xrsXvX8-HoJ1Tyb_-zh X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit test to verify the TLS header creation with custom content type Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ app/test/test_cryptodev_security_tls_record.c | 3 +++ app/test/test_cryptodev_security_tls_record.h | 9 +++++++++ 3 files changed, 31 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 324ef3c276..5cb878b9ba 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #ifdef RTE_CRYPTO_SCHEDULER @@ -12108,6 +12109,20 @@ test_tls_record_proto_corrupt_pkt(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17232,6 +17247,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "TLS packet header corruption", ut_setup_security, ut_teardown, test_tls_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "Custom content type", + ut_setup_security, ut_teardown, + test_tls_record_proto_custom_content_type), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 93ff7f36fa..9a2af259c9 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -108,6 +108,9 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->input_text.len = data_len; } + if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) + td->app_type = RTE_TLS_TYPE_MAX; + tls_pkt_size = td->input_text.len; if (!td->aead) { diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index bdc3488935..d6c74ce54c 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -42,6 +42,14 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, #define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) +enum tls_record_test_content_type { + TLS_RECORD_TEST_CONTENT_TYPE_APP, + /* For verifying zero packet length */ + TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + /* For verifying handling of custom content types */ + TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, +}; + struct tls_record_test_data { struct { uint8_t data[32]; @@ -89,6 +97,7 @@ struct tls_record_test_flags { bool data_walkthrough; enum rte_security_tls_version tls_version; bool pkt_corruption; + enum tls_record_test_content_type content_type; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; From patchwork Tue Mar 12 17:51:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138242 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 04EA843C94; Tue, 12 Mar 2024 18:53:23 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 432B842DA3; Tue, 12 Mar 2024 18:52:38 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A7EE040ED9 for ; Tue, 12 Mar 2024 18:52:29 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4QDL015018; Tue, 12 Mar 2024 10:52:28 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=C7tafcnTDdBl3qxkkiTjMfI0xGCffz3Xqh4OyKrDWQU=; b=hLa 4a/H1XfMU+Q0zkOMn/mXZxHTevITGMj4/3r1UFFhmO+HQMN/nRwfh/eq37LcLxxs HXK0gRO6Z2DTXgBdKf40CisagM2AVTnG+A+Cs91f1Gq2vQppsw9nD+Ul6YqZcxRA QYrKd5vEfgEuFn7C5gLBTZPkUiy+4osyu0Okiyw7ehIECdkYqtBvEHJulxvFTog2 Lt5c0dWuSiXah1Za1XwUgLr0HIsUfjMWofm57pGi8X3u4sD8NoKx28I9pa1jdLcH l8jEAvbc7j16u7PSkjILhTcgkcYIeDrP4AjxGlxIpTHS/f/l16rmRHxKxSfTORnS //sm1UBxalq1g8kczRg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrg0b-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:28 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:28 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 12 Mar 2024 10:52:06 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:06 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id A2BF53F70A4; Tue, 12 Mar 2024 10:52:04 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 07/21] test/cryptodev: allow zero packet length buffers Date: Tue, 12 Mar 2024 23:21:29 +0530 Message-ID: <20240312175143.1664699-8-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 8qavptEZvOPMcF284iv8pE00-I7BEuw8 X-Proofpoint-GUID: 8qavptEZvOPMcF284iv8pE00-I7BEuw8 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Anoob Joseph The function 'create_segmented_mbuf' is updated to support zero packet length mbufs. This allows testing of zero packet length payload with TLS record processing. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.h | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index e4e99d00c1..7d877ddfe5 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -192,15 +192,8 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, int nb_segs, uint8_t pattern) { struct rte_mbuf *m = NULL, *mbuf = NULL; + int size, t_len, data_len = 0; uint8_t *dst; - int data_len = 0; - int i, size; - int t_len; - - if (pkt_len < 1) { - printf("Packet size must be 1 or more (is %d)\n", pkt_len); - return NULL; - } if (nb_segs < 1) { printf("Number of segments must be 1 or more (is %d)\n", @@ -212,17 +205,17 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, size = pkt_len; /* Create chained mbuf_src and fill it generated data */ - for (i = 0; size > 0; i++) { + do { m = rte_pktmbuf_alloc(mbuf_pool); - if (i == 0) - mbuf = m; - if (m == NULL) { printf("Cannot create segment for source mbuf"); goto fail; } + if (mbuf == NULL) + mbuf = m; + /* Make sure if tailroom is zeroed */ memset(m->buf_addr, pattern, m->buf_len); @@ -239,7 +232,8 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, size -= data_len; - } + } while (size > 0); + return mbuf; fail: From patchwork Tue Mar 12 17:51:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138235 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F1AFC43C94; Tue, 12 Mar 2024 18:52:33 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1AC7642DC9; Tue, 12 Mar 2024 18:52:13 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id F1CCE42DC1 for ; Tue, 12 Mar 2024 18:52:11 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CEHXbK025319; Tue, 12 Mar 2024 10:52:11 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=3jFVXXHkHTh+5mWQkbcRM+TCER51Li/efrchaKl1Ud8=; b=WfB K8m8Oe+wZIULVsMn3G3rj474O1t4i1uy1b7BTmnq0MYRtYRj7hAsUedBgkPj1Abm vqob4Yfr9Rxv3Jcc7mBAyAYFCUGnfsv1vnUTq2OG9BpsxW+HOpoZVoq2B9HeSSLc QtslJbx4yjhQ6UgwBLg9XtY9cg5lJ0HykTnijrMuX0hfZOILgPoETj6h5fk3F2u3 h8b/6N4J9AV5xjxmQSx2dIWXudAW/cy+S4TpQFrw5q9w3oXamHMSTKy2gu6TEsDQ EJ2fy5g9/3Tz+t1QJOQ0MefsRCU39D/C/lcHTBFcGis6dwCX12Jbg5ZA/SAsJyH9 j/e6BgSqLXyHZtRvFWQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcxfd6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:11 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:09 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:09 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 84D4D3F70A1; Tue, 12 Mar 2024 10:52:07 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 08/21] test/security: unit test to verify zero TLS records Date: Tue, 12 Mar 2024 23:21:30 +0530 Message-ID: <20240312175143.1664699-9-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: P-8Iu3aFlzWBGsI61pcbBC2-7tPyPyY4 X-Proofpoint-GUID: P-8Iu3aFlzWBGsI61pcbBC2-7tPyPyY4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the zero len TLS records. Zero len packets are allowed when content type is app data while zero packet length with other content type (such as handshake) would result in an error. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 51 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 5 +- app/test/test_cryptodev_security_tls_record.h | 2 +- 3 files changed, 55 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 5cb878b9ba..fa63b9743f 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11984,6 +11984,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; if (flags->nb_segs_in_mbuf) payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf); + + if (flags->zero_len) + payload_len = 0; again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, td_outb, nb_pkts, payload_len); @@ -11992,8 +11995,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (ret == TEST_FAILED) + if (flags->zero_len && + ((flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) || + (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) || + (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE))) { + if (ret == TEST_SUCCESS) + return TEST_FAILED; + goto skip_decrypt; + } else if (ret == TEST_FAILED) { return TEST_FAILED; + } test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); @@ -12009,6 +12020,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) return TEST_FAILED; } +skip_decrypt: if (flags->data_walkthrough && (++payload_len <= max_payload_len)) goto again; @@ -12123,6 +12135,35 @@ test_tls_record_proto_custom_content_type(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17251,6 +17292,14 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Custom content type", ut_setup_security, ut_teardown, test_tls_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "Zero len TLS record with content type as app", + ut_setup_security, ut_teardown, + test_tls_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "Zero len TLS record with content type as ctrl", + ut_setup_security, ut_teardown, + test_tls_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 9a2af259c9..c5410a4c92 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -103,13 +103,15 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } - if (flags->data_walkthrough) { + if (flags->data_walkthrough || flags->zero_len) { test_sec_proto_pattern_set(td->input_text.data, data_len); td->input_text.len = data_len; } if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) td->app_type = RTE_TLS_TYPE_MAX; + else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) + td->app_type = RTE_TLS_TYPE_HANDSHAKE; tls_pkt_size = td->input_text.len; @@ -232,6 +234,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, memcpy(&res_d->input_text.data, output_text, len); res_d->input_text.len = len; + res_d->output_text.len = td->input_text.len; res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ; if (res_d->aead) { diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index d6c74ce54c..102fbc1e69 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -98,6 +98,7 @@ struct tls_record_test_flags { enum rte_security_tls_version tls_version; bool pkt_corruption; enum tls_record_test_content_type content_type; + bool zero_len; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -140,5 +141,4 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[], int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent); - #endif From patchwork Tue Mar 12 17:51:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138236 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4EBC643C94; Tue, 12 Mar 2024 18:52:42 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BFB4442DE8; Tue, 12 Mar 2024 18:52:21 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id B825C42DDA for ; Tue, 12 Mar 2024 18:52:14 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4O0f014957; Tue, 12 Mar 2024 10:52:14 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=s8GiQ4p4y27w+FGTUrBBbmZDYwNTM+C+VaynNW3yuRQ=; b=h5W mLDSQmLWm3fD8d5xKm+yUUe7wPnUu3e5K5r/CzfKkV+2i1Bl9gtG0HUMlGx16dbN s2zdZNuDRFJ1KptsLS8rgCBojBcEV17af9QefIdtN4W6pa0C7orgkLdZ/ZcfAiqn 0P3px5x/LDx/iPki1tfzSDZ/Bssx2FR2hqrpS5+ZyjL8g3k7y1eCdgpPqUabJFKy vO791mmjKpeAQxzBMCuA+5lETQh0rWF74FzbHfFZ+ehA/JsE6gxJl27E0u8XS4R9 Zq/63ax26SUae8IoHKdQnWa6Y5UIwLgdWzqt4T/NHuSYsqZomPdis3ekAwlDBPGv x0zfdVPw6Ga15oTnN+Q== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrfy9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:13 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:12 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:12 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 7165C3F70A1; Tue, 12 Mar 2024 10:52:10 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 09/21] test/security: add unit tests for DTLS-1.2 Date: Tue, 12 Mar 2024 23:21:31 +0530 Message-ID: <20240312175143.1664699-10-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: gJRJav7Z2_-5iGCebw8K7oJJLkwhAJcV X-Proofpoint-GUID: gJRJav7Z2_-5iGCebw8K7oJJLkwhAJcV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify 1. DTLS record with zero length 2. DTLS record with header corruption 3. DTLS record with content type as custom Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 77 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fa63b9743f..72e7fe3769 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12215,6 +12215,67 @@ test_dtls_1_2_record_proto_sgl_data_walkthrough(void) return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2); } +static int +test_dtls_1_2_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + #endif static int @@ -17409,6 +17470,22 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "Packet corruption", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "Custom content type", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "Zero len DTLS record with content type as app", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "Zero len DTLS record with content type as ctrl", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 17:51:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138237 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4DDC143C94; Tue, 12 Mar 2024 18:52:48 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C285142DF3; Tue, 12 Mar 2024 18:52:22 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 35AEE42DBE for ; Tue, 12 Mar 2024 18:52:18 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CEHUb0025258; Tue, 12 Mar 2024 10:52:17 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=1YEUfgWf67qcR48VJ/CVrTXgLrToefGyfEQi7AukpbA=; b=jjD AWaMsF7ENrjTPSVPQNC8TunBqDTfEzkX0NnBuMgMkwaFKJn8OIAuB+FwZbMpPmSW 6hM45ougvoj4ZMA3rJCSKAvj+Gw12m/J7bUyMELxscRmTM6GXPG1OurMsXQhJKXV YoLAz1HhE60v6XmQGYrujqGXKrUDe8sUaluwCTUuMjG+oBwXQi0dIvyisLNFd/2E o6tB6l0X66Dzw9QuHOrv8C8Uq+vneFnYHHCbW1nm874ZqZc86kp9HQSV6fASDJcU yK7TQJYs/YxbvilN6FS+BbnmBwFAv/Qi0Au086jStjJYbadv/mHhoDHxdqfrH/yi LyeP5OUykXcPnoHso7w== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcxfdw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:17 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:16 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 12 Mar 2024 10:52:15 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:15 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 60F103F70A8; Tue, 12 Mar 2024 10:52:13 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 10/21] test/security: add TLS/DTLS 1.2 AES-256-SHA384 vectors Date: Tue, 12 Mar 2024 23:21:32 +0530 Message-ID: <20240312175143.1664699-11-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: yOUiw-6T5sLAxxhmhmVSMUgDd9aBMFtS X-Proofpoint-GUID: yOUiw-6T5sLAxxhmhmVSMUgDd9aBMFtS X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added vectors for TLS 1.2 and DTLS 1.2 using algos AES-256-CBC and HMAC-SHA384 Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 19 ++ app/test/test_cryptodev_security_tls_record.h | 2 + ...yptodev_security_tls_record_test_vectors.h | 200 ++++++++++++++++++ 3 files changed, 221 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 72e7fe3769..95f2377d4d 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17273,6 +17273,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Write record known vector AES-256-CBC-SHA256", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Write record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17316,6 +17320,11 @@ static struct unit_test_suite tls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &tls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17397,6 +17406,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Write record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17439,6 +17453,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 102fbc1e69..b43d8a16f2 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -110,6 +110,7 @@ extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac; extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac; extern struct tls_record_test_data tls_test_data_chacha20_poly1305; @@ -118,6 +119,7 @@ extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index f10f28bb96..27b07cd54a 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -1129,6 +1129,107 @@ struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac = { .app_type = 0x17, }; +struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac = { + .key = { + .data = { + 0x1d, 0xe5, 0x19, 0x18, 0x57, 0xa0, 0xee, 0x79, + 0x84, 0x61, 0x92, 0x9d, 0x3d, 0xce, 0x42, 0x92, + 0x4a, 0x98, 0x23, 0x3b, 0xf8, 0xec, 0x29, 0x47, + 0xb3, 0xae, 0x1f, 0x22, 0xd2, 0x8d, 0xbe, 0x2c, + }, + }, + .auth_key = { + .data = { + 0xf8, 0xbd, 0x28, 0xf9, 0x4a, 0xde, 0x1d, 0xde, + 0x8c, 0xf5, 0xe9, 0x49, 0x34, 0x2a, 0x1a, 0xd0, + 0x0d, 0xe3, 0x64, 0xb2, 0x54, 0xd6, 0xd6, 0x40, + 0x90, 0x5d, 0x16, 0xc1, 0xf2, 0x77, 0x14, 0x90, + 0xe6, 0xfa, 0xbc, 0x9d, 0xe2, 0x72, 0x12, 0xec, + 0xb6, 0x05, 0xec, 0xdd, 0x1d, 0x23, 0xb3, 0x8e, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x33, 0x38, 0x34, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x0a, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x80, + 0x63, 0xe2, 0x70, 0xce, 0x45, 0x93, 0x18, 0xa3, + 0xa6, 0xd6, 0xf5, 0x50, 0x9f, 0x07, 0x9d, 0xab, + 0x88, 0x41, 0xee, 0x5b, 0x32, 0x1e, 0x85, 0xaf, + 0x33, 0x7b, 0x59, 0x8a, 0xe9, 0x41, 0x11, 0x6a, + 0xbb, 0x7d, 0x16, 0x6c, 0xbb, 0x66, 0x5e, 0xf5, + 0xfb, 0x5f, 0x03, 0xf9, 0x75, 0x7d, 0xb9, 0xff, + 0x70, 0xc3, 0x4a, 0x19, 0xe5, 0x25, 0xa0, 0x5d, + 0xad, 0x45, 0xef, 0xce, 0xd8, 0x2a, 0xde, 0xf0, + 0x0c, 0xca, 0x1c, 0x6b, 0x5a, 0x31, 0x8f, 0x49, + 0xff, 0x7d, 0xf3, 0x71, 0x15, 0x06, 0x07, 0x9d, + 0x6a, 0x5f, 0x5c, 0xd8, 0x2a, 0xa5, 0x0e, 0x61, + 0xde, 0x18, 0x6b, 0x7d, 0xc8, 0x74, 0x58, 0x18, + 0xf1, 0xac, 0xde, 0xb9, 0x6d, 0x8a, 0x44, 0xad, + 0x10, 0xf8, 0x63, 0x15, 0xcf, 0x25, 0x2f, 0x82, + 0x2f, 0xda, 0x74, 0x45, 0x02, 0xda, 0x61, 0x3c, + 0x2f, 0xf9, 0xa5, 0x92, 0x2a, 0x7c, 0x5e, 0x5d, + }, + .len = 141, + }, + .iv = { + .data = { + 0x63, 0xe2, 0x70, 0xce, 0x45, 0x93, 0x18, 0xa3, + 0xa6, 0xd6, 0xf5, 0x50, 0x9f, 0x07, 0x9d, 0xab, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key.length = 48, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 48, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac = { .key = { .data = { @@ -1494,6 +1595,105 @@ struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac = { .app_type = 0x17, }; +struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac = { + .key = { + .data = { + 0x48, 0x70, 0xc7, 0x93, 0x77, 0xe3, 0x4c, 0x8c, + 0x27, 0x00, 0x64, 0x06, 0x3e, 0xc6, 0x47, 0x64, + 0xcc, 0xee, 0xa4, 0x9a, 0x1a, 0xe7, 0x3a, 0xc6, + 0xef, 0xe5, 0xe6, 0x2c, 0x15, 0xe3, 0xac, 0x16, + }, + }, + .auth_key = { + .data = { + 0x23, 0x95, 0x84, 0x30, 0xaf, 0x2b, 0x07, 0xfe, + 0x12, 0x83, 0x87, 0x28, 0x2b, 0x38, 0xb9, 0x02, + 0xc0, 0x27, 0x59, 0x3e, 0xa7, 0xbd, 0xce, 0xcb, + 0xe1, 0x8a, 0xe9, 0x43, 0x5d, 0xed, 0xb4, 0xf2, + 0x11, 0x4d, 0x19, 0xbb, 0x0f, 0x1b, 0x76, 0x86, + 0xfb, 0xb5, 0xda, 0xfd, 0x38, 0xfe, 0x7d, 0x02, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, + 0x20, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x33, 0x38, 0x34, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x0a, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x80, + 0xc4, 0x90, 0xd7, 0x74, 0x5e, 0x26, 0xc8, 0x43, + 0x12, 0x45, 0x48, 0xc1, 0x0f, 0xb1, 0x18, 0xd8, + 0x1e, 0x5b, 0x1e, 0x50, 0x3e, 0x19, 0x25, 0x41, + 0x35, 0xc7, 0x7c, 0x14, 0x99, 0x7b, 0x97, 0x80, + 0x60, 0x9d, 0xf8, 0xf1, 0xac, 0x43, 0x7b, 0x5c, + 0xb6, 0xe2, 0xc4, 0x8f, 0x3f, 0xd7, 0x1b, 0xd4, + 0x61, 0x90, 0x40, 0xe3, 0xd5, 0x60, 0xac, 0xee, + 0x62, 0x53, 0x1f, 0x1f, 0x75, 0xf6, 0x2c, 0xda, + 0x1a, 0xed, 0x4a, 0x6a, 0x11, 0xeb, 0x9b, 0x1c, + 0x39, 0x0d, 0x6e, 0x8a, 0xf8, 0x3d, 0x45, 0x08, + 0x3e, 0x24, 0x17, 0x3e, 0xcf, 0x74, 0xcf, 0x6a, + 0xcb, 0x37, 0xdf, 0x25, 0xc6, 0xa5, 0xe4, 0x1e, + 0x53, 0x28, 0x71, 0xcf, 0xac, 0x1e, 0xad, 0x77, + 0x8c, 0xfc, 0x80, 0x19, 0x9c, 0xcc, 0x00, 0x60, + 0xc6, 0x82, 0xa0, 0xb8, 0x5e, 0x42, 0xd1, 0xff, + 0x14, 0x0a, 0x92, 0x5c, 0xde, 0x8a, 0x15, 0x7a, + }, + .len = 133, + }, + .iv = { + .data = { + 0xc4, 0x90, 0xd7, 0x74, 0x5e, 0x26, 0xc8, 0x43, + 0x12, 0x45, 0x48, 0xc1, 0x0f, 0xb1, 0x18, 0xd8, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key.length = 48, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 48, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { .key = { .data = { From patchwork Tue Mar 12 17:51:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138238 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F393F43C94; Tue, 12 Mar 2024 18:52:54 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id ED8C742DF8; Tue, 12 Mar 2024 18:52:23 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id DF53540E40 for ; Tue, 12 Mar 2024 18:52:20 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4QDJ015018; Tue, 12 Mar 2024 10:52:20 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=ZgkxXT9uypROSFWirHYRBg4K9JbhSwlz4UOBXRYiHYk=; b=Xwg 1EeaFuxMk6FNqyVD9qAl8qQgwcVRwU/uPE9PMjKmRJIgrNwnINFCaEsFoLCpCsTg E7S7gvJI9jd6a4OxNB/lqMbyi60BYV4G4RXOSJb1lR0FbFWLQigXGGEPzByLbuzd /2VVKRCOGg1fzizIyHaRBG6T+kAMkw4+Xu6B84RI6G2qOAHLGIvPKxqduoAZUmNq bKwgyIL3yLOubDFWBRNiNFY5ldjq3YZjGpP558aPkMSYRyDKh/ZI3NM+iz6uTssP nHgr/jIL//ZXRkNceUBeuoZn+GEYD+Antew5G+iLmskAbb9ncHlmggLd0sDErNxH 9JxcnBmviLfskKT33vw== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrfyq-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:19 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:19 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 12 Mar 2024 10:52:18 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:18 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 50A9A3F70C5; Tue, 12 Mar 2024 10:52:16 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 11/21] test/security: add DTLS 1.2 anti-replay tests Date: Tue, 12 Mar 2024 23:21:33 +0530 Message-ID: <20240312175143.1664699-12-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: Gvljm657fr7xjgC878dldGHfKOFuHK5N X-Proofpoint-GUID: Gvljm657fr7xjgC878dldGHfKOFuHK5N X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add anti-replay test for DTLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 115 ++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 132 ++++++++++-------- app/test/test_cryptodev_security_tls_record.h | 11 +- 3 files changed, 188 insertions(+), 70 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 95f2377d4d..904bad39d3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11827,6 +11827,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD, }; + if ((tls_record_xform.ver == RTE_SECURITY_VERSION_DTLS_1_2) && + (sess_type == RTE_SECURITY_TLS_SESS_TYPE_READ)) + sess_conf.tls_record.dtls_1_2.ar_win_sz = flags->ar_win_size; + if (td[0].aead) test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); @@ -11851,6 +11855,17 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], return TEST_SKIPPED; for (i = 0; i < nb_td; i++) { + if (flags->ar_win_size && + (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE)) { + sess_conf.tls_record.dtls_1_2.seq_no = + td[i].tls_record_xform.dtls_1_2.seq_no; + ret = rte_security_session_update(ctx, ut_params->sec_session, &sess_conf); + if (ret) { + printf("Could not update sequence number in session\n"); + return TEST_SKIPPED; + } + } + /* Setup source mbuf payload */ ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, nb_segs, 0); @@ -11890,17 +11905,19 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); - ret = test_tls_record_status_check(ut_params->op); + ret = test_tls_record_status_check(ut_params->op, &td[i]); if (ret != TEST_SUCCESS) goto crypto_op_free; if (res_d != NULL) res_d_tmp = &res_d[i]; - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, silent); - if (ret != TEST_SUCCESS) - goto crypto_op_free; - + if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { + ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, + silent); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + } rte_crypto_op_free(ut_params->op); ut_params->op = NULL; @@ -12190,6 +12207,90 @@ test_dtls_1_2_record_proto_display_list(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_pkt_replay(const uint64_t seq_no[], + bool replayed_pkt[], uint32_t nb_pkts, + struct tls_record_test_flags *flags) +{ + struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; + struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; + unsigned int i, idx, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, + td_outb, nb_pkts, 0); + + for (idx = 0; idx < nb_pkts; idx++) + td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx]; + + ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); + + for (idx = 0; idx < nb_pkts; idx++) { + td_inb[idx].tls_record_xform.dtls_1_2.ar_win_sz = flags->ar_win_size; + /* Set antireplay flag for packets to be dropped */ + td_inb[idx].ar_packet = replayed_pkt[idx]; + } + + ret = test_tls_record_proto_process(td_inb, NULL, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_dtls_1_2_record_proto_antireplay(void) +{ + struct tls_record_test_flags flags; + uint64_t winsz = 64, seq_no[5]; + uint32_t nb_pkts = 5; + bool replayed_pkt[5]; + + memset(&flags, 0, sizeof(flags)); + + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + flags.ar_win_size = winsz; + + /* 1. Advance the TOP of the window to WS * 2 */ + seq_no[0] = winsz * 2; + /* 2. Test sequence number within the new window(WS + 1) */ + seq_no[1] = winsz + 1; + /* 3. Test sequence number less than the window BOTTOM */ + seq_no[2] = winsz; + /* 4. Test sequence number in the middle of the window */ + seq_no[3] = winsz + (winsz / 2); + /* 5. Test replay of the packet in the middle of the window */ + seq_no[4] = winsz + (winsz / 2); + + replayed_pkt[0] = false; + replayed_pkt[1] = false; + replayed_pkt[2] = true; + replayed_pkt[3] = false; + replayed_pkt[4] = true; + + return test_dtls_pkt_replay(seq_no, replayed_pkt, nb_pkts, &flags); +} + static int test_dtls_1_2_record_proto_sgl(void) { @@ -17505,6 +17606,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Zero len DTLS record with content type as ctrl", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_zero_len_non_app), + TEST_CASE_NAMED_ST( + "Antireplay with window size 64", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index c5410a4c92..907e043ddd 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -12,10 +12,21 @@ #include "test_security_proto.h" int -test_tls_record_status_check(struct rte_crypto_op *op) +test_tls_record_status_check(struct rte_crypto_op *op, + const struct tls_record_test_data *td) { int ret = TEST_SUCCESS; + if ((td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_READ) && + td->ar_packet) { + if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { + printf("Anti replay test case failed\n"); + return TEST_FAILED; + } else { + return TEST_SUCCESS; + } + } + if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) ret = TEST_FAILED; @@ -101,81 +112,80 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->xform.chain.auth.auth.key.length = param2->key_length; td->xform.chain.auth.auth.digest_length = param2->digest_length; } - } - - if (flags->data_walkthrough || flags->zero_len) { - test_sec_proto_pattern_set(td->input_text.data, data_len); - td->input_text.len = data_len; - } - - if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) - td->app_type = RTE_TLS_TYPE_MAX; - else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) - td->app_type = RTE_TLS_TYPE_HANDSHAKE; - tls_pkt_size = td->input_text.len; + if (flags->data_walkthrough || flags->zero_len) { + test_sec_proto_pattern_set(td->input_text.data, data_len); + td->input_text.len = data_len; + } - if (!td->aead) { - mac_len = td->xform.chain.auth.auth.digest_length; - switch (td->xform.chain.cipher.cipher.algo) { - case RTE_CRYPTO_CIPHER_3DES_CBC: - roundup_len = 8; + if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) + td->app_type = RTE_TLS_TYPE_MAX; + else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) + td->app_type = RTE_TLS_TYPE_HANDSHAKE; + + tls_pkt_size = td->input_text.len; + + if (!td->aead) { + mac_len = td->xform.chain.auth.auth.digest_length; + switch (td->xform.chain.cipher.cipher.algo) { + case RTE_CRYPTO_CIPHER_3DES_CBC: + roundup_len = 8; + exp_nonce_len = 8; + break; + case RTE_CRYPTO_CIPHER_AES_CBC: + roundup_len = 16; + exp_nonce_len = 16; + break; + default: + roundup_len = 0; + exp_nonce_len = 0; + break; + } + } else { + mac_len = td->xform.aead.aead.digest_length; + roundup_len = 0; exp_nonce_len = 8; + } + + switch (td->tls_record_xform.ver) { + case RTE_SECURITY_VERSION_TLS_1_2: + case RTE_SECURITY_VERSION_TLS_1_3: + hdr_len = sizeof(struct rte_tls_hdr); + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; - case RTE_CRYPTO_CIPHER_AES_CBC: - roundup_len = 16; - exp_nonce_len = 16; + case RTE_SECURITY_VERSION_DTLS_1_2: + hdr_len = sizeof(struct rte_dtls_hdr); + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; default: - roundup_len = 0; - exp_nonce_len = 0; + hdr_len = 0; + min_padding = 0; break; } - } else { - mac_len = td->xform.aead.aead.digest_length; - roundup_len = 0; - exp_nonce_len = 8; - } - - switch (td->tls_record_xform.ver) { - case RTE_SECURITY_VERSION_TLS_1_2: - case RTE_SECURITY_VERSION_TLS_1_3: - hdr_len = sizeof(struct rte_tls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; - break; - case RTE_SECURITY_VERSION_DTLS_1_2: - hdr_len = sizeof(struct rte_dtls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; - break; - default: - hdr_len = 0; - min_padding = 0; - break; - } - tls_pkt_size += mac_len; + tls_pkt_size += mac_len; - /* Padding */ - tls_pkt_size += min_padding; + /* Padding */ + tls_pkt_size += min_padding; - if (roundup_len) - tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + if (roundup_len) + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); - /* Explicit nonce */ - tls_pkt_size += exp_nonce_len; + /* Explicit nonce */ + tls_pkt_size += exp_nonce_len; - /* Add TLS header */ - tls_pkt_size += hdr_len; + /* Add TLS header */ + tls_pkt_size += hdr_len; - td->output_text.len = tls_pkt_size; + td->output_text.len = tls_pkt_size; - RTE_SET_USED(flags); + } } void diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index b43d8a16f2..f69f95824b 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -89,16 +89,18 @@ struct tls_record_test_data { struct rte_security_tls_record_xform tls_record_xform; uint8_t app_type; bool aead; + bool ar_packet; }; struct tls_record_test_flags { bool display_alg; - uint8_t nb_segs_in_mbuf; bool data_walkthrough; - enum rte_security_tls_version tls_version; bool pkt_corruption; - enum tls_record_test_content_type content_type; bool zero_len; + uint8_t nb_segs_in_mbuf; + enum rte_security_tls_version tls_version; + enum tls_record_test_content_type content_type; + int ar_win_size; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -123,7 +125,8 @@ extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; -int test_tls_record_status_check(struct rte_crypto_op *op); +int test_tls_record_status_check(struct rte_crypto_op *op, + const struct tls_record_test_data *td); int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform, const struct rte_security_capability *sec_cap, bool silent); From patchwork Tue Mar 12 17:51:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138239 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6B05E43C94; Tue, 12 Mar 2024 18:53:03 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8CAC742DC4; Tue, 12 Mar 2024 18:52:25 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id BEC2942DEC for ; Tue, 12 Mar 2024 18:52:23 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4RaU015042; Tue, 12 Mar 2024 10:52:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=hUtqU/yXA2GB0/nLUN23+hf9RM9VWcLiYWBADHi37hE=; b=CsE ddB4rWObf6ADVhghwZd0LAB4GHHSz413Kur1QYA1zKtN8UuVebgC5oiDaEUbxmTH Mhvd5J0UKm5ojH7r8VDBFqk45sArSnW1zVTDIYTo61OHEUEQRbxt/BtoiYQgsEdc m6KAnNtCNKFT1+ZNp4I2WpSseiqGKHSG+/xCVYElicpZRHSXPO+jzahohWzhjjqw WGyl/WgVj4hwdL+yRbziGTXKl3NMU0sEzjQ3TqB3CvfJUbGAqxCbnJBmKSKrsImy 6EJYZbVFbfENMagD6z/QrfK5wkXvDGQDLKCExtBgE0SVS52eM1LbwVTKTz9SyoDf 5FgzSAEUBwyYWhWHFnQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrfyu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:22 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:21 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 3AF793F70A1; Tue, 12 Mar 2024 10:52:18 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 12/21] test/security: add more DTLS anti-replay window sz Date: Tue, 12 Mar 2024 23:21:34 +0530 Message-ID: <20240312175143.1664699-13-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: inNSUaLP76VJXqJWJ6NWGTCZIngUz88s X-Proofpoint-GUID: inNSUaLP76VJXqJWJ6NWGTCZIngUz88s X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add anti-replay tests for window sizes 128, 256, 512, 1024, 2048 and 4096 window sizes in DTLS 1.2 suite. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 72 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 904bad39d3..72d91d23a2 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12259,12 +12259,12 @@ test_dtls_pkt_replay(const uint64_t seq_no[], } static int -test_dtls_1_2_record_proto_antireplay(void) +test_dtls_1_2_record_proto_antireplay(uint64_t winsz) { struct tls_record_test_flags flags; - uint64_t winsz = 64, seq_no[5]; uint32_t nb_pkts = 5; bool replayed_pkt[5]; + uint64_t seq_no[5]; memset(&flags, 0, sizeof(flags)); @@ -12291,6 +12291,48 @@ test_dtls_1_2_record_proto_antireplay(void) return test_dtls_pkt_replay(seq_no, replayed_pkt, nb_pkts, &flags); } +static int +test_dtls_1_2_record_proto_antireplay64(void) +{ + return test_dtls_1_2_record_proto_antireplay(64); +} + +static int +test_dtls_1_2_record_proto_antireplay128(void) +{ + return test_dtls_1_2_record_proto_antireplay(128); +} + +static int +test_dtls_1_2_record_proto_antireplay256(void) +{ + return test_dtls_1_2_record_proto_antireplay(256); +} + +static int +test_dtls_1_2_record_proto_antireplay512(void) +{ + return test_dtls_1_2_record_proto_antireplay(512); +} + +static int +test_dtls_1_2_record_proto_antireplay1024(void) +{ + return test_dtls_1_2_record_proto_antireplay(1024); +} + +static int +test_dtls_1_2_record_proto_antireplay2048(void) +{ + return test_dtls_1_2_record_proto_antireplay(2048); +} + +static int +test_dtls_1_2_record_proto_antireplay4096(void) +{ + return test_dtls_1_2_record_proto_antireplay(4096); +} + static int test_dtls_1_2_record_proto_sgl(void) { @@ -17609,7 +17651,31 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Antireplay with window size 64", ut_setup_security, ut_teardown, - test_dtls_1_2_record_proto_antireplay), + test_dtls_1_2_record_proto_antireplay64), + TEST_CASE_NAMED_ST( + "Antireplay with window size 128", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay128), + TEST_CASE_NAMED_ST( + "Antireplay with window size 256", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay256), + TEST_CASE_NAMED_ST( + "Antireplay with window size 512", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay512), + TEST_CASE_NAMED_ST( + "Antireplay with window size 1024", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay1024), + TEST_CASE_NAMED_ST( + "Antireplay with window size 2048", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay2048), + TEST_CASE_NAMED_ST( + "Antireplay with window size 4096", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay4096), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 17:51:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138240 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7E34243C94; Tue, 12 Mar 2024 18:53:10 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 97ED242DFC; Tue, 12 Mar 2024 18:52:28 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 7DD3F42E05 for ; Tue, 12 Mar 2024 18:52:26 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CEHVlr025266; Tue, 12 Mar 2024 10:52:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=JELIBNpBgLbLJhtjtZIM3O4o2Fg6QQT4MSVLZdo96LQ=; b=CzS U19Xi7rb+gPm0BXcs/EYoVNy7Hqu0B+i3GOWk+8noq88pkPTc6Cm6i34cXE+NzHW qCxqT/JR8dSjXeMrHwJGMIq2jWBOgOZSn+FJ80LUl8/wReRfS9g8JbLxtNLm7B+o uJufCKwMjX8x+cJtGvL20otEWE3oPJD34MfzCAiO4s92oqZMegb0ji1e2sNSF9Zf 7nWrr/fOXewpfGIv6VkdtsESmWKudGYdUmzeetnUSrQnHkipqFkO3WMyaqg/wY0d yMgF4jkkhgtqZ/AIoXt4VsWCIGYEYHf3/bA+NzAg9tIZZYc1r14ro8DXrbYcBzcS DfSfjMqb+RxFNDX6Zbg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcxfet-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:25 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:24 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 12 Mar 2024 10:52:24 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:24 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 15F703F7065; Tue, 12 Mar 2024 10:52:21 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 13/21] test/crypto: update verification of header Date: Tue, 12 Mar 2024 23:21:35 +0530 Message-ID: <20240312175143.1664699-14-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: yOer3Gt2QVTMTEmpHs0wT4Hd6mRyxGnR X-Proofpoint-GUID: yOer3Gt2QVTMTEmpHs0wT4Hd6mRyxGnR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri In TLS 1.3, the version in the header would be TLS 1.2 and the content type would be APP irrespective of the type of the payload. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev_security_tls_record.c | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 907e043ddd..498c4923e0 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -275,9 +275,9 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp hdr_len = sizeof(struct rte_tls_hdr); } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text; - if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_3) { + if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) { printf("Incorrect header version [expected - %4x, received - %4x]\n", - RTE_TLS_VERSION_1_3, rte_be_to_cpu_16(hdr->version)); + RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version)); return TEST_FAILED; } content_type = hdr->type; @@ -297,10 +297,18 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp return TEST_FAILED; } - if (content_type != td->app_type) { - printf("Incorrect content type in packet [expected - %d, received - %d]\n", - td->app_type, content_type); - return TEST_FAILED; + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { + if (content_type != RTE_TLS_TYPE_APPDATA) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } + } else { + if (content_type != td->app_type) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } } if (length != td->output_text.len - hdr_len) { From patchwork Tue Mar 12 17:51:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138241 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0936A43C94; Tue, 12 Mar 2024 18:53:17 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id EBE4A42DE9; Tue, 12 Mar 2024 18:52:30 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 2048F42E06 for ; Tue, 12 Mar 2024 18:52:28 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4QDK015018; Tue, 12 Mar 2024 10:52:28 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=UU4HNZCbWKjumwD43eySXoWd6WVBgsirLxi4eDUx50o=; b=apQ XkLWlzupQM2M/iKgUIr4FY4gv1Pvr+RPyQWQ5bNHdgzH3iTZenwDqdQ03y9iKCVR AMb4z5tHkyy28rI/rxL0jSpGqe9paJVvvxcyyv3mswxVxXjbpTeeEv/y6e0YygiL WO6Lwlqj3DfmRbcOe/k+cvRYzqONiEbkaZ8V4m4OCnNzzR/kGFQqq3xpyx4za+BX 1or5dGgtT5LBualBfxd++SB0wkaszf3QBSCbrX2NxntWabe/z0TUpWuTY1lQ5rlc t0cGGiSnredoG+B5k7nLiDg+JaFR7y3m2s9A2pfRU23Oe8gvpyhgWmeYgUh2vDp+ 3mPM2exNSM+Famdr/KQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrg0b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:28 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:27 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:27 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id EE34F3F70A8; Tue, 12 Mar 2024 10:52:24 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 14/21] test/crypto: add TLS 1.3 vectors Date: Tue, 12 Mar 2024 23:21:36 +0530 Message-ID: <20240312175143.1664699-15-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: Zcxi67u0uGiCGCA8urcFKJkGtnrG4PVV X-Proofpoint-GUID: Zcxi67u0uGiCGCA8urcFKJkGtnrG4PVV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added vectors and test suite for TLS 1.3 AES-128-GCM, AES-256-GCM and CHACHA20-POLY1305 vectors. The vectors are generated using gnuTLS client server application. Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 35 +++ app/test/test_cryptodev_security_tls_record.h | 3 + ...yptodev_security_tls_record_test_vectors.h | 205 ++++++++++++++++++ 3 files changed, 243 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 72d91d23a2..aa9fffe50e 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17680,6 +17680,40 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { } }; +static struct unit_test_suite tls13_record_proto_testsuite = { + .suite_name = "TLS 1.3 Record Protocol Unit Test Suite", + .setup = tls_record_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_chacha20_poly1305), + + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_chacha20_poly1305), + + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + #define ADD_UPLINK_TESTCASE(data) \ TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security, \ ut_teardown, test_docsis_proto_uplink, (const void *) &data), \ @@ -18699,6 +18733,7 @@ run_cryptodev_testsuite(const char *pmd_name) &docsis_proto_testsuite, &tls12_record_proto_testsuite, &dtls12_record_proto_testsuite, + &tls13_record_proto_testsuite, #endif &end_testsuite }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index f69f95824b..3d714b3574 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -124,6 +124,9 @@ extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; +extern struct tls_record_test_data tls13_test_data_aes_128_gcm; +extern struct tls_record_test_data tls13_test_data_aes_256_gcm; +extern struct tls_record_test_data tls13_test_data_chacha20_poly1305; int test_tls_record_status_check(struct rte_crypto_op *op, const struct tls_record_test_data *td); diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index 27b07cd54a..8af17b07e5 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -1781,4 +1781,209 @@ struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { .app_type = 0x17, }; +/* TLS 1.3 AES-128-GCM */ +struct tls_record_test_data tls13_test_data_aes_128_gcm = { + .key = { + .data = { + 0x03, 0x12, 0xf5, 0x86, 0xe4, 0xd0, 0x27, 0xc7, + 0x47, 0x82, 0x44, 0xca, 0xd3, 0xce, 0x06, 0x6c, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 43, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0x52, 0xb5, 0x24, 0xce, 0x5c, 0x29, 0x0f, 0x0a, + 0x3a, 0xc0, 0x60, 0xaf, 0xba, 0xe3, 0x0d, 0x28, + 0x6c, 0xbb, 0x3e, 0x5f, 0xde, 0x4a, 0xcd, 0xf1, + 0x30, 0x12, 0xa9, 0x42, 0x95, 0x55, 0xf5, 0x2c, + 0xb7, 0xb6, 0x60, 0x82, 0xa2, 0x1d, 0x34, 0x33, + 0x0a, 0xd7, 0x48, 0x40, 0xef, 0xab, 0x70, 0xa7, + 0xb2, 0x58, 0x41, 0xdb, 0xf6, 0x37, 0xe4, 0x6d, + 0xa3, 0x1e, 0xbf, 0x6f, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0x8d, 0x1f, 0xa0, 0x14, 0xc7, 0x66, 0x9f, 0x93, + 0x74, 0x3f, 0x46, 0x52, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + +/* TLS 1.3 AES-256-GCM */ +struct tls_record_test_data tls13_test_data_aes_256_gcm = { + .key = { + .data = { + 0xc9, 0xc2, 0xa2, 0x4c, 0x4e, 0x36, 0x19, 0x6e, + 0xd8, 0xf5, 0xb9, 0x14, 0x30, 0xfc, 0xe0, 0xef, + 0x29, 0xb0, 0x00, 0xd1, 0x2d, 0xfc, 0x5a, 0x76, + 0x50, 0xf4, 0xf3, 0xb1, 0x82, 0x21, 0x57, 0x82, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 43, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0xc9, 0xb0, 0x44, 0x23, 0xd5, 0xe2, 0xbd, 0x1d, + 0xf1, 0x96, 0x53, 0x2c, 0x8c, 0xe2, 0xa3, 0x00, + 0x7b, 0x2a, 0xb1, 0xa1, 0xd6, 0x79, 0x58, 0xb5, + 0x35, 0x1f, 0xbb, 0x98, 0x03, 0xe1, 0x82, 0xa2, + 0x1e, 0x26, 0x81, 0xbe, 0x77, 0x65, 0xaf, 0x7d, + 0x9f, 0x52, 0xec, 0x3a, 0x18, 0x2d, 0x36, 0xab, + 0xdc, 0xa9, 0xfb, 0xd3, 0xa8, 0xd5, 0xbc, 0x98, + 0xa4, 0xab, 0x70, 0xe9, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0xd4, 0x78, 0xf2, 0x90, 0x61, 0x5d, 0x8c, 0x63, + 0x4b, 0xf4, 0x72, 0xf3, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + +struct tls_record_test_data tls13_test_data_chacha20_poly1305 = { + .key = { + .data = { + 0xec, 0x7d, 0x7a, 0x3f, 0x91, 0xdd, 0xb9, 0x70, + 0x95, 0x3b, 0x99, 0xb0, 0xe7, 0x66, 0xda, 0xdc, + 0x85, 0xbb, 0xfc, 0xc8, 0x50, 0xe9, 0x61, 0x88, + 0xc8, 0x1e, 0xf0, 0x61, 0xb0, 0xcd, 0x6c, 0x3d, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, + 0x2d, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, + 0x35, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 49, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x42, + 0x9a, 0xc1, 0xd9, 0x0e, 0xf9, 0x4c, 0x51, 0x8c, + 0xb4, 0xa7, 0x54, 0x57, 0x56, 0xba, 0xbb, 0xf7, + 0xd7, 0x1d, 0x49, 0x5a, 0x42, 0xd2, 0xab, 0x75, + 0x3f, 0xb1, 0x5f, 0xb5, 0x2b, 0x2b, 0xa3, 0xc5, + 0x61, 0x32, 0x7e, 0x62, 0x1e, 0xf5, 0x56, 0xff, + 0x84, 0x8e, 0x9a, 0x99, 0x06, 0xba, 0x3b, 0xc0, + 0x15, 0x4c, 0xf5, 0xb1, 0x5e, 0xcc, 0xff, 0x42, + 0x79, 0x4b, 0xa9, 0x23, 0x16, 0x08, 0xc3, 0x9a, + 0x52, 0x2a, + }, + .len = 71, + }, + .imp_nonce = { + .data = { + 0x3c, 0x28, 0xa0, 0xb8, 0xf8, 0x74, 0x35, 0xfe, + 0xd2, 0xa0, 0x31, 0x28, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + #endif From patchwork Tue Mar 12 17:51:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138243 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 318CA43C94; Tue, 12 Mar 2024 18:53:29 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 669F042E0D; Tue, 12 Mar 2024 18:52:39 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id C327E42E08 for ; Tue, 12 Mar 2024 18:52:31 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CEHpJ0025557; Tue, 12 Mar 2024 10:52:31 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=g1lLTcgsKTBxg/EEDq1aDh6JgnafyEYAPwEZRZ9dcz0=; b=QC+ 1NVP7ayLghM4p5oregD5vEv2BpZxMSlnTQ3i9NSv0YTXc8QC4sglECAGar+Kx7fC CvqJ0tepx17fA2MSOB1o+LfZzWFEjx13dKPVmus3KESpeFGZIxFsrF3TXcL1UAQg sfE3qquBDKm8E6sGud570o2VRYQWYUWxu0AXJ5RWdLXcXIgcpOn0BE8cjM045GBP Bir29H7/IfAEK4VlE/XAVBS3+6idgERMBUq129oVi4GcvsONZ1Rp01RTEFfG3YOc /j4T3/FRX1Y12gdfPLZH5nNZXWER9SvoLttX/4ZGtk8bNCW9kSH9UoWR2Afx09t4 QK3Ta2+MYTsfLcAnV0A== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcxffb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:31 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:30 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:30 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id D6BBD3F70A1; Tue, 12 Mar 2024 10:52:27 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 15/21] test/crypto: update framework to verify tls-1.3 Date: Tue, 12 Mar 2024 23:21:37 +0530 Message-ID: <20240312175143.1664699-16-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: QFxQTtBMhZ8SRFwTNGZDPNYs952qBarx X-Proofpoint-GUID: QFxQTtBMhZ8SRFwTNGZDPNYs952qBarx X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Update the fields in preparation of test descriptor. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 17 +++++--- app/test/test_cryptodev_security_tls_record.c | 43 ++++++++++++------- app/test/test_cryptodev_security_tls_record.h | 10 ++--- 3 files changed, 43 insertions(+), 27 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index aa9fffe50e..25777c1b1f 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11889,8 +11889,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->op->param1.tls_record.content_type = td[i].app_type; /* Copy IV in crypto operation when IV generation is disabled */ - if (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE && - tls_record_xform.options.iv_gen_disable == 1) { + if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) && + (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) && + (tls_record_xform.options.iv_gen_disable == 1)) { uint8_t *iv; int len; @@ -12005,8 +12006,10 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (flags->zero_len) payload_len = 0; again: - test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts, payload_len); + ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, + flags, td_outb, nb_pkts, payload_len); + if (ret == TEST_SKIPPED) + continue; ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) @@ -12218,8 +12221,10 @@ test_dtls_pkt_replay(const uint64_t seq_no[], int ret; for (i = 0; i < RTE_DIM(sec_alg_list); i++) { - test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts, 0); + ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, + flags, td_outb, nb_pkts, 0); + if (ret == TEST_SKIPPED) + continue; for (idx = 0; idx < nb_pkts; idx++) td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx]; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 498c4923e0..96d0a94731 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -70,7 +70,7 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, } } -void +int test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, struct tls_record_test_data *td_array, @@ -79,6 +79,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; + if ((flags->tls_version == RTE_SECURITY_VERSION_TLS_1_3) && + (param1->type != RTE_CRYPTO_SYM_XFORM_AEAD)) + return TEST_SKIPPED; + memset(td_array, 0, nb_td * sizeof(*td)); for (i = 0; i < nb_td; i++) { @@ -88,10 +92,17 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) - memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); - else + switch (flags->tls_version) { + case RTE_SECURITY_VERSION_TLS_1_2: memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); + break; + case RTE_SECURITY_VERSION_TLS_1_3: + memcpy(td, &tls13_test_data_aes_128_gcm, sizeof(*td)); + break; + } td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; @@ -127,6 +138,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (!td->aead) { mac_len = td->xform.chain.auth.auth.digest_length; + min_padding = 1; switch (td->xform.chain.cipher.cipher.algo) { case RTE_CRYPTO_CIPHER_3DES_CBC: roundup_len = 8; @@ -143,30 +155,28 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } else { mac_len = td->xform.aead.aead.digest_length; + min_padding = 0; roundup_len = 0; - exp_nonce_len = 8; + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) + exp_nonce_len = 0; + else + exp_nonce_len = 8; } switch (td->tls_record_xform.ver) { case RTE_SECURITY_VERSION_TLS_1_2: + hdr_len = sizeof(struct rte_tls_hdr); + break; case RTE_SECURITY_VERSION_TLS_1_3: hdr_len = sizeof(struct rte_tls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; + /* Add 1 byte for content type in packet */ + tls_pkt_size += 1; break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; break; default: - hdr_len = 0; - min_padding = 0; - break; + return TEST_SKIPPED; } tls_pkt_size += mac_len; @@ -186,6 +196,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->output_text.len = tls_pkt_size; } + return TEST_SUCCESS; } void diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 3d714b3574..20a7d347a0 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -137,11 +137,11 @@ int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_re void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, struct tls_record_test_data *td_in); -void test_tls_record_td_prepare(const struct crypto_param *param1, - const struct crypto_param *param2, - const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td, - unsigned int data_len); +int test_tls_record_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct tls_record_test_flags *flags, + struct tls_record_test_data *td_array, int nb_td, + unsigned int data_len); void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_data td_outb[], int nb_td, From patchwork Tue Mar 12 17:51:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138244 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2364443C94; Tue, 12 Mar 2024 18:53:35 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 97FFC42DF7; Tue, 12 Mar 2024 18:52:40 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 4D10142DE7 for ; Tue, 12 Mar 2024 18:52:35 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4R66015029; Tue, 12 Mar 2024 10:52:34 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=bHrEq19FgAEkbHiaqJqghnqAMcdVoXeDUu5m2n0h1Gk=; b=g08 Zp5Ui7S6eD8Sa6igWJ8GpopV2+U2/qz5Y7lmTwWWQOu1rMYhAPxKASqGSADaM6SX adYySqYh9eVAwvvj1kjTTq4conXr43wi/W5v7Mn42hV+jYqizdsG0jDOIJywSwzy mv1Y7Hahcj5pIaSIQ451q7ZjXczXDhBJdh5mCuiiXUBP70aR0eVqOEgK7mPK/ROV 5nsRIdzXO2rQknfVf4TsT2se4/2T+kfAEGt7kPWe8n/MwQSP/jKY9BH+7nnG59Mp UJETuvaHCc1fQZAdoYC8NJYZHqHw3vKbTbjqNY++jHB/bGpftOYtELwgw34OjH/h VxPWXtg7Z1lFH6c8poQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrg0x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:34 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:33 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:33 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id B953D3F70A1; Tue, 12 Mar 2024 10:52:30 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 16/21] test/crypto: test to verify hdr corruption in TLS Date: Tue, 12 Mar 2024 23:21:38 +0530 Message-ID: <20240312175143.1664699-17-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 2JXg3JvOBvakG9fFyIb0Qte9nIai0ef- X-Proofpoint-GUID: 2JXg3JvOBvakG9fFyIb0Qte9nIai0ef- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with header corruption. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 25777c1b1f..9f0a737913 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12424,6 +12424,20 @@ test_dtls_1_2_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_1_3_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17714,7 +17728,10 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "Read record known vector CHACHA20-POLY1305", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls13_test_data_chacha20_poly1305), - + TEST_CASE_NAMED_ST( + "TLS-1.3 record header corruption", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_corrupt_pkt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 17:51:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138245 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6AEC643C94; Tue, 12 Mar 2024 18:53:40 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DD01B42E0F; Tue, 12 Mar 2024 18:52:42 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 0089C42D72 for ; Tue, 12 Mar 2024 18:52:37 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CEHmns025523; Tue, 12 Mar 2024 10:52:37 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=5y2J6CebcndISM9cZDkKw+oChKoH/YJrcVIE8ssUy0I=; b=W3Y 4hYKq1beAtNb/yaF+JUGOmTDTigVtYnQ1/lr4UEALn/vlgPuVP+rIupkoPlN80o+ ASS1+gviymsTzxNVhsivFjcn35K9Nw1JVj6nVu1YMlKdMQP0AkPYIj8vcl62SznD ADKNvhAKHaw05eV8fI0PwCrhgquR2OUSINa/FGWemsF91MhdAeopP7785R7SsqHi 8c5On1MpOYzdxJvva/mvr/vUL3bA4r1sFVVkoDcXqaLbdcddfhyefQ1qloUS0YXF awAmbuS8gy56Sn9xamRjhrkV5IXq9LEckXIumC06CZjbu/JhTXEenfGKHcVmWMQw aWQ1tBp+FnDJdhObH1w== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcxffp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:37 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:35 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:35 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 97DE73F70A1; Tue, 12 Mar 2024 10:52:33 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 17/21] test/crypto: test to verify custom content type in TLS Date: Tue, 12 Mar 2024 23:21:39 +0530 Message-ID: <20240312175143.1664699-18-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 8XEI7ZokI_mBp15l-S3Lf6XouA_I8hXB X-Proofpoint-GUID: 8XEI7ZokI_mBp15l-S3Lf6XouA_I8hXB X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with content type as custom. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9f0a737913..fe4fcfbfdb 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12438,6 +12438,21 @@ test_tls_1_3_record_proto_corrupt_pkt(void) return test_tls_record_proto_all(&flags); } + +static int +test_tls_1_3_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17732,6 +17747,10 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "TLS-1.3 record header corruption", ut_setup_security, ut_teardown, test_tls_1_3_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "TLS-1.3 record header with custom content type", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_custom_content_type), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 17:51:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138246 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5CD1C43C94; Tue, 12 Mar 2024 18:53:46 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1067D42E18; Tue, 12 Mar 2024 18:52:44 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id B391B42E11 for ; Tue, 12 Mar 2024 18:52:40 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4R6u015026; Tue, 12 Mar 2024 10:52:40 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=m7mqdFjoWrCEKetDqdlKORbJ3M/8k/8L0RROfpRwkYU=; b=ZGO 3VdttG8RBGAU16Arv5bMM6zGCvAF8JHEJ1IaXLIBSH0/oKSStN/dyiJxGxxtGxQS XqfwGTSw3eudwJVK4hg7MhsiH7lrIsLFTEoCl1saiF4jw90pMzc/flSmAjONpEJX BzACoQIKQJqf4iETITgzHiFalGBlIWAtZ8bSFjngwaViM/nNcHpRAH7bJoJSbcQS kQrNySZ5549Iz1ZDUZOFH3UzweFr1DbKkmdsLO0fYPCKlKbUi+pLDpb5KX0rIMRa F96hMfeiq502ofIn1HCUnrudFWchrc2X3bsps/jNdSmEwjmuvbW1eZVd2iuIj1A7 V/KL8Nl66FeW5Peqqsw== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrg1e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:39 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:39 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 12 Mar 2024 10:52:38 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:38 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 7C9DC3F70A1; Tue, 12 Mar 2024 10:52:36 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 18/21] test/crypto: test to verify zero len record in TLS Date: Tue, 12 Mar 2024 23:21:40 +0530 Message-ID: <20240312175143.1664699-19-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: Vbpu9tNM6SynNRKxnV2_KaajRydyrsao X-Proofpoint-GUID: Vbpu9tNM6SynNRKxnV2_KaajRydyrsao X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with zero length. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fe4fcfbfdb..8ad5033f32 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12453,6 +12453,37 @@ test_tls_1_3_record_proto_custom_content_type(void) return test_tls_record_proto_all(&flags); } + +static int +test_tls_1_3_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_3_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17751,6 +17782,14 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "TLS-1.3 record header with custom content type", ut_setup_security, ut_teardown, test_tls_1_3_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "TLS-1.3 record with zero len and content type as app", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "TLS-1.3 record with zero len and content type as ctrl", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 17:51:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138247 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E974843C94; Tue, 12 Mar 2024 18:53:53 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id ABF1C42E27; Tue, 12 Mar 2024 18:52:45 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id C489A42DD0 for ; Tue, 12 Mar 2024 18:52:43 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CEHdFW025349; Tue, 12 Mar 2024 10:52:43 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=KmLuggP/cw4ewNQyfQWtwuvphVUa7V2o3lswpHLjJac=; b=MtT v7keDKqwNKH63R2z2xENYNx6W1zmmj2Fi0rRKaQJAe5fhkT/XDySvAhpUwpF+eFb MGbKPlmShaPKu4C9G1HDMGxnGeA92vnMmdxrmRl5hpkRVP4W9FfTpQ60IfDG3W8X V7M7VSFjpXWZD3lPBscWJKlH1V4Fvv2A4729uGGM2R4btfIaXquyHYxQECQdfiHz wMy22kbPwfsWWWU+0ihh7PoabFaqmFDgblm1lFiDNEPTsIzrt6Ms4iq7Wtkhplb8 rbVH3mIol8iDhKTzmuLMV5qixwpMROUCHecPEv0GzaOa8147YlnH3WJNqVETgvUZ XpR4xm4eW14oKKm0LqA== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcxffx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:43 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:41 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 12 Mar 2024 10:52:41 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:41 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 5C73D3F70A1; Tue, 12 Mar 2024 10:52:39 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 19/21] test/crypto: unit tests to verify padding in TLS Date: Tue, 12 Mar 2024 23:21:41 +0530 Message-ID: <20240312175143.1664699-20-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 2yey0FDEHu97mRpvHt1CPGc1dZR_yJ8_ X-Proofpoint-GUID: 2yey0FDEHu97mRpvHt1CPGc1dZR_yJ8_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the padding for TLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 85 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 28 ++++-- app/test/test_cryptodev_security_tls_record.h | 5 +- 3 files changed, 109 insertions(+), 9 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 8ad5033f32..a324c1607b 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11834,6 +11834,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (td[0].aead) test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); + if (flags->opt_padding) + tls_record_xform.options.extra_padding_enable = 1; + sess_conf.tls_record = tls_record_xform; if (td[0].aead) { @@ -11888,6 +11891,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->op->sym->m_dst = NULL; ut_params->op->param1.tls_record.content_type = td[i].app_type; + if (flags->opt_padding) + ut_params->op->aux_flags = flags->opt_padding; + /* Copy IV in crypto operation when IV generation is disabled */ if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) && (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) && @@ -11915,7 +11921,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, - silent); + silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; } @@ -12184,6 +12190,59 @@ test_tls_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_opt_padding(uint8_t padding, uint8_t num_segs, + enum rte_security_tls_version tls_version) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = num_segs, + .tls_version = tls_version, + .opt_padding = padding + }; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_record_proto_dm_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_dm_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 2, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_2(void) +{ + return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_max(void) +{ + return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17578,6 +17637,30 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Zero len TLS record with content type as ctrl", ut_setup_security, ut_teardown, test_tls_record_proto_zero_len_non_app), + TEST_CASE_NAMED_ST( + "TLS record DM mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_dm_opt_padding), + TEST_CASE_NAMED_ST( + "TLS record DM mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_dm_opt_padding_1), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_1), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_2), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > max range", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_max), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 96d0a94731..03d9efefc3 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -269,7 +269,8 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, } static int -tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) +tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text, + const struct tls_record_test_flags *flags) { uint16_t length, hdr_len; uint8_t content_type; @@ -322,10 +323,22 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp } } - if (length != td->output_text.len - hdr_len) { - printf("Incorrect packet length [expected - %d, received - %d]\n", - td->output_text.len - hdr_len, length); - return TEST_FAILED; + if (!flags->opt_padding) { + if (length != td->output_text.len - hdr_len) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + td->output_text.len - hdr_len, length); + return TEST_FAILED; + } + } else { + int pad_len = (flags->opt_padding * 8) > 256 ? 256 : (flags->opt_padding * 8); + int expect_len = td->output_text.len - hdr_len + pad_len; + + if (length - expect_len > 32) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + expect_len, length); + return TEST_FAILED; + } + } return TEST_SUCCESS; @@ -333,7 +346,8 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, - struct tls_record_test_data *res_d, bool silent) + struct tls_record_test_data *res_d, bool silent, + const struct tls_record_test_flags *flags) { uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN]; uint32_t len = rte_pktmbuf_pkt_len(m), data_len; @@ -365,7 +379,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t } if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) { - ret = tls_record_hdr_verify(td, output_text); + ret = tls_record_hdr_verify(td, output_text, flags); if (ret != TEST_SUCCESS) return ret; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 20a7d347a0..b31c38af06 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -97,7 +97,9 @@ struct tls_record_test_flags { bool data_walkthrough; bool pkt_corruption; bool zero_len; + bool padding_corruption; uint8_t nb_segs_in_mbuf; + uint8_t opt_padding; enum rte_security_tls_version tls_version; enum tls_record_test_content_type content_type; int ar_win_size; @@ -148,5 +150,6 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_flags *flags); int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, - struct tls_record_test_data *res_d, bool silent); + struct tls_record_test_data *res_d, bool silent, + const struct tls_record_test_flags *flags); #endif From patchwork Tue Mar 12 17:51:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138248 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 397BC43C94; Tue, 12 Mar 2024 18:54:01 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2745C42E20; Tue, 12 Mar 2024 18:52:48 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 150CC42E1D for ; Tue, 12 Mar 2024 18:52:45 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CEHPH2025232; Tue, 12 Mar 2024 10:52:45 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=KBHB9syhLc7P17UnIjw132Tc/bmdbMR7lOQswGhxKwc=; b=ZqJ AuARuChLhiRykr1Guo0X62SeQb0DKytHG2ICPml1pSL7LCHwFAVaDzguY3cE9CcO tAp7gTJ0HJH2hCoBv1N0Cd9Gdx2hUVCe2QfV6BOINg6/iM7CLiWdyPqCab2tszCq xazA/dNMwdjmXFMlT7p1yA6EMg5OamgBON5aVCPWbNf5SXQ4p7MLekQ0rNnyv9jI fG6rbDMz8srllunJ+EB12UL6wSiQwUbJ47mO6kBRcsyygzCX2M2BofYRdoJ38hRC 94PzYQ/mhW4yq5P4F82tLm+3jCBXw9vTMY+0/fS+YbMYHzNrQt8vMB2MxZ4Gsp4W uv7nIZ51KP9enLgnP7Q== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcxfg7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:45 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:44 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:44 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 3B5433F70A1; Tue, 12 Mar 2024 10:52:41 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 20/21] test/crypto: unit tests for padding in DTLS-1.2 Date: Tue, 12 Mar 2024 23:21:42 +0530 Message-ID: <20240312175143.1664699-21-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 0iDIDddH3sIMlE_pJB1lL0OM2vBwTplG X-Proofpoint-GUID: 0iDIDddH3sIMlE_pJB1lL0OM2vBwTplG X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the padding for DTLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 60 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index a324c1607b..572740cbf9 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12483,6 +12483,42 @@ test_dtls_1_2_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_dm_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_dm_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 5, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_2(void) +{ + return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_max(void) +{ + return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_DTLS_1_2); +} + static int test_tls_1_3_record_proto_corrupt_pkt(void) { @@ -17824,6 +17860,30 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Antireplay with window size 4096", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_antireplay4096), + TEST_CASE_NAMED_ST( + "DTLS record DM mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_dm_opt_padding), + TEST_CASE_NAMED_ST( + "DTLS record DM mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_dm_opt_padding_1), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_1), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_2), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > max range", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_max), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Tue Mar 12 17:51:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138249 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F28AD43C94; Tue, 12 Mar 2024 18:54:09 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BC08A42E03; Tue, 12 Mar 2024 18:52:52 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id BFE9242E34 for ; Tue, 12 Mar 2024 18:52:49 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CG4QDQ015018; Tue, 12 Mar 2024 10:52:49 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=vYObzcUTdgIrvFCUjOgMNXhJy0tLgvgFCjSB6OM6f2I=; b=XmR y729eByXWh2qO8BrBHtdQg8JWaOXGEHz5zV1Czs1KECm8bRL7yySlcCWzOOWHII0 AowueXYAiSLnqJE6qUnGpHMT3kAovzOsFWt/vakOFmZZEWYA7Iax+qxNT3d69O0K FuhcVjp4W6DZoiZFPWPYRNodOYS2k2oFORZdyMdiQsASPAsvwFKQ0+XQhKsvtdZv r4YZ32j/PHrPKMEq6sN4efv+uVgM/FvI/ZH03Tq3RPLLarVfUxGPYUv8enEWz8Lc WiWL8GDUPAjc91Rg/Oi8LLAgsVfdpOYlkGNhtFcCWeQ1Hscn+V75jnXg4SjNxQV3 3DKpghyhZ36AlcDTD9g== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8hrg2g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 10:52:48 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 10:52:47 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 10:52:47 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 284A33F70A1; Tue, 12 Mar 2024 10:52:44 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v3 21/21] test/security: add out of place sgl test case for TLS 1.2 Date: Tue, 12 Mar 2024 23:21:43 +0530 Message-ID: <20240312175143.1664699-22-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240312175143.1664699-1-asasidharan@marvell.com> References: <20240312071805.1354530-1-asasidharan@marvell.com> <20240312175143.1664699-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: YpCojPV-r4DHuo6KIXWRhbsOHo2zoQhe X-Proofpoint-GUID: YpCojPV-r4DHuo6KIXWRhbsOHo2zoQhe X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-12_11,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add TLS 1.2 out-of-place multi-segmented packet test. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 52 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.h | 1 + 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 572740cbf9..1703ebccf1 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11873,6 +11873,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, nb_segs, 0); pktmbuf_write(ut_params->ibuf, 0, td[i].input_text.len, td[i].input_text.data); + if (flags->out_of_place) + ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool, + td[i].output_text.len, nb_segs, 0); + else + ut_params->obuf = NULL; /* Generate crypto op data structure */ ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, @@ -11888,7 +11893,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], /* Set crypto operation mbufs */ ut_params->op->sym->m_src = ut_params->ibuf; - ut_params->op->sym->m_dst = NULL; + ut_params->op->sym->m_dst = ut_params->obuf; ut_params->op->param1.tls_record.content_type = td[i].app_type; if (flags->opt_padding) @@ -11920,7 +11925,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], res_d_tmp = &res_d[i]; if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, + struct rte_mbuf *buf = flags->out_of_place ? ut_params->obuf : + ut_params->ibuf; + + ret = test_tls_record_post_process(buf, &td[i], res_d_tmp, silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -11929,6 +11937,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_crypto_op_free(ut_params->op); ut_params->op = NULL; + if (flags->out_of_place) { + rte_pktmbuf_free(ut_params->obuf); + ut_params->obuf = NULL; + } + rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; } @@ -11937,6 +11950,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_crypto_op_free(ut_params->op); ut_params->op = NULL; + if (flags->out_of_place) { + rte_pktmbuf_free(ut_params->obuf); + ut_params->obuf = NULL; + } + rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; @@ -12127,6 +12145,32 @@ test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_ver return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl_oop(enum rte_security_tls_version tls_version) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .out_of_place = true, + .tls_version = tls_version + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_sgl_oop(void) +{ + return test_tls_record_proto_sgl_oop(RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_tls_1_2_record_proto_sgl_data_walkthrough(void) { @@ -17657,6 +17701,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "Multi-segmented mode out of place", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_sgl_oop), TEST_CASE_NAMED_ST( "TLS packet header corruption", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index b31c38af06..e788d36b7a 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -98,6 +98,7 @@ struct tls_record_test_flags { bool pkt_corruption; bool zero_len; bool padding_corruption; + bool out_of_place; uint8_t nb_segs_in_mbuf; uint8_t opt_padding; enum rte_security_tls_version tls_version;