From patchwork Wed Mar 13 05:50:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138284 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7975343C9A; Wed, 13 Mar 2024 06:50:45 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 828A940E01; Wed, 13 Mar 2024 06:50:42 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 3E39F402E0 for ; Wed, 13 Mar 2024 06:50:39 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D40615015029; Tue, 12 Mar 2024 22:50:38 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=QUZcyTj5XidC+pbqc55KVF8529MavEbdwy3kwFi1fM8=; b=duR 464pwtVzrcr6F09B4UUoMu+nBuwCJyUDGgFbxDuCFinqDfOvfGhegbUgjW3+EiB3 g0O5tU+70ps5hm/DD3eCpykWc0KGcbx9cnmhERnBx5fL93SiY9edCsfeM8OX7B1F gy76QNGso/RPk1adCu/FFBa+vX0MkTFONH+I092uOMaAJhaqqXkHc90LPOyAa1J/ MsQtK7FS3dsnv5Zfhf8mJIHzexFRnH4XbMgooCeet/tcHF9y78TpqKwrDd7GDfB6 nqCawY1nHhu59+0Awh6t/iB+3MmqSNAOW4pesXFbKLCPMXKNEawBqGOET/iaV0A1 gl3IAKneOhtABaKyDwQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htkqp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:50:38 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:50:36 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:50:36 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 6DAE53F7082; Tue, 12 Mar 2024 22:50:34 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang , Anoob Joseph , Vidya Sagar Velumuri CC: , , Subject: [PATCH v4 01/21] test/security: enable AES-GCM in combined mode TLS Date: Wed, 13 Mar 2024 11:20:10 +0530 Message-ID: <20240313055030.1685039-2-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 0cy8RW-cYAoj8wPNIW7YqaZFETVpEht6 X-Proofpoint-GUID: 0cy8RW-cYAoj8wPNIW7YqaZFETVpEht6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Enable AES-GCM AEAD tests in combined mode TLS test suite. Coverity issue: 414888 Fixes: 9157ccb8f876 ("test/crypto: verify TLS headers") Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev_security_tls_record.c | 10 ++++++++-- app/test/test_security_proto.h | 3 +++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index bcb2eba4ff..14a7a2511e 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -116,6 +116,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } else { mac_len = td->xform.aead.aead.digest_length; + roundup_len = 0; exp_nonce_len = 8; } @@ -123,7 +124,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt case RTE_SECURITY_VERSION_TLS_1_2: case RTE_SECURITY_VERSION_TLS_1_3: hdr_len = sizeof(struct rte_tls_hdr); - min_padding = 1; + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); @@ -139,7 +143,9 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt /* Padding */ tls_pkt_size += min_padding; - tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + + if (roundup_len) + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); /* Explicit nonce */ tls_pkt_size += exp_nonce_len; diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index efa023b99d..5b92daa810 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -27,16 +27,19 @@ static const struct crypto_param aead_list[] = { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 16, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 24, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 32, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, From patchwork Wed Mar 13 05:50:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138285 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id ACA5243C9A; Wed, 13 Mar 2024 06:50:52 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2249D4113D; Wed, 13 Mar 2024 06:50:47 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 2ECE140DCE for ; Wed, 13 Mar 2024 06:50:42 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D3TpbT015037; Tue, 12 Mar 2024 22:50:41 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=R3y458QeajgK31RfMk///PkRx/QKf91N6cJwVl9FP1o=; b=kUg VbfsS+YaGksXzpew2Kz6+X0B7LHap1NDxcxLZlJcMKvSRcTqVZqVCxJp3UWUE9ln abYrvsDxkGg2vAqHu0GmjK/XND18p+b6dms8U8pE3FCWRJWVooQnJJFYpDHOh5Yp Khe7z8BNGoG1mhFduItA97JDlBLMKh9UHOcOkhAxcsyfxJ2/9ukURUIOlj+KEXgG Ud6DOfYxWUeLCaGQ7+yDTVNDRqIhAU6ov+G76AGwmCqwaxXi4GBJAryCRUJqo/SR FEKbSTGOSAHdzeDDzmFisl1x9ggGcINlhkr4b2gpXA5nipVbjVpQVZe2nwZ/WOnS xgHel0VBBuI3kgp19Cw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htkqt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:50:41 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:50:39 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:50:39 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 574823F7082; Tue, 12 Mar 2024 22:50:37 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang , Anoob Joseph CC: , , , Subject: [PATCH v4 02/21] test/security: add TLS 1.2 data walkthrough test Date: Wed, 13 Mar 2024 11:20:11 +0530 Message-ID: <20240313055030.1685039-3-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: PYXqsNjJCEoLwJwM8AvIzVIlc60MWCC7 X-Proofpoint-GUID: PYXqsNjJCEoLwJwM8AvIzVIlc60MWCC7 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add data walkthrough test for TLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 90 +++++++++++++++++-- app/test/test_cryptodev.h | 12 ++- app/test/test_cryptodev_security_tls_record.c | 25 ++++-- app/test/test_cryptodev_security_tls_record.h | 41 ++++++++- app/test/test_security_proto.c | 17 ++++ app/test/test_security_proto.h | 6 ++ 6 files changed, 171 insertions(+), 20 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 3b5e784022..c5837ccbdd 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -858,6 +858,8 @@ ipsec_proto_testsuite_setup(void) static int tls_record_proto_testsuite_setup(void) { + test_sec_proto_pattern_generate(); + return sec_proto_testsuite_setup(RTE_SECURITY_PROTOCOL_TLS_RECORD); } @@ -11958,14 +11960,30 @@ test_tls_record_proto_known_vec_read(const void *test_data) static int test_tls_record_proto_all(const struct tls_record_test_flags *flags) { + unsigned int i, nb_pkts = 1, pass_cnt = 0, payload_len, max_payload_len; struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; - unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; + switch (flags->tls_version) { + case RTE_SECURITY_VERSION_TLS_1_2: + max_payload_len = TLS_1_2_RECORD_PLAINTEXT_MAX_LEN; + break; + case RTE_SECURITY_VERSION_TLS_1_3: + max_payload_len = TLS_1_3_RECORD_PLAINTEXT_MAX_LEN; + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + max_payload_len = DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN; + break; + default: + max_payload_len = 0; + } + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; +again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts); + td_outb, nb_pkts, payload_len); ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) @@ -11983,6 +12001,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_FAILED) return TEST_FAILED; + if (flags->data_walkthrough && (++payload_len <= max_payload_len)) + goto again; + if (flags->display_alg) test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); @@ -11996,22 +12017,69 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) } static int -test_tls_record_proto_display_list(void) +test_tls_1_2_record_proto_data_walkthrough(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.data_walkthrough = true; + flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2; + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_display_list(void) { struct tls_record_test_flags flags; memset(&flags, 0, sizeof(flags)); flags.display_alg = true; + flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2; return test_tls_record_proto_all(&flags); } static int -test_tls_record_proto_sgl(void) +test_tls_1_2_record_proto_sgl(void) { struct tls_record_test_flags flags = { - .nb_segs_in_mbuf = 5 + .nb_segs_in_mbuf = 5, + .tls_version = RTE_SECURITY_VERSION_TLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_display_list(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_sgl(void) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 }; struct crypto_testsuite_params *ts_params = &testsuite_params; struct rte_cryptodev_info dev_info; @@ -17081,11 +17149,15 @@ static struct unit_test_suite tls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, - test_tls_record_proto_display_list), + test_tls_1_2_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Data walkthrough combined test alg list", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_data_walkthrough), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, - test_tls_record_proto_sgl), + test_tls_1_2_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17182,11 +17254,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, - test_tls_record_proto_display_list), + test_dtls_1_2_record_proto_display_list), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, - test_tls_record_proto_sgl), + test_dtls_1_2_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index f27d9697fd..e4e99d00c1 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -5,6 +5,9 @@ #define TEST_CRYPTODEV_H_ #include +#ifdef RTE_LIB_SECURITY +#include "test_security_proto.h" +#endif #define HEX_DUMP 0 @@ -21,9 +24,16 @@ #define DEFAULT_NUM_XFORMS (2) #define NUM_MBUFS (8191) #define MBUF_CACHE_SIZE (256) + +#ifdef RTE_LIB_SECURITY +#define MBUF_DATAPAYLOAD_SIZE RTE_MAX((unsigned int)(4096 + DIGEST_BYTE_LENGTH_SHA512), \ + TEST_SEC_CIPHERTEXT_MAX_LEN) +#else #define MBUF_DATAPAYLOAD_SIZE (4096 + DIGEST_BYTE_LENGTH_SHA512) +#endif + #define MBUF_SIZE (sizeof(struct rte_mbuf) + \ - RTE_PKTMBUF_HEADROOM + MBUF_DATAPAYLOAD_SIZE) + RTE_PKTMBUF_HEADROOM + MBUF_DATAPAYLOAD_SIZE) #define BYTE_LENGTH(x) (x/8) /* HASH DIGEST LENGTHS */ diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 14a7a2511e..3745c6a0d1 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -62,7 +62,8 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, void test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td) + struct tls_record_test_data *td_array, + int nb_td, unsigned int data_len) { int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; @@ -76,7 +77,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) + memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); + else + memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; @@ -84,7 +88,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->xform.aead.aead.digest_length = param1->digest_length; } else { /* Copy template for packet & key fields */ - memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) + memcpy(td, &dtls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + else + memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); td->aead = false; td->xform.chain.cipher.cipher.algo = param1->alg.cipher; @@ -96,6 +103,11 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } + if (flags->data_walkthrough) { + test_sec_proto_pattern_set(td->input_text.data, data_len); + td->input_text.len = data_len; + } + tls_pkt_size = td->input_text.len; if (!td->aead) { @@ -221,6 +233,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, return TEST_SUCCESS; } + static int tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) { @@ -280,13 +293,13 @@ int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent) { + uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN]; uint32_t len = rte_pktmbuf_pkt_len(m), data_len; - uint8_t output_text[TLS_RECORD_MAX_LEN]; const struct rte_mbuf *seg; const uint8_t *output; int ret; - memset(output_text, 0, TLS_RECORD_MAX_LEN); + memset(output_text, 0, TEST_SEC_CIPHERTEXT_MAX_LEN); /* * Actual data in packet might be less in error cases, hence take minimum of pkt_len and sum @@ -300,7 +313,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t } len = RTE_MIN(len, data_len); - TEST_ASSERT(len <= TLS_RECORD_MAX_LEN, "Invalid packet length: %u", len); + TEST_ASSERT(len <= TEST_SEC_CIPHERTEXT_MAX_LEN, "Invalid packet length: %u", len); /* Copy mbuf payload to continuous buffer */ output = rte_pktmbuf_read(m, 0, len, output_text); diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 0bd83f88f0..56d9d11962 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -10,7 +10,37 @@ #include "test_security_proto.h" -#define TLS_RECORD_MAX_LEN 16384u +/* TLS 1.2 Ciphertext length can be up to (2^14 + 2048 + 5 (TLS Header)) Bytes */ +#define TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (4096u) +static_assert(TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.2 Plaintext length can be up to (2^14 + 1024) Bytes */ +#define TLS_1_2_RECORD_PLAINTEXT_MAX_LEN (3072u) +static_assert(TLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* DTLS 1.2 Ciphertext length is similar to TLS 1.2 */ +#define DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (4096u) +static_assert(DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* DTLS 1.2 Plaintext length is similar to TLS 1.2 */ +#define DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN (3072u) +static_assert(DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.3 Ciphertext length can be up to (2^14 + 256 + 5 (TLS Header)) Bytes */ +#define TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN (4096u) +static_assert(TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.3 Plaintext length can be up to 2^14 Bytes */ +#define TLS_1_3_RECORD_PLAINTEXT_MAX_LEN (3072u) +static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +#define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) struct tls_record_test_data { struct { @@ -22,12 +52,12 @@ struct tls_record_test_data { } auth_key; struct { - uint8_t data[TLS_RECORD_MAX_LEN]; + uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; unsigned int len; } input_text; struct { - uint8_t data[TLS_RECORD_MAX_LEN]; + uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; unsigned int len; } output_text; @@ -56,6 +86,8 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; int nb_segs_in_mbuf; + bool data_walkthrough; + enum rte_security_tls_version tls_version; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -89,7 +121,8 @@ void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_ou void test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td); + struct tls_record_test_data *td_array, int nb_td, + unsigned int data_len); void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_data td_outb[], int nb_td, diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c index d242c852af..cf40d5fc9a 100644 --- a/app/test/test_security_proto.c +++ b/app/test/test_security_proto.c @@ -13,6 +13,8 @@ struct crypto_param_comb sec_alg_list[RTE_DIM(aead_list) + struct crypto_param_comb sec_auth_only_alg_list[2 * (RTE_DIM(auth_list) - 1)]; +static uint8_t cleartext_pattern[TEST_SEC_CLEARTEXT_MAX_LEN]; + void test_sec_alg_list_populate(void) { @@ -152,3 +154,18 @@ test_sec_alg_display(const struct crypto_param *param1, const struct crypto_para } printf("\n"); } + +void +test_sec_proto_pattern_generate(void) +{ + unsigned int i; + + for (i = 0; i < TEST_SEC_CLEARTEXT_MAX_LEN; i++) + cleartext_pattern[i] = (i + 1) & 0xff; +} + +void +test_sec_proto_pattern_set(uint8_t *buf, int len) +{ + rte_memcpy(buf, cleartext_pattern, len); +} diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index 5b92daa810..05992eee94 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -8,6 +8,8 @@ #include #include +#define TEST_SEC_CLEARTEXT_MAX_LEN (3072u) +#define TEST_SEC_CIPHERTEXT_MAX_LEN (4096u) #define TEST_SEC_PKTS_MAX 32 struct crypto_param { @@ -186,4 +188,8 @@ int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_c void test_sec_alg_display(const struct crypto_param *param1, const struct crypto_param *param2); +void test_sec_proto_pattern_generate(void); + +void test_sec_proto_pattern_set(uint8_t *buf, int len); + #endif From patchwork Wed Mar 13 05:50:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138286 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EB58543C9A; Wed, 13 Mar 2024 06:50:59 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6F86641611; Wed, 13 Mar 2024 06:50:48 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E79CA40EE2 for ; Wed, 13 Mar 2024 06:50:44 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D40617015029; Tue, 12 Mar 2024 22:50:44 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=/9AzlCo2YzprS+oOh8lRIfE7vgCh5VI3gOB6niRhDhw=; b=Shh 0K8ufv+wdbwQkWrGAfM3zmXnYHwfvHGtDmsYa3HD/MoLVdCARhHrzKOLfw/L2XaH /5zwb2NMVhD1M3Xtk0RR+eMVC6P3RG3pAWPQUXJryECHDnUgqVYO6f6Ac06qd+Ww KN8f807NgtuCDRfqZJbHqlSOJ1FoRsqz7Egbht6ECGCO7giPht4fvHXzazeK4oYL RKafAs14fSdtmW4z5GFNZT1DNSVVcI81E1j9OS4rBQ1gbe27FsO8byo1DFeuZvj4 ZdFW1vI6KUMxp4Ef42E5riQE3hnMOgOxETVKi9pJvaUqnNOzIb6nF8dz9ZdCjAuU ceo2JRhva7hiJHRijYw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htkr1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:50:43 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:50:42 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:50:42 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 3F3A83F7082; Tue, 12 Mar 2024 22:50:39 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 03/21] test/security: add DTLS 1.2 data walkthrough test Date: Wed, 13 Mar 2024 11:20:12 +0530 Message-ID: <20240313055030.1685039-4-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 1BJgq_OsHrxk_xI-RYkGjll_8sAU_KdN X-Proofpoint-GUID: 1BJgq_OsHrxk_xI-RYkGjll_8sAU_KdN X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add data walkthrough test for DTLS 1.2 Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 17 +++++++++++++++++ app/test/test_cryptodev_security_tls_record.c | 5 ++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index c5837ccbdd..e0695e9eb3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12061,6 +12061,19 @@ test_tls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_data_walkthrough(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.data_walkthrough = true; + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_display_list(void) { @@ -17255,6 +17268,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Data walkthrough combined test alg list", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_data_walkthrough), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 3745c6a0d1..92bcbff842 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -143,7 +143,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); - min_padding = 0; + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; default: hdr_len = 0; From patchwork Wed Mar 13 05:50:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138287 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F40B243C9A; Wed, 13 Mar 2024 06:51:09 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3FB9442D0B; Wed, 13 Mar 2024 06:50:52 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id C198F41153 for ; Wed, 13 Mar 2024 06:50:47 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D3YCCJ015018; Tue, 12 Mar 2024 22:50:47 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=uqH4WEad1na42eDgRgvev+6tqNPy8SJNM4Bc075m6NE=; b=TJi b7T3iBOG8whPgKFmam+7oPiEb1eF82jHV3mV/jKvM64oafziGfvTFGSL1FBjrI+t EAOEcmPhV31Kry1u9EOAWmLWsVsp2ekOyDPhaMdEGxkt/OweJvizSOFHGGrh3OSY WlMUAEs7aTzma2J5gXMJ2t16v2Hu/YUh0UVKq8ufaFxqRcAaKethEDMOqQ0XiGfc M8vEik6nXjGCxE1tgmsjgZdL3pjRN3xkZP7s212O2EmadtBgsOOCJrsWyCXupb2f HMdhbsnvc2MC9Trmcfiuy4Cj3Oqg76XywH8AZZZS1mP2okUuXOVuVEclKUuW2YFI gGXulNaynHrSZYlS/PQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htkr5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:50:46 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:50:45 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:50:45 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 27E423F7080; Tue, 12 Mar 2024 22:50:42 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 04/21] test/security: add TLS SG data walkthrough test Date: Wed, 13 Mar 2024 11:20:13 +0530 Message-ID: <20240313055030.1685039-5-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: kXZUEYpngrnesn1NmRuDy-yI02gFbj0w X-Proofpoint-GUID: kXZUEYpngrnesn1NmRuDy-yI02gFbj0w X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add multi segment packet data walkthrough test for TLS 1.2 and DTLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 42 +++++++++++++++++++ app/test/test_cryptodev_security_tls_record.h | 2 +- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index e0695e9eb3..3591c91130 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11981,6 +11981,8 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) for (i = 0; i < RTE_DIM(sec_alg_list); i++) { payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; + if (flags->nb_segs_in_mbuf) + payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf); again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, td_outb, nb_pkts, payload_len); @@ -12061,6 +12063,32 @@ test_tls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_version) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .tls_version = tls_version, + .data_walkthrough = true + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_sgl_data_walkthrough(void) +{ + return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -12106,6 +12134,12 @@ test_dtls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_sgl_data_walkthrough(void) +{ + return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2); +} + #endif static int @@ -17171,6 +17205,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl), + TEST_CASE_NAMED_ST( + "Multi-segmented mode data walkthrough", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_sgl_data_walkthrough), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17276,6 +17314,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Multi-segmented mode", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_sgl), + TEST_CASE_NAMED_ST( + "Multi-segmented mode data walkthrough", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sgl_data_walkthrough), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 56d9d11962..a6c537b35a 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -85,7 +85,7 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; - int nb_segs_in_mbuf; + uint8_t nb_segs_in_mbuf; bool data_walkthrough; enum rte_security_tls_version tls_version; }; From patchwork Wed Mar 13 05:50:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138288 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6F5A843C9A; Wed, 13 Mar 2024 06:51:18 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C302C42D68; Wed, 13 Mar 2024 06:50:53 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id F055642D0B for ; Wed, 13 Mar 2024 06:50:50 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D3Xe43015026; Tue, 12 Mar 2024 22:50:49 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=dDBadRvkqLp45y5mqZF5j0IRdZZiMTf57j7rx0e2P28=; b=T3G dEOuzg74uAYfk+frJMcxF/qk1Lg+kvj7bZnG6GLMWPKHxNleBZcxl2Y1H17Ii7pg aUgBYiJ59WhiFNyzcFXkcIu4kllu5Yv/4XW/DXAsDcwBLY46EZc+zczd8FwysHWI UN4KugktmT23v/BdS3doPRPLem3vhGS60BWwgTkKSzcr5591m7JYrpSwpbUMqkG+ mKPz325P4to7tKeqTqLZcc/FDd+DC0pNeuNP2k7+n2RmXvBYhlEqNkL2oYcNDERR Tfjka1M7XDc5SyGdfbgbu45e5XiVTV44qBEz1r2M6yxqTwrZe59ps9Xntou2WVeh Vlq/I3uOrkwtTY6yuvA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htkrc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:50:49 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:50:48 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:50:48 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 0C0823F7080; Tue, 12 Mar 2024 22:50:45 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 05/21] test/security: unit test for TLS packet corruption Date: Wed, 13 Mar 2024 11:20:14 +0530 Message-ID: <20240313055030.1685039-6-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 9G4dn7638D3F05EVt_aEQd0q3GSTjuaQ X-Proofpoint-GUID: 9G4dn7638D3F05EVt_aEQd0q3GSTjuaQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add test to verify the corrupted TLS packet header Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 27 +++++++++++++++++-- app/test/test_cryptodev_security_tls_record.c | 4 +++ app/test/test_cryptodev_security_tls_record.h | 1 + 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 3591c91130..324ef3c276 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12000,8 +12000,13 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (ret == TEST_FAILED) - return TEST_FAILED; + if (flags->pkt_corruption) { + if (ret == TEST_SUCCESS) + return TEST_FAILED; + } else { + if (ret == TEST_FAILED) + return TEST_FAILED; + } if (flags->data_walkthrough && (++payload_len <= max_payload_len)) goto again; @@ -12089,6 +12094,20 @@ test_tls_1_2_record_proto_sgl_data_walkthrough(void) return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2); } +static int +test_tls_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17209,6 +17228,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "TLS packet header corruption", + ut_setup_security, ut_teardown, + test_tls_record_proto_corrupt_pkt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 92bcbff842..93ff7f36fa 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -185,6 +185,10 @@ test_tls_record_td_update(struct tls_record_test_data td_inb[], td_outb[i].input_text.len); td_inb[i].output_text.len = td_outb->input_text.len; + /* Corrupt the content type in the TLS header of encrypted packet */ + if (flags->pkt_corruption) + td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0]; + /* Clear outbound specific flags */ td_inb[i].tls_record_xform.options.iv_gen_disable = 0; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index a6c537b35a..a7c0ca87bf 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -88,6 +88,7 @@ struct tls_record_test_flags { uint8_t nb_segs_in_mbuf; bool data_walkthrough; enum rte_security_tls_version tls_version; + bool pkt_corruption; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; From patchwork Wed Mar 13 05:50:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138289 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0124143C9A; Wed, 13 Mar 2024 06:51:27 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1DD2242D95; Wed, 13 Mar 2024 06:50:55 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 1EBE442D76 for ; Wed, 13 Mar 2024 06:50:53 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D3bVvZ014957; Tue, 12 Mar 2024 22:50:53 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=9d9zwoNT2ig+qwHFIWK1JiFApmVgayJzjxddzIRjfvw=; b=Y5d DS5tNPFfe+wsV0hofhxdY5AqeA4r1B1vPpGtPEA2VyLdHnAzBj0a2k4E0V8z3t6p mwAldIqeJ+QHwscz+aBtapWJTq8MI4tMu9baSjX7duNppI8W0Bk0SHOJ850njRV4 WtbC28l4P11s4sPB2DFPxJC//WRfIMXqGgytPuRTODCE3XFfsTRt1TMq1ZKYJ+C6 pCvRLMMXS+Q/I1IH/KD89TSFRs40Xyw3NPZ2+ovfvV66+wjR4VfKzpWcURYnlJEl xkzAJ/eb/FoM+qEqFqCiyS+TkAKxxahL4oa/QXuWMYbWv6pdLkLnorUZmL11JSTY /RFRTf3qKrvA8Y8LzFA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htkrh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:50:52 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:50:51 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:50:51 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id E79E93F7080; Tue, 12 Mar 2024 22:50:48 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 06/21] test/security: unit test for custom content verification Date: Wed, 13 Mar 2024 11:20:15 +0530 Message-ID: <20240313055030.1685039-7-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: NtPxPeWhhoLjpGyzjzJM1kzWo9a_iC6a X-Proofpoint-GUID: NtPxPeWhhoLjpGyzjzJM1kzWo9a_iC6a X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit test to verify the TLS header creation with custom content type Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ app/test/test_cryptodev_security_tls_record.c | 3 +++ app/test/test_cryptodev_security_tls_record.h | 9 +++++++++ 3 files changed, 31 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 324ef3c276..5cb878b9ba 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #ifdef RTE_CRYPTO_SCHEDULER @@ -12108,6 +12109,20 @@ test_tls_record_proto_corrupt_pkt(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17232,6 +17247,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "TLS packet header corruption", ut_setup_security, ut_teardown, test_tls_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "Custom content type", + ut_setup_security, ut_teardown, + test_tls_record_proto_custom_content_type), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 93ff7f36fa..9a2af259c9 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -108,6 +108,9 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->input_text.len = data_len; } + if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) + td->app_type = RTE_TLS_TYPE_MAX; + tls_pkt_size = td->input_text.len; if (!td->aead) { diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index a7c0ca87bf..73719063a8 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -42,6 +42,14 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, #define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) +enum tls_record_test_content_type { + TLS_RECORD_TEST_CONTENT_TYPE_APP, + /* For verifying zero packet length */ + TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + /* For verifying handling of custom content types */ + TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, +}; + struct tls_record_test_data { struct { uint8_t data[32]; @@ -89,6 +97,7 @@ struct tls_record_test_flags { bool data_walkthrough; enum rte_security_tls_version tls_version; bool pkt_corruption; + enum tls_record_test_content_type content_type; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; From patchwork Wed Mar 13 05:50:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138290 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8C30243C9A; Wed, 13 Mar 2024 06:51:34 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A129642D7D; Wed, 13 Mar 2024 06:51:01 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 87B10427E0 for ; Wed, 13 Mar 2024 06:50:59 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D40619015029; Tue, 12 Mar 2024 22:50:58 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=C7tafcnTDdBl3qxkkiTjMfI0xGCffz3Xqh4OyKrDWQU=; b=eou O+ebpxB+SZ2ClGAvVEsUX1eJVgO4O0DJloA2yxA8k6taxTAs2R/U9C+0BWKAQbKb ztnJ4Kfz043/P8mIbOCe+0gklLh2MdEiGRstPKQF8gu4oRb2HRx3y3rf6HuyJN0f deKO58MN9FVMAUqGH3eJn0wlOayEXXkU3uWPSmnpqPw/iKPDsP2K8e46iARwgx/v 7+9+wfkZKm3Q9ReT0h4o40vFLgRSXgqTtPXFOQHIUkrKmCmFEYi6m3qP12JvrmMs +2crBVS7ptqGCcmHINpUyjDFVVwwBo+GjEP6QHU6OL1TZ54Avo3bkMwo5UfF+Nro pzdt9ohpeZ78uwzFYmQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htkrq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:50:58 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:50:54 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:50:54 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id D2A7E3F7080; Tue, 12 Mar 2024 22:50:51 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 07/21] test/cryptodev: allow zero packet length buffers Date: Wed, 13 Mar 2024 11:20:16 +0530 Message-ID: <20240313055030.1685039-8-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: ApsdfjsaMb088e38EW0vkiNS1lA4Xfmf X-Proofpoint-GUID: ApsdfjsaMb088e38EW0vkiNS1lA4Xfmf X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Anoob Joseph The function 'create_segmented_mbuf' is updated to support zero packet length mbufs. This allows testing of zero packet length payload with TLS record processing. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.h | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index e4e99d00c1..7d877ddfe5 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -192,15 +192,8 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, int nb_segs, uint8_t pattern) { struct rte_mbuf *m = NULL, *mbuf = NULL; + int size, t_len, data_len = 0; uint8_t *dst; - int data_len = 0; - int i, size; - int t_len; - - if (pkt_len < 1) { - printf("Packet size must be 1 or more (is %d)\n", pkt_len); - return NULL; - } if (nb_segs < 1) { printf("Number of segments must be 1 or more (is %d)\n", @@ -212,17 +205,17 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, size = pkt_len; /* Create chained mbuf_src and fill it generated data */ - for (i = 0; size > 0; i++) { + do { m = rte_pktmbuf_alloc(mbuf_pool); - if (i == 0) - mbuf = m; - if (m == NULL) { printf("Cannot create segment for source mbuf"); goto fail; } + if (mbuf == NULL) + mbuf = m; + /* Make sure if tailroom is zeroed */ memset(m->buf_addr, pattern, m->buf_len); @@ -239,7 +232,8 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, size -= data_len; - } + } while (size > 0); + return mbuf; fail: From patchwork Wed Mar 13 05:50:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138291 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5BA1743C9A; Wed, 13 Mar 2024 06:51:42 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1F39542D66; Wed, 13 Mar 2024 06:51:11 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 15E3B42D76 for ; Wed, 13 Mar 2024 06:50:59 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D4061A015029; Tue, 12 Mar 2024 22:50:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=Vb1sGf33dC+sG8ZZWkLOwIKKUSqYRHT437l4P5CvU90=; b=iRx NA3VoCTd3W/25bDJ0NPnVhpXR05oG7iKYxI/pRWvQaN2KywLsI90+2JS+TwQY3As 0e/3CPD0duDAybauXP7cG91hnkXF3lzdgHPe3dAexOW0KSPJbJvwMJ8MsQPgQA9i Gp5DUVM7CgG+ZaMlXsaFkLx50mYCQuTK5USv8wgo/vhQ1FMhqWYfK/BN0GpRqbu1 VtOY5CB52DIC9LKyX8MIU9Q3W59Y/TCsw/ofXdsNGPAi+D+zlCZ/Fy79WFa+X5Bt gSqUPdY8ZxkOy/1RRqOdOHHxxikDU1/IIlttVaPNYkRKw3YNtbwnrwTPf8kubzC3 1BEVtmVPkU4ca8zHKRA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htkrq-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:50:59 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:50:57 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:50:57 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 3B41C3F7080; Tue, 12 Mar 2024 22:50:54 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 08/21] test/security: unit test to verify zero TLS records Date: Wed, 13 Mar 2024 11:20:17 +0530 Message-ID: <20240313055030.1685039-9-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 2nfmNvPbzNO0hFOMxDJVMEy2yuQa3BJ- X-Proofpoint-GUID: 2nfmNvPbzNO0hFOMxDJVMEy2yuQa3BJ- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the zero len TLS records. Zero len packets are allowed when content type is app data while zero packet length with other content type (such as handshake) would result in an error. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 51 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 5 +- app/test/test_cryptodev_security_tls_record.h | 2 +- 3 files changed, 55 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 5cb878b9ba..fa63b9743f 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11984,6 +11984,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; if (flags->nb_segs_in_mbuf) payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf); + + if (flags->zero_len) + payload_len = 0; again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, td_outb, nb_pkts, payload_len); @@ -11992,8 +11995,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (ret == TEST_FAILED) + if (flags->zero_len && + ((flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) || + (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) || + (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE))) { + if (ret == TEST_SUCCESS) + return TEST_FAILED; + goto skip_decrypt; + } else if (ret == TEST_FAILED) { return TEST_FAILED; + } test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); @@ -12009,6 +12020,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) return TEST_FAILED; } +skip_decrypt: if (flags->data_walkthrough && (++payload_len <= max_payload_len)) goto again; @@ -12123,6 +12135,35 @@ test_tls_record_proto_custom_content_type(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17251,6 +17292,14 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Custom content type", ut_setup_security, ut_teardown, test_tls_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "Zero len TLS record with content type as app", + ut_setup_security, ut_teardown, + test_tls_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "Zero len TLS record with content type as ctrl", + ut_setup_security, ut_teardown, + test_tls_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 9a2af259c9..c5410a4c92 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -103,13 +103,15 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } - if (flags->data_walkthrough) { + if (flags->data_walkthrough || flags->zero_len) { test_sec_proto_pattern_set(td->input_text.data, data_len); td->input_text.len = data_len; } if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) td->app_type = RTE_TLS_TYPE_MAX; + else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) + td->app_type = RTE_TLS_TYPE_HANDSHAKE; tls_pkt_size = td->input_text.len; @@ -232,6 +234,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, memcpy(&res_d->input_text.data, output_text, len); res_d->input_text.len = len; + res_d->output_text.len = td->input_text.len; res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ; if (res_d->aead) { diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 73719063a8..300f3f08b5 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -98,6 +98,7 @@ struct tls_record_test_flags { enum rte_security_tls_version tls_version; bool pkt_corruption; enum tls_record_test_content_type content_type; + bool zero_len; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -140,5 +141,4 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[], int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent); - #endif From patchwork Wed Mar 13 05:50:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138292 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E780643C9A; Wed, 13 Mar 2024 06:51:49 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 68CF542DD1; Wed, 13 Mar 2024 06:51:12 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id DCB5742DC1 for ; Wed, 13 Mar 2024 06:51:02 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D3Xe45015026; Tue, 12 Mar 2024 22:51:02 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=s8GiQ4p4y27w+FGTUrBBbmZDYwNTM+C+VaynNW3yuRQ=; b=CPJ W7lCl8B5qQ0SDjxexXUvYYx/NSMDHj+/DomrrFyA+fWO6SDMTYG13jwYx3FAAY5O CfHjbXLnrtV1L6Zw6Tchu6PTXXQlwYnkRsF/Hr8/Q1qzYy6905oeMzgonngp/RMJ 3Ca8j7QVIu6fh2OfnJMs5QO31Fj1fupeTK7QgSiw9udgT3y9So8D+f+1V1/M2HZ0 o0+nADk82JUYJnRI6vz5QvNKJz2VUUHvOAsCDjPEk064SKqrykfMb679AXv2ydw+ kfFtL8mLQdZWLyAZh+tnZxim7KM76Xk+KxbYT+ZfDXnd8wIvNR/HipuMCy9Q58Kf C9b3MtqFUp23PZ6dbhQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htks0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:01 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:00 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:00 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 23FAA3F7080; Tue, 12 Mar 2024 22:50:57 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 09/21] test/security: add unit tests for DTLS-1.2 Date: Wed, 13 Mar 2024 11:20:18 +0530 Message-ID: <20240313055030.1685039-10-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: CT7rzw5ynd0QbkCk891bMm88GdzGnGOV X-Proofpoint-GUID: CT7rzw5ynd0QbkCk891bMm88GdzGnGOV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify 1. DTLS record with zero length 2. DTLS record with header corruption 3. DTLS record with content type as custom Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 77 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fa63b9743f..72e7fe3769 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12215,6 +12215,67 @@ test_dtls_1_2_record_proto_sgl_data_walkthrough(void) return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2); } +static int +test_dtls_1_2_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + #endif static int @@ -17409,6 +17470,22 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "Packet corruption", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "Custom content type", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "Zero len DTLS record with content type as app", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "Zero len DTLS record with content type as ctrl", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 05:50:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138293 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2333643C9A; Wed, 13 Mar 2024 06:51:57 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D4E8742DD9; Wed, 13 Mar 2024 06:51:13 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id D95B942D35 for ; Wed, 13 Mar 2024 06:51:05 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CImkfC026170; Tue, 12 Mar 2024 22:51:05 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=Yvm221D7jZEXhsFNzWGYOCT5ltQVmLu+lCpjHDKbPbw=; b=DtP dJO0CfLQPnn2LVn08BHcHVk47euDcVm554KzCnAtdBTxqogrU0WjMqgZx6tDBFsu WAWDPgY8Z2J7p5yzMVwf+koKIKvo/QieuoULjBmpRhCr0gjPeJ57vIthDO4w+GY5 GIXCHV/R9D2ITi4PWwEycZQ2iTHWNp/6Gj7SPHrcfDVKsWag7SK7JmPys03zO6z/ Ew1ClgdQkSvwNsTFMwqygxHd44CYKVA9Mo6J1e4i8M2RGtSbkd41j3sIEXO0/8rA +4/DatS8RY3Kk0LiXt5kuznOFKzAhxoGTaKizC8kWI+ITGEosw/DS5fnyrFyLF+n f40tF4wxCQ1G3+gvo8w== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd0jmw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:04 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:03 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:03 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 0EB0F3F7082; Tue, 12 Mar 2024 22:51:00 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 10/21] test/security: add TLS/DTLS 1.2 AES-256-SHA384 vectors Date: Wed, 13 Mar 2024 11:20:19 +0530 Message-ID: <20240313055030.1685039-11-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 0V-l3vK5drFQDtWXtyS078HGFstaEYO1 X-Proofpoint-GUID: 0V-l3vK5drFQDtWXtyS078HGFstaEYO1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added vectors for TLS 1.2 and DTLS 1.2 using algos AES-256-CBC and HMAC-SHA384 Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 19 ++ app/test/test_cryptodev_security_tls_record.h | 2 + ...yptodev_security_tls_record_test_vectors.h | 200 ++++++++++++++++++ 3 files changed, 221 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 72e7fe3769..95f2377d4d 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17273,6 +17273,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Write record known vector AES-256-CBC-SHA256", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Write record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17316,6 +17320,11 @@ static struct unit_test_suite tls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &tls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17397,6 +17406,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Write record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17439,6 +17453,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 300f3f08b5..68e243b842 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -110,6 +110,7 @@ extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac; extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac; extern struct tls_record_test_data tls_test_data_chacha20_poly1305; @@ -118,6 +119,7 @@ extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index f10f28bb96..27b07cd54a 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -1129,6 +1129,107 @@ struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac = { .app_type = 0x17, }; +struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac = { + .key = { + .data = { + 0x1d, 0xe5, 0x19, 0x18, 0x57, 0xa0, 0xee, 0x79, + 0x84, 0x61, 0x92, 0x9d, 0x3d, 0xce, 0x42, 0x92, + 0x4a, 0x98, 0x23, 0x3b, 0xf8, 0xec, 0x29, 0x47, + 0xb3, 0xae, 0x1f, 0x22, 0xd2, 0x8d, 0xbe, 0x2c, + }, + }, + .auth_key = { + .data = { + 0xf8, 0xbd, 0x28, 0xf9, 0x4a, 0xde, 0x1d, 0xde, + 0x8c, 0xf5, 0xe9, 0x49, 0x34, 0x2a, 0x1a, 0xd0, + 0x0d, 0xe3, 0x64, 0xb2, 0x54, 0xd6, 0xd6, 0x40, + 0x90, 0x5d, 0x16, 0xc1, 0xf2, 0x77, 0x14, 0x90, + 0xe6, 0xfa, 0xbc, 0x9d, 0xe2, 0x72, 0x12, 0xec, + 0xb6, 0x05, 0xec, 0xdd, 0x1d, 0x23, 0xb3, 0x8e, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x33, 0x38, 0x34, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x0a, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x80, + 0x63, 0xe2, 0x70, 0xce, 0x45, 0x93, 0x18, 0xa3, + 0xa6, 0xd6, 0xf5, 0x50, 0x9f, 0x07, 0x9d, 0xab, + 0x88, 0x41, 0xee, 0x5b, 0x32, 0x1e, 0x85, 0xaf, + 0x33, 0x7b, 0x59, 0x8a, 0xe9, 0x41, 0x11, 0x6a, + 0xbb, 0x7d, 0x16, 0x6c, 0xbb, 0x66, 0x5e, 0xf5, + 0xfb, 0x5f, 0x03, 0xf9, 0x75, 0x7d, 0xb9, 0xff, + 0x70, 0xc3, 0x4a, 0x19, 0xe5, 0x25, 0xa0, 0x5d, + 0xad, 0x45, 0xef, 0xce, 0xd8, 0x2a, 0xde, 0xf0, + 0x0c, 0xca, 0x1c, 0x6b, 0x5a, 0x31, 0x8f, 0x49, + 0xff, 0x7d, 0xf3, 0x71, 0x15, 0x06, 0x07, 0x9d, + 0x6a, 0x5f, 0x5c, 0xd8, 0x2a, 0xa5, 0x0e, 0x61, + 0xde, 0x18, 0x6b, 0x7d, 0xc8, 0x74, 0x58, 0x18, + 0xf1, 0xac, 0xde, 0xb9, 0x6d, 0x8a, 0x44, 0xad, + 0x10, 0xf8, 0x63, 0x15, 0xcf, 0x25, 0x2f, 0x82, + 0x2f, 0xda, 0x74, 0x45, 0x02, 0xda, 0x61, 0x3c, + 0x2f, 0xf9, 0xa5, 0x92, 0x2a, 0x7c, 0x5e, 0x5d, + }, + .len = 141, + }, + .iv = { + .data = { + 0x63, 0xe2, 0x70, 0xce, 0x45, 0x93, 0x18, 0xa3, + 0xa6, 0xd6, 0xf5, 0x50, 0x9f, 0x07, 0x9d, 0xab, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key.length = 48, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 48, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac = { .key = { .data = { @@ -1494,6 +1595,105 @@ struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac = { .app_type = 0x17, }; +struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac = { + .key = { + .data = { + 0x48, 0x70, 0xc7, 0x93, 0x77, 0xe3, 0x4c, 0x8c, + 0x27, 0x00, 0x64, 0x06, 0x3e, 0xc6, 0x47, 0x64, + 0xcc, 0xee, 0xa4, 0x9a, 0x1a, 0xe7, 0x3a, 0xc6, + 0xef, 0xe5, 0xe6, 0x2c, 0x15, 0xe3, 0xac, 0x16, + }, + }, + .auth_key = { + .data = { + 0x23, 0x95, 0x84, 0x30, 0xaf, 0x2b, 0x07, 0xfe, + 0x12, 0x83, 0x87, 0x28, 0x2b, 0x38, 0xb9, 0x02, + 0xc0, 0x27, 0x59, 0x3e, 0xa7, 0xbd, 0xce, 0xcb, + 0xe1, 0x8a, 0xe9, 0x43, 0x5d, 0xed, 0xb4, 0xf2, + 0x11, 0x4d, 0x19, 0xbb, 0x0f, 0x1b, 0x76, 0x86, + 0xfb, 0xb5, 0xda, 0xfd, 0x38, 0xfe, 0x7d, 0x02, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, + 0x20, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x33, 0x38, 0x34, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x0a, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x80, + 0xc4, 0x90, 0xd7, 0x74, 0x5e, 0x26, 0xc8, 0x43, + 0x12, 0x45, 0x48, 0xc1, 0x0f, 0xb1, 0x18, 0xd8, + 0x1e, 0x5b, 0x1e, 0x50, 0x3e, 0x19, 0x25, 0x41, + 0x35, 0xc7, 0x7c, 0x14, 0x99, 0x7b, 0x97, 0x80, + 0x60, 0x9d, 0xf8, 0xf1, 0xac, 0x43, 0x7b, 0x5c, + 0xb6, 0xe2, 0xc4, 0x8f, 0x3f, 0xd7, 0x1b, 0xd4, + 0x61, 0x90, 0x40, 0xe3, 0xd5, 0x60, 0xac, 0xee, + 0x62, 0x53, 0x1f, 0x1f, 0x75, 0xf6, 0x2c, 0xda, + 0x1a, 0xed, 0x4a, 0x6a, 0x11, 0xeb, 0x9b, 0x1c, + 0x39, 0x0d, 0x6e, 0x8a, 0xf8, 0x3d, 0x45, 0x08, + 0x3e, 0x24, 0x17, 0x3e, 0xcf, 0x74, 0xcf, 0x6a, + 0xcb, 0x37, 0xdf, 0x25, 0xc6, 0xa5, 0xe4, 0x1e, + 0x53, 0x28, 0x71, 0xcf, 0xac, 0x1e, 0xad, 0x77, + 0x8c, 0xfc, 0x80, 0x19, 0x9c, 0xcc, 0x00, 0x60, + 0xc6, 0x82, 0xa0, 0xb8, 0x5e, 0x42, 0xd1, 0xff, + 0x14, 0x0a, 0x92, 0x5c, 0xde, 0x8a, 0x15, 0x7a, + }, + .len = 133, + }, + .iv = { + .data = { + 0xc4, 0x90, 0xd7, 0x74, 0x5e, 0x26, 0xc8, 0x43, + 0x12, 0x45, 0x48, 0xc1, 0x0f, 0xb1, 0x18, 0xd8, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key.length = 48, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 48, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { .key = { .data = { From patchwork Wed Mar 13 05:50:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138294 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E9E0043C9A; Wed, 13 Mar 2024 06:52:07 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B241342DE0; Wed, 13 Mar 2024 06:51:21 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id D99D241109 for ; Wed, 13 Mar 2024 06:51:08 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D3LdFX014956; Tue, 12 Mar 2024 22:51:08 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=LQSu9yGo0FB9R1bZT7Lchw431euaPM6oFZSbc751Z+0=; b=dST fAgASD/K1Yz+9hAbNakxTf04sZhHD0kYZbMLYCbw7CcshYFkLMAjzNFYc+bnyRTm hf5SBS+6DuaumXxrLg13YLbxRWZDVQbJKEA5SVB+gd7rdwJq6uxoGOuRlEOlC62t 99QCcf0AjkuMN6JsuzLGxrjui3FoCs6oszR12rmNau5zIAs4B01lpU/Tokm1dgLY oqhFoaWLzdm/0vjUKwQvQKgr9FHZZZt/6edFITSgxZ26gyA7GV+lczkF1e7EXYAT 9H7apSRjCLTUeXXCSwXWKnxTtFyUWKeElj9dseghC2bTJtCqVonoNwHnZgP5UDx+ pcfo0Se9M1+1+BRpeVg== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htksa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:07 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:06 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:06 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id EC4523F7087; Tue, 12 Mar 2024 22:51:03 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 11/21] test/security: add DTLS 1.2 anti-replay tests Date: Wed, 13 Mar 2024 11:20:20 +0530 Message-ID: <20240313055030.1685039-12-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: mClBOi2Dr5lbYW_oWyFEmlzetO8g3opG X-Proofpoint-GUID: mClBOi2Dr5lbYW_oWyFEmlzetO8g3opG X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add anti-replay test for DTLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 115 ++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 132 ++++++++++-------- app/test/test_cryptodev_security_tls_record.h | 11 +- 3 files changed, 188 insertions(+), 70 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 95f2377d4d..904bad39d3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11827,6 +11827,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD, }; + if ((tls_record_xform.ver == RTE_SECURITY_VERSION_DTLS_1_2) && + (sess_type == RTE_SECURITY_TLS_SESS_TYPE_READ)) + sess_conf.tls_record.dtls_1_2.ar_win_sz = flags->ar_win_size; + if (td[0].aead) test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); @@ -11851,6 +11855,17 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], return TEST_SKIPPED; for (i = 0; i < nb_td; i++) { + if (flags->ar_win_size && + (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE)) { + sess_conf.tls_record.dtls_1_2.seq_no = + td[i].tls_record_xform.dtls_1_2.seq_no; + ret = rte_security_session_update(ctx, ut_params->sec_session, &sess_conf); + if (ret) { + printf("Could not update sequence number in session\n"); + return TEST_SKIPPED; + } + } + /* Setup source mbuf payload */ ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, nb_segs, 0); @@ -11890,17 +11905,19 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); - ret = test_tls_record_status_check(ut_params->op); + ret = test_tls_record_status_check(ut_params->op, &td[i]); if (ret != TEST_SUCCESS) goto crypto_op_free; if (res_d != NULL) res_d_tmp = &res_d[i]; - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, silent); - if (ret != TEST_SUCCESS) - goto crypto_op_free; - + if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { + ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, + silent); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + } rte_crypto_op_free(ut_params->op); ut_params->op = NULL; @@ -12190,6 +12207,90 @@ test_dtls_1_2_record_proto_display_list(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_pkt_replay(const uint64_t seq_no[], + bool replayed_pkt[], uint32_t nb_pkts, + struct tls_record_test_flags *flags) +{ + struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; + struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; + unsigned int i, idx, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, + td_outb, nb_pkts, 0); + + for (idx = 0; idx < nb_pkts; idx++) + td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx]; + + ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); + + for (idx = 0; idx < nb_pkts; idx++) { + td_inb[idx].tls_record_xform.dtls_1_2.ar_win_sz = flags->ar_win_size; + /* Set antireplay flag for packets to be dropped */ + td_inb[idx].ar_packet = replayed_pkt[idx]; + } + + ret = test_tls_record_proto_process(td_inb, NULL, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_dtls_1_2_record_proto_antireplay(void) +{ + struct tls_record_test_flags flags; + uint64_t winsz = 64, seq_no[5]; + uint32_t nb_pkts = 5; + bool replayed_pkt[5]; + + memset(&flags, 0, sizeof(flags)); + + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + flags.ar_win_size = winsz; + + /* 1. Advance the TOP of the window to WS * 2 */ + seq_no[0] = winsz * 2; + /* 2. Test sequence number within the new window(WS + 1) */ + seq_no[1] = winsz + 1; + /* 3. Test sequence number less than the window BOTTOM */ + seq_no[2] = winsz; + /* 4. Test sequence number in the middle of the window */ + seq_no[3] = winsz + (winsz / 2); + /* 5. Test replay of the packet in the middle of the window */ + seq_no[4] = winsz + (winsz / 2); + + replayed_pkt[0] = false; + replayed_pkt[1] = false; + replayed_pkt[2] = true; + replayed_pkt[3] = false; + replayed_pkt[4] = true; + + return test_dtls_pkt_replay(seq_no, replayed_pkt, nb_pkts, &flags); +} + static int test_dtls_1_2_record_proto_sgl(void) { @@ -17505,6 +17606,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Zero len DTLS record with content type as ctrl", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_zero_len_non_app), + TEST_CASE_NAMED_ST( + "Antireplay with window size 64", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index c5410a4c92..907e043ddd 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -12,10 +12,21 @@ #include "test_security_proto.h" int -test_tls_record_status_check(struct rte_crypto_op *op) +test_tls_record_status_check(struct rte_crypto_op *op, + const struct tls_record_test_data *td) { int ret = TEST_SUCCESS; + if ((td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_READ) && + td->ar_packet) { + if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { + printf("Anti replay test case failed\n"); + return TEST_FAILED; + } else { + return TEST_SUCCESS; + } + } + if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) ret = TEST_FAILED; @@ -101,81 +112,80 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->xform.chain.auth.auth.key.length = param2->key_length; td->xform.chain.auth.auth.digest_length = param2->digest_length; } - } - - if (flags->data_walkthrough || flags->zero_len) { - test_sec_proto_pattern_set(td->input_text.data, data_len); - td->input_text.len = data_len; - } - - if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) - td->app_type = RTE_TLS_TYPE_MAX; - else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) - td->app_type = RTE_TLS_TYPE_HANDSHAKE; - tls_pkt_size = td->input_text.len; + if (flags->data_walkthrough || flags->zero_len) { + test_sec_proto_pattern_set(td->input_text.data, data_len); + td->input_text.len = data_len; + } - if (!td->aead) { - mac_len = td->xform.chain.auth.auth.digest_length; - switch (td->xform.chain.cipher.cipher.algo) { - case RTE_CRYPTO_CIPHER_3DES_CBC: - roundup_len = 8; + if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) + td->app_type = RTE_TLS_TYPE_MAX; + else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) + td->app_type = RTE_TLS_TYPE_HANDSHAKE; + + tls_pkt_size = td->input_text.len; + + if (!td->aead) { + mac_len = td->xform.chain.auth.auth.digest_length; + switch (td->xform.chain.cipher.cipher.algo) { + case RTE_CRYPTO_CIPHER_3DES_CBC: + roundup_len = 8; + exp_nonce_len = 8; + break; + case RTE_CRYPTO_CIPHER_AES_CBC: + roundup_len = 16; + exp_nonce_len = 16; + break; + default: + roundup_len = 0; + exp_nonce_len = 0; + break; + } + } else { + mac_len = td->xform.aead.aead.digest_length; + roundup_len = 0; exp_nonce_len = 8; + } + + switch (td->tls_record_xform.ver) { + case RTE_SECURITY_VERSION_TLS_1_2: + case RTE_SECURITY_VERSION_TLS_1_3: + hdr_len = sizeof(struct rte_tls_hdr); + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; - case RTE_CRYPTO_CIPHER_AES_CBC: - roundup_len = 16; - exp_nonce_len = 16; + case RTE_SECURITY_VERSION_DTLS_1_2: + hdr_len = sizeof(struct rte_dtls_hdr); + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; default: - roundup_len = 0; - exp_nonce_len = 0; + hdr_len = 0; + min_padding = 0; break; } - } else { - mac_len = td->xform.aead.aead.digest_length; - roundup_len = 0; - exp_nonce_len = 8; - } - - switch (td->tls_record_xform.ver) { - case RTE_SECURITY_VERSION_TLS_1_2: - case RTE_SECURITY_VERSION_TLS_1_3: - hdr_len = sizeof(struct rte_tls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; - break; - case RTE_SECURITY_VERSION_DTLS_1_2: - hdr_len = sizeof(struct rte_dtls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; - break; - default: - hdr_len = 0; - min_padding = 0; - break; - } - tls_pkt_size += mac_len; + tls_pkt_size += mac_len; - /* Padding */ - tls_pkt_size += min_padding; + /* Padding */ + tls_pkt_size += min_padding; - if (roundup_len) - tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + if (roundup_len) + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); - /* Explicit nonce */ - tls_pkt_size += exp_nonce_len; + /* Explicit nonce */ + tls_pkt_size += exp_nonce_len; - /* Add TLS header */ - tls_pkt_size += hdr_len; + /* Add TLS header */ + tls_pkt_size += hdr_len; - td->output_text.len = tls_pkt_size; + td->output_text.len = tls_pkt_size; - RTE_SET_USED(flags); + } } void diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 68e243b842..efb16aed7d 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -89,16 +89,18 @@ struct tls_record_test_data { struct rte_security_tls_record_xform tls_record_xform; uint8_t app_type; bool aead; + bool ar_packet; }; struct tls_record_test_flags { bool display_alg; - uint8_t nb_segs_in_mbuf; bool data_walkthrough; - enum rte_security_tls_version tls_version; bool pkt_corruption; - enum tls_record_test_content_type content_type; bool zero_len; + uint8_t nb_segs_in_mbuf; + enum rte_security_tls_version tls_version; + enum tls_record_test_content_type content_type; + int ar_win_size; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -123,7 +125,8 @@ extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; -int test_tls_record_status_check(struct rte_crypto_op *op); +int test_tls_record_status_check(struct rte_crypto_op *op, + const struct tls_record_test_data *td); int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform, const struct rte_security_capability *sec_cap, bool silent); From patchwork Wed Mar 13 05:50:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138295 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E463A43C9A; Wed, 13 Mar 2024 06:52:18 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 34DF242D35; Wed, 13 Mar 2024 06:51:32 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 45C6F42DC4 for ; Wed, 13 Mar 2024 06:51:11 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CImQNv025939; Tue, 12 Mar 2024 22:51:10 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=hUtqU/yXA2GB0/nLUN23+hf9RM9VWcLiYWBADHi37hE=; b=OEk 9uLpbrdtoXlYyws4upZMVRQzk5ylU441kO+QiqSmDctP4bpwWvGa/aYC2DHFQxxq yEyHfWH+1oTfxjHZZuNphZ56mSD07CfedKoFfGFbEvS5IEyuqCBCUtf4ML7XGmLf HuiYy2UJa3Ln7pMIlYvaUn6gZkV+V0ekdfggPjZyqqCXOUg/TjsLy5TBxdU6kV7x 5dxzeHcWVKJz4wMqWp0BQZrjZIVES2xR6z56fQNnnSGxWlrgNWGEV0qRArAtTA11 nffCldTsmHjJDS9chOwzZZsHP/rNTz1emCeFcav0athQrHgsoG+LYYUWM0RlHyh9 sXOPcodf52hv9v8tnQg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd0jn9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:10 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:09 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:09 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id D4CFA3F7087; Tue, 12 Mar 2024 22:51:06 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 12/21] test/security: add more DTLS anti-replay window sz Date: Wed, 13 Mar 2024 11:20:21 +0530 Message-ID: <20240313055030.1685039-13-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: cm1Gj02C7FbpeJoX7yPheSC4JMYkcwep X-Proofpoint-GUID: cm1Gj02C7FbpeJoX7yPheSC4JMYkcwep X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add anti-replay tests for window sizes 128, 256, 512, 1024, 2048 and 4096 window sizes in DTLS 1.2 suite. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 72 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 904bad39d3..72d91d23a2 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12259,12 +12259,12 @@ test_dtls_pkt_replay(const uint64_t seq_no[], } static int -test_dtls_1_2_record_proto_antireplay(void) +test_dtls_1_2_record_proto_antireplay(uint64_t winsz) { struct tls_record_test_flags flags; - uint64_t winsz = 64, seq_no[5]; uint32_t nb_pkts = 5; bool replayed_pkt[5]; + uint64_t seq_no[5]; memset(&flags, 0, sizeof(flags)); @@ -12291,6 +12291,48 @@ test_dtls_1_2_record_proto_antireplay(void) return test_dtls_pkt_replay(seq_no, replayed_pkt, nb_pkts, &flags); } +static int +test_dtls_1_2_record_proto_antireplay64(void) +{ + return test_dtls_1_2_record_proto_antireplay(64); +} + +static int +test_dtls_1_2_record_proto_antireplay128(void) +{ + return test_dtls_1_2_record_proto_antireplay(128); +} + +static int +test_dtls_1_2_record_proto_antireplay256(void) +{ + return test_dtls_1_2_record_proto_antireplay(256); +} + +static int +test_dtls_1_2_record_proto_antireplay512(void) +{ + return test_dtls_1_2_record_proto_antireplay(512); +} + +static int +test_dtls_1_2_record_proto_antireplay1024(void) +{ + return test_dtls_1_2_record_proto_antireplay(1024); +} + +static int +test_dtls_1_2_record_proto_antireplay2048(void) +{ + return test_dtls_1_2_record_proto_antireplay(2048); +} + +static int +test_dtls_1_2_record_proto_antireplay4096(void) +{ + return test_dtls_1_2_record_proto_antireplay(4096); +} + static int test_dtls_1_2_record_proto_sgl(void) { @@ -17609,7 +17651,31 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Antireplay with window size 64", ut_setup_security, ut_teardown, - test_dtls_1_2_record_proto_antireplay), + test_dtls_1_2_record_proto_antireplay64), + TEST_CASE_NAMED_ST( + "Antireplay with window size 128", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay128), + TEST_CASE_NAMED_ST( + "Antireplay with window size 256", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay256), + TEST_CASE_NAMED_ST( + "Antireplay with window size 512", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay512), + TEST_CASE_NAMED_ST( + "Antireplay with window size 1024", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay1024), + TEST_CASE_NAMED_ST( + "Antireplay with window size 2048", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay2048), + TEST_CASE_NAMED_ST( + "Antireplay with window size 4096", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay4096), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 05:50:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138296 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0668043C9A; Wed, 13 Mar 2024 06:52:27 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C1FBB42DD8; Wed, 13 Mar 2024 06:51:42 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9D89442DCB for ; Wed, 13 Mar 2024 06:51:13 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CImIZr025881; Tue, 12 Mar 2024 22:51:13 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=JELIBNpBgLbLJhtjtZIM3O4o2Fg6QQT4MSVLZdo96LQ=; b=RjF cnrUD/NXBVAY9eZ2khO+vf/6gOXRuKPi0cEDW6aG7p633LwnKCnWXburbHl6ONmV J5qIx5aP23Qhn/FnDHyFc0J4G4qsvRqmmvWQq/kaW1Q/Dt4Bp5a5/PlXgaxcK9Mx nRIfmf6OEN9Mk2ocD2nK93tOJkiyBl7gIFQ+rqwiCjZTMHWDg2Gu9HWPGTdpnwGv VCJDhOCmvruX0kib4ZnjuPG/lnhLA7hRnzfJiVJnSzSgUvBviacZNqcGc4TV/Icf T6wzMWdSqnipCrKV6yc6uirW58vcMATZLU67sly6n+gkPDgnBlr1qRu2QTg5H3Bq TCz+hKJaq+bbwPc1CUQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd0jnj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:12 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:12 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:12 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id BB5343F7051; Tue, 12 Mar 2024 22:51:09 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 13/21] test/crypto: update verification of header Date: Wed, 13 Mar 2024 11:20:22 +0530 Message-ID: <20240313055030.1685039-14-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: QnLmmfgTy4MHy8awawohAXMkLDRgiZlq X-Proofpoint-GUID: QnLmmfgTy4MHy8awawohAXMkLDRgiZlq X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri In TLS 1.3, the version in the header would be TLS 1.2 and the content type would be APP irrespective of the type of the payload. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev_security_tls_record.c | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 907e043ddd..498c4923e0 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -275,9 +275,9 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp hdr_len = sizeof(struct rte_tls_hdr); } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text; - if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_3) { + if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) { printf("Incorrect header version [expected - %4x, received - %4x]\n", - RTE_TLS_VERSION_1_3, rte_be_to_cpu_16(hdr->version)); + RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version)); return TEST_FAILED; } content_type = hdr->type; @@ -297,10 +297,18 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp return TEST_FAILED; } - if (content_type != td->app_type) { - printf("Incorrect content type in packet [expected - %d, received - %d]\n", - td->app_type, content_type); - return TEST_FAILED; + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { + if (content_type != RTE_TLS_TYPE_APPDATA) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } + } else { + if (content_type != td->app_type) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } } if (length != td->output_text.len - hdr_len) { From patchwork Wed Mar 13 05:50:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138297 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E614243C9A; Wed, 13 Mar 2024 06:52:34 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3EE3342DEF; Wed, 13 Mar 2024 06:51:54 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 4449642DC1 for ; Wed, 13 Mar 2024 06:51:18 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CImkfG026170; Tue, 12 Mar 2024 22:51:17 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=WKG5i/Pf7ejZ88s/DOhUDIisYm4sfQeV4gxVWx726wc=; b=E06 IothPScdpsoZ2Zxw6OgHEiWN6kJ7M2KOVhJ4gekn9hvf2xSwqqdH3JSfjtxNbHce INH079U7BVdv5FpVzPBt0k5ZE6FV7m9RqrM1TacsI/TUvSwyLH5GBsrl5YozW1gS l7XGTh1+oQHEhk/8ELcfEgNjmFPSQp0f0OQWd5Kg3bYt0o/2npkDQHWN1X+KAyIK UJjlpnTt3dGHjnWuKXq7OEOaxDenSY9S8xYmFibJB6mXKcLnAtrpDj97FKD/dtML x3aBhuSjapgFbrX7u7DhXmsWEePG477lyuVzai3KAstoDbMrY++17u6rvOUJ4AEs U2J0aI1eMK3u4O+13iQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd0jns-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:17 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:15 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:15 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id A4B533F7051; Tue, 12 Mar 2024 22:51:12 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 14/21] test/crypto: add TLS 1.3 vectors Date: Wed, 13 Mar 2024 11:20:23 +0530 Message-ID: <20240313055030.1685039-15-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: vzdanK3vBo0OWxjZduUa_RgoPrHFfZm8 X-Proofpoint-GUID: vzdanK3vBo0OWxjZduUa_RgoPrHFfZm8 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added vectors and test suite for TLS 1.3 AES-128-GCM, AES-256-GCM and CHACHA20-POLY1305 vectors. The vectors are generated using gnuTLS client server application. Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 35 +++ app/test/test_cryptodev_security_tls_record.h | 3 + ...yptodev_security_tls_record_test_vectors.h | 205 ++++++++++++++++++ 3 files changed, 243 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 72d91d23a2..aa9fffe50e 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17680,6 +17680,40 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { } }; +static struct unit_test_suite tls13_record_proto_testsuite = { + .suite_name = "TLS 1.3 Record Protocol Unit Test Suite", + .setup = tls_record_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_chacha20_poly1305), + + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_chacha20_poly1305), + + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + #define ADD_UPLINK_TESTCASE(data) \ TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security, \ ut_teardown, test_docsis_proto_uplink, (const void *) &data), \ @@ -18699,6 +18733,7 @@ run_cryptodev_testsuite(const char *pmd_name) &docsis_proto_testsuite, &tls12_record_proto_testsuite, &dtls12_record_proto_testsuite, + &tls13_record_proto_testsuite, #endif &end_testsuite }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index efb16aed7d..9fbc64605d 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -124,6 +124,9 @@ extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; +extern struct tls_record_test_data tls13_test_data_aes_128_gcm; +extern struct tls_record_test_data tls13_test_data_aes_256_gcm; +extern struct tls_record_test_data tls13_test_data_chacha20_poly1305; int test_tls_record_status_check(struct rte_crypto_op *op, const struct tls_record_test_data *td); diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index 27b07cd54a..8af17b07e5 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -1781,4 +1781,209 @@ struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { .app_type = 0x17, }; +/* TLS 1.3 AES-128-GCM */ +struct tls_record_test_data tls13_test_data_aes_128_gcm = { + .key = { + .data = { + 0x03, 0x12, 0xf5, 0x86, 0xe4, 0xd0, 0x27, 0xc7, + 0x47, 0x82, 0x44, 0xca, 0xd3, 0xce, 0x06, 0x6c, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 43, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0x52, 0xb5, 0x24, 0xce, 0x5c, 0x29, 0x0f, 0x0a, + 0x3a, 0xc0, 0x60, 0xaf, 0xba, 0xe3, 0x0d, 0x28, + 0x6c, 0xbb, 0x3e, 0x5f, 0xde, 0x4a, 0xcd, 0xf1, + 0x30, 0x12, 0xa9, 0x42, 0x95, 0x55, 0xf5, 0x2c, + 0xb7, 0xb6, 0x60, 0x82, 0xa2, 0x1d, 0x34, 0x33, + 0x0a, 0xd7, 0x48, 0x40, 0xef, 0xab, 0x70, 0xa7, + 0xb2, 0x58, 0x41, 0xdb, 0xf6, 0x37, 0xe4, 0x6d, + 0xa3, 0x1e, 0xbf, 0x6f, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0x8d, 0x1f, 0xa0, 0x14, 0xc7, 0x66, 0x9f, 0x93, + 0x74, 0x3f, 0x46, 0x52, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + +/* TLS 1.3 AES-256-GCM */ +struct tls_record_test_data tls13_test_data_aes_256_gcm = { + .key = { + .data = { + 0xc9, 0xc2, 0xa2, 0x4c, 0x4e, 0x36, 0x19, 0x6e, + 0xd8, 0xf5, 0xb9, 0x14, 0x30, 0xfc, 0xe0, 0xef, + 0x29, 0xb0, 0x00, 0xd1, 0x2d, 0xfc, 0x5a, 0x76, + 0x50, 0xf4, 0xf3, 0xb1, 0x82, 0x21, 0x57, 0x82, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 43, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0xc9, 0xb0, 0x44, 0x23, 0xd5, 0xe2, 0xbd, 0x1d, + 0xf1, 0x96, 0x53, 0x2c, 0x8c, 0xe2, 0xa3, 0x00, + 0x7b, 0x2a, 0xb1, 0xa1, 0xd6, 0x79, 0x58, 0xb5, + 0x35, 0x1f, 0xbb, 0x98, 0x03, 0xe1, 0x82, 0xa2, + 0x1e, 0x26, 0x81, 0xbe, 0x77, 0x65, 0xaf, 0x7d, + 0x9f, 0x52, 0xec, 0x3a, 0x18, 0x2d, 0x36, 0xab, + 0xdc, 0xa9, 0xfb, 0xd3, 0xa8, 0xd5, 0xbc, 0x98, + 0xa4, 0xab, 0x70, 0xe9, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0xd4, 0x78, 0xf2, 0x90, 0x61, 0x5d, 0x8c, 0x63, + 0x4b, 0xf4, 0x72, 0xf3, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + +struct tls_record_test_data tls13_test_data_chacha20_poly1305 = { + .key = { + .data = { + 0xec, 0x7d, 0x7a, 0x3f, 0x91, 0xdd, 0xb9, 0x70, + 0x95, 0x3b, 0x99, 0xb0, 0xe7, 0x66, 0xda, 0xdc, + 0x85, 0xbb, 0xfc, 0xc8, 0x50, 0xe9, 0x61, 0x88, + 0xc8, 0x1e, 0xf0, 0x61, 0xb0, 0xcd, 0x6c, 0x3d, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, + 0x2d, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, + 0x35, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 49, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x42, + 0x9a, 0xc1, 0xd9, 0x0e, 0xf9, 0x4c, 0x51, 0x8c, + 0xb4, 0xa7, 0x54, 0x57, 0x56, 0xba, 0xbb, 0xf7, + 0xd7, 0x1d, 0x49, 0x5a, 0x42, 0xd2, 0xab, 0x75, + 0x3f, 0xb1, 0x5f, 0xb5, 0x2b, 0x2b, 0xa3, 0xc5, + 0x61, 0x32, 0x7e, 0x62, 0x1e, 0xf5, 0x56, 0xff, + 0x84, 0x8e, 0x9a, 0x99, 0x06, 0xba, 0x3b, 0xc0, + 0x15, 0x4c, 0xf5, 0xb1, 0x5e, 0xcc, 0xff, 0x42, + 0x79, 0x4b, 0xa9, 0x23, 0x16, 0x08, 0xc3, 0x9a, + 0x52, 0x2a, + }, + .len = 71, + }, + .imp_nonce = { + .data = { + 0x3c, 0x28, 0xa0, 0xb8, 0xf8, 0x74, 0x35, 0xfe, + 0xd2, 0xa0, 0x31, 0x28, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + #endif From patchwork Wed Mar 13 05:50:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138298 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5ADF043C9A; Wed, 13 Mar 2024 06:52:43 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6B1E442DF7; Wed, 13 Mar 2024 06:51:55 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id ECC4640633 for ; Wed, 13 Mar 2024 06:51:19 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CImJV8025932; Tue, 12 Mar 2024 22:51:19 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=ddegzEs66gOmvLOKeFIHelz97LFF8NnupcFMSi2iZkc=; b=Tmg SX51cD3WDbsBEv+4A393ke0kZC6UNgx4EqFvKfs8C20I+YVurFGS1DKD8Upc8zuh du2AjZeY9Uxzo+DG7G8hkYfnuggE3vEfixb/tEWZCyfoFak0dlWgNIrKt1pG97rP sbXzWhMmjj1WSOrs4KSYnVinQEpYRajyBfv7qC8ASNbBdls8Zc29C2D2Cx9dHArH UICyWuPPxqTzO18zcKnOR8m5eDqgQXdJec3NJCxINKF3eyMF68w+QSN5hkRU8RbJ /LCHX4KY/Fp8g4Pup5o6tKXJan7ZtxiqsjtRcQxLxz6VDcO+lfdJO3djMoDpu0rS tljnQ1V0/S8jnbPiCzA== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd0jnv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:19 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:17 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:17 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 8E7EC3F708E; Tue, 12 Mar 2024 22:51:15 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 15/21] test/crypto: update framework to verify tls-1.3 Date: Wed, 13 Mar 2024 11:20:24 +0530 Message-ID: <20240313055030.1685039-16-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: HcDfXRjt6mlv0VIDAiN9ZifmF3zPTM_F X-Proofpoint-GUID: HcDfXRjt6mlv0VIDAiN9ZifmF3zPTM_F X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Update the fields in preparation of test descriptor. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 17 +++++--- app/test/test_cryptodev_security_tls_record.c | 43 ++++++++++++------- app/test/test_cryptodev_security_tls_record.h | 10 ++--- 3 files changed, 43 insertions(+), 27 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index aa9fffe50e..25777c1b1f 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11889,8 +11889,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->op->param1.tls_record.content_type = td[i].app_type; /* Copy IV in crypto operation when IV generation is disabled */ - if (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE && - tls_record_xform.options.iv_gen_disable == 1) { + if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) && + (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) && + (tls_record_xform.options.iv_gen_disable == 1)) { uint8_t *iv; int len; @@ -12005,8 +12006,10 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (flags->zero_len) payload_len = 0; again: - test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts, payload_len); + ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, + flags, td_outb, nb_pkts, payload_len); + if (ret == TEST_SKIPPED) + continue; ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) @@ -12218,8 +12221,10 @@ test_dtls_pkt_replay(const uint64_t seq_no[], int ret; for (i = 0; i < RTE_DIM(sec_alg_list); i++) { - test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts, 0); + ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, + flags, td_outb, nb_pkts, 0); + if (ret == TEST_SKIPPED) + continue; for (idx = 0; idx < nb_pkts; idx++) td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx]; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 498c4923e0..96d0a94731 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -70,7 +70,7 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, } } -void +int test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, struct tls_record_test_data *td_array, @@ -79,6 +79,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; + if ((flags->tls_version == RTE_SECURITY_VERSION_TLS_1_3) && + (param1->type != RTE_CRYPTO_SYM_XFORM_AEAD)) + return TEST_SKIPPED; + memset(td_array, 0, nb_td * sizeof(*td)); for (i = 0; i < nb_td; i++) { @@ -88,10 +92,17 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) - memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); - else + switch (flags->tls_version) { + case RTE_SECURITY_VERSION_TLS_1_2: memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); + break; + case RTE_SECURITY_VERSION_TLS_1_3: + memcpy(td, &tls13_test_data_aes_128_gcm, sizeof(*td)); + break; + } td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; @@ -127,6 +138,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (!td->aead) { mac_len = td->xform.chain.auth.auth.digest_length; + min_padding = 1; switch (td->xform.chain.cipher.cipher.algo) { case RTE_CRYPTO_CIPHER_3DES_CBC: roundup_len = 8; @@ -143,30 +155,28 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } else { mac_len = td->xform.aead.aead.digest_length; + min_padding = 0; roundup_len = 0; - exp_nonce_len = 8; + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) + exp_nonce_len = 0; + else + exp_nonce_len = 8; } switch (td->tls_record_xform.ver) { case RTE_SECURITY_VERSION_TLS_1_2: + hdr_len = sizeof(struct rte_tls_hdr); + break; case RTE_SECURITY_VERSION_TLS_1_3: hdr_len = sizeof(struct rte_tls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; + /* Add 1 byte for content type in packet */ + tls_pkt_size += 1; break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; break; default: - hdr_len = 0; - min_padding = 0; - break; + return TEST_SKIPPED; } tls_pkt_size += mac_len; @@ -186,6 +196,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->output_text.len = tls_pkt_size; } + return TEST_SUCCESS; } void diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 9fbc64605d..0138770fac 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -137,11 +137,11 @@ int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_re void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, struct tls_record_test_data *td_in); -void test_tls_record_td_prepare(const struct crypto_param *param1, - const struct crypto_param *param2, - const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td, - unsigned int data_len); +int test_tls_record_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct tls_record_test_flags *flags, + struct tls_record_test_data *td_array, int nb_td, + unsigned int data_len); void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_data td_outb[], int nb_td, From patchwork Wed Mar 13 05:50:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138299 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CC33343C9A; Wed, 13 Mar 2024 06:52:50 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id ACF0042DFE; Wed, 13 Mar 2024 06:51:56 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 037FD42D76 for ; Wed, 13 Mar 2024 06:51:22 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CImkfH026170; Tue, 12 Mar 2024 22:51:22 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=bHrEq19FgAEkbHiaqJqghnqAMcdVoXeDUu5m2n0h1Gk=; b=TY+ zCQArptHusEsULPGn2I4Rvgu87HaMWWxZRv8Z5rSawSXL3RfSiwvHOpxpyktwt3C 91KX/ZAMz+Zx+YOuBtr0fyfImEPCjFhjarLOrUnI8QzQLfB8bIuyvUjPHeAXCD/W H1pP+6FJFYi0wkSZcCefzI2ZFEfnxPn/BqlHi2idN+O4JdrNusa5iY/ouCeGtbwY pR5wbQ+B43nQlRFecZFbfWQGPgoD5Itj8A2YaVlH1VLczmI4Zz1DpLqhQF9jHvwy cHu+8WoN3LyqGDlPGevs2bE/cDDZK100LITZrRYL9s32PiqcJW08J133yC7W+bkW zqqhTQyAeNYT8lwvtYg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd0jp5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:22 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:21 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 12 Mar 2024 22:51:20 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:20 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 75D5A3F7080; Tue, 12 Mar 2024 22:51:18 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 16/21] test/crypto: test to verify hdr corruption in TLS Date: Wed, 13 Mar 2024 11:20:25 +0530 Message-ID: <20240313055030.1685039-17-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: TCYgkW8ofwuSx4B9JonEL851yKzHjqze X-Proofpoint-GUID: TCYgkW8ofwuSx4B9JonEL851yKzHjqze X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with header corruption. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 25777c1b1f..9f0a737913 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12424,6 +12424,20 @@ test_dtls_1_2_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_1_3_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17714,7 +17728,10 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "Read record known vector CHACHA20-POLY1305", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls13_test_data_chacha20_poly1305), - + TEST_CASE_NAMED_ST( + "TLS-1.3 record header corruption", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_corrupt_pkt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 05:50:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138300 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6591843C9A; Wed, 13 Mar 2024 06:52:58 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0324342E0C; Wed, 13 Mar 2024 06:51:58 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id EB8B740633 for ; Wed, 13 Mar 2024 06:51:25 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D3TpbZ015037; Tue, 12 Mar 2024 22:51:25 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=5y2J6CebcndISM9cZDkKw+oChKoH/YJrcVIE8ssUy0I=; b=Af6 vqdWkBqn3chf5jxCaAlabhuqICHrFLC07UfPnjNXNUlTGqj8ykEl5bsKwKsf+FCw eHiKCtbyBLvpP7MApB7nkl8+47r42f3RBc5mL5raJ9WuraIKWysONQmZO6zBWIDs CGesCwtn3XVLpMdN4iSDPIonBl9eea8eVY4dT1l5DR/rlngR0ca0tNrk8Ve621UX kAG0Pug4Q8YlAJgQ69EeAZQCTpLq8ORn2fEe//i72LdWxTHojWw2QTeFZa+i5Jbi ykpB1n8lfSeAVqdsja39YJbVtwIEWXiK+iuK0malXdFHkZYmsDqkojCt0Ei3cm// 8wdK+HXA4IwIjcPp7Dg== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htksq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:25 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:23 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:23 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 5D60F3F7080; Tue, 12 Mar 2024 22:51:21 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 17/21] test/crypto: test to verify custom content type in TLS Date: Wed, 13 Mar 2024 11:20:26 +0530 Message-ID: <20240313055030.1685039-18-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: AlIIbAhjbCE4Swq844OtfVitvoNvATHd X-Proofpoint-GUID: AlIIbAhjbCE4Swq844OtfVitvoNvATHd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with content type as custom. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9f0a737913..fe4fcfbfdb 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12438,6 +12438,21 @@ test_tls_1_3_record_proto_corrupt_pkt(void) return test_tls_record_proto_all(&flags); } + +static int +test_tls_1_3_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17732,6 +17747,10 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "TLS-1.3 record header corruption", ut_setup_security, ut_teardown, test_tls_1_3_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "TLS-1.3 record header with custom content type", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_custom_content_type), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 05:50:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138301 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F268C43C9A; Wed, 13 Mar 2024 06:53:07 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F12C142D0B; Wed, 13 Mar 2024 06:52:08 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 28D4B42DED for ; Wed, 13 Mar 2024 06:51:28 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CIlmYW025188; Tue, 12 Mar 2024 22:51:27 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=m7mqdFjoWrCEKetDqdlKORbJ3M/8k/8L0RROfpRwkYU=; b=ANJ sg+9qVJqifkv0L4jfOWu1WNDXRsbiy++RzIuJa53oQJEVL7TfQO7SrBAhxhIR6+w xtCFiM38FGJ+8rSFTNWUC/7kDCGs6lGJFoTUAKdH5XNIUOAE85f6NiKhf5DgWaUh q4VFWcL/6fMWA4OOUlzbrGOrOrOYZKrfydgEqJfiRODjQkXKq4P0ttfzFNjLYV/0 3Dv9F/azSD37DQ3hoAvOknFW7avwJ0yKza0CDeKDGvn+42DNJwg4qoJJ4xXGCBiL eWkV2LQftd8kffjlhi6pO5w3ZFV+dRVy3vTT0rncTxH4UOg7AR477HeLHOcwyNla YGDgIVUgpyFfJ5SV9Uw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd0jpf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:27 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:26 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:26 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 45A3B3F7051; Tue, 12 Mar 2024 22:51:24 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 18/21] test/crypto: test to verify zero len record in TLS Date: Wed, 13 Mar 2024 11:20:27 +0530 Message-ID: <20240313055030.1685039-19-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: Ra36MjInGW7AJWMwdDy7vo-Mi4fQeYXn X-Proofpoint-GUID: Ra36MjInGW7AJWMwdDy7vo-Mi4fQeYXn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with zero length. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fe4fcfbfdb..8ad5033f32 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12453,6 +12453,37 @@ test_tls_1_3_record_proto_custom_content_type(void) return test_tls_record_proto_all(&flags); } + +static int +test_tls_1_3_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_3_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17751,6 +17782,14 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "TLS-1.3 record header with custom content type", ut_setup_security, ut_teardown, test_tls_1_3_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "TLS-1.3 record with zero len and content type as app", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "TLS-1.3 record with zero len and content type as ctrl", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 05:50:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138302 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A0A3F43C9A; Wed, 13 Mar 2024 06:53:15 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 78C8442DED; Wed, 13 Mar 2024 06:52:10 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E118E4069D for ; Wed, 13 Mar 2024 06:51:31 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D3bVvc014957; Tue, 12 Mar 2024 22:51:31 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=wBcTxwKqY4SO3C68l/dy+E/dGXVHmXpXqizt1ewiCk8=; b=Lq3 bB4v2Fqp+f9bWXC0CSF6T4InDaP8q0Hw7WdbW9xSOZB/6wt//8PRPfZONMFwasus w+gUxd5er2SOJ3yA/xN3HKX39CgAyaw2dKJkS/JVBRUkLbCGWVsvmQhu4okoqdXW Ue0cCHa0fH/DGJbVIv2b0Dj/Mg8mNDjE4Y7FlGXDVz55qcy//5iCwjyGxcMKhBrW lp/9cuq7GNzyj5dhmpU66QllO1uqewG6A3mBehLqiSi+zYHejDUsZAiju7D/M2Zs ZHY7A4VfPm3UPvUg89KtIAOBjNsvh12dVUFe8NXUXHqeRrLoBiE4V4RXm/J5w3NA AJvpArbvoZKXJjktTKg== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htksx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:30 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:29 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:29 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 316123F7051; Tue, 12 Mar 2024 22:51:26 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 19/21] test/crypto: unit tests to verify padding in TLS Date: Wed, 13 Mar 2024 11:20:28 +0530 Message-ID: <20240313055030.1685039-20-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: f20eyGTopQXbhUXThHFfU25aYCshVRnr X-Proofpoint-GUID: f20eyGTopQXbhUXThHFfU25aYCshVRnr X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the padding for TLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 85 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 28 ++++-- app/test/test_cryptodev_security_tls_record.h | 5 +- 3 files changed, 109 insertions(+), 9 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 8ad5033f32..a324c1607b 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11834,6 +11834,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (td[0].aead) test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); + if (flags->opt_padding) + tls_record_xform.options.extra_padding_enable = 1; + sess_conf.tls_record = tls_record_xform; if (td[0].aead) { @@ -11888,6 +11891,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->op->sym->m_dst = NULL; ut_params->op->param1.tls_record.content_type = td[i].app_type; + if (flags->opt_padding) + ut_params->op->aux_flags = flags->opt_padding; + /* Copy IV in crypto operation when IV generation is disabled */ if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) && (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) && @@ -11915,7 +11921,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, - silent); + silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; } @@ -12184,6 +12190,59 @@ test_tls_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_opt_padding(uint8_t padding, uint8_t num_segs, + enum rte_security_tls_version tls_version) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = num_segs, + .tls_version = tls_version, + .opt_padding = padding + }; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_record_proto_dm_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_dm_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 2, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_2(void) +{ + return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_max(void) +{ + return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17578,6 +17637,30 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Zero len TLS record with content type as ctrl", ut_setup_security, ut_teardown, test_tls_record_proto_zero_len_non_app), + TEST_CASE_NAMED_ST( + "TLS record DM mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_dm_opt_padding), + TEST_CASE_NAMED_ST( + "TLS record DM mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_dm_opt_padding_1), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_1), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_2), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > max range", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_max), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 96d0a94731..03d9efefc3 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -269,7 +269,8 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, } static int -tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) +tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text, + const struct tls_record_test_flags *flags) { uint16_t length, hdr_len; uint8_t content_type; @@ -322,10 +323,22 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp } } - if (length != td->output_text.len - hdr_len) { - printf("Incorrect packet length [expected - %d, received - %d]\n", - td->output_text.len - hdr_len, length); - return TEST_FAILED; + if (!flags->opt_padding) { + if (length != td->output_text.len - hdr_len) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + td->output_text.len - hdr_len, length); + return TEST_FAILED; + } + } else { + int pad_len = (flags->opt_padding * 8) > 256 ? 256 : (flags->opt_padding * 8); + int expect_len = td->output_text.len - hdr_len + pad_len; + + if (length - expect_len > 32) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + expect_len, length); + return TEST_FAILED; + } + } return TEST_SUCCESS; @@ -333,7 +346,8 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, - struct tls_record_test_data *res_d, bool silent) + struct tls_record_test_data *res_d, bool silent, + const struct tls_record_test_flags *flags) { uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN]; uint32_t len = rte_pktmbuf_pkt_len(m), data_len; @@ -365,7 +379,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t } if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) { - ret = tls_record_hdr_verify(td, output_text); + ret = tls_record_hdr_verify(td, output_text, flags); if (ret != TEST_SUCCESS) return ret; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 0138770fac..a7c38218ae 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -97,7 +97,9 @@ struct tls_record_test_flags { bool data_walkthrough; bool pkt_corruption; bool zero_len; + bool padding_corruption; uint8_t nb_segs_in_mbuf; + uint8_t opt_padding; enum rte_security_tls_version tls_version; enum tls_record_test_content_type content_type; int ar_win_size; @@ -148,5 +150,6 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_flags *flags); int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, - struct tls_record_test_data *res_d, bool silent); + struct tls_record_test_data *res_d, bool silent, + const struct tls_record_test_flags *flags); #endif From patchwork Wed Mar 13 05:50:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138303 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F1AC743C9A; Wed, 13 Mar 2024 06:53:23 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DE71542E19; Wed, 13 Mar 2024 06:52:11 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 0BADF41153 for ; Wed, 13 Mar 2024 06:51:33 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42CImIZs025881; Tue, 12 Mar 2024 22:51:33 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=KBHB9syhLc7P17UnIjw132Tc/bmdbMR7lOQswGhxKwc=; b=YZf xlcd4ffOmiTQiJ0LXC4FxUD0Ide1XQ1wlGDlLBQ4zA2AEFI9vBSjvUWXHYr4EGEp CBcnY0b6DauA8yA2YNkA5uu3hAWwgHG8jBxgH3iyWoRv5iJTLW6Lukd12V8Ou0UK 3kDzLkNwcrSs7mYQiUuTBCtSl37jB9nk+NAgyO3D6z9JOWxP3bsrtmVX1iz88Upv qVK9CvZh0ntYDL3tItJcO1E9a3wXqHKEPfGjsNGOm5fuZwCvCJiwKM7vIiyhgJjO fY2W+rbC95GdZ46bhxjhw6SDXOF23wpx48Dpnv2but9jbl4iSNYO6ve7gxByEi8l N9AP66/bHid7rElP7yQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd0jps-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:33 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:32 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:32 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 17FB63F7051; Tue, 12 Mar 2024 22:51:29 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 20/21] test/crypto: unit tests for padding in DTLS-1.2 Date: Wed, 13 Mar 2024 11:20:29 +0530 Message-ID: <20240313055030.1685039-21-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: KycnSa6QUXdilvSIIhvm3lO6-bXSh1YH X-Proofpoint-GUID: KycnSa6QUXdilvSIIhvm3lO6-bXSh1YH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the padding for DTLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 60 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index a324c1607b..572740cbf9 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12483,6 +12483,42 @@ test_dtls_1_2_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_dm_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_dm_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 5, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_2(void) +{ + return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_max(void) +{ + return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_DTLS_1_2); +} + static int test_tls_1_3_record_proto_corrupt_pkt(void) { @@ -17824,6 +17860,30 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Antireplay with window size 4096", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_antireplay4096), + TEST_CASE_NAMED_ST( + "DTLS record DM mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_dm_opt_padding), + TEST_CASE_NAMED_ST( + "DTLS record DM mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_dm_opt_padding_1), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_1), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_2), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > max range", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_max), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 05:50:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138304 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AEF9E43C9A; Wed, 13 Mar 2024 06:53:32 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3E58442E21; Wed, 13 Mar 2024 06:52:13 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A5C2441153 for ; Wed, 13 Mar 2024 06:51:37 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D3BMD6015050; Tue, 12 Mar 2024 22:51:36 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=TOc42EUIQ9n5VrOFoCGhiDgWucgw/qO9Ksh8MFGlYfw=; b=Ij1 +N66IRTNLI+K66WkxtdSc82ABAhpSzzE69aKJS/Gp1U0mKdHYFKymZ9p9iELchUp F+qpKocN/SMAkc4pWbDXuE/gVIMxNyu20XNf/Yfb8fvUeWX2zeDKMitDze3H4koQ sLUVLtQ2GVOUIxaaqwcgiPGqJsylnTvBtbZFWfaZaJKvcgf6jV42+X3uxmUizQp7 XqXfhvpBg80ncibFLAMHjUVBWoaDqsHKARAquzLVbNUZcLeBhw0nVJL9TmU7g6Oq fDjdm6t+XtwAHlX0zlJIjXJ5bvE31LJFYjD2VK8b4KRHo1N5L5kC+kV1+RYjx1lp OKZG1mted2wBcg0OYBA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htkt3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Mar 2024 22:51:36 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Tue, 12 Mar 2024 22:51:35 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Tue, 12 Mar 2024 22:51:35 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 016423F7051; Tue, 12 Mar 2024 22:51:32 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v4 21/21] test/security: add out of place sgl test case for TLS 1.2 Date: Wed, 13 Mar 2024 11:20:30 +0530 Message-ID: <20240313055030.1685039-22-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com> References: <20240312175143.1664699-1-asasidharan@marvell.com> <20240313055030.1685039-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: WwlrAsWgiLwWcC_v0sKWdnyA9Z__-41F X-Proofpoint-GUID: WwlrAsWgiLwWcC_v0sKWdnyA9Z__-41F X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add TLS 1.2 out-of-place multi-segmented packet test. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 52 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.h | 1 + 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 572740cbf9..1703ebccf1 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11873,6 +11873,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, nb_segs, 0); pktmbuf_write(ut_params->ibuf, 0, td[i].input_text.len, td[i].input_text.data); + if (flags->out_of_place) + ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool, + td[i].output_text.len, nb_segs, 0); + else + ut_params->obuf = NULL; /* Generate crypto op data structure */ ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, @@ -11888,7 +11893,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], /* Set crypto operation mbufs */ ut_params->op->sym->m_src = ut_params->ibuf; - ut_params->op->sym->m_dst = NULL; + ut_params->op->sym->m_dst = ut_params->obuf; ut_params->op->param1.tls_record.content_type = td[i].app_type; if (flags->opt_padding) @@ -11920,7 +11925,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], res_d_tmp = &res_d[i]; if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, + struct rte_mbuf *buf = flags->out_of_place ? ut_params->obuf : + ut_params->ibuf; + + ret = test_tls_record_post_process(buf, &td[i], res_d_tmp, silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -11929,6 +11937,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_crypto_op_free(ut_params->op); ut_params->op = NULL; + if (flags->out_of_place) { + rte_pktmbuf_free(ut_params->obuf); + ut_params->obuf = NULL; + } + rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; } @@ -11937,6 +11950,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_crypto_op_free(ut_params->op); ut_params->op = NULL; + if (flags->out_of_place) { + rte_pktmbuf_free(ut_params->obuf); + ut_params->obuf = NULL; + } + rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; @@ -12127,6 +12145,32 @@ test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_ver return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl_oop(enum rte_security_tls_version tls_version) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .out_of_place = true, + .tls_version = tls_version + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_sgl_oop(void) +{ + return test_tls_record_proto_sgl_oop(RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_tls_1_2_record_proto_sgl_data_walkthrough(void) { @@ -17657,6 +17701,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "Multi-segmented mode out of place", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_sgl_oop), TEST_CASE_NAMED_ST( "TLS packet header corruption", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index a7c38218ae..18a90c6ff6 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -98,6 +98,7 @@ struct tls_record_test_flags { bool pkt_corruption; bool zero_len; bool padding_corruption; + bool out_of_place; uint8_t nb_segs_in_mbuf; uint8_t opt_padding; enum rte_security_tls_version tls_version;