From patchwork Wed Mar 13 10:58:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138308 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 370D543C9E; Wed, 13 Mar 2024 11:59:13 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5A789427E9; Wed, 13 Mar 2024 11:59:11 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 87155427E0 for ; Wed, 13 Mar 2024 11:59:09 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D9Wph7022169; Wed, 13 Mar 2024 03:59:08 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=QUZcyTj5XidC+pbqc55KVF8529MavEbdwy3kwFi1fM8=; b=Y0c rCJy0OFmV8X4KVwoXMOItUBLPW52sf0xawDvJReD02AqmdW3fCk7zdvKPgFoRXzP 2v/MLeLnPV4yaiSkQ86203XE6NOYxBzMhTq4czQImrQrc6yaPuO8CgMWCfuvRd4H xudpC0ZaeQIFOG6pGI5PkEwQdC0tw3rBB9mm1KLewQpzdeuhK1m1wovznDykxM7U URX9CDXFc7cqyKX3kyq698tAK9Tmwqa1jJ91rGOniFmga4SoUkdboartvvTlzsRP /HOVTRd9EDtP9VTfX9SH6jmllI9UT525KIGmBjvqprlYcrrVZYc23EEO4Pn+KCFP XfOY0gGk8kytbu7hLsQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wu9kvr7vd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:08 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:07 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:07 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 7F2883F7080; Wed, 13 Mar 2024 03:59:05 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang , Anoob Joseph , Vidya Sagar Velumuri CC: , , Subject: [PATCH v5 01/21] test/security: enable AES-GCM in combined mode TLS Date: Wed, 13 Mar 2024 16:28:41 +0530 Message-ID: <20240313105901.1959675-2-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 8E5HPeR8dgd5JvcEnf67uH9WnMs0sev3 X-Proofpoint-ORIG-GUID: 8E5HPeR8dgd5JvcEnf67uH9WnMs0sev3 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Enable AES-GCM AEAD tests in combined mode TLS test suite. Coverity issue: 414888 Fixes: 9157ccb8f876 ("test/crypto: verify TLS headers") Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev_security_tls_record.c | 10 ++++++++-- app/test/test_security_proto.h | 3 +++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index bcb2eba4ff..14a7a2511e 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -116,6 +116,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } else { mac_len = td->xform.aead.aead.digest_length; + roundup_len = 0; exp_nonce_len = 8; } @@ -123,7 +124,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt case RTE_SECURITY_VERSION_TLS_1_2: case RTE_SECURITY_VERSION_TLS_1_3: hdr_len = sizeof(struct rte_tls_hdr); - min_padding = 1; + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); @@ -139,7 +143,9 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt /* Padding */ tls_pkt_size += min_padding; - tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + + if (roundup_len) + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); /* Explicit nonce */ tls_pkt_size += exp_nonce_len; diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index efa023b99d..5b92daa810 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -27,16 +27,19 @@ static const struct crypto_param aead_list[] = { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 16, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 24, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, .alg.aead = RTE_CRYPTO_AEAD_AES_GCM, .key_length = 32, + .digest_length = 16, }, { .type = RTE_CRYPTO_SYM_XFORM_AEAD, From patchwork Wed Mar 13 10:58:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138309 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9AEDB43C9E; Wed, 13 Mar 2024 11:59:19 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CA5CE42D68; Wed, 13 Mar 2024 11:59:14 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id EB9BC42D68 for ; Wed, 13 Mar 2024 11:59:12 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D87Nms025859; Wed, 13 Mar 2024 03:59:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=19qUcvFJ97uiwLuu5AWq2muBSlABRMJGMhZszxDkUq8=; b=afy GR5JA0aNczQvUJdNg6mYcNaj8CoKglOrZkY8n4isLGZ1quRJHfdru2DIX1ZhE3KX fmOFOdm4kumFpm7FEQzLoKfD/hH6UaPc7Is+eRaM9/xlUCTu+IF2iaZLssTMdQXk 5BgxLuvV4S+eQIIxpfl+bNvWxUSYO4Ih7qUXVHDgPz+Ls1RCgVcyYdMA9v9YMNKR ZDMdPfrkF6rt0NlRK9kdSSSES02cm0HbjPCpZWx4OtJobGkPVUmS0PaTFhy4s8lT V6d8K35Nny7OyAMYJuf805UsRxVEGe0c29RmqwiUdw+FlKaZVGKojTOgdjQXrNW5 kIV0FtAztih8EOIXNjA== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1erx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:12 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:10 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 13 Mar 2024 03:59:10 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:10 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 642343F7080; Wed, 13 Mar 2024 03:59:08 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang , Anoob Joseph CC: , , , Subject: [PATCH v5 02/21] test/security: add TLS 1.2 data walkthrough test Date: Wed, 13 Mar 2024 16:28:42 +0530 Message-ID: <20240313105901.1959675-3-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 8obccxZZMwAmP5joGQ2-B5K1UnEnQLkC X-Proofpoint-GUID: 8obccxZZMwAmP5joGQ2-B5K1UnEnQLkC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add data walkthrough test for TLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 90 +++++++++++++++++-- app/test/test_cryptodev_security_tls_record.c | 25 ++++-- app/test/test_cryptodev_security_tls_record.h | 41 ++++++++- app/test/test_security_proto.c | 17 ++++ app/test/test_security_proto.h | 8 ++ 5 files changed, 162 insertions(+), 19 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 3b5e784022..c5837ccbdd 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -858,6 +858,8 @@ ipsec_proto_testsuite_setup(void) static int tls_record_proto_testsuite_setup(void) { + test_sec_proto_pattern_generate(); + return sec_proto_testsuite_setup(RTE_SECURITY_PROTOCOL_TLS_RECORD); } @@ -11958,14 +11960,30 @@ test_tls_record_proto_known_vec_read(const void *test_data) static int test_tls_record_proto_all(const struct tls_record_test_flags *flags) { + unsigned int i, nb_pkts = 1, pass_cnt = 0, payload_len, max_payload_len; struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; - unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; + switch (flags->tls_version) { + case RTE_SECURITY_VERSION_TLS_1_2: + max_payload_len = TLS_1_2_RECORD_PLAINTEXT_MAX_LEN; + break; + case RTE_SECURITY_VERSION_TLS_1_3: + max_payload_len = TLS_1_3_RECORD_PLAINTEXT_MAX_LEN; + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + max_payload_len = DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN; + break; + default: + max_payload_len = 0; + } + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; +again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts); + td_outb, nb_pkts, payload_len); ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) @@ -11983,6 +12001,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_FAILED) return TEST_FAILED; + if (flags->data_walkthrough && (++payload_len <= max_payload_len)) + goto again; + if (flags->display_alg) test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); @@ -11996,22 +12017,69 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) } static int -test_tls_record_proto_display_list(void) +test_tls_1_2_record_proto_data_walkthrough(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.data_walkthrough = true; + flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2; + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_display_list(void) { struct tls_record_test_flags flags; memset(&flags, 0, sizeof(flags)); flags.display_alg = true; + flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2; return test_tls_record_proto_all(&flags); } static int -test_tls_record_proto_sgl(void) +test_tls_1_2_record_proto_sgl(void) { struct tls_record_test_flags flags = { - .nb_segs_in_mbuf = 5 + .nb_segs_in_mbuf = 5, + .tls_version = RTE_SECURITY_VERSION_TLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_display_list(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.display_alg = true; + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_sgl(void) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 }; struct crypto_testsuite_params *ts_params = &testsuite_params; struct rte_cryptodev_info dev_info; @@ -17081,11 +17149,15 @@ static struct unit_test_suite tls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, - test_tls_record_proto_display_list), + test_tls_1_2_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Data walkthrough combined test alg list", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_data_walkthrough), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, - test_tls_record_proto_sgl), + test_tls_1_2_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17182,11 +17254,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Combined test alg list", ut_setup_security, ut_teardown, - test_tls_record_proto_display_list), + test_dtls_1_2_record_proto_display_list), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, - test_tls_record_proto_sgl), + test_dtls_1_2_record_proto_sgl), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 14a7a2511e..3745c6a0d1 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -62,7 +62,8 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, void test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td) + struct tls_record_test_data *td_array, + int nb_td, unsigned int data_len) { int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; @@ -76,7 +77,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) + memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); + else + memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; @@ -84,7 +88,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->xform.aead.aead.digest_length = param1->digest_length; } else { /* Copy template for packet & key fields */ - memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) + memcpy(td, &dtls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); + else + memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td)); td->aead = false; td->xform.chain.cipher.cipher.algo = param1->alg.cipher; @@ -96,6 +103,11 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } + if (flags->data_walkthrough) { + test_sec_proto_pattern_set(td->input_text.data, data_len); + td->input_text.len = data_len; + } + tls_pkt_size = td->input_text.len; if (!td->aead) { @@ -221,6 +233,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, return TEST_SUCCESS; } + static int tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) { @@ -280,13 +293,13 @@ int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent) { + uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN]; uint32_t len = rte_pktmbuf_pkt_len(m), data_len; - uint8_t output_text[TLS_RECORD_MAX_LEN]; const struct rte_mbuf *seg; const uint8_t *output; int ret; - memset(output_text, 0, TLS_RECORD_MAX_LEN); + memset(output_text, 0, TEST_SEC_CIPHERTEXT_MAX_LEN); /* * Actual data in packet might be less in error cases, hence take minimum of pkt_len and sum @@ -300,7 +313,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t } len = RTE_MIN(len, data_len); - TEST_ASSERT(len <= TLS_RECORD_MAX_LEN, "Invalid packet length: %u", len); + TEST_ASSERT(len <= TEST_SEC_CIPHERTEXT_MAX_LEN, "Invalid packet length: %u", len); /* Copy mbuf payload to continuous buffer */ output = rte_pktmbuf_read(m, 0, len, output_text); diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 0bd83f88f0..56d9d11962 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -10,7 +10,37 @@ #include "test_security_proto.h" -#define TLS_RECORD_MAX_LEN 16384u +/* TLS 1.2 Ciphertext length can be up to (2^14 + 2048 + 5 (TLS Header)) Bytes */ +#define TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (4096u) +static_assert(TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.2 Plaintext length can be up to (2^14 + 1024) Bytes */ +#define TLS_1_2_RECORD_PLAINTEXT_MAX_LEN (3072u) +static_assert(TLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* DTLS 1.2 Ciphertext length is similar to TLS 1.2 */ +#define DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (4096u) +static_assert(DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* DTLS 1.2 Plaintext length is similar to TLS 1.2 */ +#define DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN (3072u) +static_assert(DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.3 Ciphertext length can be up to (2^14 + 256 + 5 (TLS Header)) Bytes */ +#define TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN (4096u) +static_assert(TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN, + "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +/* TLS 1.3 Plaintext length can be up to 2^14 Bytes */ +#define TLS_1_3_RECORD_PLAINTEXT_MAX_LEN (3072u) +static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, + "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); + +#define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) struct tls_record_test_data { struct { @@ -22,12 +52,12 @@ struct tls_record_test_data { } auth_key; struct { - uint8_t data[TLS_RECORD_MAX_LEN]; + uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; unsigned int len; } input_text; struct { - uint8_t data[TLS_RECORD_MAX_LEN]; + uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN]; unsigned int len; } output_text; @@ -56,6 +86,8 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; int nb_segs_in_mbuf; + bool data_walkthrough; + enum rte_security_tls_version tls_version; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -89,7 +121,8 @@ void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_ou void test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td); + struct tls_record_test_data *td_array, int nb_td, + unsigned int data_len); void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_data td_outb[], int nb_td, diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c index d242c852af..cf40d5fc9a 100644 --- a/app/test/test_security_proto.c +++ b/app/test/test_security_proto.c @@ -13,6 +13,8 @@ struct crypto_param_comb sec_alg_list[RTE_DIM(aead_list) + struct crypto_param_comb sec_auth_only_alg_list[2 * (RTE_DIM(auth_list) - 1)]; +static uint8_t cleartext_pattern[TEST_SEC_CLEARTEXT_MAX_LEN]; + void test_sec_alg_list_populate(void) { @@ -152,3 +154,18 @@ test_sec_alg_display(const struct crypto_param *param1, const struct crypto_para } printf("\n"); } + +void +test_sec_proto_pattern_generate(void) +{ + unsigned int i; + + for (i = 0; i < TEST_SEC_CLEARTEXT_MAX_LEN; i++) + cleartext_pattern[i] = (i + 1) & 0xff; +} + +void +test_sec_proto_pattern_set(uint8_t *buf, int len) +{ + rte_memcpy(buf, cleartext_pattern, len); +} diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h index 5b92daa810..7eb815604a 100644 --- a/app/test/test_security_proto.h +++ b/app/test/test_security_proto.h @@ -8,6 +8,10 @@ #include #include +#include "test_cryptodev.h" + +#define TEST_SEC_CLEARTEXT_MAX_LEN (MBUF_DATAPAYLOAD_SIZE - 1024) +#define TEST_SEC_CIPHERTEXT_MAX_LEN (MBUF_DATAPAYLOAD_SIZE) #define TEST_SEC_PKTS_MAX 32 struct crypto_param { @@ -186,4 +190,8 @@ int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_c void test_sec_alg_display(const struct crypto_param *param1, const struct crypto_param *param2); +void test_sec_proto_pattern_generate(void); + +void test_sec_proto_pattern_set(uint8_t *buf, int len); + #endif From patchwork Wed Mar 13 10:58:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138310 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AFB8D43C9E; Wed, 13 Mar 2024 11:59:26 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4526042D99; Wed, 13 Mar 2024 11:59:17 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 7D40D42D95 for ; Wed, 13 Mar 2024 11:59:15 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D9Wo93022137; Wed, 13 Mar 2024 03:59:14 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=/9AzlCo2YzprS+oOh8lRIfE7vgCh5VI3gOB6niRhDhw=; b=Oei nc47+ct2WsQtJaxE/q/EnlAHsl8yABuhZXEC4AgdMPOQNkmmtd+v3cW8w0PXIGtB mOL6UEzR6pd21m/s+ErL4FVV3kLDLiVOWSulh1zizoTw4qgfugi7FWpPEHrkEuIC rOgPloL8N0E1+A7boe7MujTZoxmEc1Z3OfUSS9ubVPu54Zje34FSgTnDpaeQUSt2 87nzb+2HqKg85jeRk5xDv6XR0jwnlzOO9KwuFPEdVieSCcfJy5N4vPng/7Dyjs4t 375yxdZjMJ8SnH1WAfNsB4+Lxb17HFvPxAr6/Oo5+bOHQBpFgENmiI08hvXIbniU DIYUxJD1PM7BN+ftP0w== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wu9kvr7vp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:14 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:13 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:13 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 43BB53F7080; Wed, 13 Mar 2024 03:59:11 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 03/21] test/security: add DTLS 1.2 data walkthrough test Date: Wed, 13 Mar 2024 16:28:43 +0530 Message-ID: <20240313105901.1959675-4-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: YXLSJ3vFIOHq25_AGZWmJYWj1i4jYydt X-Proofpoint-ORIG-GUID: YXLSJ3vFIOHq25_AGZWmJYWj1i4jYydt X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add data walkthrough test for DTLS 1.2 Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 17 +++++++++++++++++ app/test/test_cryptodev_security_tls_record.c | 5 ++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index c5837ccbdd..e0695e9eb3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12061,6 +12061,19 @@ test_tls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_data_walkthrough(void) +{ + struct tls_record_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.data_walkthrough = true; + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_display_list(void) { @@ -17255,6 +17268,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Combined test alg list", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_display_list), + TEST_CASE_NAMED_ST( + "Data walkthrough combined test alg list", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_data_walkthrough), TEST_CASE_NAMED_ST( "Multi-segmented mode", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 3745c6a0d1..92bcbff842 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -143,7 +143,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); - min_padding = 0; + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; default: hdr_len = 0; From patchwork Wed Mar 13 10:58:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138311 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9D27A43C9E; Wed, 13 Mar 2024 11:59:35 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 17C5D42DDE; Wed, 13 Mar 2024 11:59:21 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 83BBA42DCB for ; Wed, 13 Mar 2024 11:59:18 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D7iH0s025881; Wed, 13 Mar 2024 03:59:18 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=uqH4WEad1na42eDgRgvev+6tqNPy8SJNM4Bc075m6NE=; b=YGc 0RQ5zLA9k69ag4vpclBPIqwJEd+Sc1w6I3jyO4xktiOw0tMUnf0099FXR4KhsXEl vfUrQhG155uP4VOsNr1wfG/3QaokhX8GFKLYxIDMsEgWk9BNAnTQ5lJ6IPEVVs0M mX+MbvfwpW8HwAhnhLP6R4yRDgVvFtuQYUAdlTqIF6lBf3GyYQyugmWBnWlwWuv/ O6ytVags+oj3kqyVJ8mJRowd2u2Pjnl9ed8lkUYR9NeUgkLjVOephCw34u2StM+k tpGQA8HEtD8hnBgKpAJ0nCHm413AvNZn9u03DRWKl/5x6uWfnd84hMHmNCq5omOa ZcSc7S0VoRoKl6GUkNg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1esa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:17 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:16 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 13 Mar 2024 03:59:16 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:16 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 2482C3F7083; Wed, 13 Mar 2024 03:59:13 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 04/21] test/security: add TLS SG data walkthrough test Date: Wed, 13 Mar 2024 16:28:44 +0530 Message-ID: <20240313105901.1959675-5-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: sULsWMJSWswA-udjRCwWgzfvXAnaRLiV X-Proofpoint-GUID: sULsWMJSWswA-udjRCwWgzfvXAnaRLiV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add multi segment packet data walkthrough test for TLS 1.2 and DTLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 42 +++++++++++++++++++ app/test/test_cryptodev_security_tls_record.h | 2 +- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index e0695e9eb3..3591c91130 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11981,6 +11981,8 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) for (i = 0; i < RTE_DIM(sec_alg_list); i++) { payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; + if (flags->nb_segs_in_mbuf) + payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf); again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, td_outb, nb_pkts, payload_len); @@ -12061,6 +12063,32 @@ test_tls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_version) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .tls_version = tls_version, + .data_walkthrough = true + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_sgl_data_walkthrough(void) +{ + return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -12106,6 +12134,12 @@ test_dtls_1_2_record_proto_sgl(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_sgl_data_walkthrough(void) +{ + return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2); +} + #endif static int @@ -17171,6 +17205,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl), + TEST_CASE_NAMED_ST( + "Multi-segmented mode data walkthrough", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_sgl_data_walkthrough), TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -17276,6 +17314,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Multi-segmented mode", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_sgl), + TEST_CASE_NAMED_ST( + "Multi-segmented mode data walkthrough", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sgl_data_walkthrough), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 56d9d11962..a6c537b35a 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -85,7 +85,7 @@ struct tls_record_test_data { struct tls_record_test_flags { bool display_alg; - int nb_segs_in_mbuf; + uint8_t nb_segs_in_mbuf; bool data_walkthrough; enum rte_security_tls_version tls_version; }; From patchwork Wed Mar 13 10:58:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138312 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8DA1543C9E; Wed, 13 Mar 2024 11:59:43 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9420342DD6; Wed, 13 Mar 2024 11:59:23 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 6019D42DD6 for ; Wed, 13 Mar 2024 11:59:21 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D7lF0D025188; Wed, 13 Mar 2024 03:59:20 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=dDBadRvkqLp45y5mqZF5j0IRdZZiMTf57j7rx0e2P28=; b=Z1m dw1qrhhI3j4+0PL63KjKxFZswugttghTU4n0lyZ0MpuqBvIDcCSWPQPEQjmHHgRt vSW0HRp6InjkGdgzqp5ZSP2XIh3NwVNwFrRDm1dZHAnisCBNx39lkvFnugOxbx/3 KT47EkbPYF7S2zqEHZHFKkN0ijGryAtRo1LL+lg9UqXi1IeIDr+DltwEq/cQRVOU OrT7rIGKzGYUodLCSHV3H9cLZOK2B0LIhBveX0iLR6cyfREjyST4tT7GiUkoBRP4 zlZaqCbshNO8KO772JOHe0u2yl0sJ9YuS8O8luvJ6AUFBD3hBvvt4hY41VVq8jmh LtJvU9bLWpjxGcS3ldQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1esg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:20 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:19 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:19 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 071073F7084; Wed, 13 Mar 2024 03:59:16 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 05/21] test/security: unit test for TLS packet corruption Date: Wed, 13 Mar 2024 16:28:45 +0530 Message-ID: <20240313105901.1959675-6-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: OqA0o7nndFhpmg_jpDEpirx8R3NMGhQr X-Proofpoint-GUID: OqA0o7nndFhpmg_jpDEpirx8R3NMGhQr X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add test to verify the corrupted TLS packet header Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 27 +++++++++++++++++-- app/test/test_cryptodev_security_tls_record.c | 4 +++ app/test/test_cryptodev_security_tls_record.h | 1 + 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 3591c91130..324ef3c276 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12000,8 +12000,13 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (ret == TEST_FAILED) - return TEST_FAILED; + if (flags->pkt_corruption) { + if (ret == TEST_SUCCESS) + return TEST_FAILED; + } else { + if (ret == TEST_FAILED) + return TEST_FAILED; + } if (flags->data_walkthrough && (++payload_len <= max_payload_len)) goto again; @@ -12089,6 +12094,20 @@ test_tls_1_2_record_proto_sgl_data_walkthrough(void) return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2); } +static int +test_tls_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17209,6 +17228,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "TLS packet header corruption", + ut_setup_security, ut_teardown, + test_tls_record_proto_corrupt_pkt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 92bcbff842..93ff7f36fa 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -185,6 +185,10 @@ test_tls_record_td_update(struct tls_record_test_data td_inb[], td_outb[i].input_text.len); td_inb[i].output_text.len = td_outb->input_text.len; + /* Corrupt the content type in the TLS header of encrypted packet */ + if (flags->pkt_corruption) + td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0]; + /* Clear outbound specific flags */ td_inb[i].tls_record_xform.options.iv_gen_disable = 0; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index a6c537b35a..a7c0ca87bf 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -88,6 +88,7 @@ struct tls_record_test_flags { uint8_t nb_segs_in_mbuf; bool data_walkthrough; enum rte_security_tls_version tls_version; + bool pkt_corruption; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; From patchwork Wed Mar 13 10:58:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138313 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3C9EE43C9E; Wed, 13 Mar 2024 11:59:50 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 75BD342DF7; Wed, 13 Mar 2024 11:59:27 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id EA43642DEF for ; Wed, 13 Mar 2024 11:59:23 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D9Wo95022137; Wed, 13 Mar 2024 03:59:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=9d9zwoNT2ig+qwHFIWK1JiFApmVgayJzjxddzIRjfvw=; b=f+K I4sPEUP71JGQXnEZ4E+Je4mcgsTqplsDD0nvTJX09AIlIrxp6w5oiygbtFgCLsNX EfUwWxN7e32t8Z2EEIJy9QDs3e9F8MiZIw6T3Bn5xwurfKQFeGHeHeq1bJRvkV2f +Yi1eFJ+cBzuGYdYTDl7m3QLj9tdrJ4HV8GFzZLlGT79v3qecVRWbha82yJGEDGF CDz8/LUDEYpzTESj5+idSRkSCndoY+ImORfTBvc84ItKcIDCXyyyAAkfKL4zGr6q SgLBBnVwa95ol6ihERWIJ5V+57BcpjBTTOCWdXIndJEjyvVMZenXfkMphFnwNBt1 rVQS5HaTn51NReR6vSg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wu9kvr7wa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:22 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:22 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:22 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id DD3E13F7080; Wed, 13 Mar 2024 03:59:19 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 06/21] test/security: unit test for custom content verification Date: Wed, 13 Mar 2024 16:28:46 +0530 Message-ID: <20240313105901.1959675-7-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: woADsrKFhS_tTpgf3mOlat-XWMarlU6- X-Proofpoint-ORIG-GUID: woADsrKFhS_tTpgf3mOlat-XWMarlU6- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit test to verify the TLS header creation with custom content type Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ app/test/test_cryptodev_security_tls_record.c | 3 +++ app/test/test_cryptodev_security_tls_record.h | 9 +++++++++ 3 files changed, 31 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 324ef3c276..5cb878b9ba 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #ifdef RTE_CRYPTO_SCHEDULER @@ -12108,6 +12109,20 @@ test_tls_record_proto_corrupt_pkt(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17232,6 +17247,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "TLS packet header corruption", ut_setup_security, ut_teardown, test_tls_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "Custom content type", + ut_setup_security, ut_teardown, + test_tls_record_proto_custom_content_type), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 93ff7f36fa..9a2af259c9 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -108,6 +108,9 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->input_text.len = data_len; } + if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) + td->app_type = RTE_TLS_TYPE_MAX; + tls_pkt_size = td->input_text.len; if (!td->aead) { diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index a7c0ca87bf..73719063a8 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -42,6 +42,14 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, #define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) +enum tls_record_test_content_type { + TLS_RECORD_TEST_CONTENT_TYPE_APP, + /* For verifying zero packet length */ + TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + /* For verifying handling of custom content types */ + TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, +}; + struct tls_record_test_data { struct { uint8_t data[32]; @@ -89,6 +97,7 @@ struct tls_record_test_flags { bool data_walkthrough; enum rte_security_tls_version tls_version; bool pkt_corruption; + enum tls_record_test_content_type content_type; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; From patchwork Wed Mar 13 10:58:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138314 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2149E43C9E; Wed, 13 Mar 2024 11:59:56 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0D32442DFF; Wed, 13 Mar 2024 11:59:32 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 1C7BE42DF4 for ; Wed, 13 Mar 2024 11:59:27 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D85U70026170; Wed, 13 Mar 2024 03:59:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=XaLjBD8xgoK5Vw9j0siSWnYmHm6uIxUv4SMkuJXrVcU=; b=eoS LilFDH+p8p8j5qtfnmOy8XCn9b2gEDOa+MUXiWG+DeiJrGlZ/SiocYJ7ddsNbxUx KGw1DrR8k7NLllpF5S2rwOa3e8oz7EtyRC1HSn5AsbNHE/DVCnV3i0vU2OU5B+pX L0cmSfk2oWF27+kWrZvsGyw+1phkenaE+2WY8tp9109Ktvq06G0OyUaFPn5wHnxi /yTt3GS5JUppNYEPgAXfVhCFpLeM3Fck5jiddlbXund+JsgEWyqtZHJ4yqt73A8Q D4MKcg9RLb7U3f1xXQJe7FF3Wy61wuRHlSG9vj+P1QZIB0wOK2ARH3Y5HumY/wTT TaXOjS1BO/Rx4uNLnwQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1et5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:26 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:25 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 13 Mar 2024 03:59:25 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:25 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id BDBE03F7080; Wed, 13 Mar 2024 03:59:22 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 07/21] test/cryptodev: allow zero packet length buffers Date: Wed, 13 Mar 2024 16:28:47 +0530 Message-ID: <20240313105901.1959675-8-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: nALujBDdxxhKIYW7nNkAYvqiGpahgajf X-Proofpoint-GUID: nALujBDdxxhKIYW7nNkAYvqiGpahgajf X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Anoob Joseph The function 'create_segmented_mbuf' is updated to support zero packet length mbufs. This allows testing of zero packet length payload with TLS record processing. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.h | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index f27d9697fd..fd9ea0dd81 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -182,15 +182,8 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, int nb_segs, uint8_t pattern) { struct rte_mbuf *m = NULL, *mbuf = NULL; + int size, t_len, data_len = 0; uint8_t *dst; - int data_len = 0; - int i, size; - int t_len; - - if (pkt_len < 1) { - printf("Packet size must be 1 or more (is %d)\n", pkt_len); - return NULL; - } if (nb_segs < 1) { printf("Number of segments must be 1 or more (is %d)\n", @@ -202,17 +195,17 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, size = pkt_len; /* Create chained mbuf_src and fill it generated data */ - for (i = 0; size > 0; i++) { + do { m = rte_pktmbuf_alloc(mbuf_pool); - if (i == 0) - mbuf = m; - if (m == NULL) { printf("Cannot create segment for source mbuf"); goto fail; } + if (mbuf == NULL) + mbuf = m; + /* Make sure if tailroom is zeroed */ memset(m->buf_addr, pattern, m->buf_len); @@ -229,7 +222,8 @@ create_segmented_mbuf(struct rte_mempool *mbuf_pool, int pkt_len, size -= data_len; - } + } while (size > 0); + return mbuf; fail: From patchwork Wed Mar 13 10:58:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138315 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 01E7843CA0; Wed, 13 Mar 2024 12:00:03 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 80E2C42E0B; Wed, 13 Mar 2024 11:59:34 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 6A81D42DCD for ; Wed, 13 Mar 2024 11:59:30 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D9Wo98022137; Wed, 13 Mar 2024 03:59:29 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=Vb1sGf33dC+sG8ZZWkLOwIKKUSqYRHT437l4P5CvU90=; b=Np3 k67IHZKm9vgxadw7669GLLuu4MU00da9zrWH6v31lj97P/Qk2d3pd/aHCQ+gxjF7 yQZnDSQGynF18USx+M0PAUXLMgYpxdTuxthzBR3yBZ23rU+SDkx7DwvvEFWTsO1/ i6JOqgI4NpteSVmBgL43x1UGSGYTI3hI/S5Xbf0jMcv02qWxn3WwNE4KvrqWRT6Z SSKsyYiEY4RdM+rpqvLaUl/Q0pR+4iIoe/TM//hAunKAHfncFAALGeYTN3yENrX1 MvU8DbpLrmfhXlmV3jxm3/hB3KhiqQ2QcoXiQMv1SwBTkY0gkzMUJis/x/zdVY54 M9CC/6+mvzptI78ygcA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wu9kvr7ww-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:29 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:28 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:28 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 9F9383F7082; Wed, 13 Mar 2024 03:59:25 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 08/21] test/security: unit test to verify zero TLS records Date: Wed, 13 Mar 2024 16:28:48 +0530 Message-ID: <20240313105901.1959675-9-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: noJZtx2eqWiLJ4OHZmisozvJRpHlhzif X-Proofpoint-ORIG-GUID: noJZtx2eqWiLJ4OHZmisozvJRpHlhzif X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the zero len TLS records. Zero len packets are allowed when content type is app data while zero packet length with other content type (such as handshake) would result in an error. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 51 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 5 +- app/test/test_cryptodev_security_tls_record.h | 2 +- 3 files changed, 55 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 5cb878b9ba..fa63b9743f 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11984,6 +11984,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN; if (flags->nb_segs_in_mbuf) payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf); + + if (flags->zero_len) + payload_len = 0; again: test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, td_outb, nb_pkts, payload_len); @@ -11992,8 +11995,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (ret == TEST_FAILED) + if (flags->zero_len && + ((flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) || + (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) || + (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE))) { + if (ret == TEST_SUCCESS) + return TEST_FAILED; + goto skip_decrypt; + } else if (ret == TEST_FAILED) { return TEST_FAILED; + } test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); @@ -12009,6 +12020,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) return TEST_FAILED; } +skip_decrypt: if (flags->data_walkthrough && (++payload_len <= max_payload_len)) goto again; @@ -12123,6 +12135,35 @@ test_tls_record_proto_custom_content_type(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17251,6 +17292,14 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Custom content type", ut_setup_security, ut_teardown, test_tls_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "Zero len TLS record with content type as app", + ut_setup_security, ut_teardown, + test_tls_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "Zero len TLS record with content type as ctrl", + ut_setup_security, ut_teardown, + test_tls_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 9a2af259c9..c5410a4c92 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -103,13 +103,15 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } - if (flags->data_walkthrough) { + if (flags->data_walkthrough || flags->zero_len) { test_sec_proto_pattern_set(td->input_text.data, data_len); td->input_text.len = data_len; } if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) td->app_type = RTE_TLS_TYPE_MAX; + else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) + td->app_type = RTE_TLS_TYPE_HANDSHAKE; tls_pkt_size = td->input_text.len; @@ -232,6 +234,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, memcpy(&res_d->input_text.data, output_text, len); res_d->input_text.len = len; + res_d->output_text.len = td->input_text.len; res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ; if (res_d->aead) { diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 73719063a8..300f3f08b5 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -98,6 +98,7 @@ struct tls_record_test_flags { enum rte_security_tls_version tls_version; bool pkt_corruption; enum tls_record_test_content_type content_type; + bool zero_len; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -140,5 +141,4 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[], int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, struct tls_record_test_data *res_d, bool silent); - #endif From patchwork Wed Mar 13 10:58:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138316 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DCE4343CA0; Wed, 13 Mar 2024 12:00:10 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 10C3642E1C; Wed, 13 Mar 2024 11:59:36 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 704E642E02 for ; Wed, 13 Mar 2024 11:59:32 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D9WiPQ022081; Wed, 13 Mar 2024 03:59:31 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=s8GiQ4p4y27w+FGTUrBBbmZDYwNTM+C+VaynNW3yuRQ=; b=CzZ jD4PuxvJlhDggk2NRqIa0NJItrSf/k9l5Fqikwg2/Kelkycyr5R2ZUGVMvIJ36ZX ksk5N8zn8Ygper/OBvq50SZ0PV3giFTagiYFahBYPmeDPTU+cISr9IED6m8uwoNw AXfJDOaGYodSd4O52tj7j9y55HCgIUyJSpDKuW0lYcNb7Qr6L6BLOtJFeRBSBF6j 8VPc83QwMpr+mIATuoHhucjHRLgl9rbeqdjIyquMVzBvhcO/eSK8gR0maH8ZShEU QWb6N2JVUHe6DcUyiMblznFPkry6as8FVUCb9pifMBwa1I0ZTbvp0C/VGsIhhaK4 I9ZWXXou0xFu822+eHQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wu9kvr7x3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:31 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:30 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:30 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 7F33E3F7080; Wed, 13 Mar 2024 03:59:28 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 09/21] test/security: add unit tests for DTLS-1.2 Date: Wed, 13 Mar 2024 16:28:49 +0530 Message-ID: <20240313105901.1959675-10-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: qgVR6jOKudVPLv2v4bzKy6cw83U2mkYo X-Proofpoint-ORIG-GUID: qgVR6jOKudVPLv2v4bzKy6cw83U2mkYo X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify 1. DTLS record with zero length 2. DTLS record with header corruption 3. DTLS record with content type as custom Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 77 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fa63b9743f..72e7fe3769 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12215,6 +12215,67 @@ test_dtls_1_2_record_proto_sgl_data_walkthrough(void) return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2); } +static int +test_dtls_1_2_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_dtls_1_2_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + .tls_version = RTE_SECURITY_VERSION_DTLS_1_2 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + #endif static int @@ -17409,6 +17470,22 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "Packet corruption", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "Custom content type", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "Zero len DTLS record with content type as app", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "Zero len DTLS record with content type as ctrl", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 10:58:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138317 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 525F643C9F; Wed, 13 Mar 2024 12:00:18 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9F26D42E24; Wed, 13 Mar 2024 11:59:37 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id E447142E18 for ; Wed, 13 Mar 2024 11:59:35 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D7soFc025871; Wed, 13 Mar 2024 03:59:35 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=Yvm221D7jZEXhsFNzWGYOCT5ltQVmLu+lCpjHDKbPbw=; b=aAU 4vdWsJT/o729uj2jYCwMwMiC/kRq9ZzLoVSfWTATJztnySno5qa1EyaSCEW0MLCB CRBNdvGybCFQlIal+E46dLJvWgEckfRs9KCsB35oTd3v9/xZPBSS/KSdKfn16TcH qNgOCFNrMlzXDl/3mxHdnFxw24LozTsSQR1UHBUGQlvN9Xn+uP2s7YGq5T5I8gbS O+S4I3JFOoPZK53Piny/KNbyNO2hn5wPXN49NU3w3CUxz1uqedDzEjKy2DvqwgaP cV97K3ZN421DVdGXnXd/3EFvpSlf1uChaAI4jy4QOD7xfpPYrOIfxSBr8XebFFxy eMmXhXZSBejhvNmzU+g== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1etp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:35 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:33 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:33 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 618323F7080; Wed, 13 Mar 2024 03:59:31 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 10/21] test/security: add TLS/DTLS 1.2 AES-256-SHA384 vectors Date: Wed, 13 Mar 2024 16:28:50 +0530 Message-ID: <20240313105901.1959675-11-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: NX8xgXG2JNhCoZaTbTmSddid5UKb3Uqf X-Proofpoint-GUID: NX8xgXG2JNhCoZaTbTmSddid5UKb3Uqf X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added vectors for TLS 1.2 and DTLS 1.2 using algos AES-256-CBC and HMAC-SHA384 Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 19 ++ app/test/test_cryptodev_security_tls_record.h | 2 + ...yptodev_security_tls_record_test_vectors.h | 200 ++++++++++++++++++ 3 files changed, 221 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 72e7fe3769..95f2377d4d 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17273,6 +17273,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Write record known vector AES-256-CBC-SHA256", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Write record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17316,6 +17320,11 @@ static struct unit_test_suite tls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &tls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17397,6 +17406,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec, &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, + &dtls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Write record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, @@ -17439,6 +17453,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &dtls_test_data_aes_256_cbc_sha256_hmac), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-256-CBC-SHA384", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, + &dtls_test_data_aes_256_cbc_sha384_hmac), TEST_CASE_NAMED_WITH_DATA( "Read record known vector 3DES-CBC-SHA1-HMAC", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 300f3f08b5..68e243b842 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -110,6 +110,7 @@ extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_aes_128_cbc_sha256_hmac; extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data tls_test_data_null_cipher_sha1_hmac; extern struct tls_record_test_data tls_test_data_chacha20_poly1305; @@ -118,6 +119,7 @@ extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_aes_128_cbc_sha256_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; +extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index f10f28bb96..27b07cd54a 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -1129,6 +1129,107 @@ struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac = { .app_type = 0x17, }; +struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac = { + .key = { + .data = { + 0x1d, 0xe5, 0x19, 0x18, 0x57, 0xa0, 0xee, 0x79, + 0x84, 0x61, 0x92, 0x9d, 0x3d, 0xce, 0x42, 0x92, + 0x4a, 0x98, 0x23, 0x3b, 0xf8, 0xec, 0x29, 0x47, + 0xb3, 0xae, 0x1f, 0x22, 0xd2, 0x8d, 0xbe, 0x2c, + }, + }, + .auth_key = { + .data = { + 0xf8, 0xbd, 0x28, 0xf9, 0x4a, 0xde, 0x1d, 0xde, + 0x8c, 0xf5, 0xe9, 0x49, 0x34, 0x2a, 0x1a, 0xd0, + 0x0d, 0xe3, 0x64, 0xb2, 0x54, 0xd6, 0xd6, 0x40, + 0x90, 0x5d, 0x16, 0xc1, 0xf2, 0x77, 0x14, 0x90, + 0xe6, 0xfa, 0xbc, 0x9d, 0xe2, 0x72, 0x12, 0xec, + 0xb6, 0x05, 0xec, 0xdd, 0x1d, 0x23, 0xb3, 0x8e, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x44, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x33, 0x38, 0x34, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x0a, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0xfe, 0xfd, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x80, + 0x63, 0xe2, 0x70, 0xce, 0x45, 0x93, 0x18, 0xa3, + 0xa6, 0xd6, 0xf5, 0x50, 0x9f, 0x07, 0x9d, 0xab, + 0x88, 0x41, 0xee, 0x5b, 0x32, 0x1e, 0x85, 0xaf, + 0x33, 0x7b, 0x59, 0x8a, 0xe9, 0x41, 0x11, 0x6a, + 0xbb, 0x7d, 0x16, 0x6c, 0xbb, 0x66, 0x5e, 0xf5, + 0xfb, 0x5f, 0x03, 0xf9, 0x75, 0x7d, 0xb9, 0xff, + 0x70, 0xc3, 0x4a, 0x19, 0xe5, 0x25, 0xa0, 0x5d, + 0xad, 0x45, 0xef, 0xce, 0xd8, 0x2a, 0xde, 0xf0, + 0x0c, 0xca, 0x1c, 0x6b, 0x5a, 0x31, 0x8f, 0x49, + 0xff, 0x7d, 0xf3, 0x71, 0x15, 0x06, 0x07, 0x9d, + 0x6a, 0x5f, 0x5c, 0xd8, 0x2a, 0xa5, 0x0e, 0x61, + 0xde, 0x18, 0x6b, 0x7d, 0xc8, 0x74, 0x58, 0x18, + 0xf1, 0xac, 0xde, 0xb9, 0x6d, 0x8a, 0x44, 0xad, + 0x10, 0xf8, 0x63, 0x15, 0xcf, 0x25, 0x2f, 0x82, + 0x2f, 0xda, 0x74, 0x45, 0x02, 0xda, 0x61, 0x3c, + 0x2f, 0xf9, 0xa5, 0x92, 0x2a, 0x7c, 0x5e, 0x5d, + }, + .len = 141, + }, + .iv = { + .data = { + 0x63, 0xe2, 0x70, 0xce, 0x45, 0x93, 0x18, 0xa3, + 0xa6, 0xd6, 0xf5, 0x50, 0x9f, 0x07, 0x9d, 0xab, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key.length = 48, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 48, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_DTLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .dtls_1_2.epoch = 1, + .dtls_1_2.seq_no = 1, + }, + + .aead = false, + .app_type = 0x17, +}; + struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac = { .key = { .data = { @@ -1494,6 +1595,105 @@ struct tls_record_test_data tls_test_data_aes_256_cbc_sha256_hmac = { .app_type = 0x17, }; +struct tls_record_test_data tls_test_data_aes_256_cbc_sha384_hmac = { + .key = { + .data = { + 0x48, 0x70, 0xc7, 0x93, 0x77, 0xe3, 0x4c, 0x8c, + 0x27, 0x00, 0x64, 0x06, 0x3e, 0xc6, 0x47, 0x64, + 0xcc, 0xee, 0xa4, 0x9a, 0x1a, 0xe7, 0x3a, 0xc6, + 0xef, 0xe5, 0xe6, 0x2c, 0x15, 0xe3, 0xac, 0x16, + }, + }, + .auth_key = { + .data = { + 0x23, 0x95, 0x84, 0x30, 0xaf, 0x2b, 0x07, 0xfe, + 0x12, 0x83, 0x87, 0x28, 0x2b, 0x38, 0xb9, 0x02, + 0xc0, 0x27, 0x59, 0x3e, 0xa7, 0xbd, 0xce, 0xcb, + 0xe1, 0x8a, 0xe9, 0x43, 0x5d, 0xed, 0xb4, 0xf2, + 0x11, 0x4d, 0x19, 0xbb, 0x0f, 0x1b, 0x76, 0x86, + 0xfb, 0xb5, 0xda, 0xfd, 0x38, 0xfe, 0x7d, 0x02, + }, + }, + .input_text = { + .data = { + /* actual plain text */ + 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, + 0x20, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x32, + 0x20, 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, + 0x2d, 0x43, 0x42, 0x43, 0x20, 0x53, 0x48, 0x41, + 0x33, 0x38, 0x34, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x0a, + }, + .len = 51, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x80, + 0xc4, 0x90, 0xd7, 0x74, 0x5e, 0x26, 0xc8, 0x43, + 0x12, 0x45, 0x48, 0xc1, 0x0f, 0xb1, 0x18, 0xd8, + 0x1e, 0x5b, 0x1e, 0x50, 0x3e, 0x19, 0x25, 0x41, + 0x35, 0xc7, 0x7c, 0x14, 0x99, 0x7b, 0x97, 0x80, + 0x60, 0x9d, 0xf8, 0xf1, 0xac, 0x43, 0x7b, 0x5c, + 0xb6, 0xe2, 0xc4, 0x8f, 0x3f, 0xd7, 0x1b, 0xd4, + 0x61, 0x90, 0x40, 0xe3, 0xd5, 0x60, 0xac, 0xee, + 0x62, 0x53, 0x1f, 0x1f, 0x75, 0xf6, 0x2c, 0xda, + 0x1a, 0xed, 0x4a, 0x6a, 0x11, 0xeb, 0x9b, 0x1c, + 0x39, 0x0d, 0x6e, 0x8a, 0xf8, 0x3d, 0x45, 0x08, + 0x3e, 0x24, 0x17, 0x3e, 0xcf, 0x74, 0xcf, 0x6a, + 0xcb, 0x37, 0xdf, 0x25, 0xc6, 0xa5, 0xe4, 0x1e, + 0x53, 0x28, 0x71, 0xcf, 0xac, 0x1e, 0xad, 0x77, + 0x8c, 0xfc, 0x80, 0x19, 0x9c, 0xcc, 0x00, 0x60, + 0xc6, 0x82, 0xa0, 0xb8, 0x5e, 0x42, 0xd1, 0xff, + 0x14, 0x0a, 0x92, 0x5c, 0xde, 0x8a, 0x15, 0x7a, + }, + .len = 133, + }, + .iv = { + .data = { + 0xc4, 0x90, 0xd7, 0x74, 0x5e, 0x26, 0xc8, 0x43, + 0x12, 0x45, 0x48, 0xc1, 0x0f, 0xb1, 0x18, 0xd8, + }, + }, + + .xform = { + .chain = { + .auth = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AUTH, + .auth = { + .op = RTE_CRYPTO_AUTH_OP_GENERATE, + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .key.length = 48, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 48, + }, + }, + .cipher = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_CIPHER, + .cipher = { + .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT, + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .key.length = 32, + .iv.length = 16, + .iv.offset = IV_OFFSET, + }, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_2, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_2.seq_no = 0x1, + }, + + .aead = false, + .app_type = 0x17, +}; + struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { .key = { .data = { From patchwork Wed Mar 13 10:58:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138318 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0941B43C9F; Wed, 13 Mar 2024 12:00:28 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AB4DB42E12; Wed, 13 Mar 2024 11:59:40 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id C695442E1A for ; Wed, 13 Mar 2024 11:59:38 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D85U74026170; Wed, 13 Mar 2024 03:59:38 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=LQSu9yGo0FB9R1bZT7Lchw431euaPM6oFZSbc751Z+0=; b=fot UIggdarXhf1C+NdixZWG2tjxcjnzU58HmypU76zj1pGGPq25jMXXn7A4CmIPH7yU BNHVLd+pZgM/jRLvdJr9Cafgdnj2p9cwv+nI9V1DrN43Va/hO/SQZgwDfOmUio97 Xjlm9aSGAo3DQcT3KTSMHiw7zvChnd08RgpTuRhM6lcjINjg/1GJBKBAms4dNRCe o6+grwAkmAwIlKkyqnR7USQbbiJAExTT12wNtFJUx1q5dCVm2L0fSA/jrXsbGKO2 SuLpNnSqkd4n9nxptUXZG3v+d8ucyVMsktQi2JW8nsPQKtcagGHMCQws0Ckbtqql YfarqYfDSilwUloJAQQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1eu1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:37 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:36 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 13 Mar 2024 03:59:36 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:36 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 434D93F7080; Wed, 13 Mar 2024 03:59:34 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 11/21] test/security: add DTLS 1.2 anti-replay tests Date: Wed, 13 Mar 2024 16:28:51 +0530 Message-ID: <20240313105901.1959675-12-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: lz_J2XjVNEcZNCe6bWGgossEckUYuKPp X-Proofpoint-GUID: lz_J2XjVNEcZNCe6bWGgossEckUYuKPp X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add anti-replay test for DTLS 1.2. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 115 ++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 132 ++++++++++-------- app/test/test_cryptodev_security_tls_record.h | 11 +- 3 files changed, 188 insertions(+), 70 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 95f2377d4d..904bad39d3 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11827,6 +11827,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD, }; + if ((tls_record_xform.ver == RTE_SECURITY_VERSION_DTLS_1_2) && + (sess_type == RTE_SECURITY_TLS_SESS_TYPE_READ)) + sess_conf.tls_record.dtls_1_2.ar_win_sz = flags->ar_win_size; + if (td[0].aead) test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); @@ -11851,6 +11855,17 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], return TEST_SKIPPED; for (i = 0; i < nb_td; i++) { + if (flags->ar_win_size && + (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE)) { + sess_conf.tls_record.dtls_1_2.seq_no = + td[i].tls_record_xform.dtls_1_2.seq_no; + ret = rte_security_session_update(ctx, ut_params->sec_session, &sess_conf); + if (ret) { + printf("Could not update sequence number in session\n"); + return TEST_SKIPPED; + } + } + /* Setup source mbuf payload */ ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, nb_segs, 0); @@ -11890,17 +11905,19 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); - ret = test_tls_record_status_check(ut_params->op); + ret = test_tls_record_status_check(ut_params->op, &td[i]); if (ret != TEST_SUCCESS) goto crypto_op_free; if (res_d != NULL) res_d_tmp = &res_d[i]; - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, silent); - if (ret != TEST_SUCCESS) - goto crypto_op_free; - + if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { + ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, + silent); + if (ret != TEST_SUCCESS) + goto crypto_op_free; + } rte_crypto_op_free(ut_params->op); ut_params->op = NULL; @@ -12190,6 +12207,90 @@ test_dtls_1_2_record_proto_display_list(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_pkt_replay(const uint64_t seq_no[], + bool replayed_pkt[], uint32_t nb_pkts, + struct tls_record_test_flags *flags) +{ + struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX]; + struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX]; + unsigned int i, idx, pass_cnt = 0; + int ret; + + for (i = 0; i < RTE_DIM(sec_alg_list); i++) { + test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, + td_outb, nb_pkts, 0); + + for (idx = 0; idx < nb_pkts; idx++) + td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx]; + + ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags); + + for (idx = 0; idx < nb_pkts; idx++) { + td_inb[idx].tls_record_xform.dtls_1_2.ar_win_sz = flags->ar_win_size; + /* Set antireplay flag for packets to be dropped */ + td_inb[idx].ar_packet = replayed_pkt[idx]; + } + + ret = test_tls_record_proto_process(td_inb, NULL, nb_pkts, true, flags); + if (ret == TEST_SKIPPED) + continue; + + if (ret == TEST_FAILED) + return TEST_FAILED; + + if (flags->display_alg) + test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2); + + pass_cnt++; + } + + if (pass_cnt > 0) + return TEST_SUCCESS; + else + return TEST_SKIPPED; +} + +static int +test_dtls_1_2_record_proto_antireplay(void) +{ + struct tls_record_test_flags flags; + uint64_t winsz = 64, seq_no[5]; + uint32_t nb_pkts = 5; + bool replayed_pkt[5]; + + memset(&flags, 0, sizeof(flags)); + + flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2; + flags.ar_win_size = winsz; + + /* 1. Advance the TOP of the window to WS * 2 */ + seq_no[0] = winsz * 2; + /* 2. Test sequence number within the new window(WS + 1) */ + seq_no[1] = winsz + 1; + /* 3. Test sequence number less than the window BOTTOM */ + seq_no[2] = winsz; + /* 4. Test sequence number in the middle of the window */ + seq_no[3] = winsz + (winsz / 2); + /* 5. Test replay of the packet in the middle of the window */ + seq_no[4] = winsz + (winsz / 2); + + replayed_pkt[0] = false; + replayed_pkt[1] = false; + replayed_pkt[2] = true; + replayed_pkt[3] = false; + replayed_pkt[4] = true; + + return test_dtls_pkt_replay(seq_no, replayed_pkt, nb_pkts, &flags); +} + static int test_dtls_1_2_record_proto_sgl(void) { @@ -17505,6 +17606,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Zero len DTLS record with content type as ctrl", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_zero_len_non_app), + TEST_CASE_NAMED_ST( + "Antireplay with window size 64", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index c5410a4c92..907e043ddd 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -12,10 +12,21 @@ #include "test_security_proto.h" int -test_tls_record_status_check(struct rte_crypto_op *op) +test_tls_record_status_check(struct rte_crypto_op *op, + const struct tls_record_test_data *td) { int ret = TEST_SUCCESS; + if ((td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_READ) && + td->ar_packet) { + if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { + printf("Anti replay test case failed\n"); + return TEST_FAILED; + } else { + return TEST_SUCCESS; + } + } + if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) ret = TEST_FAILED; @@ -101,81 +112,80 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->xform.chain.auth.auth.key.length = param2->key_length; td->xform.chain.auth.auth.digest_length = param2->digest_length; } - } - - if (flags->data_walkthrough || flags->zero_len) { - test_sec_proto_pattern_set(td->input_text.data, data_len); - td->input_text.len = data_len; - } - - if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) - td->app_type = RTE_TLS_TYPE_MAX; - else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) - td->app_type = RTE_TLS_TYPE_HANDSHAKE; - tls_pkt_size = td->input_text.len; + if (flags->data_walkthrough || flags->zero_len) { + test_sec_proto_pattern_set(td->input_text.data, data_len); + td->input_text.len = data_len; + } - if (!td->aead) { - mac_len = td->xform.chain.auth.auth.digest_length; - switch (td->xform.chain.cipher.cipher.algo) { - case RTE_CRYPTO_CIPHER_3DES_CBC: - roundup_len = 8; + if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM) + td->app_type = RTE_TLS_TYPE_MAX; + else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) + td->app_type = RTE_TLS_TYPE_HANDSHAKE; + + tls_pkt_size = td->input_text.len; + + if (!td->aead) { + mac_len = td->xform.chain.auth.auth.digest_length; + switch (td->xform.chain.cipher.cipher.algo) { + case RTE_CRYPTO_CIPHER_3DES_CBC: + roundup_len = 8; + exp_nonce_len = 8; + break; + case RTE_CRYPTO_CIPHER_AES_CBC: + roundup_len = 16; + exp_nonce_len = 16; + break; + default: + roundup_len = 0; + exp_nonce_len = 0; + break; + } + } else { + mac_len = td->xform.aead.aead.digest_length; + roundup_len = 0; exp_nonce_len = 8; + } + + switch (td->tls_record_xform.ver) { + case RTE_SECURITY_VERSION_TLS_1_2: + case RTE_SECURITY_VERSION_TLS_1_3: + hdr_len = sizeof(struct rte_tls_hdr); + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; - case RTE_CRYPTO_CIPHER_AES_CBC: - roundup_len = 16; - exp_nonce_len = 16; + case RTE_SECURITY_VERSION_DTLS_1_2: + hdr_len = sizeof(struct rte_dtls_hdr); + if (td->aead) + min_padding = 0; + else + min_padding = 1; break; default: - roundup_len = 0; - exp_nonce_len = 0; + hdr_len = 0; + min_padding = 0; break; } - } else { - mac_len = td->xform.aead.aead.digest_length; - roundup_len = 0; - exp_nonce_len = 8; - } - - switch (td->tls_record_xform.ver) { - case RTE_SECURITY_VERSION_TLS_1_2: - case RTE_SECURITY_VERSION_TLS_1_3: - hdr_len = sizeof(struct rte_tls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; - break; - case RTE_SECURITY_VERSION_DTLS_1_2: - hdr_len = sizeof(struct rte_dtls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; - break; - default: - hdr_len = 0; - min_padding = 0; - break; - } - tls_pkt_size += mac_len; + tls_pkt_size += mac_len; - /* Padding */ - tls_pkt_size += min_padding; + /* Padding */ + tls_pkt_size += min_padding; - if (roundup_len) - tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); + if (roundup_len) + tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len); - /* Explicit nonce */ - tls_pkt_size += exp_nonce_len; + /* Explicit nonce */ + tls_pkt_size += exp_nonce_len; - /* Add TLS header */ - tls_pkt_size += hdr_len; + /* Add TLS header */ + tls_pkt_size += hdr_len; - td->output_text.len = tls_pkt_size; + td->output_text.len = tls_pkt_size; - RTE_SET_USED(flags); + } } void diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 68e243b842..efb16aed7d 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -89,16 +89,18 @@ struct tls_record_test_data { struct rte_security_tls_record_xform tls_record_xform; uint8_t app_type; bool aead; + bool ar_packet; }; struct tls_record_test_flags { bool display_alg; - uint8_t nb_segs_in_mbuf; bool data_walkthrough; - enum rte_security_tls_version tls_version; bool pkt_corruption; - enum tls_record_test_content_type content_type; bool zero_len; + uint8_t nb_segs_in_mbuf; + enum rte_security_tls_version tls_version; + enum tls_record_test_content_type content_type; + int ar_win_size; }; extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1; @@ -123,7 +125,8 @@ extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; -int test_tls_record_status_check(struct rte_crypto_op *op); +int test_tls_record_status_check(struct rte_crypto_op *op, + const struct tls_record_test_data *td); int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_record_xform, const struct rte_security_capability *sec_cap, bool silent); From patchwork Wed Mar 13 10:58:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138319 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5AF8A43C9F; Wed, 13 Mar 2024 12:00:38 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C4D3E42E38; Wed, 13 Mar 2024 11:59:43 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9F87F42E31 for ; Wed, 13 Mar 2024 11:59:41 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D85U75026170; Wed, 13 Mar 2024 03:59:41 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=hUtqU/yXA2GB0/nLUN23+hf9RM9VWcLiYWBADHi37hE=; b=SCK r833Fh+97D7LlXA8li8rxZEOLwXqpK4agF/AqcfwbcCMrtiEwoxDbLjzE9S0s8Ip CE+Q6jwUFmUWAYfy/NphReJyRNy4SiasaXVy2ZWZPulALp+CCpVXLE+NdfbQOUUj ZoBK+XSfCgbTphRmryv+6q0QeLR3VfVZKl/m7UWAjy8DKR03quCw4+D4VuOtrKtj BnGka6G8gD07GDGBucG/MLKNLDYXRLq37U72xHH4pqt0RTgKFH5vjYbPD8kb4NJr FL68ubv3yMqoW7eOA9hjKqHxcEGu+yG/KU7dZPk+jpwXJ32+3ToB83nb7sSBXqB7 GnmE9mcUD3XJlNcD9UQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1eud-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:40 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:39 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 13 Mar 2024 03:59:39 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:39 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 251A83F7080; Wed, 13 Mar 2024 03:59:36 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 12/21] test/security: add more DTLS anti-replay window sz Date: Wed, 13 Mar 2024 16:28:52 +0530 Message-ID: <20240313105901.1959675-13-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: SKpXcU4XsngFhHWxVRtjn4ZbjEW1AuHU X-Proofpoint-GUID: SKpXcU4XsngFhHWxVRtjn4ZbjEW1AuHU X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add anti-replay tests for window sizes 128, 256, 512, 1024, 2048 and 4096 window sizes in DTLS 1.2 suite. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 72 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 3 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 904bad39d3..72d91d23a2 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12259,12 +12259,12 @@ test_dtls_pkt_replay(const uint64_t seq_no[], } static int -test_dtls_1_2_record_proto_antireplay(void) +test_dtls_1_2_record_proto_antireplay(uint64_t winsz) { struct tls_record_test_flags flags; - uint64_t winsz = 64, seq_no[5]; uint32_t nb_pkts = 5; bool replayed_pkt[5]; + uint64_t seq_no[5]; memset(&flags, 0, sizeof(flags)); @@ -12291,6 +12291,48 @@ test_dtls_1_2_record_proto_antireplay(void) return test_dtls_pkt_replay(seq_no, replayed_pkt, nb_pkts, &flags); } +static int +test_dtls_1_2_record_proto_antireplay64(void) +{ + return test_dtls_1_2_record_proto_antireplay(64); +} + +static int +test_dtls_1_2_record_proto_antireplay128(void) +{ + return test_dtls_1_2_record_proto_antireplay(128); +} + +static int +test_dtls_1_2_record_proto_antireplay256(void) +{ + return test_dtls_1_2_record_proto_antireplay(256); +} + +static int +test_dtls_1_2_record_proto_antireplay512(void) +{ + return test_dtls_1_2_record_proto_antireplay(512); +} + +static int +test_dtls_1_2_record_proto_antireplay1024(void) +{ + return test_dtls_1_2_record_proto_antireplay(1024); +} + +static int +test_dtls_1_2_record_proto_antireplay2048(void) +{ + return test_dtls_1_2_record_proto_antireplay(2048); +} + +static int +test_dtls_1_2_record_proto_antireplay4096(void) +{ + return test_dtls_1_2_record_proto_antireplay(4096); +} + static int test_dtls_1_2_record_proto_sgl(void) { @@ -17609,7 +17651,31 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { TEST_CASE_NAMED_ST( "Antireplay with window size 64", ut_setup_security, ut_teardown, - test_dtls_1_2_record_proto_antireplay), + test_dtls_1_2_record_proto_antireplay64), + TEST_CASE_NAMED_ST( + "Antireplay with window size 128", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay128), + TEST_CASE_NAMED_ST( + "Antireplay with window size 256", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay256), + TEST_CASE_NAMED_ST( + "Antireplay with window size 512", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay512), + TEST_CASE_NAMED_ST( + "Antireplay with window size 1024", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay1024), + TEST_CASE_NAMED_ST( + "Antireplay with window size 2048", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay2048), + TEST_CASE_NAMED_ST( + "Antireplay with window size 4096", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_antireplay4096), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 10:58:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138320 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 89BE243C9F; Wed, 13 Mar 2024 12:00:45 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2A63742E19; Wed, 13 Mar 2024 11:59:46 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 7715B42E3E for ; Wed, 13 Mar 2024 11:59:44 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D7soFf025871; Wed, 13 Mar 2024 03:59:43 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=JELIBNpBgLbLJhtjtZIM3O4o2Fg6QQT4MSVLZdo96LQ=; b=TT6 TZjQYUkL27wnR/KKRIPu2gdkt98u1LeR5TQJafU6smDis0gTADuIrtNuNzV/1cDE qnYexfFVDh4FGtGWP3KcfDWLZjZQGWe9284y/TrCqFzBcRSP+y+vSCvmKFHmp5rB 96+Yu/oMe0hCa/0km8wcMyUb3bk8WC6tYYKO5bpqApKFvkOKNNN8gsDuK4iwm2oT UtOSewxzp+BbkS8/RhFlcF1y8haD5pKrcY/Npk6/fKxw4wMxUNNTNuc7H5zQrQ/E Tbi+qJ/p0CthbICs8t4ttBKDZIIV+sejhsXFKxeZgd1eJEvy9J0V4gWIMo46WxSv mcwBWDut+KWxQaxd59w== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1euh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:43 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:42 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 13 Mar 2024 03:59:42 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:42 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 056E43F7080; Wed, 13 Mar 2024 03:59:39 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 13/21] test/crypto: update verification of header Date: Wed, 13 Mar 2024 16:28:53 +0530 Message-ID: <20240313105901.1959675-14-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: OdCzw9IvV_a2M3xh9SS6IkQX-W-4_-DI X-Proofpoint-GUID: OdCzw9IvV_a2M3xh9SS6IkQX-W-4_-DI X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri In TLS 1.3, the version in the header would be TLS 1.2 and the content type would be APP irrespective of the type of the payload. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev_security_tls_record.c | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 907e043ddd..498c4923e0 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -275,9 +275,9 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp hdr_len = sizeof(struct rte_tls_hdr); } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text; - if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_3) { + if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) { printf("Incorrect header version [expected - %4x, received - %4x]\n", - RTE_TLS_VERSION_1_3, rte_be_to_cpu_16(hdr->version)); + RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version)); return TEST_FAILED; } content_type = hdr->type; @@ -297,10 +297,18 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp return TEST_FAILED; } - if (content_type != td->app_type) { - printf("Incorrect content type in packet [expected - %d, received - %d]\n", - td->app_type, content_type); - return TEST_FAILED; + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) { + if (content_type != RTE_TLS_TYPE_APPDATA) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } + } else { + if (content_type != td->app_type) { + printf("Incorrect content type in packet [expected - %d, received - %d]\n", + td->app_type, content_type); + return TEST_FAILED; + } } if (length != td->output_text.len - hdr_len) { From patchwork Wed Mar 13 10:58:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138321 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 840ED43C9F; Wed, 13 Mar 2024 12:00:54 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C490F42E33; Wed, 13 Mar 2024 11:59:49 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id B784642E1B for ; Wed, 13 Mar 2024 11:59:46 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D85U76026170; Wed, 13 Mar 2024 03:59:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=WKG5i/Pf7ejZ88s/DOhUDIisYm4sfQeV4gxVWx726wc=; b=Vfp K5bGbGSqcaDYs+FIIunoO/Vl94VIGQgSHmaIpmusAPjd5lcMjsT5bmxzX6Q9tqFR Q88I92kSItc6OGOPeRxpINMAw56YIDEx+dymfuURu5jf8ZDPYUegkkc/8NGS2s6h Krdjk/i6oEkVeyt8hXAslXScc5NQP4RUbShAM+W8/obmwe4sZZ840vZ/V/Vp7Qlk ukhW5PurFd8Yj1m9quI5e4hFBoyBNiF3x8c2H6EMkklzChF4IQzsng9wXHgpMIcn MKJPZ/hSx7hTjpwI+Fv9hfpIRcaziKnCbXrlse1RTchdLKnrrF4uSS1RcwO3vICv CLMX8W4dRuYJLeLLT+w== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1eup-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:46 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:45 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:45 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id DB98C3F704F; Wed, 13 Mar 2024 03:59:42 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 14/21] test/crypto: add TLS 1.3 vectors Date: Wed, 13 Mar 2024 16:28:54 +0530 Message-ID: <20240313105901.1959675-15-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: aAJcCSpc0djG1dqDVcWMPg4KkhbB5jSp X-Proofpoint-GUID: aAJcCSpc0djG1dqDVcWMPg4KkhbB5jSp X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added vectors and test suite for TLS 1.3 AES-128-GCM, AES-256-GCM and CHACHA20-POLY1305 vectors. The vectors are generated using gnuTLS client server application. Signed-off-by: Akhil Goyal --- app/test/test_cryptodev.c | 35 +++ app/test/test_cryptodev_security_tls_record.h | 3 + ...yptodev_security_tls_record_test_vectors.h | 205 ++++++++++++++++++ 3 files changed, 243 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 72d91d23a2..aa9fffe50e 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -17680,6 +17680,40 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { } }; +static struct unit_test_suite tls13_record_proto_testsuite = { + .suite_name = "TLS 1.3 Record Protocol Unit Test Suite", + .setup = tls_record_proto_testsuite_setup, + .unit_test_cases = { + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Write record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec, &tls13_test_data_chacha20_poly1305), + + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-128", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector AES-GCM-256", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Read record known vector CHACHA20-POLY1305", + ut_setup_security, ut_teardown, + test_tls_record_proto_known_vec_read, &tls13_test_data_chacha20_poly1305), + + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + #define ADD_UPLINK_TESTCASE(data) \ TEST_CASE_NAMED_WITH_DATA(data.test_descr_uplink, ut_setup_security, \ ut_teardown, test_docsis_proto_uplink, (const void *) &data), \ @@ -18699,6 +18733,7 @@ run_cryptodev_testsuite(const char *pmd_name) &docsis_proto_testsuite, &tls12_record_proto_testsuite, &dtls12_record_proto_testsuite, + &tls13_record_proto_testsuite, #endif &end_testsuite }; diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index efb16aed7d..9fbc64605d 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -124,6 +124,9 @@ extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha256_hmac; extern struct tls_record_test_data dtls_test_data_aes_256_cbc_sha384_hmac; extern struct tls_record_test_data dtls_test_data_3des_cbc_sha1_hmac; extern struct tls_record_test_data dtls_test_data_null_cipher_sha1_hmac; +extern struct tls_record_test_data tls13_test_data_aes_128_gcm; +extern struct tls_record_test_data tls13_test_data_aes_256_gcm; +extern struct tls_record_test_data tls13_test_data_chacha20_poly1305; int test_tls_record_status_check(struct rte_crypto_op *op, const struct tls_record_test_data *td); diff --git a/app/test/test_cryptodev_security_tls_record_test_vectors.h b/app/test/test_cryptodev_security_tls_record_test_vectors.h index 27b07cd54a..8af17b07e5 100644 --- a/app/test/test_cryptodev_security_tls_record_test_vectors.h +++ b/app/test/test_cryptodev_security_tls_record_test_vectors.h @@ -1781,4 +1781,209 @@ struct tls_record_test_data tls_test_data_3des_cbc_sha1_hmac = { .app_type = 0x17, }; +/* TLS 1.3 AES-128-GCM */ +struct tls_record_test_data tls13_test_data_aes_128_gcm = { + .key = { + .data = { + 0x03, 0x12, 0xf5, 0x86, 0xe4, 0xd0, 0x27, 0xc7, + 0x47, 0x82, 0x44, 0xca, 0xd3, 0xce, 0x06, 0x6c, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 43, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0x52, 0xb5, 0x24, 0xce, 0x5c, 0x29, 0x0f, 0x0a, + 0x3a, 0xc0, 0x60, 0xaf, 0xba, 0xe3, 0x0d, 0x28, + 0x6c, 0xbb, 0x3e, 0x5f, 0xde, 0x4a, 0xcd, 0xf1, + 0x30, 0x12, 0xa9, 0x42, 0x95, 0x55, 0xf5, 0x2c, + 0xb7, 0xb6, 0x60, 0x82, 0xa2, 0x1d, 0x34, 0x33, + 0x0a, 0xd7, 0x48, 0x40, 0xef, 0xab, 0x70, 0xa7, + 0xb2, 0x58, 0x41, 0xdb, 0xf6, 0x37, 0xe4, 0x6d, + 0xa3, 0x1e, 0xbf, 0x6f, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0x8d, 0x1f, 0xa0, 0x14, 0xc7, 0x66, 0x9f, 0x93, + 0x74, 0x3f, 0x46, 0x52, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 16, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + +/* TLS 1.3 AES-256-GCM */ +struct tls_record_test_data tls13_test_data_aes_256_gcm = { + .key = { + .data = { + 0xc9, 0xc2, 0xa2, 0x4c, 0x4e, 0x36, 0x19, 0x6e, + 0xd8, 0xf5, 0xb9, 0x14, 0x30, 0xfc, 0xe0, 0xef, + 0x29, 0xb0, 0x00, 0xd1, 0x2d, 0xfc, 0x5a, 0x76, + 0x50, 0xf4, 0xf3, 0xb1, 0x82, 0x21, 0x57, 0x82, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, + 0x47, 0x43, 0x4d, 0x20, 0x65, 0x78, 0x61, 0x6d, + 0x70, 0x6c, 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0xa, + }, + .len = 43, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x3c, + 0xc9, 0xb0, 0x44, 0x23, 0xd5, 0xe2, 0xbd, 0x1d, + 0xf1, 0x96, 0x53, 0x2c, 0x8c, 0xe2, 0xa3, 0x00, + 0x7b, 0x2a, 0xb1, 0xa1, 0xd6, 0x79, 0x58, 0xb5, + 0x35, 0x1f, 0xbb, 0x98, 0x03, 0xe1, 0x82, 0xa2, + 0x1e, 0x26, 0x81, 0xbe, 0x77, 0x65, 0xaf, 0x7d, + 0x9f, 0x52, 0xec, 0x3a, 0x18, 0x2d, 0x36, 0xab, + 0xdc, 0xa9, 0xfb, 0xd3, 0xa8, 0xd5, 0xbc, 0x98, + 0xa4, 0xab, 0x70, 0xe9, + }, + .len = 65, + }, + .imp_nonce = { + .data = { + 0xd4, 0x78, 0xf2, 0x90, 0x61, 0x5d, 0x8c, 0x63, + 0x4b, 0xf4, 0x72, 0xf3, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + +struct tls_record_test_data tls13_test_data_chacha20_poly1305 = { + .key = { + .data = { + 0xec, 0x7d, 0x7a, 0x3f, 0x91, 0xdd, 0xb9, 0x70, + 0x95, 0x3b, 0x99, 0xb0, 0xe7, 0x66, 0xda, 0xdc, + 0x85, 0xbb, 0xfc, 0xc8, 0x50, 0xe9, 0x61, 0x88, + 0xc8, 0x1e, 0xf0, 0x61, 0xb0, 0xcd, 0x6c, 0x3d, + }, + }, + .input_text = { + .data = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x20, + 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, + 0x2d, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, + 0x35, 0x20, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x20, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0xa, + }, + .len = 49, + }, + .output_text = { + .data = { + 0x17, 0x03, 0x03, 0x00, 0x42, + 0x9a, 0xc1, 0xd9, 0x0e, 0xf9, 0x4c, 0x51, 0x8c, + 0xb4, 0xa7, 0x54, 0x57, 0x56, 0xba, 0xbb, 0xf7, + 0xd7, 0x1d, 0x49, 0x5a, 0x42, 0xd2, 0xab, 0x75, + 0x3f, 0xb1, 0x5f, 0xb5, 0x2b, 0x2b, 0xa3, 0xc5, + 0x61, 0x32, 0x7e, 0x62, 0x1e, 0xf5, 0x56, 0xff, + 0x84, 0x8e, 0x9a, 0x99, 0x06, 0xba, 0x3b, 0xc0, + 0x15, 0x4c, 0xf5, 0xb1, 0x5e, 0xcc, 0xff, 0x42, + 0x79, 0x4b, 0xa9, 0x23, 0x16, 0x08, 0xc3, 0x9a, + 0x52, 0x2a, + }, + .len = 71, + }, + .imp_nonce = { + .data = { + 0x3c, 0x28, 0xa0, 0xb8, 0xf8, 0x74, 0x35, 0xfe, + 0xd2, 0xa0, 0x31, 0x28, + }, + .len = 12, + }, + + .xform = { + .aead = { + .next = NULL, + .type = RTE_CRYPTO_SYM_XFORM_AEAD, + .aead = { + .op = RTE_CRYPTO_AEAD_OP_ENCRYPT, + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .key.length = 32, + .iv.length = 0, + .iv.offset = 0, + .digest_length = 16, + .aad_length = 5, + }, + }, + }, + + .tls_record_xform = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .tls_1_3.seq_no = 0x0, + }, + + .aead = true, + .app_type = 0x17, +}; + #endif From patchwork Wed Mar 13 10:58:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138327 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E676143C9F; Wed, 13 Mar 2024 12:01:41 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2097942E52; Wed, 13 Mar 2024 12:00:23 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 4A07942E2E for ; Wed, 13 Mar 2024 12:00:11 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D7meri025198; Wed, 13 Mar 2024 04:00:10 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=ddegzEs66gOmvLOKeFIHelz97LFF8NnupcFMSi2iZkc=; b=SGw ahvphIqlILia/KGo0R7/1G5AIknNMaGSaRL0zSzCdbIBtIhmqYJaCHQE7ee2PeAD BBJ+dNQJoBn48UGzDN9KsMo91n2QqQixto6XGfu+0qqBSBlnJwSjmFWYHpHnh/QQ UzJ2VBV/zAv7u/1eyBPRZY4+NaSpCJbwP6fBdwFpDc5nr2CZjIA7nos09gcOTFeD +Oi/pbMzi6zO99qfBgNCuwNcsQ8so7yP5EO1Fsq0HpjoxjbxnIVzwRBCBg7sUlxS L+p5+byCgmwgqfoOYileCxXZZkwEVw26DJ+bAbM1aVtG7aeG2U9qHjMvjnfODVJL pYXbjSosNmoMuG06OxQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1ewn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 04:00:10 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 04:00:09 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 13 Mar 2024 03:59:48 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:48 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id BEA9E3F704F; Wed, 13 Mar 2024 03:59:45 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 15/21] test/crypto: update framework to verify tls-1.3 Date: Wed, 13 Mar 2024 16:28:55 +0530 Message-ID: <20240313105901.1959675-16-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: O0Ww5VRS1LmEop3g_45pt8gtRpeAkLkz X-Proofpoint-GUID: O0Ww5VRS1LmEop3g_45pt8gtRpeAkLkz X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Update the fields in preparation of test descriptor. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 17 +++++--- app/test/test_cryptodev_security_tls_record.c | 43 ++++++++++++------- app/test/test_cryptodev_security_tls_record.h | 10 ++--- 3 files changed, 43 insertions(+), 27 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index aa9fffe50e..25777c1b1f 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11889,8 +11889,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->op->param1.tls_record.content_type = td[i].app_type; /* Copy IV in crypto operation when IV generation is disabled */ - if (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE && - tls_record_xform.options.iv_gen_disable == 1) { + if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) && + (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) && + (tls_record_xform.options.iv_gen_disable == 1)) { uint8_t *iv; int len; @@ -12005,8 +12006,10 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (flags->zero_len) payload_len = 0; again: - test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts, payload_len); + ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, + flags, td_outb, nb_pkts, payload_len); + if (ret == TEST_SKIPPED) + continue; ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags); if (ret == TEST_SKIPPED) @@ -12218,8 +12221,10 @@ test_dtls_pkt_replay(const uint64_t seq_no[], int ret; for (i = 0; i < RTE_DIM(sec_alg_list); i++) { - test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags, - td_outb, nb_pkts, 0); + ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, + flags, td_outb, nb_pkts, 0); + if (ret == TEST_SKIPPED) + continue; for (idx = 0; idx < nb_pkts; idx++) td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx]; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 498c4923e0..96d0a94731 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -70,7 +70,7 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, } } -void +int test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2, const struct tls_record_test_flags *flags, struct tls_record_test_data *td_array, @@ -79,6 +79,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0; struct tls_record_test_data *td = NULL; + if ((flags->tls_version == RTE_SECURITY_VERSION_TLS_1_3) && + (param1->type != RTE_CRYPTO_SYM_XFORM_AEAD)) + return TEST_SKIPPED; + memset(td_array, 0, nb_td * sizeof(*td)); for (i = 0; i < nb_td; i++) { @@ -88,10 +92,17 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* Copy template for packet & key fields */ - if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2) - memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); - else + switch (flags->tls_version) { + case RTE_SECURITY_VERSION_TLS_1_2: memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td)); + break; + case RTE_SECURITY_VERSION_DTLS_1_2: + memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td)); + break; + case RTE_SECURITY_VERSION_TLS_1_3: + memcpy(td, &tls13_test_data_aes_128_gcm, sizeof(*td)); + break; + } td->aead = true; td->xform.aead.aead.algo = param1->alg.aead; @@ -127,6 +138,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt if (!td->aead) { mac_len = td->xform.chain.auth.auth.digest_length; + min_padding = 1; switch (td->xform.chain.cipher.cipher.algo) { case RTE_CRYPTO_CIPHER_3DES_CBC: roundup_len = 8; @@ -143,30 +155,28 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt } } else { mac_len = td->xform.aead.aead.digest_length; + min_padding = 0; roundup_len = 0; - exp_nonce_len = 8; + if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) + exp_nonce_len = 0; + else + exp_nonce_len = 8; } switch (td->tls_record_xform.ver) { case RTE_SECURITY_VERSION_TLS_1_2: + hdr_len = sizeof(struct rte_tls_hdr); + break; case RTE_SECURITY_VERSION_TLS_1_3: hdr_len = sizeof(struct rte_tls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; + /* Add 1 byte for content type in packet */ + tls_pkt_size += 1; break; case RTE_SECURITY_VERSION_DTLS_1_2: hdr_len = sizeof(struct rte_dtls_hdr); - if (td->aead) - min_padding = 0; - else - min_padding = 1; break; default: - hdr_len = 0; - min_padding = 0; - break; + return TEST_SKIPPED; } tls_pkt_size += mac_len; @@ -186,6 +196,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt td->output_text.len = tls_pkt_size; } + return TEST_SUCCESS; } void diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 9fbc64605d..0138770fac 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -137,11 +137,11 @@ int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_re void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out, struct tls_record_test_data *td_in); -void test_tls_record_td_prepare(const struct crypto_param *param1, - const struct crypto_param *param2, - const struct tls_record_test_flags *flags, - struct tls_record_test_data *td_array, int nb_td, - unsigned int data_len); +int test_tls_record_td_prepare(const struct crypto_param *param1, + const struct crypto_param *param2, + const struct tls_record_test_flags *flags, + struct tls_record_test_data *td_array, int nb_td, + unsigned int data_len); void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_data td_outb[], int nb_td, From patchwork Wed Mar 13 10:58:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138322 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AF0FE43C9F; Wed, 13 Mar 2024 12:01:01 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3408342DCB; Wed, 13 Mar 2024 11:59:55 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 1CEE442DCB for ; Wed, 13 Mar 2024 11:59:53 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D87Nn3025859; Wed, 13 Mar 2024 03:59:52 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=bHrEq19FgAEkbHiaqJqghnqAMcdVoXeDUu5m2n0h1Gk=; b=MOo G5Fre3kUdSVeA1Uorh1AzwS7BiORMpK7g7Bb8GhGnrwTOptAiJYTIqvswtAXM89v BPaDAU9vzjwn+C+fM4uv1OKK9Q7dk3maTgMY2V7QwSxvS0iKs9dITsRuFy9Q02hA JUIZ+NrKbSyEEsTNHIVzXxYJLu0bOfsFD/PmS3fkENdPHFVCcEG8mEKzK6GbHRwD WkIbSTxGpjjmveW8pgQlW+I/qZasW47ISZhLQWybpTIDOZ7tox1I1/dmJSv4XJaH AlpMuhy/4jr/DpTbq+qU/vCZQl4bY+VgEXuBflCMQ56I8twsNZUcyHXMtMFI6lDO GsMLJmToZbjdkRWZzew== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1ev1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:52 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:51 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 13 Mar 2024 03:59:51 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:50 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 9F7CD3F7082; Wed, 13 Mar 2024 03:59:48 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 16/21] test/crypto: test to verify hdr corruption in TLS Date: Wed, 13 Mar 2024 16:28:56 +0530 Message-ID: <20240313105901.1959675-17-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 0ZFRgI9T4okLC8NImxwSR0gr8Wj6wkaa X-Proofpoint-GUID: 0ZFRgI9T4okLC8NImxwSR0gr8Wj6wkaa X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with header corruption. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 25777c1b1f..9f0a737913 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12424,6 +12424,20 @@ test_dtls_1_2_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_1_3_record_proto_corrupt_pkt(void) +{ + struct tls_record_test_flags flags = { + .pkt_corruption = 1, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17714,7 +17728,10 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "Read record known vector CHACHA20-POLY1305", ut_setup_security, ut_teardown, test_tls_record_proto_known_vec_read, &tls13_test_data_chacha20_poly1305), - + TEST_CASE_NAMED_ST( + "TLS-1.3 record header corruption", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_corrupt_pkt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 10:58:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138323 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B79AA43C9F; Wed, 13 Mar 2024 12:01:09 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DFE5142E14; Wed, 13 Mar 2024 11:59:56 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id C417C42DFC for ; Wed, 13 Mar 2024 11:59:55 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D7mere025198; Wed, 13 Mar 2024 03:59:55 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=5y2J6CebcndISM9cZDkKw+oChKoH/YJrcVIE8ssUy0I=; b=SRH toUDObP9c5ktF5GlAf+zcvLvKqmmygjwFVFgw/6VwVTkS88fJ5Mfq8m5+4MC3tAb TxMMNIQK4zq1piMYGfyxrrsteBPETv6J1ciqCMRdoat2GSo+c6ESOK43qA40S6hG qRMbkPF6eUmewO+Ov3xCW/2T5yB/qSqiyJ9R9FxBZTpbpc8PFLw8tQGK4WWMr7i6 3ngR0YHdgdXh27KRjjvWdyute0CCkwlCNtfbBeDK3Cs9SnEmWEvajlSwb4MZIgxS Ix6QPaNdVKuamWfxajILBXFQ9d/ZXw4wmblhujmHBbm1UdTATDISGAb7xMGQEMyE lSjz85OI0AOuamvAZKg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1ev4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:55 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:53 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:53 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 80ADE3F7080; Wed, 13 Mar 2024 03:59:51 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 17/21] test/crypto: test to verify custom content type in TLS Date: Wed, 13 Mar 2024 16:28:57 +0530 Message-ID: <20240313105901.1959675-18-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: OajWYPHjYfcG2ZY_ZAxIWHnnznvRsz6n X-Proofpoint-GUID: OajWYPHjYfcG2ZY_ZAxIWHnnznvRsz6n X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with content type as custom. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9f0a737913..fe4fcfbfdb 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12438,6 +12438,21 @@ test_tls_1_3_record_proto_corrupt_pkt(void) return test_tls_record_proto_all(&flags); } + +static int +test_tls_1_3_record_proto_custom_content_type(void) +{ + struct tls_record_test_flags flags = { + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17732,6 +17747,10 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "TLS-1.3 record header corruption", ut_setup_security, ut_teardown, test_tls_1_3_record_proto_corrupt_pkt), + TEST_CASE_NAMED_ST( + "TLS-1.3 record header with custom content type", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_custom_content_type), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 10:58:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138324 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 965A043C9F; Wed, 13 Mar 2024 12:01:19 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C4C9342E1A; Wed, 13 Mar 2024 12:00:18 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E4DB642E4D for ; Wed, 13 Mar 2024 11:59:58 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D9WphD022169; Wed, 13 Mar 2024 03:59:58 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=m7mqdFjoWrCEKetDqdlKORbJ3M/8k/8L0RROfpRwkYU=; b=SYo +GTPr4EmFZHBPbPPfBw7yQsk4ez7ce+3ptHrbBPxPjn4lL3LgLkmhLKtbgohA1ZJ JUKHNeI7yFRZF2TuI6y0G++HxUDJN+FZpXCbcoIGIoHhm2epz2ByaltEwJdxThaO fYglvSC3Tg92K6hGc09YiQBS6nWcwrxDzqE247DuSM2AASD9R/2rKc6FU+L1aN0i Gm8h95YzO+nnCk0/YTM0vijylWUKvyhef3JT2Rw2vQixx4RENoLxRunLI34DB7OJ rivD7j//jrW1QKIZxUaGauQ26nFPy/dbVA02DHqUCY4WrbYF6mY8FioFJCT4W0di st9E5tUF/YhdcSsroBw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wu9kvr7xw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 03:59:58 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:56 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:56 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 61ECE3F7080; Wed, 13 Mar 2024 03:59:54 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 18/21] test/crypto: test to verify zero len record in TLS Date: Wed, 13 Mar 2024 16:28:58 +0530 Message-ID: <20240313105901.1959675-19-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: -1fo9YElDqHTiJ1d9POCdCDHgSmeHMU9 X-Proofpoint-ORIG-GUID: -1fo9YElDqHTiJ1d9POCdCDHgSmeHMU9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify TLS-1.3 record with zero length. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fe4fcfbfdb..8ad5033f32 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12453,6 +12453,37 @@ test_tls_1_3_record_proto_custom_content_type(void) return test_tls_record_proto_all(&flags); } + +static int +test_tls_1_3_record_proto_zero_len(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_3_record_proto_zero_len_non_app(void) +{ + struct tls_record_test_flags flags = { + .zero_len = 1, + .content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE, + .tls_version = RTE_SECURITY_VERSION_TLS_1_3 + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} #endif static int @@ -17751,6 +17782,14 @@ static struct unit_test_suite tls13_record_proto_testsuite = { "TLS-1.3 record header with custom content type", ut_setup_security, ut_teardown, test_tls_1_3_record_proto_custom_content_type), + TEST_CASE_NAMED_ST( + "TLS-1.3 record with zero len and content type as app", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_zero_len), + TEST_CASE_NAMED_ST( + "TLS-1.3 record with zero len and content type as ctrl", + ut_setup_security, ut_teardown, + test_tls_1_3_record_proto_zero_len_non_app), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 10:58:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138325 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C792643C9F; Wed, 13 Mar 2024 12:01:27 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6128042E37; Wed, 13 Mar 2024 12:00:20 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id CA61842E46 for ; Wed, 13 Mar 2024 12:00:01 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D85U79026170; Wed, 13 Mar 2024 04:00:01 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=wBcTxwKqY4SO3C68l/dy+E/dGXVHmXpXqizt1ewiCk8=; b=UNX /ACcwU7CgRflXom5gHUG+uCBk1Vv8FtiDO6J4XdMI10BVZdwb2uKfnAfzce3+/Gq M6o5ZL+yOdGo/cWi8+7uiWPW5Xmtvzh8UsxOINSoPGO7kyhYe+FROBjF9yI4EUiJ k3utGt+ekdzFifUBM/m2loOS/KP08Ax5cpzrisc0mlvv+CbcI2E61bi+hsIt1eqJ 15fIKuu8NubqaGXdOA/8xVK7OEmFnQPkxIAKY9uBi/n+rQ/z2h8mNzK61MMb8ISG e/942hByLXJwnD8B0X3hgohjfryzjOqeZnRC4jl1QQPRI8tqRZ2MgfoUu6Gwp6zf I0pzZ5hvRXQoZgwuiKA== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1evm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 04:00:01 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 03:59:59 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 03:59:59 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 4397E3F7080; Wed, 13 Mar 2024 03:59:57 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 19/21] test/crypto: unit tests to verify padding in TLS Date: Wed, 13 Mar 2024 16:28:59 +0530 Message-ID: <20240313105901.1959675-20-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 3oiUfvE3tusdL61bsep3MeXg--0ee8dX X-Proofpoint-GUID: 3oiUfvE3tusdL61bsep3MeXg--0ee8dX X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the padding for TLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 85 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 28 ++++-- app/test/test_cryptodev_security_tls_record.h | 5 +- 3 files changed, 109 insertions(+), 9 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 8ad5033f32..a324c1607b 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11834,6 +11834,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (td[0].aead) test_tls_record_imp_nonce_update(&td[0], &tls_record_xform); + if (flags->opt_padding) + tls_record_xform.options.extra_padding_enable = 1; + sess_conf.tls_record = tls_record_xform; if (td[0].aead) { @@ -11888,6 +11891,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->op->sym->m_dst = NULL; ut_params->op->param1.tls_record.content_type = td[i].app_type; + if (flags->opt_padding) + ut_params->op->aux_flags = flags->opt_padding; + /* Copy IV in crypto operation when IV generation is disabled */ if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) && (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) && @@ -11915,7 +11921,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, - silent); + silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; } @@ -12184,6 +12190,59 @@ test_tls_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_opt_padding(uint8_t padding, uint8_t num_segs, + enum rte_security_tls_version tls_version) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = num_segs, + .tls_version = tls_version, + .opt_padding = padding + }; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_record_proto_dm_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_dm_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 2, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_2(void) +{ + return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_TLS_1_2); +} + +static int +test_tls_record_proto_sg_opt_padding_max(void) +{ + return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17578,6 +17637,30 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Zero len TLS record with content type as ctrl", ut_setup_security, ut_teardown, test_tls_record_proto_zero_len_non_app), + TEST_CASE_NAMED_ST( + "TLS record DM mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_dm_opt_padding), + TEST_CASE_NAMED_ST( + "TLS record DM mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_dm_opt_padding_1), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_1), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_2), + TEST_CASE_NAMED_ST( + "TLS record SG mode with optional padding > max range", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_max), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 96d0a94731..03d9efefc3 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -269,7 +269,8 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len, } static int -tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text) +tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text, + const struct tls_record_test_flags *flags) { uint16_t length, hdr_len; uint8_t content_type; @@ -322,10 +323,22 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp } } - if (length != td->output_text.len - hdr_len) { - printf("Incorrect packet length [expected - %d, received - %d]\n", - td->output_text.len - hdr_len, length); - return TEST_FAILED; + if (!flags->opt_padding) { + if (length != td->output_text.len - hdr_len) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + td->output_text.len - hdr_len, length); + return TEST_FAILED; + } + } else { + int pad_len = (flags->opt_padding * 8) > 256 ? 256 : (flags->opt_padding * 8); + int expect_len = td->output_text.len - hdr_len + pad_len; + + if (length - expect_len > 32) { + printf("Incorrect packet length [expected - %d, received - %d]\n", + expect_len, length); + return TEST_FAILED; + } + } return TEST_SUCCESS; @@ -333,7 +346,8 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, - struct tls_record_test_data *res_d, bool silent) + struct tls_record_test_data *res_d, bool silent, + const struct tls_record_test_flags *flags) { uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN]; uint32_t len = rte_pktmbuf_pkt_len(m), data_len; @@ -365,7 +379,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t } if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) { - ret = tls_record_hdr_verify(td, output_text); + ret = tls_record_hdr_verify(td, output_text, flags); if (ret != TEST_SUCCESS) return ret; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 0138770fac..a7c38218ae 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -97,7 +97,9 @@ struct tls_record_test_flags { bool data_walkthrough; bool pkt_corruption; bool zero_len; + bool padding_corruption; uint8_t nb_segs_in_mbuf; + uint8_t opt_padding; enum rte_security_tls_version tls_version; enum tls_record_test_content_type content_type; int ar_win_size; @@ -148,5 +150,6 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[], const struct tls_record_test_flags *flags); int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td, - struct tls_record_test_data *res_d, bool silent); + struct tls_record_test_data *res_d, bool silent, + const struct tls_record_test_flags *flags); #endif From patchwork Wed Mar 13 10:59:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138326 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5239E43C9F; Wed, 13 Mar 2024 12:01:35 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A024542E47; Wed, 13 Mar 2024 12:00:21 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 47B4E42DD9 for ; Wed, 13 Mar 2024 12:00:07 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D7lF0R025188; Wed, 13 Mar 2024 04:00:06 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=KBHB9syhLc7P17UnIjw132Tc/bmdbMR7lOQswGhxKwc=; b=BG1 DSFf/k5icqX3obg4zE/nUq14TpUQxTUTveDiERwLs/gB+XL5gI6kwpa2V9TKWOow +o6/sHTxLGPvgaieRHuIM33/BkOkJj8BqRJL0xA2tUtojWhfYcPDioE+rjcqkfBr U8t4izooruCaSlvcQTZU3tcEuNSwluhfRQuyKVZhNJLgBFnPLIiBCijzlUm1aSdF 9wuSvO1nOLA6MASur/6aXGPKuFYcQrOZQJ7Lnzx+KNP2N9vndfe62EKhbsns5dul lAMyQaPA+Zv6a+eF7XM624GwmGSKLnxlA12VN1/X2zVutzNmFHuZVb1KEZ8ZqqDz DZ2W4kaR9NfndfR40qw== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1ewe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 04:00:06 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 04:00:05 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 04:00:05 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 235713F7080; Wed, 13 Mar 2024 03:59:59 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 20/21] test/crypto: unit tests for padding in DTLS-1.2 Date: Wed, 13 Mar 2024 16:29:00 +0530 Message-ID: <20240313105901.1959675-21-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: yNoUTmUAMJtaNDrNnyOzKYtnLm8CCF6U X-Proofpoint-GUID: yNoUTmUAMJtaNDrNnyOzKYtnLm8CCF6U X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit tests to verify the padding for DTLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- app/test/test_cryptodev.c | 60 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index a324c1607b..572740cbf9 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12483,6 +12483,42 @@ test_dtls_1_2_record_proto_zero_len_non_app(void) return test_tls_record_proto_all(&flags); } +static int +test_dtls_1_2_record_proto_dm_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_dm_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding(void) +{ + return test_tls_record_proto_opt_padding(1, 5, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_1(void) +{ + return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_2(void) +{ + return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_DTLS_1_2); +} + +static int +test_dtls_1_2_record_proto_sg_opt_padding_max(void) +{ + return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_DTLS_1_2); +} + static int test_tls_1_3_record_proto_corrupt_pkt(void) { @@ -17824,6 +17860,30 @@ static struct unit_test_suite dtls12_record_proto_testsuite = { "Antireplay with window size 4096", ut_setup_security, ut_teardown, test_dtls_1_2_record_proto_antireplay4096), + TEST_CASE_NAMED_ST( + "DTLS record DM mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_dm_opt_padding), + TEST_CASE_NAMED_ST( + "DTLS record DM mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_dm_opt_padding_1), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding < 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_1), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > 2 blocks", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_2), + TEST_CASE_NAMED_ST( + "DTLS record SG mode with optional padding > max range", + ut_setup_security, ut_teardown, + test_dtls_1_2_record_proto_sg_opt_padding_max), TEST_CASES_END() /**< NULL terminate unit test array */ } }; From patchwork Wed Mar 13 10:59:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 138328 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2AAFE43C9F; Wed, 13 Mar 2024 12:01:49 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C4FA042E49; Wed, 13 Mar 2024 12:00:24 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id B9E5D42E2C for ; Wed, 13 Mar 2024 12:00:11 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42D7iH16025881; Wed, 13 Mar 2024 04:00:11 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=TOc42EUIQ9n5VrOFoCGhiDgWucgw/qO9Ksh8MFGlYfw=; b=R1q If/iaKOlbgyKxlv+Osm48Bx3ohM8fyi/7XAW/UCCbPm17By8MbmOARa0rSWQQUjk OVL0TbDceIQ5h46E+wWl62NifN5iuwZDVb4eiWVaPmmbyO9C4rtRDkk5MFnRtBrj P3FC+GXvCGEy8Ns27pndYBce4wuSSRjh5CWYD6AJsGYFxMsOoGNH88VBQLqT1JJg mjCDOvz3Md6xbiKwZeNh8jEArdhoCeGOS7KuDAXCjNe8hjFNGji9sytzb/ZS4JWD rs9WjLlcj0RJN3tyEA/6xNA8N4LJ3/HEEIPJqRYme6JYM8dF+Mnzf5BxwE6K1GzF nF2oNIxy4im2+olhZ1A== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1ewy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Mar 2024 04:00:11 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Wed, 13 Mar 2024 04:00:10 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Wed, 13 Mar 2024 04:00:10 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 04D993F708A; Wed, 13 Mar 2024 04:00:04 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v5 21/21] test/security: add out of place sgl test case for TLS 1.2 Date: Wed, 13 Mar 2024 16:29:01 +0530 Message-ID: <20240313105901.1959675-22-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com> References: <20240313055030.1685039-1-asasidharan@marvell.com> <20240313105901.1959675-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: eYASFculeickw8YbUO4OTok2BnA8Opv0 X-Proofpoint-GUID: eYASFculeickw8YbUO4OTok2BnA8Opv0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add TLS 1.2 out-of-place multi-segmented packet test. Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 52 ++++++++++++++++++- app/test/test_cryptodev_security_tls_record.h | 1 + 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 572740cbf9..1703ebccf1 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -11873,6 +11873,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool, td[i].input_text.len, nb_segs, 0); pktmbuf_write(ut_params->ibuf, 0, td[i].input_text.len, td[i].input_text.data); + if (flags->out_of_place) + ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool, + td[i].output_text.len, nb_segs, 0); + else + ut_params->obuf = NULL; /* Generate crypto op data structure */ ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool, @@ -11888,7 +11893,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], /* Set crypto operation mbufs */ ut_params->op->sym->m_src = ut_params->ibuf; - ut_params->op->sym->m_dst = NULL; + ut_params->op->sym->m_dst = ut_params->obuf; ut_params->op->param1.tls_record.content_type = td[i].app_type; if (flags->opt_padding) @@ -11920,7 +11925,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], res_d_tmp = &res_d[i]; if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) { - ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp, + struct rte_mbuf *buf = flags->out_of_place ? ut_params->obuf : + ut_params->ibuf; + + ret = test_tls_record_post_process(buf, &td[i], res_d_tmp, silent, flags); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -11929,6 +11937,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_crypto_op_free(ut_params->op); ut_params->op = NULL; + if (flags->out_of_place) { + rte_pktmbuf_free(ut_params->obuf); + ut_params->obuf = NULL; + } + rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; } @@ -11937,6 +11950,11 @@ test_tls_record_proto_process(const struct tls_record_test_data td[], rte_crypto_op_free(ut_params->op); ut_params->op = NULL; + if (flags->out_of_place) { + rte_pktmbuf_free(ut_params->obuf); + ut_params->obuf = NULL; + } + rte_pktmbuf_free(ut_params->ibuf); ut_params->ibuf = NULL; @@ -12127,6 +12145,32 @@ test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_ver return test_tls_record_proto_all(&flags); } +static int +test_tls_record_proto_sgl_oop(enum rte_security_tls_version tls_version) +{ + struct tls_record_test_flags flags = { + .nb_segs_in_mbuf = 5, + .out_of_place = true, + .tls_version = tls_version + }; + struct crypto_testsuite_params *ts_params = &testsuite_params; + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) { + printf("Device doesn't support in-place scatter-gather. Test Skipped.\n"); + return TEST_SKIPPED; + } + + return test_tls_record_proto_all(&flags); +} + +static int +test_tls_1_2_record_proto_sgl_oop(void) +{ + return test_tls_record_proto_sgl_oop(RTE_SECURITY_VERSION_TLS_1_2); +} + static int test_tls_1_2_record_proto_sgl_data_walkthrough(void) { @@ -17657,6 +17701,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "Multi-segmented mode data walkthrough", ut_setup_security, ut_teardown, test_tls_1_2_record_proto_sgl_data_walkthrough), + TEST_CASE_NAMED_ST( + "Multi-segmented mode out of place", + ut_setup_security, ut_teardown, + test_tls_1_2_record_proto_sgl_oop), TEST_CASE_NAMED_ST( "TLS packet header corruption", ut_setup_security, ut_teardown, diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index a7c38218ae..18a90c6ff6 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -98,6 +98,7 @@ struct tls_record_test_flags { bool pkt_corruption; bool zero_len; bool padding_corruption; + bool out_of_place; uint8_t nb_segs_in_mbuf; uint8_t opt_padding; enum rte_security_tls_version tls_version;