From patchwork Tue Mar  5 07:22:00 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aakash Sasidharan <asasidharan@marvell.com>
X-Patchwork-Id: 137968
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id C58B143C4C;
	Tue,  5 Mar 2024 08:23:17 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id D0E7A42D7D;
	Tue,  5 Mar 2024 08:22:44 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id 8CE08410EE
 for <dev@dpdk.org>; Tue,  5 Mar 2024 08:22:43 +0100 (CET)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id
 42546Lgr025169; Mon, 4 Mar 2024 23:22:43 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=
 from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding:content-type; s=
 pfpt0220; bh=n5Fkt7QrZh1rOX1uPBw/41ot5jfvEYkeFnmA0jJQVQw=; b=E+n
 vmPOwC3wLGaFA2/d7tfJDyVx1PwxW9nwGwuI3LyOgDjrKFrALelEbrHZWxhfLx0I
 cendeB7GoKk3B+ATIhOJjmh7cRDq6z3/zF0BUjcn6MsIqytaB7YPx+CyP593Qbym
 3ynuV7CXFuxyn7VyBCb5nzp089s5fZN8AObKDqs0TSVI6XGVqAH6vrsaoV9iS9lO
 yeu9xFg1mgGL88Kqc3ychNegDTYt1r6eKYLrIFbn/fTr4HeNAWBB8CxCQg7tgCy6
 RdIChGLfjhVFmU351Kjzc5ap5eJ2r5iOgFT2DhpGVqtFI/g0MfL+Nq8fCdB1yJ0f
 lWbAJ3lrIFE3wYRCxVQ==
Received: from dc5-exch05.marvell.com ([199.233.59.128])
 by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr8yr-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Mon, 04 Mar 2024 23:22:42 -0800 (PST)
Received: from DC5-EXCH05.marvell.com (10.69.176.209) by
 DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1258.12; Mon, 4 Mar 2024 23:22:41 -0800
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com
 (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend
 Transport; Mon, 4 Mar 2024 23:22:41 -0800
Received: from localhost.localdomain (unknown [10.28.36.177])
 by maili.marvell.com (Postfix) with ESMTP id EA97B3F7045;
 Mon,  4 Mar 2024 23:22:38 -0800 (PST)
From: Aakash Sasidharan <asasidharan@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Fan Zhang <fanzhang.oss@gmail.com>
CC: <jerinj@marvell.com>, <anoobj@marvell.com>, <vvelumuri@marvell.com>,
 <asasidharan@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 08/21] test/security: unit test to verify zero TLS records
Date: Tue, 5 Mar 2024 12:52:00 +0530
Message-ID: <20240305072213.283205-9-asasidharan@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com>
References: <20240305072213.283205-1-asasidharan@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: aFW1DgekQQFMDBJBLf07LNElVfhezi68
X-Proofpoint-GUID: aFW1DgekQQFMDBJBLf07LNElVfhezi68
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit tests to verify the zero len TLS records. Zero len packets are
allowed when content type is app data while zero packet length with
other content type (such as handshake) would result in an error.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     | 51 ++++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c |  5 +-
 app/test/test_cryptodev_security_tls_record.h |  2 +-
 3 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index bee40cd927..31f4c08d6a 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11984,6 +11984,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN;
 		if (flags->nb_segs_in_mbuf)
 			payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf);
+
+		if (flags->zero_len)
+			payload_len = 0;
 again:
 		test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags,
 					   td_outb, nb_pkts, payload_len);
@@ -11992,8 +11995,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
-		if (ret == TEST_FAILED)
+		if (flags->zero_len &&
+		    ((flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) ||
+		    (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) ||
+		    (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE))) {
+			if (ret == TEST_SUCCESS)
+				return TEST_FAILED;
+			goto skip_decrypt;
+		} else if (ret == TEST_FAILED) {
 			return TEST_FAILED;
+		}
 
 		test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags);
 
@@ -12009,6 +12020,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 				return TEST_FAILED;
 		}
 
+skip_decrypt:
 		if (flags->data_walkthrough && (++payload_len <= max_payload_len))
 			goto again;
 
@@ -12123,6 +12135,35 @@ test_tls_record_proto_custom_content_type(void)
 	return test_tls_record_proto_all(&flags);
 }
 
+static int
+test_tls_record_proto_zero_len(void)
+{
+	struct tls_record_test_flags flags = {
+		.zero_len = 1
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
+static int
+test_tls_record_proto_zero_len_non_app(void)
+{
+	struct tls_record_test_flags flags = {
+		.zero_len = 1,
+		.content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE,
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17251,6 +17292,14 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"Custom content type",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_custom_content_type),
+		TEST_CASE_NAMED_ST(
+			"Zero len TLS record with content type as app",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_zero_len),
+		TEST_CASE_NAMED_ST(
+			"Zero len TLS record with content type as ctrl",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_zero_len_non_app),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 9a2af259c9..c5410a4c92 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -103,13 +103,15 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 		}
 	}
 
-	if (flags->data_walkthrough) {
+	if (flags->data_walkthrough || flags->zero_len) {
 		test_sec_proto_pattern_set(td->input_text.data, data_len);
 		td->input_text.len = data_len;
 	}
 
 	if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM)
 		td->app_type = RTE_TLS_TYPE_MAX;
+	else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE)
+		td->app_type = RTE_TLS_TYPE_HANDSHAKE;
 
 	tls_pkt_size = td->input_text.len;
 
@@ -232,6 +234,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len,
 
 	memcpy(&res_d->input_text.data, output_text, len);
 	res_d->input_text.len = len;
+	res_d->output_text.len = td->input_text.len;
 
 	res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ;
 	if (res_d->aead) {
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index b707361fb6..e7ba31c449 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -98,6 +98,7 @@ struct tls_record_test_flags {
 	enum rte_security_tls_version tls_version;
 	bool pkt_corruption;
 	enum tls_record_test_content_type content_type;
+	bool zero_len;
 };
 
 extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;
@@ -140,5 +141,4 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[],
 
 int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
 				 struct tls_record_test_data *res_d, bool silent);
-
 #endif