From patchwork Wed Mar 13 05:50:17 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aakash Sasidharan <asasidharan@marvell.com>
X-Patchwork-Id: 138291
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 5BA1743C9A;
	Wed, 13 Mar 2024 06:51:42 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 1F39542D66;
	Wed, 13 Mar 2024 06:51:11 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 15E3B42D76
 for <dev@dpdk.org>; Wed, 13 Mar 2024 06:50:59 +0100 (CET)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id
 42D4061A015029; Tue, 12 Mar 2024 22:50:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=
 from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding:content-type; s=
 pfpt0220; bh=Vb1sGf33dC+sG8ZZWkLOwIKKUSqYRHT437l4P5CvU90=; b=iRx
 NA3VoCTd3W/25bDJ0NPnVhpXR05oG7iKYxI/pRWvQaN2KywLsI90+2JS+TwQY3As
 0e/3CPD0duDAybauXP7cG91hnkXF3lzdgHPe3dAexOW0KSPJbJvwMJ8MsQPgQA9i
 Gp5DUVM7CgG+ZaMlXsaFkLx50mYCQuTK5USv8wgo/vhQ1FMhqWYfK/BN0GpRqbu1
 VtOY5CB52DIC9LKyX8MIU9Q3W59Y/TCsw/ofXdsNGPAi+D+zlCZ/Fy79WFa+X5Bt
 gSqUPdY8ZxkOy/1RRqOdOHHxxikDU1/IIlttVaPNYkRKw3YNtbwnrwTPf8kubzC3
 1BEVtmVPkU4ca8zHKRA==
Received: from dc6wp-exch02.marvell.com ([4.21.29.225])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3wtt8htkrq-2
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 12 Mar 2024 22:50:59 -0700 (PDT)
Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by
 DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1258.12; Tue, 12 Mar 2024 22:50:57 -0700
Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com
 (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend
 Transport; Tue, 12 Mar 2024 22:50:57 -0700
Received: from localhost.localdomain (unknown [10.28.36.177])
 by maili.marvell.com (Postfix) with ESMTP id 3B41C3F7080;
 Tue, 12 Mar 2024 22:50:54 -0700 (PDT)
From: Aakash Sasidharan <asasidharan@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Fan Zhang <fanzhang.oss@gmail.com>
CC: <jerinj@marvell.com>, <anoobj@marvell.com>, <vvelumuri@marvell.com>,
 <asasidharan@marvell.com>, <dev@dpdk.org>
Subject: [PATCH v4 08/21] test/security: unit test to verify zero TLS records
Date: Wed, 13 Mar 2024 11:20:17 +0530
Message-ID: <20240313055030.1685039-9-asasidharan@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240313055030.1685039-1-asasidharan@marvell.com>
References: <20240312175143.1664699-1-asasidharan@marvell.com>
 <20240313055030.1685039-1-asasidharan@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: 2nfmNvPbzNO0hFOMxDJVMEy2yuQa3BJ-
X-Proofpoint-GUID: 2nfmNvPbzNO0hFOMxDJVMEy2yuQa3BJ-
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2024-03-13_05,2024-03-12_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit tests to verify the zero len TLS records. Zero len packets are
allowed when content type is app data while zero packet length with
other content type (such as handshake) would result in an error.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     | 51 ++++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c |  5 +-
 app/test/test_cryptodev_security_tls_record.h |  2 +-
 3 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 5cb878b9ba..fa63b9743f 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11984,6 +11984,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN;
 		if (flags->nb_segs_in_mbuf)
 			payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf);
+
+		if (flags->zero_len)
+			payload_len = 0;
 again:
 		test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags,
 					   td_outb, nb_pkts, payload_len);
@@ -11992,8 +11995,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
-		if (ret == TEST_FAILED)
+		if (flags->zero_len &&
+		    ((flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) ||
+		    (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) ||
+		    (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE))) {
+			if (ret == TEST_SUCCESS)
+				return TEST_FAILED;
+			goto skip_decrypt;
+		} else if (ret == TEST_FAILED) {
 			return TEST_FAILED;
+		}
 
 		test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags);
 
@@ -12009,6 +12020,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 				return TEST_FAILED;
 		}
 
+skip_decrypt:
 		if (flags->data_walkthrough && (++payload_len <= max_payload_len))
 			goto again;
 
@@ -12123,6 +12135,35 @@ test_tls_record_proto_custom_content_type(void)
 	return test_tls_record_proto_all(&flags);
 }
 
+static int
+test_tls_record_proto_zero_len(void)
+{
+	struct tls_record_test_flags flags = {
+		.zero_len = 1
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
+static int
+test_tls_record_proto_zero_len_non_app(void)
+{
+	struct tls_record_test_flags flags = {
+		.zero_len = 1,
+		.content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE,
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17251,6 +17292,14 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"Custom content type",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_custom_content_type),
+		TEST_CASE_NAMED_ST(
+			"Zero len TLS record with content type as app",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_zero_len),
+		TEST_CASE_NAMED_ST(
+			"Zero len TLS record with content type as ctrl",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_zero_len_non_app),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 9a2af259c9..c5410a4c92 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -103,13 +103,15 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 		}
 	}
 
-	if (flags->data_walkthrough) {
+	if (flags->data_walkthrough || flags->zero_len) {
 		test_sec_proto_pattern_set(td->input_text.data, data_len);
 		td->input_text.len = data_len;
 	}
 
 	if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM)
 		td->app_type = RTE_TLS_TYPE_MAX;
+	else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE)
+		td->app_type = RTE_TLS_TYPE_HANDSHAKE;
 
 	tls_pkt_size = td->input_text.len;
 
@@ -232,6 +234,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len,
 
 	memcpy(&res_d->input_text.data, output_text, len);
 	res_d->input_text.len = len;
+	res_d->output_text.len = td->input_text.len;
 
 	res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ;
 	if (res_d->aead) {
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 73719063a8..300f3f08b5 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -98,6 +98,7 @@ struct tls_record_test_flags {
 	enum rte_security_tls_version tls_version;
 	bool pkt_corruption;
 	enum tls_record_test_content_type content_type;
+	bool zero_len;
 };
 
 extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;
@@ -140,5 +141,4 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[],
 
 int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
 				 struct tls_record_test_data *res_d, bool silent);
-
 #endif