@@ -858,6 +858,8 @@ ipsec_proto_testsuite_setup(void)
static int
tls_record_proto_testsuite_setup(void)
{
+ test_sec_proto_pattern_generate();
+
return sec_proto_testsuite_setup(RTE_SECURITY_PROTOCOL_TLS_RECORD);
}
@@ -11958,14 +11960,30 @@ test_tls_record_proto_known_vec_read(const void *test_data)
static int
test_tls_record_proto_all(const struct tls_record_test_flags *flags)
{
+ unsigned int i, nb_pkts = 1, pass_cnt = 0, payload_len, max_payload_len;
struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX];
struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX];
- unsigned int i, nb_pkts = 1, pass_cnt = 0;
int ret;
+ switch (flags->tls_version) {
+ case RTE_SECURITY_VERSION_TLS_1_2:
+ max_payload_len = TLS_1_2_RECORD_PLAINTEXT_MAX_LEN;
+ break;
+ case RTE_SECURITY_VERSION_TLS_1_3:
+ max_payload_len = TLS_1_3_RECORD_PLAINTEXT_MAX_LEN;
+ break;
+ case RTE_SECURITY_VERSION_DTLS_1_2:
+ max_payload_len = DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN;
+ break;
+ default:
+ max_payload_len = 0;
+ }
+
for (i = 0; i < RTE_DIM(sec_alg_list); i++) {
+ payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN;
+again:
test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags,
- td_outb, nb_pkts);
+ td_outb, nb_pkts, payload_len);
ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags);
if (ret == TEST_SKIPPED)
@@ -11983,6 +12001,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
if (ret == TEST_FAILED)
return TEST_FAILED;
+ if (flags->data_walkthrough && (++payload_len <= max_payload_len))
+ goto again;
+
if (flags->display_alg)
test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2);
@@ -11996,22 +12017,69 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
}
static int
-test_tls_record_proto_display_list(void)
+test_tls_1_2_record_proto_data_walkthrough(void)
+{
+ struct tls_record_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.data_walkthrough = true;
+ flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2;
+
+ return test_tls_record_proto_all(&flags);
+}
+
+static int
+test_tls_1_2_record_proto_display_list(void)
{
struct tls_record_test_flags flags;
memset(&flags, 0, sizeof(flags));
flags.display_alg = true;
+ flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2;
return test_tls_record_proto_all(&flags);
}
static int
-test_tls_record_proto_sgl(void)
+test_tls_1_2_record_proto_sgl(void)
{
struct tls_record_test_flags flags = {
- .nb_segs_in_mbuf = 5
+ .nb_segs_in_mbuf = 5,
+ .tls_version = RTE_SECURITY_VERSION_TLS_1_2
+ };
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_cryptodev_info dev_info;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+ if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
+ printf("Device doesn't support in-place scatter-gather. Test Skipped.\n");
+ return TEST_SKIPPED;
+ }
+
+ return test_tls_record_proto_all(&flags);
+}
+
+static int
+test_dtls_1_2_record_proto_display_list(void)
+{
+ struct tls_record_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.display_alg = true;
+ flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2;
+
+ return test_tls_record_proto_all(&flags);
+}
+
+static int
+test_dtls_1_2_record_proto_sgl(void)
+{
+ struct tls_record_test_flags flags = {
+ .nb_segs_in_mbuf = 5,
+ .tls_version = RTE_SECURITY_VERSION_DTLS_1_2
};
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct rte_cryptodev_info dev_info;
@@ -17081,11 +17149,15 @@ static struct unit_test_suite tls12_record_proto_testsuite = {
TEST_CASE_NAMED_ST(
"Combined test alg list",
ut_setup_security, ut_teardown,
- test_tls_record_proto_display_list),
+ test_tls_1_2_record_proto_display_list),
+ TEST_CASE_NAMED_ST(
+ "Data walkthrough combined test alg list",
+ ut_setup_security, ut_teardown,
+ test_tls_1_2_record_proto_data_walkthrough),
TEST_CASE_NAMED_ST(
"Multi-segmented mode",
ut_setup_security, ut_teardown,
- test_tls_record_proto_sgl),
+ test_tls_1_2_record_proto_sgl),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
@@ -17182,11 +17254,11 @@ static struct unit_test_suite dtls12_record_proto_testsuite = {
TEST_CASE_NAMED_ST(
"Combined test alg list",
ut_setup_security, ut_teardown,
- test_tls_record_proto_display_list),
+ test_dtls_1_2_record_proto_display_list),
TEST_CASE_NAMED_ST(
"Multi-segmented mode",
ut_setup_security, ut_teardown,
- test_tls_record_proto_sgl),
+ test_dtls_1_2_record_proto_sgl),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
@@ -62,7 +62,8 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out,
void
test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2,
const struct tls_record_test_flags *flags,
- struct tls_record_test_data *td_array, int nb_td)
+ struct tls_record_test_data *td_array,
+ int nb_td, unsigned int data_len)
{
int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0;
struct tls_record_test_data *td = NULL;
@@ -76,7 +77,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
/* Copy template for packet & key fields */
- memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td));
+ if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2)
+ memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td));
+ else
+ memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td));
td->aead = true;
td->xform.aead.aead.algo = param1->alg.aead;
@@ -84,7 +88,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
td->xform.aead.aead.digest_length = param1->digest_length;
} else {
/* Copy template for packet & key fields */
- memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td));
+ if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2)
+ memcpy(td, &dtls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td));
+ else
+ memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac, sizeof(*td));
td->aead = false;
td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
@@ -96,6 +103,11 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
}
}
+ if (flags->data_walkthrough) {
+ test_sec_proto_pattern_set(td->input_text.data, data_len);
+ td->input_text.len = data_len;
+ }
+
tls_pkt_size = td->input_text.len;
if (!td->aead) {
@@ -221,6 +233,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len,
return TEST_SUCCESS;
}
+
static int
tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text)
{
@@ -280,13 +293,13 @@ int
test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
struct tls_record_test_data *res_d, bool silent)
{
+ uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN];
uint32_t len = rte_pktmbuf_pkt_len(m), data_len;
- uint8_t output_text[TLS_RECORD_MAX_LEN];
const struct rte_mbuf *seg;
const uint8_t *output;
int ret;
- memset(output_text, 0, TLS_RECORD_MAX_LEN);
+ memset(output_text, 0, TEST_SEC_CIPHERTEXT_MAX_LEN);
/*
* Actual data in packet might be less in error cases, hence take minimum of pkt_len and sum
@@ -300,7 +313,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t
}
len = RTE_MIN(len, data_len);
- TEST_ASSERT(len <= TLS_RECORD_MAX_LEN, "Invalid packet length: %u", len);
+ TEST_ASSERT(len <= TEST_SEC_CIPHERTEXT_MAX_LEN, "Invalid packet length: %u", len);
/* Copy mbuf payload to continuous buffer */
output = rte_pktmbuf_read(m, 0, len, output_text);
@@ -10,7 +10,37 @@
#include "test_security_proto.h"
-#define TLS_RECORD_MAX_LEN 16384u
+/* TLS 1.2 Ciphertext length can be up to (2^14 + 2048 + 5 (TLS Header)) Bytes */
+#define TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (4096u)
+static_assert(TLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN,
+ "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!");
+
+/* TLS 1.2 Plaintext length can be up to (2^14 + 1024) Bytes */
+#define TLS_1_2_RECORD_PLAINTEXT_MAX_LEN (3072u)
+static_assert(TLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
+ "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");
+
+/* DTLS 1.2 Ciphertext length is similar to TLS 1.2 */
+#define DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN (4096u)
+static_assert(DTLS_1_2_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN,
+ "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!");
+
+/* DTLS 1.2 Plaintext length is similar to TLS 1.2 */
+#define DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN (3072u)
+static_assert(DTLS_1_2_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
+ "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");
+
+/* TLS 1.3 Ciphertext length can be up to (2^14 + 256 + 5 (TLS Header)) Bytes */
+#define TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN (4096u)
+static_assert(TLS_1_3_RECORD_CIPHERTEXT_MAX_LEN <= TEST_SEC_CIPHERTEXT_MAX_LEN,
+ "TEST_SEC_CIPHERTEXT_MAX_LEN should be at least RECORD MAX LEN!");
+
+/* TLS 1.3 Plaintext length can be up to 2^14 Bytes */
+#define TLS_1_3_RECORD_PLAINTEXT_MAX_LEN (3072u)
+static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
+ "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");
+
+#define TLS_RECORD_PLAINTEXT_MIN_LEN (1u)
struct tls_record_test_data {
struct {
@@ -22,12 +52,12 @@ struct tls_record_test_data {
} auth_key;
struct {
- uint8_t data[TLS_RECORD_MAX_LEN];
+ uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN];
unsigned int len;
} input_text;
struct {
- uint8_t data[TLS_RECORD_MAX_LEN];
+ uint8_t data[TEST_SEC_CIPHERTEXT_MAX_LEN];
unsigned int len;
} output_text;
@@ -56,6 +86,8 @@ struct tls_record_test_data {
struct tls_record_test_flags {
bool display_alg;
int nb_segs_in_mbuf;
+ bool data_walkthrough;
+ enum rte_security_tls_version tls_version;
};
extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;
@@ -89,7 +121,8 @@ void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_ou
void test_tls_record_td_prepare(const struct crypto_param *param1,
const struct crypto_param *param2,
const struct tls_record_test_flags *flags,
- struct tls_record_test_data *td_array, int nb_td);
+ struct tls_record_test_data *td_array, int nb_td,
+ unsigned int data_len);
void test_tls_record_td_update(struct tls_record_test_data td_inb[],
const struct tls_record_test_data td_outb[], int nb_td,
@@ -13,6 +13,8 @@ struct crypto_param_comb sec_alg_list[RTE_DIM(aead_list) +
struct crypto_param_comb sec_auth_only_alg_list[2 * (RTE_DIM(auth_list) - 1)];
+static uint8_t cleartext_pattern[TEST_SEC_CLEARTEXT_MAX_LEN];
+
void
test_sec_alg_list_populate(void)
{
@@ -152,3 +154,18 @@ test_sec_alg_display(const struct crypto_param *param1, const struct crypto_para
}
printf("\n");
}
+
+void
+test_sec_proto_pattern_generate(void)
+{
+ unsigned int i;
+
+ for (i = 0; i < TEST_SEC_CLEARTEXT_MAX_LEN; i++)
+ cleartext_pattern[i] = (i + 1) & 0xff;
+}
+
+void
+test_sec_proto_pattern_set(uint8_t *buf, int len)
+{
+ rte_memcpy(buf, cleartext_pattern, len);
+}
@@ -8,6 +8,10 @@
#include <rte_cryptodev.h>
#include <rte_security.h>
+#include "test_cryptodev.h"
+
+#define TEST_SEC_CLEARTEXT_MAX_LEN (MBUF_DATAPAYLOAD_SIZE - 1024)
+#define TEST_SEC_CIPHERTEXT_MAX_LEN (MBUF_DATAPAYLOAD_SIZE)
#define TEST_SEC_PKTS_MAX 32
struct crypto_param {
@@ -186,4 +190,8 @@ int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_c
void test_sec_alg_display(const struct crypto_param *param1, const struct crypto_param *param2);
+void test_sec_proto_pattern_generate(void);
+
+void test_sec_proto_pattern_set(uint8_t *buf, int len);
+
#endif