[4/7] test/crypto: verify padding corruption in TLS-1.2

Message ID 20240617055841.2359729-5-asasidharan@marvell.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers
Series Improvements and new test cases |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Aakash Sasidharan June 17, 2024, 5:58 a.m. UTC
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test to verify corrupted padding bytes in TLS-1.2 record

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     | 22 ++++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c |  7 ++++++
 app/test/test_cryptodev_security_tls_record.h |  1 +
 3 files changed, 29 insertions(+), 1 deletion(-)
  

Comments

Akhil Goyal June 20, 2024, 6:52 a.m. UTC | #1
> Subject: [PATCH 4/7] test/crypto: verify padding corruption in TLS-1.2
> 
> From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
> 
> Add unit test to verify corrupted padding bytes in TLS-1.2 record
> 
> Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
> ---
>  app/test/test_cryptodev.c                     | 22 ++++++++++++++++++-
>  app/test/test_cryptodev_security_tls_record.c |  7 ++++++
>  app/test/test_cryptodev_security_tls_record.h |  1 +
>  3 files changed, 29 insertions(+), 1 deletion(-)
> 
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index f3145abfee..f68864e117 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -12173,7 +12173,7 @@ test_tls_record_proto_all(const struct
> tls_record_test_flags *flags)
>  		if (ret == TEST_SKIPPED)
>  			continue;
> 
> -		if (flags->pkt_corruption) {
> +		if (flags->pkt_corruption || flags->padding_corruption) {
>  			if (ret == TEST_SUCCESS)
>  				return TEST_FAILED;
>  		} else {
> @@ -12404,6 +12404,22 @@ test_tls_record_proto_sg_opt_padding_max(void)
>  	return test_tls_record_proto_opt_padding(33, 4,
> RTE_SECURITY_VERSION_TLS_1_2);
>  }
> 
> +static int
> +test_tls_record_proto_sg_opt_padding_corrupt(void)
> +{
> +	struct tls_record_test_flags flags = {
> +		.opt_padding = 8,
> +		.padding_corruption = true,
> +		.nb_segs_in_mbuf = 4,
> +	};
> +	struct crypto_testsuite_params *ts_params = &testsuite_params;
> +	struct rte_cryptodev_info dev_info;
> +
> +	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);

Reading the dev_info but not using it??

Same issue in 5/7 patch.


> +
> +	return test_tls_record_proto_all(&flags);
> +}
> +
>  static int
>  test_dtls_1_2_record_proto_data_walkthrough(void)
>  {
> @@ -17997,6 +18013,10 @@ static struct unit_test_suite
> tls12_record_proto_testsuite  = {
>  			"TLS record SG mode with optional padding > max
> range",
>  			ut_setup_security, ut_teardown,
>  			test_tls_record_proto_sg_opt_padding_max),
> +		TEST_CASE_NAMED_ST(
> +			"TLS record SG mode with padding corruption",
> +			ut_setup_security, ut_teardown,
> +			test_tls_record_proto_sg_opt_padding_corrupt),
>  		TEST_CASES_END() /**< NULL terminate unit test array */
>  	}
>  };
> diff --git a/app/test/test_cryptodev_security_tls_record.c
> b/app/test/test_cryptodev_security_tls_record.c
> index 03d9efefc3..1ba9609e1b 100644
> --- a/app/test/test_cryptodev_security_tls_record.c
> +++ b/app/test/test_cryptodev_security_tls_record.c
> @@ -215,6 +215,13 @@ test_tls_record_td_update(struct tls_record_test_data
> td_inb[],
>  		if (flags->pkt_corruption)
>  			td_inb[i].input_text.data[0] =
> ~td_inb[i].input_text.data[0];
> 
> +		/* Corrupt a byte in the last but one block */
> +		if (flags->padding_corruption) {
> +			int offset = td_inb[i].input_text.len -
> TLS_RECORD_PAD_CORRUPT_OFFSET;
> +
> +			td_inb[i].input_text.data[offset] =
> ~td_inb[i].input_text.data[offset];
> +		}
> +
>  		/* Clear outbound specific flags */
>  		td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
>  	}
> diff --git a/app/test/test_cryptodev_security_tls_record.h
> b/app/test/test_cryptodev_security_tls_record.h
> index 18a90c6ff6..acb7f15f1c 100644
> --- a/app/test/test_cryptodev_security_tls_record.h
> +++ b/app/test/test_cryptodev_security_tls_record.h
> @@ -41,6 +41,7 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <=
> TEST_SEC_CLEARTEXT_MAX_LEN,
>  	      "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX
> LEN!");
> 
>  #define TLS_RECORD_PLAINTEXT_MIN_LEN       (1u)
> +#define TLS_RECORD_PAD_CORRUPT_OFFSET      20
> 
>  enum tls_record_test_content_type {
>  	TLS_RECORD_TEST_CONTENT_TYPE_APP,
> --
> 2.25.1
  

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f3145abfee..f68864e117 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12173,7 +12173,7 @@  test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
-		if (flags->pkt_corruption) {
+		if (flags->pkt_corruption || flags->padding_corruption) {
 			if (ret == TEST_SUCCESS)
 				return TEST_FAILED;
 		} else {
@@ -12404,6 +12404,22 @@  test_tls_record_proto_sg_opt_padding_max(void)
 	return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2);
 }
 
+static int
+test_tls_record_proto_sg_opt_padding_corrupt(void)
+{
+	struct tls_record_test_flags flags = {
+		.opt_padding = 8,
+		.padding_corruption = true,
+		.nb_segs_in_mbuf = 4,
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17997,6 +18013,10 @@  static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"TLS record SG mode with optional padding > max range",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_sg_opt_padding_max),
+		TEST_CASE_NAMED_ST(
+			"TLS record SG mode with padding corruption",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sg_opt_padding_corrupt),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 03d9efefc3..1ba9609e1b 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -215,6 +215,13 @@  test_tls_record_td_update(struct tls_record_test_data td_inb[],
 		if (flags->pkt_corruption)
 			td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0];
 
+		/* Corrupt a byte in the last but one block */
+		if (flags->padding_corruption) {
+			int offset = td_inb[i].input_text.len - TLS_RECORD_PAD_CORRUPT_OFFSET;
+
+			td_inb[i].input_text.data[offset] = ~td_inb[i].input_text.data[offset];
+		}
+
 		/* Clear outbound specific flags */
 		td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
 	}
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 18a90c6ff6..acb7f15f1c 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -41,6 +41,7 @@  static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
 	      "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");
 
 #define TLS_RECORD_PLAINTEXT_MIN_LEN       (1u)
+#define TLS_RECORD_PAD_CORRUPT_OFFSET      20
 
 enum tls_record_test_content_type {
 	TLS_RECORD_TEST_CONTENT_TYPE_APP,