From patchwork Thu Jun 20 14:50:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aakash Sasidharan X-Patchwork-Id: 141430 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CE443454AB; Thu, 20 Jun 2024 16:51:33 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BF98F42E7E; Thu, 20 Jun 2024 16:51:33 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 7381D42E7A for ; Thu, 20 Jun 2024 16:51:13 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 45KCTgvD011177; Thu, 20 Jun 2024 07:51:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pfpt0220; bh=w uPKEk77mvumiYzs/rTYKTKo7dH1VzdQW0j5inCQz8Y=; b=Wqpk8JovpYhsZ6AWZ 0gV/cZb3fLTm8sjIy5h5g+dx5b57Fn7593KTVRtfUnRwyUZ012IN7breklJaabGN ZZO4H5g5nj3UwgkmzmOxD6HGfo64eSUrJDyBzO27Nl49/7m0Hx5VU4f9e3HKeeYD 23yM8xHQQ1jkgdb9UMHsQb9JgBt1CHeMHy18UmdhUrOgbx8BGwY6R3Ii9kNSgsAL LhCHjXgz8A2giDZYFi1+1kiJlrFBDZsuC31DY3vIFR/D+n8pDrp+SveWc23mKJ3b ryymIrItGA21JetzkLwag4hrL+ipnFGU6qkKJ8cAZbnHef1RSy/EZrpv/QkX5lgX FNkAQ== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3yvbdyajx8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 20 Jun 2024 07:51:12 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Thu, 20 Jun 2024 07:51:11 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1544.4 via Frontend Transport; Thu, 20 Jun 2024 07:51:11 -0700 Received: from localhost.localdomain (unknown [10.28.36.177]) by maili.marvell.com (Postfix) with ESMTP id 3EC0C3F7043; Thu, 20 Jun 2024 07:51:09 -0700 (PDT) From: Aakash Sasidharan To: Akhil Goyal , Fan Zhang CC: , , , , Subject: [PATCH v2 4/7] test/crypto: verify padding corruption in TLS-1.2 Date: Thu, 20 Jun 2024 20:20:53 +0530 Message-ID: <20240620145056.3456650-5-asasidharan@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240620145056.3456650-1-asasidharan@marvell.com> References: <20240617055841.2359729-1-asasidharan@marvell.com> <20240620145056.3456650-1-asasidharan@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: e2moYZlcKoZvXale4cPmvWutW5qVzm_S X-Proofpoint-GUID: e2moYZlcKoZvXale4cPmvWutW5qVzm_S X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-06-20_07,2024-06-20_04,2024-05-17_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add unit test to verify corrupted padding bytes in TLS-1.2 record Signed-off-by: Vidya Sagar Velumuri Signed-off-by: Aakash Sasidharan --- app/test/test_cryptodev.c | 18 +++++++++++++++++- app/test/test_cryptodev_security_tls_record.c | 7 +++++++ app/test/test_cryptodev_security_tls_record.h | 1 + 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index f3145abfee..da8d7bf109 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -12173,7 +12173,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags) if (ret == TEST_SKIPPED) continue; - if (flags->pkt_corruption) { + if (flags->pkt_corruption || flags->padding_corruption) { if (ret == TEST_SUCCESS) return TEST_FAILED; } else { @@ -12404,6 +12404,18 @@ test_tls_record_proto_sg_opt_padding_max(void) return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2); } +static int +test_tls_record_proto_sg_opt_padding_corrupt(void) +{ + struct tls_record_test_flags flags = { + .opt_padding = 8, + .padding_corruption = true, + .nb_segs_in_mbuf = 4, + }; + + return test_tls_record_proto_all(&flags); +} + static int test_dtls_1_2_record_proto_data_walkthrough(void) { @@ -17997,6 +18009,10 @@ static struct unit_test_suite tls12_record_proto_testsuite = { "TLS record SG mode with optional padding > max range", ut_setup_security, ut_teardown, test_tls_record_proto_sg_opt_padding_max), + TEST_CASE_NAMED_ST( + "TLS record SG mode with padding corruption", + ut_setup_security, ut_teardown, + test_tls_record_proto_sg_opt_padding_corrupt), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c index 03d9efefc3..1ba9609e1b 100644 --- a/app/test/test_cryptodev_security_tls_record.c +++ b/app/test/test_cryptodev_security_tls_record.c @@ -215,6 +215,13 @@ test_tls_record_td_update(struct tls_record_test_data td_inb[], if (flags->pkt_corruption) td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0]; + /* Corrupt a byte in the last but one block */ + if (flags->padding_corruption) { + int offset = td_inb[i].input_text.len - TLS_RECORD_PAD_CORRUPT_OFFSET; + + td_inb[i].input_text.data[offset] = ~td_inb[i].input_text.data[offset]; + } + /* Clear outbound specific flags */ td_inb[i].tls_record_xform.options.iv_gen_disable = 0; } diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h index 18a90c6ff6..acb7f15f1c 100644 --- a/app/test/test_cryptodev_security_tls_record.h +++ b/app/test/test_cryptodev_security_tls_record.h @@ -41,6 +41,7 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN, "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!"); #define TLS_RECORD_PLAINTEXT_MIN_LEN (1u) +#define TLS_RECORD_PAD_CORRUPT_OFFSET 20 enum tls_record_test_content_type { TLS_RECORD_TEST_CONTENT_TYPE_APP,