From patchwork Tue Mar  5 07:21:57 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aakash Sasidharan <asasidharan@marvell.com>
X-Patchwork-Id: 137965
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 8A1EF43C4C;
	Tue,  5 Mar 2024 08:22:49 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 9597A4111C;
	Tue,  5 Mar 2024 08:22:35 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id D6F50410FA
 for <dev@dpdk.org>; Tue,  5 Mar 2024 08:22:33 +0100 (CET)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id
 4254UEuP025179; Mon, 4 Mar 2024 23:22:33 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=
 from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding:content-type; s=
 pfpt0220; bh=0clGZWmA5Zim68FClcGZ0Fyi8lQbS9XI0yUH4Qf4sAc=; b=K3z
 cDxNYz4mrk6HFoNVNRE00DJ1ef2IpzbI3cF+9vhZabwhrfgTx7ADVotw8u3c4Cqh
 FBV/iEN5KuIxaaaYFJnvJ66Mg4gsHPRJpB4ZBhLN+NCbYOWm8GLPbFmzORwN8lCp
 T8u9/i1rOefXn/udfFr7XdaSjzXodqP7Nh7iKY+tZcNe5aPPLHitKv2vyKrgqFcl
 Aicuse43hlfXsnEG0Y+7GAlypW+N9ZEA7PIeV7GoG+mP+qvB73qChWH1XDre+iEs
 rCYqBCgN+4KmJw5AebUV51qTD+YmNM2XneVbLq3fF3WByyqbK8soZSnzZVwGOk9w
 ise04tljKzEqG0Mr/pg==
Received: from dc6wp-exch02.marvell.com ([4.21.29.225])
 by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wm4gmr8xx-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Mon, 04 Mar 2024 23:22:33 -0800 (PST)
Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by
 DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1258.12; Mon, 4 Mar 2024 23:22:32 -0800
Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com
 (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend
 Transport; Mon, 4 Mar 2024 23:22:32 -0800
Received: from localhost.localdomain (unknown [10.28.36.177])
 by maili.marvell.com (Postfix) with ESMTP id A4B553F7045;
 Mon,  4 Mar 2024 23:22:29 -0800 (PST)
From: Aakash Sasidharan <asasidharan@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Fan Zhang <fanzhang.oss@gmail.com>
CC: <jerinj@marvell.com>, <anoobj@marvell.com>, <vvelumuri@marvell.com>,
 <asasidharan@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 05/21] test/security: unit test for TLS packet corruption
Date: Tue, 5 Mar 2024 12:51:57 +0530
Message-ID: <20240305072213.283205-6-asasidharan@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240305072213.283205-1-asasidharan@marvell.com>
References: <20240305072213.283205-1-asasidharan@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: k7p6GZIGkhNLJ4YSM1Gs_kzgNAl8H824
X-Proofpoint-GUID: k7p6GZIGkhNLJ4YSM1Gs_kzgNAl8H824
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2024-03-05_04,2024-03-04_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add test to verify the corrupted TLS packet header

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     | 27 +++++++++++++++++--
 app/test/test_cryptodev_security_tls_record.c |  4 +++
 app/test/test_cryptodev_security_tls_record.h |  1 +
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 5922c2162a..04737147e1 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12000,8 +12000,13 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
-		if (ret == TEST_FAILED)
-			return TEST_FAILED;
+		if (flags->pkt_corruption) {
+			if (ret == TEST_SUCCESS)
+				return TEST_FAILED;
+		} else {
+			if (ret == TEST_FAILED)
+				return TEST_FAILED;
+		}
 
 		if (flags->data_walkthrough && (++payload_len <= max_payload_len))
 			goto again;
@@ -12089,6 +12094,20 @@ test_tls_1_2_record_proto_sgl_data_walkthrough(void)
 	return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2);
 }
 
+static int
+test_tls_record_proto_corrupt_pkt(void)
+{
+	struct tls_record_test_flags flags = {
+		.pkt_corruption = 1
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17209,6 +17228,10 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"Multi-segmented mode data walkthrough",
 			ut_setup_security, ut_teardown,
 			test_tls_1_2_record_proto_sgl_data_walkthrough),
+		TEST_CASE_NAMED_ST(
+			"TLS packet header corruption",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_corrupt_pkt),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 92bcbff842..93ff7f36fa 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -185,6 +185,10 @@ test_tls_record_td_update(struct tls_record_test_data td_inb[],
 		       td_outb[i].input_text.len);
 		td_inb[i].output_text.len = td_outb->input_text.len;
 
+		/* Corrupt the content type in the TLS header of encrypted packet */
+		if (flags->pkt_corruption)
+			td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0];
+
 		/* Clear outbound specific flags */
 		td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
 	}
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 34758fb0e1..5faa277740 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -88,6 +88,7 @@ struct tls_record_test_flags {
 	uint8_t nb_segs_in_mbuf;
 	bool data_walkthrough;
 	enum rte_security_tls_version tls_version;
+	bool pkt_corruption;
 };
 
 extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;