From patchwork Tue Mar 12 07:17:52 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aakash Sasidharan <asasidharan@marvell.com>
X-Patchwork-Id: 138194
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id AEF2C43C8E;
	Tue, 12 Mar 2024 08:20:12 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 5D45742686;
	Tue, 12 Mar 2024 08:19:20 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id 83F2740EF0
 for <dev@dpdk.org>; Tue, 12 Mar 2024 08:19:06 +0100 (CET)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id
 42C601hh004856; Tue, 12 Mar 2024 00:19:06 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=
 from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding:content-type; s=
 pfpt0220; bh=X1WbtLwB2R8qR85DSd3TREy/itJuvVxJ0biCuHSUmTE=; b=KLH
 SH8c931ZrGskKTHwCjXYTQfz9yXqVcn/q+gFiZuw3cB1ZaaGD7K0HlJLdmL6U2Ge
 skmVpXrCvrMab1zn94rnhFtHf2ULex95eWelGsoStkW5tOdicwMakIfIl4kIldz+
 2v4XnmOSVhqpEE+kmxRqJDTcPhx9XOOUgZi82YgJfMNfrGLQiowg/JXkPWtubKiW
 Ky9TRctwmyIcpHfhODmvwD5mhb2L9qEx0Pbdz24KYDyuOH39lVIBN7aaJdVPM3UV
 FbQOXrE4qWjFdMUb3J2RA2aKnfZijdwYPfSVI2mN8C8xCN9AfC10iM6kFpRmx9+y
 YG8bizuWGMNkR+monPA==
Received: from dc5-exch05.marvell.com ([199.233.59.128])
 by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdcv72q-3
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 12 Mar 2024 00:19:05 -0700 (PDT)
Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com
 (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Tue, 12 Mar
 2024 00:18:53 -0700
Received: from DC5-EXCH05.marvell.com (10.69.176.209) by
 DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id
 15.0.1497.48; Tue, 12 Mar 2024 00:18:32 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com
 (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend
 Transport; Tue, 12 Mar 2024 00:18:32 -0700
Received: from localhost.localdomain (unknown [10.28.36.177])
 by maili.marvell.com (Postfix) with ESMTP id 3F8393F704C;
 Tue, 12 Mar 2024 00:18:30 -0700 (PDT)
From: Aakash Sasidharan <asasidharan@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Fan Zhang <fanzhang.oss@gmail.com>
CC: <jerinj@marvell.com>, <anoobj@marvell.com>, <vvelumuri@marvell.com>,
 <asasidharan@marvell.com>, <dev@dpdk.org>
Subject: [PATCH v2 08/21] test/security: unit test to verify zero TLS records
Date: Tue, 12 Mar 2024 12:47:52 +0530
Message-ID: <20240312071805.1354530-9-asasidharan@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240312071805.1354530-1-asasidharan@marvell.com>
References: <20240305072213.283205-1-asasidharan@marvell.com>
 <20240312071805.1354530-1-asasidharan@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: XAhHcPss6UaipQiuaFMHvMJYMFbv_DZZ
X-Proofpoint-GUID: XAhHcPss6UaipQiuaFMHvMJYMFbv_DZZ
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2024-03-12_06,2024-03-11_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit tests to verify the zero len TLS records. Zero len packets are
allowed when content type is app data while zero packet length with
other content type (such as handshake) would result in an error.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     | 51 ++++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c |  5 +-
 app/test/test_cryptodev_security_tls_record.h |  2 +-
 3 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 5cb878b9ba..fa63b9743f 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11984,6 +11984,9 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		payload_len = TLS_RECORD_PLAINTEXT_MIN_LEN;
 		if (flags->nb_segs_in_mbuf)
 			payload_len = RTE_MAX(payload_len, flags->nb_segs_in_mbuf);
+
+		if (flags->zero_len)
+			payload_len = 0;
 again:
 		test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags,
 					   td_outb, nb_pkts, payload_len);
@@ -11992,8 +11995,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
-		if (ret == TEST_FAILED)
+		if (flags->zero_len &&
+		    ((flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) ||
+		    (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) ||
+		    (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE))) {
+			if (ret == TEST_SUCCESS)
+				return TEST_FAILED;
+			goto skip_decrypt;
+		} else if (ret == TEST_FAILED) {
 			return TEST_FAILED;
+		}
 
 		test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags);
 
@@ -12009,6 +12020,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 				return TEST_FAILED;
 		}
 
+skip_decrypt:
 		if (flags->data_walkthrough && (++payload_len <= max_payload_len))
 			goto again;
 
@@ -12123,6 +12135,35 @@ test_tls_record_proto_custom_content_type(void)
 	return test_tls_record_proto_all(&flags);
 }
 
+static int
+test_tls_record_proto_zero_len(void)
+{
+	struct tls_record_test_flags flags = {
+		.zero_len = 1
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
+static int
+test_tls_record_proto_zero_len_non_app(void)
+{
+	struct tls_record_test_flags flags = {
+		.zero_len = 1,
+		.content_type = TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE,
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17251,6 +17292,14 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"Custom content type",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_custom_content_type),
+		TEST_CASE_NAMED_ST(
+			"Zero len TLS record with content type as app",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_zero_len),
+		TEST_CASE_NAMED_ST(
+			"Zero len TLS record with content type as ctrl",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_zero_len_non_app),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 9a2af259c9..c5410a4c92 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -103,13 +103,15 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 		}
 	}
 
-	if (flags->data_walkthrough) {
+	if (flags->data_walkthrough || flags->zero_len) {
 		test_sec_proto_pattern_set(td->input_text.data, data_len);
 		td->input_text.len = data_len;
 	}
 
 	if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_CUSTOM)
 		td->app_type = RTE_TLS_TYPE_MAX;
+	else if (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE)
+		td->app_type = RTE_TLS_TYPE_HANDSHAKE;
 
 	tls_pkt_size = td->input_text.len;
 
@@ -232,6 +234,7 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len,
 
 	memcpy(&res_d->input_text.data, output_text, len);
 	res_d->input_text.len = len;
+	res_d->output_text.len = td->input_text.len;
 
 	res_d->tls_record_xform.type = RTE_SECURITY_TLS_SESS_TYPE_READ;
 	if (res_d->aead) {
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index b707361fb6..e7ba31c449 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -98,6 +98,7 @@ struct tls_record_test_flags {
 	enum rte_security_tls_version tls_version;
 	bool pkt_corruption;
 	enum tls_record_test_content_type content_type;
+	bool zero_len;
 };
 
 extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;
@@ -140,5 +141,4 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[],
 
 int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
 				 struct tls_record_test_data *res_d, bool silent);
-
 #endif