From patchwork Wed Mar 13 10:58:59 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aakash Sasidharan <asasidharan@marvell.com>
X-Patchwork-Id: 138325
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id C792643C9F;
	Wed, 13 Mar 2024 12:01:27 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 6128042E37;
	Wed, 13 Mar 2024 12:00:20 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id CA61842E46
 for <dev@dpdk.org>; Wed, 13 Mar 2024 12:00:01 +0100 (CET)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id
 42D85U79026170; Wed, 13 Mar 2024 04:00:01 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=
 from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding:content-type; s=
 pfpt0220; bh=wBcTxwKqY4SO3C68l/dy+E/dGXVHmXpXqizt1ewiCk8=; b=UNX
 /ACcwU7CgRflXom5gHUG+uCBk1Vv8FtiDO6J4XdMI10BVZdwb2uKfnAfzce3+/Gq
 M6o5ZL+yOdGo/cWi8+7uiWPW5Xmtvzh8UsxOINSoPGO7kyhYe+FROBjF9yI4EUiJ
 k3utGt+ekdzFifUBM/m2loOS/KP08Ax5cpzrisc0mlvv+CbcI2E61bi+hsIt1eqJ
 15fIKuu8NubqaGXdOA/8xVK7OEmFnQPkxIAKY9uBi/n+rQ/z2h8mNzK61MMb8ISG
 e/942hByLXJwnD8B0X3hgohjfryzjOqeZnRC4jl1QQPRI8tqRZ2MgfoUu6Gwp6zf
 I0pzZ5hvRXQoZgwuiKA==
Received: from dc5-exch05.marvell.com ([199.233.59.128])
 by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wswdd1evm-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Wed, 13 Mar 2024 04:00:01 -0700 (PDT)
Received: from DC5-EXCH05.marvell.com (10.69.176.209) by
 DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1258.12; Wed, 13 Mar 2024 03:59:59 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com
 (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend
 Transport; Wed, 13 Mar 2024 03:59:59 -0700
Received: from localhost.localdomain (unknown [10.28.36.177])
 by maili.marvell.com (Postfix) with ESMTP id 4397E3F7080;
 Wed, 13 Mar 2024 03:59:57 -0700 (PDT)
From: Aakash Sasidharan <asasidharan@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Fan Zhang <fanzhang.oss@gmail.com>
CC: <jerinj@marvell.com>, <anoobj@marvell.com>, <vvelumuri@marvell.com>,
 <asasidharan@marvell.com>, <dev@dpdk.org>
Subject: [PATCH v5 19/21] test/crypto: unit tests to verify padding in TLS
Date: Wed, 13 Mar 2024 16:28:59 +0530
Message-ID: <20240313105901.1959675-20-asasidharan@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240313105901.1959675-1-asasidharan@marvell.com>
References: <20240313055030.1685039-1-asasidharan@marvell.com>
 <20240313105901.1959675-1-asasidharan@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: 3oiUfvE3tusdL61bsep3MeXg--0ee8dX
X-Proofpoint-GUID: 3oiUfvE3tusdL61bsep3MeXg--0ee8dX
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2024-03-13_07,2024-03-12_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit tests to verify the padding for TLS-1.2.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     | 85 ++++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c | 28 ++++--
 app/test/test_cryptodev_security_tls_record.h |  5 +-
 3 files changed, 109 insertions(+), 9 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 8ad5033f32..a324c1607b 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11834,6 +11834,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 	if (td[0].aead)
 		test_tls_record_imp_nonce_update(&td[0], &tls_record_xform);
 
+	if (flags->opt_padding)
+		tls_record_xform.options.extra_padding_enable = 1;
+
 	sess_conf.tls_record = tls_record_xform;
 
 	if (td[0].aead) {
@@ -11888,6 +11891,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 		ut_params->op->sym->m_dst = NULL;
 		ut_params->op->param1.tls_record.content_type = td[i].app_type;
 
+		if (flags->opt_padding)
+			ut_params->op->aux_flags = flags->opt_padding;
+
 		/* Copy IV in crypto operation when IV generation is disabled */
 		if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) &&
 		    (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) &&
@@ -11915,7 +11921,7 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 
 		if (ut_params->op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
 			ret = test_tls_record_post_process(ut_params->ibuf, &td[i], res_d_tmp,
-							   silent);
+							   silent, flags);
 			if (ret != TEST_SUCCESS)
 				goto crypto_op_free;
 		}
@@ -12184,6 +12190,59 @@ test_tls_record_proto_zero_len_non_app(void)
 	return test_tls_record_proto_all(&flags);
 }
 
+static int
+test_tls_record_proto_opt_padding(uint8_t padding, uint8_t num_segs,
+				  enum rte_security_tls_version tls_version)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+	struct tls_record_test_flags flags = {
+		.nb_segs_in_mbuf = num_segs,
+		.tls_version = tls_version,
+		.opt_padding = padding
+	};
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
+static int
+test_tls_record_proto_dm_opt_padding(void)
+{
+	return test_tls_record_proto_opt_padding(1, 0, RTE_SECURITY_VERSION_TLS_1_2);
+}
+
+static int
+test_tls_record_proto_dm_opt_padding_1(void)
+{
+	return test_tls_record_proto_opt_padding(25, 0, RTE_SECURITY_VERSION_TLS_1_2);
+}
+
+static int
+test_tls_record_proto_sg_opt_padding(void)
+{
+	return test_tls_record_proto_opt_padding(1, 2, RTE_SECURITY_VERSION_TLS_1_2);
+}
+
+static int
+test_tls_record_proto_sg_opt_padding_1(void)
+{
+	return test_tls_record_proto_opt_padding(8, 4, RTE_SECURITY_VERSION_TLS_1_2);
+}
+
+static int
+test_tls_record_proto_sg_opt_padding_2(void)
+{
+	return test_tls_record_proto_opt_padding(8, 5, RTE_SECURITY_VERSION_TLS_1_2);
+}
+
+static int
+test_tls_record_proto_sg_opt_padding_max(void)
+{
+	return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17578,6 +17637,30 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"Zero len TLS record with content type as ctrl",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_zero_len_non_app),
+		TEST_CASE_NAMED_ST(
+			"TLS record DM mode with optional padding < 2 blocks",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_dm_opt_padding),
+		TEST_CASE_NAMED_ST(
+			"TLS record DM mode with optional padding > 2 blocks",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_dm_opt_padding_1),
+		TEST_CASE_NAMED_ST(
+			"TLS record SG mode with optional padding < 2 blocks",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sg_opt_padding),
+		TEST_CASE_NAMED_ST(
+			"TLS record SG mode with optional padding > 2 blocks",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sg_opt_padding_1),
+		TEST_CASE_NAMED_ST(
+			"TLS record SG mode with optional padding > 2 blocks",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sg_opt_padding_2),
+		TEST_CASE_NAMED_ST(
+			"TLS record SG mode with optional padding > max range",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sg_opt_padding_max),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 96d0a94731..03d9efefc3 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -269,7 +269,8 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len,
 }
 
 static int
-tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text)
+tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text,
+		      const struct tls_record_test_flags *flags)
 {
 	uint16_t length, hdr_len;
 	uint8_t content_type;
@@ -322,10 +323,22 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp
 		}
 	}
 
-	if (length != td->output_text.len - hdr_len) {
-		printf("Incorrect packet length [expected - %d, received - %d]\n",
-		       td->output_text.len - hdr_len, length);
-		return TEST_FAILED;
+	if (!flags->opt_padding) {
+		if (length != td->output_text.len - hdr_len) {
+			printf("Incorrect packet length [expected - %d, received - %d]\n",
+			       td->output_text.len - hdr_len, length);
+			return TEST_FAILED;
+		}
+	} else {
+		int pad_len = (flags->opt_padding * 8) > 256 ? 256 : (flags->opt_padding * 8);
+		int expect_len = td->output_text.len - hdr_len + pad_len;
+
+		if (length - expect_len > 32) {
+			printf("Incorrect packet length [expected - %d, received - %d]\n",
+			       expect_len, length);
+			return TEST_FAILED;
+		}
+
 	}
 
 	return TEST_SUCCESS;
@@ -333,7 +346,8 @@ tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *outp
 
 int
 test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
-			     struct tls_record_test_data *res_d, bool silent)
+			     struct tls_record_test_data *res_d, bool silent,
+			     const struct tls_record_test_flags *flags)
 {
 	uint8_t output_text[TEST_SEC_CIPHERTEXT_MAX_LEN];
 	uint32_t len = rte_pktmbuf_pkt_len(m), data_len;
@@ -365,7 +379,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t
 	}
 
 	if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) {
-		ret = tls_record_hdr_verify(td, output_text);
+		ret = tls_record_hdr_verify(td, output_text, flags);
 		if (ret != TEST_SUCCESS)
 			return ret;
 	}
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 0138770fac..a7c38218ae 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -97,7 +97,9 @@ struct tls_record_test_flags {
 	bool data_walkthrough;
 	bool pkt_corruption;
 	bool zero_len;
+	bool padding_corruption;
 	uint8_t nb_segs_in_mbuf;
+	uint8_t opt_padding;
 	enum rte_security_tls_version tls_version;
 	enum tls_record_test_content_type content_type;
 	int ar_win_size;
@@ -148,5 +150,6 @@ void test_tls_record_td_update(struct tls_record_test_data td_inb[],
 			       const struct tls_record_test_flags *flags);
 
 int test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
-				 struct tls_record_test_data *res_d, bool silent);
+				 struct tls_record_test_data *res_d, bool silent,
+				 const struct tls_record_test_flags *flags);
 #endif