diff mbox series

[v2,4/7] test/crypto: verify padding corruption in TLS-1.2

Message ID 20240620145056.3456650-5-asasidharan@marvell.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers
Series Improvements and new test cases |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Aakash Sasidharan June 20, 2024, 2:50 p.m. UTC 
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test to verify corrupted padding bytes in TLS-1.2 record

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c                     | 18 +++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c |  7 +++++++
 app/test/test_cryptodev_security_tls_record.h |  1 +
 3 files changed, 25 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f3145abfee..da8d7bf109 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12173,7 +12173,7 @@  test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
-		if (flags->pkt_corruption) {
+		if (flags->pkt_corruption || flags->padding_corruption) {
 			if (ret == TEST_SUCCESS)
 				return TEST_FAILED;
 		} else {
@@ -12404,6 +12404,18 @@  test_tls_record_proto_sg_opt_padding_max(void)
 	return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2);
 }
 
+static int
+test_tls_record_proto_sg_opt_padding_corrupt(void)
+{
+	struct tls_record_test_flags flags = {
+		.opt_padding = 8,
+		.padding_corruption = true,
+		.nb_segs_in_mbuf = 4,
+	};
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17997,6 +18009,10 @@  static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"TLS record SG mode with optional padding > max range",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_sg_opt_padding_max),
+		TEST_CASE_NAMED_ST(
+			"TLS record SG mode with padding corruption",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sg_opt_padding_corrupt),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 03d9efefc3..1ba9609e1b 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -215,6 +215,13 @@  test_tls_record_td_update(struct tls_record_test_data td_inb[],
 		if (flags->pkt_corruption)
 			td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0];
 
+		/* Corrupt a byte in the last but one block */
+		if (flags->padding_corruption) {
+			int offset = td_inb[i].input_text.len - TLS_RECORD_PAD_CORRUPT_OFFSET;
+
+			td_inb[i].input_text.data[offset] = ~td_inb[i].input_text.data[offset];
+		}
+
 		/* Clear outbound specific flags */
 		td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
 	}
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 18a90c6ff6..acb7f15f1c 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -41,6 +41,7 @@  static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
 	      "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");
 
 #define TLS_RECORD_PLAINTEXT_MIN_LEN       (1u)
+#define TLS_RECORD_PAD_CORRUPT_OFFSET      20
 
 enum tls_record_test_content_type {
 	TLS_RECORD_TEST_CONTENT_TYPE_APP,