From: Akhil Goyal <gakhil@marvell.com>
To: Anoob Joseph <anoobj@marvell.com>,
Jerin Jacob Kollanukkaran <jerinj@marvell.com>
Cc: Harry van Haaren <harry.van.haaren@intel.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>,
"dev@dpdk.org" <dev@dpdk.org>,
Vidya Sagar Velumuri <vvelumuri@marvell.com>
Subject: RE: [PATCH 00/14] Add TLS record test suite
Date: Tue, 16 Jan 2024 09:02:08 +0000 [thread overview]
Message-ID: <CO6PR18MB448470AA2BE7B48A6F964292D8732@CO6PR18MB4484.namprd18.prod.outlook.com> (raw)
In-Reply-To: <20231207130216.140-1-anoobj@marvell.com>
> Subject: [PATCH 00/14] Add TLS record test suite
>
> Add TLS record test suite in cryptodev autotest framework. The test
> suite would run based on capabilities exposed by the cryptodev.
>
> The test suite framework is similar to the framework used in case of
> IPsec tests. To avoid duplication of code, protocol independent code
> is moved to common files and the functions are renamed accordingly.
>
> TLS record test suite has known vector tests as well as combined mode
> tests. Known vector tests leverages vectors generated with kTLS and
> gnuTLS utilities. The test suite supports testing both operations (read
> or decrypt, write or encrypt) with a single vector. Write or encrypt
> test would get skipped if cryptodev doesn't support disabling of IV
> generation. Combined mode tests are targetted at testing protocol
> features with all combinations of cipher-authentication algorithms.
>
> Combined mode performs record write operation first and feeds that back
> to record read operation. Individual test cases may update the input to
> record write operation based on the test case and the test framework
> validates the output obtained (not complete text, but protocol specific
> fields such as TLS header). Once it is validated, the output will be
> submitted for record read operation which would give back the original
> data. Currently this framework supports testing of multi-segmented mbuf
> as input with TLS record. The same would be enhanced to support more
> cases such as ICV corruption, incorrect padding etc.
>
> Enhancements planned for future,
> - Add TLS 1.3 suite
> - Add negative tests such as ICV corruption and incorrect padding
> - Add session expiry tests
> - Add anti-replay tests with DTLS
>
> Sample output with crypto_cn10k:
>
> + ------------------------------------------------------- +
> [67/18944]
> + ------------------------------------------------------- +
> + Test Suite : TLS 1.2 Record Protocol Unit Test Suite
> + ------------------------------------------------------- +
> + TestCase [ 0] : Write record known vector AES-GCM-128 (vector 1) succeeded
> + TestCase [ 1] : Write record known vector AES-GCM-128 (vector 2) succeeded
> + TestCase [ 2] : Write record known vector AES-GCM-256 succeeded
> + TestCase [ 3] : Write record known vector AES-CBC-128-SHA1 succeeded
> + TestCase [ 4] : Write record known vector AES-128-CBC-SHA256 succeeded
> + TestCase [ 5] : Write record known vector AES-256-CBC-SHA1 succeeded
> + TestCase [ 6] : Write record known vector AES-256-CBC-SHA256 succeeded
> + TestCase [ 7] : Write record known vector 3DES-CBC-SHA1-HMAC succeeded
> USER1: Cipher crypto capabilities not supported
> + TestCase [ 8] : Write record known vector NULL-SHA1-HMAC skipped
> USER1: Crypto capabilities not supported
> + TestCase [ 9] : Write record known vector CHACHA20-POLY1305 skipped
> + TestCase [10] : Read record known vector AES-GCM-128 (vector 1) succeeded
> + TestCase [11] : Read record known vector AES-GCM-128 (vector 2) succeeded
> + TestCase [12] : Read record known vector AES-GCM-256 succeeded
> + TestCase [13] : Read record known vector AES-128-CBC-SHA1 succeeded
> + TestCase [14] : Read record known vector AES-128-CBC-SHA256 succeeded
> + TestCase [15] : Read record known vector AES-256-CBC-SHA1 succeeded
> + TestCase [16] : Read record known vector AES-256-CBC-SHA256 succeeded
> + TestCase [17] : Read record known vector 3DES-CBC-SHA1-HMAC succeeded
> USER1: Cipher crypto capabilities not supported
> + TestCase [18] : Read record known vector NULL-SHA1-HMAC skipped
> USER1: Crypto capabilities not supported
> + TestCase [19] : Read record known vector CHACHA20-POLY1305 skipped
> 3des-cbc [192] sha1-hmac [20B ICV]
> aes-cbc [128] sha1-hmac [20B ICV]
> aes-cbc [128] sha2-256-hmac [32B ICV]
> aes-cbc [256] sha1-hmac [20B ICV]
> aes-cbc [256] sha2-256-hmac [32B ICV]
> + TestCase [20] : Combined test alg list succeeded
> + TestCase [21] : Multi-segmented mode succeeded
> + ------------------------------------------------------- +
> + Test Suite Summary : TLS 1.2 Record Protocol Unit Test Suite
> + ------------------------------------------------------- +
> + Tests Total : 22
> + Tests Skipped : 4
> + Tests Executed : 22
> + Tests Unsupported: 0
> + Tests Passed : 18
> + Tests Failed : 0
> + ------------------------------------------------------- +
> + ------------------------------------------------------- +
> + Test Suite : DTLS 1.2 Record Protocol Unit Test Suite
> + ------------------------------------------------------- +
> + TestCase [ 0] : Write record known vector AES-GCM-128 succeeded
> + TestCase [ 1] : Write record known vector AES-GCM-256 succeeded
> + TestCase [ 2] : Write record known vector AES-128-CBC-SHA1 succeeded
> + TestCase [ 3] : Write record known vector AES-128-CBC-SHA256 succeeded
> + TestCase [ 4] : Write record known vector AES-256-CBC-SHA1 succeeded
> + TestCase [ 5] : Write record known vector AES-256-CBC-SHA256 succeeded
> + TestCase [ 6] : Write record known vector 3DES-CBC-SHA1-HMAC succeeded
> USER1: Cipher crypto capabilities not supported
> + TestCase [ 7] : Write record known vector NULL-SHA1-HMAC skipped
> USER1: Crypto capabilities not supported
> + TestCase [ 8] : Write record known vector CHACHA20-POLY1305 skipped
> + TestCase [ 9] : Read record known vector AES-GCM-128 succeeded
> + TestCase [10] : Read record known vector AES-GCM-256 succeeded
> + TestCase [11] : Read record known vector AES-128-CBC-SHA1 succeeded
> + TestCase [12] : Read record known vector AES-128-CBC-SHA256 succeeded
> + TestCase [13] : Read record known vector AES-256-CBC-SHA1 succeeded
> + TestCase [14] : Read record known vector AES-256-CBC-SHA256 succeeded
> + TestCase [15] : Read record known vector 3DES-CBC-SHA1-HMAC succeeded
> USER1: Cipher crypto capabilities not supported
> + TestCase [16] : Read record known vector NULL-SHA1-HMAC skipped
> USER1: Crypto capabilities not supported
> + TestCase [17] : Read record known vector CHACHA20-POLY1305 skipped
> 3des-cbc [192] sha1-hmac [20B ICV]
> aes-cbc [128] sha1-hmac [20B ICV]
> aes-cbc [128] sha2-256-hmac [32B ICV]
> aes-cbc [256] sha1-hmac [20B ICV]
> aes-cbc [256] sha2-256-hmac [32B ICV]
> + TestCase [18] : Combined test alg list succeeded
> + TestCase [19] : Multi-segmented mode succeeded
> + ------------------------------------------------------- +
> + Test Suite Summary : DTLS 1.2 Record Protocol Unit Test Suite
> + ------------------------------------------------------- +
> + Tests Total : 20
> + Tests Skipped : 4
> + Tests Executed : 20
> + Tests Unsupported: 0
> + Tests Passed : 16
> + Tests Failed : 0
> + ------------------------------------------------------- +
>
> Akhil Goyal (3):
> test/crypto: add TLS1.2 vectors
> test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors
> test/security: add TLS 1.2 and DTLS 1.2 vectors
>
> Anoob Joseph (5):
> test/crypto: move security caps checks to separate file
> test/crypto: move algorithm display routines to common
> test/security: add sha1-hmac to auth list
> test/crypto: add TLS record tests
> test/crypto: add verification of TLS headers
>
> Tejasree Kondoj (2):
> test/crypto: add AES-GCM 128 TLS 1.2 vector
> test/crypto: add multi segmented cases
>
> Vidya Sagar Velumuri (4):
> test/crypto: move algorithm list to common
> test/crypto: move algorithm framework to common
> test/crypto: add combined mode cases
> test/security: add more algos to combined tests
>
> app/test-security-perf/meson.build | 1 +
> app/test-security-perf/test_security_perf.c | 35 +-
> app/test/meson.build | 2 +
> app/test/test_cryptodev.c | 596 ++++++-
> app/test/test_cryptodev.h | 2 +
> app/test/test_cryptodev_security_ipsec.c | 164 +-
> app/test/test_cryptodev_security_ipsec.h | 157 +-
> app/test/test_cryptodev_security_tls_record.c | 327 ++++
> app/test/test_cryptodev_security_tls_record.h | 101 ++
> ...yptodev_security_tls_record_test_vectors.h | 1584 +++++++++++++++++
> app/test/test_security_inline_proto.c | 42 +-
> app/test/test_security_proto.c | 154 ++
> app/test/test_security_proto.h | 186 ++
> doc/guides/rel_notes/release_24_03.rst | 4 +
> 14 files changed, 2960 insertions(+), 395 deletions(-)
> create mode 100644 app/test/test_cryptodev_security_tls_record.c
> create mode 100644 app/test/test_cryptodev_security_tls_record.h
> create mode 100644
> app/test/test_cryptodev_security_tls_record_test_vectors.h
> create mode 100644 app/test/test_security_proto.c
> create mode 100644 app/test/test_security_proto.h
>
Series Acked-by: Akhil Goyal <gakhil@marvell.com>
next prev parent reply other threads:[~2024-01-16 9:02 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 13:02 Anoob Joseph
2023-12-07 13:02 ` [PATCH 01/14] test/crypto: move security caps checks to separate file Anoob Joseph
2023-12-07 13:02 ` [PATCH 02/14] test/crypto: move algorithm list to common Anoob Joseph
2023-12-07 13:02 ` [PATCH 03/14] test/crypto: move algorithm display routines " Anoob Joseph
2023-12-07 13:02 ` [PATCH 04/14] test/security: add sha1-hmac to auth list Anoob Joseph
2023-12-07 13:02 ` [PATCH 05/14] test/crypto: move algorithm framework to common Anoob Joseph
2023-12-07 13:02 ` [PATCH 06/14] test/crypto: add TLS record tests Anoob Joseph
2023-12-07 13:02 ` [PATCH 07/14] test/crypto: add AES-GCM 128 TLS 1.2 vector Anoob Joseph
2023-12-07 13:02 ` [PATCH 08/14] test/crypto: add TLS1.2 vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 09/14] test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 10/14] test/crypto: add combined mode cases Anoob Joseph
2023-12-07 13:02 ` [PATCH 11/14] test/crypto: add verification of TLS headers Anoob Joseph
2023-12-07 13:02 ` [PATCH 12/14] test/security: add more algos to combined tests Anoob Joseph
2023-12-07 13:02 ` [PATCH 13/14] test/security: add TLS 1.2 and DTLS 1.2 vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 14/14] test/crypto: add multi segmented cases Anoob Joseph
2024-01-16 9:02 ` Akhil Goyal [this message]
2024-01-19 8:55 ` [PATCH 00/14] Add TLS record test suite Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO6PR18MB448470AA2BE7B48A6F964292D8732@CO6PR18MB4484.namprd18.prod.outlook.com \
--to=gakhil@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=harry.van.haaren@intel.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).