From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>
Cc: Harry van Haaren <harry.van.haaren@intel.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>,
<dev@dpdk.org>, Vidya Sagar Velumuri <vvelumuri@marvell.com>
Subject: [PATCH 00/14] Add TLS record test suite
Date: Thu, 7 Dec 2023 18:32:02 +0530 [thread overview]
Message-ID: <20231207130216.140-1-anoobj@marvell.com> (raw)
Add TLS record test suite in cryptodev autotest framework. The test
suite would run based on capabilities exposed by the cryptodev.
The test suite framework is similar to the framework used in case of
IPsec tests. To avoid duplication of code, protocol independent code
is moved to common files and the functions are renamed accordingly.
TLS record test suite has known vector tests as well as combined mode
tests. Known vector tests leverages vectors generated with kTLS and
gnuTLS utilities. The test suite supports testing both operations (read
or decrypt, write or encrypt) with a single vector. Write or encrypt
test would get skipped if cryptodev doesn't support disabling of IV
generation. Combined mode tests are targetted at testing protocol
features with all combinations of cipher-authentication algorithms.
Combined mode performs record write operation first and feeds that back
to record read operation. Individual test cases may update the input to
record write operation based on the test case and the test framework
validates the output obtained (not complete text, but protocol specific
fields such as TLS header). Once it is validated, the output will be
submitted for record read operation which would give back the original
data. Currently this framework supports testing of multi-segmented mbuf
as input with TLS record. The same would be enhanced to support more
cases such as ICV corruption, incorrect padding etc.
Enhancements planned for future,
- Add TLS 1.3 suite
- Add negative tests such as ICV corruption and incorrect padding
- Add session expiry tests
- Add anti-replay tests with DTLS
Sample output with crypto_cn10k:
+ ------------------------------------------------------- + [67/18944]
+ ------------------------------------------------------- +
+ Test Suite : TLS 1.2 Record Protocol Unit Test Suite
+ ------------------------------------------------------- +
+ TestCase [ 0] : Write record known vector AES-GCM-128 (vector 1) succeeded
+ TestCase [ 1] : Write record known vector AES-GCM-128 (vector 2) succeeded
+ TestCase [ 2] : Write record known vector AES-GCM-256 succeeded
+ TestCase [ 3] : Write record known vector AES-CBC-128-SHA1 succeeded
+ TestCase [ 4] : Write record known vector AES-128-CBC-SHA256 succeeded
+ TestCase [ 5] : Write record known vector AES-256-CBC-SHA1 succeeded
+ TestCase [ 6] : Write record known vector AES-256-CBC-SHA256 succeeded
+ TestCase [ 7] : Write record known vector 3DES-CBC-SHA1-HMAC succeeded
USER1: Cipher crypto capabilities not supported
+ TestCase [ 8] : Write record known vector NULL-SHA1-HMAC skipped
USER1: Crypto capabilities not supported
+ TestCase [ 9] : Write record known vector CHACHA20-POLY1305 skipped
+ TestCase [10] : Read record known vector AES-GCM-128 (vector 1) succeeded
+ TestCase [11] : Read record known vector AES-GCM-128 (vector 2) succeeded
+ TestCase [12] : Read record known vector AES-GCM-256 succeeded
+ TestCase [13] : Read record known vector AES-128-CBC-SHA1 succeeded
+ TestCase [14] : Read record known vector AES-128-CBC-SHA256 succeeded
+ TestCase [15] : Read record known vector AES-256-CBC-SHA1 succeeded
+ TestCase [16] : Read record known vector AES-256-CBC-SHA256 succeeded
+ TestCase [17] : Read record known vector 3DES-CBC-SHA1-HMAC succeeded
USER1: Cipher crypto capabilities not supported
+ TestCase [18] : Read record known vector NULL-SHA1-HMAC skipped
USER1: Crypto capabilities not supported
+ TestCase [19] : Read record known vector CHACHA20-POLY1305 skipped
3des-cbc [192] sha1-hmac [20B ICV]
aes-cbc [128] sha1-hmac [20B ICV]
aes-cbc [128] sha2-256-hmac [32B ICV]
aes-cbc [256] sha1-hmac [20B ICV]
aes-cbc [256] sha2-256-hmac [32B ICV]
+ TestCase [20] : Combined test alg list succeeded
+ TestCase [21] : Multi-segmented mode succeeded
+ ------------------------------------------------------- +
+ Test Suite Summary : TLS 1.2 Record Protocol Unit Test Suite
+ ------------------------------------------------------- +
+ Tests Total : 22
+ Tests Skipped : 4
+ Tests Executed : 22
+ Tests Unsupported: 0
+ Tests Passed : 18
+ Tests Failed : 0
+ ------------------------------------------------------- +
+ ------------------------------------------------------- +
+ Test Suite : DTLS 1.2 Record Protocol Unit Test Suite
+ ------------------------------------------------------- +
+ TestCase [ 0] : Write record known vector AES-GCM-128 succeeded
+ TestCase [ 1] : Write record known vector AES-GCM-256 succeeded
+ TestCase [ 2] : Write record known vector AES-128-CBC-SHA1 succeeded
+ TestCase [ 3] : Write record known vector AES-128-CBC-SHA256 succeeded
+ TestCase [ 4] : Write record known vector AES-256-CBC-SHA1 succeeded
+ TestCase [ 5] : Write record known vector AES-256-CBC-SHA256 succeeded
+ TestCase [ 6] : Write record known vector 3DES-CBC-SHA1-HMAC succeeded
USER1: Cipher crypto capabilities not supported
+ TestCase [ 7] : Write record known vector NULL-SHA1-HMAC skipped
USER1: Crypto capabilities not supported
+ TestCase [ 8] : Write record known vector CHACHA20-POLY1305 skipped
+ TestCase [ 9] : Read record known vector AES-GCM-128 succeeded
+ TestCase [10] : Read record known vector AES-GCM-256 succeeded
+ TestCase [11] : Read record known vector AES-128-CBC-SHA1 succeeded
+ TestCase [12] : Read record known vector AES-128-CBC-SHA256 succeeded
+ TestCase [13] : Read record known vector AES-256-CBC-SHA1 succeeded
+ TestCase [14] : Read record known vector AES-256-CBC-SHA256 succeeded
+ TestCase [15] : Read record known vector 3DES-CBC-SHA1-HMAC succeeded
USER1: Cipher crypto capabilities not supported
+ TestCase [16] : Read record known vector NULL-SHA1-HMAC skipped
USER1: Crypto capabilities not supported
+ TestCase [17] : Read record known vector CHACHA20-POLY1305 skipped
3des-cbc [192] sha1-hmac [20B ICV]
aes-cbc [128] sha1-hmac [20B ICV]
aes-cbc [128] sha2-256-hmac [32B ICV]
aes-cbc [256] sha1-hmac [20B ICV]
aes-cbc [256] sha2-256-hmac [32B ICV]
+ TestCase [18] : Combined test alg list succeeded
+ TestCase [19] : Multi-segmented mode succeeded
+ ------------------------------------------------------- +
+ Test Suite Summary : DTLS 1.2 Record Protocol Unit Test Suite
+ ------------------------------------------------------- +
+ Tests Total : 20
+ Tests Skipped : 4
+ Tests Executed : 20
+ Tests Unsupported: 0
+ Tests Passed : 16
+ Tests Failed : 0
+ ------------------------------------------------------- +
Akhil Goyal (3):
test/crypto: add TLS1.2 vectors
test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors
test/security: add TLS 1.2 and DTLS 1.2 vectors
Anoob Joseph (5):
test/crypto: move security caps checks to separate file
test/crypto: move algorithm display routines to common
test/security: add sha1-hmac to auth list
test/crypto: add TLS record tests
test/crypto: add verification of TLS headers
Tejasree Kondoj (2):
test/crypto: add AES-GCM 128 TLS 1.2 vector
test/crypto: add multi segmented cases
Vidya Sagar Velumuri (4):
test/crypto: move algorithm list to common
test/crypto: move algorithm framework to common
test/crypto: add combined mode cases
test/security: add more algos to combined tests
app/test-security-perf/meson.build | 1 +
app/test-security-perf/test_security_perf.c | 35 +-
app/test/meson.build | 2 +
app/test/test_cryptodev.c | 596 ++++++-
app/test/test_cryptodev.h | 2 +
app/test/test_cryptodev_security_ipsec.c | 164 +-
app/test/test_cryptodev_security_ipsec.h | 157 +-
app/test/test_cryptodev_security_tls_record.c | 327 ++++
app/test/test_cryptodev_security_tls_record.h | 101 ++
...yptodev_security_tls_record_test_vectors.h | 1584 +++++++++++++++++
app/test/test_security_inline_proto.c | 42 +-
app/test/test_security_proto.c | 154 ++
app/test/test_security_proto.h | 186 ++
doc/guides/rel_notes/release_24_03.rst | 4 +
14 files changed, 2960 insertions(+), 395 deletions(-)
create mode 100644 app/test/test_cryptodev_security_tls_record.c
create mode 100644 app/test/test_cryptodev_security_tls_record.h
create mode 100644 app/test/test_cryptodev_security_tls_record_test_vectors.h
create mode 100644 app/test/test_security_proto.c
create mode 100644 app/test/test_security_proto.h
--
2.25.1
next reply other threads:[~2023-12-07 13:02 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 13:02 Anoob Joseph [this message]
2023-12-07 13:02 ` [PATCH 01/14] test/crypto: move security caps checks to separate file Anoob Joseph
2023-12-07 13:02 ` [PATCH 02/14] test/crypto: move algorithm list to common Anoob Joseph
2023-12-07 13:02 ` [PATCH 03/14] test/crypto: move algorithm display routines " Anoob Joseph
2023-12-07 13:02 ` [PATCH 04/14] test/security: add sha1-hmac to auth list Anoob Joseph
2023-12-07 13:02 ` [PATCH 05/14] test/crypto: move algorithm framework to common Anoob Joseph
2023-12-07 13:02 ` [PATCH 06/14] test/crypto: add TLS record tests Anoob Joseph
2023-12-07 13:02 ` [PATCH 07/14] test/crypto: add AES-GCM 128 TLS 1.2 vector Anoob Joseph
2023-12-07 13:02 ` [PATCH 08/14] test/crypto: add TLS1.2 vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 09/14] test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 10/14] test/crypto: add combined mode cases Anoob Joseph
2023-12-07 13:02 ` [PATCH 11/14] test/crypto: add verification of TLS headers Anoob Joseph
2023-12-07 13:02 ` [PATCH 12/14] test/security: add more algos to combined tests Anoob Joseph
2023-12-07 13:02 ` [PATCH 13/14] test/security: add TLS 1.2 and DTLS 1.2 vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 14/14] test/crypto: add multi segmented cases Anoob Joseph
2024-01-16 9:02 ` [PATCH 00/14] Add TLS record test suite Akhil Goyal
2024-01-19 8:55 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231207130216.140-1-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=harry.van.haaren@intel.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).