From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>
Cc: Harry van Haaren <harry.van.haaren@intel.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>,
<dev@dpdk.org>, Vidya Sagar Velumuri <vvelumuri@marvell.com>
Subject: [PATCH 11/14] test/crypto: add verification of TLS headers
Date: Thu, 7 Dec 2023 18:32:13 +0530 [thread overview]
Message-ID: <20231207130216.140-12-anoobj@marvell.com> (raw)
In-Reply-To: <20231207130216.140-1-anoobj@marvell.com>
Add verification of TLS headers in protocol offload tests.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
app/test/test_cryptodev_security_tls_record.c | 118 +++++++++++++++++-
1 file changed, 117 insertions(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 6f106050c2..bcb2eba4ff 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -3,6 +3,8 @@
*/
#include <rte_crypto.h>
+#include <rte_dtls.h>
+#include <rte_tls.h>
#include "test.h"
#include "test_cryptodev_security_tls_record.h"
@@ -62,8 +64,8 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
const struct tls_record_test_flags *flags,
struct tls_record_test_data *td_array, int nb_td)
{
+ int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0;
struct tls_record_test_data *td = NULL;
- int i;
memset(td_array, 0, nb_td * sizeof(*td));
@@ -94,6 +96,59 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
}
}
+ tls_pkt_size = td->input_text.len;
+
+ if (!td->aead) {
+ mac_len = td->xform.chain.auth.auth.digest_length;
+ switch (td->xform.chain.cipher.cipher.algo) {
+ case RTE_CRYPTO_CIPHER_3DES_CBC:
+ roundup_len = 8;
+ exp_nonce_len = 8;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ roundup_len = 16;
+ exp_nonce_len = 16;
+ break;
+ default:
+ roundup_len = 0;
+ exp_nonce_len = 0;
+ break;
+ }
+ } else {
+ mac_len = td->xform.aead.aead.digest_length;
+ exp_nonce_len = 8;
+ }
+
+ switch (td->tls_record_xform.ver) {
+ case RTE_SECURITY_VERSION_TLS_1_2:
+ case RTE_SECURITY_VERSION_TLS_1_3:
+ hdr_len = sizeof(struct rte_tls_hdr);
+ min_padding = 1;
+ break;
+ case RTE_SECURITY_VERSION_DTLS_1_2:
+ hdr_len = sizeof(struct rte_dtls_hdr);
+ min_padding = 0;
+ break;
+ default:
+ hdr_len = 0;
+ min_padding = 0;
+ break;
+ }
+
+ tls_pkt_size += mac_len;
+
+ /* Padding */
+ tls_pkt_size += min_padding;
+ tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len);
+
+ /* Explicit nonce */
+ tls_pkt_size += exp_nonce_len;
+
+ /* Add TLS header */
+ tls_pkt_size += hdr_len;
+
+ td->output_text.len = tls_pkt_size;
+
RTE_SET_USED(flags);
}
@@ -160,6 +215,60 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len,
return TEST_SUCCESS;
}
+static int
+tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text)
+{
+ uint16_t length, hdr_len;
+ uint8_t content_type;
+
+ if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_2) {
+ const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text;
+ if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) {
+ printf("Incorrect header version [expected - %4x, received - %4x]\n",
+ RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version));
+ return TEST_FAILED;
+ }
+ content_type = hdr->type;
+ length = rte_be_to_cpu_16(hdr->length);
+ hdr_len = sizeof(struct rte_tls_hdr);
+ } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) {
+ const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text;
+ if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_3) {
+ printf("Incorrect header version [expected - %4x, received - %4x]\n",
+ RTE_TLS_VERSION_1_3, rte_be_to_cpu_16(hdr->version));
+ return TEST_FAILED;
+ }
+ content_type = hdr->type;
+ length = rte_be_to_cpu_16(hdr->length);
+ hdr_len = sizeof(struct rte_tls_hdr);
+ } else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_DTLS_1_2) {
+ const struct rte_dtls_hdr *hdr = (const struct rte_dtls_hdr *)output_text;
+ if (rte_be_to_cpu_16(hdr->version) != RTE_DTLS_VERSION_1_2) {
+ printf("Incorrect header version [expected - %4x, received - %4x]\n",
+ RTE_DTLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version));
+ return TEST_FAILED;
+ }
+ content_type = hdr->type;
+ length = rte_be_to_cpu_16(hdr->length);
+ hdr_len = sizeof(struct rte_dtls_hdr);
+ } else {
+ return TEST_FAILED;
+ }
+
+ if (content_type != td->app_type) {
+ printf("Incorrect content type in packet [expected - %d, received - %d]\n",
+ td->app_type, content_type);
+ return TEST_FAILED;
+ }
+
+ if (length != td->output_text.len - hdr_len) {
+ printf("Incorrect packet length [expected - %d, received - %d]\n",
+ td->output_text.len - hdr_len, length);
+ return TEST_FAILED;
+ }
+
+ return TEST_SUCCESS;
+}
int
test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
@@ -169,6 +278,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t
uint8_t output_text[TLS_RECORD_MAX_LEN];
const struct rte_mbuf *seg;
const uint8_t *output;
+ int ret;
memset(output_text, 0, TLS_RECORD_MAX_LEN);
@@ -193,6 +303,12 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t
memcpy(output_text, output, len);
}
+ if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) {
+ ret = tls_record_hdr_verify(td, output_text);
+ if (ret != TEST_SUCCESS)
+ return ret;
+ }
+
/*
* In case of known vector tests & all record read (decrypt) tests, res_d provided would be
* NULL and output data need to be validated against expected. For record read (decrypt),
--
2.25.1
next prev parent reply other threads:[~2023-12-07 13:04 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 13:02 [PATCH 00/14] Add TLS record test suite Anoob Joseph
2023-12-07 13:02 ` [PATCH 01/14] test/crypto: move security caps checks to separate file Anoob Joseph
2023-12-07 13:02 ` [PATCH 02/14] test/crypto: move algorithm list to common Anoob Joseph
2023-12-07 13:02 ` [PATCH 03/14] test/crypto: move algorithm display routines " Anoob Joseph
2023-12-07 13:02 ` [PATCH 04/14] test/security: add sha1-hmac to auth list Anoob Joseph
2023-12-07 13:02 ` [PATCH 05/14] test/crypto: move algorithm framework to common Anoob Joseph
2023-12-07 13:02 ` [PATCH 06/14] test/crypto: add TLS record tests Anoob Joseph
2023-12-07 13:02 ` [PATCH 07/14] test/crypto: add AES-GCM 128 TLS 1.2 vector Anoob Joseph
2023-12-07 13:02 ` [PATCH 08/14] test/crypto: add TLS1.2 vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 09/14] test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 10/14] test/crypto: add combined mode cases Anoob Joseph
2023-12-07 13:02 ` Anoob Joseph [this message]
2023-12-07 13:02 ` [PATCH 12/14] test/security: add more algos to combined tests Anoob Joseph
2023-12-07 13:02 ` [PATCH 13/14] test/security: add TLS 1.2 and DTLS 1.2 vectors Anoob Joseph
2023-12-07 13:02 ` [PATCH 14/14] test/crypto: add multi segmented cases Anoob Joseph
2024-01-16 9:02 ` [PATCH 00/14] Add TLS record test suite Akhil Goyal
2024-01-19 8:55 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231207130216.140-12-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=harry.van.haaren@intel.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).