[PATCH 0/7] Improvements and new test cases

[PATCH 0/7] Improvements and new test cases

[Aakash Sasidharan]

Adding new test cases and improvements to test application.

Aakash Sasidharan (4):
  test/crypto: add combined mode cases for TLS 1.3
  test/security: add TLS 1.3 data walkthrough tests
  test/security: add out of place sgl tests for TLS
  test/security: use single session in data walkthrough test

Vidya Sagar Velumuri (3):
  test/crypto: unit tests for padding for TLS-1.3
  test/crypto: verify padding corruption in TLS-1.2
  test/crypto: verify padding corruption in DTLS-1.2

 app/test/test_cryptodev.c                     | 222 ++++++++++++++++--
 app/test/test_cryptodev_security_tls_record.c |   7 +
 app/test/test_cryptodev_security_tls_record.h |   2 +
 3 files changed, 209 insertions(+), 22 deletions(-)

-- 
2.25.1

[PATCH 1/7] test/crypto: unit tests for padding for TLS-1.3

[Aakash Sasidharan]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit tests to verify the padding for TLS-1.3.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 94438c587a..61ee43327a 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12740,6 +12740,25 @@ test_tls_1_3_record_proto_zero_len_non_app(void)
 
 	return test_tls_record_proto_all(&flags);
 }
+
+static int
+test_tls_1_3_record_proto_dm_opt_padding(void)
+{
+	return test_tls_record_proto_opt_padding(6, 0, RTE_SECURITY_VERSION_TLS_1_3);
+}
+
+static int
+test_tls_1_3_record_proto_sg_opt_padding(void)
+{
+	return test_tls_record_proto_opt_padding(25, 5, RTE_SECURITY_VERSION_TLS_1_3);
+}
+
+static int
+test_tls_1_3_record_proto_sg_opt_padding_1(void)
+{
+	return test_tls_record_proto_opt_padding(25, 4, RTE_SECURITY_VERSION_TLS_1_3);
+}
+
 #endif
 
 static int
@@ -18168,6 +18187,18 @@ static struct unit_test_suite tls13_record_proto_testsuite  = {
 			"TLS-1.3 record with zero len and content type as ctrl",
 			ut_setup_security, ut_teardown,
 			test_tls_1_3_record_proto_zero_len_non_app),
+		TEST_CASE_NAMED_ST(
+			"TLS-1.3 record DM mode with optional padding",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_dm_opt_padding),
+		TEST_CASE_NAMED_ST(
+			"TLS-1.3 record SG mode with optional padding - 1",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_sg_opt_padding),
+		TEST_CASE_NAMED_ST(
+			"TLS-1.3 record SG mode with optional padding",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_sg_opt_padding_1),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.25.1

[PATCH 2/7] test/crypto: add combined mode cases for TLS 1.3

[Aakash Sasidharan]

Add cases to try TLS 1.3 record write(encrypt) + read(decrypt)
operations. This is used for testing TLS 1.3 record features with
all algorithms supported by the security device.

Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 61ee43327a..c5244db883 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12680,6 +12680,19 @@ test_dtls_1_2_record_proto_sg_opt_padding_max(void)
 	return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_DTLS_1_2);
 }
 
+static int
+test_tls_1_3_record_proto_display_list(void)
+{
+	struct tls_record_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.display_alg = true;
+	flags.tls_version = RTE_SECURITY_VERSION_TLS_1_3;
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_tls_1_3_record_proto_corrupt_pkt(void)
 {
@@ -18199,6 +18212,10 @@ static struct unit_test_suite tls13_record_proto_testsuite  = {
 			"TLS-1.3 record SG mode with optional padding",
 			ut_setup_security, ut_teardown,
 			test_tls_1_3_record_proto_sg_opt_padding_1),
+		TEST_CASE_NAMED_ST(
+			"Combined test alg list",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_display_list),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.25.1

[PATCH 3/7] test/security: add TLS 1.3 data walkthrough tests

[Aakash Sasidharan]

Add combined mode data walkthrough test and multi-segmented
packet data walkthrough test for TLS 1.3.

Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c | 41 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index c5244db883..f3145abfee 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12772,6 +12772,39 @@ test_tls_1_3_record_proto_sg_opt_padding_1(void)
 	return test_tls_record_proto_opt_padding(25, 4, RTE_SECURITY_VERSION_TLS_1_3);
 }
 
+static int
+test_tls_1_3_record_proto_data_walkthrough(void)
+{
+	struct tls_record_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.data_walkthrough = true;
+	flags.tls_version = RTE_SECURITY_VERSION_TLS_1_3;
+
+	return test_tls_record_proto_all(&flags);
+}
+
+static int
+test_tls_1_3_record_proto_sgl_data_walkthrough(void)
+{
+	struct tls_record_test_flags flags = {
+		.nb_segs_in_mbuf = 5,
+		.tls_version = RTE_SECURITY_VERSION_TLS_1_3,
+		.data_walkthrough = true
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
+		printf("Device doesn't support in-place scatter-gather. Test Skipped.\n");
+		return TEST_SKIPPED;
+	}
+
+	return test_tls_record_proto_all(&flags);
+}
+
 #endif
 
 static int
@@ -18216,6 +18249,14 @@ static struct unit_test_suite tls13_record_proto_testsuite  = {
 			"Combined test alg list",
 			ut_setup_security, ut_teardown,
 			test_tls_1_3_record_proto_display_list),
+		TEST_CASE_NAMED_ST(
+			"Data walkthrough combined test alg list",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_data_walkthrough),
+		TEST_CASE_NAMED_ST(
+			"Multi-segmented mode data walkthrough",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_sgl_data_walkthrough),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.25.1

[PATCH 4/7] test/crypto: verify padding corruption in TLS-1.2

[Aakash Sasidharan]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test to verify corrupted padding bytes in TLS-1.2 record

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     | 22 ++++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c |  7 ++++++
 app/test/test_cryptodev_security_tls_record.h |  1 +
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f3145abfee..f68864e117 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12173,7 +12173,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
-		if (flags->pkt_corruption) {
+		if (flags->pkt_corruption || flags->padding_corruption) {
 			if (ret == TEST_SUCCESS)
 				return TEST_FAILED;
 		} else {
@@ -12404,6 +12404,22 @@ test_tls_record_proto_sg_opt_padding_max(void)
 	return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2);
 }
 
+static int
+test_tls_record_proto_sg_opt_padding_corrupt(void)
+{
+	struct tls_record_test_flags flags = {
+		.opt_padding = 8,
+		.padding_corruption = true,
+		.nb_segs_in_mbuf = 4,
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17997,6 +18013,10 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"TLS record SG mode with optional padding > max range",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_sg_opt_padding_max),
+		TEST_CASE_NAMED_ST(
+			"TLS record SG mode with padding corruption",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sg_opt_padding_corrupt),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 03d9efefc3..1ba9609e1b 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -215,6 +215,13 @@ test_tls_record_td_update(struct tls_record_test_data td_inb[],
 		if (flags->pkt_corruption)
 			td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0];
 
+		/* Corrupt a byte in the last but one block */
+		if (flags->padding_corruption) {
+			int offset = td_inb[i].input_text.len - TLS_RECORD_PAD_CORRUPT_OFFSET;
+
+			td_inb[i].input_text.data[offset] = ~td_inb[i].input_text.data[offset];
+		}
+
 		/* Clear outbound specific flags */
 		td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
 	}
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 18a90c6ff6..acb7f15f1c 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -41,6 +41,7 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
 	      "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");
 
 #define TLS_RECORD_PLAINTEXT_MIN_LEN       (1u)
+#define TLS_RECORD_PAD_CORRUPT_OFFSET      20
 
 enum tls_record_test_content_type {
 	TLS_RECORD_TEST_CONTENT_TYPE_APP,
-- 
2.25.1

[PATCH 5/7] test/crypto: verify padding corruption in DTLS-1.2

[Aakash Sasidharan]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test to verify corrupted padding bytes in DTLS-1.2 record

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f68864e117..89b54729eb 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12709,6 +12709,23 @@ test_tls_1_3_record_proto_display_list(void)
 	return test_tls_record_proto_all(&flags);
 }
 
+static int
+test_dtls_1_2_record_proto_sg_opt_padding_corrupt(void)
+{
+	struct tls_record_test_flags flags = {
+		.opt_padding = 8,
+		.padding_corruption = true,
+		.nb_segs_in_mbuf = 4,
+		.tls_version = RTE_SECURITY_VERSION_DTLS_1_2
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_tls_1_3_record_proto_corrupt_pkt(void)
 {
@@ -18204,6 +18221,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite  = {
 			"DTLS record SG mode with optional padding > max range",
 			ut_setup_security, ut_teardown,
 			test_dtls_1_2_record_proto_sg_opt_padding_max),
+		TEST_CASE_NAMED_ST(
+			"DTLS record SG mode with padding corruption",
+			ut_setup_security, ut_teardown,
+			test_dtls_1_2_record_proto_sg_opt_padding_corrupt),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.25.1

[PATCH 6/7] test/security: add out of place sgl tests for TLS

[Aakash Sasidharan]

Add multi segmented test for TLS 1.3 and multi segmented out of place
tests for DTLS 1.2 and TLS 1.3.

Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c | 69 ++++++++++++++++++++++-----------------
 1 file changed, 39 insertions(+), 30 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 89b54729eb..0afc13a7b6 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12224,11 +12224,11 @@ test_tls_1_2_record_proto_display_list(void)
 }
 
 static int
-test_tls_1_2_record_proto_sgl(void)
+test_tls_record_proto_sgl(enum rte_security_tls_version tls_version)
 {
 	struct tls_record_test_flags flags = {
 		.nb_segs_in_mbuf = 5,
-		.tls_version = RTE_SECURITY_VERSION_TLS_1_2
+		.tls_version = tls_version
 	};
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct rte_cryptodev_info dev_info;
@@ -12242,6 +12242,12 @@ test_tls_1_2_record_proto_sgl(void)
 	return test_tls_record_proto_all(&flags);
 }
 
+static int
+test_tls_1_2_record_proto_sgl(void)
+{
+	return test_tls_record_proto_sgl(RTE_SECURITY_VERSION_TLS_1_2);
+}
+
 static int
 test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_version)
 {
@@ -12577,20 +12583,7 @@ test_dtls_1_2_record_proto_antireplay4096(void)
 static int
 test_dtls_1_2_record_proto_sgl(void)
 {
-	struct tls_record_test_flags flags = {
-		.nb_segs_in_mbuf = 5,
-		.tls_version = RTE_SECURITY_VERSION_DTLS_1_2
-	};
-	struct crypto_testsuite_params *ts_params = &testsuite_params;
-	struct rte_cryptodev_info dev_info;
-
-	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
-	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
-		printf("Device doesn't support in-place scatter-gather. Test Skipped.\n");
-		return TEST_SKIPPED;
-	}
-
-	return test_tls_record_proto_all(&flags);
+	return test_tls_record_proto_sgl(RTE_SECURITY_VERSION_DTLS_1_2);
 }
 
 static int
@@ -12599,6 +12592,12 @@ test_dtls_1_2_record_proto_sgl_data_walkthrough(void)
 	return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2);
 }
 
+static int
+test_dtls_1_2_record_proto_sgl_oop(void)
+{
+	return test_tls_record_proto_sgl_oop(RTE_SECURITY_VERSION_DTLS_1_2);
+}
+
 static int
 test_dtls_1_2_record_proto_corrupt_pkt(void)
 {
@@ -12819,23 +12818,21 @@ test_tls_1_3_record_proto_data_walkthrough(void)
 }
 
 static int
-test_tls_1_3_record_proto_sgl_data_walkthrough(void)
+test_tls_1_3_record_proto_sgl(void)
 {
-	struct tls_record_test_flags flags = {
-		.nb_segs_in_mbuf = 5,
-		.tls_version = RTE_SECURITY_VERSION_TLS_1_3,
-		.data_walkthrough = true
-	};
-	struct crypto_testsuite_params *ts_params = &testsuite_params;
-	struct rte_cryptodev_info dev_info;
+	return test_tls_record_proto_sgl(RTE_SECURITY_VERSION_TLS_1_3);
+}
 
-	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
-	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
-		printf("Device doesn't support in-place scatter-gather. Test Skipped.\n");
-		return TEST_SKIPPED;
-	}
+static int
+test_tls_1_3_record_proto_sgl_data_walkthrough(void)
+{
+	return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_3);
+}
 
-	return test_tls_record_proto_all(&flags);
+static int
+test_tls_1_3_record_proto_sgl_oop(void)
+{
+	return test_tls_record_proto_sgl_oop(RTE_SECURITY_VERSION_TLS_1_3);
 }
 
 #endif
@@ -18153,6 +18150,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite  = {
 			"Multi-segmented mode data walkthrough",
 			ut_setup_security, ut_teardown,
 			test_dtls_1_2_record_proto_sgl_data_walkthrough),
+		TEST_CASE_NAMED_ST(
+			"Multi-segmented mode out of place",
+			ut_setup_security, ut_teardown,
+			test_dtls_1_2_record_proto_sgl_oop),
 		TEST_CASE_NAMED_ST(
 			"Packet corruption",
 			ut_setup_security, ut_teardown,
@@ -18294,10 +18295,18 @@ static struct unit_test_suite tls13_record_proto_testsuite  = {
 			"Data walkthrough combined test alg list",
 			ut_setup_security, ut_teardown,
 			test_tls_1_3_record_proto_data_walkthrough),
+		TEST_CASE_NAMED_ST(
+			"Multi-segmented mode",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_sgl),
 		TEST_CASE_NAMED_ST(
 			"Multi-segmented mode data walkthrough",
 			ut_setup_security, ut_teardown,
 			test_tls_1_3_record_proto_sgl_data_walkthrough),
+		TEST_CASE_NAMED_ST(
+			"Multi-segmented mode out of place",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_sgl_oop),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.25.1

[PATCH 7/7] test/security: use single session in data walkthrough test

[Aakash Sasidharan]

Existing data walkthrough test creates a new session
per each test packet size. Enhance the test to use single
session instead.

Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c                     | 49 +++++++++++++++++--
 app/test/test_cryptodev_security_tls_record.h |  1 +
 2 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 0afc13a7b6..068f0b0aa1 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11968,9 +11968,12 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 		}
 	}
 
-	/* Create security session */
-	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool);
+	if (ut_params->sec_session == NULL) {
+		/* Create security session */
+		ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
+				ts_params->session_mpool);
+	}
+
 	if (ut_params->sec_session == NULL)
 		return TEST_SKIPPED;
 
@@ -12075,9 +12078,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 	rte_pktmbuf_free(ut_params->ibuf);
 	ut_params->ibuf = NULL;
 
-	if (ut_params->sec_session)
+	if (ut_params->sec_session != NULL && !flags->skip_sess_destroy) {
 		rte_security_session_destroy(ctx, ut_params->sec_session);
-	ut_params->sec_session = NULL;
+		ut_params->sec_session = NULL;
+	}
 
 	RTE_SET_USED(flags);
 
@@ -12121,8 +12125,11 @@ static int
 test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 {
 	unsigned int i, nb_pkts = 1, pass_cnt = 0, payload_len, max_payload_len;
+	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX];
 	struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX];
+	void *sec_session_outb = NULL;
+	void *sec_session_inb = NULL;
 	int ret;
 
 	switch (flags->tls_version) {
@@ -12152,10 +12159,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
+		if (flags->skip_sess_destroy)
+			ut_params->sec_session = sec_session_outb;
+
 		ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags);
 		if (ret == TEST_SKIPPED)
 			continue;
 
+		if (flags->skip_sess_destroy && sec_session_outb == NULL)
+			sec_session_outb = ut_params->sec_session;
+
 		if (flags->zero_len &&
 		    ((flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) ||
 		    (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) ||
@@ -12169,10 +12182,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 
 		test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags);
 
+		if (flags->skip_sess_destroy)
+			ut_params->sec_session = sec_session_inb;
+
 		ret = test_tls_record_proto_process(td_inb, NULL, nb_pkts, true, flags);
 		if (ret == TEST_SKIPPED)
 			continue;
 
+		if (flags->skip_sess_destroy && sec_session_inb == NULL)
+			sec_session_inb = ut_params->sec_session;
+
 		if (flags->pkt_corruption || flags->padding_corruption) {
 			if (ret == TEST_SUCCESS)
 				return TEST_FAILED;
@@ -12188,6 +12207,22 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (flags->display_alg)
 			test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2);
 
+		if (flags->skip_sess_destroy) {
+			uint8_t dev_id = testsuite_params.valid_devs[0];
+			struct rte_security_ctx *ctx;
+
+			ctx = rte_cryptodev_get_sec_ctx(dev_id);
+			if (sec_session_inb != NULL) {
+				rte_security_session_destroy(ctx, sec_session_inb);
+				sec_session_inb = NULL;
+			}
+			if (sec_session_outb != NULL) {
+				rte_security_session_destroy(ctx, sec_session_outb);
+				sec_session_outb = NULL;
+			}
+			ut_params->sec_session = NULL;
+		}
+
 		pass_cnt++;
 	}
 
@@ -12205,6 +12240,7 @@ test_tls_1_2_record_proto_data_walkthrough(void)
 	memset(&flags, 0, sizeof(flags));
 
 	flags.data_walkthrough = true;
+	flags.skip_sess_destroy = true;
 	flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2;
 
 	return test_tls_record_proto_all(&flags);
@@ -12254,6 +12290,7 @@ test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_ver
 	struct tls_record_test_flags flags = {
 		.nb_segs_in_mbuf = 5,
 		.tls_version = tls_version,
+		.skip_sess_destroy = true,
 		.data_walkthrough = true
 	};
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -12434,6 +12471,7 @@ test_dtls_1_2_record_proto_data_walkthrough(void)
 	memset(&flags, 0, sizeof(flags));
 
 	flags.data_walkthrough = true;
+	flags.skip_sess_destroy = true;
 	flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2;
 
 	return test_tls_record_proto_all(&flags);
@@ -12812,6 +12850,7 @@ test_tls_1_3_record_proto_data_walkthrough(void)
 	memset(&flags, 0, sizeof(flags));
 
 	flags.data_walkthrough = true;
+	flags.skip_sess_destroy = true;
 	flags.tls_version = RTE_SECURITY_VERSION_TLS_1_3;
 
 	return test_tls_record_proto_all(&flags);
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index acb7f15f1c..e4a291c153 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -100,6 +100,7 @@ struct tls_record_test_flags {
 	bool zero_len;
 	bool padding_corruption;
 	bool out_of_place;
+	bool skip_sess_destroy;
 	uint8_t nb_segs_in_mbuf;
 	uint8_t opt_padding;
 	enum rte_security_tls_version tls_version;
-- 
2.25.1

RE: [PATCH 0/7] Improvements and new test cases

[Anoob Joseph]

[-- Attachment #1: Type: text/plain, Size: 580 bytes --]

> 
> Adding new test cases and improvements to test application.
> 
> Aakash Sasidharan (4):
>   test/crypto: add combined mode cases for TLS 1.3
>   test/security: add TLS 1.3 data walkthrough tests
>   test/security: add out of place sgl tests for TLS
>   test/security: use single session in data walkthrough test
> 
> Vidya Sagar Velumuri (3):
>   test/crypto: unit tests for padding for TLS-1.3
>   test/crypto: verify padding corruption in TLS-1.2
>   test/crypto: verify padding corruption in DTLS-1.2

Series Acked-by: Anoob Joseph <anoobj@marvell.com>



[-- Attachment #2: winmail.dat --]
[-- Type: application/ms-tnef, Size: 14472 bytes --]

RE: [PATCH 4/7] test/crypto: verify padding corruption in TLS-1.2

[Akhil Goyal]

[-- Attachment #1: Type: text/plain, Size: 3807 bytes --]

> Subject: [PATCH 4/7] test/crypto: verify padding corruption in TLS-1.2
> 
> From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
> 
> Add unit test to verify corrupted padding bytes in TLS-1.2 record
> 
> Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
> ---
>  app/test/test_cryptodev.c                     | 22 ++++++++++++++++++-
>  app/test/test_cryptodev_security_tls_record.c |  7 ++++++
>  app/test/test_cryptodev_security_tls_record.h |  1 +
>  3 files changed, 29 insertions(+), 1 deletion(-)
> 
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index f3145abfee..f68864e117 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -12173,7 +12173,7 @@ test_tls_record_proto_all(const struct
> tls_record_test_flags *flags)
>  		if (ret == TEST_SKIPPED)
>  			continue;
> 
> -		if (flags->pkt_corruption) {
> +		if (flags->pkt_corruption || flags->padding_corruption) {
>  			if (ret == TEST_SUCCESS)
>  				return TEST_FAILED;
>  		} else {
> @@ -12404,6 +12404,22 @@ test_tls_record_proto_sg_opt_padding_max(void)
>  	return test_tls_record_proto_opt_padding(33, 4,
> RTE_SECURITY_VERSION_TLS_1_2);
>  }
> 
> +static int
> +test_tls_record_proto_sg_opt_padding_corrupt(void)
> +{
> +	struct tls_record_test_flags flags = {
> +		.opt_padding = 8,
> +		.padding_corruption = true,
> +		.nb_segs_in_mbuf = 4,
> +	};
> +	struct crypto_testsuite_params *ts_params = &testsuite_params;
> +	struct rte_cryptodev_info dev_info;
> +
> +	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);

Reading the dev_info but not using it??

Same issue in 5/7 patch.


> +
> +	return test_tls_record_proto_all(&flags);
> +}
> +
>  static int
>  test_dtls_1_2_record_proto_data_walkthrough(void)
>  {
> @@ -17997,6 +18013,10 @@ static struct unit_test_suite
> tls12_record_proto_testsuite  = {
>  			"TLS record SG mode with optional padding > max
> range",
>  			ut_setup_security, ut_teardown,
>  			test_tls_record_proto_sg_opt_padding_max),
> +		TEST_CASE_NAMED_ST(
> +			"TLS record SG mode with padding corruption",
> +			ut_setup_security, ut_teardown,
> +			test_tls_record_proto_sg_opt_padding_corrupt),
>  		TEST_CASES_END() /**< NULL terminate unit test array */
>  	}
>  };
> diff --git a/app/test/test_cryptodev_security_tls_record.c
> b/app/test/test_cryptodev_security_tls_record.c
> index 03d9efefc3..1ba9609e1b 100644
> --- a/app/test/test_cryptodev_security_tls_record.c
> +++ b/app/test/test_cryptodev_security_tls_record.c
> @@ -215,6 +215,13 @@ test_tls_record_td_update(struct tls_record_test_data
> td_inb[],
>  		if (flags->pkt_corruption)
>  			td_inb[i].input_text.data[0] =
> ~td_inb[i].input_text.data[0];
> 
> +		/* Corrupt a byte in the last but one block */
> +		if (flags->padding_corruption) {
> +			int offset = td_inb[i].input_text.len -
> TLS_RECORD_PAD_CORRUPT_OFFSET;
> +
> +			td_inb[i].input_text.data[offset] =
> ~td_inb[i].input_text.data[offset];
> +		}
> +
>  		/* Clear outbound specific flags */
>  		td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
>  	}
> diff --git a/app/test/test_cryptodev_security_tls_record.h
> b/app/test/test_cryptodev_security_tls_record.h
> index 18a90c6ff6..acb7f15f1c 100644
> --- a/app/test/test_cryptodev_security_tls_record.h
> +++ b/app/test/test_cryptodev_security_tls_record.h
> @@ -41,6 +41,7 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <=
> TEST_SEC_CLEARTEXT_MAX_LEN,
>  	      "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX
> LEN!");
> 
>  #define TLS_RECORD_PLAINTEXT_MIN_LEN       (1u)
> +#define TLS_RECORD_PAD_CORRUPT_OFFSET      20
> 
>  enum tls_record_test_content_type {
>  	TLS_RECORD_TEST_CONTENT_TYPE_APP,
> --
> 2.25.1


[-- Attachment #2: winmail.dat --]
[-- Type: application/ms-tnef, Size: 16034 bytes --]

[PATCH v2 0/7] Improvements and new test cases

[Aakash Sasidharan]

v2:
* Remove unused variables from tests for padding corruption.

Adding new test cases and improvements to test application.

Aakash Sasidharan (4):
  test/crypto: add combined mode cases for TLS 1.3
  test/security: add TLS 1.3 data walkthrough tests
  test/security: add out of place sgl tests for TLS
  test/security: use single session in data walkthrough test

Vidya Sagar Velumuri (3):
  test/crypto: unit tests for padding for TLS-1.3
  test/crypto: verify padding corruption in TLS-1.2
  test/crypto: verify padding corruption in DTLS-1.2

 app/test/test_cryptodev.c                     | 214 ++++++++++++++++--
 app/test/test_cryptodev_security_tls_record.c |   7 +
 app/test/test_cryptodev_security_tls_record.h |   2 +
 3 files changed, 201 insertions(+), 22 deletions(-)

-- 
2.25.1

[PATCH v2 1/7] test/crypto: unit tests for padding for TLS-1.3

[Aakash Sasidharan]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit tests to verify the padding for TLS-1.3.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 94438c587a..61ee43327a 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12740,6 +12740,25 @@ test_tls_1_3_record_proto_zero_len_non_app(void)
 
 	return test_tls_record_proto_all(&flags);
 }
+
+static int
+test_tls_1_3_record_proto_dm_opt_padding(void)
+{
+	return test_tls_record_proto_opt_padding(6, 0, RTE_SECURITY_VERSION_TLS_1_3);
+}
+
+static int
+test_tls_1_3_record_proto_sg_opt_padding(void)
+{
+	return test_tls_record_proto_opt_padding(25, 5, RTE_SECURITY_VERSION_TLS_1_3);
+}
+
+static int
+test_tls_1_3_record_proto_sg_opt_padding_1(void)
+{
+	return test_tls_record_proto_opt_padding(25, 4, RTE_SECURITY_VERSION_TLS_1_3);
+}
+
 #endif
 
 static int
@@ -18168,6 +18187,18 @@ static struct unit_test_suite tls13_record_proto_testsuite  = {
 			"TLS-1.3 record with zero len and content type as ctrl",
 			ut_setup_security, ut_teardown,
 			test_tls_1_3_record_proto_zero_len_non_app),
+		TEST_CASE_NAMED_ST(
+			"TLS-1.3 record DM mode with optional padding",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_dm_opt_padding),
+		TEST_CASE_NAMED_ST(
+			"TLS-1.3 record SG mode with optional padding - 1",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_sg_opt_padding),
+		TEST_CASE_NAMED_ST(
+			"TLS-1.3 record SG mode with optional padding",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_sg_opt_padding_1),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.25.1

[PATCH v2 2/7] test/crypto: add combined mode cases for TLS 1.3

[Aakash Sasidharan]

Add cases to try TLS 1.3 record write(encrypt) + read(decrypt)
operations. This is used for testing TLS 1.3 record features with
all algorithms supported by the security device.

Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 61ee43327a..c5244db883 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12680,6 +12680,19 @@ test_dtls_1_2_record_proto_sg_opt_padding_max(void)
 	return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_DTLS_1_2);
 }
 
+static int
+test_tls_1_3_record_proto_display_list(void)
+{
+	struct tls_record_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.display_alg = true;
+	flags.tls_version = RTE_SECURITY_VERSION_TLS_1_3;
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_tls_1_3_record_proto_corrupt_pkt(void)
 {
@@ -18199,6 +18212,10 @@ static struct unit_test_suite tls13_record_proto_testsuite  = {
 			"TLS-1.3 record SG mode with optional padding",
 			ut_setup_security, ut_teardown,
 			test_tls_1_3_record_proto_sg_opt_padding_1),
+		TEST_CASE_NAMED_ST(
+			"Combined test alg list",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_display_list),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.25.1

[PATCH v2 3/7] test/security: add TLS 1.3 data walkthrough tests

[Aakash Sasidharan]

Add combined mode data walkthrough test and multi-segmented
packet data walkthrough test for TLS 1.3.

Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c | 41 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index c5244db883..f3145abfee 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12772,6 +12772,39 @@ test_tls_1_3_record_proto_sg_opt_padding_1(void)
 	return test_tls_record_proto_opt_padding(25, 4, RTE_SECURITY_VERSION_TLS_1_3);
 }
 
+static int
+test_tls_1_3_record_proto_data_walkthrough(void)
+{
+	struct tls_record_test_flags flags;
+
+	memset(&flags, 0, sizeof(flags));
+
+	flags.data_walkthrough = true;
+	flags.tls_version = RTE_SECURITY_VERSION_TLS_1_3;
+
+	return test_tls_record_proto_all(&flags);
+}
+
+static int
+test_tls_1_3_record_proto_sgl_data_walkthrough(void)
+{
+	struct tls_record_test_flags flags = {
+		.nb_segs_in_mbuf = 5,
+		.tls_version = RTE_SECURITY_VERSION_TLS_1_3,
+		.data_walkthrough = true
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
+		printf("Device doesn't support in-place scatter-gather. Test Skipped.\n");
+		return TEST_SKIPPED;
+	}
+
+	return test_tls_record_proto_all(&flags);
+}
+
 #endif
 
 static int
@@ -18216,6 +18249,14 @@ static struct unit_test_suite tls13_record_proto_testsuite  = {
 			"Combined test alg list",
 			ut_setup_security, ut_teardown,
 			test_tls_1_3_record_proto_display_list),
+		TEST_CASE_NAMED_ST(
+			"Data walkthrough combined test alg list",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_data_walkthrough),
+		TEST_CASE_NAMED_ST(
+			"Multi-segmented mode data walkthrough",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_sgl_data_walkthrough),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.25.1

[PATCH v2 4/7] test/crypto: verify padding corruption in TLS-1.2

[Aakash Sasidharan]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test to verify corrupted padding bytes in TLS-1.2 record

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c                     | 18 +++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c |  7 +++++++
 app/test/test_cryptodev_security_tls_record.h |  1 +
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f3145abfee..da8d7bf109 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12173,7 +12173,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
-		if (flags->pkt_corruption) {
+		if (flags->pkt_corruption || flags->padding_corruption) {
 			if (ret == TEST_SUCCESS)
 				return TEST_FAILED;
 		} else {
@@ -12404,6 +12404,18 @@ test_tls_record_proto_sg_opt_padding_max(void)
 	return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2);
 }
 
+static int
+test_tls_record_proto_sg_opt_padding_corrupt(void)
+{
+	struct tls_record_test_flags flags = {
+		.opt_padding = 8,
+		.padding_corruption = true,
+		.nb_segs_in_mbuf = 4,
+	};
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17997,6 +18009,10 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"TLS record SG mode with optional padding > max range",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_sg_opt_padding_max),
+		TEST_CASE_NAMED_ST(
+			"TLS record SG mode with padding corruption",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sg_opt_padding_corrupt),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 03d9efefc3..1ba9609e1b 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -215,6 +215,13 @@ test_tls_record_td_update(struct tls_record_test_data td_inb[],
 		if (flags->pkt_corruption)
 			td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0];
 
+		/* Corrupt a byte in the last but one block */
+		if (flags->padding_corruption) {
+			int offset = td_inb[i].input_text.len - TLS_RECORD_PAD_CORRUPT_OFFSET;
+
+			td_inb[i].input_text.data[offset] = ~td_inb[i].input_text.data[offset];
+		}
+
 		/* Clear outbound specific flags */
 		td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
 	}
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 18a90c6ff6..acb7f15f1c 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -41,6 +41,7 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
 	      "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");
 
 #define TLS_RECORD_PLAINTEXT_MIN_LEN       (1u)
+#define TLS_RECORD_PAD_CORRUPT_OFFSET      20
 
 enum tls_record_test_content_type {
 	TLS_RECORD_TEST_CONTENT_TYPE_APP,
-- 
2.25.1

[PATCH v2 5/7] test/crypto: verify padding corruption in DTLS-1.2

[Aakash Sasidharan]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test to verify corrupted padding bytes in DTLS-1.2 record

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index da8d7bf109..dd8880ed87 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12705,6 +12705,19 @@ test_tls_1_3_record_proto_display_list(void)
 	return test_tls_record_proto_all(&flags);
 }
 
+static int
+test_dtls_1_2_record_proto_sg_opt_padding_corrupt(void)
+{
+	struct tls_record_test_flags flags = {
+		.opt_padding = 8,
+		.padding_corruption = true,
+		.nb_segs_in_mbuf = 4,
+		.tls_version = RTE_SECURITY_VERSION_DTLS_1_2
+	};
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_tls_1_3_record_proto_corrupt_pkt(void)
 {
@@ -18200,6 +18213,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite  = {
 			"DTLS record SG mode with optional padding > max range",
 			ut_setup_security, ut_teardown,
 			test_dtls_1_2_record_proto_sg_opt_padding_max),
+		TEST_CASE_NAMED_ST(
+			"DTLS record SG mode with padding corruption",
+			ut_setup_security, ut_teardown,
+			test_dtls_1_2_record_proto_sg_opt_padding_corrupt),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.25.1

[PATCH v2 6/7] test/security: add out of place sgl tests for TLS

[Aakash Sasidharan]

Add multi segmented test for TLS 1.3 and multi segmented out of place
tests for DTLS 1.2 and TLS 1.3.

Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c | 69 ++++++++++++++++++++++-----------------
 1 file changed, 39 insertions(+), 30 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index dd8880ed87..e6ef5a13e0 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12224,11 +12224,11 @@ test_tls_1_2_record_proto_display_list(void)
 }
 
 static int
-test_tls_1_2_record_proto_sgl(void)
+test_tls_record_proto_sgl(enum rte_security_tls_version tls_version)
 {
 	struct tls_record_test_flags flags = {
 		.nb_segs_in_mbuf = 5,
-		.tls_version = RTE_SECURITY_VERSION_TLS_1_2
+		.tls_version = tls_version
 	};
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct rte_cryptodev_info dev_info;
@@ -12242,6 +12242,12 @@ test_tls_1_2_record_proto_sgl(void)
 	return test_tls_record_proto_all(&flags);
 }
 
+static int
+test_tls_1_2_record_proto_sgl(void)
+{
+	return test_tls_record_proto_sgl(RTE_SECURITY_VERSION_TLS_1_2);
+}
+
 static int
 test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_version)
 {
@@ -12573,20 +12579,7 @@ test_dtls_1_2_record_proto_antireplay4096(void)
 static int
 test_dtls_1_2_record_proto_sgl(void)
 {
-	struct tls_record_test_flags flags = {
-		.nb_segs_in_mbuf = 5,
-		.tls_version = RTE_SECURITY_VERSION_DTLS_1_2
-	};
-	struct crypto_testsuite_params *ts_params = &testsuite_params;
-	struct rte_cryptodev_info dev_info;
-
-	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
-	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
-		printf("Device doesn't support in-place scatter-gather. Test Skipped.\n");
-		return TEST_SKIPPED;
-	}
-
-	return test_tls_record_proto_all(&flags);
+	return test_tls_record_proto_sgl(RTE_SECURITY_VERSION_DTLS_1_2);
 }
 
 static int
@@ -12595,6 +12588,12 @@ test_dtls_1_2_record_proto_sgl_data_walkthrough(void)
 	return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_DTLS_1_2);
 }
 
+static int
+test_dtls_1_2_record_proto_sgl_oop(void)
+{
+	return test_tls_record_proto_sgl_oop(RTE_SECURITY_VERSION_DTLS_1_2);
+}
+
 static int
 test_dtls_1_2_record_proto_corrupt_pkt(void)
 {
@@ -12811,23 +12810,21 @@ test_tls_1_3_record_proto_data_walkthrough(void)
 }
 
 static int
-test_tls_1_3_record_proto_sgl_data_walkthrough(void)
+test_tls_1_3_record_proto_sgl(void)
 {
-	struct tls_record_test_flags flags = {
-		.nb_segs_in_mbuf = 5,
-		.tls_version = RTE_SECURITY_VERSION_TLS_1_3,
-		.data_walkthrough = true
-	};
-	struct crypto_testsuite_params *ts_params = &testsuite_params;
-	struct rte_cryptodev_info dev_info;
+	return test_tls_record_proto_sgl(RTE_SECURITY_VERSION_TLS_1_3);
+}
 
-	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
-	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
-		printf("Device doesn't support in-place scatter-gather. Test Skipped.\n");
-		return TEST_SKIPPED;
-	}
+static int
+test_tls_1_3_record_proto_sgl_data_walkthrough(void)
+{
+	return test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_3);
+}
 
-	return test_tls_record_proto_all(&flags);
+static int
+test_tls_1_3_record_proto_sgl_oop(void)
+{
+	return test_tls_record_proto_sgl_oop(RTE_SECURITY_VERSION_TLS_1_3);
 }
 
 #endif
@@ -18145,6 +18142,10 @@ static struct unit_test_suite dtls12_record_proto_testsuite  = {
 			"Multi-segmented mode data walkthrough",
 			ut_setup_security, ut_teardown,
 			test_dtls_1_2_record_proto_sgl_data_walkthrough),
+		TEST_CASE_NAMED_ST(
+			"Multi-segmented mode out of place",
+			ut_setup_security, ut_teardown,
+			test_dtls_1_2_record_proto_sgl_oop),
 		TEST_CASE_NAMED_ST(
 			"Packet corruption",
 			ut_setup_security, ut_teardown,
@@ -18286,10 +18287,18 @@ static struct unit_test_suite tls13_record_proto_testsuite  = {
 			"Data walkthrough combined test alg list",
 			ut_setup_security, ut_teardown,
 			test_tls_1_3_record_proto_data_walkthrough),
+		TEST_CASE_NAMED_ST(
+			"Multi-segmented mode",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_sgl),
 		TEST_CASE_NAMED_ST(
 			"Multi-segmented mode data walkthrough",
 			ut_setup_security, ut_teardown,
 			test_tls_1_3_record_proto_sgl_data_walkthrough),
+		TEST_CASE_NAMED_ST(
+			"Multi-segmented mode out of place",
+			ut_setup_security, ut_teardown,
+			test_tls_1_3_record_proto_sgl_oop),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
-- 
2.25.1

[PATCH v2 7/7] test/security: use single session in data walkthrough test

[Aakash Sasidharan]

Existing data walkthrough test creates a new session
per each test packet size. Enhance the test to use single
session instead.

Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 app/test/test_cryptodev.c                     | 49 +++++++++++++++++--
 app/test/test_cryptodev_security_tls_record.h |  1 +
 2 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index e6ef5a13e0..75f98b6744 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11968,9 +11968,12 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 		}
 	}
 
-	/* Create security session */
-	ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
-					ts_params->session_mpool);
+	if (ut_params->sec_session == NULL) {
+		/* Create security session */
+		ut_params->sec_session = rte_security_session_create(ctx, &sess_conf,
+				ts_params->session_mpool);
+	}
+
 	if (ut_params->sec_session == NULL)
 		return TEST_SKIPPED;
 
@@ -12075,9 +12078,10 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 	rte_pktmbuf_free(ut_params->ibuf);
 	ut_params->ibuf = NULL;
 
-	if (ut_params->sec_session)
+	if (ut_params->sec_session != NULL && !flags->skip_sess_destroy) {
 		rte_security_session_destroy(ctx, ut_params->sec_session);
-	ut_params->sec_session = NULL;
+		ut_params->sec_session = NULL;
+	}
 
 	RTE_SET_USED(flags);
 
@@ -12121,8 +12125,11 @@ static int
 test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 {
 	unsigned int i, nb_pkts = 1, pass_cnt = 0, payload_len, max_payload_len;
+	struct crypto_unittest_params *ut_params = &unittest_params;
 	struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX];
 	struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX];
+	void *sec_session_outb = NULL;
+	void *sec_session_inb = NULL;
 	int ret;
 
 	switch (flags->tls_version) {
@@ -12152,10 +12159,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
+		if (flags->skip_sess_destroy)
+			ut_params->sec_session = sec_session_outb;
+
 		ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags);
 		if (ret == TEST_SKIPPED)
 			continue;
 
+		if (flags->skip_sess_destroy && sec_session_outb == NULL)
+			sec_session_outb = ut_params->sec_session;
+
 		if (flags->zero_len &&
 		    ((flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) ||
 		    (flags->content_type == TLS_RECORD_TEST_CONTENT_TYPE_HANDSHAKE) ||
@@ -12169,10 +12182,16 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 
 		test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags);
 
+		if (flags->skip_sess_destroy)
+			ut_params->sec_session = sec_session_inb;
+
 		ret = test_tls_record_proto_process(td_inb, NULL, nb_pkts, true, flags);
 		if (ret == TEST_SKIPPED)
 			continue;
 
+		if (flags->skip_sess_destroy && sec_session_inb == NULL)
+			sec_session_inb = ut_params->sec_session;
+
 		if (flags->pkt_corruption || flags->padding_corruption) {
 			if (ret == TEST_SUCCESS)
 				return TEST_FAILED;
@@ -12188,6 +12207,22 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (flags->display_alg)
 			test_sec_alg_display(sec_alg_list[i].param1, sec_alg_list[i].param2);
 
+		if (flags->skip_sess_destroy) {
+			uint8_t dev_id = testsuite_params.valid_devs[0];
+			struct rte_security_ctx *ctx;
+
+			ctx = rte_cryptodev_get_sec_ctx(dev_id);
+			if (sec_session_inb != NULL) {
+				rte_security_session_destroy(ctx, sec_session_inb);
+				sec_session_inb = NULL;
+			}
+			if (sec_session_outb != NULL) {
+				rte_security_session_destroy(ctx, sec_session_outb);
+				sec_session_outb = NULL;
+			}
+			ut_params->sec_session = NULL;
+		}
+
 		pass_cnt++;
 	}
 
@@ -12205,6 +12240,7 @@ test_tls_1_2_record_proto_data_walkthrough(void)
 	memset(&flags, 0, sizeof(flags));
 
 	flags.data_walkthrough = true;
+	flags.skip_sess_destroy = true;
 	flags.tls_version = RTE_SECURITY_VERSION_TLS_1_2;
 
 	return test_tls_record_proto_all(&flags);
@@ -12254,6 +12290,7 @@ test_tls_record_proto_sgl_data_walkthrough(enum rte_security_tls_version tls_ver
 	struct tls_record_test_flags flags = {
 		.nb_segs_in_mbuf = 5,
 		.tls_version = tls_version,
+		.skip_sess_destroy = true,
 		.data_walkthrough = true
 	};
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -12430,6 +12467,7 @@ test_dtls_1_2_record_proto_data_walkthrough(void)
 	memset(&flags, 0, sizeof(flags));
 
 	flags.data_walkthrough = true;
+	flags.skip_sess_destroy = true;
 	flags.tls_version = RTE_SECURITY_VERSION_DTLS_1_2;
 
 	return test_tls_record_proto_all(&flags);
@@ -12804,6 +12842,7 @@ test_tls_1_3_record_proto_data_walkthrough(void)
 	memset(&flags, 0, sizeof(flags));
 
 	flags.data_walkthrough = true;
+	flags.skip_sess_destroy = true;
 	flags.tls_version = RTE_SECURITY_VERSION_TLS_1_3;
 
 	return test_tls_record_proto_all(&flags);
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index acb7f15f1c..e4a291c153 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -100,6 +100,7 @@ struct tls_record_test_flags {
 	bool zero_len;
 	bool padding_corruption;
 	bool out_of_place;
+	bool skip_sess_destroy;
 	uint8_t nb_segs_in_mbuf;
 	uint8_t opt_padding;
 	enum rte_security_tls_version tls_version;
-- 
2.25.1

RE: [PATCH v2 0/7] Improvements and new test cases

[Akhil Goyal]

[-- Attachment #1: Type: text/plain, Size: 1057 bytes --]

> Subject: [PATCH v2 0/7] Improvements and new test cases
> 
> v2:
> * Remove unused variables from tests for padding corruption.
> 
> Adding new test cases and improvements to test application.
> 
> Aakash Sasidharan (4):
>   test/crypto: add combined mode cases for TLS 1.3
>   test/security: add TLS 1.3 data walkthrough tests
>   test/security: add out of place sgl tests for TLS
>   test/security: use single session in data walkthrough test
> 
> Vidya Sagar Velumuri (3):
>   test/crypto: unit tests for padding for TLS-1.3
>   test/crypto: verify padding corruption in TLS-1.2
>   test/crypto: verify padding corruption in DTLS-1.2
> 
>  app/test/test_cryptodev.c                     | 214 ++++++++++++++++--
>  app/test/test_cryptodev_security_tls_record.c |   7 +
>  app/test/test_cryptodev_security_tls_record.h |   2 +
>  3 files changed, 201 insertions(+), 22 deletions(-)
> 
Series Acked-by: Akhil Goyal <gakhil@marvell.com>

Applied to dpdk-next-crypto

Changed patch titles. Please review and take care in future.

[-- Attachment #2: winmail.dat --]
[-- Type: application/ms-tnef, Size: 14799 bytes --]