DPDK patches and discussions
 help / color / mirror / Atom feed
From: Aakash Sasidharan <asasidharan@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Fan Zhang <fanzhang.oss@gmail.com>
Cc: <jerinj@marvell.com>, <anoobj@marvell.com>,
	<vvelumuri@marvell.com>, <asasidharan@marvell.com>,
	<dev@dpdk.org>
Subject: [PATCH 4/7] test/crypto: verify padding corruption in TLS-1.2
Date: Mon, 17 Jun 2024 11:28:38 +0530	[thread overview]
Message-ID: <20240617055841.2359729-5-asasidharan@marvell.com> (raw)
In-Reply-To: <20240617055841.2359729-1-asasidharan@marvell.com>

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add unit test to verify corrupted padding bytes in TLS-1.2 record

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev.c                     | 22 ++++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c |  7 ++++++
 app/test/test_cryptodev_security_tls_record.h |  1 +
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f3145abfee..f68864e117 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12173,7 +12173,7 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (ret == TEST_SKIPPED)
 			continue;
 
-		if (flags->pkt_corruption) {
+		if (flags->pkt_corruption || flags->padding_corruption) {
 			if (ret == TEST_SUCCESS)
 				return TEST_FAILED;
 		} else {
@@ -12404,6 +12404,22 @@ test_tls_record_proto_sg_opt_padding_max(void)
 	return test_tls_record_proto_opt_padding(33, 4, RTE_SECURITY_VERSION_TLS_1_2);
 }
 
+static int
+test_tls_record_proto_sg_opt_padding_corrupt(void)
+{
+	struct tls_record_test_flags flags = {
+		.opt_padding = 8,
+		.padding_corruption = true,
+		.nb_segs_in_mbuf = 4,
+	};
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17997,6 +18013,10 @@ static struct unit_test_suite tls12_record_proto_testsuite  = {
 			"TLS record SG mode with optional padding > max range",
 			ut_setup_security, ut_teardown,
 			test_tls_record_proto_sg_opt_padding_max),
+		TEST_CASE_NAMED_ST(
+			"TLS record SG mode with padding corruption",
+			ut_setup_security, ut_teardown,
+			test_tls_record_proto_sg_opt_padding_corrupt),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 03d9efefc3..1ba9609e1b 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -215,6 +215,13 @@ test_tls_record_td_update(struct tls_record_test_data td_inb[],
 		if (flags->pkt_corruption)
 			td_inb[i].input_text.data[0] = ~td_inb[i].input_text.data[0];
 
+		/* Corrupt a byte in the last but one block */
+		if (flags->padding_corruption) {
+			int offset = td_inb[i].input_text.len - TLS_RECORD_PAD_CORRUPT_OFFSET;
+
+			td_inb[i].input_text.data[offset] = ~td_inb[i].input_text.data[offset];
+		}
+
 		/* Clear outbound specific flags */
 		td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
 	}
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 18a90c6ff6..acb7f15f1c 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -41,6 +41,7 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= TEST_SEC_CLEARTEXT_MAX_LEN,
 	      "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");
 
 #define TLS_RECORD_PLAINTEXT_MIN_LEN       (1u)
+#define TLS_RECORD_PAD_CORRUPT_OFFSET      20
 
 enum tls_record_test_content_type {
 	TLS_RECORD_TEST_CONTENT_TYPE_APP,
-- 
2.25.1


  parent reply	other threads:[~2024-06-17  5:59 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-17  5:58 [PATCH 0/7] Improvements and new test cases Aakash Sasidharan
2024-06-17  5:58 ` [PATCH 1/7] test/crypto: unit tests for padding for TLS-1.3 Aakash Sasidharan
2024-06-17  5:58 ` [PATCH 2/7] test/crypto: add combined mode cases for TLS 1.3 Aakash Sasidharan
2024-06-17  5:58 ` [PATCH 3/7] test/security: add TLS 1.3 data walkthrough tests Aakash Sasidharan
2024-06-17  5:58 ` Aakash Sasidharan [this message]
2024-06-20  6:52   ` [PATCH 4/7] test/crypto: verify padding corruption in TLS-1.2 Akhil Goyal
2024-06-17  5:58 ` [PATCH 5/7] test/crypto: verify padding corruption in DTLS-1.2 Aakash Sasidharan
2024-06-17  5:58 ` [PATCH 6/7] test/security: add out of place sgl tests for TLS Aakash Sasidharan
2024-06-17  5:58 ` [PATCH 7/7] test/security: use single session in data walkthrough test Aakash Sasidharan
2024-06-17  7:21 ` [PATCH 0/7] Improvements and new test cases Anoob Joseph
2024-06-20 14:50 ` [PATCH v2 " Aakash Sasidharan
2024-06-20 14:50   ` [PATCH v2 1/7] test/crypto: unit tests for padding for TLS-1.3 Aakash Sasidharan
2024-06-20 14:50   ` [PATCH v2 2/7] test/crypto: add combined mode cases for TLS 1.3 Aakash Sasidharan
2024-06-20 14:50   ` [PATCH v2 3/7] test/security: add TLS 1.3 data walkthrough tests Aakash Sasidharan
2024-06-20 14:50   ` [PATCH v2 4/7] test/crypto: verify padding corruption in TLS-1.2 Aakash Sasidharan
2024-06-20 14:50   ` [PATCH v2 5/7] test/crypto: verify padding corruption in DTLS-1.2 Aakash Sasidharan
2024-06-20 14:50   ` [PATCH v2 6/7] test/security: add out of place sgl tests for TLS Aakash Sasidharan
2024-06-20 14:50   ` [PATCH v2 7/7] test/security: use single session in data walkthrough test Aakash Sasidharan
2024-06-26  7:30   ` [PATCH v2 0/7] Improvements and new test cases Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240617055841.2359729-5-asasidharan@marvell.com \
    --to=asasidharan@marvell.com \
    --cc=anoobj@marvell.com \
    --cc=dev@dpdk.org \
    --cc=fanzhang.oss@gmail.com \
    --cc=gakhil@marvell.com \
    --cc=jerinj@marvell.com \
    --cc=vvelumuri@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).