[PATCH 00/14] Add TLS record test suite

Akhil Goyal gakhil at marvell.com
Fri Jan 19 09:55:44 CET 2024
Previous message (by thread): [PATCH 00/14] Add TLS record test suite
Next message (by thread): [PATCH] raw/cnxk_bphy: extend link state capabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Subject: RE: [PATCH 00/14] Add TLS record test suite
> 
> > Subject: [PATCH 00/14] Add TLS record test suite
> >
> > Add TLS record test suite in cryptodev autotest framework. The test
> > suite would run based on capabilities exposed by the cryptodev.
> >
> > The test suite framework is similar to the framework used in case of
> > IPsec tests. To avoid duplication of code, protocol independent code
> > is moved to common files and the functions are renamed accordingly.
> >
> > TLS record test suite has known vector tests as well as combined mode
> > tests. Known vector tests leverages vectors generated with kTLS and
> > gnuTLS utilities. The test suite supports testing both operations (read
> > or decrypt, write or encrypt) with a single vector. Write or encrypt
> > test would get skipped if cryptodev doesn't support disabling of IV
> > generation. Combined mode tests are targetted at testing protocol
> > features with all combinations of cipher-authentication algorithms.
> >
> > Combined mode performs record write operation first and feeds that back
> > to record read operation. Individual test cases may update the input to
> > record write operation based on the test case and the test framework
> > validates the output obtained (not complete text, but protocol specific
> > fields such as TLS header). Once it is validated, the output will be
> > submitted for record read operation which would give back the original
> > data. Currently this framework supports testing of multi-segmented mbuf
> > as input with TLS record. The same would be enhanced to support more
> > cases such as ICV corruption, incorrect padding etc.
> >
> > Enhancements planned for future,
> > - Add TLS 1.3 suite
> > - Add negative tests such as ICV corruption and incorrect padding
> > - Add session expiry tests
> > - Add anti-replay tests with DTLS
> >
> >  Sample output with crypto_cn10k:
> >
> >  + ------------------------------------------------------- +
> > [67/18944]
> >  + ------------------------------------------------------- +
> >  + Test Suite : TLS 1.2 Record Protocol Unit Test Suite
> >  + ------------------------------------------------------- +
> >  + TestCase [ 0] : Write record known vector AES-GCM-128 (vector 1)
> succeeded
> >  + TestCase [ 1] : Write record known vector AES-GCM-128 (vector 2)
> succeeded
> >  + TestCase [ 2] : Write record known vector AES-GCM-256 succeeded
> >  + TestCase [ 3] : Write record known vector AES-CBC-128-SHA1 succeeded
> >  + TestCase [ 4] : Write record known vector AES-128-CBC-SHA256 succeeded
> >  + TestCase [ 5] : Write record known vector AES-256-CBC-SHA1 succeeded
> >  + TestCase [ 6] : Write record known vector AES-256-CBC-SHA256 succeeded
> >  + TestCase [ 7] : Write record known vector 3DES-CBC-SHA1-HMAC
> succeeded
> > USER1: Cipher crypto capabilities not supported
> >  + TestCase [ 8] : Write record known vector NULL-SHA1-HMAC skipped
> > USER1: Crypto capabilities not supported
> >  + TestCase [ 9] : Write record known vector CHACHA20-POLY1305 skipped
> >  + TestCase [10] : Read record known vector AES-GCM-128 (vector 1)
> succeeded
> >  + TestCase [11] : Read record known vector AES-GCM-128 (vector 2)
> succeeded
> >  + TestCase [12] : Read record known vector AES-GCM-256 succeeded
> >  + TestCase [13] : Read record known vector AES-128-CBC-SHA1 succeeded
> >  + TestCase [14] : Read record known vector AES-128-CBC-SHA256 succeeded
> >  + TestCase [15] : Read record known vector AES-256-CBC-SHA1 succeeded
> >  + TestCase [16] : Read record known vector AES-256-CBC-SHA256 succeeded
> >  + TestCase [17] : Read record known vector 3DES-CBC-SHA1-HMAC
> succeeded
> > USER1: Cipher crypto capabilities not supported
> >  + TestCase [18] : Read record known vector NULL-SHA1-HMAC skipped
> > USER1: Crypto capabilities not supported
> >  + TestCase [19] : Read record known vector CHACHA20-POLY1305 skipped
> >         3des-cbc [192] sha1-hmac [20B ICV]
> >         aes-cbc [128] sha1-hmac [20B ICV]
> >         aes-cbc [128] sha2-256-hmac [32B ICV]
> >         aes-cbc [256] sha1-hmac [20B ICV]
> >         aes-cbc [256] sha2-256-hmac [32B ICV]
> >  + TestCase [20] : Combined test alg list succeeded
> >  + TestCase [21] : Multi-segmented mode succeeded
> >  + ------------------------------------------------------- +
> >  + Test Suite Summary : TLS 1.2 Record Protocol Unit Test Suite
> >  + ------------------------------------------------------- +
> >  + Tests Total :       22
> >  + Tests Skipped :      4
> >  + Tests Executed :    22
> >  + Tests Unsupported:   0
> >  + Tests Passed :      18
> >  + Tests Failed :       0
> >  + ------------------------------------------------------- +
> >  + ------------------------------------------------------- +
> >  + Test Suite : DTLS 1.2 Record Protocol Unit Test Suite
> >  + ------------------------------------------------------- +
> >  + TestCase [ 0] : Write record known vector AES-GCM-128 succeeded
> >  + TestCase [ 1] : Write record known vector AES-GCM-256 succeeded
> >  + TestCase [ 2] : Write record known vector AES-128-CBC-SHA1 succeeded
> >  + TestCase [ 3] : Write record known vector AES-128-CBC-SHA256 succeeded
> >  + TestCase [ 4] : Write record known vector AES-256-CBC-SHA1 succeeded
> >  + TestCase [ 5] : Write record known vector AES-256-CBC-SHA256 succeeded
> >  + TestCase [ 6] : Write record known vector 3DES-CBC-SHA1-HMAC
> succeeded
> > USER1: Cipher crypto capabilities not supported
> >  + TestCase [ 7] : Write record known vector NULL-SHA1-HMAC skipped
> > USER1: Crypto capabilities not supported
> >  + TestCase [ 8] : Write record known vector CHACHA20-POLY1305 skipped
> >  + TestCase [ 9] : Read record known vector AES-GCM-128 succeeded
> >  + TestCase [10] : Read record known vector AES-GCM-256 succeeded
> >  + TestCase [11] : Read record known vector AES-128-CBC-SHA1 succeeded
> >  + TestCase [12] : Read record known vector AES-128-CBC-SHA256 succeeded
> >  + TestCase [13] : Read record known vector AES-256-CBC-SHA1 succeeded
> >  + TestCase [14] : Read record known vector AES-256-CBC-SHA256 succeeded
> >  + TestCase [15] : Read record known vector 3DES-CBC-SHA1-HMAC
> succeeded
> > USER1: Cipher crypto capabilities not supported
> >  + TestCase [16] : Read record known vector NULL-SHA1-HMAC skipped
> > USER1: Crypto capabilities not supported
> >  + TestCase [17] : Read record known vector CHACHA20-POLY1305 skipped
> >         3des-cbc [192] sha1-hmac [20B ICV]
> >         aes-cbc [128] sha1-hmac [20B ICV]
> >         aes-cbc [128] sha2-256-hmac [32B ICV]
> >         aes-cbc [256] sha1-hmac [20B ICV]
> >         aes-cbc [256] sha2-256-hmac [32B ICV]
> >  + TestCase [18] : Combined test alg list succeeded
> >  + TestCase [19] : Multi-segmented mode succeeded
> >  + ------------------------------------------------------- +
> >  + Test Suite Summary : DTLS 1.2 Record Protocol Unit Test Suite
> >  + ------------------------------------------------------- +
> >  + Tests Total :       20
> >  + Tests Skipped :      4
> >  + Tests Executed :    20
> >  + Tests Unsupported:   0
> >  + Tests Passed :      16
> >  + Tests Failed :       0
> >  + ------------------------------------------------------- +
> >
> > Akhil Goyal (3):
> >   test/crypto: add TLS1.2 vectors
> >   test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors
> >   test/security: add TLS 1.2 and DTLS 1.2 vectors
> >
> > Anoob Joseph (5):
> >   test/crypto: move security caps checks to separate file
> >   test/crypto: move algorithm display routines to common
> >   test/security: add sha1-hmac to auth list
> >   test/crypto: add TLS record tests
> >   test/crypto: add verification of TLS headers
> >
> > Tejasree Kondoj (2):
> >   test/crypto: add AES-GCM 128 TLS 1.2 vector
> >   test/crypto: add multi segmented cases
> >
> > Vidya Sagar Velumuri (4):
> >   test/crypto: move algorithm list to common
> >   test/crypto: move algorithm framework to common
> >   test/crypto: add combined mode cases
> >   test/security: add more algos to combined tests
> >
> >  app/test-security-perf/meson.build            |    1 +
> >  app/test-security-perf/test_security_perf.c   |   35 +-
> >  app/test/meson.build                          |    2 +
> >  app/test/test_cryptodev.c                     |  596 ++++++-
> >  app/test/test_cryptodev.h                     |    2 +
> >  app/test/test_cryptodev_security_ipsec.c      |  164 +-
> >  app/test/test_cryptodev_security_ipsec.h      |  157 +-
> >  app/test/test_cryptodev_security_tls_record.c |  327 ++++
> >  app/test/test_cryptodev_security_tls_record.h |  101 ++
> >  ...yptodev_security_tls_record_test_vectors.h | 1584 +++++++++++++++++
> >  app/test/test_security_inline_proto.c         |   42 +-
> >  app/test/test_security_proto.c                |  154 ++
> >  app/test/test_security_proto.h                |  186 ++
> >  doc/guides/rel_notes/release_24_03.rst        |    4 +
> >  14 files changed, 2960 insertions(+), 395 deletions(-)
> >  create mode 100644 app/test/test_cryptodev_security_tls_record.c
> >  create mode 100644 app/test/test_cryptodev_security_tls_record.h
> >  create mode 100644
> > app/test/test_cryptodev_security_tls_record_test_vectors.h
> >  create mode 100644 app/test/test_security_proto.c
> >  create mode 100644 app/test/test_security_proto.h
> >
> Series Acked-by: Akhil Goyal <gakhil at marvell.com>

Applied to dpdk-next-crypto
Thanks.
Previous message (by thread): [PATCH 00/14] Add TLS record test suite
Next message (by thread): [PATCH] raw/cnxk_bphy: extend link state capabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list