From: Vidya Sagar Velumuri <vvelum...@marvell.com>
Add cases to try TLS record write(encrypt) + read(decrypt) operations.
This is used for testing TLS record features with all algorithms
supported by the security device.
Signed-off-by: Anoob Joseph <ano...@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelum...@marvell.com>
---
app/test/test_cryptodev.c | 67 ++++++++++++++++++-
app/test/test_cryptodev_security_tls_record.c | 60 +++++++++++++++++
app/test/test_cryptodev_security_tls_record.h | 11 +++
3 files changed, 136 insertions(+), 2 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 0360f30bd1..6070e7f336 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11704,6 +11704,7 @@ test_tls_record_proto_process(const struct
tls_record_test_data td[],
struct rte_security_tls_record_xform tls_record_xform;
struct rte_security_capability_idx sec_cap_idx;
const struct rte_security_capability *sec_cap;
+ struct tls_record_test_data *res_d_tmp = NULL;
enum rte_security_tls_sess_type sess_type;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_security_ctx *ctx;
@@ -11841,7 +11842,10 @@ test_tls_record_proto_process(const struct
tls_record_test_data td[],
if (ret != TEST_SUCCESS)
goto crypto_op_free;
- ret = test_tls_record_post_process(ut_params->ibuf, &td[i],
NULL, silent);
+ if (res_d != NULL)
+ res_d_tmp = &res_d[i];
+
+ ret = test_tls_record_post_process(ut_params->ibuf, &td[i],
res_d_tmp, silent);
if (ret != TEST_SUCCESS)
goto crypto_op_free;
@@ -11864,7 +11868,6 @@ test_tls_record_proto_process(const struct
tls_record_test_data td[],
rte_security_session_destroy(ctx, ut_params->sec_session);
ut_params->sec_session = NULL;
- RTE_SET_USED(res_d);
RTE_SET_USED(flags);
return ret;
@@ -11903,6 +11906,58 @@ test_tls_record_proto_known_vec_read(const void
*test_data)
return test_tls_record_proto_process(&td_inb, NULL, 1, false, &flags);
}
+static int
+test_tls_record_proto_all(const struct tls_record_test_flags *flags)
+{
+ struct tls_record_test_data td_outb[TEST_SEC_PKTS_MAX];
+ struct tls_record_test_data td_inb[TEST_SEC_PKTS_MAX];
+ unsigned int i, nb_pkts = 1, pass_cnt = 0;
+ int ret;
+
+ for (i = 0; i < RTE_DIM(sec_alg_list); i++) {
+ test_tls_record_td_prepare(sec_alg_list[i].param1,
sec_alg_list[i].param2, flags,
+ td_outb, nb_pkts);
+
+ ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts,
true, flags);
+ if (ret == TEST_SKIPPED)
+ continue;
+
+ if (ret == TEST_FAILED)
+ return TEST_FAILED;
+
+ test_tls_record_td_update(td_inb, td_outb, nb_pkts, flags);
+
+ ret = test_tls_record_proto_process(td_inb, NULL, nb_pkts,
true, flags);
+ if (ret == TEST_SKIPPED)
+ continue;
+
+ if (ret == TEST_FAILED)
+ return TEST_FAILED;
+
+ if (flags->display_alg)
+ test_sec_alg_display(sec_alg_list[i].param1,
sec_alg_list[i].param2);
+
+ pass_cnt++;
+ }
+
+ if (pass_cnt > 0)
+ return TEST_SUCCESS;
+ else
+ return TEST_SKIPPED;
+}
+
+static int
+test_tls_record_proto_display_list(void)
+{
+ struct tls_record_test_flags flags;
+
+ memset(&flags, 0, sizeof(flags));
+
+ flags.display_alg = true;
+
+ return test_tls_record_proto_all(&flags);
+}
+
#endif
static int
@@ -16845,6 +16900,10 @@ static struct unit_test_suite
tls12_record_proto_testsuite = {
"Read record known vector AES-128-CBC-SHA1",
ut_setup_security, ut_teardown,
test_tls_record_proto_known_vec_read,
&tls_test_data_aes_128_cbc_sha1_hmac),
+ TEST_CASE_NAMED_ST(
+ "Combined test alg list",
+ ut_setup_security, ut_teardown,
+ test_tls_record_proto_display_list),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
@@ -16869,6 +16928,10 @@ static struct unit_test_suite
dtls12_record_proto_testsuite = {
"Read record known vector AES-GCM-256",
ut_setup_security, ut_teardown,
test_tls_record_proto_known_vec_read,
&dtls_test_data_aes_256_gcm),
+ TEST_CASE_NAMED_ST(
+ "Combined test alg list",
+ ut_setup_security, ut_teardown,
+ test_tls_record_proto_display_list),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/app/test/test_cryptodev_security_tls_record.c
b/app/test/test_cryptodev_security_tls_record.c
index be8f5270cc..6f106050c2 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -7,6 +7,7 @@
#include "test.h"
#include "test_cryptodev_security_tls_record.h"
#include "test_cryptodev_security_tls_record_test_vectors.h"
+#include "test_security_proto.h"
int
test_tls_record_status_check(struct rte_crypto_op *op)
@@ -56,6 +57,65 @@ test_tls_record_td_read_from_write(const struct
tls_record_test_data *td_out,
}
}
+void
+test_tls_record_td_prepare(const struct crypto_param *param1, const struct
crypto_param *param2,
+ const struct tls_record_test_flags *flags,
+ struct tls_record_test_data *td_array, int nb_td)
+{
+ struct tls_record_test_data *td = NULL;
+ int i;
+
+ memset(td_array, 0, nb_td * sizeof(*td));
+
+ for (i = 0; i < nb_td; i++) {
+ td = &td_array[i];
+
+ /* Prepare fields based on param */
+
+ if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ /* Copy template for packet & key fields */
+ memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td));
+
+ td->aead = true;
+ td->xform.aead.aead.algo = param1->alg.aead;
+ td->xform.aead.aead.key.length = param1->key_length;
+ td->xform.aead.aead.digest_length =
param1->digest_length;
+ } else {
+ /* Copy template for packet & key fields */
+ memcpy(td, &tls_test_data_aes_128_cbc_sha1_hmac,
sizeof(*td));
+
+ td->aead = false;
+ td->xform.chain.cipher.cipher.algo = param1->alg.cipher;
+ td->xform.chain.cipher.cipher.key.length =
param1->key_length;
+ td->xform.chain.cipher.cipher.iv.length =
param1->iv_length;
+ td->xform.chain.auth.auth.algo = param2->alg.auth;
+ td->xform.chain.auth.auth.key.length =
param2->key_length;
+ td->xform.chain.auth.auth.digest_length =
param2->digest_length;
+ }
+ }
+
+ RTE_SET_USED(flags);
+}
+
+void
+test_tls_record_td_update(struct tls_record_test_data td_inb[],
+ const struct tls_record_test_data td_outb[], int
nb_td,
+ const struct tls_record_test_flags *flags)
+{
+ int i;
+
+ for (i = 0; i < nb_td; i++) {
+ memcpy(td_inb[i].output_text.data, td_outb[i].input_text.data,
+ td_outb[i].input_text.len);
+ td_inb[i].output_text.len = td_outb->input_text.len;
+
+ /* Clear outbound specific flags */
+ td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
+ }
+
+ RTE_SET_USED(flags);
+}
+
static int
test_tls_record_td_verify(uint8_t *output_text, uint32_t len, const struct
tls_record_test_data *td,
bool silent)
diff --git a/app/test/test_cryptodev_security_tls_record.h
b/app/test/test_cryptodev_security_tls_record.h
index 18d689253b..68dd55fef2 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -8,6 +8,8 @@
#include <rte_cryptodev.h>
#include <rte_security.h>
+#include "test_security_proto.h"
+
#define TLS_RECORD_MAX_LEN 16384u
struct tls_record_test_data {
@@ -70,6 +72,15 @@ int test_tls_record_sec_caps_verify(struct
rte_security_tls_record_xform *tls_re
void test_tls_record_td_read_from_write(const struct tls_record_test_data
*td_out,
struct tls_record_test_data *td_in);
+void test_tls_record_td_prepare(const struct crypto_param *param1,
+ const struct crypto_param *param2,
+ const struct tls_record_test_flags *flags,
+ struct tls_record_test_data *td_array, int
nb_td);
+
+void test_tls_record_td_update(struct tls_record_test_data td_inb[],
+ const struct tls_record_test_data td_outb[], int
nb_td,
+ const struct tls_record_test_flags *flags);
+
int test_tls_record_post_process(const struct rte_mbuf *m, const struct
tls_record_test_data *td,
struct tls_record_test_data *res_d, bool
silent);
--
2.25.1
