test/crypto: update framework to verify TLS 1.3

Update the fields in preparation of test descriptor. Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com> Acked-by: Anoob Joseph <anoobj@marvell.com> Acked-by: Akhil Goyal <gakhil@marvell.com>
author: Vidya Sagar Velumuri <vvelumuri@marvell.com> 2024-03-13 16:28:55 +0530
committer: Akhil Goyal <gakhil@marvell.com> 2024-03-14 19:05:52 +0100
commit: d2379dd8f27f4ecb54b51b74529f2543b18cfd33 (patch)
tree: 5c35604fb172f867d17b49ba1f2e4c3ba5a29fc8
parent: 7b20e6626a1ea245c0d6811509f211dddbcaf7d0 (diff)
3 files changed, 43 insertions, 27 deletions
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index aa9fffe50e..25777c1b1f 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11889,8 +11889,9 @@ test_tls_record_proto_process(const struct tls_record_test_data td[],
 		ut_params->op->param1.tls_record.content_type = td[i].app_type;
 
 		/* Copy IV in crypto operation when IV generation is disabled */
-		if (sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE &&
-		    tls_record_xform.options.iv_gen_disable == 1) {
+		if ((sess_type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) &&
+		    (tls_record_xform.ver != RTE_SECURITY_VERSION_TLS_1_3) &&
+		    (tls_record_xform.options.iv_gen_disable == 1)) {
 			uint8_t *iv;
 			int len;
 
@@ -12005,8 +12006,10 @@ test_tls_record_proto_all(const struct tls_record_test_flags *flags)
 		if (flags->zero_len)
 			payload_len = 0;
 again:
-		test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags,
-					   td_outb, nb_pkts, payload_len);
+		ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2,
+						 flags, td_outb, nb_pkts, payload_len);
+		if (ret == TEST_SKIPPED)
+			continue;
 
 		ret = test_tls_record_proto_process(td_outb, td_inb, nb_pkts, true, flags);
 		if (ret == TEST_SKIPPED)
@@ -12218,8 +12221,10 @@ test_dtls_pkt_replay(const uint64_t seq_no[],
 	int ret;
 
 	for (i = 0; i < RTE_DIM(sec_alg_list); i++) {
-		test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2, flags,
-					   td_outb, nb_pkts, 0);
+		ret = test_tls_record_td_prepare(sec_alg_list[i].param1, sec_alg_list[i].param2,
+						 flags, td_outb, nb_pkts, 0);
+		if (ret == TEST_SKIPPED)
+			continue;
 
 		for (idx = 0; idx < nb_pkts; idx++)
 			td_outb[idx].tls_record_xform.dtls_1_2.seq_no = seq_no[idx];
diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 498c4923e0..96d0a94731 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -70,7 +70,7 @@ test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out,
 	}
 }
 
-void
+int
 test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypto_param *param2,
 			   const struct tls_record_test_flags *flags,
 			   struct tls_record_test_data *td_array,
@@ -79,6 +79,10 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 	int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0;
 	struct tls_record_test_data *td = NULL;
 
+	if ((flags->tls_version == RTE_SECURITY_VERSION_TLS_1_3) &&
+	    (param1->type != RTE_CRYPTO_SYM_XFORM_AEAD))
+		return TEST_SKIPPED;
+
 	memset(td_array, 0, nb_td * sizeof(*td));
 
 	for (i = 0; i < nb_td; i++) {
@@ -88,10 +92,17 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 
 		if (param1->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
 			/* Copy template for packet & key fields */
-			if (flags->tls_version == RTE_SECURITY_VERSION_DTLS_1_2)
-				memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td));
-			else
+			switch (flags->tls_version) {
+			case RTE_SECURITY_VERSION_TLS_1_2:
 				memcpy(td, &tls_test_data_aes_128_gcm_v1, sizeof(*td));
+				break;
+			case RTE_SECURITY_VERSION_DTLS_1_2:
+				memcpy(td, &dtls_test_data_aes_128_gcm, sizeof(*td));
+				break;
+			case RTE_SECURITY_VERSION_TLS_1_3:
+				memcpy(td, &tls13_test_data_aes_128_gcm, sizeof(*td));
+				break;
+			}
 
 			td->aead = true;
 			td->xform.aead.aead.algo = param1->alg.aead;
@@ -127,6 +138,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 
 		if (!td->aead) {
 			mac_len = td->xform.chain.auth.auth.digest_length;
+			min_padding = 1;
 			switch (td->xform.chain.cipher.cipher.algo) {
 			case RTE_CRYPTO_CIPHER_3DES_CBC:
 				roundup_len = 8;
@@ -143,30 +155,28 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 			}
 		} else {
 			mac_len = td->xform.aead.aead.digest_length;
+			min_padding = 0;
 			roundup_len = 0;
-			exp_nonce_len = 8;
+			if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3)
+				exp_nonce_len = 0;
+			else
+				exp_nonce_len = 8;
 		}
 
 		switch (td->tls_record_xform.ver) {
 		case RTE_SECURITY_VERSION_TLS_1_2:
+			hdr_len = sizeof(struct rte_tls_hdr);
+			break;
 		case RTE_SECURITY_VERSION_TLS_1_3:
 			hdr_len = sizeof(struct rte_tls_hdr);
-			if (td->aead)
-				min_padding = 0;
-			else
-				min_padding = 1;
+			/* Add 1 byte for content type in packet */
+			tls_pkt_size += 1;
 			break;
 		case RTE_SECURITY_VERSION_DTLS_1_2:
 			hdr_len = sizeof(struct rte_dtls_hdr);
-			if (td->aead)
-				min_padding = 0;
-			else
-				min_padding = 1;
 			break;
 		default:
-			hdr_len = 0;
-			min_padding = 0;
-			break;
+			return TEST_SKIPPED;
 		}
 
 		tls_pkt_size += mac_len;
@@ -186,6 +196,7 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 		td->output_text.len = tls_pkt_size;
 
 	}
+	return TEST_SUCCESS;
 }
 
 void
diff --git a/app/test/test_cryptodev_security_tls_record.h b/app/test/test_cryptodev_security_tls_record.h
index 9fbc64605d..0138770fac 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -137,11 +137,11 @@ int test_tls_record_sec_caps_verify(struct rte_security_tls_record_xform *tls_re
 void test_tls_record_td_read_from_write(const struct tls_record_test_data *td_out,
 					struct tls_record_test_data *td_in);
 
-void test_tls_record_td_prepare(const struct crypto_param *param1,
-				const struct crypto_param *param2,
-				const struct tls_record_test_flags *flags,
-				struct tls_record_test_data *td_array, int nb_td,
-				unsigned int data_len);
+int test_tls_record_td_prepare(const struct crypto_param *param1,
+			       const struct crypto_param *param2,
+			       const struct tls_record_test_flags *flags,
+			       struct tls_record_test_data *td_array, int nb_td,
+			       unsigned int data_len);
 
 void test_tls_record_td_update(struct tls_record_test_data td_inb[],
 			       const struct tls_record_test_data td_outb[], int nb_td,
author	Vidya Sagar Velumuri <vvelumuri@marvell.com>	2024-03-13 16:28:55 +0530
committer	Akhil Goyal <gakhil@marvell.com>	2024-03-14 19:05:52 +0100
commit	d2379dd8f27f4ecb54b51b74529f2543b18cfd33 (patch)
tree	5c35604fb172f867d17b49ba1f2e4c3ba5a29fc8
parent	7b20e6626a1ea245c0d6811509f211dddbcaf7d0 (diff)