> Subject: RE: [PATCH 00/14] Add TLS record test suite > > > Subject: [PATCH 00/14] Add TLS record test suite > > > > Add TLS record test suite in cryptodev autotest framework. The test > > suite would run based on capabilities exposed by the cryptodev. > > > > The test suite framework is similar to the framework used in case of > > IPsec tests. To avoid duplication of code, protocol independent code > > is moved to common files and the functions are renamed accordingly. > > > > TLS record test suite has known vector tests as well as combined mode > > tests. Known vector tests leverages vectors generated with kTLS and > > gnuTLS utilities. The test suite supports testing both operations (read > > or decrypt, write or encrypt) with a single vector. Write or encrypt > > test would get skipped if cryptodev doesn't support disabling of IV > > generation. Combined mode tests are targetted at testing protocol > > features with all combinations of cipher-authentication algorithms. > > > > Combined mode performs record write operation first and feeds that back > > to record read operation. Individual test cases may update the input to > > record write operation based on the test case and the test framework > > validates the output obtained (not complete text, but protocol specific > > fields such as TLS header). Once it is validated, the output will be > > submitted for record read operation which would give back the original > > data. Currently this framework supports testing of multi-segmented mbuf > > as input with TLS record. The same would be enhanced to support more > > cases such as ICV corruption, incorrect padding etc. > > > > Enhancements planned for future, > > - Add TLS 1.3 suite > > - Add negative tests such as ICV corruption and incorrect padding > > - Add session expiry tests > > - Add anti-replay tests with DTLS > > > > Sample output with crypto_cn10k: > > > > + ------------------------------------------------------- + > > [67/18944] > > + ------------------------------------------------------- + > > + Test Suite : TLS 1.2 Record Protocol Unit Test Suite > > + ------------------------------------------------------- + > > + TestCase [ 0] : Write record known vector AES-GCM-128 (vector 1) > succeeded > > + TestCase [ 1] : Write record known vector AES-GCM-128 (vector 2) > succeeded > > + TestCase [ 2] : Write record known vector AES-GCM-256 succeeded > > + TestCase [ 3] : Write record known vector AES-CBC-128-SHA1 succeeded > > + TestCase [ 4] : Write record known vector AES-128-CBC-SHA256 succeeded > > + TestCase [ 5] : Write record known vector AES-256-CBC-SHA1 succeeded > > + TestCase [ 6] : Write record known vector AES-256-CBC-SHA256 succeeded > > + TestCase [ 7] : Write record known vector 3DES-CBC-SHA1-HMAC > succeeded > > USER1: Cipher crypto capabilities not supported > > + TestCase [ 8] : Write record known vector NULL-SHA1-HMAC skipped > > USER1: Crypto capabilities not supported > > + TestCase [ 9] : Write record known vector CHACHA20-POLY1305 skipped > > + TestCase [10] : Read record known vector AES-GCM-128 (vector 1) > succeeded > > + TestCase [11] : Read record known vector AES-GCM-128 (vector 2) > succeeded > > + TestCase [12] : Read record known vector AES-GCM-256 succeeded > > + TestCase [13] : Read record known vector AES-128-CBC-SHA1 succeeded > > + TestCase [14] : Read record known vector AES-128-CBC-SHA256 succeeded > > + TestCase [15] : Read record known vector AES-256-CBC-SHA1 succeeded > > + TestCase [16] : Read record known vector AES-256-CBC-SHA256 succeeded > > + TestCase [17] : Read record known vector 3DES-CBC-SHA1-HMAC > succeeded > > USER1: Cipher crypto capabilities not supported > > + TestCase [18] : Read record known vector NULL-SHA1-HMAC skipped > > USER1: Crypto capabilities not supported > > + TestCase [19] : Read record known vector CHACHA20-POLY1305 skipped > > 3des-cbc [192] sha1-hmac [20B ICV] > > aes-cbc [128] sha1-hmac [20B ICV] > > aes-cbc [128] sha2-256-hmac [32B ICV] > > aes-cbc [256] sha1-hmac [20B ICV] > > aes-cbc [256] sha2-256-hmac [32B ICV] > > + TestCase [20] : Combined test alg list succeeded > > + TestCase [21] : Multi-segmented mode succeeded > > + ------------------------------------------------------- + > > + Test Suite Summary : TLS 1.2 Record Protocol Unit Test Suite > > + ------------------------------------------------------- + > > + Tests Total : 22 > > + Tests Skipped : 4 > > + Tests Executed : 22 > > + Tests Unsupported: 0 > > + Tests Passed : 18 > > + Tests Failed : 0 > > + ------------------------------------------------------- + > > + ------------------------------------------------------- + > > + Test Suite : DTLS 1.2 Record Protocol Unit Test Suite > > + ------------------------------------------------------- + > > + TestCase [ 0] : Write record known vector AES-GCM-128 succeeded > > + TestCase [ 1] : Write record known vector AES-GCM-256 succeeded > > + TestCase [ 2] : Write record known vector AES-128-CBC-SHA1 succeeded > > + TestCase [ 3] : Write record known vector AES-128-CBC-SHA256 succeeded > > + TestCase [ 4] : Write record known vector AES-256-CBC-SHA1 succeeded > > + TestCase [ 5] : Write record known vector AES-256-CBC-SHA256 succeeded > > + TestCase [ 6] : Write record known vector 3DES-CBC-SHA1-HMAC > succeeded > > USER1: Cipher crypto capabilities not supported > > + TestCase [ 7] : Write record known vector NULL-SHA1-HMAC skipped > > USER1: Crypto capabilities not supported > > + TestCase [ 8] : Write record known vector CHACHA20-POLY1305 skipped > > + TestCase [ 9] : Read record known vector AES-GCM-128 succeeded > > + TestCase [10] : Read record known vector AES-GCM-256 succeeded > > + TestCase [11] : Read record known vector AES-128-CBC-SHA1 succeeded > > + TestCase [12] : Read record known vector AES-128-CBC-SHA256 succeeded > > + TestCase [13] : Read record known vector AES-256-CBC-SHA1 succeeded > > + TestCase [14] : Read record known vector AES-256-CBC-SHA256 succeeded > > + TestCase [15] : Read record known vector 3DES-CBC-SHA1-HMAC > succeeded > > USER1: Cipher crypto capabilities not supported > > + TestCase [16] : Read record known vector NULL-SHA1-HMAC skipped > > USER1: Crypto capabilities not supported > > + TestCase [17] : Read record known vector CHACHA20-POLY1305 skipped > > 3des-cbc [192] sha1-hmac [20B ICV] > > aes-cbc [128] sha1-hmac [20B ICV] > > aes-cbc [128] sha2-256-hmac [32B ICV] > > aes-cbc [256] sha1-hmac [20B ICV] > > aes-cbc [256] sha2-256-hmac [32B ICV] > > + TestCase [18] : Combined test alg list succeeded > > + TestCase [19] : Multi-segmented mode succeeded > > + ------------------------------------------------------- + > > + Test Suite Summary : DTLS 1.2 Record Protocol Unit Test Suite > > + ------------------------------------------------------- + > > + Tests Total : 20 > > + Tests Skipped : 4 > > + Tests Executed : 20 > > + Tests Unsupported: 0 > > + Tests Passed : 16 > > + Tests Failed : 0 > > + ------------------------------------------------------- + > > > > Akhil Goyal (3): > > test/crypto: add TLS1.2 vectors > > test/crypto: add TLS1.2/DTLS1.2 AES-128/256-GCM vectors > > test/security: add TLS 1.2 and DTLS 1.2 vectors > > > > Anoob Joseph (5): > > test/crypto: move security caps checks to separate file > > test/crypto: move algorithm display routines to common > > test/security: add sha1-hmac to auth list > > test/crypto: add TLS record tests > > test/crypto: add verification of TLS headers > > > > Tejasree Kondoj (2): > > test/crypto: add AES-GCM 128 TLS 1.2 vector > > test/crypto: add multi segmented cases > > > > Vidya Sagar Velumuri (4): > > test/crypto: move algorithm list to common > > test/crypto: move algorithm framework to common > > test/crypto: add combined mode cases > > test/security: add more algos to combined tests > > > > app/test-security-perf/meson.build | 1 + > > app/test-security-perf/test_security_perf.c | 35 +- > > app/test/meson.build | 2 + > > app/test/test_cryptodev.c | 596 ++++++- > > app/test/test_cryptodev.h | 2 + > > app/test/test_cryptodev_security_ipsec.c | 164 +- > > app/test/test_cryptodev_security_ipsec.h | 157 +- > > app/test/test_cryptodev_security_tls_record.c | 327 ++++ > > app/test/test_cryptodev_security_tls_record.h | 101 ++ > > ...yptodev_security_tls_record_test_vectors.h | 1584 +++++++++++++++++ > > app/test/test_security_inline_proto.c | 42 +- > > app/test/test_security_proto.c | 154 ++ > > app/test/test_security_proto.h | 186 ++ > > doc/guides/rel_notes/release_24_03.rst | 4 + > > 14 files changed, 2960 insertions(+), 395 deletions(-) > > create mode 100644 app/test/test_cryptodev_security_tls_record.c > > create mode 100644 app/test/test_cryptodev_security_tls_record.h > > create mode 100644 > > app/test/test_cryptodev_security_tls_record_test_vectors.h > > create mode 100644 app/test/test_security_proto.c > > create mode 100644 app/test/test_security_proto.h > > > Series Acked-by: Akhil Goyal <gak...@marvell.com>
Applied to dpdk-next-crypto Thanks.
