[PATCH v5 05/21] test/security: unit test for TLS packet corruption

Wed, 13 Mar 2024 03:59:47 -0700 

From: Vidya Sagar Velumuri <vvelum...@marvell.com>

Add test to verify the corrupted TLS packet header

Signed-off-by: Vidya Sagar Velumuri <vvelum...@marvell.com>
---
 app/test/test_cryptodev.c                     | 27 +++++++++++++++++--
 app/test/test_cryptodev_security_tls_record.c |  4 +++
 app/test/test_cryptodev_security_tls_record.h |  1 +
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 3591c91130..324ef3c276 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12000,8 +12000,13 @@ test_tls_record_proto_all(const struct 
tls_record_test_flags *flags)
                if (ret == TEST_SKIPPED)
                        continue;
 
-               if (ret == TEST_FAILED)
-                       return TEST_FAILED;
+               if (flags->pkt_corruption) {
+                       if (ret == TEST_SUCCESS)
+                               return TEST_FAILED;
+               } else {
+                       if (ret == TEST_FAILED)
+                               return TEST_FAILED;
+               }
 
                if (flags->data_walkthrough && (++payload_len <= 
max_payload_len))
                        goto again;
@@ -12089,6 +12094,20 @@ test_tls_1_2_record_proto_sgl_data_walkthrough(void)
        return 
test_tls_record_proto_sgl_data_walkthrough(RTE_SECURITY_VERSION_TLS_1_2);
 }
 
+static int
+test_tls_record_proto_corrupt_pkt(void)
+{
+       struct tls_record_test_flags flags = {
+               .pkt_corruption = 1
+       };
+       struct crypto_testsuite_params *ts_params = &testsuite_params;
+       struct rte_cryptodev_info dev_info;
+
+       rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+       return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17209,6 +17228,10 @@ static struct unit_test_suite 
tls12_record_proto_testsuite  = {
                        "Multi-segmented mode data walkthrough",
                        ut_setup_security, ut_teardown,
                        test_tls_1_2_record_proto_sgl_data_walkthrough),
+               TEST_CASE_NAMED_ST(
+                       "TLS packet header corruption",
+                       ut_setup_security, ut_teardown,
+                       test_tls_record_proto_corrupt_pkt),
                TEST_CASES_END() /**< NULL terminate unit test array */
        }
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c 
b/app/test/test_cryptodev_security_tls_record.c
index 92bcbff842..93ff7f36fa 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -185,6 +185,10 @@ test_tls_record_td_update(struct tls_record_test_data 
td_inb[],
                       td_outb[i].input_text.len);
                td_inb[i].output_text.len = td_outb->input_text.len;
 
+               /* Corrupt the content type in the TLS header of encrypted 
packet */
+               if (flags->pkt_corruption)
+                       td_inb[i].input_text.data[0] = 
~td_inb[i].input_text.data[0];
+
                /* Clear outbound specific flags */
                td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
        }
diff --git a/app/test/test_cryptodev_security_tls_record.h 
b/app/test/test_cryptodev_security_tls_record.h
index a6c537b35a..a7c0ca87bf 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -88,6 +88,7 @@ struct tls_record_test_flags {
        uint8_t nb_segs_in_mbuf;
        bool data_walkthrough;
        enum rte_security_tls_version tls_version;
+       bool pkt_corruption;
 };
 
 extern struct tls_record_test_data tls_test_data_aes_128_gcm_v1;
-- 
2.25.1

Reply via email to