[PATCH v2 4/7] test/crypto: verify padding corruption in TLS-1.2

Thu, 20 Jun 2024 07:51:37 -0700 

From: Vidya Sagar Velumuri <vvelum...@marvell.com>

Add unit test to verify corrupted padding bytes in TLS-1.2 record

Signed-off-by: Vidya Sagar Velumuri <vvelum...@marvell.com>
Signed-off-by: Aakash Sasidharan <asasidha...@marvell.com>
---
 app/test/test_cryptodev.c                     | 18 +++++++++++++++++-
 app/test/test_cryptodev_security_tls_record.c |  7 +++++++
 app/test/test_cryptodev_security_tls_record.h |  1 +
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f3145abfee..da8d7bf109 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -12173,7 +12173,7 @@ test_tls_record_proto_all(const struct 
tls_record_test_flags *flags)
                if (ret == TEST_SKIPPED)
                        continue;
 
-               if (flags->pkt_corruption) {
+               if (flags->pkt_corruption || flags->padding_corruption) {
                        if (ret == TEST_SUCCESS)
                                return TEST_FAILED;
                } else {
@@ -12404,6 +12404,18 @@ test_tls_record_proto_sg_opt_padding_max(void)
        return test_tls_record_proto_opt_padding(33, 4, 
RTE_SECURITY_VERSION_TLS_1_2);
 }
 
+static int
+test_tls_record_proto_sg_opt_padding_corrupt(void)
+{
+       struct tls_record_test_flags flags = {
+               .opt_padding = 8,
+               .padding_corruption = true,
+               .nb_segs_in_mbuf = 4,
+       };
+
+       return test_tls_record_proto_all(&flags);
+}
+
 static int
 test_dtls_1_2_record_proto_data_walkthrough(void)
 {
@@ -17997,6 +18009,10 @@ static struct unit_test_suite 
tls12_record_proto_testsuite  = {
                        "TLS record SG mode with optional padding > max range",
                        ut_setup_security, ut_teardown,
                        test_tls_record_proto_sg_opt_padding_max),
+               TEST_CASE_NAMED_ST(
+                       "TLS record SG mode with padding corruption",
+                       ut_setup_security, ut_teardown,
+                       test_tls_record_proto_sg_opt_padding_corrupt),
                TEST_CASES_END() /**< NULL terminate unit test array */
        }
 };
diff --git a/app/test/test_cryptodev_security_tls_record.c 
b/app/test/test_cryptodev_security_tls_record.c
index 03d9efefc3..1ba9609e1b 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -215,6 +215,13 @@ test_tls_record_td_update(struct tls_record_test_data 
td_inb[],
                if (flags->pkt_corruption)
                        td_inb[i].input_text.data[0] = 
~td_inb[i].input_text.data[0];
 
+               /* Corrupt a byte in the last but one block */
+               if (flags->padding_corruption) {
+                       int offset = td_inb[i].input_text.len - 
TLS_RECORD_PAD_CORRUPT_OFFSET;
+
+                       td_inb[i].input_text.data[offset] = 
~td_inb[i].input_text.data[offset];
+               }
+
                /* Clear outbound specific flags */
                td_inb[i].tls_record_xform.options.iv_gen_disable = 0;
        }
diff --git a/app/test/test_cryptodev_security_tls_record.h 
b/app/test/test_cryptodev_security_tls_record.h
index 18a90c6ff6..acb7f15f1c 100644
--- a/app/test/test_cryptodev_security_tls_record.h
+++ b/app/test/test_cryptodev_security_tls_record.h
@@ -41,6 +41,7 @@ static_assert(TLS_1_3_RECORD_PLAINTEXT_MAX_LEN <= 
TEST_SEC_CLEARTEXT_MAX_LEN,
              "TEST_SEC_CLEARTEXT_MAX_LEN should be at least RECORD MAX LEN!");
 
 #define TLS_RECORD_PLAINTEXT_MIN_LEN       (1u)
+#define TLS_RECORD_PAD_CORRUPT_OFFSET      20
 
 enum tls_record_test_content_type {
        TLS_RECORD_TEST_CONTENT_TYPE_APP,
-- 
2.25.1

Reply via email to