git: 9b6f4b35d2c2 - stable/13 - ktls: Add padding tests for AES-CBC MTE cipher suites.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Nov 2021 23:13:04 UTC
The branch stable/13 has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=9b6f4b35d2c27e0bdb15d8c70426540d78e3f6c9
commit 9b6f4b35d2c27e0bdb15d8c70426540d78e3f6c9
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-11-15 19:26:45 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-11-23 23:11:53 +0000
ktls: Add padding tests for AES-CBC MTE cipher suites.
For each AES-CBC MTE cipher suite, test sending records with 1 to 16
bytes of payload. This ensures that all of the potential padding
values are covered.
Reviewed by: markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32840
(cherry picked from commit 44265dc3dae1d373f33f474244b5c9811471080b)
---
tests/sys/kern/ktls_test.c | 95 ++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 88 insertions(+), 7 deletions(-)
diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c
index 908f7f1818a2..bf2b81645d31 100644
--- a/tests/sys/kern/ktls_test.c
+++ b/tests/sys/kern/ktls_test.c
@@ -970,9 +970,9 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_##name, tc) \
ATF_TP_ADD_TC(tp, ktls_transmit_##cipher_name##_##name);
#define GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
- auth_alg, minor, type, len) \
-ATF_TC_WITHOUT_HEAD(ktls_transmit_##cipher_name##_control); \
-ATF_TC_BODY(ktls_transmit_##cipher_name##_control, tc) \
+ auth_alg, minor, name, type, len) \
+ATF_TC_WITHOUT_HEAD(ktls_transmit_##cipher_name##_##name); \
+ATF_TC_BODY(ktls_transmit_##cipher_name##_##name, tc) \
{ \
struct tls_enable en; \
uint64_t seqno; \
@@ -986,8 +986,8 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_control, tc) \
}
#define ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
- auth_alg, minor) \
- ATF_TP_ADD_TC(tp, ktls_transmit_##cipher_name##_control);
+ auth_alg, minor, name) \
+ ATF_TP_ADD_TC(tp, ktls_transmit_##cipher_name##_##name);
#define GEN_TRANSMIT_TESTS(cipher_name, cipher_alg, key_size, auth_alg, \
minor) \
@@ -996,7 +996,7 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_control, tc) \
GEN_TRANSMIT_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \
auth_alg, minor, long, 64 * 1024) \
GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
- auth_alg, minor, 0x21 /* Alert */, 32)
+ auth_alg, minor, control, 0x21 /* Alert */, 32)
#define ADD_TRANSMIT_TESTS(cipher_name, cipher_alg, key_size, auth_alg, \
minor) \
@@ -1005,7 +1005,7 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_control, tc) \
ADD_TRANSMIT_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \
auth_alg, minor, long) \
ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
- auth_alg, minor)
+ auth_alg, minor, control)
/*
* For each supported cipher suite, run three transmit tests:
@@ -1023,11 +1023,92 @@ AES_CBC_TESTS(GEN_TRANSMIT_TESTS);
AES_GCM_TESTS(GEN_TRANSMIT_TESTS);
CHACHA20_TESTS(GEN_TRANSMIT_TESTS);
+#define GEN_TRANSMIT_PADDING_TESTS(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_1, 0x21 /* Alert */, 1) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_2, 0x21 /* Alert */, 2) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_3, 0x21 /* Alert */, 3) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_4, 0x21 /* Alert */, 4) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_5, 0x21 /* Alert */, 5) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_6, 0x21 /* Alert */, 6) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_7, 0x21 /* Alert */, 7) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_8, 0x21 /* Alert */, 8) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_9, 0x21 /* Alert */, 9) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_10, 0x21 /* Alert */, 10) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_11, 0x21 /* Alert */, 11) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_12, 0x21 /* Alert */, 12) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_13, 0x21 /* Alert */, 13) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_14, 0x21 /* Alert */, 14) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_15, 0x21 /* Alert */, 15) \
+ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_16, 0x21 /* Alert */, 16)
+
+#define ADD_TRANSMIT_PADDING_TESTS(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_1) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_2) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_3) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_4) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_5) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_6) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_7) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_8) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_9) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_10) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_11) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_12) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_13) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_14) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_15) \
+ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \
+ auth_alg, minor, padding_16)
+
+/*
+ * For AES-CBC MTE cipher suites using padding, add tests of messages
+ * with each possible padding size. Note that the padding_<N> tests
+ * do not necessarily test <N> bytes of padding as the padding is a
+ * function of the cipher suite's MAC length. However, cycling
+ * through all of the payload sizes from 1 to 16 should exercise all
+ * of the possible padding lengths for each suite.
+ */
+AES_CBC_TESTS(GEN_TRANSMIT_PADDING_TESTS);
+
ATF_TP_ADD_TCS(tp)
{
AES_CBC_TESTS(ADD_TRANSMIT_TESTS);
AES_GCM_TESTS(ADD_TRANSMIT_TESTS);
CHACHA20_TESTS(ADD_TRANSMIT_TESTS);
+ AES_CBC_TESTS(ADD_TRANSMIT_PADDING_TESTS);
return (atf_no_error());
}