From nobody Mon Nov 15 20:03:49 2021 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2D35C188994E; Mon, 15 Nov 2021 20:03:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HtKrk0pRkz3DFs; Mon, 15 Nov 2021 20:03:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EFEEE1FD2E; Mon, 15 Nov 2021 20:03:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1AFK3nrA087718; Mon, 15 Nov 2021 20:03:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1AFK3nE8087717; Mon, 15 Nov 2021 20:03:49 GMT (envelope-from git) Date: Mon, 15 Nov 2021 20:03:49 GMT Message-Id: <202111152003.1AFK3nE8087717@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 44265dc3dae1 - main - ktls: Add padding tests for AES-CBC MTE cipher suites. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 44265dc3dae1d373f33f474244b5c9811471080b Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=44265dc3dae1d373f33f474244b5c9811471080b commit 44265dc3dae1d373f33f474244b5c9811471080b Author: John Baldwin AuthorDate: 2021-11-15 19:26:45 +0000 Commit: John Baldwin CommitDate: 2021-11-15 19:26:45 +0000 ktls: Add padding tests for AES-CBC MTE cipher suites. For each AES-CBC MTE cipher suite, test sending records with 1 to 16 bytes of payload. This ensures that all of the potential padding values are covered. Reviewed by: markj Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D32840 --- tests/sys/kern/ktls_test.c | 95 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 88 insertions(+), 7 deletions(-) diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c index 908f7f1818a2..bf2b81645d31 100644 --- a/tests/sys/kern/ktls_test.c +++ b/tests/sys/kern/ktls_test.c @@ -970,9 +970,9 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_##name, tc) \ ATF_TP_ADD_TC(tp, ktls_transmit_##cipher_name##_##name); #define GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ - auth_alg, minor, type, len) \ -ATF_TC_WITHOUT_HEAD(ktls_transmit_##cipher_name##_control); \ -ATF_TC_BODY(ktls_transmit_##cipher_name##_control, tc) \ + auth_alg, minor, name, type, len) \ +ATF_TC_WITHOUT_HEAD(ktls_transmit_##cipher_name##_##name); \ +ATF_TC_BODY(ktls_transmit_##cipher_name##_##name, tc) \ { \ struct tls_enable en; \ uint64_t seqno; \ @@ -986,8 +986,8 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_control, tc) \ } #define ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ - auth_alg, minor) \ - ATF_TP_ADD_TC(tp, ktls_transmit_##cipher_name##_control); + auth_alg, minor, name) \ + ATF_TP_ADD_TC(tp, ktls_transmit_##cipher_name##_##name); #define GEN_TRANSMIT_TESTS(cipher_name, cipher_alg, key_size, auth_alg, \ minor) \ @@ -996,7 +996,7 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_control, tc) \ GEN_TRANSMIT_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ auth_alg, minor, long, 64 * 1024) \ GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ - auth_alg, minor, 0x21 /* Alert */, 32) + auth_alg, minor, control, 0x21 /* Alert */, 32) #define ADD_TRANSMIT_TESTS(cipher_name, cipher_alg, key_size, auth_alg, \ minor) \ @@ -1005,7 +1005,7 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_control, tc) \ ADD_TRANSMIT_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ auth_alg, minor, long) \ ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ - auth_alg, minor) + auth_alg, minor, control) /* * For each supported cipher suite, run three transmit tests: @@ -1023,11 +1023,92 @@ AES_CBC_TESTS(GEN_TRANSMIT_TESTS); AES_GCM_TESTS(GEN_TRANSMIT_TESTS); CHACHA20_TESTS(GEN_TRANSMIT_TESTS); +#define GEN_TRANSMIT_PADDING_TESTS(cipher_name, cipher_alg, key_size, \ + auth_alg, minor) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_1, 0x21 /* Alert */, 1) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_2, 0x21 /* Alert */, 2) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_3, 0x21 /* Alert */, 3) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_4, 0x21 /* Alert */, 4) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_5, 0x21 /* Alert */, 5) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_6, 0x21 /* Alert */, 6) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_7, 0x21 /* Alert */, 7) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_8, 0x21 /* Alert */, 8) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_9, 0x21 /* Alert */, 9) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_10, 0x21 /* Alert */, 10) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_11, 0x21 /* Alert */, 11) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_12, 0x21 /* Alert */, 12) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_13, 0x21 /* Alert */, 13) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_14, 0x21 /* Alert */, 14) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_15, 0x21 /* Alert */, 15) \ + GEN_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_16, 0x21 /* Alert */, 16) + +#define ADD_TRANSMIT_PADDING_TESTS(cipher_name, cipher_alg, key_size, \ + auth_alg, minor) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_1) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_2) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_3) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_4) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_5) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_6) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_7) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_8) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_9) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_10) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_11) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_12) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_13) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_14) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_15) \ + ADD_TRANSMIT_CONTROL_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_16) + +/* + * For AES-CBC MTE cipher suites using padding, add tests of messages + * with each possible padding size. Note that the padding_ tests + * do not necessarily test bytes of padding as the padding is a + * function of the cipher suite's MAC length. However, cycling + * through all of the payload sizes from 1 to 16 should exercise all + * of the possible padding lengths for each suite. + */ +AES_CBC_TESTS(GEN_TRANSMIT_PADDING_TESTS); + ATF_TP_ADD_TCS(tp) { AES_CBC_TESTS(ADD_TRANSMIT_TESTS); AES_GCM_TESTS(ADD_TRANSMIT_TESTS); CHACHA20_TESTS(ADD_TRANSMIT_TESTS); + AES_CBC_TESTS(ADD_TRANSMIT_PADDING_TESTS); return (atf_no_error()); }