def main(self):
self.Generate()
ProxyCbServiceHelper.main(self.objs)
self.Configure()
if len(self.objs):
Store.objects.SetAll(self.objs)
return
def TestCaseVerify(tc):
global ipseccbq
global ipseccb
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
ipsecid = "IPSECCB%04d" % id
ipsec_cbq_id = ipsecid + "_IPSECCBQ"
ipseccb_cur = tc.infra_data.ConfigStore.objects.db[ipsecid]
print("pre-sync: ipseccb_cur.pi %d ipseccb_cur.ci %d" %
(ipseccb_cur.pi, ipseccb_cur.ci))
ipseccb_cur.GetObjValPd()
print("post-sync: ipseccb_cur.pi %d ipseccb_cur.ci %d" %
(ipseccb_cur.pi, ipseccb_cur.ci))
if (ipseccb_cur.pi != ipseccb.pi or ipseccb_cur.ci != ipseccb.ci):
print("serq pi/ci not as expected")
return False
# 3. Fetch current values from Platform
ipseccbqq_cur = tc.infra_data.ConfigStore.objects.db[ipsec_cbq_id]
ipseccbqq_cur.Configure()
rnmdr = tc.pvtdata.db["IPSEC_RNMDR"]
rnmpr = tc.pvtdata.db["IPSEC_RNMPR"]
tnmdr = tc.pvtdata.db["IPSEC_TNMDR"]
tnmpr = tc.pvtdata.db["IPSEC_TNMPR"]
rnmdr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_RNMDR"]
rnmdr_cur.GetMeta()
rnmdr_cur.GetRingEntries([rnmdr_cur.pi, rnmdr_cur.pi + 1])
rnmdr_cur.GetRingEntryAOL([rnmdr_cur.pi, rnmdr_cur.pi + 1])
rnmpr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_RNMPR"]
rnmpr_cur.GetMeta()
rnmpr_cur.GetRingEntries([rnmpr.pi, rnmpr_cur.pi])
tnmdr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_TNMDR"]
tnmdr_cur.GetMeta()
tnmdr_cur.GetRingEntries([tnmdr.pi, tnmdr_cur.pi])
tnmpr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_TNMPR"]
tnmpr_cur.GetMeta()
tnmpr_cur.GetRingEntries([tnmpr.pi, tnmpr_cur.pi])
# 4. Verify PI for RNMDR got incremented by 1
if ((rnmdr_cur.pi != rnmdr.pi + 2) and (rnmdr_cur.pi != rnmdr.pi + 1)):
print("RNMDR pi check failed old %d new %d" % (rnmdr.pi, rnmdr_cur.pi))
return False
# 6. Verify pi/ci got update got updated for BRQ
brq = tc.pvtdata.db["BRQ_ENCRYPT_GCM"]
brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"]
print("pre-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci))
brq_cur.GetMeta()
brq_cur.GetRingEntries([brq.pi, brq_cur.pi])
print("post-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci))
if (brq_cur.pi != (brq.pi + 1) or brq_cur.ci != (brq.ci + 1)):
print("brq pi/ci not as expected")
#needs fix in HAL and support in model/p4+ for this check to work/pass
#return False
return True
def TestCaseSetup(tc):
print("TestCaseSetup(): Start")
tc.pvtdata = ObjectDatabase()
tcp_proxy.SetupProxyArgs(tc)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
tcp_proxy.init_tcb_inorder(tc, tcb)
# set tcb state to ESTABLISHED(1)
tcb.state = 1
tcb.SetObjValPd()
# 2. Clone objects that are needed for verification
rnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"])
rnmdpr.GetMeta()
rnmdpr.GetRingEntries([rnmdpr.pi])
tnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"])
tnmdpr.GetMeta()
tnmdpr.GetRingEntries([tnmdpr.pi])
if tc.module.args.cipher_suite == "CCM":
brq = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CCM"])
elif tc.module.args.cipher_suite == "CBC":
brq = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CBC"])
else:
brq = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["BRQ_DECRYPT_GCM"])
brq.GetMeta()
tlscbid = "TlsCb%04d" % id
tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid])
tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_proxy | \
tcp_tls_proxy.tls_debug_dol_sesq_stop
if hasattr(tc.module.args, 'reassemble'):
if tc.module.args.reassemble == True:
print("Enabling reassembly support")
tlscb.debug_dol = tlscb.debug_dol | tcp_tls_proxy.tls_debug_dol_dec_reasm_path
tlscb.other_fid = 0xffff
tlscb.serq_pi = 0
tlscb.serq_ci = 0
tlscb.SetObjValPd()
if tc.module.args.key_size == 16:
tcp_tls_proxy.tls_aes128_decrypt_setup(tc, tlscb)
elif tc.module.args.key_size == 32:
tcp_tls_proxy.tls_aes256_decrypt_setup(tc, tlscb)
tc.pvtdata.Add(tlscb)
tc.pvtdata.Add(rnmdpr)
tc.pvtdata.Add(tnmdpr)
tc.pvtdata.Add(brq)
return
def Configure(self):
nvme_lif = self.session.initiator.ep.intf.lif.nvme_lif
self.lif = nvme_lif
self.nsid = nvme_lif.GetNextNsid()
self.ns = nvme_lif.GetNs(self.nsid)
assert self.ns != 0
#for DOL purpose, map session to a sq/cq.
#more than one session can map to same sq/cq
#for now using nsid%2 as the sq/cq number
self.sqid = self.nsid % 2
self.cqid = self.sqid
self.sq = self.session.initiator.ep.intf.lif.GetQ('NVME_SQ', self.sqid)
self.cq = self.session.initiator.ep.intf.lif.GetQ('NVME_CQ', self.cqid)
nvme_lif.NsSessionAttach(self.nsid, self)
halapi.NvmeSessionCreate([self])
self.tcp_qid, self.tcp_other_qid = ProxyCbServiceHelper.GetSessionQids(
self.session)
self.tcp_cbid = "TcpCb%04d" % self.tcp_qid
self.tcp_other_cbid = "TcpCb%04d" % self.tcp_other_qid
return
def TestCaseVerify(tc):
if GlobalOptions.dryrun:
return True
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
if tc.config.flow.IsIflow():
print("This is iflow")
tcbid = "TcpCb%04d" % id
tlscbid = "TlsCb%04d" % id
other_tcbid = "TcpCb%04d" % (id + 1)
other_tlscbid = "TlsCb%04d" % (id + 1)
else:
print("This is rflow")
tcbid = "TcpCb%04d" % (id + 1)
tlscbid = "TlsCb%04d" % (id + 1)
other_tcbid = "TcpCb%04d" % id
other_tlscbid = "TlsCb%04d" % id
same_flow = False
if tc.pvtdata.same_flow:
other_tcbid = tcbid
other_tlscbid = tlscbid
same_flow = True
tcpcb = tc.pvtdata.db[tcbid]
tcpcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid]
tcpcb_cur.GetObjValPd()
other_tcpcb = tc.pvtdata.db[other_tcbid]
other_tcpcb_cur = tc.infra_data.ConfigStore.objects.db[other_tcbid]
other_tcpcb_cur.GetObjValPd()
tlscb = tc.pvtdata.db[tlscbid]
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
tlscb_cur.GetObjValPd()
other_tlscb = tc.pvtdata.db[other_tlscbid]
other_tlscb_cur = tc.infra_data.ConfigStore.objects.db[other_tlscbid]
other_tlscb_cur.GetObjValPd()
rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"]
rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]
rnmdpr_big_cur.GetMeta()
# Print stats
if same_flow:
other_tcpcb = tcpcb
other_tcpcb_cur = tcpcb_cur
else:
print("bytes_rcvd = %d:" % tcpcb_cur.bytes_rcvd)
print("pkts_rcvd = %d:" % tcpcb_cur.pkts_rcvd)
print("bytes_sent = %d:" % other_tcpcb_cur.bytes_sent)
print("pkts_sent = %d:" % other_tcpcb_cur.pkts_sent)
return True
def TestCaseVerify(tc):
if GlobalOptions.dryrun:
return True
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
tlscbid = "TlsCb%04d" % id
tlscb = tc.pvtdata.db[tlscbid]
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
print("pre-sync: tnmdpr_alloc %d enc_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests))
print("pre-sync: rnmdpr_free %d enc_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions))
print("pre-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread))
tlscb_cur.GetObjValPd()
print("post-sync: tnmdpr_alloc %d enc_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests))
print("post-sync: rnmdpr_free %d enc_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions))
print("post-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread))
tcbid = "TcpCb%04d" % id
tcb = tc.pvtdata.db[tcbid]
# 2. Verify pi/ci got update got updated for ARQ
tcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid]
print("pre-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci))
tcb_cur.GetObjValPd()
print("post-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci))
if (tcb_cur.sesq_pi != (tcb.sesq_pi+1) or tcb_cur.sesq_ci != (tcb.sesq_ci+1)):
print("sesq pi/ci not as expected")
#VijayV to enable this test after ci is fixed in p4+
#return False
# 3. Fetch current values from Platform
rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]
rnmdpr_big_cur.GetMeta()
rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"]
tnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]
tnmdpr_big_cur.GetMeta()
tnmdpr_big = tc.pvtdata.db["TNMDPR_BIG"]
arq = tc.pvtdata.db["CPU0000_ARQ"]
arq_cur = tc.infra_data.ConfigStore.objects.db["CPU0000_ARQ"]
arq_cur.GetMeta()
arq_cur.GetRingEntries([arq.pi])
# 2. Verify descriptor
if rnmdpr_big.ringentries[rnmdpr_big.pi].handle != arq_cur.ringentries[arq.pi].handle:
#if rnmdpr.ringentries[rnmdpr.pi].handle != arq_cur.ringentries[0].handle:
print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdpr_big.ringentries[rnmdpr_big.pi].handle, arq_cur.ringentries[0].handle))
#print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdpr.ringentries[rnmdpr.pi].handle, arq_cur.ringentries[arq.pi].handle))
return False
return True
def TestCaseSetup(tc):
global ipseccbq
global ipseccb
global rnmdr
global iv
global seq
tc.pvtdata = ObjectDatabase()
tc.pvtdata.seqNo = 0
print("TestCaseSetup(): Sample Implementation.")
# 2. Clone objects that are needed for verification
rnmdr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_RNMDR"])
rnmdr.GetMeta()
rnmdr.GetRingEntries([rnmdr.pi, rnmdr.pi + 1])
rnmdr.GetRingEntryAOL([rnmdr.pi, rnmdr.pi + 1])
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
IpsecCbHelper.main(id)
ipsecid = "IPSECCB%04d" % id
ipseccb = tc.infra_data.ConfigStore.objects.db[ipsecid]
ipsec_cbq_id = ipsecid + "_IPSECCBQ"
ipseccbq = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db[ipsec_cbq_id])
ipseccb = tc.infra_data.ConfigStore.objects.db[ipsecid]
rnmpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_RNMPR"])
rnmpr.GetMeta()
rnmpr.GetRingEntries([rnmpr.pi])
tnmdr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_TNMDR"])
tnmdr.GetMeta()
tnmdr.GetRingEntries([tnmdr.pi])
tnmpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_TNMPR"])
tnmpr.GetMeta()
tnmpr.GetRingEntries([tnmpr.pi])
brq = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"])
brq.GetMeta()
brq.GetRingEntries([brq.pi])
iv = ipseccb.iv
seq = ipseccb.esn_lo
tc.pvtdata.Add(rnmdr)
tc.pvtdata.Add(rnmpr)
tc.pvtdata.Add(tnmdr)
tc.pvtdata.Add(tnmpr)
tc.pvtdata.Add(brq)
return
def TestCaseSetup(tc):
tc.pvtdata = ObjectDatabase()
tcp_proxy.SetupProxyArgs(tc)
id1, id2 = ProxyCbServiceHelper.GetSessionQids(tc.config.flow._FlowObject__session)
if tc.config.flow.IsIflow():
id = id1
other_fid = id2
else:
id = id2
other_fid = id1
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
tcp_proxy.init_tcb_inorder(tc, tcb)
tcb.debug_dol = 0
# set tcb state to SYN_SENT(2)
tcb.state = tcp_proxy.tcp_state_SYN_SENT
tcb.SetObjValPd()
TcpCbHelper.main(other_fid)
tcbid2 = "TcpCb%04d" % (other_fid)
logger.info("Configuring %s" % tcbid2)
tcb2 = tc.infra_data.ConfigStore.objects.db[tcbid2]
tcp_proxy.init_tcb_inorder2(tc, tcb2)
tcb2.SetObjValPd()
# 2. Clone objects that are needed for verification
arq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["CPU0000_ARQ"])
arq.Configure()
sesqid = "TCPCB%04d_SESQ" % id
sesq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[sesqid])
tlscbid = "TlsCb%04d" % id
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
tlscb_cur.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_barco
tlscb_cur.SetObjValPd()
tlscb = copy.deepcopy(tlscb_cur)
tcpcb = copy.deepcopy(tcb)
tc.pvtdata.Add(tlscb)
tc.pvtdata.Add(tcpcb)
tc.pvtdata.Add(sesq)
tc.pvtdata.Add(arq)
return
def TestCaseSetup(tc):
tc.pvtdata = ObjectDatabase()
tcp_proxy.SetupProxyArgs(tc)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
tcp_proxy.init_tcb_inorder(tc, tcb)
# set tcb state to ESTABLISHED(1)
tcb.state = tcp_proxy.tcp_state_ESTABLISHED
tcb.debug_dol_tx |= tcp_proxy.tcp_tx_debug_dol_dont_tx
tcb.SetObjValPd()
# 2. Clone objects that are needed for verification
rnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"])
rnmdpr.GetMeta()
tnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"])
tnmdpr.GetMeta()
arq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["CPU0000_ARQ"])
sesqid = "TCPCB%04d_SESQ" % id
sesq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[sesqid])
sesq.GetMeta()
tlscbid = "TlsCb%04d" % id
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
#tlscb_cur.debug_dol = (tcp_tls_proxy.tls_debug_dol_leave_in_arq | tcp_tls_proxy.tls_debug_dol_bypass_proxy | tcp_tls_proxy.tls_debug_dol_bypass_barco | tcp_tls_proxy.tls_debug_dol_fake_handshake_msg)
tlscb_cur.debug_dol = (tcp_tls_proxy.tls_debug_dol_bypass_proxy
| tcp_tls_proxy.tls_debug_dol_bypass_barco
| tcp_tls_proxy.tls_debug_dol_arm_loop_ctlr_pkts)
tlscb_cur.other_fid = 0xffff
tlscb_cur.is_decrypt_flow = 1
tlscb_cur.serq_pi = 0
tlscb_cur.serq_ci = 0
tlscb_cur.SetObjValPd()
tlscb = copy.deepcopy(tlscb_cur)
tlscb.GetObjValPd()
tcpcb = copy.deepcopy(tcb)
tcpcb.GetObjValPd()
tc.pvtdata.Add(tlscb)
tc.pvtdata.Add(rnmdpr)
tc.pvtdata.Add(tnmdpr)
tc.pvtdata.Add(tcpcb)
tc.pvtdata.Add(sesq)
tc.pvtdata.Add(arq)
return
def TestCaseSetup(tc):
tc.pvtdata = ObjectDatabase()
tcp_proxy.SetupProxyArgs(tc)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
tcp_proxy.init_tcb_inorder(tc, tcb)
# set tcb state to ESTABLISHED(1)
tcb.state = 1
tcb.l7_proxy_type = 0
tcb.debug_dol = 0
tcb.SetObjValPd()
# 2. Clone objects that are needed for verification
rnmdpr_big = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"])
rnmdpr_big.GetMeta()
tnmdpr_big = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"])
#tnmdpr_big.GetMeta()
brq = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"])
#brq.GetMeta()
tlscbid = "TlsCb%04d" % id
tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid])
tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_proxy | \
tcp_tls_proxy.tls_debug_dol_sesq_stop
tlscb.other_fid = 0xffff
tlscb.l7_proxy_type = tcp_proxy.l7_proxy_type_REDIR
tlscb.serq_pi = 0
tlscb.serq_ci = 0
if tc.module.args.key_size == 16:
tcp_tls_proxy.tls_aes128_decrypt_setup(tc, tlscb)
elif tc.module.args.key_size == 32:
tcp_tls_proxy.tls_aes256_decrypt_setup(tc, tlscb)
tc.pvtdata.Add(tlscb)
tc.pvtdata.Add(rnmdpr_big)
tc.pvtdata.Add(tnmdpr_big)
tc.pvtdata.Add(brq)
return
def TestCaseSetup(tc):
tc.pvtdata = ObjectDatabase()
tcp_proxy.SetupProxyArgs(tc)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
tcp_proxy.init_tcb_inorder(tc, tcb)
tcb.l7_proxy_type = tcp_proxy.l7_proxy_type_SPAN
tcb.debug_dol |= tcp_proxy.tcp_debug_dol_pkt_to_serq
tcb.debug_dol |= tcp_proxy.tcp_debug_dol_pkt_to_l7q
if hasattr(tc.module.args, 'atomic_stats') and tc.module.args.atomic_stats:
print("Testing atomic stats")
tcb.debug_dol |= tcp_proxy.tcp_debug_dol_test_atomic_stats
tcb.bytes_rcvd = 0
# set tcb state to ESTABLISHED(1)
tcb.state = 1
tcb.SetObjValPd()
tlscbid = "TlsCb%04d" % id
tlscb = tc.infra_data.ConfigStore.objects.db[tlscbid]
tlscb.debug_dol = 0
tlscb.is_decrypt_flow = False
tlscb.other_fid = 0xffff
tlscb.serq_pi = 0
tlscb.serq_ci = 0
tlscb.SetObjValPd()
# 2. Clone objects that are needed for verification
rnmdpr_big = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"])
rnmdpr_big.GetMeta()
rnmdpr_big.GetRingEntries([rnmdpr_big.pi])
serqid = "TLSCB%04d_SERQ" % id
serq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[serqid])
serq.GetMeta()
tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid])
tlscb.GetObjValPd()
tcpcb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tcbid])
tcpcb.GetObjValPd()
tc.pvtdata.Add(tlscb)
tc.pvtdata.Add(rnmdpr_big)
tc.pvtdata.Add(tcpcb)
tc.pvtdata.Add(serq)
return
def TestCaseSetup(tc):
global cpurx_dpr
global rawrcbid
global rawccbid
global rawrcb
global rawccb
global redir_span
tc.SetRetryEnabled(True)
tc.pvtdata = ObjectDatabase()
redir_span = getattr(tc.module.args, 'redir_span', False)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
if redir_span:
id = app_redir_shared.app_redir_span_rawrcb_id
rawrcbid = "RawrCb%04d" % id
rawccbid = "RawcCb%04d" % id
RawrCbHelper.main(id)
rawrcb = tc.infra_data.ConfigStore.objects.db[rawrcbid]
RawcCbHelper.main(id)
rawccb = tc.infra_data.ConfigStore.objects.db[rawccbid]
# 1. Configure RAWRCB in HBM before packet injection
# let HAL fill in defaults for chain_rxq_base, etc.
rawrcb.chain_txq_base = 0
rawrcb.chain_rxq_base = 0
rawrcb.rawrcb_flags = app_redir_shared.app_redir_dol_pipeline_loopbk_en
rawrcb.SetObjValPd()
# 1. Configure RAWCCB in HBM before packet injection
# let HAL fill in defaults for my_txq_base, etc.
rawccb.my_txq_base = 0
rawccb.SetObjValPd()
# 2. Clone objects that are needed for verification
cpurx_dpr = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["CPU_RX_DPR"])
cpurx_dpr.GetMeta()
cpurx_dpr.GetRingEntries([cpurx_dpr.pi])
rawrcb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[rawrcbid])
rawrcb.GetObjValPd()
rawccb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[rawccbid])
rawccb.GetObjValPd()
return
def TestCaseSetup(tc):
tc.pvtdata = ObjectDatabase()
tcp_proxy.SetupProxyArgs(tc)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
tcp_proxy.init_tcb_inorder(tc, tcb)
# set tcb state to ESTABLISHED(1)
tcb.state = 1
tcb.SetObjValPd()
# 2. Clone objects that are needed for verification
rnmdpr_big = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"])
rnmdpr_big.GetMeta()
rnmdpr_big.GetRingEntries([rnmdpr_big.pi])
tnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"])
tnmdpr.GetMeta()
sesqid = "TCPCB%04d_SESQ" % id
sesq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[sesqid])
sesq.GetMeta()
tlscbid = "TlsCb%04d" % id
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
tlscb_cur.debug_dol = (tcp_tls_proxy.tls_debug_dol_bypass_proxy
| tcp_tls_proxy.tls_debug_dol_sesq_stop
| tcp_tls_proxy.tls_debug_dol_bypass_barco)
tlscb_cur.other_fid = 0xffff
tlscb_cur.is_decrypt_flow = False
tlscb_cur.serq_pi = 0
tlscb_cur.serq_ci = 0
tlscb_cur.SetObjValPd()
tlscb = copy.deepcopy(tlscb_cur)
tlscb.GetObjValPd()
tcpcb = copy.deepcopy(tcb)
tcpcb.GetObjValPd()
tc.pvtdata.Add(tlscb)
tc.pvtdata.Add(rnmdpr_big)
tc.pvtdata.Add(tnmdpr)
tc.pvtdata.Add(tcpcb)
tc.pvtdata.Add(sesq)
return
def TestCaseTeardown(tc):
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
if tc.config.flow.IsIflow():
tcbid = "TcpCb%04d" % id
other_tcbid = "TcpCb%04d" % (id + 1)
else:
tcbid = "TcpCb%04d" % (id + 1)
other_tcbid = "TcpCb%04d" % id
tcpcb = tc.infra_data.ConfigStore.objects.db[tcbid]
other_tcpcb = tc.infra_data.ConfigStore.objects.db[other_tcbid]
if GlobalOptions.dryrun:
return True
if tc.pvtdata.test_del_ack_timer:
timer = tc.infra_data.ConfigStore.objects.db['FAST_TIMER']
timer.Step(0)
if tc.pvtdata.test_retx_timer:
tcpcb.debug_dol_tx &= ~tcp_proxy.tcp_tx_debug_dol_start_retx_timer
tcpcb.SetObjValPd()
other_tcpcb.debug_dol_tx &= ~tcp_proxy.tcp_tx_debug_dol_start_retx_timer
other_tcpcb.SetObjValPd()
timer = tc.infra_data.ConfigStore.objects.db['FAST_TIMER']
timer.Step(0)
reset_rnmdpr = False
if tc.pvtdata.sem_full and tc.pvtdata.sem_full == 'nmdr':
reset_rnmdpr = True
if tc.pvtdata.rnmdr_big_pi is not None:
reset_rnmdpr = True
if tc.pvtdata.rnmdr_big_ci is not None:
reset_rnmdpr = True
if reset_rnmdpr:
rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"]
rnmdpr_big.pi = 0
rnmdpr_big.ci = 8192
rnmdpr_big.SetMeta()
if tc.pvtdata.test_retx_timer_full:
tcpcb.debug_dol_tx = 0
tcpcb.SetObjValPd()
other_tcpcb.debug_dol_tx = 0
other_tcpcb.SetObjValPd()
return
def TestCaseSetup(tc):
tc.pvtdata = ObjectDatabase()
tcp_proxy.SetupProxyArgs(tc)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
tcp_proxy.init_tcb_inorder(tc, tcb)
tcb.debug_dol |= tcp_proxy.tcp_debug_dol_leave_in_arq
# set tcb state to SYN_SENT(2)
tcb.state = tcp_proxy.tcp_state_SYN_SENT
tcb.SetObjValPd()
# 2. Clone objects that are needed for verification
rnmdpr_big = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"])
rnmdpr_big.GetMeta()
rnmdpr_big.GetRingEntries([rnmdpr_big.pi])
tnmdpr_big = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"])
tnmdpr_big.GetMeta()
actl = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["CPU0000_TCP_ACTL"])
actl.GetMeta()
sesqid = "TCPCB%04d_SESQ" % id
sesq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[sesqid])
tlscbid = "TlsCb%04d" % id
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
tlscb_cur.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_barco
tlscb_cur.SetObjValPd()
tlscb = copy.deepcopy(tlscb_cur)
tcpcb = copy.deepcopy(tcb)
tc.pvtdata.Add(tlscb)
tc.pvtdata.Add(rnmdpr_big)
tc.pvtdata.Add(tnmdpr_big)
tc.pvtdata.Add(tcpcb)
tc.pvtdata.Add(sesq)
tc.pvtdata.Add(actl)
return
def get_tcbs(tc):
id1, id2 = ProxyCbServiceHelper.GetSessionQids(tc.config.flow._FlowObject__session)
if tc.config.flow.IsIflow():
id = id1
other_fid = id2
else:
id = id2
other_fid = id1
tcbid1 = "TcpCb%04d" % id
tcbid2 = "TcpCb%04d" % other_fid
print("%s is flow 1" % tcbid1)
print("%s is flow 2" % tcbid2)
tcb1 = tc.infra_data.ConfigStore.objects.db[tcbid1]
tcb2 = tc.infra_data.ConfigStore.objects.db[tcbid2]
tc.pvtdata.tcb1 = tcb1
tc.pvtdata.tcb2 = tcb2
return tcb1, tcb2
def TestCaseVerify(tc):
if GlobalOptions.dryrun:
return True
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
# Retrieve saved state
tlscbid = "TlsCb%04d" % id
tlscb = tc.pvtdata.db[tlscbid]
rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"]
tnmdpr_big = tc.pvtdata.db["TNMDPR_BIG"]
brq = tc.pvtdata.db["BRQ_ENCRYPT_GCM"]
# Fetch current values from Platform
rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]
rnmdpr_big_cur.GetMeta()
tnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]
#tnmdpr_big_cur.GetMeta()
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
tlscb_cur.GetObjValPd()
brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"]
#brq_cur.GetMeta()
# Verify PI for RNMDPR_BIG got incremented by 1
if (rnmdpr_big_cur.pi != rnmdpr_big.pi+2):
print("RNMDPR_BIG pi check failed old %d new %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi))
return False
print("Old RNMDPR_BIG PI: %d, New RNMDPR_BIG PI: %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi))
# Verify page
#if rnmdpr.ringentries[0].handle != brq_cur.swdre_list[0].Addr1:
# print("Page handle not as expected in brq_cur.swdre_list")
#return False
return True
def TestCaseSetup(tc):
global ipseccbq
global ipseccb
global rnmdr
global iv
global seq
tc.pvtdata = ObjectDatabase()
print("TestCaseSetup(): Sample Implementation.")
# 1. Configure IPSECCB in HBM before packet injection
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
IpsecCbHelper.main(id)
ipsecid = "IPSECCB%04d" % id
ipseccb = tc.infra_data.ConfigStore.objects.db[ipsecid]
key_type = types_pb2.CRYPTO_KEY_TYPE_AES128
key_size = 16
key = b'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc'
sip6 = b'\x20\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xaa'
dip6 = b'\x20\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\xbb'
ipseccb.crypto_key.Update(key_type, key_size, key)
ipseccb.tunnel_sip4 = 0x0A010001
ipseccb.tunnel_dip4 = 0x0A010002
ipseccb.iv_size = 8
ipseccb.icv_size = 16
ipseccb.block_size = 16
ipseccb.key_index = 0
ipseccb.barco_enc_cmd = 0x30000000
ipseccb.iv = 0xaaaaaaaaaaaaaaaa
ipseccb.iv_salt = 0xbbbbbbbb
ipseccb.esn_hi = 0
ipseccb.esn_lo = 0
ipseccb.spi = 0
ipseccb.is_nat_t = 0
ipseccb.is_v6 = 0
ipseccb.key_index = ipseccb.crypto_key.keyindex
ipseccb.sip6.ip_af = 2
ipseccb.sip6.v6_addr = sip6
ipseccb.dip6.ip_af = 2
ipseccb.dip6.v6_addr = dip6
ipseccb.SetObjValPd()
# 2. Clone objects that are needed for verification
rnmdr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_RNMDR"])
rnmdr.GetMeta()
rnmdr.GetRingEntries([rnmdr.pi, rnmdr.pi + 1])
rnmdr.GetRingEntryAOL([rnmdr.pi, rnmdr.pi + 1])
ipsec_cbq_id = ipsecid + "_IPSECCBQ"
ipseccbq = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db[ipsec_cbq_id])
ipseccb = tc.infra_data.ConfigStore.objects.db[ipsecid]
rnmpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_RNMPR"])
rnmpr.GetMeta()
rnmpr.GetRingEntries([rnmpr.pi])
tnmdr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_TNMDR"])
tnmdr.GetMeta()
tnmdr.GetRingEntries([tnmdr.pi])
tnmpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_TNMPR"])
tnmpr.GetMeta()
tnmpr.GetRingEntries([tnmpr.pi])
brq = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"])
brq.GetMeta()
brq.GetRingEntries([brq.pi])
iv = ipseccb.iv
seq = ipseccb.esn_lo
tc.pvtdata.Add(rnmdr)
tc.pvtdata.Add(rnmpr)
tc.pvtdata.Add(tnmdr)
tc.pvtdata.Add(tnmpr)
tc.pvtdata.Add(brq)
return
def TestCaseVerify(tc):
global ipseccbq
global ipseccb
# 1. Verify pi/ci got update got updated
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
ipsecid = "IPSECCB%04d" % id
ipsec_cbq_id = ipsecid + "_IPSECCBQ"
ipseccb_cur = tc.infra_data.ConfigStore.objects.db[ipsecid]
print("pre-sync: ipseccb_cur.pi %d ipseccb_cur.ci %d" %
(ipseccb_cur.pi, ipseccb_cur.ci))
ipseccb_cur.GetObjValPd()
print("post-sync: ipseccb_cur.pi %d ipseccb_cur.ci %d" %
(ipseccb_cur.pi, ipseccb_cur.ci))
if (ipseccb_cur.pi != ipseccb.pi or ipseccb_cur.ci != ipseccb.ci):
print("pi/ci not as expected")
return False
# 3. Fetch current values from Platform
ipseccbqq_cur = tc.infra_data.ConfigStore.objects.db[ipsec_cbq_id]
ipseccbqq_cur.Configure()
rnmdr = tc.pvtdata.db["IPSEC_RNMDR"]
rnmpr = tc.pvtdata.db["IPSEC_RNMPR"]
tnmdr = tc.pvtdata.db["IPSEC_TNMDR"]
tnmpr = tc.pvtdata.db["IPSEC_TNMPR"]
rnmdr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_RNMDR"]
rnmdr_cur.GetMeta()
rnmdr_cur.GetRingEntries([rnmdr_cur.pi, rnmdr_cur.pi + 1])
rnmdr_cur.GetRingEntryAOL([rnmdr_cur.pi, rnmdr_cur.pi + 1])
rnmpr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_RNMPR"]
rnmpr_cur.GetMeta()
rnmpr_cur.GetRingEntries([rnmpr.pi, rnmpr_cur.pi])
tnmdr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_TNMDR"]
tnmdr_cur.GetMeta()
tnmdr_cur.GetRingEntries([tnmdr.pi, tnmdr_cur.pi])
tnmpr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_TNMPR"]
tnmpr_cur.GetMeta()
tnmpr_cur.GetRingEntries([tnmpr.pi, tnmpr_cur.pi])
# 4. Verify PI for IPSEC_RNMDR got incremented by 1
#if ((rnmdr_cur.pi != rnmdr.pi+2) and (rnmdr_cur.pi != rnmdr.pi+1)):
#print("IPSEC_RNMDR pi check failed old %d new %d" % (rnmdr.pi, rnmdr_cur.pi))
#return False
# 6. Verify pi/ci got update got updated for BRQ
brq = tc.pvtdata.db["BRQ_ENCRYPT_GCM"]
brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"]
print("pre-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci))
brq_cur.GetMeta()
brq_cur.GetRingEntries([brq.pi, brq_cur.pi])
print("post-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci))
if (brq_cur.pi != (brq.pi + 1) or brq_cur.ci != (brq.ci + 1)):
print("brq pi/ci not as expected")
#needs fix in HAL and support in model/p4+ for this check to work/pass
#return False
print("BRQ:")
print("ilist_addr 0x%x" % brq_cur.ring_entries[brq.pi].ilist_addr)
print("olist_addr 0x%x" % brq_cur.ring_entries[brq.pi].olist_addr)
print("command 0x%x" % brq_cur.ring_entries[brq.pi].command)
print("key_desc_index 0x%x" % brq_cur.ring_entries[brq.pi].key_desc_index)
print("iv_addr 0x%x" % brq_cur.ring_entries[brq.pi].iv_addr)
print("status_addr 0x%x" % brq_cur.ring_entries[brq.pi].status_addr)
# There is an offset of 64 to go past scratch when queuing to barco. Pls modify
# this when this offset is removed.
#maxflows check should be reverted when we remove the hardcoding for idx 0 with pi/ci for BRQ
# 7. Verify brq input desc and rnmdr
#if (rnmdr.ringentries[rnmdr.pi].handle != (brq_cur.ring_entries[brq.pi].ilist_addr - 0x40)):
# print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdr.ringentries[rnmdr.pi].handle, brq_cur.ring_entries[brq.pi].ilist_addr))
# return False
print("IPSEC_RNMDR Entry: 0x%x, BRQ ILIST: 0x%x" %
(rnmdr.ringentries[rnmdr.pi].handle,
brq_cur.ring_entries[0].ilist_addr))
# 5. Verify descriptor
#if rnmdr.ringentries[rnmdr.pi].handle != ipseccbqq_cur.ringentries[ipseccb_cur.pi-1].handle:
# print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdr.ringentries[rnmdr.pi].handle, ipseccbqq_cur.ringentries[ipseccb_cur.pi-1].handle))
# return False
#print("Descriptor handle expected in ringentries 0x%x 0x%x" % (rnmdr.ringentries[rnmdr.pi].handle, ipseccbqq_cur.ringentries[ipseccb_cur.pi-1].handle))
#if rnmdr.swdre_list[rnmdr.pi].DescAddr != ipseccbqq_cur.swdre_list[ipseccb_cur.pi-1].DescAddr:
# print("Descriptor handle not as expected in swdre_list 0x%x 0x%x" % (rnmdr.swdre_list[rnmdr.pi].DescAddr, ipseccbqq_cur.swdre_list[ipseccb_cur.pi-1].DescAddr))
# return False
#print("Descriptor handle expected in swdre_list 0x%x 0x%x" % (rnmdr.swdre_list[rnmdr.pi].DescAddr, ipseccbqq_cur.swdre_list[ipseccb_cur.pi-1].DescAddr))
# 10. Verify SeqNo increment
if (ipseccb_cur.esn_lo != seq + 1):
print("seq_no 0x%x 0x%x" % (ipseccb_cur.esn_lo, ipseccb.esn_lo))
return False
if (ipseccb_cur.iv != iv + 1):
print("iv : 0x%x 0x%x" % (ipseccb_cur.iv, ipseccb.iv))
return False
#if (rnmdr.ringentries[rnmdr.pi].handle != (brq_cur.ring_entries[brq.pi].status_addr - 56)):
# return False
return True
def TestCaseSetup(tc):
global rnmdpr_big
global proxyrcbid
global proxyccbid
global proxyrcb
global proxyccb
global redir_span
tc.SetRetryEnabled(True)
redir_span = getattr(tc.module.args, 'redir_span', False)
tc.pvtdata = ObjectDatabase()
tcp_proxy.SetupProxyArgs(tc)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
tcp_proxy.init_tcb_inorder(tc, tcb)
# set tcb state to ESTABLISHED(1)
tcb.state = 1
tcb.l7_proxy_type = 0
tcb.debug_dol = 0
if redir_span:
tcb.debug_dol_tx |= tcp_proxy.tcp_tx_debug_dol_dont_tx
tcb.SetObjValPd()
_proxyrcb_id = id
ProxyrCbHelper.main(_proxyrcb_id)
proxyrcbid = "ProxyrCb%04d" % _proxyrcb_id
# 1. Configure PROXYRCB in HBM before packet injection
proxyrcb = tc.infra_data.ConfigStore.objects.db[proxyrcbid]
# let HAL fill in defaults for chain_rxq_base, etc.
proxyrcb.my_txq_base = 0
proxyrcb.chain_rxq_base = 0
proxyrcb.redir_span = redir_span
proxyrcb.proxyrcb_flags = app_redir_shared.app_redir_dol_pipeline_loopbk_en
# fill in flow key
proxyrcb.FlowKeyBuild(tc.config.flow)
print("vrf %d flow sport %d dport %d" %
(proxyrcb.vrf, proxyrcb.sport, proxyrcb.dport))
proxyrcb.SetObjValPd()
tlscbid = "TlsCb%04d" % id
tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid])
tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_proxy
tlscb.other_fid = 0xffff
tlscb.l7_proxy_type = tcp_proxy.l7_proxy_type_REDIR
if redir_span:
tlscb.l7_proxy_type = tcp_proxy.l7_proxy_type_SPAN
tlscb.serq_pi = 0
tlscb.serq_ci = 0
if tc.module.args.key_size == 16:
tcp_tls_proxy.tls_aes128_decrypt_setup(tc, tlscb)
elif tc.module.args.key_size == 32:
tcp_tls_proxy.tls_aes256_decrypt_setup(tc, tlscb)
_proxyccb_id = id
ProxycCbHelper.main(_proxyccb_id)
proxyccbid = "ProxycCb%04d" % _proxyccb_id
# 1. Configure PROXYCCB in HBM before packet injection
proxyccb = tc.infra_data.ConfigStore.objects.db[proxyccbid]
# let HAL fill in defaults for my_txq_base, etc.
proxyccb.redir_span = redir_span
proxyccb.my_txq_base = 0
proxyccb.chain_txq_base = 0
proxyccb.chain_txq_lif = app_redir_shared.service_lif_tcp_proxy
proxyccb.chain_txq_qtype = 0
proxyccb.chain_txq_qid = id
proxyccb.chain_txq_ring = 0
proxyccb.proxyccb_flags = app_redir_shared.app_redir_chain_desc_add_aol_offset | \
app_redir_shared.app_redir_dol_skip_chain_doorbell
proxyccb.SetObjValPd()
# 2. Clone objects that are needed for verification
rnmdpr_big = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"])
rnmdpr_big.GetMeta()
proxyrcb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[proxyrcbid])
proxyrcb.GetObjValPd()
proxyccb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[proxyccbid])
proxyccb.GetObjValPd()
return
def TestCaseVerify(tc):
global rnmdpr_big
global proxyrcbid
global proxyccbid
global proxyrcb
global proxyccb
global redir_span
num_pkts = 1
if hasattr(tc.module.args, 'num_pkts'):
num_pkts = int(tc.module.args.num_pkts)
proxyr_meta_pages = 0
if hasattr(tc.module.args, 'proxyr_meta_pages'):
proxyr_meta_pages = int(tc.module.args.proxyr_meta_pages)
num_flow_miss_pkts = 0
if hasattr(tc.module.args, 'num_flow_miss_pkts'):
num_flow_miss_pkts = int(tc.module.args.num_flow_miss_pkts)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
# Verify chain_rxq_base
proxyrcb_cur = tc.infra_data.ConfigStore.objects.db[proxyrcbid]
proxyrcb_cur.GetObjValPd()
if proxyrcb_cur.chain_rxq_base == 0:
print("chain_rxq_base not set")
return False
print("chain_rxq_base value post-sync from HBM 0x%x" %
proxyrcb_cur.chain_rxq_base)
# Verify my_txq_base
proxyccb_cur = tc.infra_data.ConfigStore.objects.db[proxyccbid]
proxyccb_cur.GetObjValPd()
if proxyccb_cur.my_txq_base == 0:
print("my_txq_base not set")
return False
print("my_txq_base value post-sync from HBM 0x%x" %
proxyccb_cur.my_txq_base)
# Fetch current values from Platform
rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]
rnmdpr_big_cur.GetMeta()
# Verify PI for RNMDPR_BIG got incremented
# when span is in effect, TLS would have allocated 2 descs per packet,
# one for forwarding to TCP and one for L7
num_exp_descs = num_pkts
if redir_span:
num_exp_descs *= 2
if (rnmdpr_big_cur.pi != rnmdpr_big.pi + num_exp_descs):
print(
"RNMDPR_BIG pi check failed old %d new %d expected %d" %
(rnmdpr_big.pi, rnmdpr_big_cur.pi, rnmdpr_big.pi + num_exp_descs))
proxyrcb_cur.StatsPrint()
proxyccb_cur.StatsPrint()
return False
print("RNMDPR_BIG pi old %d new %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi))
# Rx: verify # packets redirected
num_redir_pkts = num_pkts - num_flow_miss_pkts
if (proxyrcb_cur.stat_pkts_redir !=
proxyrcb.stat_pkts_redir + num_redir_pkts):
print("stat_pkts_redir check failed old %d new %d expected %d" %
(proxyrcb.stat_pkts_redir, proxyrcb_cur.stat_pkts_redir,
proxyrcb.stat_pkts_redir + num_redir_pkts))
proxyrcb_cur.StatsPrint()
proxyccb_cur.StatsPrint()
return False
print("stat_pkts_redir old %d new %d" %
(proxyrcb.stat_pkts_redir, proxyrcb_cur.stat_pkts_redir))
# Tx: verify PI for PROXYCCB got incremented
time.sleep(1)
proxyccb_cur.GetObjValPd()
num_exp_proxyccb_pkts = num_redir_pkts
if redir_span:
num_exp_proxyccb_pkts = 0
if (proxyccb_cur.pi != proxyccb.pi + num_exp_proxyccb_pkts):
print("PROXYCCB pi check failed old %d new %d expected %d" %
(proxyccb.pi, proxyccb_cur.pi,
proxyccb.pi + num_exp_proxyccb_pkts))
proxyrcb_cur.StatsPrint()
proxyccb_cur.StatsPrint()
return False
print("PROXYCCB pi old %d new %d" % (proxyccb.pi, proxyccb_cur.pi))
# Tx: verify # packets chained
if (proxyccb_cur.stat_pkts_chain !=
proxyccb.stat_pkts_chain + num_exp_proxyccb_pkts):
print("stat_pkts_chain check failed old %d new %d expected %d" %
(proxyccb.stat_pkts_chain, proxyccb_cur.stat_pkts_chain,
proxyccb.stat_pkts_chain + num_exp_proxyccb_pkts))
proxyrcb_cur.StatsPrint()
proxyccb_cur.StatsPrint()
return False
print("stat_pkts_chain old %d new %d" %
(proxyccb.stat_pkts_chain, proxyccb_cur.stat_pkts_chain))
proxyrcb_cur.StatsPrint()
proxyccb_cur.StatsPrint()
return True
def TestCaseVerify(tc):
if GlobalOptions.dryrun:
return True
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
# Retrieve saved state
tlscbid = "TlsCb%04d" % id
tlscb = tc.pvtdata.db[tlscbid]
rnmdpr = tc.pvtdata.db["RNMDPR_BIG"]
tnmdpr = tc.pvtdata.db["TNMDPR_BIG"]
if tc.module.args.cipher_suite == "CCM":
brq = tc.pvtdata.db["BRQ_ENCRYPT_CCM"]
elif tc.module.args.cipher_suite == "CBC":
brq = tc.pvtdata.db["BRQ_ENCRYPT_CBC"]
else:
brq = tc.pvtdata.db["BRQ_DECRYPT_GCM"]
# Fetch current values from Platform
rnmdpr_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]
rnmdpr_cur.GetMeta()
tnmdpr_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]
tnmdpr_cur.GetMeta()
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
tlscb_cur.GetObjValPd()
if tc.module.args.cipher_suite == "CCM":
brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CCM"]
elif tc.module.args.cipher_suite == "CBC":
brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CBC"]
else:
brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_DECRYPT_GCM"]
brq_cur.GetMeta()
if brq_cur.pi > 0:
brq_cur.GetRingEntries([brq_cur.pi - 1, brq_cur.pi])
else:
brq_cur.GetRingEntries([brq_cur.pi])
# 1. Verify PI for RNMDPR_BIG got incremented by respective amount
# This will be done only for non-reassemble scenarios
if (not hasattr(tc.module.args,
'reassemble')) or (tc.module.args.reassemble != True):
if (rnmdpr_cur.pi != rnmdpr.pi + 1):
print("RNMDPR_BIG pi check failed old %d new %d" %
(rnmdpr.pi, rnmdpr_cur.pi))
return False
print("Old RNMDPR_BIG PI: %d, New RNMDPR_BIG PI: %d" %
(rnmdpr.pi, rnmdpr_cur.pi))
# 2. Verify PI for TNMDPR_BIG got incremented by 1
if (tnmdpr_cur.pi != tnmdpr.pi + 1):
print("TNMDPR_BIG pi check failed old %d new %d" %
(tnmdpr.pi, tnmdpr_cur.pi))
return False
print("Old TNMDPR_BIG PI: %d, New TNMDPR_BIG PI: %d" %
(tnmdpr.pi, tnmdpr_cur.pi))
print("BRQ: Current PI %d" % brq_cur.pi)
# 3. Verify input descriptor on the BRQ
if rnmdpr.ringentries[rnmdpr.pi].handle != (
brq_cur.ring_entries[brq_cur.pi - 1].ilist_addr - 0x40):
print(
"Barco ilist Check: Descriptor handle not as expected in ringentries 0x%x 0x%x"
% (rnmdpr.ringentries[rnmdpr.pi].handle,
brq_cur.ring_entries[brq_cur.pi - 1].ilist_addr - 0x40))
return False
print(
"Barco ilist Check: Descriptor handle as expected in ringentries 0x%x 0x%x"
% (rnmdpr.ringentries[rnmdpr.pi].handle,
brq_cur.ring_entries[brq_cur.pi - 1].ilist_addr - 0x40))
# 4. Verify output descriptor on the BRQ
if tnmdpr.ringentries[tnmdpr.pi].handle != (
brq_cur.ring_entries[brq_cur.pi - 1].olist_addr - 0x40):
print(
"Barco olist Check: Descriptor handle not as expected in ringentries 0x%x 0x%x"
% (tnmdpr.ringentries[tnmdpr.pi].handle,
brq_cur.ring_entries[brq_cur.pi - 1].olist_addr - 0x40))
return False
print(
"Barco olist Check: Descriptor handle as expected in ringentries 0x%x 0x%x"
% (tnmdpr.ringentries[tnmdpr.pi].handle,
brq_cur.ring_entries[brq_cur.pi - 1].olist_addr - 0x40))
# 5. Verify BRQ Descriptor Command field
if brq_cur.ring_entries[brq_cur.pi - 1].command != tlscb.command:
print("BRQ Command Check: Failed : Got: 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi - 1].command, tlscb.command))
return False
print("BRQ Command Check: Success : Got: 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi - 1].command, tlscb.command))
# 6. Verify BRQ Descriptor Key Index field
if brq_cur.ring_entries[brq_cur.pi -
1].key_desc_index != tlscb.crypto_key_idx:
print(
"BRQ Crypto Key Index Check: Failed : Got: 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi - 1].key_desc_index,
tlscb.crypto_key_idx))
return False
print("BRQ Crypto Key Index Check: Success : Got: 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi - 1].key_desc_index,
tlscb.crypto_key_idx))
# 7. Verify BRQ Descriptor HMAC Key Index field
# Activate this check when HW support for AES-CBC-HMAC-SHA2, currently we use software chaining
#if brq_cur.ring_entries[brq_cur.pi-1].second_key_desc_index != tlscb.crypto_hmac_key_idx:
#print("BRQ Crypto HMAC Key Index Check: Failed : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[0].second_key_desc_index, tlscb.crypto_hmac_key_idx))
#return False
# 8. Verify Salt
if brq_cur.ring_entries[brq_cur.pi - 1].salt != tlscb.salt:
print("Salt Check Failed: Got 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi - 1].salt, tlscb.salt))
return False
print("Salt Check Success: Got 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi - 1].salt, tlscb.salt))
# 9. Verify Explicit IV
# This is bound to fail until the DoL payload issue is fixed
tls_explicit_iv = tcp_tls_proxy.tls_explicit_iv(tc.module.args.key_size)
if brq_cur.ring_entries[brq_cur.pi - 1].explicit_iv != tls_explicit_iv:
print("Explicit IV Check Failed: Got 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi - 1].explicit_iv,
tls_explicit_iv))
return False
print("Explicit IV Check Success: Got 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi - 1].explicit_iv, tls_explicit_iv))
# 10. Verify header size, this is the AAD size and is 13 bytes
# In case of AES-CCM, TLS uses a fixed header size of 2 16-byte blocks including AAD.
if tc.module.args.cipher_suite == "CCM":
hdr_size = 0x20
else:
hdr_size = 0xd
if brq_cur.ring_entries[brq_cur.pi - 1].header_size != hdr_size:
print("Header Size Check Failed: Got 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi - 1].header_size, hdr_size))
return False
else:
print("Header Size Check Success: Got 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi - 1].header_size, hdr_size))
# 11. Barco Status check
if brq_cur.ring_entries[brq_cur.pi - 1].barco_status != 0:
print("Barco Status Check Failed: Got 0x%x, Expected: 0" %
(brq_cur.ring_entries[brq_cur.pi - 1].barco_status))
else:
print("Barco Status Check Success: Got 0x%x, Expected: 0" %
(brq_cur.ring_entries[brq_cur.pi - 1].barco_status))
# 3. Verify page
#if rnmdpr.ringentries[0].handle != brq_cur.swdre_list[0].Addr1:
# print("Page handle not as expected in brq_cur.swdre_list")
#return False
# Pending Checks
# - Header size
# - Barco Operation Status
# - Key in memory
# - Decrypted content
return True
def TestCaseSetup(tc):
tc.pvtdata = ObjectDatabase()
tcp_proxy.SetupProxyArgs(tc)
skip_config = False
if hasattr(tc.module.args, 'skip_config') and tc.module.args.skip_config:
print("skipping config")
skip_config = True
#id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
id1, id2 = ProxyCbServiceHelper.GetSessionQids(tc.config.flow._FlowObject__session)
if tc.config.flow.IsIflow():
id = id1
other_fid = id2
else:
id = id2
other_fid = id1
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
if not skip_config:
tcp_proxy.init_tcb_inorder(tc, tcb)
# set tcb state to ESTABLISHED(1)
tcb.state = 1
tcb.SetObjValPd()
else:
tc.pvtdata.flow1_bytes_rxed = 0
tc.pvtdata.flow1_bytes_txed = 0
tc.pvtdata.flow2_bytes_rxed = 0
tc.pvtdata.flow2_bytes_txed = 0
TcpCbHelper.main(other_fid)
tcbid2 = "TcpCb%04d" % (other_fid)
logger.info("Configuring %s" % tcbid2)
tcb2 = tc.infra_data.ConfigStore.objects.db[tcbid2]
if not skip_config:
tcp_proxy.init_tcb_inorder2(tc, tcb2)
tcb2.SetObjValPd()
tc.pvtdata.tcb1 = tcb
tc.pvtdata.tcb2 = tcb2
tlscbid = "TlsCb%04d" % id
tlscbid2 = "TlsCb%04d" % (other_fid)
tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid])
#tlscb = tc.infra_data.ConfigStore.objects.db[tlscbid]
#tlscb2 = tc.infra_data.ConfigStore.objects.db[tlscbid2]
tlscb2 = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid2])
tlscb.serq_pi = 0
tlscb.serq_pi = 0
tlscb.serq_ci = 0
tlscb.serq_ci = 0
tlscb2.serq_pi = 0
tlscb2.serq_pi = 0
tlscb2.serq_ci = 0
tlscb2.serq_ci = 0
tlscb.debug_dol = 0
tlscb2.debug_dol = 0
#tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_proxy | \
# tcp_tls_proxy.tls_debug_dol_sesq_stop
#tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_proxy
#If 'use_random_iv' is set, set the corresponding debug-dol flag to indicate
#datapath to pick a random value from DRBG as IV.
if hasattr(tc.module.args, 'use_random_iv') and tc.module.args.use_random_iv == 1:
tlscb.debug_dol |= tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random
tlscb2.debug_dol |= tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random
if tc.pvtdata.same_flow:
tlscb.other_fid = 0xffff
tlscb2.other_fid = 0xffff
else:
tlscb.other_fid = other_fid
tlscb2.other_fid = id
if not skip_config:
if tc.module.args.key_size == 16:
tcp_tls_proxy.tls_aes128_encrypt_setup(tc, tlscb)
tcp_tls_proxy.tls_aes128_encrypt_setup(tc, tlscb2)
elif tc.module.args.key_size == 32:
tcp_tls_proxy.tls_aes256_encrypt_setup(tc, tlscb)
tcp_tls_proxy.tls_aes256_encrypt_setup(tc, tlscb2)
tlscb.SetObjValPd()
tlscb2.SetObjValPd()
if skip_config:
return
# 2. Clone objects that are needed for verification
rnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"])
rnmdpr.GetMeta()
rnmdpr.GetRingEntries([rnmdpr.pi])
tnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"])
tnmdpr.GetMeta()
tnmdpr.GetRingEntries([tnmdpr.pi])
print("snapshot1: tnmdpr_alloc %d enc_requests %d" % (tlscb.tnmdpr_alloc, tlscb.enc_requests))
print("snapshot1: rnmdpr_free %d enc_completions %d" % (tlscb.rnmdpr_free, tlscb.enc_completions))
if tc.module.args.cipher_suite == "CCM":
brq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CCM"])
elif tc.module.args.cipher_suite == "CBC":
brq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CBC"])
else:
brq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"])
tcpcb = copy.deepcopy(tcb)
tcpcb.GetObjValPd()
tc.pvtdata.Add(tcpcb)
tcpcb2 = copy.deepcopy(tcb2)
tcpcb2.GetObjValPd()
tc.pvtdata.Add(tcpcb2)
tlscb.GetObjValPd()
tc.pvtdata.Add(tlscb)
tlscb2.GetObjValPd()
tc.pvtdata.Add(tlscb2)
tc.pvtdata.Add(rnmdpr)
tc.pvtdata.Add(tnmdpr)
return
def TestCaseVerify(tc):
global maxflows
if GlobalOptions.dryrun:
return True
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
# 1. Verify pi/ci got update got updated for SERQ
tlscbid = "TlsCb%04d" % id
tlscb = tc.pvtdata.db[tlscbid]
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
print("pre-sync: tlscb_cur.serq_pi %d tlscb_cur.serq_ci %d" %
(tlscb_cur.serq_pi, tlscb_cur.serq_ci))
tlscb_cur.GetObjValPd()
print("post-sync: tlscb_cur.serq_pi %d tlscb_cur.serq_ci %d" %
(tlscb_cur.serq_pi, tlscb_cur.serq_ci))
if (tlscb_cur.serq_pi != (tlscb.serq_pi + 1) or tlscb_cur.serq_ci !=
(tlscb.serq_ci + 1)):
print("serq pi/ci not as expected")
return False
# 2. Verify enc_requests
if (tlscb_cur.enc_requests != tlscb.enc_requests + 1):
print("enc_requests not as expected %d %d" %
(tlscb_cur.enc_requests, tlscb.enc_requests))
return False
# Assumes bypass Barco
stage0_7_thread = 0x151111
if (tlscb_cur.pre_debug_stage0_7_thread != stage0_7_thread):
print("pre_debug_stage0_7_thread not as expected %x" %
tlscb_cur.pre_debug_stage0_7_thread)
return False
# 3. Verify pi/ci got update got updated for BRQ
brq = tc.pvtdata.db["BRQ_ENCRYPT_GCM"]
brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"]
print("pre-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci))
brq_cur.GetMeta()
brq_cur.GetRingEntries([brq_cur.pi])
print("post-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci))
if (brq_cur.pi != (brq.pi + 1) or brq_cur.ci != (brq.ci + 1)):
print("brq pi/ci not as expected")
#needs fix in HAL and support in model/p4+ for this check to work/pass
#return False
# 4. Fetch current values from Platform
rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"]
rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]
rnmdpr_big_cur.GetMeta()
tnmdpr = tc.pvtdata.db["TNMDPR_BIG"]
tnmdpr_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]
tnmdpr_cur.GetMeta()
# 5. Verify PI for RNMDPR_BIG got incremented by 1
if (rnmdpr_big_cur.pi != rnmdpr_big.pi + 1):
print("RNMDPR_BIG pi check failed old %d new %d" %
(rnmdpr_big.pi, rnmdpr_big_cur.pi))
return False
print("Old RNMDPR_BIG PI: %d, New RNMDPR_BIG PI: %d" %
(rnmdpr_big.pi, rnmdpr_big_cur.pi))
return True
def TestCaseSetup(tc):
tc.pvtdata = ObjectDatabase()
tc.SetRetryEnabled(True)
tcp_proxy.SetupProxyArgs(tc)
id1, id2 = ProxyCbServiceHelper.GetSessionQids(
tc.config.flow._FlowObject__session)
if tc.config.flow.IsIflow():
id = id1
other_fid = id2
else:
id = id2
other_fid = id1
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
logger.info("Configuring %s" % tcbid)
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
tcp_proxy.init_tcb_inorder(tc, tcb)
tcb.SetObjValPd()
TcpCbHelper.main(other_fid)
tcbid2 = "TcpCb%04d" % (other_fid)
logger.info("Configuring %s" % tcbid2)
tcb2 = tc.infra_data.ConfigStore.objects.db[tcbid2]
tcp_proxy.init_tcb_inorder2(tc, tcb2)
tcb2.SetObjValPd()
# 2. Configure TLS CB in HBM before packet injection
tlscbid = "TlsCb%04d" % id
tlscbid2 = "TlsCb%04d" % (other_fid)
tlscb = tc.infra_data.ConfigStore.objects.db[tlscbid]
tlscb2 = tc.infra_data.ConfigStore.objects.db[tlscbid2]
tlscb.debug_dol = 0
tlscb2.debug_dol = 0
if tc.pvtdata.bypass_barco:
print("Bypassing Barco")
tlscb.is_decrypt_flow = False
tlscb2.is_decrypt_flow = False
tlscb.debug_dol |= tcp_tls_proxy.tls_debug_dol_bypass_barco
tlscb2.debug_dol |= tcp_tls_proxy.tls_debug_dol_bypass_barco
if tc.pvtdata.same_flow:
print("Same flow")
tlscb.debug_dol |= tcp_tls_proxy.tls_debug_dol_bypass_proxy
tlscb2.debug_dol |= tcp_tls_proxy.tls_debug_dol_bypass_proxy
tlscb.other_fid = 0xffff
tlscb2.other_fid = 0xffff
else:
print("Other flow")
tlscb.other_fid = other_fid
tlscb2.other_fid = id
tlscb.SetObjValPd()
tlscb2.SetObjValPd()
# 3. Clone objects that are needed for verification
tcpcb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tcbid])
tcpcb.GetObjValPd()
tc.pvtdata.Add(tcpcb)
tcpcb2 = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tcbid2])
tcpcb2.GetObjValPd()
tc.pvtdata.Add(tcpcb2)
tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid])
tlscb.GetObjValPd()
tc.pvtdata.Add(tlscb)
other_tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid2])
other_tlscb.GetObjValPd()
tc.pvtdata.Add(other_tlscb)
rnmdpr_big = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"])
rnmdpr_big.GetMeta()
tc.pvtdata.Add(rnmdpr_big)
return
def TestCaseVerify(tc):
if GlobalOptions.dryrun:
return True
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
tlscbid = "TlsCb%04d" % id
tlscb = tc.pvtdata.db[tlscbid]
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
print("pre-sync: tnmdpr_alloc %d enc_requests %d" %
(tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests))
print("pre-sync: rnmdpr_big_free %d enc_completions %d" %
(tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions))
print(
"pre-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x"
% (tlscb_cur.pre_debug_stage0_7_thread,
tlscb_cur.post_debug_stage0_7_thread))
tlscb_cur.GetObjValPd()
print("post-sync: tnmdpr_alloc %d enc_requests %d" %
(tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests))
print("post-sync: rnmdpr_big_free %d enc_completions %d" %
(tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions))
print(
"post-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x"
% (tlscb_cur.pre_debug_stage0_7_thread,
tlscb_cur.post_debug_stage0_7_thread))
print("snapshot: tnmdpr_alloc %d enc_requests %d" %
(tlscb.tnmdpr_alloc, tlscb.enc_requests))
print("snapshot: rnmdpr_big_free %d enc_completions %d" %
(tlscb.rnmdpr_free, tlscb.enc_completions))
# 0. Verify the counters
#if ((tlscb_cur.tnmdpr_alloc - tlscb.tnmdpr_alloc) != (tlscb_cur.rnmdpr_free - tlscb.rnmdpr_free)):
#print("tnmdpr alloc increment not same as rnmdpr_big free increment")
#return False
if ((tlscb_cur.enc_requests - tlscb.enc_requests) !=
(tlscb_cur.enc_completions - tlscb.enc_completions)):
print("enc requests not equal to completions %d %d %d %d" %
(tlscb_cur.enc_requests, tlscb.enc_requests,
tlscb_cur.enc_completions, tlscb.enc_completions))
return False
# 1. Verify threading
if (tlscb_cur.pre_debug_stage0_7_thread != 0x151111):
print("pre crypto pipeline threading was not ok")
return False
if (tlscb_cur.post_debug_stage0_7_thread != 0x1111111):
print("post crypto pipeline threading was not ok")
return False
tcbid = "TcpCb%04d" % id
tcb = tc.pvtdata.db[tcbid]
# 2. Verify pi/ci got update got updated for SESQ
tcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid]
print("pre-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" %
(tcb_cur.sesq_pi, tcb_cur.sesq_ci))
tcb_cur.GetObjValPd()
print("post-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" %
(tcb_cur.sesq_pi, tcb_cur.sesq_ci))
if (tcb_cur.sesq_pi != (tcb.sesq_pi + 1) or tcb_cur.sesq_ci !=
(tcb.sesq_ci + 1)):
print("sesq pi/ci not as expected")
#VijayV to enable this test after ci is fixed in p4+
#return False
# 3. Fetch current values from Platform
rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]
rnmdpr_big_cur.GetMeta()
rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"]
tnmdpr_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]
tnmdpr_cur.GetMeta()
tnmdpr = tc.pvtdata.db["TNMDPR_BIG"]
# 4. Verify PI for RNMDPR_BIG got incremented by 1
if (rnmdpr_big_cur.pi != rnmdpr_big.pi + 1):
print("RNMDPR_BIG pi check failed old %d new %d" %
(rnmdpr_big.pi, rnmdpr_big_cur.pi))
return False
sesqid = "TCPCB%04d_SESQ" % id
sesq = tc.pvtdata.db[sesqid]
sesq_cur = tc.infra_data.ConfigStore.objects.db[sesqid]
sesq_cur.GetMeta()
sesq_cur.GetRingEntries([0])
# 6. Verify descriptor
if (rnmdpr_big.ringentries[rnmdpr_big.pi].handle !=
((sesq_cur.ringentries[0].handle & 0x3ffffffff) - 0x40)):
print("Descriptor handle not as expected in ringentries 0x%x 0x%x" %
(rnmdpr_big.ringentries[rnmdpr_big.pi].handle,
sesq_cur.ringentries[0].handle))
return False
return True
def TestCaseVerify(tc):
if GlobalOptions.dryrun:
return True
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
tlscbid = "TlsCb%04d" % id
tlscb = tc.pvtdata.db[tlscbid]
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
print("pre-sync: tnmdpr_alloc %d enc_requests %d" %
(tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests))
print("pre-sync: rnmdpr_free %d enc_completions %d" %
(tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions))
print(
"pre-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x"
% (tlscb_cur.pre_debug_stage0_7_thread,
tlscb_cur.post_debug_stage0_7_thread))
tlscb_cur.GetObjValPd()
print("post-sync: tnmdpr_alloc %d enc_requests %d" %
(tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests))
print("post-sync: rnmdpr_free %d enc_completions %d" %
(tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions))
print(
"post-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x"
% (tlscb_cur.pre_debug_stage0_7_thread,
tlscb_cur.post_debug_stage0_7_thread))
tcbid = "TcpCb%04d" % id
tcb = tc.pvtdata.db[tcbid]
# 2. Verify pi/ci got update got updated for ARQ
tcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid]
print("pre-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" %
(tcb_cur.sesq_pi, tcb_cur.sesq_ci))
tcb_cur.GetObjValPd()
print("post-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" %
(tcb_cur.sesq_pi, tcb_cur.sesq_ci))
if (tcb_cur.sesq_pi != (tcb.sesq_pi + 1) or tcb_cur.sesq_ci !=
(tcb.sesq_ci + 1)):
print("sesq pi/ci not as expected")
#VijayV to enable this test after ci is fixed in p4+
#return False
# 3. Fetch current values from Platform
rnmdpr_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]
rnmdpr_cur.GetMeta()
rnmdpr = tc.pvtdata.db["RNMDPR_BIG"]
tnmdpr_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]
tnmdpr_cur.GetMeta()
tnmdpr = tc.pvtdata.db["TNMDPR_BIG"]
arq = tc.pvtdata.db["CPU0000_ARQ"]
arq_cur = tc.infra_data.ConfigStore.objects.db["CPU0000_ARQ"]
arq_cur.GetMeta()
print("bytes_rcvd = %d:" % tcb.bytes_rcvd)
print("pkts_rcvd = %d:" % tcb.pkts_rcvd)
print("bytes_rcvd = %d:" % tcb_cur.bytes_rcvd)
print("pkts_rcvd = %d:" % tcb_cur.pkts_rcvd)
print("bytes_sent = %d:" % tcb.bytes_sent)
print("pkts_sent = %d:" % tcb.pkts_sent)
print("bytes_sent = %d:" % tcb_cur.bytes_sent)
print("pkts_sent = %d:" % tcb_cur.pkts_sent)
# 4. Verify pkt rx stats
if tcb_cur.pkts_rcvd != tcb.pkts_rcvd + 1:
print("pkt rx stats not as expected")
return False
if ((tcb_cur.bytes_rcvd - tcb.bytes_rcvd) !=
tc.packets.Get('PKT1').payloadsize):
print("Warning! pkt rx byte stats not as expected %d %d" %
(tcb_cur.bytes_rcvd, tcb.bytes_rcvd))
return False
# 5. Verify pkt tx stats
# If set tcp_tx_debug_dol_dont_tx, then pkt does not tx and stats should not
# increment either
#if tcb_cur.pkts_sent != tcb.pkts_sent + 1:
#print("pkt tx stats (%d) not as expected (%d)" % (tcb_cur.pkts_sent, tcb.pkts_sent))
#return False
#if ((tcb_cur.bytes_sent - tcb.bytes_sent) != 71): # TODO: remove hardcoding
#print("Warning! pkt tx byte stats not as expected %d %d" % (tcb_cur.bytes_sent, tcb.bytes_sent))
#return False
return True
def TestCaseVerify(tc):
if GlobalOptions.dryrun:
return True
num_pkts = 1
ooo = False
pkt_len = tc.packets.Get('PKT1').payloadsize
rcv_next_delta = pkt_len * num_pkts
if hasattr(tc.module.args, 'num_pkts'):
num_pkts = int(tc.module.args.num_pkts)
rcv_next_delta = num_pkts * pkt_len
if tc.pvtdata.ooo_seq_delta:
ooo = True
rcv_next_delta = 0
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
tcbid = "TcpCb%04d" % id
# 1. Verify rcv_nxt got updated
tcpcb = tc.pvtdata.db[tcbid]
tcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid]
print("rcv_nxt value pre-sync from HBM 0x%x" % tcb_cur.rcv_nxt)
tcb_cur.GetObjValPd()
print("rcv_nxt value post-sync from HBM 0x%x" % tcb_cur.rcv_nxt)
if tcb_cur.rcv_nxt != tc.pvtdata.flow1_rcv_nxt + rcv_next_delta:
print("rcv_nxt not as expected")
return False
print("rcv_nxt as expected")
tlscbid = "TlsCb%04d" % id
# 2. Verify pi/ci got update got updated
tlscb = tc.pvtdata.db[tlscbid]
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
print("pre-sync: tlscb_cur.serq_pi %d tlscb_cur.serq_ci %d" %
(tlscb_cur.serq_pi, tlscb_cur.serq_ci))
tlscb_cur.GetObjValPd()
print("post-sync: tlscb_cur.serq_pi %d tlscb_cur.serq_ci %d" %
(tlscb_cur.serq_pi, tlscb_cur.serq_ci))
if (tlscb_cur.serq_pi != tlscb.serq_pi
or tlscb_cur.serq_ci != tlscb.serq_ci):
print("serq pi/ci not as expected")
return False
# 3. Fetch current values from Platform
rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"]
rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]
rnmdpr_big_cur.GetMeta()
serqid = "TLSCB%04d_SERQ" % id
serq = tc.pvtdata.db[serqid]
serq_cur = tc.infra_data.ConfigStore.objects.db[serqid]
serq_cur.GetMeta()
serq_cur.GetRingEntries([tlscb.serq_pi])
serq_cur.GetRingEntryAOL([0])
# 4. Verify PI for RNMDPR_BIG got incremented by 2 (one for SERQ and another for L7Q)
if (rnmdpr_big_cur.pi != (rnmdpr_big.pi + 2)):
print("RNMDPR_BIG pi check failed old %d new %d" %
(rnmdpr_big.pi, rnmdpr_big_cur.pi))
return False
# 5. Verify descriptor
print("rnmdpr_big.pi: %d, tlscb.serq_pi: %d" %
(rnmdpr_big.pi, tlscb.serq_pi))
print("rnmdpr_big.size: %d, serq_cur.size: %d" %
(len(rnmdpr_big.ringentries), len(serq_cur.ringentries)))
if rnmdpr_big.ringentries[rnmdpr_big.pi].handle != serq_cur.ringentries[
tlscb.serq_pi].handle:
print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % \
(rnmdpr_big.ringentries[rnmdpr_big.pi].handle,
serq_cur.ringentries[tlscb.serq_pi].handle))
return False
# 8. TODO: Verify L7Q entries
# Print stats
print("bytes_rcvd = %d:" % tcb_cur.bytes_rcvd)
print("pkts_rcvd = %d:" % tcb_cur.pkts_rcvd)
print("pages_alloced = %d:" % tcb_cur.pages_alloced)
print("desc_alloced = %d:" % tcb_cur.desc_alloced)
#8 Verify pkt stats
if tcb_cur.pkts_rcvd != tcpcb.pkts_rcvd + num_pkts:
print("pkt rx stats not as expected, %d vs received %d" %
(tcpcb.pkts_rcvd + num_pkts, tcb_cur.pkts_rcvd))
return False
print("%d %d" % (tcb_cur.bytes_rcvd, tcpcb.bytes_rcvd))
if not ooo and tcb_cur.bytes_rcvd != tcpcb.bytes_rcvd + num_pkts * pkt_len:
print("Warning! pkt rx byte stats not as expected")
return False
elif ooo and tcb_cur.bytes_rcvd != tcpcb.bytes_rcvd:
print("Warning! pkt rx byte stats not as expected")
return False
#9 Verify page stats
if tcb_cur.pages_alloced != tcpcb.pages_alloced + num_pkts:
print("pages alloced stats not as expected, %d vs received %d" %
(tcpcb.pages_alloced + num_pkts, tcb_cur.pages_alloced))
return False
#10 Verify descr stats
if tcb_cur.desc_alloced != tcpcb.desc_alloced + num_pkts:
print("desc alloced stats not as expected, %d vs received %d" %
(tcpcb.desc_alloced + num_pkts, tcb_cur.desc_alloced))
return False
return True
def TestCaseVerify(tc):
if GlobalOptions.dryrun:
return True
if hasattr(tc.module.args, 'skip_verify') and tc.module.args.skip_verify:
print("skipping verify")
return True
num_pkts = 1
if hasattr(tc.module.args, 'num_pkts'):
num_pkts = int(tc.module.args.num_pkts)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
if tc.config.flow.IsIflow():
print("This is iflow")
tcbid = "TcpCb%04d" % id
tlscbid = "TlsCb%04d" % id
other_tcbid = "TcpCb%04d" % (id + 1)
other_tlscbid = "TlsCb%04d" % (id + 1)
else:
print("This is rflow")
tcbid = "TcpCb%04d" % (id + 1)
tlscbid = "TlsCb%04d" % (id + 1)
other_tcbid = "TcpCb%04d" % id
other_tlscbid = "TlsCb%04d" % id
same_flow = False
if tc.pvtdata.same_flow:
other_tcbid = tcbid
other_tlscbid = tlscbid
same_flow = True
tlscbid = "TlsCb%04d" % id
tlscb = tc.pvtdata.db[tlscbid]
tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid]
other_tlscb = tc.pvtdata.db[other_tlscbid]
other_tlscb_cur = tc.infra_data.ConfigStore.objects.db[other_tlscbid]
print("pre-sync: tnmdpr_alloc %d enc_requests %d mac_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests, tlscb_cur.mac_requests))
print("pre-sync: rnmdpr_free %d enc_completions %d mac_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions, tlscb_cur.mac_completions))
print("pre-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread))
tlscb_cur.GetObjValPd()
other_tlscb_cur.GetObjValPd()
print("post-sync: tnmdpr_alloc %d enc_requests %d mac_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests, tlscb_cur.mac_requests))
print("post-sync: rnmdpr_free %d enc_completions %d mac_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions, tlscb_cur.mac_completions))
print("post-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread))
print("snapshot3: tnmdpr_alloc %d enc_requests %d mac_requests %d" % (tlscb.tnmdpr_alloc, tlscb.enc_requests, tlscb.mac_requests))
print("snapshot3: rnmdpr_free %d enc_completions %d mac_completions %d" % (tlscb.rnmdpr_free, tlscb.enc_completions, tlscb.mac_completions))
# 0. Verify the counters
#if ((tlscb_cur.tnmdpr_alloc - tlscb.tnmdpr_alloc) != (tlscb_cur.rnmdpr_free - tlscb.rnmdpr_free)):
#print("tnmdpr alloc increment not same as rnmdpr free increment")
#return False
#if ((tlscb_cur.tnmdpr_alloc - tlscb.tnmdpr_alloc) != (tlscb_cur.rnmdpr_free - tlscb.rnmdpr_free)):
#print("tnmdpr alloc increment not same as rnmdpr free increment")
#return False
if ((tlscb_cur.enc_requests - tlscb.enc_requests) != (tlscb_cur.enc_completions - tlscb.enc_completions)):
print("enc requests not equal to completions %d %d %d %d" % (tlscb_cur.enc_requests, tlscb.enc_requests, tlscb_cur.enc_completions, tlscb.enc_completions))
return False
if ((tlscb_cur.mac_requests - tlscb.mac_requests) != (tlscb_cur.mac_completions - tlscb.mac_completions)):
print("mac requests not equal to completions %d %d %d %d" % (tlscb_cur.mac_requests, tlscb.mac_requests, tlscb_cur.mac_completions, tlscb.mac_completions))
return False
# 1. Verify threading
# When using random value for IV, there will be an additional DRBG table read program launched
if tc.module.args.cipher_suite == "CBC":
pre_debug_stage0_7_thread = 0x111911
elif ((tlscb.debug_dol & tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random) == tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random):
pre_debug_stage0_7_thread = 0x173311
else:
pre_debug_stage0_7_thread = 0x153311
if (tlscb_cur.pre_debug_stage0_7_thread != pre_debug_stage0_7_thread):
print("pre crypto pipeline threading was not ok 0x%x" % tlscb_cur.pre_debug_stage0_7_thread)
return False
if (tlscb_cur.post_debug_stage0_7_thread != 0x1111111):
print("post crypto pipeline threading was not ok 0x%x" % tlscb_cur.post_debug_stage0_7_thread)
return False
tcbid = "TcpCb%04d" % id
tcb = tc.pvtdata.db[tcbid]
# 2. Verify pi/ci got update got updated for SESQ
tcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid]
print("pre-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci))
tcb_cur.GetObjValPd()
print("post-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci))
if (tcb_cur.sesq_pi != (tcb.sesq_pi+1) or tcb_cur.sesq_ci != (tcb.sesq_ci+1)):
print("sesq pi/ci not as expected")
#VijayV to enable this test after ci is fixed in p4+
#return False
# 3. Fetch current values from Platform
rnmdpr_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]
rnmdpr_cur.GetMeta()
rnmdpr = tc.pvtdata.db["RNMDPR_BIG"]
tnmdpr_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]
tnmdpr_cur.GetMeta()
if tc.module.args.cipher_suite == "CCM":
brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CCM"]
elif tc.module.args.cipher_suite == "CBC":
brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CBC"]
else:
brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"]
brq_cur.GetMeta()
if brq_cur.pi > 0:
brq_cur.GetRingEntries([brq_cur.pi - num_pkts, brq_cur.pi - 1, brq_cur.pi])
else:
brq_cur.GetRingEntries([brq_cur.pi])
tnmdpr = tc.pvtdata.db["TNMDPR_BIG"]
# 4. Verify PI for RNMDPR_BIG got incremented by num_pkts
if (rnmdpr_cur.pi != rnmdpr.pi+num_pkts):
print("RNMDPR_BIG pi check failed old %d new %d" % (rnmdpr.pi, rnmdpr_cur.pi))
return False
# 5. Verify PI for TNMDPR_BIG got incremented by num_pkts
if (tnmdpr_cur.pi != tnmdpr.pi+num_pkts):
print("TNMDPR_BIG pi check failed old %d new %d" % (tnmdpr.pi, tnmdpr_cur.pi))
return False
print("BRQ: Current PI %d" % brq_cur.pi)
# 7. Verify descriptor on the BRQ
if (rnmdpr.ringentries[rnmdpr.pi].handle != (brq_cur.ring_entries[brq_cur.pi-num_pkts].ilist_addr - 0x40)):
print("RNMDPR_BIG Check: Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdpr.ringentries[rnmdpr.pi].handle, brq_cur.ring_entries[brq_cur.pi-num_pkts].ilist_addr))
return False
# 8. Verify descriptor on the BRQ
if (tnmdpr.ringentries[tnmdpr.pi].handle != (brq_cur.ring_entries[brq_cur.pi-num_pkts].olist_addr - 0x40)):
print("TNMDPR_BIG Check: Descriptor handle not as expected in ringentries 0x%x 0x%x" % (tnmdpr.ringentries[tnmdpr.pi].handle, brq_cur.ring_entries[brq_cur.pi-num_pkts].olist_addr))
return False
# 9. Verify BRQ Descriptor Command field
if brq_cur.ring_entries[brq_cur.pi-1].command != tlscb.command:
# In case of AES-CBC-HMAC_SHA2 cipher (MAC-then-encrypt), there is software chaining of 2 barco
# passes, HMAC in the 1st pass, and AES-CBC in the 2nd pass, hence barco command will be AES-CBC
if tc.module.args.cipher_suite != "CBC" or brq_cur.ring_entries[brq_cur.pi-1].command != 0x1000000:
print("BRQ Command Check: Failed : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].command, tlscb.command))
return False
# 10. Verify BRQ Descriptor Key Index field
if brq_cur.ring_entries[brq_cur.pi-1].key_desc_index != tlscb.crypto_key_idx:
print("BRQ Crypto Key Index Check: Failed : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].key_desc_index, tlscb.crypto_key_idx))
return False
# 11. Verify BRQ Descriptor HMAC Key Index field
# Activate this check when HW support for AES-CBC-HMAC-SHA2, currently we use software chaining
#if brq_cur.ring_entries[brq_cur.pi-1].second_key_desc_index != tlscb.crypto_hmac_key_idx:
#print("BRQ Crypto HMAC Key Index Check: Failed : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].second_key_desc_index, tlscb.crypto_hmac_key_idx))
#return False
# 12. Verify Salt
# In case of AES-CBC-HMAC-SHA2 ciphers, we use random IV with no salt.
if brq_cur.ring_entries[brq_cur.pi-1].salt != tlscb.salt and tc.module.args.cipher_suite != "CBC":
print("Salt Check Failed: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].salt, tlscb.salt))
return False
print("Salt Check Success: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].salt, tlscb.salt))
# 13. Verify Explicit IV
tls_explicit_iv = tlscb.explicit_iv
# When using random value for IV from DRBG or AES-CBC-HMAC-SHA2 cipher, the IV field from tlscb will not match, as expected.
if ((tlscb.debug_dol & tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random) != tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random):
if brq_cur.ring_entries[brq_cur.pi-num_pkts].explicit_iv != tls_explicit_iv:
print("Explicit IV Check Failed: Got 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi-num_pkts].explicit_iv, tls_explicit_iv))
return False
else:
# Since the random-number generated by model/RTL are different, we've to ignore the IV comparison for RTL tests
model_wrap.eos_ignore_addr(brq_cur.ring_entries[brq_cur.pi-num_pkts].iv_addr, 8092)
print("Add opage 0x%x, size 8KB to model EOS-ignore addr-list" % (brq_cur.ring_entries[brq_cur.pi-num_pkts].iv_addr))
print("RNMDPR.pi 0x%x\n"% rnmdpr.pi)
rnmdpr_cur.GetRingEntries([rnmdpr.pi])
rnmdpr_cur.GetRingEntryAOL([rnmdpr.pi])
model_wrap.eos_ignore_addr(rnmdpr_cur.swdre_list[rnmdpr.pi].DescAddr, 8092)
print("Add IV-addr 0x%x, size 8KB to model EOS-ignore addr-list" % (rnmdpr_cur.swdre_list[rnmdpr.pi].DescAddr))
print("Explicit IV Check Success: Got 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi-num_pkts].explicit_iv, tls_explicit_iv))
# 14. Verify header size, this is the AAD size and is 13 bytes
# In case of AES-CBC-HMAC-SHA2 (MAC-then-encrypt) ciphers, there is no header with
# software-chaining in the 2nd pass of barco (AES-CBC encrypt).
# In case of AES-CCM, TLS uses a fixed header size of 2 16-byte blocks including AAD.
if tc.module.args.cipher_suite == "CBC":
hdr_size = 0x0
elif tc.module.args.cipher_suite == "CCM":
hdr_size = 0x20
else:
hdr_size = 0xd
if brq_cur.ring_entries[brq_cur.pi-1].header_size != hdr_size:
print("Header Size Check Failed: Got 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi-1].header_size, hdr_size))
return False
else:
print("Header Size Check Success: Got 0x%x, Expected: 0x%x" %
(brq_cur.ring_entries[brq_cur.pi-1].header_size, hdr_size))
# 15. Barco Status check
if brq_cur.ring_entries[brq_cur.pi-1].barco_status != 0:
print("Barco Status Check Failed: Got 0x%x, Expected: 0" %
(brq_cur.ring_entries[brq_cur.pi-1].barco_status))
return False
else:
print("Barco Status Check Success: Got 0x%x, Expected: 0" %
(brq_cur.ring_entries[brq_cur.pi-1].barco_status))
# 16. Verify page
#if rnmdpr.ringentries[0].handle != brq_cur.swdre_list[0].Addr1:
# print("Page handle not as expected in brq_cur.swdre_list")
#return False
return True
def TestCaseSetup(tc):
tc.pvtdata = ObjectDatabase()
tcp_proxy.SetupProxyArgs(tc)
id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session)
TcpCbHelper.main(id)
tcbid = "TcpCb%04d" % id
# 1. Configure TCB in HBM before packet injection
tcb = tc.infra_data.ConfigStore.objects.db[tcbid]
tcp_proxy.init_tcb_inorder(tc, tcb)
tcb.debug_dol_tx |= tcp_proxy.tcp_tx_debug_dol_dont_send_ack
# set tcb state to ESTABLISHED(1)
tcb.state = 1
tcb.SetObjValPd()
# 2. Clone objects that are needed for verification
rnmdpr_big = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"])
rnmdpr_big.GetMeta()
rnmdpr_big.GetRingEntries([rnmdpr_big.pi])
tnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"])
tnmdpr.GetMeta()
brq = copy.deepcopy(
tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"])
brq.GetMeta()
brq.GetRingEntries([brq.pi])
tcpcb = copy.deepcopy(tcb)
tcpcb.GetObjValPd()
tlscbid = "TlsCb%04d" % id
tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid])
# Key Setup
key_type = types_pb2.CRYPTO_KEY_TYPE_AES128
key_size = 16
key = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
tlscb.crypto_key.Update(key_type, key_size, key)
# TLS-CB Setup
tlscb.command = 0x30000000
tlscb.crypto_key_idx = tlscb.crypto_key.keyindex
tlscb.salt = 0x12345678
tlscb.explicit_iv = 0xfedcba9876543210
tlscb.enc_requests = 0
tlscb.enc_completions = 0
tlscb.serq_pi = 0
tlscb.serq_ci = 0
tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_barco | \
tcp_tls_proxy.tls_debug_dol_bypass_proxy | \
tcp_tls_proxy.tls_debug_dol_sesq_stop
tlscb.other_fid = 0xffff
tlscb.is_decrypt_flow = False
tlscb.SetObjValPd()
tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid])
tlscb.GetObjValPd()
tc.pvtdata.Add(tlscb)
tc.pvtdata.Add(rnmdpr_big)
tc.pvtdata.Add(tnmdpr)
tc.pvtdata.Add(tcpcb)
tc.pvtdata.Add(brq)
return
