def main(self): self.Generate() ProxyCbServiceHelper.main(self.objs) self.Configure() if len(self.objs): Store.objects.SetAll(self.objs) return
def TestCaseVerify(tc): global ipseccbq global ipseccb id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) ipsecid = "IPSECCB%04d" % id ipsec_cbq_id = ipsecid + "_IPSECCBQ" ipseccb_cur = tc.infra_data.ConfigStore.objects.db[ipsecid] print("pre-sync: ipseccb_cur.pi %d ipseccb_cur.ci %d" % (ipseccb_cur.pi, ipseccb_cur.ci)) ipseccb_cur.GetObjValPd() print("post-sync: ipseccb_cur.pi %d ipseccb_cur.ci %d" % (ipseccb_cur.pi, ipseccb_cur.ci)) if (ipseccb_cur.pi != ipseccb.pi or ipseccb_cur.ci != ipseccb.ci): print("serq pi/ci not as expected") return False # 3. Fetch current values from Platform ipseccbqq_cur = tc.infra_data.ConfigStore.objects.db[ipsec_cbq_id] ipseccbqq_cur.Configure() rnmdr = tc.pvtdata.db["IPSEC_RNMDR"] rnmpr = tc.pvtdata.db["IPSEC_RNMPR"] tnmdr = tc.pvtdata.db["IPSEC_TNMDR"] tnmpr = tc.pvtdata.db["IPSEC_TNMPR"] rnmdr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_RNMDR"] rnmdr_cur.GetMeta() rnmdr_cur.GetRingEntries([rnmdr_cur.pi, rnmdr_cur.pi + 1]) rnmdr_cur.GetRingEntryAOL([rnmdr_cur.pi, rnmdr_cur.pi + 1]) rnmpr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_RNMPR"] rnmpr_cur.GetMeta() rnmpr_cur.GetRingEntries([rnmpr.pi, rnmpr_cur.pi]) tnmdr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_TNMDR"] tnmdr_cur.GetMeta() tnmdr_cur.GetRingEntries([tnmdr.pi, tnmdr_cur.pi]) tnmpr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_TNMPR"] tnmpr_cur.GetMeta() tnmpr_cur.GetRingEntries([tnmpr.pi, tnmpr_cur.pi]) # 4. Verify PI for RNMDR got incremented by 1 if ((rnmdr_cur.pi != rnmdr.pi + 2) and (rnmdr_cur.pi != rnmdr.pi + 1)): print("RNMDR pi check failed old %d new %d" % (rnmdr.pi, rnmdr_cur.pi)) return False # 6. Verify pi/ci got update got updated for BRQ brq = tc.pvtdata.db["BRQ_ENCRYPT_GCM"] brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"] print("pre-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci)) brq_cur.GetMeta() brq_cur.GetRingEntries([brq.pi, brq_cur.pi]) print("post-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci)) if (brq_cur.pi != (brq.pi + 1) or brq_cur.ci != (brq.ci + 1)): print("brq pi/ci not as expected") #needs fix in HAL and support in model/p4+ for this check to work/pass #return False return True
def TestCaseSetup(tc): print("TestCaseSetup(): Start") tc.pvtdata = ObjectDatabase() tcp_proxy.SetupProxyArgs(tc) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] tcp_proxy.init_tcb_inorder(tc, tcb) # set tcb state to ESTABLISHED(1) tcb.state = 1 tcb.SetObjValPd() # 2. Clone objects that are needed for verification rnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]) rnmdpr.GetMeta() rnmdpr.GetRingEntries([rnmdpr.pi]) tnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]) tnmdpr.GetMeta() tnmdpr.GetRingEntries([tnmdpr.pi]) if tc.module.args.cipher_suite == "CCM": brq = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CCM"]) elif tc.module.args.cipher_suite == "CBC": brq = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CBC"]) else: brq = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["BRQ_DECRYPT_GCM"]) brq.GetMeta() tlscbid = "TlsCb%04d" % id tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid]) tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_proxy | \ tcp_tls_proxy.tls_debug_dol_sesq_stop if hasattr(tc.module.args, 'reassemble'): if tc.module.args.reassemble == True: print("Enabling reassembly support") tlscb.debug_dol = tlscb.debug_dol | tcp_tls_proxy.tls_debug_dol_dec_reasm_path tlscb.other_fid = 0xffff tlscb.serq_pi = 0 tlscb.serq_ci = 0 tlscb.SetObjValPd() if tc.module.args.key_size == 16: tcp_tls_proxy.tls_aes128_decrypt_setup(tc, tlscb) elif tc.module.args.key_size == 32: tcp_tls_proxy.tls_aes256_decrypt_setup(tc, tlscb) tc.pvtdata.Add(tlscb) tc.pvtdata.Add(rnmdpr) tc.pvtdata.Add(tnmdpr) tc.pvtdata.Add(brq) return
def Configure(self): nvme_lif = self.session.initiator.ep.intf.lif.nvme_lif self.lif = nvme_lif self.nsid = nvme_lif.GetNextNsid() self.ns = nvme_lif.GetNs(self.nsid) assert self.ns != 0 #for DOL purpose, map session to a sq/cq. #more than one session can map to same sq/cq #for now using nsid%2 as the sq/cq number self.sqid = self.nsid % 2 self.cqid = self.sqid self.sq = self.session.initiator.ep.intf.lif.GetQ('NVME_SQ', self.sqid) self.cq = self.session.initiator.ep.intf.lif.GetQ('NVME_CQ', self.cqid) nvme_lif.NsSessionAttach(self.nsid, self) halapi.NvmeSessionCreate([self]) self.tcp_qid, self.tcp_other_qid = ProxyCbServiceHelper.GetSessionQids( self.session) self.tcp_cbid = "TcpCb%04d" % self.tcp_qid self.tcp_other_cbid = "TcpCb%04d" % self.tcp_other_qid return
def TestCaseVerify(tc): if GlobalOptions.dryrun: return True id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) if tc.config.flow.IsIflow(): print("This is iflow") tcbid = "TcpCb%04d" % id tlscbid = "TlsCb%04d" % id other_tcbid = "TcpCb%04d" % (id + 1) other_tlscbid = "TlsCb%04d" % (id + 1) else: print("This is rflow") tcbid = "TcpCb%04d" % (id + 1) tlscbid = "TlsCb%04d" % (id + 1) other_tcbid = "TcpCb%04d" % id other_tlscbid = "TlsCb%04d" % id same_flow = False if tc.pvtdata.same_flow: other_tcbid = tcbid other_tlscbid = tlscbid same_flow = True tcpcb = tc.pvtdata.db[tcbid] tcpcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid] tcpcb_cur.GetObjValPd() other_tcpcb = tc.pvtdata.db[other_tcbid] other_tcpcb_cur = tc.infra_data.ConfigStore.objects.db[other_tcbid] other_tcpcb_cur.GetObjValPd() tlscb = tc.pvtdata.db[tlscbid] tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] tlscb_cur.GetObjValPd() other_tlscb = tc.pvtdata.db[other_tlscbid] other_tlscb_cur = tc.infra_data.ConfigStore.objects.db[other_tlscbid] other_tlscb_cur.GetObjValPd() rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"] rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"] rnmdpr_big_cur.GetMeta() # Print stats if same_flow: other_tcpcb = tcpcb other_tcpcb_cur = tcpcb_cur else: print("bytes_rcvd = %d:" % tcpcb_cur.bytes_rcvd) print("pkts_rcvd = %d:" % tcpcb_cur.pkts_rcvd) print("bytes_sent = %d:" % other_tcpcb_cur.bytes_sent) print("pkts_sent = %d:" % other_tcpcb_cur.pkts_sent) return True
def TestCaseVerify(tc): if GlobalOptions.dryrun: return True id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) tlscbid = "TlsCb%04d" % id tlscb = tc.pvtdata.db[tlscbid] tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] print("pre-sync: tnmdpr_alloc %d enc_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests)) print("pre-sync: rnmdpr_free %d enc_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions)) print("pre-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread)) tlscb_cur.GetObjValPd() print("post-sync: tnmdpr_alloc %d enc_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests)) print("post-sync: rnmdpr_free %d enc_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions)) print("post-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread)) tcbid = "TcpCb%04d" % id tcb = tc.pvtdata.db[tcbid] # 2. Verify pi/ci got update got updated for ARQ tcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid] print("pre-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci)) tcb_cur.GetObjValPd() print("post-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci)) if (tcb_cur.sesq_pi != (tcb.sesq_pi+1) or tcb_cur.sesq_ci != (tcb.sesq_ci+1)): print("sesq pi/ci not as expected") #VijayV to enable this test after ci is fixed in p4+ #return False # 3. Fetch current values from Platform rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"] rnmdpr_big_cur.GetMeta() rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"] tnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"] tnmdpr_big_cur.GetMeta() tnmdpr_big = tc.pvtdata.db["TNMDPR_BIG"] arq = tc.pvtdata.db["CPU0000_ARQ"] arq_cur = tc.infra_data.ConfigStore.objects.db["CPU0000_ARQ"] arq_cur.GetMeta() arq_cur.GetRingEntries([arq.pi]) # 2. Verify descriptor if rnmdpr_big.ringentries[rnmdpr_big.pi].handle != arq_cur.ringentries[arq.pi].handle: #if rnmdpr.ringentries[rnmdpr.pi].handle != arq_cur.ringentries[0].handle: print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdpr_big.ringentries[rnmdpr_big.pi].handle, arq_cur.ringentries[0].handle)) #print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdpr.ringentries[rnmdpr.pi].handle, arq_cur.ringentries[arq.pi].handle)) return False return True
def TestCaseSetup(tc): global ipseccbq global ipseccb global rnmdr global iv global seq tc.pvtdata = ObjectDatabase() tc.pvtdata.seqNo = 0 print("TestCaseSetup(): Sample Implementation.") # 2. Clone objects that are needed for verification rnmdr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_RNMDR"]) rnmdr.GetMeta() rnmdr.GetRingEntries([rnmdr.pi, rnmdr.pi + 1]) rnmdr.GetRingEntryAOL([rnmdr.pi, rnmdr.pi + 1]) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) IpsecCbHelper.main(id) ipsecid = "IPSECCB%04d" % id ipseccb = tc.infra_data.ConfigStore.objects.db[ipsecid] ipsec_cbq_id = ipsecid + "_IPSECCBQ" ipseccbq = copy.deepcopy( tc.infra_data.ConfigStore.objects.db[ipsec_cbq_id]) ipseccb = tc.infra_data.ConfigStore.objects.db[ipsecid] rnmpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_RNMPR"]) rnmpr.GetMeta() rnmpr.GetRingEntries([rnmpr.pi]) tnmdr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_TNMDR"]) tnmdr.GetMeta() tnmdr.GetRingEntries([tnmdr.pi]) tnmpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_TNMPR"]) tnmpr.GetMeta() tnmpr.GetRingEntries([tnmpr.pi]) brq = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"]) brq.GetMeta() brq.GetRingEntries([brq.pi]) iv = ipseccb.iv seq = ipseccb.esn_lo tc.pvtdata.Add(rnmdr) tc.pvtdata.Add(rnmpr) tc.pvtdata.Add(tnmdr) tc.pvtdata.Add(tnmpr) tc.pvtdata.Add(brq) return
def TestCaseSetup(tc): tc.pvtdata = ObjectDatabase() tcp_proxy.SetupProxyArgs(tc) id1, id2 = ProxyCbServiceHelper.GetSessionQids(tc.config.flow._FlowObject__session) if tc.config.flow.IsIflow(): id = id1 other_fid = id2 else: id = id2 other_fid = id1 TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] tcp_proxy.init_tcb_inorder(tc, tcb) tcb.debug_dol = 0 # set tcb state to SYN_SENT(2) tcb.state = tcp_proxy.tcp_state_SYN_SENT tcb.SetObjValPd() TcpCbHelper.main(other_fid) tcbid2 = "TcpCb%04d" % (other_fid) logger.info("Configuring %s" % tcbid2) tcb2 = tc.infra_data.ConfigStore.objects.db[tcbid2] tcp_proxy.init_tcb_inorder2(tc, tcb2) tcb2.SetObjValPd() # 2. Clone objects that are needed for verification arq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["CPU0000_ARQ"]) arq.Configure() sesqid = "TCPCB%04d_SESQ" % id sesq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[sesqid]) tlscbid = "TlsCb%04d" % id tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] tlscb_cur.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_barco tlscb_cur.SetObjValPd() tlscb = copy.deepcopy(tlscb_cur) tcpcb = copy.deepcopy(tcb) tc.pvtdata.Add(tlscb) tc.pvtdata.Add(tcpcb) tc.pvtdata.Add(sesq) tc.pvtdata.Add(arq) return
def TestCaseSetup(tc): tc.pvtdata = ObjectDatabase() tcp_proxy.SetupProxyArgs(tc) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] tcp_proxy.init_tcb_inorder(tc, tcb) # set tcb state to ESTABLISHED(1) tcb.state = tcp_proxy.tcp_state_ESTABLISHED tcb.debug_dol_tx |= tcp_proxy.tcp_tx_debug_dol_dont_tx tcb.SetObjValPd() # 2. Clone objects that are needed for verification rnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]) rnmdpr.GetMeta() tnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]) tnmdpr.GetMeta() arq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["CPU0000_ARQ"]) sesqid = "TCPCB%04d_SESQ" % id sesq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[sesqid]) sesq.GetMeta() tlscbid = "TlsCb%04d" % id tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] #tlscb_cur.debug_dol = (tcp_tls_proxy.tls_debug_dol_leave_in_arq | tcp_tls_proxy.tls_debug_dol_bypass_proxy | tcp_tls_proxy.tls_debug_dol_bypass_barco | tcp_tls_proxy.tls_debug_dol_fake_handshake_msg) tlscb_cur.debug_dol = (tcp_tls_proxy.tls_debug_dol_bypass_proxy | tcp_tls_proxy.tls_debug_dol_bypass_barco | tcp_tls_proxy.tls_debug_dol_arm_loop_ctlr_pkts) tlscb_cur.other_fid = 0xffff tlscb_cur.is_decrypt_flow = 1 tlscb_cur.serq_pi = 0 tlscb_cur.serq_ci = 0 tlscb_cur.SetObjValPd() tlscb = copy.deepcopy(tlscb_cur) tlscb.GetObjValPd() tcpcb = copy.deepcopy(tcb) tcpcb.GetObjValPd() tc.pvtdata.Add(tlscb) tc.pvtdata.Add(rnmdpr) tc.pvtdata.Add(tnmdpr) tc.pvtdata.Add(tcpcb) tc.pvtdata.Add(sesq) tc.pvtdata.Add(arq) return
def TestCaseSetup(tc): tc.pvtdata = ObjectDatabase() tcp_proxy.SetupProxyArgs(tc) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] tcp_proxy.init_tcb_inorder(tc, tcb) # set tcb state to ESTABLISHED(1) tcb.state = 1 tcb.l7_proxy_type = 0 tcb.debug_dol = 0 tcb.SetObjValPd() # 2. Clone objects that are needed for verification rnmdpr_big = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]) rnmdpr_big.GetMeta() tnmdpr_big = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]) #tnmdpr_big.GetMeta() brq = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"]) #brq.GetMeta() tlscbid = "TlsCb%04d" % id tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid]) tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_proxy | \ tcp_tls_proxy.tls_debug_dol_sesq_stop tlscb.other_fid = 0xffff tlscb.l7_proxy_type = tcp_proxy.l7_proxy_type_REDIR tlscb.serq_pi = 0 tlscb.serq_ci = 0 if tc.module.args.key_size == 16: tcp_tls_proxy.tls_aes128_decrypt_setup(tc, tlscb) elif tc.module.args.key_size == 32: tcp_tls_proxy.tls_aes256_decrypt_setup(tc, tlscb) tc.pvtdata.Add(tlscb) tc.pvtdata.Add(rnmdpr_big) tc.pvtdata.Add(tnmdpr_big) tc.pvtdata.Add(brq) return
def TestCaseSetup(tc): tc.pvtdata = ObjectDatabase() tcp_proxy.SetupProxyArgs(tc) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] tcp_proxy.init_tcb_inorder(tc, tcb) tcb.l7_proxy_type = tcp_proxy.l7_proxy_type_SPAN tcb.debug_dol |= tcp_proxy.tcp_debug_dol_pkt_to_serq tcb.debug_dol |= tcp_proxy.tcp_debug_dol_pkt_to_l7q if hasattr(tc.module.args, 'atomic_stats') and tc.module.args.atomic_stats: print("Testing atomic stats") tcb.debug_dol |= tcp_proxy.tcp_debug_dol_test_atomic_stats tcb.bytes_rcvd = 0 # set tcb state to ESTABLISHED(1) tcb.state = 1 tcb.SetObjValPd() tlscbid = "TlsCb%04d" % id tlscb = tc.infra_data.ConfigStore.objects.db[tlscbid] tlscb.debug_dol = 0 tlscb.is_decrypt_flow = False tlscb.other_fid = 0xffff tlscb.serq_pi = 0 tlscb.serq_ci = 0 tlscb.SetObjValPd() # 2. Clone objects that are needed for verification rnmdpr_big = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]) rnmdpr_big.GetMeta() rnmdpr_big.GetRingEntries([rnmdpr_big.pi]) serqid = "TLSCB%04d_SERQ" % id serq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[serqid]) serq.GetMeta() tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid]) tlscb.GetObjValPd() tcpcb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tcbid]) tcpcb.GetObjValPd() tc.pvtdata.Add(tlscb) tc.pvtdata.Add(rnmdpr_big) tc.pvtdata.Add(tcpcb) tc.pvtdata.Add(serq) return
def TestCaseSetup(tc): global cpurx_dpr global rawrcbid global rawccbid global rawrcb global rawccb global redir_span tc.SetRetryEnabled(True) tc.pvtdata = ObjectDatabase() redir_span = getattr(tc.module.args, 'redir_span', False) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) if redir_span: id = app_redir_shared.app_redir_span_rawrcb_id rawrcbid = "RawrCb%04d" % id rawccbid = "RawcCb%04d" % id RawrCbHelper.main(id) rawrcb = tc.infra_data.ConfigStore.objects.db[rawrcbid] RawcCbHelper.main(id) rawccb = tc.infra_data.ConfigStore.objects.db[rawccbid] # 1. Configure RAWRCB in HBM before packet injection # let HAL fill in defaults for chain_rxq_base, etc. rawrcb.chain_txq_base = 0 rawrcb.chain_rxq_base = 0 rawrcb.rawrcb_flags = app_redir_shared.app_redir_dol_pipeline_loopbk_en rawrcb.SetObjValPd() # 1. Configure RAWCCB in HBM before packet injection # let HAL fill in defaults for my_txq_base, etc. rawccb.my_txq_base = 0 rawccb.SetObjValPd() # 2. Clone objects that are needed for verification cpurx_dpr = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["CPU_RX_DPR"]) cpurx_dpr.GetMeta() cpurx_dpr.GetRingEntries([cpurx_dpr.pi]) rawrcb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[rawrcbid]) rawrcb.GetObjValPd() rawccb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[rawccbid]) rawccb.GetObjValPd() return
def TestCaseSetup(tc): tc.pvtdata = ObjectDatabase() tcp_proxy.SetupProxyArgs(tc) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] tcp_proxy.init_tcb_inorder(tc, tcb) # set tcb state to ESTABLISHED(1) tcb.state = 1 tcb.SetObjValPd() # 2. Clone objects that are needed for verification rnmdpr_big = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]) rnmdpr_big.GetMeta() rnmdpr_big.GetRingEntries([rnmdpr_big.pi]) tnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]) tnmdpr.GetMeta() sesqid = "TCPCB%04d_SESQ" % id sesq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[sesqid]) sesq.GetMeta() tlscbid = "TlsCb%04d" % id tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] tlscb_cur.debug_dol = (tcp_tls_proxy.tls_debug_dol_bypass_proxy | tcp_tls_proxy.tls_debug_dol_sesq_stop | tcp_tls_proxy.tls_debug_dol_bypass_barco) tlscb_cur.other_fid = 0xffff tlscb_cur.is_decrypt_flow = False tlscb_cur.serq_pi = 0 tlscb_cur.serq_ci = 0 tlscb_cur.SetObjValPd() tlscb = copy.deepcopy(tlscb_cur) tlscb.GetObjValPd() tcpcb = copy.deepcopy(tcb) tcpcb.GetObjValPd() tc.pvtdata.Add(tlscb) tc.pvtdata.Add(rnmdpr_big) tc.pvtdata.Add(tnmdpr) tc.pvtdata.Add(tcpcb) tc.pvtdata.Add(sesq) return
def TestCaseTeardown(tc): id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) if tc.config.flow.IsIflow(): tcbid = "TcpCb%04d" % id other_tcbid = "TcpCb%04d" % (id + 1) else: tcbid = "TcpCb%04d" % (id + 1) other_tcbid = "TcpCb%04d" % id tcpcb = tc.infra_data.ConfigStore.objects.db[tcbid] other_tcpcb = tc.infra_data.ConfigStore.objects.db[other_tcbid] if GlobalOptions.dryrun: return True if tc.pvtdata.test_del_ack_timer: timer = tc.infra_data.ConfigStore.objects.db['FAST_TIMER'] timer.Step(0) if tc.pvtdata.test_retx_timer: tcpcb.debug_dol_tx &= ~tcp_proxy.tcp_tx_debug_dol_start_retx_timer tcpcb.SetObjValPd() other_tcpcb.debug_dol_tx &= ~tcp_proxy.tcp_tx_debug_dol_start_retx_timer other_tcpcb.SetObjValPd() timer = tc.infra_data.ConfigStore.objects.db['FAST_TIMER'] timer.Step(0) reset_rnmdpr = False if tc.pvtdata.sem_full and tc.pvtdata.sem_full == 'nmdr': reset_rnmdpr = True if tc.pvtdata.rnmdr_big_pi is not None: reset_rnmdpr = True if tc.pvtdata.rnmdr_big_ci is not None: reset_rnmdpr = True if reset_rnmdpr: rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"] rnmdpr_big.pi = 0 rnmdpr_big.ci = 8192 rnmdpr_big.SetMeta() if tc.pvtdata.test_retx_timer_full: tcpcb.debug_dol_tx = 0 tcpcb.SetObjValPd() other_tcpcb.debug_dol_tx = 0 other_tcpcb.SetObjValPd() return
def TestCaseSetup(tc): tc.pvtdata = ObjectDatabase() tcp_proxy.SetupProxyArgs(tc) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] tcp_proxy.init_tcb_inorder(tc, tcb) tcb.debug_dol |= tcp_proxy.tcp_debug_dol_leave_in_arq # set tcb state to SYN_SENT(2) tcb.state = tcp_proxy.tcp_state_SYN_SENT tcb.SetObjValPd() # 2. Clone objects that are needed for verification rnmdpr_big = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]) rnmdpr_big.GetMeta() rnmdpr_big.GetRingEntries([rnmdpr_big.pi]) tnmdpr_big = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]) tnmdpr_big.GetMeta() actl = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["CPU0000_TCP_ACTL"]) actl.GetMeta() sesqid = "TCPCB%04d_SESQ" % id sesq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[sesqid]) tlscbid = "TlsCb%04d" % id tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] tlscb_cur.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_barco tlscb_cur.SetObjValPd() tlscb = copy.deepcopy(tlscb_cur) tcpcb = copy.deepcopy(tcb) tc.pvtdata.Add(tlscb) tc.pvtdata.Add(rnmdpr_big) tc.pvtdata.Add(tnmdpr_big) tc.pvtdata.Add(tcpcb) tc.pvtdata.Add(sesq) tc.pvtdata.Add(actl) return
def get_tcbs(tc): id1, id2 = ProxyCbServiceHelper.GetSessionQids(tc.config.flow._FlowObject__session) if tc.config.flow.IsIflow(): id = id1 other_fid = id2 else: id = id2 other_fid = id1 tcbid1 = "TcpCb%04d" % id tcbid2 = "TcpCb%04d" % other_fid print("%s is flow 1" % tcbid1) print("%s is flow 2" % tcbid2) tcb1 = tc.infra_data.ConfigStore.objects.db[tcbid1] tcb2 = tc.infra_data.ConfigStore.objects.db[tcbid2] tc.pvtdata.tcb1 = tcb1 tc.pvtdata.tcb2 = tcb2 return tcb1, tcb2
def TestCaseVerify(tc): if GlobalOptions.dryrun: return True id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) # Retrieve saved state tlscbid = "TlsCb%04d" % id tlscb = tc.pvtdata.db[tlscbid] rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"] tnmdpr_big = tc.pvtdata.db["TNMDPR_BIG"] brq = tc.pvtdata.db["BRQ_ENCRYPT_GCM"] # Fetch current values from Platform rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"] rnmdpr_big_cur.GetMeta() tnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"] #tnmdpr_big_cur.GetMeta() tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] tlscb_cur.GetObjValPd() brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"] #brq_cur.GetMeta() # Verify PI for RNMDPR_BIG got incremented by 1 if (rnmdpr_big_cur.pi != rnmdpr_big.pi+2): print("RNMDPR_BIG pi check failed old %d new %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi)) return False print("Old RNMDPR_BIG PI: %d, New RNMDPR_BIG PI: %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi)) # Verify page #if rnmdpr.ringentries[0].handle != brq_cur.swdre_list[0].Addr1: # print("Page handle not as expected in brq_cur.swdre_list") #return False return True
def TestCaseSetup(tc): global ipseccbq global ipseccb global rnmdr global iv global seq tc.pvtdata = ObjectDatabase() print("TestCaseSetup(): Sample Implementation.") # 1. Configure IPSECCB in HBM before packet injection id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) IpsecCbHelper.main(id) ipsecid = "IPSECCB%04d" % id ipseccb = tc.infra_data.ConfigStore.objects.db[ipsecid] key_type = types_pb2.CRYPTO_KEY_TYPE_AES128 key_size = 16 key = b'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc' sip6 = b'\x20\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xaa' dip6 = b'\x20\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\xbb' ipseccb.crypto_key.Update(key_type, key_size, key) ipseccb.tunnel_sip4 = 0x0A010001 ipseccb.tunnel_dip4 = 0x0A010002 ipseccb.iv_size = 8 ipseccb.icv_size = 16 ipseccb.block_size = 16 ipseccb.key_index = 0 ipseccb.barco_enc_cmd = 0x30000000 ipseccb.iv = 0xaaaaaaaaaaaaaaaa ipseccb.iv_salt = 0xbbbbbbbb ipseccb.esn_hi = 0 ipseccb.esn_lo = 0 ipseccb.spi = 0 ipseccb.is_nat_t = 0 ipseccb.is_v6 = 0 ipseccb.key_index = ipseccb.crypto_key.keyindex ipseccb.sip6.ip_af = 2 ipseccb.sip6.v6_addr = sip6 ipseccb.dip6.ip_af = 2 ipseccb.dip6.v6_addr = dip6 ipseccb.SetObjValPd() # 2. Clone objects that are needed for verification rnmdr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_RNMDR"]) rnmdr.GetMeta() rnmdr.GetRingEntries([rnmdr.pi, rnmdr.pi + 1]) rnmdr.GetRingEntryAOL([rnmdr.pi, rnmdr.pi + 1]) ipsec_cbq_id = ipsecid + "_IPSECCBQ" ipseccbq = copy.deepcopy( tc.infra_data.ConfigStore.objects.db[ipsec_cbq_id]) ipseccb = tc.infra_data.ConfigStore.objects.db[ipsecid] rnmpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_RNMPR"]) rnmpr.GetMeta() rnmpr.GetRingEntries([rnmpr.pi]) tnmdr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_TNMDR"]) tnmdr.GetMeta() tnmdr.GetRingEntries([tnmdr.pi]) tnmpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["IPSEC_TNMPR"]) tnmpr.GetMeta() tnmpr.GetRingEntries([tnmpr.pi]) brq = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"]) brq.GetMeta() brq.GetRingEntries([brq.pi]) iv = ipseccb.iv seq = ipseccb.esn_lo tc.pvtdata.Add(rnmdr) tc.pvtdata.Add(rnmpr) tc.pvtdata.Add(tnmdr) tc.pvtdata.Add(tnmpr) tc.pvtdata.Add(brq) return
def TestCaseVerify(tc): global ipseccbq global ipseccb # 1. Verify pi/ci got update got updated id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) ipsecid = "IPSECCB%04d" % id ipsec_cbq_id = ipsecid + "_IPSECCBQ" ipseccb_cur = tc.infra_data.ConfigStore.objects.db[ipsecid] print("pre-sync: ipseccb_cur.pi %d ipseccb_cur.ci %d" % (ipseccb_cur.pi, ipseccb_cur.ci)) ipseccb_cur.GetObjValPd() print("post-sync: ipseccb_cur.pi %d ipseccb_cur.ci %d" % (ipseccb_cur.pi, ipseccb_cur.ci)) if (ipseccb_cur.pi != ipseccb.pi or ipseccb_cur.ci != ipseccb.ci): print("pi/ci not as expected") return False # 3. Fetch current values from Platform ipseccbqq_cur = tc.infra_data.ConfigStore.objects.db[ipsec_cbq_id] ipseccbqq_cur.Configure() rnmdr = tc.pvtdata.db["IPSEC_RNMDR"] rnmpr = tc.pvtdata.db["IPSEC_RNMPR"] tnmdr = tc.pvtdata.db["IPSEC_TNMDR"] tnmpr = tc.pvtdata.db["IPSEC_TNMPR"] rnmdr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_RNMDR"] rnmdr_cur.GetMeta() rnmdr_cur.GetRingEntries([rnmdr_cur.pi, rnmdr_cur.pi + 1]) rnmdr_cur.GetRingEntryAOL([rnmdr_cur.pi, rnmdr_cur.pi + 1]) rnmpr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_RNMPR"] rnmpr_cur.GetMeta() rnmpr_cur.GetRingEntries([rnmpr.pi, rnmpr_cur.pi]) tnmdr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_TNMDR"] tnmdr_cur.GetMeta() tnmdr_cur.GetRingEntries([tnmdr.pi, tnmdr_cur.pi]) tnmpr_cur = tc.infra_data.ConfigStore.objects.db["IPSEC_TNMPR"] tnmpr_cur.GetMeta() tnmpr_cur.GetRingEntries([tnmpr.pi, tnmpr_cur.pi]) # 4. Verify PI for IPSEC_RNMDR got incremented by 1 #if ((rnmdr_cur.pi != rnmdr.pi+2) and (rnmdr_cur.pi != rnmdr.pi+1)): #print("IPSEC_RNMDR pi check failed old %d new %d" % (rnmdr.pi, rnmdr_cur.pi)) #return False # 6. Verify pi/ci got update got updated for BRQ brq = tc.pvtdata.db["BRQ_ENCRYPT_GCM"] brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"] print("pre-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci)) brq_cur.GetMeta() brq_cur.GetRingEntries([brq.pi, brq_cur.pi]) print("post-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci)) if (brq_cur.pi != (brq.pi + 1) or brq_cur.ci != (brq.ci + 1)): print("brq pi/ci not as expected") #needs fix in HAL and support in model/p4+ for this check to work/pass #return False print("BRQ:") print("ilist_addr 0x%x" % brq_cur.ring_entries[brq.pi].ilist_addr) print("olist_addr 0x%x" % brq_cur.ring_entries[brq.pi].olist_addr) print("command 0x%x" % brq_cur.ring_entries[brq.pi].command) print("key_desc_index 0x%x" % brq_cur.ring_entries[brq.pi].key_desc_index) print("iv_addr 0x%x" % brq_cur.ring_entries[brq.pi].iv_addr) print("status_addr 0x%x" % brq_cur.ring_entries[brq.pi].status_addr) # There is an offset of 64 to go past scratch when queuing to barco. Pls modify # this when this offset is removed. #maxflows check should be reverted when we remove the hardcoding for idx 0 with pi/ci for BRQ # 7. Verify brq input desc and rnmdr #if (rnmdr.ringentries[rnmdr.pi].handle != (brq_cur.ring_entries[brq.pi].ilist_addr - 0x40)): # print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdr.ringentries[rnmdr.pi].handle, brq_cur.ring_entries[brq.pi].ilist_addr)) # return False print("IPSEC_RNMDR Entry: 0x%x, BRQ ILIST: 0x%x" % (rnmdr.ringentries[rnmdr.pi].handle, brq_cur.ring_entries[0].ilist_addr)) # 5. Verify descriptor #if rnmdr.ringentries[rnmdr.pi].handle != ipseccbqq_cur.ringentries[ipseccb_cur.pi-1].handle: # print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdr.ringentries[rnmdr.pi].handle, ipseccbqq_cur.ringentries[ipseccb_cur.pi-1].handle)) # return False #print("Descriptor handle expected in ringentries 0x%x 0x%x" % (rnmdr.ringentries[rnmdr.pi].handle, ipseccbqq_cur.ringentries[ipseccb_cur.pi-1].handle)) #if rnmdr.swdre_list[rnmdr.pi].DescAddr != ipseccbqq_cur.swdre_list[ipseccb_cur.pi-1].DescAddr: # print("Descriptor handle not as expected in swdre_list 0x%x 0x%x" % (rnmdr.swdre_list[rnmdr.pi].DescAddr, ipseccbqq_cur.swdre_list[ipseccb_cur.pi-1].DescAddr)) # return False #print("Descriptor handle expected in swdre_list 0x%x 0x%x" % (rnmdr.swdre_list[rnmdr.pi].DescAddr, ipseccbqq_cur.swdre_list[ipseccb_cur.pi-1].DescAddr)) # 10. Verify SeqNo increment if (ipseccb_cur.esn_lo != seq + 1): print("seq_no 0x%x 0x%x" % (ipseccb_cur.esn_lo, ipseccb.esn_lo)) return False if (ipseccb_cur.iv != iv + 1): print("iv : 0x%x 0x%x" % (ipseccb_cur.iv, ipseccb.iv)) return False #if (rnmdr.ringentries[rnmdr.pi].handle != (brq_cur.ring_entries[brq.pi].status_addr - 56)): # return False return True
def TestCaseSetup(tc): global rnmdpr_big global proxyrcbid global proxyccbid global proxyrcb global proxyccb global redir_span tc.SetRetryEnabled(True) redir_span = getattr(tc.module.args, 'redir_span', False) tc.pvtdata = ObjectDatabase() tcp_proxy.SetupProxyArgs(tc) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] tcp_proxy.init_tcb_inorder(tc, tcb) # set tcb state to ESTABLISHED(1) tcb.state = 1 tcb.l7_proxy_type = 0 tcb.debug_dol = 0 if redir_span: tcb.debug_dol_tx |= tcp_proxy.tcp_tx_debug_dol_dont_tx tcb.SetObjValPd() _proxyrcb_id = id ProxyrCbHelper.main(_proxyrcb_id) proxyrcbid = "ProxyrCb%04d" % _proxyrcb_id # 1. Configure PROXYRCB in HBM before packet injection proxyrcb = tc.infra_data.ConfigStore.objects.db[proxyrcbid] # let HAL fill in defaults for chain_rxq_base, etc. proxyrcb.my_txq_base = 0 proxyrcb.chain_rxq_base = 0 proxyrcb.redir_span = redir_span proxyrcb.proxyrcb_flags = app_redir_shared.app_redir_dol_pipeline_loopbk_en # fill in flow key proxyrcb.FlowKeyBuild(tc.config.flow) print("vrf %d flow sport %d dport %d" % (proxyrcb.vrf, proxyrcb.sport, proxyrcb.dport)) proxyrcb.SetObjValPd() tlscbid = "TlsCb%04d" % id tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid]) tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_proxy tlscb.other_fid = 0xffff tlscb.l7_proxy_type = tcp_proxy.l7_proxy_type_REDIR if redir_span: tlscb.l7_proxy_type = tcp_proxy.l7_proxy_type_SPAN tlscb.serq_pi = 0 tlscb.serq_ci = 0 if tc.module.args.key_size == 16: tcp_tls_proxy.tls_aes128_decrypt_setup(tc, tlscb) elif tc.module.args.key_size == 32: tcp_tls_proxy.tls_aes256_decrypt_setup(tc, tlscb) _proxyccb_id = id ProxycCbHelper.main(_proxyccb_id) proxyccbid = "ProxycCb%04d" % _proxyccb_id # 1. Configure PROXYCCB in HBM before packet injection proxyccb = tc.infra_data.ConfigStore.objects.db[proxyccbid] # let HAL fill in defaults for my_txq_base, etc. proxyccb.redir_span = redir_span proxyccb.my_txq_base = 0 proxyccb.chain_txq_base = 0 proxyccb.chain_txq_lif = app_redir_shared.service_lif_tcp_proxy proxyccb.chain_txq_qtype = 0 proxyccb.chain_txq_qid = id proxyccb.chain_txq_ring = 0 proxyccb.proxyccb_flags = app_redir_shared.app_redir_chain_desc_add_aol_offset | \ app_redir_shared.app_redir_dol_skip_chain_doorbell proxyccb.SetObjValPd() # 2. Clone objects that are needed for verification rnmdpr_big = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]) rnmdpr_big.GetMeta() proxyrcb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[proxyrcbid]) proxyrcb.GetObjValPd() proxyccb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[proxyccbid]) proxyccb.GetObjValPd() return
def TestCaseVerify(tc): global rnmdpr_big global proxyrcbid global proxyccbid global proxyrcb global proxyccb global redir_span num_pkts = 1 if hasattr(tc.module.args, 'num_pkts'): num_pkts = int(tc.module.args.num_pkts) proxyr_meta_pages = 0 if hasattr(tc.module.args, 'proxyr_meta_pages'): proxyr_meta_pages = int(tc.module.args.proxyr_meta_pages) num_flow_miss_pkts = 0 if hasattr(tc.module.args, 'num_flow_miss_pkts'): num_flow_miss_pkts = int(tc.module.args.num_flow_miss_pkts) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) # Verify chain_rxq_base proxyrcb_cur = tc.infra_data.ConfigStore.objects.db[proxyrcbid] proxyrcb_cur.GetObjValPd() if proxyrcb_cur.chain_rxq_base == 0: print("chain_rxq_base not set") return False print("chain_rxq_base value post-sync from HBM 0x%x" % proxyrcb_cur.chain_rxq_base) # Verify my_txq_base proxyccb_cur = tc.infra_data.ConfigStore.objects.db[proxyccbid] proxyccb_cur.GetObjValPd() if proxyccb_cur.my_txq_base == 0: print("my_txq_base not set") return False print("my_txq_base value post-sync from HBM 0x%x" % proxyccb_cur.my_txq_base) # Fetch current values from Platform rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"] rnmdpr_big_cur.GetMeta() # Verify PI for RNMDPR_BIG got incremented # when span is in effect, TLS would have allocated 2 descs per packet, # one for forwarding to TCP and one for L7 num_exp_descs = num_pkts if redir_span: num_exp_descs *= 2 if (rnmdpr_big_cur.pi != rnmdpr_big.pi + num_exp_descs): print( "RNMDPR_BIG pi check failed old %d new %d expected %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi, rnmdpr_big.pi + num_exp_descs)) proxyrcb_cur.StatsPrint() proxyccb_cur.StatsPrint() return False print("RNMDPR_BIG pi old %d new %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi)) # Rx: verify # packets redirected num_redir_pkts = num_pkts - num_flow_miss_pkts if (proxyrcb_cur.stat_pkts_redir != proxyrcb.stat_pkts_redir + num_redir_pkts): print("stat_pkts_redir check failed old %d new %d expected %d" % (proxyrcb.stat_pkts_redir, proxyrcb_cur.stat_pkts_redir, proxyrcb.stat_pkts_redir + num_redir_pkts)) proxyrcb_cur.StatsPrint() proxyccb_cur.StatsPrint() return False print("stat_pkts_redir old %d new %d" % (proxyrcb.stat_pkts_redir, proxyrcb_cur.stat_pkts_redir)) # Tx: verify PI for PROXYCCB got incremented time.sleep(1) proxyccb_cur.GetObjValPd() num_exp_proxyccb_pkts = num_redir_pkts if redir_span: num_exp_proxyccb_pkts = 0 if (proxyccb_cur.pi != proxyccb.pi + num_exp_proxyccb_pkts): print("PROXYCCB pi check failed old %d new %d expected %d" % (proxyccb.pi, proxyccb_cur.pi, proxyccb.pi + num_exp_proxyccb_pkts)) proxyrcb_cur.StatsPrint() proxyccb_cur.StatsPrint() return False print("PROXYCCB pi old %d new %d" % (proxyccb.pi, proxyccb_cur.pi)) # Tx: verify # packets chained if (proxyccb_cur.stat_pkts_chain != proxyccb.stat_pkts_chain + num_exp_proxyccb_pkts): print("stat_pkts_chain check failed old %d new %d expected %d" % (proxyccb.stat_pkts_chain, proxyccb_cur.stat_pkts_chain, proxyccb.stat_pkts_chain + num_exp_proxyccb_pkts)) proxyrcb_cur.StatsPrint() proxyccb_cur.StatsPrint() return False print("stat_pkts_chain old %d new %d" % (proxyccb.stat_pkts_chain, proxyccb_cur.stat_pkts_chain)) proxyrcb_cur.StatsPrint() proxyccb_cur.StatsPrint() return True
def TestCaseVerify(tc): if GlobalOptions.dryrun: return True id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) # Retrieve saved state tlscbid = "TlsCb%04d" % id tlscb = tc.pvtdata.db[tlscbid] rnmdpr = tc.pvtdata.db["RNMDPR_BIG"] tnmdpr = tc.pvtdata.db["TNMDPR_BIG"] if tc.module.args.cipher_suite == "CCM": brq = tc.pvtdata.db["BRQ_ENCRYPT_CCM"] elif tc.module.args.cipher_suite == "CBC": brq = tc.pvtdata.db["BRQ_ENCRYPT_CBC"] else: brq = tc.pvtdata.db["BRQ_DECRYPT_GCM"] # Fetch current values from Platform rnmdpr_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"] rnmdpr_cur.GetMeta() tnmdpr_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"] tnmdpr_cur.GetMeta() tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] tlscb_cur.GetObjValPd() if tc.module.args.cipher_suite == "CCM": brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CCM"] elif tc.module.args.cipher_suite == "CBC": brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CBC"] else: brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_DECRYPT_GCM"] brq_cur.GetMeta() if brq_cur.pi > 0: brq_cur.GetRingEntries([brq_cur.pi - 1, brq_cur.pi]) else: brq_cur.GetRingEntries([brq_cur.pi]) # 1. Verify PI for RNMDPR_BIG got incremented by respective amount # This will be done only for non-reassemble scenarios if (not hasattr(tc.module.args, 'reassemble')) or (tc.module.args.reassemble != True): if (rnmdpr_cur.pi != rnmdpr.pi + 1): print("RNMDPR_BIG pi check failed old %d new %d" % (rnmdpr.pi, rnmdpr_cur.pi)) return False print("Old RNMDPR_BIG PI: %d, New RNMDPR_BIG PI: %d" % (rnmdpr.pi, rnmdpr_cur.pi)) # 2. Verify PI for TNMDPR_BIG got incremented by 1 if (tnmdpr_cur.pi != tnmdpr.pi + 1): print("TNMDPR_BIG pi check failed old %d new %d" % (tnmdpr.pi, tnmdpr_cur.pi)) return False print("Old TNMDPR_BIG PI: %d, New TNMDPR_BIG PI: %d" % (tnmdpr.pi, tnmdpr_cur.pi)) print("BRQ: Current PI %d" % brq_cur.pi) # 3. Verify input descriptor on the BRQ if rnmdpr.ringentries[rnmdpr.pi].handle != ( brq_cur.ring_entries[brq_cur.pi - 1].ilist_addr - 0x40): print( "Barco ilist Check: Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdpr.ringentries[rnmdpr.pi].handle, brq_cur.ring_entries[brq_cur.pi - 1].ilist_addr - 0x40)) return False print( "Barco ilist Check: Descriptor handle as expected in ringentries 0x%x 0x%x" % (rnmdpr.ringentries[rnmdpr.pi].handle, brq_cur.ring_entries[brq_cur.pi - 1].ilist_addr - 0x40)) # 4. Verify output descriptor on the BRQ if tnmdpr.ringentries[tnmdpr.pi].handle != ( brq_cur.ring_entries[brq_cur.pi - 1].olist_addr - 0x40): print( "Barco olist Check: Descriptor handle not as expected in ringentries 0x%x 0x%x" % (tnmdpr.ringentries[tnmdpr.pi].handle, brq_cur.ring_entries[brq_cur.pi - 1].olist_addr - 0x40)) return False print( "Barco olist Check: Descriptor handle as expected in ringentries 0x%x 0x%x" % (tnmdpr.ringentries[tnmdpr.pi].handle, brq_cur.ring_entries[brq_cur.pi - 1].olist_addr - 0x40)) # 5. Verify BRQ Descriptor Command field if brq_cur.ring_entries[brq_cur.pi - 1].command != tlscb.command: print("BRQ Command Check: Failed : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi - 1].command, tlscb.command)) return False print("BRQ Command Check: Success : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi - 1].command, tlscb.command)) # 6. Verify BRQ Descriptor Key Index field if brq_cur.ring_entries[brq_cur.pi - 1].key_desc_index != tlscb.crypto_key_idx: print( "BRQ Crypto Key Index Check: Failed : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi - 1].key_desc_index, tlscb.crypto_key_idx)) return False print("BRQ Crypto Key Index Check: Success : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi - 1].key_desc_index, tlscb.crypto_key_idx)) # 7. Verify BRQ Descriptor HMAC Key Index field # Activate this check when HW support for AES-CBC-HMAC-SHA2, currently we use software chaining #if brq_cur.ring_entries[brq_cur.pi-1].second_key_desc_index != tlscb.crypto_hmac_key_idx: #print("BRQ Crypto HMAC Key Index Check: Failed : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[0].second_key_desc_index, tlscb.crypto_hmac_key_idx)) #return False # 8. Verify Salt if brq_cur.ring_entries[brq_cur.pi - 1].salt != tlscb.salt: print("Salt Check Failed: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi - 1].salt, tlscb.salt)) return False print("Salt Check Success: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi - 1].salt, tlscb.salt)) # 9. Verify Explicit IV # This is bound to fail until the DoL payload issue is fixed tls_explicit_iv = tcp_tls_proxy.tls_explicit_iv(tc.module.args.key_size) if brq_cur.ring_entries[brq_cur.pi - 1].explicit_iv != tls_explicit_iv: print("Explicit IV Check Failed: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi - 1].explicit_iv, tls_explicit_iv)) return False print("Explicit IV Check Success: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi - 1].explicit_iv, tls_explicit_iv)) # 10. Verify header size, this is the AAD size and is 13 bytes # In case of AES-CCM, TLS uses a fixed header size of 2 16-byte blocks including AAD. if tc.module.args.cipher_suite == "CCM": hdr_size = 0x20 else: hdr_size = 0xd if brq_cur.ring_entries[brq_cur.pi - 1].header_size != hdr_size: print("Header Size Check Failed: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi - 1].header_size, hdr_size)) return False else: print("Header Size Check Success: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi - 1].header_size, hdr_size)) # 11. Barco Status check if brq_cur.ring_entries[brq_cur.pi - 1].barco_status != 0: print("Barco Status Check Failed: Got 0x%x, Expected: 0" % (brq_cur.ring_entries[brq_cur.pi - 1].barco_status)) else: print("Barco Status Check Success: Got 0x%x, Expected: 0" % (brq_cur.ring_entries[brq_cur.pi - 1].barco_status)) # 3. Verify page #if rnmdpr.ringentries[0].handle != brq_cur.swdre_list[0].Addr1: # print("Page handle not as expected in brq_cur.swdre_list") #return False # Pending Checks # - Header size # - Barco Operation Status # - Key in memory # - Decrypted content return True
def TestCaseSetup(tc): tc.pvtdata = ObjectDatabase() tcp_proxy.SetupProxyArgs(tc) skip_config = False if hasattr(tc.module.args, 'skip_config') and tc.module.args.skip_config: print("skipping config") skip_config = True #id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) id1, id2 = ProxyCbServiceHelper.GetSessionQids(tc.config.flow._FlowObject__session) if tc.config.flow.IsIflow(): id = id1 other_fid = id2 else: id = id2 other_fid = id1 TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] if not skip_config: tcp_proxy.init_tcb_inorder(tc, tcb) # set tcb state to ESTABLISHED(1) tcb.state = 1 tcb.SetObjValPd() else: tc.pvtdata.flow1_bytes_rxed = 0 tc.pvtdata.flow1_bytes_txed = 0 tc.pvtdata.flow2_bytes_rxed = 0 tc.pvtdata.flow2_bytes_txed = 0 TcpCbHelper.main(other_fid) tcbid2 = "TcpCb%04d" % (other_fid) logger.info("Configuring %s" % tcbid2) tcb2 = tc.infra_data.ConfigStore.objects.db[tcbid2] if not skip_config: tcp_proxy.init_tcb_inorder2(tc, tcb2) tcb2.SetObjValPd() tc.pvtdata.tcb1 = tcb tc.pvtdata.tcb2 = tcb2 tlscbid = "TlsCb%04d" % id tlscbid2 = "TlsCb%04d" % (other_fid) tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid]) #tlscb = tc.infra_data.ConfigStore.objects.db[tlscbid] #tlscb2 = tc.infra_data.ConfigStore.objects.db[tlscbid2] tlscb2 = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid2]) tlscb.serq_pi = 0 tlscb.serq_pi = 0 tlscb.serq_ci = 0 tlscb.serq_ci = 0 tlscb2.serq_pi = 0 tlscb2.serq_pi = 0 tlscb2.serq_ci = 0 tlscb2.serq_ci = 0 tlscb.debug_dol = 0 tlscb2.debug_dol = 0 #tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_proxy | \ # tcp_tls_proxy.tls_debug_dol_sesq_stop #tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_proxy #If 'use_random_iv' is set, set the corresponding debug-dol flag to indicate #datapath to pick a random value from DRBG as IV. if hasattr(tc.module.args, 'use_random_iv') and tc.module.args.use_random_iv == 1: tlscb.debug_dol |= tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random tlscb2.debug_dol |= tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random if tc.pvtdata.same_flow: tlscb.other_fid = 0xffff tlscb2.other_fid = 0xffff else: tlscb.other_fid = other_fid tlscb2.other_fid = id if not skip_config: if tc.module.args.key_size == 16: tcp_tls_proxy.tls_aes128_encrypt_setup(tc, tlscb) tcp_tls_proxy.tls_aes128_encrypt_setup(tc, tlscb2) elif tc.module.args.key_size == 32: tcp_tls_proxy.tls_aes256_encrypt_setup(tc, tlscb) tcp_tls_proxy.tls_aes256_encrypt_setup(tc, tlscb2) tlscb.SetObjValPd() tlscb2.SetObjValPd() if skip_config: return # 2. Clone objects that are needed for verification rnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]) rnmdpr.GetMeta() rnmdpr.GetRingEntries([rnmdpr.pi]) tnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]) tnmdpr.GetMeta() tnmdpr.GetRingEntries([tnmdpr.pi]) print("snapshot1: tnmdpr_alloc %d enc_requests %d" % (tlscb.tnmdpr_alloc, tlscb.enc_requests)) print("snapshot1: rnmdpr_free %d enc_completions %d" % (tlscb.rnmdpr_free, tlscb.enc_completions)) if tc.module.args.cipher_suite == "CCM": brq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CCM"]) elif tc.module.args.cipher_suite == "CBC": brq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CBC"]) else: brq = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"]) tcpcb = copy.deepcopy(tcb) tcpcb.GetObjValPd() tc.pvtdata.Add(tcpcb) tcpcb2 = copy.deepcopy(tcb2) tcpcb2.GetObjValPd() tc.pvtdata.Add(tcpcb2) tlscb.GetObjValPd() tc.pvtdata.Add(tlscb) tlscb2.GetObjValPd() tc.pvtdata.Add(tlscb2) tc.pvtdata.Add(rnmdpr) tc.pvtdata.Add(tnmdpr) return
def TestCaseVerify(tc): global maxflows if GlobalOptions.dryrun: return True id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) # 1. Verify pi/ci got update got updated for SERQ tlscbid = "TlsCb%04d" % id tlscb = tc.pvtdata.db[tlscbid] tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] print("pre-sync: tlscb_cur.serq_pi %d tlscb_cur.serq_ci %d" % (tlscb_cur.serq_pi, tlscb_cur.serq_ci)) tlscb_cur.GetObjValPd() print("post-sync: tlscb_cur.serq_pi %d tlscb_cur.serq_ci %d" % (tlscb_cur.serq_pi, tlscb_cur.serq_ci)) if (tlscb_cur.serq_pi != (tlscb.serq_pi + 1) or tlscb_cur.serq_ci != (tlscb.serq_ci + 1)): print("serq pi/ci not as expected") return False # 2. Verify enc_requests if (tlscb_cur.enc_requests != tlscb.enc_requests + 1): print("enc_requests not as expected %d %d" % (tlscb_cur.enc_requests, tlscb.enc_requests)) return False # Assumes bypass Barco stage0_7_thread = 0x151111 if (tlscb_cur.pre_debug_stage0_7_thread != stage0_7_thread): print("pre_debug_stage0_7_thread not as expected %x" % tlscb_cur.pre_debug_stage0_7_thread) return False # 3. Verify pi/ci got update got updated for BRQ brq = tc.pvtdata.db["BRQ_ENCRYPT_GCM"] brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"] print("pre-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci)) brq_cur.GetMeta() brq_cur.GetRingEntries([brq_cur.pi]) print("post-sync: brq_cur.pi %d brq_cur.ci %d" % (brq_cur.pi, brq_cur.ci)) if (brq_cur.pi != (brq.pi + 1) or brq_cur.ci != (brq.ci + 1)): print("brq pi/ci not as expected") #needs fix in HAL and support in model/p4+ for this check to work/pass #return False # 4. Fetch current values from Platform rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"] rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"] rnmdpr_big_cur.GetMeta() tnmdpr = tc.pvtdata.db["TNMDPR_BIG"] tnmdpr_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"] tnmdpr_cur.GetMeta() # 5. Verify PI for RNMDPR_BIG got incremented by 1 if (rnmdpr_big_cur.pi != rnmdpr_big.pi + 1): print("RNMDPR_BIG pi check failed old %d new %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi)) return False print("Old RNMDPR_BIG PI: %d, New RNMDPR_BIG PI: %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi)) return True
def TestCaseSetup(tc): tc.pvtdata = ObjectDatabase() tc.SetRetryEnabled(True) tcp_proxy.SetupProxyArgs(tc) id1, id2 = ProxyCbServiceHelper.GetSessionQids( tc.config.flow._FlowObject__session) if tc.config.flow.IsIflow(): id = id1 other_fid = id2 else: id = id2 other_fid = id1 TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id logger.info("Configuring %s" % tcbid) # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] tcp_proxy.init_tcb_inorder(tc, tcb) tcb.SetObjValPd() TcpCbHelper.main(other_fid) tcbid2 = "TcpCb%04d" % (other_fid) logger.info("Configuring %s" % tcbid2) tcb2 = tc.infra_data.ConfigStore.objects.db[tcbid2] tcp_proxy.init_tcb_inorder2(tc, tcb2) tcb2.SetObjValPd() # 2. Configure TLS CB in HBM before packet injection tlscbid = "TlsCb%04d" % id tlscbid2 = "TlsCb%04d" % (other_fid) tlscb = tc.infra_data.ConfigStore.objects.db[tlscbid] tlscb2 = tc.infra_data.ConfigStore.objects.db[tlscbid2] tlscb.debug_dol = 0 tlscb2.debug_dol = 0 if tc.pvtdata.bypass_barco: print("Bypassing Barco") tlscb.is_decrypt_flow = False tlscb2.is_decrypt_flow = False tlscb.debug_dol |= tcp_tls_proxy.tls_debug_dol_bypass_barco tlscb2.debug_dol |= tcp_tls_proxy.tls_debug_dol_bypass_barco if tc.pvtdata.same_flow: print("Same flow") tlscb.debug_dol |= tcp_tls_proxy.tls_debug_dol_bypass_proxy tlscb2.debug_dol |= tcp_tls_proxy.tls_debug_dol_bypass_proxy tlscb.other_fid = 0xffff tlscb2.other_fid = 0xffff else: print("Other flow") tlscb.other_fid = other_fid tlscb2.other_fid = id tlscb.SetObjValPd() tlscb2.SetObjValPd() # 3. Clone objects that are needed for verification tcpcb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tcbid]) tcpcb.GetObjValPd() tc.pvtdata.Add(tcpcb) tcpcb2 = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tcbid2]) tcpcb2.GetObjValPd() tc.pvtdata.Add(tcpcb2) tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid]) tlscb.GetObjValPd() tc.pvtdata.Add(tlscb) other_tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid2]) other_tlscb.GetObjValPd() tc.pvtdata.Add(other_tlscb) rnmdpr_big = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]) rnmdpr_big.GetMeta() tc.pvtdata.Add(rnmdpr_big) return
def TestCaseVerify(tc): if GlobalOptions.dryrun: return True id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) tlscbid = "TlsCb%04d" % id tlscb = tc.pvtdata.db[tlscbid] tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] print("pre-sync: tnmdpr_alloc %d enc_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests)) print("pre-sync: rnmdpr_big_free %d enc_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions)) print( "pre-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread)) tlscb_cur.GetObjValPd() print("post-sync: tnmdpr_alloc %d enc_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests)) print("post-sync: rnmdpr_big_free %d enc_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions)) print( "post-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread)) print("snapshot: tnmdpr_alloc %d enc_requests %d" % (tlscb.tnmdpr_alloc, tlscb.enc_requests)) print("snapshot: rnmdpr_big_free %d enc_completions %d" % (tlscb.rnmdpr_free, tlscb.enc_completions)) # 0. Verify the counters #if ((tlscb_cur.tnmdpr_alloc - tlscb.tnmdpr_alloc) != (tlscb_cur.rnmdpr_free - tlscb.rnmdpr_free)): #print("tnmdpr alloc increment not same as rnmdpr_big free increment") #return False if ((tlscb_cur.enc_requests - tlscb.enc_requests) != (tlscb_cur.enc_completions - tlscb.enc_completions)): print("enc requests not equal to completions %d %d %d %d" % (tlscb_cur.enc_requests, tlscb.enc_requests, tlscb_cur.enc_completions, tlscb.enc_completions)) return False # 1. Verify threading if (tlscb_cur.pre_debug_stage0_7_thread != 0x151111): print("pre crypto pipeline threading was not ok") return False if (tlscb_cur.post_debug_stage0_7_thread != 0x1111111): print("post crypto pipeline threading was not ok") return False tcbid = "TcpCb%04d" % id tcb = tc.pvtdata.db[tcbid] # 2. Verify pi/ci got update got updated for SESQ tcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid] print("pre-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci)) tcb_cur.GetObjValPd() print("post-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci)) if (tcb_cur.sesq_pi != (tcb.sesq_pi + 1) or tcb_cur.sesq_ci != (tcb.sesq_ci + 1)): print("sesq pi/ci not as expected") #VijayV to enable this test after ci is fixed in p4+ #return False # 3. Fetch current values from Platform rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"] rnmdpr_big_cur.GetMeta() rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"] tnmdpr_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"] tnmdpr_cur.GetMeta() tnmdpr = tc.pvtdata.db["TNMDPR_BIG"] # 4. Verify PI for RNMDPR_BIG got incremented by 1 if (rnmdpr_big_cur.pi != rnmdpr_big.pi + 1): print("RNMDPR_BIG pi check failed old %d new %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi)) return False sesqid = "TCPCB%04d_SESQ" % id sesq = tc.pvtdata.db[sesqid] sesq_cur = tc.infra_data.ConfigStore.objects.db[sesqid] sesq_cur.GetMeta() sesq_cur.GetRingEntries([0]) # 6. Verify descriptor if (rnmdpr_big.ringentries[rnmdpr_big.pi].handle != ((sesq_cur.ringentries[0].handle & 0x3ffffffff) - 0x40)): print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdpr_big.ringentries[rnmdpr_big.pi].handle, sesq_cur.ringentries[0].handle)) return False return True
def TestCaseVerify(tc): if GlobalOptions.dryrun: return True id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) tlscbid = "TlsCb%04d" % id tlscb = tc.pvtdata.db[tlscbid] tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] print("pre-sync: tnmdpr_alloc %d enc_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests)) print("pre-sync: rnmdpr_free %d enc_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions)) print( "pre-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread)) tlscb_cur.GetObjValPd() print("post-sync: tnmdpr_alloc %d enc_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests)) print("post-sync: rnmdpr_free %d enc_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions)) print( "post-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread)) tcbid = "TcpCb%04d" % id tcb = tc.pvtdata.db[tcbid] # 2. Verify pi/ci got update got updated for ARQ tcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid] print("pre-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci)) tcb_cur.GetObjValPd() print("post-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci)) if (tcb_cur.sesq_pi != (tcb.sesq_pi + 1) or tcb_cur.sesq_ci != (tcb.sesq_ci + 1)): print("sesq pi/ci not as expected") #VijayV to enable this test after ci is fixed in p4+ #return False # 3. Fetch current values from Platform rnmdpr_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"] rnmdpr_cur.GetMeta() rnmdpr = tc.pvtdata.db["RNMDPR_BIG"] tnmdpr_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"] tnmdpr_cur.GetMeta() tnmdpr = tc.pvtdata.db["TNMDPR_BIG"] arq = tc.pvtdata.db["CPU0000_ARQ"] arq_cur = tc.infra_data.ConfigStore.objects.db["CPU0000_ARQ"] arq_cur.GetMeta() print("bytes_rcvd = %d:" % tcb.bytes_rcvd) print("pkts_rcvd = %d:" % tcb.pkts_rcvd) print("bytes_rcvd = %d:" % tcb_cur.bytes_rcvd) print("pkts_rcvd = %d:" % tcb_cur.pkts_rcvd) print("bytes_sent = %d:" % tcb.bytes_sent) print("pkts_sent = %d:" % tcb.pkts_sent) print("bytes_sent = %d:" % tcb_cur.bytes_sent) print("pkts_sent = %d:" % tcb_cur.pkts_sent) # 4. Verify pkt rx stats if tcb_cur.pkts_rcvd != tcb.pkts_rcvd + 1: print("pkt rx stats not as expected") return False if ((tcb_cur.bytes_rcvd - tcb.bytes_rcvd) != tc.packets.Get('PKT1').payloadsize): print("Warning! pkt rx byte stats not as expected %d %d" % (tcb_cur.bytes_rcvd, tcb.bytes_rcvd)) return False # 5. Verify pkt tx stats # If set tcp_tx_debug_dol_dont_tx, then pkt does not tx and stats should not # increment either #if tcb_cur.pkts_sent != tcb.pkts_sent + 1: #print("pkt tx stats (%d) not as expected (%d)" % (tcb_cur.pkts_sent, tcb.pkts_sent)) #return False #if ((tcb_cur.bytes_sent - tcb.bytes_sent) != 71): # TODO: remove hardcoding #print("Warning! pkt tx byte stats not as expected %d %d" % (tcb_cur.bytes_sent, tcb.bytes_sent)) #return False return True
def TestCaseVerify(tc): if GlobalOptions.dryrun: return True num_pkts = 1 ooo = False pkt_len = tc.packets.Get('PKT1').payloadsize rcv_next_delta = pkt_len * num_pkts if hasattr(tc.module.args, 'num_pkts'): num_pkts = int(tc.module.args.num_pkts) rcv_next_delta = num_pkts * pkt_len if tc.pvtdata.ooo_seq_delta: ooo = True rcv_next_delta = 0 id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) tcbid = "TcpCb%04d" % id # 1. Verify rcv_nxt got updated tcpcb = tc.pvtdata.db[tcbid] tcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid] print("rcv_nxt value pre-sync from HBM 0x%x" % tcb_cur.rcv_nxt) tcb_cur.GetObjValPd() print("rcv_nxt value post-sync from HBM 0x%x" % tcb_cur.rcv_nxt) if tcb_cur.rcv_nxt != tc.pvtdata.flow1_rcv_nxt + rcv_next_delta: print("rcv_nxt not as expected") return False print("rcv_nxt as expected") tlscbid = "TlsCb%04d" % id # 2. Verify pi/ci got update got updated tlscb = tc.pvtdata.db[tlscbid] tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] print("pre-sync: tlscb_cur.serq_pi %d tlscb_cur.serq_ci %d" % (tlscb_cur.serq_pi, tlscb_cur.serq_ci)) tlscb_cur.GetObjValPd() print("post-sync: tlscb_cur.serq_pi %d tlscb_cur.serq_ci %d" % (tlscb_cur.serq_pi, tlscb_cur.serq_ci)) if (tlscb_cur.serq_pi != tlscb.serq_pi or tlscb_cur.serq_ci != tlscb.serq_ci): print("serq pi/ci not as expected") return False # 3. Fetch current values from Platform rnmdpr_big = tc.pvtdata.db["RNMDPR_BIG"] rnmdpr_big_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"] rnmdpr_big_cur.GetMeta() serqid = "TLSCB%04d_SERQ" % id serq = tc.pvtdata.db[serqid] serq_cur = tc.infra_data.ConfigStore.objects.db[serqid] serq_cur.GetMeta() serq_cur.GetRingEntries([tlscb.serq_pi]) serq_cur.GetRingEntryAOL([0]) # 4. Verify PI for RNMDPR_BIG got incremented by 2 (one for SERQ and another for L7Q) if (rnmdpr_big_cur.pi != (rnmdpr_big.pi + 2)): print("RNMDPR_BIG pi check failed old %d new %d" % (rnmdpr_big.pi, rnmdpr_big_cur.pi)) return False # 5. Verify descriptor print("rnmdpr_big.pi: %d, tlscb.serq_pi: %d" % (rnmdpr_big.pi, tlscb.serq_pi)) print("rnmdpr_big.size: %d, serq_cur.size: %d" % (len(rnmdpr_big.ringentries), len(serq_cur.ringentries))) if rnmdpr_big.ringentries[rnmdpr_big.pi].handle != serq_cur.ringentries[ tlscb.serq_pi].handle: print("Descriptor handle not as expected in ringentries 0x%x 0x%x" % \ (rnmdpr_big.ringentries[rnmdpr_big.pi].handle, serq_cur.ringentries[tlscb.serq_pi].handle)) return False # 8. TODO: Verify L7Q entries # Print stats print("bytes_rcvd = %d:" % tcb_cur.bytes_rcvd) print("pkts_rcvd = %d:" % tcb_cur.pkts_rcvd) print("pages_alloced = %d:" % tcb_cur.pages_alloced) print("desc_alloced = %d:" % tcb_cur.desc_alloced) #8 Verify pkt stats if tcb_cur.pkts_rcvd != tcpcb.pkts_rcvd + num_pkts: print("pkt rx stats not as expected, %d vs received %d" % (tcpcb.pkts_rcvd + num_pkts, tcb_cur.pkts_rcvd)) return False print("%d %d" % (tcb_cur.bytes_rcvd, tcpcb.bytes_rcvd)) if not ooo and tcb_cur.bytes_rcvd != tcpcb.bytes_rcvd + num_pkts * pkt_len: print("Warning! pkt rx byte stats not as expected") return False elif ooo and tcb_cur.bytes_rcvd != tcpcb.bytes_rcvd: print("Warning! pkt rx byte stats not as expected") return False #9 Verify page stats if tcb_cur.pages_alloced != tcpcb.pages_alloced + num_pkts: print("pages alloced stats not as expected, %d vs received %d" % (tcpcb.pages_alloced + num_pkts, tcb_cur.pages_alloced)) return False #10 Verify descr stats if tcb_cur.desc_alloced != tcpcb.desc_alloced + num_pkts: print("desc alloced stats not as expected, %d vs received %d" % (tcpcb.desc_alloced + num_pkts, tcb_cur.desc_alloced)) return False return True
def TestCaseVerify(tc): if GlobalOptions.dryrun: return True if hasattr(tc.module.args, 'skip_verify') and tc.module.args.skip_verify: print("skipping verify") return True num_pkts = 1 if hasattr(tc.module.args, 'num_pkts'): num_pkts = int(tc.module.args.num_pkts) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) if tc.config.flow.IsIflow(): print("This is iflow") tcbid = "TcpCb%04d" % id tlscbid = "TlsCb%04d" % id other_tcbid = "TcpCb%04d" % (id + 1) other_tlscbid = "TlsCb%04d" % (id + 1) else: print("This is rflow") tcbid = "TcpCb%04d" % (id + 1) tlscbid = "TlsCb%04d" % (id + 1) other_tcbid = "TcpCb%04d" % id other_tlscbid = "TlsCb%04d" % id same_flow = False if tc.pvtdata.same_flow: other_tcbid = tcbid other_tlscbid = tlscbid same_flow = True tlscbid = "TlsCb%04d" % id tlscb = tc.pvtdata.db[tlscbid] tlscb_cur = tc.infra_data.ConfigStore.objects.db[tlscbid] other_tlscb = tc.pvtdata.db[other_tlscbid] other_tlscb_cur = tc.infra_data.ConfigStore.objects.db[other_tlscbid] print("pre-sync: tnmdpr_alloc %d enc_requests %d mac_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests, tlscb_cur.mac_requests)) print("pre-sync: rnmdpr_free %d enc_completions %d mac_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions, tlscb_cur.mac_completions)) print("pre-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread)) tlscb_cur.GetObjValPd() other_tlscb_cur.GetObjValPd() print("post-sync: tnmdpr_alloc %d enc_requests %d mac_requests %d" % (tlscb_cur.tnmdpr_alloc, tlscb_cur.enc_requests, tlscb_cur.mac_requests)) print("post-sync: rnmdpr_free %d enc_completions %d mac_completions %d" % (tlscb_cur.rnmdpr_free, tlscb_cur.enc_completions, tlscb_cur.mac_completions)) print("post-sync: pre_debug_stage0_7_thread 0x%x post_debug_stage0_7_thread 0x%x" % (tlscb_cur.pre_debug_stage0_7_thread, tlscb_cur.post_debug_stage0_7_thread)) print("snapshot3: tnmdpr_alloc %d enc_requests %d mac_requests %d" % (tlscb.tnmdpr_alloc, tlscb.enc_requests, tlscb.mac_requests)) print("snapshot3: rnmdpr_free %d enc_completions %d mac_completions %d" % (tlscb.rnmdpr_free, tlscb.enc_completions, tlscb.mac_completions)) # 0. Verify the counters #if ((tlscb_cur.tnmdpr_alloc - tlscb.tnmdpr_alloc) != (tlscb_cur.rnmdpr_free - tlscb.rnmdpr_free)): #print("tnmdpr alloc increment not same as rnmdpr free increment") #return False #if ((tlscb_cur.tnmdpr_alloc - tlscb.tnmdpr_alloc) != (tlscb_cur.rnmdpr_free - tlscb.rnmdpr_free)): #print("tnmdpr alloc increment not same as rnmdpr free increment") #return False if ((tlscb_cur.enc_requests - tlscb.enc_requests) != (tlscb_cur.enc_completions - tlscb.enc_completions)): print("enc requests not equal to completions %d %d %d %d" % (tlscb_cur.enc_requests, tlscb.enc_requests, tlscb_cur.enc_completions, tlscb.enc_completions)) return False if ((tlscb_cur.mac_requests - tlscb.mac_requests) != (tlscb_cur.mac_completions - tlscb.mac_completions)): print("mac requests not equal to completions %d %d %d %d" % (tlscb_cur.mac_requests, tlscb.mac_requests, tlscb_cur.mac_completions, tlscb.mac_completions)) return False # 1. Verify threading # When using random value for IV, there will be an additional DRBG table read program launched if tc.module.args.cipher_suite == "CBC": pre_debug_stage0_7_thread = 0x111911 elif ((tlscb.debug_dol & tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random) == tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random): pre_debug_stage0_7_thread = 0x173311 else: pre_debug_stage0_7_thread = 0x153311 if (tlscb_cur.pre_debug_stage0_7_thread != pre_debug_stage0_7_thread): print("pre crypto pipeline threading was not ok 0x%x" % tlscb_cur.pre_debug_stage0_7_thread) return False if (tlscb_cur.post_debug_stage0_7_thread != 0x1111111): print("post crypto pipeline threading was not ok 0x%x" % tlscb_cur.post_debug_stage0_7_thread) return False tcbid = "TcpCb%04d" % id tcb = tc.pvtdata.db[tcbid] # 2. Verify pi/ci got update got updated for SESQ tcb_cur = tc.infra_data.ConfigStore.objects.db[tcbid] print("pre-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci)) tcb_cur.GetObjValPd() print("post-sync: tcb_cur.sesq_pi %d tcb_cur.sesq_ci %d" % (tcb_cur.sesq_pi, tcb_cur.sesq_ci)) if (tcb_cur.sesq_pi != (tcb.sesq_pi+1) or tcb_cur.sesq_ci != (tcb.sesq_ci+1)): print("sesq pi/ci not as expected") #VijayV to enable this test after ci is fixed in p4+ #return False # 3. Fetch current values from Platform rnmdpr_cur = tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"] rnmdpr_cur.GetMeta() rnmdpr = tc.pvtdata.db["RNMDPR_BIG"] tnmdpr_cur = tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"] tnmdpr_cur.GetMeta() if tc.module.args.cipher_suite == "CCM": brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CCM"] elif tc.module.args.cipher_suite == "CBC": brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_CBC"] else: brq_cur = tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"] brq_cur.GetMeta() if brq_cur.pi > 0: brq_cur.GetRingEntries([brq_cur.pi - num_pkts, brq_cur.pi - 1, brq_cur.pi]) else: brq_cur.GetRingEntries([brq_cur.pi]) tnmdpr = tc.pvtdata.db["TNMDPR_BIG"] # 4. Verify PI for RNMDPR_BIG got incremented by num_pkts if (rnmdpr_cur.pi != rnmdpr.pi+num_pkts): print("RNMDPR_BIG pi check failed old %d new %d" % (rnmdpr.pi, rnmdpr_cur.pi)) return False # 5. Verify PI for TNMDPR_BIG got incremented by num_pkts if (tnmdpr_cur.pi != tnmdpr.pi+num_pkts): print("TNMDPR_BIG pi check failed old %d new %d" % (tnmdpr.pi, tnmdpr_cur.pi)) return False print("BRQ: Current PI %d" % brq_cur.pi) # 7. Verify descriptor on the BRQ if (rnmdpr.ringentries[rnmdpr.pi].handle != (brq_cur.ring_entries[brq_cur.pi-num_pkts].ilist_addr - 0x40)): print("RNMDPR_BIG Check: Descriptor handle not as expected in ringentries 0x%x 0x%x" % (rnmdpr.ringentries[rnmdpr.pi].handle, brq_cur.ring_entries[brq_cur.pi-num_pkts].ilist_addr)) return False # 8. Verify descriptor on the BRQ if (tnmdpr.ringentries[tnmdpr.pi].handle != (brq_cur.ring_entries[brq_cur.pi-num_pkts].olist_addr - 0x40)): print("TNMDPR_BIG Check: Descriptor handle not as expected in ringentries 0x%x 0x%x" % (tnmdpr.ringentries[tnmdpr.pi].handle, brq_cur.ring_entries[brq_cur.pi-num_pkts].olist_addr)) return False # 9. Verify BRQ Descriptor Command field if brq_cur.ring_entries[brq_cur.pi-1].command != tlscb.command: # In case of AES-CBC-HMAC_SHA2 cipher (MAC-then-encrypt), there is software chaining of 2 barco # passes, HMAC in the 1st pass, and AES-CBC in the 2nd pass, hence barco command will be AES-CBC if tc.module.args.cipher_suite != "CBC" or brq_cur.ring_entries[brq_cur.pi-1].command != 0x1000000: print("BRQ Command Check: Failed : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].command, tlscb.command)) return False # 10. Verify BRQ Descriptor Key Index field if brq_cur.ring_entries[brq_cur.pi-1].key_desc_index != tlscb.crypto_key_idx: print("BRQ Crypto Key Index Check: Failed : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].key_desc_index, tlscb.crypto_key_idx)) return False # 11. Verify BRQ Descriptor HMAC Key Index field # Activate this check when HW support for AES-CBC-HMAC-SHA2, currently we use software chaining #if brq_cur.ring_entries[brq_cur.pi-1].second_key_desc_index != tlscb.crypto_hmac_key_idx: #print("BRQ Crypto HMAC Key Index Check: Failed : Got: 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].second_key_desc_index, tlscb.crypto_hmac_key_idx)) #return False # 12. Verify Salt # In case of AES-CBC-HMAC-SHA2 ciphers, we use random IV with no salt. if brq_cur.ring_entries[brq_cur.pi-1].salt != tlscb.salt and tc.module.args.cipher_suite != "CBC": print("Salt Check Failed: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].salt, tlscb.salt)) return False print("Salt Check Success: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].salt, tlscb.salt)) # 13. Verify Explicit IV tls_explicit_iv = tlscb.explicit_iv # When using random value for IV from DRBG or AES-CBC-HMAC-SHA2 cipher, the IV field from tlscb will not match, as expected. if ((tlscb.debug_dol & tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random) != tcp_tls_proxy.tls_debug_dol_explicit_iv_use_random): if brq_cur.ring_entries[brq_cur.pi-num_pkts].explicit_iv != tls_explicit_iv: print("Explicit IV Check Failed: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-num_pkts].explicit_iv, tls_explicit_iv)) return False else: # Since the random-number generated by model/RTL are different, we've to ignore the IV comparison for RTL tests model_wrap.eos_ignore_addr(brq_cur.ring_entries[brq_cur.pi-num_pkts].iv_addr, 8092) print("Add opage 0x%x, size 8KB to model EOS-ignore addr-list" % (brq_cur.ring_entries[brq_cur.pi-num_pkts].iv_addr)) print("RNMDPR.pi 0x%x\n"% rnmdpr.pi) rnmdpr_cur.GetRingEntries([rnmdpr.pi]) rnmdpr_cur.GetRingEntryAOL([rnmdpr.pi]) model_wrap.eos_ignore_addr(rnmdpr_cur.swdre_list[rnmdpr.pi].DescAddr, 8092) print("Add IV-addr 0x%x, size 8KB to model EOS-ignore addr-list" % (rnmdpr_cur.swdre_list[rnmdpr.pi].DescAddr)) print("Explicit IV Check Success: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-num_pkts].explicit_iv, tls_explicit_iv)) # 14. Verify header size, this is the AAD size and is 13 bytes # In case of AES-CBC-HMAC-SHA2 (MAC-then-encrypt) ciphers, there is no header with # software-chaining in the 2nd pass of barco (AES-CBC encrypt). # In case of AES-CCM, TLS uses a fixed header size of 2 16-byte blocks including AAD. if tc.module.args.cipher_suite == "CBC": hdr_size = 0x0 elif tc.module.args.cipher_suite == "CCM": hdr_size = 0x20 else: hdr_size = 0xd if brq_cur.ring_entries[brq_cur.pi-1].header_size != hdr_size: print("Header Size Check Failed: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].header_size, hdr_size)) return False else: print("Header Size Check Success: Got 0x%x, Expected: 0x%x" % (brq_cur.ring_entries[brq_cur.pi-1].header_size, hdr_size)) # 15. Barco Status check if brq_cur.ring_entries[brq_cur.pi-1].barco_status != 0: print("Barco Status Check Failed: Got 0x%x, Expected: 0" % (brq_cur.ring_entries[brq_cur.pi-1].barco_status)) return False else: print("Barco Status Check Success: Got 0x%x, Expected: 0" % (brq_cur.ring_entries[brq_cur.pi-1].barco_status)) # 16. Verify page #if rnmdpr.ringentries[0].handle != brq_cur.swdre_list[0].Addr1: # print("Page handle not as expected in brq_cur.swdre_list") #return False return True
def TestCaseSetup(tc): tc.pvtdata = ObjectDatabase() tcp_proxy.SetupProxyArgs(tc) id = ProxyCbServiceHelper.GetFlowInfo(tc.config.flow._FlowObject__session) TcpCbHelper.main(id) tcbid = "TcpCb%04d" % id # 1. Configure TCB in HBM before packet injection tcb = tc.infra_data.ConfigStore.objects.db[tcbid] tcp_proxy.init_tcb_inorder(tc, tcb) tcb.debug_dol_tx |= tcp_proxy.tcp_tx_debug_dol_dont_send_ack # set tcb state to ESTABLISHED(1) tcb.state = 1 tcb.SetObjValPd() # 2. Clone objects that are needed for verification rnmdpr_big = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["RNMDPR_BIG"]) rnmdpr_big.GetMeta() rnmdpr_big.GetRingEntries([rnmdpr_big.pi]) tnmdpr = copy.deepcopy(tc.infra_data.ConfigStore.objects.db["TNMDPR_BIG"]) tnmdpr.GetMeta() brq = copy.deepcopy( tc.infra_data.ConfigStore.objects.db["BRQ_ENCRYPT_GCM"]) brq.GetMeta() brq.GetRingEntries([brq.pi]) tcpcb = copy.deepcopy(tcb) tcpcb.GetObjValPd() tlscbid = "TlsCb%04d" % id tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid]) # Key Setup key_type = types_pb2.CRYPTO_KEY_TYPE_AES128 key_size = 16 key = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' tlscb.crypto_key.Update(key_type, key_size, key) # TLS-CB Setup tlscb.command = 0x30000000 tlscb.crypto_key_idx = tlscb.crypto_key.keyindex tlscb.salt = 0x12345678 tlscb.explicit_iv = 0xfedcba9876543210 tlscb.enc_requests = 0 tlscb.enc_completions = 0 tlscb.serq_pi = 0 tlscb.serq_ci = 0 tlscb.debug_dol = tcp_tls_proxy.tls_debug_dol_bypass_barco | \ tcp_tls_proxy.tls_debug_dol_bypass_proxy | \ tcp_tls_proxy.tls_debug_dol_sesq_stop tlscb.other_fid = 0xffff tlscb.is_decrypt_flow = False tlscb.SetObjValPd() tlscb = copy.deepcopy(tc.infra_data.ConfigStore.objects.db[tlscbid]) tlscb.GetObjValPd() tc.pvtdata.Add(tlscb) tc.pvtdata.Add(rnmdpr_big) tc.pvtdata.Add(tnmdpr) tc.pvtdata.Add(tcpcb) tc.pvtdata.Add(brq) return