From patchwork Thu Dec  7 13:02:13 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Anoob Joseph <anoobj@marvell.com>
X-Patchwork-Id: 134923
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 9AABC43699;
	Thu,  7 Dec 2023 14:04:10 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id DB9A842F47;
	Thu,  7 Dec 2023 14:02:56 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id 9CF7642F49
 for <dev@dpdk.org>; Thu,  7 Dec 2023 14:02:55 +0100 (CET)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 3B79PGfa032074; Thu, 7 Dec 2023 05:02:55 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=u5z/S5wcVKEVQ7qP0OsRHQJo75n4qoFiLnM2xPw97IQ=;
 b=HB0dcfkynHwIT6f5rJ8DyHCg0kmnwGgDHLDXfMHzop1STK8Ts2wIrOzvTwk5k1iNXdTG
 MJf99/OP1Xq1qG/+EOs8vPX86RhuVEg2vH0SYJuo8HXvoaxaJrfE/yRN4zTL2jWOdjm5
 SVbt7U1Fks4INMwZN1u0FfZW2wlFQHJTSuIeDFOA1w7DtpRHsAUMgP/tjthtvC/+0cS3
 vEvUdo+HMBEraI/YLZaP5Br2MrMszmJSaU5Pl5SeIszGuhJZdrig0wiHvKs3LYjpzxDn
 018fdMS2N2iGM+Z2B3cx2SOMQ1ndfOUpF2nG6goCuO5xJfh1O5AjhxQ2IfI4x7nX0Bvr WA==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3uubdd8n6j-2
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Thu, 07 Dec 2023 05:02:54 -0800
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Thu, 7 Dec 2023 05:02:53 -0800
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Thu, 7 Dec 2023 05:02:53 -0800
Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189])
 by maili.marvell.com (Postfix) with ESMTP id A4B4F3F7051;
 Thu,  7 Dec 2023 05:02:50 -0800 (PST)
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>
CC: Harry van Haaren <harry.van.haaren@intel.com>, Hemant Agrawal
 <hemant.agrawal@nxp.com>, Konstantin Ananyev
 <konstantin.v.ananyev@yandex.ru>, <dev@dpdk.org>, Vidya Sagar Velumuri
 <vvelumuri@marvell.com>
Subject: [PATCH 11/14] test/crypto: add verification of TLS headers
Date: Thu, 7 Dec 2023 18:32:13 +0530
Message-ID: <20231207130216.140-12-anoobj@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20231207130216.140-1-anoobj@marvell.com>
References: <20231207130216.140-1-anoobj@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: E08M3jqWi4ojqFACjgfJODP4OyAnw9iS
X-Proofpoint-GUID: E08M3jqWi4ojqFACjgfJODP4OyAnw9iS
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Add verification of TLS headers in protocol offload tests.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 app/test/test_cryptodev_security_tls_record.c | 118 +++++++++++++++++-
 1 file changed, 117 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev_security_tls_record.c b/app/test/test_cryptodev_security_tls_record.c
index 6f106050c2..bcb2eba4ff 100644
--- a/app/test/test_cryptodev_security_tls_record.c
+++ b/app/test/test_cryptodev_security_tls_record.c
@@ -3,6 +3,8 @@
  */
 
 #include <rte_crypto.h>
+#include <rte_dtls.h>
+#include <rte_tls.h>
 
 #include "test.h"
 #include "test_cryptodev_security_tls_record.h"
@@ -62,8 +64,8 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 			   const struct tls_record_test_flags *flags,
 			   struct tls_record_test_data *td_array, int nb_td)
 {
+	int i, min_padding, hdr_len, tls_pkt_size, mac_len = 0, exp_nonce_len = 0, roundup_len = 0;
 	struct tls_record_test_data *td = NULL;
-	int i;
 
 	memset(td_array, 0, nb_td * sizeof(*td));
 
@@ -94,6 +96,59 @@ test_tls_record_td_prepare(const struct crypto_param *param1, const struct crypt
 		}
 	}
 
+	tls_pkt_size = td->input_text.len;
+
+	if (!td->aead) {
+		mac_len = td->xform.chain.auth.auth.digest_length;
+		switch (td->xform.chain.cipher.cipher.algo) {
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
+			roundup_len = 8;
+			exp_nonce_len = 8;
+			break;
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+			roundup_len = 16;
+			exp_nonce_len = 16;
+			break;
+		default:
+			roundup_len = 0;
+			exp_nonce_len = 0;
+			break;
+		}
+	} else {
+		mac_len = td->xform.aead.aead.digest_length;
+		exp_nonce_len = 8;
+	}
+
+	switch (td->tls_record_xform.ver) {
+	case RTE_SECURITY_VERSION_TLS_1_2:
+	case RTE_SECURITY_VERSION_TLS_1_3:
+		hdr_len = sizeof(struct rte_tls_hdr);
+		min_padding = 1;
+		break;
+	case RTE_SECURITY_VERSION_DTLS_1_2:
+		hdr_len = sizeof(struct rte_dtls_hdr);
+		min_padding = 0;
+		break;
+	default:
+		hdr_len = 0;
+		min_padding = 0;
+		break;
+	}
+
+	tls_pkt_size += mac_len;
+
+	/* Padding */
+	tls_pkt_size += min_padding;
+	tls_pkt_size = RTE_ALIGN_MUL_CEIL(tls_pkt_size, roundup_len);
+
+	/* Explicit nonce */
+	tls_pkt_size += exp_nonce_len;
+
+	/* Add TLS header */
+	tls_pkt_size += hdr_len;
+
+	td->output_text.len = tls_pkt_size;
+
 	RTE_SET_USED(flags);
 }
 
@@ -160,6 +215,60 @@ test_tls_record_res_d_prepare(const uint8_t *output_text, uint32_t len,
 
 	return TEST_SUCCESS;
 }
+static int
+tls_record_hdr_verify(const struct tls_record_test_data *td, const uint8_t *output_text)
+{
+	uint16_t length, hdr_len;
+	uint8_t content_type;
+
+	if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_2) {
+		const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text;
+		if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_2) {
+			printf("Incorrect header version [expected - %4x, received - %4x]\n",
+			       RTE_TLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version));
+			return TEST_FAILED;
+		}
+		content_type = hdr->type;
+		length = rte_be_to_cpu_16(hdr->length);
+		hdr_len = sizeof(struct rte_tls_hdr);
+	} else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_TLS_1_3) {
+		const struct rte_tls_hdr *hdr = (const struct rte_tls_hdr *)output_text;
+		if (rte_be_to_cpu_16(hdr->version) != RTE_TLS_VERSION_1_3) {
+			printf("Incorrect header version [expected - %4x, received - %4x]\n",
+			       RTE_TLS_VERSION_1_3, rte_be_to_cpu_16(hdr->version));
+			return TEST_FAILED;
+		}
+		content_type = hdr->type;
+		length = rte_be_to_cpu_16(hdr->length);
+		hdr_len = sizeof(struct rte_tls_hdr);
+	} else if (td->tls_record_xform.ver == RTE_SECURITY_VERSION_DTLS_1_2) {
+		const struct rte_dtls_hdr *hdr = (const struct rte_dtls_hdr *)output_text;
+		if (rte_be_to_cpu_16(hdr->version) != RTE_DTLS_VERSION_1_2) {
+			printf("Incorrect header version [expected - %4x, received - %4x]\n",
+			       RTE_DTLS_VERSION_1_2, rte_be_to_cpu_16(hdr->version));
+			return TEST_FAILED;
+		}
+		content_type = hdr->type;
+		length = rte_be_to_cpu_16(hdr->length);
+		hdr_len = sizeof(struct rte_dtls_hdr);
+	} else {
+		return TEST_FAILED;
+	}
+
+	if (content_type != td->app_type) {
+		printf("Incorrect content type in packet [expected - %d, received - %d]\n",
+		       td->app_type, content_type);
+		return TEST_FAILED;
+	}
+
+	if (length != td->output_text.len - hdr_len) {
+		printf("Incorrect packet length [expected - %d, received - %d]\n",
+		       td->output_text.len - hdr_len, length);
+		return TEST_FAILED;
+	}
+
+	return TEST_SUCCESS;
+}
 
 int
 test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_test_data *td,
@@ -169,6 +278,7 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t
 	uint8_t output_text[TLS_RECORD_MAX_LEN];
 	const struct rte_mbuf *seg;
 	const uint8_t *output;
+	int ret;
 
 	memset(output_text, 0, TLS_RECORD_MAX_LEN);
 
@@ -193,6 +303,12 @@ test_tls_record_post_process(const struct rte_mbuf *m, const struct tls_record_t
 		memcpy(output_text, output, len);
 	}
 
+	if (td->tls_record_xform.type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) {
+		ret = tls_record_hdr_verify(td, output_text);
+		if (ret != TEST_SUCCESS)
+			return ret;
+	}
+
 	/*
 	 * In case of known vector tests & all record read (decrypt) tests, res_d provided would be
 	 * NULL and output data need to be validated against expected. For record read (decrypt),