From: Archana Muniganti <marchana@marvell.com>
To: <marko.kovacevic@intel.com>, <akhil.goyal@nxp.com>
Cc: Sucharitha Sarananaga <ssarananaga@marvell.com>,
<anoobj@marvell.com>, <jerinj@marvell.com>, <dev@dpdk.org>,
<stable@dpdk.org>, Abed Kamaluddin <akamaluddin@marvell.com>,
Archana Muniganti <marchana@marvell.com>
Subject: [dpdk-dev] [PATCH] examples/fips_validation: add AES XTS support
Date: Tue, 7 Jan 2020 15:08:43 +0530 [thread overview]
Message-ID: <1578389923-18041-1-git-send-email-marchana@marvell.com> (raw)
From: Sucharitha Sarananaga <ssarananaga@marvell.com>
AES XTS support is added to fips application. Parse test-vectors
from input files, populate AES XTS tests and prepare AES XTS
operations for fips validation.
Signed-off-by: Abed Kamaluddin <akamaluddin@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
---
examples/fips_validation/Makefile | 1 +
examples/fips_validation/fips_validation.c | 6 ++
examples/fips_validation/fips_validation.h | 4 +
examples/fips_validation/fips_validation_xts.c | 119 +++++++++++++++++++++++++
examples/fips_validation/main.c | 45 ++++++++++
examples/fips_validation/meson.build | 1 +
6 files changed, 176 insertions(+)
create mode 100644 examples/fips_validation/fips_validation_xts.c
diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile
index 1385e8c..c207d11 100644
--- a/examples/fips_validation/Makefile
+++ b/examples/fips_validation/Makefile
@@ -14,6 +14,7 @@ SRCS-y += fips_validation_cmac.c
SRCS-y += fips_validation_ccm.c
SRCS-y += fips_validation_sha.c
SRCS-y += fips_dev_self_test.c
+SRCS-y += fips_validation_xts.c
SRCS-y += main.c
# Build using pkg-config variables if possible
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 07ffa62..ef24b72 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -150,6 +150,12 @@
ret = parse_test_sha_init();
if (ret < 0)
return ret;
+ } else if (strstr(info.vec[i], "XTS")) {
+ algo_parsed = 1;
+ info.algo = FIPS_TEST_ALGO_AES_XTS;
+ ret = parse_test_xts_init();
+ if (ret < 0)
+ return ret;
}
}
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index d487fb0..5aee955 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -31,6 +31,7 @@ enum fips_test_algorithms {
FIPS_TEST_ALGO_HMAC,
FIPS_TEST_ALGO_TDES,
FIPS_TEST_ALGO_SHA,
+ FIPS_TEST_ALGO_AES_XTS,
FIPS_TEST_ALGO_MAX
};
@@ -223,6 +224,9 @@ struct fips_test_interim_info {
parse_test_sha_init(void);
int
+parse_test_xts_init(void);
+
+int
parser_read_uint8_hex(uint8_t *value, const char *p);
int
diff --git a/examples/fips_validation/fips_validation_xts.c b/examples/fips_validation/fips_validation_xts.c
new file mode 100644
index 0000000..5bb1966
--- /dev/null
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -0,0 +1,119 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2020 Marvell International Ltd.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+
+#include <rte_cryptodev.h>
+
+#include "fips_validation.h"
+
+#define MODE_STR "XTS"
+#define ALGO_STR "test data for "
+#define OP_STR "State"
+#define KEY_SIZE_STR "Key Length : "
+
+#define COUNT_STR "COUNT = "
+#define KEY_STR "Key = "
+#define IV_STR "i = "
+#define PT_STR "PT = "
+#define CT_STR "CT = "
+
+#define OP_ENC_STR "ENCRYPT"
+#define OP_DEC_STR "DECRYPT"
+
+static int
+parse_interim_xts_enc_dec(const char *key,
+ __rte_unused char *text,
+ __rte_unused struct fips_val *val)
+{
+ if (strcmp(key, OP_ENC_STR) == 0)
+ info.op = FIPS_TEST_ENC_AUTH_GEN;
+ else if (strcmp(key, OP_DEC_STR) == 0)
+ info.op = FIPS_TEST_DEC_AUTH_VERIF;
+ else
+ return -1;
+ return 0;
+}
+
+struct fips_test_callback xts_tests_vectors[] = {
+ {KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
+ {IV_STR, parse_uint8_hex_str, &vec.iv},
+ {PT_STR, parse_uint8_hex_str, &vec.pt},
+ {CT_STR, parse_uint8_hex_str, &vec.ct},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback xts_tests_interim_vectors[] = {
+ {OP_ENC_STR, parse_interim_xts_enc_dec, NULL},
+ {OP_DEC_STR, parse_interim_xts_enc_dec, NULL},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback xts_writeback_callbacks[] = {
+ /** First element is used to pass COUNT string */
+ {COUNT_STR, NULL, NULL},
+ {IV_STR, writeback_hex_str, &vec.iv},
+ {KEY_STR, writeback_hex_str, &vec.cipher_auth.key},
+ {PT_STR, writeback_hex_str, &vec.pt},
+ {CT_STR, writeback_hex_str, &vec.ct},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_xts_writeback(struct fips_val *val)
+{
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN)
+ fprintf(info.fp_wr, "%s", CT_STR);
+ else
+ fprintf(info.fp_wr, "%s", PT_STR);
+
+ parse_write_hex_str(val);
+ return 0;
+}
+
+static int
+rsp_test_xts_check(struct fips_val *val)
+{
+ struct fips_val *data;
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN)
+ data = &vec.ct;
+ else
+ data = &vec.pt;
+
+ if (memcmp(val->val, data->val, val->len) == 0)
+ fprintf(info.fp_wr, "Success\n");
+ else
+ fprintf(info.fp_wr, "Failed\n");
+ return 0;
+}
+
+int parse_test_xts_init(void)
+{
+ char *tmp;
+ uint32_t i;
+ for (i = 0; i < info.nb_vec_lines; i++) {
+ char *line = info.vec[i];
+ tmp = strstr(line, KEY_SIZE_STR);
+ if (tmp) {
+ tmp += (strlen(KEY_SIZE_STR) + strlen("AES"));
+ if (parser_read_uint32(
+ &info.interim_info.aes_data.key_len,
+ tmp) < 0)
+ return -EINVAL;
+ info.interim_info.aes_data.key_len =
+ (info.interim_info.aes_data.key_len*2) / 8;
+ continue;
+ }
+
+ }
+ info.parse_writeback = parse_test_xts_writeback;
+ info.callbacks = xts_tests_vectors;
+ info.interim_callbacks = xts_tests_interim_vectors;
+ info.writeback_callbacks = xts_writeback_callbacks;
+ info.kat_check = rsp_test_xts_check;
+
+ return 0;
+}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 9a2c8da..f9b2056 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -912,6 +912,46 @@ struct fips_test_ops {
return 0;
}
+static int
+prepare_xts_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_cipher_xform *cipher_xform = &xform->cipher;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_XTS;
+ cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_CIPHER_OP_ENCRYPT :
+ RTE_CRYPTO_CIPHER_OP_DECRYPT;
+ cipher_xform->key.data = vec.cipher_auth.key.val;
+ cipher_xform->key.length = vec.cipher_auth.key.len;
+ cipher_xform->iv.length = vec.iv.len;
+ cipher_xform->iv.offset = IV_OFF;
+
+ cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_XTS;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_cipher(cap,
+ cipher_xform->key.length,
+ cipher_xform->iv.length) != 0) {
+ RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+ info.device_name, cipher_xform->key.length,
+ cipher_xform->iv.length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
static void
get_writeback_data(struct fips_val *val)
{
@@ -1486,6 +1526,11 @@ struct fips_test_ops {
else
test_ops.test = fips_generic_test;
break;
+ case FIPS_TEST_ALGO_AES_XTS:
+ test_ops.prepare_op = prepare_cipher_op;
+ test_ops.prepare_xform = prepare_xts_xform;
+ test_ops.test = fips_generic_test;
+ break;
default:
if (strstr(info.file_name, "TECB") ||
strstr(info.file_name, "TCBC")) {
diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build
index 6dd6308..e2745d2 100644
--- a/examples/fips_validation/meson.build
+++ b/examples/fips_validation/meson.build
@@ -17,6 +17,7 @@ sources = files(
'fips_validation_cmac.c',
'fips_validation_ccm.c',
'fips_validation_sha.c',
+ 'fips_validation_xts.c',
'fips_dev_self_test.c',
'main.c'
)
--
1.8.3.1
next reply other threads:[~2020-01-07 14:51 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-07 9:38 Archana Muniganti [this message]
2020-01-15 14:47 ` Akhil Goyal
2020-02-05 12:26 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1578389923-18041-1-git-send-email-marchana@marvell.com \
--to=marchana@marvell.com \
--cc=akamaluddin@marvell.com \
--cc=akhil.goyal@nxp.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=jerinj@marvell.com \
--cc=marko.kovacevic@intel.com \
--cc=ssarananaga@marvell.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).