* [dpdk-dev] [PATCH 1/8] examples/fips_validation: separation between HMAC-SHA and SHA
2019-09-19 12:12 [dpdk-dev] [PATCH 0/8] Fips validation fixes michaelsh
@ 2019-09-19 12:12 ` michaelsh
2019-09-19 12:12 ` [dpdk-dev] [PATCH 2/8] examples/fips_validation: fix structs used for AES-GCM michaelsh
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: michaelsh @ 2019-09-19 12:12 UTC (permalink / raw)
To: akhil.goyal; +Cc: stable, dev, marko.kovacevic, lironh, michaelsh
From: Michael Shamis <michaelsh@marvell.com>
Fix: SHA initialization will not be called in case of HAMC-SHA
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
---
examples/fips_validation/fips_validation.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 8d43b267e..80fd482a1 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -145,11 +145,13 @@ fips_test_parse_header(void)
if (ret < 0)
return 0;
} else if (strstr(info.vec[i], "SHA-")) {
- algo_parsed = 1;
- info.algo = FIPS_TEST_ALGO_SHA;
- ret = parse_test_sha_init();
- if (ret < 0)
- return ret;
+ if (info.algo != FIPS_TEST_ALGO_HMAC) {
+ algo_parsed = 1;
+ info.algo = FIPS_TEST_ALGO_SHA;
+ ret = parse_test_sha_init();
+ if (ret < 0)
+ return ret;
+ }
}
}
--
2.23.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [dpdk-dev] [PATCH 2/8] examples/fips_validation: fix structs used for AES-GCM
2019-09-19 12:12 [dpdk-dev] [PATCH 0/8] Fips validation fixes michaelsh
2019-09-19 12:12 ` [dpdk-dev] [PATCH 1/8] examples/fips_validation: separation between HMAC-SHA and SHA michaelsh
@ 2019-09-19 12:12 ` michaelsh
2019-09-19 12:12 ` [dpdk-dev] [PATCH 3/8] examples/fips_validation: initialize IV " michaelsh
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: michaelsh @ 2019-09-19 12:12 UTC (permalink / raw)
To: akhil.goyal; +Cc: stable, dev, marko.kovacevic, lironh, michaelsh
From: Michael Shamis <michaelsh@marvell.com>
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
---
examples/fips_validation/fips_validation_gcm.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/examples/fips_validation/fips_validation_gcm.c b/examples/fips_validation/fips_validation_gcm.c
index 0509b101a..ea48ddf70 100644
--- a/examples/fips_validation/fips_validation_gcm.c
+++ b/examples/fips_validation/fips_validation_gcm.c
@@ -34,29 +34,29 @@
#define NEG_TEST_STR "FAIL"
struct fips_test_callback gcm_dec_vectors[] = {
- {KEY_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
+ {KEY_STR, parse_uint8_known_len_hex_str, &vec.aead.key},
{IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
{CT_STR, parse_uint8_known_len_hex_str, &vec.ct},
- {AAD_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.aad},
+ {AAD_STR, parse_uint8_known_len_hex_str, &vec.aead.aad},
{TAG_STR, parse_uint8_known_len_hex_str,
- &vec.cipher_auth.digest},
+ &vec.aead.digest},
{NULL, NULL, NULL} /**< end pointer */
};
struct fips_test_callback gcm_interim_vectors[] = {
- {KEYLEN_STR, parser_read_uint32_bit_val, &vec.cipher_auth.key},
+ {KEYLEN_STR, parser_read_uint32_bit_val, &vec.aead.key},
{IVLEN_STR, parser_read_uint32_bit_val, &vec.iv},
{PTLEN_STR, parser_read_uint32_bit_val, &vec.pt},
- {AADLEN_STR, parser_read_uint32_bit_val, &vec.cipher_auth.aad},
+ {AADLEN_STR, parser_read_uint32_bit_val, &vec.aead.aad},
{TAGLEN_STR, parser_read_uint32_bit_val,
- &vec.cipher_auth.digest},
+ &vec.aead.digest},
{NULL, NULL, NULL} /**< end pointer */
};
struct fips_test_callback gcm_enc_vectors[] = {
- {KEY_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
+ {KEY_STR, parse_uint8_known_len_hex_str, &vec.aead.key},
{IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
{PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
- {AAD_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.aad},
+ {AAD_STR, parse_uint8_known_len_hex_str, &vec.aead.aad},
{NULL, NULL, NULL} /**< end pointer */
};
--
2.23.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [dpdk-dev] [PATCH 3/8] examples/fips_validation: initialize IV for AES-GCM
2019-09-19 12:12 [dpdk-dev] [PATCH 0/8] Fips validation fixes michaelsh
2019-09-19 12:12 ` [dpdk-dev] [PATCH 1/8] examples/fips_validation: separation between HMAC-SHA and SHA michaelsh
2019-09-19 12:12 ` [dpdk-dev] [PATCH 2/8] examples/fips_validation: fix structs used for AES-GCM michaelsh
@ 2019-09-19 12:12 ` michaelsh
2019-09-19 12:12 ` [dpdk-dev] [PATCH 4/8] examples/fips_validation: move digest after cipher text michaelsh
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: michaelsh @ 2019-09-19 12:12 UTC (permalink / raw)
To: akhil.goyal; +Cc: stable, dev, marko.kovacevic, lironh, michaelsh
From: Michael Shamis <michaelsh@marvell.com>
Configurated AES-GCM IV may include only salt value which length
is 12B. In this case driver should set second part of IV to
initial value = 0x1.
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
---
examples/fips_validation/main.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 813534068..193f36ed7 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -25,6 +25,7 @@
#define CRYPTODEV_BK_DIR_KEY "broken-test-dir"
#define CRYPTODEV_ENC_KEYWORD "enc"
#define CRYPTODEV_DEC_KEYWORD "dec"
+#define IV_SALT_LEN 12
struct fips_test_vector vec;
struct fips_test_interim_info info;
@@ -580,10 +581,16 @@ prepare_aead_op(void)
__rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
rte_pktmbuf_reset(env.mbuf);
- if (info.algo == FIPS_TEST_ALGO_AES_CCM)
+ if (info.algo == FIPS_TEST_ALGO_AES_CCM) {
memcpy(iv + 1, vec.iv.val, vec.iv.len);
- else
+ } else {
memcpy(iv, vec.iv.val, vec.iv.len);
+ /* Set initial IV if specified only salt IV value */
+ if (vec.iv.len == IV_SALT_LEN) {
+ memset(&iv[vec.iv.len], 0, 4);
+ iv[vec.iv.len + 3] = 1;
+ }
+ }
sym->m_src = env.mbuf;
sym->aead.data.offset = 0;
--
2.23.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [dpdk-dev] [PATCH 4/8] examples/fips_validation: move digest after cipher text
2019-09-19 12:12 [dpdk-dev] [PATCH 0/8] Fips validation fixes michaelsh
` (2 preceding siblings ...)
2019-09-19 12:12 ` [dpdk-dev] [PATCH 3/8] examples/fips_validation: initialize IV " michaelsh
@ 2019-09-19 12:12 ` michaelsh
2019-09-19 12:12 ` [dpdk-dev] [PATCH 5/8] examples/fips_validation: fix AES-GCM decryption vector michaelsh
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: michaelsh @ 2019-09-19 12:12 UTC (permalink / raw)
To: akhil.goyal; +Cc: stable, dev, marko.kovacevic, lironh, michaelsh
From: Michael Shamis <michaelsh@marvell.com>
Fix of GCM FIPS bug: ICV was not copied after the crypto text
in decryption operation so driver failed to check authentication
in GCM mode.
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
---
examples/fips_validation/main.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 193f36ed7..6313ebf66 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -636,6 +636,10 @@ prepare_aead_op(void)
}
memcpy(ct, vec.ct.val, vec.ct.len);
+
+ /* keep digest after crypto text */
+ memcpy(ct + vec.ct.len, vec.aead.digest.val,
+ vec.aead.digest.len);
sym->aead.data.length = vec.ct.len;
sym->aead.digest.data = vec.aead.digest.val;
sym->aead.digest.phys_addr = rte_malloc_virt2iova(
--
2.23.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [dpdk-dev] [PATCH 5/8] examples/fips_validation: fix AES-GCM decryption vector
2019-09-19 12:12 [dpdk-dev] [PATCH 0/8] Fips validation fixes michaelsh
` (3 preceding siblings ...)
2019-09-19 12:12 ` [dpdk-dev] [PATCH 4/8] examples/fips_validation: move digest after cipher text michaelsh
@ 2019-09-19 12:12 ` michaelsh
2019-09-19 12:12 ` [dpdk-dev] [PATCH 6/8] examples/fips_validation: fix overwrite of KEY line in TDES michaelsh
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: michaelsh @ 2019-09-19 12:12 UTC (permalink / raw)
To: akhil.goyal; +Cc: stable, dev, marko.kovacevic, lironh, michaelsh
From: Michael Shamis <michaelsh@marvell.com>
AES-GCM CAVS vectors for decryption set PTlen (plain text length)
but provide crypto text and application expected CTlen to be not
null. Now we assign PTlen to CTlen in decryption scenario and
it allows to application to handle AES-GCM decryption vectors.
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
---
.../fips_validation/fips_validation_gcm.c | 23 ++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/examples/fips_validation/fips_validation_gcm.c b/examples/fips_validation/fips_validation_gcm.c
index ea48ddf70..f68b4ea82 100644
--- a/examples/fips_validation/fips_validation_gcm.c
+++ b/examples/fips_validation/fips_validation_gcm.c
@@ -33,10 +33,15 @@
#define NEG_TEST_STR "FAIL"
+static int
+parse_uint8_known_len_hex_str_dec(const char *key,
+ char *src,
+ struct fips_val *val);
+
struct fips_test_callback gcm_dec_vectors[] = {
{KEY_STR, parse_uint8_known_len_hex_str, &vec.aead.key},
{IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
- {CT_STR, parse_uint8_known_len_hex_str, &vec.ct},
+ {CT_STR, parse_uint8_known_len_hex_str_dec, &vec.ct},
{AAD_STR, parse_uint8_known_len_hex_str, &vec.aead.aad},
{TAG_STR, parse_uint8_known_len_hex_str,
&vec.aead.digest},
@@ -123,3 +128,19 @@ parse_test_gcm_init(void)
return 0;
}
+
+static int
+parse_uint8_known_len_hex_str_dec(const char *key,
+ char *src,
+ struct fips_val *val)
+{
+ /* AES-GCM CAVS vectors for decryption set PTlen (plain text length)
+ * but provide crypto text.
+ * In order to compensate the behavior we assign PTlen to CTlen
+ * (crypto text length) which is used for calculations
+ */
+ if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
+ vec.ct.len = vec.pt.len;
+
+ return parse_uint8_known_len_hex_str(key, src, val);
+}
--
2.23.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [dpdk-dev] [PATCH 6/8] examples/fips_validation: fix overwrite of KEY line in TDES
2019-09-19 12:12 [dpdk-dev] [PATCH 0/8] Fips validation fixes michaelsh
` (4 preceding siblings ...)
2019-09-19 12:12 ` [dpdk-dev] [PATCH 5/8] examples/fips_validation: fix AES-GCM decryption vector michaelsh
@ 2019-09-19 12:12 ` michaelsh
2019-09-19 12:12 ` [dpdk-dev] [PATCH 7/8] examples/fips_validation: improve algo parsing logic michaelsh
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: michaelsh @ 2019-09-19 12:12 UTC (permalink / raw)
To: akhil.goyal; +Cc: stable, dev, marko.kovacevic, lironh, michaelsh
From: Michael Shamis <michaelsh@marvell.com>
Fix for TCBCMonte2, TCBCMonte3 and TECBMonte2: application
overwrites key1 line in output file so comparision
with sample files failed
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
---
examples/fips_validation/fips_validation.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 80fd482a1..9aa423b0f 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -11,6 +11,10 @@
#include "fips_validation.h"
+#define COUNT0_STR "COUNT = 0 "
+#define KEY_STR "KEY"
+#define NK_STR "NumKey"
+
#define skip_white_spaces(pos) \
({ \
__typeof__(pos) _p = (pos); \
@@ -68,6 +72,22 @@ fips_test_fetch_one_block(void)
if (size == 0)
break;
+ /* if first line is KEY-line then insert COUNT-line */
+ if (i == 0) {
+ if (strstr(info.one_line_text, KEY_STR)) {
+ info.vec[0] = calloc(1, sizeof(COUNT0_STR));
+ strlcpy(info.vec[0],
+ COUNT0_STR,
+ sizeof(COUNT0_STR));
+ i = 1;
+ info.nb_vec_lines = 1;
+ }
+ }
+
+ /* don't copy NumKey-line */
+ if (strstr(info.one_line_text, NK_STR))
+ break;
+
info.vec[i] = calloc(1, size + 5);
if (info.vec[i] == NULL)
goto error_exit;
--
2.23.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [dpdk-dev] [PATCH 7/8] examples/fips_validation: improve algo parsing logic
2019-09-19 12:12 [dpdk-dev] [PATCH 0/8] Fips validation fixes michaelsh
` (5 preceding siblings ...)
2019-09-19 12:12 ` [dpdk-dev] [PATCH 6/8] examples/fips_validation: fix overwrite of KEY line in TDES michaelsh
@ 2019-09-19 12:12 ` michaelsh
2019-09-19 12:12 ` [dpdk-dev] [PATCH 8/8] examples/fips_validation: fix plain text overwrite michaelsh
2019-09-19 13:15 ` [dpdk-dev] [PATCH 0/8] Fips validation fixes Akhil Goyal
8 siblings, 0 replies; 10+ messages in thread
From: michaelsh @ 2019-09-19 12:12 UTC (permalink / raw)
To: akhil.goyal; +Cc: stable, dev, marko.kovacevic, lironh, michaelsh
From: Michael Shamis <michaelsh@marvell.com>
The fix allows to find algorithm by folder name if
the algorithm was not found from the test file header.
In order to find algorithm used the folder name if it is
not defined within the file.
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
---
examples/fips_validation/fips_validation.c | 42 ++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 9aa423b0f..4dde482e5 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -248,6 +248,48 @@ fips_test_parse_header(void)
fprintf(info.fp_wr, "%s\n", info.vec[i]);
}
+ /* use folder name if algorithm is not found yet*/
+ if (info.algo == FIPS_TEST_ALGO_MAX) {
+ if (strstr(info.file_name, "AESVS")) {
+ info.algo = FIPS_TEST_ALGO_AES;
+ ret = parse_test_aes_init();
+ if (ret < 0)
+ return ret;
+ } else if (strstr(info.file_name, "GCM")) {
+ info.algo = FIPS_TEST_ALGO_AES_GCM;
+ ret = parse_test_gcm_init();
+ if (ret < 0)
+ return ret;
+ } else if (strstr(info.file_name, "CMAC")) {
+ info.algo = FIPS_TEST_ALGO_AES_CMAC;
+ ret = parse_test_cmac_init();
+ if (ret < 0)
+ return ret;
+ } else if (strstr(info.file_name, "CCM")) {
+ info.algo = FIPS_TEST_ALGO_AES_CCM;
+ ret = parse_test_ccm_init();
+ if (ret < 0)
+ return ret;
+ } else if (strstr(info.file_name, "HMAC")) {
+ info.algo = FIPS_TEST_ALGO_HMAC;
+ ret = parse_test_hmac_init();
+ if (ret < 0)
+ return ret;
+ } else if (strstr(info.file_name, "TDES")) {
+ info.algo = FIPS_TEST_ALGO_TDES;
+ ret = parse_test_tdes_init();
+ if (ret < 0)
+ return ret;
+ } else if (strstr(info.file_name, "SHA-")) {
+ if (info.algo != FIPS_TEST_ALGO_HMAC) {
+ info.algo = FIPS_TEST_ALGO_SHA;
+ ret = parse_test_sha_init();
+ if (ret < 0)
+ return ret;
+ }
+ }
+ }
+
return 0;
}
--
2.23.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* [dpdk-dev] [PATCH 8/8] examples/fips_validation: fix plain text overwrite
2019-09-19 12:12 [dpdk-dev] [PATCH 0/8] Fips validation fixes michaelsh
` (6 preceding siblings ...)
2019-09-19 12:12 ` [dpdk-dev] [PATCH 7/8] examples/fips_validation: improve algo parsing logic michaelsh
@ 2019-09-19 12:12 ` michaelsh
2019-09-19 13:15 ` [dpdk-dev] [PATCH 0/8] Fips validation fixes Akhil Goyal
8 siblings, 0 replies; 10+ messages in thread
From: michaelsh @ 2019-09-19 12:12 UTC (permalink / raw)
To: akhil.goyal; +Cc: stable, dev, marko.kovacevic, lironh, michaelsh
From: Michael Shamis <michaelsh@marvell.com>
fix erroneous overwrite of PLAINTEXT-line after [DECRYPT] tag
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
---
examples/fips_validation/fips_validation.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 4dde482e5..3ab7f8508 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -400,10 +400,13 @@ fips_test_parse_one_case(void)
}
if (is_interim) {
- for (i = 0; i < info.nb_vec_lines; i++)
- fprintf(info.fp_wr, "%s\n", info.vec[i]);
- fprintf(info.fp_wr, "\n");
- return 1;
+ if (!(strstr(info.vec[0], "DECRYPT") &&
+ info.nb_vec_lines > 1)) {
+ for (i = 0; i < info.nb_vec_lines; i++)
+ fprintf(info.fp_wr, "%s\n", info.vec[i]);
+ fprintf(info.fp_wr, "\n");
+ return 1;
+ }
}
for (i = 0; i < info.nb_vec_lines; i++) {
--
2.23.0
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [dpdk-dev] [PATCH 0/8] Fips validation fixes
2019-09-19 12:12 [dpdk-dev] [PATCH 0/8] Fips validation fixes michaelsh
` (7 preceding siblings ...)
2019-09-19 12:12 ` [dpdk-dev] [PATCH 8/8] examples/fips_validation: fix plain text overwrite michaelsh
@ 2019-09-19 13:15 ` Akhil Goyal
8 siblings, 0 replies; 10+ messages in thread
From: Akhil Goyal @ 2019-09-19 13:15 UTC (permalink / raw)
To: michaelsh; +Cc: stable, dev, marko.kovacevic, lironh
Hi Michael,
I see that there are compilation issues with meson build
Please check http://mails.dpdk.org/archives/test-report/2019-September/098161.html
Also run devtools/check-git-log.sh -<number of patches>.
You should have a fixes line in each of the fix commits as stated earlier also.
Please have a look at http://doc.dpdk.org/guides/contributing/patches.html for any clarification.
Thanks,
Akhil
> -----Original Message-----
> From: michaelsh@marvell.com <michaelsh@marvell.com>
> Sent: Thursday, September 19, 2019 5:42 PM
> To: Akhil Goyal <akhil.goyal@nxp.com>
> Cc: stable@dpdk.org; dev@dpdk.org; marko.kovacevic@intel.com;
> lironh@marvell.com; michaelsh@marvell.com
> Subject: [PATCH 0/8] Fips validation fixes
>
> From: Michael Shamis <michaelsh@marvell.com>
>
> Include fixes related to SHA, TDES and GCM.
>
> Michael Shamis (8):
> examples/fips_validation: separation between HMAC-SHA and SHA
> examples/fips_validation: fix structs used for AES-GCM
> examples/fips_validation: initialize IV for AES-GCM
> examples/fips_validation: move digest after cipher text
> examples/fips_validation: fix AES-GCM decryption vector
> examples/fips_validation: fix overwrite of KEY line in TDES
> examples/fips_validation: improve algo parsing logic
> examples/fips_validation: fix plain text overwrite
>
> examples/fips_validation/fips_validation.c | 85 +++++++++++++++++--
> .../fips_validation/fips_validation_gcm.c | 39 +++++++--
> examples/fips_validation/main.c | 15 +++-
> 3 files changed, 119 insertions(+), 20 deletions(-)
>
> --
> 2.23.0
^ permalink raw reply [flat|nested] 10+ messages in thread