From: <michaelsh@marvell.com>
To: <akhil.goyal@nxp.com>
Cc: <marko.kovacevic@intel.com>, <lironh@marvell.com>, <dev@dpdk.org>,
<michaelsh@marvell.com>
Subject: [dpdk-dev] [PATCH v3 2/3] examples/fips_validation: add AES ECB support
Date: Tue, 1 Oct 2019 13:32:45 +0300 [thread overview]
Message-ID: <20191001103246.29830-3-michaelsh@marvell.com> (raw)
In-Reply-To: <20191001103246.29830-1-michaelsh@marvell.com>
From: Michael Shamis <michaelsh@marvell.com>
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
---
.../fips_validation/fips_validation_aes.c | 1 +
examples/fips_validation/main.c | 96 +++++++++++++++++--
2 files changed, 91 insertions(+), 6 deletions(-)
diff --git a/examples/fips_validation/fips_validation_aes.c b/examples/fips_validation/fips_validation_aes.c
index 8cbc158eb..010a82627 100644
--- a/examples/fips_validation/fips_validation_aes.c
+++ b/examples/fips_validation/fips_validation_aes.c
@@ -44,6 +44,7 @@ struct aes_test_algo {
enum rte_crypto_cipher_algorithm algo;
} const algo_con[] = {
{"CBC", RTE_CRYPTO_CIPHER_AES_CBC},
+ {"ECB", RTE_CRYPTO_CIPHER_AES_ECB},
};
static int
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 7a379bc99..c83763b13 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -649,16 +649,24 @@ prepare_aes_xform(struct rte_crypto_sym_xform *xform)
xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_CBC;
+ if (info.interim_info.aes_data.cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC)
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_CBC;
+ else
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_ECB;
+
cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
RTE_CRYPTO_CIPHER_OP_ENCRYPT :
RTE_CRYPTO_CIPHER_OP_DECRYPT;
cipher_xform->key.data = vec.cipher_auth.key.val;
cipher_xform->key.length = vec.cipher_auth.key.len;
- cipher_xform->iv.length = vec.iv.len;
- cipher_xform->iv.offset = IV_OFF;
-
- cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_CBC;
+ if (cipher_xform->algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+ cipher_xform->iv.length = vec.iv.len;
+ cipher_xform->iv.offset = IV_OFF;
+ } else {
+ cipher_xform->iv.length = 0;
+ cipher_xform->iv.offset = 0;
+ }
+ cap_idx.algo.cipher = cipher_xform->algo;
cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
@@ -1059,7 +1067,6 @@ fips_mct_tdes_test(void)
fprintf(info.fp_wr, "Bypass\n");
return 0;
}
-
return ret;
}
@@ -1160,6 +1167,80 @@ fips_mct_tdes_test(void)
return 0;
}
+static int
+fips_mct_aes_ecb_test(void)
+{
+#define AES_BLOCK_SIZE 16
+#define AES_EXTERN_ITER 100
+#define AES_INTERN_ITER 1000
+ struct fips_val val, val_key;
+ uint8_t prev_out[AES_BLOCK_SIZE] = {0};
+ uint32_t i, j, k;
+ int ret;
+
+ for (i = 0; i < AES_EXTERN_ITER; i++) {
+ if (i != 0)
+ update_info_vec(i);
+
+ fips_test_write_one_case();
+
+ for (j = 0; j < AES_INTERN_ITER; j++) {
+ ret = fips_run_test();
+ if (ret < 0) {
+ if (ret == -EPERM) {
+ fprintf(info.fp_wr, "Bypass\n");
+ return 0;
+ }
+
+ return ret;
+ }
+
+ get_writeback_data(&val);
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN)
+ memcpy(vec.pt.val, val.val, AES_BLOCK_SIZE);
+ else
+ memcpy(vec.ct.val, val.val, AES_BLOCK_SIZE);
+
+ if (j == AES_INTERN_ITER - 1)
+ continue;
+
+ memcpy(prev_out, val.val, AES_BLOCK_SIZE);
+ }
+
+ info.parse_writeback(&val);
+ fprintf(info.fp_wr, "\n");
+
+ if (i == AES_EXTERN_ITER - 1)
+ continue;
+
+ /** update key */
+ memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key));
+ for (k = 0; k < vec.cipher_auth.key.len; k++) {
+ switch (vec.cipher_auth.key.len) {
+ case 16:
+ val_key.val[k] ^= val.val[k];
+ break;
+ case 24:
+ if (k < 8)
+ val_key.val[k] ^= prev_out[k + 8];
+ else
+ val_key.val[k] ^= val.val[k - 8];
+ break;
+ case 32:
+ if (k < 16)
+ val_key.val[k] ^= prev_out[k];
+ else
+ val_key.val[k] ^= val.val[k - 16];
+ break;
+ default:
+ return -1;
+ }
+ }
+ }
+
+ return 0;
+}
static int
fips_mct_aes_test(void)
{
@@ -1172,6 +1253,9 @@ fips_mct_aes_test(void)
uint32_t i, j, k;
int ret;
+ if (info.interim_info.aes_data.cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB)
+ return fips_mct_aes_ecb_test();
+
for (i = 0; i < AES_EXTERN_ITER; i++) {
if (i != 0)
update_info_vec(i);
--
2.23.0
next prev parent reply other threads:[~2019-10-01 10:14 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-26 9:41 [dpdk-dev] [PATCH 00/12] FIPS improvements michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 01/12] examples/fips: added support for SHA algorithm in FIPS tests michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 02/12] examples/fips: added support for TDES ECB mode " michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 03/12] examples/fips: added support AES " michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 04/12] examples/fips: fix bad return code in fips_test_parse_header() michaelsh
2019-09-04 9:51 ` Akhil Goyal
2019-08-26 9:41 ` [dpdk-dev] [PATCH 05/12] examples/fips: AES-GCM vectors will use aead structure michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 06/12] examples/fips: set initial IV in AES-GCM if configured only salt value michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 07/12] examples/fips: keep digest after crypto text michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 08/12] examples/fips: AES-GCM decryption vectors fix michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 09/12] examples/fips: fix KEY and PT output prints for TDES mode michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 10/12] examples/fips: supported IV, PT and CT init for TDES ECB mode michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 11/12] examples/fips: algorithm definition by folder if it's not in file michaelsh
2019-08-26 9:41 ` [dpdk-dev] [PATCH 12/12] examples/fips: erroneous overwrite of PLAINTEXT after DECRYPT michaelsh
2019-09-04 10:14 ` [dpdk-dev] [PATCH 00/12] FIPS improvements Akhil Goyal
2019-09-15 10:47 ` Michael Shamis
2019-09-16 8:57 ` Akhil Goyal
2019-09-19 12:15 ` [dpdk-dev] [PATCH v2 0/3] Support ECB for AES and TDES michaelsh
2019-09-19 12:15 ` [dpdk-dev] [PATCH v2 1/3] examples/fips_validation: added support for TDES ECB michaelsh
2019-09-19 12:15 ` [dpdk-dev] [PATCH v2 2/3] examples/fips_validation: added support AES ECB michaelsh
2019-09-19 12:15 ` [dpdk-dev] [PATCH v2 3/3] examples/fips_validation: separated init for TDES ECB and CBC michaelsh
2019-10-01 10:32 ` [dpdk-dev] [PATCH v3 0/3] support ECB for AES and TDES michaelsh
2019-10-01 10:15 ` Akhil Goyal
2019-10-01 10:32 ` [dpdk-dev] [PATCH v3 1/3] examples/fips_validation: add TDES ECB support michaelsh
2019-10-01 10:32 ` michaelsh [this message]
2019-10-15 13:53 ` [dpdk-dev] [PATCH v3 2/3] examples/fips_validation: add AES " Kovacevic, Marko
2019-10-01 10:32 ` [dpdk-dev] [PATCH v3 3/3] examples/fips_validation: separate ECB and CBC michaelsh
2019-10-01 11:22 ` [dpdk-dev] [PATCH v3 0/3] support ECB for AES and TDES michaelsh
2019-10-01 11:22 ` [dpdk-dev] [PATCH v3 1/3] examples/fips_validation: add TDES ECB support michaelsh
2019-10-15 13:50 ` Kovacevic, Marko
2019-10-01 11:22 ` [dpdk-dev] [PATCH v3 2/3] examples/fips_validation: add AES " michaelsh
2019-10-01 11:22 ` [dpdk-dev] [PATCH v3 3/3] examples/fips_validation: separate ECB and CBC michaelsh
2019-10-15 13:54 ` Kovacevic, Marko
2019-10-04 10:33 ` [dpdk-dev] [PATCH v3 0/3] support ECB for AES and TDES Akhil Goyal
2019-10-15 13:40 ` Akhil Goyal
2019-10-15 14:03 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191001103246.29830-3-michaelsh@marvell.com \
--to=michaelsh@marvell.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=lironh@marvell.com \
--cc=marko.kovacevic@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).