[v1, 00/10] fips_validation application improvements

[v1, 00/10] fips_validation application improvements

[Gowrishankar Muthukrishnan]

This patch series adds support for SHA3, SHAKE, AES-CCM
JSON test vectors and fixes existing algorithms to
support NIST test vectors.

Gowrishankar Muthukrishnan (10):
  examples/fips_validation: fix MCT output for SHA
  examples/fips_validation: add SHA3 validation
  examples/fips_validation: fix integer parse in test case
  examples/fips_validation: add SHAKE validation
  examples/fips_validation: add CCM JSON validation
  examples/fips_validation: add ECDSA keygen support
  examples/fips_validation: add SHA3 algorithms in ECDSA test
  examples/fips_validation: fix AES GCM validation tests
  examples/fips_validation: fix AES XTS to read seq number
  examples/fips_validation: add extra space in JSON buffer

 doc/guides/sample_app_ug/fips_validation.rst  |   7 +-
 examples/fips_validation/fips_validation.c    |  31 ++-
 examples/fips_validation/fips_validation.h    |  10 +-
 .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++
 .../fips_validation/fips_validation_ecdsa.c   |  56 +++++
 .../fips_validation/fips_validation_gcm.c     |  12 +-
 .../fips_validation/fips_validation_hmac.c    |   8 +
 .../fips_validation/fips_validation_sha.c     |  91 ++++++--
 .../fips_validation/fips_validation_xts.c     |  13 +-
 examples/fips_validation/main.c               | 196 +++++++++++++-----
 10 files changed, 467 insertions(+), 89 deletions(-)

-- 
2.25.1

[v1, 01/10] examples/fips_validation: fix MCT output for SHA

[Gowrishankar Muthukrishnan]

MCT test for SHA need not print message string along
with digest value.

Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation_sha.c |  8 ++------
 examples/fips_validation/main.c                | 13 +++++--------
 2 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index c5da2cc623..178ea492d3 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -182,7 +182,7 @@ parse_test_sha_json_writeback(struct fips_val *val)
 static int
 parse_test_sha_mct_json_writeback(struct fips_val *val)
 {
-	json_t *tcId, *msg, *md, *resArr, *res;
+	json_t *tcId, *md, *resArr, *res;
 	struct fips_val val_local;
 
 	tcId = json_object_get(json_info.json_test_case, "tcId");
@@ -208,11 +208,7 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
 
 	res = json_object();
 
-	writeback_hex_str("", info.one_line_text, &val[1]);
-	msg = json_string(info.one_line_text);
-	json_object_set_new(res, "msg", msg);
-
-	val_local.val = val[0].val + vec.pt.len;
+	val_local.val = val->val + vec.pt.len;
 	val_local.len = vec.cipher_auth.digest.len;
 
 	writeback_hex_str("", info.one_line_text, &val_local);
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 622f8b5a6e..cc585e8418 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2268,8 +2268,7 @@ fips_mct_sha_test(void)
 #define SHA_EXTERN_ITER	100
 #define SHA_INTERN_ITER	1000
 #define SHA_MD_BLOCK	3
-	/* val[0] is op result and other value is for parse_writeback callback */
-	struct fips_val val[2] = {{NULL, 0},};
+	struct fips_val val = {NULL, 0};
 	struct fips_val  md[SHA_MD_BLOCK], msg;
 	int ret;
 	uint32_t i, j;
@@ -2328,7 +2327,7 @@ fips_mct_sha_test(void)
 				return ret;
 			}
 
-			ret = get_writeback_data(&val[0]);
+			ret = get_writeback_data(&val);
 			if (ret < 0)
 				return ret;
 
@@ -2337,7 +2336,7 @@ fips_mct_sha_test(void)
 			memcpy(md[1].val, md[2].val, md[2].len);
 			md[1].len = md[2].len;
 
-			memcpy(md[2].val, (val[0].val + vec.pt.len),
+			memcpy(md[2].val, (val.val + vec.pt.len),
 				vec.cipher_auth.digest.len);
 			md[2].len = vec.cipher_auth.digest.len;
 		}
@@ -2348,9 +2347,7 @@ fips_mct_sha_test(void)
 		if (info.file_type != FIPS_TYPE_JSON)
 			fprintf(info.fp_wr, "COUNT = %u\n", j);
 
-		val[1].val = msg.val;
-		val[1].len = msg.len;
-		info.parse_writeback(val);
+		info.parse_writeback(&val);
 
 		if (info.file_type != FIPS_TYPE_JSON)
 			fprintf(info.fp_wr, "\n");
@@ -2361,7 +2358,7 @@ fips_mct_sha_test(void)
 
 	rte_free(vec.pt.val);
 
-	free(val[0].val);
+	free(val.val);
 	free(msg.val);
 
 	return 0;
-- 
2.25.1

[v1, 02/10] examples/fips_validation: add SHA3 validation

[Gowrishankar Muthukrishnan]

Add support in fips_validation to parse SHA3 algorithms.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/sample_app_ug/fips_validation.rst  |  5 +-
 examples/fips_validation/fips_validation.h    |  1 +
 .../fips_validation/fips_validation_hmac.c    |  8 ++
 .../fips_validation/fips_validation_sha.c     | 20 +++--
 examples/fips_validation/main.c               | 76 +++++++++----------
 5 files changed, 61 insertions(+), 49 deletions(-)

diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 50d23c789b..55837895fe 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -64,8 +64,9 @@ ACVP
     * AES-CTR (128,192,256) - AFT, CTR
     * AES-GMAC (128,192,256) - AFT
     * AES-XTS (128,256) - AFT
-    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
-    * SHA (1, 256, 384, 512) - AFT, MCT
+    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512)
+    * SHA (1, 224, 256, 384, 512) - AFT, MCT
+    * SHA3 (224, 256, 384, 512) - AFT, MCT
     * TDES-CBC - AFT, MCT
     * TDES-ECB - AFT, MCT
     * RSA
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 565a5cd36e..6c1bd35849 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -205,6 +205,7 @@ struct sha_interim_data {
 	/* keep algo always on top as it is also used in asym digest */
 	enum rte_crypto_auth_algorithm algo;
 	enum fips_sha_test_types test_type;
+	uint8_t md_blocks;
 };
 
 struct gcm_interim_data {
diff --git a/examples/fips_validation/fips_validation_hmac.c b/examples/fips_validation/fips_validation_hmac.c
index e0721ef028..f1cbc18435 100644
--- a/examples/fips_validation/fips_validation_hmac.c
+++ b/examples/fips_validation/fips_validation_hmac.c
@@ -37,6 +37,10 @@ struct hash_size_conversion {
 		{"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
 		{"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
 		{"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
+		{"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+		{"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+		{"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+		{"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
 };
 
 static int
@@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = {
 		{"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
 		{"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
 		{"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
+		{"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+		{"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+		{"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+		{"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
 };
 
 struct fips_test_callback hmac_tests_json_vectors[] = {
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index 178ea492d3..8b68f5ed36 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -32,6 +32,10 @@ struct plain_hash_size_conversion {
 		{"32", RTE_CRYPTO_AUTH_SHA256},
 		{"48", RTE_CRYPTO_AUTH_SHA384},
 		{"64", RTE_CRYPTO_AUTH_SHA512},
+		{"28", RTE_CRYPTO_AUTH_SHA3_224},
+		{"32", RTE_CRYPTO_AUTH_SHA3_256},
+		{"48", RTE_CRYPTO_AUTH_SHA3_384},
+		{"64", RTE_CRYPTO_AUTH_SHA3_512},
 };
 
 int
@@ -96,12 +100,17 @@ static struct {
 static struct plain_hash_algorithms {
 	const char *str;
 	enum rte_crypto_auth_algorithm algo;
+	uint8_t md_blocks;
 } json_algorithms[] = {
-		{"SHA-1", RTE_CRYPTO_AUTH_SHA1},
-		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
-		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
-		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
-		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+		{"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3},
+		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3},
+		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3},
+		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3},
+		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3},
+		{"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1},
+		{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
+		{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
+		{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
 };
 
 struct fips_test_callback sha_tests_json_vectors[] = {
@@ -233,6 +242,7 @@ parse_test_sha_json_algorithm(void)
 	for (i = 0; i < RTE_DIM(json_algorithms); i++) {
 		if (strstr(algorithm_str, json_algorithms[i].str)) {
 			info.interim_info.sha_data.algo = json_algorithms[i].algo;
+			info.interim_info.sha_data.md_blocks = json_algorithms[i].md_blocks;
 			break;
 		}
 	}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index cc585e8418..cf29e440f1 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2267,22 +2267,27 @@ fips_mct_sha_test(void)
 {
 #define SHA_EXTERN_ITER	100
 #define SHA_INTERN_ITER	1000
-#define SHA_MD_BLOCK	3
+	uint8_t md_blocks = info.interim_info.sha_data.md_blocks;
 	struct fips_val val = {NULL, 0};
-	struct fips_val  md[SHA_MD_BLOCK], msg;
+	struct fips_val  md[md_blocks];
 	int ret;
-	uint32_t i, j;
+	uint32_t i, j, k, offset, max_outlen;
+
+	max_outlen = md_blocks * vec.cipher_auth.digest.len;
+
+	if (vec.cipher_auth.digest.val)
+		free(vec.cipher_auth.digest.val);
+
+	vec.cipher_auth.digest.val = calloc(1, max_outlen);
 
-	msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
-	msg.val = calloc(1, msg.len);
 	if (vec.pt.val)
 		memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.cipher_auth.digest.len);
 
-	for (i = 0; i < SHA_MD_BLOCK; i++)
-		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
-
 	rte_free(vec.pt.val);
-	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
+	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*md_blocks), 0);
+
+	for (i = 0; i < md_blocks; i++)
+		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
 
 	if (info.file_type != FIPS_TYPE_JSON) {
 		fips_test_write_one_case();
@@ -2290,30 +2295,19 @@ fips_mct_sha_test(void)
 	}
 
 	for (j = 0; j < SHA_EXTERN_ITER; j++) {
-
-		memcpy(md[0].val, vec.cipher_auth.digest.val,
-			vec.cipher_auth.digest.len);
-		md[0].len = vec.cipher_auth.digest.len;
-		memcpy(md[1].val, vec.cipher_auth.digest.val,
-			vec.cipher_auth.digest.len);
-		md[1].len = vec.cipher_auth.digest.len;
-		memcpy(md[2].val, vec.cipher_auth.digest.val,
-			vec.cipher_auth.digest.len);
-		md[2].len = vec.cipher_auth.digest.len;
-
-		for (i = 0; i < SHA_MD_BLOCK; i++)
-			memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
+		for (i = 0; i < md_blocks; i++) {
+			memcpy(md[i].val, vec.cipher_auth.digest.val,
+				vec.cipher_auth.digest.len);
+			md[i].len = vec.cipher_auth.digest.len;
+		}
 
 		for (i = 0; i < (SHA_INTERN_ITER); i++) {
-
-			memcpy(vec.pt.val, md[0].val,
-				(size_t)md[0].len);
-			memcpy((vec.pt.val + md[0].len), md[1].val,
-				(size_t)md[1].len);
-			memcpy((vec.pt.val + md[0].len + md[1].len),
-				md[2].val,
-				(size_t)md[2].len);
-			vec.pt.len = md[0].len + md[1].len + md[2].len;
+			offset = 0;
+			for (k = 0; k < md_blocks; k++) {
+				memcpy(vec.pt.val + offset, md[k].val, (size_t)md[k].len);
+				offset += md[k].len;
+			}
+			vec.pt.len = offset;
 
 			ret = fips_run_test();
 			if (ret < 0) {
@@ -2331,18 +2325,18 @@ fips_mct_sha_test(void)
 			if (ret < 0)
 				return ret;
 
-			memcpy(md[0].val, md[1].val, md[1].len);
-			md[0].len = md[1].len;
-			memcpy(md[1].val, md[2].val, md[2].len);
-			md[1].len = md[2].len;
+			for (k = 1; k < md_blocks; k++) {
+				memcpy(md[k-1].val, md[k].val, md[k].len);
+				md[k-1].len = md[k].len;
+			}
 
-			memcpy(md[2].val, (val.val + vec.pt.len),
+			memcpy(md[md_blocks-1].val, (val.val + vec.pt.len),
 				vec.cipher_auth.digest.len);
-			md[2].len = vec.cipher_auth.digest.len;
+			md[md_blocks-1].len = vec.cipher_auth.digest.len;
 		}
 
-		memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
-		vec.cipher_auth.digest.len = md[2].len;
+		memcpy(vec.cipher_auth.digest.val, md[md_blocks-1].val, md[md_blocks-1].len);
+		vec.cipher_auth.digest.len = md[md_blocks-1].len;
 
 		if (info.file_type != FIPS_TYPE_JSON)
 			fprintf(info.fp_wr, "COUNT = %u\n", j);
@@ -2353,14 +2347,12 @@ fips_mct_sha_test(void)
 			fprintf(info.fp_wr, "\n");
 	}
 
-	for (i = 0; i < (SHA_MD_BLOCK); i++)
+	for (i = 0; i < (md_blocks); i++)
 		rte_free(md[i].val);
 
 	rte_free(vec.pt.val);
 
 	free(val.val);
-	free(msg.val);
-
 	return 0;
 }
 
-- 
2.25.1

[v1, 03/10] examples/fips_validation: fix integer parse in test case

[Gowrishankar Muthukrishnan]

Parsing integer value in test case vector does not store
it because only string was expected. This patch adds handling
for integer value as well.

Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation.c | 29 ++++++++++++++++------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index f7a6d821ea..d3b6099d73 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -543,15 +543,28 @@ fips_test_parse_one_json_case(void)
 
 	for (i = 0; info.callbacks[i].key != NULL; i++) {
 		param = json_object_get(json_info.json_test_case, info.callbacks[i].key);
-		if (param) {
-			strcpy(info.one_line_text, json_string_value(param));
-			ret = info.callbacks[i].cb(
-				info.callbacks[i].key, info.one_line_text,
-				info.callbacks[i].val
-			);
-			if (ret < 0)
-				return ret;
+		if (!param)
+			continue;
+
+		switch (json_typeof(param)) {
+		case JSON_STRING:
+			snprintf(info.one_line_text, MAX_LINE_CHAR, "%s",
+					 json_string_value(param));
+			break;
+
+		case JSON_INTEGER:
+			snprintf(info.one_line_text, MAX_LINE_CHAR, "%"JSON_INTEGER_FORMAT,
+					 json_integer_value(param));
+			break;
+
+		default:
+			return -EINVAL;
 		}
+
+		ret = info.callbacks[i].cb(info.callbacks[i].key, info.one_line_text,
+				info.callbacks[i].val);
+		if (ret < 0)
+			return ret;
 	}
 
 	return 0;
-- 
2.25.1

[v1, 04/10] examples/fips_validation: add SHAKE validation

[Gowrishankar Muthukrishnan]

Add support in fips_validation to parse SHAKE algorithms.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/sample_app_ug/fips_validation.rst  |  1 +
 examples/fips_validation/fips_validation.h    |  4 +-
 .../fips_validation/fips_validation_sha.c     | 63 ++++++++++++-
 examples/fips_validation/main.c               | 93 ++++++++++++++++++-
 4 files changed, 154 insertions(+), 7 deletions(-)

diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 55837895fe..4fc8297b34 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -67,6 +67,7 @@ ACVP
     * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512)
     * SHA (1, 224, 256, 384, 512) - AFT, MCT
     * SHA3 (224, 256, 384, 512) - AFT, MCT
+    * SHAKE (128, 256) - AFT, MCT, VOT
     * TDES-CBC - AFT, MCT
     * TDES-ECB - AFT, MCT
     * RSA
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 6c1bd35849..8fcb5c8500 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -163,7 +163,8 @@ enum fips_ccm_test_types {
 enum fips_sha_test_types {
 	SHA_KAT = 0,
 	SHA_AFT,
-	SHA_MCT
+	SHA_MCT,
+	SHAKE_VOT
 };
 
 enum fips_rsa_test_types {
@@ -205,6 +206,7 @@ struct sha_interim_data {
 	/* keep algo always on top as it is also used in asym digest */
 	enum rte_crypto_auth_algorithm algo;
 	enum fips_sha_test_types test_type;
+	uint8_t min_outlen;
 	uint8_t md_blocks;
 };
 
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index 8b68f5ed36..7ce7d3744f 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -22,6 +22,9 @@
 #define TESTTYPE_JSON_STR	"testType"
 
 #define PT_JSON_STR		"msg"
+#define OUTLEN_JSON_STR	"outLen"
+#define MINOUTLEN_JSON_STR	"minOutLen"
+#define MAXOUTLEN_JSON_STR	"maxOutLen"
 
 struct plain_hash_size_conversion {
 	const char *str;
@@ -36,6 +39,8 @@ struct plain_hash_size_conversion {
 		{"32", RTE_CRYPTO_AUTH_SHA3_256},
 		{"48", RTE_CRYPTO_AUTH_SHA3_384},
 		{"64", RTE_CRYPTO_AUTH_SHA3_512},
+		{"16", RTE_CRYPTO_AUTH_SHAKE_128},
+		{"32", RTE_CRYPTO_AUTH_SHAKE_256},
 };
 
 int
@@ -89,12 +94,26 @@ struct fips_test_callback sha_tests_interim_vectors[] = {
 };
 
 #ifdef USE_JANSSON
+static int
+parse_interim_str(const char *key, char *src, struct fips_val *val)
+{
+	RTE_SET_USED(val);
+
+	if (strcmp(key, MINOUTLEN_JSON_STR) == 0)
+		info.interim_info.sha_data.min_outlen = atoi(src) / 8;
+	else if (strcmp(key, MAXOUTLEN_JSON_STR) == 0)
+		vec.cipher_auth.digest.len = atoi(src) / 8;
+
+	return 0;
+}
+
 static struct {
 	uint32_t type;
 	const char *desc;
 } sha_test_types[] = {
 		{SHA_MCT, "MCT"},
 		{SHA_AFT, "AFT"},
+		{SHAKE_VOT, "VOT"},
 };
 
 static struct plain_hash_algorithms {
@@ -111,10 +130,19 @@ static struct plain_hash_algorithms {
 		{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
 		{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
 		{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
+		{"SHAKE-128", RTE_CRYPTO_AUTH_SHAKE_128, 1},
+		{"SHAKE-256", RTE_CRYPTO_AUTH_SHAKE_256, 1},
 };
 
 struct fips_test_callback sha_tests_json_vectors[] = {
 		{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+		{OUTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.cipher_auth.digest},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback sha_tests_interim_json_vectors[] = {
+		{MINOUTLEN_JSON_STR, parse_interim_str, NULL},
+		{MAXOUTLEN_JSON_STR, parse_interim_str, NULL},
 		{NULL, NULL, NULL} /**< end pointer */
 };
 #endif /* USE_JANSSON */
@@ -185,6 +213,11 @@ parse_test_sha_json_writeback(struct fips_val *val)
 	md = json_string(info.one_line_text);
 	json_object_set_new(json_info.json_write_case, "md", md);
 
+	if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+		info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+		json_object_set_new(json_info.json_write_case, "outLen",
+			json_integer(vec.cipher_auth.digest.len * 8));
+
 	return 0;
 }
 
@@ -193,6 +226,11 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
 {
 	json_t *tcId, *md, *resArr, *res;
 	struct fips_val val_local;
+	bool is_shake = false;
+
+	if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+		info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+		is_shake = true;
 
 	tcId = json_object_get(json_info.json_test_case, "tcId");
 	if (json_info.json_write_case) {
@@ -204,11 +242,17 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
 			json_object_set_new(json_info.json_write_case, "tcId", tcId);
 			json_object_set_new(json_info.json_write_case, "resultsArray",
 								json_array());
+			if (is_shake)
+				json_object_set_new(json_info.json_write_case, "outLen",
+									json_integer(0));
 		}
 	} else {
 		json_info.json_write_case = json_object();
 		json_object_set_new(json_info.json_write_case, "tcId", tcId);
 		json_object_set_new(json_info.json_write_case, "resultsArray", json_array());
+		if (is_shake)
+			json_object_set_new(json_info.json_write_case, "outLen",
+								json_integer(0));
 	}
 
 	resArr = json_object_get(json_info.json_write_case, "resultsArray");
@@ -224,6 +268,9 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
 	md = json_string(info.one_line_text);
 	json_object_set_new(res, "md", md);
 
+	if (is_shake)
+		json_object_set_new(res, "outLen", json_integer(vec.cipher_auth.digest.len * 8));
+
 	json_array_append_new(resArr, res);
 	return 0;
 }
@@ -250,12 +297,17 @@ parse_test_sha_json_algorithm(void)
 	if (i == RTE_DIM(json_algorithms))
 		return -1;
 
-	sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo);
+	if (info.interim_info.sha_data.test_type == SHAKE_VOT) {
+		sz = vec.cipher_auth.digest.len;
+	} else {
+		sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo);
+		vec.cipher_auth.digest.len = sz;
+	}
+
 	if (sz < 0)
 		return -1;
 
 	free(vec.cipher_auth.digest.val);
-	vec.cipher_auth.digest.len = sz;
 	vec.cipher_auth.digest.val = calloc(1, sz);
 	if (vec.cipher_auth.digest.val == NULL)
 		return -1;
@@ -288,6 +340,7 @@ parse_test_sha_json_test_type(void)
 		info.parse_writeback = parse_test_sha_mct_json_writeback;
 		break;
 	case SHA_AFT:
+	case SHAKE_VOT:
 		info.parse_writeback = parse_test_sha_json_writeback;
 		break;
 	default:
@@ -308,12 +361,12 @@ parse_test_sha_json_init(void)
 	info.callbacks = sha_tests_json_vectors;
 	info.writeback_callbacks = NULL;
 	info.kat_check = rsp_test_sha_check;
-	info.interim_callbacks = NULL;
+	info.interim_callbacks = sha_tests_interim_json_vectors;
 
-	if (parse_test_sha_json_algorithm() < 0)
+	if (parse_test_sha_json_test_type() < 0)
 		return -1;
 
-	if (parse_test_sha_json_test_type() < 0)
+	if (parse_test_sha_json_algorithm() < 0)
 		return -1;
 
 	return 0;
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index cf29e440f1..52076160b5 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2356,6 +2356,93 @@ fips_mct_sha_test(void)
 	return 0;
 }
 
+static int
+fips_mct_shake_test(void)
+{
+#define SHAKE_EXTERN_ITER	100
+#define SHAKE_INTERN_ITER	1000
+	uint32_t i, j, range, outlen, max_outlen;
+	struct fips_val val = {NULL, 0}, md;
+	uint8_t rightmost[2];
+	int ret;
+
+	max_outlen = vec.cipher_auth.digest.len;
+
+	if (vec.cipher_auth.digest.val)
+		free(vec.cipher_auth.digest.val);
+
+	vec.cipher_auth.digest.val = calloc(1, max_outlen);
+
+	if (vec.pt.val)
+		memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.pt.len);
+
+	rte_free(vec.pt.val);
+	vec.pt.val = rte_malloc(NULL, 16, 0);
+	vec.pt.len = 16;
+
+	md.val = rte_malloc(NULL, max_outlen, 0);
+	md.len = max_outlen;
+
+	if (info.file_type != FIPS_TYPE_JSON) {
+		fips_test_write_one_case();
+		fprintf(info.fp_wr, "\n");
+	}
+
+	range = max_outlen - info.interim_info.sha_data.min_outlen + 1;
+	outlen = max_outlen;
+	for (j = 0; j < SHAKE_EXTERN_ITER; j++) {
+		memset(md.val, 0, max_outlen);
+		memcpy(md.val, vec.cipher_auth.digest.val,
+			vec.cipher_auth.digest.len);
+
+		for (i = 0; i < (SHAKE_INTERN_ITER); i++) {
+			memset(vec.pt.val, 0, vec.pt.len);
+			memcpy(vec.pt.val, md.val, vec.pt.len);
+			vec.cipher_auth.digest.len = outlen;
+			ret = fips_run_test();
+			if (ret < 0) {
+				if (ret == -EPERM || ret == -ENOTSUP) {
+					if (info.file_type == FIPS_TYPE_JSON)
+						return ret;
+
+					fprintf(info.fp_wr, "Bypass\n\n");
+					return 0;
+				}
+				return ret;
+			}
+
+			ret = get_writeback_data(&val);
+			if (ret < 0)
+				return ret;
+
+			memset(md.val, 0, max_outlen);
+			memcpy(md.val, (val.val + vec.pt.len),
+				vec.cipher_auth.digest.len);
+			md.len = outlen;
+			rightmost[0] = md.val[md.len-1];
+			rightmost[1] = md.val[md.len-2];
+			outlen = info.interim_info.sha_data.min_outlen +
+				(*(uint16_t *)rightmost % range);
+		}
+
+		memcpy(vec.cipher_auth.digest.val, md.val, md.len);
+		vec.cipher_auth.digest.len = md.len;
+
+		if (info.file_type != FIPS_TYPE_JSON)
+			fprintf(info.fp_wr, "COUNT = %u\n", j);
+
+		info.parse_writeback(&val);
+
+		if (info.file_type != FIPS_TYPE_JSON)
+			fprintf(info.fp_wr, "\n");
+	}
+
+	rte_free(md.val);
+	rte_free(vec.pt.val);
+
+	free(val.val);
+	return 0;
+}
 
 static int
 init_test_ops(void)
@@ -2408,7 +2495,11 @@ init_test_ops(void)
 		test_ops.prepare_sym_op = prepare_auth_op;
 		test_ops.prepare_sym_xform = prepare_sha_xform;
 		if (info.interim_info.sha_data.test_type == SHA_MCT)
-			test_ops.test = fips_mct_sha_test;
+			if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+				info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+				test_ops.test = fips_mct_shake_test;
+			else
+				test_ops.test = fips_mct_sha_test;
 		else
 			test_ops.test = fips_generic_test;
 		break;
-- 
2.25.1

[v1, 05/10] examples/fips_validation: add CCM JSON validation

[Gowrishankar Muthukrishnan]

Add support in fips_validation to parse CCM JSON vectors.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/sample_app_ug/fips_validation.rst  |   1 +
 examples/fips_validation/fips_validation.c    |   2 +
 examples/fips_validation/fips_validation.h    |   3 +
 .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++++++++
 examples/fips_validation/main.c               |   3 +
 5 files changed, 141 insertions(+)

diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 4fc8297b34..613c5afd19 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -60,6 +60,7 @@ ACVP
 * Supported test vectors
     * AES-CBC (128,192,256) - AFT, MCT
     * AES-GCM (128,192,256) - AFT
+    * AES-CCM (128,192,256) - AFT
     * AES-CMAC (128,192,256) - AFT
     * AES-CTR (128,192,256) - AFT, CTR
     * AES-GMAC (128,192,256) - AFT
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index d3b6099d73..f840804009 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -460,6 +460,8 @@ fips_test_parse_one_json_vector_set(void)
 	/* Vector sets contain the algorithm type, and nothing else we need. */
 	if (strstr(algo_str, "AES-GCM"))
 		info.algo = FIPS_TEST_ALGO_AES_GCM;
+	else if (strstr(algo_str, "AES-CCM"))
+		info.algo = FIPS_TEST_ALGO_AES_CCM;
 	else if (strstr(algo_str, "AES-GMAC"))
 		info.algo = FIPS_TEST_ALGO_AES_GMAC;
 	else if (strstr(algo_str, "HMAC"))
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 8fcb5c8500..c4988053c1 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -338,6 +338,9 @@ fips_test_parse_one_json_case(void);
 int
 parse_test_gcm_json_init(void);
 
+int
+parse_test_ccm_json_init(void);
+
 int
 parse_test_hmac_json_init(void);
 
diff --git a/examples/fips_validation/fips_validation_ccm.c b/examples/fips_validation/fips_validation_ccm.c
index 632999c1e4..0e3ee0d247 100644
--- a/examples/fips_validation/fips_validation_ccm.c
+++ b/examples/fips_validation/fips_validation_ccm.c
@@ -34,6 +34,18 @@
 #define POS_KEYWORD	"Pass"
 #define NEG_KEYWORD	"Fail"
 
+#define DIR_JSON_STR	"direction"
+#define IVLEN_JSON_STR		"ivLen"
+#define PTLEN_JSON_STR	"payloadLen"
+#define AADLEN_JSON_STR		"aadLen"
+#define TAGLEN_JSON_STR		"tagLen"
+#define KEYLEN_JSON_STR		"keyLen"
+#define PT_JSON_STR		"pt"
+#define CT_JSON_STR		"ct"
+#define KEY_JSON_STR		"key"
+#define IV_JSON_STR		"iv"
+#define AAD_JSON_STR		"aad"
+
 static int
 parser_dvpt_interim(const char *key, char *src, struct fips_val *val)
 {
@@ -206,6 +218,126 @@ struct ccm_test_types {
 			FIPS_TEST_ENC_AUTH_GEN},
 };
 
+#ifdef USE_JANSSON
+static int
+parser_read_ccm_direction_str(__rte_unused const char *key, char *src,
+	__rte_unused struct fips_val *val)
+{
+	if (strcmp(src, "encrypt") == 0)
+		info.op = FIPS_TEST_ENC_AUTH_GEN;
+	else if (strcmp(src, "decrypt") == 0)
+		info.op = FIPS_TEST_DEC_AUTH_VERIF;
+
+	return 0;
+}
+
+static int
+parser_read_ccm_aad_str(const char *key, char *src, struct fips_val *val)
+{
+	struct fips_val tmp_val = {0};
+	uint32_t len = val->len;
+
+	/* CCM aad requires 18 bytes padding before the real content */
+	val->val = rte_zmalloc(NULL, len + 18, 0);
+	if (!val->val)
+		return -1;
+
+	if (parse_uint8_hex_str(key, src, &tmp_val) < 0)
+		return -1;
+
+	memcpy(val->val + 18, tmp_val.val, val->len);
+	rte_free(tmp_val.val);
+
+	return 0;
+}
+
+static int
+parse_read_ccm_ct_str(const char *key, char *src, struct fips_val *val)
+{
+	int ret;
+
+	val->len = vec.pt.len;
+
+	ret = parse_uint8_known_len_hex_str(key, src, val);
+	if (ret < 0)
+		return ret;
+
+	src += val->len * 2;
+
+	ret = parse_uint8_known_len_hex_str("", src, &vec.aead.digest);
+	if (ret < 0) {
+		rte_free(val->val);
+		memset(val, 0, sizeof(*val));
+		return ret;
+	}
+
+	return 0;
+}
+
+struct fips_test_callback ccm_tests_interim_json_vectors[] = {
+	{DIR_JSON_STR, parser_read_ccm_direction_str, NULL},
+	{IVLEN_JSON_STR, parser_read_uint32_bit_val, &vec.iv},
+	{PTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.pt},
+	{AADLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.aad},
+	{TAGLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.digest},
+	{KEYLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.key},
+	{NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_tests_json_vectors[] = {
+	{PT_JSON_STR, parse_uint8_known_len_hex_str, &vec.pt},
+	{CT_JSON_STR, parse_read_ccm_ct_str, &vec.ct},
+	{KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.aead.key},
+	{IV_JSON_STR, parse_uint8_known_len_hex_str, &vec.iv},
+	{AAD_JSON_STR, parser_read_ccm_aad_str, &vec.aead.aad},
+	{NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_ccm_json_writeback(struct fips_val *val)
+{
+	struct fips_val tmp_val;
+	json_t *tcId;
+
+	tcId = json_object_get(json_info.json_test_case, "tcId");
+	json_info.json_write_case = json_object();
+	json_object_set(json_info.json_write_case, "tcId", tcId);
+
+	if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+		json_t *ct;
+
+		info.one_line_text[0] = '\0';
+		writeback_hex_str("", info.one_line_text, val);
+		ct = json_string(info.one_line_text);
+		json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct);
+	} else {
+		if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
+			tmp_val.val = val->val;
+			tmp_val.len = vec.pt.len;
+
+			info.one_line_text[0] = '\0';
+			writeback_hex_str("", info.one_line_text, &tmp_val);
+			json_object_set_new(json_info.json_write_case, PT_JSON_STR,
+				json_string(info.one_line_text));
+		}  else {
+			json_object_set_new(json_info.json_write_case, "testPassed",
+				json_false());
+		}
+	}
+
+	return 0;
+}
+
+int
+parse_test_ccm_json_init(void)
+{
+	info.interim_callbacks = ccm_tests_interim_json_vectors;
+	info.parse_writeback = parse_test_ccm_json_writeback;
+	info.callbacks = ccm_tests_json_vectors;
+	return 0;
+}
+#endif /* USE_JANSSON */
+
 static int
 parse_test_ccm_writeback(struct fips_val *val)
 {
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 52076160b5..1974dc959b 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2677,6 +2677,9 @@ fips_test_one_test_group(void)
 	case FIPS_TEST_ALGO_AES_GCM:
 		ret = parse_test_gcm_json_init();
 		break;
+	case FIPS_TEST_ALGO_AES_CCM:
+		ret = parse_test_ccm_json_init();
+		break;
 	case FIPS_TEST_ALGO_HMAC:
 		ret = parse_test_hmac_json_init();
 		break;
-- 
2.25.1

[v1, 06/10] examples/fips_validation: add ECDSA keygen support

[Gowrishankar Muthukrishnan]

Add support to validate ECDSA keygen mode tests.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 .../fips_validation/fips_validation_ecdsa.c   | 52 +++++++++++++++++++
 examples/fips_validation/main.c               | 13 +++++
 2 files changed, 65 insertions(+)

diff --git a/examples/fips_validation/fips_validation_ecdsa.c b/examples/fips_validation/fips_validation_ecdsa.c
index d47ab0b5d1..5c91abfc5a 100644
--- a/examples/fips_validation/fips_validation_ecdsa.c
+++ b/examples/fips_validation/fips_validation_ecdsa.c
@@ -295,6 +295,20 @@ parse_test_ecdsa_json_writeback(struct fips_val *val)
 			json_object_set_new(json_info.json_write_case, "testPassed", json_true());
 		else
 			json_object_set_new(json_info.json_write_case, "testPassed", json_false());
+	} else if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+		json_t *obj;
+
+		writeback_hex_str("", info.one_line_text, &vec.ecdsa.pkey);
+		obj = json_string(info.one_line_text);
+		json_object_set_new(json_info.json_write_case, "d", obj);
+
+		writeback_hex_str("", info.one_line_text, &vec.ecdsa.qx);
+		obj = json_string(info.one_line_text);
+		json_object_set_new(json_info.json_write_case, "qx", obj);
+
+		writeback_hex_str("", info.one_line_text, &vec.ecdsa.qy);
+		obj = json_string(info.one_line_text);
+		json_object_set_new(json_info.json_write_case, "qy", obj);
 	}
 
 	return 0;
@@ -367,6 +381,36 @@ parse_siggen_message_str(const char *key, char *src, struct fips_val *val)
 	return ret;
 }
 
+static int
+parse_keygen_tc_str(const char *key, char *src, struct fips_val *val)
+{
+	RTE_SET_USED(key);
+	RTE_SET_USED(src);
+	RTE_SET_USED(val);
+
+	if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+		if (vec.ecdsa.pkey.val) {
+			rte_free(vec.ecdsa.pkey.val);
+			vec.ecdsa.pkey.val = NULL;
+		}
+
+		if (vec.ecdsa.k.val) {
+			rte_free(vec.ecdsa.k.val);
+			vec.ecdsa.k.val = NULL;
+		}
+
+		if (prepare_vec_ecdsa() < 0)
+			return -1;
+
+		if (prepare_vec_ecdsa_k() < 0)
+			return -1;
+
+		info.interim_info.ecdsa_data.pubkey_gen = 1;
+	}
+
+	return 0;
+}
+
 static int
 parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val *val)
 {
@@ -402,6 +446,11 @@ struct fips_test_callback ecdsa_sigver_json_vectors[] = {
 		{NULL, NULL, NULL} /**< end pointer */
 };
 
+struct fips_test_callback ecdsa_keygen_json_vectors[] = {
+		{"tcId", parse_keygen_tc_str, &vec.pt},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
 int
 parse_test_ecdsa_json_init(void)
 {
@@ -421,6 +470,9 @@ parse_test_ecdsa_json_init(void)
 	} else if (strcmp(mode_str, "sigVer") == 0) {
 		info.op = FIPS_TEST_ASYM_SIGVER;
 		info.callbacks = ecdsa_sigver_json_vectors;
+	} else if (strcmp(mode_str, "keyGen") == 0) {
+		info.op = FIPS_TEST_ASYM_KEYGEN;
+		info.callbacks = ecdsa_keygen_json_vectors;
 	} else {
 		return -EINVAL;
 	}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 1974dc959b..97190902aa 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1758,6 +1758,19 @@ fips_run_test(void)
 
 	env.op = env.sym.op;
 	if (env.is_asym_test) {
+		if (info.op == FIPS_TEST_ASYM_KEYGEN &&
+			info.algo == FIPS_TEST_ALGO_ECDSA) {
+			env.op = env.asym.op;
+			test_ops.prepare_asym_xform = prepare_ecfpm_xform;
+			test_ops.prepare_asym_op = prepare_ecfpm_op;
+			ret = fips_run_asym_test();
+			if (ret < 0)
+				return ret;
+
+			info.interim_info.ecdsa_data.pubkey_gen = 0;
+			return ret;
+		}
+
 		vec.cipher_auth.digest.len = parse_test_sha_hash_size(
 						info.interim_info.rsa_data.auth);
 		test_ops.prepare_sym_xform = prepare_sha_xform;
-- 
2.25.1

[v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test

[Gowrishankar Muthukrishnan]

Add SHA3 algorithms in ECDSA as supported.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation_ecdsa.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/examples/fips_validation/fips_validation_ecdsa.c b/examples/fips_validation/fips_validation_ecdsa.c
index 5c91abfc5a..aef722d147 100644
--- a/examples/fips_validation/fips_validation_ecdsa.c
+++ b/examples/fips_validation/fips_validation_ecdsa.c
@@ -50,6 +50,10 @@ struct {
 		{RTE_CRYPTO_AUTH_SHA256, "SHA2-256"},
 		{RTE_CRYPTO_AUTH_SHA384, "SHA2-384"},
 		{RTE_CRYPTO_AUTH_SHA512, "SHA2-512"},
+		{RTE_CRYPTO_AUTH_SHA3_224, "SHA3-224"},
+		{RTE_CRYPTO_AUTH_SHA3_256, "SHA3-256"},
+		{RTE_CRYPTO_AUTH_SHA3_384, "SHA3-384"},
+		{RTE_CRYPTO_AUTH_SHA3_512, "SHA3-512"},
 };
 
 struct {
-- 
2.25.1

[v1, 08/10] examples/fips_validation: fix AES GCM validation tests

[Gowrishankar Muthukrishnan]

AES GCM validation tests fail in FIPS validation due to incorrect
fields populated in response file. This patch fixes them.

Fixes: 5b540bebac8e ("examples/fips_validation: fix GMAC decryption output")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation_gcm.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/examples/fips_validation/fips_validation_gcm.c b/examples/fips_validation/fips_validation_gcm.c
index a80d8b3e4d..bf08d1b995 100644
--- a/examples/fips_validation/fips_validation_gcm.c
+++ b/examples/fips_validation/fips_validation_gcm.c
@@ -79,7 +79,7 @@ parser_read_gcm_pt_len(const char *key, char *src,
 	if (ret < 0)
 		return ret;
 
-	if (vec.pt.len == 0) {
+	if (info.algo == FIPS_TEST_ALGO_AES_GMAC && vec.pt.len == 0) {
 		info.interim_info.gcm_data.is_gmac = 1;
 		test_ops.prepare_sym_op = prepare_auth_op;
 		test_ops.prepare_sym_xform = prepare_gmac_xform;
@@ -296,6 +296,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
 			tmp_val.val = val->val;
 			tmp_val.len = vec.pt.len;
 
+			info.one_line_text[0] = '\0';
 			writeback_hex_str("", info.one_line_text, &tmp_val);
 			ct = json_string(info.one_line_text);
 			json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct);
@@ -326,6 +327,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
 				tmp_val.val = val->val;
 				tmp_val.len = vec.pt.len;
 
+				info.one_line_text[0] = '\0';
 				writeback_hex_str("", info.one_line_text, &tmp_val);
 				json_object_set_new(json_info.json_write_case, PT_JSON_STR,
 					json_string(info.one_line_text));
@@ -334,12 +336,8 @@ parse_test_gcm_json_writeback(struct fips_val *val)
 					json_true());
 			}
 		} else {
-			if (!info.interim_info.gcm_data.is_gmac)
-				json_object_set_new(json_info.json_write_case, PT_JSON_STR,
-					json_string(""));
-			else
-				json_object_set_new(json_info.json_write_case, "testPassed",
-					json_false());
+			json_object_set_new(json_info.json_write_case, "testPassed",
+				json_false());
 		}
 	}
 
-- 
2.25.1

[v1, 09/10] examples/fips_validation: fix AES XTS to read seq number

[Gowrishankar Muthukrishnan]

Fix AES XTS test to read sequence number correctly.

Fixes: f8e431ed8f6 ("examples/fips_validation: add parsing for AES-XTS")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation_xts.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/examples/fips_validation/fips_validation_xts.c b/examples/fips_validation/fips_validation_xts.c
index 531e3c688e..530df78ab4 100644
--- a/examples/fips_validation/fips_validation_xts.c
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -34,6 +34,7 @@
 #define DATAUNITLEN_JSON_STR	"dataUnitLen"
 #define PAYLOADLEN_JSON_STR	"payloadLen"
 #define TWEAKVALUE_JSON_STR	"tweakValue"
+#define SEQNUMBER_JSON_STR	"sequenceNumber"
 #define PT_JSON_STR	"pt"
 #define CT_JSON_STR	"ct"
 
@@ -95,14 +96,17 @@ parser_xts_read_keylen(const char *key, char *src, struct fips_val *val)
 static int
 parser_xts_read_tweakval(const char *key, char *src, struct fips_val *val)
 {
+	char num_str[4] = {0};
 	int ret;
 
-	if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX)
+	if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX) {
 		ret = parse_uint8_hex_str(key, src, val);
-	else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER)
-		ret = parser_read_uint32_bit_val(key, src, val);
-	else
+	} else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER) {
+		snprintf(num_str, RTE_DIM(num_str), "%x", atoi(src));
+		ret = parse_uint8_hex_str(key, num_str, val);
+	} else {
 		ret = -1;
+	}
 
 	return ret;
 }
@@ -122,6 +126,7 @@ struct fips_test_callback xts_interim_json_vectors[] = {
 struct fips_test_callback xts_enc_json_vectors[] = {
 		{KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
 		{TWEAKVALUE_JSON_STR, parser_xts_read_tweakval, &vec.iv},
+		{SEQNUMBER_JSON_STR, parser_xts_read_tweakval, &vec.iv},
 		{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
 		{NULL, NULL, NULL} /**< end pointer */
 };
-- 
2.25.1

[v1, 10/10] examples/fips_validation: add extra space in JSON buffer

[Gowrishankar Muthukrishnan]

Current test buffer to copy input data of maximum possible length
did not account NULL character, due to which a last input character
is always ignored and it causes tests like RSA SIGVER for modulo
of 4096 bits to fail. This patch fixes it.

Fixes: 0b65d54f3a4 ("examples/fips_validation: fix JSON buffer size")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index c4988053c1..abc1d64742 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -247,7 +247,7 @@ struct ecdsa_interim_data {
  * Esp, in asym op, modulo bits decide char buffer size.
  * max = (modulo / 4)
  */
-#define FIPS_TEST_JSON_BUF_LEN (4096 / 4)
+#define FIPS_TEST_JSON_BUF_LEN ((4096 / 4) + 1)
 
 struct fips_test_json_info {
 	/* Information used for reading from json */
-- 
2.25.1

RE: [v1, 10/10] examples/fips_validation: add extra space in JSON buffer

[Dooley, Brian]

Hi Gowrishankar,

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 10/10] examples/fips_validation: add extra space in JSON buffer
> 
> Current test buffer to copy input data of maximum possible length did not
> account NULL character, due to which a last input character is always ignored
> and it causes tests like RSA SIGVER for modulo of 4096 bits to fail. This patch
> fixes it.
> 
> Fixes: 0b65d54f3a4 ("examples/fips_validation: fix JSON buffer size")
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  examples/fips_validation/fips_validation.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index c4988053c1..abc1d64742 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -247,7 +247,7 @@ struct ecdsa_interim_data {
>   * Esp, in asym op, modulo bits decide char buffer size.
>   * max = (modulo / 4)
>   */
> -#define FIPS_TEST_JSON_BUF_LEN (4096 / 4)
> +#define FIPS_TEST_JSON_BUF_LEN ((4096 / 4) + 1)
> 
>  struct fips_test_json_info {
>  	/* Information used for reading from json */
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 09/10] examples/fips_validation: fix AES XTS to read seq number

[Dooley, Brian]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 09/10] examples/fips_validation: fix AES XTS to read seq
> number
> 
> Fix AES XTS test to read sequence number correctly.
> 
> Fixes: f8e431ed8f6 ("examples/fips_validation: add parsing for AES-XTS")
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  examples/fips_validation/fips_validation_xts.c | 13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation_xts.c
> b/examples/fips_validation/fips_validation_xts.c
> index 531e3c688e..530df78ab4 100644
> --- a/examples/fips_validation/fips_validation_xts.c
> +++ b/examples/fips_validation/fips_validation_xts.c
> @@ -34,6 +34,7 @@
>  #define DATAUNITLEN_JSON_STR	"dataUnitLen"
>  #define PAYLOADLEN_JSON_STR	"payloadLen"
>  #define TWEAKVALUE_JSON_STR	"tweakValue"
> +#define SEQNUMBER_JSON_STR	"sequenceNumber"
>  #define PT_JSON_STR	"pt"
>  #define CT_JSON_STR	"ct"
> 
> @@ -95,14 +96,17 @@ parser_xts_read_keylen(const char *key, char *src,
> struct fips_val *val)  static int  parser_xts_read_tweakval(const char *key,
> char *src, struct fips_val *val)  {
> +	char num_str[4] = {0};
>  	int ret;
> 
> -	if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_HEX)
> +	if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_HEX) {
>  		ret = parse_uint8_hex_str(key, src, val);
> -	else if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_NUMBER)
> -		ret = parser_read_uint32_bit_val(key, src, val);
> -	else
> +	} else if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_NUMBER) {
> +		snprintf(num_str, RTE_DIM(num_str), "%x", atoi(src));
> +		ret = parse_uint8_hex_str(key, num_str, val);
> +	} else {
>  		ret = -1;
> +	}
> 
>  	return ret;
>  }
> @@ -122,6 +126,7 @@ struct fips_test_callback xts_interim_json_vectors[] =
> {  struct fips_test_callback xts_enc_json_vectors[] = {
>  		{KEY_JSON_STR, parse_uint8_known_len_hex_str,
> &vec.cipher_auth.key},
>  		{TWEAKVALUE_JSON_STR, parser_xts_read_tweakval,
> &vec.iv},
> +		{SEQNUMBER_JSON_STR, parser_xts_read_tweakval,
> &vec.iv},
>  		{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
>  		{NULL, NULL, NULL} /**< end pointer */  };
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 08/10] examples/fips_validation: fix AES GCM validation tests

[Dooley, Brian]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 08/10] examples/fips_validation: fix AES GCM validation tests
> 
> AES GCM validation tests fail in FIPS validation due to incorrect fields
> populated in response file. This patch fixes them.
> 
> Fixes: 5b540bebac8e ("examples/fips_validation: fix GMAC decryption
> output")
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  examples/fips_validation/fips_validation_gcm.c | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation_gcm.c
> b/examples/fips_validation/fips_validation_gcm.c
> index a80d8b3e4d..bf08d1b995 100644
> --- a/examples/fips_validation/fips_validation_gcm.c
> +++ b/examples/fips_validation/fips_validation_gcm.c
> @@ -79,7 +79,7 @@ parser_read_gcm_pt_len(const char *key, char *src,
>  	if (ret < 0)
>  		return ret;
> 
> -	if (vec.pt.len == 0) {
> +	if (info.algo == FIPS_TEST_ALGO_AES_GMAC && vec.pt.len == 0) {
>  		info.interim_info.gcm_data.is_gmac = 1;
>  		test_ops.prepare_sym_op = prepare_auth_op;
>  		test_ops.prepare_sym_xform = prepare_gmac_xform; @@ -
> 296,6 +296,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
>  			tmp_val.val = val->val;
>  			tmp_val.len = vec.pt.len;
> 
> +			info.one_line_text[0] = '\0';
>  			writeback_hex_str("", info.one_line_text,
> &tmp_val);
>  			ct = json_string(info.one_line_text);
>  			json_object_set_new(json_info.json_write_case,
> CT_JSON_STR, ct); @@ -326,6 +327,7 @@
> parse_test_gcm_json_writeback(struct fips_val *val)
>  				tmp_val.val = val->val;
>  				tmp_val.len = vec.pt.len;
> 
> +				info.one_line_text[0] = '\0';
>  				writeback_hex_str("", info.one_line_text,
> &tmp_val);
> 
> 	json_object_set_new(json_info.json_write_case, PT_JSON_STR,
>  					json_string(info.one_line_text));
> @@ -334,12 +336,8 @@ parse_test_gcm_json_writeback(struct fips_val
> *val)
>  					json_true());
>  			}
>  		} else {
> -			if (!info.interim_info.gcm_data.is_gmac)
> -
> 	json_object_set_new(json_info.json_write_case, PT_JSON_STR,
> -					json_string(""));
> -			else
> -
> 	json_object_set_new(json_info.json_write_case, "testPassed",
> -					json_false());
> +			json_object_set_new(json_info.json_write_case,
> "testPassed",
> +				json_false());
>  		}
>  	}
> 
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test

[Dooley, Brian]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA
> test
> 
> Add SHA3 algorithms in ECDSA as supported.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  examples/fips_validation/fips_validation_ecdsa.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/examples/fips_validation/fips_validation_ecdsa.c
> b/examples/fips_validation/fips_validation_ecdsa.c
> index 5c91abfc5a..aef722d147 100644
> --- a/examples/fips_validation/fips_validation_ecdsa.c
> +++ b/examples/fips_validation/fips_validation_ecdsa.c
> @@ -50,6 +50,10 @@ struct {
>  		{RTE_CRYPTO_AUTH_SHA256, "SHA2-256"},
>  		{RTE_CRYPTO_AUTH_SHA384, "SHA2-384"},
>  		{RTE_CRYPTO_AUTH_SHA512, "SHA2-512"},
> +		{RTE_CRYPTO_AUTH_SHA3_224, "SHA3-224"},
> +		{RTE_CRYPTO_AUTH_SHA3_256, "SHA3-256"},
> +		{RTE_CRYPTO_AUTH_SHA3_384, "SHA3-384"},
> +		{RTE_CRYPTO_AUTH_SHA3_512, "SHA3-512"},
>  };
> 
>  struct {
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 06/10] examples/fips_validation: add ECDSA keygen support

[Dooley, Brian]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 06/10] examples/fips_validation: add ECDSA keygen support
> 
> Add support to validate ECDSA keygen mode tests.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  .../fips_validation/fips_validation_ecdsa.c   | 52 +++++++++++++++++++
>  examples/fips_validation/main.c               | 13 +++++
>  2 files changed, 65 insertions(+)
> 
> diff --git a/examples/fips_validation/fips_validation_ecdsa.c
> b/examples/fips_validation/fips_validation_ecdsa.c
> index d47ab0b5d1..5c91abfc5a 100644
> --- a/examples/fips_validation/fips_validation_ecdsa.c
> +++ b/examples/fips_validation/fips_validation_ecdsa.c
> @@ -295,6 +295,20 @@ parse_test_ecdsa_json_writeback(struct fips_val
> *val)
>  			json_object_set_new(json_info.json_write_case,
> "testPassed", json_true());
>  		else
>  			json_object_set_new(json_info.json_write_case,
> "testPassed", json_false());
> +	} else if (info.op == FIPS_TEST_ASYM_KEYGEN) {
> +		json_t *obj;
> +
> +		writeback_hex_str("", info.one_line_text, &vec.ecdsa.pkey);
> +		obj = json_string(info.one_line_text);
> +		json_object_set_new(json_info.json_write_case, "d", obj);
> +
> +		writeback_hex_str("", info.one_line_text, &vec.ecdsa.qx);
> +		obj = json_string(info.one_line_text);
> +		json_object_set_new(json_info.json_write_case, "qx", obj);
> +
> +		writeback_hex_str("", info.one_line_text, &vec.ecdsa.qy);
> +		obj = json_string(info.one_line_text);
> +		json_object_set_new(json_info.json_write_case, "qy", obj);
>  	}
> 
>  	return 0;
> @@ -367,6 +381,36 @@ parse_siggen_message_str(const char *key, char
> *src, struct fips_val *val)
>  	return ret;
>  }
> 
> +static int
> +parse_keygen_tc_str(const char *key, char *src, struct fips_val *val) {
> +	RTE_SET_USED(key);
> +	RTE_SET_USED(src);
> +	RTE_SET_USED(val);
> +
> +	if (info.op == FIPS_TEST_ASYM_KEYGEN) {
> +		if (vec.ecdsa.pkey.val) {
> +			rte_free(vec.ecdsa.pkey.val);
> +			vec.ecdsa.pkey.val = NULL;
> +		}
> +
> +		if (vec.ecdsa.k.val) {
> +			rte_free(vec.ecdsa.k.val);
> +			vec.ecdsa.k.val = NULL;
> +		}
> +
> +		if (prepare_vec_ecdsa() < 0)
> +			return -1;
> +
> +		if (prepare_vec_ecdsa_k() < 0)
> +			return -1;
> +
> +		info.interim_info.ecdsa_data.pubkey_gen = 1;
> +	}
> +
> +	return 0;
> +}
> +
>  static int
>  parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val
> *val)  { @@ -402,6 +446,11 @@ struct fips_test_callback
> ecdsa_sigver_json_vectors[] = {
>  		{NULL, NULL, NULL} /**< end pointer */  };
> 
> +struct fips_test_callback ecdsa_keygen_json_vectors[] = {
> +		{"tcId", parse_keygen_tc_str, &vec.pt},
> +		{NULL, NULL, NULL} /**< end pointer */ };
> +
>  int
>  parse_test_ecdsa_json_init(void)
>  {
> @@ -421,6 +470,9 @@ parse_test_ecdsa_json_init(void)
>  	} else if (strcmp(mode_str, "sigVer") == 0) {
>  		info.op = FIPS_TEST_ASYM_SIGVER;
>  		info.callbacks = ecdsa_sigver_json_vectors;
> +	} else if (strcmp(mode_str, "keyGen") == 0) {
> +		info.op = FIPS_TEST_ASYM_KEYGEN;
> +		info.callbacks = ecdsa_keygen_json_vectors;
>  	} else {
>  		return -EINVAL;
>  	}
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index 1974dc959b..97190902aa 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1758,6 +1758,19 @@ fips_run_test(void)
> 
>  	env.op = env.sym.op;
>  	if (env.is_asym_test) {
> +		if (info.op == FIPS_TEST_ASYM_KEYGEN &&
> +			info.algo == FIPS_TEST_ALGO_ECDSA) {
> +			env.op = env.asym.op;
> +			test_ops.prepare_asym_xform =
> prepare_ecfpm_xform;
> +			test_ops.prepare_asym_op = prepare_ecfpm_op;
> +			ret = fips_run_asym_test();
> +			if (ret < 0)
> +				return ret;
> +
> +			info.interim_info.ecdsa_data.pubkey_gen = 0;
> +			return ret;
> +		}
> +
>  		vec.cipher_auth.digest.len = parse_test_sha_hash_size(
> 
> 	info.interim_info.rsa_data.auth);
>  		test_ops.prepare_sym_xform = prepare_sha_xform;
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 05/10] examples/fips_validation: add CCM JSON validation

[Dooley, Brian]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 05/10] examples/fips_validation: add CCM JSON validation
> 
> Add support in fips_validation to parse CCM JSON vectors.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  doc/guides/sample_app_ug/fips_validation.rst  |   1 +
>  examples/fips_validation/fips_validation.c    |   2 +
>  examples/fips_validation/fips_validation.h    |   3 +
>  .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++++++++
>  examples/fips_validation/main.c               |   3 +
>  5 files changed, 141 insertions(+)
> 
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 4fc8297b34..613c5afd19 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -60,6 +60,7 @@ ACVP
>  * Supported test vectors
>      * AES-CBC (128,192,256) - AFT, MCT
>      * AES-GCM (128,192,256) - AFT
> +    * AES-CCM (128,192,256) - AFT
>      * AES-CMAC (128,192,256) - AFT
>      * AES-CTR (128,192,256) - AFT, CTR
>      * AES-GMAC (128,192,256) - AFT
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index d3b6099d73..f840804009 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -460,6 +460,8 @@ fips_test_parse_one_json_vector_set(void)
>  	/* Vector sets contain the algorithm type, and nothing else we need.
> */
>  	if (strstr(algo_str, "AES-GCM"))
>  		info.algo = FIPS_TEST_ALGO_AES_GCM;
> +	else if (strstr(algo_str, "AES-CCM"))
> +		info.algo = FIPS_TEST_ALGO_AES_CCM;
>  	else if (strstr(algo_str, "AES-GMAC"))
>  		info.algo = FIPS_TEST_ALGO_AES_GMAC;
>  	else if (strstr(algo_str, "HMAC"))
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 8fcb5c8500..c4988053c1 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -338,6 +338,9 @@ fips_test_parse_one_json_case(void);
>  int
>  parse_test_gcm_json_init(void);
> 
> +int
> +parse_test_ccm_json_init(void);
> +
>  int
>  parse_test_hmac_json_init(void);
> 
> diff --git a/examples/fips_validation/fips_validation_ccm.c
> b/examples/fips_validation/fips_validation_ccm.c
> index 632999c1e4..0e3ee0d247 100644
> --- a/examples/fips_validation/fips_validation_ccm.c
> +++ b/examples/fips_validation/fips_validation_ccm.c
> @@ -34,6 +34,18 @@
>  #define POS_KEYWORD	"Pass"
>  #define NEG_KEYWORD	"Fail"
> 
> +#define DIR_JSON_STR	"direction"
> +#define IVLEN_JSON_STR		"ivLen"
> +#define PTLEN_JSON_STR	"payloadLen"
> +#define AADLEN_JSON_STR		"aadLen"
> +#define TAGLEN_JSON_STR		"tagLen"
> +#define KEYLEN_JSON_STR		"keyLen"
> +#define PT_JSON_STR		"pt"
> +#define CT_JSON_STR		"ct"
> +#define KEY_JSON_STR		"key"
> +#define IV_JSON_STR		"iv"
> +#define AAD_JSON_STR		"aad"
> +
>  static int
>  parser_dvpt_interim(const char *key, char *src, struct fips_val *val)  { @@ -
> 206,6 +218,126 @@ struct ccm_test_types {
>  			FIPS_TEST_ENC_AUTH_GEN},
>  };
> 
> +#ifdef USE_JANSSON
> +static int
> +parser_read_ccm_direction_str(__rte_unused const char *key, char *src,
> +	__rte_unused struct fips_val *val)
> +{
> +	if (strcmp(src, "encrypt") == 0)
> +		info.op = FIPS_TEST_ENC_AUTH_GEN;
> +	else if (strcmp(src, "decrypt") == 0)
> +		info.op = FIPS_TEST_DEC_AUTH_VERIF;
> +
> +	return 0;
> +}
> +
> +static int
> +parser_read_ccm_aad_str(const char *key, char *src, struct fips_val
> +*val) {
> +	struct fips_val tmp_val = {0};
> +	uint32_t len = val->len;
> +
> +	/* CCM aad requires 18 bytes padding before the real content */
> +	val->val = rte_zmalloc(NULL, len + 18, 0);
> +	if (!val->val)
> +		return -1;
> +
> +	if (parse_uint8_hex_str(key, src, &tmp_val) < 0)
> +		return -1;
> +
> +	memcpy(val->val + 18, tmp_val.val, val->len);
> +	rte_free(tmp_val.val);
> +
> +	return 0;
> +}
> +
> +static int
> +parse_read_ccm_ct_str(const char *key, char *src, struct fips_val *val)
> +{
> +	int ret;
> +
> +	val->len = vec.pt.len;
> +
> +	ret = parse_uint8_known_len_hex_str(key, src, val);
> +	if (ret < 0)
> +		return ret;
> +
> +	src += val->len * 2;
> +
> +	ret = parse_uint8_known_len_hex_str("", src, &vec.aead.digest);
> +	if (ret < 0) {
> +		rte_free(val->val);
> +		memset(val, 0, sizeof(*val));
> +		return ret;
> +	}
> +
> +	return 0;
> +}
> +
> +struct fips_test_callback ccm_tests_interim_json_vectors[] = {
> +	{DIR_JSON_STR, parser_read_ccm_direction_str, NULL},
> +	{IVLEN_JSON_STR, parser_read_uint32_bit_val, &vec.iv},
> +	{PTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.pt},
> +	{AADLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.aad},
> +	{TAGLEN_JSON_STR, parser_read_uint32_bit_val,
> &vec.aead.digest},
> +	{KEYLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.key},
> +	{NULL, NULL, NULL} /**< end pointer */ };
> +
> +struct fips_test_callback ccm_tests_json_vectors[] = {
> +	{PT_JSON_STR, parse_uint8_known_len_hex_str, &vec.pt},
> +	{CT_JSON_STR, parse_read_ccm_ct_str, &vec.ct},
> +	{KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.aead.key},
> +	{IV_JSON_STR, parse_uint8_known_len_hex_str, &vec.iv},
> +	{AAD_JSON_STR, parser_read_ccm_aad_str, &vec.aead.aad},
> +	{NULL, NULL, NULL} /**< end pointer */ };
> +
> +static int
> +parse_test_ccm_json_writeback(struct fips_val *val) {
> +	struct fips_val tmp_val;
> +	json_t *tcId;
> +
> +	tcId = json_object_get(json_info.json_test_case, "tcId");
> +	json_info.json_write_case = json_object();
> +	json_object_set(json_info.json_write_case, "tcId", tcId);
> +
> +	if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
> +		json_t *ct;
> +
> +		info.one_line_text[0] = '\0';
> +		writeback_hex_str("", info.one_line_text, val);
> +		ct = json_string(info.one_line_text);
> +		json_object_set_new(json_info.json_write_case,
> CT_JSON_STR, ct);
> +	} else {
> +		if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
> +			tmp_val.val = val->val;
> +			tmp_val.len = vec.pt.len;
> +
> +			info.one_line_text[0] = '\0';
> +			writeback_hex_str("", info.one_line_text,
> &tmp_val);
> +			json_object_set_new(json_info.json_write_case,
> PT_JSON_STR,
> +				json_string(info.one_line_text));
> +		}  else {
> +			json_object_set_new(json_info.json_write_case,
> "testPassed",
> +				json_false());
> +		}
> +	}
> +
> +	return 0;
> +}
> +
> +int
> +parse_test_ccm_json_init(void)
> +{
> +	info.interim_callbacks = ccm_tests_interim_json_vectors;
> +	info.parse_writeback = parse_test_ccm_json_writeback;
> +	info.callbacks = ccm_tests_json_vectors;
> +	return 0;
> +}
> +#endif /* USE_JANSSON */
> +
>  static int
>  parse_test_ccm_writeback(struct fips_val *val)  { diff --git
> a/examples/fips_validation/main.c b/examples/fips_validation/main.c index
> 52076160b5..1974dc959b 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -2677,6 +2677,9 @@ fips_test_one_test_group(void)
>  	case FIPS_TEST_ALGO_AES_GCM:
>  		ret = parse_test_gcm_json_init();
>  		break;
> +	case FIPS_TEST_ALGO_AES_CCM:
> +		ret = parse_test_ccm_json_init();
> +		break;
>  	case FIPS_TEST_ALGO_HMAC:
>  		ret = parse_test_hmac_json_init();
>  		break;
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 04/10] examples/fips_validation: add SHAKE validation

[Dooley, Brian]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 04/10] examples/fips_validation: add SHAKE validation
> 
> Add support in fips_validation to parse SHAKE algorithms.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  doc/guides/sample_app_ug/fips_validation.rst  |  1 +
>  examples/fips_validation/fips_validation.h    |  4 +-
>  .../fips_validation/fips_validation_sha.c     | 63 ++++++++++++-
>  examples/fips_validation/main.c               | 93 ++++++++++++++++++-
>  4 files changed, 154 insertions(+), 7 deletions(-)
> 
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 55837895fe..4fc8297b34 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -67,6 +67,7 @@ ACVP
>      * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256,
> SHA3_384, SHA3_512)
>      * SHA (1, 224, 256, 384, 512) - AFT, MCT
>      * SHA3 (224, 256, 384, 512) - AFT, MCT
> +    * SHAKE (128, 256) - AFT, MCT, VOT
>      * TDES-CBC - AFT, MCT
>      * TDES-ECB - AFT, MCT
>      * RSA
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 6c1bd35849..8fcb5c8500 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -163,7 +163,8 @@ enum fips_ccm_test_types {  enum
> fips_sha_test_types {
>  	SHA_KAT = 0,
>  	SHA_AFT,
> -	SHA_MCT
> +	SHA_MCT,
> +	SHAKE_VOT
>  };
> 
>  enum fips_rsa_test_types {
> @@ -205,6 +206,7 @@ struct sha_interim_data {
>  	/* keep algo always on top as it is also used in asym digest */
>  	enum rte_crypto_auth_algorithm algo;
>  	enum fips_sha_test_types test_type;
> +	uint8_t min_outlen;
>  	uint8_t md_blocks;
>  };
> 
> diff --git a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index 8b68f5ed36..7ce7d3744f 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -22,6 +22,9 @@
>  #define TESTTYPE_JSON_STR	"testType"
> 
>  #define PT_JSON_STR		"msg"
> +#define OUTLEN_JSON_STR	"outLen"
> +#define MINOUTLEN_JSON_STR	"minOutLen"
> +#define MAXOUTLEN_JSON_STR	"maxOutLen"
> 
>  struct plain_hash_size_conversion {
>  	const char *str;
> @@ -36,6 +39,8 @@ struct plain_hash_size_conversion {
>  		{"32", RTE_CRYPTO_AUTH_SHA3_256},
>  		{"48", RTE_CRYPTO_AUTH_SHA3_384},
>  		{"64", RTE_CRYPTO_AUTH_SHA3_512},
> +		{"16", RTE_CRYPTO_AUTH_SHAKE_128},
> +		{"32", RTE_CRYPTO_AUTH_SHAKE_256},
>  };
> 
>  int
> @@ -89,12 +94,26 @@ struct fips_test_callback sha_tests_interim_vectors[]
> = {  };
> 
>  #ifdef USE_JANSSON
> +static int
> +parse_interim_str(const char *key, char *src, struct fips_val *val) {
> +	RTE_SET_USED(val);
> +
> +	if (strcmp(key, MINOUTLEN_JSON_STR) == 0)
> +		info.interim_info.sha_data.min_outlen = atoi(src) / 8;
> +	else if (strcmp(key, MAXOUTLEN_JSON_STR) == 0)
> +		vec.cipher_auth.digest.len = atoi(src) / 8;
> +
> +	return 0;
> +}
> +
>  static struct {
>  	uint32_t type;
>  	const char *desc;
>  } sha_test_types[] = {
>  		{SHA_MCT, "MCT"},
>  		{SHA_AFT, "AFT"},
> +		{SHAKE_VOT, "VOT"},
>  };
> 
>  static struct plain_hash_algorithms {
> @@ -111,10 +130,19 @@ static struct plain_hash_algorithms {
>  		{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
>  		{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
>  		{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
> +		{"SHAKE-128", RTE_CRYPTO_AUTH_SHAKE_128, 1},
> +		{"SHAKE-256", RTE_CRYPTO_AUTH_SHAKE_256, 1},
>  };
> 
>  struct fips_test_callback sha_tests_json_vectors[] = {
>  		{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
> +		{OUTLEN_JSON_STR, parser_read_uint32_bit_val,
> &vec.cipher_auth.digest},
> +		{NULL, NULL, NULL} /**< end pointer */ };
> +
> +struct fips_test_callback sha_tests_interim_json_vectors[] = {
> +		{MINOUTLEN_JSON_STR, parse_interim_str, NULL},
> +		{MAXOUTLEN_JSON_STR, parse_interim_str, NULL},
>  		{NULL, NULL, NULL} /**< end pointer */  };  #endif /*
> USE_JANSSON */ @@ -185,6 +213,11 @@
> parse_test_sha_json_writeback(struct fips_val *val)
>  	md = json_string(info.one_line_text);
>  	json_object_set_new(json_info.json_write_case, "md", md);
> 
> +	if (info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_128 ||
> +		info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_256)
> +		json_object_set_new(json_info.json_write_case, "outLen",
> +			json_integer(vec.cipher_auth.digest.len * 8));
> +
>  	return 0;
>  }
> 
> @@ -193,6 +226,11 @@ parse_test_sha_mct_json_writeback(struct fips_val
> *val)  {
>  	json_t *tcId, *md, *resArr, *res;
>  	struct fips_val val_local;
> +	bool is_shake = false;
> +
> +	if (info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_128 ||
> +		info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_256)
> +		is_shake = true;
> 
>  	tcId = json_object_get(json_info.json_test_case, "tcId");
>  	if (json_info.json_write_case) {
> @@ -204,11 +242,17 @@ parse_test_sha_mct_json_writeback(struct
> fips_val *val)
>  			json_object_set_new(json_info.json_write_case,
> "tcId", tcId);
>  			json_object_set_new(json_info.json_write_case,
> "resultsArray",
>  								json_array());
> +			if (is_shake)
> +
> 	json_object_set_new(json_info.json_write_case, "outLen",
> +
> 	json_integer(0));
>  		}
>  	} else {
>  		json_info.json_write_case = json_object();
>  		json_object_set_new(json_info.json_write_case, "tcId",
> tcId);
>  		json_object_set_new(json_info.json_write_case,
> "resultsArray", json_array());
> +		if (is_shake)
> +			json_object_set_new(json_info.json_write_case,
> "outLen",
> +
> 	json_integer(0));
>  	}
> 
>  	resArr = json_object_get(json_info.json_write_case,
> "resultsArray"); @@ -224,6 +268,9 @@
> parse_test_sha_mct_json_writeback(struct fips_val *val)
>  	md = json_string(info.one_line_text);
>  	json_object_set_new(res, "md", md);
> 
> +	if (is_shake)
> +		json_object_set_new(res, "outLen",
> +json_integer(vec.cipher_auth.digest.len * 8));
> +
>  	json_array_append_new(resArr, res);
>  	return 0;
>  }
> @@ -250,12 +297,17 @@ parse_test_sha_json_algorithm(void)
>  	if (i == RTE_DIM(json_algorithms))
>  		return -1;
> 
> -	sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo);
> +	if (info.interim_info.sha_data.test_type == SHAKE_VOT) {
> +		sz = vec.cipher_auth.digest.len;
> +	} else {
> +		sz =
> parse_test_sha_hash_size(info.interim_info.sha_data.algo);
> +		vec.cipher_auth.digest.len = sz;
> +	}
> +
>  	if (sz < 0)
>  		return -1;
> 
>  	free(vec.cipher_auth.digest.val);
> -	vec.cipher_auth.digest.len = sz;
>  	vec.cipher_auth.digest.val = calloc(1, sz);
>  	if (vec.cipher_auth.digest.val == NULL)
>  		return -1;
> @@ -288,6 +340,7 @@ parse_test_sha_json_test_type(void)
>  		info.parse_writeback =
> parse_test_sha_mct_json_writeback;
>  		break;
>  	case SHA_AFT:
> +	case SHAKE_VOT:
>  		info.parse_writeback = parse_test_sha_json_writeback;
>  		break;
>  	default:
> @@ -308,12 +361,12 @@ parse_test_sha_json_init(void)
>  	info.callbacks = sha_tests_json_vectors;
>  	info.writeback_callbacks = NULL;
>  	info.kat_check = rsp_test_sha_check;
> -	info.interim_callbacks = NULL;
> +	info.interim_callbacks = sha_tests_interim_json_vectors;
> 
> -	if (parse_test_sha_json_algorithm() < 0)
> +	if (parse_test_sha_json_test_type() < 0)
>  		return -1;
> 
> -	if (parse_test_sha_json_test_type() < 0)
> +	if (parse_test_sha_json_algorithm() < 0)
>  		return -1;
> 
>  	return 0;
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index cf29e440f1..52076160b5 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -2356,6 +2356,93 @@ fips_mct_sha_test(void)
>  	return 0;
>  }
> 
> +static int
> +fips_mct_shake_test(void)
> +{
> +#define SHAKE_EXTERN_ITER	100
> +#define SHAKE_INTERN_ITER	1000
> +	uint32_t i, j, range, outlen, max_outlen;
> +	struct fips_val val = {NULL, 0}, md;
> +	uint8_t rightmost[2];
> +	int ret;
> +
> +	max_outlen = vec.cipher_auth.digest.len;
> +
> +	if (vec.cipher_auth.digest.val)
> +		free(vec.cipher_auth.digest.val);
> +
> +	vec.cipher_auth.digest.val = calloc(1, max_outlen);
> +
> +	if (vec.pt.val)
> +		memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.pt.len);
> +
> +	rte_free(vec.pt.val);
> +	vec.pt.val = rte_malloc(NULL, 16, 0);
> +	vec.pt.len = 16;
> +
> +	md.val = rte_malloc(NULL, max_outlen, 0);
> +	md.len = max_outlen;
> +
> +	if (info.file_type != FIPS_TYPE_JSON) {
> +		fips_test_write_one_case();
> +		fprintf(info.fp_wr, "\n");
> +	}
> +
> +	range = max_outlen - info.interim_info.sha_data.min_outlen + 1;
> +	outlen = max_outlen;
> +	for (j = 0; j < SHAKE_EXTERN_ITER; j++) {
> +		memset(md.val, 0, max_outlen);
> +		memcpy(md.val, vec.cipher_auth.digest.val,
> +			vec.cipher_auth.digest.len);
> +
> +		for (i = 0; i < (SHAKE_INTERN_ITER); i++) {
> +			memset(vec.pt.val, 0, vec.pt.len);
> +			memcpy(vec.pt.val, md.val, vec.pt.len);
> +			vec.cipher_auth.digest.len = outlen;
> +			ret = fips_run_test();
> +			if (ret < 0) {
> +				if (ret == -EPERM || ret == -ENOTSUP) {
> +					if (info.file_type == FIPS_TYPE_JSON)
> +						return ret;
> +
> +					fprintf(info.fp_wr, "Bypass\n\n");
> +					return 0;
> +				}
> +				return ret;
> +			}
> +
> +			ret = get_writeback_data(&val);
> +			if (ret < 0)
> +				return ret;
> +
> +			memset(md.val, 0, max_outlen);
> +			memcpy(md.val, (val.val + vec.pt.len),
> +				vec.cipher_auth.digest.len);
> +			md.len = outlen;
> +			rightmost[0] = md.val[md.len-1];
> +			rightmost[1] = md.val[md.len-2];
> +			outlen = info.interim_info.sha_data.min_outlen +
> +				(*(uint16_t *)rightmost % range);
> +		}
> +
> +		memcpy(vec.cipher_auth.digest.val, md.val, md.len);
> +		vec.cipher_auth.digest.len = md.len;
> +
> +		if (info.file_type != FIPS_TYPE_JSON)
> +			fprintf(info.fp_wr, "COUNT = %u\n", j);
> +
> +		info.parse_writeback(&val);
> +
> +		if (info.file_type != FIPS_TYPE_JSON)
> +			fprintf(info.fp_wr, "\n");
> +	}
> +
> +	rte_free(md.val);
> +	rte_free(vec.pt.val);
> +
> +	free(val.val);
> +	return 0;
> +}
> 
>  static int
>  init_test_ops(void)
> @@ -2408,7 +2495,11 @@ init_test_ops(void)
>  		test_ops.prepare_sym_op = prepare_auth_op;
>  		test_ops.prepare_sym_xform = prepare_sha_xform;
>  		if (info.interim_info.sha_data.test_type == SHA_MCT)
> -			test_ops.test = fips_mct_sha_test;
> +			if (info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_128 ||
> +				info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_256)
> +				test_ops.test = fips_mct_shake_test;
> +			else
> +				test_ops.test = fips_mct_sha_test;
>  		else
>  			test_ops.test = fips_generic_test;
>  		break;
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 03/10] examples/fips_validation: fix integer parse in test case

[Dooley, Brian]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 03/10] examples/fips_validation: fix integer parse in test case
> 
> Parsing integer value in test case vector does not store it because only string
> was expected. This patch adds handling for integer value as well.
> 
> Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  examples/fips_validation/fips_validation.c | 29 ++++++++++++++++------
>  1 file changed, 21 insertions(+), 8 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index f7a6d821ea..d3b6099d73 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -543,15 +543,28 @@ fips_test_parse_one_json_case(void)
> 
>  	for (i = 0; info.callbacks[i].key != NULL; i++) {
>  		param = json_object_get(json_info.json_test_case,
> info.callbacks[i].key);
> -		if (param) {
> -			strcpy(info.one_line_text,
> json_string_value(param));
> -			ret = info.callbacks[i].cb(
> -				info.callbacks[i].key, info.one_line_text,
> -				info.callbacks[i].val
> -			);
> -			if (ret < 0)
> -				return ret;
> +		if (!param)
> +			continue;
> +
> +		switch (json_typeof(param)) {
> +		case JSON_STRING:
> +			snprintf(info.one_line_text, MAX_LINE_CHAR, "%s",
> +					 json_string_value(param));
> +			break;
> +
> +		case JSON_INTEGER:
> +			snprintf(info.one_line_text, MAX_LINE_CHAR,
> "%"JSON_INTEGER_FORMAT,
> +					 json_integer_value(param));
> +			break;
> +
> +		default:
> +			return -EINVAL;
>  		}
> +
> +		ret = info.callbacks[i].cb(info.callbacks[i].key,
> info.one_line_text,
> +				info.callbacks[i].val);
> +		if (ret < 0)
> +			return ret;
>  	}
> 
>  	return 0;
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 02/10] examples/fips_validation: add SHA3 validation

[Dooley, Brian]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 02/10] examples/fips_validation: add SHA3 validation
> 
> Add support in fips_validation to parse SHA3 algorithms.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  doc/guides/sample_app_ug/fips_validation.rst  |  5 +-
>  examples/fips_validation/fips_validation.h    |  1 +
>  .../fips_validation/fips_validation_hmac.c    |  8 ++
>  .../fips_validation/fips_validation_sha.c     | 20 +++--
>  examples/fips_validation/main.c               | 76 +++++++++----------
>  5 files changed, 61 insertions(+), 49 deletions(-)
> 
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 50d23c789b..55837895fe 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -64,8 +64,9 @@ ACVP
>      * AES-CTR (128,192,256) - AFT, CTR
>      * AES-GMAC (128,192,256) - AFT
>      * AES-XTS (128,256) - AFT
> -    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
> -    * SHA (1, 256, 384, 512) - AFT, MCT
> +    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256,
> SHA3_384, SHA3_512)
> +    * SHA (1, 224, 256, 384, 512) - AFT, MCT
> +    * SHA3 (224, 256, 384, 512) - AFT, MCT
>      * TDES-CBC - AFT, MCT
>      * TDES-ECB - AFT, MCT
>      * RSA
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 565a5cd36e..6c1bd35849 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -205,6 +205,7 @@ struct sha_interim_data {
>  	/* keep algo always on top as it is also used in asym digest */
>  	enum rte_crypto_auth_algorithm algo;
>  	enum fips_sha_test_types test_type;
> +	uint8_t md_blocks;
>  };
> 
>  struct gcm_interim_data {
> diff --git a/examples/fips_validation/fips_validation_hmac.c
> b/examples/fips_validation/fips_validation_hmac.c
> index e0721ef028..f1cbc18435 100644
> --- a/examples/fips_validation/fips_validation_hmac.c
> +++ b/examples/fips_validation/fips_validation_hmac.c
> @@ -37,6 +37,10 @@ struct hash_size_conversion {
>  		{"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
>  		{"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
>  		{"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
> +		{"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
> +		{"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
> +		{"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
> +		{"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
>  };
> 
>  static int
> @@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = {
>  		{"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
>  		{"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
>  		{"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
> +		{"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
> +		{"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
> +		{"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
> +		{"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
>  };
> 
>  struct fips_test_callback hmac_tests_json_vectors[] = { diff --git
> a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index 178ea492d3..8b68f5ed36 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -32,6 +32,10 @@ struct plain_hash_size_conversion {
>  		{"32", RTE_CRYPTO_AUTH_SHA256},
>  		{"48", RTE_CRYPTO_AUTH_SHA384},
>  		{"64", RTE_CRYPTO_AUTH_SHA512},
> +		{"28", RTE_CRYPTO_AUTH_SHA3_224},
> +		{"32", RTE_CRYPTO_AUTH_SHA3_256},
> +		{"48", RTE_CRYPTO_AUTH_SHA3_384},
> +		{"64", RTE_CRYPTO_AUTH_SHA3_512},
>  };
> 
>  int
> @@ -96,12 +100,17 @@ static struct {
>  static struct plain_hash_algorithms {
>  	const char *str;
>  	enum rte_crypto_auth_algorithm algo;
> +	uint8_t md_blocks;
>  } json_algorithms[] = {
> -		{"SHA-1", RTE_CRYPTO_AUTH_SHA1},
> -		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
> -		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
> -		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
> -		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
> +		{"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3},
> +		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3},
> +		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3},
> +		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3},
> +		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3},
> +		{"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1},
> +		{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
> +		{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
> +		{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
>  };
> 
>  struct fips_test_callback sha_tests_json_vectors[] = { @@ -233,6 +242,7 @@
> parse_test_sha_json_algorithm(void)
>  	for (i = 0; i < RTE_DIM(json_algorithms); i++) {
>  		if (strstr(algorithm_str, json_algorithms[i].str)) {
>  			info.interim_info.sha_data.algo =
> json_algorithms[i].algo;
> +			info.interim_info.sha_data.md_blocks =
> json_algorithms[i].md_blocks;
>  			break;
>  		}
>  	}
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index cc585e8418..cf29e440f1 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -2267,22 +2267,27 @@ fips_mct_sha_test(void)  {
>  #define SHA_EXTERN_ITER	100
>  #define SHA_INTERN_ITER	1000
> -#define SHA_MD_BLOCK	3
> +	uint8_t md_blocks = info.interim_info.sha_data.md_blocks;
>  	struct fips_val val = {NULL, 0};
> -	struct fips_val  md[SHA_MD_BLOCK], msg;
> +	struct fips_val  md[md_blocks];
>  	int ret;
> -	uint32_t i, j;
> +	uint32_t i, j, k, offset, max_outlen;
> +
> +	max_outlen = md_blocks * vec.cipher_auth.digest.len;
> +
> +	if (vec.cipher_auth.digest.val)
> +		free(vec.cipher_auth.digest.val);
> +
> +	vec.cipher_auth.digest.val = calloc(1, max_outlen);
> 
> -	msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
> -	msg.val = calloc(1, msg.len);
>  	if (vec.pt.val)
>  		memcpy(vec.cipher_auth.digest.val, vec.pt.val,
> vec.cipher_auth.digest.len);
> 
> -	for (i = 0; i < SHA_MD_BLOCK; i++)
> -		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
> -
>  	rte_free(vec.pt.val);
> -	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK),
> 0);
> +	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*md_blocks), 0);
> +
> +	for (i = 0; i < md_blocks; i++)
> +		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
> 
>  	if (info.file_type != FIPS_TYPE_JSON) {
>  		fips_test_write_one_case();
> @@ -2290,30 +2295,19 @@ fips_mct_sha_test(void)
>  	}
> 
>  	for (j = 0; j < SHA_EXTERN_ITER; j++) {
> -
> -		memcpy(md[0].val, vec.cipher_auth.digest.val,
> -			vec.cipher_auth.digest.len);
> -		md[0].len = vec.cipher_auth.digest.len;
> -		memcpy(md[1].val, vec.cipher_auth.digest.val,
> -			vec.cipher_auth.digest.len);
> -		md[1].len = vec.cipher_auth.digest.len;
> -		memcpy(md[2].val, vec.cipher_auth.digest.val,
> -			vec.cipher_auth.digest.len);
> -		md[2].len = vec.cipher_auth.digest.len;
> -
> -		for (i = 0; i < SHA_MD_BLOCK; i++)
> -			memcpy(&msg.val[i * md[i].len], md[i].val,
> md[i].len);
> +		for (i = 0; i < md_blocks; i++) {
> +			memcpy(md[i].val, vec.cipher_auth.digest.val,
> +				vec.cipher_auth.digest.len);
> +			md[i].len = vec.cipher_auth.digest.len;
> +		}
> 
>  		for (i = 0; i < (SHA_INTERN_ITER); i++) {
> -
> -			memcpy(vec.pt.val, md[0].val,
> -				(size_t)md[0].len);
> -			memcpy((vec.pt.val + md[0].len), md[1].val,
> -				(size_t)md[1].len);
> -			memcpy((vec.pt.val + md[0].len + md[1].len),
> -				md[2].val,
> -				(size_t)md[2].len);
> -			vec.pt.len = md[0].len + md[1].len + md[2].len;
> +			offset = 0;
> +			for (k = 0; k < md_blocks; k++) {
> +				memcpy(vec.pt.val + offset, md[k].val,
> (size_t)md[k].len);
> +				offset += md[k].len;
> +			}
> +			vec.pt.len = offset;
> 
>  			ret = fips_run_test();
>  			if (ret < 0) {
> @@ -2331,18 +2325,18 @@ fips_mct_sha_test(void)
>  			if (ret < 0)
>  				return ret;
> 
> -			memcpy(md[0].val, md[1].val, md[1].len);
> -			md[0].len = md[1].len;
> -			memcpy(md[1].val, md[2].val, md[2].len);
> -			md[1].len = md[2].len;
> +			for (k = 1; k < md_blocks; k++) {
> +				memcpy(md[k-1].val, md[k].val, md[k].len);
> +				md[k-1].len = md[k].len;
> +			}
> 
> -			memcpy(md[2].val, (val.val + vec.pt.len),
> +			memcpy(md[md_blocks-1].val, (val.val + vec.pt.len),
>  				vec.cipher_auth.digest.len);
> -			md[2].len = vec.cipher_auth.digest.len;
> +			md[md_blocks-1].len = vec.cipher_auth.digest.len;
>  		}
> 
> -		memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
> -		vec.cipher_auth.digest.len = md[2].len;
> +		memcpy(vec.cipher_auth.digest.val, md[md_blocks-1].val,
> md[md_blocks-1].len);
> +		vec.cipher_auth.digest.len = md[md_blocks-1].len;
> 
>  		if (info.file_type != FIPS_TYPE_JSON)
>  			fprintf(info.fp_wr, "COUNT = %u\n", j); @@ -2353,14
> +2347,12 @@ fips_mct_sha_test(void)
>  			fprintf(info.fp_wr, "\n");
>  	}
> 
> -	for (i = 0; i < (SHA_MD_BLOCK); i++)
> +	for (i = 0; i < (md_blocks); i++)
>  		rte_free(md[i].val);
> 
>  	rte_free(vec.pt.val);
> 
>  	free(val.val);
> -	free(msg.val);
> -
>  	return 0;
>  }
> 
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 01/10] examples/fips_validation: fix MCT output for SHA

[Dooley, Brian]

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 01/10] examples/fips_validation: fix MCT output for SHA
> 
> MCT test for SHA need not print message string along with digest value.
> 
> Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  examples/fips_validation/fips_validation_sha.c |  8 ++------
>  examples/fips_validation/main.c                | 13 +++++--------
>  2 files changed, 7 insertions(+), 14 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index c5da2cc623..178ea492d3 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -182,7 +182,7 @@ parse_test_sha_json_writeback(struct fips_val *val)
> static int  parse_test_sha_mct_json_writeback(struct fips_val *val)  {
> -	json_t *tcId, *msg, *md, *resArr, *res;
> +	json_t *tcId, *md, *resArr, *res;
>  	struct fips_val val_local;
> 
>  	tcId = json_object_get(json_info.json_test_case, "tcId"); @@ -
> 208,11 +208,7 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
> 
>  	res = json_object();
> 
> -	writeback_hex_str("", info.one_line_text, &val[1]);
> -	msg = json_string(info.one_line_text);
> -	json_object_set_new(res, "msg", msg);
> -
> -	val_local.val = val[0].val + vec.pt.len;
> +	val_local.val = val->val + vec.pt.len;
>  	val_local.len = vec.cipher_auth.digest.len;
> 
>  	writeback_hex_str("", info.one_line_text, &val_local); diff --git
> a/examples/fips_validation/main.c b/examples/fips_validation/main.c index
> 622f8b5a6e..cc585e8418 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -2268,8 +2268,7 @@ fips_mct_sha_test(void)
>  #define SHA_EXTERN_ITER	100
>  #define SHA_INTERN_ITER	1000
>  #define SHA_MD_BLOCK	3
> -	/* val[0] is op result and other value is for parse_writeback callback
> */
> -	struct fips_val val[2] = {{NULL, 0},};
> +	struct fips_val val = {NULL, 0};
>  	struct fips_val  md[SHA_MD_BLOCK], msg;
>  	int ret;
>  	uint32_t i, j;
> @@ -2328,7 +2327,7 @@ fips_mct_sha_test(void)
>  				return ret;
>  			}
> 
> -			ret = get_writeback_data(&val[0]);
> +			ret = get_writeback_data(&val);
>  			if (ret < 0)
>  				return ret;
> 
> @@ -2337,7 +2336,7 @@ fips_mct_sha_test(void)
>  			memcpy(md[1].val, md[2].val, md[2].len);
>  			md[1].len = md[2].len;
> 
> -			memcpy(md[2].val, (val[0].val + vec.pt.len),
> +			memcpy(md[2].val, (val.val + vec.pt.len),
>  				vec.cipher_auth.digest.len);
>  			md[2].len = vec.cipher_auth.digest.len;
>  		}
> @@ -2348,9 +2347,7 @@ fips_mct_sha_test(void)
>  		if (info.file_type != FIPS_TYPE_JSON)
>  			fprintf(info.fp_wr, "COUNT = %u\n", j);
> 
> -		val[1].val = msg.val;
> -		val[1].len = msg.len;
> -		info.parse_writeback(val);
> +		info.parse_writeback(&val);
> 
>  		if (info.file_type != FIPS_TYPE_JSON)
>  			fprintf(info.fp_wr, "\n");
> @@ -2361,7 +2358,7 @@ fips_mct_sha_test(void)
> 
>  	rte_free(vec.pt.val);
> 
> -	free(val[0].val);
> +	free(val.val);
>  	free(msg.val);
> 
>  	return 0;
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 00/10] fips_validation application improvements

[Dooley, Brian]

Hi Gowrishankar,

Looks good to me.

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 00/10] fips_validation application improvements
> 
> This patch series adds support for SHA3, SHAKE, AES-CCM JSON test vectors
> and fixes existing algorithms to support NIST test vectors.
> 
> Gowrishankar Muthukrishnan (10):
>   examples/fips_validation: fix MCT output for SHA
>   examples/fips_validation: add SHA3 validation
>   examples/fips_validation: fix integer parse in test case
>   examples/fips_validation: add SHAKE validation
>   examples/fips_validation: add CCM JSON validation
>   examples/fips_validation: add ECDSA keygen support
>   examples/fips_validation: add SHA3 algorithms in ECDSA test
>   examples/fips_validation: fix AES GCM validation tests
>   examples/fips_validation: fix AES XTS to read seq number
>   examples/fips_validation: add extra space in JSON buffer
> 
>  doc/guides/sample_app_ug/fips_validation.rst  |   7 +-
>  examples/fips_validation/fips_validation.c    |  31 ++-
>  examples/fips_validation/fips_validation.h    |  10 +-
>  .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++
>  .../fips_validation/fips_validation_ecdsa.c   |  56 +++++
>  .../fips_validation/fips_validation_gcm.c     |  12 +-
>  .../fips_validation/fips_validation_hmac.c    |   8 +
>  .../fips_validation/fips_validation_sha.c     |  91 ++++++--
>  .../fips_validation/fips_validation_xts.c     |  13 +-
>  examples/fips_validation/main.c               | 196 +++++++++++++-----
>  10 files changed, 467 insertions(+), 89 deletions(-)
> 
> --
> 2.25.1

Series-acked-by: Brian Dooley <brian.dooley@intel.com>

RE: [v1, 00/10] fips_validation application improvements

[Akhil Goyal]

> Hi Gowrishankar,
> 
> Looks good to me.
> 
> > Subject: [v1, 00/10] fips_validation application improvements
> >
> > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test vectors
> > and fixes existing algorithms to support NIST test vectors.
> >
> > Gowrishankar Muthukrishnan (10):
> >   examples/fips_validation: fix MCT output for SHA
> >   examples/fips_validation: add SHA3 validation
> >   examples/fips_validation: fix integer parse in test case
> >   examples/fips_validation: add SHAKE validation
> >   examples/fips_validation: add CCM JSON validation
> >   examples/fips_validation: add ECDSA keygen support
> >   examples/fips_validation: add SHA3 algorithms in ECDSA test
> >   examples/fips_validation: fix AES GCM validation tests
> >   examples/fips_validation: fix AES XTS to read seq number
> >   examples/fips_validation: add extra space in JSON buffer
> >
> >  doc/guides/sample_app_ug/fips_validation.rst  |   7 +-
> >  examples/fips_validation/fips_validation.c    |  31 ++-
> >  examples/fips_validation/fips_validation.h    |  10 +-
> >  .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++
> >  .../fips_validation/fips_validation_ecdsa.c   |  56 +++++
> >  .../fips_validation/fips_validation_gcm.c     |  12 +-
> >  .../fips_validation/fips_validation_hmac.c    |   8 +
> >  .../fips_validation/fips_validation_sha.c     |  91 ++++++--
> >  .../fips_validation/fips_validation_xts.c     |  13 +-
> >  examples/fips_validation/main.c               | 196 +++++++++++++-----
> >  10 files changed, 467 insertions(+), 89 deletions(-)
> >
> > --
> > 2.25.1
> 
> Series-acked-by: Brian Dooley <brian.dooley@intel.com>

Series Applied to dpdk-next-crypto

Thanks.

RE: [v1, 00/10] fips_validation application improvements

[Akhil Goyal]

Hi Gowrishankar,
> >
> > > Subject: [v1, 00/10] fips_validation application improvements
> > >
> > > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test vectors
> > > and fixes existing algorithms to support NIST test vectors.
> > >
> > > Gowrishankar Muthukrishnan (10):
> > >   examples/fips_validation: fix MCT output for SHA
> > >   examples/fips_validation: add SHA3 validation
> > >   examples/fips_validation: fix integer parse in test case
> > >   examples/fips_validation: add SHAKE validation
> > >   examples/fips_validation: add CCM JSON validation
> > >   examples/fips_validation: add ECDSA keygen support
> > >   examples/fips_validation: add SHA3 algorithms in ECDSA test
> > >   examples/fips_validation: fix AES GCM validation tests
> > >   examples/fips_validation: fix AES XTS to read seq number
> > >   examples/fips_validation: add extra space in JSON buffer
> > >
> > >  doc/guides/sample_app_ug/fips_validation.rst  |   7 +-
> > >  examples/fips_validation/fips_validation.c    |  31 ++-
> > >  examples/fips_validation/fips_validation.h    |  10 +-
> > >  .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++
> > >  .../fips_validation/fips_validation_ecdsa.c   |  56 +++++
> > >  .../fips_validation/fips_validation_gcm.c     |  12 +-
> > >  .../fips_validation/fips_validation_hmac.c    |   8 +
> > >  .../fips_validation/fips_validation_sha.c     |  91 ++++++--
> > >  .../fips_validation/fips_validation_xts.c     |  13 +-
> > >  examples/fips_validation/main.c               | 196 +++++++++++++-----
> > >  10 files changed, 467 insertions(+), 89 deletions(-)
> > >
> > > --
> > > 2.25.1
> >
> > Series-acked-by: Brian Dooley <brian.dooley@intel.com>
> 
> Series Applied to dpdk-next-crypto
The series is showing compilation issues, please fix it. The series is removed from the tree.

Re: [v1, 00/10] fips_validation application improvements

[Patrick Robb]

[-- Attachment #1: Type: text/plain, Size: 3031 bytes --]

Hello Akhil and Gowrishankar,

We saw the same issue with running the fips sample app under CI testing
here at the UNH Community Lab:
http://mails.dpdk.org/archives/test-report/2023-February/350635.html. We
reported a warn because it failed on the compilation stage (as opposed to a
failure of the actual sample app run).

On the other hand, we are excited to see this patch again with the
compilation part resolved. I sent an email to the dev mailing list a few
weeks ago for our fips sample app CI testing regarding where we could and
could not provide test vector coverage, and it appears this patch series
may resolve our ciphertext issue with AES-GCM test vector and more issues
with the sample app. So - looking forward to seeing a patch like this being
merged when stable!

Best,
Patrick Robb






On Tue, Feb 28, 2023 at 2:39 AM Akhil Goyal <gakhil@marvell.com> wrote:

> Hi Gowrishankar,
> > >
> > > > Subject: [v1, 00/10] fips_validation application improvements
> > > >
> > > > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test
> vectors
> > > > and fixes existing algorithms to support NIST test vectors.
> > > >
> > > > Gowrishankar Muthukrishnan (10):
> > > >   examples/fips_validation: fix MCT output for SHA
> > > >   examples/fips_validation: add SHA3 validation
> > > >   examples/fips_validation: fix integer parse in test case
> > > >   examples/fips_validation: add SHAKE validation
> > > >   examples/fips_validation: add CCM JSON validation
> > > >   examples/fips_validation: add ECDSA keygen support
> > > >   examples/fips_validation: add SHA3 algorithms in ECDSA test
> > > >   examples/fips_validation: fix AES GCM validation tests
> > > >   examples/fips_validation: fix AES XTS to read seq number
> > > >   examples/fips_validation: add extra space in JSON buffer
> > > >
> > > >  doc/guides/sample_app_ug/fips_validation.rst  |   7 +-
> > > >  examples/fips_validation/fips_validation.c    |  31 ++-
> > > >  examples/fips_validation/fips_validation.h    |  10 +-
> > > >  .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++
> > > >  .../fips_validation/fips_validation_ecdsa.c   |  56 +++++
> > > >  .../fips_validation/fips_validation_gcm.c     |  12 +-
> > > >  .../fips_validation/fips_validation_hmac.c    |   8 +
> > > >  .../fips_validation/fips_validation_sha.c     |  91 ++++++--
> > > >  .../fips_validation/fips_validation_xts.c     |  13 +-
> > > >  examples/fips_validation/main.c               | 196
> +++++++++++++-----
> > > >  10 files changed, 467 insertions(+), 89 deletions(-)
> > > >
> > > > --
> > > > 2.25.1
> > >
> > > Series-acked-by: Brian Dooley <brian.dooley@intel.com>
> >
> > Series Applied to dpdk-next-crypto
> The series is showing compilation issues, please fix it. The series is
> removed from the tree.
>
>
>

-- 

Patrick Robb

Technical Service Manager

UNH InterOperability Laboratory

21 Madbury Rd, Suite 100, Durham, NH 03824

www.iol.unh.edu

[-- Attachment #2: Type: text/html, Size: 5873 bytes --]

RE: [EXT] Re: [v1, 00/10] fips_validation application improvements

[Akhil Goyal]

[-- Attachment #1: Type: text/plain, Size: 6343 bytes --]

Hi Patrick,

The issue reported by CI in below link is not an issue, as the patchset was dependent on another patch which is already merged. Now we are observing a new issue which is coming only on CentOS I believe.
CI reports are not useful in case there are dependent patches. There should be a way maintainer/developer can retrigger the CI as required when other patches are merged.

This issue got skipped as I personally do not test on CentOS and CI results are not meaningful when there were dependent patches.
Below is the log for the compilation issue observed now on TOT when these patches are applied which is not visible in the below link.


> OS: CentOS79-64

> Target: x86_64-native-linuxapp-gcc

> FAILED: examples/dpdk-fips_validation.p/fips_validation_main.c.o

> gcc -Iexamples/dpdk-fips_validation.p -Iexamples -I../examples -

> Iexamples/fips_validation -I../examples/fips_validation -I../examples/common -

> I. -I.. -Iconfig -I../config -Ilib/eal/include -I../lib/eal/include -

> Ilib/eal/linux/include -I../lib/eal/linux/include -Ilib/eal/x86/include -

> I../lib/eal/x86/include -Ilib/eal/common -I../lib/eal/common -Ilib/eal -I../lib/eal

> -Ilib/kvargs -I../lib/kvargs -Ilib/metrics -I../lib/metrics -Ilib/telemetry -

> I../lib/telemetry -Ilib/mempool -I../lib/mempool -Ilib/ring -I../lib/ring -Ilib/net -

> I../lib/net -Ilib/mbuf -I../lib/mbuf -Ilib/ethdev -I../lib/ethdev -Ilib/meter -

> I../lib/meter -Ilib/cmdline -I../lib/cmdline -Ilib/cryptodev -I../lib/cryptodev -

> Ilib/rcu -I../lib/rcu -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -

> Werror -O3 -include rte_config.h -Wcast-qual -Wdeprecated -Wformat -

> Wformat-nonliteral -Wformat-security -Wmissing-declarations -Wmissing-

> prototypes -Wnested-externs -Wold-style-definition -Wpointer-arith -Wsign-

> compare -Wstrict-prototypes -Wundef -Wwrite-strings -Wno-missing-field-

> initializers -D_GNU_SOURCE -march=native -DUSE_OPENSSL -

> DALLOW_EXPERIMENTAL_API -MD -MQ examples/dpdk-

> fips_validation.p/fips_validation_main.c.o -MF examples/dpdk-

> fips_validation.p/fips_validation_main.c.o.d -o examples/dpdk-

> fips_validation.p/fips_validation_main.c.o -c ../examples/fips_validation/main.c

> ../examples/fips_validation/main.c: In function 'fips_mct_shake_test':

> ../examples/fips_validation/main.c:2438:5: error: dereferencing type-punned

> pointer will break strict-aliasing rules [-Werror=strict-aliasing]

>      (*(uint16_t *)rightmost % range);

>      ^


Regards,
Akhil

________________________________
Hello Akhil and Gowrishankar,

We saw the same issue with running the fips sample app under CI testing here at the UNH Community Lab: http://mails.dpdk.org/archives/test-report/2023-February/350635.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__mails.dpdk.org_archives_test-2Dreport_2023-2DFebruary_350635.html&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl_PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=QswegPR1LvDRH4f_2rvo_BvAfrFOBGZPVPGXC7pPlKn2Q99LMoJlfwv4ZZ0QxRu-&s=Ozm6byIlAfWxebW0mSomWcCW-0s59wZNJ7QED4-Tjcs&e=>. We reported a warn because it failed on the compilation stage (as opposed to a failure of the actual sample app run).

On the other hand, we are excited to see this patch again with the compilation part resolved. I sent an email to the dev mailing list a few weeks ago for our fips sample app CI testing regarding where we could and could not provide test vector coverage, and it appears this patch series may resolve our ciphertext issue with AES-GCM test vector and more issues with the sample app. So - looking forward to seeing a patch like this being merged when stable!

Best,
Patrick Robb





On Tue, Feb 28, 2023 at 2:39 AM Akhil Goyal <gakhil@marvell.com<mailto:gakhil@marvell.com>> wrote:
Hi Gowrishankar,
> >
> > > Subject: [v1, 00/10] fips_validation application improvements
> > >
> > > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test vectors
> > > and fixes existing algorithms to support NIST test vectors.
> > >
> > > Gowrishankar Muthukrishnan (10):
> > >   examples/fips_validation: fix MCT output for SHA
> > >   examples/fips_validation: add SHA3 validation
> > >   examples/fips_validation: fix integer parse in test case
> > >   examples/fips_validation: add SHAKE validation
> > >   examples/fips_validation: add CCM JSON validation
> > >   examples/fips_validation: add ECDSA keygen support
> > >   examples/fips_validation: add SHA3 algorithms in ECDSA test
> > >   examples/fips_validation: fix AES GCM validation tests
> > >   examples/fips_validation: fix AES XTS to read seq number
> > >   examples/fips_validation: add extra space in JSON buffer
> > >
> > >  doc/guides/sample_app_ug/fips_validation.rst  |   7 +-
> > >  examples/fips_validation/fips_validation.c    |  31 ++-
> > >  examples/fips_validation/fips_validation.h    |  10 +-
> > >  .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++
> > >  .../fips_validation/fips_validation_ecdsa.c   |  56 +++++
> > >  .../fips_validation/fips_validation_gcm.c     |  12 +-
> > >  .../fips_validation/fips_validation_hmac.c    |   8 +
> > >  .../fips_validation/fips_validation_sha.c     |  91 ++++++--
> > >  .../fips_validation/fips_validation_xts.c     |  13 +-
> > >  examples/fips_validation/main.c               | 196 +++++++++++++-----
> > >  10 files changed, 467 insertions(+), 89 deletions(-)
> > >
> > > --
> > > 2.25.1
> >
> > Series-acked-by: Brian Dooley <brian.dooley@intel.com<mailto:brian.dooley@intel.com>>
>
> Series Applied to dpdk-next-crypto
The series is showing compilation issues, please fix it. The series is removed from the tree.



--

Patrick Robb

Technical Service Manager

UNH InterOperability Laboratory

21 Madbury Rd, Suite 100, Durham, NH 03824

www.iol.unh.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.iol.unh.edu_&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl_PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=QswegPR1LvDRH4f_2rvo_BvAfrFOBGZPVPGXC7pPlKn2Q99LMoJlfwv4ZZ0QxRu-&s=Gr4qCfskeNAMKr2DcgjPKd30D2zh9SGznw6lTmy1FnA&e=>



[https://lh4.googleusercontent.com/7sTY8VswXadak_YT0J13osh5ockNVRX2BuYaRsKoTTpkpilBokA0WlocYHLB4q7XUgXNHka6-ns47S8R_am0sOt7MYQQ1ILQ3S-P5aezsrjp3-IsJMmMrErHWmTARNgZhpAx06n2]

[-- Attachment #2: Type: text/html, Size: 13441 bytes --]

Re: [EXT] Re: [v1, 00/10] fips_validation application improvements

[Patrick Robb]

[-- Attachment #1: Type: text/plain, Size: 6971 bytes --]

Hi Akhil,

One 2023 goal for UNH is implementing an email based retesting framework.
Once that work is completed, you will be able to trigger a retest yourself
under circumstances where waiting for dependent patches is needed.

On Tue, Feb 28, 2023 at 10:02 AM Akhil Goyal <gakhil@marvell.com> wrote:

> Hi Patrick,
>
>
>
> The issue reported by CI in below link is not an issue, as the patchset
> was dependent on another patch which is already merged. Now we are
> observing a new issue which is coming only on CentOS I believe.
>
> CI reports are not useful in case there are dependent patches. There
> should be a way maintainer/developer can retrigger the CI as required when
> other patches are merged.
>
>
>
> This issue got skipped as I personally do not test on CentOS and CI
> results are not meaningful when there were dependent patches.
>
> Below is the log for the compilation issue observed now on TOT when these
> patches are applied which is not visible in the below link.
>
>
>
> > OS: CentOS79-64
>
> > Target: x86_64-native-linuxapp-gcc
>
> > FAILED: examples/dpdk-fips_validation.p/fips_validation_main.c.o
>
> > gcc -Iexamples/dpdk-fips_validation.p -Iexamples -I../examples -
>
> > Iexamples/fips_validation -I../examples/fips_validation
> -I../examples/common -
>
> > I. -I.. -Iconfig -I../config -Ilib/eal/include -I../lib/eal/include -
>
> > Ilib/eal/linux/include -I../lib/eal/linux/include -Ilib/eal/x86/include -
>
> > I../lib/eal/x86/include -Ilib/eal/common -I../lib/eal/common -Ilib/eal
> -I../lib/eal
>
> > -Ilib/kvargs -I../lib/kvargs -Ilib/metrics -I../lib/metrics
> -Ilib/telemetry -
>
> > I../lib/telemetry -Ilib/mempool -I../lib/mempool -Ilib/ring
> -I../lib/ring -Ilib/net -
>
> > I../lib/net -Ilib/mbuf -I../lib/mbuf -Ilib/ethdev -I../lib/ethdev
> -Ilib/meter -
>
> > I../lib/meter -Ilib/cmdline -I../lib/cmdline -Ilib/cryptodev
> -I../lib/cryptodev -
>
> > Ilib/rcu -I../lib/rcu -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra
> -
>
> > Werror -O3 -include rte_config.h -Wcast-qual -Wdeprecated -Wformat -
>
> > Wformat-nonliteral -Wformat-security -Wmissing-declarations -Wmissing-
>
> > prototypes -Wnested-externs -Wold-style-definition -Wpointer-arith
> -Wsign-
>
> > compare -Wstrict-prototypes -Wundef -Wwrite-strings -Wno-missing-field-
>
> > initializers -D_GNU_SOURCE -march=native -DUSE_OPENSSL -
>
> > DALLOW_EXPERIMENTAL_API -MD -MQ examples/dpdk-
>
> > fips_validation.p/fips_validation_main.c.o -MF examples/dpdk-
>
> > fips_validation.p/fips_validation_main.c.o.d -o examples/dpdk-
>
> > fips_validation.p/fips_validation_main.c.o -c
> ../examples/fips_validation/main.c
>
> > ../examples/fips_validation/main.c: In function 'fips_mct_shake_test':
>
> > ../examples/fips_validation/main.c:2438:5: error: dereferencing
> type-punned
>
> > pointer will break strict-aliasing rules [-Werror=strict-aliasing]
>
> >      (*(uint16_t *)rightmost % range);
>
> >      ^
>
>
>
>
>
> Regards,
>
> Akhil
>
>
> ------------------------------
>
> Hello Akhil and Gowrishankar,
>
>
>
> We saw the same issue with running the fips sample app under CI testing
> here at the UNH Community Lab:
> http://mails.dpdk.org/archives/test-report/2023-February/350635.html
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mails.dpdk.org_archives_test-2Dreport_2023-2DFebruary_350635.html&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl_PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=QswegPR1LvDRH4f_2rvo_BvAfrFOBGZPVPGXC7pPlKn2Q99LMoJlfwv4ZZ0QxRu-&s=Ozm6byIlAfWxebW0mSomWcCW-0s59wZNJ7QED4-Tjcs&e=>.
> We reported a warn because it failed on the compilation stage (as opposed
> to a failure of the actual sample app run).
>
>
>
> On the other hand, we are excited to see this patch again with the
> compilation part resolved. I sent an email to the dev mailing list a few
> weeks ago for our fips sample app CI testing regarding where we could and
> could not provide test vector coverage, and it appears this patch series
> may resolve our ciphertext issue with AES-GCM test vector and more issues
> with the sample app. So - looking forward to seeing a patch like this being
> merged when stable!
>
>
>
> Best,
>
> Patrick Robb
>
>
>
>
>
>
>
>
>
> On Tue, Feb 28, 2023 at 2:39 AM Akhil Goyal <gakhil@marvell.com> wrote:
>
> Hi Gowrishankar,
> > >
> > > > Subject: [v1, 00/10] fips_validation application improvements
> > > >
> > > > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test
> vectors
> > > > and fixes existing algorithms to support NIST test vectors.
> > > >
> > > > Gowrishankar Muthukrishnan (10):
> > > >   examples/fips_validation: fix MCT output for SHA
> > > >   examples/fips_validation: add SHA3 validation
> > > >   examples/fips_validation: fix integer parse in test case
> > > >   examples/fips_validation: add SHAKE validation
> > > >   examples/fips_validation: add CCM JSON validation
> > > >   examples/fips_validation: add ECDSA keygen support
> > > >   examples/fips_validation: add SHA3 algorithms in ECDSA test
> > > >   examples/fips_validation: fix AES GCM validation tests
> > > >   examples/fips_validation: fix AES XTS to read seq number
> > > >   examples/fips_validation: add extra space in JSON buffer
> > > >
> > > >  doc/guides/sample_app_ug/fips_validation.rst  |   7 +-
> > > >  examples/fips_validation/fips_validation.c    |  31 ++-
> > > >  examples/fips_validation/fips_validation.h    |  10 +-
> > > >  .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++
> > > >  .../fips_validation/fips_validation_ecdsa.c   |  56 +++++
> > > >  .../fips_validation/fips_validation_gcm.c     |  12 +-
> > > >  .../fips_validation/fips_validation_hmac.c    |   8 +
> > > >  .../fips_validation/fips_validation_sha.c     |  91 ++++++--
> > > >  .../fips_validation/fips_validation_xts.c     |  13 +-
> > > >  examples/fips_validation/main.c               | 196
> +++++++++++++-----
> > > >  10 files changed, 467 insertions(+), 89 deletions(-)
> > > >
> > > > --
> > > > 2.25.1
> > >
> > > Series-acked-by: Brian Dooley <brian.dooley@intel.com>
> >
> > Series Applied to dpdk-next-crypto
> The series is showing compilation issues, please fix it. The series is
> removed from the tree.
>
>
>
>
> --
>
> Patrick Robb
>
> Technical Service Manager
>
> UNH InterOperability Laboratory
>
> 21 Madbury Rd, Suite 100, Durham, NH 03824
>
> www.iol.unh.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.iol.unh.edu_&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl_PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=QswegPR1LvDRH4f_2rvo_BvAfrFOBGZPVPGXC7pPlKn2Q99LMoJlfwv4ZZ0QxRu-&s=Gr4qCfskeNAMKr2DcgjPKd30D2zh9SGznw6lTmy1FnA&e=>
>
>
>
>

-- 

Patrick Robb

Technical Service Manager

UNH InterOperability Laboratory

21 Madbury Rd, Suite 100, Durham, NH 03824

www.iol.unh.edu

[-- Attachment #2: Type: text/html, Size: 14677 bytes --]

[v2, 00/10] fips_validation application improvements

[Gowrishankar Muthukrishnan]

This patch series adds support for SHA3, SHAKE, AES-CCM
JSON test vectors and fixes existing algorithms to
support NIST test vectors.

v2:
 - fixed type punning SHAKE test function.

Gowrishankar Muthukrishnan (10):
  examples/fips_validation: fix MCT output for SHA
  examples/fips_validation: add SHA3 validation
  examples/fips_validation: fix integer parse in test case
  examples/fips_validation: add SHAKE validation
  examples/fips_validation: add CCM JSON validation
  examples/fips_validation: add ECDSA keygen support
  examples/fips_validation: add SHA3 algorithms in ECDSA test
  examples/fips_validation: fix AES GCM validation tests
  examples/fips_validation: fix AES XTS to read seq number
  examples/fips_validation: add extra space in JSON buffer

 doc/guides/sample_app_ug/fips_validation.rst  |   7 +-
 examples/fips_validation/fips_validation.c    |  31 ++-
 examples/fips_validation/fips_validation.h    |  10 +-
 .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++
 .../fips_validation/fips_validation_ecdsa.c   |  56 +++++
 .../fips_validation/fips_validation_gcm.c     |  12 +-
 .../fips_validation/fips_validation_hmac.c    |   8 +
 .../fips_validation/fips_validation_sha.c     |  91 ++++++--
 .../fips_validation/fips_validation_xts.c     |  13 +-
 examples/fips_validation/main.c               | 198 +++++++++++++-----
 10 files changed, 469 insertions(+), 89 deletions(-)

-- 
2.25.1

[v2, 01/10] examples/fips_validation: fix MCT output for SHA

[Gowrishankar Muthukrishnan]

MCT test for SHA need not print message string along
with digest value.

Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation_sha.c |  8 ++------
 examples/fips_validation/main.c                | 13 +++++--------
 2 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index c5da2cc623..178ea492d3 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -182,7 +182,7 @@ parse_test_sha_json_writeback(struct fips_val *val)
 static int
 parse_test_sha_mct_json_writeback(struct fips_val *val)
 {
-	json_t *tcId, *msg, *md, *resArr, *res;
+	json_t *tcId, *md, *resArr, *res;
 	struct fips_val val_local;
 
 	tcId = json_object_get(json_info.json_test_case, "tcId");
@@ -208,11 +208,7 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
 
 	res = json_object();
 
-	writeback_hex_str("", info.one_line_text, &val[1]);
-	msg = json_string(info.one_line_text);
-	json_object_set_new(res, "msg", msg);
-
-	val_local.val = val[0].val + vec.pt.len;
+	val_local.val = val->val + vec.pt.len;
 	val_local.len = vec.cipher_auth.digest.len;
 
 	writeback_hex_str("", info.one_line_text, &val_local);
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 622f8b5a6e..cc585e8418 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2268,8 +2268,7 @@ fips_mct_sha_test(void)
 #define SHA_EXTERN_ITER	100
 #define SHA_INTERN_ITER	1000
 #define SHA_MD_BLOCK	3
-	/* val[0] is op result and other value is for parse_writeback callback */
-	struct fips_val val[2] = {{NULL, 0},};
+	struct fips_val val = {NULL, 0};
 	struct fips_val  md[SHA_MD_BLOCK], msg;
 	int ret;
 	uint32_t i, j;
@@ -2328,7 +2327,7 @@ fips_mct_sha_test(void)
 				return ret;
 			}
 
-			ret = get_writeback_data(&val[0]);
+			ret = get_writeback_data(&val);
 			if (ret < 0)
 				return ret;
 
@@ -2337,7 +2336,7 @@ fips_mct_sha_test(void)
 			memcpy(md[1].val, md[2].val, md[2].len);
 			md[1].len = md[2].len;
 
-			memcpy(md[2].val, (val[0].val + vec.pt.len),
+			memcpy(md[2].val, (val.val + vec.pt.len),
 				vec.cipher_auth.digest.len);
 			md[2].len = vec.cipher_auth.digest.len;
 		}
@@ -2348,9 +2347,7 @@ fips_mct_sha_test(void)
 		if (info.file_type != FIPS_TYPE_JSON)
 			fprintf(info.fp_wr, "COUNT = %u\n", j);
 
-		val[1].val = msg.val;
-		val[1].len = msg.len;
-		info.parse_writeback(val);
+		info.parse_writeback(&val);
 
 		if (info.file_type != FIPS_TYPE_JSON)
 			fprintf(info.fp_wr, "\n");
@@ -2361,7 +2358,7 @@ fips_mct_sha_test(void)
 
 	rte_free(vec.pt.val);
 
-	free(val[0].val);
+	free(val.val);
 	free(msg.val);
 
 	return 0;
-- 
2.25.1

[v2, 02/10] examples/fips_validation: add SHA3 validation

[Gowrishankar Muthukrishnan]

Add support in fips_validation to parse SHA3 algorithms.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/sample_app_ug/fips_validation.rst  |  5 +-
 examples/fips_validation/fips_validation.h    |  1 +
 .../fips_validation/fips_validation_hmac.c    |  8 ++
 .../fips_validation/fips_validation_sha.c     | 20 +++--
 examples/fips_validation/main.c               | 76 +++++++++----------
 5 files changed, 61 insertions(+), 49 deletions(-)

diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 50d23c789b..55837895fe 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -64,8 +64,9 @@ ACVP
     * AES-CTR (128,192,256) - AFT, CTR
     * AES-GMAC (128,192,256) - AFT
     * AES-XTS (128,256) - AFT
-    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
-    * SHA (1, 256, 384, 512) - AFT, MCT
+    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512)
+    * SHA (1, 224, 256, 384, 512) - AFT, MCT
+    * SHA3 (224, 256, 384, 512) - AFT, MCT
     * TDES-CBC - AFT, MCT
     * TDES-ECB - AFT, MCT
     * RSA
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 565a5cd36e..6c1bd35849 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -205,6 +205,7 @@ struct sha_interim_data {
 	/* keep algo always on top as it is also used in asym digest */
 	enum rte_crypto_auth_algorithm algo;
 	enum fips_sha_test_types test_type;
+	uint8_t md_blocks;
 };
 
 struct gcm_interim_data {
diff --git a/examples/fips_validation/fips_validation_hmac.c b/examples/fips_validation/fips_validation_hmac.c
index e0721ef028..f1cbc18435 100644
--- a/examples/fips_validation/fips_validation_hmac.c
+++ b/examples/fips_validation/fips_validation_hmac.c
@@ -37,6 +37,10 @@ struct hash_size_conversion {
 		{"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
 		{"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
 		{"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
+		{"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+		{"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+		{"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+		{"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
 };
 
 static int
@@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = {
 		{"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
 		{"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
 		{"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
+		{"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+		{"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+		{"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+		{"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
 };
 
 struct fips_test_callback hmac_tests_json_vectors[] = {
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index 178ea492d3..8b68f5ed36 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -32,6 +32,10 @@ struct plain_hash_size_conversion {
 		{"32", RTE_CRYPTO_AUTH_SHA256},
 		{"48", RTE_CRYPTO_AUTH_SHA384},
 		{"64", RTE_CRYPTO_AUTH_SHA512},
+		{"28", RTE_CRYPTO_AUTH_SHA3_224},
+		{"32", RTE_CRYPTO_AUTH_SHA3_256},
+		{"48", RTE_CRYPTO_AUTH_SHA3_384},
+		{"64", RTE_CRYPTO_AUTH_SHA3_512},
 };
 
 int
@@ -96,12 +100,17 @@ static struct {
 static struct plain_hash_algorithms {
 	const char *str;
 	enum rte_crypto_auth_algorithm algo;
+	uint8_t md_blocks;
 } json_algorithms[] = {
-		{"SHA-1", RTE_CRYPTO_AUTH_SHA1},
-		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
-		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
-		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
-		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+		{"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3},
+		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3},
+		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3},
+		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3},
+		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3},
+		{"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1},
+		{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
+		{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
+		{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
 };
 
 struct fips_test_callback sha_tests_json_vectors[] = {
@@ -233,6 +242,7 @@ parse_test_sha_json_algorithm(void)
 	for (i = 0; i < RTE_DIM(json_algorithms); i++) {
 		if (strstr(algorithm_str, json_algorithms[i].str)) {
 			info.interim_info.sha_data.algo = json_algorithms[i].algo;
+			info.interim_info.sha_data.md_blocks = json_algorithms[i].md_blocks;
 			break;
 		}
 	}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index cc585e8418..cf29e440f1 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2267,22 +2267,27 @@ fips_mct_sha_test(void)
 {
 #define SHA_EXTERN_ITER	100
 #define SHA_INTERN_ITER	1000
-#define SHA_MD_BLOCK	3
+	uint8_t md_blocks = info.interim_info.sha_data.md_blocks;
 	struct fips_val val = {NULL, 0};
-	struct fips_val  md[SHA_MD_BLOCK], msg;
+	struct fips_val  md[md_blocks];
 	int ret;
-	uint32_t i, j;
+	uint32_t i, j, k, offset, max_outlen;
+
+	max_outlen = md_blocks * vec.cipher_auth.digest.len;
+
+	if (vec.cipher_auth.digest.val)
+		free(vec.cipher_auth.digest.val);
+
+	vec.cipher_auth.digest.val = calloc(1, max_outlen);
 
-	msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
-	msg.val = calloc(1, msg.len);
 	if (vec.pt.val)
 		memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.cipher_auth.digest.len);
 
-	for (i = 0; i < SHA_MD_BLOCK; i++)
-		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
-
 	rte_free(vec.pt.val);
-	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
+	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*md_blocks), 0);
+
+	for (i = 0; i < md_blocks; i++)
+		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
 
 	if (info.file_type != FIPS_TYPE_JSON) {
 		fips_test_write_one_case();
@@ -2290,30 +2295,19 @@ fips_mct_sha_test(void)
 	}
 
 	for (j = 0; j < SHA_EXTERN_ITER; j++) {
-
-		memcpy(md[0].val, vec.cipher_auth.digest.val,
-			vec.cipher_auth.digest.len);
-		md[0].len = vec.cipher_auth.digest.len;
-		memcpy(md[1].val, vec.cipher_auth.digest.val,
-			vec.cipher_auth.digest.len);
-		md[1].len = vec.cipher_auth.digest.len;
-		memcpy(md[2].val, vec.cipher_auth.digest.val,
-			vec.cipher_auth.digest.len);
-		md[2].len = vec.cipher_auth.digest.len;
-
-		for (i = 0; i < SHA_MD_BLOCK; i++)
-			memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
+		for (i = 0; i < md_blocks; i++) {
+			memcpy(md[i].val, vec.cipher_auth.digest.val,
+				vec.cipher_auth.digest.len);
+			md[i].len = vec.cipher_auth.digest.len;
+		}
 
 		for (i = 0; i < (SHA_INTERN_ITER); i++) {
-
-			memcpy(vec.pt.val, md[0].val,
-				(size_t)md[0].len);
-			memcpy((vec.pt.val + md[0].len), md[1].val,
-				(size_t)md[1].len);
-			memcpy((vec.pt.val + md[0].len + md[1].len),
-				md[2].val,
-				(size_t)md[2].len);
-			vec.pt.len = md[0].len + md[1].len + md[2].len;
+			offset = 0;
+			for (k = 0; k < md_blocks; k++) {
+				memcpy(vec.pt.val + offset, md[k].val, (size_t)md[k].len);
+				offset += md[k].len;
+			}
+			vec.pt.len = offset;
 
 			ret = fips_run_test();
 			if (ret < 0) {
@@ -2331,18 +2325,18 @@ fips_mct_sha_test(void)
 			if (ret < 0)
 				return ret;
 
-			memcpy(md[0].val, md[1].val, md[1].len);
-			md[0].len = md[1].len;
-			memcpy(md[1].val, md[2].val, md[2].len);
-			md[1].len = md[2].len;
+			for (k = 1; k < md_blocks; k++) {
+				memcpy(md[k-1].val, md[k].val, md[k].len);
+				md[k-1].len = md[k].len;
+			}
 
-			memcpy(md[2].val, (val.val + vec.pt.len),
+			memcpy(md[md_blocks-1].val, (val.val + vec.pt.len),
 				vec.cipher_auth.digest.len);
-			md[2].len = vec.cipher_auth.digest.len;
+			md[md_blocks-1].len = vec.cipher_auth.digest.len;
 		}
 
-		memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
-		vec.cipher_auth.digest.len = md[2].len;
+		memcpy(vec.cipher_auth.digest.val, md[md_blocks-1].val, md[md_blocks-1].len);
+		vec.cipher_auth.digest.len = md[md_blocks-1].len;
 
 		if (info.file_type != FIPS_TYPE_JSON)
 			fprintf(info.fp_wr, "COUNT = %u\n", j);
@@ -2353,14 +2347,12 @@ fips_mct_sha_test(void)
 			fprintf(info.fp_wr, "\n");
 	}
 
-	for (i = 0; i < (SHA_MD_BLOCK); i++)
+	for (i = 0; i < (md_blocks); i++)
 		rte_free(md[i].val);
 
 	rte_free(vec.pt.val);
 
 	free(val.val);
-	free(msg.val);
-
 	return 0;
 }
 
-- 
2.25.1

[v2, 03/10] examples/fips_validation: fix integer parse in test case

[Gowrishankar Muthukrishnan]

Parsing integer value in test case vector does not store
it because only string was expected. This patch adds handling
for integer value as well.

Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation.c | 29 ++++++++++++++++------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index f7a6d821ea..d3b6099d73 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -543,15 +543,28 @@ fips_test_parse_one_json_case(void)
 
 	for (i = 0; info.callbacks[i].key != NULL; i++) {
 		param = json_object_get(json_info.json_test_case, info.callbacks[i].key);
-		if (param) {
-			strcpy(info.one_line_text, json_string_value(param));
-			ret = info.callbacks[i].cb(
-				info.callbacks[i].key, info.one_line_text,
-				info.callbacks[i].val
-			);
-			if (ret < 0)
-				return ret;
+		if (!param)
+			continue;
+
+		switch (json_typeof(param)) {
+		case JSON_STRING:
+			snprintf(info.one_line_text, MAX_LINE_CHAR, "%s",
+					 json_string_value(param));
+			break;
+
+		case JSON_INTEGER:
+			snprintf(info.one_line_text, MAX_LINE_CHAR, "%"JSON_INTEGER_FORMAT,
+					 json_integer_value(param));
+			break;
+
+		default:
+			return -EINVAL;
 		}
+
+		ret = info.callbacks[i].cb(info.callbacks[i].key, info.one_line_text,
+				info.callbacks[i].val);
+		if (ret < 0)
+			return ret;
 	}
 
 	return 0;
-- 
2.25.1

[v2, 04/10] examples/fips_validation: add SHAKE validation

[Gowrishankar Muthukrishnan]

Add support in fips_validation to parse SHAKE algorithms.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>

---
v2:
 - fixed type punning reported in CI.
---
 doc/guides/sample_app_ug/fips_validation.rst  |  1 +
 examples/fips_validation/fips_validation.h    |  4 +-
 .../fips_validation/fips_validation_sha.c     | 63 +++++++++++-
 examples/fips_validation/main.c               | 95 ++++++++++++++++++-
 4 files changed, 156 insertions(+), 7 deletions(-)

diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 55837895fe..4fc8297b34 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -67,6 +67,7 @@ ACVP
     * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512)
     * SHA (1, 224, 256, 384, 512) - AFT, MCT
     * SHA3 (224, 256, 384, 512) - AFT, MCT
+    * SHAKE (128, 256) - AFT, MCT, VOT
     * TDES-CBC - AFT, MCT
     * TDES-ECB - AFT, MCT
     * RSA
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 6c1bd35849..8fcb5c8500 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -163,7 +163,8 @@ enum fips_ccm_test_types {
 enum fips_sha_test_types {
 	SHA_KAT = 0,
 	SHA_AFT,
-	SHA_MCT
+	SHA_MCT,
+	SHAKE_VOT
 };
 
 enum fips_rsa_test_types {
@@ -205,6 +206,7 @@ struct sha_interim_data {
 	/* keep algo always on top as it is also used in asym digest */
 	enum rte_crypto_auth_algorithm algo;
 	enum fips_sha_test_types test_type;
+	uint8_t min_outlen;
 	uint8_t md_blocks;
 };
 
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index 8b68f5ed36..7ce7d3744f 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -22,6 +22,9 @@
 #define TESTTYPE_JSON_STR	"testType"
 
 #define PT_JSON_STR		"msg"
+#define OUTLEN_JSON_STR	"outLen"
+#define MINOUTLEN_JSON_STR	"minOutLen"
+#define MAXOUTLEN_JSON_STR	"maxOutLen"
 
 struct plain_hash_size_conversion {
 	const char *str;
@@ -36,6 +39,8 @@ struct plain_hash_size_conversion {
 		{"32", RTE_CRYPTO_AUTH_SHA3_256},
 		{"48", RTE_CRYPTO_AUTH_SHA3_384},
 		{"64", RTE_CRYPTO_AUTH_SHA3_512},
+		{"16", RTE_CRYPTO_AUTH_SHAKE_128},
+		{"32", RTE_CRYPTO_AUTH_SHAKE_256},
 };
 
 int
@@ -89,12 +94,26 @@ struct fips_test_callback sha_tests_interim_vectors[] = {
 };
 
 #ifdef USE_JANSSON
+static int
+parse_interim_str(const char *key, char *src, struct fips_val *val)
+{
+	RTE_SET_USED(val);
+
+	if (strcmp(key, MINOUTLEN_JSON_STR) == 0)
+		info.interim_info.sha_data.min_outlen = atoi(src) / 8;
+	else if (strcmp(key, MAXOUTLEN_JSON_STR) == 0)
+		vec.cipher_auth.digest.len = atoi(src) / 8;
+
+	return 0;
+}
+
 static struct {
 	uint32_t type;
 	const char *desc;
 } sha_test_types[] = {
 		{SHA_MCT, "MCT"},
 		{SHA_AFT, "AFT"},
+		{SHAKE_VOT, "VOT"},
 };
 
 static struct plain_hash_algorithms {
@@ -111,10 +130,19 @@ static struct plain_hash_algorithms {
 		{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
 		{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
 		{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
+		{"SHAKE-128", RTE_CRYPTO_AUTH_SHAKE_128, 1},
+		{"SHAKE-256", RTE_CRYPTO_AUTH_SHAKE_256, 1},
 };
 
 struct fips_test_callback sha_tests_json_vectors[] = {
 		{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+		{OUTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.cipher_auth.digest},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback sha_tests_interim_json_vectors[] = {
+		{MINOUTLEN_JSON_STR, parse_interim_str, NULL},
+		{MAXOUTLEN_JSON_STR, parse_interim_str, NULL},
 		{NULL, NULL, NULL} /**< end pointer */
 };
 #endif /* USE_JANSSON */
@@ -185,6 +213,11 @@ parse_test_sha_json_writeback(struct fips_val *val)
 	md = json_string(info.one_line_text);
 	json_object_set_new(json_info.json_write_case, "md", md);
 
+	if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+		info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+		json_object_set_new(json_info.json_write_case, "outLen",
+			json_integer(vec.cipher_auth.digest.len * 8));
+
 	return 0;
 }
 
@@ -193,6 +226,11 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
 {
 	json_t *tcId, *md, *resArr, *res;
 	struct fips_val val_local;
+	bool is_shake = false;
+
+	if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+		info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+		is_shake = true;
 
 	tcId = json_object_get(json_info.json_test_case, "tcId");
 	if (json_info.json_write_case) {
@@ -204,11 +242,17 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
 			json_object_set_new(json_info.json_write_case, "tcId", tcId);
 			json_object_set_new(json_info.json_write_case, "resultsArray",
 								json_array());
+			if (is_shake)
+				json_object_set_new(json_info.json_write_case, "outLen",
+									json_integer(0));
 		}
 	} else {
 		json_info.json_write_case = json_object();
 		json_object_set_new(json_info.json_write_case, "tcId", tcId);
 		json_object_set_new(json_info.json_write_case, "resultsArray", json_array());
+		if (is_shake)
+			json_object_set_new(json_info.json_write_case, "outLen",
+								json_integer(0));
 	}
 
 	resArr = json_object_get(json_info.json_write_case, "resultsArray");
@@ -224,6 +268,9 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
 	md = json_string(info.one_line_text);
 	json_object_set_new(res, "md", md);
 
+	if (is_shake)
+		json_object_set_new(res, "outLen", json_integer(vec.cipher_auth.digest.len * 8));
+
 	json_array_append_new(resArr, res);
 	return 0;
 }
@@ -250,12 +297,17 @@ parse_test_sha_json_algorithm(void)
 	if (i == RTE_DIM(json_algorithms))
 		return -1;
 
-	sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo);
+	if (info.interim_info.sha_data.test_type == SHAKE_VOT) {
+		sz = vec.cipher_auth.digest.len;
+	} else {
+		sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo);
+		vec.cipher_auth.digest.len = sz;
+	}
+
 	if (sz < 0)
 		return -1;
 
 	free(vec.cipher_auth.digest.val);
-	vec.cipher_auth.digest.len = sz;
 	vec.cipher_auth.digest.val = calloc(1, sz);
 	if (vec.cipher_auth.digest.val == NULL)
 		return -1;
@@ -288,6 +340,7 @@ parse_test_sha_json_test_type(void)
 		info.parse_writeback = parse_test_sha_mct_json_writeback;
 		break;
 	case SHA_AFT:
+	case SHAKE_VOT:
 		info.parse_writeback = parse_test_sha_json_writeback;
 		break;
 	default:
@@ -308,12 +361,12 @@ parse_test_sha_json_init(void)
 	info.callbacks = sha_tests_json_vectors;
 	info.writeback_callbacks = NULL;
 	info.kat_check = rsp_test_sha_check;
-	info.interim_callbacks = NULL;
+	info.interim_callbacks = sha_tests_interim_json_vectors;
 
-	if (parse_test_sha_json_algorithm() < 0)
+	if (parse_test_sha_json_test_type() < 0)
 		return -1;
 
-	if (parse_test_sha_json_test_type() < 0)
+	if (parse_test_sha_json_algorithm() < 0)
 		return -1;
 
 	return 0;
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index cf29e440f1..d9e8c0eb02 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2356,6 +2356,95 @@ fips_mct_sha_test(void)
 	return 0;
 }
 
+static int
+fips_mct_shake_test(void)
+{
+#define SHAKE_EXTERN_ITER	100
+#define SHAKE_INTERN_ITER	1000
+	uint32_t i, j, range, outlen, max_outlen;
+	struct fips_val val = {NULL, 0}, md;
+	uint8_t rightmost[2];
+	uint16_t *rightptr;
+	int ret;
+
+	max_outlen = vec.cipher_auth.digest.len;
+
+	if (vec.cipher_auth.digest.val)
+		free(vec.cipher_auth.digest.val);
+
+	vec.cipher_auth.digest.val = calloc(1, max_outlen);
+
+	if (vec.pt.val)
+		memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.pt.len);
+
+	rte_free(vec.pt.val);
+	vec.pt.val = rte_malloc(NULL, 16, 0);
+	vec.pt.len = 16;
+
+	md.val = rte_malloc(NULL, max_outlen, 0);
+	md.len = max_outlen;
+
+	if (info.file_type != FIPS_TYPE_JSON) {
+		fips_test_write_one_case();
+		fprintf(info.fp_wr, "\n");
+	}
+
+	range = max_outlen - info.interim_info.sha_data.min_outlen + 1;
+	outlen = max_outlen;
+	for (j = 0; j < SHAKE_EXTERN_ITER; j++) {
+		memset(md.val, 0, max_outlen);
+		memcpy(md.val, vec.cipher_auth.digest.val,
+			vec.cipher_auth.digest.len);
+
+		for (i = 0; i < (SHAKE_INTERN_ITER); i++) {
+			memset(vec.pt.val, 0, vec.pt.len);
+			memcpy(vec.pt.val, md.val, vec.pt.len);
+			vec.cipher_auth.digest.len = outlen;
+			ret = fips_run_test();
+			if (ret < 0) {
+				if (ret == -EPERM || ret == -ENOTSUP) {
+					if (info.file_type == FIPS_TYPE_JSON)
+						return ret;
+
+					fprintf(info.fp_wr, "Bypass\n\n");
+					return 0;
+				}
+				return ret;
+			}
+
+			ret = get_writeback_data(&val);
+			if (ret < 0)
+				return ret;
+
+			memset(md.val, 0, max_outlen);
+			memcpy(md.val, (val.val + vec.pt.len),
+				vec.cipher_auth.digest.len);
+			md.len = outlen;
+			rightmost[0] = md.val[md.len-1];
+			rightmost[1] = md.val[md.len-2];
+			rightptr = (uint16_t *)rightmost;
+			outlen = info.interim_info.sha_data.min_outlen +
+				(*rightptr % range);
+		}
+
+		memcpy(vec.cipher_auth.digest.val, md.val, md.len);
+		vec.cipher_auth.digest.len = md.len;
+
+		if (info.file_type != FIPS_TYPE_JSON)
+			fprintf(info.fp_wr, "COUNT = %u\n", j);
+
+		info.parse_writeback(&val);
+
+		if (info.file_type != FIPS_TYPE_JSON)
+			fprintf(info.fp_wr, "\n");
+	}
+
+	rte_free(md.val);
+	rte_free(vec.pt.val);
+
+	free(val.val);
+	return 0;
+}
 
 static int
 init_test_ops(void)
@@ -2408,7 +2497,11 @@ init_test_ops(void)
 		test_ops.prepare_sym_op = prepare_auth_op;
 		test_ops.prepare_sym_xform = prepare_sha_xform;
 		if (info.interim_info.sha_data.test_type == SHA_MCT)
-			test_ops.test = fips_mct_sha_test;
+			if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+				info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+				test_ops.test = fips_mct_shake_test;
+			else
+				test_ops.test = fips_mct_sha_test;
 		else
 			test_ops.test = fips_generic_test;
 		break;
-- 
2.25.1

[v2, 05/10] examples/fips_validation: add CCM JSON validation

[Gowrishankar Muthukrishnan]

Add support in fips_validation to parse CCM JSON vectors.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/sample_app_ug/fips_validation.rst  |   1 +
 examples/fips_validation/fips_validation.c    |   2 +
 examples/fips_validation/fips_validation.h    |   3 +
 .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++++++++
 examples/fips_validation/main.c               |   3 +
 5 files changed, 141 insertions(+)

diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 4fc8297b34..613c5afd19 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -60,6 +60,7 @@ ACVP
 * Supported test vectors
     * AES-CBC (128,192,256) - AFT, MCT
     * AES-GCM (128,192,256) - AFT
+    * AES-CCM (128,192,256) - AFT
     * AES-CMAC (128,192,256) - AFT
     * AES-CTR (128,192,256) - AFT, CTR
     * AES-GMAC (128,192,256) - AFT
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index d3b6099d73..f840804009 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -460,6 +460,8 @@ fips_test_parse_one_json_vector_set(void)
 	/* Vector sets contain the algorithm type, and nothing else we need. */
 	if (strstr(algo_str, "AES-GCM"))
 		info.algo = FIPS_TEST_ALGO_AES_GCM;
+	else if (strstr(algo_str, "AES-CCM"))
+		info.algo = FIPS_TEST_ALGO_AES_CCM;
 	else if (strstr(algo_str, "AES-GMAC"))
 		info.algo = FIPS_TEST_ALGO_AES_GMAC;
 	else if (strstr(algo_str, "HMAC"))
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 8fcb5c8500..c4988053c1 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -338,6 +338,9 @@ fips_test_parse_one_json_case(void);
 int
 parse_test_gcm_json_init(void);
 
+int
+parse_test_ccm_json_init(void);
+
 int
 parse_test_hmac_json_init(void);
 
diff --git a/examples/fips_validation/fips_validation_ccm.c b/examples/fips_validation/fips_validation_ccm.c
index 632999c1e4..0e3ee0d247 100644
--- a/examples/fips_validation/fips_validation_ccm.c
+++ b/examples/fips_validation/fips_validation_ccm.c
@@ -34,6 +34,18 @@
 #define POS_KEYWORD	"Pass"
 #define NEG_KEYWORD	"Fail"
 
+#define DIR_JSON_STR	"direction"
+#define IVLEN_JSON_STR		"ivLen"
+#define PTLEN_JSON_STR	"payloadLen"
+#define AADLEN_JSON_STR		"aadLen"
+#define TAGLEN_JSON_STR		"tagLen"
+#define KEYLEN_JSON_STR		"keyLen"
+#define PT_JSON_STR		"pt"
+#define CT_JSON_STR		"ct"
+#define KEY_JSON_STR		"key"
+#define IV_JSON_STR		"iv"
+#define AAD_JSON_STR		"aad"
+
 static int
 parser_dvpt_interim(const char *key, char *src, struct fips_val *val)
 {
@@ -206,6 +218,126 @@ struct ccm_test_types {
 			FIPS_TEST_ENC_AUTH_GEN},
 };
 
+#ifdef USE_JANSSON
+static int
+parser_read_ccm_direction_str(__rte_unused const char *key, char *src,
+	__rte_unused struct fips_val *val)
+{
+	if (strcmp(src, "encrypt") == 0)
+		info.op = FIPS_TEST_ENC_AUTH_GEN;
+	else if (strcmp(src, "decrypt") == 0)
+		info.op = FIPS_TEST_DEC_AUTH_VERIF;
+
+	return 0;
+}
+
+static int
+parser_read_ccm_aad_str(const char *key, char *src, struct fips_val *val)
+{
+	struct fips_val tmp_val = {0};
+	uint32_t len = val->len;
+
+	/* CCM aad requires 18 bytes padding before the real content */
+	val->val = rte_zmalloc(NULL, len + 18, 0);
+	if (!val->val)
+		return -1;
+
+	if (parse_uint8_hex_str(key, src, &tmp_val) < 0)
+		return -1;
+
+	memcpy(val->val + 18, tmp_val.val, val->len);
+	rte_free(tmp_val.val);
+
+	return 0;
+}
+
+static int
+parse_read_ccm_ct_str(const char *key, char *src, struct fips_val *val)
+{
+	int ret;
+
+	val->len = vec.pt.len;
+
+	ret = parse_uint8_known_len_hex_str(key, src, val);
+	if (ret < 0)
+		return ret;
+
+	src += val->len * 2;
+
+	ret = parse_uint8_known_len_hex_str("", src, &vec.aead.digest);
+	if (ret < 0) {
+		rte_free(val->val);
+		memset(val, 0, sizeof(*val));
+		return ret;
+	}
+
+	return 0;
+}
+
+struct fips_test_callback ccm_tests_interim_json_vectors[] = {
+	{DIR_JSON_STR, parser_read_ccm_direction_str, NULL},
+	{IVLEN_JSON_STR, parser_read_uint32_bit_val, &vec.iv},
+	{PTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.pt},
+	{AADLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.aad},
+	{TAGLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.digest},
+	{KEYLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.key},
+	{NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_tests_json_vectors[] = {
+	{PT_JSON_STR, parse_uint8_known_len_hex_str, &vec.pt},
+	{CT_JSON_STR, parse_read_ccm_ct_str, &vec.ct},
+	{KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.aead.key},
+	{IV_JSON_STR, parse_uint8_known_len_hex_str, &vec.iv},
+	{AAD_JSON_STR, parser_read_ccm_aad_str, &vec.aead.aad},
+	{NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_ccm_json_writeback(struct fips_val *val)
+{
+	struct fips_val tmp_val;
+	json_t *tcId;
+
+	tcId = json_object_get(json_info.json_test_case, "tcId");
+	json_info.json_write_case = json_object();
+	json_object_set(json_info.json_write_case, "tcId", tcId);
+
+	if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+		json_t *ct;
+
+		info.one_line_text[0] = '\0';
+		writeback_hex_str("", info.one_line_text, val);
+		ct = json_string(info.one_line_text);
+		json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct);
+	} else {
+		if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
+			tmp_val.val = val->val;
+			tmp_val.len = vec.pt.len;
+
+			info.one_line_text[0] = '\0';
+			writeback_hex_str("", info.one_line_text, &tmp_val);
+			json_object_set_new(json_info.json_write_case, PT_JSON_STR,
+				json_string(info.one_line_text));
+		}  else {
+			json_object_set_new(json_info.json_write_case, "testPassed",
+				json_false());
+		}
+	}
+
+	return 0;
+}
+
+int
+parse_test_ccm_json_init(void)
+{
+	info.interim_callbacks = ccm_tests_interim_json_vectors;
+	info.parse_writeback = parse_test_ccm_json_writeback;
+	info.callbacks = ccm_tests_json_vectors;
+	return 0;
+}
+#endif /* USE_JANSSON */
+
 static int
 parse_test_ccm_writeback(struct fips_val *val)
 {
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index d9e8c0eb02..5c6c12982d 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2679,6 +2679,9 @@ fips_test_one_test_group(void)
 	case FIPS_TEST_ALGO_AES_GCM:
 		ret = parse_test_gcm_json_init();
 		break;
+	case FIPS_TEST_ALGO_AES_CCM:
+		ret = parse_test_ccm_json_init();
+		break;
 	case FIPS_TEST_ALGO_HMAC:
 		ret = parse_test_hmac_json_init();
 		break;
-- 
2.25.1

[v2, 06/10] examples/fips_validation: add ECDSA keygen support

[Gowrishankar Muthukrishnan]

Add support to validate ECDSA keygen mode tests.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 .../fips_validation/fips_validation_ecdsa.c   | 52 +++++++++++++++++++
 examples/fips_validation/main.c               | 13 +++++
 2 files changed, 65 insertions(+)

diff --git a/examples/fips_validation/fips_validation_ecdsa.c b/examples/fips_validation/fips_validation_ecdsa.c
index d47ab0b5d1..5c91abfc5a 100644
--- a/examples/fips_validation/fips_validation_ecdsa.c
+++ b/examples/fips_validation/fips_validation_ecdsa.c
@@ -295,6 +295,20 @@ parse_test_ecdsa_json_writeback(struct fips_val *val)
 			json_object_set_new(json_info.json_write_case, "testPassed", json_true());
 		else
 			json_object_set_new(json_info.json_write_case, "testPassed", json_false());
+	} else if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+		json_t *obj;
+
+		writeback_hex_str("", info.one_line_text, &vec.ecdsa.pkey);
+		obj = json_string(info.one_line_text);
+		json_object_set_new(json_info.json_write_case, "d", obj);
+
+		writeback_hex_str("", info.one_line_text, &vec.ecdsa.qx);
+		obj = json_string(info.one_line_text);
+		json_object_set_new(json_info.json_write_case, "qx", obj);
+
+		writeback_hex_str("", info.one_line_text, &vec.ecdsa.qy);
+		obj = json_string(info.one_line_text);
+		json_object_set_new(json_info.json_write_case, "qy", obj);
 	}
 
 	return 0;
@@ -367,6 +381,36 @@ parse_siggen_message_str(const char *key, char *src, struct fips_val *val)
 	return ret;
 }
 
+static int
+parse_keygen_tc_str(const char *key, char *src, struct fips_val *val)
+{
+	RTE_SET_USED(key);
+	RTE_SET_USED(src);
+	RTE_SET_USED(val);
+
+	if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+		if (vec.ecdsa.pkey.val) {
+			rte_free(vec.ecdsa.pkey.val);
+			vec.ecdsa.pkey.val = NULL;
+		}
+
+		if (vec.ecdsa.k.val) {
+			rte_free(vec.ecdsa.k.val);
+			vec.ecdsa.k.val = NULL;
+		}
+
+		if (prepare_vec_ecdsa() < 0)
+			return -1;
+
+		if (prepare_vec_ecdsa_k() < 0)
+			return -1;
+
+		info.interim_info.ecdsa_data.pubkey_gen = 1;
+	}
+
+	return 0;
+}
+
 static int
 parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val *val)
 {
@@ -402,6 +446,11 @@ struct fips_test_callback ecdsa_sigver_json_vectors[] = {
 		{NULL, NULL, NULL} /**< end pointer */
 };
 
+struct fips_test_callback ecdsa_keygen_json_vectors[] = {
+		{"tcId", parse_keygen_tc_str, &vec.pt},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
 int
 parse_test_ecdsa_json_init(void)
 {
@@ -421,6 +470,9 @@ parse_test_ecdsa_json_init(void)
 	} else if (strcmp(mode_str, "sigVer") == 0) {
 		info.op = FIPS_TEST_ASYM_SIGVER;
 		info.callbacks = ecdsa_sigver_json_vectors;
+	} else if (strcmp(mode_str, "keyGen") == 0) {
+		info.op = FIPS_TEST_ASYM_KEYGEN;
+		info.callbacks = ecdsa_keygen_json_vectors;
 	} else {
 		return -EINVAL;
 	}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 5c6c12982d..2c4353185e 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1758,6 +1758,19 @@ fips_run_test(void)
 
 	env.op = env.sym.op;
 	if (env.is_asym_test) {
+		if (info.op == FIPS_TEST_ASYM_KEYGEN &&
+			info.algo == FIPS_TEST_ALGO_ECDSA) {
+			env.op = env.asym.op;
+			test_ops.prepare_asym_xform = prepare_ecfpm_xform;
+			test_ops.prepare_asym_op = prepare_ecfpm_op;
+			ret = fips_run_asym_test();
+			if (ret < 0)
+				return ret;
+
+			info.interim_info.ecdsa_data.pubkey_gen = 0;
+			return ret;
+		}
+
 		vec.cipher_auth.digest.len = parse_test_sha_hash_size(
 						info.interim_info.rsa_data.auth);
 		test_ops.prepare_sym_xform = prepare_sha_xform;
-- 
2.25.1

[v2, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test

[Gowrishankar Muthukrishnan]

Add SHA3 algorithms in ECDSA as supported.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation_ecdsa.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/examples/fips_validation/fips_validation_ecdsa.c b/examples/fips_validation/fips_validation_ecdsa.c
index 5c91abfc5a..aef722d147 100644
--- a/examples/fips_validation/fips_validation_ecdsa.c
+++ b/examples/fips_validation/fips_validation_ecdsa.c
@@ -50,6 +50,10 @@ struct {
 		{RTE_CRYPTO_AUTH_SHA256, "SHA2-256"},
 		{RTE_CRYPTO_AUTH_SHA384, "SHA2-384"},
 		{RTE_CRYPTO_AUTH_SHA512, "SHA2-512"},
+		{RTE_CRYPTO_AUTH_SHA3_224, "SHA3-224"},
+		{RTE_CRYPTO_AUTH_SHA3_256, "SHA3-256"},
+		{RTE_CRYPTO_AUTH_SHA3_384, "SHA3-384"},
+		{RTE_CRYPTO_AUTH_SHA3_512, "SHA3-512"},
 };
 
 struct {
-- 
2.25.1

[v2, 08/10] examples/fips_validation: fix AES GCM validation tests

[Gowrishankar Muthukrishnan]

AES GCM validation tests fail in FIPS validation due to incorrect
fields populated in response file. This patch fixes them.

Fixes: 5b540bebac8e ("examples/fips_validation: fix GMAC decryption output")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation_gcm.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/examples/fips_validation/fips_validation_gcm.c b/examples/fips_validation/fips_validation_gcm.c
index a80d8b3e4d..bf08d1b995 100644
--- a/examples/fips_validation/fips_validation_gcm.c
+++ b/examples/fips_validation/fips_validation_gcm.c
@@ -79,7 +79,7 @@ parser_read_gcm_pt_len(const char *key, char *src,
 	if (ret < 0)
 		return ret;
 
-	if (vec.pt.len == 0) {
+	if (info.algo == FIPS_TEST_ALGO_AES_GMAC && vec.pt.len == 0) {
 		info.interim_info.gcm_data.is_gmac = 1;
 		test_ops.prepare_sym_op = prepare_auth_op;
 		test_ops.prepare_sym_xform = prepare_gmac_xform;
@@ -296,6 +296,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
 			tmp_val.val = val->val;
 			tmp_val.len = vec.pt.len;
 
+			info.one_line_text[0] = '\0';
 			writeback_hex_str("", info.one_line_text, &tmp_val);
 			ct = json_string(info.one_line_text);
 			json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct);
@@ -326,6 +327,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
 				tmp_val.val = val->val;
 				tmp_val.len = vec.pt.len;
 
+				info.one_line_text[0] = '\0';
 				writeback_hex_str("", info.one_line_text, &tmp_val);
 				json_object_set_new(json_info.json_write_case, PT_JSON_STR,
 					json_string(info.one_line_text));
@@ -334,12 +336,8 @@ parse_test_gcm_json_writeback(struct fips_val *val)
 					json_true());
 			}
 		} else {
-			if (!info.interim_info.gcm_data.is_gmac)
-				json_object_set_new(json_info.json_write_case, PT_JSON_STR,
-					json_string(""));
-			else
-				json_object_set_new(json_info.json_write_case, "testPassed",
-					json_false());
+			json_object_set_new(json_info.json_write_case, "testPassed",
+				json_false());
 		}
 	}
 
-- 
2.25.1

[v2, 09/10] examples/fips_validation: fix AES XTS to read seq number

[Gowrishankar Muthukrishnan]

Fix AES XTS test to read sequence number correctly.

Fixes: f8e431ed8f6 ("examples/fips_validation: add parsing for AES-XTS")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation_xts.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/examples/fips_validation/fips_validation_xts.c b/examples/fips_validation/fips_validation_xts.c
index 531e3c688e..530df78ab4 100644
--- a/examples/fips_validation/fips_validation_xts.c
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -34,6 +34,7 @@
 #define DATAUNITLEN_JSON_STR	"dataUnitLen"
 #define PAYLOADLEN_JSON_STR	"payloadLen"
 #define TWEAKVALUE_JSON_STR	"tweakValue"
+#define SEQNUMBER_JSON_STR	"sequenceNumber"
 #define PT_JSON_STR	"pt"
 #define CT_JSON_STR	"ct"
 
@@ -95,14 +96,17 @@ parser_xts_read_keylen(const char *key, char *src, struct fips_val *val)
 static int
 parser_xts_read_tweakval(const char *key, char *src, struct fips_val *val)
 {
+	char num_str[4] = {0};
 	int ret;
 
-	if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX)
+	if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX) {
 		ret = parse_uint8_hex_str(key, src, val);
-	else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER)
-		ret = parser_read_uint32_bit_val(key, src, val);
-	else
+	} else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER) {
+		snprintf(num_str, RTE_DIM(num_str), "%x", atoi(src));
+		ret = parse_uint8_hex_str(key, num_str, val);
+	} else {
 		ret = -1;
+	}
 
 	return ret;
 }
@@ -122,6 +126,7 @@ struct fips_test_callback xts_interim_json_vectors[] = {
 struct fips_test_callback xts_enc_json_vectors[] = {
 		{KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
 		{TWEAKVALUE_JSON_STR, parser_xts_read_tweakval, &vec.iv},
+		{SEQNUMBER_JSON_STR, parser_xts_read_tweakval, &vec.iv},
 		{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
 		{NULL, NULL, NULL} /**< end pointer */
 };
-- 
2.25.1

[v2, 10/10] examples/fips_validation: add extra space in JSON buffer

[Gowrishankar Muthukrishnan]

Current test buffer to copy input data of maximum possible length
did not account NULL character, due to which a last input character
is always ignored and it causes tests like RSA SIGVER for modulo
of 4096 bits to fail. This patch fixes it.

Fixes: 0b65d54f3a4 ("examples/fips_validation: fix JSON buffer size")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index c4988053c1..abc1d64742 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -247,7 +247,7 @@ struct ecdsa_interim_data {
  * Esp, in asym op, modulo bits decide char buffer size.
  * max = (modulo / 4)
  */
-#define FIPS_TEST_JSON_BUF_LEN (4096 / 4)
+#define FIPS_TEST_JSON_BUF_LEN ((4096 / 4) + 1)
 
 struct fips_test_json_info {
 	/* Information used for reading from json */
-- 
2.25.1

RE: [v1, 00/10] fips_validation application improvements

[Gowrishankar Muthukrishnan]

I have fixed it in v2 and CI passed.
http://mails.dpdk.org/archives/test-report/2023-February/360464.html

Thanks,
Gowrishankar
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, February 28, 2023 1:09 PM
> To: Akhil Goyal <gakhil@marvell.com>; Dooley, Brian
> <brian.dooley@intel.com>; Gowrishankar Muthukrishnan
> <gmuthukrishn@marvell.com>; dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
> <jerinj@marvell.com>
> Subject: RE: [v1, 00/10] fips_validation application improvements
> 
> Hi Gowrishankar,
> > >
> > > > Subject: [v1, 00/10] fips_validation application improvements
> > > >
> > > > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test
> > > > vectors and fixes existing algorithms to support NIST test vectors.
> > > >
> > > > Gowrishankar Muthukrishnan (10):
> > > >   examples/fips_validation: fix MCT output for SHA
> > > >   examples/fips_validation: add SHA3 validation
> > > >   examples/fips_validation: fix integer parse in test case
> > > >   examples/fips_validation: add SHAKE validation
> > > >   examples/fips_validation: add CCM JSON validation
> > > >   examples/fips_validation: add ECDSA keygen support
> > > >   examples/fips_validation: add SHA3 algorithms in ECDSA test
> > > >   examples/fips_validation: fix AES GCM validation tests
> > > >   examples/fips_validation: fix AES XTS to read seq number
> > > >   examples/fips_validation: add extra space in JSON buffer
> > > >
> > > >  doc/guides/sample_app_ug/fips_validation.rst  |   7 +-
> > > >  examples/fips_validation/fips_validation.c    |  31 ++-
> > > >  examples/fips_validation/fips_validation.h    |  10 +-
> > > >  .../fips_validation/fips_validation_ccm.c     | 132 ++++++++++++
> > > >  .../fips_validation/fips_validation_ecdsa.c   |  56 +++++
> > > >  .../fips_validation/fips_validation_gcm.c     |  12 +-
> > > >  .../fips_validation/fips_validation_hmac.c    |   8 +
> > > >  .../fips_validation/fips_validation_sha.c     |  91 ++++++--
> > > >  .../fips_validation/fips_validation_xts.c     |  13 +-
> > > >  examples/fips_validation/main.c               | 196 +++++++++++++-----
> > > >  10 files changed, 467 insertions(+), 89 deletions(-)
> > > >
> > > > --
> > > > 2.25.1
> > >
> > > Series-acked-by: Brian Dooley <brian.dooley@intel.com>
> >
> > Series Applied to dpdk-next-crypto
> The series is showing compilation issues, please fix it. The series is removed
> from the tree.
> 

RE: [v2, 00/10] fips_validation application improvements

[Akhil Goyal]

> Subject: [v2, 00/10] fips_validation application improvements
> 
> This patch series adds support for SHA3, SHAKE, AES-CCM
> JSON test vectors and fixes existing algorithms to
> support NIST test vectors.
> 
> v2:
>  - fixed type punning SHAKE test function.
Series applied to dpdk-next-crypto

Thanks.