[PATCH v1] examples/fips_validation: add parsing for sha

[PATCH v1] examples/fips_validation: add parsing for sha

[Gowrishankar Muthukrishnan]

Added function to parse algorithm for SHA test. Verified with SHA 1 and 256
vectors. SHA 384 and 512 has some issues with the way jansson objects are
created, which could be addressed separately.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 examples/fips_validation/fips_validation.c    |   2 +
 examples/fips_validation/fips_validation.h    |  10 +
 .../fips_validation/fips_validation_sha.c     | 188 ++++++++++++++++++
 examples/fips_validation/main.c               |  37 +++-
 4 files changed, 226 insertions(+), 11 deletions(-)

diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index f181363ef7..12b9b03f56 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -466,6 +466,8 @@ fips_test_parse_one_json_vector_set(void)
 		info.algo = FIPS_TEST_ALGO_AES_CBC;
 	else if (strstr(algo_str, "AES-XTS"))
 		info.algo = FIPS_TEST_ALGO_AES_XTS;
+	else if (strstr(algo_str, "SHA"))
+		info.algo = FIPS_TEST_ALGO_SHA;
 	else
 		return -EINVAL;
 
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index d716b198c6..5c1abcbd91 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -133,6 +133,7 @@ enum fips_ccm_test_types {
 
 enum fips_sha_test_types {
 	SHA_KAT = 0,
+	SHA_AFT,
 	SHA_MCT
 };
 
@@ -280,6 +281,15 @@ parse_test_aes_json_init(void);
 
 int
 parse_test_xts_json_init(void);
+
+int
+parse_test_sha_json_init(void);
+
+int
+parse_test_sha_json_algorithm(void);
+
+int
+parse_test_sha_json_test_type(void);
 #endif /* USE_JANSSON */
 
 int
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index 34c364c75a..a2928618d7 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -17,6 +17,11 @@
 #define SEED_STR	"Seed = "
 #define MCT_STR		"Monte"
 
+#define ALGO_JSON_STR	"algorithm"
+#define TESTTYPE_JSON_STR	"testType"
+
+#define PT_JSON_STR		"msg"
+
 struct plain_hash_size_conversion {
 	const char *str;
 	enum rte_crypto_auth_algorithm algo;
@@ -62,6 +67,32 @@ struct fips_test_callback sha_tests_interim_vectors[] = {
 		{NULL, NULL, NULL} /**< end pointer */
 };
 
+#ifdef USE_JANSSON
+static struct {
+	uint32_t type;
+	const char *desc;
+} sha_test_types[] = {
+		{SHA_MCT, "MCT"},
+		{SHA_AFT, "AFT"},
+};
+
+static struct plain_hash_algorithms {
+	const char *str;
+	enum rte_crypto_auth_algorithm algo;
+} json_algorithms[] = {
+		{"SHA-1", RTE_CRYPTO_AUTH_SHA1},
+		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
+		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
+		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
+		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+};
+
+struct fips_test_callback sha_tests_json_vectors[] = {
+		{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+#endif /* USE_JANSSON */
+
 static int
 parse_test_sha_writeback(struct fips_val *val) // !
 {
@@ -108,3 +139,160 @@ parse_test_sha_init(void)
 	info.kat_check = rsp_test_sha_check;
 	return 0;
 }
+
+#ifdef USE_JANSSON
+static int
+parse_test_sha_json_writeback(struct fips_val *val)
+{
+	struct fips_val val_local;
+	json_t *tcId, *md;
+
+	tcId = json_object_get(json_info.json_test_case, "tcId");
+
+	json_info.json_write_case = json_object();
+	json_object_set_new(json_info.json_write_case, "tcId", tcId);
+
+	val_local.val = val->val + vec.pt.len;
+	val_local.len = vec.cipher_auth.digest.len;
+
+	writeback_hex_str("", info.one_line_text, &val_local);
+	md = json_string(info.one_line_text);
+	json_object_set_new(json_info.json_write_case, "md", md);
+
+	return 0;
+}
+
+static int
+parse_test_sha_mct_json_writeback(struct fips_val *val)
+{
+	json_t *tcId, *msg, *md, *resArr, *res;
+	struct fips_val val_local;
+
+	tcId = json_object_get(json_info.json_test_case, "tcId");
+	if (json_info.json_write_case) {
+		json_t *wcId;
+
+		wcId = json_object_get(json_info.json_write_case, "tcId");
+		if (!json_equal(tcId, wcId)) {
+			json_info.json_write_case = json_object();
+			json_object_set_new(json_info.json_write_case, "tcId", tcId);
+			json_object_set_new(json_info.json_write_case, "resultsArray",
+								json_array());
+		}
+	} else {
+		json_info.json_write_case = json_object();
+		json_object_set_new(json_info.json_write_case, "tcId", tcId);
+		json_object_set_new(json_info.json_write_case, "resultsArray", json_array());
+	}
+
+	resArr = json_object_get(json_info.json_write_case, "resultsArray");
+	if (!json_is_array(resArr))
+		return -EINVAL;
+
+	res = json_object();
+
+	writeback_hex_str("", info.one_line_text, &val[1]);
+	msg = json_string(info.one_line_text);
+	json_object_set_new(res, "msg", msg);
+
+	val_local.val = val[0].val + vec.pt.len;
+	val_local.len = vec.cipher_auth.digest.len;
+
+	writeback_hex_str("", info.one_line_text, &val_local);
+	md = json_string(info.one_line_text);
+	json_object_set_new(res, "md", md);
+
+	json_array_append_new(resArr, res);
+	return 0;
+}
+
+int
+parse_test_sha_json_algorithm(void)
+{
+	json_t *algorithm_object;
+	const char *algorithm_str;
+	uint32_t i;
+
+	algorithm_object = json_object_get(json_info.json_vector_set, "algorithm");
+	algorithm_str = json_string_value(algorithm_object);
+
+	for (i = 0; i < RTE_DIM(json_algorithms); i++) {
+		if (strstr(algorithm_str, json_algorithms[i].str)) {
+			info.interim_info.sha_data.algo = json_algorithms[i].algo;
+			break;
+		}
+	}
+
+	if (i == RTE_DIM(json_algorithms))
+		return -1;
+
+	for (i = 0; i < RTE_DIM(phsc); i++) {
+		if (info.interim_info.sha_data.algo == phsc[i].algo) {
+			vec.cipher_auth.digest.len = atoi(phsc[i].str);
+			vec.cipher_auth.digest.val = calloc(0, vec.cipher_auth.digest.len * 8);
+			break;
+		}
+	}
+
+	if (i == RTE_DIM(phsc))
+		return -1;
+
+	return 0;
+}
+
+int
+parse_test_sha_json_test_type(void)
+{
+	json_t *type_object;
+	const char *type_str;
+	uint32_t i;
+
+	type_object = json_object_get(json_info.json_test_group, TESTTYPE_JSON_STR);
+	type_str = json_string_value(type_object);
+
+	for (i = 0; i < RTE_DIM(sha_test_types); i++)
+		if (strstr(type_str, sha_test_types[i].desc)) {
+			info.interim_info.aes_data.test_type =
+				sha_test_types[i].type;
+			break;
+		}
+
+	if (i == RTE_DIM(sha_test_types))
+		return -1;
+
+	switch (info.interim_info.sha_data.test_type) {
+	case SHA_MCT:
+		info.parse_writeback = parse_test_sha_mct_json_writeback;
+		break;
+	case SHA_AFT:
+		info.parse_writeback = parse_test_sha_json_writeback;
+		break;
+	default:
+		info.parse_writeback = NULL;
+	}
+
+	if (!info.parse_writeback)
+		return -1;
+
+	return 0;
+}
+
+int
+parse_test_sha_json_init(void)
+{
+	info.op = FIPS_TEST_ENC_AUTH_GEN;
+	info.parse_writeback = parse_test_sha_json_writeback;
+	info.callbacks = sha_tests_json_vectors;
+	info.writeback_callbacks = NULL;
+	info.kat_check = rsp_test_sha_check;
+	info.interim_callbacks = NULL;
+
+	if (parse_test_sha_json_algorithm() < 0)
+		return -1;
+
+	if (parse_test_sha_json_test_type() < 0)
+		return -1;
+
+	return 0;
+}
+#endif /* USE_JANSSON */
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 7ccb5f52f4..41347de199 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1693,19 +1693,24 @@ fips_mct_sha_test(void)
 #define SHA_EXTERN_ITER	100
 #define SHA_INTERN_ITER	1000
 #define SHA_MD_BLOCK	3
-	struct fips_val val = {NULL, 0}, md[SHA_MD_BLOCK];
+	struct fips_val val[2] = {{NULL, 0},}, md[SHA_MD_BLOCK], msg;
 	char temp[MAX_DIGEST_SIZE*2];
 	int ret;
 	uint32_t i, j;
 
+	msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
+	msg.val = calloc(1, msg.len);
+	memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.cipher_auth.digest.len);
 	for (i = 0; i < SHA_MD_BLOCK; i++)
 		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
 
 	rte_free(vec.pt.val);
 	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
 
-	fips_test_write_one_case();
-	fprintf(info.fp_wr, "\n");
+	if (info.file_type != FIPS_TYPE_JSON) {
+		fips_test_write_one_case();
+		fprintf(info.fp_wr, "\n");
+	}
 
 	for (j = 0; j < SHA_EXTERN_ITER; j++) {
 
@@ -1719,6 +1724,9 @@ fips_mct_sha_test(void)
 			vec.cipher_auth.digest.len);
 		md[2].len = vec.cipher_auth.digest.len;
 
+		for (i = 0; i < SHA_MD_BLOCK; i++)
+			memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
+
 		for (i = 0; i < (SHA_INTERN_ITER); i++) {
 
 			memcpy(vec.pt.val, md[0].val,
@@ -1742,7 +1750,7 @@ fips_mct_sha_test(void)
 				return ret;
 			}
 
-			ret = get_writeback_data(&val);
+			ret = get_writeback_data(&val[0]);
 			if (ret < 0)
 				return ret;
 
@@ -1751,7 +1759,7 @@ fips_mct_sha_test(void)
 			memcpy(md[1].val, md[2].val, md[2].len);
 			md[1].len = md[2].len;
 
-			memcpy(md[2].val, (val.val + vec.pt.len),
+			memcpy(md[2].val, (val[0].val + vec.pt.len),
 				vec.cipher_auth.digest.len);
 			md[2].len = vec.cipher_auth.digest.len;
 		}
@@ -1759,11 +1767,14 @@ fips_mct_sha_test(void)
 		memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
 		vec.cipher_auth.digest.len = md[2].len;
 
-		fprintf(info.fp_wr, "COUNT = %u\n", j);
-
-		writeback_hex_str("", temp, &vec.cipher_auth.digest);
-
-		fprintf(info.fp_wr, "MD = %s\n\n", temp);
+		if (info.file_type != FIPS_TYPE_JSON) {
+			fprintf(info.fp_wr, "COUNT = %u\n", j);
+			writeback_hex_str("", temp, &vec.cipher_auth.digest);
+			fprintf(info.fp_wr, "MD = %s\n\n", temp);
+		}
+		val[1].val = msg.val;
+		val[1].len = msg.len;
+		info.parse_writeback(val);
 	}
 
 	for (i = 0; i < (SHA_MD_BLOCK); i++)
@@ -1771,7 +1782,8 @@ fips_mct_sha_test(void)
 
 	rte_free(vec.pt.val);
 
-	free(val.val);
+	free(val[0].val);
+	free(msg.val);
 
 	return 0;
 }
@@ -1996,6 +2008,9 @@ fips_test_one_test_group(void)
 	case FIPS_TEST_ALGO_AES:
 		ret = parse_test_aes_json_init();
 		break;
+	case FIPS_TEST_ALGO_SHA:
+		ret = parse_test_sha_json_init();
+		break;
 	default:
 		return -EINVAL;
 	}
-- 
2.25.1

RE: [PATCH v1] examples/fips_validation: add parsing for sha

[Zhang, Roy Fan]

Hi,

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Tuesday, June 28, 2022 2:14 PM
> To: dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Dooley, Brian
> <brian.dooley@intel.com>; Anoob Joseph <anoobj@marvell.com>; Archana
> Muniganti <marchana@marvell.com>; Jerin Jacob <jerinj@marvell.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [PATCH v1] examples/fips_validation: add parsing for sha
> 
> Added function to parse algorithm for SHA test. Verified with SHA 1 and 256
> vectors. SHA 384 and 512 has some issues with the way jansson objects are
> created, which could be addressed separately.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
<snip>

> +#endif /* USE_JANSSON */
> diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
> index 7ccb5f52f4..41347de199 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1693,19 +1693,24 @@ fips_mct_sha_test(void)
>  #define SHA_EXTERN_ITER	100
>  #define SHA_INTERN_ITER	1000
>  #define SHA_MD_BLOCK	3
> -	struct fips_val val = {NULL, 0}, md[SHA_MD_BLOCK];
> +	struct fips_val val[2] = {{NULL, 0},}, md[SHA_MD_BLOCK], msg;

I see to get around with the callback function limitation you extend the fips val to
an array. Nice move! But if it is not too much trouble for you - please comment
the purpose of the change - it will make the future maintenance much easier!

>  	char temp[MAX_DIGEST_SIZE*2];
>  	int ret;
>  	uint32_t i, j;
> 
> +	msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
> +	msg.val = calloc(1, msg.len);
> +	memcpy(vec.cipher_auth.digest.val, vec.pt.val,
> vec.cipher_auth.digest.len);
>  	for (i = 0; i < SHA_MD_BLOCK; i++)
>  		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
> 
>  	rte_free(vec.pt.val);
>  	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
> 
> -	fips_test_write_one_case();
> -	fprintf(info.fp_wr, "\n");
> +	if (info.file_type != FIPS_TYPE_JSON) {
> +		fips_test_write_one_case();
> +		fprintf(info.fp_wr, "\n");
> +	}
> 
>  	for (j = 0; j < SHA_EXTERN_ITER; j++) {
> 
> @@ -1719,6 +1724,9 @@ fips_mct_sha_test(void)
>  			vec.cipher_auth.digest.len);
>  		md[2].len = vec.cipher_auth.digest.len;
> 
> +		for (i = 0; i < SHA_MD_BLOCK; i++)
> +			memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
> +
>  		for (i = 0; i < (SHA_INTERN_ITER); i++) {
> 
>  			memcpy(vec.pt.val, md[0].val,
> @@ -1742,7 +1750,7 @@ fips_mct_sha_test(void)
>  				return ret;
>  			}
> 
> -			ret = get_writeback_data(&val);
> +			ret = get_writeback_data(&val[0]);
>  			if (ret < 0)
>  				return ret;
> 
> @@ -1751,7 +1759,7 @@ fips_mct_sha_test(void)
>  			memcpy(md[1].val, md[2].val, md[2].len);
>  			md[1].len = md[2].len;
> 
> -			memcpy(md[2].val, (val.val + vec.pt.len),
> +			memcpy(md[2].val, (val[0].val + vec.pt.len),
>  				vec.cipher_auth.digest.len);
>  			md[2].len = vec.cipher_auth.digest.len;
>  		}
> @@ -1759,11 +1767,14 @@ fips_mct_sha_test(void)
>  		memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
>  		vec.cipher_auth.digest.len = md[2].len;
> 
> -		fprintf(info.fp_wr, "COUNT = %u\n", j);
> -
> -		writeback_hex_str("", temp, &vec.cipher_auth.digest);
> -
> -		fprintf(info.fp_wr, "MD = %s\n\n", temp);
> +		if (info.file_type != FIPS_TYPE_JSON) {
> +			fprintf(info.fp_wr, "COUNT = %u\n", j);
> +			writeback_hex_str("", temp, &vec.cipher_auth.digest);
> +			fprintf(info.fp_wr, "MD = %s\n\n", temp);
> +		}
> +		val[1].val = msg.val;
> +		val[1].len = msg.len;
> +		info.parse_writeback(val);
>  	}
> 
>  	for (i = 0; i < (SHA_MD_BLOCK); i++)
> @@ -1771,7 +1782,8 @@ fips_mct_sha_test(void)
> 
>  	rte_free(vec.pt.val);
> 
> -	free(val.val);
> +	free(val[0].val);

It took me a while to understand why you don't free val[1] ??.
Nicely done anyway.

> +	free(msg.val);
> 
>  	return 0;
>  }
> @@ -1996,6 +2008,9 @@ fips_test_one_test_group(void)
>  	case FIPS_TEST_ALGO_AES:
>  		ret = parse_test_aes_json_init();
>  		break;
> +	case FIPS_TEST_ALGO_SHA:
> +		ret = parse_test_sha_json_init();
> +		break;
>  	default:
>  		return -EINVAL;
>  	}
> --
> 2.25.1

Other than that
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

RE: [PATCH v1] examples/fips_validation: add parsing for sha

[Gowrishankar Muthukrishnan]

Hi Fan,
<snip>
> > --- a/examples/fips_validation/main.c
> > +++ b/examples/fips_validation/main.c
> > @@ -1693,19 +1693,24 @@ fips_mct_sha_test(void)
> >  #define SHA_EXTERN_ITER	100
> >  #define SHA_INTERN_ITER	1000
> >  #define SHA_MD_BLOCK	3
> > -	struct fips_val val = {NULL, 0}, md[SHA_MD_BLOCK];
> > +	struct fips_val val[2] = {{NULL, 0},}, md[SHA_MD_BLOCK], msg;
> 
> I see to get around with the callback function limitation you extend the fips val
> to an array. Nice move! But if it is not too much trouble for you - please
> comment the purpose of the change - it will make the future maintenance much
> easier!

Yes, I have added a comment on why val is an array in V3 patch.

> 
> >  	char temp[MAX_DIGEST_SIZE*2];
> >  	int ret;
> >  	uint32_t i, j;
> >
> > +	msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
> > +	msg.val = calloc(1, msg.len);
> > +	memcpy(vec.cipher_auth.digest.val, vec.pt.val,
> > vec.cipher_auth.digest.len);
> >  	for (i = 0; i < SHA_MD_BLOCK; i++)
> >  		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
> >
> >  	rte_free(vec.pt.val);
> >  	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
> >
> > -	fips_test_write_one_case();
> > -	fprintf(info.fp_wr, "\n");
> > +	if (info.file_type != FIPS_TYPE_JSON) {
> > +		fips_test_write_one_case();
> > +		fprintf(info.fp_wr, "\n");
> > +	}
> >
> >  	for (j = 0; j < SHA_EXTERN_ITER; j++) {
> >
> > @@ -1719,6 +1724,9 @@ fips_mct_sha_test(void)
> >  			vec.cipher_auth.digest.len);
> >  		md[2].len = vec.cipher_auth.digest.len;
> >
> > +		for (i = 0; i < SHA_MD_BLOCK; i++)
> > +			memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
> > +
> >  		for (i = 0; i < (SHA_INTERN_ITER); i++) {
> >
> >  			memcpy(vec.pt.val, md[0].val,
> > @@ -1742,7 +1750,7 @@ fips_mct_sha_test(void)
> >  				return ret;
> >  			}
> >
> > -			ret = get_writeback_data(&val);
> > +			ret = get_writeback_data(&val[0]);
> >  			if (ret < 0)
> >  				return ret;
> >
> > @@ -1751,7 +1759,7 @@ fips_mct_sha_test(void)
> >  			memcpy(md[1].val, md[2].val, md[2].len);
> >  			md[1].len = md[2].len;
> >
> > -			memcpy(md[2].val, (val.val + vec.pt.len),
> > +			memcpy(md[2].val, (val[0].val + vec.pt.len),
> >  				vec.cipher_auth.digest.len);
> >  			md[2].len = vec.cipher_auth.digest.len;
> >  		}
> > @@ -1759,11 +1767,14 @@ fips_mct_sha_test(void)
> >  		memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
> >  		vec.cipher_auth.digest.len = md[2].len;
> >
> > -		fprintf(info.fp_wr, "COUNT = %u\n", j);
> > -
> > -		writeback_hex_str("", temp, &vec.cipher_auth.digest);
> > -
> > -		fprintf(info.fp_wr, "MD = %s\n\n", temp);
> > +		if (info.file_type != FIPS_TYPE_JSON) {
> > +			fprintf(info.fp_wr, "COUNT = %u\n", j);
> > +			writeback_hex_str("", temp, &vec.cipher_auth.digest);
> > +			fprintf(info.fp_wr, "MD = %s\n\n", temp);
> > +		}
> > +		val[1].val = msg.val;
> > +		val[1].len = msg.len;
> > +		info.parse_writeback(val);
> >  	}
> >
> >  	for (i = 0; i < (SHA_MD_BLOCK); i++) @@ -1771,7 +1782,8 @@
> > fips_mct_sha_test(void)
> >
> >  	rte_free(vec.pt.val);
> >
> > -	free(val.val);
> > +	free(val[0].val);
> 
> It took me a while to understand why you don't free val[1] ??.
> Nicely done anyway.
> 
> > +	free(msg.val);
> >
> >  	return 0;
> >  }
> > @@ -1996,6 +2008,9 @@ fips_test_one_test_group(void)
> >  	case FIPS_TEST_ALGO_AES:
> >  		ret = parse_test_aes_json_init();
> >  		break;
> > +	case FIPS_TEST_ALGO_SHA:
> > +		ret = parse_test_sha_json_init();
> > +		break;
> >  	default:
> >  		return -EINVAL;
> >  	}
> > --
> > 2.25.1
> 
> Other than that
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

Thanks.