patches for DPDK stable branches
 help / color / Atom feed
* [dpdk-stable] [PATCH] examples/fips_validation: add AES XTS support
@ 2020-01-07  9:38 Archana Muniganti
  2020-01-15 14:47 ` Akhil Goyal
  0 siblings, 1 reply; 2+ messages in thread
From: Archana Muniganti @ 2020-01-07  9:38 UTC (permalink / raw)
  To: marko.kovacevic, akhil.goyal
  Cc: Sucharitha Sarananaga, anoobj, jerinj, dev, stable,
	Abed Kamaluddin, Archana Muniganti

From: Sucharitha Sarananaga <ssarananaga@marvell.com>

AES XTS support is added to fips application. Parse test-vectors
from input files, populate AES XTS tests and prepare AES XTS
operations for fips validation.

Signed-off-by: Abed Kamaluddin <akamaluddin@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
---
 examples/fips_validation/Makefile              |   1 +
 examples/fips_validation/fips_validation.c     |   6 ++
 examples/fips_validation/fips_validation.h     |   4 +
 examples/fips_validation/fips_validation_xts.c | 119 +++++++++++++++++++++++++
 examples/fips_validation/main.c                |  45 ++++++++++
 examples/fips_validation/meson.build           |   1 +
 6 files changed, 176 insertions(+)
 create mode 100644 examples/fips_validation/fips_validation_xts.c

diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile
index 1385e8c..c207d11 100644
--- a/examples/fips_validation/Makefile
+++ b/examples/fips_validation/Makefile
@@ -14,6 +14,7 @@ SRCS-y += fips_validation_cmac.c
 SRCS-y += fips_validation_ccm.c
 SRCS-y += fips_validation_sha.c
 SRCS-y += fips_dev_self_test.c
+SRCS-y += fips_validation_xts.c
 SRCS-y += main.c
 
 # Build using pkg-config variables if possible
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 07ffa62..ef24b72 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -150,6 +150,12 @@
 				ret = parse_test_sha_init();
 				if (ret < 0)
 					return ret;
+			} else if (strstr(info.vec[i], "XTS")) {
+				algo_parsed = 1;
+				info.algo = FIPS_TEST_ALGO_AES_XTS;
+				ret = parse_test_xts_init();
+				if (ret < 0)
+					return ret;
 			}
 		}
 
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index d487fb0..5aee955 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -31,6 +31,7 @@ enum fips_test_algorithms {
 		FIPS_TEST_ALGO_HMAC,
 		FIPS_TEST_ALGO_TDES,
 		FIPS_TEST_ALGO_SHA,
+		FIPS_TEST_ALGO_AES_XTS,
 		FIPS_TEST_ALGO_MAX
 };
 
@@ -223,6 +224,9 @@ struct fips_test_interim_info {
 parse_test_sha_init(void);
 
 int
+parse_test_xts_init(void);
+
+int
 parser_read_uint8_hex(uint8_t *value, const char *p);
 
 int
diff --git a/examples/fips_validation/fips_validation_xts.c b/examples/fips_validation/fips_validation_xts.c
new file mode 100644
index 0000000..5bb1966
--- /dev/null
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -0,0 +1,119 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2020 Marvell International Ltd.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+
+#include <rte_cryptodev.h>
+
+#include "fips_validation.h"
+
+#define MODE_STR	"XTS"
+#define ALGO_STR	"test data for "
+#define OP_STR		"State"
+#define KEY_SIZE_STR	"Key Length : "
+
+#define COUNT_STR	"COUNT = "
+#define KEY_STR		"Key = "
+#define IV_STR		"i = "
+#define PT_STR		"PT = "
+#define CT_STR		"CT = "
+
+#define OP_ENC_STR	"ENCRYPT"
+#define OP_DEC_STR	"DECRYPT"
+
+static int
+parse_interim_xts_enc_dec(const char *key,
+		__rte_unused char *text,
+		__rte_unused struct fips_val *val)
+{
+	if (strcmp(key, OP_ENC_STR) == 0)
+		info.op = FIPS_TEST_ENC_AUTH_GEN;
+	else if (strcmp(key, OP_DEC_STR) == 0)
+		info.op = FIPS_TEST_DEC_AUTH_VERIF;
+	else
+		return -1;
+	return 0;
+}
+
+struct fips_test_callback xts_tests_vectors[] = {
+		{KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
+		{IV_STR, parse_uint8_hex_str, &vec.iv},
+		{PT_STR, parse_uint8_hex_str, &vec.pt},
+		{CT_STR, parse_uint8_hex_str, &vec.ct},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback xts_tests_interim_vectors[] = {
+		{OP_ENC_STR, parse_interim_xts_enc_dec, NULL},
+		{OP_DEC_STR, parse_interim_xts_enc_dec, NULL},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback xts_writeback_callbacks[] = {
+		/** First element is used to pass COUNT string */
+		{COUNT_STR, NULL, NULL},
+		{IV_STR, writeback_hex_str, &vec.iv},
+		{KEY_STR, writeback_hex_str, &vec.cipher_auth.key},
+		{PT_STR, writeback_hex_str, &vec.pt},
+		{CT_STR, writeback_hex_str, &vec.ct},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_xts_writeback(struct fips_val *val)
+{
+	if (info.op == FIPS_TEST_ENC_AUTH_GEN)
+		fprintf(info.fp_wr, "%s", CT_STR);
+	else
+		fprintf(info.fp_wr, "%s", PT_STR);
+
+	parse_write_hex_str(val);
+	return 0;
+}
+
+static int
+rsp_test_xts_check(struct fips_val *val)
+{
+	struct fips_val *data;
+	if (info.op == FIPS_TEST_ENC_AUTH_GEN)
+		data = &vec.ct;
+	else
+		data = &vec.pt;
+
+	if (memcmp(val->val, data->val, val->len) == 0)
+		fprintf(info.fp_wr, "Success\n");
+	else
+		fprintf(info.fp_wr, "Failed\n");
+	return 0;
+}
+
+int parse_test_xts_init(void)
+{
+	char *tmp;
+	uint32_t i;
+	for (i = 0; i < info.nb_vec_lines; i++) {
+		char *line = info.vec[i];
+		tmp = strstr(line, KEY_SIZE_STR);
+		if (tmp) {
+			tmp += (strlen(KEY_SIZE_STR) + strlen("AES"));
+			if (parser_read_uint32(
+				&info.interim_info.aes_data.key_len,
+					tmp) < 0)
+				return -EINVAL;
+			info.interim_info.aes_data.key_len =
+			(info.interim_info.aes_data.key_len*2) / 8;
+			continue;
+		}
+
+	}
+	info.parse_writeback = parse_test_xts_writeback;
+	info.callbacks = xts_tests_vectors;
+	info.interim_callbacks = xts_tests_interim_vectors;
+	info.writeback_callbacks = xts_writeback_callbacks;
+	info.kat_check = rsp_test_xts_check;
+
+	return 0;
+}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 9a2c8da..f9b2056 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -912,6 +912,46 @@ struct fips_test_ops {
 	return 0;
 }
 
+static int
+prepare_xts_xform(struct rte_crypto_sym_xform *xform)
+{
+	const struct rte_cryptodev_symmetric_capability *cap;
+	struct rte_cryptodev_sym_capability_idx cap_idx;
+	struct rte_crypto_cipher_xform *cipher_xform = &xform->cipher;
+
+	xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+
+	cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_XTS;
+	cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+			RTE_CRYPTO_CIPHER_OP_ENCRYPT :
+			RTE_CRYPTO_CIPHER_OP_DECRYPT;
+	cipher_xform->key.data = vec.cipher_auth.key.val;
+	cipher_xform->key.length = vec.cipher_auth.key.len;
+	cipher_xform->iv.length = vec.iv.len;
+	cipher_xform->iv.offset = IV_OFF;
+
+	cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_XTS;
+	cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+
+	cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+	if (!cap) {
+		RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+				env.dev_id);
+		return -EINVAL;
+	}
+
+	if (rte_cryptodev_sym_capability_check_cipher(cap,
+			cipher_xform->key.length,
+			cipher_xform->iv.length) != 0) {
+		RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+				info.device_name, cipher_xform->key.length,
+				cipher_xform->iv.length);
+		return -EPERM;
+	}
+
+	return 0;
+}
+
 static void
 get_writeback_data(struct fips_val *val)
 {
@@ -1486,6 +1526,11 @@ struct fips_test_ops {
 		else
 			test_ops.test = fips_generic_test;
 		break;
+	case FIPS_TEST_ALGO_AES_XTS:
+		test_ops.prepare_op = prepare_cipher_op;
+		test_ops.prepare_xform = prepare_xts_xform;
+		test_ops.test = fips_generic_test;
+		break;
 	default:
 		if (strstr(info.file_name, "TECB") ||
 				strstr(info.file_name, "TCBC")) {
diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build
index 6dd6308..e2745d2 100644
--- a/examples/fips_validation/meson.build
+++ b/examples/fips_validation/meson.build
@@ -17,6 +17,7 @@ sources = files(
 	'fips_validation_cmac.c',
 	'fips_validation_ccm.c',
 	'fips_validation_sha.c',
+	'fips_validation_xts.c',
 	'fips_dev_self_test.c',
 	'main.c'
 )
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [dpdk-stable] [PATCH] examples/fips_validation: add AES XTS support
  2020-01-07  9:38 [dpdk-stable] [PATCH] examples/fips_validation: add AES XTS support Archana Muniganti
@ 2020-01-15 14:47 ` Akhil Goyal
  0 siblings, 0 replies; 2+ messages in thread
From: Akhil Goyal @ 2020-01-15 14:47 UTC (permalink / raw)
  To: Archana Muniganti, marko.kovacevic
  Cc: Sucharitha Sarananaga, anoobj, jerinj, dev, stable, Abed Kamaluddin

Hi Marko,

> 
> From: Sucharitha Sarananaga <ssarananaga@marvell.com>
> 
> AES XTS support is added to fips application. Parse test-vectors
> from input files, populate AES XTS tests and prepare AES XTS
> operations for fips validation.
> 
> Signed-off-by: Abed Kamaluddin <akamaluddin@marvell.com>
> Signed-off-by: Archana Muniganti <marchana@marvell.com>
> Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
> ---
Could you please review this patch.

Thanks,
Akhil


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-07  9:38 [dpdk-stable] [PATCH] examples/fips_validation: add AES XTS support Archana Muniganti
2020-01-15 14:47 ` Akhil Goyal

patches for DPDK stable branches

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ http://inbox.dpdk.org/stable \
		stable@dpdk.org
	public-inbox-index stable


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.stable


AGPL code for this site: git clone https://public-inbox.org/ public-inbox