From: Fan Zhang <roy.fan.zhang@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, Marko Kovacevic <marko.kovacevic@intel.com>
Subject: [dpdk-dev] [PATCH v2 6/8] examples: add cmac parser and enablement for test types
Date: Thu, 4 Oct 2018 10:40:13 +0100 [thread overview]
Message-ID: <20181004094015.46264-7-roy.fan.zhang@intel.com> (raw)
In-Reply-To: <20181004094015.46264-1-roy.fan.zhang@intel.com>
From: Marko Kovacevic <marko.kovacevic@intel.com>
Added enablement for CMAC parser, to allow the
application to parser the cmac request files and to validate all
test types supported.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
examples/cryptodev_fips_validate/Makefile | 1 +
.../cryptodev_fips_parse_cmac.c | 116 +++++++++++++++++++++
.../cryptodev_fips_parse_validate.c | 5 +
.../cryptodev_fips_validate.h | 4 +
examples/cryptodev_fips_validate/main.c | 43 ++++++++
examples/cryptodev_fips_validate/meson.build | 1 +
6 files changed, 170 insertions(+)
create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c
diff --git a/examples/cryptodev_fips_validate/Makefile b/examples/cryptodev_fips_validate/Makefile
index 1eb0108bd..f5c2705d5 100644
--- a/examples/cryptodev_fips_validate/Makefile
+++ b/examples/cryptodev_fips_validate/Makefile
@@ -9,6 +9,7 @@ SRCS-y := cryptodev_fips_parse_aes.c
SRCS-y += cryptodev_fips_parse_hmac.c
SRCS-y += cryptodev_fips_parse_3des.c
SRCS-y += cryptodev_fips_parse_gcm.c
+SRCS-y += cryptodev_fips_parse_cmac.c
SRCS-y += cryptodev_fips_parse_validate.c
SRCS-y += main.c
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c
new file mode 100644
index 000000000..37c6317ae
--- /dev/null
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c
@@ -0,0 +1,116 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+#include <rte_string_fns.h>
+
+#include <rte_cryptodev.h>
+
+#include "cryptodev_fips_validate.h"
+
+#define NEW_LINE_STR "#"
+#define OP_STR "CMAC"
+
+#define ALGO_STR "Alg = "
+#define MODE_STR "Mode = "
+
+#define COUNT_STR "Count = "
+#define KLEN_STR "Klen = "
+#define PTLEN_STR "Mlen = "
+#define TAGLEN_STR "Tlen = "
+#define KEY_STR "Key = "
+#define PT_STR "Msg = "
+#define TAG_STR "Mac = "
+
+#define GEN_STR "Generate"
+#define VERIF_STR "Verify"
+
+#define POS_NEG_STR "Result = "
+#define PASS_STR "P"
+#define FAIL_STR "F"
+
+struct hash_algo_conversion {
+ const char *str;
+ enum fips_test_algorithms algo;
+} cmac_algo[] = {
+ {"AES", FIPS_TEST_ALGO_AES_CMAC},
+};
+
+static int
+parse_test_cmac_writeback(struct fips_val *val)
+{
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ struct fips_val tmp_val = {val->val + vec.pt.len,
+ vec.cipher_auth.digest.len};
+
+ fprintf(info.fp_wr, "%s", TAG_STR);
+ parse_write_hex_str(&tmp_val);
+ } else {
+ fprintf(info.fp_wr, "%s", POS_NEG_STR);
+
+ if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS)
+ fprintf(info.fp_wr, "%s\n", PASS_STR);
+ else if (vec.status == RTE_CRYPTO_OP_STATUS_AUTH_FAILED)
+ fprintf(info.fp_wr, "%s\n", FAIL_STR);
+ else
+ fprintf(info.fp_wr, "Error\n");
+ }
+
+ return 0;
+}
+
+struct fips_test_callback cmac_tests_vectors[] = {
+ {KLEN_STR, parser_read_uint32_val, &vec.cipher_auth.key},
+ {PTLEN_STR, parser_read_uint32_val, &vec.pt},
+ {TAGLEN_STR, parser_read_uint32_val, &vec.cipher_auth.digest},
+ {KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
+ {PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
+ {TAG_STR, parse_uint8_known_len_hex_str,
+ &vec.cipher_auth.digest},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+int
+parse_test_cmac_init(void)
+{
+ char *tmp;
+ uint32_t i, j;
+
+ for (i = 0; i < info.nb_vec_lines; i++) {
+ char *line = info.vec[i];
+
+ tmp = strstr(line, ALGO_STR);
+ if (!tmp)
+ continue;
+
+ for (j = 0; j < RTE_DIM(cmac_algo); j++) {
+ if (!strstr(line, cmac_algo[j].str))
+ continue;
+
+ info.algo = cmac_algo[j].algo;
+ break;
+ }
+
+ if (j == RTE_DIM(cmac_algo))
+ return -EINVAL;
+
+ tmp = strstr(line, MODE_STR);
+ if (!tmp)
+ return -1;
+
+ if (strstr(tmp, GEN_STR))
+ info.op = FIPS_TEST_ENC_AUTH_GEN;
+ else if (strstr(tmp, VERIF_STR))
+ info.op = FIPS_TEST_DEC_AUTH_VERIF;
+ else
+ return -EINVAL;
+ }
+
+ info.parse_writeback = parse_test_cmac_writeback;
+ info.callbacks = cmac_tests_vectors;
+
+ return 0;
+}
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
index d45c88de6..4617c67e2 100644
--- a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
@@ -114,6 +114,11 @@ fips_test_parse_header(void)
ret = parse_test_gcm_init();
if (ret < 0)
return ret;
+ } else if (strstr(info.vec[i], "CMAC")) {
+ info.algo = FIPS_TEST_ALGO_AES_CMAC;
+ ret = parse_test_cmac_init();
+ if (ret < 0)
+ return 0;
} else if (strstr(info.vec[i], "HMAC")) {
info.algo = FIPS_TEST_ALGO_HMAC;
ret = parse_test_hmac_init();
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
index 685bc0bf8..7bd1e9a6f 100644
--- a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
@@ -25,6 +25,7 @@
enum fips_test_algorithms {
FIPS_TEST_ALGO_AES = 0,
FIPS_TEST_ALGO_AES_GCM,
+ FIPS_TEST_ALGO_AES_CMAC,
FIPS_TEST_ALGO_HMAC,
FIPS_TEST_ALGO_TDES,
FIPS_TEST_ALGO_MAX
@@ -176,6 +177,9 @@ int
parse_test_gcm_init(void);
int
+parse_test_cmac_init(void);
+
+int
parser_read_uint8_hex(uint8_t *value, const char *p);
int
diff --git a/examples/cryptodev_fips_validate/main.c b/examples/cryptodev_fips_validate/main.c
index 426baf002..a983a66f5 100644
--- a/examples/cryptodev_fips_validate/main.c
+++ b/examples/cryptodev_fips_validate/main.c
@@ -687,6 +687,44 @@ prepare_gcm_xform(struct rte_crypto_sym_xform *xform)
return 0;
}
+static int
+prepare_cmac_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_auth_xform *auth_xform = &xform->auth;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ auth_xform->algo = RTE_CRYPTO_AUTH_AES_CMAC;
+ auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY;
+ auth_xform->digest_length = vec.cipher_auth.digest.len;
+ auth_xform->key.data = vec.cipher_auth.key.val;
+ auth_xform->key.length = vec.cipher_auth.key.len;
+
+ cap_idx.algo.auth = auth_xform->algo;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_auth(cap,
+ auth_xform->key.length,
+ auth_xform->digest_length, 0) != 0) {
+ RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+ info.device_name, auth_xform->key.length,
+ auth_xform->digest_length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
static void
get_writeback_data(struct fips_val *val)
{
@@ -1047,6 +1085,11 @@ init_test_ops(void)
test_ops.prepare_xform = prepare_gcm_xform;
test_ops.test = fips_generic_test;
break;
+ case FIPS_TEST_ALGO_AES_CMAC:
+ test_ops.prepare_op = prepare_auth_op;
+ test_ops.prepare_xform = prepare_cmac_xform;
+ test_ops.test = fips_generic_test;
+ break;
default:
return -1;
}
diff --git a/examples/cryptodev_fips_validate/meson.build b/examples/cryptodev_fips_validate/meson.build
index 510d2a79e..4889d7095 100644
--- a/examples/cryptodev_fips_validate/meson.build
+++ b/examples/cryptodev_fips_validate/meson.build
@@ -13,6 +13,7 @@ sources = files(
'cryptodev_fips_parse_hmac.c',
'cryptodev_fips_parse_3des.c',
'cryptodev_fips_parse_gcm.c',
+ 'cryptodev_fips_parse_cmac.c',
'cryptodev_fips_parse_validate.c',
'main.c'
)
--
2.13.6
next prev parent reply other threads:[~2018-10-04 9:55 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-04 9:40 [dpdk-dev] [PATCH v2 0/8] FIPS validation capability Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 1/8] examples: add fips validation into examples Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 2/8] examples: add aes parser and enablement for test types Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 3/8] examples: add hmac parser Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 4/8] examples: add TDES parser and enablement for test types Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 5/8] examples: add gcm parser Fan Zhang
2018-10-04 9:40 ` Fan Zhang [this message]
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 7/8] examples: add ccm parser and enablement for test types Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 8/8] doc: add guides for fips validation Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 0/8] FIPS validation capability Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 1/8] examples: add fips validation into examples Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 2/8] examples: add aes parser and enablement for test types Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 3/8] examples: add hmac parser Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 4/8] examples: add TDES parser and enablement for test types Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 5/8] examples: add gcm parser Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 6/8] examples: add cmac parser and enablement for test types Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 7/8] examples: add ccm " Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 8/8] doc: add guides for fips validation Fan Zhang
2018-10-09 7:01 ` Akhil Goyal
2018-10-09 20:14 ` Zhang, Roy Fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181004094015.46264-7-roy.fan.zhang@intel.com \
--to=roy.fan.zhang@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=marko.kovacevic@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).