From: "Kovacevic, Marko" <marko.kovacevic@intel.com>
To: akhil.goyal@nxp.com
Cc: dev@dpdk.org, roy.fan.zhang@intel.com,
arkadiuszx.kusztal@intel.com, "Kovacevic,
Marko" <marko.kovacevic@intel.com>
Subject: [dpdk-dev] [PATCH v7 5/8] examples/fips_validation: support GCM parsing
Date: Fri, 2 Nov 2018 09:55:32 +0000 [thread overview]
Message-ID: <20181102095535.7906-6-marko.kovacevic@intel.com> (raw)
In-Reply-To: <20181102095535.7906-1-marko.kovacevic@intel.com>
Added enablement for GCM parser, to allow the
application to parser the GCM request file and to validate all
tests supported.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
examples/fips_validation/Makefile | 1 +
examples/fips_validation/fips_validation.c | 5 +
examples/fips_validation/fips_validation.h | 4 +
examples/fips_validation/fips_validation_gcm.c | 125 +++++++++++++++++++++++++
examples/fips_validation/main.c | 116 ++++++++++++++++++++++-
examples/fips_validation/meson.build | 1 +
6 files changed, 251 insertions(+), 1 deletion(-)
create mode 100644 examples/fips_validation/fips_validation_gcm.c
diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile
index 57cc778..6373ac3 100644
--- a/examples/fips_validation/Makefile
+++ b/examples/fips_validation/Makefile
@@ -9,6 +9,7 @@ SRCS-y := fips_validation.c
SRCS-y += fips_validation_aes.c
SRCS-y += fips_validation_hmac.c
SRCS-y += fips_validation_tdes.c
+SRCS-y += fips_validation_gcm.c
SRCS-y += main.c
# Build using pkg-config variables if possible
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 86f443d..1b926b8 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -111,6 +111,11 @@ fips_test_parse_header(void)
ret = parse_test_aes_init();
if (ret < 0)
return ret;
+ } else if (strstr(info.vec[i], "GCM")) {
+ info.algo = FIPS_TEST_ALGO_AES_GCM;
+ ret = parse_test_gcm_init();
+ if (ret < 0)
+ return ret;
} else if (strstr(info.vec[i], "HMAC")) {
info.algo = FIPS_TEST_ALGO_HMAC;
ret = parse_test_hmac_init();
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 69a2116..4cceff5 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -24,6 +24,7 @@
enum fips_test_algorithms {
FIPS_TEST_ALGO_AES = 0,
+ FIPS_TEST_ALGO_AES_GCM,
FIPS_TEST_ALGO_HMAC,
FIPS_TEST_ALGO_TDES,
FIPS_TEST_ALGO_MAX
@@ -171,6 +172,9 @@ int
parse_test_hmac_init(void);
int
+parse_test_gcm_init(void);
+
+int
parser_read_uint8_hex(uint8_t *value, const char *p);
int
diff --git a/examples/fips_validation/fips_validation_gcm.c b/examples/fips_validation/fips_validation_gcm.c
new file mode 100644
index 0000000..0509b10
--- /dev/null
+++ b/examples/fips_validation/fips_validation_gcm.c
@@ -0,0 +1,125 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+
+#include <rte_cryptodev.h>
+
+#include "fips_validation.h"
+
+#define NEW_LINE_STR "#"
+#define OP_STR "GCM "
+
+#define PARAM_PREFIX "["
+#define KEYLEN_STR "Keylen = "
+#define IVLEN_STR "IVlen = "
+#define PTLEN_STR "PTlen = "
+#define AADLEN_STR "AADlen = "
+#define TAGLEN_STR "Taglen = "
+
+#define COUNT_STR "Count = "
+#define KEY_STR "Key = "
+#define IV_STR "IV = "
+#define PT_STR "PT = "
+#define CT_STR "CT = "
+#define TAG_STR "Tag = "
+#define AAD_STR "AAD = "
+
+#define OP_ENC_STR "Encrypt"
+#define OP_DEC_STR "Decrypt"
+
+#define NEG_TEST_STR "FAIL"
+
+struct fips_test_callback gcm_dec_vectors[] = {
+ {KEY_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
+ {IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
+ {CT_STR, parse_uint8_known_len_hex_str, &vec.ct},
+ {AAD_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.aad},
+ {TAG_STR, parse_uint8_known_len_hex_str,
+ &vec.cipher_auth.digest},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+struct fips_test_callback gcm_interim_vectors[] = {
+ {KEYLEN_STR, parser_read_uint32_bit_val, &vec.cipher_auth.key},
+ {IVLEN_STR, parser_read_uint32_bit_val, &vec.iv},
+ {PTLEN_STR, parser_read_uint32_bit_val, &vec.pt},
+ {AADLEN_STR, parser_read_uint32_bit_val, &vec.cipher_auth.aad},
+ {TAGLEN_STR, parser_read_uint32_bit_val,
+ &vec.cipher_auth.digest},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback gcm_enc_vectors[] = {
+ {KEY_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
+ {IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
+ {PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
+ {AAD_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.aad},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_gcm_writeback(struct fips_val *val)
+{
+ struct fips_val tmp_val;
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ fprintf(info.fp_wr, "%s", CT_STR);
+
+ tmp_val.val = val->val;
+ tmp_val.len = vec.pt.len;
+
+ parse_write_hex_str(&tmp_val);
+
+ fprintf(info.fp_wr, "%s", TAG_STR);
+
+ tmp_val.val = val->val + vec.pt.len;
+ tmp_val.len = val->len - vec.pt.len;
+
+ parse_write_hex_str(&tmp_val);
+ } else {
+ if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
+ fprintf(info.fp_wr, "%s", PT_STR);
+
+ tmp_val.val = val->val;
+ tmp_val.len = vec.pt.len;
+
+ parse_write_hex_str(&tmp_val);
+ } else
+ fprintf(info.fp_wr, "%s\n", NEG_TEST_STR);
+ }
+
+ return 0;
+}
+
+int
+parse_test_gcm_init(void)
+{
+ char *tmp;
+ uint32_t i;
+
+
+ for (i = 0; i < info.nb_vec_lines; i++) {
+ char *line = info.vec[i];
+
+
+ tmp = strstr(line, OP_STR);
+ if (tmp) {
+ if (strstr(line, OP_ENC_STR)) {
+ info.op = FIPS_TEST_ENC_AUTH_GEN;
+ info.callbacks = gcm_enc_vectors;
+ } else if (strstr(line, OP_DEC_STR)) {
+ info.op = FIPS_TEST_DEC_AUTH_VERIF;
+ info.callbacks = gcm_dec_vectors;
+ } else
+ return -EINVAL;
+ }
+ }
+
+ info.interim_callbacks = gcm_interim_vectors;
+ info.parse_writeback = parse_test_gcm_writeback;
+
+ return 0;
+}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 3880681..c693e87 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -462,6 +462,70 @@ prepare_auth_op(void)
}
static int
+prepare_aead_op(void)
+{
+ struct rte_crypto_sym_op *sym = env.op->sym;
+ uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *, IV_OFF);
+
+ __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+ rte_pktmbuf_reset(env.mbuf);
+
+ memcpy(iv, vec.iv.val, vec.iv.len);
+
+ sym->m_src = env.mbuf;
+ sym->aead.data.offset = 0;
+ sym->aead.aad.data = vec.aead.aad.val;
+ sym->aead.aad.phys_addr = rte_malloc_virt2iova(sym->aead.aad.data);
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ uint8_t *pt;
+
+ if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) {
+ RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len);
+ return -EPERM;
+ }
+
+ pt = (uint8_t *)rte_pktmbuf_append(env.mbuf,
+ vec.pt.len + vec.aead.digest.len);
+
+ if (!pt) {
+ RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
+ -ENOMEM);
+ return -ENOMEM;
+ }
+
+ memcpy(pt, vec.pt.val, vec.pt.len);
+ sym->aead.data.length = vec.pt.len;
+ sym->aead.digest.data = pt + vec.pt.len;
+ sym->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+ env.mbuf, vec.pt.len);
+ } else {
+ uint8_t *ct;
+
+ if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) {
+ RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len);
+ return -EPERM;
+ }
+
+ ct = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.ct.len);
+
+ if (!ct) {
+ RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
+ -ENOMEM);
+ return -ENOMEM;
+ }
+
+ memcpy(ct, vec.ct.val, vec.ct.len);
+ sym->aead.data.length = vec.ct.len;
+ sym->aead.digest.data = vec.aead.digest.val;
+ sym->aead.digest.phys_addr = rte_malloc_virt2iova(
+ sym->aead.digest.data);
+ }
+
+ rte_crypto_op_attach_sym_session(env.op, env.sess);
+}
+
+static int
prepare_aes_xform(struct rte_crypto_sym_xform *xform)
{
const struct rte_cryptodev_symmetric_capability *cap;
@@ -578,6 +642,52 @@ prepare_hmac_xform(struct rte_crypto_sym_xform *xform)
return 0;
}
+static int
+prepare_gcm_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_aead_xform *aead_xform = &xform->aead;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
+
+ aead_xform->algo = RTE_CRYPTO_AEAD_AES_GCM;
+ aead_xform->aad_length = vec.aead.aad.len;
+ aead_xform->digest_length = vec.aead.digest.len;
+ aead_xform->iv.offset = IV_OFF;
+ aead_xform->iv.length = vec.iv.len;
+ aead_xform->key.data = vec.aead.key.val;
+ aead_xform->key.length = vec.aead.key.len;
+ aead_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_AEAD_OP_ENCRYPT :
+ RTE_CRYPTO_AEAD_OP_DECRYPT;
+
+ cap_idx.algo.aead = aead_xform->algo;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_aead(cap,
+ aead_xform->key.length,
+ aead_xform->digest_length, aead_xform->aad_length,
+ aead_xform->iv.length) != 0) {
+ RTE_LOG(ERR, USER1,
+ "PMD %s key_len %u tag_len %u aad_len %u iv_len %u\n",
+ info.device_name, aead_xform->key.length,
+ aead_xform->digest_length,
+ aead_xform->aad_length,
+ aead_xform->iv.length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
static void
get_writeback_data(struct fips_val *val)
{
@@ -933,7 +1043,11 @@ init_test_ops(void)
else
test_ops.test = fips_generic_test;
break;
-
+ case FIPS_TEST_ALGO_AES_GCM:
+ test_ops.prepare_op = prepare_aead_op;
+ test_ops.prepare_xform = prepare_gcm_xform;
+ test_ops.test = fips_generic_test;
+ break;
default:
return -1;
}
diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build
index 781ad5f..0cc8bc4 100644
--- a/examples/fips_validation/meson.build
+++ b/examples/fips_validation/meson.build
@@ -13,5 +13,6 @@ sources = files(
'fips_validation.c',
'fips_validation_hmac.c',
'fips_validation_tdes.c',
+ 'fips_validation_gcm.c',
'main.c'
)
--
2.9.5
next prev parent reply other threads:[~2018-11-02 9:55 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-12 14:44 [dpdk-dev] [PATCH v4 0/8] FIPS validation capability Marko Kovacevic
2018-10-12 14:44 ` [dpdk-dev] [PATCH v4 1/8] examples: add fips validation into examples Marko Kovacevic
2018-10-12 14:44 ` [dpdk-dev] [PATCH v4 2/8] examples: add aes parser and enablement for test types Marko Kovacevic
2018-10-12 14:44 ` [dpdk-dev] [PATCH v4 3/8] examples: add hmac parser Marko Kovacevic
2018-10-12 14:44 ` [dpdk-dev] [PATCH v4 4/8] examples: add TDES parser and enablement for test types Marko Kovacevic
2018-10-12 14:44 ` [dpdk-dev] [PATCH v4 5/8] examples: add gcm parser Marko Kovacevic
2018-10-12 14:44 ` [dpdk-dev] [PATCH v4 6/8] examples: add cmac parser and enablement for test types Marko Kovacevic
2018-10-12 14:45 ` [dpdk-dev] [PATCH v4 7/8] examples: add ccm " Marko Kovacevic
2018-10-12 14:45 ` [dpdk-dev] [PATCH v4 8/8] doc: add guides for fips validation Marko Kovacevic
2018-10-15 6:36 ` [dpdk-dev] [PATCH v4 0/8] FIPS validation capability Kusztal, ArkadiuszX
2018-10-16 14:40 ` Akhil Goyal
2018-10-17 12:49 ` [dpdk-dev] [PATCH v5 " Marko Kovacevic
2018-10-17 12:49 ` [dpdk-dev] [PATCH v5 1/8] examples/cryptodev_fips_validate: add fips validation into examples Marko Kovacevic
2018-10-24 12:13 ` Akhil Goyal
2018-10-24 14:17 ` Marko Kovacevic
2018-10-24 14:36 ` Akhil Goyal
2018-10-24 15:13 ` Marko Kovacevic
2018-10-17 12:49 ` [dpdk-dev] [PATCH v5 2/8] examples/cryptodev_fips_validate: add aes parser and enablement for test types Marko Kovacevic
2018-10-24 12:37 ` Akhil Goyal
2018-10-24 14:18 ` Marko Kovacevic
2018-10-17 12:49 ` [dpdk-dev] [PATCH v5 3/8] examples/cryptodev_fips_validate: add hmac parser Marko Kovacevic
2018-10-17 12:49 ` [dpdk-dev] [PATCH v5 4/8] examples/cryptodev_fips_validate: add TDES parser and enablement for test types Marko Kovacevic
2018-10-24 12:31 ` Akhil Goyal
2018-10-24 14:11 ` Marko Kovacevic
2018-10-17 12:49 ` [dpdk-dev] [PATCH v5 5/8] examples/cryptodev_fips_validate: add gcm parser Marko Kovacevic
2018-10-17 12:49 ` [dpdk-dev] [PATCH v5 6/8] examples/cryptodev_fips_validate: add cmac parser and enablement for test types Marko Kovacevic
2018-10-17 12:49 ` [dpdk-dev] [PATCH v5 7/8] examples/cryptodev_fips_validate: add ccm " Marko Kovacevic
2018-10-17 12:49 ` [dpdk-dev] [PATCH v5 8/8] doc/guides/sample_app_ug: add guides for fips validation Marko Kovacevic
2018-10-24 12:51 ` Akhil Goyal
2018-10-24 11:42 ` [dpdk-dev] [PATCH v5 0/8] FIPS validation capability Akhil Goyal
2018-10-26 11:07 ` [dpdk-dev] [PATCH v6 " Marko Kovacevic
2018-10-26 11:07 ` [dpdk-dev] [PATCH v6 1/8] examples/fips_validation: add cryptodev fips compliant application Marko Kovacevic
2018-10-26 11:07 ` [dpdk-dev] [PATCH v6 2/8] examples/fips_validation: support AES parsing Marko Kovacevic
2018-10-26 11:07 ` [dpdk-dev] [PATCH v6 3/8] examples/fips_validation: support HMAC parsing Marko Kovacevic
2018-10-26 11:07 ` [dpdk-dev] [PATCH v6 4/8] examples/fips_validation: support TDES parsing Marko Kovacevic
2018-10-26 11:07 ` [dpdk-dev] [PATCH v6 5/8] examples/fips_validation: support GCM parsing Marko Kovacevic
2018-10-26 11:07 ` [dpdk-dev] [PATCH v6 6/8] examples/fips_validation: support CMAC parsing Marko Kovacevic
2018-10-26 11:07 ` [dpdk-dev] [PATCH v6 7/8] examples/fips_validation: support CCM parsing Marko Kovacevic
2018-10-26 11:07 ` [dpdk-dev] [PATCH v6 8/8] doc: add fips validation application guide Marko Kovacevic
2018-11-02 9:17 ` [dpdk-dev] [PATCH v6 0/8] FIPS validation capability Akhil Goyal
2018-11-02 9:34 ` Kovacevic, Marko
2018-11-02 9:55 ` [dpdk-dev] [PATCH v7 " Kovacevic, Marko
2018-11-02 9:55 ` [dpdk-dev] [PATCH v7 1/8] examples/fips_validation: add cryptodev fips compliant application Kovacevic, Marko
2018-11-02 9:55 ` [dpdk-dev] [PATCH v7 2/8] examples/fips_validation: support AES parsing Kovacevic, Marko
2018-11-02 9:55 ` [dpdk-dev] [PATCH v7 3/8] examples/fips_validation: support HMAC parsing Kovacevic, Marko
2018-11-02 9:55 ` [dpdk-dev] [PATCH v7 4/8] examples/fips_validation: support TDES parsing Kovacevic, Marko
2018-11-02 9:55 ` Kovacevic, Marko [this message]
2018-11-02 9:55 ` [dpdk-dev] [PATCH v7 6/8] examples/fips_validation: support CMAC parsing Kovacevic, Marko
2018-11-02 9:55 ` [dpdk-dev] [PATCH v7 7/8] examples/fips_validation: support CCM parsing Kovacevic, Marko
2018-11-02 9:55 ` [dpdk-dev] [PATCH v7 8/8] doc: add fips validation application guide Kovacevic, Marko
2018-11-02 11:23 ` [dpdk-dev] [PATCH v7 0/8] FIPS validation capability Akhil Goyal
2018-11-02 11:34 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181102095535.7906-6-marko.kovacevic@intel.com \
--to=marko.kovacevic@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=dev@dpdk.org \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).