From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 45300A00E6 for ; Tue, 19 Mar 2019 10:44:23 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E21C64C99; Tue, 19 Mar 2019 10:44:19 +0100 (CET) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id 6D0DB2BAF for ; Tue, 19 Mar 2019 10:44:16 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Mar 2019 02:44:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,497,1544515200"; d="scan'208";a="153035452" Received: from damiannx-mobl.ger.corp.intel.com (HELO localhost.localdomain) ([10.104.116.186]) by fmsmga002.fm.intel.com with ESMTP; 19 Mar 2019 02:44:14 -0700 From: Damian Nowak To: dev@dpdk.org Cc: fiona.trahe@intel.com, roy.fan.zhang@intel.com, Damian Nowak , Marko Kovacevic Date: Tue, 19 Mar 2019 10:43:48 +0100 Message-Id: <20190319094348.8756-2-damianx.nowak@intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190319094348.8756-1-damianx.nowak@intel.com> References: <20190219155450.4492-1-roy.fan.zhang@intel.com> <20190319094348.8756-1-damianx.nowak@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v2 1/1] fips_validation: Add plain SHA support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Content-Type: text/plain; charset="UTF-8" Message-ID: <20190319094348.IjF87QBb6o9u3CtIaStlOq2pUIlkBZsga77PkjlpiOQ@z> This patch enables plain SHA algorithm CAVP test support in fips_validation sample application. Signed-off-by: Damian Nowak Acked-by: Fan Zhang Acked-by: Marko Kovacevic --- examples/fips_validation/Makefile | 1 + examples/fips_validation/fips_validation.c | 17 ++++ examples/fips_validation/fips_validation.h | 17 +++- examples/fips_validation/fips_validation_sha.c | 110 +++++++++++++++++++++ examples/fips_validation/main.c | 127 +++++++++++++++++++++++++ examples/fips_validation/meson.build | 1 + 6 files changed, 272 insertions(+), 1 deletion(-) create mode 100644 examples/fips_validation/fips_validation_sha.c diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile index 923d0be..2120cd9 100644 --- a/examples/fips_validation/Makefile +++ b/examples/fips_validation/Makefile @@ -12,6 +12,7 @@ SRCS-y += fips_validation_tdes.c SRCS-y += fips_validation_gcm.c SRCS-y += fips_validation_cmac.c SRCS-y += fips_validation_ccm.c +SRCS-y += fips_validation_sha.c SRCS-y += fips_dev_self_test.c SRCS-y += main.c diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c index a835cc3..2f8314f 100644 --- a/examples/fips_validation/fips_validation.c +++ b/examples/fips_validation/fips_validation.c @@ -136,6 +136,11 @@ fips_test_parse_header(void) ret = parse_test_tdes_init(); if (ret < 0) return 0; + } else if (strstr(info.vec[i], "SHA-")) { + info.algo = FIPS_TEST_ALGO_SHA; + ret = parse_test_sha_init(); + if (ret < 0) + return ret; } tmp = strstr(info.vec[i], "# Config info for "); @@ -186,6 +191,18 @@ fips_test_parse_header(void) continue; } + tmp = strstr(info.vec[i], "\" information for \""); + if (tmp != NULL) { + char tmp_output[128] = {0}; + + strlcpy(tmp_output, info.vec[i], tmp - info.vec[i] + 1); + + fprintf(info.fp_wr, "%s%s%s\n", tmp_output, + "\" information for DPDK Cryptodev ", + info.device_name); + continue; + } + if (i == info.nb_vec_lines - 1) { /** update the time as current time, write to file */ fprintf(info.fp_wr, "%s%s\n", "# Generated on ", diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index 3e291bc..b604db9 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -14,6 +14,7 @@ #define MAX_NB_TESTS 10240 #define MAX_BUF_SIZE 2048 #define MAX_STRING_SIZE 64 +#define MAX_DIGEST_SIZE 64 #define POSITIVE_TEST 0 #define NEGATIVE_TEST -1 @@ -29,6 +30,7 @@ enum fips_test_algorithms { FIPS_TEST_ALGO_AES_CCM, FIPS_TEST_ALGO_HMAC, FIPS_TEST_ALGO_TDES, + FIPS_TEST_ALGO_SHA, FIPS_TEST_ALGO_MAX }; @@ -111,6 +113,11 @@ enum fips_ccm_test_types { CCM_DVPT, /* Decryption-Verification Process Test */ }; +enum fips_sha_test_types { + SHA_KAT = 0, + SHA_MCT +}; + struct aesavs_interim_data { enum fips_aesavs_test_types test_type; uint32_t cipher_algo; @@ -135,6 +142,11 @@ struct ccm_interim_data { uint32_t iv_len; }; +struct sha_interim_data { + enum fips_sha_test_types test_type; + enum rte_crypto_auth_algorithm algo; +}; + struct fips_test_interim_info { FILE *fp_rd; FILE *fp_wr; @@ -150,7 +162,7 @@ struct fips_test_interim_info { struct hmac_interim_data hmac_data; struct tdes_interim_data tdes_data; struct ccm_interim_data ccm_data; - + struct sha_interim_data sha_data; } interim_info; enum fips_test_op op; @@ -201,6 +213,9 @@ int parse_test_ccm_init(void); int +parse_test_sha_init(void); + +int parser_read_uint8_hex(uint8_t *value, const char *p); int diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c new file mode 100644 index 0000000..2cca9ce --- /dev/null +++ b/examples/fips_validation/fips_validation_sha.c @@ -0,0 +1,110 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2019 Intel Corporation + */ + +#include +#include +#include + +#include + +#include "fips_validation.h" + +#define ALGO_PREFIX "[L = " +#define MSGLEN_STR "Len = " +#define MSG_STR "Msg = " +#define MD_STR "MD = " +#define SEED_STR "Seed = " +#define MCT_STR "Monte" + +struct plain_hash_size_conversion { + const char *str; + enum rte_crypto_auth_algorithm algo; +} phsc[] = { + {"20", RTE_CRYPTO_AUTH_SHA1}, + {"28", RTE_CRYPTO_AUTH_SHA224}, + {"32", RTE_CRYPTO_AUTH_SHA256}, + {"48", RTE_CRYPTO_AUTH_SHA384}, + {"64", RTE_CRYPTO_AUTH_SHA512}, +}; + +static int +parse_interim_algo(__attribute__((__unused__)) const char *key, + char *text, + __attribute__((__unused__)) struct fips_val *val) +{ + uint32_t i; + + for (i = 0; i < RTE_DIM(phsc); i++) { + if (strstr(text, phsc[i].str)) { + info.interim_info.sha_data.algo = phsc[i].algo; + parser_read_uint32_val(ALGO_PREFIX, + text, &vec.cipher_auth.digest); + break; + } + } + + if (i == RTE_DIM(phsc)) + return -1; + + return 0; +} + +struct fips_test_callback sha_tests_vectors[] = { + {MSGLEN_STR, parser_read_uint32_bit_val, &vec.pt}, + {MSG_STR, parse_uint8_known_len_hex_str, &vec.pt}, + {SEED_STR, parse_uint8_hex_str, &vec.cipher_auth.digest}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +struct fips_test_callback sha_tests_interim_vectors[] = { + {ALGO_PREFIX, parse_interim_algo, NULL}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +static int +parse_test_sha_writeback(struct fips_val *val) // ! +{ + struct fips_val val_local; + + fprintf(info.fp_wr, "%s", MD_STR); + + val_local.val = val->val + vec.pt.len; + val_local.len = vec.cipher_auth.digest.len; + + parse_write_hex_str(&val_local); + return 0; +} + +static int +rsp_test_sha_check(struct fips_val *val) +{ + if (memcmp(val->val + vec.pt.len, vec.cipher_auth.digest.val, + vec.cipher_auth.digest.len) == 0) + fprintf(info.fp_wr, "Success\n"); + else + fprintf(info.fp_wr, "Failed\n"); + + return 0; +} + +int +parse_test_sha_init(void) +{ + uint32_t i; + + info.interim_info.sha_data.test_type = SHA_KAT; + for (i = 0; i < info.nb_vec_lines; i++) { + char *line = info.vec[i]; + if (strstr(line, MCT_STR)) + info.interim_info.sha_data.test_type = SHA_MCT; + } + + info.op = FIPS_TEST_ENC_AUTH_GEN; + info.parse_writeback = parse_test_sha_writeback; + info.callbacks = sha_tests_vectors; + info.interim_callbacks = sha_tests_interim_vectors; + info.writeback_callbacks = NULL; + info.kat_check = rsp_test_sha_check; + return 0; +} diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index 32d06dd..5e3d5ba 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -887,6 +887,41 @@ prepare_ccm_xform(struct rte_crypto_sym_xform *xform) return 0; } +static int +prepare_sha_xform(struct rte_crypto_sym_xform *xform) +{ + const struct rte_cryptodev_symmetric_capability *cap; + struct rte_cryptodev_sym_capability_idx cap_idx; + struct rte_crypto_auth_xform *auth_xform = &xform->auth; + + xform->type = RTE_CRYPTO_SYM_XFORM_AUTH; + + auth_xform->algo = info.interim_info.sha_data.algo; + auth_xform->op = RTE_CRYPTO_AUTH_OP_GENERATE; + auth_xform->digest_length = vec.cipher_auth.digest.len; + + cap_idx.algo.auth = auth_xform->algo; + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; + + cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx); + if (!cap) { + RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n", + env.dev_id); + return -EINVAL; + } + + if (rte_cryptodev_sym_capability_check_auth(cap, + auth_xform->key.length, + auth_xform->digest_length, 0) != 0) { + RTE_LOG(ERR, USER1, "PMD %s key length %u digest length %u\n", + info.device_name, auth_xform->key.length, + auth_xform->digest_length); + return -EPERM; + } + + return 0; +} + static void get_writeback_data(struct fips_val *val) { @@ -1218,6 +1253,90 @@ fips_mct_aes_test(void) } static int +fips_mct_sha_test(void) +{ +#define SHA_EXTERN_ITER 100 +#define SHA_INTERN_ITER 1000 +#define SHA_MD_BLOCK 3 + struct fips_val val, md[SHA_MD_BLOCK]; + char temp[MAX_DIGEST_SIZE*2]; + int ret; + uint32_t i, j; + + val.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0); + for (i = 0; i < SHA_MD_BLOCK; i++) + md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0); + + rte_free(vec.pt.val); + vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0); + + fips_test_write_one_case(); + fprintf(info.fp_wr, "\n"); + + for (j = 0; j < SHA_EXTERN_ITER; j++) { + + memcpy(md[0].val, vec.cipher_auth.digest.val, + vec.cipher_auth.digest.len); + md[0].len = vec.cipher_auth.digest.len; + memcpy(md[1].val, vec.cipher_auth.digest.val, + vec.cipher_auth.digest.len); + md[1].len = vec.cipher_auth.digest.len; + memcpy(md[2].val, vec.cipher_auth.digest.val, + vec.cipher_auth.digest.len); + md[2].len = vec.cipher_auth.digest.len; + + for (i = 0; i < (SHA_INTERN_ITER); i++) { + + memcpy(vec.pt.val, md[0].val, + (size_t)md[0].len); + memcpy((vec.pt.val + md[0].len), md[1].val, + (size_t)md[1].len); + memcpy((vec.pt.val + md[0].len + md[1].len), + md[2].val, + (size_t)md[2].len); + vec.pt.len = md[0].len + md[1].len + md[2].len; + + ret = fips_run_test(); + if (ret < 0) { + if (ret == -EPERM) { + fprintf(info.fp_wr, "Bypass\n\n"); + return 0; + } + return ret; + } + + get_writeback_data(&val); + + memcpy(md[0].val, md[1].val, md[1].len); + md[0].len = md[1].len; + memcpy(md[1].val, md[2].val, md[2].len); + md[1].len = md[2].len; + + memcpy(md[2].val, (val.val + vec.pt.len), + vec.cipher_auth.digest.len); + md[2].len = vec.cipher_auth.digest.len; + } + + memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len); + vec.cipher_auth.digest.len = md[2].len; + + fprintf(info.fp_wr, "COUNT = %u\n", j); + + writeback_hex_str("", temp, &vec.cipher_auth.digest); + + fprintf(info.fp_wr, "MD = %s\n\n", temp); + } + + for (i = 0; i < (SHA_MD_BLOCK); i++) + rte_free(md[i].val); + + rte_free(vec.pt.val); + + return 0; +} + + +static int init_test_ops(void) { switch (info.algo) { @@ -1257,6 +1376,14 @@ init_test_ops(void) test_ops.prepare_xform = prepare_ccm_xform; test_ops.test = fips_generic_test; break; + case FIPS_TEST_ALGO_SHA: + test_ops.prepare_op = prepare_auth_op; + test_ops.prepare_xform = prepare_sha_xform; + if (info.interim_info.sha_data.test_type == SHA_MCT) + test_ops.test = fips_mct_sha_test; + else + test_ops.test = fips_generic_test; + break; default: return -1; } diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build index 20f33f4..6dd6308 100644 --- a/examples/fips_validation/meson.build +++ b/examples/fips_validation/meson.build @@ -16,6 +16,7 @@ sources = files( 'fips_validation_gcm.c', 'fips_validation_cmac.c', 'fips_validation_ccm.c', + 'fips_validation_sha.c', 'fips_dev_self_test.c', 'main.c' ) -- 2.7.4