From: Adam Dybkowski <adamx.dybkowski@intel.com>
To: dev@dpdk.org, fiona.trahe@intel.com,
arkadiuszx.kusztal@intel.com, akhil.goyal@nxp.com
Cc: Adam Dybkowski <adamx.dybkowski@intel.com>
Subject: [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD
Date: Fri, 27 Sep 2019 17:47:37 +0200 [thread overview]
Message-ID: <20190927154739.26404-2-adamx.dybkowski@intel.com> (raw)
In-Reply-To: <20190927154739.26404-1-adamx.dybkowski@intel.com>
This patch adds 256-bit AES GCM tests for QAT PMD
(which already existed for AESNI and OpenSSL) and also adds
a number of negative unit tests for AES GCM for QAT PMD, in order
to verify authenticated encryption and decryption with modified data.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
app/test/test_cryptodev.c | 253 +++++++++++++++++++++++++++++++++++++-
1 file changed, 248 insertions(+), 5 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9a226bd15..a0629c402 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -6939,7 +6939,8 @@ create_aead_operation(enum rte_crypto_aead_operation op,
}
static int
-test_authenticated_encryption(const struct aead_test_data *tdata)
+test_authenticated_encryption_silent(const struct aead_test_data *tdata,
+ uint8_t silent_mode)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -7005,6 +7006,12 @@ test_authenticated_encryption(const struct aead_test_data *tdata)
debug_hexdump(stdout, "auth tag:", auth_tag, tdata->auth_tag.len);
/* Validate obuf */
+ if (silent_mode)
+ return !memcmp(ciphertext, tdata->ciphertext.data,
+ tdata->ciphertext.len) &&
+ !memcmp(auth_tag, tdata->auth_tag.data,
+ tdata->auth_tag.len) ? 0 : TEST_FAILED;
+
TEST_ASSERT_BUFFERS_ARE_EQUAL(
ciphertext,
tdata->ciphertext.data,
@@ -7021,6 +7028,12 @@ test_authenticated_encryption(const struct aead_test_data *tdata)
}
+static int
+test_authenticated_encryption(const struct aead_test_data *tdata)
+{
+ return test_authenticated_encryption_silent(tdata, 0);
+}
+
static int
test_AES_GCM_authenticated_encryption_test_case_1(void)
{
@@ -7063,6 +7076,12 @@ test_AES_GCM_authenticated_encryption_test_case_7(void)
return test_authenticated_encryption(&gcm_test_case_7);
}
+static int
+test_AES_GCM_authenticated_encryption_test_case_8(void)
+{
+ return test_authenticated_encryption(&gcm_test_case_8);
+}
+
static int
test_AES_GCM_auth_encryption_test_case_192_1(void)
{
@@ -7160,7 +7179,89 @@ test_AES_GCM_auth_encryption_test_case_aad_2(void)
}
static int
-test_authenticated_decryption(const struct aead_test_data *tdata)
+test_AES_GCM_auth_encryption_fail_iv_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.iv.data[0] += 1;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_in_data_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.plaintext.data[0] += 1;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_out_data_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.ciphertext.data[0] += 1;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_aad_len_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.aad.len += 1;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_aad_corrupt(void)
+{
+ struct aead_test_data tdata;
+ uint8_t aad[gcm_test_case_7.aad.len];
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len);
+ aad[0] += 1;
+ tdata.aad.data = aad;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_tag_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.auth_tag.data[0] += 1;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_authenticated_decryption_silent(const struct aead_test_data *tdata,
+ uint8_t silent_mode)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -7217,19 +7318,30 @@ test_authenticated_decryption(const struct aead_test_data *tdata)
debug_hexdump(stdout, "plaintext:", plaintext, tdata->ciphertext.len);
+ TEST_ASSERT_EQUAL(ut_params->op->status,
+ RTE_CRYPTO_OP_STATUS_SUCCESS,
+ "Authentication failed");
+
/* Validate obuf */
+ if (silent_mode)
+ return !memcmp(plaintext, tdata->plaintext.data,
+ tdata->plaintext.len) ? 0 : TEST_FAILED;
+
TEST_ASSERT_BUFFERS_ARE_EQUAL(
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
"Plaintext data not as expected");
- TEST_ASSERT_EQUAL(ut_params->op->status,
- RTE_CRYPTO_OP_STATUS_SUCCESS,
- "Authentication failed");
return 0;
}
+static int
+test_authenticated_decryption(const struct aead_test_data *tdata)
+{
+ return test_authenticated_decryption_silent(tdata, 0);
+}
+
static int
test_AES_GCM_authenticated_decryption_test_case_1(void)
{
@@ -7272,6 +7384,12 @@ test_AES_GCM_authenticated_decryption_test_case_7(void)
return test_authenticated_decryption(&gcm_test_case_7);
}
+static int
+test_AES_GCM_authenticated_decryption_test_case_8(void)
+{
+ return test_authenticated_decryption(&gcm_test_case_8);
+}
+
static int
test_AES_GCM_auth_decryption_test_case_192_1(void)
{
@@ -7368,6 +7486,87 @@ test_AES_GCM_auth_decryption_test_case_aad_2(void)
return test_authenticated_decryption(&gcm_test_case_aad_2);
}
+static int
+test_AES_GCM_auth_decryption_fail_iv_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.iv.data[0] += 1;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_in_data_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.plaintext.data[0] += 1;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_out_data_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.ciphertext.data[0] += 1;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_aad_len_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.aad.len += 1;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_aad_corrupt(void)
+{
+ struct aead_test_data tdata;
+ uint8_t aad[gcm_test_case_7.aad.len];
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len);
+ aad[0] += 1;
+ tdata.aad.data = aad;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_tag_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.auth_tag.data[0] += 1;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "authentication not failed");
+ return TEST_SUCCESS;
+}
+
static int
test_authenticated_encryption_oop(const struct aead_test_data *tdata)
{
@@ -10315,6 +10514,8 @@ static struct unit_test_suite cryptodev_qat_testsuite = {
test_AES_GCM_authenticated_encryption_test_case_6),
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_authenticated_encryption_test_case_7),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_authenticated_encryption_test_case_8),
/** AES GCM Authenticated Decryption */
TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10331,6 +10532,8 @@ static struct unit_test_suite cryptodev_qat_testsuite = {
test_AES_GCM_authenticated_decryption_test_case_6),
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_authenticated_decryption_test_case_7),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_authenticated_decryption_test_case_8),
/** AES GCM Authenticated Encryption 192 bits key */
TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10380,6 +10583,22 @@ static struct unit_test_suite cryptodev_qat_testsuite = {
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_auth_encryption_test_case_256_7),
+ /** AES GCM Authenticated Decryption 256 bits key */
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_3),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_4),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_5),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_6),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_7),
+
/** AES GMAC Authentication */
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GMAC_authentication_test_case_1),
@@ -10602,6 +10821,30 @@ static struct unit_test_suite cryptodev_qat_testsuite = {
authentication_verify_HMAC_SHA1_fail_data_corrupt),
TEST_CASE_ST(ut_setup, ut_teardown,
authentication_verify_HMAC_SHA1_fail_tag_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_iv_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_in_data_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_out_data_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_aad_len_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_aad_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_tag_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_iv_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_in_data_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_out_data_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_aad_len_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_aad_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_tag_corrupt),
TEST_CASE_ST(ut_setup, ut_teardown,
authentication_verify_AES128_GMAC_fail_data_corrupt),
TEST_CASE_ST(ut_setup, ut_teardown,
--
2.17.1
next prev parent reply other threads:[~2019-09-27 15:49 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-06 14:47 [dpdk-dev] [PATCH 0/2] QAT: handle Single Pass GCM Adam Dybkowski
2019-09-06 14:47 ` [dpdk-dev] [PATCH 1/2] common/qat: add new QAT GEN3 definitions Adam Dybkowski
2019-09-06 14:47 ` [dpdk-dev] [PATCH 2/2] crypto/qat: handle Single Pass Crypto Requests Adam Dybkowski
2019-09-27 15:47 ` [dpdk-dev] [PATCH v2 0/3] QAT: handle Single Pass GCM Adam Dybkowski
2019-09-27 15:47 ` Adam Dybkowski [this message]
2019-10-03 12:41 ` [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD Trahe, Fiona
2019-09-27 15:47 ` [dpdk-dev] [PATCH v2 2/3] common/qat: add new QAT GEN3 definitions Adam Dybkowski
2019-10-03 12:58 ` Trahe, Fiona
2019-09-27 15:47 ` [dpdk-dev] [PATCH v2 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT Adam Dybkowski
2019-10-03 13:04 ` Trahe, Fiona
2019-10-08 12:44 ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Adam Dybkowski
2019-10-08 12:44 ` [dpdk-dev] [PATCH v3 1/3] test/crypto: add more AES GCM tests for QAT PMD Adam Dybkowski
2019-10-08 12:44 ` [dpdk-dev] [PATCH v3 2/3] common/qat: add new QAT GEN3 definitions Adam Dybkowski
2019-10-08 12:44 ` [dpdk-dev] [PATCH v3 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT Adam Dybkowski
2019-10-08 15:03 ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Trahe, Fiona
2019-10-09 9:17 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190927154739.26404-2-adamx.dybkowski@intel.com \
--to=adamx.dybkowski@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=dev@dpdk.org \
--cc=fiona.trahe@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).