Re: [dpdk-dev] [PATCH v5 1/8] examples/cryptodev_fips_validate: add fips validation into examples

[Akhil Goyal <akhil.goyal@nxp.com>]

On 10/17/2018 6:19 PM, Marko Kovacevic wrote:
> Added FIPS application into the examples to allow
> users to use a simple sample app to validate
> their systems and be able to get FIPS certification.
>
> Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>   examples/cryptodev_fips_validate/Makefile          |  69 +++
>   .../cryptodev_fips_parse_validate.c                | 562 +++++++++++++++++++++
>   .../cryptodev_fips_validate.h                      | 150 ++++++
>   examples/cryptodev_fips_validate/main.c            | 388 ++++++++++++++
>   examples/cryptodev_fips_validate/meson.build       |  14 +
>   5 files changed, 1183 insertions(+)
>   create mode 100644 examples/cryptodev_fips_validate/Makefile
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_validate.h
>   create mode 100644 examples/cryptodev_fips_validate/main.c
>   create mode 100644 examples/cryptodev_fips_validate/meson.build
>
> diff --git a/examples/cryptodev_fips_validate/Makefile b/examples/cryptodev_fips_validate/Makefile
> new file mode 100644
> index 0000000..7f0e603
> --- /dev/null
> +++ b/examples/cryptodev_fips_validate/Makefile
> @@ -0,0 +1,69 @@
> +# SPDX-License-Identifier: BSD-3-Clause
> +# Copyright(c) 2010-2014 Intel Corporation
I believe this is a copy paste error, it should be 2018
> +
> +# binary name
> +APP = fips_validation
> +
> +# all source are stored in SRCS-y
> +SRCS-y += cryptodev_fips_parse_validate.c
> +SRCS-y += main.c
> +
> +# Build using pkg-config variables if possible
> +$(shell pkg-config --exists libdpdk)
> +ifeq ($(.SHELLSTATUS),0)
> +
> +all: shared
> +.PHONY: shared static
> +shared: build/$(APP)-shared
> +	ln -sf $(APP)-shared build/$(APP)
> +static: build/$(APP)-static
> +	ln -sf $(APP)-static build/$(APP)
> +
> +PC_FILE := $(shell pkg-config --path libdpdk)
> +CFLAGS += -O3 $(shell pkg-config --cflags libdpdk)
> +LDFLAGS_SHARED = $(shell pkg-config --libs libdpdk)
> +LDFLAGS_STATIC = -Wl,-Bstatic $(shell pkg-config --static --libs libdpdk)
> +
> +build/$(APP)-shared: $(SRCS-y) Makefile $(PC_FILE) | build
> +	$(CC) $(CFLAGS) $(SRCS-y) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED)
> +
> +build/$(APP)-static: $(SRCS-y) Makefile $(PC_FILE) | build
> +	$(CC) $(CFLAGS) $(SRCS-y) -o $@ $(LDFLAGS) $(LDFLAGS_STATIC)
> +
> +build:
> +	@mkdir -p $@
> +
> +.PHONY: clean
> +clean:
> +	rm -f build/$(APP) build/$(APP)-static build/$(APP)-shared
> +	rmdir --ignore-fail-on-non-empty build
> +
> +else
> +
> +ifeq ($(RTE_SDK),)
> +$(error "Please define RTE_SDK environment variable")
> +endif
> +
> +# Default target, can be overridden by command line or environment
> +RTE_TARGET ?= x86_64-native-linuxapp-gcc
> +
> +INC += $(sort $(wildcard *.h))
> +
> +include $(RTE_SDK)/mk/rte.vars.mk
> +
> +CFLAGS += $(WERROR_FLAGS)
> +
> +# workaround for a gcc bug with noreturn attribute
> +# http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12603
> +ifeq ($(CONFIG_RTE_TOOLCHAIN_GCC),y)
> +CFLAGS_main.o += -Wno-return-type
> +endif
> +
> +CFLAGS += -DALLOW_EXPERIMENTAL_API
> +CFLAGS += -I$(SRCDIR)
> +CFLAGS += -O3
> +CFLAGS += $(WERROR_FLAGS)
> +
> +include $(RTE_SDK)/mk/rte.extapp.mk
> +
> +endif
> diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
> new file mode 100644
> index 0000000..aec5bb9
> --- /dev/null
> +++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
> @@ -0,0 +1,562 @@
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(c) 2018 Intel Corporation
> + */
> +
> +#include <stdio.h>
> +#include <string.h>
> +
> +#include <rte_string_fns.h>
> +#include <rte_cryptodev.h>
> +#include <rte_malloc.h>
> +
> +#include "cryptodev_fips_validate.h"
> +
> +#define skip_white_spaces(pos)			\
> +({						\
> +	__typeof__(pos) _p = (pos);		\
> +	for ( ; isspace(*_p); _p++)		\
> +		;				\
> +	_p;					\
> +})
> +
> +static int
> +get_file_line(void)
> +{
> +	FILE *fp = info.fp_rd;
> +	char *line = info.one_line_text;
> +	char c;
> +	uint32_t loc = 0;
> +
> +	memset(line, 0, MAX_LINE_CHAR);
> +	while ((c = fgetc(fp)) != EOF) {
> +		if (loc >= MAX_LINE_CHAR - 1)
> +			return -ENOMEM;
> +		if (c == '\n')
> +			return 0;
> +		line[loc++] = c;
> +	}
> +
> +	if (c == EOF)
> +		return -EOF;
> +
> +	return 0;
> +}
> +
> +int
> +fips_test_fetch_one_block(void)
> +{
> +	size_t size;
> +	int ret = 0;
> +	uint32_t i;
> +
> +	for (i = 0; i < info.nb_vec_lines; i++) {
> +		free(info.vec[i]);
> +		info.vec[i] = NULL;
> +	}
> +
> +	i = 0;
> +	do {
> +		if (i >= MAX_LINE_PER_VECTOR) {
> +			ret = -ENOMEM;
> +			goto error_exit;
> +		}
> +
> +		ret = get_file_line();
> +		size = strlen(info.one_line_text);
> +		if (size == 0)
> +			break;
> +
> +		info.vec[i] = calloc(1, size + 5);
> +		if (info.vec[i] == NULL)
> +			goto error_exit;
> +
> +		strlcpy(info.vec[i], info.one_line_text, size + 1);
> +		i++;
> +	} while (ret == 0);
> +
> +	info.nb_vec_lines = i;
> +
> +	return ret;
> +
> +error_exit:
> +	for (i = 0; i < MAX_LINE_PER_VECTOR; i++)
> +		if (info.vec[i] != NULL) {
> +			free(info.vec[i]);
> +			info.vec[i] = NULL;
> +		}
> +
> +	info.nb_vec_lines = 0;
> +
> +	return -ENOMEM;
> +}
> +
> +static int
> +fips_test_parse_header(void)
> +{
> +	uint32_t i;
> +	char *tmp;
> +	int ret;
> +	time_t t = time(NULL);
> +	struct tm *tm_now = localtime(&t);
> +
> +	ret = fips_test_fetch_one_block();
> +	if (ret < 0)
> +		return ret;
> +
> +	for (i = 0; i < info.nb_vec_lines; i++) {
> +
> +		tmp = strstr(info.vec[i], "# Config info for ");
> +		if (tmp != NULL) {
> +			fprintf(info.fp_wr, "%s%s\n", "# Config info for DPDK Cryptodev ",
> +					info.device_name);
> +			continue;
> +		}
> +
> +		tmp = strstr(info.vec[i], "#  HMAC information for ");
> +		if (tmp != NULL) {
> +			fprintf(info.fp_wr, "%s%s\n", "#  HMAC information for "
> +				"DPDK Cryptodev ",
> +				info.device_name);
> +			continue;
> +		}
> +
> +		tmp = strstr(info.vec[i], "# Config Info for : ");
> +		if (tmp != NULL) {
> +
> +			fprintf(info.fp_wr, "%s%s\n", "# Config Info for DPDK Cryptodev : ",
> +					info.device_name);
> +			continue;
> +		}
> +
> +		tmp = strstr(info.vec[i], "# information for ");
> +		if (tmp != NULL) {
> +
> +			char tmp_output[128] = {0};
> +
> +			strlcpy(tmp_output, info.vec[i], tmp - info.vec[i] + 1);
> +
> +			fprintf(info.fp_wr, "%s%s%s\n", tmp_output,
> +					"information for DPDK Cryptodev ",
> +					info.device_name);
> +			continue;
> +		}
> +
> +		tmp = strstr(info.vec[i], " test information for ");
> +		if (tmp != NULL) {
> +			char tmp_output[128] = {0};
> +
> +			strlcpy(tmp_output, info.vec[i], tmp - info.vec[i] + 1);
> +
> +			fprintf(info.fp_wr, "%s%s%s\n", tmp_output,
> +					"test information for DPDK Cryptodev ",
> +					info.device_name);
> +			continue;
> +		}
> +
> +		if (i == info.nb_vec_lines - 1) {
> +			/** update the time as current time, write to file */
> +			fprintf(info.fp_wr, "%s%s\n", "# Generated on ",
> +					asctime(tm_now));
> +			continue;
> +		}
> +
> +		/* to this point, no field need to update,
> +		 *  only copy to rsp file
> +		 */
> +		fprintf(info.fp_wr, "%s\n", info.vec[i]);
> +	}
> +
> +	return 0;
> +}
> +
> +static int
> +parse_file_type(const char *path)
> +{
> +	const char *tmp = path + strlen(path) - 3;
> +
> +	if (strstr(tmp, REQ_FILE_PERFIX))
> +		info.file_type = FIPS_TYPE_REQ;
> +	else if (strstr(tmp, RSP_FILE_PERFIX))
> +		info.file_type = FIPS_TYPE_RSP;
> +	else if (strstr(path, FAX_FILE_PERFIX))
> +		info.file_type = FIPS_TYPE_FAX;
> +	else
> +		return -EINVAL;
> +
> +	return 0;
> +}
> +
> +int
> +fips_test_init(const char *req_file_path, const char *rsp_file_path,
> +		const char *device_name)
> +{
> +	if (strcmp(req_file_path, rsp_file_path) == 0) {
> +		RTE_LOG(ERR, USER1, "File paths cannot be the same\n");
> +		return -EINVAL;
> +	}
> +
> +	fips_test_clear();
> +
> +	info.algo = FIPS_TEST_ALGO_MAX;
> +	if (parse_file_type(req_file_path) < 0) {
> +		RTE_LOG(ERR, USER1, "File %s type not supported\n",
> +				req_file_path);
> +		return -EINVAL;
> +	}
> +
> +	info.fp_rd = fopen(req_file_path, "r");
> +	if (!info.fp_rd) {
> +		RTE_LOG(ERR, USER1, "Cannot open file %s\n", req_file_path);
> +		return -EINVAL;
> +	}
> +
> +	info.fp_wr = fopen(rsp_file_path, "w");
> +	if (!info.fp_wr) {
> +		RTE_LOG(ERR, USER1, "Cannot open file %s\n", rsp_file_path);
> +		return -EINVAL;
> +	}
> +
> +	info.one_line_text = calloc(1, MAX_LINE_CHAR);
> +	if (!info.one_line_text) {
> +		RTE_LOG(ERR, USER1, "Insufficient memory\n");
> +		return -ENOMEM;
> +	}
> +
> +	strlcpy(info.device_name, device_name, sizeof(info.device_name));
> +
> +	if (fips_test_parse_header() < 0) {
> +		RTE_LOG(ERR, USER1, "Failed parsing header\n");
> +		return -1;
> +	}
memory leak for calloc done above in case of error.
Also there is no fclose in case of errors.
> +
> +	return 0;
> +}
> +
> +void
> +fips_test_clear(void)
> +{
> +	if (info.fp_rd)
> +		fclose(info.fp_rd);
> +	if (info.fp_wr)
> +		fclose(info.fp_wr);
> +	if (info.one_line_text)
> +		free(info.one_line_text);
> +	if (info.nb_vec_lines) {
> +		uint32_t i;
> +
> +		for (i = 0; i < info.nb_vec_lines; i++)
> +			free(info.vec[i]);
> +	}
> +
> +	memset(&info, 0, sizeof(info));
> +}
> +
> +int
> +fips_test_parse_one_case(void)
> +{
> +	uint32_t i, j = 0;
> +	uint32_t is_interim = 0;
> +	int ret;
> +
> +	if (info.interim_callbacks) {
> +		for (i = 0; i < info.nb_vec_lines; i++) {
> +			for (j = 0; info.interim_callbacks[j].key != NULL; j++)
> +				if (strstr(info.vec[i],
> +					info.interim_callbacks[j].key)) {
it looks interim_callback is a single structure and there is no need for 
treating as an array.
> +					is_interim = 1;
> +
> +					ret = info.interim_callbacks[j].cb(
> +						info.interim_callbacks[j].key,
> +						info.vec[i],
> +						info.interim_callbacks[j].val);
> +					if (ret < 0)
> +						return ret;
> +				}
> +		}
> +	}
> +
> +	if (is_interim) {
> +		for (i = 0; i < info.nb_vec_lines; i++)
> +			fprintf(info.fp_wr, "%s\n", info.vec[i]);
> +		fprintf(info.fp_wr, "\n");
> +		return 1;
> +	}
> +
> +	for (i = 0; i < info.nb_vec_lines; i++) {
> +		for (j = 0; info.callbacks[j].key != NULL; j++)
> +			if (strstr(info.vec[i], info.callbacks[j].key)) {
> +				ret = info.callbacks[j].cb(
> +					info.callbacks[j].key,
> +					info.vec[i], info.callbacks[j].val);
> +				if (ret < 0)
> +					return ret;
> +				break;
> +			}
> +	}
> +
> +	return 0;
> +}
> +
> +void
> +fips_test_write_one_case(void)
> +{
> +	uint32_t i;
> +
> +	for (i = 0; i < info.nb_vec_lines; i++)
> +		fprintf(info.fp_wr, "%s\n", info.vec[i]);
> +}
> +
> +static int
> +parser_read_uint64_hex(uint64_t *value, const char *p)
> +{
> +	char *next;
> +	uint64_t val;
> +
> +	p = skip_white_spaces(p);
> +
> +	val = strtoul(p, &next, 16);
> +	if (p == next)
> +		return -EINVAL;
> +
> +	p = skip_white_spaces(next);
> +	if (*p != '\0')
> +		return -EINVAL;
> +
> +	*value = val;
> +	return 0;
> +}
> +
> +int
> +parser_read_uint8_hex(uint8_t *value, const char *p)
> +{
> +	uint64_t val = 0;
> +	int ret = parser_read_uint64_hex(&val, p);
> +
> +	if (ret < 0)
> +		return ret;
> +
> +	if (val > UINT8_MAX)
> +		return -ERANGE;
> +
> +	*value = val;
> +	return 0;
> +}
> +
> +int
> +parse_uint8_known_len_hex_str(const char *key, char *src, struct fips_val *val)
> +{
> +	struct fips_val tmp_val = {0};
> +	uint32_t len = val->len;
> +	int ret;
> +
> +	if (len == 0) {
> +		if (val->val != NULL) {
> +			rte_free(val->val);
> +			val->val = NULL;
> +		}
> +
> +		return 0;
> +	}
> +
> +	ret = parse_uint8_hex_str(key, src, &tmp_val);
> +	if (ret < 0)
> +		return ret;
> +
> +	if (tmp_val.len == val->len) {
> +		val->val = tmp_val.val;
> +		return 0;
> +	}
> +
> +	if (tmp_val.len < val->len) {
> +		rte_free(tmp_val.val);
> +		return -EINVAL;
> +	}
> +
> +	val->val = rte_zmalloc(NULL, val->len, 0);
> +	if (!val->val) {
> +		rte_free(tmp_val.val);
> +		memset(val, 0, sizeof(*val));
> +		return -ENOMEM;
> +	}
> +
> +	memcpy(val->val, tmp_val.val, val->len);
> +	rte_free(tmp_val.val);
> +
> +	return 0;
> +}
> +
> +int
> +parse_uint8_hex_str(const char *key, char *src, struct fips_val *val)
> +{
> +	uint32_t len, j;
> +
> +	src += strlen(key);
> +
> +	len = strlen(src) / 2;
> +
> +	if (val->val) {
> +		rte_free(val->val);
> +		val->val = NULL;
> +	}
> +
> +	val->val = rte_zmalloc(NULL, len, 0);
> +	if (!val->val)
> +		return -1;
should be -ENOMEM
> +
> +	for (j = 0; j < len; j++) {
> +		char byte[3] = {src[j * 2], src[j * 2 + 1], '\0'};
> +
> +		if (parser_read_uint8_hex(&val->val[j], byte) < 0) {
> +			rte_free(val->val);
> +			memset(val, 0, sizeof(*val));
> +			return -EINVAL;
> +		}
> +	}
> +
> +	val->len = len;
> +
> +	return 0;
> +}
> +
> +int
> +parser_read_uint32_val(const char *key, char *src, struct fips_val *val)
> +{
> +	char *data = src + strlen(key);
> +	size_t data_len = strlen(data);
> +	int ret;
> +
> +	if (data[data_len - 1] == ']') {
> +		char *tmp_data = calloc(1, data_len + 1);
> +
> +		if (tmp_data == NULL)
> +			return -ENOMEM;
> +
> +		strlcpy(tmp_data, data, data_len);
> +
> +		ret = parser_read_uint32(&val->len, tmp_data);
> +
> +		free(tmp_data);
> +	} else
> +		ret = parser_read_uint32(&val->len, data);
> +
> +	return ret;
> +}
> +
> +int
> +parser_read_uint32_bit_val(const char *key, char *src, struct fips_val *val)
> +{
> +	int ret;
> +
> +	ret = parser_read_uint32_val(key, src, val);
> +
> +	if (ret < 0)
> +		return ret;
> +
> +	val->len /= 8;
> +
> +	return 0;
> +}
> +
> +int
> +writeback_hex_str(const char *key, char *dst, struct fips_val *val)
> +{
> +	char *str = dst;
> +	uint32_t len;
> +
> +	str += strlen(key);
> +
> +	for (len = 0; len < val->len; len++)
> +		snprintf(str + len * 2, 255, "%02x", val->val[len]);
> +
> +	return 0;
> +}
> +
> +static int
> +parser_read_uint64(uint64_t *value, const char *p)
> +{
> +	char *next;
> +	uint64_t val;
> +
> +	p = skip_white_spaces(p);
> +	if (!isdigit(*p))
> +		return -EINVAL;
> +
> +	val = strtoul(p, &next, 10);
> +	if (p == next)
> +		return -EINVAL;
> +
> +	p = next;
> +	switch (*p) {
> +	case 'T':
> +		val *= 1024ULL;
> +		/* fall through */
> +	case 'G':
> +		val *= 1024ULL;
> +		/* fall through */
> +	case 'M':
> +		val *= 1024ULL;
> +		/* fall through */
> +	case 'k':
> +	case 'K':
> +		val *= 1024ULL;
> +		p++;
> +		break;
> +	}
> +
> +	p = skip_white_spaces(p);
> +	if (*p != '\0')
> +		return -EINVAL;
> +
> +	*value = val;
> +	return 0;
> +}
> +
> +int
> +parser_read_uint32(uint32_t *value, char *p)
> +{
> +	uint64_t val = 0;
> +	int ret = parser_read_uint64(&val, p);
> +
> +	if (ret < 0)
> +		return ret;
> +
> +	if (val > UINT32_MAX)
> +		return -EINVAL;
> +
> +	*value = val;
> +	return 0;
> +}
> +
> +void
> +parse_write_hex_str(struct fips_val *src)
> +{
> +	writeback_hex_str("", info.one_line_text, src);
> +
> +	fprintf(info.fp_wr, "%s\n", info.one_line_text);
> +}
> +
> +int
> +update_info_vec(uint32_t count)
> +{
> +	const struct fips_test_callback *cb;
> +	uint32_t i, j;
> +
> +	if (!info.writeback_callbacks)
> +		return -1;
> +
> +	cb = &info.writeback_callbacks[0];
> +
> +	snprintf(info.vec[0], strlen(info.vec[0]) + 4, "%s%u", cb->key, count);
> +
> +	for (i = 1; i < info.nb_vec_lines; i++) {
> +		for (j = 1; info.writeback_callbacks[j].key != NULL; j++) {
> +			cb = &info.writeback_callbacks[j];
> +			if (strstr(info.vec[i], cb->key)) {
> +				cb->cb(cb->key, info.vec[i], cb->val);
> +				break;
> +			}
> +		}
> +	}
> +
> +	return 0;
> +}
> diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
> new file mode 100644
> index 0000000..beb6bed
> --- /dev/null
> +++ b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
> @@ -0,0 +1,150 @@
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(c) 2018 Intel Corporation
> + */
> +
> +#ifndef _CRYPTODEV_NIST_FIPS_PARSER_H_
> +#define _CRYPTODEV_NIST_FIPS_PARSER_H_
> +
> +#define FIPS_PARSE_ERR(fmt, args)					\
> +	RTE_LOG(ERR, USER1, "FIPS parse error" ## fmt ## "\n", ## args)
> +
> +#define ERR_MSG_SIZE		128
> +#define MAX_CASE_LINE		15
> +#define MAX_LINE_CHAR		204800 /*< max number of characters per line */
> +#define MAX_NB_TESTS		10240
> +#define MAX_BUF_SIZE		2048
> +#define MAX_STRING_SIZE		64
> +
> +#define POSITIVE_TEST		0
> +#define NEGATIVE_TEST		-1
> +
> +#define REQ_FILE_PERFIX		"req"
> +#define RSP_FILE_PERFIX		"rsp"
> +#define FAX_FILE_PERFIX		"fax"
> +
> +enum fips_test_algorithms {
> +		FIPS_TEST_ALGO_MAX
> +};
> +
> +enum file_types {
> +	FIPS_TYPE_REQ = 1,
> +	FIPS_TYPE_FAX,
> +	FIPS_TYPE_RSP
> +};
> +
> +enum fips_test_op {
> +	FIPS_TEST_ENC_AUTH_GEN = 1,
> +	FIPS_TEST_DEC_AUTH_VERIF,
> +};
> +
> +#define MAX_LINE_PER_VECTOR            16
> +
> +struct fips_val {
> +	uint8_t *val;
> +	uint32_t len;
> +};
> +
> +struct fips_test_vector {
> +	union {
> +		struct {
> +			struct fips_val key;
> +			struct fips_val digest;
> +			struct fips_val auth_aad;
> +			struct fips_val aad;
> +		} cipher_auth;
> +		struct {
> +			struct fips_val key;
> +			struct fips_val digest;
> +			struct fips_val aad;
> +		} aead;
> +	};
> +
> +	struct fips_val pt;
> +	struct fips_val ct;
> +	struct fips_val iv;
> +
> +	enum rte_crypto_op_status status;
> +};
> +
> +typedef int (*post_prcess_t)(struct fips_val *val);
> +
> +typedef int (*parse_callback_t)(const char *key, char *text,
> +		struct fips_val *val);
> +
> +struct fips_test_callback {
> +	const char *key;
> +	parse_callback_t cb;
> +	struct fips_val *val;
> +};
> +
> +struct fips_test_interim_info {
> +	FILE *fp_rd;
> +	FILE *fp_wr;
> +	enum file_types file_type;
> +	enum fips_test_algorithms algo;
> +	char *one_line_text;
> +	char *vec[MAX_LINE_PER_VECTOR];
> +	uint32_t nb_vec_lines;
> +	//uint8_t cryptodev_id;
remove if not needed
> +	char device_name[MAX_STRING_SIZE];
> +
> +	enum fips_test_op op;
> +
> +	const struct fips_test_callback *callbacks;
> +	const struct fips_test_callback *interim_callbacks;
> +	const struct fips_test_callback *writeback_callbacks;
> +
> +	post_prcess_t parse_writeback;
> +	post_prcess_t kat_check;
> +};
> +
> +extern struct fips_test_vector vec;
> +extern struct fips_test_interim_info info;
> +
> +int
> +fips_test_init(const char *req_file_path, const char *rsp_file_path,
> +		const char *device_name);
> +
> +void
> +fips_test_clear(void);
> +
> +int
> +fips_test_fetch_one_block(void);
> +
> +int
> +fips_test_parse_one_case(void);
> +
> +void
> +fips_test_write_one_case(void);
> +
> +int
> +parser_read_uint8_hex(uint8_t *value, const char *p);
> +
> +int
> +parse_uint8_hex_str(const char *key, char *src, struct fips_val *val);
> +
> +int
> +parse_uint8_known_len_hex_str(const char *key, char *src, struct fips_val *val);
> +
> +int
> +parser_read_uint32_val(const char *key, char *src, struct fips_val *val);
> +
> +int
> +parser_read_uint32_bit_val(const char *key, char *src, struct fips_val *val);
> +
> +int
> +parser_read_uint32(uint32_t *value, char *p);
> +
> +int
> +parser_read_uint32_val(const char *key, char *src, struct fips_val *val);
> +
> +int
> +writeback_hex_str(const char *key, char *dst, struct fips_val *val);
> +
> +void
> +parse_write_hex_str(struct fips_val *src);
> +
> +int
> +update_info_vec(uint32_t count);
> +
> +#endif
> diff --git a/examples/cryptodev_fips_validate/main.c b/examples/cryptodev_fips_validate/main.c
> new file mode 100644
> index 0000000..4f14b04
> --- /dev/null
> +++ b/examples/cryptodev_fips_validate/main.c
> @@ -0,0 +1,388 @@
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(c) 2018 Intel Corporation
> + */
> +
> +#include <sys/stat.h>
> +#include <getopt.h>
> +#include <dirent.h>
> +
> +#include <rte_cryptodev.h>
> +#include <rte_cryptodev_pmd.h>
> +#include <rte_mempool.h>
> +#include <rte_mbuf.h>
> +#include <rte_string_fns.h>
> +
> +#include "cryptodev_fips_validate.h"
> +
> +#define REQ_FILE_PATH_KEYWORD	"req-file"
> +#define RSP_FILE_PATH_KEYWORD	"rsp-file"
> +#define FOLDER_KEYWORD		"path-is-folder"
> +#define CRYPTODEV_KEYWORD	"cryptodev"
> +#define CRYPTODEV_ID_KEYWORD	"cryptodev-id"
> +
> +struct fips_test_vector vec;
> +struct fips_test_interim_info info;
> +
> +struct cryptodev_fips_validate_env {
> +	const char *req_path;
> +	const char *rsp_path;
> +	uint32_t is_path_folder;
> +	uint32_t dev_id;
> +	struct rte_mempool *mpool;
> +	struct rte_mempool *op_pool;
> +	struct rte_mbuf *mbuf;
> +	struct rte_crypto_op *op;
> +	struct rte_cryptodev_sym_session *sess;
> +} env;
> +
> +static int
> +cryptodev_fips_validate_app_int(void)
> +{
> +	struct rte_cryptodev_config conf = {rte_socket_id(), 1};
> +	struct rte_cryptodev_qp_conf qp_conf = {128};
> +	int ret;
> +
> +	ret = rte_cryptodev_configure(env.dev_id, &conf);
> +	if (ret < 0)
> +		return ret;
> +
> +	env.mpool = rte_pktmbuf_pool_create("FIPS_MEMPOOL", 128, 0, 0,
> +			UINT16_MAX, rte_socket_id());
> +	if (!env.mpool)
> +		return ret;
> +
> +	ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
> +			rte_socket_id(), env.mpool);
> +	if (ret < 0)
> +		return ret;
> +
> +	ret = -ENOMEM;
> +
> +	env.op_pool = rte_crypto_op_pool_create(
> +			"FIPS_OP_POOL",
> +			RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +			1, 0,
> +			16,
> +			rte_socket_id());
> +	if (!env.op_pool)
> +		goto error_exit;
> +
> +	env.mbuf = rte_pktmbuf_alloc(env.mpool);
> +	if (!env.mbuf)
> +		goto error_exit;
> +
> +	env.op = rte_crypto_op_alloc(env.op_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
> +	if (!env.op)
> +		goto error_exit;
> +
> +	return 0;
> +
> +error_exit:
> +	rte_mempool_free(env.mpool);
> +	if (env.op_pool)
> +		rte_mempool_free(env.op_pool);
> +
> +	return ret;
> +}
> +
> +static void
> +cryptodev_fips_validate_app_uninit(void)
> +{
> +	rte_pktmbuf_free(env.mbuf);
> +	rte_crypto_op_free(env.op);
> +	rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
> +	rte_cryptodev_sym_session_free(env.sess);
> +	rte_mempool_free(env.mpool);
> +	rte_mempool_free(env.op_pool);
> +}
> +
> +static int
> +fips_test_one_file(void);
> +
> +static int
> +parse_cryptodev_arg(char *arg)
> +{
> +	int id = rte_cryptodev_get_dev_id(arg);
> +
> +	if (id < 0) {
> +		RTE_LOG(ERR, USER1, "Error %i: invalid cryptodev name %s\n",
> +				id, arg);
> +		return id;
> +	}
> +
> +	env.dev_id = (uint32_t)id;
> +
> +	return 0;
> +}
> +
> +static int
> +parse_cryptodev_id_arg(char *arg)
> +{
> +	uint32_t cryptodev_id;
> +
> +	if (parser_read_uint32(&cryptodev_id, arg) < 0) {
> +		RTE_LOG(ERR, USER1, "Error %i: invalid cryptodev id %s\n",
> +				-EINVAL, arg);
> +		return -1;
> +	}
> +
> +
> +	if (!rte_cryptodev_pmd_is_valid_dev(cryptodev_id)) {
> +		RTE_LOG(ERR, USER1, "Error %i: invalid cryptodev id %s\n",
> +				cryptodev_id, arg);
> +		return -1;
> +	}
> +
> +	env.dev_id = (uint32_t)cryptodev_id;
> +
> +	return 0;
> +}
> +
> +static void
> +cryptodev_fips_validate_usage(const char *prgname)
> +{
> +	printf("%s [EAL options] --\n"
> +		"  --%s: REQUEST-FILE-PATH\n"
> +		"  --%s: RESPONSE-FILE-PATH\n"
> +		"  --%s: indicating both paths are folders\n"
> +		"  --%s: CRYPTODEV-NAME\n"
> +		"  --%s: CRYPTODEV-ID-NAME\n",
> +		prgname, REQ_FILE_PATH_KEYWORD, RSP_FILE_PATH_KEYWORD,
> +		FOLDER_KEYWORD, CRYPTODEV_KEYWORD, CRYPTODEV_ID_KEYWORD);
> +}
> +
> +static int
> +cryptodev_fips_validate_parse_args(int argc, char **argv)
> +{
> +	int opt, ret;
> +	char *prgname = argv[0];
> +	char **argvopt;
> +	int option_index;
> +	struct option lgopts[] = {
> +			{REQ_FILE_PATH_KEYWORD, required_argument, 0, 0},
> +			{RSP_FILE_PATH_KEYWORD, required_argument, 0, 0},
> +			{FOLDER_KEYWORD, no_argument, 0, 0},
> +			{CRYPTODEV_KEYWORD, required_argument, 0, 0},
> +			{CRYPTODEV_ID_KEYWORD, required_argument, 0, 0},
> +			{NULL, 0, 0, 0}
> +	};
> +
> +	argvopt = argv;
> +
> +	while ((opt = getopt_long(argc, argvopt, "s:",
> +				  lgopts, &option_index)) != EOF) {
> +
> +		switch (opt) {
> +		case 0:
> +			if (strcmp(lgopts[option_index].name,
> +					REQ_FILE_PATH_KEYWORD) == 0)
> +				env.req_path = optarg;
> +			else if (strcmp(lgopts[option_index].name,
> +					RSP_FILE_PATH_KEYWORD) == 0)
> +				env.rsp_path = optarg;
> +			else if (strcmp(lgopts[option_index].name,
> +					FOLDER_KEYWORD) == 0)
> +				env.is_path_folder = 1;
> +			else if (strcmp(lgopts[option_index].name,
> +					CRYPTODEV_KEYWORD) == 0) {
> +				ret = parse_cryptodev_arg(optarg);
> +				if (ret < 0) {
> +					cryptodev_fips_validate_usage(prgname);
> +					return -EINVAL;
> +				}
> +			} else if (strcmp(lgopts[option_index].name,
> +					CRYPTODEV_ID_KEYWORD) == 0) {
> +				ret = parse_cryptodev_id_arg(optarg);
> +				if (ret < 0) {
> +					cryptodev_fips_validate_usage(prgname);
> +					return -EINVAL;
> +				}
> +			} else {
> +				cryptodev_fips_validate_usage(prgname);
> +				return -EINVAL;
> +			}
> +			break;
> +		default:
> +			return -1;
> +		}
> +	}
> +
> +	if (env.req_path == NULL || env.rsp_path == NULL ||
> +			env.dev_id == UINT32_MAX) {
> +		cryptodev_fips_validate_usage(prgname);
> +		return -EINVAL;
> +	}
> +
> +	return 0;
> +}
> +
> +int
> +main(int argc, char *argv[])
> +{
> +	int ret;
> +
> +	ret = rte_eal_init(argc, argv);
> +	if (ret < 0) {
> +		RTE_LOG(ERR, USER1, "Error %i: Failed init\n", ret);
> +		return -1;
> +	}
> +
> +	argc -= ret;
> +	argv += ret;
> +
> +	ret = cryptodev_fips_validate_parse_args(argc, argv);
> +	if (ret < 0)
> +		rte_exit(EXIT_FAILURE, "Failed to parse arguments!\n");
> +
> +	ret = cryptodev_fips_validate_app_int();
> +	if (ret < 0) {
> +		RTE_LOG(ERR, USER1, "Error %i: Failed init\n", ret);
> +		return -1;
> +	}
> +
> +	if (!env.is_path_folder) {
> +		printf("Processing file %s... ", env.req_path);
> +
> +		ret = fips_test_init(env.req_path, env.rsp_path,
> +			rte_cryptodev_name_get(env.dev_id));
> +		if (ret < 0) {
> +			RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
> +					ret, env.req_path);
> +			goto exit;
> +		}
> +
> +
> +		ret = fips_test_one_file();
> +		if (ret < 0) {
> +			RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
> +					ret, env.req_path);
> +			goto exit;
> +		}
> +
> +		printf("Done\n");
> +
> +	} else {
> +		struct dirent *dir;
> +		DIR *d_req, *d_rsp;
> +		char req_path[1024];
> +		char rsp_path[1024];
> +
> +		d_req = opendir(env.req_path);
> +		if (!d_req) {
> +			RTE_LOG(ERR, USER1, "Error %i: Path %s not exist\n",
> +					-EINVAL, env.req_path);
> +			goto exit;
> +		}
> +
> +		d_rsp = opendir(env.rsp_path);
> +		if (!d_rsp) {
> +			ret = mkdir(env.rsp_path, 0700);
> +			if (ret == 0)
> +				d_rsp = opendir(env.rsp_path);
> +			else {
> +				RTE_LOG(ERR, USER1, "Error %i: Invalid %s\n",
> +						-EINVAL, env.rsp_path);
> +				goto exit;
> +			}
> +		}
> +		closedir(d_rsp);
> +
> +		while ((dir = readdir(d_req)) != NULL) {
> +			if (strstr(dir->d_name, "req") == NULL)
> +				continue;
> +
> +			snprintf(req_path, 1023, "%s/%s", env.req_path,
> +					dir->d_name);
> +			snprintf(rsp_path, 1023, "%s/%s", env.rsp_path,
> +					dir->d_name);
> +			strlcpy(strstr(rsp_path, "req"), "rsp", 4);
> +
> +			printf("Processing file %s... ", req_path);
> +
> +			ret = fips_test_init(req_path, rsp_path,
> +			rte_cryptodev_name_get(env.dev_id));
> +			if (ret < 0) {
> +				RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
> +						ret, req_path);
> +				break;
> +			}
> +
> +			ret = fips_test_one_file();
> +			if (ret < 0) {
> +				RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
> +						ret, req_path);
> +				break;
> +			}
> +
> +			printf("Done\n");
> +		}
> +
> +		closedir(d_req);
> +	}
> +
> +
> +exit:
> +	fips_test_clear();
> +	cryptodev_fips_validate_app_uninit();
> +
> +	return ret;
> +
> +}
> +
> +static void
> +print_test_block(void)
> +{
> +	uint32_t i;
> +
> +	for (i = 0; i < info.nb_vec_lines; i++)
> +		printf("%s\n", info.vec[i]);
> +
> +	printf("\n");
> +}
> +
> +static int
> +fips_test_one_file(void)
> +{
> +	int fetch_ret = 0, ret;
> +
> +	while (fetch_ret == 0) {
> +		fetch_ret = fips_test_fetch_one_block();
> +		if (fetch_ret < 0) {
> +			RTE_LOG(ERR, USER1, "Error %i: Fetch block\n",
> +					fetch_ret);
> +			ret = fetch_ret;
> +			goto error_one_case;
> +		}
> +
> +		if (info.nb_vec_lines == 0) {
> +			if (fetch_ret == -EOF)
> +				break;
> +
> +			fprintf(info.fp_wr, "\n");
> +			continue;
> +		}
> +
> +		ret = fips_test_parse_one_case();
> +		switch (ret) {
> +		case 0:
> +			if (ret == 0)
> +				break;
> +			RTE_LOG(ERR, USER1, "Error %i: test block\n",
> +					ret);
this log is unreachable code.
> +			goto error_one_case;
> +		case 1:
> +			break;
> +		default:
> +			RTE_LOG(ERR, USER1, "Error %i: Parse block\n",
> +					ret);
> +			goto error_one_case;
> +		}
do you really need this switch case here. In both the cases you are 
breaking without doing anything.
it should be something like
if (ret <= 0) {
     RTE_LOG(ERR, USER1, "Error %i: Parse block\n", ret);
     goto error_one_case;
}
> +
> +		continue;
> +error_one_case:
> +		print_test_block();
> +	}
> +
> +	fips_test_clear();
> +
> +}
> diff --git a/examples/cryptodev_fips_validate/meson.build b/examples/cryptodev_fips_validate/meson.build
> new file mode 100644
> index 0000000..f44043c
> --- /dev/null
> +++ b/examples/cryptodev_fips_validate/meson.build
> @@ -0,0 +1,14 @@
> +# SPDX-License-Identifier: BSD-3-Clause
> +# Copyright(c) 2018 Intel Corporation
> +
> +# meson file, for building this example as part of a main DPDK build.
> +#
> +# To build this example as a standalone application with an already-installed
> +# DPDK instance, use 'make'
> +
> +deps += ['cryptodev']
> +allow_experimental_apis = true
> +sources = files(
> +	'cryptodev_fips_parse_validate.c',
> +	'main.c'
> +)