* [v1, 00/10] fips_validation application improvements
@ 2023-02-06 14:45 Gowrishankar Muthukrishnan
2023-02-06 14:45 ` [v1, 01/10] examples/fips_validation: fix MCT output for SHA Gowrishankar Muthukrishnan
` (11 more replies)
0 siblings, 12 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:45 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
This patch series adds support for SHA3, SHAKE, AES-CCM
JSON test vectors and fixes existing algorithms to
support NIST test vectors.
Gowrishankar Muthukrishnan (10):
examples/fips_validation: fix MCT output for SHA
examples/fips_validation: add SHA3 validation
examples/fips_validation: fix integer parse in test case
examples/fips_validation: add SHAKE validation
examples/fips_validation: add CCM JSON validation
examples/fips_validation: add ECDSA keygen support
examples/fips_validation: add SHA3 algorithms in ECDSA test
examples/fips_validation: fix AES GCM validation tests
examples/fips_validation: fix AES XTS to read seq number
examples/fips_validation: add extra space in JSON buffer
doc/guides/sample_app_ug/fips_validation.rst | 7 +-
examples/fips_validation/fips_validation.c | 31 ++-
examples/fips_validation/fips_validation.h | 10 +-
.../fips_validation/fips_validation_ccm.c | 132 ++++++++++++
.../fips_validation/fips_validation_ecdsa.c | 56 +++++
.../fips_validation/fips_validation_gcm.c | 12 +-
.../fips_validation/fips_validation_hmac.c | 8 +
.../fips_validation/fips_validation_sha.c | 91 ++++++--
.../fips_validation/fips_validation_xts.c | 13 +-
examples/fips_validation/main.c | 196 +++++++++++++-----
10 files changed, 467 insertions(+), 89 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v1, 01/10] examples/fips_validation: fix MCT output for SHA
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
@ 2023-02-06 14:45 ` Gowrishankar Muthukrishnan
2023-02-27 9:31 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 02/10] examples/fips_validation: add SHA3 validation Gowrishankar Muthukrishnan
` (10 subsequent siblings)
11 siblings, 1 reply; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:45 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
MCT test for SHA need not print message string along
with digest value.
Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation_sha.c | 8 ++------
examples/fips_validation/main.c | 13 +++++--------
2 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index c5da2cc623..178ea492d3 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -182,7 +182,7 @@ parse_test_sha_json_writeback(struct fips_val *val)
static int
parse_test_sha_mct_json_writeback(struct fips_val *val)
{
- json_t *tcId, *msg, *md, *resArr, *res;
+ json_t *tcId, *md, *resArr, *res;
struct fips_val val_local;
tcId = json_object_get(json_info.json_test_case, "tcId");
@@ -208,11 +208,7 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
res = json_object();
- writeback_hex_str("", info.one_line_text, &val[1]);
- msg = json_string(info.one_line_text);
- json_object_set_new(res, "msg", msg);
-
- val_local.val = val[0].val + vec.pt.len;
+ val_local.val = val->val + vec.pt.len;
val_local.len = vec.cipher_auth.digest.len;
writeback_hex_str("", info.one_line_text, &val_local);
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 622f8b5a6e..cc585e8418 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2268,8 +2268,7 @@ fips_mct_sha_test(void)
#define SHA_EXTERN_ITER 100
#define SHA_INTERN_ITER 1000
#define SHA_MD_BLOCK 3
- /* val[0] is op result and other value is for parse_writeback callback */
- struct fips_val val[2] = {{NULL, 0},};
+ struct fips_val val = {NULL, 0};
struct fips_val md[SHA_MD_BLOCK], msg;
int ret;
uint32_t i, j;
@@ -2328,7 +2327,7 @@ fips_mct_sha_test(void)
return ret;
}
- ret = get_writeback_data(&val[0]);
+ ret = get_writeback_data(&val);
if (ret < 0)
return ret;
@@ -2337,7 +2336,7 @@ fips_mct_sha_test(void)
memcpy(md[1].val, md[2].val, md[2].len);
md[1].len = md[2].len;
- memcpy(md[2].val, (val[0].val + vec.pt.len),
+ memcpy(md[2].val, (val.val + vec.pt.len),
vec.cipher_auth.digest.len);
md[2].len = vec.cipher_auth.digest.len;
}
@@ -2348,9 +2347,7 @@ fips_mct_sha_test(void)
if (info.file_type != FIPS_TYPE_JSON)
fprintf(info.fp_wr, "COUNT = %u\n", j);
- val[1].val = msg.val;
- val[1].len = msg.len;
- info.parse_writeback(val);
+ info.parse_writeback(&val);
if (info.file_type != FIPS_TYPE_JSON)
fprintf(info.fp_wr, "\n");
@@ -2361,7 +2358,7 @@ fips_mct_sha_test(void)
rte_free(vec.pt.val);
- free(val[0].val);
+ free(val.val);
free(msg.val);
return 0;
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v1, 02/10] examples/fips_validation: add SHA3 validation
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
2023-02-06 14:45 ` [v1, 01/10] examples/fips_validation: fix MCT output for SHA Gowrishankar Muthukrishnan
@ 2023-02-06 14:45 ` Gowrishankar Muthukrishnan
2023-02-27 9:31 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 03/10] examples/fips_validation: fix integer parse in test case Gowrishankar Muthukrishnan
` (9 subsequent siblings)
11 siblings, 1 reply; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:45 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Add support in fips_validation to parse SHA3 algorithms.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
doc/guides/sample_app_ug/fips_validation.rst | 5 +-
examples/fips_validation/fips_validation.h | 1 +
.../fips_validation/fips_validation_hmac.c | 8 ++
.../fips_validation/fips_validation_sha.c | 20 +++--
examples/fips_validation/main.c | 76 +++++++++----------
5 files changed, 61 insertions(+), 49 deletions(-)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 50d23c789b..55837895fe 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -64,8 +64,9 @@ ACVP
* AES-CTR (128,192,256) - AFT, CTR
* AES-GMAC (128,192,256) - AFT
* AES-XTS (128,256) - AFT
- * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
- * SHA (1, 256, 384, 512) - AFT, MCT
+ * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512)
+ * SHA (1, 224, 256, 384, 512) - AFT, MCT
+ * SHA3 (224, 256, 384, 512) - AFT, MCT
* TDES-CBC - AFT, MCT
* TDES-ECB - AFT, MCT
* RSA
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 565a5cd36e..6c1bd35849 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -205,6 +205,7 @@ struct sha_interim_data {
/* keep algo always on top as it is also used in asym digest */
enum rte_crypto_auth_algorithm algo;
enum fips_sha_test_types test_type;
+ uint8_t md_blocks;
};
struct gcm_interim_data {
diff --git a/examples/fips_validation/fips_validation_hmac.c b/examples/fips_validation/fips_validation_hmac.c
index e0721ef028..f1cbc18435 100644
--- a/examples/fips_validation/fips_validation_hmac.c
+++ b/examples/fips_validation/fips_validation_hmac.c
@@ -37,6 +37,10 @@ struct hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
{"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
{"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
+ {"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+ {"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+ {"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+ {"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
};
static int
@@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = {
{"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
{"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
{"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
+ {"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+ {"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+ {"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+ {"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
};
struct fips_test_callback hmac_tests_json_vectors[] = {
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index 178ea492d3..8b68f5ed36 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -32,6 +32,10 @@ struct plain_hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA256},
{"48", RTE_CRYPTO_AUTH_SHA384},
{"64", RTE_CRYPTO_AUTH_SHA512},
+ {"28", RTE_CRYPTO_AUTH_SHA3_224},
+ {"32", RTE_CRYPTO_AUTH_SHA3_256},
+ {"48", RTE_CRYPTO_AUTH_SHA3_384},
+ {"64", RTE_CRYPTO_AUTH_SHA3_512},
};
int
@@ -96,12 +100,17 @@ static struct {
static struct plain_hash_algorithms {
const char *str;
enum rte_crypto_auth_algorithm algo;
+ uint8_t md_blocks;
} json_algorithms[] = {
- {"SHA-1", RTE_CRYPTO_AUTH_SHA1},
- {"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
- {"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
- {"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
- {"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+ {"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3},
+ {"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3},
+ {"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3},
+ {"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3},
+ {"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3},
+ {"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1},
+ {"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
+ {"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
+ {"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
};
struct fips_test_callback sha_tests_json_vectors[] = {
@@ -233,6 +242,7 @@ parse_test_sha_json_algorithm(void)
for (i = 0; i < RTE_DIM(json_algorithms); i++) {
if (strstr(algorithm_str, json_algorithms[i].str)) {
info.interim_info.sha_data.algo = json_algorithms[i].algo;
+ info.interim_info.sha_data.md_blocks = json_algorithms[i].md_blocks;
break;
}
}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index cc585e8418..cf29e440f1 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2267,22 +2267,27 @@ fips_mct_sha_test(void)
{
#define SHA_EXTERN_ITER 100
#define SHA_INTERN_ITER 1000
-#define SHA_MD_BLOCK 3
+ uint8_t md_blocks = info.interim_info.sha_data.md_blocks;
struct fips_val val = {NULL, 0};
- struct fips_val md[SHA_MD_BLOCK], msg;
+ struct fips_val md[md_blocks];
int ret;
- uint32_t i, j;
+ uint32_t i, j, k, offset, max_outlen;
+
+ max_outlen = md_blocks * vec.cipher_auth.digest.len;
+
+ if (vec.cipher_auth.digest.val)
+ free(vec.cipher_auth.digest.val);
+
+ vec.cipher_auth.digest.val = calloc(1, max_outlen);
- msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
- msg.val = calloc(1, msg.len);
if (vec.pt.val)
memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.cipher_auth.digest.len);
- for (i = 0; i < SHA_MD_BLOCK; i++)
- md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
-
rte_free(vec.pt.val);
- vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
+ vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*md_blocks), 0);
+
+ for (i = 0; i < md_blocks; i++)
+ md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
if (info.file_type != FIPS_TYPE_JSON) {
fips_test_write_one_case();
@@ -2290,30 +2295,19 @@ fips_mct_sha_test(void)
}
for (j = 0; j < SHA_EXTERN_ITER; j++) {
-
- memcpy(md[0].val, vec.cipher_auth.digest.val,
- vec.cipher_auth.digest.len);
- md[0].len = vec.cipher_auth.digest.len;
- memcpy(md[1].val, vec.cipher_auth.digest.val,
- vec.cipher_auth.digest.len);
- md[1].len = vec.cipher_auth.digest.len;
- memcpy(md[2].val, vec.cipher_auth.digest.val,
- vec.cipher_auth.digest.len);
- md[2].len = vec.cipher_auth.digest.len;
-
- for (i = 0; i < SHA_MD_BLOCK; i++)
- memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
+ for (i = 0; i < md_blocks; i++) {
+ memcpy(md[i].val, vec.cipher_auth.digest.val,
+ vec.cipher_auth.digest.len);
+ md[i].len = vec.cipher_auth.digest.len;
+ }
for (i = 0; i < (SHA_INTERN_ITER); i++) {
-
- memcpy(vec.pt.val, md[0].val,
- (size_t)md[0].len);
- memcpy((vec.pt.val + md[0].len), md[1].val,
- (size_t)md[1].len);
- memcpy((vec.pt.val + md[0].len + md[1].len),
- md[2].val,
- (size_t)md[2].len);
- vec.pt.len = md[0].len + md[1].len + md[2].len;
+ offset = 0;
+ for (k = 0; k < md_blocks; k++) {
+ memcpy(vec.pt.val + offset, md[k].val, (size_t)md[k].len);
+ offset += md[k].len;
+ }
+ vec.pt.len = offset;
ret = fips_run_test();
if (ret < 0) {
@@ -2331,18 +2325,18 @@ fips_mct_sha_test(void)
if (ret < 0)
return ret;
- memcpy(md[0].val, md[1].val, md[1].len);
- md[0].len = md[1].len;
- memcpy(md[1].val, md[2].val, md[2].len);
- md[1].len = md[2].len;
+ for (k = 1; k < md_blocks; k++) {
+ memcpy(md[k-1].val, md[k].val, md[k].len);
+ md[k-1].len = md[k].len;
+ }
- memcpy(md[2].val, (val.val + vec.pt.len),
+ memcpy(md[md_blocks-1].val, (val.val + vec.pt.len),
vec.cipher_auth.digest.len);
- md[2].len = vec.cipher_auth.digest.len;
+ md[md_blocks-1].len = vec.cipher_auth.digest.len;
}
- memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
- vec.cipher_auth.digest.len = md[2].len;
+ memcpy(vec.cipher_auth.digest.val, md[md_blocks-1].val, md[md_blocks-1].len);
+ vec.cipher_auth.digest.len = md[md_blocks-1].len;
if (info.file_type != FIPS_TYPE_JSON)
fprintf(info.fp_wr, "COUNT = %u\n", j);
@@ -2353,14 +2347,12 @@ fips_mct_sha_test(void)
fprintf(info.fp_wr, "\n");
}
- for (i = 0; i < (SHA_MD_BLOCK); i++)
+ for (i = 0; i < (md_blocks); i++)
rte_free(md[i].val);
rte_free(vec.pt.val);
free(val.val);
- free(msg.val);
-
return 0;
}
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v1, 03/10] examples/fips_validation: fix integer parse in test case
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
2023-02-06 14:45 ` [v1, 01/10] examples/fips_validation: fix MCT output for SHA Gowrishankar Muthukrishnan
2023-02-06 14:45 ` [v1, 02/10] examples/fips_validation: add SHA3 validation Gowrishankar Muthukrishnan
@ 2023-02-06 14:45 ` Gowrishankar Muthukrishnan
2023-02-27 9:30 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 04/10] examples/fips_validation: add SHAKE validation Gowrishankar Muthukrishnan
` (8 subsequent siblings)
11 siblings, 1 reply; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:45 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Parsing integer value in test case vector does not store
it because only string was expected. This patch adds handling
for integer value as well.
Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation.c | 29 ++++++++++++++++------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index f7a6d821ea..d3b6099d73 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -543,15 +543,28 @@ fips_test_parse_one_json_case(void)
for (i = 0; info.callbacks[i].key != NULL; i++) {
param = json_object_get(json_info.json_test_case, info.callbacks[i].key);
- if (param) {
- strcpy(info.one_line_text, json_string_value(param));
- ret = info.callbacks[i].cb(
- info.callbacks[i].key, info.one_line_text,
- info.callbacks[i].val
- );
- if (ret < 0)
- return ret;
+ if (!param)
+ continue;
+
+ switch (json_typeof(param)) {
+ case JSON_STRING:
+ snprintf(info.one_line_text, MAX_LINE_CHAR, "%s",
+ json_string_value(param));
+ break;
+
+ case JSON_INTEGER:
+ snprintf(info.one_line_text, MAX_LINE_CHAR, "%"JSON_INTEGER_FORMAT,
+ json_integer_value(param));
+ break;
+
+ default:
+ return -EINVAL;
}
+
+ ret = info.callbacks[i].cb(info.callbacks[i].key, info.one_line_text,
+ info.callbacks[i].val);
+ if (ret < 0)
+ return ret;
}
return 0;
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v1, 04/10] examples/fips_validation: add SHAKE validation
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
` (2 preceding siblings ...)
2023-02-06 14:45 ` [v1, 03/10] examples/fips_validation: fix integer parse in test case Gowrishankar Muthukrishnan
@ 2023-02-06 14:45 ` Gowrishankar Muthukrishnan
2023-02-27 9:30 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 05/10] examples/fips_validation: add CCM JSON validation Gowrishankar Muthukrishnan
` (7 subsequent siblings)
11 siblings, 1 reply; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:45 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Add support in fips_validation to parse SHAKE algorithms.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
doc/guides/sample_app_ug/fips_validation.rst | 1 +
examples/fips_validation/fips_validation.h | 4 +-
.../fips_validation/fips_validation_sha.c | 63 ++++++++++++-
examples/fips_validation/main.c | 93 ++++++++++++++++++-
4 files changed, 154 insertions(+), 7 deletions(-)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 55837895fe..4fc8297b34 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -67,6 +67,7 @@ ACVP
* HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512)
* SHA (1, 224, 256, 384, 512) - AFT, MCT
* SHA3 (224, 256, 384, 512) - AFT, MCT
+ * SHAKE (128, 256) - AFT, MCT, VOT
* TDES-CBC - AFT, MCT
* TDES-ECB - AFT, MCT
* RSA
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 6c1bd35849..8fcb5c8500 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -163,7 +163,8 @@ enum fips_ccm_test_types {
enum fips_sha_test_types {
SHA_KAT = 0,
SHA_AFT,
- SHA_MCT
+ SHA_MCT,
+ SHAKE_VOT
};
enum fips_rsa_test_types {
@@ -205,6 +206,7 @@ struct sha_interim_data {
/* keep algo always on top as it is also used in asym digest */
enum rte_crypto_auth_algorithm algo;
enum fips_sha_test_types test_type;
+ uint8_t min_outlen;
uint8_t md_blocks;
};
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index 8b68f5ed36..7ce7d3744f 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -22,6 +22,9 @@
#define TESTTYPE_JSON_STR "testType"
#define PT_JSON_STR "msg"
+#define OUTLEN_JSON_STR "outLen"
+#define MINOUTLEN_JSON_STR "minOutLen"
+#define MAXOUTLEN_JSON_STR "maxOutLen"
struct plain_hash_size_conversion {
const char *str;
@@ -36,6 +39,8 @@ struct plain_hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA3_256},
{"48", RTE_CRYPTO_AUTH_SHA3_384},
{"64", RTE_CRYPTO_AUTH_SHA3_512},
+ {"16", RTE_CRYPTO_AUTH_SHAKE_128},
+ {"32", RTE_CRYPTO_AUTH_SHAKE_256},
};
int
@@ -89,12 +94,26 @@ struct fips_test_callback sha_tests_interim_vectors[] = {
};
#ifdef USE_JANSSON
+static int
+parse_interim_str(const char *key, char *src, struct fips_val *val)
+{
+ RTE_SET_USED(val);
+
+ if (strcmp(key, MINOUTLEN_JSON_STR) == 0)
+ info.interim_info.sha_data.min_outlen = atoi(src) / 8;
+ else if (strcmp(key, MAXOUTLEN_JSON_STR) == 0)
+ vec.cipher_auth.digest.len = atoi(src) / 8;
+
+ return 0;
+}
+
static struct {
uint32_t type;
const char *desc;
} sha_test_types[] = {
{SHA_MCT, "MCT"},
{SHA_AFT, "AFT"},
+ {SHAKE_VOT, "VOT"},
};
static struct plain_hash_algorithms {
@@ -111,10 +130,19 @@ static struct plain_hash_algorithms {
{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
+ {"SHAKE-128", RTE_CRYPTO_AUTH_SHAKE_128, 1},
+ {"SHAKE-256", RTE_CRYPTO_AUTH_SHAKE_256, 1},
};
struct fips_test_callback sha_tests_json_vectors[] = {
{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+ {OUTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.cipher_auth.digest},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback sha_tests_interim_json_vectors[] = {
+ {MINOUTLEN_JSON_STR, parse_interim_str, NULL},
+ {MAXOUTLEN_JSON_STR, parse_interim_str, NULL},
{NULL, NULL, NULL} /**< end pointer */
};
#endif /* USE_JANSSON */
@@ -185,6 +213,11 @@ parse_test_sha_json_writeback(struct fips_val *val)
md = json_string(info.one_line_text);
json_object_set_new(json_info.json_write_case, "md", md);
+ if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+ info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+ json_object_set_new(json_info.json_write_case, "outLen",
+ json_integer(vec.cipher_auth.digest.len * 8));
+
return 0;
}
@@ -193,6 +226,11 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
{
json_t *tcId, *md, *resArr, *res;
struct fips_val val_local;
+ bool is_shake = false;
+
+ if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+ info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+ is_shake = true;
tcId = json_object_get(json_info.json_test_case, "tcId");
if (json_info.json_write_case) {
@@ -204,11 +242,17 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
json_object_set_new(json_info.json_write_case, "tcId", tcId);
json_object_set_new(json_info.json_write_case, "resultsArray",
json_array());
+ if (is_shake)
+ json_object_set_new(json_info.json_write_case, "outLen",
+ json_integer(0));
}
} else {
json_info.json_write_case = json_object();
json_object_set_new(json_info.json_write_case, "tcId", tcId);
json_object_set_new(json_info.json_write_case, "resultsArray", json_array());
+ if (is_shake)
+ json_object_set_new(json_info.json_write_case, "outLen",
+ json_integer(0));
}
resArr = json_object_get(json_info.json_write_case, "resultsArray");
@@ -224,6 +268,9 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
md = json_string(info.one_line_text);
json_object_set_new(res, "md", md);
+ if (is_shake)
+ json_object_set_new(res, "outLen", json_integer(vec.cipher_auth.digest.len * 8));
+
json_array_append_new(resArr, res);
return 0;
}
@@ -250,12 +297,17 @@ parse_test_sha_json_algorithm(void)
if (i == RTE_DIM(json_algorithms))
return -1;
- sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo);
+ if (info.interim_info.sha_data.test_type == SHAKE_VOT) {
+ sz = vec.cipher_auth.digest.len;
+ } else {
+ sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo);
+ vec.cipher_auth.digest.len = sz;
+ }
+
if (sz < 0)
return -1;
free(vec.cipher_auth.digest.val);
- vec.cipher_auth.digest.len = sz;
vec.cipher_auth.digest.val = calloc(1, sz);
if (vec.cipher_auth.digest.val == NULL)
return -1;
@@ -288,6 +340,7 @@ parse_test_sha_json_test_type(void)
info.parse_writeback = parse_test_sha_mct_json_writeback;
break;
case SHA_AFT:
+ case SHAKE_VOT:
info.parse_writeback = parse_test_sha_json_writeback;
break;
default:
@@ -308,12 +361,12 @@ parse_test_sha_json_init(void)
info.callbacks = sha_tests_json_vectors;
info.writeback_callbacks = NULL;
info.kat_check = rsp_test_sha_check;
- info.interim_callbacks = NULL;
+ info.interim_callbacks = sha_tests_interim_json_vectors;
- if (parse_test_sha_json_algorithm() < 0)
+ if (parse_test_sha_json_test_type() < 0)
return -1;
- if (parse_test_sha_json_test_type() < 0)
+ if (parse_test_sha_json_algorithm() < 0)
return -1;
return 0;
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index cf29e440f1..52076160b5 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2356,6 +2356,93 @@ fips_mct_sha_test(void)
return 0;
}
+static int
+fips_mct_shake_test(void)
+{
+#define SHAKE_EXTERN_ITER 100
+#define SHAKE_INTERN_ITER 1000
+ uint32_t i, j, range, outlen, max_outlen;
+ struct fips_val val = {NULL, 0}, md;
+ uint8_t rightmost[2];
+ int ret;
+
+ max_outlen = vec.cipher_auth.digest.len;
+
+ if (vec.cipher_auth.digest.val)
+ free(vec.cipher_auth.digest.val);
+
+ vec.cipher_auth.digest.val = calloc(1, max_outlen);
+
+ if (vec.pt.val)
+ memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.pt.len);
+
+ rte_free(vec.pt.val);
+ vec.pt.val = rte_malloc(NULL, 16, 0);
+ vec.pt.len = 16;
+
+ md.val = rte_malloc(NULL, max_outlen, 0);
+ md.len = max_outlen;
+
+ if (info.file_type != FIPS_TYPE_JSON) {
+ fips_test_write_one_case();
+ fprintf(info.fp_wr, "\n");
+ }
+
+ range = max_outlen - info.interim_info.sha_data.min_outlen + 1;
+ outlen = max_outlen;
+ for (j = 0; j < SHAKE_EXTERN_ITER; j++) {
+ memset(md.val, 0, max_outlen);
+ memcpy(md.val, vec.cipher_auth.digest.val,
+ vec.cipher_auth.digest.len);
+
+ for (i = 0; i < (SHAKE_INTERN_ITER); i++) {
+ memset(vec.pt.val, 0, vec.pt.len);
+ memcpy(vec.pt.val, md.val, vec.pt.len);
+ vec.cipher_auth.digest.len = outlen;
+ ret = fips_run_test();
+ if (ret < 0) {
+ if (ret == -EPERM || ret == -ENOTSUP) {
+ if (info.file_type == FIPS_TYPE_JSON)
+ return ret;
+
+ fprintf(info.fp_wr, "Bypass\n\n");
+ return 0;
+ }
+ return ret;
+ }
+
+ ret = get_writeback_data(&val);
+ if (ret < 0)
+ return ret;
+
+ memset(md.val, 0, max_outlen);
+ memcpy(md.val, (val.val + vec.pt.len),
+ vec.cipher_auth.digest.len);
+ md.len = outlen;
+ rightmost[0] = md.val[md.len-1];
+ rightmost[1] = md.val[md.len-2];
+ outlen = info.interim_info.sha_data.min_outlen +
+ (*(uint16_t *)rightmost % range);
+ }
+
+ memcpy(vec.cipher_auth.digest.val, md.val, md.len);
+ vec.cipher_auth.digest.len = md.len;
+
+ if (info.file_type != FIPS_TYPE_JSON)
+ fprintf(info.fp_wr, "COUNT = %u\n", j);
+
+ info.parse_writeback(&val);
+
+ if (info.file_type != FIPS_TYPE_JSON)
+ fprintf(info.fp_wr, "\n");
+ }
+
+ rte_free(md.val);
+ rte_free(vec.pt.val);
+
+ free(val.val);
+ return 0;
+}
static int
init_test_ops(void)
@@ -2408,7 +2495,11 @@ init_test_ops(void)
test_ops.prepare_sym_op = prepare_auth_op;
test_ops.prepare_sym_xform = prepare_sha_xform;
if (info.interim_info.sha_data.test_type == SHA_MCT)
- test_ops.test = fips_mct_sha_test;
+ if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+ info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+ test_ops.test = fips_mct_shake_test;
+ else
+ test_ops.test = fips_mct_sha_test;
else
test_ops.test = fips_generic_test;
break;
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v1, 05/10] examples/fips_validation: add CCM JSON validation
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
` (3 preceding siblings ...)
2023-02-06 14:45 ` [v1, 04/10] examples/fips_validation: add SHAKE validation Gowrishankar Muthukrishnan
@ 2023-02-06 14:45 ` Gowrishankar Muthukrishnan
2023-02-27 9:29 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 06/10] examples/fips_validation: add ECDSA keygen support Gowrishankar Muthukrishnan
` (6 subsequent siblings)
11 siblings, 1 reply; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:45 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Add support in fips_validation to parse CCM JSON vectors.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
doc/guides/sample_app_ug/fips_validation.rst | 1 +
examples/fips_validation/fips_validation.c | 2 +
examples/fips_validation/fips_validation.h | 3 +
.../fips_validation/fips_validation_ccm.c | 132 ++++++++++++++++++
examples/fips_validation/main.c | 3 +
5 files changed, 141 insertions(+)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 4fc8297b34..613c5afd19 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -60,6 +60,7 @@ ACVP
* Supported test vectors
* AES-CBC (128,192,256) - AFT, MCT
* AES-GCM (128,192,256) - AFT
+ * AES-CCM (128,192,256) - AFT
* AES-CMAC (128,192,256) - AFT
* AES-CTR (128,192,256) - AFT, CTR
* AES-GMAC (128,192,256) - AFT
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index d3b6099d73..f840804009 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -460,6 +460,8 @@ fips_test_parse_one_json_vector_set(void)
/* Vector sets contain the algorithm type, and nothing else we need. */
if (strstr(algo_str, "AES-GCM"))
info.algo = FIPS_TEST_ALGO_AES_GCM;
+ else if (strstr(algo_str, "AES-CCM"))
+ info.algo = FIPS_TEST_ALGO_AES_CCM;
else if (strstr(algo_str, "AES-GMAC"))
info.algo = FIPS_TEST_ALGO_AES_GMAC;
else if (strstr(algo_str, "HMAC"))
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 8fcb5c8500..c4988053c1 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -338,6 +338,9 @@ fips_test_parse_one_json_case(void);
int
parse_test_gcm_json_init(void);
+int
+parse_test_ccm_json_init(void);
+
int
parse_test_hmac_json_init(void);
diff --git a/examples/fips_validation/fips_validation_ccm.c b/examples/fips_validation/fips_validation_ccm.c
index 632999c1e4..0e3ee0d247 100644
--- a/examples/fips_validation/fips_validation_ccm.c
+++ b/examples/fips_validation/fips_validation_ccm.c
@@ -34,6 +34,18 @@
#define POS_KEYWORD "Pass"
#define NEG_KEYWORD "Fail"
+#define DIR_JSON_STR "direction"
+#define IVLEN_JSON_STR "ivLen"
+#define PTLEN_JSON_STR "payloadLen"
+#define AADLEN_JSON_STR "aadLen"
+#define TAGLEN_JSON_STR "tagLen"
+#define KEYLEN_JSON_STR "keyLen"
+#define PT_JSON_STR "pt"
+#define CT_JSON_STR "ct"
+#define KEY_JSON_STR "key"
+#define IV_JSON_STR "iv"
+#define AAD_JSON_STR "aad"
+
static int
parser_dvpt_interim(const char *key, char *src, struct fips_val *val)
{
@@ -206,6 +218,126 @@ struct ccm_test_types {
FIPS_TEST_ENC_AUTH_GEN},
};
+#ifdef USE_JANSSON
+static int
+parser_read_ccm_direction_str(__rte_unused const char *key, char *src,
+ __rte_unused struct fips_val *val)
+{
+ if (strcmp(src, "encrypt") == 0)
+ info.op = FIPS_TEST_ENC_AUTH_GEN;
+ else if (strcmp(src, "decrypt") == 0)
+ info.op = FIPS_TEST_DEC_AUTH_VERIF;
+
+ return 0;
+}
+
+static int
+parser_read_ccm_aad_str(const char *key, char *src, struct fips_val *val)
+{
+ struct fips_val tmp_val = {0};
+ uint32_t len = val->len;
+
+ /* CCM aad requires 18 bytes padding before the real content */
+ val->val = rte_zmalloc(NULL, len + 18, 0);
+ if (!val->val)
+ return -1;
+
+ if (parse_uint8_hex_str(key, src, &tmp_val) < 0)
+ return -1;
+
+ memcpy(val->val + 18, tmp_val.val, val->len);
+ rte_free(tmp_val.val);
+
+ return 0;
+}
+
+static int
+parse_read_ccm_ct_str(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ val->len = vec.pt.len;
+
+ ret = parse_uint8_known_len_hex_str(key, src, val);
+ if (ret < 0)
+ return ret;
+
+ src += val->len * 2;
+
+ ret = parse_uint8_known_len_hex_str("", src, &vec.aead.digest);
+ if (ret < 0) {
+ rte_free(val->val);
+ memset(val, 0, sizeof(*val));
+ return ret;
+ }
+
+ return 0;
+}
+
+struct fips_test_callback ccm_tests_interim_json_vectors[] = {
+ {DIR_JSON_STR, parser_read_ccm_direction_str, NULL},
+ {IVLEN_JSON_STR, parser_read_uint32_bit_val, &vec.iv},
+ {PTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.pt},
+ {AADLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.aad},
+ {TAGLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.digest},
+ {KEYLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.key},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_tests_json_vectors[] = {
+ {PT_JSON_STR, parse_uint8_known_len_hex_str, &vec.pt},
+ {CT_JSON_STR, parse_read_ccm_ct_str, &vec.ct},
+ {KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.aead.key},
+ {IV_JSON_STR, parse_uint8_known_len_hex_str, &vec.iv},
+ {AAD_JSON_STR, parser_read_ccm_aad_str, &vec.aead.aad},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_ccm_json_writeback(struct fips_val *val)
+{
+ struct fips_val tmp_val;
+ json_t *tcId;
+
+ tcId = json_object_get(json_info.json_test_case, "tcId");
+ json_info.json_write_case = json_object();
+ json_object_set(json_info.json_write_case, "tcId", tcId);
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ json_t *ct;
+
+ info.one_line_text[0] = '\0';
+ writeback_hex_str("", info.one_line_text, val);
+ ct = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct);
+ } else {
+ if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
+ tmp_val.val = val->val;
+ tmp_val.len = vec.pt.len;
+
+ info.one_line_text[0] = '\0';
+ writeback_hex_str("", info.one_line_text, &tmp_val);
+ json_object_set_new(json_info.json_write_case, PT_JSON_STR,
+ json_string(info.one_line_text));
+ } else {
+ json_object_set_new(json_info.json_write_case, "testPassed",
+ json_false());
+ }
+ }
+
+ return 0;
+}
+
+int
+parse_test_ccm_json_init(void)
+{
+ info.interim_callbacks = ccm_tests_interim_json_vectors;
+ info.parse_writeback = parse_test_ccm_json_writeback;
+ info.callbacks = ccm_tests_json_vectors;
+ return 0;
+}
+#endif /* USE_JANSSON */
+
static int
parse_test_ccm_writeback(struct fips_val *val)
{
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 52076160b5..1974dc959b 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2677,6 +2677,9 @@ fips_test_one_test_group(void)
case FIPS_TEST_ALGO_AES_GCM:
ret = parse_test_gcm_json_init();
break;
+ case FIPS_TEST_ALGO_AES_CCM:
+ ret = parse_test_ccm_json_init();
+ break;
case FIPS_TEST_ALGO_HMAC:
ret = parse_test_hmac_json_init();
break;
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v1, 06/10] examples/fips_validation: add ECDSA keygen support
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
` (4 preceding siblings ...)
2023-02-06 14:45 ` [v1, 05/10] examples/fips_validation: add CCM JSON validation Gowrishankar Muthukrishnan
@ 2023-02-06 14:45 ` Gowrishankar Muthukrishnan
2023-02-27 9:29 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test Gowrishankar Muthukrishnan
` (5 subsequent siblings)
11 siblings, 1 reply; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:45 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Add support to validate ECDSA keygen mode tests.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
.../fips_validation/fips_validation_ecdsa.c | 52 +++++++++++++++++++
examples/fips_validation/main.c | 13 +++++
2 files changed, 65 insertions(+)
diff --git a/examples/fips_validation/fips_validation_ecdsa.c b/examples/fips_validation/fips_validation_ecdsa.c
index d47ab0b5d1..5c91abfc5a 100644
--- a/examples/fips_validation/fips_validation_ecdsa.c
+++ b/examples/fips_validation/fips_validation_ecdsa.c
@@ -295,6 +295,20 @@ parse_test_ecdsa_json_writeback(struct fips_val *val)
json_object_set_new(json_info.json_write_case, "testPassed", json_true());
else
json_object_set_new(json_info.json_write_case, "testPassed", json_false());
+ } else if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+ json_t *obj;
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.pkey);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "d", obj);
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.qx);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "qx", obj);
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.qy);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "qy", obj);
}
return 0;
@@ -367,6 +381,36 @@ parse_siggen_message_str(const char *key, char *src, struct fips_val *val)
return ret;
}
+static int
+parse_keygen_tc_str(const char *key, char *src, struct fips_val *val)
+{
+ RTE_SET_USED(key);
+ RTE_SET_USED(src);
+ RTE_SET_USED(val);
+
+ if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+ if (vec.ecdsa.pkey.val) {
+ rte_free(vec.ecdsa.pkey.val);
+ vec.ecdsa.pkey.val = NULL;
+ }
+
+ if (vec.ecdsa.k.val) {
+ rte_free(vec.ecdsa.k.val);
+ vec.ecdsa.k.val = NULL;
+ }
+
+ if (prepare_vec_ecdsa() < 0)
+ return -1;
+
+ if (prepare_vec_ecdsa_k() < 0)
+ return -1;
+
+ info.interim_info.ecdsa_data.pubkey_gen = 1;
+ }
+
+ return 0;
+}
+
static int
parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val *val)
{
@@ -402,6 +446,11 @@ struct fips_test_callback ecdsa_sigver_json_vectors[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+struct fips_test_callback ecdsa_keygen_json_vectors[] = {
+ {"tcId", parse_keygen_tc_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
int
parse_test_ecdsa_json_init(void)
{
@@ -421,6 +470,9 @@ parse_test_ecdsa_json_init(void)
} else if (strcmp(mode_str, "sigVer") == 0) {
info.op = FIPS_TEST_ASYM_SIGVER;
info.callbacks = ecdsa_sigver_json_vectors;
+ } else if (strcmp(mode_str, "keyGen") == 0) {
+ info.op = FIPS_TEST_ASYM_KEYGEN;
+ info.callbacks = ecdsa_keygen_json_vectors;
} else {
return -EINVAL;
}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 1974dc959b..97190902aa 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1758,6 +1758,19 @@ fips_run_test(void)
env.op = env.sym.op;
if (env.is_asym_test) {
+ if (info.op == FIPS_TEST_ASYM_KEYGEN &&
+ info.algo == FIPS_TEST_ALGO_ECDSA) {
+ env.op = env.asym.op;
+ test_ops.prepare_asym_xform = prepare_ecfpm_xform;
+ test_ops.prepare_asym_op = prepare_ecfpm_op;
+ ret = fips_run_asym_test();
+ if (ret < 0)
+ return ret;
+
+ info.interim_info.ecdsa_data.pubkey_gen = 0;
+ return ret;
+ }
+
vec.cipher_auth.digest.len = parse_test_sha_hash_size(
info.interim_info.rsa_data.auth);
test_ops.prepare_sym_xform = prepare_sha_xform;
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
` (5 preceding siblings ...)
2023-02-06 14:45 ` [v1, 06/10] examples/fips_validation: add ECDSA keygen support Gowrishankar Muthukrishnan
@ 2023-02-06 14:45 ` Gowrishankar Muthukrishnan
2023-02-27 9:29 ` Dooley, Brian
2023-02-06 14:46 ` [v1, 08/10] examples/fips_validation: fix AES GCM validation tests Gowrishankar Muthukrishnan
` (4 subsequent siblings)
11 siblings, 1 reply; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:45 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Add SHA3 algorithms in ECDSA as supported.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation_ecdsa.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/examples/fips_validation/fips_validation_ecdsa.c b/examples/fips_validation/fips_validation_ecdsa.c
index 5c91abfc5a..aef722d147 100644
--- a/examples/fips_validation/fips_validation_ecdsa.c
+++ b/examples/fips_validation/fips_validation_ecdsa.c
@@ -50,6 +50,10 @@ struct {
{RTE_CRYPTO_AUTH_SHA256, "SHA2-256"},
{RTE_CRYPTO_AUTH_SHA384, "SHA2-384"},
{RTE_CRYPTO_AUTH_SHA512, "SHA2-512"},
+ {RTE_CRYPTO_AUTH_SHA3_224, "SHA3-224"},
+ {RTE_CRYPTO_AUTH_SHA3_256, "SHA3-256"},
+ {RTE_CRYPTO_AUTH_SHA3_384, "SHA3-384"},
+ {RTE_CRYPTO_AUTH_SHA3_512, "SHA3-512"},
};
struct {
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v1, 08/10] examples/fips_validation: fix AES GCM validation tests
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
` (6 preceding siblings ...)
2023-02-06 14:45 ` [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test Gowrishankar Muthukrishnan
@ 2023-02-06 14:46 ` Gowrishankar Muthukrishnan
2023-02-27 9:29 ` Dooley, Brian
2023-02-06 14:46 ` [v1, 09/10] examples/fips_validation: fix AES XTS to read seq number Gowrishankar Muthukrishnan
` (3 subsequent siblings)
11 siblings, 1 reply; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:46 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
AES GCM validation tests fail in FIPS validation due to incorrect
fields populated in response file. This patch fixes them.
Fixes: 5b540bebac8e ("examples/fips_validation: fix GMAC decryption output")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation_gcm.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/examples/fips_validation/fips_validation_gcm.c b/examples/fips_validation/fips_validation_gcm.c
index a80d8b3e4d..bf08d1b995 100644
--- a/examples/fips_validation/fips_validation_gcm.c
+++ b/examples/fips_validation/fips_validation_gcm.c
@@ -79,7 +79,7 @@ parser_read_gcm_pt_len(const char *key, char *src,
if (ret < 0)
return ret;
- if (vec.pt.len == 0) {
+ if (info.algo == FIPS_TEST_ALGO_AES_GMAC && vec.pt.len == 0) {
info.interim_info.gcm_data.is_gmac = 1;
test_ops.prepare_sym_op = prepare_auth_op;
test_ops.prepare_sym_xform = prepare_gmac_xform;
@@ -296,6 +296,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
tmp_val.val = val->val;
tmp_val.len = vec.pt.len;
+ info.one_line_text[0] = '\0';
writeback_hex_str("", info.one_line_text, &tmp_val);
ct = json_string(info.one_line_text);
json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct);
@@ -326,6 +327,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
tmp_val.val = val->val;
tmp_val.len = vec.pt.len;
+ info.one_line_text[0] = '\0';
writeback_hex_str("", info.one_line_text, &tmp_val);
json_object_set_new(json_info.json_write_case, PT_JSON_STR,
json_string(info.one_line_text));
@@ -334,12 +336,8 @@ parse_test_gcm_json_writeback(struct fips_val *val)
json_true());
}
} else {
- if (!info.interim_info.gcm_data.is_gmac)
- json_object_set_new(json_info.json_write_case, PT_JSON_STR,
- json_string(""));
- else
- json_object_set_new(json_info.json_write_case, "testPassed",
- json_false());
+ json_object_set_new(json_info.json_write_case, "testPassed",
+ json_false());
}
}
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v1, 09/10] examples/fips_validation: fix AES XTS to read seq number
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
` (7 preceding siblings ...)
2023-02-06 14:46 ` [v1, 08/10] examples/fips_validation: fix AES GCM validation tests Gowrishankar Muthukrishnan
@ 2023-02-06 14:46 ` Gowrishankar Muthukrishnan
2023-02-27 9:28 ` Dooley, Brian
2023-02-06 14:46 ` [v1, 10/10] examples/fips_validation: add extra space in JSON buffer Gowrishankar Muthukrishnan
` (2 subsequent siblings)
11 siblings, 1 reply; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:46 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Fix AES XTS test to read sequence number correctly.
Fixes: f8e431ed8f6 ("examples/fips_validation: add parsing for AES-XTS")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation_xts.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/examples/fips_validation/fips_validation_xts.c b/examples/fips_validation/fips_validation_xts.c
index 531e3c688e..530df78ab4 100644
--- a/examples/fips_validation/fips_validation_xts.c
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -34,6 +34,7 @@
#define DATAUNITLEN_JSON_STR "dataUnitLen"
#define PAYLOADLEN_JSON_STR "payloadLen"
#define TWEAKVALUE_JSON_STR "tweakValue"
+#define SEQNUMBER_JSON_STR "sequenceNumber"
#define PT_JSON_STR "pt"
#define CT_JSON_STR "ct"
@@ -95,14 +96,17 @@ parser_xts_read_keylen(const char *key, char *src, struct fips_val *val)
static int
parser_xts_read_tweakval(const char *key, char *src, struct fips_val *val)
{
+ char num_str[4] = {0};
int ret;
- if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX)
+ if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX) {
ret = parse_uint8_hex_str(key, src, val);
- else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER)
- ret = parser_read_uint32_bit_val(key, src, val);
- else
+ } else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER) {
+ snprintf(num_str, RTE_DIM(num_str), "%x", atoi(src));
+ ret = parse_uint8_hex_str(key, num_str, val);
+ } else {
ret = -1;
+ }
return ret;
}
@@ -122,6 +126,7 @@ struct fips_test_callback xts_interim_json_vectors[] = {
struct fips_test_callback xts_enc_json_vectors[] = {
{KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
{TWEAKVALUE_JSON_STR, parser_xts_read_tweakval, &vec.iv},
+ {SEQNUMBER_JSON_STR, parser_xts_read_tweakval, &vec.iv},
{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
{NULL, NULL, NULL} /**< end pointer */
};
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v1, 10/10] examples/fips_validation: add extra space in JSON buffer
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
` (8 preceding siblings ...)
2023-02-06 14:46 ` [v1, 09/10] examples/fips_validation: fix AES XTS to read seq number Gowrishankar Muthukrishnan
@ 2023-02-06 14:46 ` Gowrishankar Muthukrishnan
2023-02-27 9:27 ` Dooley, Brian
2023-02-27 9:32 ` [v1, 00/10] fips_validation application improvements Dooley, Brian
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
11 siblings, 1 reply; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-06 14:46 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Current test buffer to copy input data of maximum possible length
did not account NULL character, due to which a last input character
is always ignored and it causes tests like RSA SIGVER for modulo
of 4096 bits to fail. This patch fixes it.
Fixes: 0b65d54f3a4 ("examples/fips_validation: fix JSON buffer size")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index c4988053c1..abc1d64742 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -247,7 +247,7 @@ struct ecdsa_interim_data {
* Esp, in asym op, modulo bits decide char buffer size.
* max = (modulo / 4)
*/
-#define FIPS_TEST_JSON_BUF_LEN (4096 / 4)
+#define FIPS_TEST_JSON_BUF_LEN ((4096 / 4) + 1)
struct fips_test_json_info {
/* Information used for reading from json */
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 10/10] examples/fips_validation: add extra space in JSON buffer
2023-02-06 14:46 ` [v1, 10/10] examples/fips_validation: add extra space in JSON buffer Gowrishankar Muthukrishnan
@ 2023-02-27 9:27 ` Dooley, Brian
0 siblings, 0 replies; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:27 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
Hi Gowrishankar,
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 10/10] examples/fips_validation: add extra space in JSON buffer
>
> Current test buffer to copy input data of maximum possible length did not
> account NULL character, due to which a last input character is always ignored
> and it causes tests like RSA SIGVER for modulo of 4096 bits to fail. This patch
> fixes it.
>
> Fixes: 0b65d54f3a4 ("examples/fips_validation: fix JSON buffer size")
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> examples/fips_validation/fips_validation.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index c4988053c1..abc1d64742 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -247,7 +247,7 @@ struct ecdsa_interim_data {
> * Esp, in asym op, modulo bits decide char buffer size.
> * max = (modulo / 4)
> */
> -#define FIPS_TEST_JSON_BUF_LEN (4096 / 4)
> +#define FIPS_TEST_JSON_BUF_LEN ((4096 / 4) + 1)
>
> struct fips_test_json_info {
> /* Information used for reading from json */
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 09/10] examples/fips_validation: fix AES XTS to read seq number
2023-02-06 14:46 ` [v1, 09/10] examples/fips_validation: fix AES XTS to read seq number Gowrishankar Muthukrishnan
@ 2023-02-27 9:28 ` Dooley, Brian
0 siblings, 0 replies; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:28 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 09/10] examples/fips_validation: fix AES XTS to read seq
> number
>
> Fix AES XTS test to read sequence number correctly.
>
> Fixes: f8e431ed8f6 ("examples/fips_validation: add parsing for AES-XTS")
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> examples/fips_validation/fips_validation_xts.c | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/examples/fips_validation/fips_validation_xts.c
> b/examples/fips_validation/fips_validation_xts.c
> index 531e3c688e..530df78ab4 100644
> --- a/examples/fips_validation/fips_validation_xts.c
> +++ b/examples/fips_validation/fips_validation_xts.c
> @@ -34,6 +34,7 @@
> #define DATAUNITLEN_JSON_STR "dataUnitLen"
> #define PAYLOADLEN_JSON_STR "payloadLen"
> #define TWEAKVALUE_JSON_STR "tweakValue"
> +#define SEQNUMBER_JSON_STR "sequenceNumber"
> #define PT_JSON_STR "pt"
> #define CT_JSON_STR "ct"
>
> @@ -95,14 +96,17 @@ parser_xts_read_keylen(const char *key, char *src,
> struct fips_val *val) static int parser_xts_read_tweakval(const char *key,
> char *src, struct fips_val *val) {
> + char num_str[4] = {0};
> int ret;
>
> - if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_HEX)
> + if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_HEX) {
> ret = parse_uint8_hex_str(key, src, val);
> - else if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_NUMBER)
> - ret = parser_read_uint32_bit_val(key, src, val);
> - else
> + } else if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_NUMBER) {
> + snprintf(num_str, RTE_DIM(num_str), "%x", atoi(src));
> + ret = parse_uint8_hex_str(key, num_str, val);
> + } else {
> ret = -1;
> + }
>
> return ret;
> }
> @@ -122,6 +126,7 @@ struct fips_test_callback xts_interim_json_vectors[] =
> { struct fips_test_callback xts_enc_json_vectors[] = {
> {KEY_JSON_STR, parse_uint8_known_len_hex_str,
> &vec.cipher_auth.key},
> {TWEAKVALUE_JSON_STR, parser_xts_read_tweakval,
> &vec.iv},
> + {SEQNUMBER_JSON_STR, parser_xts_read_tweakval,
> &vec.iv},
> {PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
> {NULL, NULL, NULL} /**< end pointer */ };
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 08/10] examples/fips_validation: fix AES GCM validation tests
2023-02-06 14:46 ` [v1, 08/10] examples/fips_validation: fix AES GCM validation tests Gowrishankar Muthukrishnan
@ 2023-02-27 9:29 ` Dooley, Brian
0 siblings, 0 replies; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:29 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 08/10] examples/fips_validation: fix AES GCM validation tests
>
> AES GCM validation tests fail in FIPS validation due to incorrect fields
> populated in response file. This patch fixes them.
>
> Fixes: 5b540bebac8e ("examples/fips_validation: fix GMAC decryption
> output")
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> examples/fips_validation/fips_validation_gcm.c | 12 +++++-------
> 1 file changed, 5 insertions(+), 7 deletions(-)
>
> diff --git a/examples/fips_validation/fips_validation_gcm.c
> b/examples/fips_validation/fips_validation_gcm.c
> index a80d8b3e4d..bf08d1b995 100644
> --- a/examples/fips_validation/fips_validation_gcm.c
> +++ b/examples/fips_validation/fips_validation_gcm.c
> @@ -79,7 +79,7 @@ parser_read_gcm_pt_len(const char *key, char *src,
> if (ret < 0)
> return ret;
>
> - if (vec.pt.len == 0) {
> + if (info.algo == FIPS_TEST_ALGO_AES_GMAC && vec.pt.len == 0) {
> info.interim_info.gcm_data.is_gmac = 1;
> test_ops.prepare_sym_op = prepare_auth_op;
> test_ops.prepare_sym_xform = prepare_gmac_xform; @@ -
> 296,6 +296,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
> tmp_val.val = val->val;
> tmp_val.len = vec.pt.len;
>
> + info.one_line_text[0] = '\0';
> writeback_hex_str("", info.one_line_text,
> &tmp_val);
> ct = json_string(info.one_line_text);
> json_object_set_new(json_info.json_write_case,
> CT_JSON_STR, ct); @@ -326,6 +327,7 @@
> parse_test_gcm_json_writeback(struct fips_val *val)
> tmp_val.val = val->val;
> tmp_val.len = vec.pt.len;
>
> + info.one_line_text[0] = '\0';
> writeback_hex_str("", info.one_line_text,
> &tmp_val);
>
> json_object_set_new(json_info.json_write_case, PT_JSON_STR,
> json_string(info.one_line_text));
> @@ -334,12 +336,8 @@ parse_test_gcm_json_writeback(struct fips_val
> *val)
> json_true());
> }
> } else {
> - if (!info.interim_info.gcm_data.is_gmac)
> -
> json_object_set_new(json_info.json_write_case, PT_JSON_STR,
> - json_string(""));
> - else
> -
> json_object_set_new(json_info.json_write_case, "testPassed",
> - json_false());
> + json_object_set_new(json_info.json_write_case,
> "testPassed",
> + json_false());
> }
> }
>
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test
2023-02-06 14:45 ` [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test Gowrishankar Muthukrishnan
@ 2023-02-27 9:29 ` Dooley, Brian
0 siblings, 0 replies; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:29 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA
> test
>
> Add SHA3 algorithms in ECDSA as supported.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> examples/fips_validation/fips_validation_ecdsa.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/examples/fips_validation/fips_validation_ecdsa.c
> b/examples/fips_validation/fips_validation_ecdsa.c
> index 5c91abfc5a..aef722d147 100644
> --- a/examples/fips_validation/fips_validation_ecdsa.c
> +++ b/examples/fips_validation/fips_validation_ecdsa.c
> @@ -50,6 +50,10 @@ struct {
> {RTE_CRYPTO_AUTH_SHA256, "SHA2-256"},
> {RTE_CRYPTO_AUTH_SHA384, "SHA2-384"},
> {RTE_CRYPTO_AUTH_SHA512, "SHA2-512"},
> + {RTE_CRYPTO_AUTH_SHA3_224, "SHA3-224"},
> + {RTE_CRYPTO_AUTH_SHA3_256, "SHA3-256"},
> + {RTE_CRYPTO_AUTH_SHA3_384, "SHA3-384"},
> + {RTE_CRYPTO_AUTH_SHA3_512, "SHA3-512"},
> };
>
> struct {
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 06/10] examples/fips_validation: add ECDSA keygen support
2023-02-06 14:45 ` [v1, 06/10] examples/fips_validation: add ECDSA keygen support Gowrishankar Muthukrishnan
@ 2023-02-27 9:29 ` Dooley, Brian
0 siblings, 0 replies; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:29 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 06/10] examples/fips_validation: add ECDSA keygen support
>
> Add support to validate ECDSA keygen mode tests.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> .../fips_validation/fips_validation_ecdsa.c | 52 +++++++++++++++++++
> examples/fips_validation/main.c | 13 +++++
> 2 files changed, 65 insertions(+)
>
> diff --git a/examples/fips_validation/fips_validation_ecdsa.c
> b/examples/fips_validation/fips_validation_ecdsa.c
> index d47ab0b5d1..5c91abfc5a 100644
> --- a/examples/fips_validation/fips_validation_ecdsa.c
> +++ b/examples/fips_validation/fips_validation_ecdsa.c
> @@ -295,6 +295,20 @@ parse_test_ecdsa_json_writeback(struct fips_val
> *val)
> json_object_set_new(json_info.json_write_case,
> "testPassed", json_true());
> else
> json_object_set_new(json_info.json_write_case,
> "testPassed", json_false());
> + } else if (info.op == FIPS_TEST_ASYM_KEYGEN) {
> + json_t *obj;
> +
> + writeback_hex_str("", info.one_line_text, &vec.ecdsa.pkey);
> + obj = json_string(info.one_line_text);
> + json_object_set_new(json_info.json_write_case, "d", obj);
> +
> + writeback_hex_str("", info.one_line_text, &vec.ecdsa.qx);
> + obj = json_string(info.one_line_text);
> + json_object_set_new(json_info.json_write_case, "qx", obj);
> +
> + writeback_hex_str("", info.one_line_text, &vec.ecdsa.qy);
> + obj = json_string(info.one_line_text);
> + json_object_set_new(json_info.json_write_case, "qy", obj);
> }
>
> return 0;
> @@ -367,6 +381,36 @@ parse_siggen_message_str(const char *key, char
> *src, struct fips_val *val)
> return ret;
> }
>
> +static int
> +parse_keygen_tc_str(const char *key, char *src, struct fips_val *val) {
> + RTE_SET_USED(key);
> + RTE_SET_USED(src);
> + RTE_SET_USED(val);
> +
> + if (info.op == FIPS_TEST_ASYM_KEYGEN) {
> + if (vec.ecdsa.pkey.val) {
> + rte_free(vec.ecdsa.pkey.val);
> + vec.ecdsa.pkey.val = NULL;
> + }
> +
> + if (vec.ecdsa.k.val) {
> + rte_free(vec.ecdsa.k.val);
> + vec.ecdsa.k.val = NULL;
> + }
> +
> + if (prepare_vec_ecdsa() < 0)
> + return -1;
> +
> + if (prepare_vec_ecdsa_k() < 0)
> + return -1;
> +
> + info.interim_info.ecdsa_data.pubkey_gen = 1;
> + }
> +
> + return 0;
> +}
> +
> static int
> parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val
> *val) { @@ -402,6 +446,11 @@ struct fips_test_callback
> ecdsa_sigver_json_vectors[] = {
> {NULL, NULL, NULL} /**< end pointer */ };
>
> +struct fips_test_callback ecdsa_keygen_json_vectors[] = {
> + {"tcId", parse_keygen_tc_str, &vec.pt},
> + {NULL, NULL, NULL} /**< end pointer */ };
> +
> int
> parse_test_ecdsa_json_init(void)
> {
> @@ -421,6 +470,9 @@ parse_test_ecdsa_json_init(void)
> } else if (strcmp(mode_str, "sigVer") == 0) {
> info.op = FIPS_TEST_ASYM_SIGVER;
> info.callbacks = ecdsa_sigver_json_vectors;
> + } else if (strcmp(mode_str, "keyGen") == 0) {
> + info.op = FIPS_TEST_ASYM_KEYGEN;
> + info.callbacks = ecdsa_keygen_json_vectors;
> } else {
> return -EINVAL;
> }
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index 1974dc959b..97190902aa 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1758,6 +1758,19 @@ fips_run_test(void)
>
> env.op = env.sym.op;
> if (env.is_asym_test) {
> + if (info.op == FIPS_TEST_ASYM_KEYGEN &&
> + info.algo == FIPS_TEST_ALGO_ECDSA) {
> + env.op = env.asym.op;
> + test_ops.prepare_asym_xform =
> prepare_ecfpm_xform;
> + test_ops.prepare_asym_op = prepare_ecfpm_op;
> + ret = fips_run_asym_test();
> + if (ret < 0)
> + return ret;
> +
> + info.interim_info.ecdsa_data.pubkey_gen = 0;
> + return ret;
> + }
> +
> vec.cipher_auth.digest.len = parse_test_sha_hash_size(
>
> info.interim_info.rsa_data.auth);
> test_ops.prepare_sym_xform = prepare_sha_xform;
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 05/10] examples/fips_validation: add CCM JSON validation
2023-02-06 14:45 ` [v1, 05/10] examples/fips_validation: add CCM JSON validation Gowrishankar Muthukrishnan
@ 2023-02-27 9:29 ` Dooley, Brian
0 siblings, 0 replies; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:29 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 05/10] examples/fips_validation: add CCM JSON validation
>
> Add support in fips_validation to parse CCM JSON vectors.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> doc/guides/sample_app_ug/fips_validation.rst | 1 +
> examples/fips_validation/fips_validation.c | 2 +
> examples/fips_validation/fips_validation.h | 3 +
> .../fips_validation/fips_validation_ccm.c | 132 ++++++++++++++++++
> examples/fips_validation/main.c | 3 +
> 5 files changed, 141 insertions(+)
>
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 4fc8297b34..613c5afd19 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -60,6 +60,7 @@ ACVP
> * Supported test vectors
> * AES-CBC (128,192,256) - AFT, MCT
> * AES-GCM (128,192,256) - AFT
> + * AES-CCM (128,192,256) - AFT
> * AES-CMAC (128,192,256) - AFT
> * AES-CTR (128,192,256) - AFT, CTR
> * AES-GMAC (128,192,256) - AFT
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index d3b6099d73..f840804009 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -460,6 +460,8 @@ fips_test_parse_one_json_vector_set(void)
> /* Vector sets contain the algorithm type, and nothing else we need.
> */
> if (strstr(algo_str, "AES-GCM"))
> info.algo = FIPS_TEST_ALGO_AES_GCM;
> + else if (strstr(algo_str, "AES-CCM"))
> + info.algo = FIPS_TEST_ALGO_AES_CCM;
> else if (strstr(algo_str, "AES-GMAC"))
> info.algo = FIPS_TEST_ALGO_AES_GMAC;
> else if (strstr(algo_str, "HMAC"))
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 8fcb5c8500..c4988053c1 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -338,6 +338,9 @@ fips_test_parse_one_json_case(void);
> int
> parse_test_gcm_json_init(void);
>
> +int
> +parse_test_ccm_json_init(void);
> +
> int
> parse_test_hmac_json_init(void);
>
> diff --git a/examples/fips_validation/fips_validation_ccm.c
> b/examples/fips_validation/fips_validation_ccm.c
> index 632999c1e4..0e3ee0d247 100644
> --- a/examples/fips_validation/fips_validation_ccm.c
> +++ b/examples/fips_validation/fips_validation_ccm.c
> @@ -34,6 +34,18 @@
> #define POS_KEYWORD "Pass"
> #define NEG_KEYWORD "Fail"
>
> +#define DIR_JSON_STR "direction"
> +#define IVLEN_JSON_STR "ivLen"
> +#define PTLEN_JSON_STR "payloadLen"
> +#define AADLEN_JSON_STR "aadLen"
> +#define TAGLEN_JSON_STR "tagLen"
> +#define KEYLEN_JSON_STR "keyLen"
> +#define PT_JSON_STR "pt"
> +#define CT_JSON_STR "ct"
> +#define KEY_JSON_STR "key"
> +#define IV_JSON_STR "iv"
> +#define AAD_JSON_STR "aad"
> +
> static int
> parser_dvpt_interim(const char *key, char *src, struct fips_val *val) { @@ -
> 206,6 +218,126 @@ struct ccm_test_types {
> FIPS_TEST_ENC_AUTH_GEN},
> };
>
> +#ifdef USE_JANSSON
> +static int
> +parser_read_ccm_direction_str(__rte_unused const char *key, char *src,
> + __rte_unused struct fips_val *val)
> +{
> + if (strcmp(src, "encrypt") == 0)
> + info.op = FIPS_TEST_ENC_AUTH_GEN;
> + else if (strcmp(src, "decrypt") == 0)
> + info.op = FIPS_TEST_DEC_AUTH_VERIF;
> +
> + return 0;
> +}
> +
> +static int
> +parser_read_ccm_aad_str(const char *key, char *src, struct fips_val
> +*val) {
> + struct fips_val tmp_val = {0};
> + uint32_t len = val->len;
> +
> + /* CCM aad requires 18 bytes padding before the real content */
> + val->val = rte_zmalloc(NULL, len + 18, 0);
> + if (!val->val)
> + return -1;
> +
> + if (parse_uint8_hex_str(key, src, &tmp_val) < 0)
> + return -1;
> +
> + memcpy(val->val + 18, tmp_val.val, val->len);
> + rte_free(tmp_val.val);
> +
> + return 0;
> +}
> +
> +static int
> +parse_read_ccm_ct_str(const char *key, char *src, struct fips_val *val)
> +{
> + int ret;
> +
> + val->len = vec.pt.len;
> +
> + ret = parse_uint8_known_len_hex_str(key, src, val);
> + if (ret < 0)
> + return ret;
> +
> + src += val->len * 2;
> +
> + ret = parse_uint8_known_len_hex_str("", src, &vec.aead.digest);
> + if (ret < 0) {
> + rte_free(val->val);
> + memset(val, 0, sizeof(*val));
> + return ret;
> + }
> +
> + return 0;
> +}
> +
> +struct fips_test_callback ccm_tests_interim_json_vectors[] = {
> + {DIR_JSON_STR, parser_read_ccm_direction_str, NULL},
> + {IVLEN_JSON_STR, parser_read_uint32_bit_val, &vec.iv},
> + {PTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.pt},
> + {AADLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.aad},
> + {TAGLEN_JSON_STR, parser_read_uint32_bit_val,
> &vec.aead.digest},
> + {KEYLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.key},
> + {NULL, NULL, NULL} /**< end pointer */ };
> +
> +struct fips_test_callback ccm_tests_json_vectors[] = {
> + {PT_JSON_STR, parse_uint8_known_len_hex_str, &vec.pt},
> + {CT_JSON_STR, parse_read_ccm_ct_str, &vec.ct},
> + {KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.aead.key},
> + {IV_JSON_STR, parse_uint8_known_len_hex_str, &vec.iv},
> + {AAD_JSON_STR, parser_read_ccm_aad_str, &vec.aead.aad},
> + {NULL, NULL, NULL} /**< end pointer */ };
> +
> +static int
> +parse_test_ccm_json_writeback(struct fips_val *val) {
> + struct fips_val tmp_val;
> + json_t *tcId;
> +
> + tcId = json_object_get(json_info.json_test_case, "tcId");
> + json_info.json_write_case = json_object();
> + json_object_set(json_info.json_write_case, "tcId", tcId);
> +
> + if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
> + json_t *ct;
> +
> + info.one_line_text[0] = '\0';
> + writeback_hex_str("", info.one_line_text, val);
> + ct = json_string(info.one_line_text);
> + json_object_set_new(json_info.json_write_case,
> CT_JSON_STR, ct);
> + } else {
> + if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
> + tmp_val.val = val->val;
> + tmp_val.len = vec.pt.len;
> +
> + info.one_line_text[0] = '\0';
> + writeback_hex_str("", info.one_line_text,
> &tmp_val);
> + json_object_set_new(json_info.json_write_case,
> PT_JSON_STR,
> + json_string(info.one_line_text));
> + } else {
> + json_object_set_new(json_info.json_write_case,
> "testPassed",
> + json_false());
> + }
> + }
> +
> + return 0;
> +}
> +
> +int
> +parse_test_ccm_json_init(void)
> +{
> + info.interim_callbacks = ccm_tests_interim_json_vectors;
> + info.parse_writeback = parse_test_ccm_json_writeback;
> + info.callbacks = ccm_tests_json_vectors;
> + return 0;
> +}
> +#endif /* USE_JANSSON */
> +
> static int
> parse_test_ccm_writeback(struct fips_val *val) { diff --git
> a/examples/fips_validation/main.c b/examples/fips_validation/main.c index
> 52076160b5..1974dc959b 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -2677,6 +2677,9 @@ fips_test_one_test_group(void)
> case FIPS_TEST_ALGO_AES_GCM:
> ret = parse_test_gcm_json_init();
> break;
> + case FIPS_TEST_ALGO_AES_CCM:
> + ret = parse_test_ccm_json_init();
> + break;
> case FIPS_TEST_ALGO_HMAC:
> ret = parse_test_hmac_json_init();
> break;
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 04/10] examples/fips_validation: add SHAKE validation
2023-02-06 14:45 ` [v1, 04/10] examples/fips_validation: add SHAKE validation Gowrishankar Muthukrishnan
@ 2023-02-27 9:30 ` Dooley, Brian
0 siblings, 0 replies; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:30 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 04/10] examples/fips_validation: add SHAKE validation
>
> Add support in fips_validation to parse SHAKE algorithms.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> doc/guides/sample_app_ug/fips_validation.rst | 1 +
> examples/fips_validation/fips_validation.h | 4 +-
> .../fips_validation/fips_validation_sha.c | 63 ++++++++++++-
> examples/fips_validation/main.c | 93 ++++++++++++++++++-
> 4 files changed, 154 insertions(+), 7 deletions(-)
>
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 55837895fe..4fc8297b34 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -67,6 +67,7 @@ ACVP
> * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256,
> SHA3_384, SHA3_512)
> * SHA (1, 224, 256, 384, 512) - AFT, MCT
> * SHA3 (224, 256, 384, 512) - AFT, MCT
> + * SHAKE (128, 256) - AFT, MCT, VOT
> * TDES-CBC - AFT, MCT
> * TDES-ECB - AFT, MCT
> * RSA
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 6c1bd35849..8fcb5c8500 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -163,7 +163,8 @@ enum fips_ccm_test_types { enum
> fips_sha_test_types {
> SHA_KAT = 0,
> SHA_AFT,
> - SHA_MCT
> + SHA_MCT,
> + SHAKE_VOT
> };
>
> enum fips_rsa_test_types {
> @@ -205,6 +206,7 @@ struct sha_interim_data {
> /* keep algo always on top as it is also used in asym digest */
> enum rte_crypto_auth_algorithm algo;
> enum fips_sha_test_types test_type;
> + uint8_t min_outlen;
> uint8_t md_blocks;
> };
>
> diff --git a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index 8b68f5ed36..7ce7d3744f 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -22,6 +22,9 @@
> #define TESTTYPE_JSON_STR "testType"
>
> #define PT_JSON_STR "msg"
> +#define OUTLEN_JSON_STR "outLen"
> +#define MINOUTLEN_JSON_STR "minOutLen"
> +#define MAXOUTLEN_JSON_STR "maxOutLen"
>
> struct plain_hash_size_conversion {
> const char *str;
> @@ -36,6 +39,8 @@ struct plain_hash_size_conversion {
> {"32", RTE_CRYPTO_AUTH_SHA3_256},
> {"48", RTE_CRYPTO_AUTH_SHA3_384},
> {"64", RTE_CRYPTO_AUTH_SHA3_512},
> + {"16", RTE_CRYPTO_AUTH_SHAKE_128},
> + {"32", RTE_CRYPTO_AUTH_SHAKE_256},
> };
>
> int
> @@ -89,12 +94,26 @@ struct fips_test_callback sha_tests_interim_vectors[]
> = { };
>
> #ifdef USE_JANSSON
> +static int
> +parse_interim_str(const char *key, char *src, struct fips_val *val) {
> + RTE_SET_USED(val);
> +
> + if (strcmp(key, MINOUTLEN_JSON_STR) == 0)
> + info.interim_info.sha_data.min_outlen = atoi(src) / 8;
> + else if (strcmp(key, MAXOUTLEN_JSON_STR) == 0)
> + vec.cipher_auth.digest.len = atoi(src) / 8;
> +
> + return 0;
> +}
> +
> static struct {
> uint32_t type;
> const char *desc;
> } sha_test_types[] = {
> {SHA_MCT, "MCT"},
> {SHA_AFT, "AFT"},
> + {SHAKE_VOT, "VOT"},
> };
>
> static struct plain_hash_algorithms {
> @@ -111,10 +130,19 @@ static struct plain_hash_algorithms {
> {"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
> {"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
> {"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
> + {"SHAKE-128", RTE_CRYPTO_AUTH_SHAKE_128, 1},
> + {"SHAKE-256", RTE_CRYPTO_AUTH_SHAKE_256, 1},
> };
>
> struct fips_test_callback sha_tests_json_vectors[] = {
> {PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
> + {OUTLEN_JSON_STR, parser_read_uint32_bit_val,
> &vec.cipher_auth.digest},
> + {NULL, NULL, NULL} /**< end pointer */ };
> +
> +struct fips_test_callback sha_tests_interim_json_vectors[] = {
> + {MINOUTLEN_JSON_STR, parse_interim_str, NULL},
> + {MAXOUTLEN_JSON_STR, parse_interim_str, NULL},
> {NULL, NULL, NULL} /**< end pointer */ }; #endif /*
> USE_JANSSON */ @@ -185,6 +213,11 @@
> parse_test_sha_json_writeback(struct fips_val *val)
> md = json_string(info.one_line_text);
> json_object_set_new(json_info.json_write_case, "md", md);
>
> + if (info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_128 ||
> + info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_256)
> + json_object_set_new(json_info.json_write_case, "outLen",
> + json_integer(vec.cipher_auth.digest.len * 8));
> +
> return 0;
> }
>
> @@ -193,6 +226,11 @@ parse_test_sha_mct_json_writeback(struct fips_val
> *val) {
> json_t *tcId, *md, *resArr, *res;
> struct fips_val val_local;
> + bool is_shake = false;
> +
> + if (info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_128 ||
> + info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_256)
> + is_shake = true;
>
> tcId = json_object_get(json_info.json_test_case, "tcId");
> if (json_info.json_write_case) {
> @@ -204,11 +242,17 @@ parse_test_sha_mct_json_writeback(struct
> fips_val *val)
> json_object_set_new(json_info.json_write_case,
> "tcId", tcId);
> json_object_set_new(json_info.json_write_case,
> "resultsArray",
> json_array());
> + if (is_shake)
> +
> json_object_set_new(json_info.json_write_case, "outLen",
> +
> json_integer(0));
> }
> } else {
> json_info.json_write_case = json_object();
> json_object_set_new(json_info.json_write_case, "tcId",
> tcId);
> json_object_set_new(json_info.json_write_case,
> "resultsArray", json_array());
> + if (is_shake)
> + json_object_set_new(json_info.json_write_case,
> "outLen",
> +
> json_integer(0));
> }
>
> resArr = json_object_get(json_info.json_write_case,
> "resultsArray"); @@ -224,6 +268,9 @@
> parse_test_sha_mct_json_writeback(struct fips_val *val)
> md = json_string(info.one_line_text);
> json_object_set_new(res, "md", md);
>
> + if (is_shake)
> + json_object_set_new(res, "outLen",
> +json_integer(vec.cipher_auth.digest.len * 8));
> +
> json_array_append_new(resArr, res);
> return 0;
> }
> @@ -250,12 +297,17 @@ parse_test_sha_json_algorithm(void)
> if (i == RTE_DIM(json_algorithms))
> return -1;
>
> - sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo);
> + if (info.interim_info.sha_data.test_type == SHAKE_VOT) {
> + sz = vec.cipher_auth.digest.len;
> + } else {
> + sz =
> parse_test_sha_hash_size(info.interim_info.sha_data.algo);
> + vec.cipher_auth.digest.len = sz;
> + }
> +
> if (sz < 0)
> return -1;
>
> free(vec.cipher_auth.digest.val);
> - vec.cipher_auth.digest.len = sz;
> vec.cipher_auth.digest.val = calloc(1, sz);
> if (vec.cipher_auth.digest.val == NULL)
> return -1;
> @@ -288,6 +340,7 @@ parse_test_sha_json_test_type(void)
> info.parse_writeback =
> parse_test_sha_mct_json_writeback;
> break;
> case SHA_AFT:
> + case SHAKE_VOT:
> info.parse_writeback = parse_test_sha_json_writeback;
> break;
> default:
> @@ -308,12 +361,12 @@ parse_test_sha_json_init(void)
> info.callbacks = sha_tests_json_vectors;
> info.writeback_callbacks = NULL;
> info.kat_check = rsp_test_sha_check;
> - info.interim_callbacks = NULL;
> + info.interim_callbacks = sha_tests_interim_json_vectors;
>
> - if (parse_test_sha_json_algorithm() < 0)
> + if (parse_test_sha_json_test_type() < 0)
> return -1;
>
> - if (parse_test_sha_json_test_type() < 0)
> + if (parse_test_sha_json_algorithm() < 0)
> return -1;
>
> return 0;
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index cf29e440f1..52076160b5 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -2356,6 +2356,93 @@ fips_mct_sha_test(void)
> return 0;
> }
>
> +static int
> +fips_mct_shake_test(void)
> +{
> +#define SHAKE_EXTERN_ITER 100
> +#define SHAKE_INTERN_ITER 1000
> + uint32_t i, j, range, outlen, max_outlen;
> + struct fips_val val = {NULL, 0}, md;
> + uint8_t rightmost[2];
> + int ret;
> +
> + max_outlen = vec.cipher_auth.digest.len;
> +
> + if (vec.cipher_auth.digest.val)
> + free(vec.cipher_auth.digest.val);
> +
> + vec.cipher_auth.digest.val = calloc(1, max_outlen);
> +
> + if (vec.pt.val)
> + memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.pt.len);
> +
> + rte_free(vec.pt.val);
> + vec.pt.val = rte_malloc(NULL, 16, 0);
> + vec.pt.len = 16;
> +
> + md.val = rte_malloc(NULL, max_outlen, 0);
> + md.len = max_outlen;
> +
> + if (info.file_type != FIPS_TYPE_JSON) {
> + fips_test_write_one_case();
> + fprintf(info.fp_wr, "\n");
> + }
> +
> + range = max_outlen - info.interim_info.sha_data.min_outlen + 1;
> + outlen = max_outlen;
> + for (j = 0; j < SHAKE_EXTERN_ITER; j++) {
> + memset(md.val, 0, max_outlen);
> + memcpy(md.val, vec.cipher_auth.digest.val,
> + vec.cipher_auth.digest.len);
> +
> + for (i = 0; i < (SHAKE_INTERN_ITER); i++) {
> + memset(vec.pt.val, 0, vec.pt.len);
> + memcpy(vec.pt.val, md.val, vec.pt.len);
> + vec.cipher_auth.digest.len = outlen;
> + ret = fips_run_test();
> + if (ret < 0) {
> + if (ret == -EPERM || ret == -ENOTSUP) {
> + if (info.file_type == FIPS_TYPE_JSON)
> + return ret;
> +
> + fprintf(info.fp_wr, "Bypass\n\n");
> + return 0;
> + }
> + return ret;
> + }
> +
> + ret = get_writeback_data(&val);
> + if (ret < 0)
> + return ret;
> +
> + memset(md.val, 0, max_outlen);
> + memcpy(md.val, (val.val + vec.pt.len),
> + vec.cipher_auth.digest.len);
> + md.len = outlen;
> + rightmost[0] = md.val[md.len-1];
> + rightmost[1] = md.val[md.len-2];
> + outlen = info.interim_info.sha_data.min_outlen +
> + (*(uint16_t *)rightmost % range);
> + }
> +
> + memcpy(vec.cipher_auth.digest.val, md.val, md.len);
> + vec.cipher_auth.digest.len = md.len;
> +
> + if (info.file_type != FIPS_TYPE_JSON)
> + fprintf(info.fp_wr, "COUNT = %u\n", j);
> +
> + info.parse_writeback(&val);
> +
> + if (info.file_type != FIPS_TYPE_JSON)
> + fprintf(info.fp_wr, "\n");
> + }
> +
> + rte_free(md.val);
> + rte_free(vec.pt.val);
> +
> + free(val.val);
> + return 0;
> +}
>
> static int
> init_test_ops(void)
> @@ -2408,7 +2495,11 @@ init_test_ops(void)
> test_ops.prepare_sym_op = prepare_auth_op;
> test_ops.prepare_sym_xform = prepare_sha_xform;
> if (info.interim_info.sha_data.test_type == SHA_MCT)
> - test_ops.test = fips_mct_sha_test;
> + if (info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_128 ||
> + info.interim_info.sha_data.algo ==
> RTE_CRYPTO_AUTH_SHAKE_256)
> + test_ops.test = fips_mct_shake_test;
> + else
> + test_ops.test = fips_mct_sha_test;
> else
> test_ops.test = fips_generic_test;
> break;
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 03/10] examples/fips_validation: fix integer parse in test case
2023-02-06 14:45 ` [v1, 03/10] examples/fips_validation: fix integer parse in test case Gowrishankar Muthukrishnan
@ 2023-02-27 9:30 ` Dooley, Brian
0 siblings, 0 replies; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:30 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 03/10] examples/fips_validation: fix integer parse in test case
>
> Parsing integer value in test case vector does not store it because only string
> was expected. This patch adds handling for integer value as well.
>
> Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> examples/fips_validation/fips_validation.c | 29 ++++++++++++++++------
> 1 file changed, 21 insertions(+), 8 deletions(-)
>
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index f7a6d821ea..d3b6099d73 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -543,15 +543,28 @@ fips_test_parse_one_json_case(void)
>
> for (i = 0; info.callbacks[i].key != NULL; i++) {
> param = json_object_get(json_info.json_test_case,
> info.callbacks[i].key);
> - if (param) {
> - strcpy(info.one_line_text,
> json_string_value(param));
> - ret = info.callbacks[i].cb(
> - info.callbacks[i].key, info.one_line_text,
> - info.callbacks[i].val
> - );
> - if (ret < 0)
> - return ret;
> + if (!param)
> + continue;
> +
> + switch (json_typeof(param)) {
> + case JSON_STRING:
> + snprintf(info.one_line_text, MAX_LINE_CHAR, "%s",
> + json_string_value(param));
> + break;
> +
> + case JSON_INTEGER:
> + snprintf(info.one_line_text, MAX_LINE_CHAR,
> "%"JSON_INTEGER_FORMAT,
> + json_integer_value(param));
> + break;
> +
> + default:
> + return -EINVAL;
> }
> +
> + ret = info.callbacks[i].cb(info.callbacks[i].key,
> info.one_line_text,
> + info.callbacks[i].val);
> + if (ret < 0)
> + return ret;
> }
>
> return 0;
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 02/10] examples/fips_validation: add SHA3 validation
2023-02-06 14:45 ` [v1, 02/10] examples/fips_validation: add SHA3 validation Gowrishankar Muthukrishnan
@ 2023-02-27 9:31 ` Dooley, Brian
0 siblings, 0 replies; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:31 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 02/10] examples/fips_validation: add SHA3 validation
>
> Add support in fips_validation to parse SHA3 algorithms.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> doc/guides/sample_app_ug/fips_validation.rst | 5 +-
> examples/fips_validation/fips_validation.h | 1 +
> .../fips_validation/fips_validation_hmac.c | 8 ++
> .../fips_validation/fips_validation_sha.c | 20 +++--
> examples/fips_validation/main.c | 76 +++++++++----------
> 5 files changed, 61 insertions(+), 49 deletions(-)
>
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 50d23c789b..55837895fe 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -64,8 +64,9 @@ ACVP
> * AES-CTR (128,192,256) - AFT, CTR
> * AES-GMAC (128,192,256) - AFT
> * AES-XTS (128,256) - AFT
> - * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
> - * SHA (1, 256, 384, 512) - AFT, MCT
> + * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256,
> SHA3_384, SHA3_512)
> + * SHA (1, 224, 256, 384, 512) - AFT, MCT
> + * SHA3 (224, 256, 384, 512) - AFT, MCT
> * TDES-CBC - AFT, MCT
> * TDES-ECB - AFT, MCT
> * RSA
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 565a5cd36e..6c1bd35849 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -205,6 +205,7 @@ struct sha_interim_data {
> /* keep algo always on top as it is also used in asym digest */
> enum rte_crypto_auth_algorithm algo;
> enum fips_sha_test_types test_type;
> + uint8_t md_blocks;
> };
>
> struct gcm_interim_data {
> diff --git a/examples/fips_validation/fips_validation_hmac.c
> b/examples/fips_validation/fips_validation_hmac.c
> index e0721ef028..f1cbc18435 100644
> --- a/examples/fips_validation/fips_validation_hmac.c
> +++ b/examples/fips_validation/fips_validation_hmac.c
> @@ -37,6 +37,10 @@ struct hash_size_conversion {
> {"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
> {"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
> {"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
> + {"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
> + {"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
> + {"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
> + {"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
> };
>
> static int
> @@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = {
> {"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
> {"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
> {"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
> + {"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
> + {"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
> + {"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
> + {"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
> };
>
> struct fips_test_callback hmac_tests_json_vectors[] = { diff --git
> a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index 178ea492d3..8b68f5ed36 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -32,6 +32,10 @@ struct plain_hash_size_conversion {
> {"32", RTE_CRYPTO_AUTH_SHA256},
> {"48", RTE_CRYPTO_AUTH_SHA384},
> {"64", RTE_CRYPTO_AUTH_SHA512},
> + {"28", RTE_CRYPTO_AUTH_SHA3_224},
> + {"32", RTE_CRYPTO_AUTH_SHA3_256},
> + {"48", RTE_CRYPTO_AUTH_SHA3_384},
> + {"64", RTE_CRYPTO_AUTH_SHA3_512},
> };
>
> int
> @@ -96,12 +100,17 @@ static struct {
> static struct plain_hash_algorithms {
> const char *str;
> enum rte_crypto_auth_algorithm algo;
> + uint8_t md_blocks;
> } json_algorithms[] = {
> - {"SHA-1", RTE_CRYPTO_AUTH_SHA1},
> - {"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
> - {"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
> - {"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
> - {"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
> + {"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3},
> + {"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3},
> + {"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3},
> + {"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3},
> + {"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3},
> + {"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1},
> + {"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
> + {"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
> + {"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
> };
>
> struct fips_test_callback sha_tests_json_vectors[] = { @@ -233,6 +242,7 @@
> parse_test_sha_json_algorithm(void)
> for (i = 0; i < RTE_DIM(json_algorithms); i++) {
> if (strstr(algorithm_str, json_algorithms[i].str)) {
> info.interim_info.sha_data.algo =
> json_algorithms[i].algo;
> + info.interim_info.sha_data.md_blocks =
> json_algorithms[i].md_blocks;
> break;
> }
> }
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index cc585e8418..cf29e440f1 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -2267,22 +2267,27 @@ fips_mct_sha_test(void) {
> #define SHA_EXTERN_ITER 100
> #define SHA_INTERN_ITER 1000
> -#define SHA_MD_BLOCK 3
> + uint8_t md_blocks = info.interim_info.sha_data.md_blocks;
> struct fips_val val = {NULL, 0};
> - struct fips_val md[SHA_MD_BLOCK], msg;
> + struct fips_val md[md_blocks];
> int ret;
> - uint32_t i, j;
> + uint32_t i, j, k, offset, max_outlen;
> +
> + max_outlen = md_blocks * vec.cipher_auth.digest.len;
> +
> + if (vec.cipher_auth.digest.val)
> + free(vec.cipher_auth.digest.val);
> +
> + vec.cipher_auth.digest.val = calloc(1, max_outlen);
>
> - msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
> - msg.val = calloc(1, msg.len);
> if (vec.pt.val)
> memcpy(vec.cipher_auth.digest.val, vec.pt.val,
> vec.cipher_auth.digest.len);
>
> - for (i = 0; i < SHA_MD_BLOCK; i++)
> - md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
> -
> rte_free(vec.pt.val);
> - vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK),
> 0);
> + vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*md_blocks), 0);
> +
> + for (i = 0; i < md_blocks; i++)
> + md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
>
> if (info.file_type != FIPS_TYPE_JSON) {
> fips_test_write_one_case();
> @@ -2290,30 +2295,19 @@ fips_mct_sha_test(void)
> }
>
> for (j = 0; j < SHA_EXTERN_ITER; j++) {
> -
> - memcpy(md[0].val, vec.cipher_auth.digest.val,
> - vec.cipher_auth.digest.len);
> - md[0].len = vec.cipher_auth.digest.len;
> - memcpy(md[1].val, vec.cipher_auth.digest.val,
> - vec.cipher_auth.digest.len);
> - md[1].len = vec.cipher_auth.digest.len;
> - memcpy(md[2].val, vec.cipher_auth.digest.val,
> - vec.cipher_auth.digest.len);
> - md[2].len = vec.cipher_auth.digest.len;
> -
> - for (i = 0; i < SHA_MD_BLOCK; i++)
> - memcpy(&msg.val[i * md[i].len], md[i].val,
> md[i].len);
> + for (i = 0; i < md_blocks; i++) {
> + memcpy(md[i].val, vec.cipher_auth.digest.val,
> + vec.cipher_auth.digest.len);
> + md[i].len = vec.cipher_auth.digest.len;
> + }
>
> for (i = 0; i < (SHA_INTERN_ITER); i++) {
> -
> - memcpy(vec.pt.val, md[0].val,
> - (size_t)md[0].len);
> - memcpy((vec.pt.val + md[0].len), md[1].val,
> - (size_t)md[1].len);
> - memcpy((vec.pt.val + md[0].len + md[1].len),
> - md[2].val,
> - (size_t)md[2].len);
> - vec.pt.len = md[0].len + md[1].len + md[2].len;
> + offset = 0;
> + for (k = 0; k < md_blocks; k++) {
> + memcpy(vec.pt.val + offset, md[k].val,
> (size_t)md[k].len);
> + offset += md[k].len;
> + }
> + vec.pt.len = offset;
>
> ret = fips_run_test();
> if (ret < 0) {
> @@ -2331,18 +2325,18 @@ fips_mct_sha_test(void)
> if (ret < 0)
> return ret;
>
> - memcpy(md[0].val, md[1].val, md[1].len);
> - md[0].len = md[1].len;
> - memcpy(md[1].val, md[2].val, md[2].len);
> - md[1].len = md[2].len;
> + for (k = 1; k < md_blocks; k++) {
> + memcpy(md[k-1].val, md[k].val, md[k].len);
> + md[k-1].len = md[k].len;
> + }
>
> - memcpy(md[2].val, (val.val + vec.pt.len),
> + memcpy(md[md_blocks-1].val, (val.val + vec.pt.len),
> vec.cipher_auth.digest.len);
> - md[2].len = vec.cipher_auth.digest.len;
> + md[md_blocks-1].len = vec.cipher_auth.digest.len;
> }
>
> - memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
> - vec.cipher_auth.digest.len = md[2].len;
> + memcpy(vec.cipher_auth.digest.val, md[md_blocks-1].val,
> md[md_blocks-1].len);
> + vec.cipher_auth.digest.len = md[md_blocks-1].len;
>
> if (info.file_type != FIPS_TYPE_JSON)
> fprintf(info.fp_wr, "COUNT = %u\n", j); @@ -2353,14
> +2347,12 @@ fips_mct_sha_test(void)
> fprintf(info.fp_wr, "\n");
> }
>
> - for (i = 0; i < (SHA_MD_BLOCK); i++)
> + for (i = 0; i < (md_blocks); i++)
> rte_free(md[i].val);
>
> rte_free(vec.pt.val);
>
> free(val.val);
> - free(msg.val);
> -
> return 0;
> }
>
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 01/10] examples/fips_validation: fix MCT output for SHA
2023-02-06 14:45 ` [v1, 01/10] examples/fips_validation: fix MCT output for SHA Gowrishankar Muthukrishnan
@ 2023-02-27 9:31 ` Dooley, Brian
0 siblings, 0 replies; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:31 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 01/10] examples/fips_validation: fix MCT output for SHA
>
> MCT test for SHA need not print message string along with digest value.
>
> Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> examples/fips_validation/fips_validation_sha.c | 8 ++------
> examples/fips_validation/main.c | 13 +++++--------
> 2 files changed, 7 insertions(+), 14 deletions(-)
>
> diff --git a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index c5da2cc623..178ea492d3 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -182,7 +182,7 @@ parse_test_sha_json_writeback(struct fips_val *val)
> static int parse_test_sha_mct_json_writeback(struct fips_val *val) {
> - json_t *tcId, *msg, *md, *resArr, *res;
> + json_t *tcId, *md, *resArr, *res;
> struct fips_val val_local;
>
> tcId = json_object_get(json_info.json_test_case, "tcId"); @@ -
> 208,11 +208,7 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
>
> res = json_object();
>
> - writeback_hex_str("", info.one_line_text, &val[1]);
> - msg = json_string(info.one_line_text);
> - json_object_set_new(res, "msg", msg);
> -
> - val_local.val = val[0].val + vec.pt.len;
> + val_local.val = val->val + vec.pt.len;
> val_local.len = vec.cipher_auth.digest.len;
>
> writeback_hex_str("", info.one_line_text, &val_local); diff --git
> a/examples/fips_validation/main.c b/examples/fips_validation/main.c index
> 622f8b5a6e..cc585e8418 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -2268,8 +2268,7 @@ fips_mct_sha_test(void)
> #define SHA_EXTERN_ITER 100
> #define SHA_INTERN_ITER 1000
> #define SHA_MD_BLOCK 3
> - /* val[0] is op result and other value is for parse_writeback callback
> */
> - struct fips_val val[2] = {{NULL, 0},};
> + struct fips_val val = {NULL, 0};
> struct fips_val md[SHA_MD_BLOCK], msg;
> int ret;
> uint32_t i, j;
> @@ -2328,7 +2327,7 @@ fips_mct_sha_test(void)
> return ret;
> }
>
> - ret = get_writeback_data(&val[0]);
> + ret = get_writeback_data(&val);
> if (ret < 0)
> return ret;
>
> @@ -2337,7 +2336,7 @@ fips_mct_sha_test(void)
> memcpy(md[1].val, md[2].val, md[2].len);
> md[1].len = md[2].len;
>
> - memcpy(md[2].val, (val[0].val + vec.pt.len),
> + memcpy(md[2].val, (val.val + vec.pt.len),
> vec.cipher_auth.digest.len);
> md[2].len = vec.cipher_auth.digest.len;
> }
> @@ -2348,9 +2347,7 @@ fips_mct_sha_test(void)
> if (info.file_type != FIPS_TYPE_JSON)
> fprintf(info.fp_wr, "COUNT = %u\n", j);
>
> - val[1].val = msg.val;
> - val[1].len = msg.len;
> - info.parse_writeback(val);
> + info.parse_writeback(&val);
>
> if (info.file_type != FIPS_TYPE_JSON)
> fprintf(info.fp_wr, "\n");
> @@ -2361,7 +2358,7 @@ fips_mct_sha_test(void)
>
> rte_free(vec.pt.val);
>
> - free(val[0].val);
> + free(val.val);
> free(msg.val);
>
> return 0;
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 00/10] fips_validation application improvements
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
` (9 preceding siblings ...)
2023-02-06 14:46 ` [v1, 10/10] examples/fips_validation: add extra space in JSON buffer Gowrishankar Muthukrishnan
@ 2023-02-27 9:32 ` Dooley, Brian
2023-02-27 17:27 ` Akhil Goyal
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
11 siblings, 1 reply; 40+ messages in thread
From: Dooley, Brian @ 2023-02-27 9:32 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev; +Cc: Anoob Joseph, jerinj, Akhil Goyal
Hi Gowrishankar,
Looks good to me.
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 00/10] fips_validation application improvements
>
> This patch series adds support for SHA3, SHAKE, AES-CCM JSON test vectors
> and fixes existing algorithms to support NIST test vectors.
>
> Gowrishankar Muthukrishnan (10):
> examples/fips_validation: fix MCT output for SHA
> examples/fips_validation: add SHA3 validation
> examples/fips_validation: fix integer parse in test case
> examples/fips_validation: add SHAKE validation
> examples/fips_validation: add CCM JSON validation
> examples/fips_validation: add ECDSA keygen support
> examples/fips_validation: add SHA3 algorithms in ECDSA test
> examples/fips_validation: fix AES GCM validation tests
> examples/fips_validation: fix AES XTS to read seq number
> examples/fips_validation: add extra space in JSON buffer
>
> doc/guides/sample_app_ug/fips_validation.rst | 7 +-
> examples/fips_validation/fips_validation.c | 31 ++-
> examples/fips_validation/fips_validation.h | 10 +-
> .../fips_validation/fips_validation_ccm.c | 132 ++++++++++++
> .../fips_validation/fips_validation_ecdsa.c | 56 +++++
> .../fips_validation/fips_validation_gcm.c | 12 +-
> .../fips_validation/fips_validation_hmac.c | 8 +
> .../fips_validation/fips_validation_sha.c | 91 ++++++--
> .../fips_validation/fips_validation_xts.c | 13 +-
> examples/fips_validation/main.c | 196 +++++++++++++-----
> 10 files changed, 467 insertions(+), 89 deletions(-)
>
> --
> 2.25.1
Series-acked-by: Brian Dooley <brian.dooley@intel.com>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 00/10] fips_validation application improvements
2023-02-27 9:32 ` [v1, 00/10] fips_validation application improvements Dooley, Brian
@ 2023-02-27 17:27 ` Akhil Goyal
2023-02-28 7:39 ` Akhil Goyal
0 siblings, 1 reply; 40+ messages in thread
From: Akhil Goyal @ 2023-02-27 17:27 UTC (permalink / raw)
To: Dooley, Brian, Gowrishankar Muthukrishnan, dev
Cc: Anoob Joseph, Jerin Jacob Kollanukkaran
> Hi Gowrishankar,
>
> Looks good to me.
>
> > Subject: [v1, 00/10] fips_validation application improvements
> >
> > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test vectors
> > and fixes existing algorithms to support NIST test vectors.
> >
> > Gowrishankar Muthukrishnan (10):
> > examples/fips_validation: fix MCT output for SHA
> > examples/fips_validation: add SHA3 validation
> > examples/fips_validation: fix integer parse in test case
> > examples/fips_validation: add SHAKE validation
> > examples/fips_validation: add CCM JSON validation
> > examples/fips_validation: add ECDSA keygen support
> > examples/fips_validation: add SHA3 algorithms in ECDSA test
> > examples/fips_validation: fix AES GCM validation tests
> > examples/fips_validation: fix AES XTS to read seq number
> > examples/fips_validation: add extra space in JSON buffer
> >
> > doc/guides/sample_app_ug/fips_validation.rst | 7 +-
> > examples/fips_validation/fips_validation.c | 31 ++-
> > examples/fips_validation/fips_validation.h | 10 +-
> > .../fips_validation/fips_validation_ccm.c | 132 ++++++++++++
> > .../fips_validation/fips_validation_ecdsa.c | 56 +++++
> > .../fips_validation/fips_validation_gcm.c | 12 +-
> > .../fips_validation/fips_validation_hmac.c | 8 +
> > .../fips_validation/fips_validation_sha.c | 91 ++++++--
> > .../fips_validation/fips_validation_xts.c | 13 +-
> > examples/fips_validation/main.c | 196 +++++++++++++-----
> > 10 files changed, 467 insertions(+), 89 deletions(-)
> >
> > --
> > 2.25.1
>
> Series-acked-by: Brian Dooley <brian.dooley@intel.com>
Series Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 00/10] fips_validation application improvements
2023-02-27 17:27 ` Akhil Goyal
@ 2023-02-28 7:39 ` Akhil Goyal
2023-02-28 14:42 ` Patrick Robb
2023-03-01 4:04 ` Gowrishankar Muthukrishnan
0 siblings, 2 replies; 40+ messages in thread
From: Akhil Goyal @ 2023-02-28 7:39 UTC (permalink / raw)
To: Akhil Goyal, Dooley, Brian, Gowrishankar Muthukrishnan, dev
Cc: Anoob Joseph, Jerin Jacob Kollanukkaran
Hi Gowrishankar,
> >
> > > Subject: [v1, 00/10] fips_validation application improvements
> > >
> > > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test vectors
> > > and fixes existing algorithms to support NIST test vectors.
> > >
> > > Gowrishankar Muthukrishnan (10):
> > > examples/fips_validation: fix MCT output for SHA
> > > examples/fips_validation: add SHA3 validation
> > > examples/fips_validation: fix integer parse in test case
> > > examples/fips_validation: add SHAKE validation
> > > examples/fips_validation: add CCM JSON validation
> > > examples/fips_validation: add ECDSA keygen support
> > > examples/fips_validation: add SHA3 algorithms in ECDSA test
> > > examples/fips_validation: fix AES GCM validation tests
> > > examples/fips_validation: fix AES XTS to read seq number
> > > examples/fips_validation: add extra space in JSON buffer
> > >
> > > doc/guides/sample_app_ug/fips_validation.rst | 7 +-
> > > examples/fips_validation/fips_validation.c | 31 ++-
> > > examples/fips_validation/fips_validation.h | 10 +-
> > > .../fips_validation/fips_validation_ccm.c | 132 ++++++++++++
> > > .../fips_validation/fips_validation_ecdsa.c | 56 +++++
> > > .../fips_validation/fips_validation_gcm.c | 12 +-
> > > .../fips_validation/fips_validation_hmac.c | 8 +
> > > .../fips_validation/fips_validation_sha.c | 91 ++++++--
> > > .../fips_validation/fips_validation_xts.c | 13 +-
> > > examples/fips_validation/main.c | 196 +++++++++++++-----
> > > 10 files changed, 467 insertions(+), 89 deletions(-)
> > >
> > > --
> > > 2.25.1
> >
> > Series-acked-by: Brian Dooley <brian.dooley@intel.com>
>
> Series Applied to dpdk-next-crypto
The series is showing compilation issues, please fix it. The series is removed from the tree.
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [v1, 00/10] fips_validation application improvements
2023-02-28 7:39 ` Akhil Goyal
@ 2023-02-28 14:42 ` Patrick Robb
2023-02-28 15:02 ` [EXT] " Akhil Goyal
2023-03-01 4:04 ` Gowrishankar Muthukrishnan
1 sibling, 1 reply; 40+ messages in thread
From: Patrick Robb @ 2023-02-28 14:42 UTC (permalink / raw)
To: Akhil Goyal
Cc: Dooley, Brian, Gowrishankar Muthukrishnan, dev, Anoob Joseph,
Jerin Jacob Kollanukkaran, Jeremy Spewock, Lincoln Lavoie
[-- Attachment #1: Type: text/plain, Size: 3031 bytes --]
Hello Akhil and Gowrishankar,
We saw the same issue with running the fips sample app under CI testing
here at the UNH Community Lab:
http://mails.dpdk.org/archives/test-report/2023-February/350635.html. We
reported a warn because it failed on the compilation stage (as opposed to a
failure of the actual sample app run).
On the other hand, we are excited to see this patch again with the
compilation part resolved. I sent an email to the dev mailing list a few
weeks ago for our fips sample app CI testing regarding where we could and
could not provide test vector coverage, and it appears this patch series
may resolve our ciphertext issue with AES-GCM test vector and more issues
with the sample app. So - looking forward to seeing a patch like this being
merged when stable!
Best,
Patrick Robb
On Tue, Feb 28, 2023 at 2:39 AM Akhil Goyal <gakhil@marvell.com> wrote:
> Hi Gowrishankar,
> > >
> > > > Subject: [v1, 00/10] fips_validation application improvements
> > > >
> > > > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test
> vectors
> > > > and fixes existing algorithms to support NIST test vectors.
> > > >
> > > > Gowrishankar Muthukrishnan (10):
> > > > examples/fips_validation: fix MCT output for SHA
> > > > examples/fips_validation: add SHA3 validation
> > > > examples/fips_validation: fix integer parse in test case
> > > > examples/fips_validation: add SHAKE validation
> > > > examples/fips_validation: add CCM JSON validation
> > > > examples/fips_validation: add ECDSA keygen support
> > > > examples/fips_validation: add SHA3 algorithms in ECDSA test
> > > > examples/fips_validation: fix AES GCM validation tests
> > > > examples/fips_validation: fix AES XTS to read seq number
> > > > examples/fips_validation: add extra space in JSON buffer
> > > >
> > > > doc/guides/sample_app_ug/fips_validation.rst | 7 +-
> > > > examples/fips_validation/fips_validation.c | 31 ++-
> > > > examples/fips_validation/fips_validation.h | 10 +-
> > > > .../fips_validation/fips_validation_ccm.c | 132 ++++++++++++
> > > > .../fips_validation/fips_validation_ecdsa.c | 56 +++++
> > > > .../fips_validation/fips_validation_gcm.c | 12 +-
> > > > .../fips_validation/fips_validation_hmac.c | 8 +
> > > > .../fips_validation/fips_validation_sha.c | 91 ++++++--
> > > > .../fips_validation/fips_validation_xts.c | 13 +-
> > > > examples/fips_validation/main.c | 196
> +++++++++++++-----
> > > > 10 files changed, 467 insertions(+), 89 deletions(-)
> > > >
> > > > --
> > > > 2.25.1
> > >
> > > Series-acked-by: Brian Dooley <brian.dooley@intel.com>
> >
> > Series Applied to dpdk-next-crypto
> The series is showing compilation issues, please fix it. The series is
> removed from the tree.
>
>
>
--
Patrick Robb
Technical Service Manager
UNH InterOperability Laboratory
21 Madbury Rd, Suite 100, Durham, NH 03824
www.iol.unh.edu
[-- Attachment #2: Type: text/html, Size: 5873 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [EXT] Re: [v1, 00/10] fips_validation application improvements
2023-02-28 14:42 ` Patrick Robb
@ 2023-02-28 15:02 ` Akhil Goyal
2023-02-28 15:52 ` Patrick Robb
0 siblings, 1 reply; 40+ messages in thread
From: Akhil Goyal @ 2023-02-28 15:02 UTC (permalink / raw)
To: Patrick Robb
Cc: Dooley, Brian, Gowrishankar Muthukrishnan, dev, Anoob Joseph,
Jerin Jacob Kollanukkaran, Jeremy Spewock, Lincoln Lavoie
[-- Attachment #1: Type: text/plain, Size: 6343 bytes --]
Hi Patrick,
The issue reported by CI in below link is not an issue, as the patchset was dependent on another patch which is already merged. Now we are observing a new issue which is coming only on CentOS I believe.
CI reports are not useful in case there are dependent patches. There should be a way maintainer/developer can retrigger the CI as required when other patches are merged.
This issue got skipped as I personally do not test on CentOS and CI results are not meaningful when there were dependent patches.
Below is the log for the compilation issue observed now on TOT when these patches are applied which is not visible in the below link.
> OS: CentOS79-64
> Target: x86_64-native-linuxapp-gcc
> FAILED: examples/dpdk-fips_validation.p/fips_validation_main.c.o
> gcc -Iexamples/dpdk-fips_validation.p -Iexamples -I../examples -
> Iexamples/fips_validation -I../examples/fips_validation -I../examples/common -
> I. -I.. -Iconfig -I../config -Ilib/eal/include -I../lib/eal/include -
> Ilib/eal/linux/include -I../lib/eal/linux/include -Ilib/eal/x86/include -
> I../lib/eal/x86/include -Ilib/eal/common -I../lib/eal/common -Ilib/eal -I../lib/eal
> -Ilib/kvargs -I../lib/kvargs -Ilib/metrics -I../lib/metrics -Ilib/telemetry -
> I../lib/telemetry -Ilib/mempool -I../lib/mempool -Ilib/ring -I../lib/ring -Ilib/net -
> I../lib/net -Ilib/mbuf -I../lib/mbuf -Ilib/ethdev -I../lib/ethdev -Ilib/meter -
> I../lib/meter -Ilib/cmdline -I../lib/cmdline -Ilib/cryptodev -I../lib/cryptodev -
> Ilib/rcu -I../lib/rcu -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -
> Werror -O3 -include rte_config.h -Wcast-qual -Wdeprecated -Wformat -
> Wformat-nonliteral -Wformat-security -Wmissing-declarations -Wmissing-
> prototypes -Wnested-externs -Wold-style-definition -Wpointer-arith -Wsign-
> compare -Wstrict-prototypes -Wundef -Wwrite-strings -Wno-missing-field-
> initializers -D_GNU_SOURCE -march=native -DUSE_OPENSSL -
> DALLOW_EXPERIMENTAL_API -MD -MQ examples/dpdk-
> fips_validation.p/fips_validation_main.c.o -MF examples/dpdk-
> fips_validation.p/fips_validation_main.c.o.d -o examples/dpdk-
> fips_validation.p/fips_validation_main.c.o -c ../examples/fips_validation/main.c
> ../examples/fips_validation/main.c: In function 'fips_mct_shake_test':
> ../examples/fips_validation/main.c:2438:5: error: dereferencing type-punned
> pointer will break strict-aliasing rules [-Werror=strict-aliasing]
> (*(uint16_t *)rightmost % range);
> ^
Regards,
Akhil
________________________________
Hello Akhil and Gowrishankar,
We saw the same issue with running the fips sample app under CI testing here at the UNH Community Lab: http://mails.dpdk.org/archives/test-report/2023-February/350635.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__mails.dpdk.org_archives_test-2Dreport_2023-2DFebruary_350635.html&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl_PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=QswegPR1LvDRH4f_2rvo_BvAfrFOBGZPVPGXC7pPlKn2Q99LMoJlfwv4ZZ0QxRu-&s=Ozm6byIlAfWxebW0mSomWcCW-0s59wZNJ7QED4-Tjcs&e=>. We reported a warn because it failed on the compilation stage (as opposed to a failure of the actual sample app run).
On the other hand, we are excited to see this patch again with the compilation part resolved. I sent an email to the dev mailing list a few weeks ago for our fips sample app CI testing regarding where we could and could not provide test vector coverage, and it appears this patch series may resolve our ciphertext issue with AES-GCM test vector and more issues with the sample app. So - looking forward to seeing a patch like this being merged when stable!
Best,
Patrick Robb
On Tue, Feb 28, 2023 at 2:39 AM Akhil Goyal <gakhil@marvell.com<mailto:gakhil@marvell.com>> wrote:
Hi Gowrishankar,
> >
> > > Subject: [v1, 00/10] fips_validation application improvements
> > >
> > > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test vectors
> > > and fixes existing algorithms to support NIST test vectors.
> > >
> > > Gowrishankar Muthukrishnan (10):
> > > examples/fips_validation: fix MCT output for SHA
> > > examples/fips_validation: add SHA3 validation
> > > examples/fips_validation: fix integer parse in test case
> > > examples/fips_validation: add SHAKE validation
> > > examples/fips_validation: add CCM JSON validation
> > > examples/fips_validation: add ECDSA keygen support
> > > examples/fips_validation: add SHA3 algorithms in ECDSA test
> > > examples/fips_validation: fix AES GCM validation tests
> > > examples/fips_validation: fix AES XTS to read seq number
> > > examples/fips_validation: add extra space in JSON buffer
> > >
> > > doc/guides/sample_app_ug/fips_validation.rst | 7 +-
> > > examples/fips_validation/fips_validation.c | 31 ++-
> > > examples/fips_validation/fips_validation.h | 10 +-
> > > .../fips_validation/fips_validation_ccm.c | 132 ++++++++++++
> > > .../fips_validation/fips_validation_ecdsa.c | 56 +++++
> > > .../fips_validation/fips_validation_gcm.c | 12 +-
> > > .../fips_validation/fips_validation_hmac.c | 8 +
> > > .../fips_validation/fips_validation_sha.c | 91 ++++++--
> > > .../fips_validation/fips_validation_xts.c | 13 +-
> > > examples/fips_validation/main.c | 196 +++++++++++++-----
> > > 10 files changed, 467 insertions(+), 89 deletions(-)
> > >
> > > --
> > > 2.25.1
> >
> > Series-acked-by: Brian Dooley <brian.dooley@intel.com<mailto:brian.dooley@intel.com>>
>
> Series Applied to dpdk-next-crypto
The series is showing compilation issues, please fix it. The series is removed from the tree.
--
Patrick Robb
Technical Service Manager
UNH InterOperability Laboratory
21 Madbury Rd, Suite 100, Durham, NH 03824
www.iol.unh.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.iol.unh.edu_&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl_PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=QswegPR1LvDRH4f_2rvo_BvAfrFOBGZPVPGXC7pPlKn2Q99LMoJlfwv4ZZ0QxRu-&s=Gr4qCfskeNAMKr2DcgjPKd30D2zh9SGznw6lTmy1FnA&e=>
[https://lh4.googleusercontent.com/7sTY8VswXadak_YT0J13osh5ockNVRX2BuYaRsKoTTpkpilBokA0WlocYHLB4q7XUgXNHka6-ns47S8R_am0sOt7MYQQ1ILQ3S-P5aezsrjp3-IsJMmMrErHWmTARNgZhpAx06n2]
[-- Attachment #2: Type: text/html, Size: 13441 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [EXT] Re: [v1, 00/10] fips_validation application improvements
2023-02-28 15:02 ` [EXT] " Akhil Goyal
@ 2023-02-28 15:52 ` Patrick Robb
0 siblings, 0 replies; 40+ messages in thread
From: Patrick Robb @ 2023-02-28 15:52 UTC (permalink / raw)
To: Akhil Goyal
Cc: Dooley, Brian, Gowrishankar Muthukrishnan, dev, Anoob Joseph,
Jerin Jacob Kollanukkaran, Jeremy Spewock, Lincoln Lavoie
[-- Attachment #1: Type: text/plain, Size: 6971 bytes --]
Hi Akhil,
One 2023 goal for UNH is implementing an email based retesting framework.
Once that work is completed, you will be able to trigger a retest yourself
under circumstances where waiting for dependent patches is needed.
On Tue, Feb 28, 2023 at 10:02 AM Akhil Goyal <gakhil@marvell.com> wrote:
> Hi Patrick,
>
>
>
> The issue reported by CI in below link is not an issue, as the patchset
> was dependent on another patch which is already merged. Now we are
> observing a new issue which is coming only on CentOS I believe.
>
> CI reports are not useful in case there are dependent patches. There
> should be a way maintainer/developer can retrigger the CI as required when
> other patches are merged.
>
>
>
> This issue got skipped as I personally do not test on CentOS and CI
> results are not meaningful when there were dependent patches.
>
> Below is the log for the compilation issue observed now on TOT when these
> patches are applied which is not visible in the below link.
>
>
>
> > OS: CentOS79-64
>
> > Target: x86_64-native-linuxapp-gcc
>
> > FAILED: examples/dpdk-fips_validation.p/fips_validation_main.c.o
>
> > gcc -Iexamples/dpdk-fips_validation.p -Iexamples -I../examples -
>
> > Iexamples/fips_validation -I../examples/fips_validation
> -I../examples/common -
>
> > I. -I.. -Iconfig -I../config -Ilib/eal/include -I../lib/eal/include -
>
> > Ilib/eal/linux/include -I../lib/eal/linux/include -Ilib/eal/x86/include -
>
> > I../lib/eal/x86/include -Ilib/eal/common -I../lib/eal/common -Ilib/eal
> -I../lib/eal
>
> > -Ilib/kvargs -I../lib/kvargs -Ilib/metrics -I../lib/metrics
> -Ilib/telemetry -
>
> > I../lib/telemetry -Ilib/mempool -I../lib/mempool -Ilib/ring
> -I../lib/ring -Ilib/net -
>
> > I../lib/net -Ilib/mbuf -I../lib/mbuf -Ilib/ethdev -I../lib/ethdev
> -Ilib/meter -
>
> > I../lib/meter -Ilib/cmdline -I../lib/cmdline -Ilib/cryptodev
> -I../lib/cryptodev -
>
> > Ilib/rcu -I../lib/rcu -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra
> -
>
> > Werror -O3 -include rte_config.h -Wcast-qual -Wdeprecated -Wformat -
>
> > Wformat-nonliteral -Wformat-security -Wmissing-declarations -Wmissing-
>
> > prototypes -Wnested-externs -Wold-style-definition -Wpointer-arith
> -Wsign-
>
> > compare -Wstrict-prototypes -Wundef -Wwrite-strings -Wno-missing-field-
>
> > initializers -D_GNU_SOURCE -march=native -DUSE_OPENSSL -
>
> > DALLOW_EXPERIMENTAL_API -MD -MQ examples/dpdk-
>
> > fips_validation.p/fips_validation_main.c.o -MF examples/dpdk-
>
> > fips_validation.p/fips_validation_main.c.o.d -o examples/dpdk-
>
> > fips_validation.p/fips_validation_main.c.o -c
> ../examples/fips_validation/main.c
>
> > ../examples/fips_validation/main.c: In function 'fips_mct_shake_test':
>
> > ../examples/fips_validation/main.c:2438:5: error: dereferencing
> type-punned
>
> > pointer will break strict-aliasing rules [-Werror=strict-aliasing]
>
> > (*(uint16_t *)rightmost % range);
>
> > ^
>
>
>
>
>
> Regards,
>
> Akhil
>
>
> ------------------------------
>
> Hello Akhil and Gowrishankar,
>
>
>
> We saw the same issue with running the fips sample app under CI testing
> here at the UNH Community Lab:
> http://mails.dpdk.org/archives/test-report/2023-February/350635.html
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mails.dpdk.org_archives_test-2Dreport_2023-2DFebruary_350635.html&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl_PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=QswegPR1LvDRH4f_2rvo_BvAfrFOBGZPVPGXC7pPlKn2Q99LMoJlfwv4ZZ0QxRu-&s=Ozm6byIlAfWxebW0mSomWcCW-0s59wZNJ7QED4-Tjcs&e=>.
> We reported a warn because it failed on the compilation stage (as opposed
> to a failure of the actual sample app run).
>
>
>
> On the other hand, we are excited to see this patch again with the
> compilation part resolved. I sent an email to the dev mailing list a few
> weeks ago for our fips sample app CI testing regarding where we could and
> could not provide test vector coverage, and it appears this patch series
> may resolve our ciphertext issue with AES-GCM test vector and more issues
> with the sample app. So - looking forward to seeing a patch like this being
> merged when stable!
>
>
>
> Best,
>
> Patrick Robb
>
>
>
>
>
>
>
>
>
> On Tue, Feb 28, 2023 at 2:39 AM Akhil Goyal <gakhil@marvell.com> wrote:
>
> Hi Gowrishankar,
> > >
> > > > Subject: [v1, 00/10] fips_validation application improvements
> > > >
> > > > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test
> vectors
> > > > and fixes existing algorithms to support NIST test vectors.
> > > >
> > > > Gowrishankar Muthukrishnan (10):
> > > > examples/fips_validation: fix MCT output for SHA
> > > > examples/fips_validation: add SHA3 validation
> > > > examples/fips_validation: fix integer parse in test case
> > > > examples/fips_validation: add SHAKE validation
> > > > examples/fips_validation: add CCM JSON validation
> > > > examples/fips_validation: add ECDSA keygen support
> > > > examples/fips_validation: add SHA3 algorithms in ECDSA test
> > > > examples/fips_validation: fix AES GCM validation tests
> > > > examples/fips_validation: fix AES XTS to read seq number
> > > > examples/fips_validation: add extra space in JSON buffer
> > > >
> > > > doc/guides/sample_app_ug/fips_validation.rst | 7 +-
> > > > examples/fips_validation/fips_validation.c | 31 ++-
> > > > examples/fips_validation/fips_validation.h | 10 +-
> > > > .../fips_validation/fips_validation_ccm.c | 132 ++++++++++++
> > > > .../fips_validation/fips_validation_ecdsa.c | 56 +++++
> > > > .../fips_validation/fips_validation_gcm.c | 12 +-
> > > > .../fips_validation/fips_validation_hmac.c | 8 +
> > > > .../fips_validation/fips_validation_sha.c | 91 ++++++--
> > > > .../fips_validation/fips_validation_xts.c | 13 +-
> > > > examples/fips_validation/main.c | 196
> +++++++++++++-----
> > > > 10 files changed, 467 insertions(+), 89 deletions(-)
> > > >
> > > > --
> > > > 2.25.1
> > >
> > > Series-acked-by: Brian Dooley <brian.dooley@intel.com>
> >
> > Series Applied to dpdk-next-crypto
> The series is showing compilation issues, please fix it. The series is
> removed from the tree.
>
>
>
>
> --
>
> Patrick Robb
>
> Technical Service Manager
>
> UNH InterOperability Laboratory
>
> 21 Madbury Rd, Suite 100, Durham, NH 03824
>
> www.iol.unh.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.iol.unh.edu_&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl_PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=QswegPR1LvDRH4f_2rvo_BvAfrFOBGZPVPGXC7pPlKn2Q99LMoJlfwv4ZZ0QxRu-&s=Gr4qCfskeNAMKr2DcgjPKd30D2zh9SGznw6lTmy1FnA&e=>
>
>
>
>
--
Patrick Robb
Technical Service Manager
UNH InterOperability Laboratory
21 Madbury Rd, Suite 100, Durham, NH 03824
www.iol.unh.edu
[-- Attachment #2: Type: text/html, Size: 14677 bytes --]
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 00/10] fips_validation application improvements
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
` (10 preceding siblings ...)
2023-02-27 9:32 ` [v1, 00/10] fips_validation application improvements Dooley, Brian
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 01/10] examples/fips_validation: fix MCT output for SHA Gowrishankar Muthukrishnan
` (10 more replies)
11 siblings, 11 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
This patch series adds support for SHA3, SHAKE, AES-CCM
JSON test vectors and fixes existing algorithms to
support NIST test vectors.
v2:
- fixed type punning SHAKE test function.
Gowrishankar Muthukrishnan (10):
examples/fips_validation: fix MCT output for SHA
examples/fips_validation: add SHA3 validation
examples/fips_validation: fix integer parse in test case
examples/fips_validation: add SHAKE validation
examples/fips_validation: add CCM JSON validation
examples/fips_validation: add ECDSA keygen support
examples/fips_validation: add SHA3 algorithms in ECDSA test
examples/fips_validation: fix AES GCM validation tests
examples/fips_validation: fix AES XTS to read seq number
examples/fips_validation: add extra space in JSON buffer
doc/guides/sample_app_ug/fips_validation.rst | 7 +-
examples/fips_validation/fips_validation.c | 31 ++-
examples/fips_validation/fips_validation.h | 10 +-
.../fips_validation/fips_validation_ccm.c | 132 ++++++++++++
.../fips_validation/fips_validation_ecdsa.c | 56 +++++
.../fips_validation/fips_validation_gcm.c | 12 +-
.../fips_validation/fips_validation_hmac.c | 8 +
.../fips_validation/fips_validation_sha.c | 91 ++++++--
.../fips_validation/fips_validation_xts.c | 13 +-
examples/fips_validation/main.c | 198 +++++++++++++-----
10 files changed, 469 insertions(+), 89 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 01/10] examples/fips_validation: fix MCT output for SHA
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 02/10] examples/fips_validation: add SHA3 validation Gowrishankar Muthukrishnan
` (9 subsequent siblings)
10 siblings, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
MCT test for SHA need not print message string along
with digest value.
Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation_sha.c | 8 ++------
examples/fips_validation/main.c | 13 +++++--------
2 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index c5da2cc623..178ea492d3 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -182,7 +182,7 @@ parse_test_sha_json_writeback(struct fips_val *val)
static int
parse_test_sha_mct_json_writeback(struct fips_val *val)
{
- json_t *tcId, *msg, *md, *resArr, *res;
+ json_t *tcId, *md, *resArr, *res;
struct fips_val val_local;
tcId = json_object_get(json_info.json_test_case, "tcId");
@@ -208,11 +208,7 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
res = json_object();
- writeback_hex_str("", info.one_line_text, &val[1]);
- msg = json_string(info.one_line_text);
- json_object_set_new(res, "msg", msg);
-
- val_local.val = val[0].val + vec.pt.len;
+ val_local.val = val->val + vec.pt.len;
val_local.len = vec.cipher_auth.digest.len;
writeback_hex_str("", info.one_line_text, &val_local);
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 622f8b5a6e..cc585e8418 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2268,8 +2268,7 @@ fips_mct_sha_test(void)
#define SHA_EXTERN_ITER 100
#define SHA_INTERN_ITER 1000
#define SHA_MD_BLOCK 3
- /* val[0] is op result and other value is for parse_writeback callback */
- struct fips_val val[2] = {{NULL, 0},};
+ struct fips_val val = {NULL, 0};
struct fips_val md[SHA_MD_BLOCK], msg;
int ret;
uint32_t i, j;
@@ -2328,7 +2327,7 @@ fips_mct_sha_test(void)
return ret;
}
- ret = get_writeback_data(&val[0]);
+ ret = get_writeback_data(&val);
if (ret < 0)
return ret;
@@ -2337,7 +2336,7 @@ fips_mct_sha_test(void)
memcpy(md[1].val, md[2].val, md[2].len);
md[1].len = md[2].len;
- memcpy(md[2].val, (val[0].val + vec.pt.len),
+ memcpy(md[2].val, (val.val + vec.pt.len),
vec.cipher_auth.digest.len);
md[2].len = vec.cipher_auth.digest.len;
}
@@ -2348,9 +2347,7 @@ fips_mct_sha_test(void)
if (info.file_type != FIPS_TYPE_JSON)
fprintf(info.fp_wr, "COUNT = %u\n", j);
- val[1].val = msg.val;
- val[1].len = msg.len;
- info.parse_writeback(val);
+ info.parse_writeback(&val);
if (info.file_type != FIPS_TYPE_JSON)
fprintf(info.fp_wr, "\n");
@@ -2361,7 +2358,7 @@ fips_mct_sha_test(void)
rte_free(vec.pt.val);
- free(val[0].val);
+ free(val.val);
free(msg.val);
return 0;
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 02/10] examples/fips_validation: add SHA3 validation
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 01/10] examples/fips_validation: fix MCT output for SHA Gowrishankar Muthukrishnan
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 03/10] examples/fips_validation: fix integer parse in test case Gowrishankar Muthukrishnan
` (8 subsequent siblings)
10 siblings, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Add support in fips_validation to parse SHA3 algorithms.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
doc/guides/sample_app_ug/fips_validation.rst | 5 +-
examples/fips_validation/fips_validation.h | 1 +
.../fips_validation/fips_validation_hmac.c | 8 ++
.../fips_validation/fips_validation_sha.c | 20 +++--
examples/fips_validation/main.c | 76 +++++++++----------
5 files changed, 61 insertions(+), 49 deletions(-)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 50d23c789b..55837895fe 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -64,8 +64,9 @@ ACVP
* AES-CTR (128,192,256) - AFT, CTR
* AES-GMAC (128,192,256) - AFT
* AES-XTS (128,256) - AFT
- * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
- * SHA (1, 256, 384, 512) - AFT, MCT
+ * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512)
+ * SHA (1, 224, 256, 384, 512) - AFT, MCT
+ * SHA3 (224, 256, 384, 512) - AFT, MCT
* TDES-CBC - AFT, MCT
* TDES-ECB - AFT, MCT
* RSA
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 565a5cd36e..6c1bd35849 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -205,6 +205,7 @@ struct sha_interim_data {
/* keep algo always on top as it is also used in asym digest */
enum rte_crypto_auth_algorithm algo;
enum fips_sha_test_types test_type;
+ uint8_t md_blocks;
};
struct gcm_interim_data {
diff --git a/examples/fips_validation/fips_validation_hmac.c b/examples/fips_validation/fips_validation_hmac.c
index e0721ef028..f1cbc18435 100644
--- a/examples/fips_validation/fips_validation_hmac.c
+++ b/examples/fips_validation/fips_validation_hmac.c
@@ -37,6 +37,10 @@ struct hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
{"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
{"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
+ {"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+ {"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+ {"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+ {"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
};
static int
@@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = {
{"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
{"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
{"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
+ {"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+ {"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+ {"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+ {"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
};
struct fips_test_callback hmac_tests_json_vectors[] = {
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index 178ea492d3..8b68f5ed36 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -32,6 +32,10 @@ struct plain_hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA256},
{"48", RTE_CRYPTO_AUTH_SHA384},
{"64", RTE_CRYPTO_AUTH_SHA512},
+ {"28", RTE_CRYPTO_AUTH_SHA3_224},
+ {"32", RTE_CRYPTO_AUTH_SHA3_256},
+ {"48", RTE_CRYPTO_AUTH_SHA3_384},
+ {"64", RTE_CRYPTO_AUTH_SHA3_512},
};
int
@@ -96,12 +100,17 @@ static struct {
static struct plain_hash_algorithms {
const char *str;
enum rte_crypto_auth_algorithm algo;
+ uint8_t md_blocks;
} json_algorithms[] = {
- {"SHA-1", RTE_CRYPTO_AUTH_SHA1},
- {"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
- {"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
- {"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
- {"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+ {"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3},
+ {"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3},
+ {"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3},
+ {"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3},
+ {"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3},
+ {"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1},
+ {"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
+ {"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
+ {"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
};
struct fips_test_callback sha_tests_json_vectors[] = {
@@ -233,6 +242,7 @@ parse_test_sha_json_algorithm(void)
for (i = 0; i < RTE_DIM(json_algorithms); i++) {
if (strstr(algorithm_str, json_algorithms[i].str)) {
info.interim_info.sha_data.algo = json_algorithms[i].algo;
+ info.interim_info.sha_data.md_blocks = json_algorithms[i].md_blocks;
break;
}
}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index cc585e8418..cf29e440f1 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2267,22 +2267,27 @@ fips_mct_sha_test(void)
{
#define SHA_EXTERN_ITER 100
#define SHA_INTERN_ITER 1000
-#define SHA_MD_BLOCK 3
+ uint8_t md_blocks = info.interim_info.sha_data.md_blocks;
struct fips_val val = {NULL, 0};
- struct fips_val md[SHA_MD_BLOCK], msg;
+ struct fips_val md[md_blocks];
int ret;
- uint32_t i, j;
+ uint32_t i, j, k, offset, max_outlen;
+
+ max_outlen = md_blocks * vec.cipher_auth.digest.len;
+
+ if (vec.cipher_auth.digest.val)
+ free(vec.cipher_auth.digest.val);
+
+ vec.cipher_auth.digest.val = calloc(1, max_outlen);
- msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
- msg.val = calloc(1, msg.len);
if (vec.pt.val)
memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.cipher_auth.digest.len);
- for (i = 0; i < SHA_MD_BLOCK; i++)
- md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
-
rte_free(vec.pt.val);
- vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
+ vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*md_blocks), 0);
+
+ for (i = 0; i < md_blocks; i++)
+ md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
if (info.file_type != FIPS_TYPE_JSON) {
fips_test_write_one_case();
@@ -2290,30 +2295,19 @@ fips_mct_sha_test(void)
}
for (j = 0; j < SHA_EXTERN_ITER; j++) {
-
- memcpy(md[0].val, vec.cipher_auth.digest.val,
- vec.cipher_auth.digest.len);
- md[0].len = vec.cipher_auth.digest.len;
- memcpy(md[1].val, vec.cipher_auth.digest.val,
- vec.cipher_auth.digest.len);
- md[1].len = vec.cipher_auth.digest.len;
- memcpy(md[2].val, vec.cipher_auth.digest.val,
- vec.cipher_auth.digest.len);
- md[2].len = vec.cipher_auth.digest.len;
-
- for (i = 0; i < SHA_MD_BLOCK; i++)
- memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
+ for (i = 0; i < md_blocks; i++) {
+ memcpy(md[i].val, vec.cipher_auth.digest.val,
+ vec.cipher_auth.digest.len);
+ md[i].len = vec.cipher_auth.digest.len;
+ }
for (i = 0; i < (SHA_INTERN_ITER); i++) {
-
- memcpy(vec.pt.val, md[0].val,
- (size_t)md[0].len);
- memcpy((vec.pt.val + md[0].len), md[1].val,
- (size_t)md[1].len);
- memcpy((vec.pt.val + md[0].len + md[1].len),
- md[2].val,
- (size_t)md[2].len);
- vec.pt.len = md[0].len + md[1].len + md[2].len;
+ offset = 0;
+ for (k = 0; k < md_blocks; k++) {
+ memcpy(vec.pt.val + offset, md[k].val, (size_t)md[k].len);
+ offset += md[k].len;
+ }
+ vec.pt.len = offset;
ret = fips_run_test();
if (ret < 0) {
@@ -2331,18 +2325,18 @@ fips_mct_sha_test(void)
if (ret < 0)
return ret;
- memcpy(md[0].val, md[1].val, md[1].len);
- md[0].len = md[1].len;
- memcpy(md[1].val, md[2].val, md[2].len);
- md[1].len = md[2].len;
+ for (k = 1; k < md_blocks; k++) {
+ memcpy(md[k-1].val, md[k].val, md[k].len);
+ md[k-1].len = md[k].len;
+ }
- memcpy(md[2].val, (val.val + vec.pt.len),
+ memcpy(md[md_blocks-1].val, (val.val + vec.pt.len),
vec.cipher_auth.digest.len);
- md[2].len = vec.cipher_auth.digest.len;
+ md[md_blocks-1].len = vec.cipher_auth.digest.len;
}
- memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
- vec.cipher_auth.digest.len = md[2].len;
+ memcpy(vec.cipher_auth.digest.val, md[md_blocks-1].val, md[md_blocks-1].len);
+ vec.cipher_auth.digest.len = md[md_blocks-1].len;
if (info.file_type != FIPS_TYPE_JSON)
fprintf(info.fp_wr, "COUNT = %u\n", j);
@@ -2353,14 +2347,12 @@ fips_mct_sha_test(void)
fprintf(info.fp_wr, "\n");
}
- for (i = 0; i < (SHA_MD_BLOCK); i++)
+ for (i = 0; i < (md_blocks); i++)
rte_free(md[i].val);
rte_free(vec.pt.val);
free(val.val);
- free(msg.val);
-
return 0;
}
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 03/10] examples/fips_validation: fix integer parse in test case
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 01/10] examples/fips_validation: fix MCT output for SHA Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 02/10] examples/fips_validation: add SHA3 validation Gowrishankar Muthukrishnan
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 04/10] examples/fips_validation: add SHAKE validation Gowrishankar Muthukrishnan
` (7 subsequent siblings)
10 siblings, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Parsing integer value in test case vector does not store
it because only string was expected. This patch adds handling
for integer value as well.
Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation.c | 29 ++++++++++++++++------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index f7a6d821ea..d3b6099d73 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -543,15 +543,28 @@ fips_test_parse_one_json_case(void)
for (i = 0; info.callbacks[i].key != NULL; i++) {
param = json_object_get(json_info.json_test_case, info.callbacks[i].key);
- if (param) {
- strcpy(info.one_line_text, json_string_value(param));
- ret = info.callbacks[i].cb(
- info.callbacks[i].key, info.one_line_text,
- info.callbacks[i].val
- );
- if (ret < 0)
- return ret;
+ if (!param)
+ continue;
+
+ switch (json_typeof(param)) {
+ case JSON_STRING:
+ snprintf(info.one_line_text, MAX_LINE_CHAR, "%s",
+ json_string_value(param));
+ break;
+
+ case JSON_INTEGER:
+ snprintf(info.one_line_text, MAX_LINE_CHAR, "%"JSON_INTEGER_FORMAT,
+ json_integer_value(param));
+ break;
+
+ default:
+ return -EINVAL;
}
+
+ ret = info.callbacks[i].cb(info.callbacks[i].key, info.one_line_text,
+ info.callbacks[i].val);
+ if (ret < 0)
+ return ret;
}
return 0;
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 04/10] examples/fips_validation: add SHAKE validation
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
` (2 preceding siblings ...)
2023-02-28 17:28 ` [v2, 03/10] examples/fips_validation: fix integer parse in test case Gowrishankar Muthukrishnan
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 05/10] examples/fips_validation: add CCM JSON validation Gowrishankar Muthukrishnan
` (6 subsequent siblings)
10 siblings, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Add support in fips_validation to parse SHAKE algorithms.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
v2:
- fixed type punning reported in CI.
---
doc/guides/sample_app_ug/fips_validation.rst | 1 +
examples/fips_validation/fips_validation.h | 4 +-
.../fips_validation/fips_validation_sha.c | 63 +++++++++++-
examples/fips_validation/main.c | 95 ++++++++++++++++++-
4 files changed, 156 insertions(+), 7 deletions(-)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 55837895fe..4fc8297b34 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -67,6 +67,7 @@ ACVP
* HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512)
* SHA (1, 224, 256, 384, 512) - AFT, MCT
* SHA3 (224, 256, 384, 512) - AFT, MCT
+ * SHAKE (128, 256) - AFT, MCT, VOT
* TDES-CBC - AFT, MCT
* TDES-ECB - AFT, MCT
* RSA
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 6c1bd35849..8fcb5c8500 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -163,7 +163,8 @@ enum fips_ccm_test_types {
enum fips_sha_test_types {
SHA_KAT = 0,
SHA_AFT,
- SHA_MCT
+ SHA_MCT,
+ SHAKE_VOT
};
enum fips_rsa_test_types {
@@ -205,6 +206,7 @@ struct sha_interim_data {
/* keep algo always on top as it is also used in asym digest */
enum rte_crypto_auth_algorithm algo;
enum fips_sha_test_types test_type;
+ uint8_t min_outlen;
uint8_t md_blocks;
};
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index 8b68f5ed36..7ce7d3744f 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -22,6 +22,9 @@
#define TESTTYPE_JSON_STR "testType"
#define PT_JSON_STR "msg"
+#define OUTLEN_JSON_STR "outLen"
+#define MINOUTLEN_JSON_STR "minOutLen"
+#define MAXOUTLEN_JSON_STR "maxOutLen"
struct plain_hash_size_conversion {
const char *str;
@@ -36,6 +39,8 @@ struct plain_hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA3_256},
{"48", RTE_CRYPTO_AUTH_SHA3_384},
{"64", RTE_CRYPTO_AUTH_SHA3_512},
+ {"16", RTE_CRYPTO_AUTH_SHAKE_128},
+ {"32", RTE_CRYPTO_AUTH_SHAKE_256},
};
int
@@ -89,12 +94,26 @@ struct fips_test_callback sha_tests_interim_vectors[] = {
};
#ifdef USE_JANSSON
+static int
+parse_interim_str(const char *key, char *src, struct fips_val *val)
+{
+ RTE_SET_USED(val);
+
+ if (strcmp(key, MINOUTLEN_JSON_STR) == 0)
+ info.interim_info.sha_data.min_outlen = atoi(src) / 8;
+ else if (strcmp(key, MAXOUTLEN_JSON_STR) == 0)
+ vec.cipher_auth.digest.len = atoi(src) / 8;
+
+ return 0;
+}
+
static struct {
uint32_t type;
const char *desc;
} sha_test_types[] = {
{SHA_MCT, "MCT"},
{SHA_AFT, "AFT"},
+ {SHAKE_VOT, "VOT"},
};
static struct plain_hash_algorithms {
@@ -111,10 +130,19 @@ static struct plain_hash_algorithms {
{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
+ {"SHAKE-128", RTE_CRYPTO_AUTH_SHAKE_128, 1},
+ {"SHAKE-256", RTE_CRYPTO_AUTH_SHAKE_256, 1},
};
struct fips_test_callback sha_tests_json_vectors[] = {
{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+ {OUTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.cipher_auth.digest},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback sha_tests_interim_json_vectors[] = {
+ {MINOUTLEN_JSON_STR, parse_interim_str, NULL},
+ {MAXOUTLEN_JSON_STR, parse_interim_str, NULL},
{NULL, NULL, NULL} /**< end pointer */
};
#endif /* USE_JANSSON */
@@ -185,6 +213,11 @@ parse_test_sha_json_writeback(struct fips_val *val)
md = json_string(info.one_line_text);
json_object_set_new(json_info.json_write_case, "md", md);
+ if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+ info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+ json_object_set_new(json_info.json_write_case, "outLen",
+ json_integer(vec.cipher_auth.digest.len * 8));
+
return 0;
}
@@ -193,6 +226,11 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
{
json_t *tcId, *md, *resArr, *res;
struct fips_val val_local;
+ bool is_shake = false;
+
+ if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+ info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+ is_shake = true;
tcId = json_object_get(json_info.json_test_case, "tcId");
if (json_info.json_write_case) {
@@ -204,11 +242,17 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
json_object_set_new(json_info.json_write_case, "tcId", tcId);
json_object_set_new(json_info.json_write_case, "resultsArray",
json_array());
+ if (is_shake)
+ json_object_set_new(json_info.json_write_case, "outLen",
+ json_integer(0));
}
} else {
json_info.json_write_case = json_object();
json_object_set_new(json_info.json_write_case, "tcId", tcId);
json_object_set_new(json_info.json_write_case, "resultsArray", json_array());
+ if (is_shake)
+ json_object_set_new(json_info.json_write_case, "outLen",
+ json_integer(0));
}
resArr = json_object_get(json_info.json_write_case, "resultsArray");
@@ -224,6 +268,9 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
md = json_string(info.one_line_text);
json_object_set_new(res, "md", md);
+ if (is_shake)
+ json_object_set_new(res, "outLen", json_integer(vec.cipher_auth.digest.len * 8));
+
json_array_append_new(resArr, res);
return 0;
}
@@ -250,12 +297,17 @@ parse_test_sha_json_algorithm(void)
if (i == RTE_DIM(json_algorithms))
return -1;
- sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo);
+ if (info.interim_info.sha_data.test_type == SHAKE_VOT) {
+ sz = vec.cipher_auth.digest.len;
+ } else {
+ sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo);
+ vec.cipher_auth.digest.len = sz;
+ }
+
if (sz < 0)
return -1;
free(vec.cipher_auth.digest.val);
- vec.cipher_auth.digest.len = sz;
vec.cipher_auth.digest.val = calloc(1, sz);
if (vec.cipher_auth.digest.val == NULL)
return -1;
@@ -288,6 +340,7 @@ parse_test_sha_json_test_type(void)
info.parse_writeback = parse_test_sha_mct_json_writeback;
break;
case SHA_AFT:
+ case SHAKE_VOT:
info.parse_writeback = parse_test_sha_json_writeback;
break;
default:
@@ -308,12 +361,12 @@ parse_test_sha_json_init(void)
info.callbacks = sha_tests_json_vectors;
info.writeback_callbacks = NULL;
info.kat_check = rsp_test_sha_check;
- info.interim_callbacks = NULL;
+ info.interim_callbacks = sha_tests_interim_json_vectors;
- if (parse_test_sha_json_algorithm() < 0)
+ if (parse_test_sha_json_test_type() < 0)
return -1;
- if (parse_test_sha_json_test_type() < 0)
+ if (parse_test_sha_json_algorithm() < 0)
return -1;
return 0;
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index cf29e440f1..d9e8c0eb02 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2356,6 +2356,95 @@ fips_mct_sha_test(void)
return 0;
}
+static int
+fips_mct_shake_test(void)
+{
+#define SHAKE_EXTERN_ITER 100
+#define SHAKE_INTERN_ITER 1000
+ uint32_t i, j, range, outlen, max_outlen;
+ struct fips_val val = {NULL, 0}, md;
+ uint8_t rightmost[2];
+ uint16_t *rightptr;
+ int ret;
+
+ max_outlen = vec.cipher_auth.digest.len;
+
+ if (vec.cipher_auth.digest.val)
+ free(vec.cipher_auth.digest.val);
+
+ vec.cipher_auth.digest.val = calloc(1, max_outlen);
+
+ if (vec.pt.val)
+ memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.pt.len);
+
+ rte_free(vec.pt.val);
+ vec.pt.val = rte_malloc(NULL, 16, 0);
+ vec.pt.len = 16;
+
+ md.val = rte_malloc(NULL, max_outlen, 0);
+ md.len = max_outlen;
+
+ if (info.file_type != FIPS_TYPE_JSON) {
+ fips_test_write_one_case();
+ fprintf(info.fp_wr, "\n");
+ }
+
+ range = max_outlen - info.interim_info.sha_data.min_outlen + 1;
+ outlen = max_outlen;
+ for (j = 0; j < SHAKE_EXTERN_ITER; j++) {
+ memset(md.val, 0, max_outlen);
+ memcpy(md.val, vec.cipher_auth.digest.val,
+ vec.cipher_auth.digest.len);
+
+ for (i = 0; i < (SHAKE_INTERN_ITER); i++) {
+ memset(vec.pt.val, 0, vec.pt.len);
+ memcpy(vec.pt.val, md.val, vec.pt.len);
+ vec.cipher_auth.digest.len = outlen;
+ ret = fips_run_test();
+ if (ret < 0) {
+ if (ret == -EPERM || ret == -ENOTSUP) {
+ if (info.file_type == FIPS_TYPE_JSON)
+ return ret;
+
+ fprintf(info.fp_wr, "Bypass\n\n");
+ return 0;
+ }
+ return ret;
+ }
+
+ ret = get_writeback_data(&val);
+ if (ret < 0)
+ return ret;
+
+ memset(md.val, 0, max_outlen);
+ memcpy(md.val, (val.val + vec.pt.len),
+ vec.cipher_auth.digest.len);
+ md.len = outlen;
+ rightmost[0] = md.val[md.len-1];
+ rightmost[1] = md.val[md.len-2];
+ rightptr = (uint16_t *)rightmost;
+ outlen = info.interim_info.sha_data.min_outlen +
+ (*rightptr % range);
+ }
+
+ memcpy(vec.cipher_auth.digest.val, md.val, md.len);
+ vec.cipher_auth.digest.len = md.len;
+
+ if (info.file_type != FIPS_TYPE_JSON)
+ fprintf(info.fp_wr, "COUNT = %u\n", j);
+
+ info.parse_writeback(&val);
+
+ if (info.file_type != FIPS_TYPE_JSON)
+ fprintf(info.fp_wr, "\n");
+ }
+
+ rte_free(md.val);
+ rte_free(vec.pt.val);
+
+ free(val.val);
+ return 0;
+}
static int
init_test_ops(void)
@@ -2408,7 +2497,11 @@ init_test_ops(void)
test_ops.prepare_sym_op = prepare_auth_op;
test_ops.prepare_sym_xform = prepare_sha_xform;
if (info.interim_info.sha_data.test_type == SHA_MCT)
- test_ops.test = fips_mct_sha_test;
+ if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+ info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+ test_ops.test = fips_mct_shake_test;
+ else
+ test_ops.test = fips_mct_sha_test;
else
test_ops.test = fips_generic_test;
break;
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 05/10] examples/fips_validation: add CCM JSON validation
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
` (3 preceding siblings ...)
2023-02-28 17:28 ` [v2, 04/10] examples/fips_validation: add SHAKE validation Gowrishankar Muthukrishnan
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 06/10] examples/fips_validation: add ECDSA keygen support Gowrishankar Muthukrishnan
` (5 subsequent siblings)
10 siblings, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Add support in fips_validation to parse CCM JSON vectors.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
doc/guides/sample_app_ug/fips_validation.rst | 1 +
examples/fips_validation/fips_validation.c | 2 +
examples/fips_validation/fips_validation.h | 3 +
.../fips_validation/fips_validation_ccm.c | 132 ++++++++++++++++++
examples/fips_validation/main.c | 3 +
5 files changed, 141 insertions(+)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 4fc8297b34..613c5afd19 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -60,6 +60,7 @@ ACVP
* Supported test vectors
* AES-CBC (128,192,256) - AFT, MCT
* AES-GCM (128,192,256) - AFT
+ * AES-CCM (128,192,256) - AFT
* AES-CMAC (128,192,256) - AFT
* AES-CTR (128,192,256) - AFT, CTR
* AES-GMAC (128,192,256) - AFT
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index d3b6099d73..f840804009 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -460,6 +460,8 @@ fips_test_parse_one_json_vector_set(void)
/* Vector sets contain the algorithm type, and nothing else we need. */
if (strstr(algo_str, "AES-GCM"))
info.algo = FIPS_TEST_ALGO_AES_GCM;
+ else if (strstr(algo_str, "AES-CCM"))
+ info.algo = FIPS_TEST_ALGO_AES_CCM;
else if (strstr(algo_str, "AES-GMAC"))
info.algo = FIPS_TEST_ALGO_AES_GMAC;
else if (strstr(algo_str, "HMAC"))
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 8fcb5c8500..c4988053c1 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -338,6 +338,9 @@ fips_test_parse_one_json_case(void);
int
parse_test_gcm_json_init(void);
+int
+parse_test_ccm_json_init(void);
+
int
parse_test_hmac_json_init(void);
diff --git a/examples/fips_validation/fips_validation_ccm.c b/examples/fips_validation/fips_validation_ccm.c
index 632999c1e4..0e3ee0d247 100644
--- a/examples/fips_validation/fips_validation_ccm.c
+++ b/examples/fips_validation/fips_validation_ccm.c
@@ -34,6 +34,18 @@
#define POS_KEYWORD "Pass"
#define NEG_KEYWORD "Fail"
+#define DIR_JSON_STR "direction"
+#define IVLEN_JSON_STR "ivLen"
+#define PTLEN_JSON_STR "payloadLen"
+#define AADLEN_JSON_STR "aadLen"
+#define TAGLEN_JSON_STR "tagLen"
+#define KEYLEN_JSON_STR "keyLen"
+#define PT_JSON_STR "pt"
+#define CT_JSON_STR "ct"
+#define KEY_JSON_STR "key"
+#define IV_JSON_STR "iv"
+#define AAD_JSON_STR "aad"
+
static int
parser_dvpt_interim(const char *key, char *src, struct fips_val *val)
{
@@ -206,6 +218,126 @@ struct ccm_test_types {
FIPS_TEST_ENC_AUTH_GEN},
};
+#ifdef USE_JANSSON
+static int
+parser_read_ccm_direction_str(__rte_unused const char *key, char *src,
+ __rte_unused struct fips_val *val)
+{
+ if (strcmp(src, "encrypt") == 0)
+ info.op = FIPS_TEST_ENC_AUTH_GEN;
+ else if (strcmp(src, "decrypt") == 0)
+ info.op = FIPS_TEST_DEC_AUTH_VERIF;
+
+ return 0;
+}
+
+static int
+parser_read_ccm_aad_str(const char *key, char *src, struct fips_val *val)
+{
+ struct fips_val tmp_val = {0};
+ uint32_t len = val->len;
+
+ /* CCM aad requires 18 bytes padding before the real content */
+ val->val = rte_zmalloc(NULL, len + 18, 0);
+ if (!val->val)
+ return -1;
+
+ if (parse_uint8_hex_str(key, src, &tmp_val) < 0)
+ return -1;
+
+ memcpy(val->val + 18, tmp_val.val, val->len);
+ rte_free(tmp_val.val);
+
+ return 0;
+}
+
+static int
+parse_read_ccm_ct_str(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ val->len = vec.pt.len;
+
+ ret = parse_uint8_known_len_hex_str(key, src, val);
+ if (ret < 0)
+ return ret;
+
+ src += val->len * 2;
+
+ ret = parse_uint8_known_len_hex_str("", src, &vec.aead.digest);
+ if (ret < 0) {
+ rte_free(val->val);
+ memset(val, 0, sizeof(*val));
+ return ret;
+ }
+
+ return 0;
+}
+
+struct fips_test_callback ccm_tests_interim_json_vectors[] = {
+ {DIR_JSON_STR, parser_read_ccm_direction_str, NULL},
+ {IVLEN_JSON_STR, parser_read_uint32_bit_val, &vec.iv},
+ {PTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.pt},
+ {AADLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.aad},
+ {TAGLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.digest},
+ {KEYLEN_JSON_STR, parser_read_uint32_bit_val, &vec.aead.key},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_tests_json_vectors[] = {
+ {PT_JSON_STR, parse_uint8_known_len_hex_str, &vec.pt},
+ {CT_JSON_STR, parse_read_ccm_ct_str, &vec.ct},
+ {KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.aead.key},
+ {IV_JSON_STR, parse_uint8_known_len_hex_str, &vec.iv},
+ {AAD_JSON_STR, parser_read_ccm_aad_str, &vec.aead.aad},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_ccm_json_writeback(struct fips_val *val)
+{
+ struct fips_val tmp_val;
+ json_t *tcId;
+
+ tcId = json_object_get(json_info.json_test_case, "tcId");
+ json_info.json_write_case = json_object();
+ json_object_set(json_info.json_write_case, "tcId", tcId);
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ json_t *ct;
+
+ info.one_line_text[0] = '\0';
+ writeback_hex_str("", info.one_line_text, val);
+ ct = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct);
+ } else {
+ if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
+ tmp_val.val = val->val;
+ tmp_val.len = vec.pt.len;
+
+ info.one_line_text[0] = '\0';
+ writeback_hex_str("", info.one_line_text, &tmp_val);
+ json_object_set_new(json_info.json_write_case, PT_JSON_STR,
+ json_string(info.one_line_text));
+ } else {
+ json_object_set_new(json_info.json_write_case, "testPassed",
+ json_false());
+ }
+ }
+
+ return 0;
+}
+
+int
+parse_test_ccm_json_init(void)
+{
+ info.interim_callbacks = ccm_tests_interim_json_vectors;
+ info.parse_writeback = parse_test_ccm_json_writeback;
+ info.callbacks = ccm_tests_json_vectors;
+ return 0;
+}
+#endif /* USE_JANSSON */
+
static int
parse_test_ccm_writeback(struct fips_val *val)
{
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index d9e8c0eb02..5c6c12982d 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2679,6 +2679,9 @@ fips_test_one_test_group(void)
case FIPS_TEST_ALGO_AES_GCM:
ret = parse_test_gcm_json_init();
break;
+ case FIPS_TEST_ALGO_AES_CCM:
+ ret = parse_test_ccm_json_init();
+ break;
case FIPS_TEST_ALGO_HMAC:
ret = parse_test_hmac_json_init();
break;
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 06/10] examples/fips_validation: add ECDSA keygen support
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
` (4 preceding siblings ...)
2023-02-28 17:28 ` [v2, 05/10] examples/fips_validation: add CCM JSON validation Gowrishankar Muthukrishnan
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test Gowrishankar Muthukrishnan
` (4 subsequent siblings)
10 siblings, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Add support to validate ECDSA keygen mode tests.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
.../fips_validation/fips_validation_ecdsa.c | 52 +++++++++++++++++++
examples/fips_validation/main.c | 13 +++++
2 files changed, 65 insertions(+)
diff --git a/examples/fips_validation/fips_validation_ecdsa.c b/examples/fips_validation/fips_validation_ecdsa.c
index d47ab0b5d1..5c91abfc5a 100644
--- a/examples/fips_validation/fips_validation_ecdsa.c
+++ b/examples/fips_validation/fips_validation_ecdsa.c
@@ -295,6 +295,20 @@ parse_test_ecdsa_json_writeback(struct fips_val *val)
json_object_set_new(json_info.json_write_case, "testPassed", json_true());
else
json_object_set_new(json_info.json_write_case, "testPassed", json_false());
+ } else if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+ json_t *obj;
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.pkey);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "d", obj);
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.qx);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "qx", obj);
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.qy);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "qy", obj);
}
return 0;
@@ -367,6 +381,36 @@ parse_siggen_message_str(const char *key, char *src, struct fips_val *val)
return ret;
}
+static int
+parse_keygen_tc_str(const char *key, char *src, struct fips_val *val)
+{
+ RTE_SET_USED(key);
+ RTE_SET_USED(src);
+ RTE_SET_USED(val);
+
+ if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+ if (vec.ecdsa.pkey.val) {
+ rte_free(vec.ecdsa.pkey.val);
+ vec.ecdsa.pkey.val = NULL;
+ }
+
+ if (vec.ecdsa.k.val) {
+ rte_free(vec.ecdsa.k.val);
+ vec.ecdsa.k.val = NULL;
+ }
+
+ if (prepare_vec_ecdsa() < 0)
+ return -1;
+
+ if (prepare_vec_ecdsa_k() < 0)
+ return -1;
+
+ info.interim_info.ecdsa_data.pubkey_gen = 1;
+ }
+
+ return 0;
+}
+
static int
parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val *val)
{
@@ -402,6 +446,11 @@ struct fips_test_callback ecdsa_sigver_json_vectors[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+struct fips_test_callback ecdsa_keygen_json_vectors[] = {
+ {"tcId", parse_keygen_tc_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
int
parse_test_ecdsa_json_init(void)
{
@@ -421,6 +470,9 @@ parse_test_ecdsa_json_init(void)
} else if (strcmp(mode_str, "sigVer") == 0) {
info.op = FIPS_TEST_ASYM_SIGVER;
info.callbacks = ecdsa_sigver_json_vectors;
+ } else if (strcmp(mode_str, "keyGen") == 0) {
+ info.op = FIPS_TEST_ASYM_KEYGEN;
+ info.callbacks = ecdsa_keygen_json_vectors;
} else {
return -EINVAL;
}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 5c6c12982d..2c4353185e 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1758,6 +1758,19 @@ fips_run_test(void)
env.op = env.sym.op;
if (env.is_asym_test) {
+ if (info.op == FIPS_TEST_ASYM_KEYGEN &&
+ info.algo == FIPS_TEST_ALGO_ECDSA) {
+ env.op = env.asym.op;
+ test_ops.prepare_asym_xform = prepare_ecfpm_xform;
+ test_ops.prepare_asym_op = prepare_ecfpm_op;
+ ret = fips_run_asym_test();
+ if (ret < 0)
+ return ret;
+
+ info.interim_info.ecdsa_data.pubkey_gen = 0;
+ return ret;
+ }
+
vec.cipher_auth.digest.len = parse_test_sha_hash_size(
info.interim_info.rsa_data.auth);
test_ops.prepare_sym_xform = prepare_sha_xform;
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
` (5 preceding siblings ...)
2023-02-28 17:28 ` [v2, 06/10] examples/fips_validation: add ECDSA keygen support Gowrishankar Muthukrishnan
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 08/10] examples/fips_validation: fix AES GCM validation tests Gowrishankar Muthukrishnan
` (3 subsequent siblings)
10 siblings, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Add SHA3 algorithms in ECDSA as supported.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation_ecdsa.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/examples/fips_validation/fips_validation_ecdsa.c b/examples/fips_validation/fips_validation_ecdsa.c
index 5c91abfc5a..aef722d147 100644
--- a/examples/fips_validation/fips_validation_ecdsa.c
+++ b/examples/fips_validation/fips_validation_ecdsa.c
@@ -50,6 +50,10 @@ struct {
{RTE_CRYPTO_AUTH_SHA256, "SHA2-256"},
{RTE_CRYPTO_AUTH_SHA384, "SHA2-384"},
{RTE_CRYPTO_AUTH_SHA512, "SHA2-512"},
+ {RTE_CRYPTO_AUTH_SHA3_224, "SHA3-224"},
+ {RTE_CRYPTO_AUTH_SHA3_256, "SHA3-256"},
+ {RTE_CRYPTO_AUTH_SHA3_384, "SHA3-384"},
+ {RTE_CRYPTO_AUTH_SHA3_512, "SHA3-512"},
};
struct {
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 08/10] examples/fips_validation: fix AES GCM validation tests
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
` (6 preceding siblings ...)
2023-02-28 17:28 ` [v2, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test Gowrishankar Muthukrishnan
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 09/10] examples/fips_validation: fix AES XTS to read seq number Gowrishankar Muthukrishnan
` (2 subsequent siblings)
10 siblings, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
AES GCM validation tests fail in FIPS validation due to incorrect
fields populated in response file. This patch fixes them.
Fixes: 5b540bebac8e ("examples/fips_validation: fix GMAC decryption output")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation_gcm.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/examples/fips_validation/fips_validation_gcm.c b/examples/fips_validation/fips_validation_gcm.c
index a80d8b3e4d..bf08d1b995 100644
--- a/examples/fips_validation/fips_validation_gcm.c
+++ b/examples/fips_validation/fips_validation_gcm.c
@@ -79,7 +79,7 @@ parser_read_gcm_pt_len(const char *key, char *src,
if (ret < 0)
return ret;
- if (vec.pt.len == 0) {
+ if (info.algo == FIPS_TEST_ALGO_AES_GMAC && vec.pt.len == 0) {
info.interim_info.gcm_data.is_gmac = 1;
test_ops.prepare_sym_op = prepare_auth_op;
test_ops.prepare_sym_xform = prepare_gmac_xform;
@@ -296,6 +296,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
tmp_val.val = val->val;
tmp_val.len = vec.pt.len;
+ info.one_line_text[0] = '\0';
writeback_hex_str("", info.one_line_text, &tmp_val);
ct = json_string(info.one_line_text);
json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct);
@@ -326,6 +327,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
tmp_val.val = val->val;
tmp_val.len = vec.pt.len;
+ info.one_line_text[0] = '\0';
writeback_hex_str("", info.one_line_text, &tmp_val);
json_object_set_new(json_info.json_write_case, PT_JSON_STR,
json_string(info.one_line_text));
@@ -334,12 +336,8 @@ parse_test_gcm_json_writeback(struct fips_val *val)
json_true());
}
} else {
- if (!info.interim_info.gcm_data.is_gmac)
- json_object_set_new(json_info.json_write_case, PT_JSON_STR,
- json_string(""));
- else
- json_object_set_new(json_info.json_write_case, "testPassed",
- json_false());
+ json_object_set_new(json_info.json_write_case, "testPassed",
+ json_false());
}
}
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 09/10] examples/fips_validation: fix AES XTS to read seq number
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
` (7 preceding siblings ...)
2023-02-28 17:28 ` [v2, 08/10] examples/fips_validation: fix AES GCM validation tests Gowrishankar Muthukrishnan
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 10/10] examples/fips_validation: add extra space in JSON buffer Gowrishankar Muthukrishnan
2023-03-01 11:11 ` [v2, 00/10] fips_validation application improvements Akhil Goyal
10 siblings, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Fix AES XTS test to read sequence number correctly.
Fixes: f8e431ed8f6 ("examples/fips_validation: add parsing for AES-XTS")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation_xts.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/examples/fips_validation/fips_validation_xts.c b/examples/fips_validation/fips_validation_xts.c
index 531e3c688e..530df78ab4 100644
--- a/examples/fips_validation/fips_validation_xts.c
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -34,6 +34,7 @@
#define DATAUNITLEN_JSON_STR "dataUnitLen"
#define PAYLOADLEN_JSON_STR "payloadLen"
#define TWEAKVALUE_JSON_STR "tweakValue"
+#define SEQNUMBER_JSON_STR "sequenceNumber"
#define PT_JSON_STR "pt"
#define CT_JSON_STR "ct"
@@ -95,14 +96,17 @@ parser_xts_read_keylen(const char *key, char *src, struct fips_val *val)
static int
parser_xts_read_tweakval(const char *key, char *src, struct fips_val *val)
{
+ char num_str[4] = {0};
int ret;
- if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX)
+ if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX) {
ret = parse_uint8_hex_str(key, src, val);
- else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER)
- ret = parser_read_uint32_bit_val(key, src, val);
- else
+ } else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER) {
+ snprintf(num_str, RTE_DIM(num_str), "%x", atoi(src));
+ ret = parse_uint8_hex_str(key, num_str, val);
+ } else {
ret = -1;
+ }
return ret;
}
@@ -122,6 +126,7 @@ struct fips_test_callback xts_interim_json_vectors[] = {
struct fips_test_callback xts_enc_json_vectors[] = {
{KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
{TWEAKVALUE_JSON_STR, parser_xts_read_tweakval, &vec.iv},
+ {SEQNUMBER_JSON_STR, parser_xts_read_tweakval, &vec.iv},
{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
{NULL, NULL, NULL} /**< end pointer */
};
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* [v2, 10/10] examples/fips_validation: add extra space in JSON buffer
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
` (8 preceding siblings ...)
2023-02-28 17:28 ` [v2, 09/10] examples/fips_validation: fix AES XTS to read seq number Gowrishankar Muthukrishnan
@ 2023-02-28 17:28 ` Gowrishankar Muthukrishnan
2023-03-01 11:11 ` [v2, 00/10] fips_validation application improvements Akhil Goyal
10 siblings, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-02-28 17:28 UTC (permalink / raw)
To: dev
Cc: Anoob Joseph, jerinj, Akhil Goyal, Brian Dooley,
Gowrishankar Muthukrishnan
Current test buffer to copy input data of maximum possible length
did not account NULL character, due to which a last input character
is always ignored and it causes tests like RSA SIGVER for modulo
of 4096 bits to fail. This patch fixes it.
Fixes: 0b65d54f3a4 ("examples/fips_validation: fix JSON buffer size")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index c4988053c1..abc1d64742 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -247,7 +247,7 @@ struct ecdsa_interim_data {
* Esp, in asym op, modulo bits decide char buffer size.
* max = (modulo / 4)
*/
-#define FIPS_TEST_JSON_BUF_LEN (4096 / 4)
+#define FIPS_TEST_JSON_BUF_LEN ((4096 / 4) + 1)
struct fips_test_json_info {
/* Information used for reading from json */
--
2.25.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v1, 00/10] fips_validation application improvements
2023-02-28 7:39 ` Akhil Goyal
2023-02-28 14:42 ` Patrick Robb
@ 2023-03-01 4:04 ` Gowrishankar Muthukrishnan
1 sibling, 0 replies; 40+ messages in thread
From: Gowrishankar Muthukrishnan @ 2023-03-01 4:04 UTC (permalink / raw)
To: Akhil Goyal, Dooley, Brian, dev; +Cc: Anoob Joseph, Jerin Jacob Kollanukkaran
I have fixed it in v2 and CI passed.
http://mails.dpdk.org/archives/test-report/2023-February/360464.html
Thanks,
Gowrishankar
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, February 28, 2023 1:09 PM
> To: Akhil Goyal <gakhil@marvell.com>; Dooley, Brian
> <brian.dooley@intel.com>; Gowrishankar Muthukrishnan
> <gmuthukrishn@marvell.com>; dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
> <jerinj@marvell.com>
> Subject: RE: [v1, 00/10] fips_validation application improvements
>
> Hi Gowrishankar,
> > >
> > > > Subject: [v1, 00/10] fips_validation application improvements
> > > >
> > > > This patch series adds support for SHA3, SHAKE, AES-CCM JSON test
> > > > vectors and fixes existing algorithms to support NIST test vectors.
> > > >
> > > > Gowrishankar Muthukrishnan (10):
> > > > examples/fips_validation: fix MCT output for SHA
> > > > examples/fips_validation: add SHA3 validation
> > > > examples/fips_validation: fix integer parse in test case
> > > > examples/fips_validation: add SHAKE validation
> > > > examples/fips_validation: add CCM JSON validation
> > > > examples/fips_validation: add ECDSA keygen support
> > > > examples/fips_validation: add SHA3 algorithms in ECDSA test
> > > > examples/fips_validation: fix AES GCM validation tests
> > > > examples/fips_validation: fix AES XTS to read seq number
> > > > examples/fips_validation: add extra space in JSON buffer
> > > >
> > > > doc/guides/sample_app_ug/fips_validation.rst | 7 +-
> > > > examples/fips_validation/fips_validation.c | 31 ++-
> > > > examples/fips_validation/fips_validation.h | 10 +-
> > > > .../fips_validation/fips_validation_ccm.c | 132 ++++++++++++
> > > > .../fips_validation/fips_validation_ecdsa.c | 56 +++++
> > > > .../fips_validation/fips_validation_gcm.c | 12 +-
> > > > .../fips_validation/fips_validation_hmac.c | 8 +
> > > > .../fips_validation/fips_validation_sha.c | 91 ++++++--
> > > > .../fips_validation/fips_validation_xts.c | 13 +-
> > > > examples/fips_validation/main.c | 196 +++++++++++++-----
> > > > 10 files changed, 467 insertions(+), 89 deletions(-)
> > > >
> > > > --
> > > > 2.25.1
> > >
> > > Series-acked-by: Brian Dooley <brian.dooley@intel.com>
> >
> > Series Applied to dpdk-next-crypto
> The series is showing compilation issues, please fix it. The series is removed
> from the tree.
>
^ permalink raw reply [flat|nested] 40+ messages in thread
* RE: [v2, 00/10] fips_validation application improvements
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
` (9 preceding siblings ...)
2023-02-28 17:28 ` [v2, 10/10] examples/fips_validation: add extra space in JSON buffer Gowrishankar Muthukrishnan
@ 2023-03-01 11:11 ` Akhil Goyal
10 siblings, 0 replies; 40+ messages in thread
From: Akhil Goyal @ 2023-03-01 11:11 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev
Cc: Anoob Joseph, Jerin Jacob Kollanukkaran, Brian Dooley,
Gowrishankar Muthukrishnan
> Subject: [v2, 00/10] fips_validation application improvements
>
> This patch series adds support for SHA3, SHAKE, AES-CCM
> JSON test vectors and fixes existing algorithms to
> support NIST test vectors.
>
> v2:
> - fixed type punning SHAKE test function.
Series applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 40+ messages in thread
end of thread, other threads:[~2023-03-01 11:11 UTC | newest]
Thread overview: 40+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-06 14:45 [v1, 00/10] fips_validation application improvements Gowrishankar Muthukrishnan
2023-02-06 14:45 ` [v1, 01/10] examples/fips_validation: fix MCT output for SHA Gowrishankar Muthukrishnan
2023-02-27 9:31 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 02/10] examples/fips_validation: add SHA3 validation Gowrishankar Muthukrishnan
2023-02-27 9:31 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 03/10] examples/fips_validation: fix integer parse in test case Gowrishankar Muthukrishnan
2023-02-27 9:30 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 04/10] examples/fips_validation: add SHAKE validation Gowrishankar Muthukrishnan
2023-02-27 9:30 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 05/10] examples/fips_validation: add CCM JSON validation Gowrishankar Muthukrishnan
2023-02-27 9:29 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 06/10] examples/fips_validation: add ECDSA keygen support Gowrishankar Muthukrishnan
2023-02-27 9:29 ` Dooley, Brian
2023-02-06 14:45 ` [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test Gowrishankar Muthukrishnan
2023-02-27 9:29 ` Dooley, Brian
2023-02-06 14:46 ` [v1, 08/10] examples/fips_validation: fix AES GCM validation tests Gowrishankar Muthukrishnan
2023-02-27 9:29 ` Dooley, Brian
2023-02-06 14:46 ` [v1, 09/10] examples/fips_validation: fix AES XTS to read seq number Gowrishankar Muthukrishnan
2023-02-27 9:28 ` Dooley, Brian
2023-02-06 14:46 ` [v1, 10/10] examples/fips_validation: add extra space in JSON buffer Gowrishankar Muthukrishnan
2023-02-27 9:27 ` Dooley, Brian
2023-02-27 9:32 ` [v1, 00/10] fips_validation application improvements Dooley, Brian
2023-02-27 17:27 ` Akhil Goyal
2023-02-28 7:39 ` Akhil Goyal
2023-02-28 14:42 ` Patrick Robb
2023-02-28 15:02 ` [EXT] " Akhil Goyal
2023-02-28 15:52 ` Patrick Robb
2023-03-01 4:04 ` Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, " Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 01/10] examples/fips_validation: fix MCT output for SHA Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 02/10] examples/fips_validation: add SHA3 validation Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 03/10] examples/fips_validation: fix integer parse in test case Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 04/10] examples/fips_validation: add SHAKE validation Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 05/10] examples/fips_validation: add CCM JSON validation Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 06/10] examples/fips_validation: add ECDSA keygen support Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 08/10] examples/fips_validation: fix AES GCM validation tests Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 09/10] examples/fips_validation: fix AES XTS to read seq number Gowrishankar Muthukrishnan
2023-02-28 17:28 ` [v2, 10/10] examples/fips_validation: add extra space in JSON buffer Gowrishankar Muthukrishnan
2023-03-01 11:11 ` [v2, 00/10] fips_validation application improvements Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).