summaryrefslogtreecommitdiff
path: root/examples/fips_validation
diff options
context:
space:
mode:
authorMarko Kovacevic <marko.kovacevic@intel.com>2018-11-02 09:55:30 +0000
committerAkhil Goyal <akhil.goyal@nxp.com>2018-11-02 12:26:06 +0100
commitf64adb6714e07daf2a1d4fe3ee3172f3f4a80c07 (patch)
tree164c4d2d888e901a2355484861c2c36dc2d6b5aa /examples/fips_validation
parentcd255ccf57647830bfdda8d760dad833f019b76a (diff)
downloaddpdk-f64adb6714e07daf2a1d4fe3ee3172f3f4a80c07.zip
dpdk-f64adb6714e07daf2a1d4fe3ee3172f3f4a80c07.tar.gz
dpdk-f64adb6714e07daf2a1d4fe3ee3172f3f4a80c07.tar.xz
examples/fips_validation: support HMAC parsing
Added enablement for HMAC parser, to allow the application to parser the hmac request files and to validate all tests supported Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com> Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Diffstat (limited to 'examples/fips_validation')
-rw-r--r--examples/fips_validation/Makefile1
-rw-r--r--examples/fips_validation/fips_validation.c5
-rw-r--r--examples/fips_validation/fips_validation.h9
-rw-r--r--examples/fips_validation/fips_validation_hmac.c105
-rw-r--r--examples/fips_validation/main.c103
-rw-r--r--examples/fips_validation/meson.build1
6 files changed, 224 insertions, 0 deletions
diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile
index 1eb1bc5..0d76101 100644
--- a/examples/fips_validation/Makefile
+++ b/examples/fips_validation/Makefile
@@ -7,6 +7,7 @@ APP = fips_validation
# all source are stored in SRCS-y
SRCS-y := fips_validation.c
SRCS-y += fips_validation_aes.c
+SRCS-y += fips_validation_hmac.c
SRCS-y += main.c
# Build using pkg-config variables if possible
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index dba26d8..24307b6 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -111,6 +111,11 @@ fips_test_parse_header(void)
ret = parse_test_aes_init();
if (ret < 0)
return ret;
+ } else if (strstr(info.vec[i], "HMAC")) {
+ info.algo = FIPS_TEST_ALGO_HMAC;
+ ret = parse_test_hmac_init();
+ if (ret < 0)
+ return ret;
}
tmp = strstr(info.vec[i], "# Config info for ");
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index e947de1..f9e3a3b 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -24,6 +24,7 @@
enum fips_test_algorithms {
FIPS_TEST_ALGO_AES = 0,
+ FIPS_TEST_ALGO_HMAC,
FIPS_TEST_ALGO_MAX
};
@@ -93,6 +94,10 @@ struct aesavs_interim_data {
uint32_t key_len;
};
+struct hmac_interim_data {
+ enum rte_crypto_auth_algorithm algo;
+};
+
struct fips_test_interim_info {
FILE *fp_rd;
FILE *fp_wr;
@@ -105,6 +110,7 @@ struct fips_test_interim_info {
union {
struct aesavs_interim_data aes_data;
+ struct hmac_interim_data hmac_data;
} interim_info;
@@ -141,6 +147,9 @@ int
parse_test_aes_init(void);
int
+parse_test_hmac_init(void);
+
+int
parser_read_uint8_hex(uint8_t *value, const char *p);
int
diff --git a/examples/fips_validation/fips_validation_hmac.c b/examples/fips_validation/fips_validation_hmac.c
new file mode 100644
index 0000000..97ac718
--- /dev/null
+++ b/examples/fips_validation/fips_validation_hmac.c
@@ -0,0 +1,105 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+
+#include <rte_cryptodev.h>
+
+#include "fips_validation.h"
+
+#define ALGO_PREFIX "[L="
+#define KEYLEN_STR "Klen = "
+#define TAGLEN_STR "Tlen = "
+
+#define COUNT_STR "Count = "
+#define KEY_STR "Key = "
+#define PT_STR "Msg = "
+#define TAG_STR "Mac = "
+
+struct hash_size_conversion {
+ const char *str;
+ enum rte_crypto_auth_algorithm algo;
+} hsc[] = {
+ {"20", RTE_CRYPTO_AUTH_SHA1_HMAC},
+ {"28", RTE_CRYPTO_AUTH_SHA224_HMAC},
+ {"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
+ {"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
+ {"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
+};
+
+static int
+parse_interim_algo(__attribute__((__unused__)) const char *key,
+ char *text,
+ __attribute__((__unused__)) struct fips_val *val)
+{
+
+ uint32_t i;
+
+ for (i = 0; i < RTE_DIM(hsc); i++) {
+ if (strstr(text, hsc[i].str)) {
+ info.interim_info.hmac_data.algo = hsc[i].algo;
+ break;
+ }
+ }
+
+ if (i == RTE_DIM(hsc))
+ return -1;
+
+ return 0;
+}
+
+struct fips_test_callback hmac_tests_vectors[] = {
+ {KEYLEN_STR, parser_read_uint32_val, &vec.cipher_auth.key},
+ {TAGLEN_STR, parser_read_uint32_val, &vec.cipher_auth.digest},
+ {KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
+ {PT_STR, parse_uint8_hex_str, &vec.pt},
+ {TAG_STR, parse_uint8_hex_str, &vec.cipher_auth.digest},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback hmac_tests_interim_vectors[] = {
+ {ALGO_PREFIX, parse_interim_algo, NULL},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_hmac_writeback(struct fips_val *val)
+{
+ struct fips_val val_local;
+
+ fprintf(info.fp_wr, "%s", TAG_STR);
+
+ val_local.val = val->val + vec.pt.len;
+ val_local.len = vec.cipher_auth.digest.len;
+
+ parse_write_hex_str(&val_local);
+ return 0;
+}
+
+static int
+rsp_test_hmac_check(struct fips_val *val)
+{
+ if (memcmp(val->val + vec.pt.len, vec.cipher_auth.digest.val,
+ vec.cipher_auth.digest.len) == 0)
+ fprintf(info.fp_wr, "Success\n");
+ else
+ fprintf(info.fp_wr, "Failed\n");
+
+ return 0;
+}
+
+int
+parse_test_hmac_init(void)
+{
+ info.op = FIPS_TEST_ENC_AUTH_GEN;
+ info.parse_writeback = parse_test_hmac_writeback;
+ info.callbacks = hmac_tests_vectors;
+ info.interim_callbacks = hmac_tests_interim_vectors;
+ info.writeback_callbacks = NULL;
+ info.kat_check = rsp_test_hmac_check;
+
+ return 0;
+}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 1f1ba99..da31d6a 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -401,6 +401,67 @@ prepare_cipher_op(void)
}
static int
+prepare_auth_op(void)
+{
+ struct rte_crypto_sym_op *sym = env.op->sym;
+
+ __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+ rte_pktmbuf_reset(env.mbuf);
+
+ sym->m_src = env.mbuf;
+ sym->auth.data.offset = 0;
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ uint8_t *pt;
+
+ if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) {
+ RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len);
+ return -EPERM;
+ }
+
+ pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.pt.len +
+ vec.cipher_auth.digest.len);
+
+ if (!pt) {
+ RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
+ -ENOMEM);
+ return -ENOMEM;
+ }
+
+ memcpy(pt, vec.pt.val, vec.pt.len);
+ sym->auth.data.length = vec.pt.len;
+ sym->auth.digest.data = pt + vec.pt.len;
+ sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+ env.mbuf, vec.pt.len);
+
+ } else {
+ uint8_t *ct;
+
+ if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) {
+ RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len);
+ return -EPERM;
+ }
+
+ ct = (uint8_t *)rte_pktmbuf_append(env.mbuf,
+ vec.ct.len + vec.cipher_auth.digest.len);
+
+ if (!ct) {
+ RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
+ -ENOMEM);
+ return -ENOMEM;
+ }
+
+ memcpy(ct, vec.ct.val, vec.ct.len);
+ sym->auth.data.length = vec.ct.len;
+ sym->auth.digest.data = vec.cipher_auth.digest.val;
+ sym->auth.digest.phys_addr = rte_malloc_virt2iova(
+ sym->auth.digest.data);
+ }
+
+ rte_crypto_op_attach_sym_session(env.op, env.sess);
+}
+
+static int
prepare_aes_xform(struct rte_crypto_sym_xform *xform)
{
const struct rte_cryptodev_symmetric_capability *cap;
@@ -440,6 +501,43 @@ prepare_aes_xform(struct rte_crypto_sym_xform *xform)
return 0;
}
+static int
+prepare_hmac_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_auth_xform *auth_xform = &xform->auth;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ auth_xform->algo = info.interim_info.hmac_data.algo;
+ auth_xform->op = RTE_CRYPTO_AUTH_OP_GENERATE;
+ auth_xform->digest_length = vec.cipher_auth.digest.len;
+ auth_xform->key.data = vec.cipher_auth.key.val;
+ auth_xform->key.length = vec.cipher_auth.key.len;
+
+ cap_idx.algo.auth = auth_xform->algo;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_auth(cap,
+ auth_xform->key.length,
+ auth_xform->digest_length, 0) != 0) {
+ RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+ info.device_name, auth_xform->key.length,
+ auth_xform->digest_length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
static void
get_writeback_data(struct fips_val *val)
{
@@ -655,6 +753,11 @@ init_test_ops(void)
else
test_ops.test = fips_generic_test;
break;
+ case FIPS_TEST_ALGO_HMAC:
+ test_ops.prepare_op = prepare_auth_op;
+ test_ops.prepare_xform = prepare_hmac_xform;
+ test_ops.test = fips_generic_test;
+ break;
default:
return -1;
diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build
index fb20541..57bcf81 100644
--- a/examples/fips_validation/meson.build
+++ b/examples/fips_validation/meson.build
@@ -11,5 +11,6 @@ allow_experimental_apis = true
sources = files(
'fips_validation_aes.c',
'fips_validation.c',
+ 'fips_validation_hmac.c',
'main.c'
)