summaryrefslogtreecommitdiff
path: root/examples
diff options
context:
space:
mode:
authorMarko Kovacevic <marko.kovacevic@intel.com>2018-11-02 09:55:29 +0000
committerAkhil Goyal <akhil.goyal@nxp.com>2018-11-02 12:26:06 +0100
commitcd255ccf57647830bfdda8d760dad833f019b76a (patch)
tree2c9a1227325410f2beee37f48c3eb6486875c1c7 /examples
parent3d0fad56b74a02fe6c1bb2b3ee752646c34cfbc5 (diff)
downloaddpdk-cd255ccf57647830bfdda8d760dad833f019b76a.zip
dpdk-cd255ccf57647830bfdda8d760dad833f019b76a.tar.gz
dpdk-cd255ccf57647830bfdda8d760dad833f019b76a.tar.xz
examples/fips_validation: support AES parsing
Added enablement for AES-CBC parser, to allow the application to parser the aes request file and to validate all test types supported. Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com> Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Diffstat (limited to 'examples')
-rw-r--r--examples/fips_validation/Makefile1
-rw-r--r--examples/fips_validation/fips_validation.c6
-rw-r--r--examples/fips_validation/fips_validation.h24
-rw-r--r--examples/fips_validation/fips_validation_aes.c186
-rw-r--r--examples/fips_validation/main.c346
-rw-r--r--examples/fips_validation/meson.build1
6 files changed, 563 insertions, 1 deletions
diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile
index 59d56c7..1eb1bc5 100644
--- a/examples/fips_validation/Makefile
+++ b/examples/fips_validation/Makefile
@@ -6,6 +6,7 @@ APP = fips_validation
# all source are stored in SRCS-y
SRCS-y := fips_validation.c
+SRCS-y += fips_validation_aes.c
SRCS-y += main.c
# Build using pkg-config variables if possible
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 58a3c1b..dba26d8 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -106,6 +106,12 @@ fips_test_parse_header(void)
return ret;
for (i = 0; i < info.nb_vec_lines; i++) {
+ if (strstr(info.vec[i], "AESVS")) {
+ info.algo = FIPS_TEST_ALGO_AES;
+ ret = parse_test_aes_init();
+ if (ret < 0)
+ return ret;
+ }
tmp = strstr(info.vec[i], "# Config info for ");
if (tmp != NULL) {
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index dd3bc09..e947de1 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -23,6 +23,7 @@
#define FAX_FILE_PERFIX "fax"
enum fips_test_algorithms {
+ FIPS_TEST_ALGO_AES = 0,
FIPS_TEST_ALGO_MAX
};
@@ -77,6 +78,21 @@ struct fips_test_callback {
struct fips_val *val;
};
+enum fips_aesavs_test_types {
+ AESAVS_TYPE_GFXBOX = 1,
+ AESAVS_TYPE_KEYSBOX,
+ AESAVS_TYPE_VARKEY,
+ AESAVS_TYPE_VARTXT,
+ AESAVS_TYPE_MMT,
+ AESAVS_TYPE_MCT,
+};
+
+struct aesavs_interim_data {
+ enum fips_aesavs_test_types test_type;
+ uint32_t cipher_algo;
+ uint32_t key_len;
+};
+
struct fips_test_interim_info {
FILE *fp_rd;
FILE *fp_wr;
@@ -87,6 +103,11 @@ struct fips_test_interim_info {
uint32_t nb_vec_lines;
char device_name[MAX_STRING_SIZE];
+ union {
+ struct aesavs_interim_data aes_data;
+
+ } interim_info;
+
enum fips_test_op op;
const struct fips_test_callback *callbacks;
@@ -117,6 +138,9 @@ void
fips_test_write_one_case(void);
int
+parse_test_aes_init(void);
+
+int
parser_read_uint8_hex(uint8_t *value, const char *p);
int
diff --git a/examples/fips_validation/fips_validation_aes.c b/examples/fips_validation/fips_validation_aes.c
new file mode 100644
index 0000000..f60b864
--- /dev/null
+++ b/examples/fips_validation/fips_validation_aes.c
@@ -0,0 +1,186 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+
+#include <rte_cryptodev.h>
+
+#include "fips_validation.h"
+
+#define MODE_STR "AESVS"
+#define ALGO_STR "test data for "
+#define OP_STR "State"
+#define KEY_SIZE_STR "Key Length : "
+
+
+#define COUNT_STR "COUNT = "
+#define KEY_STR "KEY = "
+#define IV_STR "IV = "
+#define PT_STR "PLAINTEXT = "
+#define CT_STR "CIPHERTEXT = "
+
+#define OP_ENC_STR "ENCRYPT"
+#define OP_DEC_STR "DECRYPT"
+
+struct {
+ uint32_t type;
+ const char *desc;
+} aes_test_types[] = {
+ {AESAVS_TYPE_GFXBOX, "GFSbox"},
+ {AESAVS_TYPE_KEYSBOX, "KeySbox"},
+ {AESAVS_TYPE_VARKEY, "VarKey"},
+ {AESAVS_TYPE_VARTXT, "VarTxt"},
+ {AESAVS_TYPE_MMT, "MMT"},
+ {AESAVS_TYPE_MCT, "MCT"},
+};
+
+struct aes_test_algo {
+ const char *name;
+ enum rte_crypto_cipher_algorithm algo;
+} const algo_con[] = {
+ {"CBC", RTE_CRYPTO_CIPHER_AES_CBC},
+};
+
+static int
+parse_interim_enc_dec(const char *key,
+ __attribute__((__unused__)) char *text,
+ __attribute__((__unused__)) struct fips_val *val)
+{
+ if (strcmp(key, OP_ENC_STR) == 0)
+ info.op = FIPS_TEST_ENC_AUTH_GEN;
+ else if (strcmp(key, OP_DEC_STR) == 0)
+ info.op = FIPS_TEST_DEC_AUTH_VERIF;
+ else
+ return -1;
+
+ return 0;
+}
+
+struct fips_test_callback aes_tests_interim[] = {
+ {OP_ENC_STR, parse_interim_enc_dec, NULL},
+ {OP_DEC_STR, parse_interim_enc_dec, NULL},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback aes_tests_vectors[] = {
+ {KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
+ {IV_STR, parse_uint8_hex_str, &vec.iv},
+ {PT_STR, parse_uint8_hex_str, &vec.pt},
+ {CT_STR, parse_uint8_hex_str, &vec.ct},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback aes_tests_interim_vectors[] = {
+ {OP_ENC_STR, parse_interim_enc_dec, NULL},
+ {OP_DEC_STR, parse_interim_enc_dec, NULL},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback aes_writeback_callbacks[] = {
+ /** First element is used to pass COUNT string */
+ {COUNT_STR, NULL, NULL},
+ {IV_STR, writeback_hex_str, &vec.iv},
+ {KEY_STR, writeback_hex_str, &vec.cipher_auth.key},
+ {PT_STR, writeback_hex_str, &vec.pt},
+ {CT_STR, writeback_hex_str, &vec.ct},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_aes_writeback(struct fips_val *val)
+{
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN)
+ fprintf(info.fp_wr, "%s", CT_STR);
+ else
+ fprintf(info.fp_wr, "%s", PT_STR);
+
+ parse_write_hex_str(val);
+
+ return 0;
+}
+
+static int
+rsp_test_aes_check(struct fips_val *val)
+{
+ struct fips_val *data;
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN)
+ data = &vec.ct;
+ else
+ data = &vec.pt;
+
+ if (memcmp(val->val, data->val, val->len) == 0)
+ fprintf(info.fp_wr, "Success\n");
+ else
+ fprintf(info.fp_wr, "Failed\n");
+
+ return 0;
+}
+
+int
+parse_test_aes_init(void)
+{
+ char *tmp;
+ uint32_t i, j;
+
+ for (i = 0; i < info.nb_vec_lines; i++) {
+ char *line = info.vec[i];
+
+ tmp = strstr(line, MODE_STR);
+ if (tmp) {
+ for (j = 0; j < RTE_DIM(aes_test_types); j++)
+ if (strstr(line, aes_test_types[j].desc)) {
+ info.interim_info.aes_data.test_type =
+ aes_test_types[j].type;
+ break;
+ }
+
+ if (j >= RTE_DIM(aes_test_types))
+ return -EINVAL;
+
+ tmp = strstr(line, ALGO_STR);
+ if (!tmp)
+ return -EINVAL;
+
+ tmp += strlen(ALGO_STR);
+ for (j = 0; j < RTE_DIM(algo_con); j++)
+ if (strcmp(algo_con[j].name, tmp) == 0) {
+ info.interim_info.aes_data.cipher_algo =
+ (uint32_t)algo_con[j].algo;
+ break;
+ }
+ if (j >= RTE_DIM(algo_con))
+ return -EINVAL;
+
+ continue;
+ }
+
+ tmp = strstr(line, OP_STR);
+ if (tmp)
+ continue;
+
+ tmp = strstr(line, KEY_SIZE_STR);
+ if (tmp) {
+ tmp += strlen(KEY_SIZE_STR);
+ if (parser_read_uint32
+ (&info.interim_info.aes_data.key_len,
+ tmp) < 0)
+ return -EINVAL;
+
+ info.interim_info.aes_data.key_len /= 8;
+
+ continue;
+ }
+ }
+
+ info.parse_writeback = parse_test_aes_writeback;
+ info.callbacks = aes_tests_vectors;
+ info.interim_callbacks = aes_tests_interim_vectors;
+ info.writeback_callbacks = aes_writeback_callbacks;
+ info.kat_check = rsp_test_aes_check;
+
+ return 0;
+}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 7083462..1f1ba99 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -329,6 +329,340 @@ exit:
}
+#define IV_OFF (sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op))
+#define CRYPTODEV_FIPS_MAX_RETRIES 16
+
+typedef int (*fips_test_one_case_t)(void);
+typedef int (*fips_prepare_op_t)(void);
+typedef int (*fips_prepare_xform_t)(struct rte_crypto_sym_xform *);
+
+struct fips_test_ops {
+ fips_prepare_xform_t prepare_xform;
+ fips_prepare_op_t prepare_op;
+ fips_test_one_case_t test;
+} test_ops;
+
+static int
+prepare_cipher_op(void)
+{
+ struct rte_crypto_sym_op *sym = env.op->sym;
+ uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *, IV_OFF);
+
+ __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+ rte_pktmbuf_reset(env.mbuf);
+
+ sym->m_src = env.mbuf;
+ sym->cipher.data.offset = 0;
+
+ memcpy(iv, vec.iv.val, vec.iv.len);
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ uint8_t *pt;
+
+ if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) {
+ RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len);
+ return -EPERM;
+ }
+
+ pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.pt.len);
+
+ if (!pt) {
+ RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
+ -ENOMEM);
+ return -ENOMEM;
+ }
+
+ memcpy(pt, vec.pt.val, vec.pt.len);
+ sym->cipher.data.length = vec.pt.len;
+
+ } else {
+ uint8_t *ct;
+
+ if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) {
+ RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len);
+ return -EPERM;
+ }
+
+ ct = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.ct.len);
+
+ if (!ct) {
+ RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
+ -ENOMEM);
+ return -ENOMEM;
+ }
+
+ memcpy(ct, vec.ct.val, vec.ct.len);
+ sym->cipher.data.length = vec.ct.len;
+ }
+
+ rte_crypto_op_attach_sym_session(env.op, env.sess);
+
+ return 0;
+}
+
+static int
+prepare_aes_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_cipher_xform *cipher_xform = &xform->cipher;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_CBC;
+ cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_CIPHER_OP_ENCRYPT :
+ RTE_CRYPTO_CIPHER_OP_DECRYPT;
+ cipher_xform->key.data = vec.cipher_auth.key.val;
+ cipher_xform->key.length = vec.cipher_auth.key.len;
+ cipher_xform->iv.length = vec.iv.len;
+ cipher_xform->iv.offset = IV_OFF;
+
+ cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_CBC;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_cipher(cap,
+ cipher_xform->key.length,
+ cipher_xform->iv.length) != 0) {
+ RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+ info.device_name, cipher_xform->key.length,
+ cipher_xform->iv.length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
+static void
+get_writeback_data(struct fips_val *val)
+{
+ val->val = rte_pktmbuf_mtod(env.mbuf, uint8_t *);
+ val->len = rte_pktmbuf_pkt_len(env.mbuf);
+}
+
+static int
+fips_run_test(void)
+{
+ struct rte_crypto_sym_xform xform = {0};
+ uint16_t n_deqd;
+ int ret;
+
+ ret = test_ops.prepare_xform(&xform);
+ if (ret < 0)
+ return ret;
+
+ env.sess = rte_cryptodev_sym_session_create(env.mpool);
+ if (!env.sess)
+ return -ENOMEM;
+
+ ret = rte_cryptodev_sym_session_init(env.dev_id,
+ env.sess, &xform, env.mpool);
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1, "Error %i: Init session\n",
+ ret);
+ return ret;
+ }
+
+ ret = test_ops.prepare_op();
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1, "Error %i: Prepare op\n",
+ ret);
+ return ret;
+ }
+
+ if (rte_cryptodev_enqueue_burst(env.dev_id, 0, &env.op, 1) < 1) {
+ RTE_LOG(ERR, USER1, "Error: Failed enqueue\n");
+ return ret;
+ }
+
+ do {
+ struct rte_crypto_op *deqd_op;
+
+ n_deqd = rte_cryptodev_dequeue_burst(env.dev_id, 0, &deqd_op,
+ 1);
+ } while (n_deqd == 0);
+
+ vec.status = env.op->status;
+
+ rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
+ rte_cryptodev_sym_session_free(env.sess);
+ env.sess = NULL;
+
+ return ret;
+}
+
+static int
+fips_generic_test(void)
+{
+ struct fips_val val;
+ int ret;
+
+ fips_test_write_one_case();
+
+ ret = fips_run_test();
+ if (ret < 0) {
+ if (ret == -EPERM) {
+ fprintf(info.fp_wr, "Bypass\n\n");
+ return 0;
+ }
+
+ return ret;
+ }
+
+ get_writeback_data(&val);
+
+ switch (info.file_type) {
+ case FIPS_TYPE_REQ:
+ case FIPS_TYPE_RSP:
+ if (info.parse_writeback == NULL)
+ return -EPERM;
+ ret = info.parse_writeback(&val);
+ if (ret < 0)
+ return ret;
+ break;
+ case FIPS_TYPE_FAX:
+ if (info.kat_check == NULL)
+ return -EPERM;
+ ret = info.kat_check(&val);
+ if (ret < 0)
+ return ret;
+ break;
+ }
+
+ fprintf(info.fp_wr, "\n");
+
+ return 0;
+}
+
+static int
+fips_mct_aes_test(void)
+{
+#define AES_BLOCK_SIZE 16
+#define AES_EXTERN_ITER 100
+#define AES_INTERN_ITER 1000
+ struct fips_val val, val_key;
+ uint8_t prev_out[AES_BLOCK_SIZE] = {0};
+ uint8_t prev_in[AES_BLOCK_SIZE] = {0};
+ uint32_t i, j, k;
+ int ret;
+
+ for (i = 0; i < AES_EXTERN_ITER; i++) {
+ if (i != 0)
+ update_info_vec(i);
+
+ fips_test_write_one_case();
+
+ for (j = 0; j < AES_INTERN_ITER; j++) {
+ ret = fips_run_test();
+ if (ret < 0) {
+ if (ret == -EPERM) {
+ fprintf(info.fp_wr, "Bypass\n");
+ return 0;
+ }
+
+ return ret;
+ }
+
+ get_writeback_data(&val);
+
+ if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
+ memcpy(prev_in, vec.ct.val, AES_BLOCK_SIZE);
+
+ if (j == 0) {
+ memcpy(prev_out, val.val, AES_BLOCK_SIZE);
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ memcpy(vec.pt.val, vec.iv.val,
+ AES_BLOCK_SIZE);
+ memcpy(vec.iv.val, val.val,
+ AES_BLOCK_SIZE);
+ } else {
+ memcpy(vec.ct.val, vec.iv.val,
+ AES_BLOCK_SIZE);
+ memcpy(vec.iv.val, prev_in,
+ AES_BLOCK_SIZE);
+ }
+ continue;
+ }
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ memcpy(vec.iv.val, val.val, AES_BLOCK_SIZE);
+ memcpy(vec.pt.val, prev_out, AES_BLOCK_SIZE);
+ } else {
+ memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE);
+ memcpy(vec.ct.val, prev_out, AES_BLOCK_SIZE);
+ }
+
+ if (j == AES_INTERN_ITER - 1)
+ continue;
+
+ memcpy(prev_out, val.val, AES_BLOCK_SIZE);
+ }
+
+ info.parse_writeback(&val);
+ fprintf(info.fp_wr, "\n");
+
+ if (i == AES_EXTERN_ITER - 1)
+ continue;
+
+ /** update key */
+ memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key));
+ for (k = 0; k < vec.cipher_auth.key.len; k++) {
+ switch (vec.cipher_auth.key.len) {
+ case 16:
+ val_key.val[k] ^= val.val[k];
+ break;
+ case 24:
+ if (k < 8)
+ val_key.val[k] ^= prev_out[k + 8];
+ else
+ val_key.val[k] ^= val.val[k - 8];
+ break;
+ case 32:
+ if (k < 16)
+ val_key.val[k] ^= prev_out[k];
+ else
+ val_key.val[k] ^= val.val[k - 16];
+ break;
+ default:
+ return -1;
+ }
+ }
+
+ if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
+ memcpy(vec.iv.val, val.val, AES_BLOCK_SIZE);
+ }
+
+ return 0;
+}
+
+static int
+init_test_ops(void)
+{
+ switch (info.algo) {
+ case FIPS_TEST_ALGO_AES:
+ test_ops.prepare_op = prepare_cipher_op;
+ test_ops.prepare_xform = prepare_aes_xform;
+ if (info.interim_info.aes_data.test_type == AESAVS_TYPE_MCT)
+ test_ops.test = fips_mct_aes_test;
+ else
+ test_ops.test = fips_generic_test;
+ break;
+
+ default:
+ return -1;
+ }
+
+ return 0;
+}
+
static void
print_test_block(void)
{
@@ -345,7 +679,14 @@ fips_test_one_file(void)
{
int fetch_ret = 0, ret;
- while (fetch_ret == 0) {
+
+ ret = init_test_ops();
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1, "Error %i: Init test op\n", ret);
+ return ret;
+ }
+
+ while (ret >= 0 && fetch_ret == 0) {
fetch_ret = fips_test_fetch_one_block();
if (fetch_ret < 0) {
RTE_LOG(ERR, USER1, "Error %i: Fetch block\n",
@@ -365,6 +706,7 @@ fips_test_one_file(void)
ret = fips_test_parse_one_case();
switch (ret) {
case 0:
+ ret = test_ops.test();
if (ret == 0)
break;
RTE_LOG(ERR, USER1, "Error %i: test block\n",
@@ -385,4 +727,6 @@ error_one_case:
fips_test_clear();
+ return ret;
+
}
diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build
index cceed4f..fb20541 100644
--- a/examples/fips_validation/meson.build
+++ b/examples/fips_validation/meson.build
@@ -9,6 +9,7 @@
deps += ['cryptodev']
allow_experimental_apis = true
sources = files(
+ 'fips_validation_aes.c',
'fips_validation.c',
'main.c'
)