From patchwork Wed Oct 17 12:49:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kovacevic, Marko" X-Patchwork-Id: 46974 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id DBBFF1B161; Wed, 17 Oct 2018 14:50:00 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id A56FE1B140 for ; Wed, 17 Oct 2018 14:49:52 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Oct 2018 05:49:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,392,1534834800"; d="scan'208";a="242043527" Received: from silpixa00399502.ir.intel.com (HELO silpixa00399502.ger.corp.intel.com) ([10.237.223.218]) by orsmga004.jf.intel.com with ESMTP; 17 Oct 2018 05:49:50 -0700 From: Marko Kovacevic To: dev@dpdk.org Cc: roy.fan.zhang@intel.com, akhil.goyal@nxp.com, arkadiuszx.kusztal@intel.com, Marko Kovacevic Date: Wed, 17 Oct 2018 13:49:35 +0100 Message-Id: <20181017124937.38052-7-marko.kovacevic@intel.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20181017124937.38052-1-marko.kovacevic@intel.com> References: <20181012144501.19562-1-marko.kovacevic@intel.com> <20181017124937.38052-1-marko.kovacevic@intel.com> Subject: [dpdk-dev] [PATCH v5 6/8] examples/cryptodev_fips_validate: add cmac parser and enablement for test types X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Added enablement for CMAC parser, to allow the application to parser the cmac request files and to validate all test types supported. Signed-off-by: Marko Kovacevic Signed-off-by: Fan Zhang Acked-by: Arek Kusztal --- examples/cryptodev_fips_validate/Makefile | 1 + .../cryptodev_fips_parse_cmac.c | 116 +++++++++++++++++++++ .../cryptodev_fips_parse_validate.c | 5 + .../cryptodev_fips_validate.h | 4 + examples/cryptodev_fips_validate/main.c | 43 ++++++++ examples/cryptodev_fips_validate/meson.build | 1 + 6 files changed, 170 insertions(+) create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c diff --git a/examples/cryptodev_fips_validate/Makefile b/examples/cryptodev_fips_validate/Makefile index f8cfda7..09acfd3 100644 --- a/examples/cryptodev_fips_validate/Makefile +++ b/examples/cryptodev_fips_validate/Makefile @@ -9,6 +9,7 @@ SRCS-y := cryptodev_fips_parse_aes.c SRCS-y += cryptodev_fips_parse_hmac.c SRCS-y += cryptodev_fips_parse_3des.c SRCS-y += cryptodev_fips_parse_gcm.c +SRCS-y += cryptodev_fips_parse_cmac.c SRCS-y += cryptodev_fips_parse_validate.c SRCS-y += main.c diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c new file mode 100644 index 0000000..37c6317 --- /dev/null +++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c @@ -0,0 +1,116 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2018 Intel Corporation + */ + +#include +#include +#include +#include + +#include + +#include "cryptodev_fips_validate.h" + +#define NEW_LINE_STR "#" +#define OP_STR "CMAC" + +#define ALGO_STR "Alg = " +#define MODE_STR "Mode = " + +#define COUNT_STR "Count = " +#define KLEN_STR "Klen = " +#define PTLEN_STR "Mlen = " +#define TAGLEN_STR "Tlen = " +#define KEY_STR "Key = " +#define PT_STR "Msg = " +#define TAG_STR "Mac = " + +#define GEN_STR "Generate" +#define VERIF_STR "Verify" + +#define POS_NEG_STR "Result = " +#define PASS_STR "P" +#define FAIL_STR "F" + +struct hash_algo_conversion { + const char *str; + enum fips_test_algorithms algo; +} cmac_algo[] = { + {"AES", FIPS_TEST_ALGO_AES_CMAC}, +}; + +static int +parse_test_cmac_writeback(struct fips_val *val) +{ + if (info.op == FIPS_TEST_ENC_AUTH_GEN) { + struct fips_val tmp_val = {val->val + vec.pt.len, + vec.cipher_auth.digest.len}; + + fprintf(info.fp_wr, "%s", TAG_STR); + parse_write_hex_str(&tmp_val); + } else { + fprintf(info.fp_wr, "%s", POS_NEG_STR); + + if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) + fprintf(info.fp_wr, "%s\n", PASS_STR); + else if (vec.status == RTE_CRYPTO_OP_STATUS_AUTH_FAILED) + fprintf(info.fp_wr, "%s\n", FAIL_STR); + else + fprintf(info.fp_wr, "Error\n"); + } + + return 0; +} + +struct fips_test_callback cmac_tests_vectors[] = { + {KLEN_STR, parser_read_uint32_val, &vec.cipher_auth.key}, + {PTLEN_STR, parser_read_uint32_val, &vec.pt}, + {TAGLEN_STR, parser_read_uint32_val, &vec.cipher_auth.digest}, + {KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key}, + {PT_STR, parse_uint8_known_len_hex_str, &vec.pt}, + {TAG_STR, parse_uint8_known_len_hex_str, + &vec.cipher_auth.digest}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +int +parse_test_cmac_init(void) +{ + char *tmp; + uint32_t i, j; + + for (i = 0; i < info.nb_vec_lines; i++) { + char *line = info.vec[i]; + + tmp = strstr(line, ALGO_STR); + if (!tmp) + continue; + + for (j = 0; j < RTE_DIM(cmac_algo); j++) { + if (!strstr(line, cmac_algo[j].str)) + continue; + + info.algo = cmac_algo[j].algo; + break; + } + + if (j == RTE_DIM(cmac_algo)) + return -EINVAL; + + tmp = strstr(line, MODE_STR); + if (!tmp) + return -1; + + if (strstr(tmp, GEN_STR)) + info.op = FIPS_TEST_ENC_AUTH_GEN; + else if (strstr(tmp, VERIF_STR)) + info.op = FIPS_TEST_DEC_AUTH_VERIF; + else + return -EINVAL; + } + + info.parse_writeback = parse_test_cmac_writeback; + info.callbacks = cmac_tests_vectors; + + return 0; +} diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c index d45c88d..4617c67 100644 --- a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c +++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c @@ -114,6 +114,11 @@ fips_test_parse_header(void) ret = parse_test_gcm_init(); if (ret < 0) return ret; + } else if (strstr(info.vec[i], "CMAC")) { + info.algo = FIPS_TEST_ALGO_AES_CMAC; + ret = parse_test_cmac_init(); + if (ret < 0) + return 0; } else if (strstr(info.vec[i], "HMAC")) { info.algo = FIPS_TEST_ALGO_HMAC; ret = parse_test_hmac_init(); diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h index 685bc0b..7bd1e9a 100644 --- a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h +++ b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h @@ -25,6 +25,7 @@ enum fips_test_algorithms { FIPS_TEST_ALGO_AES = 0, FIPS_TEST_ALGO_AES_GCM, + FIPS_TEST_ALGO_AES_CMAC, FIPS_TEST_ALGO_HMAC, FIPS_TEST_ALGO_TDES, FIPS_TEST_ALGO_MAX @@ -176,6 +177,9 @@ int parse_test_gcm_init(void); int +parse_test_cmac_init(void); + +int parser_read_uint8_hex(uint8_t *value, const char *p); int diff --git a/examples/cryptodev_fips_validate/main.c b/examples/cryptodev_fips_validate/main.c index 93b2420..51ee4ad 100644 --- a/examples/cryptodev_fips_validate/main.c +++ b/examples/cryptodev_fips_validate/main.c @@ -688,6 +688,44 @@ prepare_gcm_xform(struct rte_crypto_sym_xform *xform) return 0; } +static int +prepare_cmac_xform(struct rte_crypto_sym_xform *xform) +{ + const struct rte_cryptodev_symmetric_capability *cap; + struct rte_cryptodev_sym_capability_idx cap_idx; + struct rte_crypto_auth_xform *auth_xform = &xform->auth; + + xform->type = RTE_CRYPTO_SYM_XFORM_AUTH; + + auth_xform->algo = RTE_CRYPTO_AUTH_AES_CMAC; + auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ? + RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY; + auth_xform->digest_length = vec.cipher_auth.digest.len; + auth_xform->key.data = vec.cipher_auth.key.val; + auth_xform->key.length = vec.cipher_auth.key.len; + + cap_idx.algo.auth = auth_xform->algo; + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; + + cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx); + if (!cap) { + RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n", + env.dev_id); + return -EINVAL; + } + + if (rte_cryptodev_sym_capability_check_auth(cap, + auth_xform->key.length, + auth_xform->digest_length, 0) != 0) { + RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n", + info.device_name, auth_xform->key.length, + auth_xform->digest_length); + return -EPERM; + } + + return 0; +} + static void get_writeback_data(struct fips_val *val) { @@ -1048,6 +1086,11 @@ init_test_ops(void) test_ops.prepare_xform = prepare_gcm_xform; test_ops.test = fips_generic_test; break; + case FIPS_TEST_ALGO_AES_CMAC: + test_ops.prepare_op = prepare_auth_op; + test_ops.prepare_xform = prepare_cmac_xform; + test_ops.test = fips_generic_test; + break; default: return -1; } diff --git a/examples/cryptodev_fips_validate/meson.build b/examples/cryptodev_fips_validate/meson.build index 3175993..de6de7b 100644 --- a/examples/cryptodev_fips_validate/meson.build +++ b/examples/cryptodev_fips_validate/meson.build @@ -13,6 +13,7 @@ sources = files( 'cryptodev_fips_parse_hmac.c', 'cryptodev_fips_parse_3des.c', 'cryptodev_fips_parse_gcm.c', + 'cryptodev_fips_parse_cmac.c', 'cryptodev_fips_parse_validate.c', 'main.c' )