> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Thursday, August 10, 2023 11:35 AM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1 5/6] app/test: check asymmetric capabilities in SM2 test
>
> Check asymmetric capabilities such as SM3 hash support and internal RNG and
> accordingly choose op params for SM2 test.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> app/test/test_cryptodev_asym.c | 127 ++++++++++++++-------
> app/test/test_cryptodev_sm2_test_vectors.h | 28 +++--
> 2 files changed, 103 insertions(+), 52 deletions(-)
>
> diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
> index b08772a9bf..1f39b1f017 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -608,6 +608,7 @@ static inline void print_asym_capa(
> break;
> case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> case RTE_CRYPTO_ASYM_XFORM_ECPM:
> + case RTE_CRYPTO_ASYM_XFORM_SM2:
> default:
> break;
> }
> @@ -1806,12 +1807,14 @@ test_ecpm_all_curve(void) }
>
> static int
> -_test_sm2_sign(bool rnd_secret)
> +test_sm2_sign(void)
> {
> struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> struct crypto_testsuite_sm2_params input_params =
> sm2_param_fp256;
> + const struct rte_cryptodev_asymmetric_xform_capability *capa;
> struct rte_mempool *sess_mpool = ts_params->session_mpool;
> struct rte_mempool *op_mpool = ts_params->op_mpool;
> + struct rte_cryptodev_asym_capability_idx idx;
> uint8_t dev_id = ts_params->valid_devs[0];
> struct rte_crypto_op *result_op = NULL;
> uint8_t output_buf_r[TEST_DATA_SIZE];
> @@ -1822,6 +1825,12 @@ _test_sm2_sign(bool rnd_secret)
> int ret, status = TEST_SUCCESS;
> void *sess = NULL;
>
> + /* Check SM2 capability */
> + idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
> + capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
> + if (capa == NULL)
> + return -ENOTSUP;
> +
> /* Setup crypto op data structure */
> op = rte_crypto_op_alloc(op_mpool,
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> - 0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9,
> - 0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9,
> - 0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd,
> - 0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86
> + 0x5A, 0x3C, 0x96, 0x3E, 0x1C, 0xB4, 0x19, 0xF9,
> + 0xD7, 0x78, 0xB8, 0xCE, 0xFF, 0x9D, 0xB1, 0x31,
> + 0x77, 0xDB, 0xA0, 0xFE, 0x84, 0x61, 0x1A, 0xD9,
> + 0x4E, 0xFF, 0x82, 0x13, 0x1C, 0xCA, 0x04, 0x75,
> };
>
> static uint8_t fp256_id[] = {
> @@ -68,6 +69,13 @@ static uint8_t fp256_message[] = {
> 0x64, 0x69, 0x67, 0x65, 0x73, 0x74
> };
>
> +static uint8_t fp256_digest[] = {
> + 0x0F, 0xB5, 0xCE, 0xF3, 0x3C, 0xB7, 0xD1, 0x35,
> + 0xA9, 0x3A, 0xC7, 0xA7, 0x89, 0x2A, 0x6D, 0x9A,
> + 0xF3, 0x1E, 0xC5, 0x38, 0xD3, 0x65, 0x1B, 0xB9,
> + 0xDF, 0x5F, 0x7F, 0x4A, 0xD8, 0x89, 0x57, 0xF1 };
> +
> static uint8_t fp256_cipher[] = {
> 0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8,
> 0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47, @@ -121,6 +129,10
> @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
> .data = fp256_message,
> .length = sizeof(fp256_message),
> },
> + .digest = {
> + .data = fp256_digest,
> + .length = sizeof(fp256_digest),
> + },
> .cipher = {
> .data = fp256_cipher,
> .length = sizeof(fp256_cipher),
> --
> 2.25.1
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
@@ -608,6 +608,7 @@ static inline void print_asym_capa(
break;
case RTE_CRYPTO_ASYM_XFORM_ECDSA:
case RTE_CRYPTO_ASYM_XFORM_ECPM:
+ case RTE_CRYPTO_ASYM_XFORM_SM2:
default:
break;
}
@@ -1806,12 +1807,14 @@ test_ecpm_all_curve(void)
}
static int
-_test_sm2_sign(bool rnd_secret)
+test_sm2_sign(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
uint8_t output_buf_r[TEST_DATA_SIZE];
@@ -1822,6 +1825,12 @@ _test_sm2_sign(bool rnd_secret)
int ret, status = TEST_SUCCESS;
void *sess = NULL;
+ /* Check SM2 capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -1839,7 +1848,10 @@ _test_sm2_sign(bool rnd_secret)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
- xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ xform.ec.hash = RTE_CRYPTO_AUTH_NULL;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
@@ -1857,17 +1869,25 @@ _test_sm2_sign(bool rnd_secret)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
- asym_op->sm2.message.data = input_params.message.data;
- asym_op->sm2.message.length = input_params.message.length;
+ if (xform.ec.hash == RTE_CRYPTO_AUTH_SM3) {
+ asym_op->sm2.message.data = input_params.message.data;
+ asym_op->sm2.message.length = input_params.message.length;
+ asym_op->sm2.id.data = input_params.id.data;
+ asym_op->sm2.id.length = input_params.id.length;
+ } else {
+ asym_op->sm2.message.data = input_params.digest.data;
+ asym_op->sm2.message.length = input_params.digest.length;
+ asym_op->sm2.id.data = NULL;
+ asym_op->sm2.id.length = 0;
+ }
+
asym_op->sm2.pkey.data = input_params.pkey.data;
asym_op->sm2.pkey.length = input_params.pkey.length;
asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
- asym_op->sm2.id.data = input_params.id.data;
- asym_op->sm2.id.length = input_params.id.length;
- if (rnd_secret) {
+ if (capa->internal_rng != 0) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -1916,7 +1936,7 @@ _test_sm2_sign(bool rnd_secret)
debug_hexdump(stdout, "s:",
asym_op->sm2.s.data, asym_op->sm2.s.length);
- if (!rnd_secret) {
+ if (capa->internal_rng == 0) {
/* Verify sign (by comparison). */
if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
asym_op->sm2.r.length) != 0) {
@@ -1977,25 +1997,15 @@ _test_sm2_sign(bool rnd_secret)
return status;
};
-static int
-test_sm2_sign_rnd_secret(void)
-{
- return _test_sm2_sign(true);
-}
-
-__rte_used static int
-test_sm2_sign_plain_secret(void)
-{
- return _test_sm2_sign(false);
-}
-
static int
test_sm2_verify(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
struct rte_crypto_asym_xform xform;
@@ -2004,6 +2014,12 @@ test_sm2_verify(void)
int ret, status = TEST_SUCCESS;
void *sess = NULL;
+ /* Check SM2 capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -2021,7 +2037,10 @@ test_sm2_verify(void)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
- xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ xform.ec.hash = RTE_CRYPTO_AUTH_NULL;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
@@ -2039,8 +2058,18 @@ test_sm2_verify(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- asym_op->sm2.message.data = input_params.message.data;
- asym_op->sm2.message.length = input_params.message.length;
+ if (xform.ec.hash == RTE_CRYPTO_AUTH_SM3) {
+ asym_op->sm2.message.data = input_params.message.data;
+ asym_op->sm2.message.length = input_params.message.length;
+ asym_op->sm2.id.data = input_params.id.data;
+ asym_op->sm2.id.length = input_params.id.length;
+ } else {
+ asym_op->sm2.message.data = input_params.digest.data;
+ asym_op->sm2.message.length = input_params.digest.length;
+ asym_op->sm2.id.data = NULL;
+ asym_op->sm2.id.length = 0;
+ }
+
asym_op->sm2.pkey.data = input_params.pkey.data;
asym_op->sm2.pkey.length = input_params.pkey.length;
asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
@@ -2051,8 +2080,6 @@ test_sm2_verify(void)
asym_op->sm2.r.length = input_params.sign_r.length;
asym_op->sm2.s.data = input_params.sign_s.data;
asym_op->sm2.s.length = input_params.sign_s.length;
- asym_op->sm2.id.data = input_params.id.data;
- asym_op->sm2.id.length = input_params.id.length;
RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
@@ -2092,13 +2119,15 @@ test_sm2_verify(void)
};
static int
-_test_sm2_enc(bool rnd_secret)
+test_sm2_enc(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
struct rte_crypto_asym_xform xform;
@@ -2107,6 +2136,12 @@ _test_sm2_enc(bool rnd_secret)
int ret, status = TEST_SUCCESS;
void *sess = NULL;
+ /* Check SM2 capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -2123,7 +2158,10 @@ _test_sm2_enc(bool rnd_secret)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
- xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ xform.ec.hash = RTE_CRYPTO_AUTH_NULL;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
@@ -2149,7 +2187,7 @@ _test_sm2_enc(bool rnd_secret)
asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
- if (rnd_secret) {
+ if (capa->internal_rng != 0) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -2195,7 +2233,7 @@ _test_sm2_enc(bool rnd_secret)
debug_hexdump(stdout, "cipher:",
asym_op->sm2.cipher.data, asym_op->sm2.cipher.length);
- if (!rnd_secret) {
+ if (capa->internal_rng == 0) {
if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data,
asym_op->sm2.cipher.length) != 0) {
status = TEST_FAILED;
@@ -2259,25 +2297,15 @@ _test_sm2_enc(bool rnd_secret)
return status;
};
-static int
-test_sm2_enc_rnd_secret(void)
-{
- return _test_sm2_enc(true);
-}
-
-__rte_used static int
-test_sm2_enc_plain_secret(void)
-{
- return _test_sm2_enc(false);
-}
-
static int
test_sm2_dec(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
uint8_t output_buf_m[TEST_DATA_SIZE];
@@ -2287,6 +2315,12 @@ test_sm2_dec(void)
int ret, status = TEST_SUCCESS;
void *sess = NULL;
+ /* Check SM2 capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -2303,7 +2337,10 @@ test_sm2_dec(void)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
- xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ xform.ec.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ xform.ec.hash = RTE_CRYPTO_AUTH_NULL;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
@@ -2689,9 +2726,9 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite = {
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
test_dh_keygenration),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign_rnd_secret),
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc_rnd_secret),
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_dec),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
@@ -2755,6 +2792,8 @@ static struct unit_test_suite cryptodev_octeontx_asym_testsuite = {
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
test_ecdsa_sign_verify_all_curve),
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
test_ecpm_all_curve),
TEST_CASES_END() /**< NULL terminate unit test array */
@@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params {
rte_crypto_param id;
rte_crypto_param cipher;
rte_crypto_param message;
+ rte_crypto_param digest;
int curve;
};
@@ -46,17 +47,17 @@ static uint8_t fp256_k[] = {
};
static uint8_t fp256_sign_r[] = {
- 0xf3, 0x26, 0x10, 0xde, 0xfb, 0xbf, 0x13, 0xd4,
- 0x73, 0xb1, 0xc2, 0x80, 0x51, 0x06, 0x29, 0xf9,
- 0xfb, 0xc8, 0x11, 0xa7, 0x8d, 0x2c, 0xcb, 0x09,
- 0x7c, 0xb2, 0xcf, 0x58, 0x0b, 0x5e, 0x25, 0xff
+ 0x75, 0x2B, 0x8C, 0x15, 0x38, 0x10, 0xF6, 0xC0,
+ 0x28, 0xC9, 0x8A, 0x51, 0xD0, 0x62, 0x69, 0x4B,
+ 0xF6, 0x58, 0x06, 0xEB, 0xF1, 0x91, 0x1F, 0x15,
+ 0x8B, 0x08, 0x09, 0xF9, 0x88, 0x0A, 0x44, 0x24
};
static uint8_t fp256_sign_s[] = {
- 0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9,
- 0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9,
- 0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd,
- 0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86
+ 0x5A, 0x3C, 0x96, 0x3E, 0x1C, 0xB4, 0x19, 0xF9,
+ 0xD7, 0x78, 0xB8, 0xCE, 0xFF, 0x9D, 0xB1, 0x31,
+ 0x77, 0xDB, 0xA0, 0xFE, 0x84, 0x61, 0x1A, 0xD9,
+ 0x4E, 0xFF, 0x82, 0x13, 0x1C, 0xCA, 0x04, 0x75,
};
static uint8_t fp256_id[] = {
@@ -68,6 +69,13 @@ static uint8_t fp256_message[] = {
0x64, 0x69, 0x67, 0x65, 0x73, 0x74
};
+static uint8_t fp256_digest[] = {
+ 0x0F, 0xB5, 0xCE, 0xF3, 0x3C, 0xB7, 0xD1, 0x35,
+ 0xA9, 0x3A, 0xC7, 0xA7, 0x89, 0x2A, 0x6D, 0x9A,
+ 0xF3, 0x1E, 0xC5, 0x38, 0xD3, 0x65, 0x1B, 0xB9,
+ 0xDF, 0x5F, 0x7F, 0x4A, 0xD8, 0x89, 0x57, 0xF1
+};
+
static uint8_t fp256_cipher[] = {
0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8,
0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47,
@@ -121,6 +129,10 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
.data = fp256_message,
.length = sizeof(fp256_message),
},
+ .digest = {
+ .data = fp256_digest,
+ .length = sizeof(fp256_digest),
+ },
.cipher = {
.data = fp256_cipher,
.length = sizeof(fp256_cipher),