[1/8] examples/fips_validation: enhance getopt_long usage
Checks
Commit Message
Instead of using getopt_long return value, strcmp was used to
compare the input parameters with the struct option array. This
patch get rid of all those strcmp by directly binding each longopt
with an int enum.
Bugzilla ID: 238
Fixes: 3d0fad56b74 ("examples/fips_validation: add crypto FIPS application"}
Cc: marko.kovacevic@intel.com
Reported-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ibtisam Tariq <ibtisam.tariq@emumba.com>
---
examples/fips_validation/main.c | 241 +++++++++++++++++++-------------
1 file changed, 143 insertions(+), 98 deletions(-)
Comments
Hello Ibtisam,
On Thu, Oct 29, 2020 at 1:55 PM Ibtisam Tariq <ibtisam.tariq@emumba.com> wrote:
>
> Instead of using getopt_long return value, strcmp was used to
> compare the input parameters with the struct option array. This
> patch get rid of all those strcmp by directly binding each longopt
> with an int enum.
>
> Bugzilla ID: 238
> Fixes: 3d0fad56b74 ("examples/fips_validation: add crypto FIPS application"}
I consider this bz as an enhancement, for better readability /
consistency in the project code.
This is not a bugfix, and I would not flag the patches with a Fixes: tag.
> Cc: marko.kovacevic@intel.com
>
> Reported-by: David Marchand <david.marchand@redhat.com>
> Signed-off-by: Ibtisam Tariq <ibtisam.tariq@emumba.com>
> ---
> examples/fips_validation/main.c | 241 +++++++++++++++++++-------------
> 1 file changed, 143 insertions(+), 98 deletions(-)
>
> diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
> index 07532c956..5fb76b421 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -15,17 +15,31 @@
> #include "fips_validation.h"
> #include "fips_dev_self_test.h"
>
> +enum{
Missing space.
The _KEYWORD suffix gives no info and can be dropped in all those
defines / enums.
> #define REQ_FILE_PATH_KEYWORD "req-file"
> + /* first long only option value must be >= 256, so that we won't
> + * conflict with short options
> + */
This comment is copied from the EAL header, but there is no mapping to
a short option in this example.
You can drop it.
> + REQ_FILE_PATH_KEYWORD_NUM = 256,
> #define RSP_FILE_PATH_KEYWORD "rsp-file"
> + RSP_FILE_PATH_KEYWORD_NUM,
> #define MBUF_DATAROOM_KEYWORD "mbuf-dataroom"
> + MBUF_DATAROOM_KEYWORD_NUM,
> #define FOLDER_KEYWORD "path-is-folder"
> + FOLDER_KEYWORD_NUM,
> #define CRYPTODEV_KEYWORD "cryptodev"
> + CRYPTODEV_KEYWORD_NUM,
> #define CRYPTODEV_ID_KEYWORD "cryptodev-id"
> + CRYPTODEV_ID_KEYWORD_NUM,
> #define CRYPTODEV_ST_KEYWORD "self-test"
> + CRYPTODEV_ST_KEYWORD_NUM,
> #define CRYPTODEV_BK_ID_KEYWORD "broken-test-id"
> + CRYPTODEV_BK_ID_KEYWORD_NUM,
> #define CRYPTODEV_BK_DIR_KEY "broken-test-dir"
> + CRYPTODEV_BK_DIR_KEY_NUM,
Those next two defines have nothing to do with getopt options and they
are only used once.
You can directly replace them as their fixed string later in the
parsing code, and drop the defines.
> #define CRYPTODEV_ENC_KEYWORD "enc"
> #define CRYPTODEV_DEC_KEYWORD "dec"
> +};
>
> struct fips_test_vector vec;
> struct fips_test_interim_info info;
> @@ -226,15 +240,24 @@ cryptodev_fips_validate_parse_args(int argc, char **argv)
> char **argvopt;
> int option_index;
> struct option lgopts[] = {
> - {REQ_FILE_PATH_KEYWORD, required_argument, 0, 0},
> - {RSP_FILE_PATH_KEYWORD, required_argument, 0, 0},
> - {FOLDER_KEYWORD, no_argument, 0, 0},
> - {MBUF_DATAROOM_KEYWORD, required_argument, 0, 0},
> - {CRYPTODEV_KEYWORD, required_argument, 0, 0},
> - {CRYPTODEV_ID_KEYWORD, required_argument, 0, 0},
> - {CRYPTODEV_ST_KEYWORD, no_argument, 0, 0},
> - {CRYPTODEV_BK_ID_KEYWORD, required_argument, 0, 0},
> - {CRYPTODEV_BK_DIR_KEY, required_argument, 0, 0},
Single indent is enough.
> + {REQ_FILE_PATH_KEYWORD, required_argument,
> + NULL, REQ_FILE_PATH_KEYWORD_NUM},
> + {RSP_FILE_PATH_KEYWORD, required_argument,
> + NULL, RSP_FILE_PATH_KEYWORD_NUM},
> + {FOLDER_KEYWORD, no_argument,
> + NULL, FOLDER_KEYWORD_NUM},
> + {MBUF_DATAROOM_KEYWORD, required_argument,
> + NULL, MBUF_DATAROOM_KEYWORD_NUM},
> + {CRYPTODEV_KEYWORD, required_argument,
> + NULL, CRYPTODEV_KEYWORD_NUM},
> + {CRYPTODEV_ID_KEYWORD, required_argument,
> + NULL, CRYPTODEV_ID_KEYWORD_NUM},
> + {CRYPTODEV_ST_KEYWORD, no_argument,
> + NULL, CRYPTODEV_ST_KEYWORD_NUM},
> + {CRYPTODEV_BK_ID_KEYWORD, required_argument,
> + NULL, CRYPTODEV_BK_ID_KEYWORD_NUM},
> + {CRYPTODEV_BK_DIR_KEY, required_argument,
> + NULL, CRYPTODEV_BK_DIR_KEY_NUM},
> {NULL, 0, 0, 0}
> };
>
> @@ -251,105 +274,127 @@ cryptodev_fips_validate_parse_args(int argc, char **argv)
> while ((opt = getopt_long(argc, argvopt, "s:",
> lgopts, &option_index)) != EOF) {
>
> + if (opt == '?') {
> + cryptodev_fips_validate_usage(prgname);
> + return -1;
> + }
> +
> switch (opt) {
> - case 0:
> - if (strcmp(lgopts[option_index].name,
> - REQ_FILE_PATH_KEYWORD) == 0)
> - env.req_path = optarg;
> - else if (strcmp(lgopts[option_index].name,
> - RSP_FILE_PATH_KEYWORD) == 0)
> - env.rsp_path = optarg;
> - else if (strcmp(lgopts[option_index].name,
> - FOLDER_KEYWORD) == 0)
> - env.is_path_folder = 1;
> - else if (strcmp(lgopts[option_index].name,
> - CRYPTODEV_KEYWORD) == 0) {
> - ret = parse_cryptodev_arg(optarg);
> - if (ret < 0) {
> - cryptodev_fips_validate_usage(prgname);
> - return -EINVAL;
> - }
> - } else if (strcmp(lgopts[option_index].name,
> - CRYPTODEV_ID_KEYWORD) == 0) {
> - ret = parse_cryptodev_id_arg(optarg);
> - if (ret < 0) {
> - cryptodev_fips_validate_usage(prgname);
> - return -EINVAL;
> - }
> - } else if (strcmp(lgopts[option_index].name,
> - CRYPTODEV_ST_KEYWORD) == 0) {
> - env.self_test = 1;
> - } else if (strcmp(lgopts[option_index].name,
> - CRYPTODEV_BK_ID_KEYWORD) == 0) {
> - if (!env.broken_test_config) {
> - env.broken_test_config = rte_malloc(
> - NULL,
> - sizeof(*env.broken_test_config),
> - 0);
> - if (!env.broken_test_config)
> - return -ENOMEM;
> -
> - env.broken_test_config->expect_fail_dir =
> - self_test_dir_enc_auth_gen;
> - }
> + case REQ_FILE_PATH_KEYWORD_NUM:
> + {
Unless you need a temp variable, there is no need for a block for each
case: statement.
Simply:
case REQ_FILE_PATH_NUM:
env.req_path = optarg;
break;
> + env.req_path = optarg;
> + break;
> + }
> + case RSP_FILE_PATH_KEYWORD_NUM:
> + {
> + env.rsp_path = optarg;
> + break;
> + }
> + case FOLDER_KEYWORD_NUM:
> + {
> + env.is_path_folder = 1;
> + break;
> + }
> + case CRYPTODEV_KEYWORD_NUM:
> + {
> + ret = parse_cryptodev_arg(optarg);
> + if (ret < 0) {
> + cryptodev_fips_validate_usage(prgname);
> + return -EINVAL;
> + }
>
> - if (parser_read_uint32(
> - &env.broken_test_config->expect_fail_test_idx,
> - optarg) < 0) {
> - rte_free(env.broken_test_config);
> - cryptodev_fips_validate_usage(prgname);
> - return -EINVAL;
> - }
> - } else if (strcmp(lgopts[option_index].name,
> - CRYPTODEV_BK_DIR_KEY) == 0) {
> - if (!env.broken_test_config) {
> - env.broken_test_config = rte_malloc(
> - NULL,
> - sizeof(*env.broken_test_config),
> - 0);
> - if (!env.broken_test_config)
> - return -ENOMEM;
> -
> - env.broken_test_config->
> - expect_fail_test_idx = 0;
> - }
> + break;
> + }
> + case CRYPTODEV_ID_KEYWORD_NUM:
> + {
> + ret = parse_cryptodev_id_arg(optarg);
> + if (ret < 0) {
> + cryptodev_fips_validate_usage(prgname);
> + return -EINVAL;
> + }
> + break;
> + }
> + case CRYPTODEV_ST_KEYWORD_NUM:
> + {
> + env.self_test = 1;
> + break;
> + }
> + case CRYPTODEV_BK_ID_KEYWORD_NUM:
> + {
> + if (!env.broken_test_config) {
> + env.broken_test_config = rte_malloc(
> + NULL,
> + sizeof(*env.broken_test_config),
> + 0);
> + if (!env.broken_test_config)
> + return -ENOMEM;
> +
> + env.broken_test_config->expect_fail_dir =
> + self_test_dir_enc_auth_gen;
> + }
>
> - if (strcmp(optarg, CRYPTODEV_ENC_KEYWORD) == 0)
> - env.broken_test_config->expect_fail_dir =
> - self_test_dir_enc_auth_gen;
> - else if (strcmp(optarg, CRYPTODEV_DEC_KEYWORD)
> - == 0)
> - env.broken_test_config->expect_fail_dir =
> - self_test_dir_dec_auth_verify;
> - else {
> - rte_free(env.broken_test_config);
> - cryptodev_fips_validate_usage(prgname);
> - return -EINVAL;
> - }
> - } else if (strcmp(lgopts[option_index].name,
> - MBUF_DATAROOM_KEYWORD) == 0) {
> - uint32_t data_room_size;
> -
> - if (parser_read_uint32(&data_room_size,
> - optarg) < 0) {
> - cryptodev_fips_validate_usage(prgname);
> - return -EINVAL;
> - }
> + if (parser_read_uint32(
> + &env.broken_test_config->expect_fail_test_idx,
> + optarg) < 0) {
> + rte_free(env.broken_test_config);
> + cryptodev_fips_validate_usage(prgname);
> + return -EINVAL;
> + }
> + break;
> + }
> + case CRYPTODEV_BK_DIR_KEY_NUM:
> + {
> + if (!env.broken_test_config) {
> + env.broken_test_config = rte_malloc(
> + NULL,
> + sizeof(*env.broken_test_config),
> + 0);
> + if (!env.broken_test_config)
> + return -ENOMEM;
> +
> + env.broken_test_config->
> + expect_fail_test_idx = 0;
> + }
>
> - if (data_room_size == 0 ||
> - data_room_size > UINT16_MAX) {
> - cryptodev_fips_validate_usage(prgname);
> - return -EINVAL;
> - }
> + if (strcmp(optarg, CRYPTODEV_ENC_KEYWORD) == 0)
> + env.broken_test_config->expect_fail_dir =
> + self_test_dir_enc_auth_gen;
> + else if (strcmp(optarg, CRYPTODEV_DEC_KEYWORD)
> + == 0)
> + env.broken_test_config->expect_fail_dir =
> + self_test_dir_dec_auth_verify;
> + else {
> + rte_free(env.broken_test_config);
> + cryptodev_fips_validate_usage(prgname);
> + return -EINVAL;
> + }
> + break;
> + }
> + case MBUF_DATAROOM_KEYWORD_NUM:
> + {
> + uint32_t data_room_size;
Here, I don't think we need a temp storage.
If the value is invalid, the parsing and then init will fail.
You can directly pass &env.mbuf_data_room to parser_read_uint32 and
check its value.
>
> - env.mbuf_data_room = data_room_size;
> - } else {
> + if (parser_read_uint32(&data_room_size,
> + optarg) < 0) {
> cryptodev_fips_validate_usage(prgname);
> return -EINVAL;
> }
> +
> + if (data_room_size == 0 ||
> + data_room_size > UINT16_MAX) {
> + cryptodev_fips_validate_usage(prgname);
> + return -EINVAL;
> + }
> +
> + env.mbuf_data_room = data_room_size;
> +
> break;
> + }
> default:
> - return -1;
> + {
> + cryptodev_fips_validate_usage(prgname);
> + return -EINVAL;
> + }
> }
> }
>
> --
> 2.17.1
>
I did not look too much at the rest of the series, but I guess most of
those comments apply to other patches.
Hi David,
Thank you for reviewing the patch. I will submit the v2 of the patchset
with new updates.
On Fri, Oct 30, 2020 at 3:07 AM David Marchand <david.marchand@redhat.com>
wrote:
> Hello Ibtisam,
>
> On Thu, Oct 29, 2020 at 1:55 PM Ibtisam Tariq <ibtisam.tariq@emumba.com>
> wrote:
> >
> > Instead of using getopt_long return value, strcmp was used to
> > compare the input parameters with the struct option array. This
> > patch get rid of all those strcmp by directly binding each longopt
> > with an int enum.
> >
> > Bugzilla ID: 238
> > Fixes: 3d0fad56b74 ("examples/fips_validation: add crypto FIPS
> application"}
>
> I consider this bz as an enhancement, for better readability /
> consistency in the project code.
> This is not a bugfix, and I would not flag the patches with a Fixes: tag.
>
>
> > Cc: marko.kovacevic@intel.com
> >
> > Reported-by: David Marchand <david.marchand@redhat.com>
> > Signed-off-by: Ibtisam Tariq <ibtisam.tariq@emumba.com>
> > ---
> > examples/fips_validation/main.c | 241 +++++++++++++++++++-------------
> > 1 file changed, 143 insertions(+), 98 deletions(-)
> >
> > diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c
> > index 07532c956..5fb76b421 100644
> > --- a/examples/fips_validation/main.c
> > +++ b/examples/fips_validation/main.c
> > @@ -15,17 +15,31 @@
> > #include "fips_validation.h"
> > #include "fips_dev_self_test.h"
> >
> > +enum{
>
> Missing space.
>
>
> The _KEYWORD suffix gives no info and can be dropped in all those
> defines / enums.
>
> > #define REQ_FILE_PATH_KEYWORD "req-file"
> > + /* first long only option value must be >= 256, so that we won't
> > + * conflict with short options
> > + */
>
> This comment is copied from the EAL header, but there is no mapping to
> a short option in this example.
> You can drop it.
>
> > + REQ_FILE_PATH_KEYWORD_NUM = 256,
> > #define RSP_FILE_PATH_KEYWORD "rsp-file"
> > + RSP_FILE_PATH_KEYWORD_NUM,
> > #define MBUF_DATAROOM_KEYWORD "mbuf-dataroom"
> > + MBUF_DATAROOM_KEYWORD_NUM,
> > #define FOLDER_KEYWORD "path-is-folder"
> > + FOLDER_KEYWORD_NUM,
> > #define CRYPTODEV_KEYWORD "cryptodev"
> > + CRYPTODEV_KEYWORD_NUM,
> > #define CRYPTODEV_ID_KEYWORD "cryptodev-id"
> > + CRYPTODEV_ID_KEYWORD_NUM,
> > #define CRYPTODEV_ST_KEYWORD "self-test"
> > + CRYPTODEV_ST_KEYWORD_NUM,
> > #define CRYPTODEV_BK_ID_KEYWORD "broken-test-id"
> > + CRYPTODEV_BK_ID_KEYWORD_NUM,
> > #define CRYPTODEV_BK_DIR_KEY "broken-test-dir"
> > + CRYPTODEV_BK_DIR_KEY_NUM,
>
>
> Those next two defines have nothing to do with getopt options and they
> are only used once.
> You can directly replace them as their fixed string later in the
> parsing code, and drop the defines.
>
>
> > #define CRYPTODEV_ENC_KEYWORD "enc"
> > #define CRYPTODEV_DEC_KEYWORD "dec"
> > +};
> >
> > struct fips_test_vector vec;
> > struct fips_test_interim_info info;
> > @@ -226,15 +240,24 @@ cryptodev_fips_validate_parse_args(int argc, char
> **argv)
> > char **argvopt;
> > int option_index;
> > struct option lgopts[] = {
> > - {REQ_FILE_PATH_KEYWORD, required_argument, 0, 0},
> > - {RSP_FILE_PATH_KEYWORD, required_argument, 0, 0},
> > - {FOLDER_KEYWORD, no_argument, 0, 0},
> > - {MBUF_DATAROOM_KEYWORD, required_argument, 0, 0},
> > - {CRYPTODEV_KEYWORD, required_argument, 0, 0},
> > - {CRYPTODEV_ID_KEYWORD, required_argument, 0, 0},
> > - {CRYPTODEV_ST_KEYWORD, no_argument, 0, 0},
> > - {CRYPTODEV_BK_ID_KEYWORD, required_argument, 0,
> 0},
> > - {CRYPTODEV_BK_DIR_KEY, required_argument, 0, 0},
>
> Single indent is enough.
>
>
> > + {REQ_FILE_PATH_KEYWORD, required_argument,
> > + NULL, REQ_FILE_PATH_KEYWORD_NUM},
> > + {RSP_FILE_PATH_KEYWORD, required_argument,
> > + NULL, RSP_FILE_PATH_KEYWORD_NUM},
> > + {FOLDER_KEYWORD, no_argument,
> > + NULL, FOLDER_KEYWORD_NUM},
> > + {MBUF_DATAROOM_KEYWORD, required_argument,
> > + NULL, MBUF_DATAROOM_KEYWORD_NUM},
> > + {CRYPTODEV_KEYWORD, required_argument,
> > + NULL, CRYPTODEV_KEYWORD_NUM},
> > + {CRYPTODEV_ID_KEYWORD, required_argument,
> > + NULL, CRYPTODEV_ID_KEYWORD_NUM},
> > + {CRYPTODEV_ST_KEYWORD, no_argument,
> > + NULL, CRYPTODEV_ST_KEYWORD_NUM},
> > + {CRYPTODEV_BK_ID_KEYWORD, required_argument,
> > + NULL,
> CRYPTODEV_BK_ID_KEYWORD_NUM},
> > + {CRYPTODEV_BK_DIR_KEY, required_argument,
> > + NULL, CRYPTODEV_BK_DIR_KEY_NUM},
> > {NULL, 0, 0, 0}
> > };
> >
> > @@ -251,105 +274,127 @@ cryptodev_fips_validate_parse_args(int argc,
> char **argv)
> > while ((opt = getopt_long(argc, argvopt, "s:",
> > lgopts, &option_index)) != EOF) {
> >
> > + if (opt == '?') {
> > + cryptodev_fips_validate_usage(prgname);
> > + return -1;
> > + }
> > +
> > switch (opt) {
> > - case 0:
> > - if (strcmp(lgopts[option_index].name,
> > - REQ_FILE_PATH_KEYWORD) == 0)
> > - env.req_path = optarg;
> > - else if (strcmp(lgopts[option_index].name,
> > - RSP_FILE_PATH_KEYWORD) == 0)
> > - env.rsp_path = optarg;
> > - else if (strcmp(lgopts[option_index].name,
> > - FOLDER_KEYWORD) == 0)
> > - env.is_path_folder = 1;
> > - else if (strcmp(lgopts[option_index].name,
> > - CRYPTODEV_KEYWORD) == 0) {
> > - ret = parse_cryptodev_arg(optarg);
> > - if (ret < 0) {
> > -
> cryptodev_fips_validate_usage(prgname);
> > - return -EINVAL;
> > - }
> > - } else if (strcmp(lgopts[option_index].name,
> > - CRYPTODEV_ID_KEYWORD) == 0) {
> > - ret = parse_cryptodev_id_arg(optarg);
> > - if (ret < 0) {
> > -
> cryptodev_fips_validate_usage(prgname);
> > - return -EINVAL;
> > - }
> > - } else if (strcmp(lgopts[option_index].name,
> > - CRYPTODEV_ST_KEYWORD) == 0) {
> > - env.self_test = 1;
> > - } else if (strcmp(lgopts[option_index].name,
> > - CRYPTODEV_BK_ID_KEYWORD) == 0) {
> > - if (!env.broken_test_config) {
> > - env.broken_test_config =
> rte_malloc(
> > - NULL,
> > -
> sizeof(*env.broken_test_config),
> > - 0);
> > - if (!env.broken_test_config)
> > - return -ENOMEM;
> > -
> > -
> env.broken_test_config->expect_fail_dir =
> > -
> self_test_dir_enc_auth_gen;
> > - }
> > + case REQ_FILE_PATH_KEYWORD_NUM:
> > + {
>
> Unless you need a temp variable, there is no need for a block for each
> case: statement.
> Simply:
> case REQ_FILE_PATH_NUM:
> env.req_path = optarg;
> break;
>
> > + env.req_path = optarg;
> > + break;
> > + }
> > + case RSP_FILE_PATH_KEYWORD_NUM:
> > + {
> > + env.rsp_path = optarg;
> > + break;
> > + }
> > + case FOLDER_KEYWORD_NUM:
> > + {
> > + env.is_path_folder = 1;
> > + break;
> > + }
> > + case CRYPTODEV_KEYWORD_NUM:
> > + {
> > + ret = parse_cryptodev_arg(optarg);
> > + if (ret < 0) {
> > + cryptodev_fips_validate_usage(prgname);
> > + return -EINVAL;
> > + }
> >
> > - if (parser_read_uint32(
> > -
> &env.broken_test_config->expect_fail_test_idx,
> > - optarg) < 0) {
> > - rte_free(env.broken_test_config);
> > -
> cryptodev_fips_validate_usage(prgname);
> > - return -EINVAL;
> > - }
> > - } else if (strcmp(lgopts[option_index].name,
> > - CRYPTODEV_BK_DIR_KEY) == 0) {
> > - if (!env.broken_test_config) {
> > - env.broken_test_config =
> rte_malloc(
> > - NULL,
> > -
> sizeof(*env.broken_test_config),
> > - 0);
> > - if (!env.broken_test_config)
> > - return -ENOMEM;
> > -
> > - env.broken_test_config->
> > - expect_fail_test_idx = 0;
> > - }
> > + break;
> > + }
> > + case CRYPTODEV_ID_KEYWORD_NUM:
> > + {
> > + ret = parse_cryptodev_id_arg(optarg);
> > + if (ret < 0) {
> > + cryptodev_fips_validate_usage(prgname);
> > + return -EINVAL;
> > + }
> > + break;
> > + }
> > + case CRYPTODEV_ST_KEYWORD_NUM:
> > + {
> > + env.self_test = 1;
> > + break;
> > + }
> > + case CRYPTODEV_BK_ID_KEYWORD_NUM:
> > + {
> > + if (!env.broken_test_config) {
> > + env.broken_test_config = rte_malloc(
> > + NULL,
> > + sizeof(*env.broken_test_config),
> > + 0);
> > + if (!env.broken_test_config)
> > + return -ENOMEM;
> > +
> > + env.broken_test_config->expect_fail_dir =
> > + self_test_dir_enc_auth_gen;
> > + }
> >
> > - if (strcmp(optarg,
> CRYPTODEV_ENC_KEYWORD) == 0)
> > -
> env.broken_test_config->expect_fail_dir =
> > -
> self_test_dir_enc_auth_gen;
> > - else if (strcmp(optarg,
> CRYPTODEV_DEC_KEYWORD)
> > - == 0)
> > -
> env.broken_test_config->expect_fail_dir =
> > -
> self_test_dir_dec_auth_verify;
> > - else {
> > - rte_free(env.broken_test_config);
> > -
> cryptodev_fips_validate_usage(prgname);
> > - return -EINVAL;
> > - }
> > - } else if (strcmp(lgopts[option_index].name,
> > - MBUF_DATAROOM_KEYWORD) == 0) {
> > - uint32_t data_room_size;
> > -
> > - if (parser_read_uint32(&data_room_size,
> > - optarg) < 0) {
> > -
> cryptodev_fips_validate_usage(prgname);
> > - return -EINVAL;
> > - }
> > + if (parser_read_uint32(
> > +
> &env.broken_test_config->expect_fail_test_idx,
> > + optarg) < 0) {
> > + rte_free(env.broken_test_config);
> > + cryptodev_fips_validate_usage(prgname);
> > + return -EINVAL;
> > + }
> > + break;
> > + }
> > + case CRYPTODEV_BK_DIR_KEY_NUM:
> > + {
> > + if (!env.broken_test_config) {
> > + env.broken_test_config = rte_malloc(
> > + NULL,
> > + sizeof(*env.broken_test_config),
> > + 0);
> > + if (!env.broken_test_config)
> > + return -ENOMEM;
> > +
> > + env.broken_test_config->
> > + expect_fail_test_idx = 0;
> > + }
> >
> > - if (data_room_size == 0 ||
> > - data_room_size >
> UINT16_MAX) {
> > -
> cryptodev_fips_validate_usage(prgname);
> > - return -EINVAL;
> > - }
> > + if (strcmp(optarg, CRYPTODEV_ENC_KEYWORD) == 0)
> > + env.broken_test_config->expect_fail_dir =
> > + self_test_dir_enc_auth_gen;
> > + else if (strcmp(optarg, CRYPTODEV_DEC_KEYWORD)
> > + == 0)
> > + env.broken_test_config->expect_fail_dir =
> > + self_test_dir_dec_auth_verify;
> > + else {
> > + rte_free(env.broken_test_config);
> > + cryptodev_fips_validate_usage(prgname);
> > + return -EINVAL;
> > + }
> > + break;
> > + }
> > + case MBUF_DATAROOM_KEYWORD_NUM:
> > + {
> > + uint32_t data_room_size;
>
> Here, I don't think we need a temp storage.
> If the value is invalid, the parsing and then init will fail.
> You can directly pass &env.mbuf_data_room to parser_read_uint32 and
> check its value.
>
>
> >
> > - env.mbuf_data_room = data_room_size;
> > - } else {
> > + if (parser_read_uint32(&data_room_size,
> > + optarg) < 0) {
> > cryptodev_fips_validate_usage(prgname);
> > return -EINVAL;
> > }
> > +
> > + if (data_room_size == 0 ||
> > + data_room_size > UINT16_MAX) {
> > + cryptodev_fips_validate_usage(prgname);
> > + return -EINVAL;
> > + }
> > +
> > + env.mbuf_data_room = data_room_size;
> > +
> > break;
> > + }
> > default:
> > - return -1;
> > + {
> > + cryptodev_fips_validate_usage(prgname);
> > + return -EINVAL;
> > + }
> > }
> > }
> >
> > --
> > 2.17.1
> >
>
> I did not look too much at the rest of the series, but I guess most of
> those comments apply to other patches.
>
>
> --
> David Marchand
>
>
Hello David,
In reference to this comment
> + case MBUF_DATAROOM_KEYWORD_NUM:
> + {
> + uint32_t data_room_size;
Here, I don't think we need a temp storage.
If the value is invalid, the parsing and then init will fail.
You can directly pass &env.mbuf_data_room to parser_read_uint32 and
check its value.
>
> - env.mbuf_data_room = data_room_size;
> - } else {
> + if (parser_read_uint32(&data_room_size,
> + optarg) < 0) {
> cryptodev_fips_validate_usage(prgname);
> return -EINVAL;
> }
> +
> + if (data_room_size == 0 ||
> + data_room_size > UINT16_MAX) {
> + cryptodev_fips_validate_usage(prgname);
> + return -EINVAL;
> + }
> +
> + env.mbuf_data_room = data_room_size;
> +
> break;
> + }
The type of env.mbuf_data_room is uint16_t and the temp variable type
is uint32_t. In my opinion, the temp variable size is bigger than
env.mbuf_data_room to handle overflow value.
Hello Ibtisam,
On Wed, Nov 4, 2020 at 11:00 AM Ibtisam Tariq <ibtisam.tariq@emumba.com> wrote:
> > + case MBUF_DATAROOM_KEYWORD_NUM:
> > + {
> > + uint32_t data_room_size;
>
> Here, I don't think we need a temp storage.
> If the value is invalid, the parsing and then init will fail.
> You can directly pass &env.mbuf_data_room to parser_read_uint32 and
> check its value.
>
>
>
> >
> > - env.mbuf_data_room = data_room_size;
> > - } else {
> > + if (parser_read_uint32(&data_room_size,
> > + optarg) < 0) {
> > cryptodev_fips_validate_usage(prgname);
> > return -EINVAL;
> > }
> > +
> > + if (data_room_size == 0 ||
> > + data_room_size > UINT16_MAX) {
> > + cryptodev_fips_validate_usage(prgname);
> > + return -EINVAL;
> > + }
> > +
> > + env.mbuf_data_room = data_room_size;
> > +
> > break;
> > + }
>
> The type of env.mbuf_data_room is uint16_t and the temp variable type
> is uint32_t. In my opinion, the temp variable size is bigger than
> env.mbuf_data_room to handle overflow value.
All of it could be moved to a read_uint16 parser.
WDYT?
Hello David,
IMHO, it cannot be moved to read_uint16 parser.
If we do, we can't verify that the user input value is greater than
UINT16 MAX or not on the overflow data.
> > + if (data_room_size == 0 ||
> > + data_room_size > UINT16_MAX) {
> > + cryptodev_fips_validate_usage(prgname);
> > + return -EINVAL;
> > + }
The temp variable:data_room_size is necessary to check the overflow of
the command line argument.
On Thu, Nov 5, 2020 at 1:59 PM David Marchand <david.marchand@redhat.com> wrote:
>
> Hello Ibtisam,
>
> On Wed, Nov 4, 2020 at 11:00 AM Ibtisam Tariq <ibtisam.tariq@emumba.com> wrote:
> > > + case MBUF_DATAROOM_KEYWORD_NUM:
> > > + {
> > > + uint32_t data_room_size;
> >
> > Here, I don't think we need a temp storage.
> > If the value is invalid, the parsing and then init will fail.
> > You can directly pass &env.mbuf_data_room to parser_read_uint32 and
> > check its value.
> >
> >
> >
> > >
> > > - env.mbuf_data_room = data_room_size;
> > > - } else {
> > > + if (parser_read_uint32(&data_room_size,
> > > + optarg) < 0) {
> > > cryptodev_fips_validate_usage(prgname);
> > > return -EINVAL;
> > > }
> > > +
> > > + if (data_room_size == 0 ||
> > > + data_room_size > UINT16_MAX) {
> > > + cryptodev_fips_validate_usage(prgname);
> > > + return -EINVAL;
> > > + }
> > > +
> > > + env.mbuf_data_room = data_room_size;
> > > +
> > > break;
> > > + }
> >
> > The type of env.mbuf_data_room is uint16_t and the temp variable type
> > is uint32_t. In my opinion, the temp variable size is bigger than
> > env.mbuf_data_room to handle overflow value.
>
> All of it could be moved to a read_uint16 parser.
> WDYT?
>
>
> --
> David Marchand
>
On Tue, Nov 10, 2020 at 7:10 AM Ibtisam Tariq <ibtisam.tariq@emumba.com> wrote:
> IMHO, it cannot be moved to read_uint16 parser.
> If we do, we can't verify that the user input value is greater than
> UINT16 MAX or not on the overflow data.
> > > + if (data_room_size == 0 ||
> > > + data_room_size > UINT16_MAX) {
> > > + cryptodev_fips_validate_usage(prgname);
> > > + return -EINVAL;
> > > + }
>
> The temp variable:data_room_size is necessary to check the overflow of
> the command line argument.
The overflow check can go to a new read_uint16 parser, like what is
done in other parsers in this example.
int
parser_read_uint32(uint32_t *value, char *p)
{
uint64_t val = 0;
int ret = parser_read_uint64(&val, p);
if (ret < 0)
return ret;
if (val > UINT32_MAX)
return -EINVAL;
*value = val;
return 0;
}
The parser_read_uint16 caller can do any additional check, here test
for 0 value.
Thanks for explaining. I got it.
I will submit the patches with new updates.
On Tue, Nov 10, 2020 at 1:23 PM David Marchand
<david.marchand@redhat.com> wrote:
>
> On Tue, Nov 10, 2020 at 7:10 AM Ibtisam Tariq <ibtisam.tariq@emumba.com> wrote:
> > IMHO, it cannot be moved to read_uint16 parser.
> > If we do, we can't verify that the user input value is greater than
> > UINT16 MAX or not on the overflow data.
> > > > + if (data_room_size == 0 ||
> > > > + data_room_size > UINT16_MAX) {
> > > > + cryptodev_fips_validate_usage(prgname);
> > > > + return -EINVAL;
> > > > + }
> >
> > The temp variable:data_room_size is necessary to check the overflow of
> > the command line argument.
>
> The overflow check can go to a new read_uint16 parser, like what is
> done in other parsers in this example.
>
> int
> parser_read_uint32(uint32_t *value, char *p)
> {
> uint64_t val = 0;
> int ret = parser_read_uint64(&val, p);
> if (ret < 0)
> return ret;
> if (val > UINT32_MAX)
> return -EINVAL;
> *value = val;
> return 0;
> }
>
> The parser_read_uint16 caller can do any additional check, here test
> for 0 value.
>
>
> --
> David Marchand
>
@@ -15,17 +15,31 @@
#include "fips_validation.h"
#include "fips_dev_self_test.h"
+enum{
#define REQ_FILE_PATH_KEYWORD "req-file"
+ /* first long only option value must be >= 256, so that we won't
+ * conflict with short options
+ */
+ REQ_FILE_PATH_KEYWORD_NUM = 256,
#define RSP_FILE_PATH_KEYWORD "rsp-file"
+ RSP_FILE_PATH_KEYWORD_NUM,
#define MBUF_DATAROOM_KEYWORD "mbuf-dataroom"
+ MBUF_DATAROOM_KEYWORD_NUM,
#define FOLDER_KEYWORD "path-is-folder"
+ FOLDER_KEYWORD_NUM,
#define CRYPTODEV_KEYWORD "cryptodev"
+ CRYPTODEV_KEYWORD_NUM,
#define CRYPTODEV_ID_KEYWORD "cryptodev-id"
+ CRYPTODEV_ID_KEYWORD_NUM,
#define CRYPTODEV_ST_KEYWORD "self-test"
+ CRYPTODEV_ST_KEYWORD_NUM,
#define CRYPTODEV_BK_ID_KEYWORD "broken-test-id"
+ CRYPTODEV_BK_ID_KEYWORD_NUM,
#define CRYPTODEV_BK_DIR_KEY "broken-test-dir"
+ CRYPTODEV_BK_DIR_KEY_NUM,
#define CRYPTODEV_ENC_KEYWORD "enc"
#define CRYPTODEV_DEC_KEYWORD "dec"
+};
struct fips_test_vector vec;
struct fips_test_interim_info info;
@@ -226,15 +240,24 @@ cryptodev_fips_validate_parse_args(int argc, char **argv)
char **argvopt;
int option_index;
struct option lgopts[] = {
- {REQ_FILE_PATH_KEYWORD, required_argument, 0, 0},
- {RSP_FILE_PATH_KEYWORD, required_argument, 0, 0},
- {FOLDER_KEYWORD, no_argument, 0, 0},
- {MBUF_DATAROOM_KEYWORD, required_argument, 0, 0},
- {CRYPTODEV_KEYWORD, required_argument, 0, 0},
- {CRYPTODEV_ID_KEYWORD, required_argument, 0, 0},
- {CRYPTODEV_ST_KEYWORD, no_argument, 0, 0},
- {CRYPTODEV_BK_ID_KEYWORD, required_argument, 0, 0},
- {CRYPTODEV_BK_DIR_KEY, required_argument, 0, 0},
+ {REQ_FILE_PATH_KEYWORD, required_argument,
+ NULL, REQ_FILE_PATH_KEYWORD_NUM},
+ {RSP_FILE_PATH_KEYWORD, required_argument,
+ NULL, RSP_FILE_PATH_KEYWORD_NUM},
+ {FOLDER_KEYWORD, no_argument,
+ NULL, FOLDER_KEYWORD_NUM},
+ {MBUF_DATAROOM_KEYWORD, required_argument,
+ NULL, MBUF_DATAROOM_KEYWORD_NUM},
+ {CRYPTODEV_KEYWORD, required_argument,
+ NULL, CRYPTODEV_KEYWORD_NUM},
+ {CRYPTODEV_ID_KEYWORD, required_argument,
+ NULL, CRYPTODEV_ID_KEYWORD_NUM},
+ {CRYPTODEV_ST_KEYWORD, no_argument,
+ NULL, CRYPTODEV_ST_KEYWORD_NUM},
+ {CRYPTODEV_BK_ID_KEYWORD, required_argument,
+ NULL, CRYPTODEV_BK_ID_KEYWORD_NUM},
+ {CRYPTODEV_BK_DIR_KEY, required_argument,
+ NULL, CRYPTODEV_BK_DIR_KEY_NUM},
{NULL, 0, 0, 0}
};
@@ -251,105 +274,127 @@ cryptodev_fips_validate_parse_args(int argc, char **argv)
while ((opt = getopt_long(argc, argvopt, "s:",
lgopts, &option_index)) != EOF) {
+ if (opt == '?') {
+ cryptodev_fips_validate_usage(prgname);
+ return -1;
+ }
+
switch (opt) {
- case 0:
- if (strcmp(lgopts[option_index].name,
- REQ_FILE_PATH_KEYWORD) == 0)
- env.req_path = optarg;
- else if (strcmp(lgopts[option_index].name,
- RSP_FILE_PATH_KEYWORD) == 0)
- env.rsp_path = optarg;
- else if (strcmp(lgopts[option_index].name,
- FOLDER_KEYWORD) == 0)
- env.is_path_folder = 1;
- else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_KEYWORD) == 0) {
- ret = parse_cryptodev_arg(optarg);
- if (ret < 0) {
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
- } else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_ID_KEYWORD) == 0) {
- ret = parse_cryptodev_id_arg(optarg);
- if (ret < 0) {
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
- } else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_ST_KEYWORD) == 0) {
- env.self_test = 1;
- } else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_BK_ID_KEYWORD) == 0) {
- if (!env.broken_test_config) {
- env.broken_test_config = rte_malloc(
- NULL,
- sizeof(*env.broken_test_config),
- 0);
- if (!env.broken_test_config)
- return -ENOMEM;
-
- env.broken_test_config->expect_fail_dir =
- self_test_dir_enc_auth_gen;
- }
+ case REQ_FILE_PATH_KEYWORD_NUM:
+ {
+ env.req_path = optarg;
+ break;
+ }
+ case RSP_FILE_PATH_KEYWORD_NUM:
+ {
+ env.rsp_path = optarg;
+ break;
+ }
+ case FOLDER_KEYWORD_NUM:
+ {
+ env.is_path_folder = 1;
+ break;
+ }
+ case CRYPTODEV_KEYWORD_NUM:
+ {
+ ret = parse_cryptodev_arg(optarg);
+ if (ret < 0) {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
- if (parser_read_uint32(
- &env.broken_test_config->expect_fail_test_idx,
- optarg) < 0) {
- rte_free(env.broken_test_config);
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
- } else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_BK_DIR_KEY) == 0) {
- if (!env.broken_test_config) {
- env.broken_test_config = rte_malloc(
- NULL,
- sizeof(*env.broken_test_config),
- 0);
- if (!env.broken_test_config)
- return -ENOMEM;
-
- env.broken_test_config->
- expect_fail_test_idx = 0;
- }
+ break;
+ }
+ case CRYPTODEV_ID_KEYWORD_NUM:
+ {
+ ret = parse_cryptodev_id_arg(optarg);
+ if (ret < 0) {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
+ }
+ case CRYPTODEV_ST_KEYWORD_NUM:
+ {
+ env.self_test = 1;
+ break;
+ }
+ case CRYPTODEV_BK_ID_KEYWORD_NUM:
+ {
+ if (!env.broken_test_config) {
+ env.broken_test_config = rte_malloc(
+ NULL,
+ sizeof(*env.broken_test_config),
+ 0);
+ if (!env.broken_test_config)
+ return -ENOMEM;
+
+ env.broken_test_config->expect_fail_dir =
+ self_test_dir_enc_auth_gen;
+ }
- if (strcmp(optarg, CRYPTODEV_ENC_KEYWORD) == 0)
- env.broken_test_config->expect_fail_dir =
- self_test_dir_enc_auth_gen;
- else if (strcmp(optarg, CRYPTODEV_DEC_KEYWORD)
- == 0)
- env.broken_test_config->expect_fail_dir =
- self_test_dir_dec_auth_verify;
- else {
- rte_free(env.broken_test_config);
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
- } else if (strcmp(lgopts[option_index].name,
- MBUF_DATAROOM_KEYWORD) == 0) {
- uint32_t data_room_size;
-
- if (parser_read_uint32(&data_room_size,
- optarg) < 0) {
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
+ if (parser_read_uint32(
+ &env.broken_test_config->expect_fail_test_idx,
+ optarg) < 0) {
+ rte_free(env.broken_test_config);
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
+ }
+ case CRYPTODEV_BK_DIR_KEY_NUM:
+ {
+ if (!env.broken_test_config) {
+ env.broken_test_config = rte_malloc(
+ NULL,
+ sizeof(*env.broken_test_config),
+ 0);
+ if (!env.broken_test_config)
+ return -ENOMEM;
+
+ env.broken_test_config->
+ expect_fail_test_idx = 0;
+ }
- if (data_room_size == 0 ||
- data_room_size > UINT16_MAX) {
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
+ if (strcmp(optarg, CRYPTODEV_ENC_KEYWORD) == 0)
+ env.broken_test_config->expect_fail_dir =
+ self_test_dir_enc_auth_gen;
+ else if (strcmp(optarg, CRYPTODEV_DEC_KEYWORD)
+ == 0)
+ env.broken_test_config->expect_fail_dir =
+ self_test_dir_dec_auth_verify;
+ else {
+ rte_free(env.broken_test_config);
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
+ }
+ case MBUF_DATAROOM_KEYWORD_NUM:
+ {
+ uint32_t data_room_size;
- env.mbuf_data_room = data_room_size;
- } else {
+ if (parser_read_uint32(&data_room_size,
+ optarg) < 0) {
cryptodev_fips_validate_usage(prgname);
return -EINVAL;
}
+
+ if (data_room_size == 0 ||
+ data_room_size > UINT16_MAX) {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+
+ env.mbuf_data_room = data_room_size;
+
break;
+ }
default:
- return -1;
+ {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
}
}