mbox series

[00/12] FIPS improvements

Message ID 20190826094120.22590-1-michaelsh@marvell.com (mailing list archive)
Headers show
Series FIPS improvements | expand

Message

Michael Shamis Aug. 26, 2019, 9:41 a.m. UTC
From: Michael Shamis <michaelsh@marvell.com>

Added support for ECB mode in TDES and AES.
Fixed some bugs in TDES and AES-GCM.

Michael Shamis (12):
  examples/fips: added support for SHA algorithm in FIPS tests
  examples/fips: added support for TDES ECB mode in FIPS tests
  examples/fips: added support AES ECB mode in FIPS tests
  examples/fips: fix bad return code in fips_test_parse_header()
  examples/fips: AES-GCM vectors will use aead structure
  examples/fips: set initial IV in AES-GCM if configured only salt value
  examples/fips: keep digest after crypto text
  examples/fips: AES-GCM decryption vectors fix
  examples/fips: fix KEY and PT output prints for TDES mode
  examples/fips: supported IV, PT and CT init for TDES ECB mode
  examples/fips: algorithm definition by folder if it's not in file
  examples/fips: erroneous overwrite of PLAINTEXT after DECRYPT

 examples/fips_validation/fips_validation.c    |  92 ++++++--
 examples/fips_validation/fips_validation.h    |   7 +
 .../fips_validation/fips_validation_aes.c     |   1 +
 .../fips_validation/fips_validation_gcm.c     |  39 +++-
 .../fips_validation/fips_validation_tdes.c    |   7 +
 examples/fips_validation/main.c               | 204 +++++++++++++++---
 6 files changed, 301 insertions(+), 49 deletions(-)

Comments

Akhil Goyal Sept. 4, 2019, 10:14 a.m. UTC | #1
Hi Michael,

Please try to improve descriptions and patch titles as per the suggestions given below.
There are many patches which are fixes. Are the eligible for backport to stable branches?
The support which is getting added, is it eligible for documentation update for the application.

-Akhil

> 
> Added support for ECB mode in TDES and AES.
> Fixed some bugs in TDES and AES-GCM.
> 
> Michael Shamis (12):
>   examples/fips: added support for SHA algorithm in FIPS tests
examples/fips_validation: support SHA

>   examples/fips: added support for TDES ECB mode in FIPS tests
examples/fips_validation: support TDES ECB

>   examples/fips: added support AES ECB mode in FIPS tests
examples/fips_validation: support AES ECB

>   examples/fips: fix bad return code in fips_test_parse_header()
examples/fips_validation: fix bad return value
Can be a separate patch from this set. Also send to stable.

>   examples/fips: AES-GCM vectors will use aead structure
examples/fips_validation: use AEAD based structs for AES-GCM
rather it is a fix and should be sent to stable and the title would be 
examples/fips_validation: fix structs used for AES-GCM

>   examples/fips: set initial IV in AES-GCM if configured only salt value
examples/fips_validation: initialize IV for AES-GCM

>   examples/fips: keep digest after crypto text
examples/fips_validation: move digest after cipher text

>   examples/fips: AES-GCM decryption vectors fix
examples/fips_validation: fix AES-GCM decryption vector
Add fixes line and cc stable. Can be a separate patchset for fixes.

>   examples/fips: fix KEY and PT output prints for TDES mode
Does not have a patch description and title does not look to justify the patch.

>   examples/fips: supported IV, PT and CT init for TDES ECB mode
Again there is no patch description and title is pretty long. Try to make it short.

>   examples/fips: algorithm definition by folder if it's not in file
examples/fips_validation: improve algo parsing logic
update description text to elaborate the need for this logic

>   examples/fips: erroneous overwrite of PLAINTEXT after DECRYPT
examples/fips_validation: fix plain text overwrite
send to stable and add fixes line.

> 
>  examples/fips_validation/fips_validation.c    |  92 ++++++--
>  examples/fips_validation/fips_validation.h    |   7 +
>  .../fips_validation/fips_validation_aes.c     |   1 +
>  .../fips_validation/fips_validation_gcm.c     |  39 +++-
>  .../fips_validation/fips_validation_tdes.c    |   7 +
>  examples/fips_validation/main.c               | 204 +++++++++++++++---
>  6 files changed, 301 insertions(+), 49 deletions(-)
> 
> --
> 2.23.0
Michael Shamis Sept. 15, 2019, 10:47 a.m. UTC | #2
Hi Akhil,

I send 2 patch sets: one for new functionality support and another one for fixes.
One patch was sent separately from both of the sets according to your requirement:

>>   examples/fips: fix bad return code in fips_test_parse_header()
>examples/fips_validation: fix bad return value Can be a separate patch from this set. Also send to stable.

Please instruct me how to send the patches to stable.

Thanks,
Michael

-----Original Message-----
From: Akhil Goyal <akhil.goyal@nxp.com> 
Sent: Wednesday, September 4, 2019 1:14 PM
To: Michael Shamis <michaelsh@marvell.com>; marko.kovacevic@intel.com
Cc: dev@dpdk.org; Liron Himi <lironh@marvell.com>
Subject: [EXT] RE: [dpdk-dev] [PATCH 00/12] FIPS improvements

External Email

----------------------------------------------------------------------
Hi Michael,

Please try to improve descriptions and patch titles as per the suggestions given below.
There are many patches which are fixes. Are the eligible for backport to stable branches?
The support which is getting added, is it eligible for documentation update for the application.

-Akhil

> 
> Added support for ECB mode in TDES and AES.
> Fixed some bugs in TDES and AES-GCM.
> 
> Michael Shamis (12):
>   examples/fips: added support for SHA algorithm in FIPS tests
examples/fips_validation: support SHA

>   examples/fips: added support for TDES ECB mode in FIPS tests
examples/fips_validation: support TDES ECB

>   examples/fips: added support AES ECB mode in FIPS tests
examples/fips_validation: support AES ECB

>   examples/fips: fix bad return code in fips_test_parse_header()
examples/fips_validation: fix bad return value Can be a separate patch from this set. Also send to stable.

>   examples/fips: AES-GCM vectors will use aead structure
examples/fips_validation: use AEAD based structs for AES-GCM rather it is a fix and should be sent to stable and the title would be
examples/fips_validation: fix structs used for AES-GCM

>   examples/fips: set initial IV in AES-GCM if configured only salt 
> value
examples/fips_validation: initialize IV for AES-GCM

>   examples/fips: keep digest after crypto text
examples/fips_validation: move digest after cipher text

>   examples/fips: AES-GCM decryption vectors fix
examples/fips_validation: fix AES-GCM decryption vector Add fixes line and cc stable. Can be a separate patchset for fixes.

>   examples/fips: fix KEY and PT output prints for TDES mode
Does not have a patch description and title does not look to justify the patch.

>   examples/fips: supported IV, PT and CT init for TDES ECB mode
Again there is no patch description and title is pretty long. Try to make it short.

>   examples/fips: algorithm definition by folder if it's not in file
examples/fips_validation: improve algo parsing logic update description text to elaborate the need for this logic

>   examples/fips: erroneous overwrite of PLAINTEXT after DECRYPT
examples/fips_validation: fix plain text overwrite send to stable and add fixes line.

> 
>  examples/fips_validation/fips_validation.c    |  92 ++++++--
>  examples/fips_validation/fips_validation.h    |   7 +
>  .../fips_validation/fips_validation_aes.c     |   1 +
>  .../fips_validation/fips_validation_gcm.c     |  39 +++-
>  .../fips_validation/fips_validation_tdes.c    |   7 +
>  examples/fips_validation/main.c               | 204 +++++++++++++++---
>  6 files changed, 301 insertions(+), 49 deletions(-)
> 
> --
> 2.23.0
Akhil Goyal Sept. 16, 2019, 8:57 a.m. UTC | #3
> 
> Hi Akhil,
> 
> I send 2 patch sets: one for new functionality support and another one for fixes.
> One patch was sent separately from both of the sets according to your
> requirement:

Ok will have a look.
Thanks.
> 
> >>   examples/fips: fix bad return code in fips_test_parse_header()
> >examples/fips_validation: fix bad return value Can be a separate patch from
> this set. Also send to stable.
> 
> Please instruct me how to send the patches to stable.
You just need to cc stable@dpdk.org and add this in the commit message as well below the fixes line.
You can check the git log for reference for the fixes.

I will do this when I will apply the patch.
You can take care of this in future.

Thanks,
Akhil
> 
> Thanks,
> Michael
> 
> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Wednesday, September 4, 2019 1:14 PM
> To: Michael Shamis <michaelsh@marvell.com>; marko.kovacevic@intel.com
> Cc: dev@dpdk.org; Liron Himi <lironh@marvell.com>
> Subject: [EXT] RE: [dpdk-dev] [PATCH 00/12] FIPS improvements
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi Michael,
> 
> Please try to improve descriptions and patch titles as per the suggestions given
> below.
> There are many patches which are fixes. Are the eligible for backport to stable
> branches?
> The support which is getting added, is it eligible for documentation update for
> the application.
> 
> -Akhil
> 
> >
> > Added support for ECB mode in TDES and AES.
> > Fixed some bugs in TDES and AES-GCM.
> >
> > Michael Shamis (12):
> >   examples/fips: added support for SHA algorithm in FIPS tests
> examples/fips_validation: support SHA
> 
> >   examples/fips: added support for TDES ECB mode in FIPS tests
> examples/fips_validation: support TDES ECB
> 
> >   examples/fips: added support AES ECB mode in FIPS tests
> examples/fips_validation: support AES ECB
> 
> >   examples/fips: fix bad return code in fips_test_parse_header()
> examples/fips_validation: fix bad return value Can be a separate patch from this
> set. Also send to stable.
> 
> >   examples/fips: AES-GCM vectors will use aead structure
> examples/fips_validation: use AEAD based structs for AES-GCM rather it is a fix
> and should be sent to stable and the title would be
> examples/fips_validation: fix structs used for AES-GCM
> 
> >   examples/fips: set initial IV in AES-GCM if configured only salt
> > value
> examples/fips_validation: initialize IV for AES-GCM
> 
> >   examples/fips: keep digest after crypto text
> examples/fips_validation: move digest after cipher text
> 
> >   examples/fips: AES-GCM decryption vectors fix
> examples/fips_validation: fix AES-GCM decryption vector Add fixes line and cc
> stable. Can be a separate patchset for fixes.
> 
> >   examples/fips: fix KEY and PT output prints for TDES mode
> Does not have a patch description and title does not look to justify the patch.
> 
> >   examples/fips: supported IV, PT and CT init for TDES ECB mode
> Again there is no patch description and title is pretty long. Try to make it short.
> 
> >   examples/fips: algorithm definition by folder if it's not in file
> examples/fips_validation: improve algo parsing logic update description text to
> elaborate the need for this logic
> 
> >   examples/fips: erroneous overwrite of PLAINTEXT after DECRYPT
> examples/fips_validation: fix plain text overwrite send to stable and add fixes
> line.
> 
> >
> >  examples/fips_validation/fips_validation.c    |  92 ++++++--
> >  examples/fips_validation/fips_validation.h    |   7 +
> >  .../fips_validation/fips_validation_aes.c     |   1 +
> >  .../fips_validation/fips_validation_gcm.c     |  39 +++-
> >  .../fips_validation/fips_validation_tdes.c    |   7 +
> >  examples/fips_validation/main.c               | 204 +++++++++++++++---
> >  6 files changed, 301 insertions(+), 49 deletions(-)
> >
> > --
> > 2.23.0
Michael Shamis Oct. 1, 2019, 11:22 a.m. UTC | #4
From: Michael Shamis <michaelsh@marvell.com>

v3:
Changed patch names to comply DPDK contributing
requirements
v2:
fips_validation-separation-between-HMAC-SHA.patch
has been moved to fix patch
 
Michael Shamis (3):
  examples/fips_validation: add TDES ECB support
  examples/fips_validation: add AES ECB support
  examples/fips_validation: separate ECB and CBC

 examples/fips_validation/fips_validation.c    |   1 +
 examples/fips_validation/fips_validation.h    |   7 +
 .../fips_validation/fips_validation_aes.c     |   1 +
 .../fips_validation/fips_validation_tdes.c    |   7 +
 examples/fips_validation/main.c               | 189 +++++++++++++++---
 5 files changed, 179 insertions(+), 26 deletions(-)
Akhil Goyal Oct. 4, 2019, 10:33 a.m. UTC | #5
Hi Marko,

Could you please review this series.

Regards,
Akhil

> -----Original Message-----
> From: michaelsh@marvell.com <michaelsh@marvell.com>
> Sent: Tuesday, October 1, 2019 4:53 PM
> To: Akhil Goyal <akhil.goyal@nxp.com>
> Cc: dev@dpdk.org; marko.kovacevic@intel.com; lironh@marvell.com;
> michaelsh@marvell.com
> Subject: [PATCH v3 0/3] support ECB for AES and TDES
> 
> From: Michael Shamis <michaelsh@marvell.com>
> 
> v3:
> Changed patch names to comply DPDK contributing
> requirements
> v2:
> fips_validation-separation-between-HMAC-SHA.patch
> has been moved to fix patch
> 
> Michael Shamis (3):
>   examples/fips_validation: add TDES ECB support
>   examples/fips_validation: add AES ECB support
>   examples/fips_validation: separate ECB and CBC
> 
>  examples/fips_validation/fips_validation.c    |   1 +
>  examples/fips_validation/fips_validation.h    |   7 +
>  .../fips_validation/fips_validation_aes.c     |   1 +
>  .../fips_validation/fips_validation_tdes.c    |   7 +
>  examples/fips_validation/main.c               | 189 +++++++++++++++---
>  5 files changed, 179 insertions(+), 26 deletions(-)
> 
> --
> 2.23.0
Akhil Goyal Oct. 15, 2019, 1:40 p.m. UTC | #6
Hi Marko,

A kind reminder.
We are approaching RC1 date. Could you please review this series?

Regards,
Akhil
> -----Original Message-----
> From: Akhil Goyal
> Sent: Friday, October 4, 2019 4:04 PM
> To: marko.kovacevic@intel.com
> Cc: dev@dpdk.org; lironh@marvell.com; michaelsh@marvell.com
> Subject: RE: [PATCH v3 0/3] support ECB for AES and TDES
> 
> Hi Marko,
> 
> Could you please review this series.
> 
> Regards,
> Akhil
> 
> > -----Original Message-----
> > From: michaelsh@marvell.com <michaelsh@marvell.com>
> > Sent: Tuesday, October 1, 2019 4:53 PM
> > To: Akhil Goyal <akhil.goyal@nxp.com>
> > Cc: dev@dpdk.org; marko.kovacevic@intel.com; lironh@marvell.com;
> > michaelsh@marvell.com
> > Subject: [PATCH v3 0/3] support ECB for AES and TDES
> >
> > From: Michael Shamis <michaelsh@marvell.com>
> >
> > v3:
> > Changed patch names to comply DPDK contributing
> > requirements
> > v2:
> > fips_validation-separation-between-HMAC-SHA.patch
> > has been moved to fix patch
> >
> > Michael Shamis (3):
> >   examples/fips_validation: add TDES ECB support
> >   examples/fips_validation: add AES ECB support
> >   examples/fips_validation: separate ECB and CBC
> >
> >  examples/fips_validation/fips_validation.c    |   1 +
> >  examples/fips_validation/fips_validation.h    |   7 +
> >  .../fips_validation/fips_validation_aes.c     |   1 +
> >  .../fips_validation/fips_validation_tdes.c    |   7 +
> >  examples/fips_validation/main.c               | 189 +++++++++++++++---
> >  5 files changed, 179 insertions(+), 26 deletions(-)
> >
> > --
> > 2.23.0
Akhil Goyal Oct. 15, 2019, 2:03 p.m. UTC | #7
> > > -----Original Message-----
> > > From: michaelsh@marvell.com <michaelsh@marvell.com>
> > > Sent: Tuesday, October 1, 2019 4:53 PM
> > > To: Akhil Goyal <akhil.goyal@nxp.com>
> > > Cc: dev@dpdk.org; marko.kovacevic@intel.com; lironh@marvell.com;
> > > michaelsh@marvell.com
> > > Subject: [PATCH v3 0/3] support ECB for AES and TDES
> > >
> > > From: Michael Shamis <michaelsh@marvell.com>
> > >
> > > v3:
> > > Changed patch names to comply DPDK contributing
> > > requirements
> > > v2:
> > > fips_validation-separation-between-HMAC-SHA.patch
> > > has been moved to fix patch
> > >
> > > Michael Shamis (3):
> > >   examples/fips_validation: add TDES ECB support
> > >   examples/fips_validation: add AES ECB support
> > >   examples/fips_validation: separate ECB and CBC
> > >
> > >  examples/fips_validation/fips_validation.c    |   1 +
> > >  examples/fips_validation/fips_validation.h    |   7 +
> > >  .../fips_validation/fips_validation_aes.c     |   1 +
> > >  .../fips_validation/fips_validation_tdes.c    |   7 +
> > >  examples/fips_validation/main.c               | 189 +++++++++++++++---
> > >  5 files changed, 179 insertions(+), 26 deletions(-)
> > >
> > > --
> > > 2.23.0
Applied to dpdk-next-crypto

Thanks.