[02/12] examples/fips: added support for TDES ECB mode in FIPS tests
Checks
Commit Message
From: Michael Shamis <michaelsh@marvell.com>
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
---
examples/fips_validation/fips_validation.c | 1 +
examples/fips_validation/fips_validation.h | 7 +++++
.../fips_validation/fips_validation_tdes.c | 7 +++++
examples/fips_validation/main.c | 27 ++++++++++++++++---
4 files changed, 38 insertions(+), 4 deletions(-)
@@ -259,6 +259,7 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
fips_test_clear();
+ strcpy(info.file_name, req_file_path);
info.algo = FIPS_TEST_ALGO_MAX;
if (parse_file_type(req_file_path) < 0) {
RTE_LOG(ERR, USER1, "File %s type not supported\n",
@@ -105,6 +105,11 @@ enum fips_tdes_test_types {
TDES_MMT /* Multi block Message Test */
};
+enum fips_tdes_test_mode {
+ TDES_MODE_CBC = 0,
+ TDES_MODE_ECB
+};
+
enum fips_ccm_test_types {
CCM_VADT = 1, /* Variable Associated Data Test */
CCM_VPT, /* Variable Payload Test */
@@ -130,6 +135,7 @@ struct hmac_interim_data {
struct tdes_interim_data {
enum fips_tdes_test_types test_type;
+ enum fips_tdes_test_mode test_mode;
uint32_t nb_keys;
};
@@ -156,6 +162,7 @@ struct fips_test_interim_info {
char *vec[MAX_LINE_PER_VECTOR];
uint32_t nb_vec_lines;
char device_name[MAX_STRING_SIZE];
+ char file_name[MAX_STRING_SIZE];
union {
struct aesavs_interim_data aes_data;
@@ -12,6 +12,7 @@
#define NEW_LINE_STR "#"
#define TEST_TYPE_KEY " for CBC"
+#define TEST_TYPE_ECB_KEY " for ECB"
#define TEST_CBCI_KEY " for CBCI"
#define ENC_STR "[ENCRYPT]"
@@ -250,6 +251,12 @@ parse_test_tdes_init(void)
if (strstr(line, test_types[j].desc)) {
info.interim_info.tdes_data.test_type =
test_types[j].type;
+ if (strstr(line, TEST_TYPE_ECB_KEY))
+ info.interim_info.tdes_data.test_mode =
+ TDES_MODE_ECB;
+ else
+ info.interim_info.tdes_data.test_mode =
+ TDES_MODE_CBC;
break;
}
}
@@ -689,16 +689,24 @@ prepare_tdes_xform(struct rte_crypto_sym_xform *xform)
xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_CBC;
+ if (info.interim_info.tdes_data.test_mode == TDES_MODE_CBC)
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_CBC;
+ else
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_ECB;
cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
RTE_CRYPTO_CIPHER_OP_ENCRYPT :
RTE_CRYPTO_CIPHER_OP_DECRYPT;
cipher_xform->key.data = vec.cipher_auth.key.val;
cipher_xform->key.length = vec.cipher_auth.key.len;
- cipher_xform->iv.length = vec.iv.len;
- cipher_xform->iv.offset = IV_OFF;
- cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_3DES_CBC;
+ if (cipher_xform->algo == RTE_CRYPTO_CIPHER_3DES_CBC) {
+ cipher_xform->iv.length = vec.iv.len;
+ cipher_xform->iv.offset = IV_OFF;
+ } else {
+ cipher_xform->iv.length = 0;
+ cipher_xform->iv.offset = 0;
+ }
+ cap_idx.algo.cipher = cipher_xform->algo;
cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
@@ -1387,6 +1395,17 @@ init_test_ops(void)
test_ops.test = fips_generic_test;
break;
default:
+ if (strstr(info.file_name, "TECB") ||
+ strstr(info.file_name, "TCBC")) {
+ info.algo = FIPS_TEST_ALGO_TDES;
+ test_ops.prepare_op = prepare_cipher_op;
+ test_ops.prepare_xform = prepare_tdes_xform;
+ if (info.interim_info.tdes_data.test_type == TDES_MCT)
+ test_ops.test = fips_mct_tdes_test;
+ else
+ test_ops.test = fips_generic_test;
+ break;
+ }
return -1;
}