From patchwork Tue Sep 27 07:26:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gowrishankar Muthukrishnan X-Patchwork-Id: 116938 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E5B9DA00C2; Tue, 27 Sep 2022 09:26:27 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CDC0141133; Tue, 27 Sep 2022 09:26:25 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 0EF06410D0 for ; Tue, 27 Sep 2022 09:26:22 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28R3hT9Y016181; Tue, 27 Sep 2022 00:26:22 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=XyTEOB8FQ5R7RUNsCQai8pJ4eTedEqkFSEfxRW9Sxds=; b=eJ1lxWPCELu8fBvBn0VlBnIrE7Ew1oU7rCjBavzA+UKpirVNv8Hm2eHokbGwKdWChpgR phjLrCUN5OOpr4ye0It/hWRj8AfNJtgchRE5OR0Hh5QjOopBImtAxUVucynoAelFACRs C01eFRcX7JgTg+1j7mMnVeELuYlRcX2Jc0zrC1eMF2cVJyyNEBzq2Aili0mIMxWt9chy kyp68FelngkctglSrGOZ8/8xCw52QUHuDJALL3fDbSlPB3RsuBaewzunb2p29FxX4WnQ q+pL45E4pzfBNalOWuVtrrcUmgEUSisWEZKf9Yz2n4wCO5/yWbljTu1mIkudGlYv4V4R pA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3jt1dp8wph-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 27 Sep 2022 00:26:22 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 27 Sep 2022 00:26:20 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 27 Sep 2022 00:26:20 -0700 Received: from localhost.localdomain (unknown [10.28.34.38]) by maili.marvell.com (Postfix) with ESMTP id E8BE83F70C9; Tue, 27 Sep 2022 00:26:17 -0700 (PDT) From: Gowrishankar Muthukrishnan To: CC: Anoob Joseph , Fan Zhang , Brian Dooley , Akhil Goyal , , Gowrishankar Muthukrishnan Subject: [v2 1/7] examples/fips_validation: fix parsing test group info Date: Tue, 27 Sep 2022 12:56:06 +0530 Message-ID: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: EEVK0foPN3FkkNtMI5EAW3bNQYKBRRZ5 X-Proofpoint-GUID: EEVK0foPN3FkkNtMI5EAW3bNQYKBRRZ5 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-27_02,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org If a test group does not have expected key, it should not crash. This patch fixes parsing test group info to continue further when a key does not exist (as in asym tests). Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing") Signed-off-by: Gowrishankar Muthukrishnan Acked-by: Brian Dooley --- examples/fips_validation/fips_validation.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c index 6c9f5e42a4..06aeffe495 100644 --- a/examples/fips_validation/fips_validation.c +++ b/examples/fips_validation/fips_validation.c @@ -488,6 +488,9 @@ fips_test_parse_one_json_group(void) for (i = 0; info.interim_callbacks[i].key != NULL; i++) { param = json_object_get(json_info.json_test_group, info.interim_callbacks[i].key); + if (!param) + continue; + switch (json_typeof(param)) { case JSON_STRING: snprintf(json_value, 256, "%s", json_string_value(param)); From patchwork Tue Sep 27 07:26:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gowrishankar Muthukrishnan X-Patchwork-Id: 116939 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BEB90A00C2; Tue, 27 Sep 2022 09:26:33 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BCEEB427F3; Tue, 27 Sep 2022 09:26:27 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 7C6F742685 for ; Tue, 27 Sep 2022 09:26:25 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28R4ITdH031969; Tue, 27 Sep 2022 00:26:24 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=H9cBTgTV2+d2jsnAhjH8mjG3QcPxDI49+wmc6LHVvEY=; b=W4CLHufNCVYwyCbMfoRAteU7Z/qUVeKU1MjeJjSYXJv+/JmLm+ltbSKIH+JC5YYLVsLm +BS9hyi5tU4inc4oN65vqyWQLj4DNZzlDGxJEmmaahHwXKYtNKcZZmjM0soNcighnq3V GG8BPqZigTgGSC1/+1Hg/lAUEJTzN4mgbo7qmCp5sGlraAD+hAFEP3+ySEygk7I7YK15 ULHZsI/1SwrwnVsjI5vFAQX8YKTunq22y0wT09LiiLKutIIHcdV7QyKcLau4a0/S891D 83SB6qCHjvxsFSULXSfmCD3hpvq+CT0Bwclv8HM9RMmteL/yL1NsMb82eS+IgxZWjowU Fg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3jucsq36b6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 27 Sep 2022 00:26:24 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 27 Sep 2022 00:26:22 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 27 Sep 2022 00:26:22 -0700 Received: from localhost.localdomain (unknown [10.28.34.38]) by maili.marvell.com (Postfix) with ESMTP id 98BE35B695E; Tue, 27 Sep 2022 00:26:20 -0700 (PDT) From: Gowrishankar Muthukrishnan To: CC: Anoob Joseph , Fan Zhang , Brian Dooley , Akhil Goyal , , Gowrishankar Muthukrishnan Subject: [v2 2/7] examples/fips_validation: add interim parse writeback Date: Tue, 27 Sep 2022 12:56:07 +0530 Message-ID: <071dba01d7551cbab59f9d20cfb75fe6dec0541c.1664263264.git.gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-Proofpoint-GUID: o6yCEGnx5ibHvmwPbla2cxvd3f-AewM1 X-Proofpoint-ORIG-GUID: o6yCEGnx5ibHvmwPbla2cxvd3f-AewM1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-27_02,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Asym tests need a callback to write interim info in expected output. Signed-off-by: Gowrishankar Muthukrishnan Acked-by: Brian Dooley --- examples/fips_validation/fips_validation.c | 6 ++++++ examples/fips_validation/fips_validation.h | 1 + 2 files changed, 7 insertions(+) diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c index 06aeffe495..e755654cd0 100644 --- a/examples/fips_validation/fips_validation.c +++ b/examples/fips_validation/fips_validation.c @@ -512,6 +512,12 @@ fips_test_parse_one_json_group(void) if (ret < 0) return ret; } + + if (info.parse_interim_writeback) { + ret = info.parse_interim_writeback(NULL); + if (ret < 0) + return ret; + } } return 0; diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index f42040f460..a6288e17e5 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -228,6 +228,7 @@ struct fips_test_interim_info { const struct fips_test_callback *interim_callbacks; const struct fips_test_callback *writeback_callbacks; + post_prcess_t parse_interim_writeback; post_prcess_t parse_writeback; post_prcess_t kat_check; }; From patchwork Tue Sep 27 07:26:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gowrishankar Muthukrishnan X-Patchwork-Id: 116940 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 762E5A00C2; Tue, 27 Sep 2022 09:26:42 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 15B0242847; Tue, 27 Sep 2022 09:26:30 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 970824280D for ; Tue, 27 Sep 2022 09:26:28 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28R3hT9Z016181; Tue, 27 Sep 2022 00:26:27 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=lEdefXPG7yiXc3U1cIyWm4bKStpSxg73Xg9lebu2OqQ=; b=DEErzZKu+tWiPInff5hAs8NlcHp1rPDE3gu26mdWREFdIqGU9PEKX6ViekGuDhHGHFT8 Cwk5frk+ZRlh/s/BqqNwBhmX9r/3t5sKFnyrSLuQlarytw0YZIRcxUUWZ5asQ1mrqzzt QjJ2O1KYgWvf4Ueoa7z5cr3BQgOueowid1rwmzsUANLZo90ltYVVITa9YxnnCjxwOeyd mcZx+6W+NlI++Cd839nb1XlkekDIswDQ9Np12wDY4C6QuI71OEZDQAj6O7hOLInZopTa xxGzuix9x3ZtmZAIm0DucIJ0iRCCszMvTsNBCAkPv8ExbDPWvV/SRJ8drVl3bN9w3FlV GA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3jt1dp8wpq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 27 Sep 2022 00:26:27 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 27 Sep 2022 00:26:25 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 27 Sep 2022 00:26:25 -0700 Received: from localhost.localdomain (unknown [10.28.34.38]) by maili.marvell.com (Postfix) with ESMTP id 4802A3F707B; Tue, 27 Sep 2022 00:26:23 -0700 (PDT) From: Gowrishankar Muthukrishnan To: CC: Anoob Joseph , Fan Zhang , Brian Dooley , Akhil Goyal , , Gowrishankar Muthukrishnan Subject: [v2 3/7] examples/fips_validation: add function to calculate SHA hash size Date: Tue, 27 Sep 2022 12:56:08 +0530 Message-ID: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: VvMSQQPEXoz-4vLMH_S-6IXleUzIz8u6 X-Proofpoint-GUID: VvMSQQPEXoz-4vLMH_S-6IXleUzIz8u6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-27_02,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add function to calculate hash size for a given SHA hash algorithm. Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA") Signed-off-by: Gowrishankar Muthukrishnan Acked-by: Brian Dooley --- v2: - fixed include file --- examples/fips_validation/fips_validation.h | 1 + .../fips_validation/fips_validation_sha.c | 39 ++++++++++++------- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index a6288e17e5..6e5f2fce75 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -374,4 +374,5 @@ int prepare_gcm_xform(struct rte_crypto_sym_xform *xform); int prepare_gmac_xform(struct rte_crypto_sym_xform *xform); +int parse_test_sha_hash_size(enum rte_crypto_auth_algorithm algo); #endif diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c index 75b073c15d..cac2a25e6c 100644 --- a/examples/fips_validation/fips_validation_sha.c +++ b/examples/fips_validation/fips_validation_sha.c @@ -33,6 +33,22 @@ struct plain_hash_size_conversion { {"64", RTE_CRYPTO_AUTH_SHA512}, }; +int +parse_test_sha_hash_size(enum rte_crypto_auth_algorithm algo) +{ + int ret = -EINVAL; + uint8_t i; + + for (i = 0; i < RTE_DIM(phsc); i++) { + if (phsc[i].algo == algo) { + ret = atoi(phsc[i].str); + break; + } + } + + return ret; +} + static int parse_interim_algo(__rte_unused const char *key, char *text, @@ -212,6 +228,7 @@ parse_test_sha_json_algorithm(void) json_t *algorithm_object; const char *algorithm_str; uint32_t i; + int sz; algorithm_object = json_object_get(json_info.json_vector_set, "algorithm"); algorithm_str = json_string_value(algorithm_object); @@ -226,23 +243,15 @@ parse_test_sha_json_algorithm(void) if (i == RTE_DIM(json_algorithms)) return -1; - for (i = 0; i < RTE_DIM(phsc); i++) { - if (info.interim_info.sha_data.algo == phsc[i].algo) { - vec.cipher_auth.digest.len = atoi(phsc[i].str); - free(vec.cipher_auth.digest.val); - vec.cipher_auth.digest.val = calloc(1, vec.cipher_auth.digest.len); - if (vec.cipher_auth.digest.val == NULL) - return -1; - - break; - } - } + sz = parse_test_sha_hash_size(info.interim_info.sha_data.algo); + if (sz < 0) + return -1; - if (i == RTE_DIM(phsc)) { - free(vec.cipher_auth.digest.val); - vec.cipher_auth.digest.val = NULL; + free(vec.cipher_auth.digest.val); + vec.cipher_auth.digest.len = sz; + vec.cipher_auth.digest.val = calloc(1, sz); + if (vec.cipher_auth.digest.val == NULL) return -1; - } return 0; } From patchwork Tue Sep 27 07:26:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gowrishankar Muthukrishnan X-Patchwork-Id: 116941 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F25B7A00C2; Tue, 27 Sep 2022 09:26:48 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D3B40427EC; Tue, 27 Sep 2022 09:26:32 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id AE1DB42B6C for ; Tue, 27 Sep 2022 09:26:30 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28R4DOXG031831; Tue, 27 Sep 2022 00:26:29 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=4LEE7wzS5vbBmNVzIoIWhjNjTpOYwNFDVSSE6gJEU4g=; b=fBhr17UgAmJt27mvIIuQAmTjqJm/lyAcvO5zx6oinoiEDIOKiXMVCiFBtaSW0UFp7KgC Rsn6pI2M76qMGxjaUYYkir8QSg3xqx2Kii9s3Cft4GfD1LFCIJsfY9A11wqxPN96IvQT vy9I+PeR/EaIExUV/C1C4ppg7hCyhfY3EbyAc9SKPhVn6d3AOaAXYZBWkQrdvEwOSb3N HqfBVI3g1JKG6byUGQdLxsYau5/4e/s+ySzykn37HSSSZ0VM+BcWiNIoFu74oEaOcpcp uec6uboI2MrftvKcg6WjNXm0D7jRpKRB16mW91s9IpyNCl/srAO6IzQZ7PpnymOlvxb4 Gg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3jucsq36bn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 27 Sep 2022 00:26:29 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 27 Sep 2022 00:26:28 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 27 Sep 2022 00:26:28 -0700 Received: from localhost.localdomain (unknown [10.28.34.38]) by maili.marvell.com (Postfix) with ESMTP id E186D3F7098; Tue, 27 Sep 2022 00:26:25 -0700 (PDT) From: Gowrishankar Muthukrishnan To: CC: Anoob Joseph , Fan Zhang , Brian Dooley , Akhil Goyal , , Gowrishankar Muthukrishnan Subject: [v2 4/7] examples/fips_validation: fix buffer size to parse JSON string Date: Tue, 27 Sep 2022 12:56:09 +0530 Message-ID: <8500896f97e47a19106f792193d1b72b3468fc29.1664263264.git.gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-Proofpoint-GUID: lBQACfhVEhKKfjwGx7e7FEFenosEd-Yt X-Proofpoint-ORIG-GUID: lBQACfhVEhKKfjwGx7e7FEFenosEd-Yt X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-27_02,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org In asym op, while parsing test interim info, existing buffer of size 256 bytes is not sufficient, hence setting it to maximum that a test would need. Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing") Signed-off-by: Gowrishankar Muthukrishnan Acked-by: Brian Dooley --- examples/fips_validation/fips_validation.c | 7 ++++--- examples/fips_validation/fips_validation.h | 7 +++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c index e755654cd0..be0634c3ac 100644 --- a/examples/fips_validation/fips_validation.c +++ b/examples/fips_validation/fips_validation.c @@ -484,7 +484,7 @@ fips_test_parse_one_json_group(void) json_t *param; if (info.interim_callbacks) { - char json_value[256]; + char json_value[FIPS_TEST_JSON_BUF_LEN]; for (i = 0; info.interim_callbacks[i].key != NULL; i++) { param = json_object_get(json_info.json_test_group, info.interim_callbacks[i].key); @@ -493,11 +493,12 @@ fips_test_parse_one_json_group(void) switch (json_typeof(param)) { case JSON_STRING: - snprintf(json_value, 256, "%s", json_string_value(param)); + snprintf(json_value, sizeof(json_value), "%s", + json_string_value(param)); break; case JSON_INTEGER: - snprintf(json_value, 255, "%"JSON_INTEGER_FORMAT, + snprintf(json_value, sizeof(json_value), "%"JSON_INTEGER_FORMAT, json_integer_value(param)); break; diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index 6e5f2fce75..43e5ffe4b0 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -183,6 +183,13 @@ struct xts_interim_data { }; #ifdef USE_JANSSON +/* + * Maximum length of buffer to hold any json string. + * Esp, in asym op, modulo bits decide char buffer size. + * max = (modulo / 4) + */ +#define FIPS_TEST_JSON_BUF_LEN (4096 / 4) + struct fips_test_json_info { /* Information used for reading from json */ json_t *json_root; From patchwork Tue Sep 27 07:26:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gowrishankar Muthukrishnan X-Patchwork-Id: 116942 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6110EA00C2; Tue, 27 Sep 2022 09:26:55 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C5A6942B6C; Tue, 27 Sep 2022 09:26:35 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id EDA1842B6C for ; Tue, 27 Sep 2022 09:26:33 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28R4B79G016222; Tue, 27 Sep 2022 00:26:33 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=rf3865G7nFPh10PZG0Ttg1170OQxrO/lV7rN12Q6XjY=; b=D8+rs1/vzc+JAEALK3Zqra4Rzs4a74dRVeP3NJVxoFQ5mdoxfZkK5sP8TeLUmMCpLqgX hkAuDbWUcWiEyU6RmWlgJet05L5oOVfdqavx9HDSAfprMHf82Ve8Rqb4KAYxqh4Uo2Pr TwpfvhHhK1bWA2KqAF5XwaqqnMJNhv4SyhhYXkKERZjHSrO6NzBkUHp9xw2o4Yp9026X 7iB3hbe2SbU80lkBEdDjOZNZM8SNZlyvQ8Q0vhWx8UHIRWbOg973WGR3Zd44miPo0e32 RmNrqKfUb5MFer4jftLNkgAjxxAAu++EixkBZz0q5PwrW5FGoI5iDY6Mj8bKEUcoWjEi GA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3jt1dp8wpw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 27 Sep 2022 00:26:32 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 27 Sep 2022 00:26:30 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 27 Sep 2022 00:26:30 -0700 Received: from localhost.localdomain (unknown [10.28.34.38]) by maili.marvell.com (Postfix) with ESMTP id 88A173F7080; Tue, 27 Sep 2022 00:26:28 -0700 (PDT) From: Gowrishankar Muthukrishnan To: CC: Anoob Joseph , Fan Zhang , Brian Dooley , Akhil Goyal , , Gowrishankar Muthukrishnan Subject: [v2 5/7] examples/fips_validation: add asymmetric validation Date: Tue, 27 Sep 2022 12:56:10 +0530 Message-ID: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 3j9u8U0NWt5kwwL9Amqbd_62LrJ54F0h X-Proofpoint-GUID: 3j9u8U0NWt5kwwL9Amqbd_62LrJ54F0h X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-27_02,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add support for asymmetric crypto validation starting with RSA. For the generation of crypto values which is multiprecision in math, openssl library is used only for this purpose. Signed-off-by: Gowrishankar Muthukrishnan Acked-by: Brian Dooley --- v2: - improved handling priv key type. --- config/meson.build | 6 + doc/guides/sample_app_ug/fips_validation.rst | 1 + examples/fips_validation/fips_validation.c | 2 + examples/fips_validation/fips_validation.h | 47 +- .../fips_validation/fips_validation_gcm.c | 8 +- .../fips_validation/fips_validation_rsa.c | 520 ++++++++++++++++++ examples/fips_validation/main.c | 464 +++++++++++++--- examples/fips_validation/meson.build | 6 + 8 files changed, 962 insertions(+), 92 deletions(-) create mode 100644 examples/fips_validation/fips_validation_rsa.c diff --git a/config/meson.build b/config/meson.build index 7f7b6c92fd..ed21a8e470 100644 --- a/config/meson.build +++ b/config/meson.build @@ -226,6 +226,12 @@ if jansson_dep.found() dpdk_conf.set('RTE_HAS_JANSSON', 1) endif +# check for openssl +openssl_dep = dependency('openssl', required: false, method: 'pkg-config') +if openssl_dep.found() + dpdk_conf.set('RTE_HAS_OPENSSL', 1) +endif + # check for pcap pcap_dep = dependency('libpcap', required: false, method: 'pkg-config') pcap_lib = is_windows ? 'wpcap' : 'pcap' diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst index 33a8c97575..5e9ad2d006 100644 --- a/doc/guides/sample_app_ug/fips_validation.rst +++ b/doc/guides/sample_app_ug/fips_validation.rst @@ -66,6 +66,7 @@ ACVP * SHA (1, 256, 384, 512) - AFT, MCT * TDES-CBC - AFT, MCT * TDES-ECB - AFT, MCT + * RSA Application Information diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c index be0634c3ac..5d485a2bd5 100644 --- a/examples/fips_validation/fips_validation.c +++ b/examples/fips_validation/fips_validation.c @@ -471,6 +471,8 @@ fips_test_parse_one_json_vector_set(void) else if (strstr(algo_str, "TDES-CBC") || strstr(algo_str, "TDES-ECB")) info.algo = FIPS_TEST_ALGO_TDES; + else if (strstr(algo_str, "RSA")) + info.algo = FIPS_TEST_ALGO_RSA; else return -EINVAL; diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index 43e5ffe4b0..ed59322635 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -42,6 +42,7 @@ enum fips_test_algorithms { FIPS_TEST_ALGO_HMAC, FIPS_TEST_ALGO_TDES, FIPS_TEST_ALGO_SHA, + FIPS_TEST_ALGO_RSA, FIPS_TEST_ALGO_MAX }; @@ -55,6 +56,9 @@ enum file_types { enum fips_test_op { FIPS_TEST_ENC_AUTH_GEN = 1, FIPS_TEST_DEC_AUTH_VERIF, + FIPS_TEST_ASYM_KEYGEN, + FIPS_TEST_ASYM_SIGGEN, + FIPS_TEST_ASYM_SIGVER }; #define MAX_LINE_PER_VECTOR 16 @@ -78,11 +82,22 @@ struct fips_test_vector { struct fips_val aad; } aead; }; + struct { + struct fips_val seed; + struct fips_val signature; + struct fips_val e; + struct fips_val n; + struct fips_val d; + struct fips_val p; + struct fips_val q; + struct fips_val dp; + struct fips_val dq; + struct fips_val qinv; + } rsa; struct fips_val pt; struct fips_val ct; struct fips_val iv; - enum rte_crypto_op_status status; }; @@ -138,6 +153,12 @@ enum fips_sha_test_types { SHA_MCT }; +enum fips_rsa_test_types { + RSA_AFT = 0, + RSA_GDT, + RSA_KAT +}; + struct aesavs_interim_data { enum fips_aesavs_test_types test_type; uint32_t cipher_algo; @@ -164,8 +185,9 @@ struct ccm_interim_data { }; struct sha_interim_data { - enum fips_sha_test_types test_type; + /* keep algo always on top as it is also used in asym digest */ enum rte_crypto_auth_algorithm algo; + enum fips_sha_test_types test_type; }; struct gcm_interim_data { @@ -182,6 +204,14 @@ struct xts_interim_data { enum xts_tweak_modes tweak_mode; }; +struct rsa_interim_data { + enum rte_crypto_auth_algorithm auth; + uint16_t modulo; + uint16_t saltlen; + enum rte_crypto_rsa_padding_type padding; + enum rte_crypto_rsa_priv_key_type privkey; +}; + #ifdef USE_JANSSON /* * Maximum length of buffer to hold any json string. @@ -227,6 +257,7 @@ struct fips_test_interim_info { struct sha_interim_data sha_data; struct gcm_interim_data gcm_data; struct xts_interim_data xts_data; + struct rsa_interim_data rsa_data; } interim_info; enum fips_test_op op; @@ -302,6 +333,9 @@ parse_test_sha_json_test_type(void); int parse_test_tdes_json_init(void); + +int +parse_test_rsa_json_init(void); #endif /* USE_JANSSON */ int @@ -363,11 +397,14 @@ update_info_vec(uint32_t count); typedef int (*fips_test_one_case_t)(void); typedef int (*fips_prepare_op_t)(void); -typedef int (*fips_prepare_xform_t)(struct rte_crypto_sym_xform *); +typedef int (*fips_prepare_sym_xform_t)(struct rte_crypto_sym_xform *); +typedef int (*fips_prepare_asym_xform_t)(struct rte_crypto_asym_xform *); struct fips_test_ops { - fips_prepare_xform_t prepare_xform; - fips_prepare_op_t prepare_op; + fips_prepare_sym_xform_t prepare_sym_xform; + fips_prepare_asym_xform_t prepare_asym_xform; + fips_prepare_op_t prepare_sym_op; + fips_prepare_op_t prepare_asym_op; fips_test_one_case_t test; }; diff --git a/examples/fips_validation/fips_validation_gcm.c b/examples/fips_validation/fips_validation_gcm.c index 6b3d158629..e76c38ffc8 100644 --- a/examples/fips_validation/fips_validation_gcm.c +++ b/examples/fips_validation/fips_validation_gcm.c @@ -80,12 +80,12 @@ parser_read_gcm_pt_len(const char *key, char *src, if (vec.pt.len == 0) { info.interim_info.gcm_data.is_gmac = 1; - test_ops.prepare_op = prepare_auth_op; - test_ops.prepare_xform = prepare_gmac_xform; + test_ops.prepare_sym_op = prepare_auth_op; + test_ops.prepare_sym_xform = prepare_gmac_xform; } else { info.interim_info.gcm_data.is_gmac = 0; - test_ops.prepare_op = prepare_aead_op; - test_ops.prepare_xform = prepare_gcm_xform; + test_ops.prepare_sym_op = prepare_aead_op; + test_ops.prepare_sym_xform = prepare_gcm_xform; } return ret; diff --git a/examples/fips_validation/fips_validation_rsa.c b/examples/fips_validation/fips_validation_rsa.c new file mode 100644 index 0000000000..d3699f54d0 --- /dev/null +++ b/examples/fips_validation/fips_validation_rsa.c @@ -0,0 +1,520 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#include +#include +#include +#include +#include +#include + +#ifdef USE_OPENSSL +#include +#include +#endif /* USE_OPENSSL */ + +#include +#include + +#include "fips_validation.h" + +#define TESTTYPE_JSON_STR "testType" +#define SIGTYPE_JSON_STR "sigType" +#define MOD_JSON_STR "modulo" +#define HASH_JSON_STR "hashAlg" +#define SALT_JSON_STR "saltLen" +#define E_JSON_STR "e" +#define N_JSON_STR "n" + +#define SEED_JSON_STR "seed" +#define MSG_JSON_STR "message" +#define SIG_JSON_STR "signature" + +#ifdef USE_JANSSON +struct { + uint8_t type; + const char *desc; +} rsa_test_types[] = { + {RSA_AFT, "AFT"}, + {RSA_GDT, "GDT"}, + {RSA_KAT, "KAT"}, +}; + +struct { + enum rte_crypto_auth_algorithm auth; + const char *desc; +} rsa_auth_algs[] = { + {RTE_CRYPTO_AUTH_SHA1, "SHA-1"}, + {RTE_CRYPTO_AUTH_SHA224, "SHA2-224"}, + {RTE_CRYPTO_AUTH_SHA256, "SHA2-256"}, + {RTE_CRYPTO_AUTH_SHA384, "SHA2-384"}, + {RTE_CRYPTO_AUTH_SHA512, "SHA2-512"}, +}; + +struct { + enum rte_crypto_rsa_padding_type padding; + const char *desc; +} rsa_padding_types[] = { + {RTE_CRYPTO_RSA_PADDING_NONE, "none"}, + {RTE_CRYPTO_RSA_PADDING_PKCS1_5, "pkcs1v1.5"}, + {RTE_CRYPTO_RSA_PADDING_OAEP, "oaep"}, + {RTE_CRYPTO_RSA_PADDING_PSS, "pss"}, +}; + +#ifdef USE_OPENSSL +static int +prepare_vec_rsa(void) +{ + BIGNUM *p = NULL, *q = NULL, *n = NULL, *d = NULL, *e = NULL; + BIGNUM *dp = NULL, *dq = NULL, *qinv = NULL; + BIGNUM *r0, *r1, *r2, *r3, *r4; + BIGNUM *m = NULL, *r = NULL; + int bits, ret = -1, i; + char modbuf[8], *buf; + BN_CTX *ctx = NULL; + unsigned long pid; + + /* Seed PRNG */ + if (vec.rsa.seed.val) { + writeback_hex_str("", info.one_line_text, &vec.rsa.seed); + RAND_seed((char *)info.one_line_text, strlen(info.one_line_text)); + } else { + pid = getpid(); + RAND_seed(&pid, sizeof(pid)); + } + + if (!RAND_status()) + return -1; + + /* Check if e is known already */ + if (vec.rsa.e.val) { + writeback_hex_str("", info.one_line_text, &vec.rsa.e); + ret = BN_hex2bn(&e, info.one_line_text); + if ((uint32_t)ret != strlen(info.one_line_text)) + goto err; + } + + /* BN context initialization */ + ctx = BN_CTX_new(); + if (!ctx) + goto err; + + BN_CTX_start(ctx); + r0 = BN_CTX_get(ctx); + r1 = BN_CTX_get(ctx); + r2 = BN_CTX_get(ctx); + r3 = BN_CTX_get(ctx); + r4 = BN_CTX_get(ctx); + if (!r4) + goto err; + + /* Calculate bit length for prime numbers */ + m = BN_new(); + if (!m) + goto err; + + snprintf(modbuf, sizeof(modbuf), "%d", info.interim_info.rsa_data.modulo); + if (!BN_dec2bn(&m, modbuf)) + goto err; + + r = BN_new(); + if (!r) + goto err; + + if (!BN_rshift1(r, m)) + goto err; + + buf = BN_bn2dec(r); + bits = atoi(buf); + + p = BN_new(); + if (!p) + goto err; + + q = BN_new(); + if (!q) + goto err; + + n = BN_new(); + if (!n) + goto err; + + d = BN_new(); + if (!d) + goto err; + + /* Generate p and q suitably for RSA */ + for (i = 0; i < 10; i++) { + uint8_t j = 0; + + if (!BN_generate_prime_ex(p, bits, 0, NULL, NULL, NULL)) + goto err; + + do { + RAND_add(&j, sizeof(j), 1); + if (!BN_generate_prime_ex(q, bits, 0, NULL, NULL, NULL)) + goto err; + + } while ((BN_cmp(p, q) == 0) && (j++ < 100)); + + if (j >= 100) { + RTE_LOG(ERR, USER1, "Error: insufficient %d retries to generate q", j); + goto err; + } + + /* pq */ + if (!BN_mul(n, p, q, ctx)) + goto err; + + /* p-1 */ + if (!BN_sub(r1, p, BN_value_one())) + goto err; + + /* q-1 */ + if (!BN_sub(r2, q, BN_value_one())) + goto err; + + /* (p-1 * q-1) */ + if (!BN_mul(r0, r1, r2, ctx)) + goto err; + + /* gcd(p-1, q-1)*/ + if (!BN_gcd(r3, r1, r2, ctx)) + goto err; + + /* lcm(p-1, q-1) */ + if (!BN_div(r4, r, r0, r3, ctx)) + goto err; + + /* check if div and rem are non-zero */ + if (!r4 || !r) + goto err; + + /* 0 < e < lcm */ + if (!e) { + int k = 0; + + e = BN_new(); + do { + RAND_add(&k, sizeof(k), 1); + if (!BN_rand(e, 32, 1, 1)) + goto err; + + if (!BN_gcd(r3, e, r4, ctx)) + goto err; + + if (BN_is_one(r3)) + break; + } while (k++ < 10); + + if (k >= 10) { + RTE_LOG(ERR, USER1, "Error: insufficient %d retries to generate e", + k); + goto err; + } + } + + /* (de) mod lcm == 1 */ + if (!BN_mod_inverse(d, e, r4, ctx)) + goto err; + + if (!BN_gcd(r3, r1, e, ctx)) + goto err; + + if (!BN_gcd(r4, r2, e, ctx)) + goto err; + + /* check if gcd(p-1, e) and gcd(q-1, e) are 1 */ + if (BN_is_one(r3) && BN_is_one(r4)) + break; + } + + if (i >= 10) { + RTE_LOG(ERR, USER1, "Error: insufficient %d retries to generate p and q", i); + goto err; + } + + /* d mod (p-1) */ + dp = BN_new(); + if (!dp) + goto err; + + if (!BN_mod(dp, d, r1, ctx)) + goto err; + + /* d mod (q-1) */ + dq = BN_new(); + if (!dq) + goto err; + + if (!BN_mod(dq, d, r2, ctx)) + goto err; + + /* modinv of q and p */ + qinv = BN_new(); + if (!qinv) + goto err; + + if (!BN_mod_inverse(qinv, q, p, ctx)) + goto err; + + parse_uint8_hex_str("", BN_bn2hex(e), &vec.rsa.e); + parse_uint8_hex_str("", BN_bn2hex(p), &vec.rsa.p); + parse_uint8_hex_str("", BN_bn2hex(q), &vec.rsa.q); + parse_uint8_hex_str("", BN_bn2hex(n), &vec.rsa.n); + parse_uint8_hex_str("", BN_bn2hex(d), &vec.rsa.d); + parse_uint8_hex_str("", BN_bn2hex(dp), &vec.rsa.dp); + parse_uint8_hex_str("", BN_bn2hex(dq), &vec.rsa.dq); + parse_uint8_hex_str("", BN_bn2hex(qinv), &vec.rsa.qinv); + + ret = 0; +err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + BN_free(m); + BN_free(r); + BN_free(p); + BN_free(q); + BN_free(n); + BN_free(d); + BN_free(e); + return ret; +} +#else +static int +prepare_vec_rsa(void) +{ + /* + * Generate RSA values. + */ + return -ENOTSUP; +} +#endif /* USE_OPENSSL */ + +static int +parse_test_rsa_json_interim_writeback(struct fips_val *val) +{ + RTE_SET_USED(val); + + if (info.op == FIPS_TEST_ASYM_SIGGEN) { + json_t *obj; + + /* For siggen tests, RSA values can be created soon after + * the test group data are parsed. + */ + if (vec.rsa.e.val) { + rte_free(vec.rsa.e.val); + vec.rsa.e.val = NULL; + } + + if (prepare_vec_rsa() < 0) + return -1; + + writeback_hex_str("", info.one_line_text, &vec.rsa.n); + obj = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_group, "n", obj); + + writeback_hex_str("", info.one_line_text, &vec.rsa.e); + obj = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_group, "e", obj); + } + + return 0; +} + +static int +parse_test_rsa_json_writeback(struct fips_val *val) +{ + json_t *tcId; + + RTE_SET_USED(val); + + tcId = json_object_get(json_info.json_test_case, "tcId"); + + json_info.json_write_case = json_object(); + json_object_set(json_info.json_write_case, "tcId", tcId); + + if (info.op == FIPS_TEST_ASYM_KEYGEN) { + json_t *obj; + + writeback_hex_str("", info.one_line_text, &vec.rsa.seed); + obj = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_case, "seed", obj); + + writeback_hex_str("", info.one_line_text, &vec.rsa.n); + obj = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_case, "n", obj); + + writeback_hex_str("", info.one_line_text, &vec.rsa.e); + obj = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_case, "e", obj); + + writeback_hex_str("", info.one_line_text, &vec.rsa.p); + obj = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_case, "p", obj); + + writeback_hex_str("", info.one_line_text, &vec.rsa.q); + obj = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_case, "q", obj); + + writeback_hex_str("", info.one_line_text, &vec.rsa.d); + obj = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_case, "d", obj); + } else if (info.op == FIPS_TEST_ASYM_SIGGEN) { + json_t *obj; + + writeback_hex_str("", info.one_line_text, &vec.rsa.signature); + obj = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_case, "signature", obj); + } else if (info.op == FIPS_TEST_ASYM_SIGVER) { + if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) + json_object_set_new(json_info.json_write_case, "testPassed", json_true()); + else + json_object_set_new(json_info.json_write_case, "testPassed", json_false()); + } + + return 0; +} + +static int +parse_interim_str(const char *key, char *src, struct fips_val *val) +{ + uint32_t i; + + RTE_SET_USED(val); + + if (strcmp(key, SIGTYPE_JSON_STR) == 0) { + for (i = 0; i < RTE_DIM(rsa_padding_types); i++) + if (strstr(src, rsa_padding_types[i].desc)) { + info.interim_info.rsa_data.padding = rsa_padding_types[i].padding; + break; + } + + if (i >= RTE_DIM(rsa_padding_types)) + return -EINVAL; + + } else if (strcmp(key, MOD_JSON_STR) == 0) { + info.interim_info.rsa_data.modulo = atoi(src); + } else if (strcmp(key, HASH_JSON_STR) == 0) { + for (i = 0; i < RTE_DIM(rsa_auth_algs); i++) + if (strstr(src, rsa_auth_algs[i].desc)) { + info.interim_info.rsa_data.auth = rsa_auth_algs[i].auth; + break; + } + + if (i >= RTE_DIM(rsa_auth_algs)) + return -EINVAL; + + } else if (strcmp(key, SALT_JSON_STR) == 0) { + info.interim_info.rsa_data.saltlen = atoi(src); + } else if (strcmp(key, TESTTYPE_JSON_STR) == 0) { + for (i = 0; i < RTE_DIM(rsa_test_types); i++) + if (strstr(src, rsa_test_types[i].desc)) { + info.parse_writeback = parse_test_rsa_json_writeback; + break; + } + + if (!info.parse_writeback || i >= RTE_DIM(rsa_test_types)) + return -EINVAL; + + } else { + return -EINVAL; + } + + return 0; +} + +static int +parse_keygen_e_str(const char *key, char *src, struct fips_val *val) +{ + parse_uint8_hex_str(key, src, val); + + /* For keygen tests, key "e" can be the end of input data + * to generate RSA values. + */ + return prepare_vec_rsa(); +} + +struct fips_test_callback rsa_keygen_interim_json_vectors[] = { + {MOD_JSON_STR, parse_interim_str, NULL}, + {HASH_JSON_STR, parse_interim_str, NULL}, + {TESTTYPE_JSON_STR, parse_interim_str, NULL}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +struct fips_test_callback rsa_siggen_interim_json_vectors[] = { + {SIGTYPE_JSON_STR, parse_interim_str, NULL}, + {MOD_JSON_STR, parse_interim_str, NULL}, + {HASH_JSON_STR, parse_interim_str, NULL}, + {SALT_JSON_STR, parse_interim_str, NULL}, + {TESTTYPE_JSON_STR, parse_interim_str, NULL}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +struct fips_test_callback rsa_sigver_interim_json_vectors[] = { + {SIGTYPE_JSON_STR, parse_interim_str, NULL}, + {MOD_JSON_STR, parse_interim_str, NULL}, + {HASH_JSON_STR, parse_interim_str, NULL}, + {SALT_JSON_STR, parse_interim_str, NULL}, + {N_JSON_STR, parse_uint8_hex_str, &vec.rsa.n}, + {E_JSON_STR, parse_uint8_hex_str, &vec.rsa.e}, + {TESTTYPE_JSON_STR, parse_interim_str, NULL}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +struct fips_test_callback rsa_keygen_json_vectors[] = { + {SEED_JSON_STR, parse_uint8_hex_str, &vec.rsa.seed}, + {E_JSON_STR, parse_keygen_e_str, &vec.rsa.e}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +struct fips_test_callback rsa_siggen_json_vectors[] = { + {MSG_JSON_STR, parse_uint8_hex_str, &vec.pt}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +struct fips_test_callback rsa_sigver_json_vectors[] = { + {MSG_JSON_STR, parse_uint8_hex_str, &vec.pt}, + {SIG_JSON_STR, parse_uint8_hex_str, &vec.rsa.signature}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +int +parse_test_rsa_json_init(void) +{ + json_t *keyfmt_obj = json_object_get(json_info.json_vector_set, "keyFormat"); + json_t *mode_obj = json_object_get(json_info.json_vector_set, "mode"); + const char *keyfmt_str = json_string_value(keyfmt_obj); + const char *mode_str = json_string_value(mode_obj); + + info.callbacks = NULL; + info.parse_writeback = NULL; + info.interim_callbacks = NULL; + info.parse_interim_writeback = NULL; + + if (strcmp(mode_str, "keyGen") == 0) { + info.op = FIPS_TEST_ASYM_KEYGEN; + info.callbacks = rsa_keygen_json_vectors; + info.interim_callbacks = rsa_keygen_interim_json_vectors; + } else if (strcmp(mode_str, "sigGen") == 0) { + info.op = FIPS_TEST_ASYM_SIGGEN; + info.callbacks = rsa_siggen_json_vectors; + info.interim_callbacks = rsa_siggen_interim_json_vectors; + info.parse_interim_writeback = parse_test_rsa_json_interim_writeback; + } else if (strcmp(mode_str, "sigVer") == 0) { + info.op = FIPS_TEST_ASYM_SIGVER; + info.callbacks = rsa_sigver_json_vectors; + info.interim_callbacks = rsa_sigver_interim_json_vectors; + } else { + return -EINVAL; + } + + info.interim_info.rsa_data.privkey = RTE_RSA_KEY_TYPE_QT; + if (keyfmt_str != NULL && strcmp(keyfmt_str, "standard") == 0) + info.interim_info.rsa_data.privkey = RTE_RSA_KEY_TYPE_EXP; + + return 0; +} +#endif /* USE_JANSSON */ + diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index 8babbb3298..ed86c10350 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -36,6 +36,8 @@ enum { OPT_CRYPTODEV_BK_DIR_KEY_NUM, #define OPT_USE_JSON "use-json" OPT_USE_JSON_NUM, +#define OPT_CRYPTODEV_ASYM "asymmetric" + OPT_CRYPTODEV_ASYM_NUM, }; struct fips_test_vector vec; @@ -50,27 +52,133 @@ struct cryptodev_fips_validate_env { const char *rsp_path; uint32_t is_path_folder; uint8_t dev_id; - uint8_t dev_support_sgl; - uint16_t mbuf_data_room; struct rte_mempool *mpool; - struct rte_mempool *sess_mpool; struct rte_mempool *sess_priv_mpool; - struct rte_mempool *op_pool; + struct fips_sym_env { + struct rte_mempool *sess_mpool; + struct rte_mempool *op_pool; + struct rte_cryptodev_sym_session *sess; + struct rte_crypto_op *op; + } sym; + struct fips_asym_env { + struct rte_mempool *sess_mpool; + struct rte_mempool *op_pool; + struct rte_cryptodev_asym_session *sess; + struct rte_crypto_op *op; + } asym; + struct rte_crypto_op *op; + uint8_t dev_support_sgl; + uint16_t mbuf_data_room; struct rte_mbuf *mbuf; uint8_t *digest; uint16_t digest_len; - struct rte_crypto_op *op; - struct rte_cryptodev_sym_session *sess; + bool is_asym_test; uint16_t self_test; struct fips_dev_broken_test_config *broken_test_config; } env; static int -cryptodev_fips_validate_app_int(void) +cryptodev_fips_validate_app_sym_init(void) +{ + struct rte_cryptodev_info dev_info; + struct fips_sym_env *sym = &env.sym; + int ret; + + rte_cryptodev_info_get(env.dev_id, &dev_info); + if (dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL) + env.dev_support_sgl = 1; + else + env.dev_support_sgl = 0; + + ret = -ENOMEM; + sym->sess_mpool = rte_cryptodev_sym_session_pool_create( + "FIPS_SYM_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id()); + if (!sym->sess_mpool) + goto error_exit; + + sym->op_pool = rte_crypto_op_pool_create( + "FIPS_OP_SYM_POOL", + RTE_CRYPTO_OP_TYPE_SYMMETRIC, + 1, 0, + 16, + rte_socket_id()); + if (!sym->op_pool) + goto error_exit; + + sym->op = rte_crypto_op_alloc(sym->op_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC); + if (!sym->op) + goto error_exit; + + return 0; + +error_exit: + rte_mempool_free(sym->sess_mpool); + rte_mempool_free(sym->op_pool); + return ret; +} + +static void +cryptodev_fips_validate_app_sym_uninit(void) +{ + struct fips_sym_env *sym = &env.sym; + + rte_pktmbuf_free(env.mbuf); + rte_crypto_op_free(sym->op); + rte_cryptodev_sym_session_clear(env.dev_id, sym->sess); + rte_cryptodev_sym_session_free(sym->sess); + rte_mempool_free(sym->sess_mpool); + rte_mempool_free(sym->op_pool); +} + +static int +cryptodev_fips_validate_app_asym_init(void) +{ + struct fips_asym_env *asym = &env.asym; + int ret; + + ret = -ENOMEM; + asym->sess_mpool = rte_cryptodev_asym_session_pool_create( + "FIPS_ASYM_SESS_MEMPOOL", 16, 0, 0, rte_socket_id()); + if (!asym->sess_mpool) + goto error_exit; + + asym->op_pool = rte_crypto_op_pool_create( + "FIPS_OP_ASYM_POOL", + RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + 1, 0, + 16, + rte_socket_id()); + if (!asym->op_pool) + goto error_exit; + + asym->op = rte_crypto_op_alloc(asym->op_pool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); + if (!asym->op) + goto error_exit; + + return 0; + +error_exit: + rte_mempool_free(asym->sess_mpool); + rte_mempool_free(asym->op_pool); + return ret; +} + +static void +cryptodev_fips_validate_app_asym_uninit(void) +{ + struct fips_asym_env *asym = &env.asym; + + rte_crypto_op_free(asym->op); + rte_cryptodev_asym_session_free(env.dev_id, asym->sess); + rte_mempool_free(asym->sess_mpool); + rte_mempool_free(asym->op_pool); +} + +static int +cryptodev_fips_validate_app_init(void) { struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0}; struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL}; - struct rte_cryptodev_info dev_info; uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size( env.dev_id); uint32_t nb_mbufs = UINT16_MAX / env.mbuf_data_room + 1; @@ -89,50 +197,30 @@ cryptodev_fips_validate_app_int(void) if (ret < 0) return ret; - rte_cryptodev_info_get(env.dev_id, &dev_info); - if (dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL) - env.dev_support_sgl = 1; - else - env.dev_support_sgl = 0; - + ret = -ENOMEM; env.mpool = rte_pktmbuf_pool_create("FIPS_MEMPOOL", nb_mbufs, 0, 0, sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM + env.mbuf_data_room, rte_socket_id()); if (!env.mpool) return ret; - ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf, - rte_socket_id()); - if (ret < 0) - return ret; - - ret = -ENOMEM; - - env.sess_mpool = rte_cryptodev_sym_session_pool_create( - "FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id()); - if (!env.sess_mpool) - goto error_exit; - env.sess_priv_mpool = rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL", 16, sess_sz, 0, 0, NULL, NULL, NULL, NULL, rte_socket_id(), 0); if (!env.sess_priv_mpool) goto error_exit; - env.op_pool = rte_crypto_op_pool_create( - "FIPS_OP_POOL", - RTE_CRYPTO_OP_TYPE_SYMMETRIC, - 1, 0, - 16, - rte_socket_id()); - if (!env.op_pool) + ret = cryptodev_fips_validate_app_sym_init(); + if (ret < 0) goto error_exit; - env.op = rte_crypto_op_alloc(env.op_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC); - if (!env.op) - goto error_exit; + if (env.is_asym_test) { + ret = cryptodev_fips_validate_app_asym_init(); + if (ret < 0) + goto error_exit; + } - qp_conf.mp_session = env.sess_mpool; + qp_conf.mp_session = env.sym.sess_mpool; qp_conf.mp_session_private = env.sess_priv_mpool; ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf, @@ -147,26 +235,21 @@ cryptodev_fips_validate_app_int(void) return 0; error_exit: - rte_mempool_free(env.mpool); - rte_mempool_free(env.sess_mpool); rte_mempool_free(env.sess_priv_mpool); - rte_mempool_free(env.op_pool); - return ret; } static void cryptodev_fips_validate_app_uninit(void) { - rte_pktmbuf_free(env.mbuf); - rte_crypto_op_free(env.op); - rte_cryptodev_sym_session_clear(env.dev_id, env.sess); - rte_cryptodev_sym_session_free(env.sess); + cryptodev_fips_validate_app_sym_uninit(); + + if (env.is_asym_test) + cryptodev_fips_validate_app_asym_uninit(); + rte_mempool_free(env.mpool); - rte_mempool_free(env.sess_mpool); rte_mempool_free(env.sess_priv_mpool); - rte_mempool_free(env.op_pool); } static int @@ -262,6 +345,8 @@ cryptodev_fips_validate_parse_args(int argc, char **argv) NULL, OPT_CRYPTODEV_BK_ID_NUM}, {OPT_CRYPTODEV_BK_DIR_KEY, required_argument, NULL, OPT_CRYPTODEV_BK_DIR_KEY_NUM}, + {OPT_CRYPTODEV_ASYM, no_argument, + NULL, OPT_CRYPTODEV_ASYM_NUM}, {NULL, 0, 0, 0} }; @@ -374,6 +459,10 @@ cryptodev_fips_validate_parse_args(int argc, char **argv) } break; + case OPT_CRYPTODEV_ASYM_NUM: + env.is_asym_test = true; + break; + default: cryptodev_fips_validate_usage(prgname); return -EINVAL; @@ -414,7 +503,7 @@ main(int argc, char *argv[]) if (ret < 0) rte_exit(EXIT_FAILURE, "Failed to parse arguments!\n"); - ret = cryptodev_fips_validate_app_int(); + ret = cryptodev_fips_validate_app_init(); if (ret < 0) { RTE_LOG(ERR, USER1, "Error %i: Failed init\n", ret); return -1; @@ -653,7 +742,7 @@ prepare_cipher_op(void) sym->cipher.data.length = vec.ct.len; } - rte_crypto_op_attach_sym_session(env.op, env.sess); + rte_crypto_op_attach_sym_session(env.op, env.sym.sess); sym->m_src = env.mbuf; sym->cipher.data.offset = 0; @@ -701,7 +790,7 @@ prepare_auth_op(void) memcpy(env.digest, vec.cipher_auth.digest.val, vec.cipher_auth.digest.len); - rte_crypto_op_attach_sym_session(env.op, env.sess); + rte_crypto_op_attach_sym_session(env.op, env.sym.sess); return 0; } @@ -757,7 +846,55 @@ prepare_aead_op(void) sym->aead.aad.data = vec.aead.aad.val; sym->aead.aad.phys_addr = rte_malloc_virt2iova(sym->aead.aad.data); - rte_crypto_op_attach_sym_session(env.op, env.sess); + rte_crypto_op_attach_sym_session(env.op, env.sym.sess); + + return 0; +} + +static int +prepare_rsa_op(void) +{ + struct rte_crypto_asym_op *asym; + struct fips_val msg; + + __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); + + asym = env.op->asym; + asym->rsa.padding.type = info.interim_info.rsa_data.padding; + asym->rsa.padding.hash = info.interim_info.rsa_data.auth; + + if (env.digest) { + msg.val = env.digest; + msg.len = env.digest_len; + } else { + msg.val = vec.pt.val; + msg.len = vec.pt.len; + } + + if (info.op == FIPS_TEST_ASYM_SIGGEN) { + asym->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN; + asym->rsa.message.data = msg.val; + asym->rsa.message.length = msg.len; + + if (vec.rsa.signature.val) + rte_free(vec.rsa.signature.val); + + vec.rsa.signature.val = rte_zmalloc(NULL, vec.rsa.n.len, 0); + vec.rsa.signature.len = vec.rsa.n.len; + asym->rsa.sign.data = vec.rsa.signature.val; + asym->rsa.sign.length = 0; + } else if (info.op == FIPS_TEST_ASYM_SIGVER) { + asym->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY; + asym->rsa.message.data = msg.val; + asym->rsa.message.length = msg.len; + asym->rsa.sign.data = vec.rsa.signature.val; + asym->rsa.sign.length = vec.rsa.signature.len; + } else { + RTE_LOG(ERR, USER1, "Invalid op %d\n", info.op); + return -EINVAL; + } + + rte_crypto_op_attach_asym_session(env.op, env.asym.sess); return 0; } @@ -1145,6 +1282,87 @@ prepare_xts_xform(struct rte_crypto_sym_xform *xform) return 0; } +static int +prepare_rsa_xform(struct rte_crypto_asym_xform *xform) +{ + const struct rte_cryptodev_asymmetric_xform_capability *cap; + struct rte_cryptodev_asym_capability_idx cap_idx; + struct rte_cryptodev_info dev_info; + + xform->xform_type = RTE_CRYPTO_ASYM_XFORM_RSA; + xform->next = NULL; + + cap_idx.type = xform->xform_type; + cap = rte_cryptodev_asym_capability_get(env.dev_id, &cap_idx); + if (!cap) { + RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n", + env.dev_id); + return -EINVAL; + } + + switch (info.op) { + case FIPS_TEST_ASYM_SIGGEN: + if (!rte_cryptodev_asym_xform_capability_check_optype(cap, + RTE_CRYPTO_ASYM_OP_SIGN)) { + RTE_LOG(ERR, USER1, "PMD %s xform_op %u\n", + info.device_name, RTE_CRYPTO_ASYM_OP_SIGN); + return -EPERM; + } + break; + case FIPS_TEST_ASYM_SIGVER: + if (!rte_cryptodev_asym_xform_capability_check_optype(cap, + RTE_CRYPTO_ASYM_OP_VERIFY)) { + RTE_LOG(ERR, USER1, "PMD %s xform_op %u\n", + info.device_name, RTE_CRYPTO_ASYM_OP_VERIFY); + return -EPERM; + } + break; + case FIPS_TEST_ASYM_KEYGEN: + break; + default: + break; + } + + rte_cryptodev_info_get(env.dev_id, &dev_info); + xform->rsa.key_type = info.interim_info.rsa_data.privkey; + switch (xform->rsa.key_type) { + case RTE_RSA_KEY_TYPE_QT: + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT)) { + RTE_LOG(ERR, USER1, "PMD %s does not support QT key type\n", + info.device_name); + return -EPERM; + } + xform->rsa.qt.p.data = vec.rsa.p.val; + xform->rsa.qt.p.length = vec.rsa.p.len; + xform->rsa.qt.q.data = vec.rsa.q.val; + xform->rsa.qt.q.length = vec.rsa.q.len; + xform->rsa.qt.dP.data = vec.rsa.dp.val; + xform->rsa.qt.dP.length = vec.rsa.dp.len; + xform->rsa.qt.dQ.data = vec.rsa.dq.val; + xform->rsa.qt.dQ.length = vec.rsa.dq.len; + xform->rsa.qt.qInv.data = vec.rsa.qinv.val; + xform->rsa.qt.qInv.length = vec.rsa.qinv.len; + break; + case RTE_RSA_KEY_TYPE_EXP: + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP)) { + RTE_LOG(ERR, USER1, "PMD %s does not support EXP key type\n", + info.device_name); + return -EPERM; + } + xform->rsa.d.data = vec.rsa.d.val; + xform->rsa.d.length = vec.rsa.d.len; + break; + default: + break; + } + + xform->rsa.e.data = vec.rsa.e.val; + xform->rsa.e.length = vec.rsa.e.len; + xform->rsa.n.data = vec.rsa.n.val; + xform->rsa.n.length = vec.rsa.n.len; + return 0; +} + static int get_writeback_data(struct fips_val *val) { @@ -1191,29 +1409,29 @@ get_writeback_data(struct fips_val *val) } static int -fips_run_test(void) +fips_run_sym_test(void) { struct rte_crypto_sym_xform xform = {0}; uint16_t n_deqd; int ret; - ret = test_ops.prepare_xform(&xform); + ret = test_ops.prepare_sym_xform(&xform); if (ret < 0) return ret; - env.sess = rte_cryptodev_sym_session_create(env.sess_mpool); - if (!env.sess) + env.sym.sess = rte_cryptodev_sym_session_create(env.sym.sess_mpool); + if (!env.sym.sess) return -ENOMEM; ret = rte_cryptodev_sym_session_init(env.dev_id, - env.sess, &xform, env.sess_priv_mpool); + env.sym.sess, &xform, env.sess_priv_mpool); if (ret < 0) { RTE_LOG(ERR, USER1, "Error %i: Init session\n", ret); goto exit; } - ret = test_ops.prepare_op(); + ret = test_ops.prepare_sym_op(); if (ret < 0) { RTE_LOG(ERR, USER1, "Error %i: Prepare op\n", ret); @@ -1229,20 +1447,90 @@ fips_run_test(void) do { struct rte_crypto_op *deqd_op; - n_deqd = rte_cryptodev_dequeue_burst(env.dev_id, 0, &deqd_op, - 1); + n_deqd = rte_cryptodev_dequeue_burst(env.dev_id, 0, &deqd_op, 1); } while (n_deqd == 0); vec.status = env.op->status; exit: - rte_cryptodev_sym_session_clear(env.dev_id, env.sess); - rte_cryptodev_sym_session_free(env.sess); - env.sess = NULL; + rte_cryptodev_sym_session_clear(env.dev_id, env.sym.sess); + rte_cryptodev_sym_session_free(env.sym.sess); + env.sym.sess = NULL; return ret; } +static int +fips_run_asym_test(void) +{ + struct rte_crypto_asym_xform xform = {0}; + struct rte_crypto_asym_op *asym; + struct rte_crypto_op *deqd_op; + int ret; + + if (info.op == FIPS_TEST_ASYM_KEYGEN) { + RTE_SET_USED(asym); + ret = 0; + goto exit; + } + + asym = env.op->asym; + ret = test_ops.prepare_asym_xform(&xform); + if (ret < 0) + return ret; + + ret = rte_cryptodev_asym_session_create(env.dev_id, &xform, env.asym.sess_mpool, + (void *)&env.asym.sess); + if (ret < 0) + return ret; + + ret = test_ops.prepare_asym_op(); + if (ret < 0) { + RTE_LOG(ERR, USER1, "Error %i: Prepare op\n", ret); + goto exit; + } + + if (rte_cryptodev_enqueue_burst(env.dev_id, 0, &env.op, 1) < 1) { + RTE_LOG(ERR, USER1, "Error: Failed enqueue\n"); + ret = -1; + goto exit; + } + + while (rte_cryptodev_dequeue_burst(env.dev_id, 0, &deqd_op, 1) == 0) + rte_pause(); + + vec.status = env.op->status; + + exit: + if (env.asym.sess) + rte_cryptodev_asym_session_free(env.dev_id, env.asym.sess); + + env.asym.sess = NULL; + return ret; +} + +static int +fips_run_test(void) +{ + int ret; + + env.op = env.sym.op; + if (env.is_asym_test) { + vec.cipher_auth.digest.len = parse_test_sha_hash_size( + info.interim_info.rsa_data.auth); + test_ops.prepare_sym_xform = prepare_sha_xform; + test_ops.prepare_sym_op = prepare_auth_op; + ret = fips_run_sym_test(); + if (ret < 0) + return ret; + } else { + return fips_run_sym_test(); + } + + env.op = env.asym.op; + return fips_run_asym_test(); +} + static int fips_generic_test(void) { @@ -1265,9 +1553,11 @@ fips_generic_test(void) return ret; } - ret = get_writeback_data(&val); - if (ret < 0) - return ret; + if (!env.is_asym_test) { + ret = get_writeback_data(&val); + if (ret < 0) + return ret; + } switch (info.file_type) { case FIPS_TYPE_REQ: @@ -1814,60 +2104,65 @@ init_test_ops(void) switch (info.algo) { case FIPS_TEST_ALGO_AES_CBC: case FIPS_TEST_ALGO_AES: - test_ops.prepare_op = prepare_cipher_op; - test_ops.prepare_xform = prepare_aes_xform; + test_ops.prepare_sym_op = prepare_cipher_op; + test_ops.prepare_sym_xform = prepare_aes_xform; if (info.interim_info.aes_data.test_type == AESAVS_TYPE_MCT) test_ops.test = fips_mct_aes_test; else test_ops.test = fips_generic_test; break; case FIPS_TEST_ALGO_HMAC: - test_ops.prepare_op = prepare_auth_op; - test_ops.prepare_xform = prepare_hmac_xform; + test_ops.prepare_sym_op = prepare_auth_op; + test_ops.prepare_sym_xform = prepare_hmac_xform; test_ops.test = fips_generic_test; break; case FIPS_TEST_ALGO_TDES: - test_ops.prepare_op = prepare_cipher_op; - test_ops.prepare_xform = prepare_tdes_xform; + test_ops.prepare_sym_op = prepare_cipher_op; + test_ops.prepare_sym_xform = prepare_tdes_xform; if (info.interim_info.tdes_data.test_type == TDES_MCT) test_ops.test = fips_mct_tdes_test; else test_ops.test = fips_generic_test; break; case FIPS_TEST_ALGO_AES_GCM: - test_ops.prepare_op = prepare_aead_op; - test_ops.prepare_xform = prepare_gcm_xform; + test_ops.prepare_sym_op = prepare_aead_op; + test_ops.prepare_sym_xform = prepare_gcm_xform; test_ops.test = fips_generic_test; break; case FIPS_TEST_ALGO_AES_CMAC: - test_ops.prepare_op = prepare_auth_op; - test_ops.prepare_xform = prepare_cmac_xform; + test_ops.prepare_sym_op = prepare_auth_op; + test_ops.prepare_sym_xform = prepare_cmac_xform; test_ops.test = fips_generic_test; break; case FIPS_TEST_ALGO_AES_CCM: - test_ops.prepare_op = prepare_aead_op; - test_ops.prepare_xform = prepare_ccm_xform; + test_ops.prepare_sym_op = prepare_aead_op; + test_ops.prepare_sym_xform = prepare_ccm_xform; test_ops.test = fips_generic_test; break; case FIPS_TEST_ALGO_SHA: - test_ops.prepare_op = prepare_auth_op; - test_ops.prepare_xform = prepare_sha_xform; + test_ops.prepare_sym_op = prepare_auth_op; + test_ops.prepare_sym_xform = prepare_sha_xform; if (info.interim_info.sha_data.test_type == SHA_MCT) test_ops.test = fips_mct_sha_test; else test_ops.test = fips_generic_test; break; case FIPS_TEST_ALGO_AES_XTS: - test_ops.prepare_op = prepare_cipher_op; - test_ops.prepare_xform = prepare_xts_xform; + test_ops.prepare_sym_op = prepare_cipher_op; + test_ops.prepare_sym_xform = prepare_xts_xform; + test_ops.test = fips_generic_test; + break; + case FIPS_TEST_ALGO_RSA: + test_ops.prepare_asym_op = prepare_rsa_op; + test_ops.prepare_asym_xform = prepare_rsa_xform; test_ops.test = fips_generic_test; break; default: if (strstr(info.file_name, "TECB") || strstr(info.file_name, "TCBC")) { info.algo = FIPS_TEST_ALGO_TDES; - test_ops.prepare_op = prepare_cipher_op; - test_ops.prepare_xform = prepare_tdes_xform; + test_ops.prepare_sym_op = prepare_cipher_op; + test_ops.prepare_sym_xform = prepare_tdes_xform; if (info.interim_info.tdes_data.test_type == TDES_MCT) test_ops.test = fips_mct_tdes_test; else @@ -2033,6 +2328,9 @@ fips_test_one_test_group(void) case FIPS_TEST_ALGO_TDES: ret = parse_test_tdes_json_init(); break; + case FIPS_TEST_ALGO_RSA: + ret = parse_test_rsa_json_init(); + break; default: return -EINVAL; } diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build index 8bca26a095..d310093189 100644 --- a/examples/fips_validation/meson.build +++ b/examples/fips_validation/meson.build @@ -18,6 +18,7 @@ sources = files( 'fips_validation_ccm.c', 'fips_validation_sha.c', 'fips_validation_xts.c', + 'fips_validation_rsa.c', 'fips_dev_self_test.c', 'main.c', ) @@ -26,3 +27,8 @@ if dpdk_conf.has('RTE_HAS_JANSSON') ext_deps += jansson_dep cflags += '-DUSE_JANSSON' endif + +if dpdk_conf.has('RTE_HAS_OPENSSL') + ext_deps += openssl_dep + cflags += '-DUSE_OPENSSL' +endif From patchwork Tue Sep 27 07:26:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gowrishankar Muthukrishnan X-Patchwork-Id: 116943 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4A120A00C2; Tue, 27 Sep 2022 09:27:05 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0141D42B77; Tue, 27 Sep 2022 09:26:38 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E0B7A42B70 for ; Tue, 27 Sep 2022 09:26:35 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28R4V91l032060; Tue, 27 Sep 2022 00:26:35 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=K+I9Bp0ctYZy3WIvQpuK2YO8mVV4TkuK8DiHKZY0oks=; b=YvHdm95ZUsKImWhj5Pl4uHMxsJqcsMvlMORAWLOpvtEryTYNXXV05zfjVlldzFBkojas GjjiduYWaXKDEEgnTPNMXUWtSmh7ff/0sSA/+/q2Ovl4LHXmr0OD50ALkos8ljgk7MEy PN2wxL81mJy61+mSmNMMIjj8zLxoN/4qMQfuZHir0Kg8O4Ozgvm6x+qLGe1Srz6SezJV Pu6Q5UQmAr465xY2xm/cM5DzbJdZHcsgLoRY7EBRPNA9nqHD+shwFur1RVjgXuEdvJaH Re6pbXRwwpEezYPZCEqAXURqAVBSlzGuI8gXvmPIO1j8dIC1S/yqxltlH51JXXtINQxy yQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3jucsq36c4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 27 Sep 2022 00:26:34 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 27 Sep 2022 00:26:33 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 27 Sep 2022 00:26:33 -0700 Received: from localhost.localdomain (unknown [10.28.34.38]) by maili.marvell.com (Postfix) with ESMTP id 2F6E05B695F; Tue, 27 Sep 2022 00:26:30 -0700 (PDT) From: Gowrishankar Muthukrishnan To: CC: Anoob Joseph , Fan Zhang , Brian Dooley , Akhil Goyal , , Gowrishankar Muthukrishnan Subject: [v2 6/7] examples/fips_validation: encode digest with hash OID Date: Tue, 27 Sep 2022 12:56:11 +0530 Message-ID: <70002880b18a7bda81c315ca542220e76f43b96b.1664263264.git.gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-Proofpoint-GUID: L_FGXOtcahwIyez2twRaTSACMJuAt2k3 X-Proofpoint-ORIG-GUID: L_FGXOtcahwIyez2twRaTSACMJuAt2k3 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-27_02,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org FIPS RSA validation requires hash ddigest be encoded with ASN.1 value for digest info. Signed-off-by: Gowrishankar Muthukrishnan --- examples/fips_validation/main.c | 78 +++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index ed86c10350..cfa01eae20 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -851,6 +851,63 @@ prepare_aead_op(void) return 0; } +static int +get_hash_oid(enum rte_crypto_auth_algorithm hash, uint8_t *buf) +{ + uint8_t id_sha512[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, + 0x40}; + uint8_t id_sha384[] = {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, + 0x30}; + uint8_t id_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, + 0x20}; + uint8_t id_sha224[] = {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, + 0x1c}; + uint8_t id_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, + 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, + 0x00, 0x04, 0x14}; + uint8_t *id = NULL; + int id_len = 0; + + switch (hash) { + case RTE_CRYPTO_AUTH_SHA1: + id = id_sha1; + id_len = sizeof(id_sha1); + break; + case RTE_CRYPTO_AUTH_SHA224: + id = id_sha224; + id_len = sizeof(id_sha224); + break; + case RTE_CRYPTO_AUTH_SHA256: + id = id_sha256; + id_len = sizeof(id_sha256); + break; + case RTE_CRYPTO_AUTH_SHA384: + id = id_sha384; + id_len = sizeof(id_sha384); + break; + case RTE_CRYPTO_AUTH_SHA512: + id = id_sha512; + id_len = sizeof(id_sha512); + break; + default: + id_len = -1; + break; + } + + if (id != NULL) + rte_memcpy(buf, id, id_len); + + return id_len; +} + static int prepare_rsa_op(void) { @@ -864,6 +921,27 @@ prepare_rsa_op(void) asym->rsa.padding.hash = info.interim_info.rsa_data.auth; if (env.digest) { + if (asym->rsa.padding.type == RTE_CRYPTO_RSA_PADDING_PKCS1_5) { + int b_len = 0; + uint8_t b[32]; + + b_len = get_hash_oid(asym->rsa.padding.hash, b); + if (b_len < 0) { + RTE_LOG(ERR, USER1, "Failed to get digest info for hash %d\n", + asym->rsa.padding.hash); + return -EINVAL; + } + + if (b_len) { + msg.len = env.digest_len + b_len; + msg.val = rte_zmalloc(NULL, msg.len, 0); + rte_memcpy(msg.val, b, b_len); + rte_memcpy(msg.val + b_len, env.digest, env.digest_len); + rte_free(env.digest); + env.digest = msg.val; + env.digest_len = msg.len; + } + } msg.val = env.digest; msg.len = env.digest_len; } else { From patchwork Tue Sep 27 07:26:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gowrishankar Muthukrishnan X-Patchwork-Id: 116944 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EFE34A00C2; Tue, 27 Sep 2022 09:27:10 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CA90542836; Tue, 27 Sep 2022 09:26:40 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id BA62642B7B for ; Tue, 27 Sep 2022 09:26:38 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28R491WY031941; Tue, 27 Sep 2022 00:26:37 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Pr1YwH7I9dQXLQXwm9sUwXJxJRoOSSz7qK3yQD/c+/4=; b=ko29K+jLq2OpW55/LZhX5jHm4yPSaCgjPGWTVPP1inB0ivSxYNGsHIm3LvjFbXM/gUcP YhbXXfafdxxxPnnK58NzV4rsQUGd/vZ2cOGp2CdeoW3/03k6Y/Is7UwzrOuxNNSoD4II RWqa7jSA7UKJziMCKSve2ygJ81b8f/LqphzBt/88jA48EcljZs/pyLa+6Wv833IrSsU/ bERN+TOVg2GSuiquKUaOQjRSTsemN09PrMmjS8jPUqq5ms+JBWE5H9Ej243xhJ7Ul6rZ LmVkEqjUR63DPZaKcpWRJHMv1WoSckLwvZvCLxb0s8UF2Z5sw9KHcT6LIFJ1vYPsxUYe FQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3jucsq36c8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 27 Sep 2022 00:26:37 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 27 Sep 2022 00:26:36 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 27 Sep 2022 00:26:35 -0700 Received: from localhost.localdomain (unknown [10.28.34.38]) by maili.marvell.com (Postfix) with ESMTP id C99D45E6863; Tue, 27 Sep 2022 00:26:33 -0700 (PDT) From: Gowrishankar Muthukrishnan To: CC: Anoob Joseph , Fan Zhang , Brian Dooley , Akhil Goyal , , Gowrishankar Muthukrishnan Subject: [v2 7/7] examples/fips_validation: randomize message for conformance test Date: Tue, 27 Sep 2022 12:56:12 +0530 Message-ID: <90201b8b1bfe6b156838152c4544c76d123c60d0.1664263264.git.gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-Proofpoint-GUID: 8X6i2Zmu6FCtA6yl2cVGhuTwVGSOybin X-Proofpoint-ORIG-GUID: 8X6i2Zmu6FCtA6yl2cVGhuTwVGSOybin X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-27_02,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org FIPS conformance tests require randomizing message based on SP 800-106. Signed-off-by: Gowrishankar Muthukrishnan --- examples/fips_validation/fips_validation.h | 4 + .../fips_validation/fips_validation_rsa.c | 112 +++++++++++++++++- 2 files changed, 115 insertions(+), 1 deletion(-) diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index ed59322635..7cbbc1f084 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -210,6 +210,7 @@ struct rsa_interim_data { uint16_t saltlen; enum rte_crypto_rsa_padding_type padding; enum rte_crypto_rsa_priv_key_type privkey; + uint8_t random_msg; }; #ifdef USE_JANSSON @@ -336,6 +337,9 @@ parse_test_tdes_json_init(void); int parse_test_rsa_json_init(void); + +int +fips_test_randomize_message(struct fips_val *msg, struct fips_val *rand); #endif /* USE_JANSSON */ int diff --git a/examples/fips_validation/fips_validation_rsa.c b/examples/fips_validation/fips_validation_rsa.c index d3699f54d0..22c0faf3cb 100644 --- a/examples/fips_validation/fips_validation_rsa.c +++ b/examples/fips_validation/fips_validation_rsa.c @@ -19,11 +19,13 @@ #include "fips_validation.h" +#define CONFORMANCE_JSON_STR "conformance" #define TESTTYPE_JSON_STR "testType" #define SIGTYPE_JSON_STR "sigType" #define MOD_JSON_STR "modulo" #define HASH_JSON_STR "hashAlg" #define SALT_JSON_STR "saltLen" +#define RV_JSON_STR "randomValue" #define E_JSON_STR "e" #define N_JSON_STR "n" @@ -31,6 +33,10 @@ #define MSG_JSON_STR "message" #define SIG_JSON_STR "signature" + +#define RV_BUF_LEN (1024/8) +#define RV_BIT_LEN (256) + #ifdef USE_JANSSON struct { uint8_t type; @@ -259,6 +265,13 @@ prepare_vec_rsa(void) if (!BN_mod_inverse(qinv, q, p, ctx)) goto err; + if (info.interim_info.rsa_data.random_msg) { + if (!BN_generate_prime_ex(r, RV_BIT_LEN, 0, NULL, NULL, NULL)) + goto err; + + parse_uint8_hex_str("", BN_bn2hex(r), &vec.rsa.seed); + } + parse_uint8_hex_str("", BN_bn2hex(e), &vec.rsa.e); parse_uint8_hex_str("", BN_bn2hex(p), &vec.rsa.p); parse_uint8_hex_str("", BN_bn2hex(q), &vec.rsa.q); @@ -297,6 +310,11 @@ parse_test_rsa_json_interim_writeback(struct fips_val *val) { RTE_SET_USED(val); + if (info.interim_info.rsa_data.random_msg) { + json_object_set_new(json_info.json_write_group, "conformance", + json_string("SP800-106")); + } + if (info.op == FIPS_TEST_ASYM_SIGGEN) { json_t *obj; @@ -367,6 +385,14 @@ parse_test_rsa_json_writeback(struct fips_val *val) writeback_hex_str("", info.one_line_text, &vec.rsa.signature); obj = json_string(info.one_line_text); json_object_set_new(json_info.json_write_case, "signature", obj); + + if (info.interim_info.rsa_data.random_msg) { + writeback_hex_str("", info.one_line_text, &vec.rsa.seed); + obj = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_case, "randomValue", obj); + json_object_set_new(json_info.json_write_case, "randomValueLen", + json_integer(vec.rsa.seed.len * 8)); + } } else if (info.op == FIPS_TEST_ASYM_SIGVER) { if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) json_object_set_new(json_info.json_write_case, "testPassed", json_true()); @@ -406,6 +432,8 @@ parse_interim_str(const char *key, char *src, struct fips_val *val) if (i >= RTE_DIM(rsa_auth_algs)) return -EINVAL; + } else if (strcmp(key, CONFORMANCE_JSON_STR) == 0) { + info.interim_info.rsa_data.random_msg = 1; } else if (strcmp(key, SALT_JSON_STR) == 0) { info.interim_info.rsa_data.saltlen = atoi(src); } else if (strcmp(key, TESTTYPE_JSON_STR) == 0) { @@ -436,6 +464,83 @@ parse_keygen_e_str(const char *key, char *src, struct fips_val *val) return prepare_vec_rsa(); } +/* + * Message randomization function as per NIST SP 800-106. + */ +int +fips_test_randomize_message(struct fips_val *msg, struct fips_val *rand) +{ + uint8_t m[FIPS_TEST_JSON_BUF_LEN], rv[RV_BUF_LEN]; + uint32_t m_bitlen, rv_bitlen, count, remain, i, j; + uint16_t rv_len; + + if (!msg->val || !rand->val || rand->len > RV_BUF_LEN + || msg->len > FIPS_TEST_JSON_BUF_LEN) + return -EINVAL; + + memset(rv, 0, sizeof(rv)); + memcpy(rv, rand->val, rand->len); + rv_bitlen = rand->len * 8; + rv_len = rand->len; + + memset(m, 0, sizeof(m)); + memcpy(m, msg->val, msg->len); + m_bitlen = msg->len * 8; + + if (m_bitlen >= (rv_bitlen - 1)) { + m[msg->len] = 0x80; + m_bitlen += 8; + } else { + m[msg->len] = 0x80; + m_bitlen += (rv_bitlen - m_bitlen - 8); + } + + count = m_bitlen / rv_bitlen; + remain = m_bitlen % rv_bitlen; + for (i = 0; i < count * rv_len; i++) + m[i] ^= rv[i % rv_len]; + + for (j = 0; j < remain / 8; j++) + m[i + j] ^= rv[j]; + + m[i + j] = ((uint8_t *)&rv_bitlen)[0]; + m[i + j + 1] = (((uint8_t *)&rv_bitlen)[1] >> 8) & 0xFF; + + rte_free(msg->val); + msg->len = (rv_bitlen + m_bitlen + 16) / 8; + msg->val = rte_zmalloc(NULL, msg->len, 0); + if (!msg->val) + return -EPERM; + + memcpy(msg->val, rv, rv_len); + memcpy(&msg->val[rv_len], m, (m_bitlen + 16) / 8); + return 0; +} + +static int +parse_siggen_message_str(const char *key, char *src, struct fips_val *val) +{ + int ret = 0; + + parse_uint8_hex_str(key, src, val); + if (info.interim_info.rsa_data.random_msg) + ret = fips_test_randomize_message(val, &vec.rsa.seed); + + return ret; +} + +static int +parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val *val) +{ + int ret = 0; + + parse_uint8_hex_str(key, src, val); + if (info.interim_info.rsa_data.random_msg) + ret = fips_test_randomize_message(&vec.pt, val); + + return ret; +} + struct fips_test_callback rsa_keygen_interim_json_vectors[] = { {MOD_JSON_STR, parse_interim_str, NULL}, {HASH_JSON_STR, parse_interim_str, NULL}, @@ -447,6 +552,7 @@ struct fips_test_callback rsa_siggen_interim_json_vectors[] = { {SIGTYPE_JSON_STR, parse_interim_str, NULL}, {MOD_JSON_STR, parse_interim_str, NULL}, {HASH_JSON_STR, parse_interim_str, NULL}, + {CONFORMANCE_JSON_STR, parse_interim_str, NULL}, {SALT_JSON_STR, parse_interim_str, NULL}, {TESTTYPE_JSON_STR, parse_interim_str, NULL}, {NULL, NULL, NULL} /**< end pointer */ @@ -456,6 +562,7 @@ struct fips_test_callback rsa_sigver_interim_json_vectors[] = { {SIGTYPE_JSON_STR, parse_interim_str, NULL}, {MOD_JSON_STR, parse_interim_str, NULL}, {HASH_JSON_STR, parse_interim_str, NULL}, + {CONFORMANCE_JSON_STR, parse_interim_str, NULL}, {SALT_JSON_STR, parse_interim_str, NULL}, {N_JSON_STR, parse_uint8_hex_str, &vec.rsa.n}, {E_JSON_STR, parse_uint8_hex_str, &vec.rsa.e}, @@ -470,13 +577,14 @@ struct fips_test_callback rsa_keygen_json_vectors[] = { }; struct fips_test_callback rsa_siggen_json_vectors[] = { - {MSG_JSON_STR, parse_uint8_hex_str, &vec.pt}, + {MSG_JSON_STR, parse_siggen_message_str, &vec.pt}, {NULL, NULL, NULL} /**< end pointer */ }; struct fips_test_callback rsa_sigver_json_vectors[] = { {MSG_JSON_STR, parse_uint8_hex_str, &vec.pt}, {SIG_JSON_STR, parse_uint8_hex_str, &vec.rsa.signature}, + {RV_JSON_STR, parse_sigver_randomvalue_str, &vec.rsa.seed}, {NULL, NULL, NULL} /**< end pointer */ }; @@ -492,6 +600,7 @@ parse_test_rsa_json_init(void) info.parse_writeback = NULL; info.interim_callbacks = NULL; info.parse_interim_writeback = NULL; + info.interim_info.rsa_data.random_msg = 0; if (strcmp(mode_str, "keyGen") == 0) { info.op = FIPS_TEST_ASYM_KEYGEN; @@ -506,6 +615,7 @@ parse_test_rsa_json_init(void) info.op = FIPS_TEST_ASYM_SIGVER; info.callbacks = rsa_sigver_json_vectors; info.interim_callbacks = rsa_sigver_interim_json_vectors; + info.parse_interim_writeback = parse_test_rsa_json_interim_writeback; } else { return -EINVAL; }