1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
9 #include <rte_cryptodev.h>
10 #include <rte_malloc.h>
11 #include <rte_mempool.h>
13 #include <rte_string_fns.h>
15 #include "fips_validation.h"
16 #include "fips_dev_self_test.h"
19 #define OPT_REQ_FILE_PATH "req-file"
20 OPT_REQ_FILE_PATH_NUM = 256,
21 #define OPT_RSP_FILE_PATH "rsp-file"
22 OPT_RSP_FILE_PATH_NUM,
23 #define OPT_MBUF_DATAROOM "mbuf-dataroom"
24 OPT_MBUF_DATAROOM_NUM,
25 #define OPT_FOLDER "path-is-folder"
27 #define OPT_CRYPTODEV "cryptodev"
29 #define OPT_CRYPTODEV_ID "cryptodev-id"
31 #define OPT_CRYPTODEV_ST "self-test"
33 #define OPT_CRYPTODEV_BK_ID "broken-test-id"
34 OPT_CRYPTODEV_BK_ID_NUM,
35 #define OPT_CRYPTODEV_BK_DIR_KEY "broken-test-dir"
36 OPT_CRYPTODEV_BK_DIR_KEY_NUM,
37 #define OPT_USE_JSON "use-json"
41 struct fips_test_vector vec;
42 struct fips_test_interim_info info;
45 struct fips_test_json_info json_info;
46 #endif /* USE_JANSSON */
48 struct cryptodev_fips_validate_env {
51 uint32_t is_path_folder;
53 uint8_t dev_support_sgl;
54 uint16_t mbuf_data_room;
55 struct rte_mempool *mpool;
56 struct rte_mempool *sess_mpool;
57 struct rte_mempool *sess_priv_mpool;
58 struct rte_mempool *op_pool;
59 struct rte_mbuf *mbuf;
62 struct rte_crypto_op *op;
63 struct rte_cryptodev_sym_session *sess;
65 struct fips_dev_broken_test_config *broken_test_config;
69 cryptodev_fips_validate_app_int(void)
71 struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
72 struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
73 struct rte_cryptodev_info dev_info;
74 uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
76 uint32_t nb_mbufs = UINT16_MAX / env.mbuf_data_room + 1;
80 ret = fips_dev_self_test(env.dev_id, env.broken_test_config);
82 rte_cryptodev_close(env.dev_id);
88 ret = rte_cryptodev_configure(env.dev_id, &conf);
92 rte_cryptodev_info_get(env.dev_id, &dev_info);
93 if (dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)
94 env.dev_support_sgl = 1;
96 env.dev_support_sgl = 0;
98 env.mpool = rte_pktmbuf_pool_create("FIPS_MEMPOOL", nb_mbufs,
99 0, 0, sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM +
100 env.mbuf_data_room, rte_socket_id());
104 ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
111 env.sess_mpool = rte_cryptodev_sym_session_pool_create(
112 "FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
116 env.sess_priv_mpool = rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
117 16, sess_sz, 0, 0, NULL, NULL, NULL,
118 NULL, rte_socket_id(), 0);
119 if (!env.sess_priv_mpool)
122 env.op_pool = rte_crypto_op_pool_create(
124 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
131 env.op = rte_crypto_op_alloc(env.op_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
135 qp_conf.mp_session = env.sess_mpool;
136 qp_conf.mp_session_private = env.sess_priv_mpool;
138 ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
143 ret = rte_cryptodev_start(env.dev_id);
151 rte_mempool_free(env.mpool);
152 rte_mempool_free(env.sess_mpool);
153 rte_mempool_free(env.sess_priv_mpool);
154 rte_mempool_free(env.op_pool);
160 cryptodev_fips_validate_app_uninit(void)
162 rte_pktmbuf_free(env.mbuf);
163 rte_crypto_op_free(env.op);
164 rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
165 rte_cryptodev_sym_session_free(env.sess);
166 rte_mempool_free(env.mpool);
167 rte_mempool_free(env.sess_mpool);
168 rte_mempool_free(env.sess_priv_mpool);
169 rte_mempool_free(env.op_pool);
173 fips_test_one_file(void);
177 fips_test_one_json_file(void);
178 #endif /* USE_JANSSON */
181 parse_cryptodev_arg(char *arg)
183 int id = rte_cryptodev_get_dev_id(arg);
186 RTE_LOG(ERR, USER1, "Error %i: invalid cryptodev name %s\n",
191 env.dev_id = (uint8_t)id;
197 parse_cryptodev_id_arg(char *arg)
199 uint32_t cryptodev_id;
201 if (parser_read_uint32(&cryptodev_id, arg) < 0) {
202 RTE_LOG(ERR, USER1, "Error %i: invalid cryptodev id %s\n",
208 if (!rte_cryptodev_is_valid_dev(cryptodev_id)) {
209 RTE_LOG(ERR, USER1, "Error %i: invalid cryptodev id %s\n",
214 env.dev_id = (uint8_t)cryptodev_id;
220 cryptodev_fips_validate_usage(const char *prgname)
222 uint32_t def_mbuf_seg_size = DEF_MBUF_SEG_SIZE;
223 printf("%s [EAL options] --\n"
224 " --%s: REQUEST-FILE-PATH\n"
225 " --%s: RESPONSE-FILE-PATH\n"
226 " --%s: indicating both paths are folders\n"
227 " --%s: mbuf dataroom size (default %u bytes)\n"
228 " --%s: CRYPTODEV-NAME\n"
229 " --%s: CRYPTODEV-ID-NAME\n"
230 " --%s: self test indicator\n"
231 " --%s: self broken test ID\n"
232 " --%s: self broken test direction\n",
233 prgname, OPT_REQ_FILE_PATH, OPT_RSP_FILE_PATH,
234 OPT_FOLDER, OPT_MBUF_DATAROOM, def_mbuf_seg_size,
235 OPT_CRYPTODEV, OPT_CRYPTODEV_ID, OPT_CRYPTODEV_ST,
236 OPT_CRYPTODEV_BK_ID, OPT_CRYPTODEV_BK_DIR_KEY);
240 cryptodev_fips_validate_parse_args(int argc, char **argv)
243 char *prgname = argv[0];
246 struct option lgopts[] = {
247 {OPT_REQ_FILE_PATH, required_argument,
248 NULL, OPT_REQ_FILE_PATH_NUM},
249 {OPT_RSP_FILE_PATH, required_argument,
250 NULL, OPT_RSP_FILE_PATH_NUM},
251 {OPT_FOLDER, no_argument,
252 NULL, OPT_FOLDER_NUM},
253 {OPT_MBUF_DATAROOM, required_argument,
254 NULL, OPT_MBUF_DATAROOM_NUM},
255 {OPT_CRYPTODEV, required_argument,
256 NULL, OPT_CRYPTODEV_NUM},
257 {OPT_CRYPTODEV_ID, required_argument,
258 NULL, OPT_CRYPTODEV_ID_NUM},
259 {OPT_CRYPTODEV_ST, no_argument,
260 NULL, OPT_CRYPTODEV_ST_NUM},
261 {OPT_CRYPTODEV_BK_ID, required_argument,
262 NULL, OPT_CRYPTODEV_BK_ID_NUM},
263 {OPT_CRYPTODEV_BK_DIR_KEY, required_argument,
264 NULL, OPT_CRYPTODEV_BK_DIR_KEY_NUM},
270 env.mbuf_data_room = DEF_MBUF_SEG_SIZE;
271 if (rte_cryptodev_count())
274 cryptodev_fips_validate_usage(prgname);
278 while ((opt = getopt_long(argc, argvopt, "s:",
279 lgopts, &option_index)) != EOF) {
282 case OPT_REQ_FILE_PATH_NUM:
283 env.req_path = optarg;
286 case OPT_RSP_FILE_PATH_NUM:
287 env.rsp_path = optarg;
291 env.is_path_folder = 1;
294 case OPT_CRYPTODEV_NUM:
295 ret = parse_cryptodev_arg(optarg);
297 cryptodev_fips_validate_usage(prgname);
302 case OPT_CRYPTODEV_ID_NUM:
303 ret = parse_cryptodev_id_arg(optarg);
305 cryptodev_fips_validate_usage(prgname);
310 case OPT_CRYPTODEV_ST_NUM:
314 case OPT_CRYPTODEV_BK_ID_NUM:
315 if (!env.broken_test_config) {
316 env.broken_test_config = rte_malloc(
318 sizeof(*env.broken_test_config),
320 if (!env.broken_test_config)
323 env.broken_test_config->expect_fail_dir =
324 self_test_dir_enc_auth_gen;
327 if (parser_read_uint32(
328 &env.broken_test_config->expect_fail_test_idx,
330 rte_free(env.broken_test_config);
331 cryptodev_fips_validate_usage(prgname);
336 case OPT_CRYPTODEV_BK_DIR_KEY_NUM:
337 if (!env.broken_test_config) {
338 env.broken_test_config = rte_malloc(
340 sizeof(*env.broken_test_config),
342 if (!env.broken_test_config)
345 env.broken_test_config->expect_fail_test_idx =
349 if (strcmp(optarg, "enc") == 0)
350 env.broken_test_config->expect_fail_dir =
351 self_test_dir_enc_auth_gen;
352 else if (strcmp(optarg, "dec")
354 env.broken_test_config->expect_fail_dir =
355 self_test_dir_dec_auth_verify;
357 rte_free(env.broken_test_config);
358 cryptodev_fips_validate_usage(prgname);
364 case OPT_MBUF_DATAROOM_NUM:
365 if (parser_read_uint16(&env.mbuf_data_room,
367 cryptodev_fips_validate_usage(prgname);
371 if (env.mbuf_data_room == 0) {
372 cryptodev_fips_validate_usage(prgname);
378 cryptodev_fips_validate_usage(prgname);
383 if ((env.req_path == NULL && env.rsp_path != NULL) ||
384 (env.req_path != NULL && env.rsp_path == NULL)) {
385 RTE_LOG(ERR, USER1, "Missing req path or rsp path\n");
386 cryptodev_fips_validate_usage(prgname);
390 if (env.req_path == NULL && env.self_test == 0) {
391 RTE_LOG(ERR, USER1, "--self-test must be set if req path is missing\n");
392 cryptodev_fips_validate_usage(prgname);
400 main(int argc, char *argv[])
404 ret = rte_eal_init(argc, argv);
406 RTE_LOG(ERR, USER1, "Error %i: Failed init\n", ret);
413 ret = cryptodev_fips_validate_parse_args(argc, argv);
415 rte_exit(EXIT_FAILURE, "Failed to parse arguments!\n");
417 ret = cryptodev_fips_validate_app_int();
419 RTE_LOG(ERR, USER1, "Error %i: Failed init\n", ret);
423 if (env.req_path == NULL || env.rsp_path == NULL) {
424 printf("No request, exit.\n");
428 if (!env.is_path_folder) {
429 printf("Processing file %s... ", env.req_path);
431 ret = fips_test_init(env.req_path, env.rsp_path,
432 rte_cryptodev_name_get(env.dev_id));
434 RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
440 if (info.file_type == FIPS_TYPE_JSON) {
441 ret = fips_test_one_json_file();
442 json_decref(json_info.json_root);
444 ret = fips_test_one_file();
446 #else /* USE_JANSSON */
447 ret = fips_test_one_file();
448 #endif /* USE_JANSSON */
451 RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
464 d_req = opendir(env.req_path);
466 RTE_LOG(ERR, USER1, "Error %i: Path %s not exist\n",
467 -EINVAL, env.req_path);
471 d_rsp = opendir(env.rsp_path);
473 ret = mkdir(env.rsp_path, 0700);
475 d_rsp = opendir(env.rsp_path);
477 RTE_LOG(ERR, USER1, "Error %i: Invalid %s\n",
478 -EINVAL, env.rsp_path);
484 while ((dir = readdir(d_req)) != NULL) {
485 if (strstr(dir->d_name, "req") == NULL)
488 snprintf(req_path, 1023, "%s/%s", env.req_path,
490 snprintf(rsp_path, 1023, "%s/%s", env.rsp_path,
492 strlcpy(strstr(rsp_path, "req"), "rsp", 4);
494 printf("Processing file %s... ", req_path);
496 ret = fips_test_init(req_path, rsp_path,
497 rte_cryptodev_name_get(env.dev_id));
499 RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
505 if (info.file_type == FIPS_TYPE_JSON) {
506 ret = fips_test_one_json_file();
507 json_decref(json_info.json_root);
509 ret = fips_test_one_file();
511 #else /* USE_JANSSON */
512 ret = fips_test_one_file();
513 #endif /* USE_JANSSON */
516 RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
530 cryptodev_fips_validate_app_uninit();
532 /* clean up the EAL */
539 #define IV_OFF (sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op))
540 #define CRYPTODEV_FIPS_MAX_RETRIES 16
542 struct fips_test_ops test_ops;
545 prepare_data_mbufs(struct fips_val *val)
547 struct rte_mbuf *m, *head = 0;
548 uint8_t *src = val->val;
549 uint32_t total_len = val->len;
553 rte_pktmbuf_free(env.mbuf);
555 if (total_len > RTE_MBUF_MAX_NB_SEGS) {
556 RTE_LOG(ERR, USER1, "Data len %u too big\n", total_len);
560 nb_seg = total_len / env.mbuf_data_room;
561 if (total_len % env.mbuf_data_room)
564 m = rte_pktmbuf_alloc(env.mpool);
566 RTE_LOG(ERR, USER1, "Error %i: Not enough mbuf\n",
573 uint16_t len = RTE_MIN(total_len, env.mbuf_data_room);
574 uint8_t *dst = (uint8_t *)rte_pktmbuf_append(m, len);
577 RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
583 memcpy(dst, src, len);
586 ret = rte_pktmbuf_chain(head, m);
589 RTE_LOG(ERR, USER1, "Error %i: SGL build\n",
597 if (!env.dev_support_sgl) {
598 RTE_LOG(ERR, USER1, "SGL not supported\n");
603 m = rte_pktmbuf_alloc(env.mpool);
605 RTE_LOG(ERR, USER1, "Error %i: No memory\n",
617 RTE_LOG(ERR, USER1, "Error %i: Failed to store all data\n",
627 rte_pktmbuf_free(head);
632 prepare_cipher_op(void)
634 struct rte_crypto_sym_op *sym = env.op->sym;
635 uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *, IV_OFF);
638 __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
640 memcpy(iv, vec.iv.val, vec.iv.len);
642 if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
643 ret = prepare_data_mbufs(&vec.pt);
647 sym->cipher.data.length = vec.pt.len;
649 ret = prepare_data_mbufs(&vec.ct);
653 sym->cipher.data.length = vec.ct.len;
656 rte_crypto_op_attach_sym_session(env.op, env.sess);
658 sym->m_src = env.mbuf;
659 sym->cipher.data.offset = 0;
665 prepare_auth_op(void)
667 struct rte_crypto_sym_op *sym = env.op->sym;
670 __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
673 uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *,
675 memset(iv, 0, vec.iv.len);
677 memcpy(iv, vec.iv.val, vec.iv.len);
680 ret = prepare_data_mbufs(&vec.pt);
684 rte_free(env.digest);
686 env.digest = rte_zmalloc(NULL, vec.cipher_auth.digest.len,
687 RTE_CACHE_LINE_SIZE);
689 RTE_LOG(ERR, USER1, "Not enough memory\n");
692 env.digest_len = vec.cipher_auth.digest.len;
694 sym->m_src = env.mbuf;
695 sym->auth.data.offset = 0;
696 sym->auth.data.length = vec.pt.len;
697 sym->auth.digest.data = env.digest;
698 sym->auth.digest.phys_addr = rte_malloc_virt2iova(env.digest);
700 if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
701 memcpy(env.digest, vec.cipher_auth.digest.val,
702 vec.cipher_auth.digest.len);
704 rte_crypto_op_attach_sym_session(env.op, env.sess);
710 prepare_aead_op(void)
712 struct rte_crypto_sym_op *sym = env.op->sym;
713 uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *, IV_OFF);
716 __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
718 if (info.algo == FIPS_TEST_ALGO_AES_CCM)
722 memcpy(iv, vec.iv.val, vec.iv.len);
724 /* if REQ file has iv length but not data, default as all 0 */
725 memset(iv, 0, vec.iv.len);
727 if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
728 ret = prepare_data_mbufs(&vec.pt);
732 rte_free(env.digest);
733 env.digest = rte_zmalloc(NULL, vec.aead.digest.len,
734 RTE_CACHE_LINE_SIZE);
736 RTE_LOG(ERR, USER1, "Not enough memory\n");
739 env.digest_len = vec.cipher_auth.digest.len;
741 sym->aead.data.length = vec.pt.len;
742 sym->aead.digest.data = env.digest;
743 sym->aead.digest.phys_addr = rte_malloc_virt2iova(env.digest);
745 ret = prepare_data_mbufs(&vec.ct);
749 sym->aead.data.length = vec.ct.len;
750 sym->aead.digest.data = vec.aead.digest.val;
751 sym->aead.digest.phys_addr = rte_malloc_virt2iova(
752 sym->aead.digest.data);
755 sym->m_src = env.mbuf;
756 sym->aead.data.offset = 0;
757 sym->aead.aad.data = vec.aead.aad.val;
758 sym->aead.aad.phys_addr = rte_malloc_virt2iova(sym->aead.aad.data);
760 rte_crypto_op_attach_sym_session(env.op, env.sess);
766 prepare_aes_xform(struct rte_crypto_sym_xform *xform)
768 const struct rte_cryptodev_symmetric_capability *cap;
769 struct rte_cryptodev_sym_capability_idx cap_idx;
770 struct rte_crypto_cipher_xform *cipher_xform = &xform->cipher;
772 xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
774 if (info.interim_info.aes_data.cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC)
775 cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_CBC;
777 cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_ECB;
779 cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
780 RTE_CRYPTO_CIPHER_OP_ENCRYPT :
781 RTE_CRYPTO_CIPHER_OP_DECRYPT;
782 cipher_xform->key.data = vec.cipher_auth.key.val;
783 cipher_xform->key.length = vec.cipher_auth.key.len;
784 if (cipher_xform->algo == RTE_CRYPTO_CIPHER_AES_CBC) {
785 cipher_xform->iv.length = vec.iv.len;
786 cipher_xform->iv.offset = IV_OFF;
788 cipher_xform->iv.length = 0;
789 cipher_xform->iv.offset = 0;
791 cap_idx.algo.cipher = cipher_xform->algo;
792 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
794 cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
796 RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
801 if (rte_cryptodev_sym_capability_check_cipher(cap,
802 cipher_xform->key.length,
803 cipher_xform->iv.length) != 0) {
804 RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
805 info.device_name, cipher_xform->key.length,
806 cipher_xform->iv.length);
814 prepare_tdes_xform(struct rte_crypto_sym_xform *xform)
816 const struct rte_cryptodev_symmetric_capability *cap;
817 struct rte_cryptodev_sym_capability_idx cap_idx;
818 struct rte_crypto_cipher_xform *cipher_xform = &xform->cipher;
820 xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
822 if (info.interim_info.tdes_data.test_mode == TDES_MODE_CBC)
823 cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_CBC;
825 cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_ECB;
826 cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
827 RTE_CRYPTO_CIPHER_OP_ENCRYPT :
828 RTE_CRYPTO_CIPHER_OP_DECRYPT;
829 cipher_xform->key.data = vec.cipher_auth.key.val;
830 cipher_xform->key.length = vec.cipher_auth.key.len;
832 if (cipher_xform->algo == RTE_CRYPTO_CIPHER_3DES_CBC) {
833 cipher_xform->iv.length = vec.iv.len;
834 cipher_xform->iv.offset = IV_OFF;
836 cipher_xform->iv.length = 0;
837 cipher_xform->iv.offset = 0;
839 cap_idx.algo.cipher = cipher_xform->algo;
840 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
842 cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
844 RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
849 if (rte_cryptodev_sym_capability_check_cipher(cap,
850 cipher_xform->key.length,
851 cipher_xform->iv.length) != 0) {
852 RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
853 info.device_name, cipher_xform->key.length,
854 cipher_xform->iv.length);
862 prepare_hmac_xform(struct rte_crypto_sym_xform *xform)
864 const struct rte_cryptodev_symmetric_capability *cap;
865 struct rte_cryptodev_sym_capability_idx cap_idx;
866 struct rte_crypto_auth_xform *auth_xform = &xform->auth;
868 xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
870 auth_xform->algo = info.interim_info.hmac_data.algo;
871 auth_xform->op = RTE_CRYPTO_AUTH_OP_GENERATE;
872 auth_xform->digest_length = vec.cipher_auth.digest.len;
873 auth_xform->key.data = vec.cipher_auth.key.val;
874 auth_xform->key.length = vec.cipher_auth.key.len;
876 cap_idx.algo.auth = auth_xform->algo;
877 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
879 cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
881 RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
886 if (rte_cryptodev_sym_capability_check_auth(cap,
887 auth_xform->key.length,
888 auth_xform->digest_length, 0) != 0) {
889 RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
890 info.device_name, auth_xform->key.length,
891 auth_xform->digest_length);
899 prepare_gcm_xform(struct rte_crypto_sym_xform *xform)
901 const struct rte_cryptodev_symmetric_capability *cap;
902 struct rte_cryptodev_sym_capability_idx cap_idx;
903 struct rte_crypto_aead_xform *aead_xform = &xform->aead;
905 xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
907 aead_xform->algo = RTE_CRYPTO_AEAD_AES_GCM;
908 aead_xform->aad_length = vec.aead.aad.len;
909 aead_xform->digest_length = vec.aead.digest.len;
910 aead_xform->iv.offset = IV_OFF;
911 aead_xform->iv.length = vec.iv.len;
912 aead_xform->key.data = vec.aead.key.val;
913 aead_xform->key.length = vec.aead.key.len;
914 aead_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
915 RTE_CRYPTO_AEAD_OP_ENCRYPT :
916 RTE_CRYPTO_AEAD_OP_DECRYPT;
918 cap_idx.algo.aead = aead_xform->algo;
919 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
921 cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
923 RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
928 if (rte_cryptodev_sym_capability_check_aead(cap,
929 aead_xform->key.length,
930 aead_xform->digest_length, aead_xform->aad_length,
931 aead_xform->iv.length) != 0) {
933 "PMD %s key_len %u tag_len %u aad_len %u iv_len %u\n",
934 info.device_name, aead_xform->key.length,
935 aead_xform->digest_length,
936 aead_xform->aad_length,
937 aead_xform->iv.length);
945 prepare_gmac_xform(struct rte_crypto_sym_xform *xform)
947 const struct rte_cryptodev_symmetric_capability *cap;
948 struct rte_cryptodev_sym_capability_idx cap_idx;
949 struct rte_crypto_auth_xform *auth_xform = &xform->auth;
951 xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
953 auth_xform->algo = RTE_CRYPTO_AUTH_AES_GMAC;
954 auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
955 RTE_CRYPTO_AUTH_OP_GENERATE :
956 RTE_CRYPTO_AUTH_OP_VERIFY;
957 auth_xform->iv.offset = IV_OFF;
958 auth_xform->iv.length = vec.iv.len;
959 auth_xform->digest_length = vec.aead.digest.len;
960 auth_xform->key.data = vec.aead.key.val;
961 auth_xform->key.length = vec.aead.key.len;
963 cap_idx.algo.auth = auth_xform->algo;
964 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
966 cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
968 RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
973 if (rte_cryptodev_sym_capability_check_auth(cap,
974 auth_xform->key.length,
975 auth_xform->digest_length,
976 auth_xform->iv.length) != 0) {
979 "PMD %s key length %u Digest length %u IV length %u\n",
980 info.device_name, auth_xform->key.length,
981 auth_xform->digest_length,
982 auth_xform->iv.length);
990 prepare_cmac_xform(struct rte_crypto_sym_xform *xform)
992 const struct rte_cryptodev_symmetric_capability *cap;
993 struct rte_cryptodev_sym_capability_idx cap_idx;
994 struct rte_crypto_auth_xform *auth_xform = &xform->auth;
996 xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
998 auth_xform->algo = RTE_CRYPTO_AUTH_AES_CMAC;
999 auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
1000 RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY;
1001 auth_xform->digest_length = vec.cipher_auth.digest.len;
1002 auth_xform->key.data = vec.cipher_auth.key.val;
1003 auth_xform->key.length = vec.cipher_auth.key.len;
1005 cap_idx.algo.auth = auth_xform->algo;
1006 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
1008 cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
1010 RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
1015 if (rte_cryptodev_sym_capability_check_auth(cap,
1016 auth_xform->key.length,
1017 auth_xform->digest_length, 0) != 0) {
1018 RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
1019 info.device_name, auth_xform->key.length,
1020 auth_xform->digest_length);
1028 prepare_ccm_xform(struct rte_crypto_sym_xform *xform)
1030 const struct rte_cryptodev_symmetric_capability *cap;
1031 struct rte_cryptodev_sym_capability_idx cap_idx;
1032 struct rte_crypto_aead_xform *aead_xform = &xform->aead;
1034 xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
1036 aead_xform->algo = RTE_CRYPTO_AEAD_AES_CCM;
1037 aead_xform->aad_length = vec.aead.aad.len;
1038 aead_xform->digest_length = vec.aead.digest.len;
1039 aead_xform->iv.offset = IV_OFF;
1040 aead_xform->iv.length = vec.iv.len;
1041 aead_xform->key.data = vec.aead.key.val;
1042 aead_xform->key.length = vec.aead.key.len;
1043 aead_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
1044 RTE_CRYPTO_AEAD_OP_ENCRYPT :
1045 RTE_CRYPTO_AEAD_OP_DECRYPT;
1047 cap_idx.algo.aead = aead_xform->algo;
1048 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
1050 cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
1052 RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
1057 if (rte_cryptodev_sym_capability_check_aead(cap,
1058 aead_xform->key.length,
1059 aead_xform->digest_length, aead_xform->aad_length,
1060 aead_xform->iv.length) != 0) {
1062 "PMD %s key_len %u tag_len %u aad_len %u iv_len %u\n",
1063 info.device_name, aead_xform->key.length,
1064 aead_xform->digest_length,
1065 aead_xform->aad_length,
1066 aead_xform->iv.length);
1074 prepare_sha_xform(struct rte_crypto_sym_xform *xform)
1076 const struct rte_cryptodev_symmetric_capability *cap;
1077 struct rte_cryptodev_sym_capability_idx cap_idx;
1078 struct rte_crypto_auth_xform *auth_xform = &xform->auth;
1080 xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
1082 auth_xform->algo = info.interim_info.sha_data.algo;
1083 auth_xform->op = RTE_CRYPTO_AUTH_OP_GENERATE;
1084 auth_xform->digest_length = vec.cipher_auth.digest.len;
1086 cap_idx.algo.auth = auth_xform->algo;
1087 cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
1089 cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
1091 RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
1096 if (rte_cryptodev_sym_capability_check_auth(cap,
1097 auth_xform->key.length,
1098 auth_xform->digest_length, 0) != 0) {
1099 RTE_LOG(ERR, USER1, "PMD %s key length %u digest length %u\n",
1100 info.device_name, auth_xform->key.length,
1101 auth_xform->digest_length);
1109 prepare_xts_xform(struct rte_crypto_sym_xform *xform)
1111 const struct rte_cryptodev_symmetric_capability *cap;
1112 struct rte_cryptodev_sym_capability_idx cap_idx;
1113 struct rte_crypto_cipher_xform *cipher_xform = &xform->cipher;
1115 xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
1117 cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_XTS;
1118 cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
1119 RTE_CRYPTO_CIPHER_OP_ENCRYPT :
1120 RTE_CRYPTO_CIPHER_OP_DECRYPT;
1121 cipher_xform->key.data = vec.cipher_auth.key.val;
1122 cipher_xform->key.length = vec.cipher_auth.key.len;
1123 cipher_xform->iv.length = vec.iv.len;
1124 cipher_xform->iv.offset = IV_OFF;
1126 cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_XTS;
1127 cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
1129 cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
1131 RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
1136 if (rte_cryptodev_sym_capability_check_cipher(cap,
1137 cipher_xform->key.length,
1138 cipher_xform->iv.length) != 0) {
1139 RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
1140 info.device_name, cipher_xform->key.length,
1141 cipher_xform->iv.length);
1149 get_writeback_data(struct fips_val *val)
1151 struct rte_mbuf *m = env.mbuf;
1152 uint16_t data_len = rte_pktmbuf_pkt_len(m);
1153 uint16_t total_len = data_len + env.digest_len;
1154 uint8_t *src, *dst, *wb_data;
1156 /* in case val is reused for MCT test, try to free the buffer first */
1162 wb_data = dst = calloc(1, total_len);
1164 RTE_LOG(ERR, USER1, "Error %i: Not enough memory\n", -ENOMEM);
1168 while (m && data_len) {
1169 uint16_t seg_len = RTE_MIN(rte_pktmbuf_data_len(m), data_len);
1171 src = rte_pktmbuf_mtod(m, uint8_t *);
1172 memcpy(dst, src, seg_len);
1174 data_len -= seg_len;
1179 RTE_LOG(ERR, USER1, "Error -1: write back data\n");
1185 memcpy(dst, env.digest, env.digest_len);
1188 val->len = total_len;
1196 struct rte_crypto_sym_xform xform = {0};
1200 ret = test_ops.prepare_xform(&xform);
1204 env.sess = rte_cryptodev_sym_session_create(env.sess_mpool);
1208 ret = rte_cryptodev_sym_session_init(env.dev_id,
1209 env.sess, &xform, env.sess_priv_mpool);
1211 RTE_LOG(ERR, USER1, "Error %i: Init session\n",
1216 ret = test_ops.prepare_op();
1218 RTE_LOG(ERR, USER1, "Error %i: Prepare op\n",
1223 if (rte_cryptodev_enqueue_burst(env.dev_id, 0, &env.op, 1) < 1) {
1224 RTE_LOG(ERR, USER1, "Error: Failed enqueue\n");
1230 struct rte_crypto_op *deqd_op;
1232 n_deqd = rte_cryptodev_dequeue_burst(env.dev_id, 0, &deqd_op,
1234 } while (n_deqd == 0);
1236 vec.status = env.op->status;
1239 rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
1240 rte_cryptodev_sym_session_free(env.sess);
1247 fips_generic_test(void)
1249 struct fips_val val = {NULL, 0};
1252 if (info.file_type != FIPS_TYPE_JSON)
1253 fips_test_write_one_case();
1255 ret = fips_run_test();
1257 if (ret == -EPERM || ret == -ENOTSUP) {
1258 if (info.file_type == FIPS_TYPE_JSON)
1261 fprintf(info.fp_wr, "Bypass\n\n");
1268 ret = get_writeback_data(&val);
1272 switch (info.file_type) {
1275 case FIPS_TYPE_JSON:
1276 if (info.parse_writeback == NULL)
1278 ret = info.parse_writeback(&val);
1283 if (info.kat_check == NULL)
1285 ret = info.kat_check(&val);
1293 if (info.file_type != FIPS_TYPE_JSON)
1294 fprintf(info.fp_wr, "\n");
1301 fips_mct_tdes_test(void)
1303 #define TDES_BLOCK_SIZE 8
1304 #define TDES_EXTERN_ITER 400
1305 #define TDES_INTERN_ITER 10000
1306 struct fips_val val = {NULL, 0}, val_key;
1307 uint8_t prev_out[TDES_BLOCK_SIZE] = {0};
1308 uint8_t prev_prev_out[TDES_BLOCK_SIZE] = {0};
1309 uint8_t prev_in[TDES_BLOCK_SIZE] = {0};
1312 int test_mode = info.interim_info.tdes_data.test_mode;
1314 for (i = 0; i < TDES_EXTERN_ITER; i++) {
1315 if ((i == 0) && (info.version == 21.4f)) {
1316 if (!(strstr(info.vec[0], "COUNT")))
1317 fprintf(info.fp_wr, "%s%u\n", "COUNT = ", 0);
1323 fips_test_write_one_case();
1325 for (j = 0; j < TDES_INTERN_ITER; j++) {
1326 ret = fips_run_test();
1328 if (ret == -EPERM) {
1329 if (info.file_type == FIPS_TYPE_JSON)
1332 fprintf(info.fp_wr, "Bypass\n");
1338 ret = get_writeback_data(&val);
1342 if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
1343 memcpy(prev_in, vec.ct.val, TDES_BLOCK_SIZE);
1346 memcpy(prev_out, val.val, TDES_BLOCK_SIZE);
1348 if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
1349 if (test_mode == TDES_MODE_ECB) {
1350 memcpy(vec.pt.val, val.val,
1353 memcpy(vec.pt.val, vec.iv.val,
1355 memcpy(vec.iv.val, val.val,
1360 if (test_mode == TDES_MODE_ECB) {
1361 memcpy(vec.ct.val, val.val,
1364 memcpy(vec.iv.val, vec.ct.val,
1366 memcpy(vec.ct.val, val.val,
1373 if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
1374 if (test_mode == TDES_MODE_ECB) {
1375 memcpy(vec.pt.val, val.val,
1378 memcpy(vec.iv.val, val.val,
1380 memcpy(vec.pt.val, prev_out,
1384 if (test_mode == TDES_MODE_ECB) {
1385 memcpy(vec.ct.val, val.val,
1388 memcpy(vec.iv.val, vec.ct.val,
1390 memcpy(vec.ct.val, val.val,
1395 if (j == TDES_INTERN_ITER - 1)
1398 memcpy(prev_out, val.val, TDES_BLOCK_SIZE);
1400 if (j == TDES_INTERN_ITER - 3)
1401 memcpy(prev_prev_out, val.val, TDES_BLOCK_SIZE);
1404 info.parse_writeback(&val);
1405 fprintf(info.fp_wr, "\n");
1407 if (i == TDES_EXTERN_ITER - 1)
1411 memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key));
1413 if (info.interim_info.tdes_data.nb_keys == 0) {
1414 if (memcmp(val_key.val, val_key.val + 8, 8) == 0)
1415 info.interim_info.tdes_data.nb_keys = 1;
1416 else if (memcmp(val_key.val, val_key.val + 16, 8) == 0)
1417 info.interim_info.tdes_data.nb_keys = 2;
1419 info.interim_info.tdes_data.nb_keys = 3;
1423 for (k = 0; k < TDES_BLOCK_SIZE; k++) {
1425 switch (info.interim_info.tdes_data.nb_keys) {
1427 val_key.val[k] ^= val.val[k];
1428 val_key.val[k + 8] ^= prev_out[k];
1429 val_key.val[k + 16] ^= prev_prev_out[k];
1432 val_key.val[k] ^= val.val[k];
1433 val_key.val[k + 8] ^= prev_out[k];
1434 val_key.val[k + 16] ^= val.val[k];
1436 default: /* case 1 */
1437 val_key.val[k] ^= val.val[k];
1438 val_key.val[k + 8] ^= val.val[k];
1439 val_key.val[k + 16] ^= val.val[k];
1445 for (k = 0; k < 24; k++)
1446 val_key.val[k] = (__builtin_popcount(val_key.val[k]) &
1448 val_key.val[k] : (val_key.val[k] ^ 0x1);
1450 if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
1451 if (test_mode == TDES_MODE_ECB) {
1452 memcpy(vec.pt.val, val.val, TDES_BLOCK_SIZE);
1454 memcpy(vec.iv.val, val.val, TDES_BLOCK_SIZE);
1455 memcpy(vec.pt.val, prev_out, TDES_BLOCK_SIZE);
1458 if (test_mode == TDES_MODE_ECB) {
1459 memcpy(vec.ct.val, val.val, TDES_BLOCK_SIZE);
1461 memcpy(vec.iv.val, prev_out, TDES_BLOCK_SIZE);
1462 memcpy(vec.ct.val, val.val, TDES_BLOCK_SIZE);
1473 fips_mct_aes_ecb_test(void)
1475 #define AES_BLOCK_SIZE 16
1476 #define AES_EXTERN_ITER 100
1477 #define AES_INTERN_ITER 1000
1478 struct fips_val val = {NULL, 0}, val_key;
1479 uint8_t prev_out[AES_BLOCK_SIZE] = {0};
1483 for (i = 0; i < AES_EXTERN_ITER; i++) {
1487 fips_test_write_one_case();
1489 for (j = 0; j < AES_INTERN_ITER; j++) {
1490 ret = fips_run_test();
1492 if (ret == -EPERM) {
1493 if (info.file_type == FIPS_TYPE_JSON)
1496 fprintf(info.fp_wr, "Bypass\n");
1503 ret = get_writeback_data(&val);
1507 if (info.op == FIPS_TEST_ENC_AUTH_GEN)
1508 memcpy(vec.pt.val, val.val, AES_BLOCK_SIZE);
1510 memcpy(vec.ct.val, val.val, AES_BLOCK_SIZE);
1512 if (j == AES_INTERN_ITER - 1)
1515 memcpy(prev_out, val.val, AES_BLOCK_SIZE);
1518 info.parse_writeback(&val);
1519 fprintf(info.fp_wr, "\n");
1521 if (i == AES_EXTERN_ITER - 1)
1525 memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key));
1526 for (k = 0; k < vec.cipher_auth.key.len; k++) {
1527 switch (vec.cipher_auth.key.len) {
1529 val_key.val[k] ^= val.val[k];
1533 val_key.val[k] ^= prev_out[k + 8];
1535 val_key.val[k] ^= val.val[k - 8];
1539 val_key.val[k] ^= prev_out[k];
1541 val_key.val[k] ^= val.val[k - 16];
1554 fips_mct_aes_test(void)
1556 #define AES_BLOCK_SIZE 16
1557 #define AES_EXTERN_ITER 100
1558 #define AES_INTERN_ITER 1000
1559 struct fips_val val[3] = {{NULL, 0},}, val_key, pt, ct, iv;
1560 uint8_t prev_out[AES_BLOCK_SIZE] = {0};
1561 uint8_t prev_in[AES_BLOCK_SIZE] = {0};
1565 if (info.interim_info.aes_data.cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB)
1566 return fips_mct_aes_ecb_test();
1568 memset(&pt, 0, sizeof(struct fips_val));
1569 memset(&ct, 0, sizeof(struct fips_val));
1570 memset(&iv, 0, sizeof(struct fips_val));
1571 for (i = 0; i < AES_EXTERN_ITER; i++) {
1572 if (info.file_type != FIPS_TYPE_JSON) {
1576 fips_test_write_one_case();
1579 for (j = 0; j < AES_INTERN_ITER; j++) {
1580 ret = fips_run_test();
1582 if (ret == -EPERM) {
1583 if (info.file_type == FIPS_TYPE_JSON)
1586 fprintf(info.fp_wr, "Bypass\n");
1593 ret = get_writeback_data(&val[0]);
1597 if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
1598 memcpy(prev_in, vec.ct.val, AES_BLOCK_SIZE);
1601 memcpy(prev_out, val[0].val, AES_BLOCK_SIZE);
1602 pt.len = vec.pt.len;
1603 pt.val = calloc(1, pt.len);
1604 memcpy(pt.val, vec.pt.val, pt.len);
1606 ct.len = vec.ct.len;
1607 ct.val = calloc(1, ct.len);
1608 memcpy(ct.val, vec.ct.val, ct.len);
1610 iv.len = vec.iv.len;
1611 iv.val = calloc(1, iv.len);
1612 memcpy(iv.val, vec.iv.val, iv.len);
1614 if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
1615 memcpy(vec.pt.val, vec.iv.val, AES_BLOCK_SIZE);
1616 memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
1617 val[1].val = pt.val;
1618 val[1].len = pt.len;
1619 val[2].val = iv.val;
1620 val[2].len = iv.len;
1622 memcpy(vec.ct.val, vec.iv.val, AES_BLOCK_SIZE);
1623 memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE);
1624 val[1].val = ct.val;
1625 val[1].len = ct.len;
1626 val[2].val = iv.val;
1627 val[2].len = iv.len;
1632 if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
1633 memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
1634 memcpy(vec.pt.val, prev_out, AES_BLOCK_SIZE);
1636 memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE);
1637 memcpy(vec.ct.val, prev_out, AES_BLOCK_SIZE);
1640 if (j == AES_INTERN_ITER - 1)
1643 memcpy(prev_out, val[0].val, AES_BLOCK_SIZE);
1646 info.parse_writeback(val);
1647 if (info.file_type != FIPS_TYPE_JSON)
1648 fprintf(info.fp_wr, "\n");
1650 if (i == AES_EXTERN_ITER - 1) {
1658 memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key));
1659 for (k = 0; k < vec.cipher_auth.key.len; k++) {
1660 switch (vec.cipher_auth.key.len) {
1662 val_key.val[k] ^= val[0].val[k];
1666 val_key.val[k] ^= prev_out[k + 8];
1668 val_key.val[k] ^= val[0].val[k - 8];
1672 val_key.val[k] ^= prev_out[k];
1674 val_key.val[k] ^= val[0].val[k - 16];
1681 if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
1682 memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
1691 fips_mct_sha_test(void)
1693 #define SHA_EXTERN_ITER 100
1694 #define SHA_INTERN_ITER 1000
1695 #define SHA_MD_BLOCK 3
1696 /* val[0] is op result and other value is for parse_writeback callback */
1697 struct fips_val val[2] = {{NULL, 0},};
1698 struct fips_val md[SHA_MD_BLOCK], msg;
1699 char temp[MAX_DIGEST_SIZE*2];
1703 msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
1704 msg.val = calloc(1, msg.len);
1705 memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.cipher_auth.digest.len);
1706 for (i = 0; i < SHA_MD_BLOCK; i++)
1707 md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
1709 rte_free(vec.pt.val);
1710 vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
1712 if (info.file_type != FIPS_TYPE_JSON) {
1713 fips_test_write_one_case();
1714 fprintf(info.fp_wr, "\n");
1717 for (j = 0; j < SHA_EXTERN_ITER; j++) {
1719 memcpy(md[0].val, vec.cipher_auth.digest.val,
1720 vec.cipher_auth.digest.len);
1721 md[0].len = vec.cipher_auth.digest.len;
1722 memcpy(md[1].val, vec.cipher_auth.digest.val,
1723 vec.cipher_auth.digest.len);
1724 md[1].len = vec.cipher_auth.digest.len;
1725 memcpy(md[2].val, vec.cipher_auth.digest.val,
1726 vec.cipher_auth.digest.len);
1727 md[2].len = vec.cipher_auth.digest.len;
1729 for (i = 0; i < SHA_MD_BLOCK; i++)
1730 memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
1732 for (i = 0; i < (SHA_INTERN_ITER); i++) {
1734 memcpy(vec.pt.val, md[0].val,
1736 memcpy((vec.pt.val + md[0].len), md[1].val,
1738 memcpy((vec.pt.val + md[0].len + md[1].len),
1741 vec.pt.len = md[0].len + md[1].len + md[2].len;
1743 ret = fips_run_test();
1745 if (ret == -EPERM || ret == -ENOTSUP) {
1746 if (info.file_type == FIPS_TYPE_JSON)
1749 fprintf(info.fp_wr, "Bypass\n\n");
1755 ret = get_writeback_data(&val[0]);
1759 memcpy(md[0].val, md[1].val, md[1].len);
1760 md[0].len = md[1].len;
1761 memcpy(md[1].val, md[2].val, md[2].len);
1762 md[1].len = md[2].len;
1764 memcpy(md[2].val, (val[0].val + vec.pt.len),
1765 vec.cipher_auth.digest.len);
1766 md[2].len = vec.cipher_auth.digest.len;
1769 memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
1770 vec.cipher_auth.digest.len = md[2].len;
1772 if (info.file_type != FIPS_TYPE_JSON) {
1773 fprintf(info.fp_wr, "COUNT = %u\n", j);
1774 writeback_hex_str("", temp, &vec.cipher_auth.digest);
1775 fprintf(info.fp_wr, "MD = %s\n\n", temp);
1777 val[1].val = msg.val;
1778 val[1].len = msg.len;
1779 info.parse_writeback(val);
1782 for (i = 0; i < (SHA_MD_BLOCK); i++)
1783 rte_free(md[i].val);
1785 rte_free(vec.pt.val);
1797 switch (info.algo) {
1798 case FIPS_TEST_ALGO_AES_CBC:
1799 case FIPS_TEST_ALGO_AES:
1800 test_ops.prepare_op = prepare_cipher_op;
1801 test_ops.prepare_xform = prepare_aes_xform;
1802 if (info.interim_info.aes_data.test_type == AESAVS_TYPE_MCT)
1803 test_ops.test = fips_mct_aes_test;
1805 test_ops.test = fips_generic_test;
1807 case FIPS_TEST_ALGO_HMAC:
1808 test_ops.prepare_op = prepare_auth_op;
1809 test_ops.prepare_xform = prepare_hmac_xform;
1810 test_ops.test = fips_generic_test;
1812 case FIPS_TEST_ALGO_TDES:
1813 test_ops.prepare_op = prepare_cipher_op;
1814 test_ops.prepare_xform = prepare_tdes_xform;
1815 if (info.interim_info.tdes_data.test_type == TDES_MCT)
1816 test_ops.test = fips_mct_tdes_test;
1818 test_ops.test = fips_generic_test;
1820 case FIPS_TEST_ALGO_AES_GCM:
1821 test_ops.prepare_op = prepare_aead_op;
1822 test_ops.prepare_xform = prepare_gcm_xform;
1823 test_ops.test = fips_generic_test;
1825 case FIPS_TEST_ALGO_AES_CMAC:
1826 test_ops.prepare_op = prepare_auth_op;
1827 test_ops.prepare_xform = prepare_cmac_xform;
1828 test_ops.test = fips_generic_test;
1830 case FIPS_TEST_ALGO_AES_CCM:
1831 test_ops.prepare_op = prepare_aead_op;
1832 test_ops.prepare_xform = prepare_ccm_xform;
1833 test_ops.test = fips_generic_test;
1835 case FIPS_TEST_ALGO_SHA:
1836 test_ops.prepare_op = prepare_auth_op;
1837 test_ops.prepare_xform = prepare_sha_xform;
1838 if (info.interim_info.sha_data.test_type == SHA_MCT)
1839 test_ops.test = fips_mct_sha_test;
1841 test_ops.test = fips_generic_test;
1843 case FIPS_TEST_ALGO_AES_XTS:
1844 test_ops.prepare_op = prepare_cipher_op;
1845 test_ops.prepare_xform = prepare_xts_xform;
1846 test_ops.test = fips_generic_test;
1849 if (strstr(info.file_name, "TECB") ||
1850 strstr(info.file_name, "TCBC")) {
1851 info.algo = FIPS_TEST_ALGO_TDES;
1852 test_ops.prepare_op = prepare_cipher_op;
1853 test_ops.prepare_xform = prepare_tdes_xform;
1854 if (info.interim_info.tdes_data.test_type == TDES_MCT)
1855 test_ops.test = fips_mct_tdes_test;
1857 test_ops.test = fips_generic_test;
1867 print_test_block(void)
1871 for (i = 0; i < info.nb_vec_lines; i++)
1872 printf("%s\n", info.vec[i]);
1878 fips_test_one_file(void)
1880 int fetch_ret = 0, ret;
1882 ret = init_test_ops();
1884 RTE_LOG(ERR, USER1, "Error %i: Init test op\n", ret);
1888 while (ret >= 0 && fetch_ret == 0) {
1889 fetch_ret = fips_test_fetch_one_block();
1890 if (fetch_ret < 0) {
1891 RTE_LOG(ERR, USER1, "Error %i: Fetch block\n",
1894 goto error_one_case;
1897 if (info.nb_vec_lines == 0) {
1898 if (fetch_ret == -EOF)
1901 fprintf(info.fp_wr, "\n");
1905 ret = fips_test_parse_one_case();
1908 ret = test_ops.test();
1911 RTE_LOG(ERR, USER1, "Error %i: test block\n",
1913 goto error_one_case;
1917 RTE_LOG(ERR, USER1, "Error %i: Parse block\n",
1919 goto error_one_case;
1930 rte_free(env.digest);
1933 rte_pktmbuf_free(env.mbuf);
1940 fips_test_json_init_writeback(void)
1942 json_t *session_info, *session_write;
1943 session_info = json_array_get(json_info.json_root, 0);
1944 session_write = json_object();
1945 json_info.json_write_root = json_array();
1947 json_object_set(session_write, "jwt",
1948 json_object_get(session_info, "jwt"));
1949 json_object_set(session_write, "url",
1950 json_object_get(session_info, "url"));
1951 json_object_set(session_write, "isSample",
1952 json_object_get(session_info, "isSample"));
1954 json_info.is_sample = json_boolean_value(
1955 json_object_get(session_info, "isSample"));
1957 json_array_append_new(json_info.json_write_root, session_write);
1962 fips_test_one_test_case(void)
1966 ret = fips_test_parse_one_json_case();
1970 ret = test_ops.test();
1971 if ((ret == 0) || (ret == -EPERM || ret == -ENOTSUP))
1973 RTE_LOG(ERR, USER1, "Error %i: test block\n",
1977 RTE_LOG(ERR, USER1, "Error %i: Parse block\n",
1984 fips_test_one_test_group(void)
1987 json_t *tests, *write_tests;
1988 size_t test_idx, tests_size;
1990 write_tests = json_array();
1991 json_info.json_write_group = json_object();
1992 json_object_set(json_info.json_write_group, "tgId",
1993 json_object_get(json_info.json_test_group, "tgId"));
1994 json_object_set_new(json_info.json_write_group, "tests", write_tests);
1996 switch (info.algo) {
1997 case FIPS_TEST_ALGO_AES_GCM:
1998 ret = parse_test_gcm_json_init();
2000 case FIPS_TEST_ALGO_HMAC:
2001 ret = parse_test_hmac_json_init();
2003 case FIPS_TEST_ALGO_AES_CMAC:
2004 ret = parse_test_cmac_json_init();
2006 case FIPS_TEST_ALGO_AES_XTS:
2007 ret = parse_test_xts_json_init();
2009 case FIPS_TEST_ALGO_AES_CBC:
2010 case FIPS_TEST_ALGO_AES:
2011 ret = parse_test_aes_json_init();
2013 case FIPS_TEST_ALGO_SHA:
2014 ret = parse_test_sha_json_init();
2023 ret = fips_test_parse_one_json_group();
2027 ret = init_test_ops();
2031 tests = json_object_get(json_info.json_test_group, "tests");
2032 tests_size = json_array_size(tests);
2033 for (test_idx = 0; test_idx < tests_size; test_idx++) {
2034 json_info.json_test_case = json_array_get(tests, test_idx);
2035 if (fips_test_one_test_case() == 0)
2036 json_array_append_new(write_tests, json_info.json_write_case);
2043 fips_test_one_vector_set(void)
2046 json_t *test_groups, *write_groups, *write_version, *write_set;
2047 size_t group_idx, num_groups;
2049 test_groups = json_object_get(json_info.json_vector_set, "testGroups");
2050 num_groups = json_array_size(test_groups);
2052 json_info.json_write_set = json_array();
2053 write_version = json_object();
2054 json_object_set_new(write_version, "acvVersion", json_string(ACVVERSION));
2055 json_array_append_new(json_info.json_write_set, write_version);
2057 write_set = json_object();
2058 json_array_append(json_info.json_write_set, write_set);
2059 write_groups = json_array();
2061 json_object_set(write_set, "vsId",
2062 json_object_get(json_info.json_vector_set, "vsId"));
2063 json_object_set(write_set, "algorithm",
2064 json_object_get(json_info.json_vector_set, "algorithm"));
2065 json_object_set(write_set, "revision",
2066 json_object_get(json_info.json_vector_set, "revision"));
2067 json_object_set_new(write_set, "isSample",
2068 json_boolean(json_info.is_sample));
2069 json_object_set_new(write_set, "testGroups", write_groups);
2071 ret = fips_test_parse_one_json_vector_set();
2073 RTE_LOG(ERR, USER1, "Error: Unsupported or invalid vector set algorithm: %s\n",
2074 json_string_value(json_object_get(json_info.json_vector_set, "algorithm")));
2078 for (group_idx = 0; group_idx < num_groups; group_idx++) {
2079 json_info.json_test_group = json_array_get(test_groups, group_idx);
2080 ret = fips_test_one_test_group();
2081 json_array_append_new(write_groups, json_info.json_write_group);
2088 fips_test_one_json_file(void)
2090 size_t vector_set_idx, root_size;
2092 root_size = json_array_size(json_info.json_root);
2093 fips_test_json_init_writeback();
2095 for (vector_set_idx = 1; vector_set_idx < root_size; vector_set_idx++) {
2096 /* Vector set index starts at 1, the 0th index contains test session
2099 json_info.json_vector_set = json_array_get(json_info.json_root, vector_set_idx);
2100 fips_test_one_vector_set();
2101 json_array_append_new(json_info.json_write_root, json_info.json_write_set);
2102 json_incref(json_info.json_write_set);
2105 json_dumpf(json_info.json_write_root, info.fp_wr, JSON_INDENT(4));
2106 json_decref(json_info.json_write_root);
2110 #endif /* USE_JANSSON */
git.droids-corp.org / dpdk.git / blob