X-Git-Url: http://git.droids-corp.org/?p=dpdk.git;a=blobdiff_plain;f=examples%2Ffips_validation%2Fmain.c;h=08a1b9c6dcc3bb2c5dbd809642a6a01d8bb448ff;hp=c83763b138622dd872f974e8cd0a0854c957fc83;hb=d659460a17afa28d4c7a37d492df47ab3ac542c7;hpb=d3190431b58abfceec438e84de6f14e7c96b9d45 diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index c83763b138..08a1b9c6dc 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -315,8 +315,21 @@ cryptodev_fips_validate_parse_args(int argc, char **argv) } } - if (env.req_path == NULL || env.rsp_path == NULL || - env.dev_id == UINT32_MAX) { + if (env.dev_id == UINT32_MAX) { + RTE_LOG(ERR, USER1, "No device specified\n"); + cryptodev_fips_validate_usage(prgname); + return -EINVAL; + } + + if ((env.req_path == NULL && env.rsp_path != NULL) || + (env.req_path != NULL && env.rsp_path == NULL)) { + RTE_LOG(ERR, USER1, "Missing req path or rsp path\n"); + cryptodev_fips_validate_usage(prgname); + return -EINVAL; + } + + if (env.req_path == NULL && env.self_test == 0) { + RTE_LOG(ERR, USER1, "--self-test must be set if req path is missing\n"); cryptodev_fips_validate_usage(prgname); return -EINVAL; } @@ -348,6 +361,11 @@ main(int argc, char *argv[]) return -1; } + if (env.req_path == NULL || env.rsp_path == NULL) { + printf("No request, exit.\n"); + goto exit; + } + if (!env.is_path_folder) { printf("Processing file %s... ", env.req_path); @@ -512,6 +530,7 @@ static int prepare_auth_op(void) { struct rte_crypto_sym_op *sym = env.op->sym; + uint8_t *pt; __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC); rte_pktmbuf_reset(env.mbuf); @@ -519,52 +538,25 @@ prepare_auth_op(void) sym->m_src = env.mbuf; sym->auth.data.offset = 0; - if (info.op == FIPS_TEST_ENC_AUTH_GEN) { - uint8_t *pt; - - if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) { - RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len); - return -EPERM; - } - - pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.pt.len + - vec.cipher_auth.digest.len); - - if (!pt) { - RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n", - -ENOMEM); - return -ENOMEM; - } - - memcpy(pt, vec.pt.val, vec.pt.len); - sym->auth.data.length = vec.pt.len; - sym->auth.digest.data = pt + vec.pt.len; - sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset( - env.mbuf, vec.pt.len); + pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.pt.len + + vec.cipher_auth.digest.len); - } else { - uint8_t *ct; + if (!pt) { + RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n", + -ENOMEM); + return -ENOMEM; + } - if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) { - RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len); - return -EPERM; - } + sym->auth.data.length = vec.pt.len; + sym->auth.digest.data = pt + vec.pt.len; + sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset( + env.mbuf, vec.pt.len); - ct = (uint8_t *)rte_pktmbuf_append(env.mbuf, - vec.ct.len + vec.cipher_auth.digest.len); + memcpy(pt, vec.pt.val, vec.pt.len); - if (!ct) { - RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n", - -ENOMEM); - return -ENOMEM; - } - - memcpy(ct, vec.ct.val, vec.ct.len); - sym->auth.data.length = vec.ct.len; - sym->auth.digest.data = vec.cipher_auth.digest.val; - sym->auth.digest.phys_addr = rte_malloc_virt2iova( - sym->auth.digest.data); - } + if (info.op == FIPS_TEST_DEC_AUTH_VERIF) + memcpy(pt + vec.pt.len, vec.cipher_auth.digest.val, + vec.cipher_auth.digest.len); rte_crypto_op_attach_sym_session(env.op, env.sess); @@ -938,6 +930,46 @@ prepare_sha_xform(struct rte_crypto_sym_xform *xform) return 0; } +static int +prepare_xts_xform(struct rte_crypto_sym_xform *xform) +{ + const struct rte_cryptodev_symmetric_capability *cap; + struct rte_cryptodev_sym_capability_idx cap_idx; + struct rte_crypto_cipher_xform *cipher_xform = &xform->cipher; + + xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER; + + cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_XTS; + cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ? + RTE_CRYPTO_CIPHER_OP_ENCRYPT : + RTE_CRYPTO_CIPHER_OP_DECRYPT; + cipher_xform->key.data = vec.cipher_auth.key.val; + cipher_xform->key.length = vec.cipher_auth.key.len; + cipher_xform->iv.length = vec.iv.len; + cipher_xform->iv.offset = IV_OFF; + + cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_XTS; + cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + + cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx); + if (!cap) { + RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n", + env.dev_id); + return -EINVAL; + } + + if (rte_cryptodev_sym_capability_check_cipher(cap, + cipher_xform->key.length, + cipher_xform->iv.length) != 0) { + RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n", + info.device_name, cipher_xform->key.length, + cipher_xform->iv.length); + return -EPERM; + } + + return 0; +} + static void get_writeback_data(struct fips_val *val) { @@ -1053,9 +1085,13 @@ fips_mct_tdes_test(void) uint8_t prev_in[TDES_BLOCK_SIZE] = {0}; uint32_t i, j, k; int ret; + int test_mode = info.interim_info.tdes_data.test_mode; for (i = 0; i < TDES_EXTERN_ITER; i++) { - if (i != 0) + if (i == 0) { + if (!(strstr(info.vec[0], "COUNT"))) + fprintf(info.fp_wr, "%s%u\n", "COUNT = ", 0); + } else update_info_vec(i); fips_test_write_one_case(); @@ -1079,25 +1115,50 @@ fips_mct_tdes_test(void) memcpy(prev_out, val.val, TDES_BLOCK_SIZE); if (info.op == FIPS_TEST_ENC_AUTH_GEN) { - memcpy(vec.pt.val, vec.iv.val, - TDES_BLOCK_SIZE); - memcpy(vec.iv.val, val.val, - TDES_BLOCK_SIZE); + if (test_mode == TDES_MODE_ECB) { + memcpy(vec.pt.val, val.val, + TDES_BLOCK_SIZE); + } else { + memcpy(vec.pt.val, vec.iv.val, + TDES_BLOCK_SIZE); + memcpy(vec.iv.val, val.val, + TDES_BLOCK_SIZE); + } + } else { - memcpy(vec.iv.val, vec.ct.val, - TDES_BLOCK_SIZE); - memcpy(vec.ct.val, val.val, - TDES_BLOCK_SIZE); + if (test_mode == TDES_MODE_ECB) { + memcpy(vec.ct.val, val.val, + TDES_BLOCK_SIZE); + } else { + memcpy(vec.iv.val, vec.ct.val, + TDES_BLOCK_SIZE); + memcpy(vec.ct.val, val.val, + TDES_BLOCK_SIZE); + } } continue; } if (info.op == FIPS_TEST_ENC_AUTH_GEN) { - memcpy(vec.iv.val, val.val, TDES_BLOCK_SIZE); - memcpy(vec.pt.val, prev_out, TDES_BLOCK_SIZE); + if (test_mode == TDES_MODE_ECB) { + memcpy(vec.pt.val, val.val, + TDES_BLOCK_SIZE); + } else { + memcpy(vec.iv.val, val.val, + TDES_BLOCK_SIZE); + memcpy(vec.pt.val, prev_out, + TDES_BLOCK_SIZE); + } } else { - memcpy(vec.iv.val, vec.ct.val, TDES_BLOCK_SIZE); - memcpy(vec.ct.val, val.val, TDES_BLOCK_SIZE); + if (test_mode == TDES_MODE_ECB) { + memcpy(vec.ct.val, val.val, + TDES_BLOCK_SIZE); + } else { + memcpy(vec.iv.val, vec.ct.val, + TDES_BLOCK_SIZE); + memcpy(vec.ct.val, val.val, + TDES_BLOCK_SIZE); + } } if (j == TDES_INTERN_ITER - 1) @@ -1156,11 +1217,19 @@ fips_mct_tdes_test(void) val_key.val[k] : (val_key.val[k] ^ 0x1); if (info.op == FIPS_TEST_ENC_AUTH_GEN) { - memcpy(vec.iv.val, val.val, TDES_BLOCK_SIZE); - memcpy(vec.pt.val, prev_out, TDES_BLOCK_SIZE); + if (test_mode == TDES_MODE_ECB) { + memcpy(vec.pt.val, val.val, TDES_BLOCK_SIZE); + } else { + memcpy(vec.iv.val, val.val, TDES_BLOCK_SIZE); + memcpy(vec.pt.val, prev_out, TDES_BLOCK_SIZE); + } } else { - memcpy(vec.iv.val, prev_out, TDES_BLOCK_SIZE); - memcpy(vec.ct.val, val.val, TDES_BLOCK_SIZE); + if (test_mode == TDES_MODE_ECB) { + memcpy(vec.ct.val, val.val, TDES_BLOCK_SIZE); + } else { + memcpy(vec.iv.val, prev_out, TDES_BLOCK_SIZE); + memcpy(vec.ct.val, val.val, TDES_BLOCK_SIZE); + } } } @@ -1478,6 +1547,11 @@ init_test_ops(void) else test_ops.test = fips_generic_test; break; + case FIPS_TEST_ALGO_AES_XTS: + test_ops.prepare_op = prepare_cipher_op; + test_ops.prepare_xform = prepare_xts_xform; + test_ops.test = fips_generic_test; + break; default: if (strstr(info.file_name, "TECB") || strstr(info.file_name, "TCBC")) {