examples/fips_validation: support AES XTS

author Sucharitha Sarananaga <ssarananaga@marvell.com>

Tue, 7 Jan 2020 09:38:43 +0000 (15:08 +0530)

committer Akhil Goyal <akhil.goyal@nxp.com>

Wed, 5 Feb 2020 14:20:51 +0000 (15:20 +0100)
author Sucharitha Sarananaga <ssarananaga@marvell.com>
Tue, 7 Jan 2020 09:38:43 +0000 (15:08 +0530)
committer Akhil Goyal <akhil.goyal@nxp.com>
Wed, 5 Feb 2020 14:20:51 +0000 (15:20 +0100)
diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile

index 1385e8c..c207d11 100644 (file)
--- a/examples/fips_validation/Makefile
+++ b/examples/fips_validation/Makefile
@@ -14,6 +14,7 @@ SRCS-y += fips_validation_cmac.c
  SRCS-y += fips_validation_ccm.c
  SRCS-y += fips_validation_sha.c
  SRCS-y += fips_dev_self_test.c
+SRCS-y += fips_validation_xts.c
  SRCS-y += main.c
  
  # Build using pkg-config variables if possible
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c

index 07ffa62..ef24b72 100644 (file)
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -150,6 +150,12 @@ fips_test_parse_header(void)
                                 ret = parse_test_sha_init();
                                 if (ret < 0)
                                         return ret;
+                       } else if (strstr(info.vec[i], "XTS")) {
+                               algo_parsed = 1;
+                               info.algo = FIPS_TEST_ALGO_AES_XTS;
+                               ret = parse_test_xts_init();
+                               if (ret < 0)
+                                       return ret;
                         }
                 }
  
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h

index d487fb0..5aee955 100644 (file)
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -31,6 +31,7 @@ enum fips_test_algorithms {
                 FIPS_TEST_ALGO_HMAC,
                 FIPS_TEST_ALGO_TDES,
                 FIPS_TEST_ALGO_SHA,
+               FIPS_TEST_ALGO_AES_XTS,
                 FIPS_TEST_ALGO_MAX
  };
  
@@ -222,6 +223,9 @@ parse_test_ccm_init(void);
  int
  parse_test_sha_init(void);
  
+int
+parse_test_xts_init(void);
+
  int
  parser_read_uint8_hex(uint8_t *value, const char *p);
  
diff --git a/examples/fips_validation/fips_validation_xts.c b/examples/fips_validation/fips_validation_xts.c

new file mode 100644 (file)

index 0000000..5bb1966
--- /dev/null
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -0,0 +1,119 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2020 Marvell International Ltd.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+
+#include <rte_cryptodev.h>
+
+#include "fips_validation.h"
+
+#define MODE_STR       "XTS"
+#define ALGO_STR       "test data for "
+#define OP_STR         "State"
+#define KEY_SIZE_STR   "Key Length : "
+
+#define COUNT_STR      "COUNT = "
+#define KEY_STR                "Key = "
+#define IV_STR         "i = "
+#define PT_STR         "PT = "
+#define CT_STR         "CT = "
+
+#define OP_ENC_STR     "ENCRYPT"
+#define OP_DEC_STR     "DECRYPT"
+
+static int
+parse_interim_xts_enc_dec(const char *key,
+               __rte_unused char *text,
+               __rte_unused struct fips_val *val)
+{
+       if (strcmp(key, OP_ENC_STR) == 0)
+               info.op = FIPS_TEST_ENC_AUTH_GEN;
+       else if (strcmp(key, OP_DEC_STR) == 0)
+               info.op = FIPS_TEST_DEC_AUTH_VERIF;
+       else
+               return -1;
+       return 0;
+}
+
+struct fips_test_callback xts_tests_vectors[] = {
+               {KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
+               {IV_STR, parse_uint8_hex_str, &vec.iv},
+               {PT_STR, parse_uint8_hex_str, &vec.pt},
+               {CT_STR, parse_uint8_hex_str, &vec.ct},
+               {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback xts_tests_interim_vectors[] = {
+               {OP_ENC_STR, parse_interim_xts_enc_dec, NULL},
+               {OP_DEC_STR, parse_interim_xts_enc_dec, NULL},
+               {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback xts_writeback_callbacks[] = {
+               /** First element is used to pass COUNT string */
+               {COUNT_STR, NULL, NULL},
+               {IV_STR, writeback_hex_str, &vec.iv},
+               {KEY_STR, writeback_hex_str, &vec.cipher_auth.key},
+               {PT_STR, writeback_hex_str, &vec.pt},
+               {CT_STR, writeback_hex_str, &vec.ct},
+               {NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_xts_writeback(struct fips_val *val)
+{
+       if (info.op == FIPS_TEST_ENC_AUTH_GEN)
+               fprintf(info.fp_wr, "%s", CT_STR);
+       else
+               fprintf(info.fp_wr, "%s", PT_STR);
+
+       parse_write_hex_str(val);
+       return 0;
+}
+
+static int
+rsp_test_xts_check(struct fips_val *val)
+{
+       struct fips_val *data;
+       if (info.op == FIPS_TEST_ENC_AUTH_GEN)
+               data = &vec.ct;
+       else
+               data = &vec.pt;
+
+       if (memcmp(val->val, data->val, val->len) == 0)
+               fprintf(info.fp_wr, "Success\n");
+       else
+               fprintf(info.fp_wr, "Failed\n");
+       return 0;
+}
+
+int parse_test_xts_init(void)
+{
+       char *tmp;
+       uint32_t i;
+       for (i = 0; i < info.nb_vec_lines; i++) {
+               char *line = info.vec[i];
+               tmp = strstr(line, KEY_SIZE_STR);
+               if (tmp) {
+                       tmp += (strlen(KEY_SIZE_STR) + strlen("AES"));
+                       if (parser_read_uint32(
+                               &info.interim_info.aes_data.key_len,
+                                       tmp) < 0)
+                               return -EINVAL;
+                       info.interim_info.aes_data.key_len =
+                       (info.interim_info.aes_data.key_len*2) / 8;
+                       continue;
+               }
+
+       }
+       info.parse_writeback = parse_test_xts_writeback;
+       info.callbacks = xts_tests_vectors;
+       info.interim_callbacks = xts_tests_interim_vectors;
+       info.writeback_callbacks = xts_writeback_callbacks;
+       info.kat_check = rsp_test_xts_check;
+
+       return 0;
+}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c

index 9a2c8da..f9b2056 100644 (file)
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -912,6 +912,46 @@ prepare_sha_xform(struct rte_crypto_sym_xform *xform)
         return 0;
  }
  
+static int
+prepare_xts_xform(struct rte_crypto_sym_xform *xform)
+{
+       const struct rte_cryptodev_symmetric_capability *cap;
+       struct rte_cryptodev_sym_capability_idx cap_idx;
+       struct rte_crypto_cipher_xform *cipher_xform = &xform->cipher;
+
+       xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+
+       cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_XTS;
+       cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+                       RTE_CRYPTO_CIPHER_OP_ENCRYPT :
+                       RTE_CRYPTO_CIPHER_OP_DECRYPT;
+       cipher_xform->key.data = vec.cipher_auth.key.val;
+       cipher_xform->key.length = vec.cipher_auth.key.len;
+       cipher_xform->iv.length = vec.iv.len;
+       cipher_xform->iv.offset = IV_OFF;
+
+       cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_XTS;
+       cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+
+       cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+       if (!cap) {
+               RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+                               env.dev_id);
+               return -EINVAL;
+       }
+
+       if (rte_cryptodev_sym_capability_check_cipher(cap,
+                       cipher_xform->key.length,
+                       cipher_xform->iv.length) != 0) {
+               RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+                               info.device_name, cipher_xform->key.length,
+                               cipher_xform->iv.length);
+               return -EPERM;
+       }
+
+       return 0;
+}
+
  static void
  get_writeback_data(struct fips_val *val)
  {
@@ -1486,6 +1526,11 @@ init_test_ops(void)
                 else
                         test_ops.test = fips_generic_test;
                 break;
+       case FIPS_TEST_ALGO_AES_XTS:
+               test_ops.prepare_op = prepare_cipher_op;
+               test_ops.prepare_xform = prepare_xts_xform;
+               test_ops.test = fips_generic_test;
+               break;
         default:
                 if (strstr(info.file_name, "TECB") ||
                                 strstr(info.file_name, "TCBC")) {
diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build

index 6dd6308..e2745d2 100644 (file)
--- a/examples/fips_validation/meson.build
+++ b/examples/fips_validation/meson.build
@@ -17,6 +17,7 @@ sources = files(
         'fips_validation_cmac.c',
         'fips_validation_ccm.c',
         'fips_validation_sha.c',
+       'fips_validation_xts.c',
         'fips_dev_self_test.c',
         'main.c'
  )
author	Sucharitha Sarananaga <ssarananaga@marvell.com>
	Tue, 7 Jan 2020 09:38:43 +0000 (15:08 +0530)
committer	Akhil Goyal <akhil.goyal@nxp.com>
	Wed, 5 Feb 2020 14:20:51 +0000 (15:20 +0100)
examples/fips_validation/Makefile		patch \| blob \| history
examples/fips_validation/fips_validation.c		patch \| blob \| history
examples/fips_validation/fips_validation.h		patch \| blob \| history
examples/fips_validation/fips_validation_xts.c	[new file with mode: 0644]	patch \| blob
examples/fips_validation/main.c		patch \| blob \| history
examples/fips_validation/meson.build		patch \| blob \| history