#include <dirent.h>
#include <rte_cryptodev.h>
-#include <rte_cryptodev_pmd.h>
+#include <rte_malloc.h>
#include <rte_mempool.h>
#include <rte_mbuf.h>
#include <rte_string_fns.h>
#include "fips_validation.h"
-
-#define REQ_FILE_PATH_KEYWORD "req-file"
-#define RSP_FILE_PATH_KEYWORD "rsp-file"
-#define FOLDER_KEYWORD "path-is-folder"
-#define CRYPTODEV_KEYWORD "cryptodev"
-#define CRYPTODEV_ID_KEYWORD "cryptodev-id"
+#include "fips_dev_self_test.h"
+
+enum {
+#define OPT_REQ_FILE_PATH "req-file"
+ OPT_REQ_FILE_PATH_NUM = 256,
+#define OPT_RSP_FILE_PATH "rsp-file"
+ OPT_RSP_FILE_PATH_NUM,
+#define OPT_MBUF_DATAROOM "mbuf-dataroom"
+ OPT_MBUF_DATAROOM_NUM,
+#define OPT_FOLDER "path-is-folder"
+ OPT_FOLDER_NUM,
+#define OPT_CRYPTODEV "cryptodev"
+ OPT_CRYPTODEV_NUM,
+#define OPT_CRYPTODEV_ID "cryptodev-id"
+ OPT_CRYPTODEV_ID_NUM,
+#define OPT_CRYPTODEV_ST "self-test"
+ OPT_CRYPTODEV_ST_NUM,
+#define OPT_CRYPTODEV_BK_ID "broken-test-id"
+ OPT_CRYPTODEV_BK_ID_NUM,
+#define OPT_CRYPTODEV_BK_DIR_KEY "broken-test-dir"
+ OPT_CRYPTODEV_BK_DIR_KEY_NUM,
+#define OPT_USE_JSON "use-json"
+ OPT_USE_JSON_NUM,
+};
struct fips_test_vector vec;
struct fips_test_interim_info info;
+#ifdef RTE_HAS_JANSSON
+struct fips_test_json_info json_info;
+#endif /* RTE_HAS_JANSSON */
+
struct cryptodev_fips_validate_env {
const char *req_path;
const char *rsp_path;
uint32_t is_path_folder;
- uint32_t dev_id;
+ uint8_t dev_id;
+ uint8_t dev_support_sgl;
+ uint16_t mbuf_data_room;
struct rte_mempool *mpool;
+ struct rte_mempool *sess_mpool;
+ struct rte_mempool *sess_priv_mpool;
struct rte_mempool *op_pool;
struct rte_mbuf *mbuf;
+ uint8_t *digest;
+ uint16_t digest_len;
struct rte_crypto_op *op;
struct rte_cryptodev_sym_session *sess;
+ uint16_t self_test;
+ struct fips_dev_broken_test_config *broken_test_config;
} env;
static int
cryptodev_fips_validate_app_int(void)
{
- struct rte_cryptodev_config conf = {rte_socket_id(), 1};
- struct rte_cryptodev_qp_conf qp_conf = {128};
+ struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
+ struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
+ struct rte_cryptodev_info dev_info;
+ uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
+ env.dev_id);
+ uint32_t nb_mbufs = UINT16_MAX / env.mbuf_data_room + 1;
int ret;
+ if (env.self_test) {
+ ret = fips_dev_self_test(env.dev_id, env.broken_test_config);
+ if (ret < 0) {
+ rte_cryptodev_close(env.dev_id);
+
+ return ret;
+ }
+ }
+
ret = rte_cryptodev_configure(env.dev_id, &conf);
if (ret < 0)
return ret;
- env.mpool = rte_pktmbuf_pool_create("FIPS_MEMPOOL", 128, 0, 0,
- UINT16_MAX, rte_socket_id());
+ rte_cryptodev_info_get(env.dev_id, &dev_info);
+ if (dev_info.feature_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)
+ env.dev_support_sgl = 1;
+ else
+ env.dev_support_sgl = 0;
+
+ env.mpool = rte_pktmbuf_pool_create("FIPS_MEMPOOL", nb_mbufs,
+ 0, 0, sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM +
+ env.mbuf_data_room, rte_socket_id());
if (!env.mpool)
return ret;
ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
- rte_socket_id(), env.mpool);
+ rte_socket_id());
if (ret < 0)
return ret;
ret = -ENOMEM;
+ env.sess_mpool = rte_cryptodev_sym_session_pool_create(
+ "FIPS_SESS_MEMPOOL", 16, 0, 0, 0, rte_socket_id());
+ if (!env.sess_mpool)
+ goto error_exit;
+
+ env.sess_priv_mpool = rte_mempool_create("FIPS_SESS_PRIV_MEMPOOL",
+ 16, sess_sz, 0, 0, NULL, NULL, NULL,
+ NULL, rte_socket_id(), 0);
+ if (!env.sess_priv_mpool)
+ goto error_exit;
+
env.op_pool = rte_crypto_op_pool_create(
"FIPS_OP_POOL",
RTE_CRYPTO_OP_TYPE_SYMMETRIC,
if (!env.op_pool)
goto error_exit;
- env.mbuf = rte_pktmbuf_alloc(env.mpool);
- if (!env.mbuf)
- goto error_exit;
-
env.op = rte_crypto_op_alloc(env.op_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
if (!env.op)
goto error_exit;
+ qp_conf.mp_session = env.sess_mpool;
+ qp_conf.mp_session_private = env.sess_priv_mpool;
+
+ ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
+ rte_socket_id());
+ if (ret < 0)
+ goto error_exit;
+
+ ret = rte_cryptodev_start(env.dev_id);
+ if (ret < 0)
+ goto error_exit;
+
return 0;
error_exit:
+
rte_mempool_free(env.mpool);
- if (env.op_pool)
- rte_mempool_free(env.op_pool);
+ rte_mempool_free(env.sess_mpool);
+ rte_mempool_free(env.sess_priv_mpool);
+ rte_mempool_free(env.op_pool);
return ret;
}
rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
rte_cryptodev_sym_session_free(env.sess);
rte_mempool_free(env.mpool);
+ rte_mempool_free(env.sess_mpool);
+ rte_mempool_free(env.sess_priv_mpool);
rte_mempool_free(env.op_pool);
}
static int
fips_test_one_file(void);
+#ifdef RTE_HAS_JANSSON
+static int
+fips_test_one_json_file(void);
+#endif /* RTE_HAS_JANSSON */
+
static int
parse_cryptodev_arg(char *arg)
{
return id;
}
- env.dev_id = (uint32_t)id;
+ env.dev_id = (uint8_t)id;
return 0;
}
}
- if (!rte_cryptodev_pmd_is_valid_dev(cryptodev_id)) {
+ if (!rte_cryptodev_is_valid_dev(cryptodev_id)) {
RTE_LOG(ERR, USER1, "Error %i: invalid cryptodev id %s\n",
cryptodev_id, arg);
return -1;
}
- env.dev_id = (uint32_t)cryptodev_id;
+ env.dev_id = (uint8_t)cryptodev_id;
return 0;
}
static void
cryptodev_fips_validate_usage(const char *prgname)
{
+ uint32_t def_mbuf_seg_size = DEF_MBUF_SEG_SIZE;
printf("%s [EAL options] --\n"
" --%s: REQUEST-FILE-PATH\n"
" --%s: RESPONSE-FILE-PATH\n"
" --%s: indicating both paths are folders\n"
+ " --%s: mbuf dataroom size (default %u bytes)\n"
" --%s: CRYPTODEV-NAME\n"
- " --%s: CRYPTODEV-ID-NAME\n",
- prgname, REQ_FILE_PATH_KEYWORD, RSP_FILE_PATH_KEYWORD,
- FOLDER_KEYWORD, CRYPTODEV_KEYWORD, CRYPTODEV_ID_KEYWORD);
+ " --%s: CRYPTODEV-ID-NAME\n"
+ " --%s: self test indicator\n"
+ " --%s: self broken test ID\n"
+ " --%s: self broken test direction\n",
+ prgname, OPT_REQ_FILE_PATH, OPT_RSP_FILE_PATH,
+ OPT_FOLDER, OPT_MBUF_DATAROOM, def_mbuf_seg_size,
+ OPT_CRYPTODEV, OPT_CRYPTODEV_ID, OPT_CRYPTODEV_ST,
+ OPT_CRYPTODEV_BK_ID, OPT_CRYPTODEV_BK_DIR_KEY);
}
static int
char **argvopt;
int option_index;
struct option lgopts[] = {
- {REQ_FILE_PATH_KEYWORD, required_argument, 0, 0},
- {RSP_FILE_PATH_KEYWORD, required_argument, 0, 0},
- {FOLDER_KEYWORD, no_argument, 0, 0},
- {CRYPTODEV_KEYWORD, required_argument, 0, 0},
- {CRYPTODEV_ID_KEYWORD, required_argument, 0, 0},
- {NULL, 0, 0, 0}
+ {OPT_REQ_FILE_PATH, required_argument,
+ NULL, OPT_REQ_FILE_PATH_NUM},
+ {OPT_RSP_FILE_PATH, required_argument,
+ NULL, OPT_RSP_FILE_PATH_NUM},
+ {OPT_FOLDER, no_argument,
+ NULL, OPT_FOLDER_NUM},
+ {OPT_MBUF_DATAROOM, required_argument,
+ NULL, OPT_MBUF_DATAROOM_NUM},
+ {OPT_CRYPTODEV, required_argument,
+ NULL, OPT_CRYPTODEV_NUM},
+ {OPT_CRYPTODEV_ID, required_argument,
+ NULL, OPT_CRYPTODEV_ID_NUM},
+ {OPT_CRYPTODEV_ST, no_argument,
+ NULL, OPT_CRYPTODEV_ST_NUM},
+ {OPT_CRYPTODEV_BK_ID, required_argument,
+ NULL, OPT_CRYPTODEV_BK_ID_NUM},
+ {OPT_CRYPTODEV_BK_DIR_KEY, required_argument,
+ NULL, OPT_CRYPTODEV_BK_DIR_KEY_NUM},
+ {NULL, 0, 0, 0}
};
argvopt = argv;
+ env.mbuf_data_room = DEF_MBUF_SEG_SIZE;
+ if (rte_cryptodev_count())
+ env.dev_id = 0;
+ else {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+
while ((opt = getopt_long(argc, argvopt, "s:",
lgopts, &option_index)) != EOF) {
switch (opt) {
- case 0:
- if (strcmp(lgopts[option_index].name,
- REQ_FILE_PATH_KEYWORD) == 0)
- env.req_path = optarg;
- else if (strcmp(lgopts[option_index].name,
- RSP_FILE_PATH_KEYWORD) == 0)
- env.rsp_path = optarg;
- else if (strcmp(lgopts[option_index].name,
- FOLDER_KEYWORD) == 0)
- env.is_path_folder = 1;
- else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_KEYWORD) == 0) {
- ret = parse_cryptodev_arg(optarg);
- if (ret < 0) {
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
- } else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_ID_KEYWORD) == 0) {
- ret = parse_cryptodev_id_arg(optarg);
- if (ret < 0) {
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
- } else {
+ case OPT_REQ_FILE_PATH_NUM:
+ env.req_path = optarg;
+ break;
+
+ case OPT_RSP_FILE_PATH_NUM:
+ env.rsp_path = optarg;
+ break;
+
+ case OPT_FOLDER_NUM:
+ env.is_path_folder = 1;
+ break;
+
+ case OPT_CRYPTODEV_NUM:
+ ret = parse_cryptodev_arg(optarg);
+ if (ret < 0) {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
+
+ case OPT_CRYPTODEV_ID_NUM:
+ ret = parse_cryptodev_id_arg(optarg);
+ if (ret < 0) {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
+
+ case OPT_CRYPTODEV_ST_NUM:
+ env.self_test = 1;
+ break;
+
+ case OPT_CRYPTODEV_BK_ID_NUM:
+ if (!env.broken_test_config) {
+ env.broken_test_config = rte_malloc(
+ NULL,
+ sizeof(*env.broken_test_config),
+ 0);
+ if (!env.broken_test_config)
+ return -ENOMEM;
+
+ env.broken_test_config->expect_fail_dir =
+ self_test_dir_enc_auth_gen;
+ }
+
+ if (parser_read_uint32(
+ &env.broken_test_config->expect_fail_test_idx,
+ optarg) < 0) {
+ rte_free(env.broken_test_config);
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
+
+ case OPT_CRYPTODEV_BK_DIR_KEY_NUM:
+ if (!env.broken_test_config) {
+ env.broken_test_config = rte_malloc(
+ NULL,
+ sizeof(*env.broken_test_config),
+ 0);
+ if (!env.broken_test_config)
+ return -ENOMEM;
+
+ env.broken_test_config->expect_fail_test_idx =
+ 0;
+ }
+
+ if (strcmp(optarg, "enc") == 0)
+ env.broken_test_config->expect_fail_dir =
+ self_test_dir_enc_auth_gen;
+ else if (strcmp(optarg, "dec")
+ == 0)
+ env.broken_test_config->expect_fail_dir =
+ self_test_dir_dec_auth_verify;
+ else {
+ rte_free(env.broken_test_config);
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
+
+
+ case OPT_MBUF_DATAROOM_NUM:
+ if (parser_read_uint16(&env.mbuf_data_room,
+ optarg) < 0) {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+
+ if (env.mbuf_data_room == 0) {
cryptodev_fips_validate_usage(prgname);
return -EINVAL;
}
break;
+
default:
- return -1;
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
}
}
- if (env.req_path == NULL || env.rsp_path == NULL ||
- env.dev_id == UINT32_MAX) {
+ if ((env.req_path == NULL && env.rsp_path != NULL) ||
+ (env.req_path != NULL && env.rsp_path == NULL)) {
+ RTE_LOG(ERR, USER1, "Missing req path or rsp path\n");
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+
+ if (env.req_path == NULL && env.self_test == 0) {
+ RTE_LOG(ERR, USER1, "--self-test must be set if req path is missing\n");
cryptodev_fips_validate_usage(prgname);
return -EINVAL;
}
return -1;
}
+ if (env.req_path == NULL || env.rsp_path == NULL) {
+ printf("No request, exit.\n");
+ goto exit;
+ }
+
if (!env.is_path_folder) {
printf("Processing file %s... ", env.req_path);
goto exit;
}
-
+#ifdef RTE_HAS_JANSSON
+ if (info.file_type == FIPS_TYPE_JSON) {
+ ret = fips_test_one_json_file();
+ json_decref(json_info.json_root);
+ } else {
+ ret = fips_test_one_file();
+ }
+#else /* RTE_HAS_JANSSON */
ret = fips_test_one_file();
+#endif /* RTE_HAS_JANSSON */
+
if (ret < 0) {
RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
ret, env.req_path);
break;
}
+#ifdef RTE_HAS_JANSSON
+ if (info.file_type == FIPS_TYPE_JSON) {
+ ret = fips_test_one_json_file();
+ json_decref(json_info.json_root);
+ } else {
+ ret = fips_test_one_file();
+ }
+#else /* RTE_HAS_JANSSON */
ret = fips_test_one_file();
+#endif /* RTE_HAS_JANSSON */
+
if (ret < 0) {
RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
ret, req_path);
fips_test_clear();
cryptodev_fips_validate_app_uninit();
+ /* clean up the EAL */
+ rte_eal_cleanup();
+
return ret;
}
#define IV_OFF (sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op))
#define CRYPTODEV_FIPS_MAX_RETRIES 16
-typedef int (*fips_test_one_case_t)(void);
-typedef int (*fips_prepare_op_t)(void);
-typedef int (*fips_prepare_xform_t)(struct rte_crypto_sym_xform *);
-
-struct fips_test_ops {
- fips_prepare_xform_t prepare_xform;
- fips_prepare_op_t prepare_op;
- fips_test_one_case_t test;
-} test_ops;
+struct fips_test_ops test_ops;
static int
-prepare_cipher_op(void)
+prepare_data_mbufs(struct fips_val *val)
{
- struct rte_crypto_sym_op *sym = env.op->sym;
- uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *, IV_OFF);
+ struct rte_mbuf *m, *head = 0;
+ uint8_t *src = val->val;
+ uint32_t total_len = val->len;
+ uint16_t nb_seg;
+ int ret = 0;
- __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
- rte_pktmbuf_reset(env.mbuf);
-
- sym->m_src = env.mbuf;
- sym->cipher.data.offset = 0;
+ rte_pktmbuf_free(env.mbuf);
- memcpy(iv, vec.iv.val, vec.iv.len);
+ if (total_len > RTE_MBUF_MAX_NB_SEGS) {
+ RTE_LOG(ERR, USER1, "Data len %u too big\n", total_len);
+ return -EPERM;
+ }
- if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
- uint8_t *pt;
+ nb_seg = total_len / env.mbuf_data_room;
+ if (total_len % env.mbuf_data_room)
+ nb_seg++;
- if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) {
- RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len);
- return -EPERM;
- }
+ m = rte_pktmbuf_alloc(env.mpool);
+ if (!m) {
+ RTE_LOG(ERR, USER1, "Error %i: Not enough mbuf\n",
+ -ENOMEM);
+ return -ENOMEM;
+ }
+ head = m;
- pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.pt.len);
+ while (nb_seg) {
+ uint16_t len = RTE_MIN(total_len, env.mbuf_data_room);
+ uint8_t *dst = (uint8_t *)rte_pktmbuf_append(m, len);
- if (!pt) {
+ if (!dst) {
RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
-ENOMEM);
- return -ENOMEM;
+ ret = -ENOMEM;
+ goto error_exit;
}
- memcpy(pt, vec.pt.val, vec.pt.len);
- sym->cipher.data.length = vec.pt.len;
-
- } else {
- uint8_t *ct;
+ memcpy(dst, src, len);
- if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) {
- RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len);
- return -EPERM;
+ if (head != m) {
+ ret = rte_pktmbuf_chain(head, m);
+ if (ret) {
+ rte_pktmbuf_free(m);
+ RTE_LOG(ERR, USER1, "Error %i: SGL build\n",
+ ret);
+ goto error_exit;
+ }
}
+ total_len -= len;
- ct = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.ct.len);
+ if (total_len) {
+ if (!env.dev_support_sgl) {
+ RTE_LOG(ERR, USER1, "SGL not supported\n");
+ ret = -EPERM;
+ goto error_exit;
+ }
- if (!ct) {
- RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
- -ENOMEM);
- return -ENOMEM;
- }
+ m = rte_pktmbuf_alloc(env.mpool);
+ if (!m) {
+ RTE_LOG(ERR, USER1, "Error %i: No memory\n",
+ -ENOMEM);
+ goto error_exit;
+ }
+ } else
+ break;
+
+ src += len;
+ nb_seg--;
+ }
+
+ if (total_len) {
+ RTE_LOG(ERR, USER1, "Error %i: Failed to store all data\n",
+ -ENOMEM);
+ goto error_exit;
+ }
+
+ env.mbuf = head;
+
+ return 0;
+
+error_exit:
+ rte_pktmbuf_free(head);
+ return ret;
+}
+
+static int
+prepare_cipher_op(void)
+{
+ struct rte_crypto_sym_op *sym = env.op->sym;
+ uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *, IV_OFF);
+ int ret;
+
+ __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+
+ memcpy(iv, vec.iv.val, vec.iv.len);
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ ret = prepare_data_mbufs(&vec.pt);
+ if (ret < 0)
+ return ret;
+
+ sym->cipher.data.length = vec.pt.len;
+ } else {
+ ret = prepare_data_mbufs(&vec.ct);
+ if (ret < 0)
+ return ret;
- memcpy(ct, vec.ct.val, vec.ct.len);
sym->cipher.data.length = vec.ct.len;
}
rte_crypto_op_attach_sym_session(env.op, env.sess);
+ sym->m_src = env.mbuf;
+ sym->cipher.data.offset = 0;
+
return 0;
}
-static int
+int
prepare_auth_op(void)
{
struct rte_crypto_sym_op *sym = env.op->sym;
+ int ret;
__rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
- rte_pktmbuf_reset(env.mbuf);
+
+ if (vec.iv.len) {
+ uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *,
+ IV_OFF);
+ memset(iv, 0, vec.iv.len);
+ if (vec.iv.val)
+ memcpy(iv, vec.iv.val, vec.iv.len);
+ }
+
+ ret = prepare_data_mbufs(&vec.pt);
+ if (ret < 0)
+ return ret;
+
+ rte_free(env.digest);
+
+ env.digest = rte_zmalloc(NULL, vec.cipher_auth.digest.len,
+ RTE_CACHE_LINE_SIZE);
+ if (!env.digest) {
+ RTE_LOG(ERR, USER1, "Not enough memory\n");
+ return -ENOMEM;
+ }
+ env.digest_len = vec.cipher_auth.digest.len;
sym->m_src = env.mbuf;
sym->auth.data.offset = 0;
+ sym->auth.data.length = vec.pt.len;
+ sym->auth.digest.data = env.digest;
+ sym->auth.digest.phys_addr = rte_malloc_virt2iova(env.digest);
- if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
- uint8_t *pt;
+ if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
+ memcpy(env.digest, vec.cipher_auth.digest.val,
+ vec.cipher_auth.digest.len);
- if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) {
- RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len);
- return -EPERM;
- }
+ rte_crypto_op_attach_sym_session(env.op, env.sess);
- pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.pt.len +
- vec.cipher_auth.digest.len);
+ return 0;
+}
- if (!pt) {
- RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
- -ENOMEM);
- return -ENOMEM;
- }
+int
+prepare_aead_op(void)
+{
+ struct rte_crypto_sym_op *sym = env.op->sym;
+ uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *, IV_OFF);
+ int ret;
- memcpy(pt, vec.pt.val, vec.pt.len);
- sym->auth.data.length = vec.pt.len;
- sym->auth.digest.data = pt + vec.pt.len;
- sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
- env.mbuf, vec.pt.len);
+ __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
- } else {
- uint8_t *ct;
+ if (info.algo == FIPS_TEST_ALGO_AES_CCM)
+ iv++;
- if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) {
- RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len);
- return -EPERM;
- }
+ if (vec.iv.val)
+ memcpy(iv, vec.iv.val, vec.iv.len);
+ else
+ /* if REQ file has iv length but not data, default as all 0 */
+ memset(iv, 0, vec.iv.len);
- ct = (uint8_t *)rte_pktmbuf_append(env.mbuf,
- vec.ct.len + vec.cipher_auth.digest.len);
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+ ret = prepare_data_mbufs(&vec.pt);
+ if (ret < 0)
+ return ret;
- if (!ct) {
- RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
- -ENOMEM);
+ rte_free(env.digest);
+ env.digest = rte_zmalloc(NULL, vec.aead.digest.len,
+ RTE_CACHE_LINE_SIZE);
+ if (!env.digest) {
+ RTE_LOG(ERR, USER1, "Not enough memory\n");
return -ENOMEM;
}
+ env.digest_len = vec.cipher_auth.digest.len;
+
+ sym->aead.data.length = vec.pt.len;
+ sym->aead.digest.data = env.digest;
+ sym->aead.digest.phys_addr = rte_malloc_virt2iova(env.digest);
+ } else {
+ ret = prepare_data_mbufs(&vec.ct);
+ if (ret < 0)
+ return ret;
- memcpy(ct, vec.ct.val, vec.ct.len);
- sym->auth.data.length = vec.ct.len;
- sym->auth.digest.data = vec.cipher_auth.digest.val;
- sym->auth.digest.phys_addr = rte_malloc_virt2iova(
- sym->auth.digest.data);
+ sym->aead.data.length = vec.ct.len;
+ sym->aead.digest.data = vec.aead.digest.val;
+ sym->aead.digest.phys_addr = rte_malloc_virt2iova(
+ sym->aead.digest.data);
}
+ sym->m_src = env.mbuf;
+ sym->aead.data.offset = 0;
+ sym->aead.aad.data = vec.aead.aad.val;
+ sym->aead.aad.phys_addr = rte_malloc_virt2iova(sym->aead.aad.data);
+
rte_crypto_op_attach_sym_session(env.op, env.sess);
+
+ return 0;
}
static int
xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_CBC;
+ if (info.interim_info.aes_data.cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC)
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_CBC;
+ else
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_ECB;
+
cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
RTE_CRYPTO_CIPHER_OP_ENCRYPT :
RTE_CRYPTO_CIPHER_OP_DECRYPT;
cipher_xform->key.data = vec.cipher_auth.key.val;
cipher_xform->key.length = vec.cipher_auth.key.len;
- cipher_xform->iv.length = vec.iv.len;
- cipher_xform->iv.offset = IV_OFF;
-
- cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_CBC;
+ if (cipher_xform->algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+ cipher_xform->iv.length = vec.iv.len;
+ cipher_xform->iv.offset = IV_OFF;
+ } else {
+ cipher_xform->iv.length = 0;
+ cipher_xform->iv.offset = 0;
+ }
+ cap_idx.algo.cipher = cipher_xform->algo;
cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_CBC;
+ if (info.interim_info.tdes_data.test_mode == TDES_MODE_CBC)
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_CBC;
+ else
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_ECB;
cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
RTE_CRYPTO_CIPHER_OP_ENCRYPT :
RTE_CRYPTO_CIPHER_OP_DECRYPT;
cipher_xform->key.data = vec.cipher_auth.key.val;
cipher_xform->key.length = vec.cipher_auth.key.len;
- cipher_xform->iv.length = vec.iv.len;
- cipher_xform->iv.offset = IV_OFF;
- cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_3DES_CBC;
+ if (cipher_xform->algo == RTE_CRYPTO_CIPHER_3DES_CBC) {
+ cipher_xform->iv.length = vec.iv.len;
+ cipher_xform->iv.offset = IV_OFF;
+ } else {
+ cipher_xform->iv.length = 0;
+ cipher_xform->iv.offset = 0;
+ }
+ cap_idx.algo.cipher = cipher_xform->algo;
cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
return 0;
}
-static void
-get_writeback_data(struct fips_val *val)
-{
- val->val = rte_pktmbuf_mtod(env.mbuf, uint8_t *);
- val->len = rte_pktmbuf_pkt_len(env.mbuf);
-}
-
-static int
-fips_run_test(void)
+int
+prepare_gcm_xform(struct rte_crypto_sym_xform *xform)
{
- struct rte_crypto_sym_xform xform = {0};
- uint16_t n_deqd;
- int ret;
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_aead_xform *aead_xform = &xform->aead;
- ret = test_ops.prepare_xform(&xform);
- if (ret < 0)
- return ret;
+ xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
- env.sess = rte_cryptodev_sym_session_create(env.mpool);
- if (!env.sess)
- return -ENOMEM;
+ aead_xform->algo = RTE_CRYPTO_AEAD_AES_GCM;
+ aead_xform->aad_length = vec.aead.aad.len;
+ aead_xform->digest_length = vec.aead.digest.len;
+ aead_xform->iv.offset = IV_OFF;
+ aead_xform->iv.length = vec.iv.len;
+ aead_xform->key.data = vec.aead.key.val;
+ aead_xform->key.length = vec.aead.key.len;
+ aead_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_AEAD_OP_ENCRYPT :
+ RTE_CRYPTO_AEAD_OP_DECRYPT;
- ret = rte_cryptodev_sym_session_init(env.dev_id,
- env.sess, &xform, env.mpool);
- if (ret < 0) {
- RTE_LOG(ERR, USER1, "Error %i: Init session\n",
- ret);
- return ret;
- }
+ cap_idx.algo.aead = aead_xform->algo;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
- ret = test_ops.prepare_op();
- if (ret < 0) {
- RTE_LOG(ERR, USER1, "Error %i: Prepare op\n",
- ret);
- return ret;
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
}
- if (rte_cryptodev_enqueue_burst(env.dev_id, 0, &env.op, 1) < 1) {
- RTE_LOG(ERR, USER1, "Error: Failed enqueue\n");
- return ret;
+ if (rte_cryptodev_sym_capability_check_aead(cap,
+ aead_xform->key.length,
+ aead_xform->digest_length, aead_xform->aad_length,
+ aead_xform->iv.length) != 0) {
+ RTE_LOG(ERR, USER1,
+ "PMD %s key_len %u tag_len %u aad_len %u iv_len %u\n",
+ info.device_name, aead_xform->key.length,
+ aead_xform->digest_length,
+ aead_xform->aad_length,
+ aead_xform->iv.length);
+ return -EPERM;
}
- do {
- struct rte_crypto_op *deqd_op;
+ return 0;
+}
- n_deqd = rte_cryptodev_dequeue_burst(env.dev_id, 0, &deqd_op,
+int
+prepare_gmac_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_auth_xform *auth_xform = &xform->auth;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ auth_xform->algo = RTE_CRYPTO_AUTH_AES_GMAC;
+ auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_AUTH_OP_GENERATE :
+ RTE_CRYPTO_AUTH_OP_VERIFY;
+ auth_xform->iv.offset = IV_OFF;
+ auth_xform->iv.length = vec.iv.len;
+ auth_xform->digest_length = vec.aead.digest.len;
+ auth_xform->key.data = vec.aead.key.val;
+ auth_xform->key.length = vec.aead.key.len;
+
+ cap_idx.algo.auth = auth_xform->algo;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_auth(cap,
+ auth_xform->key.length,
+ auth_xform->digest_length,
+ auth_xform->iv.length) != 0) {
+
+ RTE_LOG(ERR, USER1,
+ "PMD %s key length %u Digest length %u IV length %u\n",
+ info.device_name, auth_xform->key.length,
+ auth_xform->digest_length,
+ auth_xform->iv.length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
+static int
+prepare_cmac_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_auth_xform *auth_xform = &xform->auth;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ auth_xform->algo = RTE_CRYPTO_AUTH_AES_CMAC;
+ auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY;
+ auth_xform->digest_length = vec.cipher_auth.digest.len;
+ auth_xform->key.data = vec.cipher_auth.key.val;
+ auth_xform->key.length = vec.cipher_auth.key.len;
+
+ cap_idx.algo.auth = auth_xform->algo;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_auth(cap,
+ auth_xform->key.length,
+ auth_xform->digest_length, 0) != 0) {
+ RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+ info.device_name, auth_xform->key.length,
+ auth_xform->digest_length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
+static int
+prepare_ccm_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_aead_xform *aead_xform = &xform->aead;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
+
+ aead_xform->algo = RTE_CRYPTO_AEAD_AES_CCM;
+ aead_xform->aad_length = vec.aead.aad.len;
+ aead_xform->digest_length = vec.aead.digest.len;
+ aead_xform->iv.offset = IV_OFF;
+ aead_xform->iv.length = vec.iv.len;
+ aead_xform->key.data = vec.aead.key.val;
+ aead_xform->key.length = vec.aead.key.len;
+ aead_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_AEAD_OP_ENCRYPT :
+ RTE_CRYPTO_AEAD_OP_DECRYPT;
+
+ cap_idx.algo.aead = aead_xform->algo;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_aead(cap,
+ aead_xform->key.length,
+ aead_xform->digest_length, aead_xform->aad_length,
+ aead_xform->iv.length) != 0) {
+ RTE_LOG(ERR, USER1,
+ "PMD %s key_len %u tag_len %u aad_len %u iv_len %u\n",
+ info.device_name, aead_xform->key.length,
+ aead_xform->digest_length,
+ aead_xform->aad_length,
+ aead_xform->iv.length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
+static int
+prepare_sha_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_auth_xform *auth_xform = &xform->auth;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ auth_xform->algo = info.interim_info.sha_data.algo;
+ auth_xform->op = RTE_CRYPTO_AUTH_OP_GENERATE;
+ auth_xform->digest_length = vec.cipher_auth.digest.len;
+
+ cap_idx.algo.auth = auth_xform->algo;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_auth(cap,
+ auth_xform->key.length,
+ auth_xform->digest_length, 0) != 0) {
+ RTE_LOG(ERR, USER1, "PMD %s key length %u digest length %u\n",
+ info.device_name, auth_xform->key.length,
+ auth_xform->digest_length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
+static int
+prepare_xts_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_cipher_xform *cipher_xform = &xform->cipher;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+
+ cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_XTS;
+ cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_CIPHER_OP_ENCRYPT :
+ RTE_CRYPTO_CIPHER_OP_DECRYPT;
+ cipher_xform->key.data = vec.cipher_auth.key.val;
+ cipher_xform->key.length = vec.cipher_auth.key.len;
+ cipher_xform->iv.length = vec.iv.len;
+ cipher_xform->iv.offset = IV_OFF;
+
+ cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_XTS;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_cipher(cap,
+ cipher_xform->key.length,
+ cipher_xform->iv.length) != 0) {
+ RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+ info.device_name, cipher_xform->key.length,
+ cipher_xform->iv.length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
+static int
+get_writeback_data(struct fips_val *val)
+{
+ struct rte_mbuf *m = env.mbuf;
+ uint16_t data_len = rte_pktmbuf_pkt_len(m);
+ uint16_t total_len = data_len + env.digest_len;
+ uint8_t *src, *dst, *wb_data;
+
+ /* in case val is reused for MCT test, try to free the buffer first */
+ if (val->val) {
+ free(val->val);
+ val->val = NULL;
+ }
+
+ wb_data = dst = calloc(1, total_len);
+ if (!dst) {
+ RTE_LOG(ERR, USER1, "Error %i: Not enough memory\n", -ENOMEM);
+ return -ENOMEM;
+ }
+
+ while (m && data_len) {
+ uint16_t seg_len = RTE_MIN(rte_pktmbuf_data_len(m), data_len);
+
+ src = rte_pktmbuf_mtod(m, uint8_t *);
+ memcpy(dst, src, seg_len);
+ m = m->next;
+ data_len -= seg_len;
+ dst += seg_len;
+ }
+
+ if (data_len) {
+ RTE_LOG(ERR, USER1, "Error -1: write back data\n");
+ free(wb_data);
+ return -1;
+ }
+
+ if (env.digest)
+ memcpy(dst, env.digest, env.digest_len);
+
+ val->val = wb_data;
+ val->len = total_len;
+
+ return 0;
+}
+
+static int
+fips_run_test(void)
+{
+ struct rte_crypto_sym_xform xform = {0};
+ uint16_t n_deqd;
+ int ret;
+
+ ret = test_ops.prepare_xform(&xform);
+ if (ret < 0)
+ return ret;
+
+ env.sess = rte_cryptodev_sym_session_create(env.sess_mpool);
+ if (!env.sess)
+ return -ENOMEM;
+
+ ret = rte_cryptodev_sym_session_init(env.dev_id,
+ env.sess, &xform, env.sess_priv_mpool);
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1, "Error %i: Init session\n",
+ ret);
+ goto exit;
+ }
+
+ ret = test_ops.prepare_op();
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1, "Error %i: Prepare op\n",
+ ret);
+ goto exit;
+ }
+
+ if (rte_cryptodev_enqueue_burst(env.dev_id, 0, &env.op, 1) < 1) {
+ RTE_LOG(ERR, USER1, "Error: Failed enqueue\n");
+ ret = -1;
+ goto exit;
+ }
+
+ do {
+ struct rte_crypto_op *deqd_op;
+
+ n_deqd = rte_cryptodev_dequeue_burst(env.dev_id, 0, &deqd_op,
1);
} while (n_deqd == 0);
vec.status = env.op->status;
+exit:
rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
rte_cryptodev_sym_session_free(env.sess);
env.sess = NULL;
static int
fips_generic_test(void)
{
- struct fips_val val;
+ struct fips_val val = {NULL, 0};
int ret;
- fips_test_write_one_case();
+ if (info.file_type != FIPS_TYPE_JSON)
+ fips_test_write_one_case();
ret = fips_run_test();
if (ret < 0) {
- if (ret == -EPERM) {
+ if (ret == -EPERM || ret == -ENOTSUP) {
+ if (info.file_type == FIPS_TYPE_JSON)
+ return ret;
+
fprintf(info.fp_wr, "Bypass\n\n");
return 0;
}
return ret;
}
- get_writeback_data(&val);
+ ret = get_writeback_data(&val);
+ if (ret < 0)
+ return ret;
switch (info.file_type) {
case FIPS_TYPE_REQ:
case FIPS_TYPE_RSP:
+ case FIPS_TYPE_JSON:
if (info.parse_writeback == NULL)
return -EPERM;
ret = info.parse_writeback(&val);
if (ret < 0)
return ret;
break;
+ default:
+ break;
}
- fprintf(info.fp_wr, "\n");
+ if (info.file_type != FIPS_TYPE_JSON)
+ fprintf(info.fp_wr, "\n");
+ free(val.val);
return 0;
}
#define TDES_BLOCK_SIZE 8
#define TDES_EXTERN_ITER 400
#define TDES_INTERN_ITER 10000
- struct fips_val val, val_key;
- uint8_t prev_out[TDES_BLOCK_SIZE];
- uint8_t prev_prev_out[TDES_BLOCK_SIZE];
- uint8_t prev_in[TDES_BLOCK_SIZE];
+ struct fips_val val = {NULL, 0}, val_key;
+ uint8_t prev_out[TDES_BLOCK_SIZE] = {0};
+ uint8_t prev_prev_out[TDES_BLOCK_SIZE] = {0};
+ uint8_t prev_in[TDES_BLOCK_SIZE] = {0};
uint32_t i, j, k;
int ret;
+ int test_mode = info.interim_info.tdes_data.test_mode;
for (i = 0; i < TDES_EXTERN_ITER; i++) {
+ if ((i == 0) && (info.version == 21.4f)) {
+ if (!(strstr(info.vec[0], "COUNT")))
+ fprintf(info.fp_wr, "%s%u\n", "COUNT = ", 0);
+ }
+
if (i != 0)
update_info_vec(i);
ret = fips_run_test();
if (ret < 0) {
if (ret == -EPERM) {
+ if (info.file_type == FIPS_TYPE_JSON)
+ return ret;
+
fprintf(info.fp_wr, "Bypass\n");
return 0;
}
-
return ret;
}
- get_writeback_data(&val);
+ ret = get_writeback_data(&val);
+ if (ret < 0)
+ return ret;
if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
memcpy(prev_in, vec.ct.val, TDES_BLOCK_SIZE);
memcpy(prev_out, val.val, TDES_BLOCK_SIZE);
if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
- memcpy(vec.pt.val, vec.iv.val,
- TDES_BLOCK_SIZE);
- memcpy(vec.iv.val, val.val,
- TDES_BLOCK_SIZE);
+ if (test_mode == TDES_MODE_ECB) {
+ memcpy(vec.pt.val, val.val,
+ TDES_BLOCK_SIZE);
+ } else {
+ memcpy(vec.pt.val, vec.iv.val,
+ TDES_BLOCK_SIZE);
+ memcpy(vec.iv.val, val.val,
+ TDES_BLOCK_SIZE);
+ }
+
} else {
- memcpy(vec.iv.val, vec.ct.val,
- TDES_BLOCK_SIZE);
- memcpy(vec.ct.val, val.val,
- TDES_BLOCK_SIZE);
+ if (test_mode == TDES_MODE_ECB) {
+ memcpy(vec.ct.val, val.val,
+ TDES_BLOCK_SIZE);
+ } else {
+ memcpy(vec.iv.val, vec.ct.val,
+ TDES_BLOCK_SIZE);
+ memcpy(vec.ct.val, val.val,
+ TDES_BLOCK_SIZE);
+ }
}
continue;
}
if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
- memcpy(vec.iv.val, val.val, TDES_BLOCK_SIZE);
- memcpy(vec.pt.val, prev_out, TDES_BLOCK_SIZE);
+ if (test_mode == TDES_MODE_ECB) {
+ memcpy(vec.pt.val, val.val,
+ TDES_BLOCK_SIZE);
+ } else {
+ memcpy(vec.iv.val, val.val,
+ TDES_BLOCK_SIZE);
+ memcpy(vec.pt.val, prev_out,
+ TDES_BLOCK_SIZE);
+ }
} else {
- memcpy(vec.iv.val, vec.ct.val, TDES_BLOCK_SIZE);
- memcpy(vec.ct.val, val.val, TDES_BLOCK_SIZE);
+ if (test_mode == TDES_MODE_ECB) {
+ memcpy(vec.ct.val, val.val,
+ TDES_BLOCK_SIZE);
+ } else {
+ memcpy(vec.iv.val, vec.ct.val,
+ TDES_BLOCK_SIZE);
+ memcpy(vec.ct.val, val.val,
+ TDES_BLOCK_SIZE);
+ }
}
if (j == TDES_INTERN_ITER - 1)
val_key.val[k] : (val_key.val[k] ^ 0x1);
if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
- memcpy(vec.iv.val, val.val, TDES_BLOCK_SIZE);
- memcpy(vec.pt.val, prev_out, TDES_BLOCK_SIZE);
+ if (test_mode == TDES_MODE_ECB) {
+ memcpy(vec.pt.val, val.val, TDES_BLOCK_SIZE);
+ } else {
+ memcpy(vec.iv.val, val.val, TDES_BLOCK_SIZE);
+ memcpy(vec.pt.val, prev_out, TDES_BLOCK_SIZE);
+ }
} else {
- memcpy(vec.iv.val, prev_out, TDES_BLOCK_SIZE);
- memcpy(vec.ct.val, val.val, TDES_BLOCK_SIZE);
+ if (test_mode == TDES_MODE_ECB) {
+ memcpy(vec.ct.val, val.val, TDES_BLOCK_SIZE);
+ } else {
+ memcpy(vec.iv.val, prev_out, TDES_BLOCK_SIZE);
+ memcpy(vec.ct.val, val.val, TDES_BLOCK_SIZE);
+ }
}
}
+ free(val.val);
+
return 0;
}
static int
-fips_mct_aes_test(void)
+fips_mct_aes_ecb_test(void)
{
#define AES_BLOCK_SIZE 16
#define AES_EXTERN_ITER 100
#define AES_INTERN_ITER 1000
- struct fips_val val, val_key;
+ struct fips_val val = {NULL, 0}, val_key;
uint8_t prev_out[AES_BLOCK_SIZE] = {0};
- uint8_t prev_in[AES_BLOCK_SIZE] = {0};
uint32_t i, j, k;
int ret;
ret = fips_run_test();
if (ret < 0) {
if (ret == -EPERM) {
+ if (info.file_type == FIPS_TYPE_JSON)
+ return ret;
+
+ fprintf(info.fp_wr, "Bypass\n");
+ return 0;
+ }
+
+ return ret;
+ }
+
+ ret = get_writeback_data(&val);
+ if (ret < 0)
+ return ret;
+
+ if (info.op == FIPS_TEST_ENC_AUTH_GEN)
+ memcpy(vec.pt.val, val.val, AES_BLOCK_SIZE);
+ else
+ memcpy(vec.ct.val, val.val, AES_BLOCK_SIZE);
+
+ if (j == AES_INTERN_ITER - 1)
+ continue;
+
+ memcpy(prev_out, val.val, AES_BLOCK_SIZE);
+ }
+
+ info.parse_writeback(&val);
+ fprintf(info.fp_wr, "\n");
+
+ if (i == AES_EXTERN_ITER - 1)
+ continue;
+
+ /** update key */
+ memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key));
+ for (k = 0; k < vec.cipher_auth.key.len; k++) {
+ switch (vec.cipher_auth.key.len) {
+ case 16:
+ val_key.val[k] ^= val.val[k];
+ break;
+ case 24:
+ if (k < 8)
+ val_key.val[k] ^= prev_out[k + 8];
+ else
+ val_key.val[k] ^= val.val[k - 8];
+ break;
+ case 32:
+ if (k < 16)
+ val_key.val[k] ^= prev_out[k];
+ else
+ val_key.val[k] ^= val.val[k - 16];
+ break;
+ default:
+ return -1;
+ }
+ }
+ }
+
+ free(val.val);
+
+ return 0;
+}
+static int
+fips_mct_aes_test(void)
+{
+#define AES_BLOCK_SIZE 16
+#define AES_EXTERN_ITER 100
+#define AES_INTERN_ITER 1000
+ struct fips_val val[3] = {{NULL, 0},}, val_key, pt, ct, iv;
+ uint8_t prev_out[AES_BLOCK_SIZE] = {0};
+ uint8_t prev_in[AES_BLOCK_SIZE] = {0};
+ uint32_t i, j, k;
+ int ret;
+
+ if (info.interim_info.aes_data.cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB)
+ return fips_mct_aes_ecb_test();
+
+ memset(&pt, 0, sizeof(struct fips_val));
+ memset(&ct, 0, sizeof(struct fips_val));
+ memset(&iv, 0, sizeof(struct fips_val));
+ for (i = 0; i < AES_EXTERN_ITER; i++) {
+ if (info.file_type != FIPS_TYPE_JSON) {
+ if (i != 0)
+ update_info_vec(i);
+
+ fips_test_write_one_case();
+ }
+
+ for (j = 0; j < AES_INTERN_ITER; j++) {
+ ret = fips_run_test();
+ if (ret < 0) {
+ if (ret == -EPERM) {
+ if (info.file_type == FIPS_TYPE_JSON)
+ return ret;
+
fprintf(info.fp_wr, "Bypass\n");
return 0;
}
return ret;
}
- get_writeback_data(&val);
+ ret = get_writeback_data(&val[0]);
+ if (ret < 0)
+ return ret;
if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
memcpy(prev_in, vec.ct.val, AES_BLOCK_SIZE);
if (j == 0) {
- memcpy(prev_out, val.val, AES_BLOCK_SIZE);
+ memcpy(prev_out, val[0].val, AES_BLOCK_SIZE);
+ pt.len = vec.pt.len;
+ pt.val = calloc(1, pt.len);
+ memcpy(pt.val, vec.pt.val, pt.len);
+
+ ct.len = vec.ct.len;
+ ct.val = calloc(1, ct.len);
+ memcpy(ct.val, vec.ct.val, ct.len);
+
+ iv.len = vec.iv.len;
+ iv.val = calloc(1, iv.len);
+ memcpy(iv.val, vec.iv.val, iv.len);
if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
- memcpy(vec.pt.val, vec.iv.val,
- AES_BLOCK_SIZE);
- memcpy(vec.iv.val, val.val,
- AES_BLOCK_SIZE);
+ memcpy(vec.pt.val, vec.iv.val, AES_BLOCK_SIZE);
+ memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
+ val[1].val = pt.val;
+ val[1].len = pt.len;
+ val[2].val = iv.val;
+ val[2].len = iv.len;
} else {
- memcpy(vec.ct.val, vec.iv.val,
- AES_BLOCK_SIZE);
- memcpy(vec.iv.val, prev_in,
- AES_BLOCK_SIZE);
+ memcpy(vec.ct.val, vec.iv.val, AES_BLOCK_SIZE);
+ memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE);
+ val[1].val = ct.val;
+ val[1].len = ct.len;
+ val[2].val = iv.val;
+ val[2].len = iv.len;
}
continue;
}
if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
- memcpy(vec.iv.val, val.val, AES_BLOCK_SIZE);
+ memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
memcpy(vec.pt.val, prev_out, AES_BLOCK_SIZE);
} else {
memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE);
if (j == AES_INTERN_ITER - 1)
continue;
- memcpy(prev_out, val.val, AES_BLOCK_SIZE);
+ memcpy(prev_out, val[0].val, AES_BLOCK_SIZE);
}
- info.parse_writeback(&val);
- fprintf(info.fp_wr, "\n");
+ info.parse_writeback(val);
+ if (info.file_type != FIPS_TYPE_JSON)
+ fprintf(info.fp_wr, "\n");
- if (i == AES_EXTERN_ITER - 1)
+ if (i == AES_EXTERN_ITER - 1) {
+ free(pt.val);
+ free(ct.val);
+ free(iv.val);
continue;
+ }
/** update key */
memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key));
for (k = 0; k < vec.cipher_auth.key.len; k++) {
switch (vec.cipher_auth.key.len) {
case 16:
- val_key.val[k] ^= val.val[k];
+ val_key.val[k] ^= val[0].val[k];
break;
case 24:
if (k < 8)
val_key.val[k] ^= prev_out[k + 8];
else
- val_key.val[k] ^= val.val[k - 8];
+ val_key.val[k] ^= val[0].val[k - 8];
break;
case 32:
if (k < 16)
val_key.val[k] ^= prev_out[k];
else
- val_key.val[k] ^= val.val[k - 16];
+ val_key.val[k] ^= val[0].val[k - 16];
break;
default:
return -1;
}
if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
- memcpy(vec.iv.val, val.val, AES_BLOCK_SIZE);
+ memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
}
+ free(val[0].val);
+
return 0;
}
+static int
+fips_mct_sha_test(void)
+{
+#define SHA_EXTERN_ITER 100
+#define SHA_INTERN_ITER 1000
+#define SHA_MD_BLOCK 3
+ struct fips_val val = {NULL, 0}, md[SHA_MD_BLOCK];
+ char temp[MAX_DIGEST_SIZE*2];
+ int ret;
+ uint32_t i, j;
+
+ for (i = 0; i < SHA_MD_BLOCK; i++)
+ md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
+
+ rte_free(vec.pt.val);
+ vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
+
+ fips_test_write_one_case();
+ fprintf(info.fp_wr, "\n");
+
+ for (j = 0; j < SHA_EXTERN_ITER; j++) {
+
+ memcpy(md[0].val, vec.cipher_auth.digest.val,
+ vec.cipher_auth.digest.len);
+ md[0].len = vec.cipher_auth.digest.len;
+ memcpy(md[1].val, vec.cipher_auth.digest.val,
+ vec.cipher_auth.digest.len);
+ md[1].len = vec.cipher_auth.digest.len;
+ memcpy(md[2].val, vec.cipher_auth.digest.val,
+ vec.cipher_auth.digest.len);
+ md[2].len = vec.cipher_auth.digest.len;
+
+ for (i = 0; i < (SHA_INTERN_ITER); i++) {
+
+ memcpy(vec.pt.val, md[0].val,
+ (size_t)md[0].len);
+ memcpy((vec.pt.val + md[0].len), md[1].val,
+ (size_t)md[1].len);
+ memcpy((vec.pt.val + md[0].len + md[1].len),
+ md[2].val,
+ (size_t)md[2].len);
+ vec.pt.len = md[0].len + md[1].len + md[2].len;
+
+ ret = fips_run_test();
+ if (ret < 0) {
+ if (ret == -EPERM || ret == -ENOTSUP) {
+ if (info.file_type == FIPS_TYPE_JSON)
+ return ret;
+
+ fprintf(info.fp_wr, "Bypass\n\n");
+ return 0;
+ }
+ return ret;
+ }
+
+ ret = get_writeback_data(&val);
+ if (ret < 0)
+ return ret;
+
+ memcpy(md[0].val, md[1].val, md[1].len);
+ md[0].len = md[1].len;
+ memcpy(md[1].val, md[2].val, md[2].len);
+ md[1].len = md[2].len;
+
+ memcpy(md[2].val, (val.val + vec.pt.len),
+ vec.cipher_auth.digest.len);
+ md[2].len = vec.cipher_auth.digest.len;
+ }
+
+ memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
+ vec.cipher_auth.digest.len = md[2].len;
+
+ fprintf(info.fp_wr, "COUNT = %u\n", j);
+
+ writeback_hex_str("", temp, &vec.cipher_auth.digest);
+
+ fprintf(info.fp_wr, "MD = %s\n\n", temp);
+ }
+
+ for (i = 0; i < (SHA_MD_BLOCK); i++)
+ rte_free(md[i].val);
+
+ rte_free(vec.pt.val);
+
+ free(val.val);
+
+ return 0;
+}
+
+
static int
init_test_ops(void)
{
else
test_ops.test = fips_generic_test;
break;
-
+ case FIPS_TEST_ALGO_AES_GCM:
+ test_ops.prepare_op = prepare_aead_op;
+ test_ops.prepare_xform = prepare_gcm_xform;
+ test_ops.test = fips_generic_test;
+ break;
+ case FIPS_TEST_ALGO_AES_CMAC:
+ test_ops.prepare_op = prepare_auth_op;
+ test_ops.prepare_xform = prepare_cmac_xform;
+ test_ops.test = fips_generic_test;
+ break;
+ case FIPS_TEST_ALGO_AES_CCM:
+ test_ops.prepare_op = prepare_aead_op;
+ test_ops.prepare_xform = prepare_ccm_xform;
+ test_ops.test = fips_generic_test;
+ break;
+ case FIPS_TEST_ALGO_SHA:
+ test_ops.prepare_op = prepare_auth_op;
+ test_ops.prepare_xform = prepare_sha_xform;
+ if (info.interim_info.sha_data.test_type == SHA_MCT)
+ test_ops.test = fips_mct_sha_test;
+ else
+ test_ops.test = fips_generic_test;
+ break;
+ case FIPS_TEST_ALGO_AES_XTS:
+ test_ops.prepare_op = prepare_cipher_op;
+ test_ops.prepare_xform = prepare_xts_xform;
+ test_ops.test = fips_generic_test;
+ break;
default:
+ if (strstr(info.file_name, "TECB") ||
+ strstr(info.file_name, "TCBC")) {
+ info.algo = FIPS_TEST_ALGO_TDES;
+ test_ops.prepare_op = prepare_cipher_op;
+ test_ops.prepare_xform = prepare_tdes_xform;
+ if (info.interim_info.tdes_data.test_type == TDES_MCT)
+ test_ops.test = fips_mct_tdes_test;
+ else
+ test_ops.test = fips_generic_test;
+ break;
+ }
return -1;
}
{
int fetch_ret = 0, ret;
-
ret = init_test_ops();
if (ret < 0) {
RTE_LOG(ERR, USER1, "Error %i: Init test op\n", ret);
fips_test_clear();
+ if (env.digest) {
+ rte_free(env.digest);
+ env.digest = NULL;
+ }
+ rte_pktmbuf_free(env.mbuf);
+
return ret;
+}
+
+#ifdef RTE_HAS_JANSSON
+static int
+fips_test_json_init_writeback(void)
+{
+ json_t *session_info, *session_write;
+ session_info = json_array_get(json_info.json_root, 0);
+ session_write = json_object();
+ json_info.json_write_root = json_array();
+
+ json_object_set(session_write, "jwt",
+ json_object_get(session_info, "jwt"));
+ json_object_set(session_write, "url",
+ json_object_get(session_info, "url"));
+ json_object_set(session_write, "isSample",
+ json_object_get(session_info, "isSample"));
+
+ json_info.is_sample = json_boolean_value(
+ json_object_get(session_info, "isSample"));
+
+ json_array_append_new(json_info.json_write_root, session_write);
+ return 0;
+}
+static int
+fips_test_one_test_case(void)
+{
+ int ret;
+
+ ret = fips_test_parse_one_json_case();
+
+ switch (ret) {
+ case 0:
+ ret = test_ops.test();
+ if ((ret == 0) || (ret == -EPERM || ret == -ENOTSUP))
+ break;
+ RTE_LOG(ERR, USER1, "Error %i: test block\n",
+ ret);
+ break;
+ default:
+ RTE_LOG(ERR, USER1, "Error %i: Parse block\n",
+ ret);
+ }
+ return ret;
+}
+
+static int
+fips_test_one_test_group(void)
+{
+ int ret;
+ json_t *tests, *write_tests;
+ size_t test_idx, tests_size;
+
+ write_tests = json_array();
+ json_info.json_write_group = json_object();
+ json_object_set(json_info.json_write_group, "tgId",
+ json_object_get(json_info.json_test_group, "tgId"));
+ json_object_set_new(json_info.json_write_group, "tests", write_tests);
+
+ switch (info.algo) {
+ case FIPS_TEST_ALGO_AES_GCM:
+ ret = parse_test_gcm_json_init();
+ break;
+ case FIPS_TEST_ALGO_HMAC:
+ ret = parse_test_hmac_json_init();
+ break;
+ case FIPS_TEST_ALGO_AES_CMAC:
+ ret = parse_test_cmac_json_init();
+ break;
+ case FIPS_TEST_ALGO_AES:
+ ret = parse_test_aes_json_init();
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ if (ret < 0)
+ return ret;
+
+ ret = fips_test_parse_one_json_group();
+ if (ret < 0)
+ return ret;
+
+ ret = init_test_ops();
+ if (ret < 0)
+ return ret;
+
+ tests = json_object_get(json_info.json_test_group, "tests");
+ tests_size = json_array_size(tests);
+ for (test_idx = 0; test_idx < tests_size; test_idx++) {
+ json_info.json_test_case = json_array_get(tests, test_idx);
+ if (fips_test_one_test_case() == 0)
+ json_array_append_new(write_tests, json_info.json_write_case);
+ }
+
+ return 0;
+}
+
+static int
+fips_test_one_vector_set(void)
+{
+ int ret;
+ json_t *test_groups, *write_groups, *write_version, *write_set;
+ size_t group_idx, num_groups;
+
+ test_groups = json_object_get(json_info.json_vector_set, "testGroups");
+ num_groups = json_array_size(test_groups);
+
+ json_info.json_write_set = json_array();
+ write_version = json_object();
+ json_object_set_new(write_version, "acvVersion", json_string(ACVVERSION));
+ json_array_append_new(json_info.json_write_set, write_version);
+
+ write_set = json_object();
+ json_array_append(json_info.json_write_set, write_set);
+ write_groups = json_array();
+
+ json_object_set(write_set, "vsId",
+ json_object_get(json_info.json_vector_set, "vsId"));
+ json_object_set(write_set, "algorithm",
+ json_object_get(json_info.json_vector_set, "algorithm"));
+ json_object_set(write_set, "revision",
+ json_object_get(json_info.json_vector_set, "revision"));
+ json_object_set_new(write_set, "isSample",
+ json_boolean(json_info.is_sample));
+ json_object_set_new(write_set, "testGroups", write_groups);
+
+ ret = fips_test_parse_one_json_vector_set();
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1, "Error: Unsupported or invalid vector set algorithm: %s\n",
+ json_string_value(json_object_get(json_info.json_vector_set, "algorithm")));
+ return ret;
+ }
+
+ for (group_idx = 0; group_idx < num_groups; group_idx++) {
+ json_info.json_test_group = json_array_get(test_groups, group_idx);
+ ret = fips_test_one_test_group();
+ json_array_append_new(write_groups, json_info.json_write_group);
+ }
+
+ return 0;
+}
+
+static int
+fips_test_one_json_file(void)
+{
+ size_t vector_set_idx, root_size;
+
+ root_size = json_array_size(json_info.json_root);
+ fips_test_json_init_writeback();
+
+ for (vector_set_idx = 1; vector_set_idx < root_size; vector_set_idx++) {
+ /* Vector set index starts at 1, the 0th index contains test session
+ * information.
+ */
+ json_info.json_vector_set = json_array_get(json_info.json_root, vector_set_idx);
+ fips_test_one_vector_set();
+ json_array_append_new(json_info.json_write_root, json_info.json_write_set);
+ }
+
+ json_dumpf(json_info.json_write_root, info.fp_wr, JSON_INDENT(4));
+ json_decref(json_info.json_write_root);
+
+ return 0;
}
+#endif /* RTE_HAS_JANSSON */