#include "fips_validation.h"
#include "fips_dev_self_test.h"
-#define REQ_FILE_PATH_KEYWORD "req-file"
-#define RSP_FILE_PATH_KEYWORD "rsp-file"
-#define MBUF_DATAROOM_KEYWORD "mbuf-dataroom"
-#define FOLDER_KEYWORD "path-is-folder"
-#define CRYPTODEV_KEYWORD "cryptodev"
-#define CRYPTODEV_ID_KEYWORD "cryptodev-id"
-#define CRYPTODEV_ST_KEYWORD "self-test"
-#define CRYPTODEV_BK_ID_KEYWORD "broken-test-id"
-#define CRYPTODEV_BK_DIR_KEY "broken-test-dir"
-#define CRYPTODEV_ENC_KEYWORD "enc"
-#define CRYPTODEV_DEC_KEYWORD "dec"
+enum {
+#define OPT_REQ_FILE_PATH "req-file"
+ OPT_REQ_FILE_PATH_NUM = 256,
+#define OPT_RSP_FILE_PATH "rsp-file"
+ OPT_RSP_FILE_PATH_NUM,
+#define OPT_MBUF_DATAROOM "mbuf-dataroom"
+ OPT_MBUF_DATAROOM_NUM,
+#define OPT_FOLDER "path-is-folder"
+ OPT_FOLDER_NUM,
+#define OPT_CRYPTODEV "cryptodev"
+ OPT_CRYPTODEV_NUM,
+#define OPT_CRYPTODEV_ID "cryptodev-id"
+ OPT_CRYPTODEV_ID_NUM,
+#define OPT_CRYPTODEV_ST "self-test"
+ OPT_CRYPTODEV_ST_NUM,
+#define OPT_CRYPTODEV_BK_ID "broken-test-id"
+ OPT_CRYPTODEV_BK_ID_NUM,
+#define OPT_CRYPTODEV_BK_DIR_KEY "broken-test-dir"
+ OPT_CRYPTODEV_BK_DIR_KEY_NUM,
+};
struct fips_test_vector vec;
struct fips_test_interim_info info;
" --%s: self test indicator\n"
" --%s: self broken test ID\n"
" --%s: self broken test direction\n",
- prgname, REQ_FILE_PATH_KEYWORD, RSP_FILE_PATH_KEYWORD,
- FOLDER_KEYWORD, MBUF_DATAROOM_KEYWORD, def_mbuf_seg_size,
- CRYPTODEV_KEYWORD, CRYPTODEV_ID_KEYWORD, CRYPTODEV_ST_KEYWORD,
- CRYPTODEV_BK_ID_KEYWORD, CRYPTODEV_BK_DIR_KEY);
+ prgname, OPT_REQ_FILE_PATH, OPT_RSP_FILE_PATH,
+ OPT_FOLDER, OPT_MBUF_DATAROOM, def_mbuf_seg_size,
+ OPT_CRYPTODEV, OPT_CRYPTODEV_ID, OPT_CRYPTODEV_ST,
+ OPT_CRYPTODEV_BK_ID, OPT_CRYPTODEV_BK_DIR_KEY);
}
static int
char **argvopt;
int option_index;
struct option lgopts[] = {
- {REQ_FILE_PATH_KEYWORD, required_argument, 0, 0},
- {RSP_FILE_PATH_KEYWORD, required_argument, 0, 0},
- {FOLDER_KEYWORD, no_argument, 0, 0},
- {MBUF_DATAROOM_KEYWORD, required_argument, 0, 0},
- {CRYPTODEV_KEYWORD, required_argument, 0, 0},
- {CRYPTODEV_ID_KEYWORD, required_argument, 0, 0},
- {CRYPTODEV_ST_KEYWORD, no_argument, 0, 0},
- {CRYPTODEV_BK_ID_KEYWORD, required_argument, 0, 0},
- {CRYPTODEV_BK_DIR_KEY, required_argument, 0, 0},
- {NULL, 0, 0, 0}
+ {OPT_REQ_FILE_PATH, required_argument,
+ NULL, OPT_REQ_FILE_PATH_NUM},
+ {OPT_RSP_FILE_PATH, required_argument,
+ NULL, OPT_RSP_FILE_PATH_NUM},
+ {OPT_FOLDER, no_argument,
+ NULL, OPT_FOLDER_NUM},
+ {OPT_MBUF_DATAROOM, required_argument,
+ NULL, OPT_MBUF_DATAROOM_NUM},
+ {OPT_CRYPTODEV, required_argument,
+ NULL, OPT_CRYPTODEV_NUM},
+ {OPT_CRYPTODEV_ID, required_argument,
+ NULL, OPT_CRYPTODEV_ID_NUM},
+ {OPT_CRYPTODEV_ST, no_argument,
+ NULL, OPT_CRYPTODEV_ST_NUM},
+ {OPT_CRYPTODEV_BK_ID, required_argument,
+ NULL, OPT_CRYPTODEV_BK_ID_NUM},
+ {OPT_CRYPTODEV_BK_DIR_KEY, required_argument,
+ NULL, OPT_CRYPTODEV_BK_DIR_KEY_NUM},
+ {NULL, 0, 0, 0}
};
argvopt = argv;
lgopts, &option_index)) != EOF) {
switch (opt) {
- case 0:
- if (strcmp(lgopts[option_index].name,
- REQ_FILE_PATH_KEYWORD) == 0)
- env.req_path = optarg;
- else if (strcmp(lgopts[option_index].name,
- RSP_FILE_PATH_KEYWORD) == 0)
- env.rsp_path = optarg;
- else if (strcmp(lgopts[option_index].name,
- FOLDER_KEYWORD) == 0)
- env.is_path_folder = 1;
- else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_KEYWORD) == 0) {
- ret = parse_cryptodev_arg(optarg);
- if (ret < 0) {
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
- } else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_ID_KEYWORD) == 0) {
- ret = parse_cryptodev_id_arg(optarg);
- if (ret < 0) {
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
- } else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_ST_KEYWORD) == 0) {
- env.self_test = 1;
- } else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_BK_ID_KEYWORD) == 0) {
- if (!env.broken_test_config) {
- env.broken_test_config = rte_malloc(
- NULL,
- sizeof(*env.broken_test_config),
- 0);
- if (!env.broken_test_config)
- return -ENOMEM;
-
- env.broken_test_config->expect_fail_dir =
- self_test_dir_enc_auth_gen;
- }
+ case OPT_REQ_FILE_PATH_NUM:
+ env.req_path = optarg;
+ break;
- if (parser_read_uint32(
- &env.broken_test_config->expect_fail_test_idx,
- optarg) < 0) {
- rte_free(env.broken_test_config);
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
- } else if (strcmp(lgopts[option_index].name,
- CRYPTODEV_BK_DIR_KEY) == 0) {
- if (!env.broken_test_config) {
- env.broken_test_config = rte_malloc(
- NULL,
- sizeof(*env.broken_test_config),
- 0);
- if (!env.broken_test_config)
- return -ENOMEM;
-
- env.broken_test_config->
- expect_fail_test_idx = 0;
- }
+ case OPT_RSP_FILE_PATH_NUM:
+ env.rsp_path = optarg;
+ break;
- if (strcmp(optarg, CRYPTODEV_ENC_KEYWORD) == 0)
- env.broken_test_config->expect_fail_dir =
- self_test_dir_enc_auth_gen;
- else if (strcmp(optarg, CRYPTODEV_DEC_KEYWORD)
- == 0)
- env.broken_test_config->expect_fail_dir =
- self_test_dir_dec_auth_verify;
- else {
- rte_free(env.broken_test_config);
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
- } else if (strcmp(lgopts[option_index].name,
- MBUF_DATAROOM_KEYWORD) == 0) {
- uint32_t data_room_size;
-
- if (parser_read_uint32(&data_room_size,
- optarg) < 0) {
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
+ case OPT_FOLDER_NUM:
+ env.is_path_folder = 1;
+ break;
- if (data_room_size == 0 ||
- data_room_size > UINT16_MAX) {
- cryptodev_fips_validate_usage(prgname);
- return -EINVAL;
- }
+ case OPT_CRYPTODEV_NUM:
+ ret = parse_cryptodev_arg(optarg);
+ if (ret < 0) {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
- env.mbuf_data_room = data_room_size;
- } else {
+ case OPT_CRYPTODEV_ID_NUM:
+ ret = parse_cryptodev_id_arg(optarg);
+ if (ret < 0) {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
+
+ case OPT_CRYPTODEV_ST_NUM:
+ env.self_test = 1;
+ break;
+
+ case OPT_CRYPTODEV_BK_ID_NUM:
+ if (!env.broken_test_config) {
+ env.broken_test_config = rte_malloc(
+ NULL,
+ sizeof(*env.broken_test_config),
+ 0);
+ if (!env.broken_test_config)
+ return -ENOMEM;
+
+ env.broken_test_config->expect_fail_dir =
+ self_test_dir_enc_auth_gen;
+ }
+
+ if (parser_read_uint32(
+ &env.broken_test_config->expect_fail_test_idx,
+ optarg) < 0) {
+ rte_free(env.broken_test_config);
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
+
+ case OPT_CRYPTODEV_BK_DIR_KEY_NUM:
+ if (!env.broken_test_config) {
+ env.broken_test_config = rte_malloc(
+ NULL,
+ sizeof(*env.broken_test_config),
+ 0);
+ if (!env.broken_test_config)
+ return -ENOMEM;
+
+ env.broken_test_config->expect_fail_test_idx =
+ 0;
+ }
+
+ if (strcmp(optarg, "enc") == 0)
+ env.broken_test_config->expect_fail_dir =
+ self_test_dir_enc_auth_gen;
+ else if (strcmp(optarg, "dec")
+ == 0)
+ env.broken_test_config->expect_fail_dir =
+ self_test_dir_dec_auth_verify;
+ else {
+ rte_free(env.broken_test_config);
cryptodev_fips_validate_usage(prgname);
return -EINVAL;
}
break;
+
+
+ case OPT_MBUF_DATAROOM_NUM:
+ if (parser_read_uint16(&env.mbuf_data_room,
+ optarg) < 0) {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+
+ if (env.mbuf_data_room == 0) {
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
+ }
+ break;
+
default:
- return -1;
+ cryptodev_fips_validate_usage(prgname);
+ return -EINVAL;
}
}
fips_test_clear();
cryptodev_fips_validate_app_uninit();
+ /* clean up the EAL */
+ rte_eal_cleanup();
+
return ret;
}
#define IV_OFF (sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op))
#define CRYPTODEV_FIPS_MAX_RETRIES 16
-typedef int (*fips_test_one_case_t)(void);
-typedef int (*fips_prepare_op_t)(void);
-typedef int (*fips_prepare_xform_t)(struct rte_crypto_sym_xform *);
-
-struct fips_test_ops {
- fips_prepare_xform_t prepare_xform;
- fips_prepare_op_t prepare_op;
- fips_test_one_case_t test;
-} test_ops;
+struct fips_test_ops test_ops;
static int
prepare_data_mbufs(struct fips_val *val)
return 0;
}
-static int
+int
prepare_auth_op(void)
{
struct rte_crypto_sym_op *sym = env.op->sym;
__rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+ if (vec.iv.len) {
+ uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *,
+ IV_OFF);
+ memset(iv, 0, vec.iv.len);
+ if (vec.iv.val)
+ memcpy(iv, vec.iv.val, vec.iv.len);
+ }
+
ret = prepare_data_mbufs(&vec.pt);
if (ret < 0)
return ret;
return 0;
}
-static int
+int
prepare_aead_op(void)
{
struct rte_crypto_sym_op *sym = env.op->sym;
return 0;
}
-static int
+int
prepare_gcm_xform(struct rte_crypto_sym_xform *xform)
{
const struct rte_cryptodev_symmetric_capability *cap;
return 0;
}
+int
+prepare_gmac_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_auth_xform *auth_xform = &xform->auth;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ auth_xform->algo = RTE_CRYPTO_AUTH_AES_GMAC;
+ auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_AUTH_OP_GENERATE :
+ RTE_CRYPTO_AUTH_OP_VERIFY;
+ auth_xform->iv.offset = IV_OFF;
+ auth_xform->iv.length = vec.iv.len;
+ auth_xform->digest_length = vec.aead.digest.len;
+ auth_xform->key.data = vec.aead.key.val;
+ auth_xform->key.length = vec.aead.key.len;
+
+ cap_idx.algo.auth = auth_xform->algo;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_auth(cap,
+ auth_xform->key.length,
+ auth_xform->digest_length,
+ auth_xform->iv.length) != 0) {
+
+ RTE_LOG(ERR, USER1,
+ "PMD %s key length %u Digest length %u IV length %u\n",
+ info.device_name, auth_xform->key.length,
+ auth_xform->digest_length,
+ auth_xform->iv.length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
static int
prepare_cmac_xform(struct rte_crypto_sym_xform *xform)
{
if (data_len) {
RTE_LOG(ERR, USER1, "Error -1: write back data\n");
+ free(wb_data);
return -1;
}
return ret;
}
- get_writeback_data(&val);
+ ret = get_writeback_data(&val);
+ if (ret < 0)
+ return ret;
if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
memcpy(prev_in, vec.ct.val, AES_BLOCK_SIZE);
return ret;
}
- get_writeback_data(&val);
+ ret = get_writeback_data(&val);
+ if (ret < 0)
+ return ret;
memcpy(md[0].val, md[1].val, md[1].len);
md[0].len = md[1].len;