X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Ffips_validation%2Fmain.c;h=8135340689379c4d31fba15476c904eb428d83f3;hb=186b14d6850654eb84a8ae9ea29b736f0ba5e093;hp=bd9aa9018fdc75e422a58afa060f132ef8f85422;hpb=261bbff75e34dbbefcbf13d672b902eb0a917c5e;p=dpdk.git

diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index bd9aa9018f..8135340689 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -13,12 +13,18 @@
 #include <rte_string_fns.h>
 
 #include "fips_validation.h"
+#include "fips_dev_self_test.h"
 
 #define REQ_FILE_PATH_KEYWORD	"req-file"
 #define RSP_FILE_PATH_KEYWORD	"rsp-file"
 #define FOLDER_KEYWORD		"path-is-folder"
 #define CRYPTODEV_KEYWORD	"cryptodev"
 #define CRYPTODEV_ID_KEYWORD	"cryptodev-id"
+#define CRYPTODEV_ST_KEYWORD	"self-test"
+#define CRYPTODEV_BK_ID_KEYWORD	"broken-test-id"
+#define CRYPTODEV_BK_DIR_KEY	"broken-test-dir"
+#define CRYPTODEV_ENC_KEYWORD	"enc"
+#define CRYPTODEV_DEC_KEYWORD	"dec"
 
 struct fips_test_vector vec;
 struct fips_test_interim_info info;
@@ -35,17 +41,31 @@ struct cryptodev_fips_validate_env {
 	struct rte_mbuf *mbuf;
 	struct rte_crypto_op *op;
 	struct rte_cryptodev_sym_session *sess;
+	uint32_t self_test;
+	struct fips_dev_broken_test_config *broken_test_config;
 } env;
 
 static int
 cryptodev_fips_validate_app_int(void)
 {
-	struct rte_cryptodev_config conf = {rte_socket_id(), 1};
+	struct rte_cryptodev_config conf = {rte_socket_id(), 1, 0};
 	struct rte_cryptodev_qp_conf qp_conf = {128, NULL, NULL};
 	uint32_t sess_sz = rte_cryptodev_sym_get_private_session_size(
 			env.dev_id);
 	int ret;
 
+	if (env.self_test) {
+		ret = fips_dev_self_test(env.dev_id, env.broken_test_config);
+		if (ret < 0) {
+			struct rte_cryptodev *cryptodev =
+					rte_cryptodev_pmd_get_dev(env.dev_id);
+
+			rte_cryptodev_pmd_destroy(cryptodev);
+
+			return ret;
+		}
+	}
+
 	ret = rte_cryptodev_configure(env.dev_id, &conf);
 	if (ret < 0)
 		return ret;
@@ -176,9 +196,14 @@ cryptodev_fips_validate_usage(const char *prgname)
 		"  --%s: RESPONSE-FILE-PATH\n"
 		"  --%s: indicating both paths are folders\n"
 		"  --%s: CRYPTODEV-NAME\n"
-		"  --%s: CRYPTODEV-ID-NAME\n",
+		"  --%s: CRYPTODEV-ID-NAME\n"
+		"  --%s: self test indicator\n"
+		"  --%s: self broken test ID\n"
+		"  --%s: self broken test direction\n",
 		prgname, REQ_FILE_PATH_KEYWORD, RSP_FILE_PATH_KEYWORD,
-		FOLDER_KEYWORD, CRYPTODEV_KEYWORD, CRYPTODEV_ID_KEYWORD);
+		FOLDER_KEYWORD, CRYPTODEV_KEYWORD, CRYPTODEV_ID_KEYWORD,
+		CRYPTODEV_ST_KEYWORD, CRYPTODEV_BK_ID_KEYWORD,
+		CRYPTODEV_BK_DIR_KEY);
 }
 
 static int
@@ -194,6 +219,9 @@ cryptodev_fips_validate_parse_args(int argc, char **argv)
 			{FOLDER_KEYWORD, no_argument, 0, 0},
 			{CRYPTODEV_KEYWORD, required_argument, 0, 0},
 			{CRYPTODEV_ID_KEYWORD, required_argument, 0, 0},
+			{CRYPTODEV_ST_KEYWORD, no_argument, 0, 0},
+			{CRYPTODEV_BK_ID_KEYWORD, required_argument, 0, 0},
+			{CRYPTODEV_BK_DIR_KEY, required_argument, 0, 0},
 			{NULL, 0, 0, 0}
 	};
 
@@ -227,6 +255,56 @@ cryptodev_fips_validate_parse_args(int argc, char **argv)
 					cryptodev_fips_validate_usage(prgname);
 					return -EINVAL;
 				}
+			} else if (strcmp(lgopts[option_index].name,
+					CRYPTODEV_ST_KEYWORD) == 0) {
+				env.self_test = 1;
+			} else if (strcmp(lgopts[option_index].name,
+					CRYPTODEV_BK_ID_KEYWORD) == 0) {
+				if (!env.broken_test_config) {
+					env.broken_test_config = rte_malloc(
+						NULL,
+						sizeof(*env.broken_test_config),
+						0);
+					if (!env.broken_test_config)
+						return -ENOMEM;
+
+					env.broken_test_config->expect_fail_dir =
+						self_test_dir_enc_auth_gen;
+				}
+
+				if (parser_read_uint32(
+					&env.broken_test_config->expect_fail_test_idx,
+						optarg) < 0) {
+					rte_free(env.broken_test_config);
+					cryptodev_fips_validate_usage(prgname);
+					return -EINVAL;
+				}
+			} else if (strcmp(lgopts[option_index].name,
+					CRYPTODEV_BK_DIR_KEY) == 0) {
+				if (!env.broken_test_config) {
+					env.broken_test_config = rte_malloc(
+						NULL,
+						sizeof(*env.broken_test_config),
+						0);
+					if (!env.broken_test_config)
+						return -ENOMEM;
+
+					env.broken_test_config->
+						expect_fail_test_idx = 0;
+				}
+
+				if (strcmp(optarg, CRYPTODEV_ENC_KEYWORD) == 0)
+					env.broken_test_config->expect_fail_dir =
+						self_test_dir_enc_auth_gen;
+				else if (strcmp(optarg, CRYPTODEV_DEC_KEYWORD)
+						== 0)
+					env.broken_test_config->expect_fail_dir =
+						self_test_dir_dec_auth_verify;
+				else {
+					rte_free(env.broken_test_config);
+					cryptodev_fips_validate_usage(prgname);
+					return -EINVAL;
+				}
 			} else {
 				cryptodev_fips_validate_usage(prgname);
 				return -EINVAL;
@@ -809,6 +887,41 @@ prepare_ccm_xform(struct rte_crypto_sym_xform *xform)
 	return 0;
 }
 
+static int
+prepare_sha_xform(struct rte_crypto_sym_xform *xform)
+{
+	const struct rte_cryptodev_symmetric_capability *cap;
+	struct rte_cryptodev_sym_capability_idx cap_idx;
+	struct rte_crypto_auth_xform *auth_xform = &xform->auth;
+
+	xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+	auth_xform->algo = info.interim_info.sha_data.algo;
+	auth_xform->op = RTE_CRYPTO_AUTH_OP_GENERATE;
+	auth_xform->digest_length = vec.cipher_auth.digest.len;
+
+	cap_idx.algo.auth = auth_xform->algo;
+	cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+	cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+	if (!cap) {
+		RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+				env.dev_id);
+		return -EINVAL;
+	}
+
+	if (rte_cryptodev_sym_capability_check_auth(cap,
+			auth_xform->key.length,
+			auth_xform->digest_length, 0) != 0) {
+		RTE_LOG(ERR, USER1, "PMD %s key length %u digest length %u\n",
+				info.device_name, auth_xform->key.length,
+				auth_xform->digest_length);
+		return -EPERM;
+	}
+
+	return 0;
+}
+
 static void
 get_writeback_data(struct fips_val *val)
 {
@@ -836,19 +949,20 @@ fips_run_test(void)
 	if (ret < 0) {
 		RTE_LOG(ERR, USER1, "Error %i: Init session\n",
 				ret);
-		return ret;
+		goto exit;
 	}
 
 	ret = test_ops.prepare_op();
 	if (ret < 0) {
 		RTE_LOG(ERR, USER1, "Error %i: Prepare op\n",
 				ret);
-		return ret;
+		goto exit;
 	}
 
 	if (rte_cryptodev_enqueue_burst(env.dev_id, 0, &env.op, 1) < 1) {
 		RTE_LOG(ERR, USER1, "Error: Failed enqueue\n");
-		return ret;
+		ret = -1;
+		goto exit;
 	}
 
 	do {
@@ -860,6 +974,7 @@ fips_run_test(void)
 
 	vec.status = env.op->status;
 
+exit:
 	rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
 	rte_cryptodev_sym_session_free(env.sess);
 	env.sess = NULL;
@@ -1139,6 +1254,90 @@ fips_mct_aes_test(void)
 	return 0;
 }
 
+static int
+fips_mct_sha_test(void)
+{
+#define SHA_EXTERN_ITER	100
+#define SHA_INTERN_ITER	1000
+#define SHA_MD_BLOCK	3
+	struct fips_val val, md[SHA_MD_BLOCK];
+	char temp[MAX_DIGEST_SIZE*2];
+	int ret;
+	uint32_t i, j;
+
+	val.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
+	for (i = 0; i < SHA_MD_BLOCK; i++)
+		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
+
+	rte_free(vec.pt.val);
+	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
+
+	fips_test_write_one_case();
+	fprintf(info.fp_wr, "\n");
+
+	for (j = 0; j < SHA_EXTERN_ITER; j++) {
+
+		memcpy(md[0].val, vec.cipher_auth.digest.val,
+			vec.cipher_auth.digest.len);
+		md[0].len = vec.cipher_auth.digest.len;
+		memcpy(md[1].val, vec.cipher_auth.digest.val,
+			vec.cipher_auth.digest.len);
+		md[1].len = vec.cipher_auth.digest.len;
+		memcpy(md[2].val, vec.cipher_auth.digest.val,
+			vec.cipher_auth.digest.len);
+		md[2].len = vec.cipher_auth.digest.len;
+
+		for (i = 0; i < (SHA_INTERN_ITER); i++) {
+
+			memcpy(vec.pt.val, md[0].val,
+				(size_t)md[0].len);
+			memcpy((vec.pt.val + md[0].len), md[1].val,
+				(size_t)md[1].len);
+			memcpy((vec.pt.val + md[0].len + md[1].len),
+				md[2].val,
+				(size_t)md[2].len);
+			vec.pt.len = md[0].len + md[1].len + md[2].len;
+
+			ret = fips_run_test();
+			if (ret < 0) {
+				if (ret == -EPERM) {
+					fprintf(info.fp_wr, "Bypass\n\n");
+					return 0;
+				}
+				return ret;
+			}
+
+			get_writeback_data(&val);
+
+			memcpy(md[0].val, md[1].val, md[1].len);
+			md[0].len = md[1].len;
+			memcpy(md[1].val, md[2].val, md[2].len);
+			md[1].len = md[2].len;
+
+			memcpy(md[2].val, (val.val + vec.pt.len),
+				vec.cipher_auth.digest.len);
+			md[2].len = vec.cipher_auth.digest.len;
+		}
+
+		memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
+		vec.cipher_auth.digest.len = md[2].len;
+
+		fprintf(info.fp_wr, "COUNT = %u\n", j);
+
+		writeback_hex_str("", temp, &vec.cipher_auth.digest);
+
+		fprintf(info.fp_wr, "MD = %s\n\n", temp);
+	}
+
+	for (i = 0; i < (SHA_MD_BLOCK); i++)
+		rte_free(md[i].val);
+
+	rte_free(vec.pt.val);
+
+	return 0;
+}
+
+
 static int
 init_test_ops(void)
 {
@@ -1179,6 +1378,14 @@ init_test_ops(void)
 		test_ops.prepare_xform = prepare_ccm_xform;
 		test_ops.test = fips_generic_test;
 		break;
+	case FIPS_TEST_ALGO_SHA:
+		test_ops.prepare_op = prepare_auth_op;
+		test_ops.prepare_xform = prepare_sha_xform;
+		if (info.interim_info.sha_data.test_type == SHA_MCT)
+			test_ops.test = fips_mct_sha_test;
+		else
+			test_ops.test = fips_generic_test;
+		break;
 	default:
 		return -1;
 	}