examples/fips_validation: add parsing for AES-CBC

author Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>

Mon, 30 May 2022 15:52:43 +0000 (21:22 +0530)

committer Akhil Goyal <gakhil@marvell.com>

Wed, 1 Jun 2022 14:26:35 +0000 (16:26 +0200)
author Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Mon, 30 May 2022 15:52:43 +0000 (21:22 +0530)
committer Akhil Goyal <gakhil@marvell.com>
Wed, 1 Jun 2022 14:26:35 +0000 (16:26 +0200)
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c

index ab4c0d0ecab94c25371a077c826d02622ea6cc00..8cec172a5f9f452deb32d7a23ed0b63180686ef2 100644 (file)
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -120,7 +120,7 @@ fips_test_parse_header(void)
  
         for (i = 0; i < info.nb_vec_lines; i++) {
                 if (!algo_parsed) {
-                       if (strstr(info.vec[i], "AESVS")) {
+                       if (strstr(info.vec[i], "AES")) {
                                 algo_parsed = 1;
                                 info.algo = FIPS_TEST_ALGO_AES;
                                 ret = parse_test_aes_init();
@@ -458,10 +458,12 @@ fips_test_parse_one_json_vector_set(void)
         /* Vector sets contain the algorithm type, and nothing else we need. */
         if (strstr(algo_str, "AES-GCM"))
                 info.algo = FIPS_TEST_ALGO_AES_GCM;
-       if (strstr(algo_str, "HMAC"))
+       else if (strstr(algo_str, "HMAC"))
                 info.algo = FIPS_TEST_ALGO_HMAC;
-       if (strstr(algo_str, "CMAC"))
+       else if (strstr(algo_str, "CMAC"))
                 info.algo = FIPS_TEST_ALGO_AES_CMAC;
+       else if (strstr(algo_str, "AES-CBC"))
+               info.algo = FIPS_TEST_ALGO_AES;
         else
                 return -EINVAL;
  
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h

index 88cbb0303e455296fba13345cc63f63cc8ae81ce..6385ec4d8dd05919e2916c02b873fa7348a45cc7 100644 (file)
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -103,6 +103,7 @@ enum fips_aesavs_test_types {
         AESAVS_TYPE_VARTXT,
         AESAVS_TYPE_MMT,
         AESAVS_TYPE_MCT,
+       AESAVS_TYPE_AFT,
  };
  
  enum fips_tdes_test_types {
@@ -262,6 +263,9 @@ parse_test_hmac_json_algorithm(void);
  
  int
  parse_test_cmac_json_init(void);
+
+int
+parse_test_aes_json_init(void);
  #endif /* RTE_HAS_JANSSON */
  
  int
diff --git a/examples/fips_validation/fips_validation_aes.c b/examples/fips_validation/fips_validation_aes.c

index b3c5e31f325d550235f50c3e2a1ebb6f2e9582ba..8db6f4fa312cdd08c6f5f154227a5f86a7ad1bbf 100644 (file)
--- a/examples/fips_validation/fips_validation_aes.c
+++ b/examples/fips_validation/fips_validation_aes.c
@@ -7,6 +7,7 @@
  #include <stdio.h>
  
  #include <rte_cryptodev.h>
+#include <rte_malloc.h>
  
  #include "fips_validation.h"
  
@@ -25,6 +26,19 @@
  #define OP_ENC_STR     "ENCRYPT"
  #define OP_DEC_STR     "DECRYPT"
  
+#define ALGO_JSON_STR          "algorithm"
+#define TESTTYPE_JSON_STR      "testType"
+#define DIR_JSON_STR           "direction"
+#define KEYLEN_JSON_STR                "keyLen"
+
+#define KEY_JSON_STR   "key"
+#define IV_JSON_STR    "iv"
+#define PT_JSON_STR    "pt"
+#define CT_JSON_STR    "ct"
+
+#define OP_ENC_JSON_STR        "encrypt"
+#define OP_DEC_JSON_STR        "decrypt"
+
  struct {
         uint32_t type;
         const char *desc;
@@ -37,6 +51,7 @@ struct {
                 {TDES_VARIABLE_TEXT, "KAT"},
                 {AESAVS_TYPE_MMT, "MMT"},
                 {AESAVS_TYPE_MCT, "MCT"},
+               {AESAVS_TYPE_AFT, "AFT"},
  };
  
  struct aes_test_algo {
@@ -92,6 +107,214 @@ struct fips_test_callback aes_writeback_callbacks[] = {
                 {NULL, NULL, NULL} /**< end pointer */
  };
  
+#ifdef RTE_HAS_JANSSON
+struct fips_test_callback aes_dec_json_vectors[] = {
+               {KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
+               {IV_JSON_STR, parse_uint8_hex_str, &vec.iv},
+               {CT_JSON_STR, parse_uint8_hex_str, &vec.ct},
+               {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback aes_interim_json_vectors[] = {
+               {KEYLEN_JSON_STR, parser_read_uint32_bit_val, &vec.cipher_auth.key},
+               {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback aes_enc_json_vectors[] = {
+               {KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
+               {IV_JSON_STR, parse_uint8_hex_str, &vec.iv},
+               {PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+               {NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_aes_json_writeback(struct fips_val *val)
+{
+       struct fips_val tmp_val;
+       json_t *tcId;
+
+       tcId = json_object_get(json_info.json_test_case, "tcId");
+
+       json_info.json_write_case = json_object();
+       json_object_set(json_info.json_write_case, "tcId", tcId);
+
+       if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+               json_t *ct;
+
+               tmp_val.val = val->val;
+               tmp_val.len = vec.pt.len;
+
+               writeback_hex_str("", info.one_line_text, &tmp_val);
+               ct = json_string(info.one_line_text);
+               json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct);
+
+               tmp_val.val = val->val + vec.pt.len;
+               tmp_val.len = val->len - vec.pt.len;
+
+               writeback_hex_str("", info.one_line_text, &tmp_val);
+       } else {
+               if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
+                       tmp_val.val = val->val;
+                       tmp_val.len = vec.ct.len;
+
+                       writeback_hex_str("", info.one_line_text, &tmp_val);
+                       json_object_set_new(json_info.json_write_case, PT_JSON_STR,
+                                                               json_string(info.one_line_text));
+               } else {
+                       json_object_set_new(json_info.json_write_case, "testPassed", json_false());
+               }
+       }
+
+       return 0;
+}
+
+static int
+parse_test_aes_mct_json_writeback(struct fips_val *val)
+{
+       json_t *tcId, *resArr, *res, *ct, *pt, *key, *iv;
+       struct fips_val tmp_val;
+
+       tcId = json_object_get(json_info.json_test_case, "tcId");
+       if (json_info.json_write_case) {
+               json_t *wcId;
+
+               wcId = json_object_get(json_info.json_write_case, "tcId");
+               if (!json_equal(tcId, wcId)) {
+                       json_info.json_write_case = json_object();
+                       json_object_set(json_info.json_write_case, "tcId", tcId);
+                       json_object_set(json_info.json_write_case, "resultsArray", json_array());
+               }
+       } else {
+               json_info.json_write_case = json_object();
+               json_object_set(json_info.json_write_case, "tcId", tcId);
+               json_object_set(json_info.json_write_case, "resultsArray", json_array());
+       }
+
+       resArr = json_object_get(json_info.json_write_case, "resultsArray");
+       if (!json_is_array(resArr))
+               return -EINVAL;
+
+       res = json_object();
+       if (info .op == FIPS_TEST_ENC_AUTH_GEN) {
+               writeback_hex_str("", info.one_line_text, &vec.cipher_auth.key);
+               key = json_string(info.one_line_text);
+               json_object_set_new(res, KEY_JSON_STR, key);
+
+               writeback_hex_str("", info.one_line_text, &val[2]);
+               iv = json_string(info.one_line_text);
+               json_object_set_new(res, IV_JSON_STR, iv);
+
+               writeback_hex_str("", info.one_line_text, &val[1]);
+               pt = json_string(info.one_line_text);
+               json_object_set_new(res, PT_JSON_STR, pt);
+
+               tmp_val.val = val->val;
+               tmp_val.len = vec.pt.len;
+
+               writeback_hex_str("", info.one_line_text, &tmp_val);
+               ct = json_string(info.one_line_text);
+               json_object_set_new(res, CT_JSON_STR, ct);
+
+               tmp_val.val = val->val + vec.pt.len;
+               tmp_val.len = val->len - vec.pt.len;
+
+               writeback_hex_str("", info.one_line_text, &tmp_val);
+       } else {
+               if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
+                       writeback_hex_str("", info.one_line_text, &vec.cipher_auth.key);
+                       key = json_string(info.one_line_text);
+                       json_object_set_new(res, KEY_JSON_STR, key);
+
+                       writeback_hex_str("", info.one_line_text, &val[2]);
+                       iv = json_string(info.one_line_text);
+                       json_object_set_new(res, IV_JSON_STR, iv);
+
+                       tmp_val.val = val->val;
+                       tmp_val.len = vec.ct.len;
+
+                       writeback_hex_str("", info.one_line_text, &tmp_val);
+                       pt = json_string(info.one_line_text);
+                       json_object_set_new(res, PT_JSON_STR, pt);
+
+                       writeback_hex_str("", info.one_line_text, &val[1]);
+                       ct = json_string(info.one_line_text);
+                       json_object_set_new(res, CT_JSON_STR, ct);
+               } else {
+                       json_object_set_new(json_info.json_write_case, "testPassed", json_false());
+               }
+       }
+
+       json_array_append_new(resArr, res);
+       return 0;
+}
+
+int
+parse_test_aes_json_init(void)
+{
+       json_t *type_obj = json_object_get(json_info.json_test_group, TESTTYPE_JSON_STR);
+       json_t *algo_obj = json_object_get(json_info.json_vector_set, ALGO_JSON_STR);
+       const char *type_str = json_string_value(type_obj);
+       const char *algo_str = json_string_value(algo_obj);
+       uint32_t i;
+
+       if (json_info.json_test_group) {
+               json_t *direction_obj;
+               const char *direction_str;
+
+               direction_obj = json_object_get(json_info.json_test_group, DIR_JSON_STR);
+               direction_str = json_string_value(direction_obj);
+
+               if (strcmp(direction_str, OP_ENC_JSON_STR) == 0) {
+                       info.op = FIPS_TEST_ENC_AUTH_GEN;
+                       info.callbacks = aes_enc_json_vectors;
+
+               } else if (strcmp(direction_str, OP_DEC_JSON_STR) == 0) {
+                       info.op = FIPS_TEST_DEC_AUTH_VERIF;
+                       info.callbacks = aes_dec_json_vectors;
+               } else {
+                       return -EINVAL;
+               }
+               info.interim_callbacks = aes_interim_json_vectors;
+       }
+
+       for (i = 0; i < RTE_DIM(aes_test_types); i++)
+               if (strstr(type_str, aes_test_types[i].desc)) {
+                       info.interim_info.aes_data.test_type =
+                               aes_test_types[i].type;
+                       break;
+               }
+
+       if (i >= RTE_DIM(aes_test_types))
+               return -EINVAL;
+
+       switch (info.interim_info.aes_data.test_type) {
+       case AESAVS_TYPE_MCT:
+               info.parse_writeback = parse_test_aes_mct_json_writeback;
+               break;
+       case AESAVS_TYPE_AFT:
+               info.parse_writeback = parse_test_aes_json_writeback;
+               break;
+       default:
+               info.parse_writeback = NULL;
+       }
+
+       if (!info.parse_writeback)
+               return -EINVAL;
+
+       for (i = 0; i < RTE_DIM(algo_con); i++)
+               if (strstr(algo_str, algo_con[i].name)) {
+                       info.interim_info.aes_data.cipher_algo =
+                               (uint32_t)algo_con[i].algo;
+                       break;
+               }
+
+       if (i >= RTE_DIM(algo_con))
+               return -EINVAL;
+
+       return 0;
+}
+#endif /* RTE_HAS_JANSSON */
+
  static int
  parse_test_aes_writeback(struct fips_val *val)
  {
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c

index 1645fa99e50e84dff0859b6f50bd3f1dae84ab9d..332a4110e35c014e253891527ca9a55beea11dbe 100644 (file)
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1556,7 +1556,7 @@ fips_mct_aes_test(void)
  #define AES_BLOCK_SIZE 16
  #define AES_EXTERN_ITER        100
  #define AES_INTERN_ITER        1000
-       struct fips_val val = {NULL, 0}, val_key;
+       struct fips_val val[3] = {{NULL, 0},}, val_key,  pt, ct, iv;
         uint8_t prev_out[AES_BLOCK_SIZE] = {0};
         uint8_t prev_in[AES_BLOCK_SIZE] = {0};
         uint32_t i, j, k;
@@ -1565,11 +1565,16 @@ fips_mct_aes_test(void)
         if (info.interim_info.aes_data.cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB)
                 return fips_mct_aes_ecb_test();
  
+       memset(&pt, 0, sizeof(struct fips_val));
+       memset(&ct, 0, sizeof(struct fips_val));
+       memset(&iv, 0, sizeof(struct fips_val));
         for (i = 0; i < AES_EXTERN_ITER; i++) {
-               if (i != 0)
-                       update_info_vec(i);
+               if (info.file_type != FIPS_TYPE_JSON) {
+                       if (i != 0)
+                               update_info_vec(i);
  
-               fips_test_write_one_case();
+                       fips_test_write_one_case();
+               }
  
                 for (j = 0; j < AES_INTERN_ITER; j++) {
                         ret = fips_run_test();
@@ -1585,7 +1590,7 @@ fips_mct_aes_test(void)
                                 return ret;
                         }
  
-                       ret = get_writeback_data(&val);
+                       ret = get_writeback_data(&val[0]);
                         if (ret < 0)
                                 return ret;
  
@@ -1593,24 +1598,39 @@ fips_mct_aes_test(void)
                                 memcpy(prev_in, vec.ct.val, AES_BLOCK_SIZE);
  
                         if (j == 0) {
-                               memcpy(prev_out, val.val, AES_BLOCK_SIZE);
+                               memcpy(prev_out, val[0].val, AES_BLOCK_SIZE);
+                               pt.len = vec.pt.len;
+                               pt.val = calloc(1, pt.len);
+                               memcpy(pt.val, vec.pt.val, pt.len);
+
+                               ct.len = vec.ct.len;
+                               ct.val = calloc(1, ct.len);
+                               memcpy(ct.val, vec.ct.val, ct.len);
+
+                               iv.len = vec.iv.len;
+                               iv.val = calloc(1, iv.len);
+                               memcpy(iv.val, vec.iv.val, iv.len);
  
                                 if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
-                                       memcpy(vec.pt.val, vec.iv.val,
-                                                       AES_BLOCK_SIZE);
-                                       memcpy(vec.iv.val, val.val,
-                                                       AES_BLOCK_SIZE);
+                                       memcpy(vec.pt.val, vec.iv.val, AES_BLOCK_SIZE);
+                                       memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
+                                       val[1].val = pt.val;
+                                       val[1].len = pt.len;
+                                       val[2].val = iv.val;
+                                       val[2].len = iv.len;
                                 } else {
-                                       memcpy(vec.ct.val, vec.iv.val,
-                                                       AES_BLOCK_SIZE);
-                                       memcpy(vec.iv.val, prev_in,
-                                                       AES_BLOCK_SIZE);
+                                       memcpy(vec.ct.val, vec.iv.val, AES_BLOCK_SIZE);
+                                       memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE);
+                                       val[1].val = ct.val;
+                                       val[1].len = ct.len;
+                                       val[2].val = iv.val;
+                                       val[2].len = iv.len;
                                 }
                                 continue;
                         }
  
                         if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
-                               memcpy(vec.iv.val, val.val, AES_BLOCK_SIZE);
+                               memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
                                 memcpy(vec.pt.val, prev_out, AES_BLOCK_SIZE);
                         } else {
                                 memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE);
@@ -1620,33 +1640,38 @@ fips_mct_aes_test(void)
                         if (j == AES_INTERN_ITER - 1)
                                 continue;
  
-                       memcpy(prev_out, val.val, AES_BLOCK_SIZE);
+                       memcpy(prev_out, val[0].val, AES_BLOCK_SIZE);
                 }
  
-               info.parse_writeback(&val);
-               fprintf(info.fp_wr, "\n");
+               info.parse_writeback(val);
+               if (info.file_type != FIPS_TYPE_JSON)
+                       fprintf(info.fp_wr, "\n");
  
-               if (i == AES_EXTERN_ITER - 1)
+               if (i == AES_EXTERN_ITER - 1) {
+                       free(pt.val);
+                       free(ct.val);
+                       free(iv.val);
                         continue;
+               }
  
                 /** update key */
                 memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key));
                 for (k = 0; k < vec.cipher_auth.key.len; k++) {
                         switch (vec.cipher_auth.key.len) {
                         case 16:
-                               val_key.val[k] ^= val.val[k];
+                               val_key.val[k] ^= val[0].val[k];
                                 break;
                         case 24:
                                 if (k < 8)
                                         val_key.val[k] ^= prev_out[k + 8];
                                 else
-                                       val_key.val[k] ^= val.val[k - 8];
+                                       val_key.val[k] ^= val[0].val[k - 8];
                                 break;
                         case 32:
                                 if (k < 16)
                                         val_key.val[k] ^= prev_out[k];
                                 else
-                                       val_key.val[k] ^= val.val[k - 16];
+                                       val_key.val[k] ^= val[0].val[k - 16];
                                 break;
                         default:
                                 return -1;
@@ -1654,10 +1679,10 @@ fips_mct_aes_test(void)
                 }
  
                 if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
-                       memcpy(vec.iv.val, val.val, AES_BLOCK_SIZE);
+                       memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
         }
  
-       free(val.val);
+       free(val[0].val);
  
         return 0;
  }
@@ -1963,6 +1988,9 @@ fips_test_one_test_group(void)
         case FIPS_TEST_ALGO_AES_CMAC:
                 ret = parse_test_cmac_json_init();
                 break;
+       case FIPS_TEST_ALGO_AES:
+               ret = parse_test_aes_json_init();
+               break;
         default:
                 return -EINVAL;
         }
author	Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
	Mon, 30 May 2022 15:52:43 +0000 (21:22 +0530)
committer	Akhil Goyal <gakhil@marvell.com>
	Wed, 1 Jun 2022 14:26:35 +0000 (16:26 +0200)
examples/fips_validation/fips_validation.c		patch \| blob \| history
examples/fips_validation/fips_validation.h		patch \| blob \| history
examples/fips_validation/fips_validation_aes.c		patch \| blob \| history
examples/fips_validation/main.c		patch \| blob \| history