examples/fips_validation: support CMAC parsing

Added enablement for CMAC parser, to allow the
application to parser the cmac request files and to validate all
test types supported.

Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>

diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index db08b03..747c8c8 100644 (file)
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -42,6 +42,7 @@ Limitations
 * Supported test vectors
     * AES-CBC (128,192,256) - GFSbox, KeySbox, MCT, MMT
     * AES-GCM (128,192,256) - EncryptExtIV, Decrypt
+    * AES-CMAC (128) - Generate, Verify
     * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
     * TDES-CBC (1 Key, 2 Keys, 3 Keys) - MMT, Monte, Permop, Subkey, Varkey,
       VarText

diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile
index 6373ac3..77b15ae 100644 (file)
--- a/examples/fips_validation/Makefile
+++ b/examples/fips_validation/Makefile
@@ -10,6 +10,7 @@ SRCS-y += fips_validation_aes.c
 SRCS-y += fips_validation_hmac.c
 SRCS-y += fips_validation_tdes.c
 SRCS-y += fips_validation_gcm.c
+SRCS-y += fips_validation_cmac.c
 SRCS-y += main.c
 
 # Build using pkg-config variables if possible

diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 1b926b8..fdf6f64 100644 (file)
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -116,6 +116,11 @@ fips_test_parse_header(void)
                        ret = parse_test_gcm_init();
                        if (ret < 0)
                                return ret;
+               } else if (strstr(info.vec[i], "CMAC")) {
+                       info.algo = FIPS_TEST_ALGO_AES_CMAC;
+                       ret = parse_test_cmac_init();
+                       if (ret < 0)
+                               return 0;
                } else if (strstr(info.vec[i], "HMAC")) {
                        info.algo = FIPS_TEST_ALGO_HMAC;
                        ret = parse_test_hmac_init();

diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 4cceff5..8dffe8e 100644 (file)
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -25,6 +25,7 @@
 enum fips_test_algorithms {
                FIPS_TEST_ALGO_AES = 0,
                FIPS_TEST_ALGO_AES_GCM,
+               FIPS_TEST_ALGO_AES_CMAC,
                FIPS_TEST_ALGO_HMAC,
                FIPS_TEST_ALGO_TDES,
                FIPS_TEST_ALGO_MAX
@@ -174,6 +175,9 @@ parse_test_hmac_init(void);
 int
 parse_test_gcm_init(void);
 
+int
+parse_test_cmac_init(void);
+
 int
 parser_read_uint8_hex(uint8_t *value, const char *p);
 

diff --git a/examples/fips_validation/fips_validation_cmac.c b/examples/fips_validation/fips_validation_cmac.c
new file mode 100644 (file)
index 0000000..54c951e
--- /dev/null
+++ b/examples/fips_validation/fips_validation_cmac.c
@@ -0,0 +1,116 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+#include <rte_string_fns.h>
+
+#include <rte_cryptodev.h>
+
+#include "fips_validation.h"
+
+#define NEW_LINE_STR   "#"
+#define OP_STR         "CMAC"
+
+#define ALGO_STR       "Alg = "
+#define MODE_STR       "Mode = "
+
+#define COUNT_STR      "Count = "
+#define KLEN_STR       "Klen = "
+#define PTLEN_STR      "Mlen = "
+#define TAGLEN_STR     "Tlen = "
+#define KEY_STR                "Key = "
+#define PT_STR         "Msg = "
+#define TAG_STR                "Mac = "
+
+#define GEN_STR                "Generate"
+#define VERIF_STR      "Verify"
+
+#define POS_NEG_STR    "Result = "
+#define PASS_STR       "P"
+#define FAIL_STR       "F"
+
+struct hash_algo_conversion {
+       const char *str;
+       enum fips_test_algorithms algo;
+} cmac_algo[] = {
+               {"AES", FIPS_TEST_ALGO_AES_CMAC},
+};
+
+static int
+parse_test_cmac_writeback(struct fips_val *val)
+{
+       if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+               struct fips_val tmp_val = {val->val + vec.pt.len,
+                               vec.cipher_auth.digest.len};
+
+               fprintf(info.fp_wr, "%s", TAG_STR);
+               parse_write_hex_str(&tmp_val);
+       } else {
+               fprintf(info.fp_wr, "%s", POS_NEG_STR);
+
+               if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS)
+                       fprintf(info.fp_wr, "%s\n", PASS_STR);
+               else if (vec.status == RTE_CRYPTO_OP_STATUS_AUTH_FAILED)
+                       fprintf(info.fp_wr, "%s\n", FAIL_STR);
+               else
+                       fprintf(info.fp_wr, "Error\n");
+       }
+
+       return 0;
+}
+
+struct fips_test_callback cmac_tests_vectors[] = {
+               {KLEN_STR, parser_read_uint32_val, &vec.cipher_auth.key},
+               {PTLEN_STR, parser_read_uint32_val, &vec.pt},
+               {TAGLEN_STR, parser_read_uint32_val, &vec.cipher_auth.digest},
+               {KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
+               {PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
+               {TAG_STR, parse_uint8_known_len_hex_str,
+                               &vec.cipher_auth.digest},
+               {NULL, NULL, NULL} /**< end pointer */
+};
+
+int
+parse_test_cmac_init(void)
+{
+       char *tmp;
+       uint32_t i, j;
+
+       for (i = 0; i < info.nb_vec_lines; i++) {
+               char *line = info.vec[i];
+
+               tmp = strstr(line, ALGO_STR);
+               if (!tmp)
+                       continue;
+
+               for (j = 0; j < RTE_DIM(cmac_algo); j++) {
+                       if (!strstr(line, cmac_algo[j].str))
+                               continue;
+
+                       info.algo = cmac_algo[j].algo;
+                       break;
+               }
+
+               if (j == RTE_DIM(cmac_algo))
+                       return -EINVAL;
+
+               tmp = strstr(line, MODE_STR);
+               if (!tmp)
+                       return -1;
+
+               if (strstr(tmp, GEN_STR))
+                       info.op = FIPS_TEST_ENC_AUTH_GEN;
+               else if (strstr(tmp, VERIF_STR))
+                       info.op = FIPS_TEST_DEC_AUTH_VERIF;
+               else
+                       return -EINVAL;
+       }
+
+       info.parse_writeback = parse_test_cmac_writeback;
+       info.callbacks = cmac_tests_vectors;
+
+       return 0;
+}

diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index c693e87..e953f3e 100644 (file)
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -688,6 +688,44 @@ prepare_gcm_xform(struct rte_crypto_sym_xform *xform)
        return 0;
 }
 
+static int
+prepare_cmac_xform(struct rte_crypto_sym_xform *xform)
+{
+       const struct rte_cryptodev_symmetric_capability *cap;
+       struct rte_cryptodev_sym_capability_idx cap_idx;
+       struct rte_crypto_auth_xform *auth_xform = &xform->auth;
+
+       xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+       auth_xform->algo = RTE_CRYPTO_AUTH_AES_CMAC;
+       auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+                       RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY;
+       auth_xform->digest_length = vec.cipher_auth.digest.len;
+       auth_xform->key.data = vec.cipher_auth.key.val;
+       auth_xform->key.length = vec.cipher_auth.key.len;
+
+       cap_idx.algo.auth = auth_xform->algo;
+       cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+       cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+       if (!cap) {
+               RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+                               env.dev_id);
+               return -EINVAL;
+       }
+
+       if (rte_cryptodev_sym_capability_check_auth(cap,
+                       auth_xform->key.length,
+                       auth_xform->digest_length, 0) != 0) {
+               RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+                               info.device_name, auth_xform->key.length,
+                               auth_xform->digest_length);
+               return -EPERM;
+       }
+
+       return 0;
+}
+
 static void
 get_writeback_data(struct fips_val *val)
 {
@@ -1048,6 +1086,11 @@ init_test_ops(void)
                test_ops.prepare_xform = prepare_gcm_xform;
                test_ops.test = fips_generic_test;
                break;
+       case FIPS_TEST_ALGO_AES_CMAC:
+               test_ops.prepare_op = prepare_auth_op;
+               test_ops.prepare_xform = prepare_cmac_xform;
+               test_ops.test = fips_generic_test;
+               break;
        default:
                return -1;
        }

diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build
index 0cc8bc4..a0d38fa 100644 (file)
--- a/examples/fips_validation/meson.build
+++ b/examples/fips_validation/meson.build
@@ -14,5 +14,6 @@ sources = files(
        'fips_validation_hmac.c',
        'fips_validation_tdes.c',
        'fips_validation_gcm.c',
+       'fips_validation_cmac.c',
        'main.c'
 )