From: Hemant Agrawal Date: Mon, 14 Oct 2019 06:53:27 +0000 (+0530) Subject: test/crypto: add case for auth only trailer X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=699741912d71df2932b55f87b7f3eb37bdcd33e1;p=dpdk.git test/crypto: add case for auth only trailer This patch add support for case when there is auth only header and auth only tailroom present simultaneously. This simulates the case of IPSEC ESN. This patch also enable the new test case for openssl and NXP dpaa_sec and dpaa2_sec platforms. Signed-off-by: Hemant Agrawal Signed-off-by: Vakul Garg Acked-by: Akhil Goyal --- diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index c4c7304952..ec04730163 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9741,6 +9741,8 @@ test_AES_GMAC_authentication_verify_test_case_4(void) struct test_crypto_vector { enum rte_crypto_cipher_algorithm crypto_algo; + unsigned int cipher_offset; + unsigned int cipher_len; struct { uint8_t data[64]; @@ -9763,6 +9765,7 @@ struct test_crypto_vector { } ciphertext; enum rte_crypto_auth_algorithm auth_algo; + unsigned int auth_offset; struct { uint8_t data[128]; @@ -9838,6 +9841,8 @@ aes128_gmac_test_vector = { static const struct test_crypto_vector aes128cbc_hmac_sha1_test_vector = { .crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, + .cipher_offset = 0, + .cipher_len = 512, .cipher_key = { .data = { 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2, @@ -9861,6 +9866,7 @@ aes128cbc_hmac_sha1_test_vector = { .len = 512 }, .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .auth_offset = 0, .auth_key = { .data = { 0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA, @@ -9879,6 +9885,53 @@ aes128cbc_hmac_sha1_test_vector = { } }; +static const struct test_crypto_vector +aes128cbc_hmac_sha1_aad_test_vector = { + .crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, + .cipher_offset = 12, + .cipher_len = 496, + .cipher_key = { + .data = { + 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2, + 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A + }, + .len = 16 + }, + .iv = { + .data = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }, + .len = 16 + }, + .plaintext = { + .data = plaintext_hash, + .len = 512 + }, + .ciphertext = { + .data = ciphertext512_aes128cbc_aad, + .len = 512 + }, + .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .auth_offset = 0, + .auth_key = { + .data = { + 0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA, + 0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD, + 0xDE, 0xF4, 0xDE, 0xAD + }, + .len = 20 + }, + .digest = { + .data = { + 0x1F, 0x6A, 0xD2, 0x8B, 0x4B, 0xB3, 0xC0, 0x9E, + 0x86, 0x9B, 0x3A, 0xF2, 0x00, 0x5B, 0x4F, 0x08, + 0x62, 0x8D, 0x62, 0x65 + }, + .len = 20 + } +}; + static void data_corruption(uint8_t *data) { @@ -10121,11 +10174,11 @@ create_cipher_auth_operation(struct crypto_testsuite_params *ts_params, rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET), reference->iv.data, reference->iv.len); - sym_op->cipher.data.length = reference->ciphertext.len; - sym_op->cipher.data.offset = 0; + sym_op->cipher.data.length = reference->cipher_len; + sym_op->cipher.data.offset = reference->cipher_offset; - sym_op->auth.data.length = reference->ciphertext.len; - sym_op->auth.data.offset = 0; + sym_op->auth.data.length = reference->plaintext.len; + sym_op->auth.data.offset = reference->auth_offset; return 0; } @@ -10336,6 +10389,193 @@ test_authenticated_decryption_fail_when_corruption( return 0; } +static int +test_authenticated_encryt_with_esn( + struct crypto_testsuite_params *ts_params, + struct crypto_unittest_params *ut_params, + const struct test_crypto_vector *reference) +{ + int retval; + + uint8_t *authciphertext, *plaintext, *auth_tag; + uint16_t plaintext_pad_len; + uint8_t cipher_key[reference->cipher_key.len + 1]; + uint8_t auth_key[reference->auth_key.len + 1]; + + /* Create session */ + memcpy(cipher_key, reference->cipher_key.data, + reference->cipher_key.len); + memcpy(auth_key, reference->auth_key.data, reference->auth_key.len); + + /* Setup Cipher Parameters */ + ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + ut_params->cipher_xform.cipher.algo = reference->crypto_algo; + ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; + ut_params->cipher_xform.cipher.key.data = cipher_key; + ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len; + ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET; + ut_params->cipher_xform.cipher.iv.length = reference->iv.len; + + ut_params->cipher_xform.next = &ut_params->auth_xform; + + /* Setup Authentication Parameters */ + ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH; + ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE; + ut_params->auth_xform.auth.algo = reference->auth_algo; + ut_params->auth_xform.auth.key.length = reference->auth_key.len; + ut_params->auth_xform.auth.key.data = auth_key; + ut_params->auth_xform.auth.digest_length = reference->digest.len; + ut_params->auth_xform.next = NULL; + + /* Create Crypto session*/ + ut_params->sess = rte_cryptodev_sym_session_create( + ts_params->session_mpool); + + rte_cryptodev_sym_session_init(ts_params->valid_devs[0], + ut_params->sess, + &ut_params->cipher_xform, + ts_params->session_priv_mpool); + + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); + + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + TEST_ASSERT_NOT_NULL(ut_params->ibuf, + "Failed to allocate input buffer in mempool"); + + /* clear mbuf payload */ + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + reference->plaintext.len); + TEST_ASSERT_NOT_NULL(plaintext, "no room to append plaintext"); + memcpy(plaintext, reference->plaintext.data, reference->plaintext.len); + + /* Create operation */ + retval = create_cipher_auth_operation(ts_params, + ut_params, + reference, 0); + + if (retval < 0) + return retval; + + ut_params->op = process_crypto_request(ts_params->valid_devs[0], + ut_params->op); + + TEST_ASSERT_NOT_NULL(ut_params->op, "no crypto operation returned"); + + TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS, + "crypto op processing failed"); + + plaintext_pad_len = RTE_ALIGN_CEIL(reference->plaintext.len, 16); + + authciphertext = rte_pktmbuf_mtod_offset(ut_params->ibuf, uint8_t *, + ut_params->op->sym->auth.data.offset); + auth_tag = authciphertext + plaintext_pad_len; + debug_hexdump(stdout, "ciphertext:", authciphertext, + reference->ciphertext.len); + debug_hexdump(stdout, "auth tag:", auth_tag, reference->digest.len); + + /* Validate obuf */ + TEST_ASSERT_BUFFERS_ARE_EQUAL( + authciphertext, + reference->ciphertext.data, + reference->ciphertext.len, + "Ciphertext data not as expected"); + + TEST_ASSERT_BUFFERS_ARE_EQUAL( + auth_tag, + reference->digest.data, + reference->digest.len, + "Generated digest not as expected"); + + return TEST_SUCCESS; + +} + +static int +test_authenticated_decrypt_with_esn( + struct crypto_testsuite_params *ts_params, + struct crypto_unittest_params *ut_params, + const struct test_crypto_vector *reference) +{ + int retval; + + uint8_t *ciphertext; + uint8_t cipher_key[reference->cipher_key.len + 1]; + uint8_t auth_key[reference->auth_key.len + 1]; + + /* Create session */ + memcpy(cipher_key, reference->cipher_key.data, + reference->cipher_key.len); + memcpy(auth_key, reference->auth_key.data, reference->auth_key.len); + + /* Setup Authentication Parameters */ + ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH; + ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; + ut_params->auth_xform.auth.algo = reference->auth_algo; + ut_params->auth_xform.auth.key.length = reference->auth_key.len; + ut_params->auth_xform.auth.key.data = auth_key; + ut_params->auth_xform.auth.digest_length = reference->digest.len; + ut_params->auth_xform.next = &ut_params->cipher_xform; + + /* Setup Cipher Parameters */ + ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + ut_params->cipher_xform.next = NULL; + ut_params->cipher_xform.cipher.algo = reference->crypto_algo; + ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + ut_params->cipher_xform.cipher.key.data = cipher_key; + ut_params->cipher_xform.cipher.key.length = reference->cipher_key.len; + ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET; + ut_params->cipher_xform.cipher.iv.length = reference->iv.len; + + /* Create Crypto session*/ + ut_params->sess = rte_cryptodev_sym_session_create( + ts_params->session_mpool); + + rte_cryptodev_sym_session_init(ts_params->valid_devs[0], + ut_params->sess, + &ut_params->auth_xform, + ts_params->session_priv_mpool); + + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed"); + + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + TEST_ASSERT_NOT_NULL(ut_params->ibuf, + "Failed to allocate input buffer in mempool"); + + /* clear mbuf payload */ + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->ibuf)); + + ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + reference->ciphertext.len); + TEST_ASSERT_NOT_NULL(ciphertext, "no room to append ciphertext"); + memcpy(ciphertext, reference->ciphertext.data, + reference->ciphertext.len); + + /* Create operation */ + retval = create_cipher_auth_verify_operation(ts_params, + ut_params, + reference); + + if (retval < 0) + return retval; + + ut_params->op = process_crypto_request(ts_params->valid_devs[0], + ut_params->op); + + TEST_ASSERT_NOT_NULL(ut_params->op, "failed crypto process"); + TEST_ASSERT_EQUAL(ut_params->op->status, + RTE_CRYPTO_OP_STATUS_SUCCESS, + "crypto op processing passed"); + + ut_params->obuf = ut_params->op->sym->m_src; + TEST_ASSERT_NOT_NULL(ut_params->obuf, "failed to retrieve obuf"); + + return 0; +} + static int create_aead_operation_SGL(enum rte_crypto_aead_operation op, const struct aead_test_data *tdata, @@ -10809,6 +11049,24 @@ auth_decryption_AES128CBC_HMAC_SHA1_fail_tag_corrupt(void) &aes128cbc_hmac_sha1_test_vector); } +static int +auth_encrypt_AES128CBC_HMAC_SHA1_esn_check(void) +{ + return test_authenticated_encryt_with_esn( + &testsuite_params, + &unittest_params, + &aes128cbc_hmac_sha1_aad_test_vector); +} + +static int +auth_decrypt_AES128CBC_HMAC_SHA1_esn_check(void) +{ + return test_authenticated_decrypt_with_esn( + &testsuite_params, + &unittest_params, + &aes128cbc_hmac_sha1_aad_test_vector); +} + #ifdef RTE_LIBRTE_PMD_CRYPTO_SCHEDULER /* global AESNI slave IDs for the scheduler test */ @@ -11830,6 +12088,13 @@ static struct unit_test_suite cryptodev_openssl_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, auth_decryption_AES128CBC_HMAC_SHA1_fail_tag_corrupt), + /* ESN Testcase */ + TEST_CASE_ST(ut_setup, ut_teardown, + auth_encrypt_AES128CBC_HMAC_SHA1_esn_check), + + TEST_CASE_ST(ut_setup, ut_teardown, + auth_decrypt_AES128CBC_HMAC_SHA1_esn_check), + TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -12441,6 +12706,12 @@ static struct unit_test_suite cryptodev_dpaa_sec_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, auth_decryption_AES128CBC_HMAC_SHA1_fail_tag_corrupt), + /* ESN Testcase */ + TEST_CASE_ST(ut_setup, ut_teardown, + auth_encrypt_AES128CBC_HMAC_SHA1_esn_check), + TEST_CASE_ST(ut_setup, ut_teardown, + auth_decrypt_AES128CBC_HMAC_SHA1_esn_check), + TEST_CASES_END() /**< NULL terminate unit test array */ } }; @@ -12454,7 +12725,6 @@ static struct unit_test_suite cryptodev_dpaa2_sec_testsuite = { test_device_configure_invalid_dev_id), TEST_CASE_ST(ut_setup, ut_teardown, test_multi_session), - TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_dpaa2_sec_all), TEST_CASE_ST(ut_setup, ut_teardown, @@ -12710,6 +12980,13 @@ static struct unit_test_suite cryptodev_dpaa2_sec_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, auth_decryption_AES128CBC_HMAC_SHA1_fail_tag_corrupt), + /* ESN Testcase */ + TEST_CASE_ST(ut_setup, ut_teardown, + auth_encrypt_AES128CBC_HMAC_SHA1_esn_check), + + TEST_CASE_ST(ut_setup, ut_teardown, + auth_decrypt_AES128CBC_HMAC_SHA1_esn_check), + TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h index 46239efb7b..54a5d75b21 100644 --- a/app/test/test_cryptodev_aes_test_vectors.h +++ b/app/test/test_cryptodev_aes_test_vectors.h @@ -356,6 +356,73 @@ static const struct blockcipher_test_data null_test_data_chain_x1_multiple = { } }; +static const uint8_t ciphertext512_aes128cbc_aad[] = { + 0x57, 0x68, 0x61, 0x74, 0x20, 0x61, 0x20, 0x6C, + 0x6F, 0x75, 0x73, 0x79, 0x6D, 0x70, 0xB4, 0xAD, + 0x09, 0x7C, 0xD7, 0x52, 0xD6, 0xF2, 0xBF, 0xD1, + 0x9D, 0x79, 0xC6, 0xB6, 0x8F, 0x94, 0xEB, 0xD8, + 0xBA, 0x5E, 0x01, 0x49, 0x7D, 0xB3, 0xC5, 0xFE, + 0x18, 0xF4, 0xE3, 0x60, 0x8C, 0x84, 0x68, 0x13, + 0x33, 0x06, 0x85, 0x60, 0xD3, 0xE7, 0x8A, 0xB5, + 0x23, 0xA2, 0xDE, 0x52, 0x5C, 0xB6, 0x26, 0x37, + 0xBB, 0x23, 0x8A, 0x38, 0x07, 0x85, 0xB6, 0x2E, + 0xC3, 0x69, 0x57, 0x79, 0x6B, 0xE4, 0xD7, 0x86, + 0x23, 0x72, 0x4C, 0x65, 0x49, 0x08, 0x1E, 0xF3, + 0xCC, 0x71, 0x4C, 0x45, 0x97, 0x03, 0xBC, 0xA0, + 0x9D, 0xF0, 0x4F, 0x5D, 0xEC, 0x40, 0x6C, 0xC6, + 0x52, 0xC0, 0x9D, 0x1C, 0xDC, 0x8B, 0xC2, 0xFA, + 0x35, 0xA7, 0x3A, 0x00, 0x04, 0x1C, 0xA6, 0x91, + 0x5D, 0xEB, 0x07, 0xA1, 0xB9, 0x3E, 0xD1, 0xB6, + 0xCA, 0x96, 0xEC, 0x71, 0xF7, 0x7D, 0xB6, 0x09, + 0x3D, 0x19, 0x6E, 0x75, 0x03, 0xC3, 0x1A, 0x4E, + 0x5B, 0x4D, 0xEA, 0xD9, 0x92, 0x96, 0x01, 0xFB, + 0xA3, 0xC2, 0x6D, 0xC4, 0x17, 0x6B, 0xB4, 0x3B, + 0x1E, 0x87, 0x54, 0x26, 0x95, 0x63, 0x07, 0x73, + 0xB6, 0xBA, 0x52, 0xD7, 0xA7, 0xD0, 0x9C, 0x75, + 0x8A, 0xCF, 0xC4, 0x3C, 0x4A, 0x55, 0x0E, 0x53, + 0xEC, 0xE0, 0x31, 0x51, 0xB7, 0xB7, 0xD2, 0xB4, + 0xF3, 0x2B, 0x70, 0x6D, 0x15, 0x9E, 0x57, 0x30, + 0x72, 0xE5, 0xA4, 0x71, 0x5F, 0xA4, 0xE8, 0x7C, + 0x46, 0x58, 0x36, 0x71, 0x91, 0x55, 0xAA, 0x99, + 0x3B, 0x3F, 0xF6, 0xA2, 0x9D, 0x27, 0xBF, 0xC2, + 0x62, 0x2C, 0x85, 0xB7, 0x51, 0xDD, 0xFD, 0x7B, + 0x8B, 0xB5, 0xDD, 0x2A, 0x73, 0xF8, 0x93, 0x9A, + 0x3F, 0xAD, 0x1D, 0xF0, 0x46, 0xD1, 0x76, 0x83, + 0x71, 0x4E, 0xD3, 0x0D, 0x64, 0x8C, 0xC3, 0xE6, + 0x03, 0xED, 0xE8, 0x53, 0x23, 0x1A, 0xC7, 0x86, + 0xEB, 0x87, 0xD6, 0x78, 0xF9, 0xFB, 0x9C, 0x1D, + 0xE7, 0x4E, 0xC0, 0x70, 0x27, 0x7A, 0x43, 0xE2, + 0x5D, 0xA4, 0x10, 0x40, 0xBE, 0x61, 0x0D, 0x2B, + 0x25, 0x08, 0x75, 0x91, 0xB5, 0x5A, 0x26, 0xC8, + 0x32, 0xA7, 0xC6, 0x88, 0xBF, 0x75, 0x94, 0xCC, + 0x58, 0xA4, 0xFE, 0x2F, 0xF7, 0x5C, 0xD2, 0x36, + 0x66, 0x55, 0xF0, 0xEA, 0xF5, 0x64, 0x43, 0xE7, + 0x6D, 0xE0, 0xED, 0xA1, 0x10, 0x0A, 0x84, 0x07, + 0x11, 0x88, 0xFA, 0xA1, 0xD3, 0xA0, 0x00, 0x5D, + 0xEB, 0xB5, 0x62, 0x01, 0x72, 0xC1, 0x9B, 0x39, + 0x0B, 0xD3, 0xAF, 0x04, 0x19, 0x42, 0xEC, 0xFF, + 0x4B, 0xB3, 0x5E, 0x87, 0x27, 0xE4, 0x26, 0x57, + 0x76, 0xCD, 0x36, 0x31, 0x5B, 0x94, 0x74, 0xFF, + 0x33, 0x91, 0xAA, 0xD1, 0x45, 0x34, 0xC2, 0x11, + 0xF0, 0x35, 0x44, 0xC9, 0xD5, 0xA2, 0x5A, 0xC2, + 0xE9, 0x9E, 0xCA, 0xE2, 0x6F, 0xD2, 0x40, 0xB4, + 0x93, 0x42, 0x78, 0x20, 0x92, 0x88, 0xC7, 0x16, + 0xCF, 0x15, 0x54, 0x7B, 0xE1, 0x46, 0x38, 0x69, + 0xB8, 0xE4, 0xF1, 0x81, 0xF0, 0x08, 0x6F, 0x92, + 0x6D, 0x1A, 0xD9, 0x93, 0xFA, 0xD7, 0x35, 0xFE, + 0x7F, 0x59, 0x43, 0x1D, 0x3A, 0x3B, 0xFC, 0xD0, + 0x14, 0x95, 0x1E, 0xB2, 0x04, 0x08, 0x4F, 0xC6, + 0xEA, 0xE8, 0x22, 0xF3, 0xD7, 0x66, 0x93, 0xAA, + 0xFD, 0xA0, 0xFE, 0x03, 0x96, 0x54, 0x78, 0x35, + 0x18, 0xED, 0xB7, 0x2F, 0x40, 0xE3, 0x8E, 0x22, + 0xC6, 0xDA, 0xB0, 0x8E, 0xA0, 0xA1, 0x62, 0x03, + 0x63, 0x34, 0x11, 0xF5, 0x9E, 0xAA, 0x6B, 0xC4, + 0x14, 0x75, 0x4C, 0xF4, 0xD8, 0xD9, 0xF1, 0x76, + 0xE3, 0xD3, 0x55, 0xCE, 0x22, 0x7D, 0x4A, 0xB7, + 0xBB, 0x7F, 0x4F, 0x09, 0x88, 0x70, 0x6E, 0x09, + 0x84, 0x6B, 0x24, 0x19, 0x2C, 0x20, 0x73, 0x75 +}; + /* AES128-CTR-SHA1 test vector */ static const struct blockcipher_test_data aes_test_data_1 = { .crypto_algo = RTE_CRYPTO_CIPHER_AES_CTR,