From: Marko Kovacevic Date: Fri, 2 Nov 2018 09:55:33 +0000 (+0000) Subject: examples/fips_validation: support CMAC parsing X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=ac026f4668d031220b3203913005c0ded0a38e1d;p=dpdk.git examples/fips_validation: support CMAC parsing Added enablement for CMAC parser, to allow the application to parser the cmac request files and to validate all test types supported. Signed-off-by: Marko Kovacevic Signed-off-by: Fan Zhang Acked-by: Arek Kusztal Reviewed-by: Akhil Goyal --- diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst index db08b03e11..747c8c8a71 100644 --- a/doc/guides/sample_app_ug/fips_validation.rst +++ b/doc/guides/sample_app_ug/fips_validation.rst @@ -42,6 +42,7 @@ Limitations * Supported test vectors * AES-CBC (128,192,256) - GFSbox, KeySbox, MCT, MMT * AES-GCM (128,192,256) - EncryptExtIV, Decrypt + * AES-CMAC (128) - Generate, Verify * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512) * TDES-CBC (1 Key, 2 Keys, 3 Keys) - MMT, Monte, Permop, Subkey, Varkey, VarText diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile index 6373ac3f0c..77b15ae1f2 100644 --- a/examples/fips_validation/Makefile +++ b/examples/fips_validation/Makefile @@ -10,6 +10,7 @@ SRCS-y += fips_validation_aes.c SRCS-y += fips_validation_hmac.c SRCS-y += fips_validation_tdes.c SRCS-y += fips_validation_gcm.c +SRCS-y += fips_validation_cmac.c SRCS-y += main.c # Build using pkg-config variables if possible diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c index 1b926b8ec7..fdf6f640bd 100644 --- a/examples/fips_validation/fips_validation.c +++ b/examples/fips_validation/fips_validation.c @@ -116,6 +116,11 @@ fips_test_parse_header(void) ret = parse_test_gcm_init(); if (ret < 0) return ret; + } else if (strstr(info.vec[i], "CMAC")) { + info.algo = FIPS_TEST_ALGO_AES_CMAC; + ret = parse_test_cmac_init(); + if (ret < 0) + return 0; } else if (strstr(info.vec[i], "HMAC")) { info.algo = FIPS_TEST_ALGO_HMAC; ret = parse_test_hmac_init(); diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index 4cceff510a..8dffe8ed18 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -25,6 +25,7 @@ enum fips_test_algorithms { FIPS_TEST_ALGO_AES = 0, FIPS_TEST_ALGO_AES_GCM, + FIPS_TEST_ALGO_AES_CMAC, FIPS_TEST_ALGO_HMAC, FIPS_TEST_ALGO_TDES, FIPS_TEST_ALGO_MAX @@ -174,6 +175,9 @@ parse_test_hmac_init(void); int parse_test_gcm_init(void); +int +parse_test_cmac_init(void); + int parser_read_uint8_hex(uint8_t *value, const char *p); diff --git a/examples/fips_validation/fips_validation_cmac.c b/examples/fips_validation/fips_validation_cmac.c new file mode 100644 index 0000000000..54c951ef83 --- /dev/null +++ b/examples/fips_validation/fips_validation_cmac.c @@ -0,0 +1,116 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2018 Intel Corporation + */ + +#include +#include +#include +#include + +#include + +#include "fips_validation.h" + +#define NEW_LINE_STR "#" +#define OP_STR "CMAC" + +#define ALGO_STR "Alg = " +#define MODE_STR "Mode = " + +#define COUNT_STR "Count = " +#define KLEN_STR "Klen = " +#define PTLEN_STR "Mlen = " +#define TAGLEN_STR "Tlen = " +#define KEY_STR "Key = " +#define PT_STR "Msg = " +#define TAG_STR "Mac = " + +#define GEN_STR "Generate" +#define VERIF_STR "Verify" + +#define POS_NEG_STR "Result = " +#define PASS_STR "P" +#define FAIL_STR "F" + +struct hash_algo_conversion { + const char *str; + enum fips_test_algorithms algo; +} cmac_algo[] = { + {"AES", FIPS_TEST_ALGO_AES_CMAC}, +}; + +static int +parse_test_cmac_writeback(struct fips_val *val) +{ + if (info.op == FIPS_TEST_ENC_AUTH_GEN) { + struct fips_val tmp_val = {val->val + vec.pt.len, + vec.cipher_auth.digest.len}; + + fprintf(info.fp_wr, "%s", TAG_STR); + parse_write_hex_str(&tmp_val); + } else { + fprintf(info.fp_wr, "%s", POS_NEG_STR); + + if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) + fprintf(info.fp_wr, "%s\n", PASS_STR); + else if (vec.status == RTE_CRYPTO_OP_STATUS_AUTH_FAILED) + fprintf(info.fp_wr, "%s\n", FAIL_STR); + else + fprintf(info.fp_wr, "Error\n"); + } + + return 0; +} + +struct fips_test_callback cmac_tests_vectors[] = { + {KLEN_STR, parser_read_uint32_val, &vec.cipher_auth.key}, + {PTLEN_STR, parser_read_uint32_val, &vec.pt}, + {TAGLEN_STR, parser_read_uint32_val, &vec.cipher_auth.digest}, + {KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key}, + {PT_STR, parse_uint8_known_len_hex_str, &vec.pt}, + {TAG_STR, parse_uint8_known_len_hex_str, + &vec.cipher_auth.digest}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +int +parse_test_cmac_init(void) +{ + char *tmp; + uint32_t i, j; + + for (i = 0; i < info.nb_vec_lines; i++) { + char *line = info.vec[i]; + + tmp = strstr(line, ALGO_STR); + if (!tmp) + continue; + + for (j = 0; j < RTE_DIM(cmac_algo); j++) { + if (!strstr(line, cmac_algo[j].str)) + continue; + + info.algo = cmac_algo[j].algo; + break; + } + + if (j == RTE_DIM(cmac_algo)) + return -EINVAL; + + tmp = strstr(line, MODE_STR); + if (!tmp) + return -1; + + if (strstr(tmp, GEN_STR)) + info.op = FIPS_TEST_ENC_AUTH_GEN; + else if (strstr(tmp, VERIF_STR)) + info.op = FIPS_TEST_DEC_AUTH_VERIF; + else + return -EINVAL; + } + + info.parse_writeback = parse_test_cmac_writeback; + info.callbacks = cmac_tests_vectors; + + return 0; +} diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index c693e8792b..e953f3e6d8 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -688,6 +688,44 @@ prepare_gcm_xform(struct rte_crypto_sym_xform *xform) return 0; } +static int +prepare_cmac_xform(struct rte_crypto_sym_xform *xform) +{ + const struct rte_cryptodev_symmetric_capability *cap; + struct rte_cryptodev_sym_capability_idx cap_idx; + struct rte_crypto_auth_xform *auth_xform = &xform->auth; + + xform->type = RTE_CRYPTO_SYM_XFORM_AUTH; + + auth_xform->algo = RTE_CRYPTO_AUTH_AES_CMAC; + auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ? + RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY; + auth_xform->digest_length = vec.cipher_auth.digest.len; + auth_xform->key.data = vec.cipher_auth.key.val; + auth_xform->key.length = vec.cipher_auth.key.len; + + cap_idx.algo.auth = auth_xform->algo; + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; + + cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx); + if (!cap) { + RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n", + env.dev_id); + return -EINVAL; + } + + if (rte_cryptodev_sym_capability_check_auth(cap, + auth_xform->key.length, + auth_xform->digest_length, 0) != 0) { + RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n", + info.device_name, auth_xform->key.length, + auth_xform->digest_length); + return -EPERM; + } + + return 0; +} + static void get_writeback_data(struct fips_val *val) { @@ -1048,6 +1086,11 @@ init_test_ops(void) test_ops.prepare_xform = prepare_gcm_xform; test_ops.test = fips_generic_test; break; + case FIPS_TEST_ALGO_AES_CMAC: + test_ops.prepare_op = prepare_auth_op; + test_ops.prepare_xform = prepare_cmac_xform; + test_ops.test = fips_generic_test; + break; default: return -1; } diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build index 0cc8bc4055..a0d38fa4f7 100644 --- a/examples/fips_validation/meson.build +++ b/examples/fips_validation/meson.build @@ -14,5 +14,6 @@ sources = files( 'fips_validation_hmac.c', 'fips_validation_tdes.c', 'fips_validation_gcm.c', + 'fips_validation_cmac.c', 'main.c' )