From 72cd8f68e15787e2779785e652e91ccc9da2410b Mon Sep 17 00:00:00 2001 From: Damian Nowak Date: Wed, 3 Jul 2019 13:15:56 +0200 Subject: [PATCH] test/crypto: add KASUMI test cases for auth-cipher This patch adds test cases for kasumi in-place and out-of-place auth-cipher operations. Test cases include buffer appended digest generation with encryption and buffer decryption with appended digest verification. Signed-off-by: Damian Nowak Acked-by: Fiona Trahe --- app/test/test_cryptodev.c | 221 ++++++++++++++---- app/test/test_cryptodev_kasumi_test_vectors.h | 98 +++++++- 2 files changed, 269 insertions(+), 50 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 757722a639..518d3b5032 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -4545,87 +4545,164 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata, } static int -test_kasumi_auth_cipher(const struct kasumi_test_data *tdata) +test_kasumi_auth_cipher(const struct kasumi_test_data *tdata, + uint8_t op_mode, uint8_t verify) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; int retval; - uint8_t *plaintext, *ciphertext; - unsigned plaintext_pad_len; - unsigned plaintext_len; + uint8_t *plaintext = NULL, *ciphertext = NULL; + unsigned int plaintext_pad_len; + unsigned int plaintext_len; + unsigned int ciphertext_pad_len; + unsigned int ciphertext_len; + + struct rte_cryptodev_info dev_info; + + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info); + + uint64_t feat_flags = dev_info.feature_flags; + + if (op_mode == OUT_OF_PLACE) { + if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) { + printf("Device doesn't support digest encrypted.\n"); + return -ENOTSUP; + } + } /* Create KASUMI session */ retval = create_wireless_algo_auth_cipher_session( ts_params->valid_devs[0], - RTE_CRYPTO_CIPHER_OP_ENCRYPT, - RTE_CRYPTO_AUTH_OP_GENERATE, + (verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT + : RTE_CRYPTO_CIPHER_OP_ENCRYPT), + (verify ? RTE_CRYPTO_AUTH_OP_VERIFY + : RTE_CRYPTO_AUTH_OP_GENERATE), RTE_CRYPTO_AUTH_KASUMI_F9, RTE_CRYPTO_CIPHER_KASUMI_F8, tdata->key.data, tdata->key.len, 0, tdata->digest.len, tdata->cipher_iv.len); + if (retval < 0) return retval; + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + if (op_mode == OUT_OF_PLACE) + ut_params->obuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); /* clear mbuf payload */ memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0, - rte_pktmbuf_tailroom(ut_params->ibuf)); + rte_pktmbuf_tailroom(ut_params->ibuf)); + if (op_mode == OUT_OF_PLACE) + memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0, + rte_pktmbuf_tailroom(ut_params->obuf)); + ciphertext_len = ceil_byte_length(tdata->ciphertext.len); plaintext_len = ceil_byte_length(tdata->plaintext.len); - /* Append data which is padded to a multiple of */ - /* the algorithms block size */ + ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16); plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16); - plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, - plaintext_pad_len); - memcpy(plaintext, tdata->plaintext.data, plaintext_len); - debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len); + if (verify) { + ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + ciphertext_pad_len); + memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len); + if (op_mode == OUT_OF_PLACE) + rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len); + debug_hexdump(stdout, "ciphertext:", ciphertext, + ciphertext_len); + } else { + plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf, + plaintext_pad_len); + memcpy(plaintext, tdata->plaintext.data, plaintext_len); + if (op_mode == OUT_OF_PLACE) + rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len); + debug_hexdump(stdout, "plaintext:", plaintext, + plaintext_len); + } /* Create KASUMI operation */ - retval = create_wireless_algo_auth_cipher_operation(tdata->digest.len, - tdata->cipher_iv.data, tdata->cipher_iv.len, - NULL, 0, - plaintext_pad_len, - tdata->validCipherLenInBits.len, - tdata->validCipherOffsetInBits.len, - tdata->validAuthLenInBits.len, - 0, - IN_PLACE); + retval = create_wireless_algo_auth_cipher_operation( + tdata->digest.len, + tdata->cipher_iv.data, tdata->cipher_iv.len, + NULL, 0, + (tdata->digest.offset_bytes == 0 ? + (verify ? ciphertext_pad_len : plaintext_pad_len) + : tdata->digest.offset_bytes), + tdata->validCipherLenInBits.len, + tdata->validCipherOffsetInBits.len, + tdata->validAuthLenInBits.len, + 0, + op_mode); if (retval < 0) return retval; ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); + TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); - if (ut_params->op->sym->m_dst) - ut_params->obuf = ut_params->op->sym->m_dst; - else - ut_params->obuf = ut_params->op->sym->m_src; - ciphertext = rte_pktmbuf_mtod_offset(ut_params->obuf, uint8_t *, - tdata->validCipherOffsetInBits.len >> 3); + ut_params->obuf = (op_mode == IN_PLACE ? + ut_params->op->sym->m_src : ut_params->op->sym->m_dst); + + + if (verify) { + if (ut_params->obuf) + plaintext = rte_pktmbuf_mtod(ut_params->obuf, + uint8_t *); + else + plaintext = ciphertext; + + debug_hexdump(stdout, "plaintext:", plaintext, + (tdata->plaintext.len >> 3) - tdata->digest.len); + debug_hexdump(stdout, "plaintext expected:", + tdata->plaintext.data, + (tdata->plaintext.len >> 3) - tdata->digest.len); + } else { + if (ut_params->obuf) + ciphertext = rte_pktmbuf_mtod(ut_params->obuf, + uint8_t *); + else + ciphertext = plaintext; + + debug_hexdump(stdout, "ciphertext:", ciphertext, + ciphertext_len); + debug_hexdump(stdout, "ciphertext expected:", + tdata->ciphertext.data, tdata->ciphertext.len >> 3); + + ut_params->digest = rte_pktmbuf_mtod( + ut_params->obuf, uint8_t *) + + (tdata->digest.offset_bytes == 0 ? + plaintext_pad_len : tdata->digest.offset_bytes); + + debug_hexdump(stdout, "digest:", ut_params->digest, + tdata->digest.len); + debug_hexdump(stdout, "digest expected:", + tdata->digest.data, tdata->digest.len); + } - const uint8_t *reference_ciphertext = tdata->ciphertext.data + - (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ - TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( + if (verify) { + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( + plaintext, + tdata->plaintext.data, + tdata->plaintext.len >> 3, + "KASUMI Plaintext data not as expected"); + } else { + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - reference_ciphertext, - tdata->validCipherLenInBits.len, + tdata->ciphertext.data, + tdata->ciphertext.len >> 3, "KASUMI Ciphertext data not as expected"); - ut_params->digest = rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *) - + plaintext_pad_len; - /* Validate obuf */ - TEST_ASSERT_BUFFERS_ARE_EQUAL( + TEST_ASSERT_BUFFERS_ARE_EQUAL( ut_params->digest, tdata->digest.data, DIGEST_BYTE_LENGTH_KASUMI_F9, "KASUMI Generated auth tag not as expected"); + } return 0; } @@ -5428,7 +5505,43 @@ test_snow3g_auth_cipher_with_digest_test_case_1(void) static int test_kasumi_auth_cipher_test_case_1(void) { - return test_kasumi_auth_cipher(&kasumi_test_case_3); + return test_kasumi_auth_cipher( + &kasumi_test_case_3, IN_PLACE, 0); +} + +static int +test_kasumi_auth_cipher_test_case_2(void) +{ + return test_kasumi_auth_cipher( + &kasumi_auth_cipher_test_case_2, IN_PLACE, 0); +} + +static int +test_kasumi_auth_cipher_test_case_2_oop(void) +{ + return test_kasumi_auth_cipher( + &kasumi_auth_cipher_test_case_2, OUT_OF_PLACE, 0); +} + +static int +test_kasumi_auth_cipher_verify_test_case_1(void) +{ + return test_kasumi_auth_cipher( + &kasumi_test_case_3, IN_PLACE, 1); +} + +static int +test_kasumi_auth_cipher_verify_test_case_2(void) +{ + return test_kasumi_auth_cipher( + &kasumi_auth_cipher_test_case_2, IN_PLACE, 1); +} + +static int +test_kasumi_auth_cipher_verify_test_case_2_oop(void) +{ + return test_kasumi_auth_cipher( + &kasumi_auth_cipher_test_case_2, OUT_OF_PLACE, 1); } static int @@ -9727,10 +9840,24 @@ static struct unit_test_suite cryptodev_qat_testsuite = { test_kasumi_encryption_test_case_1), TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_encryption_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_cipher_auth_test_case_1), + + /** KASUMI generate auth, then encrypt (F8) */ TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_auth_cipher_test_case_1), TEST_CASE_ST(ut_setup, ut_teardown, - test_kasumi_cipher_auth_test_case_1), + test_kasumi_auth_cipher_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_auth_cipher_test_case_2_oop), + + /** KASUMI decrypt (F8), then verify auth */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_auth_cipher_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_auth_cipher_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_auth_cipher_verify_test_case_2_oop), /** Negative tests */ TEST_CASE_ST(ut_setup, ut_teardown, @@ -10346,10 +10473,24 @@ static struct unit_test_suite cryptodev_sw_kasumi_testsuite = { test_kasumi_hash_verify_test_case_4), TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_hash_verify_test_case_5), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_cipher_auth_test_case_1), + + /** KASUMI generate auth, then encrypt (F8) */ TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_auth_cipher_test_case_1), TEST_CASE_ST(ut_setup, ut_teardown, - test_kasumi_cipher_auth_test_case_1), + test_kasumi_auth_cipher_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_auth_cipher_test_case_2_oop), + + /** KASUMI decrypt (F8), then verify auth */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_auth_cipher_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_auth_cipher_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_auth_cipher_verify_test_case_2_oop), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_cryptodev_kasumi_test_vectors.h b/app/test/test_cryptodev_kasumi_test_vectors.h index 58a696a339..f0a6d553d7 100644 --- a/app/test/test_cryptodev_kasumi_test_vectors.h +++ b/app/test/test_cryptodev_kasumi_test_vectors.h @@ -8,12 +8,12 @@ struct kasumi_test_data { struct { uint8_t data[64]; - unsigned len; + unsigned int len; } key; struct { uint8_t data[64] __rte_aligned(16); - unsigned len; + unsigned int len; } cipher_iv; /* @@ -23,20 +23,20 @@ struct kasumi_test_data { */ struct { uint8_t data[1024]; - unsigned len; /* length must be in Bits */ + unsigned int len; /* length must be in Bits */ } plaintext; struct { - unsigned len; + unsigned int len; } validDataLenInBits; struct { uint8_t data[1024]; - unsigned len; /* length must be in Bits */ + unsigned int len; /* length must be in Bits */ } ciphertext; struct { - unsigned len; + unsigned int len; } validCipherLenInBits; struct { @@ -45,12 +45,13 @@ struct kasumi_test_data { /* Actual length of data to be hashed */ struct { - unsigned len; + unsigned int len; } validAuthLenInBits; struct { uint8_t data[64]; - unsigned len; + unsigned int len; + unsigned int offset_bytes; /* offset must be in Bytes */ } digest; }; @@ -205,7 +206,8 @@ struct kasumi_test_data kasumi_test_case_3 = { }, .digest = { .data = {0x87, 0x5F, 0xE4, 0x89}, - .len = 4 + .len = 4, + .offset_bytes = 0 } }; @@ -353,7 +355,83 @@ struct kasumi_test_data kasumi_test_case_6 = { }, .digest = { .data = {0x0F, 0xD2, 0xAA, 0xB5}, - .len = 4 + .len = 4, + .offset_bytes = 0 + } +}; + +struct kasumi_test_data kasumi_auth_cipher_test_case_2 = { + .key = { + .data = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10 + }, + .len = 16 + }, + .cipher_iv = { + .data = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 + }, + .len = 8 + }, + .plaintext = { + .data = { + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A + }, + .len = 128 << 3 + }, + .ciphertext = { + .data = { + 0x5A, 0x5A, 0xFA, 0xC6, 0xA9, 0x09, 0x91, 0x74, + 0x35, 0xAA, 0x85, 0xB0, 0xE0, 0x07, 0x78, 0xDA, + 0x05, 0x88, 0x4E, 0x8D, 0xEC, 0x41, 0xF3, 0xBC, + 0x0D, 0x9F, 0xE3, 0xEF, 0x8E, 0x33, 0x22, 0xF3, + 0x15, 0x4B, 0x12, 0xC2, 0x22, 0x12, 0xD6, 0x46, + 0xD7, 0x27, 0x20, 0x1D, 0x50, 0x60, 0x9D, 0x42, + 0xF6, 0x73, 0xF5, 0x28, 0x88, 0xBE, 0x60, 0xEC, + 0x9C, 0x18, 0x81, 0xC4, 0x0A, 0xF4, 0xD5, 0x7A, + 0xB5, 0x3F, 0x1A, 0x79, 0xAB, 0x79, 0xDB, 0x24, + 0xF9, 0x6E, 0x86, 0x78, 0x10, 0x19, 0xAE, 0xD8, + 0xB2, 0xCA, 0x32, 0x8D, 0xD8, 0x28, 0x8B, 0x2F, + 0x5B, 0x3C, 0xE3, 0x7D, 0xD3, 0x70, 0x11, 0xDE, + 0x2C, 0xDC, 0xC1, 0xC6, 0xB6, 0xFD, 0xF3, 0x7D, + 0x38, 0x97, 0x8B, 0x81, 0x02, 0x88, 0x62, 0x3C, + 0x1E, 0x1A, 0x93, 0x21, 0xE3, 0x6D, 0xD7, 0x20, + 0x80, 0xA8, 0xDA, 0x18, 0x8F, 0x58, 0x0F, 0x4E + }, + .len = 128 << 3 + }, + .validDataLenInBits = { + .len = 128 << 3 + }, + .validCipherLenInBits = { + .len = 126 << 3 + }, + .validAuthLenInBits = { + .len = 124 << 3 + }, + .validCipherOffsetInBits = { + .len = 2 << 3 + }, + .digest = { + .data = {0x8F, 0x58, 0x0F, 0x4E}, + .len = 4, + .offset_bytes = 124 } }; #endif /* TEST_CRYPTODEV_KASUMI_TEST_VECTORS_H_ */ -- 2.20.1