From 9333cfba3bee4e1470344422cfb6531b8e09fceb Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Fri, 14 Jul 2017 08:06:52 +0100 Subject: [PATCH] cryptodev: fix KASUMI F9 expected parameters For KASUMI F9 algorithm, COUNT, FRESH and DIRECTION input values need to be contiguous with the message, as described in the KASUMI and QAT PMD documentation. Before, the COUNT and FRESH values were set as part of the AAD (now IV), but always set before the beginning of the message. Since now the IV is set after the crypto operation, it is not possible to have these values in the expected location. Therefore, as these are required to be contiguous, cryptodev API will expect these them to be passed as a single buffer, already constructed, so authentication IV parameters not needed anymore. Fixes: 681f540da52b ("cryptodev: do not use AAD in wireless algorithms") Signed-off-by: Pablo de Lara Acked-by: Fiona Trahe --- doc/guides/cryptodevs/kasumi.rst | 19 +- doc/guides/cryptodevs/qat.rst | 20 +- drivers/crypto/kasumi/rte_kasumi_pmd.c | 27 +-- drivers/crypto/kasumi/rte_kasumi_pmd_ops.c | 6 +- .../crypto/kasumi/rte_kasumi_pmd_private.h | 1 - drivers/crypto/qat/qat_crypto.c | 13 +- drivers/crypto/qat/qat_crypto_capabilities.h | 6 +- lib/librte_cryptodev/rte_crypto_sym.h | 27 ++- test/test/test_cryptodev.c | 171 +++++++++++------- .../test_cryptodev_kasumi_hash_test_vectors.h | 102 ++--------- .../test/test_cryptodev_kasumi_test_vectors.h | 72 +++++--- 11 files changed, 234 insertions(+), 230 deletions(-) diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst index 738ecee07b..ee92952290 100644 --- a/doc/guides/cryptodevs/kasumi.rst +++ b/doc/guides/cryptodevs/kasumi.rst @@ -51,7 +51,7 @@ Limitations ----------- * Chained mbufs are not supported. -* KASUMI(F9) supported only if hash offset field is byte-aligned. +* KASUMI(F9) supported only if hash offset and length field is byte-aligned. * In-place bit-level operations for KASUMI(F8) are not supported (if length and/or offset of data to be ciphered is not byte-aligned). @@ -120,3 +120,20 @@ Example: .. code-block:: console ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_kasumi,socket_id=1,max_nb_sessions=128" + +Extra notes on KASUMI F9 +------------------------ + +When using KASUMI F9 authentication algorithm, the input buffer must be +constructed according to the 3GPP KASUMI specifications (section 4.4, page 13): +``_. +Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) +concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by +between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits. +Note that the actual message can be any length, specified in bits. + +Once this buffer is passed this way, when creating the crypto operation, +length of data to authenticate (op.sym.auth.data.length) must be the length +of all the items described above, including the padding at the end. +Also, offset of data to authenticate (op.sym.auth.data.offset) +must be such that points at the start of the COUNT bytes. diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index 6320c66477..b0b1760847 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -86,7 +86,7 @@ Limitations * Only supports the session-oriented API implementation (session-less APIs are not supported). * SNOW 3G (UEA2), KASUMI (F8) and ZUC (EEA3) supported only if cipher length and offset fields are byte-multiple. -* SNOW 3G (UIA2), KASUMI (F9) and ZUC (EIA3) supported only if hash length and offset fields are byte-multiple. +* SNOW 3G (UIA2) and ZUC (EIA3) supported only if hash length and offset fields are byte-multiple. * No BSD support as BSD QAT kernel driver not available. * ZUC EEA3/EIA3 is not supported by dh895xcc devices * Maximum additional authenticated data (AAD) for GCM is 240 bytes long. @@ -365,3 +365,21 @@ Another way to bind the VFs to the DPDK UIO driver is by using the cd to the top-level DPDK directory ./usertools/dpdk-devbind.py -b igb_uio 0000:03:01.1 + + +Extra notes on KASUMI F9 +------------------------ + +When using KASUMI F9 authentication algorithm, the input buffer must be +constructed according to the 3GPP KASUMI specifications (section 4.4, page 13): +``_. +Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) +concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by +between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits. +Note that the actual message can be any length, specified in bits. + +Once this buffer is passed this way, when creating the crypto operation, +length of data to authenticate (op.sym.auth.data.length) must be the length +of all the items described above, including the padding at the end. +Also, offset of data to authenticate (op.sym.auth.data.offset) +must be such that points at the start of the COUNT bytes. diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c index cff40fb55c..0e129136ae 100644 --- a/drivers/crypto/kasumi/rte_kasumi_pmd.c +++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c @@ -142,12 +142,6 @@ kasumi_set_session_parameters(struct kasumi_session *sess, sess->auth_op = auth_xform->auth.op; - sess->auth_iv_offset = auth_xform->auth.iv.offset; - if (auth_xform->auth.iv.length != KASUMI_IV_LENGTH) { - KASUMI_LOG_ERR("Wrong IV length"); - return -EINVAL; - } - /* Initialize key */ sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data, &sess->pKeySched_hash); @@ -274,12 +268,8 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, unsigned i; uint8_t processed_ops = 0; uint8_t *src, *dst; - uint8_t *iv_ptr; uint32_t length_in_bits; uint32_t num_bytes; - uint32_t shift_bits; - uint64_t iv; - uint8_t direction; for (i = 0; i < num_ops; i++) { /* Data must be byte aligned */ @@ -293,21 +283,15 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) + (ops[i]->sym->auth.data.offset >> 3); - iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *, - session->auth_iv_offset); - iv = *((uint64_t *)(iv_ptr)); /* Direction from next bit after end of message */ - num_bytes = (length_in_bits >> 3) + 1; - shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN; - direction = (src[num_bytes - 1] >> shift_bits) & 0x01; + num_bytes = length_in_bits >> 3; if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src, KASUMI_DIGEST_LENGTH); + sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src, + num_bytes, dst); - sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash, - iv, src, - length_in_bits, dst, direction); /* Verify digest. */ if (memcmp(dst, ops[i]->sym->auth.digest.data, KASUMI_DIGEST_LENGTH) != 0) @@ -319,9 +303,8 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, } else { dst = ops[i]->sym->auth.digest.data; - sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash, - iv, src, - length_in_bits, dst, direction); + sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src, + num_bytes, dst); } processed_ops++; } diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c index e92ccbd7c8..952e20e9cf 100644 --- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c +++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c @@ -56,11 +56,7 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = { .max = 4, .increment = 0 }, - .iv_size = { - .min = 8, - .max = 8, - .increment = 0 - } + .iv_size = { 0 } }, } }, } }, diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h index 9315a791c7..0ce2a2e301 100644 --- a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h +++ b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h @@ -96,7 +96,6 @@ struct kasumi_session { enum kasumi_operation op; enum rte_crypto_auth_operation auth_op; uint16_t cipher_iv_offset; - uint16_t auth_iv_offset; } __rte_cache_aligned; diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c index f94a1b03d1..098109e497 100644 --- a/drivers/crypto/qat/qat_crypto.c +++ b/drivers/crypto/qat/qat_crypto.c @@ -1195,18 +1195,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg, auth_ofs = op->sym->auth.data.offset >> 3; auth_len = op->sym->auth.data.length >> 3; - if (ctx->qat_hash_alg == - ICP_QAT_HW_AUTH_ALGO_KASUMI_F9) { - if (do_cipher) { - auth_len = auth_len + auth_ofs + 1 - - ICP_QAT_HW_KASUMI_BLK_SZ; - auth_ofs = ICP_QAT_HW_KASUMI_BLK_SZ; - } else { - auth_len = auth_len + auth_ofs + 1; - auth_ofs = 0; - } - } else - auth_param->u1.aad_adr = + auth_param->u1.aad_adr = rte_crypto_op_ctophys_offset(op, ctx->auth_iv.offset); diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h index 16b2c11db2..d18bcbdaa7 100644 --- a/drivers/crypto/qat/qat_crypto_capabilities.h +++ b/drivers/crypto/qat/qat_crypto_capabilities.h @@ -421,11 +421,7 @@ .max = 4, \ .increment = 0 \ }, \ - .iv_size = { \ - .min = 8, \ - .max = 8, \ - .increment = 0 \ - } \ + .iv_size = { 0 } \ }, } \ }, } \ }, \ diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index f1b2f38e3b..f9955a4464 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -332,10 +332,12 @@ struct rte_crypto_auth_xform { * specified as number of bytes from start of crypto * operation (rte_crypto_op). * - * - For KASUMI in F9 mode, SNOW 3G in UIA2 mode, - * for ZUC in EIA3 mode and for AES-GMAC, this is the - * authentication Initialisation Vector (IV) value. + * - For SNOW 3G in UIA2 mode, for ZUC in EIA3 mode and + * for AES-GMAC, this is the authentication + * Initialisation Vector (IV) value. * + * - For KASUMI in F9 mode and other authentication + * algorithms, this field is not used. * * For optimum performance, the data pointed to SHOULD * be 8-byte aligned. @@ -343,9 +345,11 @@ struct rte_crypto_auth_xform { uint16_t length; /**< Length of valid IV data. * - * - For KASUMI in F9 mode, SNOW3G in UIA2 mode, for - * ZUC in EIA3 mode and for AES-GMAC, this is the length - * of the IV. + * - For SNOW3G in UIA2 mode, for ZUC in EIA3 mode and + * for AES-GMAC, this is the length of the IV. + * + * - For KASUMI in F9 mode and other authentication + * algorithms, this field is not used. * */ } iv; /**< Initialisation vector parameters */ @@ -625,6 +629,11 @@ struct rte_crypto_sym_op { * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9 * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3, * this field should be in bits. + * + * @note + * For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9, + * this offset should be such that + * data to authenticate starts at COUNT. */ uint32_t length; /**< The message length, in bytes, of the source @@ -635,6 +644,12 @@ struct rte_crypto_sym_op { * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9 * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3, * this field should be in bits. + * + * @note + * For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9, + * the length should include the COUNT, + * FRESH, message, direction bit and padding + * (to be multiple of 8 bits). */ } data; /**< Data offsets and length for authentication */ diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 483664598e..d998cdd0ab 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -2353,9 +2353,9 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag, rte_memcpy(iv_ptr, auth_iv, auth_iv_len); sym_op->cipher.data.length = cipher_len; - sym_op->cipher.data.offset = cipher_offset + auth_offset; + sym_op->cipher.data.offset = cipher_offset; sym_op->auth.data.length = auth_len; - sym_op->auth.data.offset = auth_offset + cipher_offset; + sym_op->auth.data.offset = auth_offset; return 0; } @@ -2409,10 +2409,10 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len, rte_memcpy(iv_ptr, auth_iv, auth_iv_len); sym_op->cipher.data.length = cipher_len; - sym_op->cipher.data.offset = auth_offset + cipher_offset; + sym_op->cipher.data.offset = cipher_offset; sym_op->auth.data.length = auth_len; - sym_op->auth.data.offset = auth_offset + cipher_offset; + sym_op->auth.data.offset = auth_offset; return 0; } @@ -2551,7 +2551,7 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata) /* Create KASUMI session */ retval = create_wireless_algo_hash_session(ts_params->valid_devs[0], tdata->key.data, tdata->key.len, - tdata->auth_iv.len, tdata->digest.len, + 0, tdata->digest.len, RTE_CRYPTO_AUTH_OP_GENERATE, RTE_CRYPTO_AUTH_KASUMI_F9); if (retval < 0) @@ -2573,9 +2573,9 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len, - tdata->auth_iv.data, tdata->auth_iv.len, + NULL, 0, plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE, - tdata->validAuthLenInBits.len, + tdata->plaintext.len, 0); if (retval < 0) return retval; @@ -2611,7 +2611,7 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata) /* Create KASUMI session */ retval = create_wireless_algo_hash_session(ts_params->valid_devs[0], tdata->key.data, tdata->key.len, - tdata->auth_iv.len, tdata->digest.len, + 0, tdata->digest.len, RTE_CRYPTO_AUTH_OP_VERIFY, RTE_CRYPTO_AUTH_KASUMI_F9); if (retval < 0) @@ -2633,10 +2633,10 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_hash_operation(tdata->digest.data, tdata->digest.len, - tdata->auth_iv.data, tdata->auth_iv.len, + NULL, 0, plaintext_pad_len, RTE_CRYPTO_AUTH_OP_VERIFY, - tdata->validAuthLenInBits.len, + tdata->plaintext.len, 0); if (retval < 0) return retval; @@ -2834,9 +2834,9 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->plaintext.len, - 0); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -2848,14 +2848,16 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata) if (ut_params->obuf) ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); else - ciphertext = plaintext; + ciphertext = plaintext + (tdata->validCipherOffsetInBits.len >> 3); TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len); + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - tdata->ciphertext.data, + reference_ciphertext, tdata->validCipherLenInBits.len, "KASUMI Ciphertext data not as expected"); return 0; @@ -2907,9 +2909,9 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->plaintext.len, - 0); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -2923,19 +2925,22 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata) ciphertext = rte_pktmbuf_read(ut_params->obuf, 0, plaintext_len, buffer); else - ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0, + ciphertext = rte_pktmbuf_read(ut_params->ibuf, + tdata->validCipherOffsetInBits.len >> 3, plaintext_len, buffer); /* Validate obuf */ TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len); - /* Validate obuf */ - TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( - ciphertext, - tdata->ciphertext.data, - tdata->validCipherLenInBits.len, - "KASUMI Ciphertext data not as expected"); - return 0; + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); + /* Validate obuf */ + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( + ciphertext, + reference_ciphertext, + tdata->validCipherLenInBits.len, + "KASUMI Ciphertext data not as expected"); + return 0; } static int @@ -2978,9 +2983,9 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->plaintext.len, - 0); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -2992,14 +2997,16 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata) if (ut_params->obuf) ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); else - ciphertext = plaintext; + ciphertext = plaintext + (tdata->validCipherOffsetInBits.len >> 3); TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len); + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - tdata->ciphertext.data, + reference_ciphertext, tdata->validCipherLenInBits.len, "KASUMI Ciphertext data not as expected"); return 0; @@ -3052,9 +3059,9 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->plaintext.len, - 0); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -3067,13 +3074,16 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata) ciphertext = rte_pktmbuf_read(ut_params->obuf, 0, plaintext_pad_len, buffer); else - ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0, + ciphertext = rte_pktmbuf_read(ut_params->ibuf, + tdata->validCipherOffsetInBits.len >> 3, plaintext_pad_len, buffer); + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - tdata->ciphertext.data, + reference_ciphertext, tdata->validCipherLenInBits.len, "KASUMI Ciphertext data not as expected"); return 0; @@ -3120,9 +3130,9 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->ciphertext.len, - 0); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -3134,14 +3144,16 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata) if (ut_params->obuf) plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); else - plaintext = ciphertext; + plaintext = ciphertext + (tdata->validCipherOffsetInBits.len >> 3); TEST_HEXDUMP(stdout, "plaintext:", plaintext, ciphertext_len); + const uint8_t *reference_plaintext = tdata->plaintext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( plaintext, - tdata->plaintext.data, + reference_plaintext, tdata->validCipherLenInBits.len, "KASUMI Plaintext data not as expected"); return 0; @@ -3187,7 +3199,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata) retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data, tdata->cipher_iv.len, tdata->ciphertext.len, - 0); + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -3199,14 +3211,16 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata) if (ut_params->obuf) plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); else - plaintext = ciphertext; + plaintext = ciphertext + (tdata->validCipherOffsetInBits.len >> 3); TEST_HEXDUMP(stdout, "plaintext:", plaintext, ciphertext_len); + const uint8_t *reference_plaintext = tdata->plaintext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( plaintext, - tdata->plaintext.data, + reference_plaintext, tdata->validCipherLenInBits.len, "KASUMI Plaintext data not as expected"); return 0; @@ -3947,7 +3961,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata) RTE_CRYPTO_AUTH_KASUMI_F9, RTE_CRYPTO_CIPHER_KASUMI_F8, tdata->key.data, tdata->key.len, - tdata->auth_iv.len, tdata->digest.len, + 0, tdata->digest.len, tdata->cipher_iv.len); if (retval < 0) return retval; @@ -3970,10 +3984,10 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_auth_cipher_operation(tdata->digest.len, tdata->cipher_iv.data, tdata->cipher_iv.len, - tdata->auth_iv.data, tdata->auth_iv.len, + NULL, 0, plaintext_pad_len, tdata->validCipherLenInBits.len, - 0, + tdata->validCipherOffsetInBits.len, tdata->validAuthLenInBits.len, 0 ); @@ -3984,19 +3998,23 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata) ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); - ut_params->obuf = ut_params->op->sym->m_src; - if (ut_params->obuf) - ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); + if (ut_params->op->sym->m_dst) + ut_params->obuf = ut_params->op->sym->m_dst; else - ciphertext = plaintext; + ut_params->obuf = ut_params->op->sym->m_src; + ciphertext = rte_pktmbuf_mtod_offset(ut_params->obuf, uint8_t *, + tdata->validCipherOffsetInBits.len >> 3); + + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - tdata->ciphertext.data, + reference_ciphertext, tdata->validCipherLenInBits.len, "KASUMI Ciphertext data not as expected"); - ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *) + ut_params->digest = rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *) + plaintext_pad_len; /* Validate obuf */ @@ -4028,7 +4046,7 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata) RTE_CRYPTO_AUTH_KASUMI_F9, RTE_CRYPTO_CIPHER_KASUMI_F8, tdata->key.data, tdata->key.len, - tdata->auth_iv.len, tdata->digest.len, + 0, tdata->digest.len, tdata->cipher_iv.len); if (retval < 0) return retval; @@ -4051,12 +4069,11 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_hash_operation(tdata->digest.data, - tdata->digest.len, tdata->auth_iv.data, - tdata->auth_iv.len, + tdata->digest.len, NULL, 0, plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE, tdata->cipher_iv.data, tdata->cipher_iv.len, - tdata->validCipherLenInBits.len, - 0, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len, tdata->validAuthLenInBits.len, 0 ); @@ -4066,19 +4083,24 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata) ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); - ut_params->obuf = ut_params->op->sym->m_src; - if (ut_params->obuf) - ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); + + if (ut_params->op->sym->m_dst) + ut_params->obuf = ut_params->op->sym->m_dst; else - ciphertext = plaintext; + ut_params->obuf = ut_params->op->sym->m_src; + + ciphertext = rte_pktmbuf_mtod_offset(ut_params->obuf, uint8_t *, + tdata->validCipherOffsetInBits.len >> 3); ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *) + plaintext_pad_len; + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - tdata->ciphertext.data, + reference_ciphertext, tdata->validCipherLenInBits.len, "KASUMI Ciphertext data not as expected"); @@ -8206,10 +8228,31 @@ static struct unit_test_suite cryptodev_qat_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_null_auth_cipher_operation), + /** KASUMI tests */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_generate_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_generate_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_generate_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_generate_test_case_4), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_generate_test_case_5), TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_hash_generate_test_case_6), - /** KASUMI tests */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_verify_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_verify_test_case_4), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_verify_test_case_5), + TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_encryption_test_case_1), TEST_CASE_ST(ut_setup, ut_teardown, diff --git a/test/test/test_cryptodev_kasumi_hash_test_vectors.h b/test/test/test_cryptodev_kasumi_hash_test_vectors.h index 61dbb09e80..a6dd4f5c50 100644 --- a/test/test/test_cryptodev_kasumi_hash_test_vectors.h +++ b/test/test/test_cryptodev_kasumi_hash_test_vectors.h @@ -39,24 +39,16 @@ struct kasumi_hash_test_data { unsigned len; } key; - /* Includes: COUNT (4 bytes) and FRESH (4 bytes) */ - struct { - uint8_t data[8]; - unsigned len; - } auth_iv; - - /* Includes message and DIRECTION (1 bit), plus 1 0*, - * with enough 0s, so total length is multiple of 64 bits */ + /* + * Includes COUNT (4 bytes), FRESH (4 bytes), message + * and DIRECTION (1 bit), plus 1 0*, with enough 0s, + * so total length is multiple of 8 or 64 bits + */ struct { uint8_t data[2056]; unsigned len; /* length must be in Bits */ } plaintext; - /* Actual length of data to be hashed */ - struct { - unsigned len; - } validAuthLenInBits; - struct { uint8_t data[64]; unsigned len; @@ -71,22 +63,14 @@ struct kasumi_hash_test_data kasumi_hash_test_case_1 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, - }, - .len = 8 - }, .plaintext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0x6B, 0x22, 0x77, 0x37, 0x29, 0x6F, 0x39, 0x3C, 0x80, 0x79, 0x35, 0x3E, 0xDC, 0x87, 0xE2, 0xE8, 0x05, 0xD2, 0xEC, 0x49, 0xA4, 0xF2, 0xD8, 0xE2 }, - .len = 192 - }, - .validAuthLenInBits = { - .len = 189 + .len = 256 }, .digest = { .data = {0xF6, 0x3B, 0xD7, 0x2C}, @@ -102,23 +86,15 @@ struct kasumi_hash_test_data kasumi_hash_test_case_2 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x3E, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0xD8, 0xE2, - }, - .len = 8 - }, .plaintext = { .data = { + 0x3E, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0xD8, 0xE2, 0xB5, 0x92, 0x43, 0x84, 0x32, 0x8A, 0x4A, 0xE0, 0x0B, 0x73, 0x71, 0x09, 0xF8, 0xB6, 0xC8, 0xDD, 0x2B, 0x4D, 0xB6, 0x3D, 0xD5, 0x33, 0x98, 0x1C, 0xEB, 0x19, 0xAA, 0xD5, 0x2A, 0x5B, 0x2B, 0xC3 }, - .len = 256 - }, - .validAuthLenInBits = { - .len = 254 + .len = 320 }, .digest = { .data = {0xA9, 0xDA, 0xF1, 0xFF}, @@ -134,14 +110,9 @@ struct kasumi_hash_test_data kasumi_hash_test_case_3 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x36, 0xAF, 0x61, 0x44, 0x98, 0x38, 0xF0, 0x3A, - }, - .len = 8 - }, .plaintext = { .data = { + 0x36, 0xAF, 0x61, 0x44, 0x98, 0x38, 0xF0, 0x3A, 0x59, 0x32, 0xBC, 0x0A, 0xCE, 0x2B, 0x0A, 0xBA, 0x33, 0xD8, 0xAC, 0x18, 0x8A, 0xC5, 0x4F, 0x34, 0x6F, 0xAD, 0x10, 0xBF, 0x9D, 0xEE, 0x29, 0x20, @@ -149,10 +120,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_3 = { 0xDF, 0x6C, 0xAA, 0x72, 0x05, 0x3A, 0xBF, 0xF3, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - .len = 384 - }, - .validAuthLenInBits = { - .len = 319 + .len = 448 }, .digest = { .data = {0x15, 0x37, 0xD3, 0x16}, @@ -168,14 +136,9 @@ struct kasumi_hash_test_data kasumi_hash_test_case_4 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD - }, - .len = 8 - }, .plaintext = { .data = { + 0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD, 0xD0, 0xA7, 0xD4, 0x63, 0xDF, 0x9F, 0xB2, 0xB2, 0x78, 0x83, 0x3F, 0xA0, 0x2E, 0x23, 0x5A, 0xA1, 0x72, 0xBD, 0x97, 0x0C, 0x14, 0x73, 0xE1, 0x29, @@ -184,11 +147,8 @@ struct kasumi_hash_test_data kasumi_hash_test_case_4 = { 0xA4, 0x99, 0x27, 0x6A, 0x50, 0x42, 0x70, 0x09, 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - .len = 448 + .len = 512 }, - .validAuthLenInBits = { - .len = 384 - }, .digest = { .data = {0xDD, 0x7D, 0xFA, 0xDD }, .len = 4 @@ -203,14 +163,9 @@ struct kasumi_hash_test_data kasumi_hash_test_case_5 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37, - }, - .len = 8 - }, .plaintext = { .data = { + 0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37, 0x10, 0xBF, 0xFF, 0x83, 0x9E, 0x0C, 0x71, 0x65, 0x8D, 0xBB, 0x2D, 0x17, 0x07, 0xE1, 0x45, 0x72, 0x4F, 0x41, 0xC1, 0x6F, 0x48, 0xBF, 0x40, 0x3C, @@ -228,10 +183,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_5 = { 0x3D, 0x7C, 0xFE, 0xE9, 0x45, 0x85, 0xB5, 0x88, 0x5C, 0xAC, 0x46, 0x06, 0x8B, 0xC0, 0x00, 0x00 }, - .len = 1024 - }, - .validAuthLenInBits = { - .len = 1000 + .len = 1088 }, .digest = { .data = {0xC3, 0x83, 0x83, 0x9D}, @@ -247,14 +199,9 @@ struct kasumi_hash_test_data kasumi_hash_test_case_6 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x36, 0xAF, 0x61, 0x44, 0x4F, 0x30, 0x2A, 0xD2 - }, - .len = 8 - }, .plaintext = { .data = { + 0x36, 0xAF, 0x61, 0x44, 0x4F, 0x30, 0x2A, 0xD2, 0x35, 0xC6, 0x87, 0x16, 0x63, 0x3C, 0x66, 0xFB, 0x75, 0x0C, 0x26, 0x68, 0x65, 0xD5, 0x3C, 0x11, 0xEA, 0x05, 0xB1, 0xE9, 0xFA, 0x49, 0xC8, 0x39, @@ -269,10 +216,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_6 = { 0x74, 0xCD, 0xA5, 0xA4, 0x85, 0xF7, 0x4D, 0x7A, 0xC0 }, - .len = 776 - }, - .validAuthLenInBits = { - .len = 768 + .len = 840 }, .digest = { .data = {0x95, 0xAE, 0x41, 0xBA}, @@ -288,21 +232,13 @@ struct kasumi_hash_test_data kasumi_hash_test_case_7 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, - }, - .len = 8 - }, .plaintext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0xAD, 0x9C, 0x44, 0x1F, 0x89, 0x0B, 0x38, 0xC4, 0x57, 0xA4, 0x9D, 0x42, 0x14, 0x07, 0xE8, 0xC0 }, - .len = 128 - }, - .validAuthLenInBits = { - .len = 120 + .len = 192 }, .digest = { .data = {0x87, 0x5F, 0xE4, 0x89}, diff --git a/test/test/test_cryptodev_kasumi_test_vectors.h b/test/test/test_cryptodev_kasumi_test_vectors.h index ee6ddefcc3..0d042d0b2e 100644 --- a/test/test/test_cryptodev_kasumi_test_vectors.h +++ b/test/test/test_cryptodev_kasumi_test_vectors.h @@ -44,14 +44,13 @@ struct kasumi_test_data { unsigned len; } cipher_iv; - /* Includes: COUNT (4 bytes) and FRESH (4 bytes) */ + /* + * Data may include COUNT (4 bytes), FRESH (4 bytes), + * DIRECTION (1 bit), plus 1 0*, with enough 0s, + * so total length is multiple of 8 or 64 bits + */ struct { - uint8_t data[8]; - unsigned len; - } auth_iv; - - struct { - uint8_t data[1024]; /* Data may include direction bit */ + uint8_t data[1024]; unsigned len; /* length must be in Bits */ } plaintext; @@ -68,6 +67,10 @@ struct kasumi_test_data { unsigned len; } validCipherLenInBits; + struct { + unsigned int len; + } validCipherOffsetInBits; + /* Actual length of data to be hashed */ struct { unsigned len; @@ -132,6 +135,9 @@ struct kasumi_test_data kasumi_test_case_1 = { }, .validCipherLenInBits = { .len = 798 + }, + .validCipherOffsetInBits = { + .len = 0 } }; @@ -177,6 +183,9 @@ struct kasumi_test_data kasumi_test_case_2 = { }, .validCipherLenInBits = { .len = 510 + }, + .validCipherOffsetInBits = { + .len = 0 } }; @@ -194,34 +203,33 @@ struct kasumi_test_data kasumi_test_case_3 = { }, .len = 8 }, - .auth_iv = { - .data = { - 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49 - }, - .len = 8 - }, .plaintext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0xAD, 0x9C, 0x44, 0x1F, 0x89, 0x0B, 0x38, 0xC4, 0x57, 0xA4, 0x9D, 0x42, 0x14, 0x07, 0xE8, 0xC0 }, - .len = 128 + .len = 192 }, .ciphertext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0x9B, 0xC9, 0x2C, 0xA8, 0x03, 0xC6, 0x7B, 0x28, - 0xA1, 0x1A, 0x4B, 0xEE, 0x5A, 0x0C, 0x25 + 0xA1, 0x1A, 0x4B, 0xEE, 0x5A, 0x0C, 0x25, 0xC0 }, - .len = 120 + .len = 192 }, .validDataLenInBits = { - .len = 128 + .len = 192 }, .validCipherLenInBits = { .len = 120 }, .validAuthLenInBits = { - .len = 120 + .len = 192 + }, + .validCipherOffsetInBits = { + .len = 64 }, .digest = { .data = {0x87, 0x5F, 0xE4, 0x89}, @@ -263,6 +271,9 @@ struct kasumi_test_data kasumi_test_case_4 = { }, .validCipherLenInBits = { .len = 253 + }, + .validCipherOffsetInBits = { + .len = 0 } }; @@ -320,6 +331,9 @@ struct kasumi_test_data kasumi_test_case_5 = { }, .validCipherLenInBits = { .len = 837 + }, + .validCipherOffsetInBits = { + .len = 0 } }; @@ -337,39 +351,37 @@ struct kasumi_test_data kasumi_test_case_6 = { }, .len = 8 }, - .auth_iv = { - .data = { - 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49 - }, - .len = 8 - }, .plaintext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0xAD, 0x9C, 0x44, 0x1F, 0x89, 0x0B, 0x38, 0xC4, 0x57, 0xA4, 0x9D, 0x42, 0x14, 0x07, 0xE8, 0xC0 }, - .len = 128 + .len = 192 }, .ciphertext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0x9B, 0xC9, 0x2C, 0xA8, 0x03, 0xC6, 0x7B, 0x28, - 0xA1, 0x1A, 0x4B, 0xEE, 0x5A, 0x0C, 0x25 + 0xA1, 0x1A, 0x4B, 0xEE, 0x5A, 0x0C, 0x25, 0xC0 }, - .len = 120 + .len = 192 }, .validDataLenInBits = { - .len = 128 + .len = 192 }, .validCipherLenInBits = { .len = 120 }, + .validCipherOffsetInBits = { + .len = 64 + }, .validAuthLenInBits = { - .len = 120 + .len = 192 }, .digest = { .data = {0x0F, 0xD2, 0xAA, 0xB5}, .len = 4 } }; - #endif /* TEST_CRYPTODEV_KASUMI_TEST_VECTORS_H_ */ -- 2.20.1