From: Fan Zhang <roy.fan.zhang@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, Marko Kovacevic <marko.kovacevic@intel.com>
Subject: [PATCH v3 7/8] examples: add ccm parser and enablement for test types
Date: Thu, 4 Oct 2018 14:12:48 +0100 [thread overview]
Message-ID: <20181004131249.26726-8-roy.fan.zhang@intel.com> (raw)
In-Reply-To: <20181004131249.26726-1-roy.fan.zhang@intel.com>
From: Marko Kovacevic <marko.kovacevic@intel.com>
Added enablement for CCM parser, to allow the
application to parser the ccm request files and to validate all
test types supported.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
examples/cryptodev_fips_validate/Makefile | 1 +
.../cryptodev_fips_parse_ccm.c | 272 +++++++++++++++++++++
.../cryptodev_fips_parse_validate.c | 5 +
.../cryptodev_fips_validate.h | 22 ++
examples/cryptodev_fips_validate/main.c | 56 ++++-
examples/cryptodev_fips_validate/meson.build | 1 +
6 files changed, 356 insertions(+), 1 deletion(-)
create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_ccm.c
diff --git a/examples/cryptodev_fips_validate/Makefile b/examples/cryptodev_fips_validate/Makefile
index f5c2705d5..4f1dc6b5d 100644
--- a/examples/cryptodev_fips_validate/Makefile
+++ b/examples/cryptodev_fips_validate/Makefile
@@ -10,6 +10,7 @@ SRCS-y += cryptodev_fips_parse_hmac.c
SRCS-y += cryptodev_fips_parse_3des.c
SRCS-y += cryptodev_fips_parse_gcm.c
SRCS-y += cryptodev_fips_parse_cmac.c
+SRCS-y += cryptodev_fips_parse_ccm.c
SRCS-y += cryptodev_fips_parse_validate.c
SRCS-y += main.c
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_ccm.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_ccm.c
new file mode 100644
index 000000000..0fdb75ad4
--- /dev/null
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_ccm.c
@@ -0,0 +1,272 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <rte_string_fns.h>
+#include <rte_cryptodev.h>
+#include <rte_malloc.h>
+
+#include "cryptodev_fips_validate.h"
+
+#define DVPT_STR "CCM-DVPT"
+#define VADT_STR "CCM-VADT"
+#define VPT_STR "CCM-VPT"
+#define VNT_STR "CCM-VNT"
+#define VTT_STR "CCM-VTT"
+
+#define PARAM_PREFIX "["
+#define ALEN_PREFIX "Alen = "
+#define PLEN_PREFIX "Plen = "
+#define IVLEN_PREFIX "Nlen = "
+#define DIGESTL_PREFIX "Tlen = "
+
+#define COUNT_STR "Count = "
+#define KEY_STR "Key = "
+#define IV_STR "Nonce = "
+#define PT_STR "Payload = "
+#define CT_STR "CT = "
+#define AAD_STR "Adata = "
+#define POS_NEG_STR "Result = "
+
+#define POS_KEYWORD "Pass"
+#define NEG_KEYWORD "Fail"
+
+static int
+parser_dvpt_interim(const char *key, char *src, struct fips_val *val)
+{
+ char *tmp, c, value[10];
+ char num_pattern[] = "0123456789";
+ int i = 0;
+
+ memset(value, 0, 10);
+
+ tmp = strstr(src, key);
+ if (!tmp)
+ return -1;
+
+ tmp += strlen(key);
+
+ c = tmp[0];
+
+ while (strchr(num_pattern, c) && i < 10) {
+ value[i++] = c;
+ c = tmp[i];
+ }
+
+ return parser_read_uint32_val("", value, val);
+}
+
+static int
+parse_dvpt_ct_hex_str(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ val->len = vec.pt.len;
+
+ ret = parse_uint8_known_len_hex_str(key, src, val);
+ if (ret < 0)
+ return ret;
+
+ src += strlen(key) + val->len * 2;
+
+ ret = parse_uint8_known_len_hex_str("", src, &vec.aead.digest);
+ if (ret < 0) {
+ rte_free(val->val);
+ memset(val, 0, sizeof(*val));
+ return ret;
+ }
+
+ return 0;
+}
+
+static int
+parse_uint8_ccm_aad_str(const char *key, char *src, struct fips_val *val)
+{
+ uint32_t len = val->len, j;
+
+ src += strlen(key);
+
+ /* CCM aad requires 18 bytes padding before the real content */
+ val->val = rte_zmalloc(NULL, len + 18, 0);
+ if (!val->val)
+ return -1;
+
+ for (j = 0; j < len; j++) {
+ char byte[3] = {src[j * 2], src[j * 2 + 1], '\0'};
+
+ if (parser_read_uint8_hex(&val->val[j + 18], byte) < 0) {
+ rte_free(val->val);
+ memset(val, 0, sizeof(*val));
+ return -EINVAL;
+ }
+ }
+
+ return 0;
+}
+
+struct fips_test_callback ccm_vnt_vec[] = {
+ {IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
+ {AAD_STR, parse_uint8_ccm_aad_str, &vec.aead.aad},
+ {PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_vnt_interim_vec[] = {
+ {ALEN_PREFIX, parser_read_uint32_val, &vec.aead.aad},
+ {PLEN_PREFIX, parser_read_uint32_val, &vec.pt},
+ {DIGESTL_PREFIX, parser_read_uint32_val, &vec.aead.digest},
+ {IVLEN_PREFIX, parser_read_uint32_val, &vec.iv},
+ {KEY_STR, parse_uint8_hex_str, &vec.aead.key},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_vtt_vec[] = {
+ {AAD_STR, parse_uint8_ccm_aad_str, &vec.aead.aad},
+ {PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_vtt_interim_vec[] = {
+ {ALEN_PREFIX, parser_read_uint32_val, &vec.aead.aad},
+ {PLEN_PREFIX, parser_read_uint32_val, &vec.pt},
+ {IVLEN_PREFIX, parser_read_uint32_val, &vec.iv},
+ {DIGESTL_PREFIX, parser_read_uint32_val, &vec.aead.digest},
+ {KEY_STR, parse_uint8_hex_str, &vec.aead.key},
+ {IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_vadt_vec[] = {
+ {AAD_STR, parse_uint8_ccm_aad_str, &vec.aead.aad},
+ {PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_vadt_interim_vec[] = {
+ {PLEN_PREFIX, parser_read_uint32_val, &vec.pt},
+ {IVLEN_PREFIX, parser_read_uint32_val, &vec.iv},
+ {ALEN_PREFIX, parser_read_uint32_val, &vec.aead.aad},
+ {DIGESTL_PREFIX, parser_read_uint32_val, &vec.aead.digest},
+ {KEY_STR, parse_uint8_hex_str, &vec.aead.key},
+ {IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_vpt_vec[] = {
+ {AAD_STR, parse_uint8_ccm_aad_str, &vec.aead.aad},
+ {PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_vpt_interim_vec[] = {
+ {ALEN_PREFIX, parser_read_uint32_val, &vec.aead.aad},
+ {IVLEN_PREFIX, parser_read_uint32_val, &vec.iv},
+ {DIGESTL_PREFIX, parser_read_uint32_val, &vec.aead.digest},
+ {PLEN_PREFIX, parser_read_uint32_val, &vec.pt},
+ {KEY_STR, parse_uint8_hex_str, &vec.aead.key},
+ {IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_dvpt_vec[] = {
+ {IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
+ {AAD_STR, parse_uint8_ccm_aad_str, &vec.aead.aad},
+ {CT_STR, parse_dvpt_ct_hex_str, &vec.ct},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback ccm_dvpt_interim_vec[] = {
+ {ALEN_PREFIX, parser_dvpt_interim, &vec.aead.aad},
+ {PLEN_PREFIX, parser_dvpt_interim, &vec.pt},
+ {IVLEN_PREFIX, parser_dvpt_interim, &vec.iv},
+ {DIGESTL_PREFIX, parser_dvpt_interim, &vec.aead.digest},
+ {KEY_STR, parse_uint8_hex_str, &vec.aead.key},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct ccm_test_types {
+ const char *str;
+ uint32_t type;
+ const struct fips_test_callback *cb;
+ const struct fips_test_callback *cb_interim;
+ enum fips_test_op op;
+} ctt[] = {
+ {DVPT_STR, CCM_DVPT, ccm_dvpt_vec, ccm_dvpt_interim_vec,
+ FIPS_TEST_DEC_AUTH_VERIF},
+ {VPT_STR, CCM_VPT, ccm_vpt_vec, ccm_vpt_interim_vec,
+ FIPS_TEST_ENC_AUTH_GEN},
+ {VADT_STR, CCM_VADT, ccm_vadt_vec, ccm_vadt_interim_vec,
+ FIPS_TEST_ENC_AUTH_GEN},
+ {VNT_STR, CCM_VNT, ccm_vnt_vec, ccm_vnt_interim_vec,
+ FIPS_TEST_ENC_AUTH_GEN},
+ {VTT_STR, CCM_VTT, ccm_vtt_vec, ccm_vtt_interim_vec,
+ FIPS_TEST_ENC_AUTH_GEN},
+};
+
+static int
+parse_test_ccm_writeback(struct fips_val *val)
+{
+ struct fips_val tmp_val;
+
+ switch (info.interim_info.ccm_data.test_type) {
+ case CCM_DVPT:
+ fprintf(info.fp_wr, "%s", POS_NEG_STR);
+ if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
+ fprintf(info.fp_wr, "%s\n", POS_KEYWORD);
+ fprintf(info.fp_wr, "%s", PT_STR);
+
+ tmp_val.val = val->val;
+ tmp_val.len = vec.pt.len;
+
+ if (tmp_val.len == 0)
+ fprintf(info.fp_wr, "00\n");
+ else
+ parse_write_hex_str(&tmp_val);
+ } else
+ fprintf(info.fp_wr, "%s\n", NEG_KEYWORD);
+
+ break;
+
+ case CCM_VADT:
+ case CCM_VNT:
+ case CCM_VPT:
+ case CCM_VTT:
+ fprintf(info.fp_wr, "%s", CT_STR);
+
+ parse_write_hex_str(val);
+
+ break;
+
+ }
+
+ return 0;
+}
+
+int
+parse_test_ccm_init(void)
+{
+
+ uint32_t i;
+
+ for (i = 0; i < info.nb_vec_lines; i++) {
+ char *line = info.vec[i];
+ uint32_t j;
+
+ for (j = 0; j < RTE_DIM(ctt); j++)
+ if (strstr(line, ctt[j].str)) {
+ info.interim_info.ccm_data.test_type =
+ ctt[j].type;
+ info.callbacks = ctt[j].cb;
+ info.interim_callbacks = ctt[j].cb_interim;
+ info.op = ctt[j].op;
+ break;
+ }
+ }
+
+ info.parse_writeback = parse_test_ccm_writeback;
+
+ return 0;
+}
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
index 4617c67e2..47e3732b2 100644
--- a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
@@ -119,6 +119,11 @@ fips_test_parse_header(void)
ret = parse_test_cmac_init();
if (ret < 0)
return 0;
+ } else if (strstr(info.vec[i], "CCM")) {
+ info.algo = FIPS_TEST_ALGO_AES_CCM;
+ ret = parse_test_ccm_init();
+ if (ret < 0)
+ return 0;
} else if (strstr(info.vec[i], "HMAC")) {
info.algo = FIPS_TEST_ALGO_HMAC;
ret = parse_test_hmac_init();
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
index 7bd1e9a6f..afa0c0a80 100644
--- a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
@@ -26,6 +26,7 @@ enum fips_test_algorithms {
FIPS_TEST_ALGO_AES = 0,
FIPS_TEST_ALGO_AES_GCM,
FIPS_TEST_ALGO_AES_CMAC,
+ FIPS_TEST_ALGO_AES_CCM,
FIPS_TEST_ALGO_HMAC,
FIPS_TEST_ALGO_TDES,
FIPS_TEST_ALGO_MAX
@@ -102,6 +103,14 @@ enum fips_tdes_test_types {
TDES_MMT /* Multi block Message Test */
};
+enum fips_ccm_test_types {
+ CCM_VADT = 1, /* Variable Associated Data Test */
+ CCM_VPT, /* Variable Payload Test */
+ CCM_VNT, /* Variable Nonce Test */
+ CCM_VTT, /* Variable Tag Test */
+ CCM_DVPT, /* Decryption-Verification Process Test */
+};
+
struct aesavs_interim_data {
enum fips_aesavs_test_types test_type;
uint32_t cipher_algo;
@@ -117,6 +126,15 @@ struct tdes_interim_data {
uint32_t nb_keys;
};
+struct ccm_interim_data {
+ enum fips_ccm_test_types test_type;
+ uint32_t aad_len;
+ uint32_t pt_len;
+ uint32_t digest_len;
+ uint32_t key_len;
+ uint32_t iv_len;
+};
+
struct fips_test_interim_info {
FILE *fp_rd;
FILE *fp_wr;
@@ -132,6 +150,7 @@ struct fips_test_interim_info {
struct aesavs_interim_data aes_data;
struct hmac_interim_data hmac_data;
struct tdes_interim_data tdes_data;
+ struct ccm_interim_data ccm_data;
} interim_info;
@@ -180,6 +199,9 @@ int
parse_test_cmac_init(void);
int
+parse_test_ccm_init(void);
+
+int
parser_read_uint8_hex(uint8_t *value, const char *p);
int
diff --git a/examples/cryptodev_fips_validate/main.c b/examples/cryptodev_fips_validate/main.c
index 864b55d04..1d6afbf74 100644
--- a/examples/cryptodev_fips_validate/main.c
+++ b/examples/cryptodev_fips_validate/main.c
@@ -470,7 +470,10 @@ prepare_aead_op(void)
__rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
rte_pktmbuf_reset(env.mbuf);
- memcpy(iv, vec.iv.val, vec.iv.len);
+ if (info.algo == FIPS_TEST_ALGO_AES_CCM)
+ memcpy(iv + 1, vec.iv.val, vec.iv.len);
+ else
+ memcpy(iv, vec.iv.val, vec.iv.len);
sym->m_src = env.mbuf;
sym->aead.data.offset = 0;
@@ -726,6 +729,52 @@ prepare_cmac_xform(struct rte_crypto_sym_xform *xform)
return 0;
}
+static int
+prepare_ccm_xform(struct rte_crypto_sym_xform *xform)
+{
+ const struct rte_cryptodev_symmetric_capability *cap;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ struct rte_crypto_aead_xform *aead_xform = &xform->aead;
+
+ xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
+
+ aead_xform->algo = RTE_CRYPTO_AEAD_AES_CCM;
+ aead_xform->aad_length = vec.aead.aad.len;
+ aead_xform->digest_length = vec.aead.digest.len;
+ aead_xform->iv.offset = IV_OFF;
+ aead_xform->iv.length = vec.iv.len;
+ aead_xform->key.data = vec.aead.key.val;
+ aead_xform->key.length = vec.aead.key.len;
+ aead_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+ RTE_CRYPTO_AEAD_OP_ENCRYPT :
+ RTE_CRYPTO_AEAD_OP_DECRYPT;
+
+ cap_idx.algo.aead = aead_xform->algo;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+
+ cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+ if (!cap) {
+ RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+ env.dev_id);
+ return -EINVAL;
+ }
+
+ if (rte_cryptodev_sym_capability_check_aead(cap,
+ aead_xform->key.length,
+ aead_xform->digest_length, aead_xform->aad_length,
+ aead_xform->iv.length) != 0) {
+ RTE_LOG(ERR, USER1,
+ "PMD %s key_len %u tag_len %u aad_len %u iv_len %u\n",
+ info.device_name, aead_xform->key.length,
+ aead_xform->digest_length,
+ aead_xform->aad_length,
+ aead_xform->iv.length);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
static void
get_writeback_data(struct fips_val *val)
{
@@ -1091,6 +1140,11 @@ init_test_ops(void)
test_ops.prepare_xform = prepare_cmac_xform;
test_ops.test = fips_generic_test;
break;
+ case FIPS_TEST_ALGO_AES_CCM:
+ test_ops.prepare_op = prepare_aead_op;
+ test_ops.prepare_xform = prepare_ccm_xform;
+ test_ops.test = fips_generic_test;
+ break;
default:
return -1;
}
diff --git a/examples/cryptodev_fips_validate/meson.build b/examples/cryptodev_fips_validate/meson.build
index 4889d7095..e3bf7ac88 100644
--- a/examples/cryptodev_fips_validate/meson.build
+++ b/examples/cryptodev_fips_validate/meson.build
@@ -14,6 +14,7 @@ sources = files(
'cryptodev_fips_parse_3des.c',
'cryptodev_fips_parse_gcm.c',
'cryptodev_fips_parse_cmac.c',
+ 'cryptodev_fips_parse_ccm.c',
'cryptodev_fips_parse_validate.c',
'main.c'
)
--
2.13.6
next prev parent reply other threads:[~2018-10-04 13:28 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-04 9:40 [PATCH v2 0/8] FIPS validation capability Fan Zhang
2018-10-04 9:40 ` [PATCH v2 1/8] examples: add fips validation into examples Fan Zhang
2018-10-04 9:40 ` [PATCH v2 2/8] examples: add aes parser and enablement for test types Fan Zhang
2018-10-04 9:40 ` [PATCH v2 3/8] examples: add hmac parser Fan Zhang
2018-10-04 9:40 ` [PATCH v2 4/8] examples: add TDES parser and enablement for test types Fan Zhang
2018-10-04 9:40 ` [PATCH v2 5/8] examples: add gcm parser Fan Zhang
2018-10-04 9:40 ` [PATCH v2 6/8] examples: add cmac parser and enablement for test types Fan Zhang
2018-10-04 9:40 ` [PATCH v2 7/8] examples: add ccm " Fan Zhang
2018-10-04 9:40 ` [PATCH v2 8/8] doc: add guides for fips validation Fan Zhang
2018-10-04 13:12 ` [PATCH v3 0/8] FIPS validation capability Fan Zhang
2018-10-04 13:12 ` [PATCH v3 1/8] examples: add fips validation into examples Fan Zhang
2018-10-04 13:12 ` [PATCH v3 2/8] examples: add aes parser and enablement for test types Fan Zhang
2018-10-04 13:12 ` [PATCH v3 3/8] examples: add hmac parser Fan Zhang
2018-10-04 13:12 ` [PATCH v3 4/8] examples: add TDES parser and enablement for test types Fan Zhang
2018-10-04 13:12 ` [PATCH v3 5/8] examples: add gcm parser Fan Zhang
2018-10-04 13:12 ` [PATCH v3 6/8] examples: add cmac parser and enablement for test types Fan Zhang
2018-10-04 13:12 ` Fan Zhang [this message]
2018-10-04 13:12 ` [PATCH v3 8/8] doc: add guides for fips validation Fan Zhang
2018-10-09 7:01 ` Akhil Goyal
2018-10-09 20:14 ` Zhang, Roy Fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181004131249.26726-8-roy.fan.zhang@intel.com \
--to=roy.fan.zhang@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=marko.kovacevic@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.