diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst index c786a77810..db08b03e11 100644 --- a/doc/guides/sample_app_ug/fips_validation.rst +++ b/doc/guides/sample_app_ug/fips_validation.rst @@ -41,6 +41,7 @@ Limitations * Supported test vectors * AES-CBC (128,192,256) - GFSbox, KeySbox, MCT, MMT + * AES-GCM (128,192,256) - EncryptExtIV, Decrypt * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512) * TDES-CBC (1 Key, 2 Keys, 3 Keys) - MMT, Monte, Permop, Subkey, Varkey, VarText diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile index 57cc7788a1..6373ac3f0c 100644 --- a/examples/fips_validation/Makefile +++ b/examples/fips_validation/Makefile @@ -9,6 +9,7 @@ SRCS-y := fips_validation.c SRCS-y += fips_validation_aes.c SRCS-y += fips_validation_hmac.c SRCS-y += fips_validation_tdes.c +SRCS-y += fips_validation_gcm.c SRCS-y += main.c # Build using pkg-config variables if possible diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c index 86f443d9ce..1b926b8ec7 100644 --- a/examples/fips_validation/fips_validation.c +++ b/examples/fips_validation/fips_validation.c @@ -111,6 +111,11 @@ fips_test_parse_header(void) ret = parse_test_aes_init(); if (ret < 0) return ret; + } else if (strstr(info.vec[i], "GCM")) { + info.algo = FIPS_TEST_ALGO_AES_GCM; + ret = parse_test_gcm_init(); + if (ret < 0) + return ret; } else if (strstr(info.vec[i], "HMAC")) { info.algo = FIPS_TEST_ALGO_HMAC; ret = parse_test_hmac_init(); diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index 69a2116684..4cceff510a 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -24,6 +24,7 @@ enum fips_test_algorithms { FIPS_TEST_ALGO_AES = 0, + FIPS_TEST_ALGO_AES_GCM, FIPS_TEST_ALGO_HMAC, FIPS_TEST_ALGO_TDES, FIPS_TEST_ALGO_MAX @@ -170,6 +171,9 @@ parse_test_tdes_init(void); int parse_test_hmac_init(void); +int +parse_test_gcm_init(void); + int parser_read_uint8_hex(uint8_t *value, const char *p); diff --git a/examples/fips_validation/fips_validation_gcm.c b/examples/fips_validation/fips_validation_gcm.c new file mode 100644 index 0000000000..0509b101a7 --- /dev/null +++ b/examples/fips_validation/fips_validation_gcm.c @@ -0,0 +1,125 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2018 Intel Corporation + */ + +#include +#include +#include + +#include + +#include "fips_validation.h" + +#define NEW_LINE_STR "#" +#define OP_STR "GCM " + +#define PARAM_PREFIX "[" +#define KEYLEN_STR "Keylen = " +#define IVLEN_STR "IVlen = " +#define PTLEN_STR "PTlen = " +#define AADLEN_STR "AADlen = " +#define TAGLEN_STR "Taglen = " + +#define COUNT_STR "Count = " +#define KEY_STR "Key = " +#define IV_STR "IV = " +#define PT_STR "PT = " +#define CT_STR "CT = " +#define TAG_STR "Tag = " +#define AAD_STR "AAD = " + +#define OP_ENC_STR "Encrypt" +#define OP_DEC_STR "Decrypt" + +#define NEG_TEST_STR "FAIL" + +struct fips_test_callback gcm_dec_vectors[] = { + {KEY_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key}, + {IV_STR, parse_uint8_known_len_hex_str, &vec.iv}, + {CT_STR, parse_uint8_known_len_hex_str, &vec.ct}, + {AAD_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.aad}, + {TAG_STR, parse_uint8_known_len_hex_str, + &vec.cipher_auth.digest}, + {NULL, NULL, NULL} /**< end pointer */ +}; +struct fips_test_callback gcm_interim_vectors[] = { + {KEYLEN_STR, parser_read_uint32_bit_val, &vec.cipher_auth.key}, + {IVLEN_STR, parser_read_uint32_bit_val, &vec.iv}, + {PTLEN_STR, parser_read_uint32_bit_val, &vec.pt}, + {AADLEN_STR, parser_read_uint32_bit_val, &vec.cipher_auth.aad}, + {TAGLEN_STR, parser_read_uint32_bit_val, + &vec.cipher_auth.digest}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +struct fips_test_callback gcm_enc_vectors[] = { + {KEY_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key}, + {IV_STR, parse_uint8_known_len_hex_str, &vec.iv}, + {PT_STR, parse_uint8_known_len_hex_str, &vec.pt}, + {AAD_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.aad}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +static int +parse_test_gcm_writeback(struct fips_val *val) +{ + struct fips_val tmp_val; + + if (info.op == FIPS_TEST_ENC_AUTH_GEN) { + fprintf(info.fp_wr, "%s", CT_STR); + + tmp_val.val = val->val; + tmp_val.len = vec.pt.len; + + parse_write_hex_str(&tmp_val); + + fprintf(info.fp_wr, "%s", TAG_STR); + + tmp_val.val = val->val + vec.pt.len; + tmp_val.len = val->len - vec.pt.len; + + parse_write_hex_str(&tmp_val); + } else { + if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) { + fprintf(info.fp_wr, "%s", PT_STR); + + tmp_val.val = val->val; + tmp_val.len = vec.pt.len; + + parse_write_hex_str(&tmp_val); + } else + fprintf(info.fp_wr, "%s\n", NEG_TEST_STR); + } + + return 0; +} + +int +parse_test_gcm_init(void) +{ + char *tmp; + uint32_t i; + + + for (i = 0; i < info.nb_vec_lines; i++) { + char *line = info.vec[i]; + + + tmp = strstr(line, OP_STR); + if (tmp) { + if (strstr(line, OP_ENC_STR)) { + info.op = FIPS_TEST_ENC_AUTH_GEN; + info.callbacks = gcm_enc_vectors; + } else if (strstr(line, OP_DEC_STR)) { + info.op = FIPS_TEST_DEC_AUTH_VERIF; + info.callbacks = gcm_dec_vectors; + } else + return -EINVAL; + } + } + + info.interim_callbacks = gcm_interim_vectors; + info.parse_writeback = parse_test_gcm_writeback; + + return 0; +} diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index 388068168d..c693e8792b 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -461,6 +461,70 @@ prepare_auth_op(void) rte_crypto_op_attach_sym_session(env.op, env.sess); } +static int +prepare_aead_op(void) +{ + struct rte_crypto_sym_op *sym = env.op->sym; + uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *, IV_OFF); + + __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC); + rte_pktmbuf_reset(env.mbuf); + + memcpy(iv, vec.iv.val, vec.iv.len); + + sym->m_src = env.mbuf; + sym->aead.data.offset = 0; + sym->aead.aad.data = vec.aead.aad.val; + sym->aead.aad.phys_addr = rte_malloc_virt2iova(sym->aead.aad.data); + + if (info.op == FIPS_TEST_ENC_AUTH_GEN) { + uint8_t *pt; + + if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) { + RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len); + return -EPERM; + } + + pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, + vec.pt.len + vec.aead.digest.len); + + if (!pt) { + RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n", + -ENOMEM); + return -ENOMEM; + } + + memcpy(pt, vec.pt.val, vec.pt.len); + sym->aead.data.length = vec.pt.len; + sym->aead.digest.data = pt + vec.pt.len; + sym->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset( + env.mbuf, vec.pt.len); + } else { + uint8_t *ct; + + if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) { + RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len); + return -EPERM; + } + + ct = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.ct.len); + + if (!ct) { + RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n", + -ENOMEM); + return -ENOMEM; + } + + memcpy(ct, vec.ct.val, vec.ct.len); + sym->aead.data.length = vec.ct.len; + sym->aead.digest.data = vec.aead.digest.val; + sym->aead.digest.phys_addr = rte_malloc_virt2iova( + sym->aead.digest.data); + } + + rte_crypto_op_attach_sym_session(env.op, env.sess); +} + static int prepare_aes_xform(struct rte_crypto_sym_xform *xform) { @@ -578,6 +642,52 @@ prepare_hmac_xform(struct rte_crypto_sym_xform *xform) return 0; } +static int +prepare_gcm_xform(struct rte_crypto_sym_xform *xform) +{ + const struct rte_cryptodev_symmetric_capability *cap; + struct rte_cryptodev_sym_capability_idx cap_idx; + struct rte_crypto_aead_xform *aead_xform = &xform->aead; + + xform->type = RTE_CRYPTO_SYM_XFORM_AEAD; + + aead_xform->algo = RTE_CRYPTO_AEAD_AES_GCM; + aead_xform->aad_length = vec.aead.aad.len; + aead_xform->digest_length = vec.aead.digest.len; + aead_xform->iv.offset = IV_OFF; + aead_xform->iv.length = vec.iv.len; + aead_xform->key.data = vec.aead.key.val; + aead_xform->key.length = vec.aead.key.len; + aead_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ? + RTE_CRYPTO_AEAD_OP_ENCRYPT : + RTE_CRYPTO_AEAD_OP_DECRYPT; + + cap_idx.algo.aead = aead_xform->algo; + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD; + + cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx); + if (!cap) { + RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n", + env.dev_id); + return -EINVAL; + } + + if (rte_cryptodev_sym_capability_check_aead(cap, + aead_xform->key.length, + aead_xform->digest_length, aead_xform->aad_length, + aead_xform->iv.length) != 0) { + RTE_LOG(ERR, USER1, + "PMD %s key_len %u tag_len %u aad_len %u iv_len %u\n", + info.device_name, aead_xform->key.length, + aead_xform->digest_length, + aead_xform->aad_length, + aead_xform->iv.length); + return -EPERM; + } + + return 0; +} + static void get_writeback_data(struct fips_val *val) { @@ -933,7 +1043,11 @@ init_test_ops(void) else test_ops.test = fips_generic_test; break; - + case FIPS_TEST_ALGO_AES_GCM: + test_ops.prepare_op = prepare_aead_op; + test_ops.prepare_xform = prepare_gcm_xform; + test_ops.test = fips_generic_test; + break; default: return -1; } diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build index 781ad5fd3e..0cc8bc4055 100644 --- a/examples/fips_validation/meson.build +++ b/examples/fips_validation/meson.build @@ -13,5 +13,6 @@ sources = files( 'fips_validation.c', 'fips_validation_hmac.c', 'fips_validation_tdes.c', + 'fips_validation_gcm.c', 'main.c' )