d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

examples/fips_validation: add parsing for AES-CBC

Browse Source 
Added function to parse algorithm for AES_CBC test.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
This commit is contained in:
Gowrishankar Muthukrishnan 2022-05-30 21:22:43 +05:30 committed by Akhil Goyal
parent 07da56a68d
commit 8b8546aaed
4 changed files with 284 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
examples/fips_validation/fips_validation.c
View File

@ -120,7 +120,7 @@ fips_test_parse_header(void)
for (i = 0; i < info.nb_vec_lines; i++) {
if (!algo_parsed) {
if (strstr(info.vec[i], "AESVS")) {
if (strstr(info.vec[i], "AES")) {
algo_parsed = 1;
info.algo = FIPS_TEST_ALGO_AES;
ret = parse_test_aes_init();
@ -458,10 +458,12 @@ fips_test_parse_one_json_vector_set(void)
/* Vector sets contain the algorithm type, and nothing else we need. */
if (strstr(algo_str, "AES-GCM"))
info.algo = FIPS_TEST_ALGO_AES_GCM;
if (strstr(algo_str, "HMAC"))
else if (strstr(algo_str, "HMAC"))
info.algo = FIPS_TEST_ALGO_HMAC;
if (strstr(algo_str, "CMAC"))
else if (strstr(algo_str, "CMAC"))
info.algo = FIPS_TEST_ALGO_AES_CMAC;
else if (strstr(algo_str, "AES-CBC"))
info.algo = FIPS_TEST_ALGO_AES;
else
return -EINVAL;

4
examples/fips_validation/fips_validation.h
View File

@ -103,6 +103,7 @@ enum fips_aesavs_test_types {
AESAVS_TYPE_VARTXT,
AESAVS_TYPE_MMT,
AESAVS_TYPE_MCT,
AESAVS_TYPE_AFT,
};
enum fips_tdes_test_types {
@ -262,6 +263,9 @@ parse_test_hmac_json_algorithm(void);
int
parse_test_cmac_json_init(void);
int
parse_test_aes_json_init(void);
#endif /* RTE_HAS_JANSSON */
int

223
examples/fips_validation/fips_validation_aes.c
View File

@ -7,6 +7,7 @@
#include <stdio.h>
#include <rte_cryptodev.h>
#include <rte_malloc.h>
#include "fips_validation.h"
@ -25,6 +26,19 @@
#define OP_ENC_STR "ENCRYPT"
#define OP_DEC_STR "DECRYPT"
#define ALGO_JSON_STR "algorithm"
#define TESTTYPE_JSON_STR "testType"
#define DIR_JSON_STR "direction"
#define KEYLEN_JSON_STR "keyLen"
#define KEY_JSON_STR "key"
#define IV_JSON_STR "iv"
#define PT_JSON_STR "pt"
#define CT_JSON_STR "ct"
#define OP_ENC_JSON_STR "encrypt"
#define OP_DEC_JSON_STR "decrypt"
struct {
uint32_t type;
const char *desc;
@ -37,6 +51,7 @@ struct {
{TDES_VARIABLE_TEXT, "KAT"},
{AESAVS_TYPE_MMT, "MMT"},
{AESAVS_TYPE_MCT, "MCT"},
{AESAVS_TYPE_AFT, "AFT"},
};
struct aes_test_algo {
@ -92,6 +107,214 @@ struct fips_test_callback aes_writeback_callbacks[] = {
{NULL, NULL, NULL} /**< end pointer */
};
#ifdef RTE_HAS_JANSSON
struct fips_test_callback aes_dec_json_vectors[] = {
{KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
{IV_JSON_STR, parse_uint8_hex_str, &vec.iv},
{CT_JSON_STR, parse_uint8_hex_str, &vec.ct},
{NULL, NULL, NULL} /**< end pointer */
};
struct fips_test_callback aes_interim_json_vectors[] = {
{KEYLEN_JSON_STR, parser_read_uint32_bit_val, &vec.cipher_auth.key},
{NULL, NULL, NULL} /**< end pointer */
};
struct fips_test_callback aes_enc_json_vectors[] = {
{KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
{IV_JSON_STR, parse_uint8_hex_str, &vec.iv},
{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
{NULL, NULL, NULL} /**< end pointer */
};
static int
parse_test_aes_json_writeback(struct fips_val *val)
{
struct fips_val tmp_val;
json_t *tcId;
tcId = json_object_get(json_info.json_test_case, "tcId");
json_info.json_write_case = json_object();
json_object_set(json_info.json_write_case, "tcId", tcId);
if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
json_t *ct;
tmp_val.val = val->val;
tmp_val.len = vec.pt.len;
writeback_hex_str("", info.one_line_text, &tmp_val);
ct = json_string(info.one_line_text);
json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct);
tmp_val.val = val->val + vec.pt.len;
tmp_val.len = val->len - vec.pt.len;
writeback_hex_str("", info.one_line_text, &tmp_val);
} else {
if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
tmp_val.val = val->val;
tmp_val.len = vec.ct.len;
writeback_hex_str("", info.one_line_text, &tmp_val);
json_object_set_new(json_info.json_write_case, PT_JSON_STR,
json_string(info.one_line_text));
} else {
json_object_set_new(json_info.json_write_case, "testPassed", json_false());
}
}
return 0;
}
static int
parse_test_aes_mct_json_writeback(struct fips_val *val)
{
json_t *tcId, *resArr, *res, *ct, *pt, *key, *iv;
struct fips_val tmp_val;
tcId = json_object_get(json_info.json_test_case, "tcId");
if (json_info.json_write_case) {
json_t *wcId;
wcId = json_object_get(json_info.json_write_case, "tcId");
if (!json_equal(tcId, wcId)) {
json_info.json_write_case = json_object();
json_object_set(json_info.json_write_case, "tcId", tcId);
json_object_set(json_info.json_write_case, "resultsArray", json_array());
}
} else {
json_info.json_write_case = json_object();
json_object_set(json_info.json_write_case, "tcId", tcId);
json_object_set(json_info.json_write_case, "resultsArray", json_array());
}
resArr = json_object_get(json_info.json_write_case, "resultsArray");
if (!json_is_array(resArr))
return -EINVAL;
res = json_object();
if (info .op == FIPS_TEST_ENC_AUTH_GEN) {
writeback_hex_str("", info.one_line_text, &vec.cipher_auth.key);
key = json_string(info.one_line_text);
json_object_set_new(res, KEY_JSON_STR, key);
writeback_hex_str("", info.one_line_text, &val[2]);
iv = json_string(info.one_line_text);
json_object_set_new(res, IV_JSON_STR, iv);
writeback_hex_str("", info.one_line_text, &val[1]);
pt = json_string(info.one_line_text);
json_object_set_new(res, PT_JSON_STR, pt);
tmp_val.val = val->val;
tmp_val.len = vec.pt.len;
writeback_hex_str("", info.one_line_text, &tmp_val);
ct = json_string(info.one_line_text);
json_object_set_new(res, CT_JSON_STR, ct);
tmp_val.val = val->val + vec.pt.len;
tmp_val.len = val->len - vec.pt.len;
writeback_hex_str("", info.one_line_text, &tmp_val);
} else {
if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
writeback_hex_str("", info.one_line_text, &vec.cipher_auth.key);
key = json_string(info.one_line_text);
json_object_set_new(res, KEY_JSON_STR, key);
writeback_hex_str("", info.one_line_text, &val[2]);
iv = json_string(info.one_line_text);
json_object_set_new(res, IV_JSON_STR, iv);
tmp_val.val = val->val;
tmp_val.len = vec.ct.len;
writeback_hex_str("", info.one_line_text, &tmp_val);
pt = json_string(info.one_line_text);
json_object_set_new(res, PT_JSON_STR, pt);
writeback_hex_str("", info.one_line_text, &val[1]);
ct = json_string(info.one_line_text);
json_object_set_new(res, CT_JSON_STR, ct);
} else {
json_object_set_new(json_info.json_write_case, "testPassed", json_false());
}
}
json_array_append_new(resArr, res);
return 0;
}
int
parse_test_aes_json_init(void)
{
json_t *type_obj = json_object_get(json_info.json_test_group, TESTTYPE_JSON_STR);
json_t *algo_obj = json_object_get(json_info.json_vector_set, ALGO_JSON_STR);
const char *type_str = json_string_value(type_obj);
const char *algo_str = json_string_value(algo_obj);
uint32_t i;
if (json_info.json_test_group) {
json_t *direction_obj;
const char *direction_str;
direction_obj = json_object_get(json_info.json_test_group, DIR_JSON_STR);
direction_str = json_string_value(direction_obj);
if (strcmp(direction_str, OP_ENC_JSON_STR) == 0) {
info.op = FIPS_TEST_ENC_AUTH_GEN;
info.callbacks = aes_enc_json_vectors;
} else if (strcmp(direction_str, OP_DEC_JSON_STR) == 0) {
info.op = FIPS_TEST_DEC_AUTH_VERIF;
info.callbacks = aes_dec_json_vectors;
} else {
return -EINVAL;
}
info.interim_callbacks = aes_interim_json_vectors;
}
for (i = 0; i < RTE_DIM(aes_test_types); i++)
if (strstr(type_str, aes_test_types[i].desc)) {
info.interim_info.aes_data.test_type =
aes_test_types[i].type;
break;
}
if (i >= RTE_DIM(aes_test_types))
return -EINVAL;
switch (info.interim_info.aes_data.test_type) {
case AESAVS_TYPE_MCT:
info.parse_writeback = parse_test_aes_mct_json_writeback;
break;
case AESAVS_TYPE_AFT:
info.parse_writeback = parse_test_aes_json_writeback;
break;
default:
info.parse_writeback = NULL;
}
if (!info.parse_writeback)
return -EINVAL;
for (i = 0; i < RTE_DIM(algo_con); i++)
if (strstr(algo_str, algo_con[i].name)) {
info.interim_info.aes_data.cipher_algo =
(uint32_t)algo_con[i].algo;
break;
}
if (i >= RTE_DIM(algo_con))
return -EINVAL;
return 0;
}
#endif /* RTE_HAS_JANSSON */
static int
parse_test_aes_writeback(struct fips_val *val)
{

76
examples/fips_validation/main.c
View File

@ -1556,7 +1556,7 @@ fips_mct_aes_test(void)
#define AES_BLOCK_SIZE 16
#define AES_EXTERN_ITER 100
#define AES_INTERN_ITER 1000
struct fips_val val = {NULL, 0}, val_key;
struct fips_val val[3] = {{NULL, 0},}, val_key, pt, ct, iv;
uint8_t prev_out[AES_BLOCK_SIZE] = {0};
uint8_t prev_in[AES_BLOCK_SIZE] = {0};
uint32_t i, j, k;
@ -1565,11 +1565,16 @@ fips_mct_aes_test(void)
if (info.interim_info.aes_data.cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB)
return fips_mct_aes_ecb_test();
memset(&pt, 0, sizeof(struct fips_val));
memset(&ct, 0, sizeof(struct fips_val));
memset(&iv, 0, sizeof(struct fips_val));
for (i = 0; i < AES_EXTERN_ITER; i++) {
if (i != 0)
update_info_vec(i);
if (info.file_type != FIPS_TYPE_JSON) {
if (i != 0)
update_info_vec(i);
fips_test_write_one_case();
fips_test_write_one_case();
}
for (j = 0; j < AES_INTERN_ITER; j++) {
ret = fips_run_test();
@ -1585,7 +1590,7 @@ fips_mct_aes_test(void)
return ret;
}
ret = get_writeback_data(&val);
ret = get_writeback_data(&val[0]);
if (ret < 0)
return ret;
@ -1593,24 +1598,39 @@ fips_mct_aes_test(void)
memcpy(prev_in, vec.ct.val, AES_BLOCK_SIZE);
if (j == 0) {
memcpy(prev_out, val.val, AES_BLOCK_SIZE);
memcpy(prev_out, val[0].val, AES_BLOCK_SIZE);
pt.len = vec.pt.len;
pt.val = calloc(1, pt.len);
memcpy(pt.val, vec.pt.val, pt.len);
ct.len = vec.ct.len;
ct.val = calloc(1, ct.len);
memcpy(ct.val, vec.ct.val, ct.len);
iv.len = vec.iv.len;
iv.val = calloc(1, iv.len);
memcpy(iv.val, vec.iv.val, iv.len);
if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
memcpy(vec.pt.val, vec.iv.val,
AES_BLOCK_SIZE);
memcpy(vec.iv.val, val.val,
AES_BLOCK_SIZE);
memcpy(vec.pt.val, vec.iv.val, AES_BLOCK_SIZE);
memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
val[1].val = pt.val;
val[1].len = pt.len;
val[2].val = iv.val;
val[2].len = iv.len;
} else {
memcpy(vec.ct.val, vec.iv.val,
AES_BLOCK_SIZE);
memcpy(vec.iv.val, prev_in,
AES_BLOCK_SIZE);
memcpy(vec.ct.val, vec.iv.val, AES_BLOCK_SIZE);
memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE);
val[1].val = ct.val;
val[1].len = ct.len;
val[2].val = iv.val;
val[2].len = iv.len;
}
continue;
}
if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
memcpy(vec.iv.val, val.val, AES_BLOCK_SIZE);
memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
memcpy(vec.pt.val, prev_out, AES_BLOCK_SIZE);
} else {
memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE);
@ -1620,33 +1640,38 @@ fips_mct_aes_test(void)
if (j == AES_INTERN_ITER - 1)
continue;
memcpy(prev_out, val.val, AES_BLOCK_SIZE);
memcpy(prev_out, val[0].val, AES_BLOCK_SIZE);
}
info.parse_writeback(&val);
fprintf(info.fp_wr, "\n");
info.parse_writeback(val);
if (info.file_type != FIPS_TYPE_JSON)
fprintf(info.fp_wr, "\n");
if (i == AES_EXTERN_ITER - 1)
if (i == AES_EXTERN_ITER - 1) {
free(pt.val);
free(ct.val);
free(iv.val);
continue;
}
/** update key */
memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key));
for (k = 0; k < vec.cipher_auth.key.len; k++) {
switch (vec.cipher_auth.key.len) {
case 16:
val_key.val[k] ^= val.val[k];
val_key.val[k] ^= val[0].val[k];
break;
case 24:
if (k < 8)
val_key.val[k] ^= prev_out[k + 8];
else
val_key.val[k] ^= val.val[k - 8];
val_key.val[k] ^= val[0].val[k - 8];
break;
case 32:
if (k < 16)
val_key.val[k] ^= prev_out[k];
else
val_key.val[k] ^= val.val[k - 16];
val_key.val[k] ^= val[0].val[k - 16];
break;
default:
return -1;
@ -1654,10 +1679,10 @@ fips_mct_aes_test(void)
}
if (info.op == FIPS_TEST_DEC_AUTH_VERIF)
memcpy(vec.iv.val, val.val, AES_BLOCK_SIZE);
memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE);
}
free(val.val);
free(val[0].val);
return 0;
}
@ -1963,6 +1988,9 @@ fips_test_one_test_group(void)
case FIPS_TEST_ALGO_AES_CMAC:
ret = parse_test_cmac_json_init();
break;
case FIPS_TEST_ALGO_AES:
ret = parse_test_aes_json_init();
break;
default:
return -EINVAL;
}