examples/fips_validation: support AES XTS
AES XTS support is added to fips application. Parse test-vectors from input files, populate AES XTS tests and prepare AES XTS operations for fips validation. Signed-off-by: Abed Kamaluddin <akamaluddin@marvell.com> Signed-off-by: Archana Muniganti <marchana@marvell.com> Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
This commit is contained in:
Sucharitha Sarananaga
Akhil Goyal
parent
07f5e45532
commit
d5a9ea551f
@ -14,6 +14,7 @@ SRCS-y += fips_validation_cmac.c
|
||||
SRCS-y += fips_validation_ccm.c
|
||||
SRCS-y += fips_validation_sha.c
|
||||
SRCS-y += fips_dev_self_test.c
|
||||
SRCS-y += fips_validation_xts.c
|
||||
SRCS-y += main.c
|
||||
|
||||
# Build using pkg-config variables if possible
|
||||
|
||||
@ -150,6 +150,12 @@ fips_test_parse_header(void)
|
||||
ret = parse_test_sha_init();
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
} else if (strstr(info.vec[i], "XTS")) {
|
||||
algo_parsed = 1;
|
||||
info.algo = FIPS_TEST_ALGO_AES_XTS;
|
||||
ret = parse_test_xts_init();
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -31,6 +31,7 @@ enum fips_test_algorithms {
|
||||
FIPS_TEST_ALGO_HMAC,
|
||||
FIPS_TEST_ALGO_TDES,
|
||||
FIPS_TEST_ALGO_SHA,
|
||||
FIPS_TEST_ALGO_AES_XTS,
|
||||
FIPS_TEST_ALGO_MAX
|
||||
};
|
||||
|
||||
@ -222,6 +223,9 @@ parse_test_ccm_init(void);
|
||||
int
|
||||
parse_test_sha_init(void);
|
||||
|
||||
int
|
||||
parse_test_xts_init(void);
|
||||
|
||||
int
|
||||
parser_read_uint8_hex(uint8_t *value, const char *p);
|
||||
|
||||
|
||||
119
examples/fips_validation/fips_validation_xts.c
Normal file
119
examples/fips_validation/fips_validation_xts.c
Normal file
@ -0,0 +1,119 @@
|
||||
/* SPDX-License-Identifier: BSD-3-Clause
|
||||
* Copyright (C) 2020 Marvell International Ltd.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
|
||||
#include <rte_cryptodev.h>
|
||||
|
||||
#include "fips_validation.h"
|
||||
|
||||
#define MODE_STR "XTS"
|
||||
#define ALGO_STR "test data for "
|
||||
#define OP_STR "State"
|
||||
#define KEY_SIZE_STR "Key Length : "
|
||||
|
||||
#define COUNT_STR "COUNT = "
|
||||
#define KEY_STR "Key = "
|
||||
#define IV_STR "i = "
|
||||
#define PT_STR "PT = "
|
||||
#define CT_STR "CT = "
|
||||
|
||||
#define OP_ENC_STR "ENCRYPT"
|
||||
#define OP_DEC_STR "DECRYPT"
|
||||
|
||||
static int
|
||||
parse_interim_xts_enc_dec(const char *key,
|
||||
__rte_unused char *text,
|
||||
__rte_unused struct fips_val *val)
|
||||
{
|
||||
if (strcmp(key, OP_ENC_STR) == 0)
|
||||
info.op = FIPS_TEST_ENC_AUTH_GEN;
|
||||
else if (strcmp(key, OP_DEC_STR) == 0)
|
||||
info.op = FIPS_TEST_DEC_AUTH_VERIF;
|
||||
else
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct fips_test_callback xts_tests_vectors[] = {
|
||||
{KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
|
||||
{IV_STR, parse_uint8_hex_str, &vec.iv},
|
||||
{PT_STR, parse_uint8_hex_str, &vec.pt},
|
||||
{CT_STR, parse_uint8_hex_str, &vec.ct},
|
||||
{NULL, NULL, NULL} /**< end pointer */
|
||||
};
|
||||
|
||||
struct fips_test_callback xts_tests_interim_vectors[] = {
|
||||
{OP_ENC_STR, parse_interim_xts_enc_dec, NULL},
|
||||
{OP_DEC_STR, parse_interim_xts_enc_dec, NULL},
|
||||
{NULL, NULL, NULL} /**< end pointer */
|
||||
};
|
||||
|
||||
struct fips_test_callback xts_writeback_callbacks[] = {
|
||||
/** First element is used to pass COUNT string */
|
||||
{COUNT_STR, NULL, NULL},
|
||||
{IV_STR, writeback_hex_str, &vec.iv},
|
||||
{KEY_STR, writeback_hex_str, &vec.cipher_auth.key},
|
||||
{PT_STR, writeback_hex_str, &vec.pt},
|
||||
{CT_STR, writeback_hex_str, &vec.ct},
|
||||
{NULL, NULL, NULL} /**< end pointer */
|
||||
};
|
||||
|
||||
static int
|
||||
parse_test_xts_writeback(struct fips_val *val)
|
||||
{
|
||||
if (info.op == FIPS_TEST_ENC_AUTH_GEN)
|
||||
fprintf(info.fp_wr, "%s", CT_STR);
|
||||
else
|
||||
fprintf(info.fp_wr, "%s", PT_STR);
|
||||
|
||||
parse_write_hex_str(val);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
rsp_test_xts_check(struct fips_val *val)
|
||||
{
|
||||
struct fips_val *data;
|
||||
if (info.op == FIPS_TEST_ENC_AUTH_GEN)
|
||||
data = &vec.ct;
|
||||
else
|
||||
data = &vec.pt;
|
||||
|
||||
if (memcmp(val->val, data->val, val->len) == 0)
|
||||
fprintf(info.fp_wr, "Success\n");
|
||||
else
|
||||
fprintf(info.fp_wr, "Failed\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
int parse_test_xts_init(void)
|
||||
{
|
||||
char *tmp;
|
||||
uint32_t i;
|
||||
for (i = 0; i < info.nb_vec_lines; i++) {
|
||||
char *line = info.vec[i];
|
||||
tmp = strstr(line, KEY_SIZE_STR);
|
||||
if (tmp) {
|
||||
tmp += (strlen(KEY_SIZE_STR) + strlen("AES"));
|
||||
if (parser_read_uint32(
|
||||
&info.interim_info.aes_data.key_len,
|
||||
tmp) < 0)
|
||||
return -EINVAL;
|
||||
info.interim_info.aes_data.key_len =
|
||||
(info.interim_info.aes_data.key_len*2) / 8;
|
||||
continue;
|
||||
}
|
||||
|
||||
}
|
||||
info.parse_writeback = parse_test_xts_writeback;
|
||||
info.callbacks = xts_tests_vectors;
|
||||
info.interim_callbacks = xts_tests_interim_vectors;
|
||||
info.writeback_callbacks = xts_writeback_callbacks;
|
||||
info.kat_check = rsp_test_xts_check;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -912,6 +912,46 @@ prepare_sha_xform(struct rte_crypto_sym_xform *xform)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
prepare_xts_xform(struct rte_crypto_sym_xform *xform)
|
||||
{
|
||||
const struct rte_cryptodev_symmetric_capability *cap;
|
||||
struct rte_cryptodev_sym_capability_idx cap_idx;
|
||||
struct rte_crypto_cipher_xform *cipher_xform = &xform->cipher;
|
||||
|
||||
xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
|
||||
|
||||
cipher_xform->algo = RTE_CRYPTO_CIPHER_AES_XTS;
|
||||
cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
|
||||
RTE_CRYPTO_CIPHER_OP_ENCRYPT :
|
||||
RTE_CRYPTO_CIPHER_OP_DECRYPT;
|
||||
cipher_xform->key.data = vec.cipher_auth.key.val;
|
||||
cipher_xform->key.length = vec.cipher_auth.key.len;
|
||||
cipher_xform->iv.length = vec.iv.len;
|
||||
cipher_xform->iv.offset = IV_OFF;
|
||||
|
||||
cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_XTS;
|
||||
cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
|
||||
|
||||
cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
|
||||
if (!cap) {
|
||||
RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
|
||||
env.dev_id);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (rte_cryptodev_sym_capability_check_cipher(cap,
|
||||
cipher_xform->key.length,
|
||||
cipher_xform->iv.length) != 0) {
|
||||
RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
|
||||
info.device_name, cipher_xform->key.length,
|
||||
cipher_xform->iv.length);
|
||||
return -EPERM;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
get_writeback_data(struct fips_val *val)
|
||||
{
|
||||
@ -1486,6 +1526,11 @@ init_test_ops(void)
|
||||
else
|
||||
test_ops.test = fips_generic_test;
|
||||
break;
|
||||
case FIPS_TEST_ALGO_AES_XTS:
|
||||
test_ops.prepare_op = prepare_cipher_op;
|
||||
test_ops.prepare_xform = prepare_xts_xform;
|
||||
test_ops.test = fips_generic_test;
|
||||
break;
|
||||
default:
|
||||
if (strstr(info.file_name, "TECB") ||
|
||||
strstr(info.file_name, "TCBC")) {
|
||||
|
||||
@ -17,6 +17,7 @@ sources = files(
|
||||
'fips_validation_cmac.c',
|
||||
'fips_validation_ccm.c',
|
||||
'fips_validation_sha.c',
|
||||
'fips_validation_xts.c',
|
||||
'fips_dev_self_test.c',
|
||||
'main.c'
|
||||
)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user