examples/fips_validation: support HMAC parsing

Added enablement for HMAC parser, to allow the
application to parser the hmac request files and to validate all
tests supported

Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>

doc/guides/sample_app_ug/fips_validation.rst

@@ -41,6 +41,7 @@ Limitations
 
 * Supported test vectors
     * AES-CBC (128,192,256) - GFSbox, KeySbox, MCT, MMT
+    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
 
 Application Information
 -----------------------

examples/fips_validation/Makefile

@@ -7,6 +7,7 @@ APP = fips_validation
 # all source are stored in SRCS-y
 SRCS-y := fips_validation.c
 SRCS-y += fips_validation_aes.c
+SRCS-y += fips_validation_hmac.c
 SRCS-y += main.c
 
 # Build using pkg-config variables if possible

examples/fips_validation/fips_validation.c

@@ -111,6 +111,11 @@ fips_test_parse_header(void)
 			ret = parse_test_aes_init();
 			if (ret < 0)
 				return ret;
+		} else if (strstr(info.vec[i], "HMAC")) {
+			info.algo = FIPS_TEST_ALGO_HMAC;
+			ret = parse_test_hmac_init();
+			if (ret < 0)
+				return ret;
 		}
 
 		tmp = strstr(info.vec[i], "# Config info for ");

examples/fips_validation/fips_validation.h

@@ -24,6 +24,7 @@
 
 enum fips_test_algorithms {
 		FIPS_TEST_ALGO_AES = 0,
+		FIPS_TEST_ALGO_HMAC,
 		FIPS_TEST_ALGO_MAX
 };
 
@@ -93,6 +94,10 @@ struct aesavs_interim_data {
 	uint32_t key_len;
 };
 
+struct hmac_interim_data {
+	enum rte_crypto_auth_algorithm algo;
+};
+
 struct fips_test_interim_info {
 	FILE *fp_rd;
 	FILE *fp_wr;
@@ -105,6 +110,7 @@ struct fips_test_interim_info {
 
 	union {
 		struct aesavs_interim_data aes_data;
+		struct hmac_interim_data hmac_data;
 
 	} interim_info;
 
@@ -140,6 +146,9 @@ fips_test_write_one_case(void);
 int
 parse_test_aes_init(void);
 
+int
+parse_test_hmac_init(void);
+
 int
 parser_read_uint8_hex(uint8_t *value, const char *p);
 

examples/fips_validation/fips_validation_hmac.c

@@ -0,0 +1,105 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+
+#include <rte_cryptodev.h>
+
+#include "fips_validation.h"
+
+#define ALGO_PREFIX	"[L="
+#define KEYLEN_STR	"Klen = "
+#define TAGLEN_STR	"Tlen = "
+
+#define COUNT_STR	"Count = "
+#define KEY_STR		"Key = "
+#define PT_STR		"Msg = "
+#define TAG_STR		"Mac = "
+
+struct hash_size_conversion {
+	const char *str;
+	enum rte_crypto_auth_algorithm algo;
+} hsc[] = {
+		{"20", RTE_CRYPTO_AUTH_SHA1_HMAC},
+		{"28", RTE_CRYPTO_AUTH_SHA224_HMAC},
+		{"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
+		{"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
+		{"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
+};
+
+static int
+parse_interim_algo(__attribute__((__unused__)) const char *key,
+		char *text,
+		__attribute__((__unused__)) struct fips_val *val)
+{
+
+	uint32_t i;
+
+	for (i = 0; i < RTE_DIM(hsc); i++) {
+		if (strstr(text, hsc[i].str)) {
+			info.interim_info.hmac_data.algo = hsc[i].algo;
+			break;
+		}
+	}
+
+	if (i == RTE_DIM(hsc))
+		return -1;
+
+	return 0;
+}
+
+struct fips_test_callback hmac_tests_vectors[] = {
+		{KEYLEN_STR, parser_read_uint32_val, &vec.cipher_auth.key},
+		{TAGLEN_STR, parser_read_uint32_val, &vec.cipher_auth.digest},
+		{KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
+		{PT_STR, parse_uint8_hex_str, &vec.pt},
+		{TAG_STR, parse_uint8_hex_str, &vec.cipher_auth.digest},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback hmac_tests_interim_vectors[] = {
+		{ALGO_PREFIX, parse_interim_algo, NULL},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_hmac_writeback(struct fips_val *val)
+{
+	struct fips_val val_local;
+
+	fprintf(info.fp_wr, "%s", TAG_STR);
+
+	val_local.val = val->val + vec.pt.len;
+	val_local.len = vec.cipher_auth.digest.len;
+
+	parse_write_hex_str(&val_local);
+	return 0;
+}
+
+static int
+rsp_test_hmac_check(struct fips_val *val)
+{
+	if (memcmp(val->val + vec.pt.len, vec.cipher_auth.digest.val,
+			vec.cipher_auth.digest.len) == 0)
+		fprintf(info.fp_wr, "Success\n");
+	else
+		fprintf(info.fp_wr, "Failed\n");
+
+	return 0;
+}
+
+int
+parse_test_hmac_init(void)
+{
+	info.op = FIPS_TEST_ENC_AUTH_GEN;
+	info.parse_writeback = parse_test_hmac_writeback;
+	info.callbacks = hmac_tests_vectors;
+	info.interim_callbacks = hmac_tests_interim_vectors;
+	info.writeback_callbacks = NULL;
+	info.kat_check = rsp_test_hmac_check;
+
+	return 0;
+}

examples/fips_validation/main.c

@@ -400,6 +400,67 @@ prepare_cipher_op(void)
 	return 0;
 }
 
+static int
+prepare_auth_op(void)
+{
+	struct rte_crypto_sym_op *sym = env.op->sym;
+
+	__rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+	rte_pktmbuf_reset(env.mbuf);
+
+	sym->m_src = env.mbuf;
+	sym->auth.data.offset = 0;
+
+	if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+		uint8_t *pt;
+
+		if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) {
+			RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len);
+			return -EPERM;
+		}
+
+		pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.pt.len +
+				vec.cipher_auth.digest.len);
+
+		if (!pt) {
+			RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
+					-ENOMEM);
+			return -ENOMEM;
+		}
+
+		memcpy(pt, vec.pt.val, vec.pt.len);
+		sym->auth.data.length = vec.pt.len;
+		sym->auth.digest.data = pt + vec.pt.len;
+		sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+				env.mbuf, vec.pt.len);
+
+	} else {
+		uint8_t *ct;
+
+		if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) {
+			RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len);
+			return -EPERM;
+		}
+
+		ct = (uint8_t *)rte_pktmbuf_append(env.mbuf,
+				vec.ct.len + vec.cipher_auth.digest.len);
+
+		if (!ct) {
+			RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
+					-ENOMEM);
+			return -ENOMEM;
+		}
+
+		memcpy(ct, vec.ct.val, vec.ct.len);
+		sym->auth.data.length = vec.ct.len;
+		sym->auth.digest.data = vec.cipher_auth.digest.val;
+		sym->auth.digest.phys_addr = rte_malloc_virt2iova(
+				sym->auth.digest.data);
+	}
+
+	rte_crypto_op_attach_sym_session(env.op, env.sess);
+}
+
 static int
 prepare_aes_xform(struct rte_crypto_sym_xform *xform)
 {
@@ -440,6 +501,43 @@ prepare_aes_xform(struct rte_crypto_sym_xform *xform)
 	return 0;
 }
 
+static int
+prepare_hmac_xform(struct rte_crypto_sym_xform *xform)
+{
+	const struct rte_cryptodev_symmetric_capability *cap;
+	struct rte_cryptodev_sym_capability_idx cap_idx;
+	struct rte_crypto_auth_xform *auth_xform = &xform->auth;
+
+	xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+	auth_xform->algo = info.interim_info.hmac_data.algo;
+	auth_xform->op = RTE_CRYPTO_AUTH_OP_GENERATE;
+	auth_xform->digest_length = vec.cipher_auth.digest.len;
+	auth_xform->key.data = vec.cipher_auth.key.val;
+	auth_xform->key.length = vec.cipher_auth.key.len;
+
+	cap_idx.algo.auth = auth_xform->algo;
+	cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+	cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+	if (!cap) {
+		RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+				env.dev_id);
+		return -EINVAL;
+	}
+
+	if (rte_cryptodev_sym_capability_check_auth(cap,
+			auth_xform->key.length,
+			auth_xform->digest_length, 0) != 0) {
+		RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+				info.device_name, auth_xform->key.length,
+				auth_xform->digest_length);
+		return -EPERM;
+	}
+
+	return 0;
+}
+
 static void
 get_writeback_data(struct fips_val *val)
 {
@@ -655,6 +753,11 @@ init_test_ops(void)
 		else
 			test_ops.test = fips_generic_test;
 		break;
+	case FIPS_TEST_ALGO_HMAC:
+		test_ops.prepare_op = prepare_auth_op;
+		test_ops.prepare_xform = prepare_hmac_xform;
+		test_ops.test = fips_generic_test;
+		break;
 
 	default:
 		return -1;

examples/fips_validation/meson.build

@@ -11,5 +11,6 @@ allow_experimental_apis = true
 sources = files(
 	'fips_validation_aes.c',
 	'fips_validation.c',
+	'fips_validation_hmac.c',
 	'main.c'
 )