From f64adb6714e07daf2a1d4fe3ee3172f3f4a80c07 Mon Sep 17 00:00:00 2001 From: Marko Kovacevic Date: Fri, 2 Nov 2018 09:55:30 +0000 Subject: [PATCH] examples/fips_validation: support HMAC parsing Added enablement for HMAC parser, to allow the application to parser the hmac request files and to validate all tests supported Signed-off-by: Marko Kovacevic Signed-off-by: Fan Zhang Acked-by: Arek Kusztal Reviewed-by: Akhil Goyal --- doc/guides/sample_app_ug/fips_validation.rst | 1 + examples/fips_validation/Makefile | 1 + examples/fips_validation/fips_validation.c | 5 + examples/fips_validation/fips_validation.h | 9 ++ .../fips_validation/fips_validation_hmac.c | 105 ++++++++++++++++++ examples/fips_validation/main.c | 103 +++++++++++++++++ examples/fips_validation/meson.build | 1 + 7 files changed, 225 insertions(+) create mode 100644 examples/fips_validation/fips_validation_hmac.c diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst index 05804fcd3c..272e808f09 100644 --- a/doc/guides/sample_app_ug/fips_validation.rst +++ b/doc/guides/sample_app_ug/fips_validation.rst @@ -41,6 +41,7 @@ Limitations * Supported test vectors * AES-CBC (128,192,256) - GFSbox, KeySbox, MCT, MMT + * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512) Application Information ----------------------- diff --git a/examples/fips_validation/Makefile b/examples/fips_validation/Makefile index 1eb1bc5c71..0d76101424 100644 --- a/examples/fips_validation/Makefile +++ b/examples/fips_validation/Makefile @@ -7,6 +7,7 @@ APP = fips_validation # all source are stored in SRCS-y SRCS-y := fips_validation.c SRCS-y += fips_validation_aes.c +SRCS-y += fips_validation_hmac.c SRCS-y += main.c # Build using pkg-config variables if possible diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c index dba26d8b9d..24307b6f04 100644 --- a/examples/fips_validation/fips_validation.c +++ b/examples/fips_validation/fips_validation.c @@ -111,6 +111,11 @@ fips_test_parse_header(void) ret = parse_test_aes_init(); if (ret < 0) return ret; + } else if (strstr(info.vec[i], "HMAC")) { + info.algo = FIPS_TEST_ALGO_HMAC; + ret = parse_test_hmac_init(); + if (ret < 0) + return ret; } tmp = strstr(info.vec[i], "# Config info for "); diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index e947de1f9a..f9e3a3b084 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -24,6 +24,7 @@ enum fips_test_algorithms { FIPS_TEST_ALGO_AES = 0, + FIPS_TEST_ALGO_HMAC, FIPS_TEST_ALGO_MAX }; @@ -93,6 +94,10 @@ struct aesavs_interim_data { uint32_t key_len; }; +struct hmac_interim_data { + enum rte_crypto_auth_algorithm algo; +}; + struct fips_test_interim_info { FILE *fp_rd; FILE *fp_wr; @@ -105,6 +110,7 @@ struct fips_test_interim_info { union { struct aesavs_interim_data aes_data; + struct hmac_interim_data hmac_data; } interim_info; @@ -140,6 +146,9 @@ fips_test_write_one_case(void); int parse_test_aes_init(void); +int +parse_test_hmac_init(void); + int parser_read_uint8_hex(uint8_t *value, const char *p); diff --git a/examples/fips_validation/fips_validation_hmac.c b/examples/fips_validation/fips_validation_hmac.c new file mode 100644 index 0000000000..97ac7186e5 --- /dev/null +++ b/examples/fips_validation/fips_validation_hmac.c @@ -0,0 +1,105 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2018 Intel Corporation + */ + +#include +#include +#include + +#include + +#include "fips_validation.h" + +#define ALGO_PREFIX "[L=" +#define KEYLEN_STR "Klen = " +#define TAGLEN_STR "Tlen = " + +#define COUNT_STR "Count = " +#define KEY_STR "Key = " +#define PT_STR "Msg = " +#define TAG_STR "Mac = " + +struct hash_size_conversion { + const char *str; + enum rte_crypto_auth_algorithm algo; +} hsc[] = { + {"20", RTE_CRYPTO_AUTH_SHA1_HMAC}, + {"28", RTE_CRYPTO_AUTH_SHA224_HMAC}, + {"32", RTE_CRYPTO_AUTH_SHA256_HMAC}, + {"48", RTE_CRYPTO_AUTH_SHA384_HMAC}, + {"64", RTE_CRYPTO_AUTH_SHA512_HMAC}, +}; + +static int +parse_interim_algo(__attribute__((__unused__)) const char *key, + char *text, + __attribute__((__unused__)) struct fips_val *val) +{ + + uint32_t i; + + for (i = 0; i < RTE_DIM(hsc); i++) { + if (strstr(text, hsc[i].str)) { + info.interim_info.hmac_data.algo = hsc[i].algo; + break; + } + } + + if (i == RTE_DIM(hsc)) + return -1; + + return 0; +} + +struct fips_test_callback hmac_tests_vectors[] = { + {KEYLEN_STR, parser_read_uint32_val, &vec.cipher_auth.key}, + {TAGLEN_STR, parser_read_uint32_val, &vec.cipher_auth.digest}, + {KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key}, + {PT_STR, parse_uint8_hex_str, &vec.pt}, + {TAG_STR, parse_uint8_hex_str, &vec.cipher_auth.digest}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +struct fips_test_callback hmac_tests_interim_vectors[] = { + {ALGO_PREFIX, parse_interim_algo, NULL}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +static int +parse_test_hmac_writeback(struct fips_val *val) +{ + struct fips_val val_local; + + fprintf(info.fp_wr, "%s", TAG_STR); + + val_local.val = val->val + vec.pt.len; + val_local.len = vec.cipher_auth.digest.len; + + parse_write_hex_str(&val_local); + return 0; +} + +static int +rsp_test_hmac_check(struct fips_val *val) +{ + if (memcmp(val->val + vec.pt.len, vec.cipher_auth.digest.val, + vec.cipher_auth.digest.len) == 0) + fprintf(info.fp_wr, "Success\n"); + else + fprintf(info.fp_wr, "Failed\n"); + + return 0; +} + +int +parse_test_hmac_init(void) +{ + info.op = FIPS_TEST_ENC_AUTH_GEN; + info.parse_writeback = parse_test_hmac_writeback; + info.callbacks = hmac_tests_vectors; + info.interim_callbacks = hmac_tests_interim_vectors; + info.writeback_callbacks = NULL; + info.kat_check = rsp_test_hmac_check; + + return 0; +} diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index 1f1ba999fb..da31d6aad9 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -400,6 +400,67 @@ prepare_cipher_op(void) return 0; } +static int +prepare_auth_op(void) +{ + struct rte_crypto_sym_op *sym = env.op->sym; + + __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC); + rte_pktmbuf_reset(env.mbuf); + + sym->m_src = env.mbuf; + sym->auth.data.offset = 0; + + if (info.op == FIPS_TEST_ENC_AUTH_GEN) { + uint8_t *pt; + + if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) { + RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len); + return -EPERM; + } + + pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.pt.len + + vec.cipher_auth.digest.len); + + if (!pt) { + RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n", + -ENOMEM); + return -ENOMEM; + } + + memcpy(pt, vec.pt.val, vec.pt.len); + sym->auth.data.length = vec.pt.len; + sym->auth.digest.data = pt + vec.pt.len; + sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset( + env.mbuf, vec.pt.len); + + } else { + uint8_t *ct; + + if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) { + RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len); + return -EPERM; + } + + ct = (uint8_t *)rte_pktmbuf_append(env.mbuf, + vec.ct.len + vec.cipher_auth.digest.len); + + if (!ct) { + RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n", + -ENOMEM); + return -ENOMEM; + } + + memcpy(ct, vec.ct.val, vec.ct.len); + sym->auth.data.length = vec.ct.len; + sym->auth.digest.data = vec.cipher_auth.digest.val; + sym->auth.digest.phys_addr = rte_malloc_virt2iova( + sym->auth.digest.data); + } + + rte_crypto_op_attach_sym_session(env.op, env.sess); +} + static int prepare_aes_xform(struct rte_crypto_sym_xform *xform) { @@ -440,6 +501,43 @@ prepare_aes_xform(struct rte_crypto_sym_xform *xform) return 0; } +static int +prepare_hmac_xform(struct rte_crypto_sym_xform *xform) +{ + const struct rte_cryptodev_symmetric_capability *cap; + struct rte_cryptodev_sym_capability_idx cap_idx; + struct rte_crypto_auth_xform *auth_xform = &xform->auth; + + xform->type = RTE_CRYPTO_SYM_XFORM_AUTH; + + auth_xform->algo = info.interim_info.hmac_data.algo; + auth_xform->op = RTE_CRYPTO_AUTH_OP_GENERATE; + auth_xform->digest_length = vec.cipher_auth.digest.len; + auth_xform->key.data = vec.cipher_auth.key.val; + auth_xform->key.length = vec.cipher_auth.key.len; + + cap_idx.algo.auth = auth_xform->algo; + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; + + cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx); + if (!cap) { + RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n", + env.dev_id); + return -EINVAL; + } + + if (rte_cryptodev_sym_capability_check_auth(cap, + auth_xform->key.length, + auth_xform->digest_length, 0) != 0) { + RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n", + info.device_name, auth_xform->key.length, + auth_xform->digest_length); + return -EPERM; + } + + return 0; +} + static void get_writeback_data(struct fips_val *val) { @@ -655,6 +753,11 @@ init_test_ops(void) else test_ops.test = fips_generic_test; break; + case FIPS_TEST_ALGO_HMAC: + test_ops.prepare_op = prepare_auth_op; + test_ops.prepare_xform = prepare_hmac_xform; + test_ops.test = fips_generic_test; + break; default: return -1; diff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build index fb205413c8..57bcf81774 100644 --- a/examples/fips_validation/meson.build +++ b/examples/fips_validation/meson.build @@ -11,5 +11,6 @@ allow_experimental_apis = true sources = files( 'fips_validation_aes.c', 'fips_validation.c', + 'fips_validation_hmac.c', 'main.c' )