When this example started using rte_cryptodev_sym_session_pool_create,
the part for pkg-config builds was not updated.
Fixes: 261bbff75e34 ("examples: use separate crypto session mempools")
Cc: stable@dpdk.org
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
This patch fixes FIPS GCM test of the redundant plaintext string
write and insufficient test case support check for some corner
cases.
Fixes: d09abf2d1007 ("examples/fips_validation: update GCM test")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
This patch fixes the missing version line in the response file.
Fixes: 793650184099 ("examples/fips_validation: fix version compatibility")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
The wb_data variable went out of scope on failure in the
get_writeback_data function. This is now freed before returning -1.
Coverity issue: 363453
Fixes: 952e10cdad5e ("examples/fips_validation: support scatter gather list")
Signed-off-by: Ciara Power <ciara.power@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
The return value was not being checked when calling the
get_writeback_data function in the AES test case. On failure, this led
to a NULL dereference when using memcpy later. The return value is now
checked to avoid this NULL dereference.
Coverity issue: 363463
Fixes: 952e10cdad5e ("examples/fips_validation: support scatter gather list")
Signed-off-by: Ciara Power <ciara.power@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
This patch updates fips validation GCM test capabilities:
- In NIST GCMVS spec GMAC test vectors are the GCM ones with
plaintext length as 0 and uses AAD as input data. Originally
fips_validation tests treats them both as GCM test vectors.
This patch introduce automatic test type recognition between
the two: when plaintext length is 0 the prepare_gmac_xform
and prepare_auth_op functions are called, otherwise
prepare_gcm_xform and prepare_aead_op functions are called.
- NIST GCMVS also specified externally or internally IV
generation. When IV is to be generated by IUT internally IUT
shall store the generated IV in the response file. This patch
also adds the support to that.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Weqaar Janjua <weqaar.a.janjua@intel.com>
Acked-by: John Griffin <john.griffin@intel.com>
This patch adds SGL support to FIPS sample application.
Originally the application allocates single mbuf of 64KB - 1
bytes data room. With the change the user may reduce the
mbuf dataroom size by using the add cmdline option. If the
input test data is longer than the user provided data room
size the application will automatically build chained mbufs
for the target cryptodev PMD to test.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: John Griffin <john.griffin@intel.com>
Make it possible to pass the self-tests when no req path is set.
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
If the file name is larger than MAX_STRING_SIZE (64), strcpy()
will overwrite the content of memory.
Replace strcpy() by rte_strscpy(), check its return value, and
increase file_name size to 256.
Fixes: 3d0fad56b74a ("examples/fips_validation: add crypto FIPS application")
Cc: stable@dpdk.org
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Remove the deprecated functions
- rte_mbuf_data_dma_addr
- rte_mbuf_data_dma_addr_default
which aliased the more recent functions
- rte_mbuf_data_iova
- rte_mbuf_data_iova_default
Remove the deprecated macros
- rte_pktmbuf_mtophys
- rte_pktmbuf_mtophys_offset
which aliased the more recent macros
- rte_pktmbuf_iova
- rte_pktmbuf_iova_offset
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
The example app makefiles contained sections using the legacy method of
compiling with make. These are no longer needed, and are removed,
leaving only the section that uses pkg-config for the make build.
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Nicolas Chautru <nicolas.chautru@intel.com>
Application updates first line of each test vector with
COUNT = i(where i = 1,2,3..) assuming first line contains
COUNT string. But few of the TDES input test vectors don't
contain COUNT string and thus COUNT is getting overwritten on
other data.
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Processing of test vector for COUNT = 0 is getting skipped, as
some of the NIST TDES files doesn't have an empty line after
[ENCRYPT]/[DECRYPT] and thus treated as an interim block.
Parse function now identifies such blocks, separates out interim
and test vector data, and then parses each with their respective
callbacks.
Fixes: 3d0fad56b74a ("examples/fips_validation: add crypto FIPS application")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Fix missing callback registration and the incorrect
callback definition for interim NK_STR. The callback
should compare input key against the interim.
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Rather than setting -Bstatic in the linker flags when doing a static link,
and then having to explicitly set -Bdynamic again afterwards, we can update
the pkg-config file to use -l:libfoo.a syntax to explicitly refer to the
static library in question. Since this syntax is not supported by meson's
pkg-config module directly, we can post-process the .pc files instead to
adjust them.
Once done, we can simplify the examples' makefiles and the docs by removing
the explicit static flag.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
Acked-by: Sunil Pai G <sunil.pai.g@intel.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Few of the NIST TDES test files don't contain TDES string.
Added indicators to identify such files. These indicators
are part of only NIST TDES test vector files.
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
There is a common macro __rte_unused, avoiding warnings,
which is now used where appropriate for consistency.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
The NIST test vectors use the string 'PTlen' to denote text lengths
in case of encrypt & decrypt operations. So the same string needs to be
used while parsing PT and CT.
Fixes: 2adb3b4e7e54 ("examples/fips_validation: fix AES-GCM cipher length parsing")
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes the cipher len keyword typo.
Fixes: 07f5e4553293 ("examples/fips_validation: fix cipher length for AES-GCM")
Suggested-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: David Marchand <david.marchand@redhat.com>
AES XTS support is added to fips application. Parse test-vectors
from input files, populate AES XTS tests and prepare AES XTS
operations for fips validation.
Signed-off-by: Abed Kamaluddin <akamaluddin@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
Cipher length need to be updated in case of AES-GCM decryption.
Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Test vectors for AES-GCM need to be populated by using aead member
and not cipher_auth. Using incorrect member would result in failures
when AES-GCM with non-zero AAD is tried.
Bugzilla ID: 360
Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
Some versions of pkg-config don't support the --path flag, which is not a
fatal error when building the apps. Without the flag, the makefile just
cannot track the .pc file of DPDK as a dependency of the build. Therefore,
we can ignore the error and suppress it by redirecting to /dev/null the
stderr from that call to pkg-config.
Fixes: 22119c4591a0 ("examples: use pkg-config in makefiles")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Not all versions of pkg-config in distros have support for the
--define-prefix flag [1], causing errors when building examples manually or
with test-meson-builds.sh script [2].
For the former case, we need to remove the hard-coded use of the flag in
the Makefiles.
For the latter case, the flag is necessary for builds to succeed, so we
skip the tests when it's not present, passing it as part of the pkg-config
command if it is supported.
[1]
CentOS Linux release 7.7.1908 (Core)
pkg-config version 0.27.1
[2]
## Building cmdline
Unknown option --define-prefix
gmake: Entering directory
`...ild-x86-default/install-root/usr/local/share/dpdk/examples/cmdline'
rm -f build/cmdline build/cmdline-static build/cmdline-shared
test -d build && rmdir -p build || true
Unknown option --define-prefix
Unknown option --define-prefix
gcc -O3 main.c commands.c parse_obj_list.c -o build/cmdline-shared
main.c:14:28: fatal error: cmdline_rdline.h: No such file or directory
Fixes: ca9268529d2b ("examples: support relocated DPDK install")
Fixes: 7f80a2102bbb ("devtools: test pkg-config file")
Cc: stable@dpdk.org
Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Fixes: f64adb6714e0 ("examples/fips_validation: support HMAC parsing")
Cc: stable@dpdk.org
This patch fixes the incorrect mbuf write and digest memory leak in
fips_validation authentication verify.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Separate initialization of IV, PT and CT according to TDES
ECB and CBC crypto modes
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
Reviewed-by: Marko Kovacevic <marko.kovacevic@intel.com>
One issue caught by Coverity 343408
*deref_parm: Directly dereferencing parameter val->val.
In writeback_tdes_hex_str(), tmp_val is initialised to null.
tmp_val.val is updated only if keys are found.
If keys are not found,it doesn't fails but continues
to invoke writeback_hex_str(),where val->val is accessed
without null check.
The fix is to return the error,
if keys are not found in writeback_tdes_hex_str().
Coverity issue: 343408
Fixes: 527cbf3d5e ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Adding a new field, ff_disable, to allow applications to control the
features enabled on the crypto device. This would allow for efficient
usage of HW/SW offloads.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Make versions before 4.2 did not have support for the .SHELLSTATUS
variable, so use another method to detect shell success.
Fixes: 22119c4591a0 ("examples: use pkg-config in makefiles")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
For testing of DPDK, we want to override the prefix given by the
pkg-config file, so that we can get correct paths for DPDK installed
in an unusual location.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
The "make clean" command had a number of issues:
- the "--ignore-fail-on-non-empty" flag is not present on BSD
- the call to remove the build folder would fail if there was no build
folder present.
These are fixed by only removing the build folder if it exists, and by
using -p flag to rmdir in place of --ignore-fail-on-non-empty
Fixes: 22119c4591a0 ("examples: use pkg-config in makefiles")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
As a result of the cmac test running the test where
PT len is 65536 it should give a result back to the
user USER1: Error -1: Prepare op USER1: PT len 65536
as this MSG len is not supported. Issue was
that the application was not freeing the op properly after
a while causing the app to fail.
CRYPTODEV: rte_cryptodev_sym_session_create() line 1340:
couldn't get object from session mempool
USER1: Error -12: test block
USER1: Error -12: Failed test CMAC/req/CMAC.req
Fixes: cd255ccf5764 ("examples/fips_validation: support AES parsing")
Cc: stable@dpdk.org
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Application was failing as the HMAC and
Plain SHA fips request files are similar in a
way that they both have SHA- in the top section to
determine the hash algo and hash sizes. And HMAC having the
algo in the second line but the Plain SHA in the third
meant that when the HMAC files was used once it parsed the third
line Plain SHA was set as the algo and not HMAC.
USER1: Failed to get capability for cdev 0
USER1: Error -22: test block
[L=20 SHAAlg=SHA_2]
USER1: Error -22: Failed test /root/FIPS/HMAC/req/HMAC.req
Fixes: f4797bae0050 ("examples/fips_validation: support plain SHA")
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Most examples have in their makefiles a default RTE_TARGET directory to be
used in case RTE_TARGET is not set. Rather than just using a hard-coded
default, we can instead detect what the build directory is relative to
RTE_SDK directory.
This fixes a potential issue for anyone who continues to build using
"make install T=x86_64-native-linuxapp-gcc" and skips setting RTE_TARGET
explicitly, instead relying on the fact that they were building in a
directory which corresponded to the example default path - which was
changed to "x86_64-native-linux-gcc" by commit 218c4e68c1d9 ("mk: use
linux and freebsd in config names").
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
This patch enables plain SHA algorithm CAVP test support
in fips_validation sample application.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Rather than using linuxapp and bsdapp everywhere, we can change things to
use the, more readable, terms "linux" and "freebsd" in our build configs.
Rather than renaming the configs we can just duplicate the existing ones
with the new names using symlinks, and use the new names exclusively
internally. ["make showconfigs" also only shows the new names to keep the
list short] The result is that backward compatibility is kept fully but any
new builds or development can be done using the newer names, i.e. both
"make config T=x86_64-native-linuxapp-gcc" and "T=x86_64-native-linux-gcc"
work.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
This patch fixes the missed digest and aad data physical
addresses filling to crypto operations in fips_validation
sample application.
Fixes: 41d561cbdd24 ("examples/fips_validation: add power on self test")
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
This patch fixes the incorrect session private mempool passing
to cryptodev.
Fixes: 41d561cbdd24 ("examples/fips_validation: add power on self test")
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds a sample power on self-test to fips_validate
sample application.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch uses the two session mempool approach to all cryptodev
sample applications. One mempool is for session header objects, and
the other is for session private data.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch changes the cryptodev queue pair configure structure
to enable two mempool passed into cryptodev PMD simutaneously.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Fixing a bug raised in coverity using uninitialized value.
Coverity issue: 325881
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Fixed compilation issue with variable which may
be used uninitialized.
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
The example was not added to the Makefile and there are some
compilation errors:
examples/fips_validation/main.c: In function ‘prepare_aead_op’:
error: control reaches end of non-void function
examples/fips_validation/main.c: In function ‘prepare_auth_op’:
error: control reaches end of non-void function
Fixes: 3d0fad56b74a ("examples/fips_validation: add crypto FIPS application")
Fixes: f64adb6714e0 ("examples/fips_validation: support HMAC parsing")
Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Added enablement for CCM parser, to allow the
application to parser the ccm request files and to validate all
test types supported.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>