Application updates first line of each test vector with
COUNT = i(where i = 1,2,3..) assuming first line contains
COUNT string. But few of the TDES input test vectors don't
contain COUNT string and thus COUNT is getting overwritten on
other data.
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Processing of test vector for COUNT = 0 is getting skipped, as
some of the NIST TDES files doesn't have an empty line after
[ENCRYPT]/[DECRYPT] and thus treated as an interim block.
Parse function now identifies such blocks, separates out interim
and test vector data, and then parses each with their respective
callbacks.
Fixes: 3d0fad56b74a ("examples/fips_validation: add crypto FIPS application")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Fix missing callback registration and the incorrect
callback definition for interim NK_STR. The callback
should compare input key against the interim.
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Rather than setting -Bstatic in the linker flags when doing a static link,
and then having to explicitly set -Bdynamic again afterwards, we can update
the pkg-config file to use -l:libfoo.a syntax to explicitly refer to the
static library in question. Since this syntax is not supported by meson's
pkg-config module directly, we can post-process the .pc files instead to
adjust them.
Once done, we can simplify the examples' makefiles and the docs by removing
the explicit static flag.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
Acked-by: Sunil Pai G <sunil.pai.g@intel.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Few of the NIST TDES test files don't contain TDES string.
Added indicators to identify such files. These indicators
are part of only NIST TDES test vector files.
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
There is a common macro __rte_unused, avoiding warnings,
which is now used where appropriate for consistency.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
The NIST test vectors use the string 'PTlen' to denote text lengths
in case of encrypt & decrypt operations. So the same string needs to be
used while parsing PT and CT.
Fixes: 2adb3b4e7e54 ("examples/fips_validation: fix AES-GCM cipher length parsing")
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes the cipher len keyword typo.
Fixes: 07f5e4553293 ("examples/fips_validation: fix cipher length for AES-GCM")
Suggested-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: David Marchand <david.marchand@redhat.com>
AES XTS support is added to fips application. Parse test-vectors
from input files, populate AES XTS tests and prepare AES XTS
operations for fips validation.
Signed-off-by: Abed Kamaluddin <akamaluddin@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
Cipher length need to be updated in case of AES-GCM decryption.
Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")
Cc: stable@dpdk.org
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Test vectors for AES-GCM need to be populated by using aead member
and not cipher_auth. Using incorrect member would result in failures
when AES-GCM with non-zero AAD is tried.
Bugzilla ID: 360
Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
Some versions of pkg-config don't support the --path flag, which is not a
fatal error when building the apps. Without the flag, the makefile just
cannot track the .pc file of DPDK as a dependency of the build. Therefore,
we can ignore the error and suppress it by redirecting to /dev/null the
stderr from that call to pkg-config.
Fixes: 22119c4591a0 ("examples: use pkg-config in makefiles")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Not all versions of pkg-config in distros have support for the
--define-prefix flag [1], causing errors when building examples manually or
with test-meson-builds.sh script [2].
For the former case, we need to remove the hard-coded use of the flag in
the Makefiles.
For the latter case, the flag is necessary for builds to succeed, so we
skip the tests when it's not present, passing it as part of the pkg-config
command if it is supported.
[1]
CentOS Linux release 7.7.1908 (Core)
pkg-config version 0.27.1
[2]
## Building cmdline
Unknown option --define-prefix
gmake: Entering directory
`...ild-x86-default/install-root/usr/local/share/dpdk/examples/cmdline'
rm -f build/cmdline build/cmdline-static build/cmdline-shared
test -d build && rmdir -p build || true
Unknown option --define-prefix
Unknown option --define-prefix
gcc -O3 main.c commands.c parse_obj_list.c -o build/cmdline-shared
main.c:14:28: fatal error: cmdline_rdline.h: No such file or directory
Fixes: ca9268529d2b ("examples: support relocated DPDK install")
Fixes: 7f80a2102bbb ("devtools: test pkg-config file")
Cc: stable@dpdk.org
Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Fixes: f64adb6714e0 ("examples/fips_validation: support HMAC parsing")
Cc: stable@dpdk.org
This patch fixes the incorrect mbuf write and digest memory leak in
fips_validation authentication verify.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Separate initialization of IV, PT and CT according to TDES
ECB and CBC crypto modes
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
Reviewed-by: Marko Kovacevic <marko.kovacevic@intel.com>
One issue caught by Coverity 343408
*deref_parm: Directly dereferencing parameter val->val.
In writeback_tdes_hex_str(), tmp_val is initialised to null.
tmp_val.val is updated only if keys are found.
If keys are not found,it doesn't fails but continues
to invoke writeback_hex_str(),where val->val is accessed
without null check.
The fix is to return the error,
if keys are not found in writeback_tdes_hex_str().
Coverity issue: 343408
Fixes: 527cbf3d5e ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Adding a new field, ff_disable, to allow applications to control the
features enabled on the crypto device. This would allow for efficient
usage of HW/SW offloads.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Make versions before 4.2 did not have support for the .SHELLSTATUS
variable, so use another method to detect shell success.
Fixes: 22119c4591a0 ("examples: use pkg-config in makefiles")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
For testing of DPDK, we want to override the prefix given by the
pkg-config file, so that we can get correct paths for DPDK installed
in an unusual location.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
The "make clean" command had a number of issues:
- the "--ignore-fail-on-non-empty" flag is not present on BSD
- the call to remove the build folder would fail if there was no build
folder present.
These are fixed by only removing the build folder if it exists, and by
using -p flag to rmdir in place of --ignore-fail-on-non-empty
Fixes: 22119c4591a0 ("examples: use pkg-config in makefiles")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
As a result of the cmac test running the test where
PT len is 65536 it should give a result back to the
user USER1: Error -1: Prepare op USER1: PT len 65536
as this MSG len is not supported. Issue was
that the application was not freeing the op properly after
a while causing the app to fail.
CRYPTODEV: rte_cryptodev_sym_session_create() line 1340:
couldn't get object from session mempool
USER1: Error -12: test block
USER1: Error -12: Failed test CMAC/req/CMAC.req
Fixes: cd255ccf5764 ("examples/fips_validation: support AES parsing")
Cc: stable@dpdk.org
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Application was failing as the HMAC and
Plain SHA fips request files are similar in a
way that they both have SHA- in the top section to
determine the hash algo and hash sizes. And HMAC having the
algo in the second line but the Plain SHA in the third
meant that when the HMAC files was used once it parsed the third
line Plain SHA was set as the algo and not HMAC.
USER1: Failed to get capability for cdev 0
USER1: Error -22: test block
[L=20 SHAAlg=SHA_2]
USER1: Error -22: Failed test /root/FIPS/HMAC/req/HMAC.req
Fixes: f4797bae0050 ("examples/fips_validation: support plain SHA")
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Most examples have in their makefiles a default RTE_TARGET directory to be
used in case RTE_TARGET is not set. Rather than just using a hard-coded
default, we can instead detect what the build directory is relative to
RTE_SDK directory.
This fixes a potential issue for anyone who continues to build using
"make install T=x86_64-native-linuxapp-gcc" and skips setting RTE_TARGET
explicitly, instead relying on the fact that they were building in a
directory which corresponded to the example default path - which was
changed to "x86_64-native-linux-gcc" by commit 218c4e68c1d9 ("mk: use
linux and freebsd in config names").
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
This patch enables plain SHA algorithm CAVP test support
in fips_validation sample application.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Rather than using linuxapp and bsdapp everywhere, we can change things to
use the, more readable, terms "linux" and "freebsd" in our build configs.
Rather than renaming the configs we can just duplicate the existing ones
with the new names using symlinks, and use the new names exclusively
internally. ["make showconfigs" also only shows the new names to keep the
list short] The result is that backward compatibility is kept fully but any
new builds or development can be done using the newer names, i.e. both
"make config T=x86_64-native-linuxapp-gcc" and "T=x86_64-native-linux-gcc"
work.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
This patch fixes the missed digest and aad data physical
addresses filling to crypto operations in fips_validation
sample application.
Fixes: 41d561cbdd24 ("examples/fips_validation: add power on self test")
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
This patch fixes the incorrect session private mempool passing
to cryptodev.
Fixes: 41d561cbdd24 ("examples/fips_validation: add power on self test")
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds a sample power on self-test to fips_validate
sample application.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch uses the two session mempool approach to all cryptodev
sample applications. One mempool is for session header objects, and
the other is for session private data.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch changes the cryptodev queue pair configure structure
to enable two mempool passed into cryptodev PMD simutaneously.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Fixing a bug raised in coverity using uninitialized value.
Coverity issue: 325881
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Fixed compilation issue with variable which may
be used uninitialized.
Fixes: 527cbf3d5ee3 ("examples/fips_validation: support TDES parsing")
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
The example was not added to the Makefile and there are some
compilation errors:
examples/fips_validation/main.c: In function ‘prepare_aead_op’:
error: control reaches end of non-void function
examples/fips_validation/main.c: In function ‘prepare_auth_op’:
error: control reaches end of non-void function
Fixes: 3d0fad56b74a ("examples/fips_validation: add crypto FIPS application")
Fixes: f64adb6714e0 ("examples/fips_validation: support HMAC parsing")
Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Tested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Added enablement for CCM parser, to allow the
application to parser the ccm request files and to validate all
test types supported.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Added enablement for CMAC parser, to allow the
application to parser the cmac request files and to validate all
test types supported.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Added enablement for GCM parser, to allow the
application to parser the GCM request file and to validate all
tests supported.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Added enablement for TDES parser, to allow the
application to parser the TDES request files and to validate all
test types supported.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Added enablement for HMAC parser, to allow the
application to parser the hmac request files and to validate all
tests supported
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Added enablement for AES-CBC parser, to allow the
application to parser the aes request file and to validate all
test types supported.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
Added FIPS application into the examples to allow
users to use a simple sample app to validate
their systems and be able to get FIPS certification.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>