examples/fips_validation: support CMAC parsing
Added enablement for CMAC parser, to allow the application to parser the cmac request files and to validate all test types supported. Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com> Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
This commit is contained in:
parent
4aaad2995e
commit
ac026f4668
|
@ -42,6 +42,7 @@ Limitations
|
|||
* Supported test vectors
|
||||
* AES-CBC (128,192,256) - GFSbox, KeySbox, MCT, MMT
|
||||
* AES-GCM (128,192,256) - EncryptExtIV, Decrypt
|
||||
* AES-CMAC (128) - Generate, Verify
|
||||
* HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
|
||||
* TDES-CBC (1 Key, 2 Keys, 3 Keys) - MMT, Monte, Permop, Subkey, Varkey,
|
||||
VarText
|
||||
|
|
|
@ -10,6 +10,7 @@ SRCS-y += fips_validation_aes.c
|
|||
SRCS-y += fips_validation_hmac.c
|
||||
SRCS-y += fips_validation_tdes.c
|
||||
SRCS-y += fips_validation_gcm.c
|
||||
SRCS-y += fips_validation_cmac.c
|
||||
SRCS-y += main.c
|
||||
|
||||
# Build using pkg-config variables if possible
|
||||
|
|
|
@ -116,6 +116,11 @@ fips_test_parse_header(void)
|
|||
ret = parse_test_gcm_init();
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
} else if (strstr(info.vec[i], "CMAC")) {
|
||||
info.algo = FIPS_TEST_ALGO_AES_CMAC;
|
||||
ret = parse_test_cmac_init();
|
||||
if (ret < 0)
|
||||
return 0;
|
||||
} else if (strstr(info.vec[i], "HMAC")) {
|
||||
info.algo = FIPS_TEST_ALGO_HMAC;
|
||||
ret = parse_test_hmac_init();
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
enum fips_test_algorithms {
|
||||
FIPS_TEST_ALGO_AES = 0,
|
||||
FIPS_TEST_ALGO_AES_GCM,
|
||||
FIPS_TEST_ALGO_AES_CMAC,
|
||||
FIPS_TEST_ALGO_HMAC,
|
||||
FIPS_TEST_ALGO_TDES,
|
||||
FIPS_TEST_ALGO_MAX
|
||||
|
@ -174,6 +175,9 @@ parse_test_hmac_init(void);
|
|||
int
|
||||
parse_test_gcm_init(void);
|
||||
|
||||
int
|
||||
parse_test_cmac_init(void);
|
||||
|
||||
int
|
||||
parser_read_uint8_hex(uint8_t *value, const char *p);
|
||||
|
||||
|
|
116
examples/fips_validation/fips_validation_cmac.c
Normal file
116
examples/fips_validation/fips_validation_cmac.c
Normal file
|
@ -0,0 +1,116 @@
|
|||
/* SPDX-License-Identifier: BSD-3-Clause
|
||||
* Copyright(c) 2018 Intel Corporation
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <stdio.h>
|
||||
#include <rte_string_fns.h>
|
||||
|
||||
#include <rte_cryptodev.h>
|
||||
|
||||
#include "fips_validation.h"
|
||||
|
||||
#define NEW_LINE_STR "#"
|
||||
#define OP_STR "CMAC"
|
||||
|
||||
#define ALGO_STR "Alg = "
|
||||
#define MODE_STR "Mode = "
|
||||
|
||||
#define COUNT_STR "Count = "
|
||||
#define KLEN_STR "Klen = "
|
||||
#define PTLEN_STR "Mlen = "
|
||||
#define TAGLEN_STR "Tlen = "
|
||||
#define KEY_STR "Key = "
|
||||
#define PT_STR "Msg = "
|
||||
#define TAG_STR "Mac = "
|
||||
|
||||
#define GEN_STR "Generate"
|
||||
#define VERIF_STR "Verify"
|
||||
|
||||
#define POS_NEG_STR "Result = "
|
||||
#define PASS_STR "P"
|
||||
#define FAIL_STR "F"
|
||||
|
||||
struct hash_algo_conversion {
|
||||
const char *str;
|
||||
enum fips_test_algorithms algo;
|
||||
} cmac_algo[] = {
|
||||
{"AES", FIPS_TEST_ALGO_AES_CMAC},
|
||||
};
|
||||
|
||||
static int
|
||||
parse_test_cmac_writeback(struct fips_val *val)
|
||||
{
|
||||
if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
|
||||
struct fips_val tmp_val = {val->val + vec.pt.len,
|
||||
vec.cipher_auth.digest.len};
|
||||
|
||||
fprintf(info.fp_wr, "%s", TAG_STR);
|
||||
parse_write_hex_str(&tmp_val);
|
||||
} else {
|
||||
fprintf(info.fp_wr, "%s", POS_NEG_STR);
|
||||
|
||||
if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS)
|
||||
fprintf(info.fp_wr, "%s\n", PASS_STR);
|
||||
else if (vec.status == RTE_CRYPTO_OP_STATUS_AUTH_FAILED)
|
||||
fprintf(info.fp_wr, "%s\n", FAIL_STR);
|
||||
else
|
||||
fprintf(info.fp_wr, "Error\n");
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct fips_test_callback cmac_tests_vectors[] = {
|
||||
{KLEN_STR, parser_read_uint32_val, &vec.cipher_auth.key},
|
||||
{PTLEN_STR, parser_read_uint32_val, &vec.pt},
|
||||
{TAGLEN_STR, parser_read_uint32_val, &vec.cipher_auth.digest},
|
||||
{KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
|
||||
{PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
|
||||
{TAG_STR, parse_uint8_known_len_hex_str,
|
||||
&vec.cipher_auth.digest},
|
||||
{NULL, NULL, NULL} /**< end pointer */
|
||||
};
|
||||
|
||||
int
|
||||
parse_test_cmac_init(void)
|
||||
{
|
||||
char *tmp;
|
||||
uint32_t i, j;
|
||||
|
||||
for (i = 0; i < info.nb_vec_lines; i++) {
|
||||
char *line = info.vec[i];
|
||||
|
||||
tmp = strstr(line, ALGO_STR);
|
||||
if (!tmp)
|
||||
continue;
|
||||
|
||||
for (j = 0; j < RTE_DIM(cmac_algo); j++) {
|
||||
if (!strstr(line, cmac_algo[j].str))
|
||||
continue;
|
||||
|
||||
info.algo = cmac_algo[j].algo;
|
||||
break;
|
||||
}
|
||||
|
||||
if (j == RTE_DIM(cmac_algo))
|
||||
return -EINVAL;
|
||||
|
||||
tmp = strstr(line, MODE_STR);
|
||||
if (!tmp)
|
||||
return -1;
|
||||
|
||||
if (strstr(tmp, GEN_STR))
|
||||
info.op = FIPS_TEST_ENC_AUTH_GEN;
|
||||
else if (strstr(tmp, VERIF_STR))
|
||||
info.op = FIPS_TEST_DEC_AUTH_VERIF;
|
||||
else
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
info.parse_writeback = parse_test_cmac_writeback;
|
||||
info.callbacks = cmac_tests_vectors;
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -688,6 +688,44 @@ prepare_gcm_xform(struct rte_crypto_sym_xform *xform)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
prepare_cmac_xform(struct rte_crypto_sym_xform *xform)
|
||||
{
|
||||
const struct rte_cryptodev_symmetric_capability *cap;
|
||||
struct rte_cryptodev_sym_capability_idx cap_idx;
|
||||
struct rte_crypto_auth_xform *auth_xform = &xform->auth;
|
||||
|
||||
xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
|
||||
|
||||
auth_xform->algo = RTE_CRYPTO_AUTH_AES_CMAC;
|
||||
auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
|
||||
RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY;
|
||||
auth_xform->digest_length = vec.cipher_auth.digest.len;
|
||||
auth_xform->key.data = vec.cipher_auth.key.val;
|
||||
auth_xform->key.length = vec.cipher_auth.key.len;
|
||||
|
||||
cap_idx.algo.auth = auth_xform->algo;
|
||||
cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
|
||||
|
||||
cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
|
||||
if (!cap) {
|
||||
RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
|
||||
env.dev_id);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (rte_cryptodev_sym_capability_check_auth(cap,
|
||||
auth_xform->key.length,
|
||||
auth_xform->digest_length, 0) != 0) {
|
||||
RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
|
||||
info.device_name, auth_xform->key.length,
|
||||
auth_xform->digest_length);
|
||||
return -EPERM;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
get_writeback_data(struct fips_val *val)
|
||||
{
|
||||
|
@ -1048,6 +1086,11 @@ init_test_ops(void)
|
|||
test_ops.prepare_xform = prepare_gcm_xform;
|
||||
test_ops.test = fips_generic_test;
|
||||
break;
|
||||
case FIPS_TEST_ALGO_AES_CMAC:
|
||||
test_ops.prepare_op = prepare_auth_op;
|
||||
test_ops.prepare_xform = prepare_cmac_xform;
|
||||
test_ops.test = fips_generic_test;
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
|
|
|
@ -14,5 +14,6 @@ sources = files(
|
|||
'fips_validation_hmac.c',
|
||||
'fips_validation_tdes.c',
|
||||
'fips_validation_gcm.c',
|
||||
'fips_validation_cmac.c',
|
||||
'main.c'
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue