Added function to parse algorithm for AES_CBC test. Signed-off-by: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com> -- v6: * fixed local variable initialization in fips_mct_aes_test. --- examples/fips_validation/fips_validation.c | 8 +- examples/fips_validation/fips_validation.h | 4 + .../fips_validation/fips_validation_aes.c | 223 ++++++++++++++++++ examples/fips_validation/main.c | 76 ++++-- 4 files changed, 284 insertions(+), 27 deletions(-)
diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c index ab4c0d0eca..8cec172a5f 100644 --- a/examples/fips_validation/fips_validation.c +++ b/examples/fips_validation/fips_validation.c @@ -120,7 +120,7 @@ fips_test_parse_header(void) for (i = 0; i < info.nb_vec_lines; i++) { if (!algo_parsed) { - if (strstr(info.vec[i], "AESVS")) { + if (strstr(info.vec[i], "AES")) { algo_parsed = 1; info.algo = FIPS_TEST_ALGO_AES; ret = parse_test_aes_init(); @@ -458,10 +458,12 @@ fips_test_parse_one_json_vector_set(void) /* Vector sets contain the algorithm type, and nothing else we need. */ if (strstr(algo_str, "AES-GCM")) info.algo = FIPS_TEST_ALGO_AES_GCM; - if (strstr(algo_str, "HMAC")) + else if (strstr(algo_str, "HMAC")) info.algo = FIPS_TEST_ALGO_HMAC; - if (strstr(algo_str, "CMAC")) + else if (strstr(algo_str, "CMAC")) info.algo = FIPS_TEST_ALGO_AES_CMAC; + else if (strstr(algo_str, "AES-CBC")) + info.algo = FIPS_TEST_ALGO_AES; else return -EINVAL; diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index 88cbb0303e..6385ec4d8d 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -103,6 +103,7 @@ enum fips_aesavs_test_types { AESAVS_TYPE_VARTXT, AESAVS_TYPE_MMT, AESAVS_TYPE_MCT, + AESAVS_TYPE_AFT, }; enum fips_tdes_test_types { @@ -262,6 +263,9 @@ parse_test_hmac_json_algorithm(void); int parse_test_cmac_json_init(void); + +int +parse_test_aes_json_init(void); #endif /* RTE_HAS_JANSSON */ int diff --git a/examples/fips_validation/fips_validation_aes.c b/examples/fips_validation/fips_validation_aes.c index b3c5e31f32..8db6f4fa31 100644 --- a/examples/fips_validation/fips_validation_aes.c +++ b/examples/fips_validation/fips_validation_aes.c @@ -7,6 +7,7 @@ #include <stdio.h> #include <rte_cryptodev.h> +#include <rte_malloc.h> #include "fips_validation.h" @@ -25,6 +26,19 @@ #define OP_ENC_STR "ENCRYPT" #define OP_DEC_STR "DECRYPT" +#define ALGO_JSON_STR "algorithm" +#define TESTTYPE_JSON_STR "testType" +#define DIR_JSON_STR "direction" +#define KEYLEN_JSON_STR "keyLen" + +#define KEY_JSON_STR "key" +#define IV_JSON_STR "iv" +#define PT_JSON_STR "pt" +#define CT_JSON_STR "ct" + +#define OP_ENC_JSON_STR "encrypt" +#define OP_DEC_JSON_STR "decrypt" + struct { uint32_t type; const char *desc; @@ -37,6 +51,7 @@ struct { {TDES_VARIABLE_TEXT, "KAT"}, {AESAVS_TYPE_MMT, "MMT"}, {AESAVS_TYPE_MCT, "MCT"}, + {AESAVS_TYPE_AFT, "AFT"}, }; struct aes_test_algo { @@ -92,6 +107,214 @@ struct fips_test_callback aes_writeback_callbacks[] = { {NULL, NULL, NULL} /**< end pointer */ }; +#ifdef RTE_HAS_JANSSON +struct fips_test_callback aes_dec_json_vectors[] = { + {KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key}, + {IV_JSON_STR, parse_uint8_hex_str, &vec.iv}, + {CT_JSON_STR, parse_uint8_hex_str, &vec.ct}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +struct fips_test_callback aes_interim_json_vectors[] = { + {KEYLEN_JSON_STR, parser_read_uint32_bit_val, &vec.cipher_auth.key}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +struct fips_test_callback aes_enc_json_vectors[] = { + {KEY_JSON_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key}, + {IV_JSON_STR, parse_uint8_hex_str, &vec.iv}, + {PT_JSON_STR, parse_uint8_hex_str, &vec.pt}, + {NULL, NULL, NULL} /**< end pointer */ +}; + +static int +parse_test_aes_json_writeback(struct fips_val *val) +{ + struct fips_val tmp_val; + json_t *tcId; + + tcId = json_object_get(json_info.json_test_case, "tcId"); + + json_info.json_write_case = json_object(); + json_object_set(json_info.json_write_case, "tcId", tcId); + + if (info.op == FIPS_TEST_ENC_AUTH_GEN) { + json_t *ct; + + tmp_val.val = val->val; + tmp_val.len = vec.pt.len; + + writeback_hex_str("", info.one_line_text, &tmp_val); + ct = json_string(info.one_line_text); + json_object_set_new(json_info.json_write_case, CT_JSON_STR, ct); + + tmp_val.val = val->val + vec.pt.len; + tmp_val.len = val->len - vec.pt.len; + + writeback_hex_str("", info.one_line_text, &tmp_val); + } else { + if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) { + tmp_val.val = val->val; + tmp_val.len = vec.ct.len; + + writeback_hex_str("", info.one_line_text, &tmp_val); + json_object_set_new(json_info.json_write_case, PT_JSON_STR, + json_string(info.one_line_text)); + } else { + json_object_set_new(json_info.json_write_case, "testPassed", json_false()); + } + } + + return 0; +} + +static int +parse_test_aes_mct_json_writeback(struct fips_val *val) +{ + json_t *tcId, *resArr, *res, *ct, *pt, *key, *iv; + struct fips_val tmp_val; + + tcId = json_object_get(json_info.json_test_case, "tcId"); + if (json_info.json_write_case) { + json_t *wcId; + + wcId = json_object_get(json_info.json_write_case, "tcId"); + if (!json_equal(tcId, wcId)) { + json_info.json_write_case = json_object(); + json_object_set(json_info.json_write_case, "tcId", tcId); + json_object_set(json_info.json_write_case, "resultsArray", json_array()); + } + } else { + json_info.json_write_case = json_object(); + json_object_set(json_info.json_write_case, "tcId", tcId); + json_object_set(json_info.json_write_case, "resultsArray", json_array()); + } + + resArr = json_object_get(json_info.json_write_case, "resultsArray"); + if (!json_is_array(resArr)) + return -EINVAL; + + res = json_object(); + if (info .op == FIPS_TEST_ENC_AUTH_GEN) { + writeback_hex_str("", info.one_line_text, &vec.cipher_auth.key); + key = json_string(info.one_line_text); + json_object_set_new(res, KEY_JSON_STR, key); + + writeback_hex_str("", info.one_line_text, &val[2]); + iv = json_string(info.one_line_text); + json_object_set_new(res, IV_JSON_STR, iv); + + writeback_hex_str("", info.one_line_text, &val[1]); + pt = json_string(info.one_line_text); + json_object_set_new(res, PT_JSON_STR, pt); + + tmp_val.val = val->val; + tmp_val.len = vec.pt.len; + + writeback_hex_str("", info.one_line_text, &tmp_val); + ct = json_string(info.one_line_text); + json_object_set_new(res, CT_JSON_STR, ct); + + tmp_val.val = val->val + vec.pt.len; + tmp_val.len = val->len - vec.pt.len; + + writeback_hex_str("", info.one_line_text, &tmp_val); + } else { + if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) { + writeback_hex_str("", info.one_line_text, &vec.cipher_auth.key); + key = json_string(info.one_line_text); + json_object_set_new(res, KEY_JSON_STR, key); + + writeback_hex_str("", info.one_line_text, &val[2]); + iv = json_string(info.one_line_text); + json_object_set_new(res, IV_JSON_STR, iv); + + tmp_val.val = val->val; + tmp_val.len = vec.ct.len; + + writeback_hex_str("", info.one_line_text, &tmp_val); + pt = json_string(info.one_line_text); + json_object_set_new(res, PT_JSON_STR, pt); + + writeback_hex_str("", info.one_line_text, &val[1]); + ct = json_string(info.one_line_text); + json_object_set_new(res, CT_JSON_STR, ct); + } else { + json_object_set_new(json_info.json_write_case, "testPassed", json_false()); + } + } + + json_array_append_new(resArr, res); + return 0; +} + +int +parse_test_aes_json_init(void) +{ + json_t *type_obj = json_object_get(json_info.json_test_group, TESTTYPE_JSON_STR); + json_t *algo_obj = json_object_get(json_info.json_vector_set, ALGO_JSON_STR); + const char *type_str = json_string_value(type_obj); + const char *algo_str = json_string_value(algo_obj); + uint32_t i; + + if (json_info.json_test_group) { + json_t *direction_obj; + const char *direction_str; + + direction_obj = json_object_get(json_info.json_test_group, DIR_JSON_STR); + direction_str = json_string_value(direction_obj); + + if (strcmp(direction_str, OP_ENC_JSON_STR) == 0) { + info.op = FIPS_TEST_ENC_AUTH_GEN; + info.callbacks = aes_enc_json_vectors; + + } else if (strcmp(direction_str, OP_DEC_JSON_STR) == 0) { + info.op = FIPS_TEST_DEC_AUTH_VERIF; + info.callbacks = aes_dec_json_vectors; + } else { + return -EINVAL; + } + info.interim_callbacks = aes_interim_json_vectors; + } + + for (i = 0; i < RTE_DIM(aes_test_types); i++) + if (strstr(type_str, aes_test_types[i].desc)) { + info.interim_info.aes_data.test_type = + aes_test_types[i].type; + break; + } + + if (i >= RTE_DIM(aes_test_types)) + return -EINVAL; + + switch (info.interim_info.aes_data.test_type) { + case AESAVS_TYPE_MCT: + info.parse_writeback = parse_test_aes_mct_json_writeback; + break; + case AESAVS_TYPE_AFT: + info.parse_writeback = parse_test_aes_json_writeback; + break; + default: + info.parse_writeback = NULL; + } + + if (!info.parse_writeback) + return -EINVAL; + + for (i = 0; i < RTE_DIM(algo_con); i++) + if (strstr(algo_str, algo_con[i].name)) { + info.interim_info.aes_data.cipher_algo = + (uint32_t)algo_con[i].algo; + break; + } + + if (i >= RTE_DIM(algo_con)) + return -EINVAL; + + return 0; +} +#endif /* RTE_HAS_JANSSON */ + static int parse_test_aes_writeback(struct fips_val *val) { diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index 1645fa99e5..332a4110e3 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -1556,7 +1556,7 @@ fips_mct_aes_test(void) #define AES_BLOCK_SIZE 16 #define AES_EXTERN_ITER 100 #define AES_INTERN_ITER 1000 - struct fips_val val = {NULL, 0}, val_key; + struct fips_val val[3] = {{NULL, 0},}, val_key, pt, ct, iv; uint8_t prev_out[AES_BLOCK_SIZE] = {0}; uint8_t prev_in[AES_BLOCK_SIZE] = {0}; uint32_t i, j, k; @@ -1565,11 +1565,16 @@ fips_mct_aes_test(void) if (info.interim_info.aes_data.cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB) return fips_mct_aes_ecb_test(); + memset(&pt, 0, sizeof(struct fips_val)); + memset(&ct, 0, sizeof(struct fips_val)); + memset(&iv, 0, sizeof(struct fips_val)); for (i = 0; i < AES_EXTERN_ITER; i++) { - if (i != 0) - update_info_vec(i); + if (info.file_type != FIPS_TYPE_JSON) { + if (i != 0) + update_info_vec(i); - fips_test_write_one_case(); + fips_test_write_one_case(); + } for (j = 0; j < AES_INTERN_ITER; j++) { ret = fips_run_test(); @@ -1585,7 +1590,7 @@ fips_mct_aes_test(void) return ret; } - ret = get_writeback_data(&val); + ret = get_writeback_data(&val[0]); if (ret < 0) return ret; @@ -1593,24 +1598,39 @@ fips_mct_aes_test(void) memcpy(prev_in, vec.ct.val, AES_BLOCK_SIZE); if (j == 0) { - memcpy(prev_out, val.val, AES_BLOCK_SIZE); + memcpy(prev_out, val[0].val, AES_BLOCK_SIZE); + pt.len = vec.pt.len; + pt.val = calloc(1, pt.len); + memcpy(pt.val, vec.pt.val, pt.len); + + ct.len = vec.ct.len; + ct.val = calloc(1, ct.len); + memcpy(ct.val, vec.ct.val, ct.len); + + iv.len = vec.iv.len; + iv.val = calloc(1, iv.len); + memcpy(iv.val, vec.iv.val, iv.len); if (info.op == FIPS_TEST_ENC_AUTH_GEN) { - memcpy(vec.pt.val, vec.iv.val, - AES_BLOCK_SIZE); - memcpy(vec.iv.val, val.val, - AES_BLOCK_SIZE); + memcpy(vec.pt.val, vec.iv.val, AES_BLOCK_SIZE); + memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE); + val[1].val = pt.val; + val[1].len = pt.len; + val[2].val = iv.val; + val[2].len = iv.len; } else { - memcpy(vec.ct.val, vec.iv.val, - AES_BLOCK_SIZE); - memcpy(vec.iv.val, prev_in, - AES_BLOCK_SIZE); + memcpy(vec.ct.val, vec.iv.val, AES_BLOCK_SIZE); + memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE); + val[1].val = ct.val; + val[1].len = ct.len; + val[2].val = iv.val; + val[2].len = iv.len; } continue; } if (info.op == FIPS_TEST_ENC_AUTH_GEN) { - memcpy(vec.iv.val, val.val, AES_BLOCK_SIZE); + memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE); memcpy(vec.pt.val, prev_out, AES_BLOCK_SIZE); } else { memcpy(vec.iv.val, prev_in, AES_BLOCK_SIZE); @@ -1620,33 +1640,38 @@ fips_mct_aes_test(void) if (j == AES_INTERN_ITER - 1) continue; - memcpy(prev_out, val.val, AES_BLOCK_SIZE); + memcpy(prev_out, val[0].val, AES_BLOCK_SIZE); } - info.parse_writeback(&val); - fprintf(info.fp_wr, "\n"); + info.parse_writeback(val); + if (info.file_type != FIPS_TYPE_JSON) + fprintf(info.fp_wr, "\n"); - if (i == AES_EXTERN_ITER - 1) + if (i == AES_EXTERN_ITER - 1) { + free(pt.val); + free(ct.val); + free(iv.val); continue; + } /** update key */ memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key)); for (k = 0; k < vec.cipher_auth.key.len; k++) { switch (vec.cipher_auth.key.len) { case 16: - val_key.val[k] ^= val.val[k]; + val_key.val[k] ^= val[0].val[k]; break; case 24: if (k < 8) val_key.val[k] ^= prev_out[k + 8]; else - val_key.val[k] ^= val.val[k - 8]; + val_key.val[k] ^= val[0].val[k - 8]; break; case 32: if (k < 16) val_key.val[k] ^= prev_out[k]; else - val_key.val[k] ^= val.val[k - 16]; + val_key.val[k] ^= val[0].val[k - 16]; break; default: return -1; @@ -1654,10 +1679,10 @@ fips_mct_aes_test(void) } if (info.op == FIPS_TEST_DEC_AUTH_VERIF) - memcpy(vec.iv.val, val.val, AES_BLOCK_SIZE); + memcpy(vec.iv.val, val[0].val, AES_BLOCK_SIZE); } - free(val.val); + free(val[0].val); return 0; } @@ -1963,6 +1988,9 @@ fips_test_one_test_group(void) case FIPS_TEST_ALGO_AES_CMAC: ret = parse_test_cmac_json_init(); break; + case FIPS_TEST_ALGO_AES: + ret = parse_test_aes_json_init(); + break; default: return -EINVAL; } -- 2.25.1