For KASUMI F9 algorithm, COUNT, FRESH and DIRECTION input values need to be contiguous with the message, as described in the KASUMI and QAT PMD documentation.
Before, the COUNT and FRESH values were set as part of the AAD (now IV), but always set before the beginning of the message. Since now the IV is set after the crypto operation, it is not possible to have these values in the expected location. Therefore, as these are required to be contiguous, cryptodev API will expect these them to be passed as a single buffer, already constructed, so authentication IV parameters not needed anymore. Fixes: 681f540da52b ("cryptodev: do not use AAD in wireless algorithms") Signed-off-by: Pablo de Lara <pablo.de.lara.gua...@intel.com> --- doc/guides/cryptodevs/kasumi.rst | 19 ++- doc/guides/cryptodevs/qat.rst | 18 +++ drivers/crypto/kasumi/rte_kasumi_pmd.c | 27 +--- drivers/crypto/kasumi/rte_kasumi_pmd_ops.c | 6 +- drivers/crypto/kasumi/rte_kasumi_pmd_private.h | 1 - drivers/crypto/qat/qat_crypto.c | 13 +- drivers/crypto/qat/qat_crypto_capabilities.h | 6 +- lib/librte_cryptodev/rte_crypto_sym.h | 16 +- test/test/test_cryptodev.c | 173 +++++++++++++-------- .../test/test_cryptodev_kasumi_hash_test_vectors.h | 102 +++--------- test/test/test_cryptodev_kasumi_test_vectors.h | 72 +++++---- 11 files changed, 226 insertions(+), 227 deletions(-) diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst index bff9321..273ed18 100644 --- a/doc/guides/cryptodevs/kasumi.rst +++ b/doc/guides/cryptodevs/kasumi.rst @@ -51,7 +51,7 @@ Limitations ----------- * Chained mbufs are not supported. -* KASUMI(F9) supported only if hash offset field is byte-aligned. +* KASUMI(F9) supported only if hash offset and length field is byte-aligned. * In-place bit-level operations for KASUMI(F8) are not supported (if length and/or offset of data to be ciphered is not byte-aligned). @@ -108,3 +108,20 @@ Example: .. code-block:: console ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_kasumi,socket_id=1,max_nb_sessions=128" + +Extra notes on KASUMI F9 +------------------------ + +When using KASUMI F9 authentication algorithm, the input buffer must be +constructed according to the 3GPP KASUMI specifications (section 4.4, page 13): +`<http://cryptome.org/3gpp/35201-900.pdf>`_. +Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) +concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by +between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits. +Note that the actual message can be any length, specified in bits. + +Once this buffer is passed this way, when creating the crypto operation, +length of data to authenticate (op.sym.auth.data.length) must be the length +of all the items described above, including the padding at the end. +Also, offset of data to authenticate (op.sym.auth.data.offset) +must be such that points at the start of the COUNT bytes. diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index b2d05e5..21c7f5d 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -366,3 +366,21 @@ Another way to bind the VFs to the DPDK UIO driver is by using the cd to the top-level DPDK directory ./usertools/dpdk-devbind.py -b igb_uio 0000:03:01.1 + + +Extra notes on KASUMI F9 +------------------------ + +When using KASUMI F9 authentication algorithm, the input buffer must be +constructed according to the 3GPP KASUMI specifications (section 4.4, page 13): +`<http://cryptome.org/3gpp/35201-900.pdf>`_. +Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) +concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by +between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits. +Note that the actual message can be any length, specified in bits. + +Once this buffer is passed this way, when creating the crypto operation, +length of data to authenticate (op.sym.auth.data.length) must be the length +of all the items described above, including the padding at the end. +Also, offset of data to authenticate (op.sym.auth.data.offset) +must be such that points at the start of the COUNT bytes. diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c index cff40fb..0e12913 100644 --- a/drivers/crypto/kasumi/rte_kasumi_pmd.c +++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c @@ -142,12 +142,6 @@ kasumi_set_session_parameters(struct kasumi_session *sess, sess->auth_op = auth_xform->auth.op; - sess->auth_iv_offset = auth_xform->auth.iv.offset; - if (auth_xform->auth.iv.length != KASUMI_IV_LENGTH) { - KASUMI_LOG_ERR("Wrong IV length"); - return -EINVAL; - } - /* Initialize key */ sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data, &sess->pKeySched_hash); @@ -274,12 +268,8 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, unsigned i; uint8_t processed_ops = 0; uint8_t *src, *dst; - uint8_t *iv_ptr; uint32_t length_in_bits; uint32_t num_bytes; - uint32_t shift_bits; - uint64_t iv; - uint8_t direction; for (i = 0; i < num_ops; i++) { /* Data must be byte aligned */ @@ -293,21 +283,15 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) + (ops[i]->sym->auth.data.offset >> 3); - iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *, - session->auth_iv_offset); - iv = *((uint64_t *)(iv_ptr)); /* Direction from next bit after end of message */ - num_bytes = (length_in_bits >> 3) + 1; - shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN; - direction = (src[num_bytes - 1] >> shift_bits) & 0x01; + num_bytes = length_in_bits >> 3; if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src, KASUMI_DIGEST_LENGTH); + sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src, + num_bytes, dst); - sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash, - iv, src, - length_in_bits, dst, direction); /* Verify digest. */ if (memcmp(dst, ops[i]->sym->auth.digest.data, KASUMI_DIGEST_LENGTH) != 0) @@ -319,9 +303,8 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, } else { dst = ops[i]->sym->auth.digest.data; - sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash, - iv, src, - length_in_bits, dst, direction); + sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src, + num_bytes, dst); } processed_ops++; } diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c index 1d9c0fc..569a8de 100644 --- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c +++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c @@ -56,11 +56,7 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = { .max = 4, .increment = 0 }, - .iv_size = { - .min = 8, - .max = 8, - .increment = 0 - }, + .iv_size = { 0 }, .aad_size = { 0 } }, } }, } diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h index 9315a79..0ce2a2e 100644 --- a/drivers/crypto/kasumi/rte_kasumi_pmd_private.h +++ b/drivers/crypto/kasumi/rte_kasumi_pmd_private.h @@ -96,7 +96,6 @@ struct kasumi_session { enum kasumi_operation op; enum rte_crypto_auth_operation auth_op; uint16_t cipher_iv_offset; - uint16_t auth_iv_offset; } __rte_cache_aligned; diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c index 7e04f21..a5e16f4 100644 --- a/drivers/crypto/qat/qat_crypto.c +++ b/drivers/crypto/qat/qat_crypto.c @@ -1195,18 +1195,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg, auth_ofs = op->sym->auth.data.offset >> 3; auth_len = op->sym->auth.data.length >> 3; - if (ctx->qat_hash_alg == - ICP_QAT_HW_AUTH_ALGO_KASUMI_F9) { - if (do_cipher) { - auth_len = auth_len + auth_ofs + 1 - - ICP_QAT_HW_KASUMI_BLK_SZ; - auth_ofs = ICP_QAT_HW_KASUMI_BLK_SZ; - } else { - auth_len = auth_len + auth_ofs + 1; - auth_ofs = 0; - } - } else - auth_param->u1.aad_adr = + auth_param->u1.aad_adr = rte_crypto_op_ctophys_offset(op, ctx->auth_iv.offset); diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h index fee8ee1..7f9135d 100644 --- a/drivers/crypto/qat/qat_crypto_capabilities.h +++ b/drivers/crypto/qat/qat_crypto_capabilities.h @@ -429,11 +429,7 @@ .max = 4, \ .increment = 0 \ }, \ - .iv_size = { \ - .min = 8, \ - .max = 8, \ - .increment = 0 \ - }, \ + .iv_size = { 0 }, \ .aad_size = { 0 } \ }, } \ }, } \ diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index f1b2f38..d4b403b 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -343,9 +343,8 @@ struct rte_crypto_auth_xform { uint16_t length; /**< Length of valid IV data. * - * - For KASUMI in F9 mode, SNOW3G in UIA2 mode, for - * ZUC in EIA3 mode and for AES-GMAC, this is the length - * of the IV. + * - For SNOW3G in UIA2 mode, for ZUC in EIA3 mode and + * for AES-GMAC, this is the length of the IV. * */ } iv; /**< Initialisation vector parameters */ @@ -625,6 +624,11 @@ struct rte_crypto_sym_op { * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9 * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3, * this field should be in bits. + * + * @note + * For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9, + * this offset should be such that + * data to authenticate starts at COUNT. */ uint32_t length; /**< The message length, in bytes, of the source @@ -635,6 +639,12 @@ struct rte_crypto_sym_op { * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9 * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3, * this field should be in bits. + * + * @note + * For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9, + * the length should include the COUNT, + * FRESH, message, direction bit and padding + * (to be multiple of 8 bits). */ } data; /**< Data offsets and length for authentication */ diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index b068609..b57b3de 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -2335,9 +2335,9 @@ create_wireless_algo_cipher_hash_operation(const uint8_t *auth_tag, rte_memcpy(iv_ptr, auth_iv, auth_iv_len); sym_op->cipher.data.length = cipher_len; - sym_op->cipher.data.offset = cipher_offset + auth_offset; + sym_op->cipher.data.offset = cipher_offset; sym_op->auth.data.length = auth_len; - sym_op->auth.data.offset = auth_offset + cipher_offset; + sym_op->auth.data.offset = auth_offset; return 0; } @@ -2391,10 +2391,10 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len, rte_memcpy(iv_ptr, auth_iv, auth_iv_len); sym_op->cipher.data.length = cipher_len; - sym_op->cipher.data.offset = auth_offset + cipher_offset; + sym_op->cipher.data.offset = cipher_offset; sym_op->auth.data.length = auth_len; - sym_op->auth.data.offset = auth_offset + cipher_offset; + sym_op->auth.data.offset = auth_offset; return 0; } @@ -2533,7 +2533,7 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata) /* Create KASUMI session */ retval = create_wireless_algo_hash_session(ts_params->valid_devs[0], tdata->key.data, tdata->key.len, - tdata->auth_iv.len, tdata->digest.len, + 0, tdata->digest.len, RTE_CRYPTO_AUTH_OP_GENERATE, RTE_CRYPTO_AUTH_KASUMI_F9); if (retval < 0) @@ -2555,9 +2555,9 @@ test_kasumi_authentication(const struct kasumi_hash_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_hash_operation(NULL, tdata->digest.len, - tdata->auth_iv.data, tdata->auth_iv.len, + NULL, 0, plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE, - tdata->validAuthLenInBits.len, + tdata->plaintext.len, 0); if (retval < 0) return retval; @@ -2593,7 +2593,7 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata) /* Create KASUMI session */ retval = create_wireless_algo_hash_session(ts_params->valid_devs[0], tdata->key.data, tdata->key.len, - tdata->auth_iv.len, tdata->digest.len, + 0, tdata->digest.len, RTE_CRYPTO_AUTH_OP_VERIFY, RTE_CRYPTO_AUTH_KASUMI_F9); if (retval < 0) @@ -2615,10 +2615,10 @@ test_kasumi_authentication_verify(const struct kasumi_hash_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_hash_operation(tdata->digest.data, tdata->digest.len, - tdata->auth_iv.data, tdata->auth_iv.len, + NULL, 0, plaintext_pad_len, RTE_CRYPTO_AUTH_OP_VERIFY, - tdata->validAuthLenInBits.len, + tdata->plaintext.len, 0); if (retval < 0) return retval; @@ -2816,9 +2816,9 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->plaintext.len, - 0); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -2830,14 +2830,16 @@ test_kasumi_encryption(const struct kasumi_test_data *tdata) if (ut_params->obuf) ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); else - ciphertext = plaintext; + ciphertext = plaintext + (tdata->validCipherOffsetInBits.len >> 3); TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len); + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - tdata->ciphertext.data, + reference_ciphertext, tdata->validCipherLenInBits.len, "KASUMI Ciphertext data not as expected"); return 0; @@ -2889,9 +2891,9 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->plaintext.len, - 0); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -2905,19 +2907,22 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata) ciphertext = rte_pktmbuf_read(ut_params->obuf, 0, plaintext_len, buffer); else - ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0, + ciphertext = rte_pktmbuf_read(ut_params->ibuf, + tdata->validCipherOffsetInBits.len >> 3, plaintext_len, buffer); /* Validate obuf */ TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len); - /* Validate obuf */ - TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( - ciphertext, - tdata->ciphertext.data, - tdata->validCipherLenInBits.len, - "KASUMI Ciphertext data not as expected"); - return 0; + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); + /* Validate obuf */ + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( + ciphertext, + reference_ciphertext, + tdata->validCipherLenInBits.len, + "KASUMI Ciphertext data not as expected"); + return 0; } static int @@ -2960,9 +2965,9 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->plaintext.len, - 0); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -2974,14 +2979,16 @@ test_kasumi_encryption_oop(const struct kasumi_test_data *tdata) if (ut_params->obuf) ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); else - ciphertext = plaintext; + ciphertext = plaintext + (tdata->validCipherOffsetInBits.len >> 3); TEST_HEXDUMP(stdout, "ciphertext:", ciphertext, plaintext_len); + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - tdata->ciphertext.data, + reference_ciphertext, tdata->validCipherLenInBits.len, "KASUMI Ciphertext data not as expected"); return 0; @@ -3034,9 +3041,9 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->plaintext.len, - 0); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -3049,13 +3056,16 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata) ciphertext = rte_pktmbuf_read(ut_params->obuf, 0, plaintext_pad_len, buffer); else - ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0, + ciphertext = rte_pktmbuf_read(ut_params->ibuf, + tdata->validCipherOffsetInBits.len >> 3, plaintext_pad_len, buffer); + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - tdata->ciphertext.data, + reference_ciphertext, tdata->validCipherLenInBits.len, "KASUMI Ciphertext data not as expected"); return 0; @@ -3102,9 +3112,9 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_operation_oop(tdata->cipher_iv.data, - tdata->cipher_iv.len, - tdata->ciphertext.len, - 0); + tdata->cipher_iv.len, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -3116,14 +3126,16 @@ test_kasumi_decryption_oop(const struct kasumi_test_data *tdata) if (ut_params->obuf) plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); else - plaintext = ciphertext; + plaintext = ciphertext + (tdata->validCipherOffsetInBits.len >> 3); TEST_HEXDUMP(stdout, "plaintext:", plaintext, ciphertext_len); + const uint8_t *reference_plaintext = tdata->plaintext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( plaintext, - tdata->plaintext.data, + reference_plaintext, tdata->validCipherLenInBits.len, "KASUMI Plaintext data not as expected"); return 0; @@ -3169,7 +3181,7 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata) retval = create_wireless_algo_cipher_operation(tdata->cipher_iv.data, tdata->cipher_iv.len, tdata->ciphertext.len, - 0); + tdata->validCipherOffsetInBits.len); if (retval < 0) return retval; @@ -3181,14 +3193,16 @@ test_kasumi_decryption(const struct kasumi_test_data *tdata) if (ut_params->obuf) plaintext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); else - plaintext = ciphertext; + plaintext = ciphertext + (tdata->validCipherOffsetInBits.len >> 3); TEST_HEXDUMP(stdout, "plaintext:", plaintext, ciphertext_len); + const uint8_t *reference_plaintext = tdata->plaintext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( plaintext, - tdata->plaintext.data, + reference_plaintext, tdata->validCipherLenInBits.len, "KASUMI Plaintext data not as expected"); return 0; @@ -3764,7 +3778,7 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata) RTE_CRYPTO_AUTH_SNOW3G_UIA2, RTE_CRYPTO_CIPHER_SNOW3G_UEA2, tdata->key.data, tdata->key.len, - tdata->auth_iv.len, tdata->digest.len, + 0, tdata->digest.len, tdata->cipher_iv.len); if (retval < 0) return retval; @@ -3929,7 +3943,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata) RTE_CRYPTO_AUTH_KASUMI_F9, RTE_CRYPTO_CIPHER_KASUMI_F8, tdata->key.data, tdata->key.len, - tdata->auth_iv.len, tdata->digest.len, + 0, tdata->digest.len, tdata->cipher_iv.len); if (retval < 0) return retval; @@ -3952,10 +3966,10 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_auth_cipher_operation(tdata->digest.len, tdata->cipher_iv.data, tdata->cipher_iv.len, - tdata->auth_iv.data, tdata->auth_iv.len, + NULL, 0, plaintext_pad_len, tdata->validCipherLenInBits.len, - 0, + tdata->validCipherOffsetInBits.len, tdata->validAuthLenInBits.len, 0 ); @@ -3966,19 +3980,23 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata) ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); - ut_params->obuf = ut_params->op->sym->m_src; - if (ut_params->obuf) - ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); + if (ut_params->op->sym->m_dst) + ut_params->obuf = ut_params->op->sym->m_dst; else - ciphertext = plaintext; + ut_params->obuf = ut_params->op->sym->m_src; + ciphertext = rte_pktmbuf_mtod_offset(ut_params->obuf, uint8_t *, + tdata->validCipherOffsetInBits.len >> 3); + + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - tdata->ciphertext.data, + reference_ciphertext, tdata->validCipherLenInBits.len, "KASUMI Ciphertext data not as expected"); - ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *) + ut_params->digest = rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *) + plaintext_pad_len; /* Validate obuf */ @@ -4010,7 +4028,7 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata) RTE_CRYPTO_AUTH_KASUMI_F9, RTE_CRYPTO_CIPHER_KASUMI_F8, tdata->key.data, tdata->key.len, - tdata->auth_iv.len, tdata->digest.len, + 0, tdata->digest.len, tdata->cipher_iv.len); if (retval < 0) return retval; @@ -4033,12 +4051,11 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata) /* Create KASUMI operation */ retval = create_wireless_algo_cipher_hash_operation(tdata->digest.data, - tdata->digest.len, tdata->auth_iv.data, - tdata->auth_iv.len, + tdata->digest.len, NULL, 0, plaintext_pad_len, RTE_CRYPTO_AUTH_OP_GENERATE, tdata->cipher_iv.data, tdata->cipher_iv.len, - tdata->validCipherLenInBits.len, - 0, + RTE_ALIGN_CEIL(tdata->validCipherLenInBits.len, 8), + tdata->validCipherOffsetInBits.len, tdata->validAuthLenInBits.len, 0 ); @@ -4048,19 +4065,24 @@ test_kasumi_cipher_auth(const struct kasumi_test_data *tdata) ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op); TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf"); - ut_params->obuf = ut_params->op->sym->m_src; - if (ut_params->obuf) - ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *); + + if (ut_params->op->sym->m_dst) + ut_params->obuf = ut_params->op->sym->m_dst; else - ciphertext = plaintext; + ut_params->obuf = ut_params->op->sym->m_src; + + ciphertext = rte_pktmbuf_mtod_offset(ut_params->obuf, uint8_t *, + tdata->validCipherOffsetInBits.len >> 3); ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *) + plaintext_pad_len; + const uint8_t *reference_ciphertext = tdata->ciphertext.data + + (tdata->validCipherOffsetInBits.len >> 3); /* Validate obuf */ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT( ciphertext, - tdata->ciphertext.data, + reference_ciphertext, tdata->validCipherLenInBits.len, "KASUMI Ciphertext data not as expected"); @@ -8187,10 +8209,31 @@ static struct unit_test_suite cryptodev_qat_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_null_auth_cipher_operation), + /** KASUMI tests */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_generate_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_generate_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_generate_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_generate_test_case_4), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_generate_test_case_5), TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_hash_generate_test_case_6), - /** KASUMI tests */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_verify_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_verify_test_case_4), + TEST_CASE_ST(ut_setup, ut_teardown, + test_kasumi_hash_verify_test_case_5), + TEST_CASE_ST(ut_setup, ut_teardown, test_kasumi_encryption_test_case_1), TEST_CASE_ST(ut_setup, ut_teardown, diff --git a/test/test/test_cryptodev_kasumi_hash_test_vectors.h b/test/test/test_cryptodev_kasumi_hash_test_vectors.h index 61dbb09..a6dd4f5 100644 --- a/test/test/test_cryptodev_kasumi_hash_test_vectors.h +++ b/test/test/test_cryptodev_kasumi_hash_test_vectors.h @@ -39,24 +39,16 @@ struct kasumi_hash_test_data { unsigned len; } key; - /* Includes: COUNT (4 bytes) and FRESH (4 bytes) */ - struct { - uint8_t data[8]; - unsigned len; - } auth_iv; - - /* Includes message and DIRECTION (1 bit), plus 1 0*, - * with enough 0s, so total length is multiple of 64 bits */ + /* + * Includes COUNT (4 bytes), FRESH (4 bytes), message + * and DIRECTION (1 bit), plus 1 0*, with enough 0s, + * so total length is multiple of 8 or 64 bits + */ struct { uint8_t data[2056]; unsigned len; /* length must be in Bits */ } plaintext; - /* Actual length of data to be hashed */ - struct { - unsigned len; - } validAuthLenInBits; - struct { uint8_t data[64]; unsigned len; @@ -71,22 +63,14 @@ struct kasumi_hash_test_data kasumi_hash_test_case_1 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, - }, - .len = 8 - }, .plaintext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0x6B, 0x22, 0x77, 0x37, 0x29, 0x6F, 0x39, 0x3C, 0x80, 0x79, 0x35, 0x3E, 0xDC, 0x87, 0xE2, 0xE8, 0x05, 0xD2, 0xEC, 0x49, 0xA4, 0xF2, 0xD8, 0xE2 }, - .len = 192 - }, - .validAuthLenInBits = { - .len = 189 + .len = 256 }, .digest = { .data = {0xF6, 0x3B, 0xD7, 0x2C}, @@ -102,23 +86,15 @@ struct kasumi_hash_test_data kasumi_hash_test_case_2 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x3E, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0xD8, 0xE2, - }, - .len = 8 - }, .plaintext = { .data = { + 0x3E, 0xDC, 0x87, 0xE2, 0xA4, 0xF2, 0xD8, 0xE2, 0xB5, 0x92, 0x43, 0x84, 0x32, 0x8A, 0x4A, 0xE0, 0x0B, 0x73, 0x71, 0x09, 0xF8, 0xB6, 0xC8, 0xDD, 0x2B, 0x4D, 0xB6, 0x3D, 0xD5, 0x33, 0x98, 0x1C, 0xEB, 0x19, 0xAA, 0xD5, 0x2A, 0x5B, 0x2B, 0xC3 }, - .len = 256 - }, - .validAuthLenInBits = { - .len = 254 + .len = 320 }, .digest = { .data = {0xA9, 0xDA, 0xF1, 0xFF}, @@ -134,14 +110,9 @@ struct kasumi_hash_test_data kasumi_hash_test_case_3 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x36, 0xAF, 0x61, 0x44, 0x98, 0x38, 0xF0, 0x3A, - }, - .len = 8 - }, .plaintext = { .data = { + 0x36, 0xAF, 0x61, 0x44, 0x98, 0x38, 0xF0, 0x3A, 0x59, 0x32, 0xBC, 0x0A, 0xCE, 0x2B, 0x0A, 0xBA, 0x33, 0xD8, 0xAC, 0x18, 0x8A, 0xC5, 0x4F, 0x34, 0x6F, 0xAD, 0x10, 0xBF, 0x9D, 0xEE, 0x29, 0x20, @@ -149,10 +120,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_3 = { 0xDF, 0x6C, 0xAA, 0x72, 0x05, 0x3A, 0xBF, 0xF3, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - .len = 384 - }, - .validAuthLenInBits = { - .len = 319 + .len = 448 }, .digest = { .data = {0x15, 0x37, 0xD3, 0x16}, @@ -168,14 +136,9 @@ struct kasumi_hash_test_data kasumi_hash_test_case_4 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD - }, - .len = 8 - }, .plaintext = { .data = { + 0x14, 0x79, 0x3E, 0x41, 0x03, 0x97, 0xE8, 0xFD, 0xD0, 0xA7, 0xD4, 0x63, 0xDF, 0x9F, 0xB2, 0xB2, 0x78, 0x83, 0x3F, 0xA0, 0x2E, 0x23, 0x5A, 0xA1, 0x72, 0xBD, 0x97, 0x0C, 0x14, 0x73, 0xE1, 0x29, @@ -184,11 +147,8 @@ struct kasumi_hash_test_data kasumi_hash_test_case_4 = { 0xA4, 0x99, 0x27, 0x6A, 0x50, 0x42, 0x70, 0x09, 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - .len = 448 + .len = 512 }, - .validAuthLenInBits = { - .len = 384 - }, .digest = { .data = {0xDD, 0x7D, 0xFA, 0xDD }, .len = 4 @@ -203,14 +163,9 @@ struct kasumi_hash_test_data kasumi_hash_test_case_5 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37, - }, - .len = 8 - }, .plaintext = { .data = { + 0x29, 0x6F, 0x39, 0x3C, 0x6B, 0x22, 0x77, 0x37, 0x10, 0xBF, 0xFF, 0x83, 0x9E, 0x0C, 0x71, 0x65, 0x8D, 0xBB, 0x2D, 0x17, 0x07, 0xE1, 0x45, 0x72, 0x4F, 0x41, 0xC1, 0x6F, 0x48, 0xBF, 0x40, 0x3C, @@ -228,10 +183,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_5 = { 0x3D, 0x7C, 0xFE, 0xE9, 0x45, 0x85, 0xB5, 0x88, 0x5C, 0xAC, 0x46, 0x06, 0x8B, 0xC0, 0x00, 0x00 }, - .len = 1024 - }, - .validAuthLenInBits = { - .len = 1000 + .len = 1088 }, .digest = { .data = {0xC3, 0x83, 0x83, 0x9D}, @@ -247,14 +199,9 @@ struct kasumi_hash_test_data kasumi_hash_test_case_6 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x36, 0xAF, 0x61, 0x44, 0x4F, 0x30, 0x2A, 0xD2 - }, - .len = 8 - }, .plaintext = { .data = { + 0x36, 0xAF, 0x61, 0x44, 0x4F, 0x30, 0x2A, 0xD2, 0x35, 0xC6, 0x87, 0x16, 0x63, 0x3C, 0x66, 0xFB, 0x75, 0x0C, 0x26, 0x68, 0x65, 0xD5, 0x3C, 0x11, 0xEA, 0x05, 0xB1, 0xE9, 0xFA, 0x49, 0xC8, 0x39, @@ -269,10 +216,7 @@ struct kasumi_hash_test_data kasumi_hash_test_case_6 = { 0x74, 0xCD, 0xA5, 0xA4, 0x85, 0xF7, 0x4D, 0x7A, 0xC0 }, - .len = 776 - }, - .validAuthLenInBits = { - .len = 768 + .len = 840 }, .digest = { .data = {0x95, 0xAE, 0x41, 0xBA}, @@ -288,21 +232,13 @@ struct kasumi_hash_test_data kasumi_hash_test_case_7 = { }, .len = 16 }, - .auth_iv = { - .data = { - 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, - }, - .len = 8 - }, .plaintext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0xAD, 0x9C, 0x44, 0x1F, 0x89, 0x0B, 0x38, 0xC4, 0x57, 0xA4, 0x9D, 0x42, 0x14, 0x07, 0xE8, 0xC0 }, - .len = 128 - }, - .validAuthLenInBits = { - .len = 120 + .len = 192 }, .digest = { .data = {0x87, 0x5F, 0xE4, 0x89}, diff --git a/test/test/test_cryptodev_kasumi_test_vectors.h b/test/test/test_cryptodev_kasumi_test_vectors.h index ee6ddef..0d042d0 100644 --- a/test/test/test_cryptodev_kasumi_test_vectors.h +++ b/test/test/test_cryptodev_kasumi_test_vectors.h @@ -44,14 +44,13 @@ struct kasumi_test_data { unsigned len; } cipher_iv; - /* Includes: COUNT (4 bytes) and FRESH (4 bytes) */ + /* + * Data may include COUNT (4 bytes), FRESH (4 bytes), + * DIRECTION (1 bit), plus 1 0*, with enough 0s, + * so total length is multiple of 8 or 64 bits + */ struct { - uint8_t data[8]; - unsigned len; - } auth_iv; - - struct { - uint8_t data[1024]; /* Data may include direction bit */ + uint8_t data[1024]; unsigned len; /* length must be in Bits */ } plaintext; @@ -68,6 +67,10 @@ struct kasumi_test_data { unsigned len; } validCipherLenInBits; + struct { + unsigned int len; + } validCipherOffsetInBits; + /* Actual length of data to be hashed */ struct { unsigned len; @@ -132,6 +135,9 @@ struct kasumi_test_data kasumi_test_case_1 = { }, .validCipherLenInBits = { .len = 798 + }, + .validCipherOffsetInBits = { + .len = 0 } }; @@ -177,6 +183,9 @@ struct kasumi_test_data kasumi_test_case_2 = { }, .validCipherLenInBits = { .len = 510 + }, + .validCipherOffsetInBits = { + .len = 0 } }; @@ -194,34 +203,33 @@ struct kasumi_test_data kasumi_test_case_3 = { }, .len = 8 }, - .auth_iv = { - .data = { - 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49 - }, - .len = 8 - }, .plaintext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0xAD, 0x9C, 0x44, 0x1F, 0x89, 0x0B, 0x38, 0xC4, 0x57, 0xA4, 0x9D, 0x42, 0x14, 0x07, 0xE8, 0xC0 }, - .len = 128 + .len = 192 }, .ciphertext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0x9B, 0xC9, 0x2C, 0xA8, 0x03, 0xC6, 0x7B, 0x28, - 0xA1, 0x1A, 0x4B, 0xEE, 0x5A, 0x0C, 0x25 + 0xA1, 0x1A, 0x4B, 0xEE, 0x5A, 0x0C, 0x25, 0xC0 }, - .len = 120 + .len = 192 }, .validDataLenInBits = { - .len = 128 + .len = 192 }, .validCipherLenInBits = { .len = 120 }, .validAuthLenInBits = { - .len = 120 + .len = 192 + }, + .validCipherOffsetInBits = { + .len = 64 }, .digest = { .data = {0x87, 0x5F, 0xE4, 0x89}, @@ -263,6 +271,9 @@ struct kasumi_test_data kasumi_test_case_4 = { }, .validCipherLenInBits = { .len = 253 + }, + .validCipherOffsetInBits = { + .len = 0 } }; @@ -320,6 +331,9 @@ struct kasumi_test_data kasumi_test_case_5 = { }, .validCipherLenInBits = { .len = 837 + }, + .validCipherOffsetInBits = { + .len = 0 } }; @@ -337,39 +351,37 @@ struct kasumi_test_data kasumi_test_case_6 = { }, .len = 8 }, - .auth_iv = { - .data = { - 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49 - }, - .len = 8 - }, .plaintext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0xAD, 0x9C, 0x44, 0x1F, 0x89, 0x0B, 0x38, 0xC4, 0x57, 0xA4, 0x9D, 0x42, 0x14, 0x07, 0xE8, 0xC0 }, - .len = 128 + .len = 192 }, .ciphertext = { .data = { + 0x38, 0xA6, 0xF0, 0x56, 0x05, 0xD2, 0xEC, 0x49, 0x9B, 0xC9, 0x2C, 0xA8, 0x03, 0xC6, 0x7B, 0x28, - 0xA1, 0x1A, 0x4B, 0xEE, 0x5A, 0x0C, 0x25 + 0xA1, 0x1A, 0x4B, 0xEE, 0x5A, 0x0C, 0x25, 0xC0 }, - .len = 120 + .len = 192 }, .validDataLenInBits = { - .len = 128 + .len = 192 }, .validCipherLenInBits = { .len = 120 }, + .validCipherOffsetInBits = { + .len = 64 + }, .validAuthLenInBits = { - .len = 120 + .len = 192 }, .digest = { .data = {0x0F, 0xD2, 0xAA, 0xB5}, .len = 4 } }; - #endif /* TEST_CRYPTODEV_KASUMI_TEST_VECTORS_H_ */ -- 2.9.4