[dpdk-dev] [PATCH v5 1/8] examples/cryptodev_fips_validate: add fips validation into examples
Marko Kovacevic
marko.kovacevic at intel.com
Wed Oct 24 16:17:46 CEST 2018
On 24/10/2018 13:13, Akhil Goyal wrote:
>
> On 10/17/2018 6:19 PM, Marko Kovacevic wrote:
>> Added FIPS application into the examples to allow
>> users to use a simple sample app to validate
>> their systems and be able to get FIPS certification.
>>
>> Signed-off-by: Marko Kovacevic <marko.kovacevic at intel.com>
>> Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
>> Acked-by: Arek Kusztal <arkadiuszx.kusztal at intel.com>
>> ---
>> examples/cryptodev_fips_validate/Makefile | 69 +++
>> .../cryptodev_fips_parse_validate.c | 562 +++++++++++++++++++++
>> .../cryptodev_fips_validate.h | 150 ++++++
>> examples/cryptodev_fips_validate/main.c | 388 ++++++++++++++
>> examples/cryptodev_fips_validate/meson.build | 14 +
>> 5 files changed, 1183 insertions(+)
>> create mode 100644 examples/cryptodev_fips_validate/Makefile
>> create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
>> create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_validate.h
>> create mode 100644 examples/cryptodev_fips_validate/main.c
>> create mode 100644 examples/cryptodev_fips_validate/meson.build
>>
>> diff --git a/examples/cryptodev_fips_validate/Makefile b/examples/cryptodev_fips_validate/Makefile
>> new file mode 100644
>> index 0000000..7f0e603
>> --- /dev/null
>> +++ b/examples/cryptodev_fips_validate/Makefile
>> @@ -0,0 +1,69 @@
>> +# SPDX-License-Identifier: BSD-3-Clause
>> +# Copyright(c) 2010-2014 Intel Corporation
> I believe this is a copy paste error, it should be 2018
Yeah your right will make the change.
>> +
>> +# binary name
>> +APP = fips_validation
>> +
>> +# all source are stored in SRCS-y
>> +SRCS-y += cryptodev_fips_parse_validate.c
>> +SRCS-y += main.c
>> +
>> +# Build using pkg-config variables if possible
>> +$(shell pkg-config --exists libdpdk)
>> +ifeq ($(.SHELLSTATUS),0)
>> +
>> +all: shared
>> +.PHONY: shared static
>> +shared: build/$(APP)-shared
>> + ln -sf $(APP)-shared build/$(APP)
>> +static: build/$(APP)-static
>> + ln -sf $(APP)-static build/$(APP)
>> +
>> +PC_FILE := $(shell pkg-config --path libdpdk)
>> +CFLAGS += -O3 $(shell pkg-config --cflags libdpdk)
>> +LDFLAGS_SHARED = $(shell pkg-config --libs libdpdk)
>> +LDFLAGS_STATIC = -Wl,-Bstatic $(shell pkg-config --static --libs libdpdk)
>> +
>> +build/$(APP)-shared: $(SRCS-y) Makefile $(PC_FILE) | build
>> + $(CC) $(CFLAGS) $(SRCS-y) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED)
>> +
>> +build/$(APP)-static: $(SRCS-y) Makefile $(PC_FILE) | build
>> + $(CC) $(CFLAGS) $(SRCS-y) -o $@ $(LDFLAGS) $(LDFLAGS_STATIC)
>> +
>> +build:
>> + @mkdir -p $@
>> +
>> +.PHONY: clean
>> +clean:
>> + rm -f build/$(APP) build/$(APP)-static build/$(APP)-shared
>> + rmdir --ignore-fail-on-non-empty build
>> +
>> +else
>> +
>> +ifeq ($(RTE_SDK),)
>> +$(error "Please define RTE_SDK environment variable")
>> +endif
>> +
>> +# Default target, can be overridden by command line or environment
>> +RTE_TARGET ?= x86_64-native-linuxapp-gcc
>> +
>> +INC += $(sort $(wildcard *.h))
>> +
>> +include $(RTE_SDK)/mk/rte.vars.mk
>> +
>> +CFLAGS += $(WERROR_FLAGS)
>> +
>> +# workaround for a gcc bug with noreturn attribute
>> +# http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12603
>> +ifeq ($(CONFIG_RTE_TOOLCHAIN_GCC),y)
>> +CFLAGS_main.o += -Wno-return-type
>> +endif
>> +
>> +CFLAGS += -DALLOW_EXPERIMENTAL_API
>> +CFLAGS += -I$(SRCDIR)
>> +CFLAGS += -O3
>> +CFLAGS += $(WERROR_FLAGS)
>> +
>> +include $(RTE_SDK)/mk/rte.extapp.mk
>> +
>> +endif
>> diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
>> new file mode 100644
>> index 0000000..aec5bb9
>> --- /dev/null
>> +++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
>> @@ -0,0 +1,562 @@
>> +/* SPDX-License-Identifier: BSD-3-Clause
>> + * Copyright(c) 2018 Intel Corporation
>> + */
>> +
>> +#include <stdio.h>
>> +#include <string.h>
>> +
>> +#include <rte_string_fns.h>
>> +#include <rte_cryptodev.h>
>> +#include <rte_malloc.h>
>> +
>> +#include "cryptodev_fips_validate.h"
>> +
>> +#define skip_white_spaces(pos) \
>> +({ \
>> + __typeof__(pos) _p = (pos); \
>> + for ( ; isspace(*_p); _p++) \
>> + ; \
>> + _p; \
>> +})
>> +
>> +static int
>> +get_file_line(void)
>> +{
>> + FILE *fp = info.fp_rd;
>> + char *line = info.one_line_text;
>> + char c;
>> + uint32_t loc = 0;
>> +
>> + memset(line, 0, MAX_LINE_CHAR);
>> + while ((c = fgetc(fp)) != EOF) {
>> + if (loc >= MAX_LINE_CHAR - 1)
>> + return -ENOMEM;
>> + if (c == '\n')
>> + return 0;
>> + line[loc++] = c;
>> + }
>> +
>> + if (c == EOF)
>> + return -EOF;
>> +
>> + return 0;
>> +}
>> +
>> +int
>> +fips_test_fetch_one_block(void)
>> +{
>> + size_t size;
>> + int ret = 0;
>> + uint32_t i;
>> +
>> + for (i = 0; i < info.nb_vec_lines; i++) {
>> + free(info.vec[i]);
>> + info.vec[i] = NULL;
>> + }
>> +
>> + i = 0;
>> + do {
>> + if (i >= MAX_LINE_PER_VECTOR) {
>> + ret = -ENOMEM;
>> + goto error_exit;
>> + }
>> +
>> + ret = get_file_line();
>> + size = strlen(info.one_line_text);
>> + if (size == 0)
>> + break;
>> +
>> + info.vec[i] = calloc(1, size + 5);
>> + if (info.vec[i] == NULL)
>> + goto error_exit;
>> +
>> + strlcpy(info.vec[i], info.one_line_text, size + 1);
>> + i++;
>> + } while (ret == 0);
>> +
>> + info.nb_vec_lines = i;
>> +
>> + return ret;
>> +
>> +error_exit:
>> + for (i = 0; i < MAX_LINE_PER_VECTOR; i++)
>> + if (info.vec[i] != NULL) {
>> + free(info.vec[i]);
>> + info.vec[i] = NULL;
>> + }
>> +
>> + info.nb_vec_lines = 0;
>> +
>> + return -ENOMEM;
>> +}
>> +
>> +static int
>> +fips_test_parse_header(void)
>> +{
>> + uint32_t i;
>> + char *tmp;
>> + int ret;
>> + time_t t = time(NULL);
>> + struct tm *tm_now = localtime(&t);
>> +
>> + ret = fips_test_fetch_one_block();
>> + if (ret < 0)
>> + return ret;
>> +
>> + for (i = 0; i < info.nb_vec_lines; i++) {
>> +
>> + tmp = strstr(info.vec[i], "# Config info for ");
>> + if (tmp != NULL) {
>> + fprintf(info.fp_wr, "%s%s\n", "# Config info for DPDK Cryptodev ",
>> + info.device_name);
>> + continue;
>> + }
>> +
>> + tmp = strstr(info.vec[i], "# HMAC information for ");
>> + if (tmp != NULL) {
>> + fprintf(info.fp_wr, "%s%s\n", "# HMAC information for "
>> + "DPDK Cryptodev ",
>> + info.device_name);
>> + continue;
>> + }
>> +
>> + tmp = strstr(info.vec[i], "# Config Info for : ");
>> + if (tmp != NULL) {
>> +
>> + fprintf(info.fp_wr, "%s%s\n", "# Config Info for DPDK Cryptodev : ",
>> + info.device_name);
>> + continue;
>> + }
>> +
>> + tmp = strstr(info.vec[i], "# information for ");
>> + if (tmp != NULL) {
>> +
>> + char tmp_output[128] = {0};
>> +
>> + strlcpy(tmp_output, info.vec[i], tmp - info.vec[i] + 1);
>> +
>> + fprintf(info.fp_wr, "%s%s%s\n", tmp_output,
>> + "information for DPDK Cryptodev ",
>> + info.device_name);
>> + continue;
>> + }
>> +
>> + tmp = strstr(info.vec[i], " test information for ");
>> + if (tmp != NULL) {
>> + char tmp_output[128] = {0};
>> +
>> + strlcpy(tmp_output, info.vec[i], tmp - info.vec[i] + 1);
>> +
>> + fprintf(info.fp_wr, "%s%s%s\n", tmp_output,
>> + "test information for DPDK Cryptodev ",
>> + info.device_name);
>> + continue;
>> + }
>> +
>> + if (i == info.nb_vec_lines - 1) {
>> + /** update the time as current time, write to file */
>> + fprintf(info.fp_wr, "%s%s\n", "# Generated on ",
>> + asctime(tm_now));
>> + continue;
>> + }
>> +
>> + /* to this point, no field need to update,
>> + * only copy to rsp file
>> + */
>> + fprintf(info.fp_wr, "%s\n", info.vec[i]);
>> + }
>> +
>> + return 0;
>> +}
>> +
>> +static int
>> +parse_file_type(const char *path)
>> +{
>> + const char *tmp = path + strlen(path) - 3;
>> +
>> + if (strstr(tmp, REQ_FILE_PERFIX))
>> + info.file_type = FIPS_TYPE_REQ;
>> + else if (strstr(tmp, RSP_FILE_PERFIX))
>> + info.file_type = FIPS_TYPE_RSP;
>> + else if (strstr(path, FAX_FILE_PERFIX))
>> + info.file_type = FIPS_TYPE_FAX;
>> + else
>> + return -EINVAL;
>> +
>> + return 0;
>> +}
>> +
>> +int
>> +fips_test_init(const char *req_file_path, const char *rsp_file_path,
>> + const char *device_name)
>> +{
>> + if (strcmp(req_file_path, rsp_file_path) == 0) {
>> + RTE_LOG(ERR, USER1, "File paths cannot be the same\n");
>> + return -EINVAL;
>> + }
>> +
>> + fips_test_clear();
>> +
>> + info.algo = FIPS_TEST_ALGO_MAX;
>> + if (parse_file_type(req_file_path) < 0) {
>> + RTE_LOG(ERR, USER1, "File %s type not supported\n",
>> + req_file_path);
>> + return -EINVAL;
>> + }
>> +
>> + info.fp_rd = fopen(req_file_path, "r");
>> + if (!info.fp_rd) {
>> + RTE_LOG(ERR, USER1, "Cannot open file %s\n", req_file_path);
>> + return -EINVAL;
>> + }
>> +
>> + info.fp_wr = fopen(rsp_file_path, "w");
>> + if (!info.fp_wr) {
>> + RTE_LOG(ERR, USER1, "Cannot open file %s\n", rsp_file_path);
>> + return -EINVAL;
>> + }
>> +
>> + info.one_line_text = calloc(1, MAX_LINE_CHAR);
>> + if (!info.one_line_text) {
>> + RTE_LOG(ERR, USER1, "Insufficient memory\n");
>> + return -ENOMEM;
>> + }
>> +
>> + strlcpy(info.device_name, device_name, sizeof(info.device_name));
>> +
>> + if (fips_test_parse_header() < 0) {
>> + RTE_LOG(ERR, USER1, "Failed parsing header\n");
>> + return -1;
>> + }
> memory leak for calloc done above in case of error.
> Also there is no fclose in case of errors.
All memory allocated will be freed and the files are closed in the
fips_test_clear function and is called in the end of the main function.
>> +
>> + return 0;
>> +}
>> +
>> +void
>> +fips_test_clear(void)
>> +{
>> + if (info.fp_rd)
>> + fclose(info.fp_rd);
>> + if (info.fp_wr)
>> + fclose(info.fp_wr);
>> + if (info.one_line_text)
>> + free(info.one_line_text);
>> + if (info.nb_vec_lines) {
>> + uint32_t i;
>> +
>> + for (i = 0; i < info.nb_vec_lines; i++)
>> + free(info.vec[i]);
>> + }
>> +
>> + memset(&info, 0, sizeof(info));
>> +}
>> +
>> +int
>> +fips_test_parse_one_case(void)
>> +{
>> + uint32_t i, j = 0;
>> + uint32_t is_interim = 0;
>> + int ret;
>> +
>> + if (info.interim_callbacks) {
>> + for (i = 0; i < info.nb_vec_lines; i++) {
>> + for (j = 0; info.interim_callbacks[j].key != NULL; j++)
>> + if (strstr(info.vec[i],
>> + info.interim_callbacks[j].key)) {
> it looks interim_callback is a single structure and there is no need for
> treating as an array.
For some tests interim data could be multiple lines.
>> + is_interim = 1;
>> +
>> + ret = info.interim_callbacks[j].cb(
>> + info.interim_callbacks[j].key,
>> + info.vec[i],
>> + info.interim_callbacks[j].val);
>> + if (ret < 0)
>> + return ret;
>> + }
>> + }
>> + }
>> +
>> + if (is_interim) {
>> + for (i = 0; i < info.nb_vec_lines; i++)
>> + fprintf(info.fp_wr, "%s\n", info.vec[i]);
>> + fprintf(info.fp_wr, "\n");
>> + return 1;
>> + }
>> +
>> + for (i = 0; i < info.nb_vec_lines; i++) {
>> + for (j = 0; info.callbacks[j].key != NULL; j++)
>> + if (strstr(info.vec[i], info.callbacks[j].key)) {
>> + ret = info.callbacks[j].cb(
>> + info.callbacks[j].key,
>> + info.vec[i], info.callbacks[j].val);
>> + if (ret < 0)
>> + return ret;
>> + break;
>> + }
>> + }
>> +
>> + return 0;
>> +}
>> +
>> +void
>> +fips_test_write_one_case(void)
>> +{
>> + uint32_t i;
>> +
>> + for (i = 0; i < info.nb_vec_lines; i++)
>> + fprintf(info.fp_wr, "%s\n", info.vec[i]);
>> +}
>> +
>> +static int
>> +parser_read_uint64_hex(uint64_t *value, const char *p)
>> +{
>> + char *next;
>> + uint64_t val;
>> +
>> + p = skip_white_spaces(p);
>> +
>> + val = strtoul(p, &next, 16);
>> + if (p == next)
>> + return -EINVAL;
>> +
>> + p = skip_white_spaces(next);
>> + if (*p != '\0')
>> + return -EINVAL;
>> +
>> + *value = val;
>> + return 0;
>> +}
>> +
>> +int
>> +parser_read_uint8_hex(uint8_t *value, const char *p)
>> +{
>> + uint64_t val = 0;
>> + int ret = parser_read_uint64_hex(&val, p);
>> +
>> + if (ret < 0)
>> + return ret;
>> +
>> + if (val > UINT8_MAX)
>> + return -ERANGE;
>> +
>> + *value = val;
>> + return 0;
>> +}
>> +
>> +int
>> +parse_uint8_known_len_hex_str(const char *key, char *src, struct fips_val *val)
>> +{
>> + struct fips_val tmp_val = {0};
>> + uint32_t len = val->len;
>> + int ret;
>> +
>> + if (len == 0) {
>> + if (val->val != NULL) {
>> + rte_free(val->val);
>> + val->val = NULL;
>> + }
>> +
>> + return 0;
>> + }
>> +
>> + ret = parse_uint8_hex_str(key, src, &tmp_val);
>> + if (ret < 0)
>> + return ret;
>> +
>> + if (tmp_val.len == val->len) {
>> + val->val = tmp_val.val;
>> + return 0;
>> + }
>> +
>> + if (tmp_val.len < val->len) {
>> + rte_free(tmp_val.val);
>> + return -EINVAL;
>> + }
>> +
>> + val->val = rte_zmalloc(NULL, val->len, 0);
>> + if (!val->val) {
>> + rte_free(tmp_val.val);
>> + memset(val, 0, sizeof(*val));
>> + return -ENOMEM;
>> + }
>> +
>> + memcpy(val->val, tmp_val.val, val->len);
>> + rte_free(tmp_val.val);
>> +
>> + return 0;
>> +}
>> +
>> +int
>> +parse_uint8_hex_str(const char *key, char *src, struct fips_val *val)
>> +{
>> + uint32_t len, j;
>> +
>> + src += strlen(key);
>> +
>> + len = strlen(src) / 2;
>> +
>> + if (val->val) {
>> + rte_free(val->val);
>> + val->val = NULL;
>> + }
>> +
>> + val->val = rte_zmalloc(NULL, len, 0);
>> + if (!val->val)
>> + return -1;
> should be -ENOMEM
will change it.
>> +
>> + for (j = 0; j < len; j++) {
>> + char byte[3] = {src[j * 2], src[j * 2 + 1], '\0'};
>> +
>> + if (parser_read_uint8_hex(&val->val[j], byte) < 0) {
>> + rte_free(val->val);
>> + memset(val, 0, sizeof(*val));
>> + return -EINVAL;
>> + }
>> + }
>> +
>> + val->len = len;
>> +
>> + return 0;
>> +}
>> +
>> +int
>> +parser_read_uint32_val(const char *key, char *src, struct fips_val *val)
>> +{
>> + char *data = src + strlen(key);
>> + size_t data_len = strlen(data);
>> + int ret;
>> +
>> + if (data[data_len - 1] == ']') {
>> + char *tmp_data = calloc(1, data_len + 1);
>> +
>> + if (tmp_data == NULL)
>> + return -ENOMEM;
>> +
>> + strlcpy(tmp_data, data, data_len);
>> +
>> + ret = parser_read_uint32(&val->len, tmp_data);
>> +
>> + free(tmp_data);
>> + } else
>> + ret = parser_read_uint32(&val->len, data);
>> +
>> + return ret;
>> +}
>> +
>> +int
>> +parser_read_uint32_bit_val(const char *key, char *src, struct fips_val *val)
>> +{
>> + int ret;
>> +
>> + ret = parser_read_uint32_val(key, src, val);
>> +
>> + if (ret < 0)
>> + return ret;
>> +
>> + val->len /= 8;
>> +
>> + return 0;
>> +}
>> +
>> +int
>> +writeback_hex_str(const char *key, char *dst, struct fips_val *val)
>> +{
>> + char *str = dst;
>> + uint32_t len;
>> +
>> + str += strlen(key);
>> +
>> + for (len = 0; len < val->len; len++)
>> + snprintf(str + len * 2, 255, "%02x", val->val[len]);
>> +
>> + return 0;
>> +}
>> +
>> +static int
>> +parser_read_uint64(uint64_t *value, const char *p)
>> +{
>> + char *next;
>> + uint64_t val;
>> +
>> + p = skip_white_spaces(p);
>> + if (!isdigit(*p))
>> + return -EINVAL;
>> +
>> + val = strtoul(p, &next, 10);
>> + if (p == next)
>> + return -EINVAL;
>> +
>> + p = next;
>> + switch (*p) {
>> + case 'T':
>> + val *= 1024ULL;
>> + /* fall through */
>> + case 'G':
>> + val *= 1024ULL;
>> + /* fall through */
>> + case 'M':
>> + val *= 1024ULL;
>> + /* fall through */
>> + case 'k':
>> + case 'K':
>> + val *= 1024ULL;
>> + p++;
>> + break;
>> + }
>> +
>> + p = skip_white_spaces(p);
>> + if (*p != '\0')
>> + return -EINVAL;
>> +
>> + *value = val;
>> + return 0;
>> +}
>> +
>> +int
>> +parser_read_uint32(uint32_t *value, char *p)
>> +{
>> + uint64_t val = 0;
>> + int ret = parser_read_uint64(&val, p);
>> +
>> + if (ret < 0)
>> + return ret;
>> +
>> + if (val > UINT32_MAX)
>> + return -EINVAL;
>> +
>> + *value = val;
>> + return 0;
>> +}
>> +
>> +void
>> +parse_write_hex_str(struct fips_val *src)
>> +{
>> + writeback_hex_str("", info.one_line_text, src);
>> +
>> + fprintf(info.fp_wr, "%s\n", info.one_line_text);
>> +}
>> +
>> +int
>> +update_info_vec(uint32_t count)
>> +{
>> + const struct fips_test_callback *cb;
>> + uint32_t i, j;
>> +
>> + if (!info.writeback_callbacks)
>> + return -1;
>> +
>> + cb = &info.writeback_callbacks[0];
>> +
>> + snprintf(info.vec[0], strlen(info.vec[0]) + 4, "%s%u", cb->key, count);
>> +
>> + for (i = 1; i < info.nb_vec_lines; i++) {
>> + for (j = 1; info.writeback_callbacks[j].key != NULL; j++) {
>> + cb = &info.writeback_callbacks[j];
>> + if (strstr(info.vec[i], cb->key)) {
>> + cb->cb(cb->key, info.vec[i], cb->val);
>> + break;
>> + }
>> + }
>> + }
>> +
>> + return 0;
>> +}
>> diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
>> new file mode 100644
>> index 0000000..beb6bed
>> --- /dev/null
>> +++ b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
>> @@ -0,0 +1,150 @@
>> +/* SPDX-License-Identifier: BSD-3-Clause
>> + * Copyright(c) 2018 Intel Corporation
>> + */
>> +
>> +#ifndef _CRYPTODEV_NIST_FIPS_PARSER_H_
>> +#define _CRYPTODEV_NIST_FIPS_PARSER_H_
>> +
>> +#define FIPS_PARSE_ERR(fmt, args) \
>> + RTE_LOG(ERR, USER1, "FIPS parse error" ## fmt ## "\n", ## args)
>> +
>> +#define ERR_MSG_SIZE 128
>> +#define MAX_CASE_LINE 15
>> +#define MAX_LINE_CHAR 204800 /*< max number of characters per line */
>> +#define MAX_NB_TESTS 10240
>> +#define MAX_BUF_SIZE 2048
>> +#define MAX_STRING_SIZE 64
>> +
>> +#define POSITIVE_TEST 0
>> +#define NEGATIVE_TEST -1
>> +
>> +#define REQ_FILE_PERFIX "req"
>> +#define RSP_FILE_PERFIX "rsp"
>> +#define FAX_FILE_PERFIX "fax"
>> +
>> +enum fips_test_algorithms {
>> + FIPS_TEST_ALGO_MAX
>> +};
>> +
>> +enum file_types {
>> + FIPS_TYPE_REQ = 1,
>> + FIPS_TYPE_FAX,
>> + FIPS_TYPE_RSP
>> +};
>> +
>> +enum fips_test_op {
>> + FIPS_TEST_ENC_AUTH_GEN = 1,
>> + FIPS_TEST_DEC_AUTH_VERIF,
>> +};
>> +
>> +#define MAX_LINE_PER_VECTOR 16
>> +
>> +struct fips_val {
>> + uint8_t *val;
>> + uint32_t len;
>> +};
>> +
>> +struct fips_test_vector {
>> + union {
>> + struct {
>> + struct fips_val key;
>> + struct fips_val digest;
>> + struct fips_val auth_aad;
>> + struct fips_val aad;
>> + } cipher_auth;
>> + struct {
>> + struct fips_val key;
>> + struct fips_val digest;
>> + struct fips_val aad;
>> + } aead;
>> + };
>> +
>> + struct fips_val pt;
>> + struct fips_val ct;
>> + struct fips_val iv;
>> +
>> + enum rte_crypto_op_status status;
>> +};
>> +
>> +typedef int (*post_prcess_t)(struct fips_val *val);
>> +
>> +typedef int (*parse_callback_t)(const char *key, char *text,
>> + struct fips_val *val);
>> +
>> +struct fips_test_callback {
>> + const char *key;
>> + parse_callback_t cb;
>> + struct fips_val *val;
>> +};
>> +
>> +struct fips_test_interim_info {
>> + FILE *fp_rd;
>> + FILE *fp_wr;
>> + enum file_types file_type;
>> + enum fips_test_algorithms algo;
>> + char *one_line_text;
>> + char *vec[MAX_LINE_PER_VECTOR];
>> + uint32_t nb_vec_lines;
>> + //uint8_t cryptodev_id;
> remove if not needed
will do missed it.
>> + char device_name[MAX_STRING_SIZE];
>> +
>> + enum fips_test_op op;
>> +
>> + const struct fips_test_callback *callbacks;
>> + const struct fips_test_callback *interim_callbacks;
>> + const struct fips_test_callback *writeback_callbacks;
>> +
>> + post_prcess_t parse_writeback;
>> + post_prcess_t kat_check;
>> +};
>> +
>> +extern struct fips_test_vector vec;
>> +extern struct fips_test_interim_info info;
>> +
>> +int
>> +fips_test_init(const char *req_file_path, const char *rsp_file_path,
>> + const char *device_name);
>> +
>> +void
>> +fips_test_clear(void);
>> +
>> +int
>> +fips_test_fetch_one_block(void);
>> +
>> +int
>> +fips_test_parse_one_case(void);
>> +
>> +void
>> +fips_test_write_one_case(void);
>> +
>> +int
>> +parser_read_uint8_hex(uint8_t *value, const char *p);
>> +
>> +int
>> +parse_uint8_hex_str(const char *key, char *src, struct fips_val *val);
>> +
>> +int
>> +parse_uint8_known_len_hex_str(const char *key, char *src, struct fips_val *val);
>> +
>> +int
>> +parser_read_uint32_val(const char *key, char *src, struct fips_val *val);
>> +
>> +int
>> +parser_read_uint32_bit_val(const char *key, char *src, struct fips_val *val);
>> +
>> +int
>> +parser_read_uint32(uint32_t *value, char *p);
>> +
>> +int
>> +parser_read_uint32_val(const char *key, char *src, struct fips_val *val);
>> +
>> +int
>> +writeback_hex_str(const char *key, char *dst, struct fips_val *val);
>> +
>> +void
>> +parse_write_hex_str(struct fips_val *src);
>> +
>> +int
>> +update_info_vec(uint32_t count);
>> +
>> +#endif
>> diff --git a/examples/cryptodev_fips_validate/main.c b/examples/cryptodev_fips_validate/main.c
>> new file mode 100644
>> index 0000000..4f14b04
>> --- /dev/null
>> +++ b/examples/cryptodev_fips_validate/main.c
>> @@ -0,0 +1,388 @@
>> +/* SPDX-License-Identifier: BSD-3-Clause
>> + * Copyright(c) 2018 Intel Corporation
>> + */
>> +
>> +#include <sys/stat.h>
>> +#include <getopt.h>
>> +#include <dirent.h>
>> +
>> +#include <rte_cryptodev.h>
>> +#include <rte_cryptodev_pmd.h>
>> +#include <rte_mempool.h>
>> +#include <rte_mbuf.h>
>> +#include <rte_string_fns.h>
>> +
>> +#include "cryptodev_fips_validate.h"
>> +
>> +#define REQ_FILE_PATH_KEYWORD "req-file"
>> +#define RSP_FILE_PATH_KEYWORD "rsp-file"
>> +#define FOLDER_KEYWORD "path-is-folder"
>> +#define CRYPTODEV_KEYWORD "cryptodev"
>> +#define CRYPTODEV_ID_KEYWORD "cryptodev-id"
>> +
>> +struct fips_test_vector vec;
>> +struct fips_test_interim_info info;
>> +
>> +struct cryptodev_fips_validate_env {
>> + const char *req_path;
>> + const char *rsp_path;
>> + uint32_t is_path_folder;
>> + uint32_t dev_id;
>> + struct rte_mempool *mpool;
>> + struct rte_mempool *op_pool;
>> + struct rte_mbuf *mbuf;
>> + struct rte_crypto_op *op;
>> + struct rte_cryptodev_sym_session *sess;
>> +} env;
>> +
>> +static int
>> +cryptodev_fips_validate_app_int(void)
>> +{
>> + struct rte_cryptodev_config conf = {rte_socket_id(), 1};
>> + struct rte_cryptodev_qp_conf qp_conf = {128};
>> + int ret;
>> +
>> + ret = rte_cryptodev_configure(env.dev_id, &conf);
>> + if (ret < 0)
>> + return ret;
>> +
>> + env.mpool = rte_pktmbuf_pool_create("FIPS_MEMPOOL", 128, 0, 0,
>> + UINT16_MAX, rte_socket_id());
>> + if (!env.mpool)
>> + return ret;
>> +
>> + ret = rte_cryptodev_queue_pair_setup(env.dev_id, 0, &qp_conf,
>> + rte_socket_id(), env.mpool);
>> + if (ret < 0)
>> + return ret;
>> +
>> + ret = -ENOMEM;
>> +
>> + env.op_pool = rte_crypto_op_pool_create(
>> + "FIPS_OP_POOL",
>> + RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>> + 1, 0,
>> + 16,
>> + rte_socket_id());
>> + if (!env.op_pool)
>> + goto error_exit;
>> +
>> + env.mbuf = rte_pktmbuf_alloc(env.mpool);
>> + if (!env.mbuf)
>> + goto error_exit;
>> +
>> + env.op = rte_crypto_op_alloc(env.op_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
>> + if (!env.op)
>> + goto error_exit;
>> +
>> + return 0;
>> +
>> +error_exit:
>> + rte_mempool_free(env.mpool);
>> + if (env.op_pool)
>> + rte_mempool_free(env.op_pool);
>> +
>> + return ret;
>> +}
>> +
>> +static void
>> +cryptodev_fips_validate_app_uninit(void)
>> +{
>> + rte_pktmbuf_free(env.mbuf);
>> + rte_crypto_op_free(env.op);
>> + rte_cryptodev_sym_session_clear(env.dev_id, env.sess);
>> + rte_cryptodev_sym_session_free(env.sess);
>> + rte_mempool_free(env.mpool);
>> + rte_mempool_free(env.op_pool);
>> +}
>> +
>> +static int
>> +fips_test_one_file(void);
>> +
>> +static int
>> +parse_cryptodev_arg(char *arg)
>> +{
>> + int id = rte_cryptodev_get_dev_id(arg);
>> +
>> + if (id < 0) {
>> + RTE_LOG(ERR, USER1, "Error %i: invalid cryptodev name %s\n",
>> + id, arg);
>> + return id;
>> + }
>> +
>> + env.dev_id = (uint32_t)id;
>> +
>> + return 0;
>> +}
>> +
>> +static int
>> +parse_cryptodev_id_arg(char *arg)
>> +{
>> + uint32_t cryptodev_id;
>> +
>> + if (parser_read_uint32(&cryptodev_id, arg) < 0) {
>> + RTE_LOG(ERR, USER1, "Error %i: invalid cryptodev id %s\n",
>> + -EINVAL, arg);
>> + return -1;
>> + }
>> +
>> +
>> + if (!rte_cryptodev_pmd_is_valid_dev(cryptodev_id)) {
>> + RTE_LOG(ERR, USER1, "Error %i: invalid cryptodev id %s\n",
>> + cryptodev_id, arg);
>> + return -1;
>> + }
>> +
>> + env.dev_id = (uint32_t)cryptodev_id;
>> +
>> + return 0;
>> +}
>> +
>> +static void
>> +cryptodev_fips_validate_usage(const char *prgname)
>> +{
>> + printf("%s [EAL options] --\n"
>> + " --%s: REQUEST-FILE-PATH\n"
>> + " --%s: RESPONSE-FILE-PATH\n"
>> + " --%s: indicating both paths are folders\n"
>> + " --%s: CRYPTODEV-NAME\n"
>> + " --%s: CRYPTODEV-ID-NAME\n",
>> + prgname, REQ_FILE_PATH_KEYWORD, RSP_FILE_PATH_KEYWORD,
>> + FOLDER_KEYWORD, CRYPTODEV_KEYWORD, CRYPTODEV_ID_KEYWORD);
>> +}
>> +
>> +static int
>> +cryptodev_fips_validate_parse_args(int argc, char **argv)
>> +{
>> + int opt, ret;
>> + char *prgname = argv[0];
>> + char **argvopt;
>> + int option_index;
>> + struct option lgopts[] = {
>> + {REQ_FILE_PATH_KEYWORD, required_argument, 0, 0},
>> + {RSP_FILE_PATH_KEYWORD, required_argument, 0, 0},
>> + {FOLDER_KEYWORD, no_argument, 0, 0},
>> + {CRYPTODEV_KEYWORD, required_argument, 0, 0},
>> + {CRYPTODEV_ID_KEYWORD, required_argument, 0, 0},
>> + {NULL, 0, 0, 0}
>> + };
>> +
>> + argvopt = argv;
>> +
>> + while ((opt = getopt_long(argc, argvopt, "s:",
>> + lgopts, &option_index)) != EOF) {
>> +
>> + switch (opt) {
>> + case 0:
>> + if (strcmp(lgopts[option_index].name,
>> + REQ_FILE_PATH_KEYWORD) == 0)
>> + env.req_path = optarg;
>> + else if (strcmp(lgopts[option_index].name,
>> + RSP_FILE_PATH_KEYWORD) == 0)
>> + env.rsp_path = optarg;
>> + else if (strcmp(lgopts[option_index].name,
>> + FOLDER_KEYWORD) == 0)
>> + env.is_path_folder = 1;
>> + else if (strcmp(lgopts[option_index].name,
>> + CRYPTODEV_KEYWORD) == 0) {
>> + ret = parse_cryptodev_arg(optarg);
>> + if (ret < 0) {
>> + cryptodev_fips_validate_usage(prgname);
>> + return -EINVAL;
>> + }
>> + } else if (strcmp(lgopts[option_index].name,
>> + CRYPTODEV_ID_KEYWORD) == 0) {
>> + ret = parse_cryptodev_id_arg(optarg);
>> + if (ret < 0) {
>> + cryptodev_fips_validate_usage(prgname);
>> + return -EINVAL;
>> + }
>> + } else {
>> + cryptodev_fips_validate_usage(prgname);
>> + return -EINVAL;
>> + }
>> + break;
>> + default:
>> + return -1;
>> + }
>> + }
>> +
>> + if (env.req_path == NULL || env.rsp_path == NULL ||
>> + env.dev_id == UINT32_MAX) {
>> + cryptodev_fips_validate_usage(prgname);
>> + return -EINVAL;
>> + }
>> +
>> + return 0;
>> +}
>> +
>> +int
>> +main(int argc, char *argv[])
>> +{
>> + int ret;
>> +
>> + ret = rte_eal_init(argc, argv);
>> + if (ret < 0) {
>> + RTE_LOG(ERR, USER1, "Error %i: Failed init\n", ret);
>> + return -1;
>> + }
>> +
>> + argc -= ret;
>> + argv += ret;
>> +
>> + ret = cryptodev_fips_validate_parse_args(argc, argv);
>> + if (ret < 0)
>> + rte_exit(EXIT_FAILURE, "Failed to parse arguments!\n");
>> +
>> + ret = cryptodev_fips_validate_app_int();
>> + if (ret < 0) {
>> + RTE_LOG(ERR, USER1, "Error %i: Failed init\n", ret);
>> + return -1;
>> + }
>> +
>> + if (!env.is_path_folder) {
>> + printf("Processing file %s... ", env.req_path);
>> +
>> + ret = fips_test_init(env.req_path, env.rsp_path,
>> + rte_cryptodev_name_get(env.dev_id));
>> + if (ret < 0) {
>> + RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
>> + ret, env.req_path);
>> + goto exit;
>> + }
>> +
>> +
>> + ret = fips_test_one_file();
>> + if (ret < 0) {
>> + RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
>> + ret, env.req_path);
>> + goto exit;
>> + }
>> +
>> + printf("Done\n");
>> +
>> + } else {
>> + struct dirent *dir;
>> + DIR *d_req, *d_rsp;
>> + char req_path[1024];
>> + char rsp_path[1024];
>> +
>> + d_req = opendir(env.req_path);
>> + if (!d_req) {
>> + RTE_LOG(ERR, USER1, "Error %i: Path %s not exist\n",
>> + -EINVAL, env.req_path);
>> + goto exit;
>> + }
>> +
>> + d_rsp = opendir(env.rsp_path);
>> + if (!d_rsp) {
>> + ret = mkdir(env.rsp_path, 0700);
>> + if (ret == 0)
>> + d_rsp = opendir(env.rsp_path);
>> + else {
>> + RTE_LOG(ERR, USER1, "Error %i: Invalid %s\n",
>> + -EINVAL, env.rsp_path);
>> + goto exit;
>> + }
>> + }
>> + closedir(d_rsp);
>> +
>> + while ((dir = readdir(d_req)) != NULL) {
>> + if (strstr(dir->d_name, "req") == NULL)
>> + continue;
>> +
>> + snprintf(req_path, 1023, "%s/%s", env.req_path,
>> + dir->d_name);
>> + snprintf(rsp_path, 1023, "%s/%s", env.rsp_path,
>> + dir->d_name);
>> + strlcpy(strstr(rsp_path, "req"), "rsp", 4);
>> +
>> + printf("Processing file %s... ", req_path);
>> +
>> + ret = fips_test_init(req_path, rsp_path,
>> + rte_cryptodev_name_get(env.dev_id));
>> + if (ret < 0) {
>> + RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
>> + ret, req_path);
>> + break;
>> + }
>> +
>> + ret = fips_test_one_file();
>> + if (ret < 0) {
>> + RTE_LOG(ERR, USER1, "Error %i: Failed test %s\n",
>> + ret, req_path);
>> + break;
>> + }
>> +
>> + printf("Done\n");
>> + }
>> +
>> + closedir(d_req);
>> + }
>> +
>> +
>> +exit:
>> + fips_test_clear();
>> + cryptodev_fips_validate_app_uninit();
>> +
>> + return ret;
>> +
>> +}
>> +
>> +static void
>> +print_test_block(void)
>> +{
>> + uint32_t i;
>> +
>> + for (i = 0; i < info.nb_vec_lines; i++)
>> + printf("%s\n", info.vec[i]);
>> +
>> + printf("\n");
>> +}
>> +
>> +static int
>> +fips_test_one_file(void)
>> +{
>> + int fetch_ret = 0, ret;
>> +
>> + while (fetch_ret == 0) {
>> + fetch_ret = fips_test_fetch_one_block();
>> + if (fetch_ret < 0) {
>> + RTE_LOG(ERR, USER1, "Error %i: Fetch block\n",
>> + fetch_ret);
>> + ret = fetch_ret;
>> + goto error_one_case;
>> + }
>> +
>> + if (info.nb_vec_lines == 0) {
>> + if (fetch_ret == -EOF)
>> + break;
>> +
>> + fprintf(info.fp_wr, "\n");
>> + continue;
>> + }
>> +
>> + ret = fips_test_parse_one_case();
>> + switch (ret) {
>> + case 0:
>> + if (ret == 0)
>> + break;
>> + RTE_LOG(ERR, USER1, "Error %i: test block\n",
>> + ret);
> this log is unreachable code.
The bit that is missing is being added in v2 when i was splitting the
patch i forgot to remove this check until this was added
ret = test_ops.test();
if (ret == 0)
break;
RTE_LOG(ERR, USER1, "Error %i: test block\n",
ret);
goto error_one_case;
>> + goto error_one_case;
>> + case 1:
>> + break;
>> + default:
>> + RTE_LOG(ERR, USER1, "Error %i: Parse block\n",
>> + ret);
>> + goto error_one_case;
>> + }
> do you really need this switch case here. In both the cases you are
> breaking without doing anything.
> it should be something like
> if (ret <= 0) {
> RTE_LOG(ERR, USER1, "Error %i: Parse block\n", ret);
> goto error_one_case;
> }
1 = test-interim data and 0 = test-data will add a comment with more
info inside the files of what the return cases mean
>> +
>> + continue;
>> +error_one_case:
>> + print_test_block();
>> + }
>> +
>> + fips_test_clear();
>> +
>> +}
>> diff --git a/examples/cryptodev_fips_validate/meson.build b/examples/cryptodev_fips_validate/meson.build
>> new file mode 100644
>> index 0000000..f44043c
>> --- /dev/null
>> +++ b/examples/cryptodev_fips_validate/meson.build
>> @@ -0,0 +1,14 @@
>> +# SPDX-License-Identifier: BSD-3-Clause
>> +# Copyright(c) 2018 Intel Corporation
>> +
>> +# meson file, for building this example as part of a main DPDK build.
>> +#
>> +# To build this example as a standalone application with an already-installed
>> +# DPDK instance, use 'make'
>> +
>> +deps += ['cryptodev']
>> +allow_experimental_apis = true
>> +sources = files(
>> + 'cryptodev_fips_parse_validate.c',
>> + 'main.c'
>> +)
More information about the dev
mailing list