[v1, 02/10] examples/fips_validation: add SHA3 validation

Dooley, Brian brian.dooley at intel.com
Mon Feb 27 10:31:05 CET 2023
Previous message (by thread): [v1, 02/10] examples/fips_validation: add SHA3 validation
Next message (by thread): [v1, 03/10] examples/fips_validation: fix integer parse in test case
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn at marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev at dpdk.org
> Cc: Anoob Joseph <anoobj at marvell.com>; jerinj at marvell.com; Akhil Goyal
> <gakhil at marvell.com>; Dooley, Brian <brian.dooley at intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn at marvell.com>
> Subject: [v1, 02/10] examples/fips_validation: add SHA3 validation
> 
> Add support in fips_validation to parse SHA3 algorithms.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn at marvell.com>
> ---
>  doc/guides/sample_app_ug/fips_validation.rst  |  5 +-
>  examples/fips_validation/fips_validation.h    |  1 +
>  .../fips_validation/fips_validation_hmac.c    |  8 ++
>  .../fips_validation/fips_validation_sha.c     | 20 +++--
>  examples/fips_validation/main.c               | 76 +++++++++----------
>  5 files changed, 61 insertions(+), 49 deletions(-)
> 
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 50d23c789b..55837895fe 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -64,8 +64,9 @@ ACVP
>      * AES-CTR (128,192,256) - AFT, CTR
>      * AES-GMAC (128,192,256) - AFT
>      * AES-XTS (128,256) - AFT
> -    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
> -    * SHA (1, 256, 384, 512) - AFT, MCT
> +    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256,
> SHA3_384, SHA3_512)
> +    * SHA (1, 224, 256, 384, 512) - AFT, MCT
> +    * SHA3 (224, 256, 384, 512) - AFT, MCT
>      * TDES-CBC - AFT, MCT
>      * TDES-ECB - AFT, MCT
>      * RSA
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 565a5cd36e..6c1bd35849 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -205,6 +205,7 @@ struct sha_interim_data {
>  	/* keep algo always on top as it is also used in asym digest */
>  	enum rte_crypto_auth_algorithm algo;
>  	enum fips_sha_test_types test_type;
> +	uint8_t md_blocks;
>  };
> 
>  struct gcm_interim_data {
> diff --git a/examples/fips_validation/fips_validation_hmac.c
> b/examples/fips_validation/fips_validation_hmac.c
> index e0721ef028..f1cbc18435 100644
> --- a/examples/fips_validation/fips_validation_hmac.c
> +++ b/examples/fips_validation/fips_validation_hmac.c
> @@ -37,6 +37,10 @@ struct hash_size_conversion {
>  		{"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
>  		{"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
>  		{"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
> +		{"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
> +		{"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
> +		{"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
> +		{"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
>  };
> 
>  static int
> @@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = {
>  		{"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
>  		{"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
>  		{"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
> +		{"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
> +		{"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
> +		{"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
> +		{"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
>  };
> 
>  struct fips_test_callback hmac_tests_json_vectors[] = { diff --git
> a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index 178ea492d3..8b68f5ed36 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -32,6 +32,10 @@ struct plain_hash_size_conversion {
>  		{"32", RTE_CRYPTO_AUTH_SHA256},
>  		{"48", RTE_CRYPTO_AUTH_SHA384},
>  		{"64", RTE_CRYPTO_AUTH_SHA512},
> +		{"28", RTE_CRYPTO_AUTH_SHA3_224},
> +		{"32", RTE_CRYPTO_AUTH_SHA3_256},
> +		{"48", RTE_CRYPTO_AUTH_SHA3_384},
> +		{"64", RTE_CRYPTO_AUTH_SHA3_512},
>  };
> 
>  int
> @@ -96,12 +100,17 @@ static struct {
>  static struct plain_hash_algorithms {
>  	const char *str;
>  	enum rte_crypto_auth_algorithm algo;
> +	uint8_t md_blocks;
>  } json_algorithms[] = {
> -		{"SHA-1", RTE_CRYPTO_AUTH_SHA1},
> -		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
> -		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
> -		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
> -		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
> +		{"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3},
> +		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3},
> +		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3},
> +		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3},
> +		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3},
> +		{"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1},
> +		{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
> +		{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
> +		{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
>  };
> 
>  struct fips_test_callback sha_tests_json_vectors[] = { @@ -233,6 +242,7 @@
> parse_test_sha_json_algorithm(void)
>  	for (i = 0; i < RTE_DIM(json_algorithms); i++) {
>  		if (strstr(algorithm_str, json_algorithms[i].str)) {
>  			info.interim_info.sha_data.algo =
> json_algorithms[i].algo;
> +			info.interim_info.sha_data.md_blocks =
> json_algorithms[i].md_blocks;
>  			break;
>  		}
>  	}
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index cc585e8418..cf29e440f1 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -2267,22 +2267,27 @@ fips_mct_sha_test(void)  {
>  #define SHA_EXTERN_ITER	100
>  #define SHA_INTERN_ITER	1000
> -#define SHA_MD_BLOCK	3
> +	uint8_t md_blocks = info.interim_info.sha_data.md_blocks;
>  	struct fips_val val = {NULL, 0};
> -	struct fips_val  md[SHA_MD_BLOCK], msg;
> +	struct fips_val  md[md_blocks];
>  	int ret;
> -	uint32_t i, j;
> +	uint32_t i, j, k, offset, max_outlen;
> +
> +	max_outlen = md_blocks * vec.cipher_auth.digest.len;
> +
> +	if (vec.cipher_auth.digest.val)
> +		free(vec.cipher_auth.digest.val);
> +
> +	vec.cipher_auth.digest.val = calloc(1, max_outlen);
> 
> -	msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
> -	msg.val = calloc(1, msg.len);
>  	if (vec.pt.val)
>  		memcpy(vec.cipher_auth.digest.val, vec.pt.val,
> vec.cipher_auth.digest.len);
> 
> -	for (i = 0; i < SHA_MD_BLOCK; i++)
> -		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
> -
>  	rte_free(vec.pt.val);
> -	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK),
> 0);
> +	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*md_blocks), 0);
> +
> +	for (i = 0; i < md_blocks; i++)
> +		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
> 
>  	if (info.file_type != FIPS_TYPE_JSON) {
>  		fips_test_write_one_case();
> @@ -2290,30 +2295,19 @@ fips_mct_sha_test(void)
>  	}
> 
>  	for (j = 0; j < SHA_EXTERN_ITER; j++) {
> -
> -		memcpy(md[0].val, vec.cipher_auth.digest.val,
> -			vec.cipher_auth.digest.len);
> -		md[0].len = vec.cipher_auth.digest.len;
> -		memcpy(md[1].val, vec.cipher_auth.digest.val,
> -			vec.cipher_auth.digest.len);
> -		md[1].len = vec.cipher_auth.digest.len;
> -		memcpy(md[2].val, vec.cipher_auth.digest.val,
> -			vec.cipher_auth.digest.len);
> -		md[2].len = vec.cipher_auth.digest.len;
> -
> -		for (i = 0; i < SHA_MD_BLOCK; i++)
> -			memcpy(&msg.val[i * md[i].len], md[i].val,
> md[i].len);
> +		for (i = 0; i < md_blocks; i++) {
> +			memcpy(md[i].val, vec.cipher_auth.digest.val,
> +				vec.cipher_auth.digest.len);
> +			md[i].len = vec.cipher_auth.digest.len;
> +		}
> 
>  		for (i = 0; i < (SHA_INTERN_ITER); i++) {
> -
> -			memcpy(vec.pt.val, md[0].val,
> -				(size_t)md[0].len);
> -			memcpy((vec.pt.val + md[0].len), md[1].val,
> -				(size_t)md[1].len);
> -			memcpy((vec.pt.val + md[0].len + md[1].len),
> -				md[2].val,
> -				(size_t)md[2].len);
> -			vec.pt.len = md[0].len + md[1].len + md[2].len;
> +			offset = 0;
> +			for (k = 0; k < md_blocks; k++) {
> +				memcpy(vec.pt.val + offset, md[k].val,
> (size_t)md[k].len);
> +				offset += md[k].len;
> +			}
> +			vec.pt.len = offset;
> 
>  			ret = fips_run_test();
>  			if (ret < 0) {
> @@ -2331,18 +2325,18 @@ fips_mct_sha_test(void)
>  			if (ret < 0)
>  				return ret;
> 
> -			memcpy(md[0].val, md[1].val, md[1].len);
> -			md[0].len = md[1].len;
> -			memcpy(md[1].val, md[2].val, md[2].len);
> -			md[1].len = md[2].len;
> +			for (k = 1; k < md_blocks; k++) {
> +				memcpy(md[k-1].val, md[k].val, md[k].len);
> +				md[k-1].len = md[k].len;
> +			}
> 
> -			memcpy(md[2].val, (val.val + vec.pt.len),
> +			memcpy(md[md_blocks-1].val, (val.val + vec.pt.len),
>  				vec.cipher_auth.digest.len);
> -			md[2].len = vec.cipher_auth.digest.len;
> +			md[md_blocks-1].len = vec.cipher_auth.digest.len;
>  		}
> 
> -		memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
> -		vec.cipher_auth.digest.len = md[2].len;
> +		memcpy(vec.cipher_auth.digest.val, md[md_blocks-1].val,
> md[md_blocks-1].len);
> +		vec.cipher_auth.digest.len = md[md_blocks-1].len;
> 
>  		if (info.file_type != FIPS_TYPE_JSON)
>  			fprintf(info.fp_wr, "COUNT = %u\n", j); @@ -2353,14
> +2347,12 @@ fips_mct_sha_test(void)
>  			fprintf(info.fp_wr, "\n");
>  	}
> 
> -	for (i = 0; i < (SHA_MD_BLOCK); i++)
> +	for (i = 0; i < (md_blocks); i++)
>  		rte_free(md[i].val);
> 
>  	rte_free(vec.pt.val);
> 
>  	free(val.val);
> -	free(msg.val);
> -
>  	return 0;
>  }
> 
> --
> 2.25.1

Acked-by: Brian Dooley <brian.dooley at intel.com>
Previous message (by thread): [v1, 02/10] examples/fips_validation: add SHA3 validation
Next message (by thread): [v1, 03/10] examples/fips_validation: fix integer parse in test case
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list