[dpdk-dev] [PATCH v2 5/8] examples: add gcm parser

Fan Zhang roy.fan.zhang at intel.com
Thu Oct 4 11:40:12 CEST 2018


From: Marko Kovacevic <marko.kovacevic at intel.com>

Added enablement for GCM parser, to allow the
application to parser the GCM request file and to validate all
tests supported.

Signed-off-by: Marko Kovacevic <marko.kovacevic at intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
---
 examples/cryptodev_fips_validate/Makefile          |   1 +
 .../cryptodev_fips_parse_gcm.c                     | 125 +++++++++++++++++++++
 .../cryptodev_fips_parse_validate.c                |   5 +
 .../cryptodev_fips_validate.h                      |   4 +
 examples/cryptodev_fips_validate/main.c            | 116 ++++++++++++++++++-
 examples/cryptodev_fips_validate/meson.build       |   1 +
 6 files changed, 251 insertions(+), 1 deletion(-)
 create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_gcm.c

diff --git a/examples/cryptodev_fips_validate/Makefile b/examples/cryptodev_fips_validate/Makefile
index 54ea43ffd..1eb0108bd 100644
--- a/examples/cryptodev_fips_validate/Makefile
+++ b/examples/cryptodev_fips_validate/Makefile
@@ -8,6 +8,7 @@ APP = cryptodev_fips_validate_app
 SRCS-y := cryptodev_fips_parse_aes.c
 SRCS-y += cryptodev_fips_parse_hmac.c
 SRCS-y += cryptodev_fips_parse_3des.c
+SRCS-y += cryptodev_fips_parse_gcm.c
 SRCS-y += cryptodev_fips_parse_validate.c
 SRCS-y += main.c
 
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_gcm.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_gcm.c
new file mode 100644
index 000000000..6999dad7f
--- /dev/null
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_gcm.c
@@ -0,0 +1,125 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+
+#include <rte_cryptodev.h>
+
+#include "cryptodev_fips_validate.h"
+
+#define NEW_LINE_STR	"#"
+#define OP_STR		"GCM "
+
+#define PARAM_PREFIX	"["
+#define KEYLEN_STR	"Keylen = "
+#define IVLEN_STR	"IVlen = "
+#define PTLEN_STR	"PTlen = "
+#define AADLEN_STR	"AADlen = "
+#define TAGLEN_STR	"Taglen = "
+
+#define COUNT_STR	"Count = "
+#define KEY_STR		"Key = "
+#define IV_STR		"IV = "
+#define PT_STR		"PT = "
+#define CT_STR		"CT = "
+#define TAG_STR		"Tag = "
+#define AAD_STR		"AAD = "
+
+#define OP_ENC_STR	"Encrypt"
+#define OP_DEC_STR	"Decrypt"
+
+#define NEG_TEST_STR	"FAIL"
+
+struct fips_test_callback gcm_dec_vectors[] = {
+		{KEY_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
+		{IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
+		{CT_STR, parse_uint8_known_len_hex_str, &vec.ct},
+		{AAD_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.aad},
+		{TAG_STR, parse_uint8_known_len_hex_str,
+				&vec.cipher_auth.digest},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+struct fips_test_callback gcm_interim_vectors[] = {
+		{KEYLEN_STR, parser_read_uint32_bit_val, &vec.cipher_auth.key},
+		{IVLEN_STR, parser_read_uint32_bit_val, &vec.iv},
+		{PTLEN_STR, parser_read_uint32_bit_val, &vec.pt},
+		{AADLEN_STR, parser_read_uint32_bit_val, &vec.cipher_auth.aad},
+		{TAGLEN_STR, parser_read_uint32_bit_val,
+				&vec.cipher_auth.digest},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback gcm_enc_vectors[] = {
+		{KEY_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.key},
+		{IV_STR, parse_uint8_known_len_hex_str, &vec.iv},
+		{PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
+		{AAD_STR, parse_uint8_known_len_hex_str, &vec.cipher_auth.aad},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
+static int
+parse_test_gcm_writeback(struct fips_val *val)
+{
+	struct fips_val tmp_val;
+
+	if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+		fprintf(info.fp_wr, "%s", CT_STR);
+
+		tmp_val.val = val->val;
+		tmp_val.len = vec.pt.len;
+
+		parse_write_hex_str(&tmp_val);
+
+		fprintf(info.fp_wr, "%s", TAG_STR);
+
+		tmp_val.val = val->val + vec.pt.len;
+		tmp_val.len = val->len - vec.pt.len;
+
+		parse_write_hex_str(&tmp_val);
+	} else {
+		if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
+			fprintf(info.fp_wr, "%s", PT_STR);
+
+			tmp_val.val = val->val;
+			tmp_val.len = vec.pt.len;
+
+			parse_write_hex_str(&tmp_val);
+		} else
+			fprintf(info.fp_wr, "%s\n", NEG_TEST_STR);
+	}
+
+	return 0;
+}
+
+int
+parse_test_gcm_init(void)
+{
+	char *tmp;
+	uint32_t i;
+
+
+	for (i = 0; i < info.nb_vec_lines; i++) {
+		char *line = info.vec[i];
+
+
+		tmp = strstr(line, OP_STR);
+		if (tmp) {
+			if (strstr(line, OP_ENC_STR)) {
+				info.op = FIPS_TEST_ENC_AUTH_GEN;
+				info.callbacks = gcm_enc_vectors;
+			} else if (strstr(line, OP_DEC_STR)) {
+				info.op = FIPS_TEST_DEC_AUTH_VERIF;
+				info.callbacks = gcm_dec_vectors;
+			} else
+				return -EINVAL;
+		}
+	}
+
+	info.interim_callbacks = gcm_interim_vectors;
+	info.parse_writeback = parse_test_gcm_writeback;
+
+	return 0;
+}
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
index bb396e54d..d45c88de6 100644
--- a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
@@ -109,6 +109,11 @@ fips_test_parse_header(void)
 			ret = parse_test_aes_init();
 			if (ret < 0)
 				return ret;
+		} else if (strstr(info.vec[i], "GCM")) {
+			info.algo = FIPS_TEST_ALGO_AES_GCM;
+			ret = parse_test_gcm_init();
+			if (ret < 0)
+				return ret;
 		} else if (strstr(info.vec[i], "HMAC")) {
 			info.algo = FIPS_TEST_ALGO_HMAC;
 			ret = parse_test_hmac_init();
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
index c9b11dda2..685bc0bf8 100644
--- a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
@@ -24,6 +24,7 @@
 
 enum fips_test_algorithms {
 		FIPS_TEST_ALGO_AES = 0,
+		FIPS_TEST_ALGO_AES_GCM,
 		FIPS_TEST_ALGO_HMAC,
 		FIPS_TEST_ALGO_TDES,
 		FIPS_TEST_ALGO_MAX
@@ -172,6 +173,9 @@ int
 parse_test_hmac_init(void);
 
 int
+parse_test_gcm_init(void);
+
+int
 parser_read_uint8_hex(uint8_t *value, const char *p);
 
 int
diff --git a/examples/cryptodev_fips_validate/main.c b/examples/cryptodev_fips_validate/main.c
index 8a9622f02..426baf002 100644
--- a/examples/cryptodev_fips_validate/main.c
+++ b/examples/cryptodev_fips_validate/main.c
@@ -461,6 +461,70 @@ prepare_auth_op(void)
 }
 
 static int
+prepare_aead_op(void)
+{
+	struct rte_crypto_sym_op *sym = env.op->sym;
+	uint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *, IV_OFF);
+
+	__rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+	rte_pktmbuf_reset(env.mbuf);
+
+	memcpy(iv, vec.iv.val, vec.iv.len);
+
+	sym->m_src = env.mbuf;
+	sym->aead.data.offset = 0;
+	sym->aead.aad.data = vec.aead.aad.val;
+	sym->aead.aad.phys_addr = rte_malloc_virt2iova(sym->aead.aad.data);
+
+	if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+		uint8_t *pt;
+
+		if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) {
+			RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len);
+			return -EPERM;
+		}
+
+		pt = (uint8_t *)rte_pktmbuf_append(env.mbuf,
+				vec.pt.len + vec.aead.digest.len);
+
+		if (!pt) {
+			RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
+					-ENOMEM);
+			return -ENOMEM;
+		}
+
+		memcpy(pt, vec.pt.val, vec.pt.len);
+		sym->aead.data.length = vec.pt.len;
+		sym->aead.digest.data = pt + vec.pt.len;
+		sym->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+				env.mbuf, vec.pt.len);
+	} else {
+		uint8_t *ct;
+
+		if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) {
+			RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len);
+			return -EPERM;
+		}
+
+		ct = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.ct.len);
+
+		if (!ct) {
+			RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n",
+					-ENOMEM);
+			return -ENOMEM;
+		}
+
+		memcpy(ct, vec.ct.val, vec.ct.len);
+		sym->aead.data.length = vec.ct.len;
+		sym->aead.digest.data = vec.aead.digest.val;
+		sym->aead.digest.phys_addr = rte_malloc_virt2iova(
+				sym->aead.digest.data);
+	}
+
+	rte_crypto_op_attach_sym_session(env.op, env.sess);
+}
+
+static int
 prepare_aes_xform(struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_cryptodev_symmetric_capability *cap;
@@ -577,6 +641,52 @@ prepare_hmac_xform(struct rte_crypto_sym_xform *xform)
 	return 0;
 }
 
+static int
+prepare_gcm_xform(struct rte_crypto_sym_xform *xform)
+{
+	const struct rte_cryptodev_symmetric_capability *cap;
+	struct rte_cryptodev_sym_capability_idx cap_idx;
+	struct rte_crypto_aead_xform *aead_xform = &xform->aead;
+
+	xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
+
+	aead_xform->algo = RTE_CRYPTO_AEAD_AES_GCM;
+	aead_xform->aad_length = vec.aead.aad.len;
+	aead_xform->digest_length = vec.aead.digest.len;
+	aead_xform->iv.offset = IV_OFF;
+	aead_xform->iv.length = vec.iv.len;
+	aead_xform->key.data = vec.aead.key.val;
+	aead_xform->key.length = vec.aead.key.len;
+	aead_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+			RTE_CRYPTO_AEAD_OP_ENCRYPT :
+			RTE_CRYPTO_AEAD_OP_DECRYPT;
+
+	cap_idx.algo.aead = aead_xform->algo;
+	cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+
+	cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+	if (!cap) {
+		RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+				env.dev_id);
+		return -EINVAL;
+	}
+
+	if (rte_cryptodev_sym_capability_check_aead(cap,
+			aead_xform->key.length,
+			aead_xform->digest_length, aead_xform->aad_length,
+			aead_xform->iv.length) != 0) {
+		RTE_LOG(ERR, USER1,
+			"PMD %s key_len %u tag_len %u aad_len %u iv_len %u\n",
+				info.device_name, aead_xform->key.length,
+				aead_xform->digest_length,
+				aead_xform->aad_length,
+				aead_xform->iv.length);
+		return -EPERM;
+	}
+
+	return 0;
+}
+
 static void
 get_writeback_data(struct fips_val *val)
 {
@@ -932,7 +1042,11 @@ init_test_ops(void)
 		else
 			test_ops.test = fips_generic_test;
 		break;
-
+	case FIPS_TEST_ALGO_AES_GCM:
+		test_ops.prepare_op = prepare_aead_op;
+		test_ops.prepare_xform = prepare_gcm_xform;
+		test_ops.test = fips_generic_test;
+		break;
 	default:
 		return -1;
 	}
diff --git a/examples/cryptodev_fips_validate/meson.build b/examples/cryptodev_fips_validate/meson.build
index a18e76d4b..510d2a79e 100644
--- a/examples/cryptodev_fips_validate/meson.build
+++ b/examples/cryptodev_fips_validate/meson.build
@@ -12,6 +12,7 @@ sources = files(
 	'cryptodev_fips_parse_aes.c',
 	'cryptodev_fips_parse_hmac.c',
 	'cryptodev_fips_parse_3des.c',
+	'cryptodev_fips_parse_gcm.c',
 	'cryptodev_fips_parse_validate.c',
 	'main.c'
 )
-- 
2.13.6



More information about the dev mailing list