[dpdk-dev] [PATCH v5 6/8] examples/cryptodev_fips_validate: add cmac parser and enablement for test types

Marko Kovacevic marko.kovacevic at intel.com
Wed Oct 17 14:49:35 CEST 2018


Added enablement for CMAC parser, to allow the
application to parser the cmac request files and to validate all
test types supported.

Signed-off-by: Marko Kovacevic <marko.kovacevic at intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal at intel.com>
---
 examples/cryptodev_fips_validate/Makefile          |   1 +
 .../cryptodev_fips_parse_cmac.c                    | 116 +++++++++++++++++++++
 .../cryptodev_fips_parse_validate.c                |   5 +
 .../cryptodev_fips_validate.h                      |   4 +
 examples/cryptodev_fips_validate/main.c            |  43 ++++++++
 examples/cryptodev_fips_validate/meson.build       |   1 +
 6 files changed, 170 insertions(+)
 create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c

diff --git a/examples/cryptodev_fips_validate/Makefile b/examples/cryptodev_fips_validate/Makefile
index f8cfda7..09acfd3 100644
--- a/examples/cryptodev_fips_validate/Makefile
+++ b/examples/cryptodev_fips_validate/Makefile
@@ -9,6 +9,7 @@ SRCS-y := cryptodev_fips_parse_aes.c
 SRCS-y += cryptodev_fips_parse_hmac.c
 SRCS-y += cryptodev_fips_parse_3des.c
 SRCS-y += cryptodev_fips_parse_gcm.c
+SRCS-y += cryptodev_fips_parse_cmac.c
 SRCS-y += cryptodev_fips_parse_validate.c
 SRCS-y += main.c
 
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c
new file mode 100644
index 0000000..37c6317
--- /dev/null
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c
@@ -0,0 +1,116 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Intel Corporation
+ */
+
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+#include <rte_string_fns.h>
+
+#include <rte_cryptodev.h>
+
+#include "cryptodev_fips_validate.h"
+
+#define NEW_LINE_STR	"#"
+#define OP_STR		"CMAC"
+
+#define ALGO_STR	"Alg = "
+#define MODE_STR	"Mode = "
+
+#define COUNT_STR	"Count = "
+#define KLEN_STR	"Klen = "
+#define PTLEN_STR	"Mlen = "
+#define TAGLEN_STR	"Tlen = "
+#define KEY_STR		"Key = "
+#define PT_STR		"Msg = "
+#define TAG_STR		"Mac = "
+
+#define GEN_STR		"Generate"
+#define VERIF_STR	"Verify"
+
+#define POS_NEG_STR	"Result = "
+#define PASS_STR	"P"
+#define FAIL_STR	"F"
+
+struct hash_algo_conversion {
+	const char *str;
+	enum fips_test_algorithms algo;
+} cmac_algo[] = {
+		{"AES", FIPS_TEST_ALGO_AES_CMAC},
+};
+
+static int
+parse_test_cmac_writeback(struct fips_val *val)
+{
+	if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
+		struct fips_val tmp_val = {val->val + vec.pt.len,
+				vec.cipher_auth.digest.len};
+
+		fprintf(info.fp_wr, "%s", TAG_STR);
+		parse_write_hex_str(&tmp_val);
+	} else {
+		fprintf(info.fp_wr, "%s", POS_NEG_STR);
+
+		if (vec.status == RTE_CRYPTO_OP_STATUS_SUCCESS)
+			fprintf(info.fp_wr, "%s\n", PASS_STR);
+		else if (vec.status == RTE_CRYPTO_OP_STATUS_AUTH_FAILED)
+			fprintf(info.fp_wr, "%s\n", FAIL_STR);
+		else
+			fprintf(info.fp_wr, "Error\n");
+	}
+
+	return 0;
+}
+
+struct fips_test_callback cmac_tests_vectors[] = {
+		{KLEN_STR, parser_read_uint32_val, &vec.cipher_auth.key},
+		{PTLEN_STR, parser_read_uint32_val, &vec.pt},
+		{TAGLEN_STR, parser_read_uint32_val, &vec.cipher_auth.digest},
+		{KEY_STR, parse_uint8_hex_str, &vec.cipher_auth.key},
+		{PT_STR, parse_uint8_known_len_hex_str, &vec.pt},
+		{TAG_STR, parse_uint8_known_len_hex_str,
+				&vec.cipher_auth.digest},
+		{NULL, NULL, NULL} /**< end pointer */
+};
+
+int
+parse_test_cmac_init(void)
+{
+	char *tmp;
+	uint32_t i, j;
+
+	for (i = 0; i < info.nb_vec_lines; i++) {
+		char *line = info.vec[i];
+
+		tmp = strstr(line, ALGO_STR);
+		if (!tmp)
+			continue;
+
+		for (j = 0; j < RTE_DIM(cmac_algo); j++) {
+			if (!strstr(line, cmac_algo[j].str))
+				continue;
+
+			info.algo = cmac_algo[j].algo;
+			break;
+		}
+
+		if (j == RTE_DIM(cmac_algo))
+			return -EINVAL;
+
+		tmp = strstr(line, MODE_STR);
+		if (!tmp)
+			return -1;
+
+		if (strstr(tmp, GEN_STR))
+			info.op = FIPS_TEST_ENC_AUTH_GEN;
+		else if (strstr(tmp, VERIF_STR))
+			info.op = FIPS_TEST_DEC_AUTH_VERIF;
+		else
+			return -EINVAL;
+	}
+
+	info.parse_writeback = parse_test_cmac_writeback;
+	info.callbacks = cmac_tests_vectors;
+
+	return 0;
+}
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
index d45c88d..4617c67 100644
--- a/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
@@ -114,6 +114,11 @@ fips_test_parse_header(void)
 			ret = parse_test_gcm_init();
 			if (ret < 0)
 				return ret;
+		} else if (strstr(info.vec[i], "CMAC")) {
+			info.algo = FIPS_TEST_ALGO_AES_CMAC;
+			ret = parse_test_cmac_init();
+			if (ret < 0)
+				return 0;
 		} else if (strstr(info.vec[i], "HMAC")) {
 			info.algo = FIPS_TEST_ALGO_HMAC;
 			ret = parse_test_hmac_init();
diff --git a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
index 685bc0b..7bd1e9a 100644
--- a/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
+++ b/examples/cryptodev_fips_validate/cryptodev_fips_validate.h
@@ -25,6 +25,7 @@
 enum fips_test_algorithms {
 		FIPS_TEST_ALGO_AES = 0,
 		FIPS_TEST_ALGO_AES_GCM,
+		FIPS_TEST_ALGO_AES_CMAC,
 		FIPS_TEST_ALGO_HMAC,
 		FIPS_TEST_ALGO_TDES,
 		FIPS_TEST_ALGO_MAX
@@ -176,6 +177,9 @@ int
 parse_test_gcm_init(void);
 
 int
+parse_test_cmac_init(void);
+
+int
 parser_read_uint8_hex(uint8_t *value, const char *p);
 
 int
diff --git a/examples/cryptodev_fips_validate/main.c b/examples/cryptodev_fips_validate/main.c
index 93b2420..51ee4ad 100644
--- a/examples/cryptodev_fips_validate/main.c
+++ b/examples/cryptodev_fips_validate/main.c
@@ -688,6 +688,44 @@ prepare_gcm_xform(struct rte_crypto_sym_xform *xform)
 	return 0;
 }
 
+static int
+prepare_cmac_xform(struct rte_crypto_sym_xform *xform)
+{
+	const struct rte_cryptodev_symmetric_capability *cap;
+	struct rte_cryptodev_sym_capability_idx cap_idx;
+	struct rte_crypto_auth_xform *auth_xform = &xform->auth;
+
+	xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+	auth_xform->algo = RTE_CRYPTO_AUTH_AES_CMAC;
+	auth_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
+			RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY;
+	auth_xform->digest_length = vec.cipher_auth.digest.len;
+	auth_xform->key.data = vec.cipher_auth.key.val;
+	auth_xform->key.length = vec.cipher_auth.key.len;
+
+	cap_idx.algo.auth = auth_xform->algo;
+	cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+	cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
+	if (!cap) {
+		RTE_LOG(ERR, USER1, "Failed to get capability for cdev %u\n",
+				env.dev_id);
+		return -EINVAL;
+	}
+
+	if (rte_cryptodev_sym_capability_check_auth(cap,
+			auth_xform->key.length,
+			auth_xform->digest_length, 0) != 0) {
+		RTE_LOG(ERR, USER1, "PMD %s key length %u IV length %u\n",
+				info.device_name, auth_xform->key.length,
+				auth_xform->digest_length);
+		return -EPERM;
+	}
+
+	return 0;
+}
+
 static void
 get_writeback_data(struct fips_val *val)
 {
@@ -1048,6 +1086,11 @@ init_test_ops(void)
 		test_ops.prepare_xform = prepare_gcm_xform;
 		test_ops.test = fips_generic_test;
 		break;
+	case FIPS_TEST_ALGO_AES_CMAC:
+		test_ops.prepare_op = prepare_auth_op;
+		test_ops.prepare_xform = prepare_cmac_xform;
+		test_ops.test = fips_generic_test;
+		break;
 	default:
 		return -1;
 	}
diff --git a/examples/cryptodev_fips_validate/meson.build b/examples/cryptodev_fips_validate/meson.build
index 3175993..de6de7b 100644
--- a/examples/cryptodev_fips_validate/meson.build
+++ b/examples/cryptodev_fips_validate/meson.build
@@ -13,6 +13,7 @@ sources = files(
 	'cryptodev_fips_parse_hmac.c',
 	'cryptodev_fips_parse_3des.c',
 	'cryptodev_fips_parse_gcm.c',
+	'cryptodev_fips_parse_cmac.c',
 	'cryptodev_fips_parse_validate.c',
 	'main.c'
 )
-- 
2.9.5



More information about the dev mailing list