[dpdk-dev] [PATCH 02/12] examples/fips: added support for TDES ECB mode in FIPS tests

michaelsh at marvell.com michaelsh at marvell.com
Mon Aug 26 11:41:10 CEST 2019


From: Michael Shamis <michaelsh at marvell.com>

Signed-off-by: Michael Shamis <michaelsh at marvell.com>
---
 examples/fips_validation/fips_validation.c    |  1 +
 examples/fips_validation/fips_validation.h    |  7 +++++
 .../fips_validation/fips_validation_tdes.c    |  7 +++++
 examples/fips_validation/main.c               | 27 ++++++++++++++++---
 4 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 80fd482a1..fe3bcc386 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -259,6 +259,7 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
 
 	fips_test_clear();
 
+	strcpy(info.file_name, req_file_path);
 	info.algo = FIPS_TEST_ALGO_MAX;
 	if (parse_file_type(req_file_path) < 0) {
 		RTE_LOG(ERR, USER1, "File %s type not supported\n",
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index b604db9ec..d487fb005 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -105,6 +105,11 @@ enum fips_tdes_test_types {
 	TDES_MMT /* Multi block Message Test */
 };
 
+enum fips_tdes_test_mode {
+	TDES_MODE_CBC = 0,
+	TDES_MODE_ECB
+};
+
 enum fips_ccm_test_types {
 	CCM_VADT	= 1, /* Variable Associated Data Test */
 	CCM_VPT,		 /* Variable Payload Test */
@@ -130,6 +135,7 @@ struct hmac_interim_data {
 
 struct tdes_interim_data {
 	enum fips_tdes_test_types test_type;
+	enum fips_tdes_test_mode test_mode;
 	uint32_t nb_keys;
 };
 
@@ -156,6 +162,7 @@ struct fips_test_interim_info {
 	char *vec[MAX_LINE_PER_VECTOR];
 	uint32_t nb_vec_lines;
 	char device_name[MAX_STRING_SIZE];
+	char file_name[MAX_STRING_SIZE];
 
 	union {
 		struct aesavs_interim_data aes_data;
diff --git a/examples/fips_validation/fips_validation_tdes.c b/examples/fips_validation/fips_validation_tdes.c
index 15ee434e1..d7f4d58b0 100644
--- a/examples/fips_validation/fips_validation_tdes.c
+++ b/examples/fips_validation/fips_validation_tdes.c
@@ -12,6 +12,7 @@
 
 #define NEW_LINE_STR	"#"
 #define TEST_TYPE_KEY	" for CBC"
+#define TEST_TYPE_ECB_KEY	" for ECB"
 #define TEST_CBCI_KEY	" for CBCI"
 
 #define ENC_STR		"[ENCRYPT]"
@@ -250,6 +251,12 @@ parse_test_tdes_init(void)
 			if (strstr(line, test_types[j].desc)) {
 				info.interim_info.tdes_data.test_type =
 						test_types[j].type;
+				if (strstr(line, TEST_TYPE_ECB_KEY))
+					info.interim_info.tdes_data.test_mode =
+						TDES_MODE_ECB;
+				else
+					info.interim_info.tdes_data.test_mode =
+						TDES_MODE_CBC;
 				break;
 			}
 	}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 813534068..7a379bc99 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -689,16 +689,24 @@ prepare_tdes_xform(struct rte_crypto_sym_xform *xform)
 
 	xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 
-	cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_CBC;
+	if (info.interim_info.tdes_data.test_mode == TDES_MODE_CBC)
+		cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_CBC;
+	else
+		cipher_xform->algo = RTE_CRYPTO_CIPHER_3DES_ECB;
 	cipher_xform->op = (info.op == FIPS_TEST_ENC_AUTH_GEN) ?
 			RTE_CRYPTO_CIPHER_OP_ENCRYPT :
 			RTE_CRYPTO_CIPHER_OP_DECRYPT;
 	cipher_xform->key.data = vec.cipher_auth.key.val;
 	cipher_xform->key.length = vec.cipher_auth.key.len;
-	cipher_xform->iv.length = vec.iv.len;
-	cipher_xform->iv.offset = IV_OFF;
 
-	cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_3DES_CBC;
+	if (cipher_xform->algo == RTE_CRYPTO_CIPHER_3DES_CBC) {
+		cipher_xform->iv.length = vec.iv.len;
+		cipher_xform->iv.offset = IV_OFF;
+	} else {
+		cipher_xform->iv.length = 0;
+		cipher_xform->iv.offset = 0;
+	}
+	cap_idx.algo.cipher = cipher_xform->algo;
 	cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 
 	cap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);
@@ -1387,6 +1395,17 @@ init_test_ops(void)
 			test_ops.test = fips_generic_test;
 		break;
 	default:
+		if (strstr(info.file_name, "TECB") ||
+				strstr(info.file_name, "TCBC")) {
+			info.algo = FIPS_TEST_ALGO_TDES;
+			test_ops.prepare_op = prepare_cipher_op;
+			test_ops.prepare_xform	= prepare_tdes_xform;
+			if (info.interim_info.tdes_data.test_type == TDES_MCT)
+				test_ops.test = fips_mct_tdes_test;
+			else
+				test_ops.test = fips_generic_test;
+			break;
+		}
 		return -1;
 	}
 
-- 
2.23.0



More information about the dev mailing list