[dpdk-dev] [PATCH 2/2] test/crypto: support block cipher DIGEST_ENCRYPTED mode

[Akhil Goyal]

> @@ -2565,6 +3052,108 @@ static const struct blockcipher_test_case
> aes_chain_test_cases[] = {
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY_DEC,
>  		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
>  	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest"
> +			"(Encrypted Digest mode)",
> +		.test_data = &aes_test_data_4_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +		.feature_mask =
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> +			"Scatter Gather (Encrypted Digest mode)",
> +		.test_data = &aes_test_data_4_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> +
> 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> +			"(short buffers) (Encrypted Digest mode)",
> +		.test_data = &aes_test_data_13_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +		.feature_mask =
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> +			"Scatter Gather (Encrypted Digest mode)",
> +		.test_data = &aes_test_data_4_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> +
> 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
I believe this is getting repeated with the 2nd case.

> +	{
> +		.test_descr = "AES-192-CBC HMAC-SHA1 Encryption Digest "
> +			"Sessionless (Encrypted Digest mode)",
> +		.test_data = &aes_test_data_10_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> |
> +
> 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
> +	{
> +		.test_descr = "AES-256-CBC HMAC-SHA1 Encryption Digest "
> +			"Scatter Gather Sessionless (Encrypted Digest
> mode)",
> +		.test_data = &aes_test_data_11_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> +			BLOCKCIPHER_TEST_FEATURE_SESSIONLESS |
> +			BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify (Encrypted Digest mode)",
> +		.test_data = &aes_test_data_4_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask =
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify Scatter Gather (Encrypted Digest mode)",
> +		.test_data = &aes_test_data_4_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> +
> 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify (short buffers) (Encrypted Digest mode)",
> +		.test_data = &aes_test_data_13_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask =
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify Scatter Gather (Encrypted Digest mode)",
> +		.test_data = &aes_test_data_4_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> +
> 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},

The above one is also duplicate. Please check.

> +	{
> +		.test_descr = "AES-256-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify Sessionless (Encrypted Digest mode)",
> +		.test_data = &aes_test_data_11_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> |
> +
> 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
> +	{
> +		.test_descr = "AES-192-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify Scatter Gather Sessionless (Encrypted Digest
> mode)",
> +		.test_data = &aes_test_data_10_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> |
> +				BLOCKCIPHER_TEST_FEATURE_SG |
> +
> 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> +			"Verify Sessionless (Encrypted Digest mode)",
> +		.test_data = &aes_test_data_4_digest_enc,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> |
> +
> 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> +	},
>  	{
>  		.test_descr = "NULL-CIPHER-NULL-AUTH encrypt & gen
> x8byte",
>  		.test_data = &null_test_data_chain_x8_multiple,

[snip]

> @@ -558,18 +620,20 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  		}
>  	}
> 
> -	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> -		uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> -					tdata->ciphertext.len);
> +	/* Check digest data only in enc-then-auth_gen case */

Why? The test vector should have an encrypted digest value to check.
Otherwise how can we validate that the authentication SHA and encryption
On that SHA is correct or not?

> +	if (!(t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED))
> +		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> +			uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> +						tdata->ciphertext.len);
> 
> -		if (memcmp(auth_res, tdata->digest.data, digest_len)) {
> -			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> "line %u "
> -				"FAILED: %s", __LINE__, "Generated "
> -				"digest data not as expected");
> -			status = TEST_FAILED;
> -			goto error_exit;
> +			if (memcmp(auth_res, tdata->digest.data,
> digest_len)) {
> +				snprintf(test_msg,
> BLOCKCIPHER_TEST_MSG_LEN, "line %u "
> +					"FAILED: %s", __LINE__, "Generated "
> +					"digest data not as expected");
> +				status = TEST_FAILED;
> +				goto error_exit;
> +			}
>  		}
> -	}
>