[dpdk-dev] [PATCH 2/2] test/crypto: support block cipher DIGEST_ENCRYPTED mode

Tejasree Kondoj ktejasree at marvell.com
Wed Mar 24 10:18:39 CET 2021
Previous message (by thread): [dpdk-dev] [PATCH 2/2] test/crypto: support block cipher DIGEST_ENCRYPTED mode
Next message (by thread): [dpdk-dev] [PATCH 0/2] support block cipher DIGEST_ENCRYPTED mode
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Akhil,

Please see inline.

Thanks
Tejasree

> -----Original Message-----
> From: Akhil Goyal <gakhil at marvell.com>
> Sent: Wednesday, March 24, 2021 1:18 AM
> To: Tejasree Kondoj <ktejasree at marvell.com>; Radu Nicolau
> <radu.nicolau at intel.com>; Fiona Trahe <fiona.trahe at intel.com>; Fan Zhang
> <roy.fan.zhang at intel.com>; Arek Kusztal <arkadiuszx.kusztal at intel.com>
> Cc: Anoob Joseph <anoobj at marvell.com>; Ankur Dwivedi
> <adwivedi at marvell.com>; Jerin Jacob Kollanukkaran <jerinj at marvell.com>;
> dev at dpdk.org
> Subject: RE: [PATCH 2/2] test/crypto: support block cipher
> DIGEST_ENCRYPTED mode
> 
> > @@ -2565,6 +3052,108 @@ static const struct blockcipher_test_case
> > aes_chain_test_cases[] = {
> >  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY_DEC,
> >  		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> >  	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest"
> > +			"(Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_4_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +		.feature_mask =
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> > +			"Scatter Gather (Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_4_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > +
> > 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> > +			"(short buffers) (Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_13_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +		.feature_mask =
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> > +			"Scatter Gather (Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_4_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > +
> > 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> I believe this is getting repeated with the 2nd case.
[Tejasree] Yes. Will remove duplicate.

> 
> > +	{
> > +		.test_descr = "AES-192-CBC HMAC-SHA1 Encryption Digest "
> > +			"Sessionless (Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_10_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> > |
> > +
> > 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> > +	{
> > +		.test_descr = "AES-256-CBC HMAC-SHA1 Encryption Digest "
> > +			"Scatter Gather Sessionless (Encrypted Digest
> > mode)",
> > +		.test_data = &aes_test_data_11_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > +			BLOCKCIPHER_TEST_FEATURE_SESSIONLESS |
> > +			BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify (Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_4_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask =
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify Scatter Gather (Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_4_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > +
> > 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify (short buffers) (Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_13_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask =
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify Scatter Gather (Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_4_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > +
> > 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> 
> The above one is also duplicate. Please check.
[Tejasree] Yes. Will remove this.

> 
> > +	{
> > +		.test_descr = "AES-256-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify Sessionless (Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_11_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> > |
> > +
> > 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> > +	{
> > +		.test_descr = "AES-192-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify Scatter Gather Sessionless (Encrypted Digest
> > mode)",
> > +		.test_data = &aes_test_data_10_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> > |
> > +				BLOCKCIPHER_TEST_FEATURE_SG |
> > +
> > 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> > +	{
> > +		.test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > +			"Verify Sessionless (Encrypted Digest mode)",
> > +		.test_data = &aes_test_data_4_digest_enc,
> > +		.op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > +		.feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> > |
> > +
> > 	BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > +	},
> >  	{
> >  		.test_descr = "NULL-CIPHER-NULL-AUTH encrypt & gen
> x8byte",
> >  		.test_data = &null_test_data_chain_x8_multiple,
> 
> [snip]
> 
> > @@ -558,18 +620,20 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> >  		}
> >  	}
> >
> > -	if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> > -		uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> > -					tdata->ciphertext.len);
> > +	/* Check digest data only in enc-then-auth_gen case */
> 
> Why? The test vector should have an encrypted digest value to check.
> Otherwise how can we validate that the authentication SHA and encryption
> On that SHA is correct or not?

[Tejasree] Cipher text has both encrypted plain text and encrypted digest value.
If cipher text is correct, it implies digest is generated properly.
Will amend the comment to better reflect this.
> 
> > +	if (!(t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED))
> > +		if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> > +			uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> > +						tdata->ciphertext.len);
> >
> > -		if (memcmp(auth_res, tdata->digest.data, digest_len)) {
> > -			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> > "line %u "
> > -				"FAILED: %s", __LINE__, "Generated "
> > -				"digest data not as expected");
> > -			status = TEST_FAILED;
> > -			goto error_exit;
> > +			if (memcmp(auth_res, tdata->digest.data,
> > digest_len)) {
> > +				snprintf(test_msg,
> > BLOCKCIPHER_TEST_MSG_LEN, "line %u "
> > +					"FAILED: %s", __LINE__, "Generated "
> > +					"digest data not as expected");
> > +				status = TEST_FAILED;
> > +				goto error_exit;
> > +			}
> >  		}
> > -	}
> >
Previous message (by thread): [dpdk-dev] [PATCH 2/2] test/crypto: support block cipher DIGEST_ENCRYPTED mode
Next message (by thread): [dpdk-dev] [PATCH 0/2] support block cipher DIGEST_ENCRYPTED mode
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list