test/crypto: add unit tests for AES-CTR + AES CMAC
Checks
Commit Message
This patch adds tests for AES-CTR + AES CMAC using mixed
auth-cipher algorithm functions. Tests allow easy
extending with new cases, check in-place and
out-of-place operations and use linear and sgl
buffers as input/output.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
app/test/test_cryptodev.c | 488 ++++++++++++++++++-
app/test/test_cryptodev_mixed_test_vectors.h | 172 +++++++
2 files changed, 656 insertions(+), 4 deletions(-)
create mode 100644 app/test/test_cryptodev_mixed_test_vectors.h
Comments
Hi Adam,
Can you add some information that it is digest encrypted case?
This change also needs change in QAT capabilities (currently we support 12-16 bytes digest size), I will send it as a fix as 3gpp specifies MAC-I for CMAC as MSb32, same way as IPSec CMAC-96 (MSb96) which is already working.
> -----Original Message-----
> From: Dybkowski, AdamX
> Sent: Friday, October 18, 2019 3:03 PM
> To: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; Kusztal,
> ArkadiuszX <arkadiuszx.kusztal@intel.com>;
> Naveen.Kumar@commagility.com
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Subject: [PATCH] test/crypto: add unit tests for AES-CTR + AES CMAC
>
> This patch adds tests for AES-CTR + AES CMAC using mixed auth-cipher
> algorithm functions. Tests allow easy extending with new cases, check in-
> place and out-of-place operations and use linear and sgl buffers as
> input/output.
>
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> ---
> app/test/test_cryptodev.c | 488 ++++++++++++++++++-
> app/test/test_cryptodev_mixed_test_vectors.h | 172 +++++++
> 2 files changed, 656 insertions(+), 4 deletions(-) create mode 100644
> app/test/test_cryptodev_mixed_test_vectors.h
>
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index
> 65d80837a..d5a8ec440 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -38,6 +38,7 @@
> #include "test_cryptodev_zuc_test_vectors.h"
> #include "test_cryptodev_aead_test_vectors.h"
> #include "test_cryptodev_hmac_test_vectors.h"
> +#include "test_cryptodev_mixed_test_vectors.h"
> #ifdef RTE_LIBRTE_SECURITY
> #include "test_cryptodev_security_pdcp_test_vectors.h"
> #include "test_cryptodev_security_pdcp_test_func.h"
> @@ -3021,6 +3022,11 @@
> create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
> struct crypto_testsuite_params *ts_params = &testsuite_params;
> struct crypto_unittest_params *ut_params = &unittest_params;
>
> + enum rte_crypto_cipher_algorithm cipher_algo =
> + ut_params->cipher_xform.cipher.algo;
> + enum rte_crypto_auth_algorithm auth_algo =
> + ut_params->auth_xform.auth.algo;
> +
> /* Generate Crypto op data structure */
> ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
> RTE_CRYPTO_OP_TYPE_SYMMETRIC);
> @@ -3076,11 +3082,25 @@
> create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
> iv_ptr += cipher_iv_len;
> rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
>
> - sym_op->cipher.data.length = cipher_len;
> - sym_op->cipher.data.offset = cipher_offset;
> + if (cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
> + cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
> + cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3) {
> + sym_op->cipher.data.length = cipher_len;
> + sym_op->cipher.data.offset = cipher_offset;
> + } else {
> + sym_op->cipher.data.length = cipher_len >> 3;
> + sym_op->cipher.data.offset = cipher_offset >> 3;
> + }
>
> - sym_op->auth.data.length = auth_len;
> - sym_op->auth.data.offset = auth_offset;
> + if (auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
> + auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9 ||
> + auth_algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
> + sym_op->auth.data.length = auth_len;
> + sym_op->auth.data.offset = auth_offset;
> + } else {
> + sym_op->auth.data.length = auth_len >> 3;
> + sym_op->auth.data.offset = auth_offset >> 3;
> + }
>
> return 0;
> }
> @@ -6511,6 +6531,446 @@
> test_zuc_auth_cipher_verify_test_case_1_oop_sgl(void)
> &zuc_auth_cipher_test_case_1, OUT_OF_PLACE, 1); }
>
> +static int
> +test_mixed_check_if_unsupported(const struct
> +mixed_cipher_auth_test_data *tdata) {
> + uint8_t dev_id = testsuite_params.valid_devs[0];
> +
> + struct rte_cryptodev_sym_capability_idx cap_idx;
> +
> + /* Check if device supports particular cipher algorithm */
> + cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
> + cap_idx.algo.cipher = tdata->cipher_algo;
> + if (rte_cryptodev_sym_capability_get(dev_id, &cap_idx) == NULL)
> + return -ENOTSUP;
> +
> + /* Check if device supports particular hash algorithm */
> + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
> + cap_idx.algo.auth = tdata->auth_algo;
> + if (rte_cryptodev_sym_capability_get(dev_id, &cap_idx) == NULL)
> + return -ENOTSUP;
> +
> + return 0;
> +}
> +
> +static int
> +test_mixed_auth_cipher(const struct mixed_cipher_auth_test_data *tdata,
> + uint8_t op_mode, uint8_t verify)
> +{
> + struct crypto_testsuite_params *ts_params = &testsuite_params;
> + struct crypto_unittest_params *ut_params = &unittest_params;
> +
> + int retval;
> +
> + uint8_t *plaintext = NULL, *ciphertext = NULL;
> + unsigned int plaintext_pad_len;
> + unsigned int plaintext_len;
> + unsigned int ciphertext_pad_len;
> + unsigned int ciphertext_len;
> +
> + struct rte_cryptodev_info dev_info;
> +
> + /* Check if device supports particular algorithms */
> + if (test_mixed_check_if_unsupported(tdata))
> + return -ENOTSUP;
> +
> + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
> +
> + uint64_t feat_flags = dev_info.feature_flags;
> +
> + if (op_mode == OUT_OF_PLACE) {
> + if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
> + printf("Device doesn't support digest encrypted.\n");
> + return -ENOTSUP;
> + }
> + }
> +
> + /* Create the session */
> + retval = create_wireless_algo_auth_cipher_session(
> + ts_params->valid_devs[0],
> + (verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
> + :
> RTE_CRYPTO_CIPHER_OP_ENCRYPT),
> + (verify ? RTE_CRYPTO_AUTH_OP_VERIFY
> + :
> RTE_CRYPTO_AUTH_OP_GENERATE),
> + tdata->auth_algo,
> + tdata->cipher_algo,
> + tdata->auth_key.data, tdata->auth_key.len,
> + tdata->auth_iv.len, tdata->digest_enc.len,
> + tdata->cipher_iv.len);
> +
> + if (retval < 0)
> + return retval;
> +
> + ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
> + if (op_mode == OUT_OF_PLACE)
> + ut_params->obuf = rte_pktmbuf_alloc(ts_params-
> >mbuf_pool);
> +
> + /* clear mbuf payload */
> + memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
> + rte_pktmbuf_tailroom(ut_params->ibuf));
> + if (op_mode == OUT_OF_PLACE)
> + memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
> + rte_pktmbuf_tailroom(ut_params->obuf));
> +
> + ciphertext_len = ceil_byte_length(tdata->ciphertext.len_bits);
> + plaintext_len = ceil_byte_length(tdata->plaintext.len_bits);
> + ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
> + plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
> +
> + if (verify) {
> + ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params-
> >ibuf,
> + ciphertext_pad_len);
> + memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
> + if (op_mode == OUT_OF_PLACE)
> + rte_pktmbuf_append(ut_params->obuf,
> ciphertext_pad_len);
> + debug_hexdump(stdout, "ciphertext:", ciphertext,
> + ciphertext_len);
> + } else {
> + plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
> + plaintext_pad_len);
> + memcpy(plaintext, tdata->plaintext.data, plaintext_len);
> + if (op_mode == OUT_OF_PLACE)
> + rte_pktmbuf_append(ut_params->obuf,
> plaintext_pad_len);
> + debug_hexdump(stdout, "plaintext:", plaintext,
> plaintext_len);
> + }
> +
> + /* Create the operation */
> + retval = create_wireless_algo_auth_cipher_operation(
> + tdata->digest_enc.len,
> + tdata->cipher_iv.data, tdata->cipher_iv.len,
> + tdata->auth_iv.data, tdata->auth_iv.len,
> + (tdata->digest_enc.offset == 0 ?
> + (verify ? ciphertext_pad_len : plaintext_pad_len)
> + : tdata->digest_enc.offset),
> + tdata->validCipherLen.len_bits,
> + tdata->cipher.offset_bits,
> + tdata->validAuthLen.len_bits,
> + tdata->auth.offset_bits,
> + op_mode, 0);
> +
> + if (retval < 0)
> + return retval;
> +
> + ut_params->op = process_crypto_request(ts_params->valid_devs[0],
> + ut_params->op);
> +
> + TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
> +
> + ut_params->obuf = (op_mode == IN_PLACE ?
> + ut_params->op->sym->m_src : ut_params->op->sym-
> >m_dst);
> +
> + if (verify) {
> + if (ut_params->obuf)
> + plaintext = rte_pktmbuf_mtod(ut_params->obuf,
> + uint8_t *);
> + else
> + plaintext = ciphertext +
> + (tdata->cipher.offset_bits >> 3);
> +
> + debug_hexdump(stdout, "plaintext:", plaintext,
> + (tdata->plaintext.len_bits >> 3) -
> + tdata->digest_enc.len);
> + debug_hexdump(stdout, "plaintext expected:",
> + tdata->plaintext.data,
> + (tdata->plaintext.len_bits >> 3) -
> + tdata->digest_enc.len);
> + } else {
> + if (ut_params->obuf)
> + ciphertext = rte_pktmbuf_mtod(ut_params->obuf,
> + uint8_t *);
> + else
> + ciphertext = plaintext;
> +
> + debug_hexdump(stdout, "ciphertext:", ciphertext,
> + ciphertext_len);
> + debug_hexdump(stdout, "ciphertext expected:",
> + tdata->ciphertext.data,
> + tdata->ciphertext.len_bits >> 3);
> +
> + ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf,
> uint8_t *)
> + + (tdata->digest_enc.offset == 0 ?
> + plaintext_pad_len : tdata->digest_enc.offset);
> +
> + debug_hexdump(stdout, "digest:", ut_params->digest,
> + tdata->digest_enc.len);
> + debug_hexdump(stdout, "digest expected:",
> + tdata->digest_enc.data,
> + tdata->digest_enc.len);
> + }
> +
> + /* Validate obuf */
> + if (verify) {
> + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
> + plaintext,
> + tdata->plaintext.data,
> + tdata->plaintext.len_bits >> 3,
> + "Plaintext data not as expected");
> + } else {
> + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
> + ciphertext,
> + tdata->ciphertext.data,
> + tdata->validDataLen.len_bits,
> + "Ciphertext data not as expected");
> +
> + TEST_ASSERT_BUFFERS_ARE_EQUAL(
> + ut_params->digest,
> + tdata->digest_enc.data,
> + DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
> + "Generated auth tag not as expected");
> + }
> + return 0;
> +}
> +
> +static int
> +test_mixed_auth_cipher_sgl(const struct mixed_cipher_auth_test_data
> *tdata,
> + uint8_t op_mode, uint8_t verify)
> +{
> + struct crypto_testsuite_params *ts_params = &testsuite_params;
> + struct crypto_unittest_params *ut_params = &unittest_params;
> +
> + int retval;
> +
> + const uint8_t *plaintext = NULL;
> + const uint8_t *ciphertext = NULL;
> + const uint8_t *digest = NULL;
> + unsigned int plaintext_pad_len;
> + unsigned int plaintext_len;
> + unsigned int ciphertext_pad_len;
> + unsigned int ciphertext_len;
> + uint8_t buffer[10000];
> + uint8_t digest_buffer[10000];
> +
> + struct rte_cryptodev_info dev_info;
> +
> + /* Check if device supports particular algorithms */
> + if (test_mixed_check_if_unsupported(tdata))
> + return -ENOTSUP;
> +
> + rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
> +
> + uint64_t feat_flags = dev_info.feature_flags;
> +
> + if (op_mode == IN_PLACE) {
> + if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
> + printf("Device doesn't support in-place scatter-gather
> "
> + "in both input and output
> mbufs.\n");
> + return -ENOTSUP;
> + }
> + } else {
> + if (!(feat_flags &
> RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT)) {
> + printf("Device doesn't support out-of-place scatter-
> gather "
> + "in both input and output
> mbufs.\n");
> + return -ENOTSUP;
> + }
> + if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
> + printf("Device doesn't support digest encrypted.\n");
> + return -ENOTSUP;
> + }
> + }
> +
> + /* Create the session */
> + retval = create_wireless_algo_auth_cipher_session(
> + ts_params->valid_devs[0],
> + (verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
> + :
> RTE_CRYPTO_CIPHER_OP_ENCRYPT),
> + (verify ? RTE_CRYPTO_AUTH_OP_VERIFY
> + :
> RTE_CRYPTO_AUTH_OP_GENERATE),
> + tdata->auth_algo,
> + tdata->cipher_algo,
> + tdata->auth_key.data, tdata->auth_key.len,
> + tdata->auth_iv.len, tdata->digest_enc.len,
> + tdata->cipher_iv.len);
> +
> + if (retval < 0)
> + return retval;
> +
> + ciphertext_len = ceil_byte_length(tdata->ciphertext.len_bits);
> + plaintext_len = ceil_byte_length(tdata->plaintext.len_bits);
> + ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
> + plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
> +
> + ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool,
> + plaintext_pad_len, 15, 0);
> + TEST_ASSERT_NOT_NULL(ut_params->ibuf,
> + "Failed to allocate input buffer in mempool");
> +
> + if (op_mode == OUT_OF_PLACE) {
> + ut_params->obuf = create_segmented_mbuf(ts_params-
> >mbuf_pool,
> + plaintext_pad_len, 15, 0);
> + TEST_ASSERT_NOT_NULL(ut_params->obuf,
> + "Failed to allocate output buffer in
> mempool");
> + }
> +
> + if (verify) {
> + pktmbuf_write(ut_params->ibuf, 0, ciphertext_len,
> + tdata->ciphertext.data);
> + ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
> + ciphertext_len, buffer);
> + debug_hexdump(stdout, "ciphertext:", ciphertext,
> + ciphertext_len);
> + } else {
> + pktmbuf_write(ut_params->ibuf, 0, plaintext_len,
> + tdata->plaintext.data);
> + plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
> + plaintext_len, buffer);
> + debug_hexdump(stdout, "plaintext:", plaintext,
> + plaintext_len);
> + }
> + memset(buffer, 0, sizeof(buffer));
> +
> + /* Create the operation */
> + retval = create_wireless_algo_auth_cipher_operation(
> + tdata->digest_enc.len,
> + tdata->cipher_iv.data, tdata->cipher_iv.len,
> + tdata->auth_iv.data, tdata->auth_iv.len,
> + (tdata->digest_enc.offset == 0 ?
> + (verify ? ciphertext_pad_len : plaintext_pad_len)
> + : tdata->digest_enc.offset),
> + tdata->validCipherLen.len_bits,
> + tdata->cipher.offset_bits,
> + tdata->validAuthLen.len_bits,
> + tdata->auth.offset_bits,
> + op_mode, 1);
> +
> + if (retval < 0)
> + return retval;
> +
> + ut_params->op = process_crypto_request(ts_params->valid_devs[0],
> + ut_params->op);
> +
> + TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
> +
> + ut_params->obuf = (op_mode == IN_PLACE ?
> + ut_params->op->sym->m_src : ut_params->op->sym-
> >m_dst);
> +
> + if (verify) {
> + if (ut_params->obuf)
> + plaintext = rte_pktmbuf_read(ut_params->obuf, 0,
> + plaintext_len, buffer);
> + else
> + plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
> + plaintext_len, buffer);
> +
> + debug_hexdump(stdout, "plaintext:", plaintext,
> + (tdata->plaintext.len_bits >> 3) -
> + tdata->digest_enc.len);
> + debug_hexdump(stdout, "plaintext expected:",
> + tdata->plaintext.data,
> + (tdata->plaintext.len_bits >> 3) -
> + tdata->digest_enc.len);
> + } else {
> + if (ut_params->obuf)
> + ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
> + ciphertext_len, buffer);
> + else
> + ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
> + ciphertext_len, buffer);
> +
> + debug_hexdump(stdout, "ciphertext:", ciphertext,
> + ciphertext_len);
> + debug_hexdump(stdout, "ciphertext expected:",
> + tdata->ciphertext.data,
> + tdata->ciphertext.len_bits >> 3);
> +
> + if (ut_params->obuf)
> + digest = rte_pktmbuf_read(ut_params->obuf,
> + (tdata->digest_enc.offset == 0 ?
> + plaintext_pad_len :
> + tdata->digest_enc.offset),
> + tdata->digest_enc.len, digest_buffer);
> + else
> + digest = rte_pktmbuf_read(ut_params->ibuf,
> + (tdata->digest_enc.offset == 0 ?
> + plaintext_pad_len :
> + tdata->digest_enc.offset),
> + tdata->digest_enc.len, digest_buffer);
> +
> + debug_hexdump(stdout, "digest:", digest,
> + tdata->digest_enc.len);
> + debug_hexdump(stdout, "digest expected:",
> + tdata->digest_enc.data, tdata-
> >digest_enc.len);
> + }
> +
> + /* Validate obuf */
> + if (verify) {
> + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
> + plaintext,
> + tdata->plaintext.data,
> + tdata->plaintext.len_bits >> 3,
> + "Plaintext data not as expected");
> + } else {
> + TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
> + ciphertext,
> + tdata->ciphertext.data,
> + tdata->validDataLen.len_bits,
> + "Ciphertext data not as expected");
> + TEST_ASSERT_BUFFERS_ARE_EQUAL(
> + digest,
> + tdata->digest_enc.data,
> + tdata->digest_enc.len,
> + "Generated auth tag not as expected");
> + }
> + return 0;
> +}
> +
> +/** AUTH AES CMAC + CIPHER AES CTR */
> +
> +static int
> +test_aes_cmac_aes_ctr_test_case_1(void)
> +{
> + return test_mixed_auth_cipher(
> + &auth_aes_cmac_cipher_aes_ctr_test_case_1, IN_PLACE, 0);
> }
> +
> +static int
> +test_aes_cmac_aes_ctr_test_case_1_oop(void)
> +{
> + return test_mixed_auth_cipher(
> + &auth_aes_cmac_cipher_aes_ctr_test_case_1,
> OUT_OF_PLACE, 0); }
> +
> +static int
> +test_aes_cmac_aes_ctr_test_case_1_sgl(void)
> +{
> + return test_mixed_auth_cipher_sgl(
> + &auth_aes_cmac_cipher_aes_ctr_test_case_1, IN_PLACE, 0);
> }
> +
> +static int
> +test_aes_cmac_aes_ctr_test_case_1_oop_sgl(void)
> +{
> + return test_mixed_auth_cipher_sgl(
> + &auth_aes_cmac_cipher_aes_ctr_test_case_1,
> OUT_OF_PLACE, 0); }
> +
> +static int
> +test_verify_aes_cmac_aes_ctr_test_case_1(void)
> +{
> + return test_mixed_auth_cipher(
> + &auth_aes_cmac_cipher_aes_ctr_test_case_1, IN_PLACE, 1);
> }
> +
> +static int
> +test_verify_aes_cmac_aes_ctr_test_case_1_oop(void)
> +{
> + return test_mixed_auth_cipher(
> + &auth_aes_cmac_cipher_aes_ctr_test_case_1,
> OUT_OF_PLACE, 1); }
> +
> +static int
> +test_verify_aes_cmac_aes_ctr_test_case_1_sgl(void)
> +{
> + return test_mixed_auth_cipher_sgl(
> + &auth_aes_cmac_cipher_aes_ctr_test_case_1, IN_PLACE, 1);
> }
> +
> +static int
> +test_verify_aes_cmac_aes_ctr_test_case_1_oop_sgl(void)
> +{
> + return test_mixed_auth_cipher_sgl(
> + &auth_aes_cmac_cipher_aes_ctr_test_case_1,
> OUT_OF_PLACE, 1); }
> +
> static int
> test_3DES_chain_qat_all(void)
> {
> @@ -11802,6 +12262,26 @@ static struct unit_test_suite
> cryptodev_qat_testsuite = {
> TEST_CASE_ST(ut_setup, ut_teardown,
>
> auth_decryption_AES128CBC_HMAC_SHA1_fail_tag_corrupt),
>
> + /** Mixed CIPHER + HASH algorithms */
> +
> + /** AUTH AES CMAC + CIPHER AES CTR */
> + TEST_CASE_ST(ut_setup, ut_teardown,
> + test_aes_cmac_aes_ctr_test_case_1),
> + TEST_CASE_ST(ut_setup, ut_teardown,
> + test_aes_cmac_aes_ctr_test_case_1_oop),
> + TEST_CASE_ST(ut_setup, ut_teardown,
> + test_aes_cmac_aes_ctr_test_case_1_sgl),
> + TEST_CASE_ST(ut_setup, ut_teardown,
> + test_aes_cmac_aes_ctr_test_case_1_oop_sgl),
> + TEST_CASE_ST(ut_setup, ut_teardown,
> + test_verify_aes_cmac_aes_ctr_test_case_1),
> + TEST_CASE_ST(ut_setup, ut_teardown,
> + test_verify_aes_cmac_aes_ctr_test_case_1_oop),
> + TEST_CASE_ST(ut_setup, ut_teardown,
> + test_verify_aes_cmac_aes_ctr_test_case_1_sgl),
> + TEST_CASE_ST(ut_setup, ut_teardown,
> + test_verify_aes_cmac_aes_ctr_test_case_1_oop_sgl),
> +
> TEST_CASES_END() /**< NULL terminate unit test array */
> }
> };
> diff --git a/app/test/test_cryptodev_mixed_test_vectors.h
> b/app/test/test_cryptodev_mixed_test_vectors.h
> new file mode 100644
> index 000000000..bca47c05c
> --- /dev/null
> +++ b/app/test/test_cryptodev_mixed_test_vectors.h
> @@ -0,0 +1,172 @@
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(c) 2019 Intel Corporation
> + */
> +
> +#ifndef TEST_CRYPTODEV_MIXED_TEST_VECTORS_H_
> +#define TEST_CRYPTODEV_MIXED_TEST_VECTORS_H_
> +
> +struct mixed_cipher_auth_test_data {
> +
> + enum rte_crypto_auth_algorithm auth_algo;
> +
> + struct {
> + uint8_t data[64];
> + unsigned int len; /* length must be in Bytes */
> + } auth_key;
> +
> + struct {
> + uint8_t data[64];
> + unsigned int len; /* length must be in Bytes */
> + } auth_iv;
> +
> + struct {
> + unsigned int len_bits;
> + unsigned int offset_bits;
> + } auth;
> +
> + enum rte_crypto_cipher_algorithm cipher_algo;
> +
> + struct {
> + uint8_t data[64];
> + unsigned int len; /* length must be in Bytes */
> + } cipher_key;
> +
> + struct {
> + uint8_t data[64] __rte_aligned(16);
> + unsigned int len; /* length must be in Bytes */
> + } cipher_iv;
> +
> + struct {
> + unsigned int len_bits;
> + unsigned int offset_bits;
> + } cipher;
> +
> + struct {
> + uint8_t data[1024];
> + unsigned int len_bits;
> + } plaintext;
> +
> + struct {
> + uint8_t data[1024];
> + unsigned int len_bits;
> + } ciphertext;
> +
> + struct {
> + uint8_t data[64];
> + unsigned int len; /* length must be in Bytes */
> + unsigned int offset; /* offset must be in Bytes */
> + } digest_enc;
> +
> + struct {
> + unsigned int len_bits;
> + } validDataLen;
> +
> + struct {
> + unsigned int len_bits;
> + } validCipherLen;
> +
> + struct {
> + unsigned int len_bits;
> + } validAuthLen;
> +};
> +
> +struct mixed_cipher_auth_test_data
> auth_aes_cmac_cipher_aes_ctr_test_case_1 = {
> + .auth_algo = RTE_CRYPTO_AUTH_AES_CMAC,
> + .auth_key = {
> + .data = {
> + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> + },
> + .len = 16,
> + },
> + .auth_iv = {
> + .data = {
> + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> + },
> + .len = 16,
> + },
> + .auth = {
> + .len_bits = 124 << 3,
> + .offset_bits = 0,
> + },
> + .cipher_algo = RTE_CRYPTO_CIPHER_AES_CTR,
> + .cipher_key = {
> + .data = {
> + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> + },
> + .len = 16,
> + },
> + .cipher_iv = {
> + .data = {
> + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> + },
> + .len = 16,
> + },
> + .cipher = {
> + .len_bits = 126 << 3,
> + .offset_bits = 2 << 3,
> + },
> + .plaintext = {
> + .data = {
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
> + },
> + .len_bits = 128 << 3,
> + },
> + .ciphertext = {
> + .data = {
> + 0x5A, 0x5A, 0xC9, 0x79, 0xCA, 0xCB, 0xDF, 0x96,
> + 0x97, 0xA5, 0xB0, 0xFC, 0x56, 0xE9, 0xC4, 0xB4,
> + 0x32, 0x5F, 0x55, 0x59, 0xCF, 0x1A, 0xA5, 0xB5,
> + 0x63, 0xAC, 0x94, 0x87, 0x6F, 0xFB, 0x5A, 0x54,
> + 0x4E, 0xE2, 0x2B, 0x32, 0x04, 0x0C, 0xDF, 0x7D,
> + 0x58, 0x73, 0xCE, 0x64, 0x71, 0xEA, 0x31, 0x19,
> + 0xE1, 0x37, 0x9E, 0x89, 0x15, 0x1F, 0xDE, 0x99,
> + 0x17, 0x80, 0x2A, 0x95, 0xAB, 0x37, 0xDF, 0x01,
> + 0x7F, 0x3B, 0x17, 0x07, 0xFA, 0x93, 0xC9, 0xC8,
> + 0x6A, 0x1C, 0xE2, 0x34, 0x2F, 0x33, 0x59, 0xE4,
> + 0xE2, 0x56, 0x1A, 0x23, 0xCC, 0xCE, 0x29, 0x33,
> + 0xC7, 0xAF, 0x92, 0x28, 0x86, 0x5B, 0x91, 0x5B,
> + 0x0E, 0x4E, 0xFB, 0x3B, 0x9D, 0x9F, 0xDF, 0x16,
> + 0x79, 0x90, 0x86, 0xBA, 0x70, 0xD9, 0xF7, 0x9B,
> + 0xEC, 0x46, 0xA9, 0x98, 0x5A, 0xF1, 0x5A, 0x05,
> + 0x3E, 0xD9, 0xE5, 0x03, 0x5D, 0x41, 0xB4, 0xDF
> + },
> + .len_bits = 128 << 3,
> + },
> + .digest_enc = {
> + .data = {
> + 0x5D, 0x41, 0xB4, 0xDF,
> + },
> + .len = 4,
> + .offset = 124,
> + },
> + .validDataLen = {
> + .len_bits = 128 << 3,
> + },
> + .validCipherLen = {
> + .len_bits = 126 << 3,
> + },
> + .validAuthLen = {
> + .len_bits = 124 << 3,
> + }
> +};
> +
> +#endif /* TEST_CRYPTODEV_MIXED_TEST_VECTORS_H_ */
> --
> 2.17.1
@@ -38,6 +38,7 @@
#include "test_cryptodev_zuc_test_vectors.h"
#include "test_cryptodev_aead_test_vectors.h"
#include "test_cryptodev_hmac_test_vectors.h"
+#include "test_cryptodev_mixed_test_vectors.h"
#ifdef RTE_LIBRTE_SECURITY
#include "test_cryptodev_security_pdcp_test_vectors.h"
#include "test_cryptodev_security_pdcp_test_func.h"
@@ -3021,6 +3022,11 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
+ enum rte_crypto_cipher_algorithm cipher_algo =
+ ut_params->cipher_xform.cipher.algo;
+ enum rte_crypto_auth_algorithm auth_algo =
+ ut_params->auth_xform.auth.algo;
+
/* Generate Crypto op data structure */
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC);
@@ -3076,11 +3082,25 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
iv_ptr += cipher_iv_len;
rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
- sym_op->cipher.data.length = cipher_len;
- sym_op->cipher.data.offset = cipher_offset;
+ if (cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
+ cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
+ cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3) {
+ sym_op->cipher.data.length = cipher_len;
+ sym_op->cipher.data.offset = cipher_offset;
+ } else {
+ sym_op->cipher.data.length = cipher_len >> 3;
+ sym_op->cipher.data.offset = cipher_offset >> 3;
+ }
- sym_op->auth.data.length = auth_len;
- sym_op->auth.data.offset = auth_offset;
+ if (auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
+ auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9 ||
+ auth_algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
+ sym_op->auth.data.length = auth_len;
+ sym_op->auth.data.offset = auth_offset;
+ } else {
+ sym_op->auth.data.length = auth_len >> 3;
+ sym_op->auth.data.offset = auth_offset >> 3;
+ }
return 0;
}
@@ -6511,6 +6531,446 @@ test_zuc_auth_cipher_verify_test_case_1_oop_sgl(void)
&zuc_auth_cipher_test_case_1, OUT_OF_PLACE, 1);
}
+static int
+test_mixed_check_if_unsupported(const struct mixed_cipher_auth_test_data *tdata)
+{
+ uint8_t dev_id = testsuite_params.valid_devs[0];
+
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+
+ /* Check if device supports particular cipher algorithm */
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ cap_idx.algo.cipher = tdata->cipher_algo;
+ if (rte_cryptodev_sym_capability_get(dev_id, &cap_idx) == NULL)
+ return -ENOTSUP;
+
+ /* Check if device supports particular hash algorithm */
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+ cap_idx.algo.auth = tdata->auth_algo;
+ if (rte_cryptodev_sym_capability_get(dev_id, &cap_idx) == NULL)
+ return -ENOTSUP;
+
+ return 0;
+}
+
+static int
+test_mixed_auth_cipher(const struct mixed_cipher_auth_test_data *tdata,
+ uint8_t op_mode, uint8_t verify)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct crypto_unittest_params *ut_params = &unittest_params;
+
+ int retval;
+
+ uint8_t *plaintext = NULL, *ciphertext = NULL;
+ unsigned int plaintext_pad_len;
+ unsigned int plaintext_len;
+ unsigned int ciphertext_pad_len;
+ unsigned int ciphertext_len;
+
+ struct rte_cryptodev_info dev_info;
+
+ /* Check if device supports particular algorithms */
+ if (test_mixed_check_if_unsupported(tdata))
+ return -ENOTSUP;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+ uint64_t feat_flags = dev_info.feature_flags;
+
+ if (op_mode == OUT_OF_PLACE) {
+ if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+ printf("Device doesn't support digest encrypted.\n");
+ return -ENOTSUP;
+ }
+ }
+
+ /* Create the session */
+ retval = create_wireless_algo_auth_cipher_session(
+ ts_params->valid_devs[0],
+ (verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+ : RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+ (verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+ : RTE_CRYPTO_AUTH_OP_GENERATE),
+ tdata->auth_algo,
+ tdata->cipher_algo,
+ tdata->auth_key.data, tdata->auth_key.len,
+ tdata->auth_iv.len, tdata->digest_enc.len,
+ tdata->cipher_iv.len);
+
+ if (retval < 0)
+ return retval;
+
+ ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+ if (op_mode == OUT_OF_PLACE)
+ ut_params->obuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+
+ /* clear mbuf payload */
+ memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
+ rte_pktmbuf_tailroom(ut_params->ibuf));
+ if (op_mode == OUT_OF_PLACE)
+ memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
+ rte_pktmbuf_tailroom(ut_params->obuf));
+
+ ciphertext_len = ceil_byte_length(tdata->ciphertext.len_bits);
+ plaintext_len = ceil_byte_length(tdata->plaintext.len_bits);
+ ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
+ plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
+
+ if (verify) {
+ ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+ ciphertext_pad_len);
+ memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
+ if (op_mode == OUT_OF_PLACE)
+ rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+ debug_hexdump(stdout, "ciphertext:", ciphertext,
+ ciphertext_len);
+ } else {
+ plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+ plaintext_pad_len);
+ memcpy(plaintext, tdata->plaintext.data, plaintext_len);
+ if (op_mode == OUT_OF_PLACE)
+ rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
+ debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
+ }
+
+ /* Create the operation */
+ retval = create_wireless_algo_auth_cipher_operation(
+ tdata->digest_enc.len,
+ tdata->cipher_iv.data, tdata->cipher_iv.len,
+ tdata->auth_iv.data, tdata->auth_iv.len,
+ (tdata->digest_enc.offset == 0 ?
+ (verify ? ciphertext_pad_len : plaintext_pad_len)
+ : tdata->digest_enc.offset),
+ tdata->validCipherLen.len_bits,
+ tdata->cipher.offset_bits,
+ tdata->validAuthLen.len_bits,
+ tdata->auth.offset_bits,
+ op_mode, 0);
+
+ if (retval < 0)
+ return retval;
+
+ ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+ ut_params->op);
+
+ TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
+
+ ut_params->obuf = (op_mode == IN_PLACE ?
+ ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+ if (verify) {
+ if (ut_params->obuf)
+ plaintext = rte_pktmbuf_mtod(ut_params->obuf,
+ uint8_t *);
+ else
+ plaintext = ciphertext +
+ (tdata->cipher.offset_bits >> 3);
+
+ debug_hexdump(stdout, "plaintext:", plaintext,
+ (tdata->plaintext.len_bits >> 3) -
+ tdata->digest_enc.len);
+ debug_hexdump(stdout, "plaintext expected:",
+ tdata->plaintext.data,
+ (tdata->plaintext.len_bits >> 3) -
+ tdata->digest_enc.len);
+ } else {
+ if (ut_params->obuf)
+ ciphertext = rte_pktmbuf_mtod(ut_params->obuf,
+ uint8_t *);
+ else
+ ciphertext = plaintext;
+
+ debug_hexdump(stdout, "ciphertext:", ciphertext,
+ ciphertext_len);
+ debug_hexdump(stdout, "ciphertext expected:",
+ tdata->ciphertext.data,
+ tdata->ciphertext.len_bits >> 3);
+
+ ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
+ + (tdata->digest_enc.offset == 0 ?
+ plaintext_pad_len : tdata->digest_enc.offset);
+
+ debug_hexdump(stdout, "digest:", ut_params->digest,
+ tdata->digest_enc.len);
+ debug_hexdump(stdout, "digest expected:",
+ tdata->digest_enc.data,
+ tdata->digest_enc.len);
+ }
+
+ /* Validate obuf */
+ if (verify) {
+ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+ plaintext,
+ tdata->plaintext.data,
+ tdata->plaintext.len_bits >> 3,
+ "Plaintext data not as expected");
+ } else {
+ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+ ciphertext,
+ tdata->ciphertext.data,
+ tdata->validDataLen.len_bits,
+ "Ciphertext data not as expected");
+
+ TEST_ASSERT_BUFFERS_ARE_EQUAL(
+ ut_params->digest,
+ tdata->digest_enc.data,
+ DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
+ "Generated auth tag not as expected");
+ }
+ return 0;
+}
+
+static int
+test_mixed_auth_cipher_sgl(const struct mixed_cipher_auth_test_data *tdata,
+ uint8_t op_mode, uint8_t verify)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct crypto_unittest_params *ut_params = &unittest_params;
+
+ int retval;
+
+ const uint8_t *plaintext = NULL;
+ const uint8_t *ciphertext = NULL;
+ const uint8_t *digest = NULL;
+ unsigned int plaintext_pad_len;
+ unsigned int plaintext_len;
+ unsigned int ciphertext_pad_len;
+ unsigned int ciphertext_len;
+ uint8_t buffer[10000];
+ uint8_t digest_buffer[10000];
+
+ struct rte_cryptodev_info dev_info;
+
+ /* Check if device supports particular algorithms */
+ if (test_mixed_check_if_unsupported(tdata))
+ return -ENOTSUP;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+ uint64_t feat_flags = dev_info.feature_flags;
+
+ if (op_mode == IN_PLACE) {
+ if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
+ printf("Device doesn't support in-place scatter-gather "
+ "in both input and output mbufs.\n");
+ return -ENOTSUP;
+ }
+ } else {
+ if (!(feat_flags & RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT)) {
+ printf("Device doesn't support out-of-place scatter-gather "
+ "in both input and output mbufs.\n");
+ return -ENOTSUP;
+ }
+ if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+ printf("Device doesn't support digest encrypted.\n");
+ return -ENOTSUP;
+ }
+ }
+
+ /* Create the session */
+ retval = create_wireless_algo_auth_cipher_session(
+ ts_params->valid_devs[0],
+ (verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+ : RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+ (verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+ : RTE_CRYPTO_AUTH_OP_GENERATE),
+ tdata->auth_algo,
+ tdata->cipher_algo,
+ tdata->auth_key.data, tdata->auth_key.len,
+ tdata->auth_iv.len, tdata->digest_enc.len,
+ tdata->cipher_iv.len);
+
+ if (retval < 0)
+ return retval;
+
+ ciphertext_len = ceil_byte_length(tdata->ciphertext.len_bits);
+ plaintext_len = ceil_byte_length(tdata->plaintext.len_bits);
+ ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
+ plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
+
+ ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool,
+ plaintext_pad_len, 15, 0);
+ TEST_ASSERT_NOT_NULL(ut_params->ibuf,
+ "Failed to allocate input buffer in mempool");
+
+ if (op_mode == OUT_OF_PLACE) {
+ ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool,
+ plaintext_pad_len, 15, 0);
+ TEST_ASSERT_NOT_NULL(ut_params->obuf,
+ "Failed to allocate output buffer in mempool");
+ }
+
+ if (verify) {
+ pktmbuf_write(ut_params->ibuf, 0, ciphertext_len,
+ tdata->ciphertext.data);
+ ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+ ciphertext_len, buffer);
+ debug_hexdump(stdout, "ciphertext:", ciphertext,
+ ciphertext_len);
+ } else {
+ pktmbuf_write(ut_params->ibuf, 0, plaintext_len,
+ tdata->plaintext.data);
+ plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+ plaintext_len, buffer);
+ debug_hexdump(stdout, "plaintext:", plaintext,
+ plaintext_len);
+ }
+ memset(buffer, 0, sizeof(buffer));
+
+ /* Create the operation */
+ retval = create_wireless_algo_auth_cipher_operation(
+ tdata->digest_enc.len,
+ tdata->cipher_iv.data, tdata->cipher_iv.len,
+ tdata->auth_iv.data, tdata->auth_iv.len,
+ (tdata->digest_enc.offset == 0 ?
+ (verify ? ciphertext_pad_len : plaintext_pad_len)
+ : tdata->digest_enc.offset),
+ tdata->validCipherLen.len_bits,
+ tdata->cipher.offset_bits,
+ tdata->validAuthLen.len_bits,
+ tdata->auth.offset_bits,
+ op_mode, 1);
+
+ if (retval < 0)
+ return retval;
+
+ ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+ ut_params->op);
+
+ TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
+
+ ut_params->obuf = (op_mode == IN_PLACE ?
+ ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+ if (verify) {
+ if (ut_params->obuf)
+ plaintext = rte_pktmbuf_read(ut_params->obuf, 0,
+ plaintext_len, buffer);
+ else
+ plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+ plaintext_len, buffer);
+
+ debug_hexdump(stdout, "plaintext:", plaintext,
+ (tdata->plaintext.len_bits >> 3) -
+ tdata->digest_enc.len);
+ debug_hexdump(stdout, "plaintext expected:",
+ tdata->plaintext.data,
+ (tdata->plaintext.len_bits >> 3) -
+ tdata->digest_enc.len);
+ } else {
+ if (ut_params->obuf)
+ ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
+ ciphertext_len, buffer);
+ else
+ ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+ ciphertext_len, buffer);
+
+ debug_hexdump(stdout, "ciphertext:", ciphertext,
+ ciphertext_len);
+ debug_hexdump(stdout, "ciphertext expected:",
+ tdata->ciphertext.data,
+ tdata->ciphertext.len_bits >> 3);
+
+ if (ut_params->obuf)
+ digest = rte_pktmbuf_read(ut_params->obuf,
+ (tdata->digest_enc.offset == 0 ?
+ plaintext_pad_len :
+ tdata->digest_enc.offset),
+ tdata->digest_enc.len, digest_buffer);
+ else
+ digest = rte_pktmbuf_read(ut_params->ibuf,
+ (tdata->digest_enc.offset == 0 ?
+ plaintext_pad_len :
+ tdata->digest_enc.offset),
+ tdata->digest_enc.len, digest_buffer);
+
+ debug_hexdump(stdout, "digest:", digest,
+ tdata->digest_enc.len);
+ debug_hexdump(stdout, "digest expected:",
+ tdata->digest_enc.data, tdata->digest_enc.len);
+ }
+
+ /* Validate obuf */
+ if (verify) {
+ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+ plaintext,
+ tdata->plaintext.data,
+ tdata->plaintext.len_bits >> 3,
+ "Plaintext data not as expected");
+ } else {
+ TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+ ciphertext,
+ tdata->ciphertext.data,
+ tdata->validDataLen.len_bits,
+ "Ciphertext data not as expected");
+ TEST_ASSERT_BUFFERS_ARE_EQUAL(
+ digest,
+ tdata->digest_enc.data,
+ tdata->digest_enc.len,
+ "Generated auth tag not as expected");
+ }
+ return 0;
+}
+
+/** AUTH AES CMAC + CIPHER AES CTR */
+
+static int
+test_aes_cmac_aes_ctr_test_case_1(void)
+{
+ return test_mixed_auth_cipher(
+ &auth_aes_cmac_cipher_aes_ctr_test_case_1, IN_PLACE, 0);
+}
+
+static int
+test_aes_cmac_aes_ctr_test_case_1_oop(void)
+{
+ return test_mixed_auth_cipher(
+ &auth_aes_cmac_cipher_aes_ctr_test_case_1, OUT_OF_PLACE, 0);
+}
+
+static int
+test_aes_cmac_aes_ctr_test_case_1_sgl(void)
+{
+ return test_mixed_auth_cipher_sgl(
+ &auth_aes_cmac_cipher_aes_ctr_test_case_1, IN_PLACE, 0);
+}
+
+static int
+test_aes_cmac_aes_ctr_test_case_1_oop_sgl(void)
+{
+ return test_mixed_auth_cipher_sgl(
+ &auth_aes_cmac_cipher_aes_ctr_test_case_1, OUT_OF_PLACE, 0);
+}
+
+static int
+test_verify_aes_cmac_aes_ctr_test_case_1(void)
+{
+ return test_mixed_auth_cipher(
+ &auth_aes_cmac_cipher_aes_ctr_test_case_1, IN_PLACE, 1);
+}
+
+static int
+test_verify_aes_cmac_aes_ctr_test_case_1_oop(void)
+{
+ return test_mixed_auth_cipher(
+ &auth_aes_cmac_cipher_aes_ctr_test_case_1, OUT_OF_PLACE, 1);
+}
+
+static int
+test_verify_aes_cmac_aes_ctr_test_case_1_sgl(void)
+{
+ return test_mixed_auth_cipher_sgl(
+ &auth_aes_cmac_cipher_aes_ctr_test_case_1, IN_PLACE, 1);
+}
+
+static int
+test_verify_aes_cmac_aes_ctr_test_case_1_oop_sgl(void)
+{
+ return test_mixed_auth_cipher_sgl(
+ &auth_aes_cmac_cipher_aes_ctr_test_case_1, OUT_OF_PLACE, 1);
+}
+
static int
test_3DES_chain_qat_all(void)
{
@@ -11802,6 +12262,26 @@ static struct unit_test_suite cryptodev_qat_testsuite = {
TEST_CASE_ST(ut_setup, ut_teardown,
auth_decryption_AES128CBC_HMAC_SHA1_fail_tag_corrupt),
+ /** Mixed CIPHER + HASH algorithms */
+
+ /** AUTH AES CMAC + CIPHER AES CTR */
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_aes_cmac_aes_ctr_test_case_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_aes_cmac_aes_ctr_test_case_1_oop),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_aes_cmac_aes_ctr_test_case_1_sgl),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_aes_cmac_aes_ctr_test_case_1_oop_sgl),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_verify_aes_cmac_aes_ctr_test_case_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_verify_aes_cmac_aes_ctr_test_case_1_oop),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_verify_aes_cmac_aes_ctr_test_case_1_sgl),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_verify_aes_cmac_aes_ctr_test_case_1_oop_sgl),
+
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
new file mode 100644
@@ -0,0 +1,172 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2019 Intel Corporation
+ */
+
+#ifndef TEST_CRYPTODEV_MIXED_TEST_VECTORS_H_
+#define TEST_CRYPTODEV_MIXED_TEST_VECTORS_H_
+
+struct mixed_cipher_auth_test_data {
+
+ enum rte_crypto_auth_algorithm auth_algo;
+
+ struct {
+ uint8_t data[64];
+ unsigned int len; /* length must be in Bytes */
+ } auth_key;
+
+ struct {
+ uint8_t data[64];
+ unsigned int len; /* length must be in Bytes */
+ } auth_iv;
+
+ struct {
+ unsigned int len_bits;
+ unsigned int offset_bits;
+ } auth;
+
+ enum rte_crypto_cipher_algorithm cipher_algo;
+
+ struct {
+ uint8_t data[64];
+ unsigned int len; /* length must be in Bytes */
+ } cipher_key;
+
+ struct {
+ uint8_t data[64] __rte_aligned(16);
+ unsigned int len; /* length must be in Bytes */
+ } cipher_iv;
+
+ struct {
+ unsigned int len_bits;
+ unsigned int offset_bits;
+ } cipher;
+
+ struct {
+ uint8_t data[1024];
+ unsigned int len_bits;
+ } plaintext;
+
+ struct {
+ uint8_t data[1024];
+ unsigned int len_bits;
+ } ciphertext;
+
+ struct {
+ uint8_t data[64];
+ unsigned int len; /* length must be in Bytes */
+ unsigned int offset; /* offset must be in Bytes */
+ } digest_enc;
+
+ struct {
+ unsigned int len_bits;
+ } validDataLen;
+
+ struct {
+ unsigned int len_bits;
+ } validCipherLen;
+
+ struct {
+ unsigned int len_bits;
+ } validAuthLen;
+};
+
+struct mixed_cipher_auth_test_data auth_aes_cmac_cipher_aes_ctr_test_case_1 = {
+ .auth_algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .auth_key = {
+ .data = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ },
+ .len = 16,
+ },
+ .auth_iv = {
+ .data = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 16,
+ },
+ .auth = {
+ .len_bits = 124 << 3,
+ .offset_bits = 0,
+ },
+ .cipher_algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .cipher_key = {
+ .data = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ },
+ .len = 16,
+ },
+ .cipher_iv = {
+ .data = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ .len = 16,
+ },
+ .cipher = {
+ .len_bits = 126 << 3,
+ .offset_bits = 2 << 3,
+ },
+ .plaintext = {
+ .data = {
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+ },
+ .len_bits = 128 << 3,
+ },
+ .ciphertext = {
+ .data = {
+ 0x5A, 0x5A, 0xC9, 0x79, 0xCA, 0xCB, 0xDF, 0x96,
+ 0x97, 0xA5, 0xB0, 0xFC, 0x56, 0xE9, 0xC4, 0xB4,
+ 0x32, 0x5F, 0x55, 0x59, 0xCF, 0x1A, 0xA5, 0xB5,
+ 0x63, 0xAC, 0x94, 0x87, 0x6F, 0xFB, 0x5A, 0x54,
+ 0x4E, 0xE2, 0x2B, 0x32, 0x04, 0x0C, 0xDF, 0x7D,
+ 0x58, 0x73, 0xCE, 0x64, 0x71, 0xEA, 0x31, 0x19,
+ 0xE1, 0x37, 0x9E, 0x89, 0x15, 0x1F, 0xDE, 0x99,
+ 0x17, 0x80, 0x2A, 0x95, 0xAB, 0x37, 0xDF, 0x01,
+ 0x7F, 0x3B, 0x17, 0x07, 0xFA, 0x93, 0xC9, 0xC8,
+ 0x6A, 0x1C, 0xE2, 0x34, 0x2F, 0x33, 0x59, 0xE4,
+ 0xE2, 0x56, 0x1A, 0x23, 0xCC, 0xCE, 0x29, 0x33,
+ 0xC7, 0xAF, 0x92, 0x28, 0x86, 0x5B, 0x91, 0x5B,
+ 0x0E, 0x4E, 0xFB, 0x3B, 0x9D, 0x9F, 0xDF, 0x16,
+ 0x79, 0x90, 0x86, 0xBA, 0x70, 0xD9, 0xF7, 0x9B,
+ 0xEC, 0x46, 0xA9, 0x98, 0x5A, 0xF1, 0x5A, 0x05,
+ 0x3E, 0xD9, 0xE5, 0x03, 0x5D, 0x41, 0xB4, 0xDF
+ },
+ .len_bits = 128 << 3,
+ },
+ .digest_enc = {
+ .data = {
+ 0x5D, 0x41, 0xB4, 0xDF,
+ },
+ .len = 4,
+ .offset = 124,
+ },
+ .validDataLen = {
+ .len_bits = 128 << 3,
+ },
+ .validCipherLen = {
+ .len_bits = 126 << 3,
+ },
+ .validAuthLen = {
+ .len_bits = 124 << 3,
+ }
+};
+
+#endif /* TEST_CRYPTODEV_MIXED_TEST_VECTORS_H_ */