From patchwork Mon Feb 6 14:45:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gowrishankar Muthukrishnan X-Patchwork-Id: 123145 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E568D41C12; Mon, 6 Feb 2023 15:46:26 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id EDF7642D42; Mon, 6 Feb 2023 15:46:23 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 4311A42D3F for ; Mon, 6 Feb 2023 15:46:22 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31688kg8015844; Mon, 6 Feb 2023 06:46:21 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=xV+FV+g3XQvPF9jdWOD0hqAGw4K3ipVTdU7uwtZgDiE=; b=OzG0jxCzHvpRM+YvfrLuEm0058x5+DPqMJYuh9ZtgFunWBmFQNGPWtxNd/becqQ7OQvC 9KfQjCp+DxdvyxEvc96S7jchCJo0VaVw3ES4vdHUFmM0co6mmPYX8JET0Tj9FgQxt0qA b8BBArd4gwe7mJhPSoVK8WC2qgLhrYwzt/FFvQYSEAC32NnnDOo4dZiMdNxue6A9w1lA yvLny3HVqL++SKBHN6Nj877z3JFnet2PjmY1wFPrqtNaSb1TP9wlJAv6z7zckVkESqiC XsBgSjhwFfnlPe9p+cwfcZodRra5EdRNFkEaf30qa76TLDY1u4gNX4quMJbz2vZ7KixQ 2w== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3nhqrtbkch-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 06 Feb 2023 06:46:21 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Mon, 6 Feb 2023 06:46:15 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.42 via Frontend Transport; Mon, 6 Feb 2023 06:46:15 -0800 Received: from localhost.localdomain (unknown [10.28.34.38]) by maili.marvell.com (Postfix) with ESMTP id 5C0C43F7043; Mon, 6 Feb 2023 06:46:13 -0800 (PST) From: Gowrishankar Muthukrishnan To: CC: Anoob Joseph , , Akhil Goyal , Brian Dooley , "Gowrishankar Muthukrishnan" Subject: [v1, 02/10] examples/fips_validation: add SHA3 validation Date: Mon, 6 Feb 2023 20:15:54 +0530 Message-ID: <18c7a6838c18d041c52ef57e807eb34871af3946.1675693844.git.gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-Proofpoint-GUID: As2fHJTZdswJnRlNeRfzdDhumq2o4Tvf X-Proofpoint-ORIG-GUID: As2fHJTZdswJnRlNeRfzdDhumq2o4Tvf X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-02-06_07,2023-02-06_03,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add support in fips_validation to parse SHA3 algorithms. Signed-off-by: Gowrishankar Muthukrishnan Acked-by: Brian Dooley --- doc/guides/sample_app_ug/fips_validation.rst | 5 +- examples/fips_validation/fips_validation.h | 1 + .../fips_validation/fips_validation_hmac.c | 8 ++ .../fips_validation/fips_validation_sha.c | 20 +++-- examples/fips_validation/main.c | 76 +++++++++---------- 5 files changed, 61 insertions(+), 49 deletions(-) diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst index 50d23c789b..55837895fe 100644 --- a/doc/guides/sample_app_ug/fips_validation.rst +++ b/doc/guides/sample_app_ug/fips_validation.rst @@ -64,8 +64,9 @@ ACVP * AES-CTR (128,192,256) - AFT, CTR * AES-GMAC (128,192,256) - AFT * AES-XTS (128,256) - AFT - * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512) - * SHA (1, 256, 384, 512) - AFT, MCT + * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512) + * SHA (1, 224, 256, 384, 512) - AFT, MCT + * SHA3 (224, 256, 384, 512) - AFT, MCT * TDES-CBC - AFT, MCT * TDES-ECB - AFT, MCT * RSA diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h index 565a5cd36e..6c1bd35849 100644 --- a/examples/fips_validation/fips_validation.h +++ b/examples/fips_validation/fips_validation.h @@ -205,6 +205,7 @@ struct sha_interim_data { /* keep algo always on top as it is also used in asym digest */ enum rte_crypto_auth_algorithm algo; enum fips_sha_test_types test_type; + uint8_t md_blocks; }; struct gcm_interim_data { diff --git a/examples/fips_validation/fips_validation_hmac.c b/examples/fips_validation/fips_validation_hmac.c index e0721ef028..f1cbc18435 100644 --- a/examples/fips_validation/fips_validation_hmac.c +++ b/examples/fips_validation/fips_validation_hmac.c @@ -37,6 +37,10 @@ struct hash_size_conversion { {"32", RTE_CRYPTO_AUTH_SHA256_HMAC}, {"48", RTE_CRYPTO_AUTH_SHA384_HMAC}, {"64", RTE_CRYPTO_AUTH_SHA512_HMAC}, + {"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC}, + {"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC}, + {"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC}, + {"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC}, }; static int @@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = { {"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC}, {"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC}, {"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC}, + {"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC}, + {"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC}, + {"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC}, + {"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC}, }; struct fips_test_callback hmac_tests_json_vectors[] = { diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c index 178ea492d3..8b68f5ed36 100644 --- a/examples/fips_validation/fips_validation_sha.c +++ b/examples/fips_validation/fips_validation_sha.c @@ -32,6 +32,10 @@ struct plain_hash_size_conversion { {"32", RTE_CRYPTO_AUTH_SHA256}, {"48", RTE_CRYPTO_AUTH_SHA384}, {"64", RTE_CRYPTO_AUTH_SHA512}, + {"28", RTE_CRYPTO_AUTH_SHA3_224}, + {"32", RTE_CRYPTO_AUTH_SHA3_256}, + {"48", RTE_CRYPTO_AUTH_SHA3_384}, + {"64", RTE_CRYPTO_AUTH_SHA3_512}, }; int @@ -96,12 +100,17 @@ static struct { static struct plain_hash_algorithms { const char *str; enum rte_crypto_auth_algorithm algo; + uint8_t md_blocks; } json_algorithms[] = { - {"SHA-1", RTE_CRYPTO_AUTH_SHA1}, - {"SHA2-224", RTE_CRYPTO_AUTH_SHA224}, - {"SHA2-256", RTE_CRYPTO_AUTH_SHA256}, - {"SHA2-384", RTE_CRYPTO_AUTH_SHA384}, - {"SHA2-512", RTE_CRYPTO_AUTH_SHA512}, + {"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3}, + {"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3}, + {"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3}, + {"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3}, + {"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3}, + {"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1}, + {"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1}, + {"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1}, + {"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1}, }; struct fips_test_callback sha_tests_json_vectors[] = { @@ -233,6 +242,7 @@ parse_test_sha_json_algorithm(void) for (i = 0; i < RTE_DIM(json_algorithms); i++) { if (strstr(algorithm_str, json_algorithms[i].str)) { info.interim_info.sha_data.algo = json_algorithms[i].algo; + info.interim_info.sha_data.md_blocks = json_algorithms[i].md_blocks; break; } } diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index cc585e8418..cf29e440f1 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -2267,22 +2267,27 @@ fips_mct_sha_test(void) { #define SHA_EXTERN_ITER 100 #define SHA_INTERN_ITER 1000 -#define SHA_MD_BLOCK 3 + uint8_t md_blocks = info.interim_info.sha_data.md_blocks; struct fips_val val = {NULL, 0}; - struct fips_val md[SHA_MD_BLOCK], msg; + struct fips_val md[md_blocks]; int ret; - uint32_t i, j; + uint32_t i, j, k, offset, max_outlen; + + max_outlen = md_blocks * vec.cipher_auth.digest.len; + + if (vec.cipher_auth.digest.val) + free(vec.cipher_auth.digest.val); + + vec.cipher_auth.digest.val = calloc(1, max_outlen); - msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len; - msg.val = calloc(1, msg.len); if (vec.pt.val) memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.cipher_auth.digest.len); - for (i = 0; i < SHA_MD_BLOCK; i++) - md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0); - rte_free(vec.pt.val); - vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0); + vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*md_blocks), 0); + + for (i = 0; i < md_blocks; i++) + md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0); if (info.file_type != FIPS_TYPE_JSON) { fips_test_write_one_case(); @@ -2290,30 +2295,19 @@ fips_mct_sha_test(void) } for (j = 0; j < SHA_EXTERN_ITER; j++) { - - memcpy(md[0].val, vec.cipher_auth.digest.val, - vec.cipher_auth.digest.len); - md[0].len = vec.cipher_auth.digest.len; - memcpy(md[1].val, vec.cipher_auth.digest.val, - vec.cipher_auth.digest.len); - md[1].len = vec.cipher_auth.digest.len; - memcpy(md[2].val, vec.cipher_auth.digest.val, - vec.cipher_auth.digest.len); - md[2].len = vec.cipher_auth.digest.len; - - for (i = 0; i < SHA_MD_BLOCK; i++) - memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len); + for (i = 0; i < md_blocks; i++) { + memcpy(md[i].val, vec.cipher_auth.digest.val, + vec.cipher_auth.digest.len); + md[i].len = vec.cipher_auth.digest.len; + } for (i = 0; i < (SHA_INTERN_ITER); i++) { - - memcpy(vec.pt.val, md[0].val, - (size_t)md[0].len); - memcpy((vec.pt.val + md[0].len), md[1].val, - (size_t)md[1].len); - memcpy((vec.pt.val + md[0].len + md[1].len), - md[2].val, - (size_t)md[2].len); - vec.pt.len = md[0].len + md[1].len + md[2].len; + offset = 0; + for (k = 0; k < md_blocks; k++) { + memcpy(vec.pt.val + offset, md[k].val, (size_t)md[k].len); + offset += md[k].len; + } + vec.pt.len = offset; ret = fips_run_test(); if (ret < 0) { @@ -2331,18 +2325,18 @@ fips_mct_sha_test(void) if (ret < 0) return ret; - memcpy(md[0].val, md[1].val, md[1].len); - md[0].len = md[1].len; - memcpy(md[1].val, md[2].val, md[2].len); - md[1].len = md[2].len; + for (k = 1; k < md_blocks; k++) { + memcpy(md[k-1].val, md[k].val, md[k].len); + md[k-1].len = md[k].len; + } - memcpy(md[2].val, (val.val + vec.pt.len), + memcpy(md[md_blocks-1].val, (val.val + vec.pt.len), vec.cipher_auth.digest.len); - md[2].len = vec.cipher_auth.digest.len; + md[md_blocks-1].len = vec.cipher_auth.digest.len; } - memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len); - vec.cipher_auth.digest.len = md[2].len; + memcpy(vec.cipher_auth.digest.val, md[md_blocks-1].val, md[md_blocks-1].len); + vec.cipher_auth.digest.len = md[md_blocks-1].len; if (info.file_type != FIPS_TYPE_JSON) fprintf(info.fp_wr, "COUNT = %u\n", j); @@ -2353,14 +2347,12 @@ fips_mct_sha_test(void) fprintf(info.fp_wr, "\n"); } - for (i = 0; i < (SHA_MD_BLOCK); i++) + for (i = 0; i < (md_blocks); i++) rte_free(md[i].val); rte_free(vec.pt.val); free(val.val); - free(msg.val); - return 0; }