[v1,06/10] examples/fips_validation: add ECDSA keygen support
Checks
Commit Message
Add support to validate ECDSA keygen mode tests.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
.../fips_validation/fips_validation_ecdsa.c | 52 +++++++++++++++++++
examples/fips_validation/main.c | 13 +++++
2 files changed, 65 insertions(+)
Comments
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; jerinj@marvell.com; Akhil Goyal
> <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1, 06/10] examples/fips_validation: add ECDSA keygen support
>
> Add support to validate ECDSA keygen mode tests.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> .../fips_validation/fips_validation_ecdsa.c | 52 +++++++++++++++++++
> examples/fips_validation/main.c | 13 +++++
> 2 files changed, 65 insertions(+)
>
> diff --git a/examples/fips_validation/fips_validation_ecdsa.c
> b/examples/fips_validation/fips_validation_ecdsa.c
> index d47ab0b5d1..5c91abfc5a 100644
> --- a/examples/fips_validation/fips_validation_ecdsa.c
> +++ b/examples/fips_validation/fips_validation_ecdsa.c
> @@ -295,6 +295,20 @@ parse_test_ecdsa_json_writeback(struct fips_val
> *val)
> json_object_set_new(json_info.json_write_case,
> "testPassed", json_true());
> else
> json_object_set_new(json_info.json_write_case,
> "testPassed", json_false());
> + } else if (info.op == FIPS_TEST_ASYM_KEYGEN) {
> + json_t *obj;
> +
> + writeback_hex_str("", info.one_line_text, &vec.ecdsa.pkey);
> + obj = json_string(info.one_line_text);
> + json_object_set_new(json_info.json_write_case, "d", obj);
> +
> + writeback_hex_str("", info.one_line_text, &vec.ecdsa.qx);
> + obj = json_string(info.one_line_text);
> + json_object_set_new(json_info.json_write_case, "qx", obj);
> +
> + writeback_hex_str("", info.one_line_text, &vec.ecdsa.qy);
> + obj = json_string(info.one_line_text);
> + json_object_set_new(json_info.json_write_case, "qy", obj);
> }
>
> return 0;
> @@ -367,6 +381,36 @@ parse_siggen_message_str(const char *key, char
> *src, struct fips_val *val)
> return ret;
> }
>
> +static int
> +parse_keygen_tc_str(const char *key, char *src, struct fips_val *val) {
> + RTE_SET_USED(key);
> + RTE_SET_USED(src);
> + RTE_SET_USED(val);
> +
> + if (info.op == FIPS_TEST_ASYM_KEYGEN) {
> + if (vec.ecdsa.pkey.val) {
> + rte_free(vec.ecdsa.pkey.val);
> + vec.ecdsa.pkey.val = NULL;
> + }
> +
> + if (vec.ecdsa.k.val) {
> + rte_free(vec.ecdsa.k.val);
> + vec.ecdsa.k.val = NULL;
> + }
> +
> + if (prepare_vec_ecdsa() < 0)
> + return -1;
> +
> + if (prepare_vec_ecdsa_k() < 0)
> + return -1;
> +
> + info.interim_info.ecdsa_data.pubkey_gen = 1;
> + }
> +
> + return 0;
> +}
> +
> static int
> parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val
> *val) { @@ -402,6 +446,11 @@ struct fips_test_callback
> ecdsa_sigver_json_vectors[] = {
> {NULL, NULL, NULL} /**< end pointer */ };
>
> +struct fips_test_callback ecdsa_keygen_json_vectors[] = {
> + {"tcId", parse_keygen_tc_str, &vec.pt},
> + {NULL, NULL, NULL} /**< end pointer */ };
> +
> int
> parse_test_ecdsa_json_init(void)
> {
> @@ -421,6 +470,9 @@ parse_test_ecdsa_json_init(void)
> } else if (strcmp(mode_str, "sigVer") == 0) {
> info.op = FIPS_TEST_ASYM_SIGVER;
> info.callbacks = ecdsa_sigver_json_vectors;
> + } else if (strcmp(mode_str, "keyGen") == 0) {
> + info.op = FIPS_TEST_ASYM_KEYGEN;
> + info.callbacks = ecdsa_keygen_json_vectors;
> } else {
> return -EINVAL;
> }
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index 1974dc959b..97190902aa 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1758,6 +1758,19 @@ fips_run_test(void)
>
> env.op = env.sym.op;
> if (env.is_asym_test) {
> + if (info.op == FIPS_TEST_ASYM_KEYGEN &&
> + info.algo == FIPS_TEST_ALGO_ECDSA) {
> + env.op = env.asym.op;
> + test_ops.prepare_asym_xform =
> prepare_ecfpm_xform;
> + test_ops.prepare_asym_op = prepare_ecfpm_op;
> + ret = fips_run_asym_test();
> + if (ret < 0)
> + return ret;
> +
> + info.interim_info.ecdsa_data.pubkey_gen = 0;
> + return ret;
> + }
> +
> vec.cipher_auth.digest.len = parse_test_sha_hash_size(
>
> info.interim_info.rsa_data.auth);
> test_ops.prepare_sym_xform = prepare_sha_xform;
> --
> 2.25.1
Acked-by: Brian Dooley <brian.dooley@intel.com>
@@ -295,6 +295,20 @@ parse_test_ecdsa_json_writeback(struct fips_val *val)
json_object_set_new(json_info.json_write_case, "testPassed", json_true());
else
json_object_set_new(json_info.json_write_case, "testPassed", json_false());
+ } else if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+ json_t *obj;
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.pkey);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "d", obj);
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.qx);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "qx", obj);
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.qy);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "qy", obj);
}
return 0;
@@ -367,6 +381,36 @@ parse_siggen_message_str(const char *key, char *src, struct fips_val *val)
return ret;
}
+static int
+parse_keygen_tc_str(const char *key, char *src, struct fips_val *val)
+{
+ RTE_SET_USED(key);
+ RTE_SET_USED(src);
+ RTE_SET_USED(val);
+
+ if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+ if (vec.ecdsa.pkey.val) {
+ rte_free(vec.ecdsa.pkey.val);
+ vec.ecdsa.pkey.val = NULL;
+ }
+
+ if (vec.ecdsa.k.val) {
+ rte_free(vec.ecdsa.k.val);
+ vec.ecdsa.k.val = NULL;
+ }
+
+ if (prepare_vec_ecdsa() < 0)
+ return -1;
+
+ if (prepare_vec_ecdsa_k() < 0)
+ return -1;
+
+ info.interim_info.ecdsa_data.pubkey_gen = 1;
+ }
+
+ return 0;
+}
+
static int
parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val *val)
{
@@ -402,6 +446,11 @@ struct fips_test_callback ecdsa_sigver_json_vectors[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+struct fips_test_callback ecdsa_keygen_json_vectors[] = {
+ {"tcId", parse_keygen_tc_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
int
parse_test_ecdsa_json_init(void)
{
@@ -421,6 +470,9 @@ parse_test_ecdsa_json_init(void)
} else if (strcmp(mode_str, "sigVer") == 0) {
info.op = FIPS_TEST_ASYM_SIGVER;
info.callbacks = ecdsa_sigver_json_vectors;
+ } else if (strcmp(mode_str, "keyGen") == 0) {
+ info.op = FIPS_TEST_ASYM_KEYGEN;
+ info.callbacks = ecdsa_keygen_json_vectors;
} else {
return -EINVAL;
}
@@ -1758,6 +1758,19 @@ fips_run_test(void)
env.op = env.sym.op;
if (env.is_asym_test) {
+ if (info.op == FIPS_TEST_ASYM_KEYGEN &&
+ info.algo == FIPS_TEST_ALGO_ECDSA) {
+ env.op = env.asym.op;
+ test_ops.prepare_asym_xform = prepare_ecfpm_xform;
+ test_ops.prepare_asym_op = prepare_ecfpm_op;
+ ret = fips_run_asym_test();
+ if (ret < 0)
+ return ret;
+
+ info.interim_info.ecdsa_data.pubkey_gen = 0;
+ return ret;
+ }
+
vec.cipher_auth.digest.len = parse_test_sha_hash_size(
info.interim_info.rsa_data.auth);
test_ops.prepare_sym_xform = prepare_sha_xform;