diff mbox series

[v2,1/3] test/crypto: add more AES GCM tests for QAT PMD

Message ID	20190927154739.26404-2-adamx.dybkowski@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Adam Dybkowski <adamx.dybkowski@intel.com> To: dev@dpdk.org, fiona.trahe@intel.com, arkadiuszx.kusztal@intel.com, akhil.goyal@nxp.com Cc: Adam Dybkowski <adamx.dybkowski@intel.com> Date: Fri, 27 Sep 2019 17:47:37 +0200 Message-Id: <20190927154739.26404-2-adamx.dybkowski@intel.com> In-Reply-To: <20190927154739.26404-1-adamx.dybkowski@intel.com> References: <20190906144751.3420-1-adamx.dybkowski@intel.com> <20190927154739.26404-1-adamx.dybkowski@intel.com> Subject: [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	QAT: handle Single Pass GCM \| [v2,0/3] QAT: handle Single Pass GCM [v2,1/3] test/crypto: add more AES GCM tests for QAT PMD [v2,2/3] common/qat: add new QAT GEN3 definitions [v2,3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/iol-dpdk_compile_ovs	success	Compile Testing PASS
ci/iol-dpdk_compile	success	Compile Testing PASS
ci/iol-dpdk_compile_spdk	success	Compile Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/iol-mellanox-Performance	success	Performance Testing PASS

Commit Message

Dybkowski, AdamX Sept. 27, 2019, 3:47 p.m. UTC

  This patch adds 256-bit AES GCM tests for QAT PMD
(which already existed for AESNI and OpenSSL) and also adds
a number of negative unit tests for AES GCM for QAT PMD, in order
to verify authenticated encryption and decryption with modified data.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 app/test/test_cryptodev.c | 253 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 248 insertions(+), 5 deletions(-)

Comments

Fiona Trahe Oct. 3, 2019, 12:41 p.m. UTC | #1

Hi Adam,

> -----Original Message-----
> From: Dybkowski, AdamX
> Sent: Friday, September 27, 2019 4:48 PM
> To: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>; akhil.goyal@nxp.com
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Subject: [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD
> 
> This patch adds 256-bit AES GCM tests for QAT PMD
> (which already existed for AESNI and OpenSSL) and also adds
> a number of negative unit tests for AES GCM for QAT PMD, in order
> to verify authenticated encryption and decryption with modified data.
> 
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> ---
These are a great set of tests to add, thanks.
However, I find the silent terminology misleading. as the fn is not silent, other errors may print, debug may print and depending on the flag passed in the compare error may print.
Also, if the test fails for some other reason than the one it should, this will be missed.
What you want to do is catch specific expected errors so I'd suggest following:
leave test_authenticated_encryption() name as is.
Add a fail_expected enum to crypto_unittest_params, with elements like NONE, DIGEST_CORRUPT, ENCRYPTED_DATA_CORRUPT, UNENCRYPTED_DATA_CORRUPT
Don't suppress the errors, instead in wrapper fns, print "Negative test - errors are expected" at top of each negative test, corrupt the input and set the appropriate fail.
In test_authenticated_encryption() and test_authenticated_encryption() use the enum to check for the expected failure.
Does that make sense?

diff mbox series

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9a226bd15..a0629c402 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -6939,7 +6939,8 @@  create_aead_operation(enum rte_crypto_aead_operation op,
 }
 
 static int
-test_authenticated_encryption(const struct aead_test_data *tdata)
+test_authenticated_encryption_silent(const struct aead_test_data *tdata,
+		uint8_t silent_mode)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -7005,6 +7006,12 @@  test_authenticated_encryption(const struct aead_test_data *tdata)
 	debug_hexdump(stdout, "auth tag:", auth_tag, tdata->auth_tag.len);
 
 	/* Validate obuf */
+	if (silent_mode)
+		return !memcmp(ciphertext, tdata->ciphertext.data,
+				tdata->ciphertext.len) &&
+			!memcmp(auth_tag, tdata->auth_tag.data,
+				tdata->auth_tag.len) ? 0 : TEST_FAILED;
+
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
 			ciphertext,
 			tdata->ciphertext.data,
@@ -7021,6 +7028,12 @@  test_authenticated_encryption(const struct aead_test_data *tdata)
 
 }
 
+static int
+test_authenticated_encryption(const struct aead_test_data *tdata)
+{
+	return test_authenticated_encryption_silent(tdata, 0);
+}
+
 static int
 test_AES_GCM_authenticated_encryption_test_case_1(void)
 {
@@ -7063,6 +7076,12 @@  test_AES_GCM_authenticated_encryption_test_case_7(void)
 	return test_authenticated_encryption(&gcm_test_case_7);
 }
 
+static int
+test_AES_GCM_authenticated_encryption_test_case_8(void)
+{
+	return test_authenticated_encryption(&gcm_test_case_8);
+}
+
 static int
 test_AES_GCM_auth_encryption_test_case_192_1(void)
 {
@@ -7160,7 +7179,89 @@  test_AES_GCM_auth_encryption_test_case_aad_2(void)
 }
 
 static int
-test_authenticated_decryption(const struct aead_test_data *tdata)
+test_AES_GCM_auth_encryption_fail_iv_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.iv.data[0] += 1;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_in_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.plaintext.data[0] += 1;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_out_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.ciphertext.data[0] += 1;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_aad_len_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.aad.len += 1;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_aad_corrupt(void)
+{
+	struct aead_test_data tdata;
+	uint8_t aad[gcm_test_case_7.aad.len];
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len);
+	aad[0] += 1;
+	tdata.aad.data = aad;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_tag_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.auth_tag.data[0] += 1;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_authenticated_decryption_silent(const struct aead_test_data *tdata,
+		uint8_t silent_mode)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -7217,19 +7318,30 @@  test_authenticated_decryption(const struct aead_test_data *tdata)
 
 	debug_hexdump(stdout, "plaintext:", plaintext, tdata->ciphertext.len);
 
+	TEST_ASSERT_EQUAL(ut_params->op->status,
+			RTE_CRYPTO_OP_STATUS_SUCCESS,
+			"Authentication failed");
+
 	/* Validate obuf */
+	if (silent_mode)
+		return !memcmp(plaintext, tdata->plaintext.data,
+				tdata->plaintext.len) ? 0 : TEST_FAILED;
+
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
 			plaintext,
 			tdata->plaintext.data,
 			tdata->plaintext.len,
 			"Plaintext data not as expected");
 
-	TEST_ASSERT_EQUAL(ut_params->op->status,
-			RTE_CRYPTO_OP_STATUS_SUCCESS,
-			"Authentication failed");
 	return 0;
 }
 
+static int
+test_authenticated_decryption(const struct aead_test_data *tdata)
+{
+	return test_authenticated_decryption_silent(tdata, 0);
+}
+
 static int
 test_AES_GCM_authenticated_decryption_test_case_1(void)
 {
@@ -7272,6 +7384,12 @@  test_AES_GCM_authenticated_decryption_test_case_7(void)
 	return test_authenticated_decryption(&gcm_test_case_7);
 }
 
+static int
+test_AES_GCM_authenticated_decryption_test_case_8(void)
+{
+	return test_authenticated_decryption(&gcm_test_case_8);
+}
+
 static int
 test_AES_GCM_auth_decryption_test_case_192_1(void)
 {
@@ -7368,6 +7486,87 @@  test_AES_GCM_auth_decryption_test_case_aad_2(void)
 	return test_authenticated_decryption(&gcm_test_case_aad_2);
 }
 
+static int
+test_AES_GCM_auth_decryption_fail_iv_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.iv.data[0] += 1;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_in_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.plaintext.data[0] += 1;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_out_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.ciphertext.data[0] += 1;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_aad_len_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.aad.len += 1;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_aad_corrupt(void)
+{
+	struct aead_test_data tdata;
+	uint8_t aad[gcm_test_case_7.aad.len];
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len);
+	aad[0] += 1;
+	tdata.aad.data = aad;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_tag_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.auth_tag.data[0] += 1;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "authentication not failed");
+	return TEST_SUCCESS;
+}
+
 static int
 test_authenticated_encryption_oop(const struct aead_test_data *tdata)
 {
@@ -10315,6 +10514,8 @@  static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_AES_GCM_authenticated_encryption_test_case_6),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GCM_authenticated_encryption_test_case_7),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_authenticated_encryption_test_case_8),
 
 		/** AES GCM Authenticated Decryption */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10331,6 +10532,8 @@  static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_AES_GCM_authenticated_decryption_test_case_6),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GCM_authenticated_decryption_test_case_7),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_authenticated_decryption_test_case_8),
 
 		/** AES GCM Authenticated Encryption 192 bits key */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10380,6 +10583,22 @@  static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GCM_auth_encryption_test_case_256_7),
 
+		/** AES GCM Authenticated Decryption 256 bits key */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_3),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_4),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_5),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_6),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_7),
+
 		/** AES GMAC Authentication */
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GMAC_authentication_test_case_1),
@@ -10602,6 +10821,30 @@  static struct unit_test_suite cryptodev_qat_testsuite  = {
 			authentication_verify_HMAC_SHA1_fail_data_corrupt),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			authentication_verify_HMAC_SHA1_fail_tag_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_iv_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_in_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_out_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_aad_len_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_aad_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_tag_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_iv_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_in_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_out_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_aad_len_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_aad_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_tag_corrupt),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			authentication_verify_AES128_GMAC_fail_data_corrupt),
 		TEST_CASE_ST(ut_setup, ut_teardown,