diff mbox series

[v1] test/crypto: fix: test vectors for zuc 256 bit key

Message ID 20211027084053.5264-1-vvelumuri@marvell.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers show
Series [v1] test/crypto: fix: test vectors for zuc 256 bit key | expand

Checks

Context Check Description
ci/iol-aarch64-unit-testing success Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-aarch64-compile-testing success Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-x86_64-compile-testing success Testing PASS
ci/iol-x86_64-unit-testing success Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/intel-Testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/github-robot: build success github build: passed
ci/checkpatch success coding style OK

Commit Message

Vidya Sagar Velumuri Oct. 27, 2021, 8:40 a.m. UTC
Fix the IV and MAC in the test vectors added for zuc 256-bit key

Fixes: fa5bf9345d4e (test/crypto: add ZUC cases with 256-bit keys)

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Comments

Akhil Goyal Oct. 28, 2021, 7:10 a.m. UTC | #1
> Fix the IV and MAC in the test vectors added for zuc 256-bit key
> 
> Fixes: fa5bf9345d4e (test/crypto: add ZUC cases with 256-bit keys)
> 
> Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
> 
@Fan Zhang, @ciara.power@intel.com: can you verify at your end?
And see if Bug 828 in Bugzilla gets resolved with this.
Pablo de Lara Oct. 29, 2021, 12:37 p.m. UTC | #2
Hi Vidya,

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Vidya Sagar Velumuri
> Sent: Wednesday, October 27, 2021 9:41 AM
> To: adwivedi@marvell.com; anoobj@marvell.com; ktejasree@marvell.com;
> ndabilpuram@marvell.com; gakhil@marvell.com; Doherty, Declan
> <declan.doherty@intel.com>
> Cc: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH v1] test/crypto: fix: test vectors for zuc 256 bit key
> 
> Fix the IV and MAC in the test vectors added for zuc 256-bit key
> 
> Fixes: fa5bf9345d4e (test/crypto: add ZUC cases with 256-bit keys)
> 
> Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>

The new vectors are failing for us. Could you check if the ones we added work for you? 

Thanks,
Pablo
Vidya Sagar Velumuri Oct. 30, 2021, 12:25 p.m. UTC | #3
Hi Pablo,

Tried the test vector zuc256_test_case_auth_1 and the digest did not match with the generated digest in our platform.

As per spec, IV[i] for i = 17 to 24 are 6-bit string occupying the 6 least signi cant bits of a byte.
But in the vectors, The values in the IV(byte -17 to 24) are > 0x3f.

Could you please elaborate how these bytes are considered for generation of digest.

Regards
Sagar
Pablo de Lara Oct. 31, 2021, 10:06 p.m. UTC | #4
Hi Sagar,

Thanks for flagging this. I submitted a patch fixing the IV of the test vectors I pushed (it didn't change the output):
http://patches.dpdk.org/project/dpdk/patch/20211031220421.52181-1-pablo.de.lara.guarch@intel.com/

Could you check if they work for you?

Thanks,
Pablo

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Sent: Saturday, October 30, 2021 1:26 PM
To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Ankur Dwivedi <adwivedi@marvell.com>; Anoob Joseph <anoobj@marvell.com>; Tejasree Kondoj <ktejasree@marvell.com>; Nithin Kumar Dabilpuram <ndabilpuram@marvell.com>; Akhil Goyal <gakhil@marvell.com>; Doherty, Declan <declan.doherty@intel.com>
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH v1] test/crypto: fix: test vectors for zuc 256 bit key

Hi Pablo,

Tried the test vector zuc256_test_case_auth_1 and the digest did not match with the generated digest in our platform.

As per spec, IV[i] for i = 17 to 24 are 6-bit string occupying the 6 least signi cant bits of a byte.
But in the vectors, The values in the IV(byte -17 to 24) are > 0x3f.

Could you please elaborate how these bytes are considered for generation of digest.

Regards
Sagar
Vidya Sagar Velumuri Nov. 1, 2021, 10:23 a.m. UTC | #5
Hi Pablo,

Verified with updated test vector.  the output did not change from previous output but also, it did not match the ouput present in the vector.

Regards
Sagar
Vidya Sagar Velumuri Nov. 2, 2021, 4:40 a.m. UTC | #6
Hi Pablo,

We verified vectors mentioned in below link in our platform and all the vectors passed (i.e: the digest matches with the doc).
http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
The ZUC-256 Stream Cipher<http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf>
The ZUC-256 Stream Cipher 5 3. X 2 = s 7L ks 5H 4. X 3 = s 2L ks 0H, where s iH is the high 16 bits of the cell s i and s jL is the low 16 bits of the cell s j. F(X 0;X 1;X 2) 1. W = (X 0 R 1) R 2 2. W 1 = R 1 X 1 3. W 2 = R 2 X 2 4. R 1 = S(L 1(W 1L kW 2H)) 5. R 2 = S(L 2(W 2L kW 1H)), where S = (S 0;S 1;S 0;S 1) is the 4 parallel S-boxes which are the same as those used in the previous ZUC ...
www.is.cas.cn

Could you please check if these vectors work in your platform.

Regards
Sagar
Pablo de Lara Nov. 2, 2021, 11:17 a.m. UTC | #7
Hi Sagar,

Yes, those vectors pass for us too.
From our vectors, the ones for encryption (zuc256_test_case_cipher_1 and zuc256_test_case_cipher_2) work for you, and only the authentication one (zuc256_test_case_auth_1) doesn't?
Since verifying authentication is more difficult, we should try to cross check encryption, mainly check if we are generating the same keystream.
Could you change the plaintext of your encryption test vector (zuc_test_case_cipher_800b_key_256b ) to all 0s, and see which ciphertext you see
(will be the keystream generated by your device).
Our implementation actually matches with GmSSL library, so it looks like you might have some issue in yours, but let's see.

Thanks,
Pablo

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Sent: Tuesday, November 2, 2021 4:41 AM
To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Ankur Dwivedi <adwivedi@marvell.com>; Anoob Joseph <anoobj@marvell.com>; Tejasree Kondoj <ktejasree@marvell.com>; Nithin Kumar Dabilpuram <ndabilpuram@marvell.com>; Akhil Goyal <gakhil@marvell.com>; Doherty, Declan <declan.doherty@intel.com>
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH v1] test/crypto: fix: test vectors for zuc 256 bit key

Hi Pablo,

We verified vectors mentioned in below link in our platform and all the vectors passed (i.e: the digest matches with the doc).
http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
The ZUC-256 Stream Cipher<http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf>
The ZUC-256 Stream Cipher 5 3. X 2 = s 7L ks 5H 4. X 3 = s 2L ks 0H, where s iH is the high 16 bits of the cell s i and s jL is the low 16 bits of the cell s j. F(X 0;X 1;X 2) 1. W = (X 0 R 1) R 2 2. W 1 = R 1 X 1 3. W 2 = R 2 X 2 4. R 1 = S(L 1(W 1L kW 2H)) 5. R 2 = S(L 2(W 2L kW 1H)), where S = (S 0;S 1;S 0;S 1) is the 4 parallel S-boxes which are the same as those used in the previous ZUC ...
www.is.cas.cn<http://www.is.cas.cn>

Could you please check if these vectors work in your platform.

Regards
Sagar
diff mbox series

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 814a0b401d..773db1dbea 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -7179,7 +7179,7 @@  test_zuc_hash_generate_test_case_9(void)
 static int
 test_zuc_hash_generate_test_case_10(void)
 {
-	return test_zuc_authentication(&zuc_test_case_auth_2080b_mac_128b);
+	return test_zuc_authentication(&zuc_test_case_auth_584b_mac_128b);
 }
 
 static int
diff --git a/app/test/test_cryptodev_zuc_test_vectors.h b/app/test/test_cryptodev_zuc_test_vectors.h
index 35bbe0f6c4..ba5c68ca72 100644
--- a/app/test/test_cryptodev_zuc_test_vectors.h
+++ b/app/test/test_cryptodev_zuc_test_vectors.h
@@ -522,18 +522,19 @@  static struct wireless_test_data zuc_test_case_cipher_800b_key_256b = {
 		.data = {
 			0xE5, 0xBD, 0x3E, 0xA0, 0xEB, 0x55, 0xAD, 0xE8,
 			0x66, 0xC6, 0xAC, 0x58, 0xBD, 0x54, 0x30, 0x2A,
-			0xE5, 0xBD, 0x3E, 0xA0, 0xEB, 0x55, 0xAD, 0xE8,
-			0x66, 0xC6, 0xAC, 0x58, 0xBD, 0x54, 0x30, 0x2A
+			0x66, 0xC6, 0xAC, 0x58, 0xBD, 0x54, 0x30, 0x2A,
+			0xE5, 0xBD, 0x3E, 0xA0, 0xEB, 0x55, 0xAD, 0xE8
 		},
 		.len = 32
 	},
 	.cipher_iv = {
 		.data = {
-			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00,
-			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00,
-			0x00, 0x05, 0x68, 0x23, 0xC4, 0x00, 0x00, 0x00
+			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0x3f, 0x3f, 0x3f, 0x3f, 0x3f, 0x3f, 0x3f,
+			0x3f
 		},
-		.len = 24
+		.len = 25
 	},
 	.plaintext = {
 		.data = {
@@ -555,19 +556,19 @@  static struct wireless_test_data zuc_test_case_cipher_800b_key_256b = {
 	},
 	.ciphertext = {
 		.data = {
-			0xd0, 0xb4, 0x09, 0x5a, 0x83, 0xf3, 0x8d, 0x2a,
-			0x8a, 0xc1, 0x75, 0x5a, 0xed, 0x53, 0xd3, 0xc6,
-			0x15, 0x9d, 0x8c, 0x12, 0x98, 0x89, 0x66, 0x28,
-			0x05, 0xc8, 0xd1, 0xc4, 0xbf, 0xf7, 0x72, 0x79,
-			0xc7, 0x42, 0xde, 0xc8, 0xdc, 0xe9, 0xb4, 0x4a,
-			0x92, 0x85, 0x31, 0xb7, 0xc6, 0x51, 0x83, 0x0b,
-			0x96, 0x29, 0xdd, 0xe0, 0x3b, 0x7e, 0xbe, 0x7b,
-			0x34, 0x23, 0x1b, 0xe1, 0x8d, 0x8a, 0xe7, 0x0f,
-			0x12, 0x68, 0x41, 0x4e, 0xaa, 0xf0, 0xeb, 0x9d,
-			0xbf, 0xed, 0x00, 0xd9, 0x3c, 0x4d, 0x9a, 0xfb,
-			0x9c, 0xfe, 0xc7, 0xca, 0x3f, 0xd6, 0xbf, 0x03,
-			0x73, 0x67, 0xcc, 0xc2, 0x38, 0xa3, 0xe0, 0x6e,
-			0xe6, 0x4b, 0x63, 0x61
+			0xf2, 0xd4, 0x1e, 0x24, 0x19, 0xb1, 0x86, 0x3f,
+			0x31, 0x4a, 0x42, 0xc2, 0xfb, 0xf7, 0x54, 0xc4,
+			0x2b, 0xd9, 0x45, 0xd1, 0x6b, 0xaa, 0xff, 0x5c,
+			0x2d, 0x01, 0x28, 0x46, 0xf2, 0xa7, 0x36, 0xed,
+			0xf7, 0x41, 0x69, 0xeb, 0x96, 0xf0, 0xa5, 0xa5,
+			0xa3, 0xfa, 0xa3, 0x19, 0x8f, 0xac, 0x90, 0x84,
+			0x1f, 0x06, 0xdc, 0x45, 0x9f, 0x04, 0xec, 0x75,
+			0x06, 0xea, 0x79, 0xf5, 0x3e, 0x96, 0xa5, 0x31,
+			0x04, 0xae, 0xca, 0x2b, 0x55, 0x7e, 0x8e, 0xc6,
+			0x82, 0x6e, 0x44, 0x08, 0xd2, 0x56, 0xb6, 0xcf,
+			0xa1, 0x10, 0xf7, 0x1a, 0x2b, 0xc0, 0x31, 0x9a,
+			0x3a, 0x7b, 0xe7, 0xaf, 0xc5, 0xba, 0x7e, 0xa8,
+			0x64, 0xfb, 0x1b, 0xa3
 		},
 		.len = 800
 	},
@@ -1108,68 +1109,48 @@  static struct wireless_test_data zuc_test_case_auth_584b = {
 	}
 };
 
-static struct wireless_test_data zuc_test_case_auth_2080b_mac_128b = {
+static struct wireless_test_data zuc_test_case_auth_584b_mac_128b = {
 	.key = {
 		.data = {
-			0xC8, 0xA4, 0x82, 0x62, 0xD0, 0xC2, 0xE2, 0xBA,
-			0xC4, 0xB9, 0x6E, 0xF7, 0x7E, 0x80, 0xCA, 0x59,
-			0xC8, 0xA4, 0x82, 0x62, 0xD0, 0xC2, 0xE2, 0xBA,
-			0xC4, 0xB9, 0x6E, 0xF7, 0x7E, 0x80, 0xCA, 0x59
+			0xc9, 0xe6, 0xce, 0xc4, 0x60, 0x7c, 0x72, 0xdb,
+			0x00, 0x0a, 0xef, 0xa8, 0x83, 0x85, 0xab, 0x0a,
+			0x00, 0x0a, 0xef, 0xa8, 0x83, 0x85, 0xab, 0x0a,
+			0xc9, 0xe6, 0xce, 0xc4, 0x60, 0x7c, 0x72, 0xdb
 		},
 		.len = 32
 	},
 	.auth_iv = {
 		.data = {
-			0x05, 0x09, 0x78, 0x50, 0x80, 0x00, 0x00, 0x00,
-			0x85, 0x09, 0x78, 0x50, 0x80, 0x00, 0x80, 0x00,
-			0x85, 0x09, 0x78, 0x50, 0x80, 0x00, 0x80, 0x00
-		},
-		.len = 24
+			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0x3f, 0x3f, 0x3f, 0x3f, 0x3f, 0x3f, 0x3f,
+			0x3f
+			},
+		.len = 25
 	},
 	.plaintext = {
 		.data = {
-			0xB5, 0x46, 0x43, 0x0B, 0xF8, 0x7B, 0x4F, 0x1E,
-			0xE8, 0x34, 0x70, 0x4C, 0xD6, 0x95, 0x1C, 0x36,
-			0xE2, 0x6F, 0x10, 0x8C, 0xF7, 0x31, 0x78, 0x8F,
-			0x48, 0xDC, 0x34, 0xF1, 0x67, 0x8C, 0x05, 0x22,
-			0x1C, 0x8F, 0xA7, 0xFF, 0x2F, 0x39, 0xF4, 0x77,
-			0xE7, 0xE4, 0x9E, 0xF6, 0x0A, 0x4E, 0xC2, 0xC3,
-			0xDE, 0x24, 0x31, 0x2A, 0x96, 0xAA, 0x26, 0xE1,
-			0xCF, 0xBA, 0x57, 0x56, 0x38, 0x38, 0xB2, 0x97,
-			0xF4, 0x7E, 0x85, 0x10, 0xC7, 0x79, 0xFD, 0x66,
-			0x54, 0xB1, 0x43, 0x38, 0x6F, 0xA6, 0x39, 0xD3,
-			0x1E, 0xDB, 0xD6, 0xC0, 0x6E, 0x47, 0xD1, 0x59,
-			0xD9, 0x43, 0x62, 0xF2, 0x6A, 0xEE, 0xED, 0xEE,
-			0x0E, 0x4F, 0x49, 0xD9, 0xBF, 0x84, 0x12, 0x99,
-			0x54, 0x15, 0xBF, 0xAD, 0x56, 0xEE, 0x82, 0xD1,
-			0xCA, 0x74, 0x63, 0xAB, 0xF0, 0x85, 0xB0, 0x82,
-			0xB0, 0x99, 0x04, 0xD6, 0xD9, 0x90, 0xD4, 0x3C,
-			0xF2, 0xE0, 0x62, 0xF4, 0x08, 0x39, 0xD9, 0x32,
-			0x48, 0xB1, 0xEB, 0x92, 0xCD, 0xFE, 0xD5, 0x30,
-			0x0B, 0xC1, 0x48, 0x28, 0x04, 0x30, 0xB6, 0xD0,
-			0xCA, 0xA0, 0x94, 0xB6, 0xEC, 0x89, 0x11, 0xAB,
-			0x7D, 0xC3, 0x68, 0x24, 0xB8, 0x24, 0xDC, 0x0A,
-			0xF6, 0x68, 0x2B, 0x09, 0x35, 0xFD, 0xE7, 0xB4,
-			0x92, 0xA1, 0x4D, 0xC2, 0xF4, 0x36, 0x48, 0x03,
-			0x8D, 0xA2, 0xCF, 0x79, 0x17, 0x0D, 0x2D, 0x50,
-			0x13, 0x3F, 0xD4, 0x94, 0x16, 0xCB, 0x6E, 0x33,
-			0xBE, 0xA9, 0x0B, 0x8B, 0xF4, 0x55, 0x9B, 0x03,
-			0x73, 0x2A, 0x01, 0xEA, 0x29, 0x0E, 0x6D, 0x07,
-			0x4F, 0x79, 0xBB, 0x83, 0xC1, 0x0E, 0x58, 0x00,
-			0x15, 0xCC, 0x1A, 0x85, 0xB3, 0x6B, 0x55, 0x01,
-			0x04, 0x6E, 0x9C, 0x4B, 0xDC, 0xAE, 0x51, 0x35,
-			0x69, 0x0B, 0x86, 0x66, 0xBD, 0x54, 0xB7, 0xA7,
-			0x03, 0xEA, 0x7B, 0x6F, 0x22, 0x0A, 0x54, 0x69,
-			0xA5, 0x68, 0x02, 0x7E
+			0x98, 0x3b, 0x41, 0xd4, 0x7d, 0x78, 0x0c, 0x9e,
+			0x1a, 0xd1, 0x1d, 0x7e, 0xb7, 0x03, 0x91, 0xb1,
+			0xde, 0x0b, 0x35, 0xda, 0x2d, 0xc6, 0x2f, 0x83,
+			0xe7, 0xb7, 0x8d, 0x63, 0x06, 0xca, 0x0e, 0xa0,
+			0x7e, 0x94, 0x1b, 0x7b, 0xe9, 0x13, 0x48, 0xf9,
+			0xfc, 0xb1, 0x70, 0xe2, 0x21, 0x7f, 0xec, 0xd9,
+			0x7f, 0x9f, 0x68, 0xad, 0xb1, 0x6e, 0x5d, 0x7d,
+			0x21, 0xe5, 0x69, 0xd2, 0x80, 0xed, 0x77, 0x5c,
+			0xeb, 0xde, 0x3f, 0x40, 0x93, 0xc5, 0x38, 0x81,
+			0x00, 0x00, 0x00, 0x00
 		},
-		.len = 2080
+		.len = 584
 	},
 	.validAuthLenInBits = {
-		.len = 2080
+		.len = 584
 	},
 	.digest = {
-		.data = {0x05, 0x9f, 0xd8, 0x21, 0x90, 0xfb, 0x13, 0x26,
-				0x94, 0x37, 0x6d, 0xc0, 0xcc, 0x52, 0xb9, 0xcc},
+		.data = {
+			0x11, 0x84, 0xee, 0x30, 0xc6, 0x57, 0xa5, 0xd4,
+			0x0d, 0x3f, 0xf5, 0xfa, 0xee, 0xdd, 0x65, 0x31
+		},
 		.len  = 16
 	}
 };
@@ -1179,18 +1160,19 @@  static struct wireless_test_data zuc_test_case_auth_584b_mac_64b = {
 		.data = {
 			0xc9, 0xe6, 0xce, 0xc4, 0x60, 0x7c, 0x72, 0xdb,
 			0x00, 0x0a, 0xef, 0xa8, 0x83, 0x85, 0xab, 0x0a,
-			0xc9, 0xe6, 0xce, 0xc4, 0x60, 0x7c, 0x72, 0xdb,
-			0x00, 0x0a, 0xef, 0xa8, 0x83, 0x85, 0xab, 0x0a
+			0x00, 0x0a, 0xef, 0xa8, 0x83, 0x85, 0xab, 0x0a,
+			0xc9, 0xe6, 0xce, 0xc4, 0x60, 0x7c, 0x72, 0xdb
 		},
 		.len = 32
 	},
 	.auth_iv = {
 		.data = {
-			0xa9, 0x40, 0x59, 0xda, 0x50, 0x0, 0x0, 0x0,
-			0x29, 0x40, 0x59, 0xda, 0x50, 0x0, 0x80, 0x0,
-			0x29, 0x40, 0x59, 0xda, 0x50, 0x0, 0x80, 0x0
+			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+			0xff, 0x3f, 0x3f, 0x3f, 0x3f, 0x3f, 0x3f, 0x3f,
+			0x3f
 		},
-		.len = 24
+		.len = 25
 	},
 	.plaintext = {
 		.data = {
@@ -1211,7 +1193,7 @@  static struct wireless_test_data zuc_test_case_auth_584b_mac_64b = {
 		.len = 584
 	},
 	.digest = {
-		.data = {0xf5, 0x45, 0x4a, 0x75, 0x22, 0x39, 0x4b, 0xf2},
+		.data = {0xb4, 0x21, 0x4e, 0x0b, 0x8d, 0x34, 0xd4, 0x8e},
 		.len  = 8
 	}
 };