diff mbox series

[v2,02/10] examples/fips_validation: add SHA3 validation

Message ID	3d7cbce2fd961c8b85647f18450476d8218b830a.1677604524.git.gmuthukrishn@marvell.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com> To: <dev@dpdk.org> CC: Anoob Joseph <anoobj@marvell.com>, <jerinj@marvell.com>, Akhil Goyal <gakhil@marvell.com>, Brian Dooley <brian.dooley@intel.com>, "Gowrishankar Muthukrishnan" <gmuthukrishn@marvell.com> Subject: [v2, 02/10] examples/fips_validation: add SHA3 validation Date: Tue, 28 Feb 2023 22:58:48 +0530 Message-ID: <3d7cbce2fd961c8b85647f18450476d8218b830a.1677604524.git.gmuthukrishn@marvell.com> In-Reply-To: <cover.1677604524.git.gmuthukrishn@marvell.com> References: <cover.1677604524.git.gmuthukrishn@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	fips_validation application improvements \| [v2,00/10] fips_validation application improvements [v2,01/10] examples/fips_validation: fix MCT output for SHA [v2,02/10] examples/fips_validation: add SHA3 validation [v2,03/10] examples/fips_validation: fix integer parse in test case [v2,04/10] examples/fips_validation: add SHAKE validation [v2,05/10] examples/fips_validation: add CCM JSON validation [v2,06/10] examples/fips_validation: add ECDSA keygen support [v2,07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test [v2,08/10] examples/fips_validation: fix AES GCM validation tests [v2,09/10] examples/fips_validation: fix AES XTS to read seq number [v2,10/10] examples/fips_validation: add extra space in JSON buffer

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Gowrishankar Muthukrishnan Feb. 28, 2023, 5:28 p.m. UTC

  Add support in fips_validation to parse SHA3 algorithms.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 doc/guides/sample_app_ug/fips_validation.rst  |  5 +-
 examples/fips_validation/fips_validation.h    |  1 +
 .../fips_validation/fips_validation_hmac.c    |  8 ++
 .../fips_validation/fips_validation_sha.c     | 20 +++--
 examples/fips_validation/main.c               | 76 +++++++++----------
 5 files changed, 61 insertions(+), 49 deletions(-)

diff mbox series

Patch

diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
index 50d23c789b..55837895fe 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -64,8 +64,9 @@  ACVP
     * AES-CTR (128,192,256) - AFT, CTR
     * AES-GMAC (128,192,256) - AFT
     * AES-XTS (128,256) - AFT
-    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
-    * SHA (1, 256, 384, 512) - AFT, MCT
+    * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512)
+    * SHA (1, 224, 256, 384, 512) - AFT, MCT
+    * SHA3 (224, 256, 384, 512) - AFT, MCT
     * TDES-CBC - AFT, MCT
     * TDES-ECB - AFT, MCT
     * RSA
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index 565a5cd36e..6c1bd35849 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -205,6 +205,7 @@  struct sha_interim_data {
 	/* keep algo always on top as it is also used in asym digest */
 	enum rte_crypto_auth_algorithm algo;
 	enum fips_sha_test_types test_type;
+	uint8_t md_blocks;
 };
 
 struct gcm_interim_data {
diff --git a/examples/fips_validation/fips_validation_hmac.c b/examples/fips_validation/fips_validation_hmac.c
index e0721ef028..f1cbc18435 100644
--- a/examples/fips_validation/fips_validation_hmac.c
+++ b/examples/fips_validation/fips_validation_hmac.c
@@ -37,6 +37,10 @@  struct hash_size_conversion {
 		{"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
 		{"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
 		{"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
+		{"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+		{"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+		{"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+		{"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
 };
 
 static int
@@ -81,6 +85,10 @@  struct hash_size_conversion json_algorithms[] = {
 		{"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
 		{"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
 		{"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
+		{"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+		{"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+		{"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+		{"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
 };
 
 struct fips_test_callback hmac_tests_json_vectors[] = {
diff --git a/examples/fips_validation/fips_validation_sha.c b/examples/fips_validation/fips_validation_sha.c
index 178ea492d3..8b68f5ed36 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -32,6 +32,10 @@  struct plain_hash_size_conversion {
 		{"32", RTE_CRYPTO_AUTH_SHA256},
 		{"48", RTE_CRYPTO_AUTH_SHA384},
 		{"64", RTE_CRYPTO_AUTH_SHA512},
+		{"28", RTE_CRYPTO_AUTH_SHA3_224},
+		{"32", RTE_CRYPTO_AUTH_SHA3_256},
+		{"48", RTE_CRYPTO_AUTH_SHA3_384},
+		{"64", RTE_CRYPTO_AUTH_SHA3_512},
 };
 
 int
@@ -96,12 +100,17 @@  static struct {
 static struct plain_hash_algorithms {
 	const char *str;
 	enum rte_crypto_auth_algorithm algo;
+	uint8_t md_blocks;
 } json_algorithms[] = {
-		{"SHA-1", RTE_CRYPTO_AUTH_SHA1},
-		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
-		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
-		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
-		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+		{"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3},
+		{"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3},
+		{"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3},
+		{"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3},
+		{"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3},
+		{"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1},
+		{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
+		{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
+		{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
 };
 
 struct fips_test_callback sha_tests_json_vectors[] = {
@@ -233,6 +242,7 @@  parse_test_sha_json_algorithm(void)
 	for (i = 0; i < RTE_DIM(json_algorithms); i++) {
 		if (strstr(algorithm_str, json_algorithms[i].str)) {
 			info.interim_info.sha_data.algo = json_algorithms[i].algo;
+			info.interim_info.sha_data.md_blocks = json_algorithms[i].md_blocks;
 			break;
 		}
 	}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index cc585e8418..cf29e440f1 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2267,22 +2267,27 @@  fips_mct_sha_test(void)
 {
 #define SHA_EXTERN_ITER	100
 #define SHA_INTERN_ITER	1000
-#define SHA_MD_BLOCK	3
+	uint8_t md_blocks = info.interim_info.sha_data.md_blocks;
 	struct fips_val val = {NULL, 0};
-	struct fips_val  md[SHA_MD_BLOCK], msg;
+	struct fips_val  md[md_blocks];
 	int ret;
-	uint32_t i, j;
+	uint32_t i, j, k, offset, max_outlen;
+
+	max_outlen = md_blocks * vec.cipher_auth.digest.len;
+
+	if (vec.cipher_auth.digest.val)
+		free(vec.cipher_auth.digest.val);
+
+	vec.cipher_auth.digest.val = calloc(1, max_outlen);
 
-	msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
-	msg.val = calloc(1, msg.len);
 	if (vec.pt.val)
 		memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.cipher_auth.digest.len);
 
-	for (i = 0; i < SHA_MD_BLOCK; i++)
-		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
-
 	rte_free(vec.pt.val);
-	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
+	vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*md_blocks), 0);
+
+	for (i = 0; i < md_blocks; i++)
+		md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
 
 	if (info.file_type != FIPS_TYPE_JSON) {
 		fips_test_write_one_case();
@@ -2290,30 +2295,19 @@  fips_mct_sha_test(void)
 	}
 
 	for (j = 0; j < SHA_EXTERN_ITER; j++) {
-
-		memcpy(md[0].val, vec.cipher_auth.digest.val,
-			vec.cipher_auth.digest.len);
-		md[0].len = vec.cipher_auth.digest.len;
-		memcpy(md[1].val, vec.cipher_auth.digest.val,
-			vec.cipher_auth.digest.len);
-		md[1].len = vec.cipher_auth.digest.len;
-		memcpy(md[2].val, vec.cipher_auth.digest.val,
-			vec.cipher_auth.digest.len);
-		md[2].len = vec.cipher_auth.digest.len;
-
-		for (i = 0; i < SHA_MD_BLOCK; i++)
-			memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
+		for (i = 0; i < md_blocks; i++) {
+			memcpy(md[i].val, vec.cipher_auth.digest.val,
+				vec.cipher_auth.digest.len);
+			md[i].len = vec.cipher_auth.digest.len;
+		}
 
 		for (i = 0; i < (SHA_INTERN_ITER); i++) {
-
-			memcpy(vec.pt.val, md[0].val,
-				(size_t)md[0].len);
-			memcpy((vec.pt.val + md[0].len), md[1].val,
-				(size_t)md[1].len);
-			memcpy((vec.pt.val + md[0].len + md[1].len),
-				md[2].val,
-				(size_t)md[2].len);
-			vec.pt.len = md[0].len + md[1].len + md[2].len;
+			offset = 0;
+			for (k = 0; k < md_blocks; k++) {
+				memcpy(vec.pt.val + offset, md[k].val, (size_t)md[k].len);
+				offset += md[k].len;
+			}
+			vec.pt.len = offset;
 
 			ret = fips_run_test();
 			if (ret < 0) {
@@ -2331,18 +2325,18 @@  fips_mct_sha_test(void)
 			if (ret < 0)
 				return ret;
 
-			memcpy(md[0].val, md[1].val, md[1].len);
-			md[0].len = md[1].len;
-			memcpy(md[1].val, md[2].val, md[2].len);
-			md[1].len = md[2].len;
+			for (k = 1; k < md_blocks; k++) {
+				memcpy(md[k-1].val, md[k].val, md[k].len);
+				md[k-1].len = md[k].len;
+			}
 
-			memcpy(md[2].val, (val.val + vec.pt.len),
+			memcpy(md[md_blocks-1].val, (val.val + vec.pt.len),
 				vec.cipher_auth.digest.len);
-			md[2].len = vec.cipher_auth.digest.len;
+			md[md_blocks-1].len = vec.cipher_auth.digest.len;
 		}
 
-		memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
-		vec.cipher_auth.digest.len = md[2].len;
+		memcpy(vec.cipher_auth.digest.val, md[md_blocks-1].val, md[md_blocks-1].len);
+		vec.cipher_auth.digest.len = md[md_blocks-1].len;
 
 		if (info.file_type != FIPS_TYPE_JSON)
 			fprintf(info.fp_wr, "COUNT = %u\n", j);
@@ -2353,14 +2347,12 @@  fips_mct_sha_test(void)
 			fprintf(info.fp_wr, "\n");
 	}
 
-	for (i = 0; i < (SHA_MD_BLOCK); i++)
+	for (i = 0; i < (md_blocks); i++)
 		rte_free(md[i].val);
 
 	rte_free(vec.pt.val);
 
 	free(val.val);
-	free(msg.val);
-
 	return 0;
 }