[v1] examples/fips_validation: add parsing for sha
Checks
Commit Message
Added function to parse algorithm for SHA test. Verified with SHA 1 and 256
vectors. SHA 384 and 512 has some issues with the way jansson objects are
created, which could be addressed separately.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/fips_validation.c | 2 +
examples/fips_validation/fips_validation.h | 10 +
.../fips_validation/fips_validation_sha.c | 188 ++++++++++++++++++
examples/fips_validation/main.c | 37 +++-
4 files changed, 226 insertions(+), 11 deletions(-)
Comments
Hi,
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Tuesday, June 28, 2022 2:14 PM
> To: dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Dooley, Brian
> <brian.dooley@intel.com>; Anoob Joseph <anoobj@marvell.com>; Archana
> Muniganti <marchana@marvell.com>; Jerin Jacob <jerinj@marvell.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [PATCH v1] examples/fips_validation: add parsing for sha
>
> Added function to parse algorithm for SHA test. Verified with SHA 1 and 256
> vectors. SHA 384 and 512 has some issues with the way jansson objects are
> created, which could be addressed separately.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
<snip>
> +#endif /* USE_JANSSON */
> diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
> index 7ccb5f52f4..41347de199 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1693,19 +1693,24 @@ fips_mct_sha_test(void)
> #define SHA_EXTERN_ITER 100
> #define SHA_INTERN_ITER 1000
> #define SHA_MD_BLOCK 3
> - struct fips_val val = {NULL, 0}, md[SHA_MD_BLOCK];
> + struct fips_val val[2] = {{NULL, 0},}, md[SHA_MD_BLOCK], msg;
I see to get around with the callback function limitation you extend the fips val to
an array. Nice move! But if it is not too much trouble for you - please comment
the purpose of the change - it will make the future maintenance much easier!
> char temp[MAX_DIGEST_SIZE*2];
> int ret;
> uint32_t i, j;
>
> + msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
> + msg.val = calloc(1, msg.len);
> + memcpy(vec.cipher_auth.digest.val, vec.pt.val,
> vec.cipher_auth.digest.len);
> for (i = 0; i < SHA_MD_BLOCK; i++)
> md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
>
> rte_free(vec.pt.val);
> vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
>
> - fips_test_write_one_case();
> - fprintf(info.fp_wr, "\n");
> + if (info.file_type != FIPS_TYPE_JSON) {
> + fips_test_write_one_case();
> + fprintf(info.fp_wr, "\n");
> + }
>
> for (j = 0; j < SHA_EXTERN_ITER; j++) {
>
> @@ -1719,6 +1724,9 @@ fips_mct_sha_test(void)
> vec.cipher_auth.digest.len);
> md[2].len = vec.cipher_auth.digest.len;
>
> + for (i = 0; i < SHA_MD_BLOCK; i++)
> + memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
> +
> for (i = 0; i < (SHA_INTERN_ITER); i++) {
>
> memcpy(vec.pt.val, md[0].val,
> @@ -1742,7 +1750,7 @@ fips_mct_sha_test(void)
> return ret;
> }
>
> - ret = get_writeback_data(&val);
> + ret = get_writeback_data(&val[0]);
> if (ret < 0)
> return ret;
>
> @@ -1751,7 +1759,7 @@ fips_mct_sha_test(void)
> memcpy(md[1].val, md[2].val, md[2].len);
> md[1].len = md[2].len;
>
> - memcpy(md[2].val, (val.val + vec.pt.len),
> + memcpy(md[2].val, (val[0].val + vec.pt.len),
> vec.cipher_auth.digest.len);
> md[2].len = vec.cipher_auth.digest.len;
> }
> @@ -1759,11 +1767,14 @@ fips_mct_sha_test(void)
> memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
> vec.cipher_auth.digest.len = md[2].len;
>
> - fprintf(info.fp_wr, "COUNT = %u\n", j);
> -
> - writeback_hex_str("", temp, &vec.cipher_auth.digest);
> -
> - fprintf(info.fp_wr, "MD = %s\n\n", temp);
> + if (info.file_type != FIPS_TYPE_JSON) {
> + fprintf(info.fp_wr, "COUNT = %u\n", j);
> + writeback_hex_str("", temp, &vec.cipher_auth.digest);
> + fprintf(info.fp_wr, "MD = %s\n\n", temp);
> + }
> + val[1].val = msg.val;
> + val[1].len = msg.len;
> + info.parse_writeback(val);
> }
>
> for (i = 0; i < (SHA_MD_BLOCK); i++)
> @@ -1771,7 +1782,8 @@ fips_mct_sha_test(void)
>
> rte_free(vec.pt.val);
>
> - free(val.val);
> + free(val[0].val);
It took me a while to understand why you don't free val[1] ??.
Nicely done anyway.
> + free(msg.val);
>
> return 0;
> }
> @@ -1996,6 +2008,9 @@ fips_test_one_test_group(void)
> case FIPS_TEST_ALGO_AES:
> ret = parse_test_aes_json_init();
> break;
> + case FIPS_TEST_ALGO_SHA:
> + ret = parse_test_sha_json_init();
> + break;
> default:
> return -EINVAL;
> }
> --
> 2.25.1
Other than that
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Hi Fan,
<snip>
> > --- a/examples/fips_validation/main.c
> > +++ b/examples/fips_validation/main.c
> > @@ -1693,19 +1693,24 @@ fips_mct_sha_test(void)
> > #define SHA_EXTERN_ITER 100
> > #define SHA_INTERN_ITER 1000
> > #define SHA_MD_BLOCK 3
> > - struct fips_val val = {NULL, 0}, md[SHA_MD_BLOCK];
> > + struct fips_val val[2] = {{NULL, 0},}, md[SHA_MD_BLOCK], msg;
>
> I see to get around with the callback function limitation you extend the fips val
> to an array. Nice move! But if it is not too much trouble for you - please
> comment the purpose of the change - it will make the future maintenance much
> easier!
Yes, I have added a comment on why val is an array in V3 patch.
>
> > char temp[MAX_DIGEST_SIZE*2];
> > int ret;
> > uint32_t i, j;
> >
> > + msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
> > + msg.val = calloc(1, msg.len);
> > + memcpy(vec.cipher_auth.digest.val, vec.pt.val,
> > vec.cipher_auth.digest.len);
> > for (i = 0; i < SHA_MD_BLOCK; i++)
> > md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
> >
> > rte_free(vec.pt.val);
> > vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
> >
> > - fips_test_write_one_case();
> > - fprintf(info.fp_wr, "\n");
> > + if (info.file_type != FIPS_TYPE_JSON) {
> > + fips_test_write_one_case();
> > + fprintf(info.fp_wr, "\n");
> > + }
> >
> > for (j = 0; j < SHA_EXTERN_ITER; j++) {
> >
> > @@ -1719,6 +1724,9 @@ fips_mct_sha_test(void)
> > vec.cipher_auth.digest.len);
> > md[2].len = vec.cipher_auth.digest.len;
> >
> > + for (i = 0; i < SHA_MD_BLOCK; i++)
> > + memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
> > +
> > for (i = 0; i < (SHA_INTERN_ITER); i++) {
> >
> > memcpy(vec.pt.val, md[0].val,
> > @@ -1742,7 +1750,7 @@ fips_mct_sha_test(void)
> > return ret;
> > }
> >
> > - ret = get_writeback_data(&val);
> > + ret = get_writeback_data(&val[0]);
> > if (ret < 0)
> > return ret;
> >
> > @@ -1751,7 +1759,7 @@ fips_mct_sha_test(void)
> > memcpy(md[1].val, md[2].val, md[2].len);
> > md[1].len = md[2].len;
> >
> > - memcpy(md[2].val, (val.val + vec.pt.len),
> > + memcpy(md[2].val, (val[0].val + vec.pt.len),
> > vec.cipher_auth.digest.len);
> > md[2].len = vec.cipher_auth.digest.len;
> > }
> > @@ -1759,11 +1767,14 @@ fips_mct_sha_test(void)
> > memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
> > vec.cipher_auth.digest.len = md[2].len;
> >
> > - fprintf(info.fp_wr, "COUNT = %u\n", j);
> > -
> > - writeback_hex_str("", temp, &vec.cipher_auth.digest);
> > -
> > - fprintf(info.fp_wr, "MD = %s\n\n", temp);
> > + if (info.file_type != FIPS_TYPE_JSON) {
> > + fprintf(info.fp_wr, "COUNT = %u\n", j);
> > + writeback_hex_str("", temp, &vec.cipher_auth.digest);
> > + fprintf(info.fp_wr, "MD = %s\n\n", temp);
> > + }
> > + val[1].val = msg.val;
> > + val[1].len = msg.len;
> > + info.parse_writeback(val);
> > }
> >
> > for (i = 0; i < (SHA_MD_BLOCK); i++) @@ -1771,7 +1782,8 @@
> > fips_mct_sha_test(void)
> >
> > rte_free(vec.pt.val);
> >
> > - free(val.val);
> > + free(val[0].val);
>
> It took me a while to understand why you don't free val[1] ??.
> Nicely done anyway.
>
> > + free(msg.val);
> >
> > return 0;
> > }
> > @@ -1996,6 +2008,9 @@ fips_test_one_test_group(void)
> > case FIPS_TEST_ALGO_AES:
> > ret = parse_test_aes_json_init();
> > break;
> > + case FIPS_TEST_ALGO_SHA:
> > + ret = parse_test_sha_json_init();
> > + break;
> > default:
> > return -EINVAL;
> > }
> > --
> > 2.25.1
>
> Other than that
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Thanks.
@@ -466,6 +466,8 @@ fips_test_parse_one_json_vector_set(void)
info.algo = FIPS_TEST_ALGO_AES_CBC;
else if (strstr(algo_str, "AES-XTS"))
info.algo = FIPS_TEST_ALGO_AES_XTS;
+ else if (strstr(algo_str, "SHA"))
+ info.algo = FIPS_TEST_ALGO_SHA;
else
return -EINVAL;
@@ -133,6 +133,7 @@ enum fips_ccm_test_types {
enum fips_sha_test_types {
SHA_KAT = 0,
+ SHA_AFT,
SHA_MCT
};
@@ -280,6 +281,15 @@ parse_test_aes_json_init(void);
int
parse_test_xts_json_init(void);
+
+int
+parse_test_sha_json_init(void);
+
+int
+parse_test_sha_json_algorithm(void);
+
+int
+parse_test_sha_json_test_type(void);
#endif /* USE_JANSSON */
int
@@ -17,6 +17,11 @@
#define SEED_STR "Seed = "
#define MCT_STR "Monte"
+#define ALGO_JSON_STR "algorithm"
+#define TESTTYPE_JSON_STR "testType"
+
+#define PT_JSON_STR "msg"
+
struct plain_hash_size_conversion {
const char *str;
enum rte_crypto_auth_algorithm algo;
@@ -62,6 +67,32 @@ struct fips_test_callback sha_tests_interim_vectors[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+#ifdef USE_JANSSON
+static struct {
+ uint32_t type;
+ const char *desc;
+} sha_test_types[] = {
+ {SHA_MCT, "MCT"},
+ {SHA_AFT, "AFT"},
+};
+
+static struct plain_hash_algorithms {
+ const char *str;
+ enum rte_crypto_auth_algorithm algo;
+} json_algorithms[] = {
+ {"SHA-1", RTE_CRYPTO_AUTH_SHA1},
+ {"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
+ {"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
+ {"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
+ {"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+};
+
+struct fips_test_callback sha_tests_json_vectors[] = {
+ {PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+#endif /* USE_JANSSON */
+
static int
parse_test_sha_writeback(struct fips_val *val) // !
{
@@ -108,3 +139,160 @@ parse_test_sha_init(void)
info.kat_check = rsp_test_sha_check;
return 0;
}
+
+#ifdef USE_JANSSON
+static int
+parse_test_sha_json_writeback(struct fips_val *val)
+{
+ struct fips_val val_local;
+ json_t *tcId, *md;
+
+ tcId = json_object_get(json_info.json_test_case, "tcId");
+
+ json_info.json_write_case = json_object();
+ json_object_set_new(json_info.json_write_case, "tcId", tcId);
+
+ val_local.val = val->val + vec.pt.len;
+ val_local.len = vec.cipher_auth.digest.len;
+
+ writeback_hex_str("", info.one_line_text, &val_local);
+ md = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "md", md);
+
+ return 0;
+}
+
+static int
+parse_test_sha_mct_json_writeback(struct fips_val *val)
+{
+ json_t *tcId, *msg, *md, *resArr, *res;
+ struct fips_val val_local;
+
+ tcId = json_object_get(json_info.json_test_case, "tcId");
+ if (json_info.json_write_case) {
+ json_t *wcId;
+
+ wcId = json_object_get(json_info.json_write_case, "tcId");
+ if (!json_equal(tcId, wcId)) {
+ json_info.json_write_case = json_object();
+ json_object_set_new(json_info.json_write_case, "tcId", tcId);
+ json_object_set_new(json_info.json_write_case, "resultsArray",
+ json_array());
+ }
+ } else {
+ json_info.json_write_case = json_object();
+ json_object_set_new(json_info.json_write_case, "tcId", tcId);
+ json_object_set_new(json_info.json_write_case, "resultsArray", json_array());
+ }
+
+ resArr = json_object_get(json_info.json_write_case, "resultsArray");
+ if (!json_is_array(resArr))
+ return -EINVAL;
+
+ res = json_object();
+
+ writeback_hex_str("", info.one_line_text, &val[1]);
+ msg = json_string(info.one_line_text);
+ json_object_set_new(res, "msg", msg);
+
+ val_local.val = val[0].val + vec.pt.len;
+ val_local.len = vec.cipher_auth.digest.len;
+
+ writeback_hex_str("", info.one_line_text, &val_local);
+ md = json_string(info.one_line_text);
+ json_object_set_new(res, "md", md);
+
+ json_array_append_new(resArr, res);
+ return 0;
+}
+
+int
+parse_test_sha_json_algorithm(void)
+{
+ json_t *algorithm_object;
+ const char *algorithm_str;
+ uint32_t i;
+
+ algorithm_object = json_object_get(json_info.json_vector_set, "algorithm");
+ algorithm_str = json_string_value(algorithm_object);
+
+ for (i = 0; i < RTE_DIM(json_algorithms); i++) {
+ if (strstr(algorithm_str, json_algorithms[i].str)) {
+ info.interim_info.sha_data.algo = json_algorithms[i].algo;
+ break;
+ }
+ }
+
+ if (i == RTE_DIM(json_algorithms))
+ return -1;
+
+ for (i = 0; i < RTE_DIM(phsc); i++) {
+ if (info.interim_info.sha_data.algo == phsc[i].algo) {
+ vec.cipher_auth.digest.len = atoi(phsc[i].str);
+ vec.cipher_auth.digest.val = calloc(0, vec.cipher_auth.digest.len * 8);
+ break;
+ }
+ }
+
+ if (i == RTE_DIM(phsc))
+ return -1;
+
+ return 0;
+}
+
+int
+parse_test_sha_json_test_type(void)
+{
+ json_t *type_object;
+ const char *type_str;
+ uint32_t i;
+
+ type_object = json_object_get(json_info.json_test_group, TESTTYPE_JSON_STR);
+ type_str = json_string_value(type_object);
+
+ for (i = 0; i < RTE_DIM(sha_test_types); i++)
+ if (strstr(type_str, sha_test_types[i].desc)) {
+ info.interim_info.aes_data.test_type =
+ sha_test_types[i].type;
+ break;
+ }
+
+ if (i == RTE_DIM(sha_test_types))
+ return -1;
+
+ switch (info.interim_info.sha_data.test_type) {
+ case SHA_MCT:
+ info.parse_writeback = parse_test_sha_mct_json_writeback;
+ break;
+ case SHA_AFT:
+ info.parse_writeback = parse_test_sha_json_writeback;
+ break;
+ default:
+ info.parse_writeback = NULL;
+ }
+
+ if (!info.parse_writeback)
+ return -1;
+
+ return 0;
+}
+
+int
+parse_test_sha_json_init(void)
+{
+ info.op = FIPS_TEST_ENC_AUTH_GEN;
+ info.parse_writeback = parse_test_sha_json_writeback;
+ info.callbacks = sha_tests_json_vectors;
+ info.writeback_callbacks = NULL;
+ info.kat_check = rsp_test_sha_check;
+ info.interim_callbacks = NULL;
+
+ if (parse_test_sha_json_algorithm() < 0)
+ return -1;
+
+ if (parse_test_sha_json_test_type() < 0)
+ return -1;
+
+ return 0;
+}
+#endif /* USE_JANSSON */
@@ -1693,19 +1693,24 @@ fips_mct_sha_test(void)
#define SHA_EXTERN_ITER 100
#define SHA_INTERN_ITER 1000
#define SHA_MD_BLOCK 3
- struct fips_val val = {NULL, 0}, md[SHA_MD_BLOCK];
+ struct fips_val val[2] = {{NULL, 0},}, md[SHA_MD_BLOCK], msg;
char temp[MAX_DIGEST_SIZE*2];
int ret;
uint32_t i, j;
+ msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
+ msg.val = calloc(1, msg.len);
+ memcpy(vec.cipher_auth.digest.val, vec.pt.val, vec.cipher_auth.digest.len);
for (i = 0; i < SHA_MD_BLOCK; i++)
md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
rte_free(vec.pt.val);
vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
- fips_test_write_one_case();
- fprintf(info.fp_wr, "\n");
+ if (info.file_type != FIPS_TYPE_JSON) {
+ fips_test_write_one_case();
+ fprintf(info.fp_wr, "\n");
+ }
for (j = 0; j < SHA_EXTERN_ITER; j++) {
@@ -1719,6 +1724,9 @@ fips_mct_sha_test(void)
vec.cipher_auth.digest.len);
md[2].len = vec.cipher_auth.digest.len;
+ for (i = 0; i < SHA_MD_BLOCK; i++)
+ memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
+
for (i = 0; i < (SHA_INTERN_ITER); i++) {
memcpy(vec.pt.val, md[0].val,
@@ -1742,7 +1750,7 @@ fips_mct_sha_test(void)
return ret;
}
- ret = get_writeback_data(&val);
+ ret = get_writeback_data(&val[0]);
if (ret < 0)
return ret;
@@ -1751,7 +1759,7 @@ fips_mct_sha_test(void)
memcpy(md[1].val, md[2].val, md[2].len);
md[1].len = md[2].len;
- memcpy(md[2].val, (val.val + vec.pt.len),
+ memcpy(md[2].val, (val[0].val + vec.pt.len),
vec.cipher_auth.digest.len);
md[2].len = vec.cipher_auth.digest.len;
}
@@ -1759,11 +1767,14 @@ fips_mct_sha_test(void)
memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
vec.cipher_auth.digest.len = md[2].len;
- fprintf(info.fp_wr, "COUNT = %u\n", j);
-
- writeback_hex_str("", temp, &vec.cipher_auth.digest);
-
- fprintf(info.fp_wr, "MD = %s\n\n", temp);
+ if (info.file_type != FIPS_TYPE_JSON) {
+ fprintf(info.fp_wr, "COUNT = %u\n", j);
+ writeback_hex_str("", temp, &vec.cipher_auth.digest);
+ fprintf(info.fp_wr, "MD = %s\n\n", temp);
+ }
+ val[1].val = msg.val;
+ val[1].len = msg.len;
+ info.parse_writeback(val);
}
for (i = 0; i < (SHA_MD_BLOCK); i++)
@@ -1771,7 +1782,8 @@ fips_mct_sha_test(void)
rte_free(vec.pt.val);
- free(val.val);
+ free(val[0].val);
+ free(msg.val);
return 0;
}
@@ -1996,6 +2008,9 @@ fips_test_one_test_group(void)
case FIPS_TEST_ALGO_AES:
ret = parse_test_aes_json_init();
break;
+ case FIPS_TEST_ALGO_SHA:
+ ret = parse_test_sha_json_init();
+ break;
default:
return -EINVAL;
}