| Age | Commit message (Collapse) | Author |
|---|
|
Fix EdDSA signature size.
Fixes: 12ede9ac497f ("examples/fips_validation: support EdDSA")
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Plain text needs to be prehashed for RSA as well in asymmetric
crypto validation.
Fixes: 12ede9ac497f ("examples/fips_validation: support EdDSA")
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
RSA padding information could be a xform entity rather than part of
crypto op, as it seems associated with hashing algorithm used for
the entire crypto session, where this algorithm is used in message
digest itself. Even in virtIO standard spec, this info is associated
in the asymmetric session creation. Hence, moving this info from
crypto op into xform structure.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Arkadiusz Kusztal <[email protected]>
Acked-by: Akhil Goyal <[email protected]>
|
|
Add EdDSA support in fips_validation app.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Fix NULL dereference, out-of-bound, bad bit shift issues
reported by coverity scan.
Coverity issue: 384440, 384435, 384433, 384429
Fixes: 36128a67c27e ("examples/fips_validation: add asymmetric validation")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Reduce code duplication by providing a simple inline helper.
Signed-off-by: David Marchand <[email protected]>
Acked-by: Tyler Retzlaff <[email protected]>
Acked-by: Bruce Richardson <[email protected]>
|
|
Replace PMD with USER1 since that is already used in main
Fixes: 41d561cbdd24 ("examples/fips_validation: add power on self test")
Signed-off-by: Stephen Hemminger <[email protected]>
|
|
The EC private and public keys can be maintained per session,
hence, moved these keys from per packet asym op to EC xform.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Ciara Power <[email protected]>
|
|
Now that DPDK provides such bit count functions, make use of them.
This patch was prepared with a "brutal" commandline:
$ old=__builtin_clzll; new=rte_clz64;
git grep -lw $old :^lib/eal/include/rte_bitops.h |
xargs sed -i -e "s#\<$old\>#$new#g"
$ old=__builtin_clz; new=rte_clz32;
git grep -lw $old :^lib/eal/include/rte_bitops.h |
xargs sed -i -e "s#\<$old\>#$new#g"
$ old=__builtin_ctzll; new=rte_ctz64;
git grep -lw $old :^lib/eal/include/rte_bitops.h |
xargs sed -i -e "s#\<$old\>#$new#g"
$ old=__builtin_ctz; new=rte_ctz32;
git grep -lw $old :^lib/eal/include/rte_bitops.h |
xargs sed -i -e "s#\<$old\>#$new#g"
$ old=__builtin_popcountll; new=rte_popcount64;
git grep -lw $old :^lib/eal/include/rte_bitops.h |
xargs sed -i -e "s#\<$old\>#$new#g"
$ old=__builtin_popcount; new=rte_popcount32;
git grep -lw $old :^lib/eal/include/rte_bitops.h |
xargs sed -i -e "s#\<$old\>#$new#g"
Then inclusion of rte_bitops.h was added were necessary.
Signed-off-by: David Marchand <[email protected]>
Acked-by: Tyler Retzlaff <[email protected]>
Reviewed-by: Long Li <[email protected]>
|
|
For AES GCM non JSON decrypt test cases the digest length
is being set incorrectly.The digest length is not being
cleared after test cases, causing an issue when running
tests individually without the --path-is-folder flag.
This fix adds the digest length correctly to the decrypt
cases and clears the digest length after each test file.
Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")
Cc: [email protected]
Signed-off-by: Samina Arshad <[email protected]>
Acked-by: Brian Dooley <[email protected]>
Acked-by: Gowrishankar Muthukrishnan <[email protected]>
|
|
Added sources were not referenced in the makefile used when compiling
this example externally.
Fixes: 36128a67c27e ("examples/fips_validation: add asymmetric validation")
Fixes: b455d261eb89 ("examples/fips_validation: validate ECDSA")
Cc: [email protected]
Signed-off-by: David Marchand <[email protected]>
Acked-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Bruce Richardson <[email protected]>
|
|
Non JSON SHA MCT tests produce incorrect digest due to a regression
while handling MD blocks in common for all kind of SHA, SHA2, SHA3
and SHAKE algorithms. Fixing this along with some cleanup to use
only rte_malloc API for storing test vectors as in other tests.
Fixes: 1ea7940e0f44 ("examples/fips_validation: add SHA3 validation")
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Tested-by: Brian Dooley <[email protected]>
|
|
No check for null pointer is necessary before calling free().
Fixes: 1ea7940e0f44 ("examples/fips_validation: add SHA3 validation")
Fixes: 225f04fb3e4c ("examples/fips_validation: add SHAKE validation")
Signed-off-by: Stephen Hemminger <[email protected]>
|
|
Current test buffer to copy input data of maximum possible length
did not account NULL character, due to which a last input character
is always ignored and it causes tests like RSA SIGVER for modulo
of 4096 bits to fail. This patch fixes it.
Fixes: 0b65d54f3a4 ("examples/fips_validation: fix JSON buffer size")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Fix AES XTS test to read sequence number correctly.
Fixes: f8e431ed8f6 ("examples/fips_validation: add parsing for AES-XTS")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
AES GCM validation tests fail in FIPS validation due to incorrect
fields populated in response file. This patch fixes them.
Fixes: 5b540bebac8e ("examples/fips_validation: fix GMAC decryption output")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Add SHA3 algorithms in ECDSA as supported.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Add support to validate ECDSA keygen mode tests.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Add support in fips_validation to parse CCM JSON vectors.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Add support in fips_validation to parse SHAKE algorithms.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Parsing integer value in test case vector does not store
it because only string was expected. This patch adds handling
for integer value as well.
Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Add support in fips_validation to parse SHA3 algorithms.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
MCT test for SHA need not print message string along
with digest value.
Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
The function rte_free() already handles NULL argument;
therefore the checks in this code are unnecessary.
Signed-off-by: Stephen Hemminger <[email protected]>
|
|
Digest length is being printed out, not IV length.
Fixes: ac026f4668d0 ("examples/fips_validation: support CMAC parsing")
Fixes: f64adb6714e0 ("examples/fips_validation: support HMAC parsing")
Cc: [email protected]
Signed-off-by: Pablo de Lara <[email protected]>
Reviewed-by: Brian Dooley <[email protected]>
|
|
Replace rand() call in fips validation example with rte_rand().
Coverity issue: 381668
Fixes: e27268bd2103 ("examples/fips_validation: add parsing for AES-GMAC")
Signed-off-by: Brian Dooley <[email protected]>
|
|
When parsing request files check for file type. This fix will remove
dependence on command line parameter for using libjansson
Fixes: 0f42f3d6034c ("examples/fips_validation: share callback with multiple keys")
Signed-off-by: Brian Dooley <[email protected]>
Acked-by: Ciara Power <[email protected]>
Acked-by: Gowrishankar Muthukrishnan <[email protected]>
|
|
This patch adds support in fips_validation app to validate ECDSA.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
AES GMAC decrypt test should output only
whether test passed or failed.
Fixes: ad42b228c6e2 ("examples/fips_validation: fix print for zero length payload")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Reviewed-by: Brian Dooley <[email protected]>
|
|
FIPS conformance tests require randomizing message based on SP 800-106.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
|
|
FIPS RSA validation requires hash digest be encoded with ASN.1
value for digest info.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
|
|
Add support for asymmetric crypto validation starting with RSA.
For the generation of crypto values which is multiprecision in
math, openssl library is used only for this purpose.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Added functionality to parse algorithm for AES CTR test
Signed-off-by: Brian Dooley <[email protected]>
Acked-by: Kai Ji <[email protected]>
Acked-by: Gowrishankar Muthukrishnan <[email protected]>
|
|
Added functionality to parse algorithm for AES GMAC test.
Signed-off-by: Brian Dooley <[email protected]>
Acked-by: Kai Ji <[email protected]>
Acked-by: Gowrishankar Muthukrishnan <[email protected]>
|
|
In asym op, while parsing test interim info, existing buffer of size
256 bytes is not sufficient, hence setting it to maximum that a test
would need.
Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Added function to calculate hash size for a given SHA hash algorithm.
Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Asym tests need a callback to write interim info in expected output.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
If a test group does not have expected key, it should not crash.
This patch fixes parsing test group info to continue further
when a key does not exist (as in asym tests).
Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
In case of FIPS 140-2 format of test vectors in MCT test, msg is
not given in the test vector, hence pt will be NULL which test
function has to handle correctly.
Fixes: d5c247145c2c ("examples/fips_validation: add parsing for SHA")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Tested-by: Brian Dooley <[email protected]>
|
|
Added function to parse algorithm for TDES CBC and ECB tests in JSON.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Make use of key param in test callbacks so that,
test callback can be shared with multiple keys.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Store SHA test type in its own interim info struct instead of AES.
Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Tested-by: Brian Dooley <[email protected]>
|
|
Instead of allocating memory in every external iteration, do once
in the beginning of AES MCT tests and free at the end.
Fixes: 8b8546aaedf ("examples/fips_validation: add parsing for AES-CBC")
Cc: [email protected]
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Brian Dooley <[email protected]>
|
|
Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.
Signed-off-by: Akhil Goyal <[email protected]>
Signed-off-by: Fan Zhang <[email protected]>
Acked-by: Kai Ji <[email protected]>
Tested-by: Gagandeep Singh <[email protected]>
Tested-by: David Coyle <[email protected]>
Tested-by: Kevin O'Sullivan <[email protected]>
|
|
As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.
To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object that the session and session private
data are virtually/physically contiguous, and initializes both
fields. The API rte_cryptodev_sym_session_init is removed.
rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app and other APIs.
In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.
Note: currently single session may be used by different device
drivers, given it is initialized by them. After the change the
session created by one device driver cannot be used or
reinitialized by another driver.
Signed-off-by: Akhil Goyal <[email protected]>
Signed-off-by: Fan Zhang <[email protected]>
Signed-off-by: Ruifeng Wang <[email protected]>
Acked-by: Kai Ji <[email protected]>
Tested-by: Gagandeep Singh <[email protected]>
Tested-by: David Coyle <[email protected]>
Tested-by: Kevin O'Sullivan <[email protected]>
|
|
Do not include <ctype.h>, <errno.h>, and <stdlib.h> from <rte_common.h>,
because they are not used by this file.
Include the needed headers directly from the files that need them.
Signed-off-by: Dmitry Kozlyuk <[email protected]>
Acked-by: Bruce Richardson <[email protected]>
|
|
NIST GCM decrypt result vectors expects to have following print
for zero length payload instead of having no print.
"pt" = ""
Fixes: b09aac2d6e2b ("examples/fips_validation: add JSON to GCM test")
Signed-off-by: Archana Muniganti <[email protected]>
|
|
Added function to parse algorithm for SHA test.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Fan Zhang <[email protected]>
|
|
Added function to parse algorithm for AES XTS test.
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Fan Zhang <[email protected]>
|
|
Add algorithm enum specifically for AES_CBC instead of relying on
AES as such.
Fixes: 8b8546aaedf ("examples/fips_validation: add parsing for AES-CBC")
Signed-off-by: Gowrishankar Muthukrishnan <[email protected]>
Acked-by: Fan Zhang <[email protected]>
|
