1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
|
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2018 Intel Corporation
*/
#ifndef _FIPS_VALIDATION_H_
#define _FIPS_VALIDATION_H_
#ifdef USE_JANSSON
#include <jansson.h>
#endif /* USE_JANSSON */
#define FIPS_PARSE_ERR(fmt, args) \
RTE_LOG(ERR, USER1, "FIPS parse error" ## fmt ## "\n", ## args)
#define ERR_MSG_SIZE 128
#define MAX_CASE_LINE 15
#define MAX_LINE_CHAR 204800 /*< max number of characters per line */
#define MAX_NB_TESTS 10240
#define DEF_MBUF_SEG_SIZE (UINT16_MAX - sizeof(struct rte_mbuf) - \
RTE_PKTMBUF_HEADROOM)
#define MAX_STRING_SIZE 64
#define MAX_FILE_NAME_SIZE 256
#define MAX_DIGEST_SIZE 64
#define POSITIVE_TEST 0
#define NEGATIVE_TEST -1
#define REQ_FILE_PREFIX "req"
#define RSP_FILE_PREFIX "rsp"
#define FAX_FILE_PREFIX "fax"
#define JSON_FILE_PREFIX "json"
#define ACVVERSION "1.0"
enum fips_test_algorithms {
FIPS_TEST_ALGO_AES = 0,
FIPS_TEST_ALGO_AES_CBC,
FIPS_TEST_ALGO_AES_CTR,
FIPS_TEST_ALGO_AES_GCM,
FIPS_TEST_ALGO_AES_GMAC,
FIPS_TEST_ALGO_AES_CMAC,
FIPS_TEST_ALGO_AES_CCM,
FIPS_TEST_ALGO_AES_XTS,
FIPS_TEST_ALGO_HMAC,
FIPS_TEST_ALGO_TDES,
FIPS_TEST_ALGO_SHA,
FIPS_TEST_ALGO_RSA,
FIPS_TEST_ALGO_ECDSA,
FIPS_TEST_ALGO_EDDSA,
FIPS_TEST_ALGO_MAX
};
enum file_types {
FIPS_TYPE_REQ = 1,
FIPS_TYPE_FAX,
FIPS_TYPE_RSP,
FIPS_TYPE_JSON,
};
enum fips_test_op {
FIPS_TEST_ENC_AUTH_GEN = 1,
FIPS_TEST_DEC_AUTH_VERIF,
FIPS_TEST_ASYM_KEYGEN,
FIPS_TEST_ASYM_SIGGEN,
FIPS_TEST_ASYM_SIGVER
};
#define MAX_LINE_PER_VECTOR 16
struct fips_val {
uint8_t *val;
uint32_t len;
};
struct fips_test_vector {
union {
struct {
struct fips_val key;
struct fips_val digest;
struct fips_val auth_aad;
struct fips_val aad;
} cipher_auth;
struct {
struct fips_val key;
struct fips_val digest;
struct fips_val aad;
} aead;
};
struct {
struct fips_val seed;
struct fips_val signature;
struct fips_val e;
struct fips_val n;
struct fips_val d;
struct fips_val p;
struct fips_val q;
struct fips_val dp;
struct fips_val dq;
struct fips_val qinv;
} rsa;
struct {
struct fips_val seed;
struct fips_val pkey;
struct fips_val qx;
struct fips_val qy;
struct fips_val r;
struct fips_val s;
struct fips_val k;
} ecdsa;
struct {
struct fips_val pkey;
struct fips_val q;
struct fips_val ctx;
struct fips_val sign;
} eddsa;
struct fips_val pt;
struct fips_val ct;
struct fips_val iv;
enum rte_crypto_op_status status;
};
typedef int (*post_prcess_t)(struct fips_val *val);
typedef int (*parse_callback_t)(const char *key, char *text,
struct fips_val *val);
struct fips_test_callback {
const char *key;
parse_callback_t cb;
struct fips_val *val;
};
enum fips_aesavs_test_types {
AESAVS_TYPE_GFXBOX = 1,
AESAVS_TYPE_KEYSBOX,
AESAVS_TYPE_VARKEY,
AESAVS_TYPE_VARTXT,
AESAVS_TYPE_MMT,
AESAVS_TYPE_MCT,
AESAVS_TYPE_AFT,
AESAVS_TYPE_CTR,
};
enum fips_tdes_test_types {
TDES_INVERSE_PERMUTATION = 0,
TDES_PERMUTATION,
TDES_SUBSTITUTION_TABLE,
TDES_VARIABLE_KEY,
TDES_VARIABLE_TEXT,
TDES_KAT,
TDES_AFT, /* Functional Test */
TDES_MCT, /* Monte Carlo (Modes) Test */
TDES_MMT /* Multi block Message Test */
};
enum fips_tdes_test_mode {
TDES_MODE_CBC = 0,
TDES_MODE_ECB
};
enum fips_ccm_test_types {
CCM_VADT = 1, /* Variable Associated Data Test */
CCM_VPT, /* Variable Payload Test */
CCM_VNT, /* Variable Nonce Test */
CCM_VTT, /* Variable Tag Test */
CCM_DVPT, /* Decryption-Verification Process Test */
};
enum fips_sha_test_types {
SHA_KAT = 0,
SHA_AFT,
SHA_MCT,
SHAKE_VOT
};
enum fips_rsa_test_types {
RSA_AFT = 0,
RSA_GDT,
RSA_KAT
};
enum fips_ecdsa_test_types {
ECDSA_AFT = 0,
};
enum fips_eddsa_test_types {
EDDSA_AFT = 0,
EDDSA_BFT
};
struct aesavs_interim_data {
enum fips_aesavs_test_types test_type;
uint32_t cipher_algo;
uint32_t key_len;
};
struct hmac_interim_data {
enum rte_crypto_auth_algorithm algo;
};
struct tdes_interim_data {
enum fips_tdes_test_types test_type;
enum fips_tdes_test_mode test_mode;
uint32_t nb_keys;
};
struct ccm_interim_data {
enum fips_ccm_test_types test_type;
uint32_t aad_len;
uint32_t pt_len;
uint32_t digest_len;
uint32_t key_len;
uint32_t iv_len;
};
struct sha_interim_data {
/* keep algo always on top as it is also used in asym digest */
enum rte_crypto_auth_algorithm algo;
enum fips_sha_test_types test_type;
uint8_t min_outlen;
uint8_t md_blocks;
};
struct gcm_interim_data {
uint8_t is_gmac;
uint8_t gen_iv;
};
enum xts_tweak_modes {
XTS_TWEAK_MODE_HEX = 0,
XTS_TWEAK_MODE_NUMBER
};
struct xts_interim_data {
enum xts_tweak_modes tweak_mode;
};
struct rsa_interim_data {
enum rte_crypto_auth_algorithm auth;
uint16_t modulo;
uint16_t saltlen;
enum rte_crypto_rsa_padding_type padding;
enum rte_crypto_rsa_priv_key_type privkey;
uint8_t random_msg;
};
struct ecdsa_interim_data {
enum rte_crypto_auth_algorithm auth;
enum rte_crypto_curve_id curve_id;
uint8_t curve_len;
uint8_t random_msg;
uint8_t pubkey_gen;
};
struct eddsa_interim_data {
enum rte_crypto_curve_id curve_id;
uint8_t curve_len;
uint8_t pubkey_gen;
bool prehash;
};
#ifdef USE_JANSSON
/*
* Maximum length of buffer to hold any json string.
* Esp, in asym op, modulo bits decide char buffer size.
* max = (modulo / 4)
*/
#define FIPS_TEST_JSON_BUF_LEN ((4096 / 4) + 1)
struct fips_test_json_info {
/* Information used for reading from json */
json_t *json_root;
json_t *json_vector_set;
json_t *json_test_group;
json_t *json_test_case;
/* Location of json write output */
json_t *json_write_root;
json_t *json_write_group;
json_t *json_write_set;
json_t *json_write_case;
/* Other info */
uint8_t is_sample;
};
#endif /* USE_JANSSON */
struct fips_test_interim_info {
FILE *fp_rd;
FILE *fp_wr;
enum file_types file_type;
enum fips_test_algorithms algo;
char *one_line_text;
char *vec[MAX_LINE_PER_VECTOR];
uint32_t vec_start_off;
uint32_t nb_vec_lines;
char device_name[MAX_STRING_SIZE];
char file_name[MAX_FILE_NAME_SIZE];
float version;
union {
struct aesavs_interim_data aes_data;
struct hmac_interim_data hmac_data;
struct tdes_interim_data tdes_data;
struct ccm_interim_data ccm_data;
struct sha_interim_data sha_data;
struct gcm_interim_data gcm_data;
struct xts_interim_data xts_data;
struct rsa_interim_data rsa_data;
struct ecdsa_interim_data ecdsa_data;
struct eddsa_interim_data eddsa_data;
} interim_info;
enum fips_test_op op;
const struct fips_test_callback *callbacks;
const struct fips_test_callback *interim_callbacks;
const struct fips_test_callback *writeback_callbacks;
post_prcess_t parse_interim_writeback;
post_prcess_t post_interim_writeback;
post_prcess_t parse_writeback;
post_prcess_t kat_check;
};
extern struct fips_test_vector vec;
extern struct fips_test_interim_info info;
#ifdef USE_JANSSON
extern struct fips_test_json_info json_info;
#endif /* USE_JANSSON */
int
fips_test_init(const char *req_file_path, const char *rsp_file_path,
const char *device_name);
void
fips_test_clear(void);
int
fips_test_fetch_one_block(void);
int
fips_test_parse_one_case(void);
void
fips_test_write_one_case(void);
#ifdef USE_JANSSON
int
fips_test_parse_one_json_vector_set(void);
int
fips_test_parse_one_json_group(void);
int
fips_test_parse_one_json_case(void);
int
parse_test_gcm_json_init(void);
int
parse_test_ccm_json_init(void);
int
parse_test_hmac_json_init(void);
int
parse_test_hmac_json_algorithm(void);
int
parse_test_cmac_json_init(void);
int
parse_test_aes_json_init(void);
int
parse_test_xts_json_init(void);
int
parse_test_sha_json_init(void);
int
parse_test_sha_json_algorithm(void);
int
parse_test_sha_json_test_type(void);
int
parse_test_tdes_json_init(void);
int
parse_test_rsa_json_init(void);
int
parse_test_ecdsa_json_init(void);
int
parse_test_eddsa_json_init(void);
int
fips_test_randomize_message(struct fips_val *msg, struct fips_val *rand);
#endif /* USE_JANSSON */
int
parse_test_aes_init(void);
int
parse_test_tdes_init(void);
int
parse_test_hmac_init(void);
int
parse_test_gcm_init(void);
int
parse_test_cmac_init(void);
int
parse_test_ccm_init(void);
int
parse_test_sha_init(void);
int
parse_test_xts_init(void);
int
parser_read_uint8_hex(uint8_t *value, const char *p);
int
parse_uint8_hex_str(const char *key, char *src, struct fips_val *val);
int
parse_uint8_known_len_hex_str(const char *key, char *src, struct fips_val *val);
int
parser_read_uint16(uint16_t *value, const char *p);
int
parser_read_uint32_val(const char *key, char *src, struct fips_val *val);
int
parser_read_uint32_bit_val(const char *key, char *src, struct fips_val *val);
int
parser_read_uint32(uint32_t *value, char *p);
int
parser_read_uint32_val(const char *key, char *src, struct fips_val *val);
int
writeback_hex_str(const char *key, char *dst, struct fips_val *val);
void
parse_write_hex_str(struct fips_val *src);
int
update_info_vec(uint32_t count);
typedef int (*fips_test_one_case_t)(void);
typedef int (*fips_prepare_op_t)(void);
typedef int (*fips_prepare_sym_xform_t)(struct rte_crypto_sym_xform *);
typedef int (*fips_prepare_asym_xform_t)(struct rte_crypto_asym_xform *);
struct fips_test_ops {
fips_prepare_sym_xform_t prepare_sym_xform;
fips_prepare_asym_xform_t prepare_asym_xform;
fips_prepare_op_t prepare_sym_op;
fips_prepare_op_t prepare_asym_op;
fips_test_one_case_t test;
};
extern struct fips_test_ops test_ops;
int prepare_aead_op(void);
int prepare_auth_op(void);
int prepare_gcm_xform(struct rte_crypto_sym_xform *xform);
int prepare_gmac_xform(struct rte_crypto_sym_xform *xform);
int parse_test_sha_hash_size(enum rte_crypto_auth_algorithm algo);
#endif
|
