> @@ -2565,6 +3052,108 @@ static const struct blockcipher_test_case
> aes_chain_test_cases[] = {
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY_DEC,
> .feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> },
> + {
> + .test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest"
> + "(Encrypted Digest mode)",
> + .test_data = &aes_test_data_4_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> + .feature_mask =
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> + {
> + .test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> + "Scatter Gather (Encrypted Digest mode)",
> + .test_data = &aes_test_data_4_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> +
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> + {
> + .test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> + "(short buffers) (Encrypted Digest mode)",
> + .test_data = &aes_test_data_13_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> + .feature_mask =
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> + {
> + .test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> + "Scatter Gather (Encrypted Digest mode)",
> + .test_data = &aes_test_data_4_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> +
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
I believe this is getting repeated with the 2nd case.
> + {
> + .test_descr = "AES-192-CBC HMAC-SHA1 Encryption Digest "
> + "Sessionless (Encrypted Digest mode)",
> + .test_data = &aes_test_data_10_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> |
> +
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> + {
> + .test_descr = "AES-256-CBC HMAC-SHA1 Encryption Digest "
> + "Scatter Gather Sessionless (Encrypted Digest
> mode)",
> + .test_data = &aes_test_data_11_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> + BLOCKCIPHER_TEST_FEATURE_SESSIONLESS |
> + BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> + {
> + .test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> + "Verify (Encrypted Digest mode)",
> + .test_data = &aes_test_data_4_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> + .feature_mask =
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> + {
> + .test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> + "Verify Scatter Gather (Encrypted Digest mode)",
> + .test_data = &aes_test_data_4_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> +
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> + {
> + .test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> + "Verify (short buffers) (Encrypted Digest mode)",
> + .test_data = &aes_test_data_13_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> + .feature_mask =
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> + {
> + .test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> + "Verify Scatter Gather (Encrypted Digest mode)",
> + .test_data = &aes_test_data_4_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> +
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
The above one is also duplicate. Please check.
> + {
> + .test_descr = "AES-256-CBC HMAC-SHA1 Decryption Digest "
> + "Verify Sessionless (Encrypted Digest mode)",
> + .test_data = &aes_test_data_11_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> |
> +
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> + {
> + .test_descr = "AES-192-CBC HMAC-SHA1 Decryption Digest "
> + "Verify Scatter Gather Sessionless (Encrypted Digest
> mode)",
> + .test_data = &aes_test_data_10_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> |
> + BLOCKCIPHER_TEST_FEATURE_SG |
> +
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> + {
> + .test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> + "Verify Sessionless (Encrypted Digest mode)",
> + .test_data = &aes_test_data_4_digest_enc,
> + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> |
> +
> BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> + },
> {
> .test_descr = "NULL-CIPHER-NULL-AUTH encrypt & gen
> x8byte",
> .test_data = &null_test_data_chain_x8_multiple,
[snip]
> @@ -558,18 +620,20 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
> }
> }
>
> - if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> - uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> - tdata->ciphertext.len);
> + /* Check digest data only in enc-then-auth_gen case */
Why? The test vector should have an encrypted digest value to check.
Otherwise how can we validate that the authentication SHA and encryption
On that SHA is correct or not?
> + if (!(t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED))
> + if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> + uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> + tdata->ciphertext.len);
>
> - if (memcmp(auth_res, tdata->digest.data, digest_len)) {
> - snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> "line %u "
> - "FAILED: %s", __LINE__, "Generated "
> - "digest data not as expected");
> - status = TEST_FAILED;
> - goto error_exit;
> + if (memcmp(auth_res, tdata->digest.data,
> digest_len)) {
> + snprintf(test_msg,
> BLOCKCIPHER_TEST_MSG_LEN, "line %u "
> + "FAILED: %s", __LINE__, "Generated "
> + "digest data not as expected");
> + status = TEST_FAILED;
> + goto error_exit;
> + }
> }
> - }
>
