Hi Akhil,
Please see inline.
Thanks
Tejasree
> -----Original Message-----
> From: Akhil Goyal <gak...@marvell.com>
> Sent: Wednesday, March 24, 2021 1:18 AM
> To: Tejasree Kondoj <ktejas...@marvell.com>; Radu Nicolau
> <radu.nico...@intel.com>; Fiona Trahe <fiona.tr...@intel.com>; Fan Zhang
> <roy.fan.zh...@intel.com>; Arek Kusztal <arkadiuszx.kusz...@intel.com>
> Cc: Anoob Joseph <ano...@marvell.com>; Ankur Dwivedi
> <adwiv...@marvell.com>; Jerin Jacob Kollanukkaran <jer...@marvell.com>;
> dev@dpdk.org
> Subject: RE: [PATCH 2/2] test/crypto: support block cipher
> DIGEST_ENCRYPTED mode
>
> > @@ -2565,6 +3052,108 @@ static const struct blockcipher_test_case
> > aes_chain_test_cases[] = {
> > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY_DEC,
> > .feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS,
> > },
> > + {
> > + .test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest"
> > + "(Encrypted Digest mode)",
> > + .test_data = &aes_test_data_4_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > + .feature_mask =
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > + {
> > + .test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> > + "Scatter Gather (Encrypted Digest mode)",
> > + .test_data = &aes_test_data_4_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > +
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > + {
> > + .test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> > + "(short buffers) (Encrypted Digest mode)",
> > + .test_data = &aes_test_data_13_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > + .feature_mask =
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > + {
> > + .test_descr = "AES-128-CBC HMAC-SHA1 Encryption Digest "
> > + "Scatter Gather (Encrypted Digest mode)",
> > + .test_data = &aes_test_data_4_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > +
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> I believe this is getting repeated with the 2nd case.
[Tejasree] Yes. Will remove duplicate.
>
> > + {
> > + .test_descr = "AES-192-CBC HMAC-SHA1 Encryption Digest "
> > + "Sessionless (Encrypted Digest mode)",
> > + .test_data = &aes_test_data_10_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> > |
> > +
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > + {
> > + .test_descr = "AES-256-CBC HMAC-SHA1 Encryption Digest "
> > + "Scatter Gather Sessionless (Encrypted Digest
> > mode)",
> > + .test_data = &aes_test_data_11_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN_ENC,
> > + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > + BLOCKCIPHER_TEST_FEATURE_SESSIONLESS |
> > + BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > + {
> > + .test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > + "Verify (Encrypted Digest mode)",
> > + .test_data = &aes_test_data_4_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > + .feature_mask =
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > + {
> > + .test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > + "Verify Scatter Gather (Encrypted Digest mode)",
> > + .test_data = &aes_test_data_4_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > +
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > + {
> > + .test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > + "Verify (short buffers) (Encrypted Digest mode)",
> > + .test_data = &aes_test_data_13_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > + .feature_mask =
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > + {
> > + .test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > + "Verify Scatter Gather (Encrypted Digest mode)",
> > + .test_data = &aes_test_data_4_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SG |
> > +
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
>
> The above one is also duplicate. Please check.
[Tejasree] Yes. Will remove this.
>
> > + {
> > + .test_descr = "AES-256-CBC HMAC-SHA1 Decryption Digest "
> > + "Verify Sessionless (Encrypted Digest mode)",
> > + .test_data = &aes_test_data_11_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> > |
> > +
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > + {
> > + .test_descr = "AES-192-CBC HMAC-SHA1 Decryption Digest "
> > + "Verify Scatter Gather Sessionless (Encrypted Digest
> > mode)",
> > + .test_data = &aes_test_data_10_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> > |
> > + BLOCKCIPHER_TEST_FEATURE_SG |
> > +
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > + {
> > + .test_descr = "AES-128-CBC HMAC-SHA1 Decryption Digest "
> > + "Verify Sessionless (Encrypted Digest mode)",
> > + .test_data = &aes_test_data_4_digest_enc,
> > + .op_mask = BLOCKCIPHER_TEST_OP_DEC_AUTH_VERIFY,
> > + .feature_mask = BLOCKCIPHER_TEST_FEATURE_SESSIONLESS
> > |
> > +
> > BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED,
> > + },
> > {
> > .test_descr = "NULL-CIPHER-NULL-AUTH encrypt & gen
> x8byte",
> > .test_data = &null_test_data_chain_x8_multiple,
>
> [snip]
>
> > @@ -558,18 +620,20 @@ test_blockcipher_one_case(const struct
> > blockcipher_test_case *t,
> > }
> > }
> >
> > - if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> > - uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> > - tdata->ciphertext.len);
> > + /* Check digest data only in enc-then-auth_gen case */
>
> Why? The test vector should have an encrypted digest value to check.
> Otherwise how can we validate that the authentication SHA and encryption
> On that SHA is correct or not?
[Tejasree] Cipher text has both encrypted plain text and encrypted digest value.
If cipher text is correct, it implies digest is generated properly.
Will amend the comment to better reflect this.
>
> > + if (!(t->op_mask & BLOCKCIPHER_TEST_OP_DIGEST_ENCRYPTED))
> > + if (t->op_mask & BLOCKCIPHER_TEST_OP_AUTH_GEN) {
> > + uint8_t *auth_res = pktmbuf_mtod_offset(iobuf,
> > + tdata->ciphertext.len);
> >
> > - if (memcmp(auth_res, tdata->digest.data, digest_len)) {
> > - snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN,
> > "line %u "
> > - "FAILED: %s", __LINE__, "Generated "
> > - "digest data not as expected");
> > - status = TEST_FAILED;
> > - goto error_exit;
> > + if (memcmp(auth_res, tdata->digest.data,
> > digest_len)) {
> > + snprintf(test_msg,
> > BLOCKCIPHER_TEST_MSG_LEN, "line %u "
> > + "FAILED: %s", __LINE__, "Generated "
> > + "digest data not as expected");
> > + status = TEST_FAILED;
> > + goto error_exit;
> > + }
> > }
> > - }
> >
