Add support in fips_validation to parse SHA3 algorithms.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com>
---
doc/guides/sample_app_ug/fips_validation.rst | 5 +-
examples/fips_validation/fips_validation.h | 1 +
.../fips_validation/fips_validation_hmac.c | 8 ++
.../fips_validation/fips_validation_sha.c | 20 +++--
examples/fips_validation/main.c | 76 +++++++++----------
5 files changed, 61 insertions(+), 49 deletions(-)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst
b/doc/guides/sample_app_ug/fips_validation.rst
index 50d23c789b..55837895fe 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -64,8 +64,9 @@ ACVP
* AES-CTR (128,192,256) - AFT, CTR
* AES-GMAC (128,192,256) - AFT
* AES-XTS (128,256) - AFT
- * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
- * SHA (1, 256, 384, 512) - AFT, MCT
+ * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256,
SHA3_384, SHA3_512)
+ * SHA (1, 224, 256, 384, 512) - AFT, MCT
+ * SHA3 (224, 256, 384, 512) - AFT, MCT
* TDES-CBC - AFT, MCT
* TDES-ECB - AFT, MCT
* RSA
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index 565a5cd36e..6c1bd35849 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -205,6 +205,7 @@ struct sha_interim_data {
/* keep algo always on top as it is also used in asym digest */
enum rte_crypto_auth_algorithm algo;
enum fips_sha_test_types test_type;
+ uint8_t md_blocks;
};
struct gcm_interim_data {
diff --git a/examples/fips_validation/fips_validation_hmac.c
b/examples/fips_validation/fips_validation_hmac.c
index e0721ef028..f1cbc18435 100644
--- a/examples/fips_validation/fips_validation_hmac.c
+++ b/examples/fips_validation/fips_validation_hmac.c
@@ -37,6 +37,10 @@ struct hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
{"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
{"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
+ {"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+ {"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+ {"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+ {"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
};
static int
@@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = {
{"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
{"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
{"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
+ {"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+ {"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+ {"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+ {"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
};
struct fips_test_callback hmac_tests_json_vectors[] = {
diff --git a/examples/fips_validation/fips_validation_sha.c
b/examples/fips_validation/fips_validation_sha.c
index 178ea492d3..8b68f5ed36 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -32,6 +32,10 @@ struct plain_hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA256},
{"48", RTE_CRYPTO_AUTH_SHA384},
{"64", RTE_CRYPTO_AUTH_SHA512},
+ {"28", RTE_CRYPTO_AUTH_SHA3_224},
+ {"32", RTE_CRYPTO_AUTH_SHA3_256},
+ {"48", RTE_CRYPTO_AUTH_SHA3_384},
+ {"64", RTE_CRYPTO_AUTH_SHA3_512},
};
int
@@ -96,12 +100,17 @@ static struct {
static struct plain_hash_algorithms {
const char *str;
enum rte_crypto_auth_algorithm algo;
+ uint8_t md_blocks;
} json_algorithms[] = {
- {"SHA-1", RTE_CRYPTO_AUTH_SHA1},
- {"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
- {"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
- {"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
- {"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+ {"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3},
+ {"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3},
+ {"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3},
+ {"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3},
+ {"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3},
+ {"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1},
+ {"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
+ {"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
+ {"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
};
struct fips_test_callback sha_tests_json_vectors[] = {
@@ -233,6 +242,7 @@ parse_test_sha_json_algorithm(void)
for (i = 0; i < RTE_DIM(json_algorithms); i++) {
if (strstr(algorithm_str, json_algorithms[i].str)) {
info.interim_info.sha_data.algo =
json_algorithms[i].algo;
+ info.interim_info.sha_data.md_blocks =
json_algorithms[i].md_blocks;
break;
}
}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index cc585e8418..cf29e440f1 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2267,22 +2267,27 @@ fips_mct_sha_test(void)
{
#define SHA_EXTERN_ITER 100
#define SHA_INTERN_ITER 1000
-#define SHA_MD_BLOCK 3
+ uint8_t md_blocks = info.interim_info.sha_data.md_blocks;
struct fips_val val = {NULL, 0};
- struct fips_val md[SHA_MD_BLOCK], msg;
+ struct fips_val md[md_blocks];
int ret;
- uint32_t i, j;
+ uint32_t i, j, k, offset, max_outlen;
+
+ max_outlen = md_blocks * vec.cipher_auth.digest.len;
+
+ if (vec.cipher_auth.digest.val)
+ free(vec.cipher_auth.digest.val);
+
+ vec.cipher_auth.digest.val = calloc(1, max_outlen);
- msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
- msg.val = calloc(1, msg.len);
if (vec.pt.val)
memcpy(vec.cipher_auth.digest.val, vec.pt.val,
vec.cipher_auth.digest.len);
- for (i = 0; i < SHA_MD_BLOCK; i++)
- md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
-
rte_free(vec.pt.val);
- vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
+ vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*md_blocks), 0);
+
+ for (i = 0; i < md_blocks; i++)
+ md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
if (info.file_type != FIPS_TYPE_JSON) {
fips_test_write_one_case();
@@ -2290,30 +2295,19 @@ fips_mct_sha_test(void)
}
for (j = 0; j < SHA_EXTERN_ITER; j++) {
-
- memcpy(md[0].val, vec.cipher_auth.digest.val,
- vec.cipher_auth.digest.len);
- md[0].len = vec.cipher_auth.digest.len;
- memcpy(md[1].val, vec.cipher_auth.digest.val,
- vec.cipher_auth.digest.len);
- md[1].len = vec.cipher_auth.digest.len;
- memcpy(md[2].val, vec.cipher_auth.digest.val,
- vec.cipher_auth.digest.len);
- md[2].len = vec.cipher_auth.digest.len;
-
- for (i = 0; i < SHA_MD_BLOCK; i++)
- memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
+ for (i = 0; i < md_blocks; i++) {
+ memcpy(md[i].val, vec.cipher_auth.digest.val,
+ vec.cipher_auth.digest.len);
+ md[i].len = vec.cipher_auth.digest.len;
+ }
for (i = 0; i < (SHA_INTERN_ITER); i++) {
-
- memcpy(vec.pt.val, md[0].val,
- (size_t)md[0].len);
- memcpy((vec.pt.val + md[0].len), md[1].val,
- (size_t)md[1].len);
- memcpy((vec.pt.val + md[0].len + md[1].len),
- md[2].val,
- (size_t)md[2].len);
- vec.pt.len = md[0].len + md[1].len + md[2].len;
+ offset = 0;
+ for (k = 0; k < md_blocks; k++) {
+ memcpy(vec.pt.val + offset, md[k].val,
(size_t)md[k].len);
+ offset += md[k].len;
+ }
+ vec.pt.len = offset;
ret = fips_run_test();
if (ret < 0) {
@@ -2331,18 +2325,18 @@ fips_mct_sha_test(void)
if (ret < 0)
return ret;
- memcpy(md[0].val, md[1].val, md[1].len);
- md[0].len = md[1].len;
- memcpy(md[1].val, md[2].val, md[2].len);
- md[1].len = md[2].len;
+ for (k = 1; k < md_blocks; k++) {
+ memcpy(md[k-1].val, md[k].val, md[k].len);
+ md[k-1].len = md[k].len;
+ }
- memcpy(md[2].val, (val.val + vec.pt.len),
+ memcpy(md[md_blocks-1].val, (val.val + vec.pt.len),
vec.cipher_auth.digest.len);
- md[2].len = vec.cipher_auth.digest.len;
+ md[md_blocks-1].len = vec.cipher_auth.digest.len;
}
- memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
- vec.cipher_auth.digest.len = md[2].len;
+ memcpy(vec.cipher_auth.digest.val, md[md_blocks-1].val,
md[md_blocks-1].len);
+ vec.cipher_auth.digest.len = md[md_blocks-1].len;
if (info.file_type != FIPS_TYPE_JSON)
fprintf(info.fp_wr, "COUNT = %u\n", j);
@@ -2353,14 +2347,12 @@ fips_mct_sha_test(void)
fprintf(info.fp_wr, "\n");
}
- for (i = 0; i < (SHA_MD_BLOCK); i++)
+ for (i = 0; i < (md_blocks); i++)
rte_free(md[i].val);
rte_free(vec.pt.val);
free(val.val);
- free(msg.val);
-
return 0;
}
--
2.25.1
