From patchwork Tue Jan 9 14:00:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 123964 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4054306qgn; Tue, 9 Jan 2018 06:00:38 -0800 (PST) X-Google-Smtp-Source: ACJfBov/prPhiCHIVHzf0s2/w9UhgnbRhhARvPqDwhCDqvejRLm3AVP7Ck3GmYCuJCYx9H8j25NJ X-Received: by 10.200.48.55 with SMTP id f52mr20031590qte.248.1515506438739; Tue, 09 Jan 2018 06:00:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515506438; cv=none; d=google.com; s=arc-20160816; b=PVPSMYLeqJPH2umigIrq1sYj6RU+2pxRgM146Z+mA3/5ZEuys+44UNFoqcMUDRSCWJ +SEVuRc2dDddl6wsaj8AhH6+ZsHikIQl5h2+mbk9O+UDMnv62/fcpp3/9rx8gx9ef+Lg UW/7Jd7ADCNsJciibVcIW246X2BvJ+5Nj4cPee54dVK6D3sVx/zYe7IEej90KQpAKDLs D2XOiaQIMYNKc0baSTM+U+Jl2jE0y9LRu1xtQcdzhWwxAgbYiP4h8lJlgD+A9MTQOa4l yJCjKAEjLpOMIymkhoF2uaD77cU5jDLx0ZGKv6CXbjZaAx/mtQe0MRJWW/pvQ9ynU0jz 6NnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=h6Os862pE21crRcEqbqjNfSCj7uBdG1U3OnX+gcoLlc=; b=MpLJFpWJLB/Cr0szV0ReGOEb7bVY9VRPBOAq/8Fpust7EKMfeAlGTMckRpXA54TYal dgcSyq/RM7I+HfWRPVVLlL5Cc/mtsMs04SVE6yoevQAehviEYFjHq2Hb1rMVMykFY/sn AhdEowNRExcObV7JvMdD1ZS8Lu4dnVAkRINXqpyMClEMMI1bnhRp5AVXe//WpB+rOqnz A55QAFzfr44ni/znCnYmvKKest8Wh1wt4YLV3X021tH1wP9YQ5NsktNbmPeOTGj1Bk/Q C6cYUjNRqll/TVoAL+PwiXpmvsSIB7BUPkKMmibctQiM5pzIgjRG0lgdW7s4FhxQralb Ld9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id z31si876343qth.483.2018.01.09.06.00.37; Tue, 09 Jan 2018 06:00:38 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id B578161508; Tue, 9 Jan 2018 14:00:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2 autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 5516661525; Tue, 9 Jan 2018 14:00:24 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3554B61508; Tue, 9 Jan 2018 14:00:21 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id 085156089D for ; Tue, 9 Jan 2018 14:00:14 +0000 (UTC) Received: from mxback3j.mail.yandex.net (mxback3j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10c]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 2267D4443A20 for ; Tue, 9 Jan 2018 17:00:12 +0300 (MSK) Received: from smtp3o.mail.yandex.net (smtp3o.mail.yandex.net [2a02:6b8:0:1a2d::27]) by mxback3j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 4mD0QVSMFK-0CIOdqTu; Tue, 09 Jan 2018 17:00:12 +0300 Received: by smtp3o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id aiuW5Y5dlI-0Bped09L; Tue, 09 Jan 2018 17:00:11 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 9 Jan 2018 17:00:09 +0300 Message-Id: <1515506409-6056-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515506409-6056-1-git-send-email-odpbot@yandex.ru> References: <1515506409-6056-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 385 Subject: [lng-odp] [PATCH CATERPILLAR v1 1/1] linux-dpdk: crypto support for cipher & auth only feature X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Balakrishna Garapati Signed-off-by: Balakrishna Garapati --- /** Email created from pull request 385 (GBalakrishna:dpdk_17.02_crypto_updates) ** https://github.com/Linaro/odp/pull/385 ** Patch: https://github.com/Linaro/odp/pull/385.patch ** Base sha: 4d17f8ae64aba0e6f24877be30f86ae5880cef7e ** Merge commit sha: 776d7e2c0edadcd2923d570ce1fa12ec9f9fe542 **/ platform/linux-dpdk/odp_crypto.c | 203 +++++++++++++++-------- platform/linux-dpdk/test/wrapper-script.sh | 2 +- platform/linux-generic/odp_ipsec_sad.c | 2 + test/performance/odp_crypto.c | 26 ++- test/validation/api/crypto/odp_crypto_test_inp.c | 2 +- test/validation/api/crypto/test_vectors.h | 13 -- test/validation/api/ipsec/ipsec.c | 30 +++- test/validation/api/ipsec/ipsec.h | 12 +- 8 files changed, 180 insertions(+), 110 deletions(-) diff --git a/platform/linux-dpdk/odp_crypto.c b/platform/linux-dpdk/odp_crypto.c index ea014c8e8..3bf7cb799 100644 --- a/platform/linux-dpdk/odp_crypto.c +++ b/platform/linux-dpdk/odp_crypto.c @@ -31,6 +31,14 @@ #define MAX_SESSIONS 2048 #define NB_MBUF 8192 +enum crypto_chain_order { + CRYPTO_CHAIN_ONLY_CIPHER, + CRYPTO_CHAIN_ONLY_AUTH, + CRYPTO_CHAIN_CIPHER_AUTH, + CRYPTO_CHAIN_AUTH_CIPHER, + CRYPTO_CHAIN_NOT_SUPPORTED +}; + typedef struct crypto_session_entry_s crypto_session_entry_t; struct crypto_session_entry_s { struct crypto_session_entry_s *next; @@ -116,13 +124,14 @@ static int auth_alg_odp_to_rte(odp_auth_alg_t auth_alg, switch (auth_alg) { case ODP_AUTH_ALG_NULL: auth_xform->auth.algo = RTE_CRYPTO_AUTH_NULL; + auth_xform->auth.digest_length = 0; break; case ODP_AUTH_ALG_MD5_HMAC: #if ODP_DEPRECATED_API case ODP_AUTH_ALG_MD5_96: #endif auth_xform->auth.algo = RTE_CRYPTO_AUTH_MD5_HMAC; - auth_xform->auth.digest_length = 12; + auth_xform->auth.digest_length = 16; break; case ODP_AUTH_ALG_SHA256_HMAC: #if ODP_DEPRECATED_API @@ -538,9 +547,9 @@ int odp_crypto_cipher_capability(odp_cipher_alg_t cipher, i = 0; cap = &dev_info.capabilities[i]; while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) { - cap_cipher_algo = cap->sym.cipher.algo; if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + cap_cipher_algo = cap->sym.cipher.algo; if (cap_cipher_algo == cipher_xform.cipher.algo) break; } @@ -615,7 +624,7 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth, while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) { cap_auth_algo = cap->sym.auth.algo; if (cap->sym.xform_type == - RTE_CRYPTO_SYM_XFORM_CIPHER) { + RTE_CRYPTO_SYM_XFORM_AUTH) { if (cap_auth_algo == auth_xform.auth.algo) break; } @@ -663,76 +672,105 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth, return idx; } -static int get_crypto_dev(struct rte_crypto_sym_xform *cipher_xform, - struct rte_crypto_sym_xform *auth_xform, +static int get_crypto_dev(struct rte_crypto_sym_xform *first_xform, + enum crypto_chain_order res, uint16_t iv_length, uint8_t *dev_id) { uint8_t cdev_id, id; const struct rte_cryptodev_capabilities *cap; + struct rte_crypto_sym_xform *auth_xform = NULL; + struct rte_crypto_sym_xform *cipher_xform = NULL; enum rte_crypto_cipher_algorithm cap_cipher_algo; enum rte_crypto_auth_algorithm cap_auth_algo; enum rte_crypto_cipher_algorithm app_cipher_algo; enum rte_crypto_auth_algorithm app_auth_algo; + switch (res) { + case CRYPTO_CHAIN_ONLY_CIPHER: + cipher_xform = first_xform; + break; + case CRYPTO_CHAIN_ONLY_AUTH: + auth_xform = first_xform; + break; + case CRYPTO_CHAIN_CIPHER_AUTH: + cipher_xform = first_xform; + auth_xform = first_xform->next; + break; + case CRYPTO_CHAIN_AUTH_CIPHER: + auth_xform = first_xform; + cipher_xform = first_xform->next; + break; + default: + return -1; + } + for (id = 0; id < global->enabled_crypto_devs; id++) { struct rte_cryptodev_info dev_info; int i = 0; cdev_id = global->enabled_crypto_dev_ids[id]; rte_cryptodev_info_get(cdev_id, &dev_info); - app_cipher_algo = cipher_xform->cipher.algo; cap = &dev_info.capabilities[i]; - while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) { - cap_cipher_algo = cap->sym.cipher.algo; + while (cipher_xform && cap->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + app_cipher_algo = cipher_xform->cipher.algo; + cap_cipher_algo = cap->sym.cipher.algo; if (cap_cipher_algo == app_cipher_algo) break; } - cap = &dev_info.capabilities[++i]; + cap = &dev_info.capabilities[++i]; } if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) continue; - /* Check if key size is supported by the algorithm. */ - if (cipher_xform->cipher.key.length) { - if (is_valid_size(cipher_xform->cipher.key.length, - cap->sym.cipher.key_size.min, - cap->sym.cipher.key_size.max, - cap->sym.cipher.key_size. - increment) != 0) { - ODP_ERR("Unsupported cipher key length\n"); - return -1; - } - /* No size provided, use minimum size. */ - } else - cipher_xform->cipher.key.length = - cap->sym.cipher.key_size.min; - - /* Check if iv length is supported by the algorithm. */ - if (iv_length) { - if (is_valid_size(iv_length, - cap->sym.cipher.iv_size.min, - cap->sym.cipher.iv_size.max, - cap->sym.cipher.iv_size. - increment) != 0) { - ODP_ERR("Unsupported iv length\n"); - return -1; + if (cipher_xform) { + /* Check if key size is supported by the algorithm. */ + if (cipher_xform->cipher.key.length) { + if (is_valid_size( + cipher_xform->cipher.key.length, + cap->sym.cipher.key_size.min, + cap->sym.cipher.key_size.max, + cap->sym.cipher.key_size. + increment) != 0) { + ODP_ERR("Invalid cipher key length\n"); + return -1; + } + /* No size provided, use minimum size. */ + } else + cipher_xform->cipher.key.length = + cap->sym.cipher.key_size.min; + + /* Check if iv length is supported by the algorithm. */ + if (iv_length) { + if (is_valid_size(iv_length, + cap->sym.cipher.iv_size.min, + cap->sym.cipher.iv_size.max, + cap->sym.cipher.iv_size. + increment) != 0) { + ODP_ERR("Invalid iv length\n"); + return -1; + } } } + if (cipher_xform && !auth_xform) { + memcpy(dev_id, &cdev_id, sizeof(cdev_id)); + return 0; + } + i = 0; - app_auth_algo = auth_xform->auth.algo; cap = &dev_info.capabilities[i]; - while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) { - cap_auth_algo = cap->sym.auth.algo; + while (auth_xform && cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) { if ((cap->sym.xform_type == - RTE_CRYPTO_SYM_XFORM_AUTH) & - (cap_auth_algo == app_auth_algo)) { - break; + RTE_CRYPTO_SYM_XFORM_AUTH)) { + app_auth_algo = auth_xform->auth.algo; + cap_auth_algo = cap->sym.auth.algo; + if (cap_auth_algo == app_auth_algo) + break; } - cap = &dev_info.capabilities[++i]; } @@ -786,6 +824,7 @@ int odp_crypto_session_create(odp_crypto_session_param_t *param, struct rte_crypto_sym_xform auth_xform; struct rte_crypto_sym_xform *first_xform; struct rte_cryptodev_sym_session *session; + enum crypto_chain_order res = CRYPTO_CHAIN_NOT_SUPPORTED; crypto_session_entry_t *entry; *session_out = ODP_CRYPTO_SESSION_INVALID; @@ -810,6 +849,16 @@ int odp_crypto_session_create(odp_crypto_session_param_t *param, cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; cipher_xform.next = NULL; + rc = cipher_alg_odp_to_rte(param->cipher_alg, &cipher_xform); + + /* Check result */ + if (rc) { + *status = ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; + /* remove the crypto_session_entry_t */ + memset(entry, 0, sizeof(*entry)); + free_session(entry); + return -1; + } if (param->cipher_key.length) { /* Cipher Data */ @@ -828,12 +877,22 @@ int odp_crypto_session_create(odp_crypto_session_param_t *param, param->cipher_key.data, param->cipher_key.length); } else { - cipher_xform.cipher.key.data = 0; cipher_xform.cipher.key.length = 0; + cipher_xform.cipher.key.data = 0; } auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH; auth_xform.next = NULL; + rc = auth_alg_odp_to_rte(param->auth_alg, &auth_xform); + + /* Check result */ + if (rc) { + *status = ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH; + /* remove the crypto_session_entry_t */ + memset(entry, 0, sizeof(*entry)); + free_session(entry); + return -1; + } if (param->auth_key.length) { /* Authentication Data */ @@ -855,7 +914,6 @@ int odp_crypto_session_create(odp_crypto_session_param_t *param, auth_xform.auth.key.length = 0; } - /* Derive order */ if (ODP_CRYPTO_OP_ENCODE == param->op) entry->do_cipher_first = param->auth_cipher_text; @@ -868,35 +926,36 @@ int odp_crypto_session_create(odp_crypto_session_param_t *param, cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE; first_xform = &cipher_xform; - first_xform->next = &auth_xform; + if (auth_xform.auth.algo == RTE_CRYPTO_AUTH_NULL) { + first_xform->next = NULL; + res = CRYPTO_CHAIN_ONLY_CIPHER; + } else if (cipher_xform.cipher.algo == RTE_CRYPTO_CIPHER_NULL) { + first_xform = &auth_xform; + first_xform->next = NULL; + res = CRYPTO_CHAIN_ONLY_AUTH; + } else { + first_xform->next = &auth_xform; + res = CRYPTO_CHAIN_CIPHER_AUTH; + } } else { cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; first_xform = &auth_xform; - first_xform->next = &cipher_xform; - } - - rc = cipher_alg_odp_to_rte(param->cipher_alg, &cipher_xform); - - /* Check result */ - if (rc) { - *status = ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; - return -1; - } - - rc = auth_alg_odp_to_rte(param->auth_alg, &auth_xform); - - /* Check result */ - if (rc) { - *status = ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH; - /* remove the crypto_session_entry_t */ - memset(entry, 0, sizeof(*entry)); - free_session(entry); - return -1; + if (cipher_xform.cipher.algo == RTE_CRYPTO_CIPHER_NULL) { + first_xform->next = NULL; + res = CRYPTO_CHAIN_ONLY_AUTH; + } else if (auth_xform.auth.algo == RTE_CRYPTO_AUTH_NULL) { + first_xform = &cipher_xform; + first_xform->next = NULL; + res = CRYPTO_CHAIN_ONLY_CIPHER; + } else { + first_xform->next = &cipher_xform; + res = CRYPTO_CHAIN_AUTH_CIPHER; + } } - rc = get_crypto_dev(&cipher_xform, - &auth_xform, + rc = get_crypto_dev(first_xform, + res, param->iv.length, &cdev_id); @@ -1269,15 +1328,13 @@ int odp_crypto_int(odp_packet_t pkt_in, op->sym->auth.aad.length = aad_len; } - if (entry->iv.length == 0) { - ODP_ERR("Wrong IV length"); - goto err_op_free; - } - op->sym->cipher.iv.data = rte_malloc("iv", entry->iv.length, 0); - if (op->sym->cipher.iv.data == NULL) { - ODP_ERR("Failed to allocate memory for IV"); - goto err_op_free; + if (entry->iv.length) { + op->sym->cipher.iv.data = rte_malloc("iv", entry->iv.length, 0); + if (op->sym->cipher.iv.data == NULL) { + ODP_ERR("Failed to allocate memory for IV"); + goto err_op_free; + } } if (param->override_iv_ptr) { diff --git a/platform/linux-dpdk/test/wrapper-script.sh b/platform/linux-dpdk/test/wrapper-script.sh index 1fbb16f7e..5cc597ada 100755 --- a/platform/linux-dpdk/test/wrapper-script.sh +++ b/platform/linux-dpdk/test/wrapper-script.sh @@ -1,6 +1,6 @@ #!/bin/bash -export ODP_PLATFORM_PARAMS=${ODP_PLATFORM_PARAMS:--n 4 --vdev "crypto_openssl"} +export ODP_PLATFORM_PARAMS=${ODP_PLATFORM_PARAMS:--n 4 --vdev "crypto_openssl" --vdev "crypto_null"} # where to mount huge pages export HUGEPAGEDIR=${HUGEPAGEDIR:-/mnt/huge} diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index f0b5b9e4a..7ac3a65c6 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -303,6 +303,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_3DES_CBC: ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 8; + crypto_param.iv.length = 8; break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_CBC: @@ -310,6 +311,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_AES_CBC: ipsec_sa->esp_iv_len = 16; ipsec_sa->esp_block_len = 16; + crypto_param.iv.length = 16; break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_GCM: diff --git a/test/performance/odp_crypto.c b/test/performance/odp_crypto.c index 0cbc2754e..0f5523e6f 100644 --- a/test/performance/odp_crypto.c +++ b/test/performance/odp_crypto.c @@ -32,17 +32,26 @@ static uint8_t test_iv[8] = "01234567"; -static uint8_t test_key16[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, +static uint8_t test_key24[24] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, + 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18 }; -static uint8_t test_key24[24] = { 0x01, 0x02, 0x03, 0x04, 0x05, +static uint8_t test_key64[64] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18 + 0x15, 0x16, 0x17, 0x18, 0x19, + 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, + 0x1f, 0x20, 0x21, 0x22, 0x23, + 0x24, 0x25, 0x26, 0x27, 0x28, + 0x29, 0x2a, 0x2b, 0x2c, 0x2d, + 0x2e, 0x2f, 0x30, 0x31, 0x32, + 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, + 0x3d, 0x3e, 0x3f, 0x40 }; /** @@ -208,8 +217,8 @@ static crypto_alg_config_t algs_config[] = { }, .auth_alg = ODP_AUTH_ALG_MD5_HMAC, .auth_key = { - .data = test_key16, - .length = sizeof(test_key16) + .data = test_key64, + .length = sizeof(test_key64) }, .auth_digest_len = 12, }, @@ -220,8 +229,8 @@ static crypto_alg_config_t algs_config[] = { .cipher_alg = ODP_CIPHER_ALG_NULL, .auth_alg = ODP_AUTH_ALG_MD5_HMAC, .auth_key = { - .data = test_key16, - .length = sizeof(test_key16) + .data = test_key64, + .length = sizeof(test_key64) }, .auth_digest_len = 12, }, @@ -429,6 +438,7 @@ create_session_from_config(odp_crypto_session_t *session, odp_crypto_session_param_init(¶ms); memcpy(¶ms, &config->session, sizeof(odp_crypto_session_param_t)); params.op = ODP_CRYPTO_OP_ENCODE; + params.auth_cipher_text = 1; params.pref_mode = ODP_CRYPTO_SYNC; /* Lookup the packet pool */ diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c b/test/validation/api/crypto/odp_crypto_test_inp.c index f05780377..ed45bc886 100644 --- a/test/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/validation/api/crypto/odp_crypto_test_inp.c @@ -416,7 +416,7 @@ static void alg_test(odp_crypto_op_t op, /* Create a crypto session */ odp_crypto_session_param_init(&ses_params); ses_params.op = op; - ses_params.auth_cipher_text = false; + ses_params.auth_cipher_text = true; ses_params.op_mode = suite_context.op_mode; ses_params.pref_mode = suite_context.pref_mode; ses_params.cipher_alg = cipher_alg; diff --git a/test/validation/api/crypto/test_vectors.h b/test/validation/api/crypto/test_vectors.h index 652968be7..0db9511c4 100644 --- a/test/validation/api/crypto/test_vectors.h +++ b/test/validation/api/crypto/test_vectors.h @@ -54,19 +54,6 @@ static crypto_test_reference_t tdes_cbc_reference[] = { .length = 8, .plaintext = { 0x32, 0x6a, 0x49, 0x4c, 0xd3, 0x3f, 0xe7, 0x56 }, .ciphertext = { 0xb2, 0x2b, 0x8d, 0x66, 0xde, 0x97, 0x06, 0x92 } - }, - { - .cipher_key_length = TDES_CBC_KEY_LEN, - .cipher_key = { 0x37, 0xae, 0x5e, 0xbf, 0x46, 0xdf, 0xf2, 0xdc, - 0x07, 0x54, 0xb9, 0x4f, 0x31, 0xcb, 0xb3, 0x85, - 0x5e, 0x7f, 0xd3, 0x6d, 0xc8, 0x70, 0xbf, 0xae}, - .iv_length = TDES_CBC_IV_LEN, - .iv = {0x3d, 0x1d, 0xe3, 0xcc, 0x13, 0x2e, 0x3b, 0x65 }, - .length = 16, - .plaintext = { 0x84, 0x40, 0x1f, 0x78, 0xfe, 0x6c, 0x10, 0x87, - 0x6d, 0x8e, 0xa2, 0x30, 0x94, 0xea, 0x53, 0x09 }, - .ciphertext = { 0x7b, 0x1f, 0x7c, 0x7e, 0x3b, 0x1c, 0x94, 0x8e, - 0xbd, 0x04, 0xa7, 0x5f, 0xfb, 0xa7, 0xd2, 0xf5 } } }; diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index a8fdf2b14..824ac6ef2 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -119,7 +119,8 @@ static void pktio_stop(odp_pktio_t pktio) int ipsec_check(odp_bool_t ah, odp_cipher_alg_t cipher, uint32_t cipher_bits, - odp_auth_alg_t auth) + odp_auth_alg_t auth, + uint32_t auth_bits) { odp_ipsec_capability_t capa; odp_crypto_cipher_capability_t cipher_capa[MAX_ALG_CAPA]; @@ -220,52 +221,65 @@ int ipsec_check(odp_bool_t ah, } if (!found) { - fprintf(stderr, "Unsupported key length\n"); + fprintf(stderr, "Unsupported cipher key length\n"); return ODP_TEST_INACTIVE; } + found = false; num = odp_ipsec_auth_capability(auth, auth_capa, MAX_ALG_CAPA); if (num <= 0) { fprintf(stderr, "Wrong auth capabilities\n"); return ODP_TEST_INACTIVE; } + for (i = 0; i < num; i++) { + if (auth_capa[i].key_len == auth_bits / 8) { + found = 1; + break; + } + } + + if (!found) { + fprintf(stderr, "Unsupported auth key length\n"); + return ODP_TEST_INACTIVE; + } + return ODP_TEST_ACTIVE; } int ipsec_check_ah_sha256(void) { - return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC); + return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC, 256); } int ipsec_check_esp_null_sha256(void) { return ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0, - ODP_AUTH_ALG_SHA256_HMAC); + ODP_AUTH_ALG_SHA256_HMAC, 256); } int ipsec_check_esp_aes_cbc_128_null(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, 128, - ODP_AUTH_ALG_NULL); + ODP_AUTH_ALG_NULL, 0); } int ipsec_check_esp_aes_cbc_128_sha256(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, 128, - ODP_AUTH_ALG_SHA256_HMAC); + ODP_AUTH_ALG_SHA256_HMAC, 256); } int ipsec_check_esp_aes_gcm_128(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 128, - ODP_AUTH_ALG_AES_GCM); + ODP_AUTH_ALG_AES_GCM, 128); } int ipsec_check_esp_aes_gcm_256(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 256, - ODP_AUTH_ALG_AES_GCM); + ODP_AUTH_ALG_AES_GCM, 256); } void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index d1c6854b7..3a35ed616 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -74,16 +74,16 @@ void ipsec_check_out_in_one(const ipsec_test_part *part, int ipsec_check(odp_bool_t ah, odp_cipher_alg_t cipher, uint32_t cipher_bits, - odp_auth_alg_t auth); -#define ipsec_check_ah(auth) \ - ipsec_check(true, ODP_CIPHER_ALG_NULL, 0, auth) -#define ipsec_check_esp(cipher, cipher_bits, auth) \ - ipsec_check(false, cipher, cipher_bits, auth) + odp_auth_alg_t auth, + uint32_t auth_bits); +#define ipsec_check_ah(auth, auth_bits) \ + ipsec_check(true, ODP_CIPHER_ALG_NULL, 0, auth, auth_bits) +#define ipsec_check_esp(cipher, cipher_bits, auth, auth_bits) \ + ipsec_check(false, cipher, cipher_bits, auth, auth_bits) int ipsec_check_ah_sha256(void); int ipsec_check_esp_null_sha256(void); int ipsec_check_esp_aes_cbc_128_null(void); int ipsec_check_esp_aes_cbc_128_sha256(void); int ipsec_check_esp_aes_gcm_128(void); int ipsec_check_esp_aes_gcm_256(void); - #endif