diff options
author | Damjan Marion <damarion@cisco.com> | 2019-03-29 13:47:54 +0100 |
---|---|---|
committer | Damjan Marion <damarion@cisco.com> | 2019-04-07 11:19:35 +0200 |
commit | 060bfb987a277624e5644de2fcbee1196c2c76e8 (patch) | |
tree | 2ca6ccf57c09c5e016f9613b0e0e75f8e49475eb /src/plugins/unittest/crypto_test.c | |
parent | dc43bcd8abef2cee4eebdc94d9a82c0194ba00fb (diff) |
crypto: add support for AEAD and AES-GCM
Change-Id: Iff6f81a49b9cff5522fbb4914d47472423eac5db
Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/plugins/unittest/crypto_test.c')
-rw-r--r-- | src/plugins/unittest/crypto_test.c | 210 |
1 files changed, 180 insertions, 30 deletions
diff --git a/src/plugins/unittest/crypto_test.c b/src/plugins/unittest/crypto_test.c index 768221b56ad..eb73e91e186 100644 --- a/src/plugins/unittest/crypto_test.c +++ b/src/plugins/unittest/crypto_test.c @@ -27,25 +27,56 @@ sort_registrations (void *a0, void *a1) unittest_crypto_test_registration_t **r0 = a0; unittest_crypto_test_registration_t **r1 = a1; - return (r0[0]->op > r1[0]->op); + return (strncmp (r0[0]->name, r1[0]->name, 256)); } static clib_error_t * test_crypto (vlib_main_t * vm, crypto_test_main_t * tm) { + vnet_crypto_main_t *cm = &crypto_main; unittest_crypto_test_registration_t *r = tm->test_registrations; unittest_crypto_test_registration_t **rv = 0; + vnet_crypto_alg_data_t *ad; vnet_crypto_op_t *ops = 0, *op; - u8 *computed_data = 0, *s = 0; - u32 computed_data_total_len = 0, n_tests = 0; + u8 *computed_data = 0, *s = 0, *err = 0; + u32 computed_data_total_len = 0, n_ops = 0; u32 i; /* construct registration vector */ while (r) { vec_add1 (rv, r); - computed_data_total_len += r->data.length; - n_tests += 1; + ad = vec_elt_at_index (cm->algs, r->alg); + + for (i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++) + { + vnet_crypto_op_id_t id = ad->op_by_type[i]; + + if (id == 0) + continue; + + switch (i) + { + case VNET_CRYPTO_OP_TYPE_ENCRYPT: + case VNET_CRYPTO_OP_TYPE_DECRYPT: + case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT: + computed_data_total_len += r->ciphertext.length; + n_ops += 1; + break; + case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT: + computed_data_total_len += r->ciphertext.length; + computed_data_total_len += r->tag.length; + n_ops += 1; + break; + case VNET_CRYPTO_OP_TYPE_HMAC: + computed_data_total_len += r->digest.length; + n_ops += 1; + break; + default: + break; + }; + } + /* next */ r = r->next; } @@ -54,23 +85,79 @@ test_crypto (vlib_main_t * vm, crypto_test_main_t * tm) vec_validate_aligned (computed_data, computed_data_total_len - 1, CLIB_CACHE_LINE_BYTES); - vec_validate_aligned (ops, n_tests - 1, CLIB_CACHE_LINE_BYTES); + vec_validate_aligned (ops, n_ops - 1, CLIB_CACHE_LINE_BYTES); computed_data_total_len = 0; + op = ops; /* *INDENT-OFF* */ vec_foreach_index (i, rv) { r = rv[i]; - op = ops + i; - vnet_crypto_op_init (op, r->op); - op->iv = r->iv.data; - op->key = r->key.data; - op->src = r->data.data; - op->dst = computed_data + computed_data_total_len; - op->len = r->data.length; - op->key_len = r->key.length; - op->hmac_trunc_len = r->hmac_trunc_len; - computed_data_total_len += r->expected.length; + int t; + ad = vec_elt_at_index (cm->algs, r->alg); + for (t = 0; t < VNET_CRYPTO_OP_N_TYPES; t++) + { + vnet_crypto_op_id_t id = ad->op_by_type[t]; + + if (id == 0) + continue; + + vnet_crypto_op_init (op, id); + + switch (t) + { + case VNET_CRYPTO_OP_TYPE_ENCRYPT: + case VNET_CRYPTO_OP_TYPE_DECRYPT: + op->iv = r->iv.data; + op->iv_len = r->iv.length; + op->key = r->key.data; + op->key_len = r->key.length; + op->len = r->plaintext.length; + op->src = t == VNET_CRYPTO_OP_TYPE_ENCRYPT ? + r->plaintext.data : r->ciphertext.data; + op->dst = computed_data + computed_data_total_len; + computed_data_total_len += r->ciphertext.length; + break; + case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT: + case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT: + op->iv = r->iv.data; + op->iv_len = r->iv.length; + op->key = r->key.data; + op->key_len = r->key.length; + op->aad = r->aad.data; + op->aad_len = r->aad.length; + op->len = r->plaintext.length; + op->dst = computed_data + computed_data_total_len; + computed_data_total_len += r->ciphertext.length; + if (t == VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT) + { + op->src = r->plaintext.data; + op->tag = computed_data + computed_data_total_len; + computed_data_total_len += r->tag.length; + } + else + { + op->src = r->ciphertext.data; + op->tag = r->tag.data; + } + op->tag_len = r->tag.length; + break; + case VNET_CRYPTO_OP_TYPE_HMAC: + op->key = r->key.data; + op->key_len = r->key.length; + op->src = r->plaintext.data; + op->len = r->plaintext.length; + op->digest_len = r->digest.length; + op->digest = computed_data + computed_data_total_len; + computed_data_total_len += r->digest.length; + break; + default: + break; + }; + + op->user_data = i; + op++; + } /* next */ r = r->next; } @@ -79,31 +166,92 @@ test_crypto (vlib_main_t * vm, crypto_test_main_t * tm) vnet_crypto_process_ops (vm, ops, vec_len (ops)); /* *INDENT-OFF* */ - vec_foreach_index (i, rv) + vec_foreach (op, ops) { int fail = 0; - r = rv[i]; - op = ops + i; + r = rv[op->user_data]; + unittest_crypto_test_data_t *exp_pt = 0, *exp_ct = 0; + unittest_crypto_test_data_t *exp_digest = 0, *exp_tag = 0; - if (memcmp (op->dst, r->expected.data, r->expected.length) != 0) - fail = 1; + switch (vnet_crypto_get_op_type (op->op)) + { + case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT: + exp_tag = &r->tag; + case VNET_CRYPTO_OP_TYPE_ENCRYPT: + exp_ct = &r->ciphertext; + break; + case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT: + case VNET_CRYPTO_OP_TYPE_DECRYPT: + exp_pt = &r->plaintext; + break; + case VNET_CRYPTO_OP_TYPE_HMAC: + exp_digest = &r->digest; + break; + default: + break; + } + + vec_reset_length (err); + + if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED) + err = format (err, "%sengine error: %U", vec_len (err) ? ", " : "", + format_vnet_crypto_op_status, op->status); + + if (exp_ct && memcmp (op->dst, exp_ct->data, exp_ct->length) != 0) + err = format (err, "%sciphertext mismatch", + vec_len (err) ? ", " : ""); + + if (exp_pt && memcmp (op->dst, exp_pt->data, exp_pt->length) != 0) + err = format (err, "%splaintext mismatch", vec_len (err) ? ", " : ""); + + if (exp_tag && memcmp (op->tag, exp_tag->data, exp_tag->length) != 0) + err = format (err, "%stag mismatch", vec_len (err) ? ", " : ""); + + if (exp_digest && + memcmp (op->digest, exp_digest->data, exp_digest->length) != 0) + err = format (err, "%sdigest mismatch", vec_len (err) ? ", " : ""); vec_reset_length (s); - s = format (s, "%s (%U)", r->name, - format_vnet_crypto_op, r->op); + s = format (s, "%s (%U)", r->name, format_vnet_crypto_op, op->op); - vlib_cli_output (vm, "%-60v%s", s, fail ? "FAIL" : "OK"); - if (fail & tm->verbose) + if (vec_len (err)) + fail = 1; + + vlib_cli_output (vm, "%-60v%s%v", s, vec_len (err) ? "FAIL: " : "OK", + err); + if (tm->verbose) { - vlib_cli_output (vm, "Expected:\n%U\nCalculated:\n%U", - format_hexdump, r->expected.data, r->expected.length, - format_hexdump, op->dst, r->expected.length); + if (tm->verbose == 2) + fail = 1; + + if (exp_ct && fail) + vlib_cli_output (vm, "Expected ciphertext:\n%U" + "\nCalculated ciphertext:\n%U", + format_hexdump, exp_ct->data, exp_ct->length, + format_hexdump, op->dst, exp_ct->length); + if (exp_pt && fail) + vlib_cli_output (vm, "Expected plaintext:\n%U" + "\nCalculated plaintext:\n%U", + format_hexdump, exp_pt->data, exp_pt->length, + format_hexdump, op->dst, exp_pt->length); + if (r->tag.length && fail) + vlib_cli_output (vm, "Expected tag:\n%U" + "\nCalculated tag:\n%U", + format_hexdump, r->tag.data, r->tag.length, + format_hexdump, op->tag, op->tag_len); + if (exp_digest && fail) + vlib_cli_output (vm, "Expected digest:\n%U" + "\nCalculated Digest:\n%U", + format_hexdump, exp_digest->data, + exp_digest->length, format_hexdump, op->digest, + op->digest_len); } } /* *INDENT-ON* */ vec_free (computed_data); vec_free (ops); + vec_free (err); vec_free (rv); vec_free (s); return 0; @@ -117,8 +265,10 @@ test_crypto_command_fn (vlib_main_t * vm, while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { - if (unformat (input, "verbose %d", &tm->verbose)) - ; + if (unformat (input, "verbose")) + tm->verbose = 1; + else if (unformat (input, "detail")) + tm->verbose = 2; else return clib_error_return (0, "unknown input '%U'", format_unformat_error, input); |