This patch adds 256-bit AES GCM tests for QAT PMD (which already existed for AESNI and OpenSSL) and also adds a number of negative unit tests for AES GCM for QAT PMD, in order to verify authenticated encryption and decryption with modified data.
Signed-off-by: Adam Dybkowski <adamx.dybkow...@intel.com> --- app/test/test_cryptodev.c | 253 +++++++++++++++++++++++++++++++++++++- 1 file changed, 248 insertions(+), 5 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9a226bd15..a0629c402 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -6939,7 +6939,8 @@ create_aead_operation(enum rte_crypto_aead_operation op, } static int -test_authenticated_encryption(const struct aead_test_data *tdata) +test_authenticated_encryption_silent(const struct aead_test_data *tdata, + uint8_t silent_mode) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; @@ -7005,6 +7006,12 @@ test_authenticated_encryption(const struct aead_test_data *tdata) debug_hexdump(stdout, "auth tag:", auth_tag, tdata->auth_tag.len); /* Validate obuf */ + if (silent_mode) + return !memcmp(ciphertext, tdata->ciphertext.data, + tdata->ciphertext.len) && + !memcmp(auth_tag, tdata->auth_tag.data, + tdata->auth_tag.len) ? 0 : TEST_FAILED; + TEST_ASSERT_BUFFERS_ARE_EQUAL( ciphertext, tdata->ciphertext.data, @@ -7021,6 +7028,12 @@ test_authenticated_encryption(const struct aead_test_data *tdata) } +static int +test_authenticated_encryption(const struct aead_test_data *tdata) +{ + return test_authenticated_encryption_silent(tdata, 0); +} + static int test_AES_GCM_authenticated_encryption_test_case_1(void) { @@ -7063,6 +7076,12 @@ test_AES_GCM_authenticated_encryption_test_case_7(void) return test_authenticated_encryption(&gcm_test_case_7); } +static int +test_AES_GCM_authenticated_encryption_test_case_8(void) +{ + return test_authenticated_encryption(&gcm_test_case_8); +} + static int test_AES_GCM_auth_encryption_test_case_192_1(void) { @@ -7160,7 +7179,89 @@ test_AES_GCM_auth_encryption_test_case_aad_2(void) } static int -test_authenticated_decryption(const struct aead_test_data *tdata) +test_AES_GCM_auth_encryption_fail_iv_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.iv.data[0] += 1; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_in_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.plaintext.data[0] += 1; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_out_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.ciphertext.data[0] += 1; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_aad_len_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.aad.len += 1; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_aad_corrupt(void) +{ + struct aead_test_data tdata; + uint8_t aad[gcm_test_case_7.aad.len]; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len); + aad[0] += 1; + tdata.aad.data = aad; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_tag_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.auth_tag.data[0] += 1; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_authenticated_decryption_silent(const struct aead_test_data *tdata, + uint8_t silent_mode) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; @@ -7217,19 +7318,30 @@ test_authenticated_decryption(const struct aead_test_data *tdata) debug_hexdump(stdout, "plaintext:", plaintext, tdata->ciphertext.len); + TEST_ASSERT_EQUAL(ut_params->op->status, + RTE_CRYPTO_OP_STATUS_SUCCESS, + "Authentication failed"); + /* Validate obuf */ + if (silent_mode) + return !memcmp(plaintext, tdata->plaintext.data, + tdata->plaintext.len) ? 0 : TEST_FAILED; + TEST_ASSERT_BUFFERS_ARE_EQUAL( plaintext, tdata->plaintext.data, tdata->plaintext.len, "Plaintext data not as expected"); - TEST_ASSERT_EQUAL(ut_params->op->status, - RTE_CRYPTO_OP_STATUS_SUCCESS, - "Authentication failed"); return 0; } +static int +test_authenticated_decryption(const struct aead_test_data *tdata) +{ + return test_authenticated_decryption_silent(tdata, 0); +} + static int test_AES_GCM_authenticated_decryption_test_case_1(void) { @@ -7272,6 +7384,12 @@ test_AES_GCM_authenticated_decryption_test_case_7(void) return test_authenticated_decryption(&gcm_test_case_7); } +static int +test_AES_GCM_authenticated_decryption_test_case_8(void) +{ + return test_authenticated_decryption(&gcm_test_case_8); +} + static int test_AES_GCM_auth_decryption_test_case_192_1(void) { @@ -7368,6 +7486,87 @@ test_AES_GCM_auth_decryption_test_case_aad_2(void) return test_authenticated_decryption(&gcm_test_case_aad_2); } +static int +test_AES_GCM_auth_decryption_fail_iv_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.iv.data[0] += 1; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_in_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.plaintext.data[0] += 1; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_out_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.ciphertext.data[0] += 1; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_aad_len_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.aad.len += 1; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_aad_corrupt(void) +{ + struct aead_test_data tdata; + uint8_t aad[gcm_test_case_7.aad.len]; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len); + aad[0] += 1; + tdata.aad.data = aad; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_tag_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.auth_tag.data[0] += 1; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "authentication not failed"); + return TEST_SUCCESS; +} + static int test_authenticated_encryption_oop(const struct aead_test_data *tdata) { @@ -10315,6 +10514,8 @@ static struct unit_test_suite cryptodev_qat_testsuite = { test_AES_GCM_authenticated_encryption_test_case_6), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_encryption_test_case_7), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_authenticated_encryption_test_case_8), /** AES GCM Authenticated Decryption */ TEST_CASE_ST(ut_setup, ut_teardown, @@ -10331,6 +10532,8 @@ static struct unit_test_suite cryptodev_qat_testsuite = { test_AES_GCM_authenticated_decryption_test_case_6), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_decryption_test_case_7), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_authenticated_decryption_test_case_8), /** AES GCM Authenticated Encryption 192 bits key */ TEST_CASE_ST(ut_setup, ut_teardown, @@ -10380,6 +10583,22 @@ static struct unit_test_suite cryptodev_qat_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_auth_encryption_test_case_256_7), + /** AES GCM Authenticated Decryption 256 bits key */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_4), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_5), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_6), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_7), + /** AES GMAC Authentication */ TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GMAC_authentication_test_case_1), @@ -10602,6 +10821,30 @@ static struct unit_test_suite cryptodev_qat_testsuite = { authentication_verify_HMAC_SHA1_fail_data_corrupt), TEST_CASE_ST(ut_setup, ut_teardown, authentication_verify_HMAC_SHA1_fail_tag_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_iv_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_in_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_out_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_aad_len_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_aad_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_tag_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_iv_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_in_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_out_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_aad_len_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_aad_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_tag_corrupt), TEST_CASE_ST(ut_setup, ut_teardown, authentication_verify_AES128_GMAC_fail_data_corrupt), TEST_CASE_ST(ut_setup, ut_teardown, -- 2.17.1