This patch adds 256-bit AES GCM tests for QAT PMD
(which already existed for AESNI and OpenSSL) and also adds
a number of negative unit tests for AES GCM for QAT PMD, in order
to verify authenticated encryption and decryption with modified data.
Signed-off-by: Adam Dybkowski <adamx.dybkow...@intel.com>
---
app/test/test_cryptodev.c | 253 +++++++++++++++++++++++++++++++++++++-
1 file changed, 248 insertions(+), 5 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9a226bd15..a0629c402 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -6939,7 +6939,8 @@ create_aead_operation(enum rte_crypto_aead_operation op,
}
static int
-test_authenticated_encryption(const struct aead_test_data *tdata)
+test_authenticated_encryption_silent(const struct aead_test_data *tdata,
+ uint8_t silent_mode)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -7005,6 +7006,12 @@ test_authenticated_encryption(const struct
aead_test_data *tdata)
debug_hexdump(stdout, "auth tag:", auth_tag, tdata->auth_tag.len);
/* Validate obuf */
+ if (silent_mode)
+ return !memcmp(ciphertext, tdata->ciphertext.data,
+ tdata->ciphertext.len) &&
+ !memcmp(auth_tag, tdata->auth_tag.data,
+ tdata->auth_tag.len) ? 0 : TEST_FAILED;
+
TEST_ASSERT_BUFFERS_ARE_EQUAL(
ciphertext,
tdata->ciphertext.data,
@@ -7021,6 +7028,12 @@ test_authenticated_encryption(const struct
aead_test_data *tdata)
}
+static int
+test_authenticated_encryption(const struct aead_test_data *tdata)
+{
+ return test_authenticated_encryption_silent(tdata, 0);
+}
+
static int
test_AES_GCM_authenticated_encryption_test_case_1(void)
{
@@ -7063,6 +7076,12 @@ test_AES_GCM_authenticated_encryption_test_case_7(void)
return test_authenticated_encryption(&gcm_test_case_7);
}
+static int
+test_AES_GCM_authenticated_encryption_test_case_8(void)
+{
+ return test_authenticated_encryption(&gcm_test_case_8);
+}
+
static int
test_AES_GCM_auth_encryption_test_case_192_1(void)
{
@@ -7160,7 +7179,89 @@ test_AES_GCM_auth_encryption_test_case_aad_2(void)
}
static int
-test_authenticated_decryption(const struct aead_test_data *tdata)
+test_AES_GCM_auth_encryption_fail_iv_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.iv.data[0] += 1;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_in_data_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.plaintext.data[0] += 1;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_out_data_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.ciphertext.data[0] += 1;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_aad_len_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.aad.len += 1;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_aad_corrupt(void)
+{
+ struct aead_test_data tdata;
+ uint8_t aad[gcm_test_case_7.aad.len];
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len);
+ aad[0] += 1;
+ tdata.aad.data = aad;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_tag_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.auth_tag.data[0] += 1;
+ res = test_authenticated_encryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_authenticated_decryption_silent(const struct aead_test_data *tdata,
+ uint8_t silent_mode)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -7217,19 +7318,30 @@ test_authenticated_decryption(const struct
aead_test_data *tdata)
debug_hexdump(stdout, "plaintext:", plaintext, tdata->ciphertext.len);
+ TEST_ASSERT_EQUAL(ut_params->op->status,
+ RTE_CRYPTO_OP_STATUS_SUCCESS,
+ "Authentication failed");
+
/* Validate obuf */
+ if (silent_mode)
+ return !memcmp(plaintext, tdata->plaintext.data,
+ tdata->plaintext.len) ? 0 : TEST_FAILED;
+
TEST_ASSERT_BUFFERS_ARE_EQUAL(
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
"Plaintext data not as expected");
- TEST_ASSERT_EQUAL(ut_params->op->status,
- RTE_CRYPTO_OP_STATUS_SUCCESS,
- "Authentication failed");
return 0;
}
+static int
+test_authenticated_decryption(const struct aead_test_data *tdata)
+{
+ return test_authenticated_decryption_silent(tdata, 0);
+}
+
static int
test_AES_GCM_authenticated_decryption_test_case_1(void)
{
@@ -7272,6 +7384,12 @@ test_AES_GCM_authenticated_decryption_test_case_7(void)
return test_authenticated_decryption(&gcm_test_case_7);
}
+static int
+test_AES_GCM_authenticated_decryption_test_case_8(void)
+{
+ return test_authenticated_decryption(&gcm_test_case_8);
+}
+
static int
test_AES_GCM_auth_decryption_test_case_192_1(void)
{
@@ -7368,6 +7486,87 @@ test_AES_GCM_auth_decryption_test_case_aad_2(void)
return test_authenticated_decryption(&gcm_test_case_aad_2);
}
+static int
+test_AES_GCM_auth_decryption_fail_iv_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.iv.data[0] += 1;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_in_data_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.plaintext.data[0] += 1;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_out_data_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.ciphertext.data[0] += 1;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_aad_len_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.aad.len += 1;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_aad_corrupt(void)
+{
+ struct aead_test_data tdata;
+ uint8_t aad[gcm_test_case_7.aad.len];
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len);
+ aad[0] += 1;
+ tdata.aad.data = aad;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_tag_corrupt(void)
+{
+ struct aead_test_data tdata;
+ int res;
+
+ memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+ tdata.auth_tag.data[0] += 1;
+ res = test_authenticated_decryption_silent(&tdata, 1);
+ TEST_ASSERT_EQUAL(res, TEST_FAILED, "authentication not failed");
+ return TEST_SUCCESS;
+}
+
static int
test_authenticated_encryption_oop(const struct aead_test_data *tdata)
{
@@ -10315,6 +10514,8 @@ static struct unit_test_suite cryptodev_qat_testsuite
= {
test_AES_GCM_authenticated_encryption_test_case_6),
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_authenticated_encryption_test_case_7),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_authenticated_encryption_test_case_8),
/** AES GCM Authenticated Decryption */
TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10331,6 +10532,8 @@ static struct unit_test_suite cryptodev_qat_testsuite
= {
test_AES_GCM_authenticated_decryption_test_case_6),
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_authenticated_decryption_test_case_7),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_authenticated_decryption_test_case_8),
/** AES GCM Authenticated Encryption 192 bits key */
TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10380,6 +10583,22 @@ static struct unit_test_suite cryptodev_qat_testsuite
= {
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_auth_encryption_test_case_256_7),
+ /** AES GCM Authenticated Decryption 256 bits key */
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_3),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_4),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_5),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_6),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_test_case_256_7),
+
/** AES GMAC Authentication */
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GMAC_authentication_test_case_1),
@@ -10602,6 +10821,30 @@ static struct unit_test_suite cryptodev_qat_testsuite
= {
authentication_verify_HMAC_SHA1_fail_data_corrupt),
TEST_CASE_ST(ut_setup, ut_teardown,
authentication_verify_HMAC_SHA1_fail_tag_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_iv_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_in_data_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_out_data_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_aad_len_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_aad_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_encryption_fail_tag_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_iv_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_in_data_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_out_data_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_aad_len_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_aad_corrupt),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_GCM_auth_decryption_fail_tag_corrupt),
TEST_CASE_ST(ut_setup, ut_teardown,
authentication_verify_AES128_GMAC_fail_data_corrupt),
TEST_CASE_ST(ut_setup, ut_teardown,
--
2.17.1
