return (strncmp (r0[0]->name, r1[0]->name, 256));
}
-static clib_error_t *
-test_crypto (vlib_main_t * vm, crypto_test_main_t * tm)
+static void
+print_results (vlib_main_t * vm, unittest_crypto_test_registration_t ** rv,
+ vnet_crypto_op_t * ops, vnet_crypto_op_chunk_t * chunks,
+ u32 n_ops, crypto_test_main_t * tm)
{
+ int i;
+ unittest_crypto_test_registration_t *r;
+ vnet_crypto_op_chunk_t *chp;
+ u8 *s = 0, *err = 0;
+ vnet_crypto_op_t *op;
+
+ vec_foreach (op, ops)
+ {
+ int fail = 0;
+ r = rv[op->user_data];
+ unittest_crypto_test_data_t *exp_pt = 0, *exp_ct = 0, exp_pt_data;
+ unittest_crypto_test_data_t *exp_digest = 0, *exp_tag = 0;
+ unittest_crypto_test_data_t *exp_pt_chunks = 0, *exp_ct_chunks = 0;
+
+ switch (vnet_crypto_get_op_type (op->op))
+ {
+ case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
+ exp_tag = &r->tag;
+ /* fall through */
+ case VNET_CRYPTO_OP_TYPE_ENCRYPT:
+ exp_ct = &r->ciphertext;
+ exp_ct_chunks = r->ct_chunks;
+ break;
+ case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
+ case VNET_CRYPTO_OP_TYPE_DECRYPT:
+ if (r->plaintext_incremental)
+ {
+ exp_pt_data.length = r->plaintext_incremental;
+ exp_pt_data.data = tm->inc_data;
+ exp_pt = &exp_pt_data;
+ }
+ else
+ {
+ exp_pt = &r->plaintext;
+ exp_pt_chunks = r->pt_chunks;
+ }
+ break;
+ case VNET_CRYPTO_OP_TYPE_HMAC:
+ exp_digest = &r->digest;
+ break;
+ default:
+ ASSERT (0);
+ }
+
+ vec_reset_length (err);
+
+ if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED)
+ err = format (err, "%sengine error: %U", vec_len (err) ? ", " : "",
+ format_vnet_crypto_op_status, op->status);
+
+ if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
+ {
+ if (exp_ct_chunks)
+ {
+ chp = vec_elt_at_index (chunks, op->chunk_index);
+ for (i = 0; i < op->n_chunks; i++)
+ {
+ if (memcmp (chp->dst, exp_ct_chunks[i].data, chp->len))
+ err = format (err, "%sciphertext mismatch [chunk %d]",
+ vec_len (err) ? ", " : "", i);
+ chp += 1;
+ }
+ }
+
+ if (exp_pt_chunks)
+ {
+ chp = vec_elt_at_index (chunks, op->chunk_index);
+ for (i = 0; i < op->n_chunks; i++)
+ {
+ if (memcmp (chp->dst, exp_pt_chunks[i].data, chp->len))
+ err = format (err, "%splaintext mismatch [chunk %d]",
+ vec_len (err) ? ", " : "", i);
+ chp += 1;
+ }
+ }
+ }
+ else
+ {
+ if (exp_ct && memcmp (op->dst, exp_ct->data, exp_ct->length) != 0)
+ err = format (err, "%sciphertext mismatch",
+ vec_len (err) ? ", " : "");
+
+ if (exp_pt && memcmp (op->dst, exp_pt->data, exp_pt->length) != 0)
+ err = format (err, "%splaintext mismatch",
+ vec_len (err) ? ", " : "");
+ }
+
+ if (exp_tag && memcmp (op->tag, exp_tag->data, exp_tag->length) != 0)
+ err = format (err, "%stag mismatch", vec_len (err) ? ", " : "");
+
+ if (exp_digest &&
+ memcmp (op->digest, exp_digest->data, exp_digest->length) != 0)
+ err = format (err, "%sdigest mismatch", vec_len (err) ? ", " : "");
+
+ vec_reset_length (s);
+ s = format (s, "%s (%U)", r->name, format_vnet_crypto_op, op->op,
+ r->is_chained);
+
+ if (vec_len (err))
+ fail = 1;
+
+ vlib_cli_output (vm, "%-60v%s%v", s, vec_len (err) ? "FAIL: " : "OK",
+ err);
+ if (tm->verbose)
+ {
+ if (tm->verbose == 2)
+ fail = 1;
+
+ if (exp_ct && fail)
+ vlib_cli_output (vm, "Expected ciphertext:\n%U"
+ "\nCalculated ciphertext:\n%U",
+ format_hexdump, exp_ct->data, exp_ct->length,
+ format_hexdump, op->dst, exp_ct->length);
+ if (exp_pt && fail)
+ vlib_cli_output (vm, "Expected plaintext:\n%U"
+ "\nCalculated plaintext:\n%U",
+ format_hexdump, exp_pt->data, exp_pt->length,
+ format_hexdump, op->dst, exp_pt->length);
+ if (r->tag.length && fail)
+ vlib_cli_output (vm, "Expected tag:\n%U"
+ "\nCalculated tag:\n%U",
+ format_hexdump, r->tag.data, r->tag.length,
+ format_hexdump, op->tag, op->tag_len);
+ if (exp_digest && fail)
+ vlib_cli_output (vm, "Expected digest:\n%U"
+ "\nCalculated Digest:\n%U",
+ format_hexdump, exp_digest->data,
+ exp_digest->length, format_hexdump, op->digest,
+ op->digest_len);
+ }
+ }
+ vec_free (err);
+ vec_free (s);
+}
+
+static void
+validate_data (u8 ** data, u32 len)
+{
+ u32 i, diff, old_len;
+ if (vec_len (data[0]) >= len)
+ return;
+
+ old_len = vec_len (data[0]);
+ diff = len - vec_len (data[0]);
+ vec_validate (data[0], old_len + diff - 1);
+ for (i = old_len; i < len; i++)
+ data[0][i] = (u8) i;
+}
+
+static void
+generate_digest (vlib_main_t * vm,
+ unittest_crypto_test_registration_t * r,
+ vnet_crypto_op_id_t id)
+{
+ crypto_test_main_t *cm = &crypto_test_main;
+ vnet_crypto_op_t op[1];
+ vnet_crypto_op_init (op, id);
+ vec_validate (r->digest.data, r->digest.length - 1);
+ op->src = cm->inc_data;
+ op->len = r->plaintext_incremental;
+ op->digest = r->digest.data;
+ op->digest_len = r->digest.length;
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ cm->inc_data, r->key.length);
+
+ /* at this point openssl is set for each algo */
+ vnet_crypto_process_ops (vm, op, 1);
+}
+
+static int
+restore_engines (u32 * engs)
+{
+ return 0;
vnet_crypto_main_t *cm = &crypto_main;
- unittest_crypto_test_registration_t *r = tm->test_registrations;
- unittest_crypto_test_registration_t **rv = 0;
- vnet_crypto_alg_data_t *ad;
- vnet_crypto_op_t *ops = 0, *op;
- u8 *computed_data = 0, *s = 0, *err = 0;
- u32 computed_data_total_len = 0, n_ops = 0;
u32 i;
+ vnet_crypto_engine_t *ce;
- /* construct registration vector */
- while (r)
+ for (i = 1; i < VNET_CRYPTO_N_OP_IDS; i++)
{
- vec_add1 (rv, r);
- ad = vec_elt_at_index (cm->algs, r->alg);
+ vnet_crypto_op_data_t *od = &cm->opt_data[i];
- for (i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++)
+ if (engs[i] != ~0)
{
- vnet_crypto_op_id_t id = ad->op_by_type[i];
+ ce = vec_elt_at_index (cm->engines, engs[i]);
+ od->active_engine_index_simple = engs[i];
+ cm->ops_handlers[i] = ce->ops_handlers[i];
+ }
+ }
- if (id == 0)
- continue;
+ return 0;
+}
- switch (i)
- {
- case VNET_CRYPTO_OP_TYPE_ENCRYPT:
- case VNET_CRYPTO_OP_TYPE_DECRYPT:
- case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
- computed_data_total_len += r->ciphertext.length;
- n_ops += 1;
- break;
- case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
- computed_data_total_len += r->ciphertext.length;
- computed_data_total_len += r->tag.length;
- n_ops += 1;
- break;
- case VNET_CRYPTO_OP_TYPE_HMAC:
- computed_data_total_len += r->digest.length;
- n_ops += 1;
- break;
- default:
- break;
- };
- }
+static int
+save_current_engines (u32 * engs)
+{
+ return 0;
+ vnet_crypto_main_t *cm = &crypto_main;
+ uword *p;
+ u32 i;
+ vnet_crypto_engine_t *ce;
- /* next */
- r = r->next;
+ p = hash_get_mem (cm->engine_index_by_name, "openssl");
+ if (!p)
+ return -1;
+
+ ce = vec_elt_at_index (cm->engines, p[0]);
+
+ /* set openssl for all crypto algs to generate expected data */
+ for (i = 1; i < VNET_CRYPTO_N_OP_IDS; i++)
+ {
+ vnet_crypto_op_data_t *od = &cm->opt_data[i];
+ if (od->active_engine_index_simple != ~0)
+ {
+ /* save engine index */
+ engs[i] = od->active_engine_index_simple;
+ od->active_engine_index_simple = ce - cm->engines;
+ cm->ops_handlers[i] = ce->ops_handlers[i];
+ }
}
- /* no tests registered */
+ return 0;
+}
+
+static clib_error_t *
+test_crypto_incremental (vlib_main_t * vm, crypto_test_main_t * tm,
+ unittest_crypto_test_registration_t ** rv, u32 n_ops,
+ u32 computed_data_total_len)
+{
+ vnet_crypto_main_t *cm = &crypto_main;
+ vnet_crypto_alg_data_t *ad;
+ vnet_crypto_key_index_t *key_indices = 0;
+ u32 i;
+ unittest_crypto_test_registration_t *r;
+ vnet_crypto_op_t *ops = 0, *op;
+ u8 *encrypted_data = 0, *decrypted_data = 0, *s = 0, *err = 0;
+
if (n_ops == 0)
return 0;
+ vec_validate_aligned (encrypted_data, computed_data_total_len - 1,
+ CLIB_CACHE_LINE_BYTES);
+ vec_validate_aligned (decrypted_data, computed_data_total_len - 1,
+ CLIB_CACHE_LINE_BYTES);
+ vec_validate_aligned (ops, n_ops - 1, CLIB_CACHE_LINE_BYTES);
+ computed_data_total_len = 0;
+
+ op = ops;
+ /* first stage: encrypt only */
+
+ vec_foreach_index (i, rv)
+ {
+ r = rv[i];
+ int t;
+ ad = vec_elt_at_index (cm->algs, r->alg);
+ for (t = 0; t < VNET_CRYPTO_OP_N_TYPES; t++)
+ {
+ vnet_crypto_op_id_t id = ad->op_by_type[t];
+
+ if (id == 0)
+ continue;
+
+ switch (t)
+ {
+ case VNET_CRYPTO_OP_TYPE_ENCRYPT:
+ vnet_crypto_op_init (op, id);
+ op->iv = tm->inc_data;
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ tm->inc_data, r->key.length);
+ vec_add1 (key_indices, op->key_index);
+ op->len = r->plaintext_incremental;
+ op->src = tm->inc_data;
+ op->dst = encrypted_data + computed_data_total_len;
+ computed_data_total_len += r->plaintext_incremental;
+ op->user_data = i;
+ op++;
+ break;
+ case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
+ vnet_crypto_op_init (op, id);
+ op->iv = tm->inc_data;
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ tm->inc_data, r->key.length);
+ vec_add1 (key_indices, op->key_index);
+ op->aad = tm->inc_data;
+ op->aad_len = r->aad.length;
+ op->len = r->plaintext_incremental;
+ op->dst = encrypted_data + computed_data_total_len;
+ computed_data_total_len += r->plaintext_incremental;
+ op->src = tm->inc_data;
+ op->tag = encrypted_data + computed_data_total_len;
+ computed_data_total_len += r->tag.length;
+ op->tag_len = r->tag.length;
+ op->user_data = i;
+ op++;
+ break;
+ case VNET_CRYPTO_OP_TYPE_HMAC:
+ /* compute hmac in the next stage */
+ op->op = VNET_CRYPTO_OP_NONE;
+ computed_data_total_len += r->digest.length;
+ op->user_data = i;
+ op++;
+ break;
+ default:
+ break;
+ };
+ }
+ }
+
+ vnet_crypto_process_ops (vm, ops, n_ops);
+ computed_data_total_len = 0;
+
+ /* second stage: hash/decrypt previously encrypted data */
+ op = ops;
+
+ vec_foreach_index (i, rv)
+ {
+ r = rv[i];
+ int t;
+ ad = vec_elt_at_index (cm->algs, r->alg);
+ for (t = 0; t < VNET_CRYPTO_OP_N_TYPES; t++)
+ {
+ vnet_crypto_op_id_t id = ad->op_by_type[t];
+
+ if (id == 0)
+ continue;
+
+ switch (t)
+ {
+ case VNET_CRYPTO_OP_TYPE_DECRYPT:
+ vnet_crypto_op_init (op, id);
+ op->iv = tm->inc_data;
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ tm->inc_data, r->key.length);
+ vec_add1 (key_indices, op->key_index);
+ op->len = r->plaintext_incremental;
+ op->src = encrypted_data + computed_data_total_len;
+ op->dst = decrypted_data + computed_data_total_len;
+ computed_data_total_len += r->plaintext_incremental;
+ op->user_data = i;
+ op++;
+ break;
+ case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
+ vnet_crypto_op_init (op, id);
+ op->iv = tm->inc_data;
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ tm->inc_data, r->key.length);
+ vec_add1 (key_indices, op->key_index);
+ op->aad = tm->inc_data;
+ op->aad_len = r->aad.length;
+ op->len = r->plaintext_incremental;
+ op->dst = decrypted_data + computed_data_total_len;
+ op->src = encrypted_data + computed_data_total_len;
+ computed_data_total_len += r->plaintext_incremental;
+
+ op->tag = encrypted_data + computed_data_total_len;
+ computed_data_total_len += r->tag.length;
+ op->tag_len = r->tag.length;
+ op->user_data = i;
+ op++;
+ break;
+ case VNET_CRYPTO_OP_TYPE_HMAC:
+ vnet_crypto_op_init (op, id);
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ tm->inc_data, r->key.length);
+ vec_add1 (key_indices, op->key_index);
+ op->src = tm->inc_data;
+ op->len = r->plaintext_incremental;
+ op->digest_len = r->digest.length;
+ op->digest = encrypted_data + computed_data_total_len;
+ computed_data_total_len += r->digest.length;
+ op->user_data = i;
+ op++;
+ break;
+ default:
+ break;
+ };
+
+ }
+ }
+
+ vnet_crypto_process_ops (vm, ops, n_ops);
+ print_results (vm, rv, ops, 0, n_ops, tm);
+
+ vec_foreach_index (i, key_indices) vnet_crypto_key_del (vm, key_indices[i]);
+ vec_free (tm->inc_data);
+ vec_free (ops);
+ vec_free (encrypted_data);
+ vec_free (decrypted_data);
+ vec_free (err);
+ vec_free (s);
+ return 0;
+}
+
+static clib_error_t *
+test_crypto_static (vlib_main_t * vm, crypto_test_main_t * tm,
+ unittest_crypto_test_registration_t ** rv, u32 n_ops,
+ u32 n_chained_ops, u32 computed_data_total_len)
+{
+ unittest_crypto_test_data_t *pt, *ct;
+ vnet_crypto_op_chunk_t *chunks = 0, ch;
+ unittest_crypto_test_registration_t *r;
+ vnet_crypto_op_t *ops = 0, *op, *chained_ops = 0;
+ vnet_crypto_op_t *current_chained_op = 0, *current_op = 0;
+ vnet_crypto_main_t *cm = &crypto_main;
+ vnet_crypto_alg_data_t *ad;
+ vnet_crypto_key_index_t *key_indices = 0;
+ u8 *computed_data = 0;
+ u32 i;
+
vec_sort_with_function (rv, sort_registrations);
vec_validate_aligned (computed_data, computed_data_total_len - 1,
CLIB_CACHE_LINE_BYTES);
vec_validate_aligned (ops, n_ops - 1, CLIB_CACHE_LINE_BYTES);
+ vec_validate_aligned (chained_ops, n_chained_ops - 1,
+ CLIB_CACHE_LINE_BYTES);
computed_data_total_len = 0;
- op = ops;
+ current_op = ops;
+ current_chained_op = chained_ops;
/* *INDENT-OFF* */
vec_foreach_index (i, rv)
{
if (id == 0)
continue;
- vnet_crypto_op_init (op, id);
+ if (r->is_chained)
+ {
+ op = current_chained_op;
+ current_chained_op += 1;
+ }
+ else
+ {
+ op = current_op;
+ current_op += 1;
+ }
+
+ vnet_crypto_op_init (op, id);
switch (t)
{
case VNET_CRYPTO_OP_TYPE_ENCRYPT:
case VNET_CRYPTO_OP_TYPE_DECRYPT:
op->iv = r->iv.data;
- op->iv_len = r->iv.length;
- op->key = r->key.data;
- op->key_len = r->key.length;
- op->len = r->plaintext.length;
- op->src = t == VNET_CRYPTO_OP_TYPE_ENCRYPT ?
- r->plaintext.data : r->ciphertext.data;
- op->dst = computed_data + computed_data_total_len;
- computed_data_total_len += r->ciphertext.length;
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ r->key.data,
+ r->key.length);
+ vec_add1 (key_indices, op->key_index);
+
+ if (r->is_chained)
+ {
+ pt = r->pt_chunks;
+ ct = r->ct_chunks;
+ op->flags |= VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS;
+ op->chunk_index = vec_len (chunks);
+ while (pt->data)
+ {
+ ch.src = t == VNET_CRYPTO_OP_TYPE_ENCRYPT ?
+ pt->data : ct->data;
+ ch.len = pt->length;
+ ch.dst = computed_data + computed_data_total_len;
+ computed_data_total_len += pt->length;
+ vec_add1 (chunks, ch);
+ op->n_chunks++;
+ pt++;
+ ct++;
+ }
+ }
+ else
+ {
+ op->len = r->plaintext.length;
+ op->src = t == VNET_CRYPTO_OP_TYPE_ENCRYPT ?
+ r->plaintext.data : r->ciphertext.data;
+ op->dst = computed_data + computed_data_total_len;
+ computed_data_total_len += r->ciphertext.length;
+ }
break;
case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
+ if (r->is_chained)
+ {
+ op->iv = r->iv.data;
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ r->key.data,
+ r->key.length);
+ vec_add1 (key_indices, op->key_index);
+ op->aad = r->aad.data;
+ op->aad_len = r->aad.length;
+ if (t == VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT)
+ {
+ pt = r->pt_chunks;
+ op->flags |= VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS;
+ op->chunk_index = vec_len (chunks);
+ while (pt->data)
+ {
+ ch.src = pt->data;
+ ch.len = pt->length;
+ ch.dst = computed_data + computed_data_total_len;
+ computed_data_total_len += pt->length;
+ vec_add1 (chunks, ch);
+ op->n_chunks++;
+ pt++;
+ }
+ op->tag = computed_data + computed_data_total_len;
+ computed_data_total_len += r->tag.length;
+ }
+ else
+ {
+ ct = r->ct_chunks;
+ op->flags |= VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS;
+ op->chunk_index = vec_len (chunks);
+ while (ct->data)
+ {
+ ch.src = ct->data;
+ ch.len = ct->length;
+ ch.dst = computed_data + computed_data_total_len;
+ computed_data_total_len += ct->length;
+ vec_add1 (chunks, ch);
+ op->n_chunks++;
+ ct++;
+ }
+ op->tag = r->tag.data;
+ }
+ op->tag_len = r->tag.length;
+ }
+ else
+ {
op->iv = r->iv.data;
- op->iv_len = r->iv.length;
- op->key = r->key.data;
- op->key_len = r->key.length;
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ r->key.data,
+ r->key.length);
+ vec_add1 (key_indices, op->key_index);
op->aad = r->aad.data;
op->aad_len = r->aad.length;
op->len = r->plaintext.length;
op->dst = computed_data + computed_data_total_len;
computed_data_total_len += r->ciphertext.length;
+
if (t == VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT)
{
- op->src = r->plaintext.data;
+ op->src = r->plaintext.data;
op->tag = computed_data + computed_data_total_len;
computed_data_total_len += r->tag.length;
}
else
{
- op->src = r->ciphertext.data;
- op->tag = r->tag.data;
+ op->tag = r->tag.data;
+ op->src = r->ciphertext.data;
}
op->tag_len = r->tag.length;
+ }
break;
case VNET_CRYPTO_OP_TYPE_HMAC:
- op->key = r->key.data;
- op->key_len = r->key.length;
- op->src = r->plaintext.data;
- op->len = r->plaintext.length;
- op->digest_len = r->digest.length;
- op->digest = computed_data + computed_data_total_len;
- computed_data_total_len += r->digest.length;
+ if (r->is_chained)
+ {
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ r->key.data,
+ r->key.length);
+ vec_add1 (key_indices, op->key_index);
+ op->digest_len = r->digest.length;
+ op->digest = computed_data + computed_data_total_len;
+ computed_data_total_len += r->digest.length;
+ pt = r->pt_chunks;
+ op->flags |= VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS;
+ op->chunk_index = vec_len (chunks);
+ while (pt->data)
+ {
+ ch.src = pt->data;
+ ch.len = pt->length;
+ vec_add1 (chunks, ch);
+ op->n_chunks++;
+ pt++;
+ }
+ }
+ else
+ {
+ op->key_index = vnet_crypto_key_add (vm, r->alg,
+ r->key.data,
+ r->key.length);
+ vec_add1 (key_indices, op->key_index);
+ op->digest_len = r->digest.length;
+ op->digest = computed_data + computed_data_total_len;
+ computed_data_total_len += r->digest.length;
+ op->src = r->plaintext.data;
+ op->len = r->plaintext.length;
+ }
break;
default:
break;
};
op->user_data = i;
- op++;
}
}
/* *INDENT-ON* */
vnet_crypto_process_ops (vm, ops, vec_len (ops));
+ vnet_crypto_process_chained_ops (vm, chained_ops, chunks,
+ vec_len (chained_ops));
- /* *INDENT-OFF* */
- vec_foreach (op, ops)
- {
- int fail = 0;
- r = rv[op->user_data];
- unittest_crypto_test_data_t *exp_pt = 0, *exp_ct = 0;
- unittest_crypto_test_data_t *exp_digest = 0, *exp_tag = 0;
+ print_results (vm, rv, ops, chunks, vec_len (ops), tm);
+ print_results (vm, rv, chained_ops, chunks, vec_len (chained_ops), tm);
- switch (vnet_crypto_get_op_type (op->op))
- {
- case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
- exp_tag = &r->tag;
- /* fall through */
- case VNET_CRYPTO_OP_TYPE_ENCRYPT:
- exp_ct = &r->ciphertext;
- break;
- case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
- case VNET_CRYPTO_OP_TYPE_DECRYPT:
- exp_pt = &r->plaintext;
- break;
- case VNET_CRYPTO_OP_TYPE_HMAC:
- exp_digest = &r->digest;
- break;
- default:
- break;
- }
-
- vec_reset_length (err);
+ vec_foreach_index (i, key_indices) vnet_crypto_key_del (vm, key_indices[i]);
- if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED)
- err = format (err, "%sengine error: %U", vec_len (err) ? ", " : "",
- format_vnet_crypto_op_status, op->status);
+ vec_free (computed_data);
+ vec_free (ops);
+ vec_free (chained_ops);
+ vec_free (chunks);
+ return 0;
+}
- if (exp_ct && memcmp (op->dst, exp_ct->data, exp_ct->length) != 0)
- err = format (err, "%sciphertext mismatch",
- vec_len (err) ? ", " : "");
+static u32
+test_crypto_get_key_sz (vnet_crypto_alg_t alg)
+{
+ switch (alg)
+ {
+#define _(n, s, l) \
+ case VNET_CRYPTO_ALG_##n: \
+ return l;
+ /* *INDENT-OFF* */
+ foreach_crypto_cipher_alg
+ foreach_crypto_aead_alg
+ /* *INDENT-ON* */
+#undef _
+ case VNET_CRYPTO_ALG_HMAC_MD5:
+ case VNET_CRYPTO_ALG_HMAC_SHA1:
+ return 20;
+ case VNET_CRYPTO_ALG_HMAC_SHA224:
+ return 28;
+ case VNET_CRYPTO_ALG_HMAC_SHA256:
+ return 32;
+ case VNET_CRYPTO_ALG_HMAC_SHA384:
+ return 48;
+ case VNET_CRYPTO_ALG_HMAC_SHA512:
+ return 64;
+ default:
+ return 0;
+ }
+ return 0;
+}
- if (exp_pt && memcmp (op->dst, exp_pt->data, exp_pt->length) != 0)
- err = format (err, "%splaintext mismatch", vec_len (err) ? ", " : "");
+static clib_error_t *
+test_crypto (vlib_main_t * vm, crypto_test_main_t * tm)
+{
+ clib_error_t *err = 0;
+ vnet_crypto_main_t *cm = &crypto_main;
+ unittest_crypto_test_registration_t *r = tm->test_registrations;
+ unittest_crypto_test_registration_t **static_tests = 0, **inc_tests = 0;
+ u32 i, j, n_ops_static = 0, n_ops_incr = 0, n_chained_ops = 0;
+ vnet_crypto_alg_data_t *ad;
+ u32 computed_data_total_len = 0;
+ u32 computed_data_total_incr_len = 0;
+ u32 saved_engs[VNET_CRYPTO_N_OP_IDS] = { ~0, };
+ unittest_crypto_test_data_t *ct;
- if (exp_tag && memcmp (op->tag, exp_tag->data, exp_tag->length) != 0)
- err = format (err, "%stag mismatch", vec_len (err) ? ", " : "");
+ /* pre-allocate plaintext data with reasonable length */
+ validate_data (&tm->inc_data, 2048);
- if (exp_digest &&
- memcmp (op->digest, exp_digest->data, exp_digest->length) != 0)
- err = format (err, "%sdigest mismatch", vec_len (err) ? ", " : "");
+ int rc = save_current_engines (saved_engs);
+ if (rc)
+ return clib_error_return (0, "failed to set default crypto engine!");
- vec_reset_length (s);
- s = format (s, "%s (%U)", r->name, format_vnet_crypto_op, op->op);
+ /* construct registration vector */
+ while (r)
+ {
+ if (r->plaintext_incremental)
+ vec_add1 (inc_tests, r);
+ else
+ vec_add1 (static_tests, r);
- if (vec_len (err))
- fail = 1;
+ ad = vec_elt_at_index (cm->algs, r->alg);
- vlib_cli_output (vm, "%-60v%s%v", s, vec_len (err) ? "FAIL: " : "OK",
- err);
- if (tm->verbose)
+ for (i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++)
{
- if (tm->verbose == 2)
- fail = 1;
-
- if (exp_ct && fail)
- vlib_cli_output (vm, "Expected ciphertext:\n%U"
- "\nCalculated ciphertext:\n%U",
- format_hexdump, exp_ct->data, exp_ct->length,
- format_hexdump, op->dst, exp_ct->length);
- if (exp_pt && fail)
- vlib_cli_output (vm, "Expected plaintext:\n%U"
- "\nCalculated plaintext:\n%U",
- format_hexdump, exp_pt->data, exp_pt->length,
- format_hexdump, op->dst, exp_pt->length);
- if (r->tag.length && fail)
- vlib_cli_output (vm, "Expected tag:\n%U"
- "\nCalculated tag:\n%U",
- format_hexdump, r->tag.data, r->tag.length,
- format_hexdump, op->tag, op->tag_len);
- if (exp_digest && fail)
- vlib_cli_output (vm, "Expected digest:\n%U"
- "\nCalculated Digest:\n%U",
- format_hexdump, exp_digest->data,
- exp_digest->length, format_hexdump, op->digest,
- op->digest_len);
+ vnet_crypto_op_id_t id = ad->op_by_type[i];
+
+ if (id == 0)
+ continue;
+
+ switch (i)
+ {
+ case VNET_CRYPTO_OP_TYPE_ENCRYPT:
+ if (r->plaintext_incremental)
+ {
+ computed_data_total_incr_len += r->plaintext_incremental;
+ n_ops_incr += 1;
+ }
+ /* fall though */
+ case VNET_CRYPTO_OP_TYPE_DECRYPT:
+ case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
+ if (r->is_chained)
+ {
+ ct = r->ct_chunks;
+ j = 0;
+ while (ct->data)
+ {
+ if (j > CRYPTO_TEST_MAX_OP_CHUNKS)
+ return clib_error_return (0,
+ "test case '%s' exceeds extra data!",
+ r->name);
+ computed_data_total_len += ct->length;
+ ct++;
+ j++;
+ }
+ n_chained_ops += 1;
+ }
+ else if (!r->plaintext_incremental)
+ {
+ computed_data_total_len += r->ciphertext.length;
+ n_ops_static += 1;
+ }
+ break;
+ case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
+ if (r->plaintext_incremental)
+ {
+ computed_data_total_incr_len += r->plaintext_incremental;
+ computed_data_total_incr_len += r->tag.length;
+ n_ops_incr += 1;
+ }
+ else
+ {
+ computed_data_total_len += r->ciphertext.length;
+ computed_data_total_len += r->tag.length;
+ if (r->is_chained)
+ {
+ ct = r->ct_chunks;
+ j = 0;
+ while (ct->data)
+ {
+ if (j > CRYPTO_TEST_MAX_OP_CHUNKS)
+ return clib_error_return (0,
+ "test case '%s' exceeds extra data!",
+ r->name);
+ computed_data_total_len += ct->length;
+ ct++;
+ j++;
+ }
+ n_chained_ops += 1;
+ }
+ else
+ n_ops_static += 1;
+ }
+ break;
+ case VNET_CRYPTO_OP_TYPE_HMAC:
+ if (r->plaintext_incremental)
+ {
+ computed_data_total_incr_len += r->digest.length;
+ n_ops_incr += 1;
+ generate_digest (vm, r, id);
+ }
+ else
+ {
+ computed_data_total_len += r->digest.length;
+ if (r->is_chained)
+ n_chained_ops += 1;
+ else
+ n_ops_static += 1;
+ }
+ break;
+ default:
+ break;
+ };
}
+
+ /* next: */
+ r = r->next;
}
- /* *INDENT-ON* */
+ restore_engines (saved_engs);
- vec_free (computed_data);
- vec_free (ops);
- vec_free (err);
- vec_free (rv);
- vec_free (s);
- return 0;
+ err = test_crypto_static (vm, tm, static_tests, n_ops_static, n_chained_ops,
+ computed_data_total_len);
+ if (err)
+ goto done;
+
+ err = test_crypto_incremental (vm, tm, inc_tests, n_ops_incr,
+ computed_data_total_incr_len);
+
+ r = tm->test_registrations;
+ while (r)
+ {
+ if (r->plaintext_incremental)
+ vec_free (r->digest.data);
+ r = r->next;
+ }
+
+done:
+ vec_free (inc_tests);
+ vec_free (static_tests);
+ return err;
}
static clib_error_t *
u32 *buffer_indices = 0;
vnet_crypto_op_t *ops1 = 0, *ops2 = 0, *op1, *op2;
vnet_crypto_alg_data_t *ad = vec_elt_at_index (cm->algs, tm->alg);
+ vnet_crypto_key_index_t key_index = ~0;
+ u8 key[32];
int buffer_size = vlib_buffer_get_default_data_size (vm);
u64 seed = clib_cpu_time_now ();
u64 t0[5], t1[5], t2[5], n_bytes = 0;
int i, j;
- u8 *key;
if (tm->buffer_size > buffer_size)
return clib_error_return (0, "buffer size must be <= %u", buffer_size);
}
vlib_cli_output (vm, "%U: n_buffers %u buffer-size %u rounds %u "
- "warmup-rounds %u one-key %s",
+ "warmup-rounds %u",
format_vnet_crypto_alg, tm->alg, n_buffers, buffer_size,
- rounds, warmup_rounds, tm->one_key ? "yes" : "no");
+ rounds, warmup_rounds);
vlib_cli_output (vm, " cpu-freq %.2f GHz",
(f64) vm->clib_time.clocks_per_second * 1e-9);
vnet_crypto_op_type_t ot = 0;
+ for (i = 0; i < sizeof (key); i++)
+ key[i] = i;
+
+ key_index = vnet_crypto_key_add (vm, tm->alg, key,
+ test_crypto_get_key_sz (tm->alg));
+
for (i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++)
{
vnet_crypto_op_id_t id = ad->op_by_type[i];
vlib_buffer_t *b = vlib_get_buffer (vm, buffer_indices[i]);
op1 = ops1 + i;
op2 = ops2 + i;
- if (i == 0)
- key = b->data - 32;
switch (ot)
{
ad->op_by_type[VNET_CRYPTO_OP_TYPE_DECRYPT]);
op1->flags = VNET_CRYPTO_OP_FLAG_INIT_IV;
op1->src = op2->src = op1->dst = op2->dst = b->data;
- op1->key = op2->key = tm->one_key ? key : b->data - 32;
+ op1->key_index = op2->key_index = key_index;
op1->iv = op2->iv = b->data - 64;
n_bytes += op1->len = op2->len = buffer_size;
break;
vnet_crypto_op_init (op2,
ad->op_by_type
[VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT]);
- op1->flags = VNET_CRYPTO_OP_FLAG_INIT_IV;
op1->src = op2->src = op1->dst = op2->dst = b->data;
- op1->key = op2->key = tm->one_key ? key : b->data - 32;
+ op1->key_index = op2->key_index = key_index;
+ op1->tag = op2->tag = b->data - 32;
op1->iv = op2->iv = b->data - 64;
op1->aad = op2->aad = b->data - VLIB_BUFFER_PRE_DATA_SIZE;
- op1->aad_len = op2->aad_len = 0;
+ op1->aad_len = op2->aad_len = 64;
+ op1->tag_len = op2->tag_len = 16;
n_bytes += op1->len = op2->len = buffer_size;
break;
case VNET_CRYPTO_OP_TYPE_HMAC:
vnet_crypto_op_init (op1, ad->op_by_type[VNET_CRYPTO_OP_TYPE_HMAC]);
op1->src = b->data;
- op1->key = tm->one_key ? key : b->data - 32;
+ op1->key_index = key_index;
op1->iv = 0;
op1->digest = b->data - VLIB_BUFFER_PRE_DATA_SIZE;
op1->digest_len = 0;
done:
if (n_alloc)
vlib_buffer_free (vm, buffer_indices, n_alloc);
+
+ if (key_index != ~0)
+ vnet_crypto_key_del (vm, key_index);
+
vec_free (buffer_indices);
vec_free (ops1);
vec_free (ops2);
;
else if (unformat (input, "buffer-size %u", &tm->buffer_size))
;
- else if (unformat (input, "one-key"))
- tm->one_key = 1;
else
return clib_error_return (0, "unknown input '%U'",
format_unformat_error, input);