From e7aef441a69fd6ed1a79f6ac4094a10122cf22f7 Mon Sep 17 00:00:00 2001 From: Gowrishankar Muthukrishnan Date: Mon, 9 Oct 2023 19:24:54 +0530 Subject: [PATCH] test/crypto: check asymmetric capabilities for SM2 Check asymmetric capabilities such as SM3 hash support and internal RNG and accordingly choose op params for SM2 test. Signed-off-by: Gowrishankar Muthukrishnan Acked-by: Arkadiusz Kusztal --- app/test/test_cryptodev_asym.c | 77 +++++++++++----------- app/test/test_cryptodev_sm2_test_vectors.h | 28 +++++--- 2 files changed, 57 insertions(+), 48 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index a2bb1f93369..94bb091df35 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -608,6 +608,7 @@ static inline void print_asym_capa( break; case RTE_CRYPTO_ASYM_XFORM_ECDSA: case RTE_CRYPTO_ASYM_XFORM_ECPM: + case RTE_CRYPTO_ASYM_XFORM_SM2: default: break; } @@ -1806,7 +1807,7 @@ test_ecpm_all_curve(void) } static int -_test_sm2_sign(bool rnd_secret) +test_sm2_sign(void) { struct crypto_testsuite_params_asym *ts_params = &testsuite_params; struct crypto_testsuite_sm2_params input_params = sm2_param_fp256; @@ -1875,11 +1876,19 @@ _test_sm2_sign(bool rnd_secret) else asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; - asym_op->sm2.message.data = input_params.message.data; - asym_op->sm2.message.length = input_params.message.length; - asym_op->sm2.id.data = input_params.id.data; - asym_op->sm2.id.length = input_params.id.length; - if (rnd_secret) { + if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) { + asym_op->sm2.message.data = input_params.message.data; + asym_op->sm2.message.length = input_params.message.length; + asym_op->sm2.id.data = input_params.id.data; + asym_op->sm2.id.length = input_params.id.length; + } else { + asym_op->sm2.message.data = input_params.digest.data; + asym_op->sm2.message.length = input_params.digest.length; + asym_op->sm2.id.data = NULL; + asym_op->sm2.id.length = 0; + } + + if (capa->internal_rng != 0) { asym_op->sm2.k.data = NULL; asym_op->sm2.k.length = 0; } else { @@ -1928,7 +1937,7 @@ _test_sm2_sign(bool rnd_secret) debug_hexdump(stdout, "s:", asym_op->sm2.s.data, asym_op->sm2.s.length); - if (!rnd_secret) { + if (capa->internal_rng == 0) { /* Verify sign (by comparison). */ if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data, asym_op->sm2.r.length) != 0) { @@ -1989,18 +1998,6 @@ _test_sm2_sign(bool rnd_secret) return status; }; -static int -test_sm2_sign_rnd_secret(void) -{ - return _test_sm2_sign(true); -} - -__rte_used static int -test_sm2_sign_plain_secret(void) -{ - return _test_sm2_sign(false); -} - static int test_sm2_verify(void) { @@ -2064,19 +2061,28 @@ test_sm2_verify(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY; + if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; else asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; - asym_op->sm2.message.data = input_params.message.data; - asym_op->sm2.message.length = input_params.message.length; + if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) { + asym_op->sm2.message.data = input_params.message.data; + asym_op->sm2.message.length = input_params.message.length; + asym_op->sm2.id.data = input_params.id.data; + asym_op->sm2.id.length = input_params.id.length; + } else { + asym_op->sm2.message.data = input_params.digest.data; + asym_op->sm2.message.length = input_params.digest.length; + asym_op->sm2.id.data = NULL; + asym_op->sm2.id.length = 0; + } + asym_op->sm2.r.data = input_params.sign_r.data; asym_op->sm2.r.length = input_params.sign_r.length; asym_op->sm2.s.data = input_params.sign_s.data; asym_op->sm2.s.length = input_params.sign_s.length; - asym_op->sm2.id.data = input_params.id.data; - asym_op->sm2.id.length = input_params.id.length; RTE_LOG(DEBUG, USER1, "Process ASYM operation\n"); @@ -2116,7 +2122,7 @@ test_sm2_verify(void) }; static int -_test_sm2_enc(bool rnd_secret) +test_sm2_enc(void) { struct crypto_testsuite_params_asym *ts_params = &testsuite_params; struct crypto_testsuite_sm2_params input_params = sm2_param_fp256; @@ -2185,7 +2191,8 @@ _test_sm2_enc(bool rnd_secret) asym_op->sm2.message.data = input_params.message.data; asym_op->sm2.message.length = input_params.message.length; - if (rnd_secret) { + + if (capa->internal_rng != 0) { asym_op->sm2.k.data = NULL; asym_op->sm2.k.length = 0; } else { @@ -2231,7 +2238,7 @@ _test_sm2_enc(bool rnd_secret) debug_hexdump(stdout, "cipher:", asym_op->sm2.cipher.data, asym_op->sm2.cipher.length); - if (!rnd_secret) { + if (capa->internal_rng == 0) { if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data, asym_op->sm2.cipher.length) != 0) { status = TEST_FAILED; @@ -2295,18 +2302,6 @@ _test_sm2_enc(bool rnd_secret) return status; }; -static int -test_sm2_enc_rnd_secret(void) -{ - return _test_sm2_enc(true); -} - -__rte_used static int -test_sm2_enc_plain_secret(void) -{ - return _test_sm2_enc(false); -} - static int test_sm2_dec(void) { @@ -2737,9 +2732,9 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite = { TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa), TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dh_key_generation), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign_rnd_secret), + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign), TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc_rnd_secret), + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_enc), TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_dec), TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec), TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, @@ -2803,6 +2798,8 @@ static struct unit_test_suite cryptodev_octeontx_asym_testsuite = { TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp), TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_ecdsa_sign_verify_all_curve), + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign), + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_verify), TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_ecpm_all_curve), TEST_CASES_END() /**< NULL terminate unit test array */ diff --git a/app/test/test_cryptodev_sm2_test_vectors.h b/app/test/test_cryptodev_sm2_test_vectors.h index 3d2dba13598..41f5f7074a1 100644 --- a/app/test/test_cryptodev_sm2_test_vectors.h +++ b/app/test/test_cryptodev_sm2_test_vectors.h @@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params { rte_crypto_param id; rte_crypto_param cipher; rte_crypto_param message; + rte_crypto_param digest; int curve; }; @@ -46,17 +47,17 @@ static uint8_t fp256_k[] = { }; static uint8_t fp256_sign_r[] = { - 0xf3, 0x26, 0x10, 0xde, 0xfb, 0xbf, 0x13, 0xd4, - 0x73, 0xb1, 0xc2, 0x80, 0x51, 0x06, 0x29, 0xf9, - 0xfb, 0xc8, 0x11, 0xa7, 0x8d, 0x2c, 0xcb, 0x09, - 0x7c, 0xb2, 0xcf, 0x58, 0x0b, 0x5e, 0x25, 0xff + 0x75, 0x2B, 0x8C, 0x15, 0x38, 0x10, 0xF6, 0xC0, + 0x28, 0xC9, 0x8A, 0x51, 0xD0, 0x62, 0x69, 0x4B, + 0xF6, 0x58, 0x06, 0xEB, 0xF1, 0x91, 0x1F, 0x15, + 0x8B, 0x08, 0x09, 0xF9, 0x88, 0x0A, 0x44, 0x24 }; static uint8_t fp256_sign_s[] = { - 0x8d, 0x8d, 0xb5, 0x40, 0xe3, 0xfb, 0x98, 0xf9, - 0x8c, 0xe4, 0x58, 0x60, 0xf2, 0x78, 0x8f, 0xd9, - 0xbf, 0xb8, 0x47, 0x73, 0x88, 0xc1, 0xd1, 0xcd, - 0x2d, 0xdb, 0xe3, 0xc1, 0x44, 0x30, 0x25, 0x86 + 0x5A, 0x3C, 0x96, 0x3E, 0x1C, 0xB4, 0x19, 0xF9, + 0xD7, 0x78, 0xB8, 0xCE, 0xFF, 0x9D, 0xB1, 0x31, + 0x77, 0xDB, 0xA0, 0xFE, 0x84, 0x61, 0x1A, 0xD9, + 0x4E, 0xFF, 0x82, 0x13, 0x1C, 0xCA, 0x04, 0x75, }; static uint8_t fp256_id[] = { @@ -68,6 +69,13 @@ static uint8_t fp256_message[] = { 0x64, 0x69, 0x67, 0x65, 0x73, 0x74 }; +static uint8_t fp256_digest[] = { + 0x0F, 0xB5, 0xCE, 0xF3, 0x3C, 0xB7, 0xD1, 0x35, + 0xA9, 0x3A, 0xC7, 0xA7, 0x89, 0x2A, 0x6D, 0x9A, + 0xF3, 0x1E, 0xC5, 0x38, 0xD3, 0x65, 0x1B, 0xB9, + 0xDF, 0x5F, 0x7F, 0x4A, 0xD8, 0x89, 0x57, 0xF1 +}; + static uint8_t fp256_cipher[] = { 0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8, 0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47, @@ -121,6 +129,10 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = { .data = fp256_message, .length = sizeof(fp256_message), }, + .digest = { + .data = fp256_digest, + .length = sizeof(fp256_digest), + }, .cipher = { .data = fp256_cipher, .length = sizeof(fp256_cipher),