validation: crypto: add AES-XTS support

Add support for AES in XEX-based tweaked-codebook mode with ciphertext
stealing mode.

Signed-off-by: Dmitry Eremin-Solenikov <deremin-solenikov@cavium.com>
Reviewed-by: Petri Savolainen <petri.savolainen@nokia.com>

3 files changed, 219 insertions, 0 deletions

diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c b/test/validation/api/crypto/odp_crypto_test_inp.c
index 4f4d8c13f..2f5726033 100644
--- a/test/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/validation/api/crypto/odp_crypto_test_inp.c
@@ -106,6 +106,8 @@ static const char *cipher_alg_name(odp_cipher_alg_t cipher)
 		return "ODP_CIPHER_ALG_AES_ECB";
 	case ODP_CIPHER_ALG_AES_CFB128:
 		return "ODP_CIPHER_ALG_AES_CFB128";
+	case ODP_CIPHER_ALG_AES_XTS:
+		return "ODP_CIPHER_ALG_AES_XTS";
 	case ODP_CIPHER_ALG_AES_GCM:
 		return "ODP_CIPHER_ALG_AES_GCM";
 	case ODP_CIPHER_ALG_AES_CCM:
@@ -542,6 +544,9 @@ static void check_alg(odp_crypto_op_t op,
 	if (cipher_alg == ODP_CIPHER_ALG_AES_CFB128 &&
 	    !(capa.ciphers.bit.aes_cfb128))
 		rc = -1;
+	if (cipher_alg == ODP_CIPHER_ALG_AES_XTS &&
+	    !(capa.ciphers.bit.aes_xts))
+		rc = -1;
 	if (cipher_alg == ODP_CIPHER_ALG_AES_GCM &&
 	    !(capa.ciphers.bit.aes_gcm))
 		rc = -1;
@@ -795,6 +800,10 @@ static int check_alg_support(odp_cipher_alg_t cipher, odp_auth_alg_t auth)
 		if (!capability.ciphers.bit.aes_cfb128)
 			return ODP_TEST_INACTIVE;
 		break;
+	case ODP_CIPHER_ALG_AES_XTS:
+		if (!capability.ciphers.bit.aes_xts)
+			return ODP_TEST_INACTIVE;
+		break;
 	case ODP_CIPHER_ALG_AES_GCM:
 		if (!capability.ciphers.bit.aes_gcm)
 			return ODP_TEST_INACTIVE;
@@ -1449,6 +1458,72 @@ static void crypto_test_dec_alg_aes_cfb128_ovr_iv(void)
 		  false);
 }
 
+static int check_alg_aes_xts(void)
+{
+	return check_alg_support(ODP_CIPHER_ALG_AES_XTS, ODP_AUTH_ALG_NULL);
+}
+
+/* This test verifies the correctness of encode (plaintext -> ciphertext)
+ * operation for AES128_XTS algorithm. IV for the operation is the session IV.
+ * In addition the test verifies if the implementation can use the
+ * packet buffer as completion event buffer.*/
+static void crypto_test_enc_alg_aes_xts(void)
+{
+	check_alg(ODP_CRYPTO_OP_ENCODE,
+		  ODP_CIPHER_ALG_AES_XTS,
+		  ODP_AUTH_ALG_NULL,
+		  aes_xts_reference,
+		  ARRAY_SIZE(aes_xts_reference),
+		  false,
+		  false);
+}
+
+/* This test verifies the correctness of encode (plaintext -> ciphertext)
+ * operation for AES128_XTS algorithm. IV for the operation is the operation IV.
+ * */
+static void crypto_test_enc_alg_aes_xts_ovr_iv(void)
+{
+	check_alg(ODP_CRYPTO_OP_ENCODE,
+		  ODP_CIPHER_ALG_AES_XTS,
+		  ODP_AUTH_ALG_NULL,
+		  aes_xts_reference,
+		  ARRAY_SIZE(aes_xts_reference),
+		  true,
+		  false);
+}
+
+/* This test verifies the correctness of decode (ciphertext -> plaintext)
+ * operation for AES128_XTS algorithm. IV for the operation is the session IV
+ * In addition the test verifies if the implementation can use the
+ * packet buffer as completion event buffer.
+ * */
+static void crypto_test_dec_alg_aes_xts(void)
+{
+	check_alg(ODP_CRYPTO_OP_DECODE,
+		  ODP_CIPHER_ALG_AES_XTS,
+		  ODP_AUTH_ALG_NULL,
+		  aes_xts_reference,
+		  ARRAY_SIZE(aes_xts_reference),
+		  false,
+		  false);
+}
+
+/* This test verifies the correctness of decode (ciphertext -> plaintext)
+ * operation for AES128_XTS algorithm. IV for the operation is the session IV
+ * In addition the test verifies if the implementation can use the
+ * packet buffer as completion event buffer.
+ * */
+static void crypto_test_dec_alg_aes_xts_ovr_iv(void)
+{
+	check_alg(ODP_CRYPTO_OP_DECODE,
+		  ODP_CIPHER_ALG_AES_XTS,
+		  ODP_AUTH_ALG_NULL,
+		  aes_xts_reference,
+		  ARRAY_SIZE(aes_xts_reference),
+		  true,
+		  false);
+}
+
 static int check_alg_kasumi_f8(void)
 {
 	return check_alg_support(ODP_CIPHER_ALG_KASUMI_F8, ODP_AUTH_ALG_NULL);
@@ -2310,6 +2385,14 @@ odp_testinfo_t crypto_suite[] = {
 				  check_alg_aes_cfb128),
 	ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes_cfb128_ovr_iv,
 				  check_alg_aes_cfb128),
+	ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_aes_xts,
+				  check_alg_aes_xts),
+	ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes_xts,
+				  check_alg_aes_xts),
+	ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_aes_xts_ovr_iv,
+				  check_alg_aes_xts),
+	ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes_xts_ovr_iv,
+				  check_alg_aes_xts),
 	ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_kasumi_f8,
 				  check_alg_kasumi_f8),
 	ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_kasumi_f8,
diff --git a/test/validation/api/crypto/test_vectors.h b/test/validation/api/crypto/test_vectors.h
index 8d5263098..e9d702eae 100644
--- a/test/validation/api/crypto/test_vectors.h
+++ b/test/validation/api/crypto/test_vectors.h
@@ -905,6 +905,137 @@ static crypto_test_reference_t aes_cfb128_reference[] = {
 	}
 };
 
+static crypto_test_reference_t aes_xts_reference[] = {
+	/* CAVS 11.0  XTSGen information, #1 */
+	{
+		.cipher_key_length = AES128_XTS_KEY_LEN,
+		.cipher_key = { 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
+				0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
+				0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
+				0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f},
+		.cipher_iv_length = AES_XTS_IV_LEN,
+		.cipher_iv = { 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
+			       0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5},
+		.length = 16,
+		.plaintext = { 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+			       0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c},
+		.ciphertext = { 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
+				0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63}
+	},
+	/* CAVS 11.0  XTSGen information, #101 */
+	{
+		.cipher_key_length = AES128_XTS_KEY_LEN,
+		.cipher_key = { 0xb7, 0xb9, 0x3f, 0x51, 0x6a, 0xef, 0x29, 0x5e,
+				0xff, 0x3a, 0x29, 0xd8, 0x37, 0xcf, 0x1f, 0x13,
+				0x53, 0x47, 0xe8, 0xa2, 0x1d, 0xae, 0x61, 0x6f,
+				0xf5, 0x06, 0x2b, 0x2e, 0x8d, 0x78, 0xce, 0x5e},
+		.cipher_iv_length = AES_XTS_IV_LEN,
+		.cipher_iv = { 0x87, 0x3e, 0xde, 0xa6, 0x53, 0xb6, 0x43, 0xbd,
+			       0x8b, 0xcf, 0x51, 0x40, 0x31, 0x97, 0xed, 0x14},
+		.length = 32,
+		.plaintext = { 0x23, 0x6f, 0x8a, 0x5b, 0x58, 0xdd, 0x55, 0xf6,
+			       0x19, 0x4e, 0xd7, 0x0c, 0x4a, 0xc1, 0xa1, 0x7f,
+			       0x1f, 0xe6, 0x0e, 0xc9, 0xa6, 0xc4, 0x54, 0xd0,
+			       0x87, 0xcc, 0xb7, 0x7d, 0x6b, 0x63, 0x8c, 0x47},
+		.ciphertext = { 0x22, 0xe6, 0xa3, 0xc6, 0x37, 0x9d, 0xcf, 0x75,
+				0x99, 0xb0, 0x52, 0xb5, 0xa7, 0x49, 0xc7, 0xf7,
+				0x8a, 0xd8, 0xa1, 0x1b, 0x9f, 0x1a, 0xa9, 0x43,
+				0x0c, 0xf3, 0xae, 0xf4, 0x45, 0x68, 0x2e, 0x19}
+	},
+	/* CAVS 11.0  XTSGen information, #227 TODO (Length 130 bits)*/
+	/* {
+		.cipher_key_length = AES128_XTS_KEY_LEN,
+		.cipher_key = { 0xec, 0x14, 0xc0, 0xa3, 0xb7, 0x72, 0x58, 0x5c,
+				0x15, 0xd4, 0xeb, 0x94, 0xe6, 0x9e, 0x2c, 0x55,
+				0x80, 0xcf, 0x3a, 0x63, 0xc1, 0x7c, 0xe9, 0xda,
+				0xd8, 0x2b, 0xb4, 0x54, 0xe3, 0x87, 0x90, 0x45},
+		.cipher_iv_length = AES_XTS_IV_LEN,
+		.cipher_iv = { 0x4a, 0x02, 0x87, 0xc2, 0x6e, 0xd2, 0x41, 0x26,
+			       0x5b, 0x3a, 0x42, 0xcd, 0xd1, 0x9c, 0xea, 0xe2},
+		.length = 17,
+		.plaintext = { 0x50, 0x82, 0x64, 0x75, 0x82, 0xc6, 0xe5, 0xa7,
+			       0x88, 0x73, 0x6f, 0xc5, 0x90, 0x5e, 0xa5, 0x65,
+			       0xc0 },
+		.ciphertext = { 0x04, 0x3a, 0xb9, 0xc0, 0x3d, 0x5b, 0x44, 0x13,
+				0x1d, 0x3e, 0x6e, 0xb2, 0x57, 0x61, 0x89, 0xde,
+				0x80 },
+	}, */
+	/* CAVS 11.0  XTSGen information, #1 */
+	{
+		.cipher_key_length = AES256_XTS_KEY_LEN,
+		.cipher_key = { 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
+				0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
+				0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
+				0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
+				0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
+				0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
+				0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
+				0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08},
+		.cipher_iv_length = AES_XTS_IV_LEN,
+		.cipher_iv = { 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
+			       0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64},
+		.length = 32,
+		.plaintext = { 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
+			       0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
+			       0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
+			       0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e},
+		.ciphertext = { 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
+				0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
+				0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
+				0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb},
+	},
+	/* CAVS 11.0  XTSGen information, #110 */
+	{
+		.cipher_key_length = AES256_XTS_KEY_LEN,
+		.cipher_key = { 0x6b, 0x19, 0x84, 0xc2, 0x4e, 0x7e, 0xb6, 0x62,
+				0x8e, 0x3a, 0x11, 0xc9, 0xcc, 0xd2, 0x59, 0x40,
+				0x33, 0xa3, 0xa0, 0xd9, 0x01, 0x6e, 0xae, 0x65,
+				0xc2, 0xf2, 0x4e, 0x09, 0xb9, 0xa6, 0x6e, 0x9f,
+				0xe9, 0xd1, 0x63, 0xa5, 0x06, 0xdf, 0xbc, 0xcf,
+				0x2d, 0x93, 0xe8, 0x99, 0x1e, 0x2f, 0xc5, 0x60,
+				0xe1, 0x04, 0x35, 0xb8, 0x90, 0xb5, 0x88, 0x9a,
+				0x50, 0x03, 0xe4, 0xbf, 0x81, 0x7d, 0xc3, 0xe0},
+		.cipher_iv_length = AES_XTS_IV_LEN,
+		.cipher_iv = { 0x6b, 0xb0, 0xd3, 0xae, 0x4f, 0xa8, 0x6e, 0x43,
+			       0x16, 0x19, 0xe4, 0x07, 0xd5, 0x9a, 0xd4, 0xf4},
+		.length = 48,
+		.plaintext = { 0x6a, 0x74, 0x1a, 0x94, 0x5b, 0xfb, 0xf0, 0xc6,
+			       0x7a, 0xfd, 0x43, 0xba, 0x1f, 0x84, 0x18, 0x16,
+			       0xc0, 0x99, 0x51, 0x58, 0x05, 0xd0, 0xfc, 0x1f,
+			       0x7d, 0xbf, 0x6d, 0xe9, 0x00, 0xe0, 0xaa, 0x7a,
+			       0x21, 0x9c, 0x88, 0x56, 0x32, 0x71, 0xb0, 0x09,
+			       0xd1, 0xac, 0x90, 0xeb, 0x7d, 0xc9, 0x97, 0x35},
+		.ciphertext = { 0xe4, 0x7b, 0xce, 0x29, 0x2b, 0xaa, 0x63, 0xbe,
+				0xf3, 0x16, 0xf6, 0x80, 0xa5, 0xf4, 0x80, 0xa7,
+				0xb8, 0x83, 0xdf, 0xab, 0x6e, 0xd5, 0xa5, 0x7f,
+				0x7e, 0x29, 0xec, 0xb8, 0x9e, 0x35, 0x4a, 0x31,
+				0xc9, 0xb1, 0x74, 0xc4, 0xab, 0xad, 0x6c, 0xba,
+				0xba, 0xba, 0x19, 0x14, 0x0c, 0x46, 0x20, 0xa3},
+	},
+	/* CAVS 11.0  XTSGen information, #211 TODO: length 140 bits */
+	/* {
+		.cipher_key_length = AES256_XTS_KEY_LEN,
+		.cipher_key = { 0x62, 0xc2, 0xe4, 0xf8, 0x52, 0xa9, 0x3e, 0xea,
+				0x4a, 0x2f, 0x61, 0xe8, 0x67, 0x68, 0x14, 0xf4,
+				0xa8, 0x0d, 0xc4, 0x7e, 0xe1, 0x81, 0x32, 0xc8,
+				0x38, 0xbf, 0x89, 0xa6, 0x18, 0xfd, 0xb8, 0xe2,
+				0x91, 0x3e, 0x2e, 0x5c, 0x32, 0x1b, 0x19, 0xea,
+				0x04, 0xbb, 0xa6, 0x34, 0x7d, 0x22, 0x6f, 0x41,
+				0xdb, 0xee, 0x88, 0x0d, 0x61, 0x67, 0xb8, 0xe1,
+				0xe9, 0x17, 0xfa, 0xf0, 0x46, 0xf0, 0x87, 0x5e},
+		.cipher_iv_length = AES_XTS_IV_LEN,
+		.cipher_iv = { 0x53, 0x7e, 0xe3, 0xdc, 0x13, 0xce, 0x27, 0xa8,
+			       0xd3, 0x0e, 0x6e, 0x42, 0xb5, 0xb9, 0x96, 0xae},
+		.length = 18,
+		.plaintext = { 0x00, 0xc9, 0xeb, 0x87, 0x78, 0xe0, 0x3d, 0xdd,
+			       0x5f, 0x3d, 0xe8, 0xc1, 0x8b, 0x34, 0x8f, 0xac,
+			       0x9c, 0x30},
+		.ciphertext = { 0x9d, 0x4a, 0x08, 0xac, 0x0f, 0xb4, 0x4e, 0x90,
+				0xd0, 0x5f, 0x62, 0x86, 0x19, 0x3f, 0x3a, 0xab,
+				0xc2, 0x90},
+	} */
+};
+
 /* AES-GCM test vectors extracted from
  * https://tools.ietf.org/html/draft-mcgrew-gcm-test-01#section-2
  */
diff --git a/test/validation/api/crypto/test_vectors_len.h b/test/validation/api/crypto/test_vectors_len.h
index a9ac6f6fb..fd5bccfc9 100644
--- a/test/validation/api/crypto/test_vectors_len.h
+++ b/test/validation/api/crypto/test_vectors_len.h
@@ -37,6 +37,11 @@
 /* AES-CFB128 */
 #define AES_CFB128_IV_LEN      16
 
+/* AES-XTS */
+#define AES128_XTS_KEY_LEN        32
+#define AES256_XTS_KEY_LEN        64
+#define AES_XTS_IV_LEN         16
+
 /* AES-GCM */
 #define AES_GCM_IV_LEN         12
 #define AES_GCM_DIGEST_LEN     16