2 * Copyright (c) 2018 Conrad Meyer <cem@FreeBSD.org>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/param.h>
35 /* Be sure to include tree copy rather than system copy. */
36 #include "cryptodev.h"
38 #include "freebsd_test_suite/macros.h"
41 const char *vector_name;
42 const char *test_key_hex;
43 const char *test_msg_hex;
44 const size_t test_msg_len;
46 const char *expected_tag_hex;
49 static const struct poly1305_kat rfc7539_kats[] = {
51 .vector_name = "RFC 7539 \xc2\xa7 2.5.2",
52 .test_key_hex = "85:d6:be:78:57:55:6d:33:7f:44:52:fe:42:d5:06:a8"
53 ":01:03:80:8a:fb:0d:b2:fd:4a:bf:f6:af:41:49:f5:1b",
55 "43 72 79 70 74 6f 67 72 61 70 68 69 63 20 46 6f "
56 "72 75 6d 20 52 65 73 65 61 72 63 68 20 47 72 6f "
59 .expected_tag_hex = "a8:06:1d:c1:30:51:36:c6:c2:2b:8b:af:0c:01:27:a9",
62 .vector_name = "RFC 7539 \xc2\xa7 A.3 #1",
64 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
65 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
67 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
68 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
69 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
70 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
72 .expected_tag_hex = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
75 .vector_name = "RFC 7539 \xc2\xa7 A.3 #2",
77 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
78 "36 e5 f6 b5 c5 e0 60 70 f0 ef ca 96 22 7a 86 3e ",
80 "41 6e 79 20 73 75 62 6d 69 73 73 69 6f 6e 20 74 "
81 "6f 20 74 68 65 20 49 45 54 46 20 69 6e 74 65 6e "
82 "64 65 64 20 62 79 20 74 68 65 20 43 6f 6e 74 72 "
83 "69 62 75 74 6f 72 20 66 6f 72 20 70 75 62 6c 69 "
84 "63 61 74 69 6f 6e 20 61 73 20 61 6c 6c 20 6f 72 "
85 "20 70 61 72 74 20 6f 66 20 61 6e 20 49 45 54 46 "
86 "20 49 6e 74 65 72 6e 65 74 2d 44 72 61 66 74 20 "
87 "6f 72 20 52 46 43 20 61 6e 64 20 61 6e 79 20 73 "
88 "74 61 74 65 6d 65 6e 74 20 6d 61 64 65 20 77 69 "
89 "74 68 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 "
90 "20 6f 66 20 61 6e 20 49 45 54 46 20 61 63 74 69 "
91 "76 69 74 79 20 69 73 20 63 6f 6e 73 69 64 65 72 "
92 "65 64 20 61 6e 20 22 49 45 54 46 20 43 6f 6e 74 "
93 "72 69 62 75 74 69 6f 6e 22 2e 20 53 75 63 68 20 "
94 "73 74 61 74 65 6d 65 6e 74 73 20 69 6e 63 6c 75 "
95 "64 65 20 6f 72 61 6c 20 73 74 61 74 65 6d 65 6e "
96 "74 73 20 69 6e 20 49 45 54 46 20 73 65 73 73 69 "
97 "6f 6e 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 "
98 "77 72 69 74 74 65 6e 20 61 6e 64 20 65 6c 65 63 "
99 "74 72 6f 6e 69 63 20 63 6f 6d 6d 75 6e 69 63 61 "
100 "74 69 6f 6e 73 20 6d 61 64 65 20 61 74 20 61 6e "
101 "79 20 74 69 6d 65 20 6f 72 20 70 6c 61 63 65 2c "
102 "20 77 68 69 63 68 20 61 72 65 20 61 64 64 72 65 "
103 "73 73 65 64 20 74 6f",
105 .expected_tag_hex = "36 e5 f6 b5 c5 e0 60 70 f0 ef ca 96 22 7a 86 3e",
108 .vector_name = "RFC 7539 \xc2\xa7 A.3 #3",
110 "36 e5 f6 b5 c5 e0 60 70 f0 ef ca 96 22 7a 86 3e "
111 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
113 "41 6e 79 20 73 75 62 6d 69 73 73 69 6f 6e 20 74 "
114 "6f 20 74 68 65 20 49 45 54 46 20 69 6e 74 65 6e "
115 "64 65 64 20 62 79 20 74 68 65 20 43 6f 6e 74 72 "
116 "69 62 75 74 6f 72 20 66 6f 72 20 70 75 62 6c 69 "
117 "63 61 74 69 6f 6e 20 61 73 20 61 6c 6c 20 6f 72 "
118 "20 70 61 72 74 20 6f 66 20 61 6e 20 49 45 54 46 "
119 "20 49 6e 74 65 72 6e 65 74 2d 44 72 61 66 74 20 "
120 "6f 72 20 52 46 43 20 61 6e 64 20 61 6e 79 20 73 "
121 "74 61 74 65 6d 65 6e 74 20 6d 61 64 65 20 77 69 "
122 "74 68 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 "
123 "20 6f 66 20 61 6e 20 49 45 54 46 20 61 63 74 69 "
124 "76 69 74 79 20 69 73 20 63 6f 6e 73 69 64 65 72 "
125 "65 64 20 61 6e 20 22 49 45 54 46 20 43 6f 6e 74 "
126 "72 69 62 75 74 69 6f 6e 22 2e 20 53 75 63 68 20 "
127 "73 74 61 74 65 6d 65 6e 74 73 20 69 6e 63 6c 75 "
128 "64 65 20 6f 72 61 6c 20 73 74 61 74 65 6d 65 6e "
129 "74 73 20 69 6e 20 49 45 54 46 20 73 65 73 73 69 "
130 "6f 6e 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 "
131 "77 72 69 74 74 65 6e 20 61 6e 64 20 65 6c 65 63 "
132 "74 72 6f 6e 69 63 20 63 6f 6d 6d 75 6e 69 63 61 "
133 "74 69 6f 6e 73 20 6d 61 64 65 20 61 74 20 61 6e "
134 "79 20 74 69 6d 65 20 6f 72 20 70 6c 61 63 65 2c "
135 "20 77 68 69 63 68 20 61 72 65 20 61 64 64 72 65 "
136 "73 73 65 64 20 74 6f",
138 .expected_tag_hex = "f3 47 7e 7c d9 54 17 af 89 a6 b8 79 4c 31 0c f0",
141 .vector_name = "RFC 7539 \xc2\xa7 A.3 #4",
143 "1c 92 40 a5 eb 55 d3 8a f3 33 88 86 04 f6 b5 f0 "
144 "47 39 17 c1 40 2b 80 09 9d ca 5c bc 20 70 75 c0 ",
146 "27 54 77 61 73 20 62 72 69 6c 6c 69 67 2c 20 61 "
147 "6e 64 20 74 68 65 20 73 6c 69 74 68 79 20 74 6f "
148 "76 65 73 0a 44 69 64 20 67 79 72 65 20 61 6e 64 "
149 "20 67 69 6d 62 6c 65 20 69 6e 20 74 68 65 20 77 "
150 "61 62 65 3a 0a 41 6c 6c 20 6d 69 6d 73 79 20 77 "
151 "65 72 65 20 74 68 65 20 62 6f 72 6f 67 6f 76 65 "
152 "73 2c 0a 41 6e 64 20 74 68 65 20 6d 6f 6d 65 20 "
153 "72 61 74 68 73 20 6f 75 74 67 72 61 62 65 2e",
155 .expected_tag_hex = "45 41 66 9a 7e aa ee 61 e7 08 dc 7c bc c5 eb 62",
158 .vector_name = "RFC 7539 \xc2\xa7 A.3 #5",
160 "02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
161 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
163 "FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF",
165 .expected_tag_hex = "03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
168 .vector_name = "RFC 7539 \xc2\xa7 A.3 #6",
170 "02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
171 "FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ",
173 "02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
175 .expected_tag_hex = "03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
179 .vector_name = "RFC 7539 \xc2\xa7 A.3 #7",
181 "01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
182 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
184 "FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF "
185 "F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF "
186 "11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
188 .expected_tag_hex = "05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
191 .vector_name = "RFC 7539 \xc2\xa7 A.3 #8",
193 "01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
194 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
196 "FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF "
197 "FB FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE "
198 "01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01",
200 .expected_tag_hex = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
203 .vector_name = "RFC 7539 \xc2\xa7 A.3 #9",
205 "02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
206 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
208 "FD FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF",
210 .expected_tag_hex = "FA FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF",
213 .vector_name = "RFC 7539 \xc2\xa7 A.3 #10",
215 "01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 "
216 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
218 "E3 35 94 D7 50 5E 43 B9 00 00 00 00 00 00 00 00 "
219 "33 94 D7 50 5E 43 79 CD 01 00 00 00 00 00 00 00 "
220 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
221 "01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
223 .expected_tag_hex = "14 00 00 00 00 00 00 00 55 00 00 00 00 00 00 00",
226 .vector_name = "RFC 7539 \xc2\xa7 A.3 #11",
228 "01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 "
229 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
231 "E3 35 94 D7 50 5E 43 B9 00 00 00 00 00 00 00 00 "
232 "33 94 D7 50 5E 43 79 CD 01 00 00 00 00 00 00 00 "
233 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
235 .expected_tag_hex = "13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
240 parse_hex(const struct poly1305_kat *kat, const char *hexstr, void *voutput,
243 /* Space or colon delimited; may contain a single trailing space;
244 * length should match exactly.
246 const char *sep, *it;
247 size_t sym_len, count;
252 memset(hbyte, 0, sizeof(hbyte));
257 sep = strpbrk(it, " :");
259 sym_len = strlen(it);
263 ATF_REQUIRE_EQ_MSG(sym_len, 2,
264 "invalid hex byte '%.*s' in vector %s", (int)sym_len, it,
267 memcpy(hbyte, it, 2);
268 res = sscanf(hbyte, "%hhx", &out[count]);
269 ATF_REQUIRE_EQ_MSG(res, 1,
270 "invalid hex byte '%s' in vector %s", hbyte,
274 ATF_REQUIRE_MSG(count <= explen,
275 "got longer than expected value at %s", kat->vector_name);
280 while (*it == ' ' || *it == ':')
286 ATF_REQUIRE_EQ_MSG(count, explen, "got short value at %s",
291 parse_vector(const struct poly1305_kat *kat,
292 uint8_t key[__min_size(POLY1305_KEY_LEN)], char *msg,
293 uint8_t exptag[__min_size(POLY1305_HASH_LEN)])
295 parse_hex(kat, kat->test_key_hex, key, POLY1305_KEY_LEN);
296 parse_hex(kat, kat->test_msg_hex, msg, kat->test_msg_len);
297 parse_hex(kat, kat->expected_tag_hex, exptag, POLY1305_HASH_LEN);
305 fd = open("/dev/crypto", O_RDWR);
306 ATF_REQUIRE(fd >= 0);
311 create_session(int fd, int alg, int crid, const void *key, size_t klen)
313 struct session2_op sop;
315 memset(&sop, 0, sizeof(sop));
319 sop.mackeylen = klen;
322 ATF_REQUIRE_MSG(ioctl(fd, CIOCGSESSION2, &sop) >= 0,
323 "alg %d keylen %zu, errno=%d (%s)", alg, klen, errno,
329 destroy_session(int fd, int _ses)
334 ATF_REQUIRE_MSG(ioctl(fd, CIOCFSESSION, &ses) >= 0,
335 "destroy session failed, errno=%d (%s)", errno, strerror(errno));
339 do_cryptop(int fd, int ses, const void *inp, size_t inlen, void *out)
343 memset(&cop, 0, sizeof(cop));
349 ATF_CHECK_MSG(ioctl(fd, CIOCCRYPT, &cop) >= 0, "ioctl(CIOCCRYPT)");
353 test_rfc7539_poly1305_vectors(int crid, const char *modname)
355 uint8_t comptag[POLY1305_HASH_LEN], exptag[POLY1305_HASH_LEN],
356 key[POLY1305_KEY_LEN], msg[512];
360 ATF_REQUIRE_KERNEL_MODULE(modname);
361 ATF_REQUIRE_KERNEL_MODULE("cryptodev");
363 fd = get_handle_fd();
365 for (i = 0; i < nitems(rfc7539_kats); i++) {
366 const struct poly1305_kat *kat;
368 kat = &rfc7539_kats[i];
369 parse_vector(kat, key, msg, exptag);
371 ses = create_session(fd, CRYPTO_POLY1305, crid, key, sizeof(key));
373 do_cryptop(fd, ses, msg, kat->test_msg_len, comptag);
374 ATF_CHECK_EQ_MSG(memcmp(comptag, exptag, sizeof(exptag)), 0,
375 "KAT %s failed:", kat->vector_name);
377 destroy_session(fd, ses);
381 ATF_TC_WITHOUT_HEAD(poly1305_vectors);
382 ATF_TC_BODY(poly1305_vectors, tc)
384 ATF_REQUIRE_SYSCTL_INT("kern.crypto.allow_soft", 1);
385 test_rfc7539_poly1305_vectors(CRYPTO_FLAG_SOFTWARE, "nexus/cryptosoft");
391 ATF_TP_ADD_TC(tp, poly1305_vectors);
393 return (atf_no_error());