2 * Copyright (c) 2017 Chelsio Communications, Inc.
4 * Written by: John Baldwin <jhb@FreeBSD.org>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * Copyright (c) 2004 Sam Leffler, Errno Consulting
29 * All rights reserved.
31 * Redistribution and use in source and binary forms, with or without
32 * modification, are permitted provided that the following conditions
34 * 1. Redistributions of source code must retain the above copyright
35 * notice, this list of conditions and the following disclaimer,
36 * without modification.
37 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
38 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
39 * redistribution must be conditioned upon including a substantially
40 * similar Disclaimer requirement for further binary redistribution.
41 * 3. Neither the names of the above-listed copyright holders nor the names
42 * of any contributors may be used to endorse or promote products derived
43 * from this software without specific prior written permission.
46 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
47 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
48 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
49 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
50 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
51 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
52 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
53 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
54 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
55 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
56 * THE POSSIBILITY OF SUCH DAMAGES.
62 * A different tool for checking hardware crypto support. Whereas
63 * cryptotest is focused on simple performance numbers, this tool is
64 * focused on correctness. For each crypto operation, it performs the
65 * operation once in software via OpenSSL and a second time via
66 * OpenCrypto and compares the results.
68 * cryptocheck [-vz] [-A aad length] [-a algorithm] [-d dev] [size ...]
72 * -z Run all algorithms on a variety of buffer sizes.
74 * Supported algorithms:
76 * hash Run all hash tests
77 * mac Run all mac tests
78 * cipher Run all cipher tests
79 * eta Run all encrypt-then-authenticate tests
80 * aead Run all authenticated encryption with associated data
85 * sha224 224-bit SHA-2
86 * sha256 256-bit SHA-2
87 * sha384 384-bit SHA-2
88 * sha512 512-bit SHA-2
94 * sha224hmac 224-bit SHA-2 HMAC
95 * sha256hmac 256-bit SHA-2 HMAC
96 * sha384hmac 384-bit SHA-2 HMAC
97 * sha512hmac 512-bit SHA-2 HMAC
99 * gmac192 192-bit GMAC
100 * gmac256 256-bit GMAC
103 * aes-cbc 128-bit AES-CBC
104 * aes-cbc192 192-bit AES-CBC
105 * aes-cbc256 256-bit AES-CBC
106 * aes-ctr 128-bit AES-CTR
107 * aes-ctr192 192-bit AES-CTR
108 * aes-ctr256 256-bit AES-CTR
109 * aes-xts 128-bit AES-XTS
110 * aes-xts256 256-bit AES-XTS
113 * Encrypt then Authenticate:
116 * Authenticated Encryption with Associated Data:
117 * aes-gcm 128-bit AES-GCM
118 * aes-gcm192 192-bit AES-GCM
119 * aes-gcm256 256-bit AES-GCM
120 * aes-ccm 128-bit AES-CCM
121 * aes-ccm192 192-bit AES-CCM
122 * aes-ccm256 256-bit AES-CCM
125 #include <sys/param.h>
126 #include <sys/sysctl.h>
136 #include <openssl/err.h>
137 #include <openssl/hmac.h>
139 #include <crypto/cryptodev.h>
147 static const struct alg {
151 enum { T_HASH, T_HMAC, T_GMAC, T_CIPHER, T_ETA, T_AEAD } type;
152 const EVP_CIPHER *(*evp_cipher)(void);
153 const EVP_MD *(*evp_md)(void);
155 { .name = "sha1", .mac = CRYPTO_SHA1, .type = T_HASH,
156 .evp_md = EVP_sha1 },
157 { .name = "sha224", .mac = CRYPTO_SHA2_224, .type = T_HASH,
158 .evp_md = EVP_sha224 },
159 { .name = "sha256", .mac = CRYPTO_SHA2_256, .type = T_HASH,
160 .evp_md = EVP_sha256 },
161 { .name = "sha384", .mac = CRYPTO_SHA2_384, .type = T_HASH,
162 .evp_md = EVP_sha384 },
163 { .name = "sha512", .mac = CRYPTO_SHA2_512, .type = T_HASH,
164 .evp_md = EVP_sha512 },
165 { .name = "sha1hmac", .mac = CRYPTO_SHA1_HMAC, .type = T_HMAC,
166 .evp_md = EVP_sha1 },
167 { .name = "sha224hmac", .mac = CRYPTO_SHA2_224_HMAC, .type = T_HMAC,
168 .evp_md = EVP_sha224 },
169 { .name = "sha256hmac", .mac = CRYPTO_SHA2_256_HMAC, .type = T_HMAC,
170 .evp_md = EVP_sha256 },
171 { .name = "sha384hmac", .mac = CRYPTO_SHA2_384_HMAC, .type = T_HMAC,
172 .evp_md = EVP_sha384 },
173 { .name = "sha512hmac", .mac = CRYPTO_SHA2_512_HMAC, .type = T_HMAC,
174 .evp_md = EVP_sha512 },
175 { .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HASH,
176 .evp_md = EVP_blake2b512 },
177 { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH,
178 .evp_md = EVP_blake2s256 },
179 { .name = "gmac", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
180 .evp_cipher = EVP_aes_128_gcm },
181 { .name = "gmac192", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
182 .evp_cipher = EVP_aes_192_gcm },
183 { .name = "gmac256", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
184 .evp_cipher = EVP_aes_256_gcm },
185 { .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
186 .evp_cipher = EVP_aes_128_cbc },
187 { .name = "aes-cbc192", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
188 .evp_cipher = EVP_aes_192_cbc },
189 { .name = "aes-cbc256", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
190 .evp_cipher = EVP_aes_256_cbc },
191 { .name = "aes-ctr", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
192 .evp_cipher = EVP_aes_128_ctr },
193 { .name = "aes-ctr192", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
194 .evp_cipher = EVP_aes_192_ctr },
195 { .name = "aes-ctr256", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
196 .evp_cipher = EVP_aes_256_ctr },
197 { .name = "aes-xts", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER,
198 .evp_cipher = EVP_aes_128_xts },
199 { .name = "aes-xts256", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER,
200 .evp_cipher = EVP_aes_256_xts },
201 { .name = "chacha20", .cipher = CRYPTO_CHACHA20, .type = T_CIPHER,
202 .evp_cipher = EVP_chacha20 },
203 { .name = "aes-gcm", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD,
204 .evp_cipher = EVP_aes_128_gcm },
205 { .name = "aes-gcm192", .cipher = CRYPTO_AES_NIST_GCM_16,
206 .type = T_AEAD, .evp_cipher = EVP_aes_192_gcm },
207 { .name = "aes-gcm256", .cipher = CRYPTO_AES_NIST_GCM_16,
208 .type = T_AEAD, .evp_cipher = EVP_aes_256_gcm },
209 { .name = "aes-ccm", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
210 .evp_cipher = EVP_aes_128_ccm },
211 { .name = "aes-ccm192", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
212 .evp_cipher = EVP_aes_192_ccm },
213 { .name = "aes-ccm256", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
214 .evp_cipher = EVP_aes_256_ccm },
218 static int requested_crid;
219 static size_t aad_sizes[48], sizes[128];
220 static u_int naad_sizes, nsizes;
226 "usage: cryptocheck [-z] [-a algorithm] [-d dev] [size ...]\n");
230 static const struct alg *
231 find_alg(const char *name)
235 for (i = 0; i < nitems(algs); i++)
236 if (strcasecmp(algs[i].name, name) == 0)
242 build_eta(const struct alg *cipher, const struct alg *mac)
247 assert(cipher->type == T_CIPHER);
248 assert(mac->type == T_HMAC);
249 eta = calloc(1, sizeof(*eta));
250 asprintf(&name, "%s+%s", cipher->name, mac->name);
252 eta->cipher = cipher->cipher;
255 eta->evp_cipher = cipher->evp_cipher;
256 eta->evp_md = mac->evp_md;
261 free_eta(struct alg *eta)
263 free(__DECONST(char *, eta->name));
268 build_eta_name(const char *name)
270 const struct alg *cipher, *mac;
271 const char *mac_name;
272 char *cp, *cipher_name;
274 cp = strchr(name, '+');
275 cipher_name = strndup(name, cp - name);
277 cipher = find_alg(cipher_name);
279 if (cipher == NULL || cipher->type != T_CIPHER)
280 errx(1, "Invalid cipher %s", cipher_name);
281 mac = find_alg(mac_name);
282 if (mac == NULL || mac->type != T_HMAC)
283 errx(1, "Invalid hmac %s", mac_name);
284 return (build_eta(cipher, mac));
293 fd = open("/dev/crypto", O_RDWR | O_CLOEXEC, 0);
295 err(1, "/dev/crypto");
301 * Called on exit to change kern.cryptodevallowsoft back to 0
303 #define CRYPT_SOFT_ALLOW "kern.cryptodevallowsoft"
306 reset_user_soft(void)
309 sysctlbyname(CRYPT_SOFT_ALLOW, NULL, NULL, &off, sizeof(off));
313 enable_user_soft(void)
317 size_t cursize = sizeof(curstate);
319 if (sysctlbyname(CRYPT_SOFT_ALLOW, &curstate, &cursize,
320 &on, sizeof(on)) == 0) {
322 atexit(reset_user_soft);
327 crlookup(const char *devname)
329 struct crypt_find_op find;
331 if (strncmp(devname, "soft", 4) == 0) {
333 return CRYPTO_FLAG_SOFTWARE;
337 strlcpy(find.name, devname, sizeof(find.name));
338 if (ioctl(devcrypto(), CIOCFINDDEV, &find) == -1)
339 err(1, "ioctl(CIOCFINDDEV)");
346 static struct crypt_find_op find;
348 if (crid == CRYPTO_FLAG_SOFTWARE)
350 else if (crid == CRYPTO_FLAG_HARDWARE)
353 bzero(&find, sizeof(find));
355 if (ioctl(devcrypto(), CRIOFINDDEV, &find) == -1)
356 err(1, "ioctl(CIOCFINDDEV): crid %d", crid);
365 if (ioctl(devcrypto(), CRIOGET, &fd) == -1)
366 err(1, "ioctl(CRIOGET)");
367 if (fcntl(fd, F_SETFD, 1) == -1)
368 err(1, "fcntl(F_SETFD) (crget)");
376 0x10,0x54,0x11,0x48,0x45,0x12,0x4f,0x13,0x49,0x53,0x14,0x41,
377 0x15,0x16,0x4e,0x55,0x54,0x17,0x18,0x4a,0x4f,0x42,0x19,0x01
379 return 0x20+a[random()%nitems(a)];
383 alloc_buffer(size_t len)
389 for (i = 0; i < len; i++)
395 generate_iv(size_t len, const struct alg *alg)
399 iv = alloc_buffer(len);
400 switch (alg->cipher) {
402 /* Clear the low 32 bits of the IV to hold the counter. */
410 * Clear the low 64-bits to only store a 64-bit block
427 ocf_init_sop(struct session2_op *sop)
429 memset(sop, 0, sizeof(*sop));
430 sop->crid = requested_crid;
434 ocf_init_session(struct session2_op *sop, const char *type, const char *name,
435 struct ocf_session *ses)
440 if (ioctl(fd, CIOCGSESSION2, sop) < 0) {
441 warn("cryptodev %s %s not supported for device %s",
442 type, name, crfind(sop->crid));
449 ses->crid = sop->crid;
454 ocf_destroy_session(struct ocf_session *ses)
459 if (ioctl(ses->fd, CIOCFSESSION, &ses->ses) < 0)
460 warn("ioctl(CIOCFSESSION)");
466 ocf_init_cop(const struct ocf_session *ses, struct crypt_op *cop)
468 memset(cop, 0, sizeof(*cop));
473 ocf_init_caead(const struct ocf_session *ses, struct crypt_aead *caead)
475 memset(caead, 0, sizeof(*caead));
476 caead->ses = ses->ses;
480 ocf_hash(const struct alg *alg, const char *buffer, size_t size, char *digest,
483 struct ocf_session ses;
484 struct session2_op sop;
489 if (!ocf_init_session(&sop, "HASH", alg->name, &ses))
492 ocf_init_cop(&ses, &cop);
495 cop.src = __DECONST(char *, buffer);
498 if (ioctl(ses.fd, CIOCCRYPT, &cop) < 0) {
499 warn("cryptodev %s (%zu) HASH failed for device %s", alg->name,
500 size, crfind(ses.crid));
501 ocf_destroy_session(&ses);
506 ocf_destroy_session(&ses);
511 openssl_hash(const struct alg *alg, const EVP_MD *md, const void *buffer,
512 size_t size, void *digest_out, unsigned *digest_sz_out)
520 mdctx = EVP_MD_CTX_create();
524 rc = EVP_DigestInit_ex(mdctx, md, NULL);
528 rc = EVP_DigestUpdate(mdctx, buffer, size);
532 rc = EVP_DigestFinal_ex(mdctx, digest_out, digest_sz_out);
536 EVP_MD_CTX_destroy(mdctx);
540 errx(1, "OpenSSL %s HASH failed%s: %s", alg->name, errs,
541 ERR_error_string(ERR_get_error(), NULL));
545 run_hash_test(const struct alg *alg, size_t size)
551 char control_digest[EVP_MAX_MD_SIZE], test_digest[EVP_MAX_MD_SIZE];
553 memset(control_digest, 0x3c, sizeof(control_digest));
554 memset(test_digest, 0x3c, sizeof(test_digest));
557 assert((size_t)EVP_MD_size(md) <= sizeof(control_digest));
559 buffer = alloc_buffer(size);
562 digest_len = sizeof(control_digest);
563 openssl_hash(alg, md, buffer, size, control_digest, &digest_len);
565 /* cryptodev HASH. */
566 if (!ocf_hash(alg, buffer, size, test_digest, &crid))
568 if (memcmp(control_digest, test_digest, sizeof(control_digest)) != 0) {
569 if (memcmp(control_digest, test_digest, EVP_MD_size(md)) == 0)
570 printf("%s (%zu) mismatch in trailer:\n",
573 printf("%s (%zu) mismatch:\n", alg->name, size);
574 printf("control:\n");
575 hexdump(control_digest, sizeof(control_digest), NULL, 0);
576 printf("test (cryptodev device %s):\n", crfind(crid));
577 hexdump(test_digest, sizeof(test_digest), NULL, 0);
582 printf("%s (%zu) matched (cryptodev device %s)\n",
583 alg->name, size, crfind(crid));
590 ocf_hmac(const struct alg *alg, const char *buffer, size_t size,
591 const char *key, size_t key_len, char *digest, int *cridp)
593 struct ocf_session ses;
594 struct session2_op sop;
598 sop.mackeylen = key_len;
599 sop.mackey = __DECONST(char *, key);
601 if (!ocf_init_session(&sop, "HMAC", alg->name, &ses))
604 ocf_init_cop(&ses, &cop);
607 cop.src = __DECONST(char *, buffer);
610 if (ioctl(ses.fd, CIOCCRYPT, &cop) < 0) {
611 warn("cryptodev %s (%zu) HMAC failed for device %s", alg->name,
612 size, crfind(ses.crid));
613 ocf_destroy_session(&ses);
618 ocf_destroy_session(&ses);
623 run_hmac_test(const struct alg *alg, size_t size)
627 u_int key_len, digest_len;
629 char control_digest[EVP_MAX_MD_SIZE], test_digest[EVP_MAX_MD_SIZE];
631 memset(control_digest, 0x3c, sizeof(control_digest));
632 memset(test_digest, 0x3c, sizeof(test_digest));
635 key_len = EVP_MD_size(md);
636 assert((size_t)EVP_MD_size(md) <= sizeof(control_digest));
638 key = alloc_buffer(key_len);
639 buffer = alloc_buffer(size);
642 digest_len = sizeof(control_digest);
643 if (HMAC(md, key, key_len, (u_char *)buffer, size,
644 (u_char *)control_digest, &digest_len) == NULL)
645 errx(1, "OpenSSL %s (%zu) HMAC failed: %s", alg->name,
646 size, ERR_error_string(ERR_get_error(), NULL));
648 /* cryptodev HMAC. */
649 if (!ocf_hmac(alg, buffer, size, key, key_len, test_digest, &crid))
651 if (memcmp(control_digest, test_digest, sizeof(control_digest)) != 0) {
652 if (memcmp(control_digest, test_digest, EVP_MD_size(md)) == 0)
653 printf("%s (%zu) mismatch in trailer:\n",
656 printf("%s (%zu) mismatch:\n", alg->name, size);
657 printf("control:\n");
658 hexdump(control_digest, sizeof(control_digest), NULL, 0);
659 printf("test (cryptodev device %s):\n", crfind(crid));
660 hexdump(test_digest, sizeof(test_digest), NULL, 0);
665 printf("%s (%zu) matched (cryptodev device %s)\n",
666 alg->name, size, crfind(crid));
674 openssl_cipher(const struct alg *alg, const EVP_CIPHER *cipher, const char *key,
675 const char *iv, const char *input, char *output, size_t size, int enc)
680 ctx = EVP_CIPHER_CTX_new();
682 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
683 size, ERR_error_string(ERR_get_error(), NULL));
684 if (EVP_CipherInit_ex(ctx, cipher, NULL, (const u_char *)key,
685 (const u_char *)iv, enc) != 1)
686 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
687 size, ERR_error_string(ERR_get_error(), NULL));
688 EVP_CIPHER_CTX_set_padding(ctx, 0);
689 if (EVP_CipherUpdate(ctx, (u_char *)output, &outl,
690 (const u_char *)input, size) != 1)
691 errx(1, "OpenSSL %s (%zu) cipher update failed: %s", alg->name,
692 size, ERR_error_string(ERR_get_error(), NULL));
694 if (EVP_CipherFinal_ex(ctx, (u_char *)output + outl, &outl) != 1)
695 errx(1, "OpenSSL %s (%zu) cipher final failed: %s", alg->name,
696 size, ERR_error_string(ERR_get_error(), NULL));
698 if ((size_t)total != size)
699 errx(1, "OpenSSL %s (%zu) cipher size mismatch: %d", alg->name,
701 EVP_CIPHER_CTX_free(ctx);
705 ocf_init_cipher_session(const struct alg *alg, const char *key, size_t key_len,
706 struct ocf_session *ses)
708 struct session2_op sop;
711 sop.keylen = key_len;
712 sop.key = __DECONST(char *, key);
713 sop.cipher = alg->cipher;
714 return (ocf_init_session(&sop, "cipher", alg->name, ses));
718 ocf_cipher(const struct ocf_session *ses, const struct alg *alg, const char *iv,
719 const char *input, char *output, size_t size, int op)
723 ocf_init_cop(ses, &cop);
726 cop.src = __DECONST(char *, input);
728 cop.iv = __DECONST(char *, iv);
730 if (ioctl(ses->fd, CIOCCRYPT, &cop) < 0) {
731 warn("cryptodev %s (%zu) cipher failed for device %s",
732 alg->name, size, crfind(ses->crid));
740 run_cipher_test(const struct alg *alg, size_t size)
742 struct ocf_session ses;
743 const EVP_CIPHER *cipher;
744 char *buffer, *cleartext, *ciphertext;
746 u_int iv_len, key_len;
748 cipher = alg->evp_cipher();
749 if (size % EVP_CIPHER_block_size(cipher) != 0) {
752 "%s (%zu): invalid buffer size (block size %d)\n",
753 alg->name, size, EVP_CIPHER_block_size(cipher));
758 * XTS requires at least one full block so that any partial
759 * block at the end has cipher text to steal. Hardcoding the
760 * AES block size isn't ideal, but OpenSSL doesn't have a
761 * notion of a "native" block size.
763 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE &&
764 size < AES_BLOCK_LEN) {
766 printf("%s (%zu): invalid buffer size\n", alg->name,
771 key_len = EVP_CIPHER_key_length(cipher);
772 iv_len = EVP_CIPHER_iv_length(cipher);
774 key = alloc_buffer(key_len);
775 iv = generate_iv(iv_len, alg);
776 cleartext = alloc_buffer(size);
777 buffer = malloc(size);
778 ciphertext = malloc(size);
780 /* OpenSSL cipher. */
781 openssl_cipher(alg, cipher, key, iv, cleartext, ciphertext, size, 1);
782 if (size > 0 && memcmp(cleartext, ciphertext, size) == 0)
783 warnx("OpenSSL %s (%zu): cipher text unchanged", alg->name,
785 openssl_cipher(alg, cipher, key, iv, ciphertext, buffer, size, 0);
786 if (memcmp(cleartext, buffer, size) != 0) {
787 printf("OpenSSL %s (%zu): cipher mismatch:", alg->name, size);
788 printf("original:\n");
789 hexdump(cleartext, size, NULL, 0);
790 printf("decrypted:\n");
791 hexdump(buffer, size, NULL, 0);
795 if (!ocf_init_cipher_session(alg, key, key_len, &ses))
799 if (!ocf_cipher(&ses, alg, iv, cleartext, buffer, size, COP_ENCRYPT))
801 if (memcmp(ciphertext, buffer, size) != 0) {
802 printf("%s (%zu) encryption mismatch:\n", alg->name, size);
803 printf("control:\n");
804 hexdump(ciphertext, size, NULL, 0);
805 printf("test (cryptodev device %s):\n", crfind(ses.crid));
806 hexdump(buffer, size, NULL, 0);
811 if (!ocf_cipher(&ses, alg, iv, ciphertext, buffer, size, COP_DECRYPT))
813 if (memcmp(cleartext, buffer, size) != 0) {
814 printf("%s (%zu) decryption mismatch:\n", alg->name, size);
815 printf("control:\n");
816 hexdump(cleartext, size, NULL, 0);
817 printf("test (cryptodev device %s):\n", crfind(ses.crid));
818 hexdump(buffer, size, NULL, 0);
823 printf("%s (%zu) matched (cryptodev device %s)\n",
824 alg->name, size, crfind(ses.crid));
827 ocf_destroy_session(&ses);
836 ocf_init_eta_session(const struct alg *alg, const char *cipher_key,
837 size_t cipher_key_len, const char *auth_key, size_t auth_key_len,
838 struct ocf_session *ses)
840 struct session2_op sop;
843 sop.keylen = cipher_key_len;
844 sop.key = __DECONST(char *, cipher_key);
845 sop.cipher = alg->cipher;
846 sop.mackeylen = auth_key_len;
847 sop.mackey = __DECONST(char *, auth_key);
849 return (ocf_init_session(&sop, "ETA", alg->name, ses));
853 ocf_eta(const struct ocf_session *ses, const char *iv, size_t iv_len,
854 const char *aad, size_t aad_len, const char *input, char *output,
855 size_t size, char *digest, int op)
860 struct crypt_aead caead;
862 ocf_init_caead(ses, &caead);
865 caead.aadlen = aad_len;
866 caead.ivlen = iv_len;
867 caead.src = __DECONST(char *, input);
869 caead.aad = __DECONST(char *, aad);
871 caead.iv = __DECONST(char *, iv);
873 ret = ioctl(ses->fd, CIOCCRYPTAEAD, &caead);
877 ocf_init_cop(ses, &cop);
880 cop.src = __DECONST(char *, input);
883 cop.iv = __DECONST(char *, iv);
885 ret = ioctl(ses->fd, CIOCCRYPT, &cop);
894 run_eta_test(const struct alg *alg, size_t aad_len, size_t size)
896 struct ocf_session ses;
897 const EVP_CIPHER *cipher;
899 char *buffer, *cleartext, *ciphertext;
900 char *iv, *auth_key, *cipher_key;
901 u_int iv_len, auth_key_len, cipher_key_len, digest_len;
903 char control_digest[EVP_MAX_MD_SIZE], test_digest[EVP_MAX_MD_SIZE];
905 cipher = alg->evp_cipher();
906 if (size % EVP_CIPHER_block_size(cipher) != 0) {
909 "%s (%zu, %zu): invalid buffer size (block size %d)\n",
910 alg->name, aad_len, size,
911 EVP_CIPHER_block_size(cipher));
915 /* See comment in run_cipher_test. */
916 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE &&
917 size < AES_BLOCK_LEN) {
919 printf("%s (%zu): invalid buffer size\n", alg->name,
924 memset(control_digest, 0x3c, sizeof(control_digest));
925 memset(test_digest, 0x3c, sizeof(test_digest));
929 cipher_key_len = EVP_CIPHER_key_length(cipher);
930 iv_len = EVP_CIPHER_iv_length(cipher);
931 auth_key_len = EVP_MD_size(md);
933 cipher_key = alloc_buffer(cipher_key_len);
934 iv = generate_iv(iv_len, alg);
935 auth_key = alloc_buffer(auth_key_len);
936 cleartext = alloc_buffer(aad_len + size);
937 buffer = malloc(aad_len + size);
938 ciphertext = malloc(aad_len + size);
940 /* OpenSSL encrypt + HMAC. */
942 memcpy(ciphertext, cleartext, aad_len);
943 openssl_cipher(alg, cipher, cipher_key, iv, cleartext + aad_len,
944 ciphertext + aad_len, size, 1);
945 if (size > 0 && memcmp(cleartext + aad_len, ciphertext + aad_len,
947 warnx("OpenSSL %s (%zu, %zu): cipher text unchanged",
948 alg->name, aad_len, size);
949 digest_len = sizeof(control_digest);
950 if (HMAC(md, auth_key, auth_key_len, (u_char *)ciphertext,
951 aad_len + size, (u_char *)control_digest, &digest_len) == NULL)
952 errx(1, "OpenSSL %s (%zu, %zu) HMAC failed: %s", alg->name,
953 aad_len, size, ERR_error_string(ERR_get_error(), NULL));
955 if (!ocf_init_eta_session(alg, cipher_key, cipher_key_len, auth_key,
959 /* OCF encrypt + HMAC. */
960 error = ocf_eta(&ses, iv, iv_len, aad_len != 0 ? cleartext : NULL,
961 aad_len, cleartext + aad_len, buffer + aad_len, size, test_digest,
964 warnc(error, "cryptodev %s (%zu, %zu) ETA failed for device %s",
965 alg->name, aad_len, size, crfind(ses.crid));
968 if (memcmp(ciphertext + aad_len, buffer + aad_len, size) != 0) {
969 printf("%s (%zu, %zu) encryption mismatch:\n", alg->name,
971 printf("control:\n");
972 hexdump(ciphertext + aad_len, size, NULL, 0);
973 printf("test (cryptodev device %s):\n", crfind(ses.crid));
974 hexdump(buffer + aad_len, size, NULL, 0);
977 if (memcmp(control_digest, test_digest, sizeof(control_digest)) != 0) {
978 if (memcmp(control_digest, test_digest, EVP_MD_size(md)) == 0)
979 printf("%s (%zu, %zu) enc hash mismatch in trailer:\n",
980 alg->name, aad_len, size);
982 printf("%s (%zu, %zu) enc hash mismatch:\n", alg->name,
984 printf("control:\n");
985 hexdump(control_digest, sizeof(control_digest), NULL, 0);
986 printf("test (cryptodev device %s):\n", crfind(ses.crid));
987 hexdump(test_digest, sizeof(test_digest), NULL, 0);
991 /* OCF HMAC + decrypt. */
992 error = ocf_eta(&ses, iv, iv_len, aad_len != 0 ? ciphertext : NULL,
993 aad_len, ciphertext + aad_len, buffer + aad_len, size, test_digest,
996 warnc(error, "cryptodev %s (%zu, %zu) ETA failed for device %s",
997 alg->name, aad_len, size, crfind(ses.crid));
1000 if (memcmp(cleartext + aad_len, buffer + aad_len, size) != 0) {
1001 printf("%s (%zu, %zu) decryption mismatch:\n", alg->name,
1003 printf("control:\n");
1004 hexdump(cleartext, size, NULL, 0);
1005 printf("test (cryptodev device %s):\n", crfind(ses.crid));
1006 hexdump(buffer, size, NULL, 0);
1010 /* Verify OCF HMAC + decrypt fails with busted MAC. */
1011 test_digest[0] ^= 0x1;
1012 error = ocf_eta(&ses, iv, iv_len, aad_len != 0 ? ciphertext : NULL,
1013 aad_len, ciphertext + aad_len, buffer + aad_len, size, test_digest,
1015 if (error != EBADMSG) {
1018 "cryptodev %s (%zu, %zu) corrupt tag failed for device %s",
1019 alg->name, aad_len, size, crfind(ses.crid));
1022 "cryptodev %s (%zu, %zu) corrupt tag didn't fail for device %s",
1023 alg->name, aad_len, size, crfind(ses.crid));
1028 printf("%s (%zu, %zu) matched (cryptodev device %s)\n",
1029 alg->name, aad_len, size, crfind(ses.crid));
1032 ocf_destroy_session(&ses);
1042 openssl_gmac(const struct alg *alg, const EVP_CIPHER *cipher, const char *key,
1043 const char *iv, const char *input, size_t size, char *tag)
1045 EVP_CIPHER_CTX *ctx;
1048 ctx = EVP_CIPHER_CTX_new();
1050 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1051 size, ERR_error_string(ERR_get_error(), NULL));
1052 if (EVP_EncryptInit_ex(ctx, cipher, NULL, (const u_char *)key,
1053 (const u_char *)iv) != 1)
1054 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1055 size, ERR_error_string(ERR_get_error(), NULL));
1056 EVP_CIPHER_CTX_set_padding(ctx, 0);
1057 if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)input,
1059 errx(1, "OpenSSL %s (%zu) update failed: %s",
1060 alg->name, size, ERR_error_string(ERR_get_error(), NULL));
1061 if (EVP_EncryptFinal_ex(ctx, NULL, &outl) != 1)
1062 errx(1, "OpenSSL %s (%zu) final failed: %s", alg->name,
1063 size, ERR_error_string(ERR_get_error(), NULL));
1064 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN,
1066 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1067 size, ERR_error_string(ERR_get_error(), NULL));
1068 EVP_CIPHER_CTX_free(ctx);
1072 ocf_gmac(const struct alg *alg, const char *input, size_t size, const char *key,
1073 size_t key_len, const char *iv, char *tag, int *cridp)
1075 struct ocf_session ses;
1076 struct session2_op sop;
1077 struct crypt_op cop;
1080 sop.mackeylen = key_len;
1081 sop.mackey = __DECONST(char *, key);
1083 if (!ocf_init_session(&sop, "GMAC", alg->name, &ses))
1086 ocf_init_cop(&ses, &cop);
1089 cop.src = __DECONST(char *, input);
1093 if (ioctl(ses.fd, CIOCCRYPT, &cop) < 0) {
1094 warn("cryptodev %s (%zu) failed for device %s", alg->name,
1095 size, crfind(ses.crid));
1096 ocf_destroy_session(&ses);
1101 ocf_destroy_session(&ses);
1106 run_gmac_test(const struct alg *alg, size_t size)
1108 const EVP_CIPHER *cipher;
1109 char *iv, *key, *buffer;
1110 u_int iv_len, key_len;
1112 char control_tag[AES_GMAC_HASH_LEN], test_tag[AES_GMAC_HASH_LEN];
1114 cipher = alg->evp_cipher();
1116 memset(control_tag, 0x3c, sizeof(control_tag));
1117 memset(test_tag, 0x3c, sizeof(test_tag));
1119 key_len = EVP_CIPHER_key_length(cipher);
1120 iv_len = EVP_CIPHER_iv_length(cipher);
1122 key = alloc_buffer(key_len);
1123 iv = generate_iv(iv_len, alg);
1124 buffer = alloc_buffer(size);
1127 openssl_gmac(alg, cipher, key, iv, buffer, size, control_tag);
1130 if (!ocf_gmac(alg, buffer, size, key, key_len, iv, test_tag, &crid))
1132 if (memcmp(control_tag, test_tag, sizeof(control_tag)) != 0) {
1133 printf("%s (%zu) mismatch:\n", alg->name, size);
1134 printf("control:\n");
1135 hexdump(control_tag, sizeof(control_tag), NULL, 0);
1136 printf("test (cryptodev device %s):\n", crfind(crid));
1137 hexdump(test_tag, sizeof(test_tag), NULL, 0);
1142 printf("%s (%zu) matched (cryptodev device %s)\n",
1143 alg->name, size, crfind(crid));
1151 openssl_gcm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher,
1152 const char *key, const char *iv, const char *aad, size_t aad_len,
1153 const char *input, char *output, size_t size, char *tag)
1155 EVP_CIPHER_CTX *ctx;
1158 ctx = EVP_CIPHER_CTX_new();
1160 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1161 size, ERR_error_string(ERR_get_error(), NULL));
1162 if (EVP_EncryptInit_ex(ctx, cipher, NULL, (const u_char *)key,
1163 (const u_char *)iv) != 1)
1164 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1165 size, ERR_error_string(ERR_get_error(), NULL));
1166 EVP_CIPHER_CTX_set_padding(ctx, 0);
1168 if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)aad,
1170 errx(1, "OpenSSL %s (%zu) aad update failed: %s",
1172 ERR_error_string(ERR_get_error(), NULL));
1174 if (EVP_EncryptUpdate(ctx, (u_char *)output, &outl,
1175 (const u_char *)input, size) != 1)
1176 errx(1, "OpenSSL %s (%zu) encrypt update failed: %s", alg->name,
1177 size, ERR_error_string(ERR_get_error(), NULL));
1179 if (EVP_EncryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1)
1180 errx(1, "OpenSSL %s (%zu) encrypt final failed: %s", alg->name,
1181 size, ERR_error_string(ERR_get_error(), NULL));
1183 if ((size_t)total != size)
1184 errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name,
1186 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN,
1188 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1189 size, ERR_error_string(ERR_get_error(), NULL));
1190 EVP_CIPHER_CTX_free(ctx);
1195 openssl_gcm_decrypt(const struct alg *alg, const EVP_CIPHER *cipher,
1196 const char *key, const char *iv, const char *aad, size_t aad_len,
1197 const char *input, char *output, size_t size, char *tag)
1199 EVP_CIPHER_CTX *ctx;
1203 ctx = EVP_CIPHER_CTX_new();
1205 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1206 size, ERR_error_string(ERR_get_error(), NULL));
1207 if (EVP_DecryptInit_ex(ctx, cipher, NULL, (const u_char *)key,
1208 (const u_char *)iv) != 1)
1209 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1210 size, ERR_error_string(ERR_get_error(), NULL));
1211 EVP_CIPHER_CTX_set_padding(ctx, 0);
1213 if (EVP_DecryptUpdate(ctx, NULL, &outl, (const u_char *)aad,
1215 errx(1, "OpenSSL %s (%zu) aad update failed: %s",
1217 ERR_error_string(ERR_get_error(), NULL));
1219 if (EVP_DecryptUpdate(ctx, (u_char *)output, &outl,
1220 (const u_char *)input, size) != 1)
1221 errx(1, "OpenSSL %s (%zu) decrypt update failed: %s", alg->name,
1222 size, ERR_error_string(ERR_get_error(), NULL));
1224 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_GMAC_HASH_LEN,
1226 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1227 size, ERR_error_string(ERR_get_error(), NULL));
1228 valid = (EVP_DecryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1);
1231 errx(1, "OpenSSL %s (%zu) decrypt size mismatch: %d", alg->name,
1233 EVP_CIPHER_CTX_free(ctx);
1239 openssl_ccm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher,
1240 const char *key, const char *iv, size_t iv_len, const char *aad,
1241 size_t aad_len, const char *input, char *output, size_t size, char *tag)
1243 EVP_CIPHER_CTX *ctx;
1246 ctx = EVP_CIPHER_CTX_new();
1248 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1249 size, ERR_error_string(ERR_get_error(), NULL));
1250 if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1)
1251 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1252 size, ERR_error_string(ERR_get_error(), NULL));
1253 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_len, NULL) != 1)
1254 errx(1, "OpenSSL %s (%zu) setting iv length failed: %s", alg->name,
1255 size, ERR_error_string(ERR_get_error(), NULL));
1256 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1)
1257 errx(1, "OpenSSL %s (%zu) setting tag length failed: %s", alg->name,
1258 size, ERR_error_string(ERR_get_error(), NULL));
1259 if (EVP_EncryptInit_ex(ctx, NULL, NULL, (const u_char *)key,
1260 (const u_char *)iv) != 1)
1261 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1262 size, ERR_error_string(ERR_get_error(), NULL));
1263 if (EVP_EncryptUpdate(ctx, NULL, &outl, NULL, size) != 1)
1264 errx(1, "OpenSSL %s (%zu) unable to set data length: %s", alg->name,
1265 size, ERR_error_string(ERR_get_error(), NULL));
1268 if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)aad,
1270 errx(1, "OpenSSL %s (%zu) aad update failed: %s",
1272 ERR_error_string(ERR_get_error(), NULL));
1274 if (EVP_EncryptUpdate(ctx, (u_char *)output, &outl,
1275 (const u_char *)input, size) != 1)
1276 errx(1, "OpenSSL %s (%zu) encrypt update failed: %s", alg->name,
1277 size, ERR_error_string(ERR_get_error(), NULL));
1279 if (EVP_EncryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1)
1280 errx(1, "OpenSSL %s (%zu) encrypt final failed: %s", alg->name,
1281 size, ERR_error_string(ERR_get_error(), NULL));
1283 if ((size_t)total != size)
1284 errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name,
1286 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, AES_CBC_MAC_HASH_LEN,
1288 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1289 size, ERR_error_string(ERR_get_error(), NULL));
1290 EVP_CIPHER_CTX_free(ctx);
1294 ocf_init_aead_session(const struct alg *alg, const char *key, size_t key_len,
1295 struct ocf_session *ses)
1297 struct session2_op sop;
1300 sop.keylen = key_len;
1301 sop.key = __DECONST(char *, key);
1302 sop.cipher = alg->cipher;
1303 return (ocf_init_session(&sop, "AEAD", alg->name, ses));
1307 ocf_aead(const struct ocf_session *ses, const char *iv, size_t iv_len,
1308 const char *aad, size_t aad_len, const char *input, char *output,
1309 size_t size, char *tag, int op)
1311 struct crypt_aead caead;
1313 ocf_init_caead(ses, &caead);
1316 caead.aadlen = aad_len;
1317 caead.ivlen = iv_len;
1318 caead.src = __DECONST(char *, input);
1320 caead.aad = __DECONST(char *, aad);
1322 caead.iv = __DECONST(char *, iv);
1324 if (ioctl(ses->fd, CIOCCRYPTAEAD, &caead) < 0)
1329 #define AEAD_MAX_TAG_LEN MAX(AES_GMAC_HASH_LEN, AES_CBC_MAC_HASH_LEN)
1332 run_aead_test(const struct alg *alg, size_t aad_len, size_t size)
1334 struct ocf_session ses;
1335 const EVP_CIPHER *cipher;
1336 char *aad, *buffer, *cleartext, *ciphertext;
1338 u_int iv_len, key_len;
1340 char control_tag[AEAD_MAX_TAG_LEN], test_tag[AEAD_MAX_TAG_LEN];
1342 cipher = alg->evp_cipher();
1343 if (size % EVP_CIPHER_block_size(cipher) != 0) {
1346 "%s (%zu, %zu): invalid buffer size (block size %d)\n",
1347 alg->name, aad_len, size,
1348 EVP_CIPHER_block_size(cipher));
1352 memset(control_tag, 0x3c, sizeof(control_tag));
1353 memset(test_tag, 0x3c, sizeof(test_tag));
1355 key_len = EVP_CIPHER_key_length(cipher);
1356 iv_len = EVP_CIPHER_iv_length(cipher);
1359 * AES-CCM can have varying IV lengths; however, for the moment
1360 * we only support AES_CCM_IV_LEN (12). So if the sizes are
1361 * different, we'll fail.
1363 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE &&
1364 iv_len != AES_CCM_IV_LEN) {
1366 printf("OpenSSL CCM IV length (%d) != AES_CCM_IV_LEN",
1371 key = alloc_buffer(key_len);
1372 iv = generate_iv(iv_len, alg);
1373 cleartext = alloc_buffer(size);
1374 buffer = malloc(size);
1375 ciphertext = malloc(size);
1377 aad = alloc_buffer(aad_len);
1381 /* OpenSSL encrypt */
1382 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE)
1383 openssl_ccm_encrypt(alg, cipher, key, iv, iv_len, aad,
1384 aad_len, cleartext, ciphertext, size, control_tag);
1386 openssl_gcm_encrypt(alg, cipher, key, iv, aad, aad_len,
1387 cleartext, ciphertext, size, control_tag);
1389 if (!ocf_init_aead_session(alg, key, key_len, &ses))
1393 error = ocf_aead(&ses, iv, iv_len, aad, aad_len, cleartext, buffer,
1394 size, test_tag, COP_ENCRYPT);
1396 warnc(error, "cryptodev %s (%zu, %zu) failed for device %s",
1397 alg->name, aad_len, size, crfind(ses.crid));
1400 if (memcmp(ciphertext, buffer, size) != 0) {
1401 printf("%s (%zu, %zu) encryption mismatch:\n", alg->name,
1403 printf("control:\n");
1404 hexdump(ciphertext, size, NULL, 0);
1405 printf("test (cryptodev device %s):\n", crfind(ses.crid));
1406 hexdump(buffer, size, NULL, 0);
1409 if (memcmp(control_tag, test_tag, sizeof(control_tag)) != 0) {
1410 printf("%s (%zu, %zu) enc tag mismatch:\n", alg->name, aad_len,
1412 printf("control:\n");
1413 hexdump(control_tag, sizeof(control_tag), NULL, 0);
1414 printf("test (cryptodev device %s):\n", crfind(ses.crid));
1415 hexdump(test_tag, sizeof(test_tag), NULL, 0);
1420 error = ocf_aead(&ses, iv, iv_len, aad, aad_len, ciphertext,
1421 buffer, size, control_tag, COP_DECRYPT);
1423 warnc(error, "cryptodev %s (%zu, %zu) failed for device %s",
1424 alg->name, aad_len, size, crfind(ses.crid));
1427 if (memcmp(cleartext, buffer, size) != 0) {
1428 printf("%s (%zu, %zu) decryption mismatch:\n", alg->name,
1430 printf("control:\n");
1431 hexdump(cleartext, size, NULL, 0);
1432 printf("test (cryptodev device %s):\n", crfind(ses.crid));
1433 hexdump(buffer, size, NULL, 0);
1437 /* Verify OCF decrypt fails with busted tag. */
1439 error = ocf_aead(&ses, iv, iv_len, aad, aad_len, ciphertext,
1440 buffer, size, test_tag, COP_DECRYPT);
1441 if (error != EBADMSG) {
1444 "cryptodev %s (%zu, %zu) corrupt tag failed for device %s",
1445 alg->name, aad_len, size, crfind(ses.crid));
1448 "cryptodev %s (%zu, %zu) corrupt tag didn't fail for device %s",
1449 alg->name, aad_len, size, crfind(ses.crid));
1454 printf("%s (%zu, %zu) matched (cryptodev device %s)\n",
1455 alg->name, aad_len, size, crfind(ses.crid));
1458 ocf_destroy_session(&ses);
1468 run_test(const struct alg *alg, size_t aad_len, size_t size)
1471 switch (alg->type) {
1473 run_hash_test(alg, size);
1476 run_hmac_test(alg, size);
1479 run_gmac_test(alg, size);
1482 run_cipher_test(alg, size);
1485 run_eta_test(alg, aad_len, size);
1488 run_aead_test(alg, aad_len, size);
1494 run_test_sizes(const struct alg *alg)
1498 switch (alg->type) {
1500 for (i = 0; i < nsizes; i++)
1501 run_test(alg, 0, sizes[i]);
1505 for (i = 0; i < naad_sizes; i++)
1506 for (j = 0; j < nsizes; j++)
1507 run_test(alg, aad_sizes[i], sizes[j]);
1513 run_hash_tests(void)
1517 for (i = 0; i < nitems(algs); i++)
1518 if (algs[i].type == T_HASH)
1519 run_test_sizes(&algs[i]);
1527 for (i = 0; i < nitems(algs); i++)
1528 if (algs[i].type == T_HMAC || algs[i].type == T_GMAC)
1529 run_test_sizes(&algs[i]);
1533 run_cipher_tests(void)
1537 for (i = 0; i < nitems(algs); i++)
1538 if (algs[i].type == T_CIPHER)
1539 run_test_sizes(&algs[i]);
1545 const struct alg *cipher, *mac;
1549 for (i = 0; i < nitems(algs); i++) {
1551 if (cipher->type != T_CIPHER)
1553 for (j = 0; j < nitems(algs); j++) {
1555 if (mac->type != T_HMAC)
1557 eta = build_eta(cipher, mac);
1558 run_test_sizes(eta);
1565 run_aead_tests(void)
1569 for (i = 0; i < nitems(algs); i++)
1570 if (algs[i].type == T_AEAD)
1571 run_test_sizes(&algs[i]);
1575 main(int ac, char **av)
1577 const char *algname;
1578 const struct alg *alg;
1587 requested_crid = CRYPTO_FLAG_HARDWARE;
1590 while ((ch = getopt(ac, av, "A:a:d:vz")) != -1)
1593 if (naad_sizes >= nitems(aad_sizes)) {
1594 warnx("Too many AAD sizes, ignoring extras");
1597 aad_sizes[naad_sizes] = strtol(optarg, &cp, 0);
1599 errx(1, "Bad AAD size %s", optarg);
1606 requested_crid = crlookup(optarg);
1621 if (nsizes >= nitems(sizes)) {
1622 warnx("Too many sizes, ignoring extras");
1625 sizes[nsizes] = strtol(av[0], &cp, 0);
1627 errx(1, "Bad size %s", av[0]);
1633 if (algname == NULL)
1634 errx(1, "Algorithm required");
1636 if (naad_sizes == 0) {
1638 for (i = 0; i <= 32; i++) {
1639 aad_sizes[naad_sizes] = i;
1644 while (base_size * 2 < 512) {
1646 assert(naad_sizes < nitems(aad_sizes));
1647 aad_sizes[naad_sizes] = base_size;
1658 for (i = 1; i <= 32; i++) {
1664 while (base_size * 2 < 240 * 1024) {
1666 assert(nsizes < nitems(sizes));
1667 sizes[nsizes] = base_size;
1671 if (sizes[nsizes - 1] < 240 * 1024) {
1672 assert(nsizes < nitems(sizes));
1673 sizes[nsizes] = 240 * 1024;
1682 if (strcasecmp(algname, "hash") == 0)
1684 else if (strcasecmp(algname, "mac") == 0)
1686 else if (strcasecmp(algname, "cipher") == 0)
1688 else if (strcasecmp(algname, "eta") == 0)
1690 else if (strcasecmp(algname, "aead") == 0)
1692 else if (strcasecmp(algname, "all") == 0) {
1698 } else if (strchr(algname, '+') != NULL) {
1699 eta = build_eta_name(algname);
1700 run_test_sizes(eta);
1703 alg = find_alg(algname);
1705 errx(1, "Invalid algorithm %s", algname);
1706 run_test_sizes(alg);