2 * Copyright (c) 2017 Chelsio Communications, Inc.
4 * Written by: John Baldwin <jhb@FreeBSD.org>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * Copyright (c) 2004 Sam Leffler, Errno Consulting
29 * All rights reserved.
31 * Redistribution and use in source and binary forms, with or without
32 * modification, are permitted provided that the following conditions
34 * 1. Redistributions of source code must retain the above copyright
35 * notice, this list of conditions and the following disclaimer,
36 * without modification.
37 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
38 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
39 * redistribution must be conditioned upon including a substantially
40 * similar Disclaimer requirement for further binary redistribution.
41 * 3. Neither the names of the above-listed copyright holders nor the names
42 * of any contributors may be used to endorse or promote products derived
43 * from this software without specific prior written permission.
46 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
47 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
48 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
49 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
50 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
51 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
52 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
53 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
54 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
55 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
56 * THE POSSIBILITY OF SUCH DAMAGES.
62 * A different tool for checking hardware crypto support. Whereas
63 * cryptotest is focused on simple performance numbers, this tool is
64 * focused on correctness. For each crypto operation, it performs the
65 * operation once in software via OpenSSL and a second time via
66 * OpenCrypto and compares the results.
68 * cryptocheck [-vz] [-A aad length] [-a algorithm] [-d dev] [size ...]
72 * -z Run all algorithms on a variety of buffer sizes.
74 * Supported algorithms:
76 * hash Run all hash tests
77 * mac Run all mac tests
78 * cipher Run all cipher tests
79 * eta Run all encrypt-then-authenticate tests
80 * aead Run all authenticated encryption with associated data
85 * sha224 224-bit SHA-2
86 * sha256 256-bit SHA-2
87 * sha384 384-bit SHA-2
88 * sha512 512-bit SHA-2
94 * sha224hmac 224-bit SHA-2 HMAC
95 * sha256hmac 256-bit SHA-2 HMAC
96 * sha384hmac 384-bit SHA-2 HMAC
97 * sha512hmac 512-bit SHA-2 HMAC
99 * gmac192 192-bit GMAC
100 * gmac256 256-bit GMAC
103 * aes-cbc 128-bit AES-CBC
104 * aes-cbc192 192-bit AES-CBC
105 * aes-cbc256 256-bit AES-CBC
106 * aes-ctr 128-bit AES-CTR
107 * aes-ctr192 192-bit AES-CTR
108 * aes-ctr256 256-bit AES-CTR
109 * aes-xts 128-bit AES-XTS
110 * aes-xts256 256-bit AES-XTS
113 * Encrypt then Authenticate:
116 * Authenticated Encryption with Associated Data:
117 * aes-gcm 128-bit AES-GCM
118 * aes-gcm192 192-bit AES-GCM
119 * aes-gcm256 256-bit AES-GCM
120 * aes-ccm 128-bit AES-CCM
121 * aes-ccm192 192-bit AES-CCM
122 * aes-ccm256 256-bit AES-CCM
125 #include <sys/param.h>
126 #include <sys/sysctl.h>
136 #include <openssl/err.h>
137 #include <openssl/hmac.h>
139 #include <crypto/cryptodev.h>
151 enum { T_HASH, T_HMAC, T_GMAC, T_CIPHER, T_ETA, T_AEAD } type;
152 const EVP_CIPHER *(*evp_cipher)(void);
153 const EVP_MD *(*evp_md)(void);
155 { .name = "sha1", .mac = CRYPTO_SHA1, .type = T_HASH,
156 .evp_md = EVP_sha1 },
157 { .name = "sha224", .mac = CRYPTO_SHA2_224, .type = T_HASH,
158 .evp_md = EVP_sha224 },
159 { .name = "sha256", .mac = CRYPTO_SHA2_256, .type = T_HASH,
160 .evp_md = EVP_sha256 },
161 { .name = "sha384", .mac = CRYPTO_SHA2_384, .type = T_HASH,
162 .evp_md = EVP_sha384 },
163 { .name = "sha512", .mac = CRYPTO_SHA2_512, .type = T_HASH,
164 .evp_md = EVP_sha512 },
165 { .name = "sha1hmac", .mac = CRYPTO_SHA1_HMAC, .type = T_HMAC,
166 .evp_md = EVP_sha1 },
167 { .name = "sha224hmac", .mac = CRYPTO_SHA2_224_HMAC, .type = T_HMAC,
168 .evp_md = EVP_sha224 },
169 { .name = "sha256hmac", .mac = CRYPTO_SHA2_256_HMAC, .type = T_HMAC,
170 .evp_md = EVP_sha256 },
171 { .name = "sha384hmac", .mac = CRYPTO_SHA2_384_HMAC, .type = T_HMAC,
172 .evp_md = EVP_sha384 },
173 { .name = "sha512hmac", .mac = CRYPTO_SHA2_512_HMAC, .type = T_HMAC,
174 .evp_md = EVP_sha512 },
175 { .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HASH,
176 .evp_md = EVP_blake2b512 },
177 { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH,
178 .evp_md = EVP_blake2s256 },
179 { .name = "gmac", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
180 .evp_cipher = EVP_aes_128_gcm },
181 { .name = "gmac192", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
182 .evp_cipher = EVP_aes_192_gcm },
183 { .name = "gmac256", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
184 .evp_cipher = EVP_aes_256_gcm },
185 { .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
186 .evp_cipher = EVP_aes_128_cbc },
187 { .name = "aes-cbc192", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
188 .evp_cipher = EVP_aes_192_cbc },
189 { .name = "aes-cbc256", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
190 .evp_cipher = EVP_aes_256_cbc },
191 { .name = "aes-ctr", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
192 .evp_cipher = EVP_aes_128_ctr },
193 { .name = "aes-ctr192", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
194 .evp_cipher = EVP_aes_192_ctr },
195 { .name = "aes-ctr256", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
196 .evp_cipher = EVP_aes_256_ctr },
197 { .name = "aes-xts", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER,
198 .evp_cipher = EVP_aes_128_xts },
199 { .name = "aes-xts256", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER,
200 .evp_cipher = EVP_aes_256_xts },
201 { .name = "chacha20", .cipher = CRYPTO_CHACHA20, .type = T_CIPHER,
202 .evp_cipher = EVP_chacha20 },
203 { .name = "aes-gcm", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD,
204 .evp_cipher = EVP_aes_128_gcm },
205 { .name = "aes-gcm192", .cipher = CRYPTO_AES_NIST_GCM_16,
206 .type = T_AEAD, .evp_cipher = EVP_aes_192_gcm },
207 { .name = "aes-gcm256", .cipher = CRYPTO_AES_NIST_GCM_16,
208 .type = T_AEAD, .evp_cipher = EVP_aes_256_gcm },
209 { .name = "aes-ccm", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
210 .evp_cipher = EVP_aes_128_ccm },
211 { .name = "aes-ccm192", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
212 .evp_cipher = EVP_aes_192_ccm },
213 { .name = "aes-ccm256", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
214 .evp_cipher = EVP_aes_256_ccm },
219 static size_t aad_sizes[48], sizes[128];
220 static u_int naad_sizes, nsizes;
226 "usage: cryptocheck [-z] [-a algorithm] [-d dev] [size ...]\n");
230 static const struct alg *
231 find_alg(const char *name)
235 for (i = 0; i < nitems(algs); i++)
236 if (strcasecmp(algs[i].name, name) == 0)
242 build_eta(const struct alg *cipher, const struct alg *mac)
247 assert(cipher->type == T_CIPHER);
248 assert(mac->type == T_HMAC);
249 eta = calloc(1, sizeof(*eta));
250 asprintf(&name, "%s+%s", cipher->name, mac->name);
252 eta->cipher = cipher->cipher;
255 eta->evp_cipher = cipher->evp_cipher;
256 eta->evp_md = mac->evp_md;
261 free_eta(struct alg *eta)
263 free(__DECONST(char *, eta->name));
268 build_eta_name(const char *name)
270 const struct alg *cipher, *mac;
271 const char *mac_name;
272 char *cp, *cipher_name;
274 cp = strchr(name, '+');
275 cipher_name = strndup(name, cp - name);
277 cipher = find_alg(cipher_name);
279 if (cipher == NULL || cipher->type != T_CIPHER)
280 errx(1, "Invalid cipher %s", cipher_name);
281 mac = find_alg(mac_name);
282 if (mac == NULL || mac->type != T_HMAC)
283 errx(1, "Invalid hmac %s", mac_name);
284 return (build_eta(cipher, mac));
293 fd = open("/dev/crypto", O_RDWR | O_CLOEXEC, 0);
295 err(1, "/dev/crypto");
301 * Called on exit to change kern.cryptodevallowsoft back to 0
303 #define CRYPT_SOFT_ALLOW "kern.cryptodevallowsoft"
306 reset_user_soft(void)
309 sysctlbyname(CRYPT_SOFT_ALLOW, NULL, NULL, &off, sizeof(off));
313 enable_user_soft(void)
317 size_t cursize = sizeof(curstate);
319 if (sysctlbyname(CRYPT_SOFT_ALLOW, &curstate, &cursize,
320 &on, sizeof(on)) == 0) {
322 atexit(reset_user_soft);
327 crlookup(const char *devname)
329 struct crypt_find_op find;
331 if (strncmp(devname, "soft", 4) == 0) {
333 return CRYPTO_FLAG_SOFTWARE;
337 strlcpy(find.name, devname, sizeof(find.name));
338 if (ioctl(devcrypto(), CIOCFINDDEV, &find) == -1)
339 err(1, "ioctl(CIOCFINDDEV)");
346 static struct crypt_find_op find;
348 if (crid == CRYPTO_FLAG_SOFTWARE)
350 else if (crid == CRYPTO_FLAG_HARDWARE)
353 bzero(&find, sizeof(find));
355 if (ioctl(devcrypto(), CRIOFINDDEV, &find) == -1)
356 err(1, "ioctl(CIOCFINDDEV): crid %d", crid);
365 if (ioctl(devcrypto(), CRIOGET, &fd) == -1)
366 err(1, "ioctl(CRIOGET)");
367 if (fcntl(fd, F_SETFD, 1) == -1)
368 err(1, "fcntl(F_SETFD) (crget)");
376 0x10,0x54,0x11,0x48,0x45,0x12,0x4f,0x13,0x49,0x53,0x14,0x41,
377 0x15,0x16,0x4e,0x55,0x54,0x17,0x18,0x4a,0x4f,0x42,0x19,0x01
379 return 0x20+a[random()%nitems(a)];
383 alloc_buffer(size_t len)
389 for (i = 0; i < len; i++)
395 generate_iv(size_t len, const struct alg *alg)
399 iv = alloc_buffer(len);
400 switch (alg->cipher) {
402 /* Clear the low 32 bits of the IV to hold the counter. */
410 * Clear the low 64-bits to only store a 64-bit block
427 ocf_init_sop(struct session2_op *sop)
429 memset(sop, 0, sizeof(*sop));
434 ocf_init_session(struct session2_op *sop, const char *type, const char *name,
435 struct ocf_session *ses)
440 if (ioctl(fd, CIOCGSESSION2, sop) < 0) {
441 warn("cryptodev %s %s not supported for device %s",
442 type, name, crfind(crid));
449 ses->crid = sop->crid;
454 ocf_destroy_session(struct ocf_session *ses)
459 if (ioctl(ses->fd, CIOCFSESSION, &ses->ses) < 0)
460 warn("ioctl(CIOCFSESSION)");
466 ocf_init_cop(const struct ocf_session *ses, struct crypt_op *cop)
468 memset(cop, 0, sizeof(*cop));
473 ocf_init_caead(const struct ocf_session *ses, struct crypt_aead *caead)
475 memset(caead, 0, sizeof(*caead));
476 caead->ses = ses->ses;
480 ocf_hash(const struct alg *alg, const char *buffer, size_t size, char *digest,
483 struct ocf_session ses;
484 struct session2_op sop;
490 if (!ocf_init_session(&sop, "HASH", alg->name, &ses))
493 ocf_init_cop(&ses, &cop);
496 cop.src = (char *)buffer;
499 if (ioctl(ses.fd, CIOCCRYPT, &cop) < 0) {
500 warn("cryptodev %s (%zu) HASH failed for device %s", alg->name,
502 ocf_destroy_session(&ses);
507 ocf_destroy_session(&ses);
512 openssl_hash(const struct alg *alg, const EVP_MD *md, const void *buffer,
513 size_t size, void *digest_out, unsigned *digest_sz_out)
521 mdctx = EVP_MD_CTX_create();
525 rc = EVP_DigestInit_ex(mdctx, md, NULL);
529 rc = EVP_DigestUpdate(mdctx, buffer, size);
533 rc = EVP_DigestFinal_ex(mdctx, digest_out, digest_sz_out);
537 EVP_MD_CTX_destroy(mdctx);
541 errx(1, "OpenSSL %s HASH failed%s: %s", alg->name, errs,
542 ERR_error_string(ERR_get_error(), NULL));
546 run_hash_test(const struct alg *alg, size_t size)
552 char control_digest[EVP_MAX_MD_SIZE], test_digest[EVP_MAX_MD_SIZE];
554 memset(control_digest, 0x3c, sizeof(control_digest));
555 memset(test_digest, 0x3c, sizeof(test_digest));
558 assert(EVP_MD_size(md) <= sizeof(control_digest));
560 buffer = alloc_buffer(size);
563 digest_len = sizeof(control_digest);
564 openssl_hash(alg, md, buffer, size, control_digest, &digest_len);
566 /* cryptodev HASH. */
567 if (!ocf_hash(alg, buffer, size, test_digest, &crid))
569 if (memcmp(control_digest, test_digest, sizeof(control_digest)) != 0) {
570 if (memcmp(control_digest, test_digest, EVP_MD_size(md)) == 0)
571 printf("%s (%zu) mismatch in trailer:\n",
574 printf("%s (%zu) mismatch:\n", alg->name, size);
575 printf("control:\n");
576 hexdump(control_digest, sizeof(control_digest), NULL, 0);
577 printf("test (cryptodev device %s):\n", crfind(crid));
578 hexdump(test_digest, sizeof(test_digest), NULL, 0);
583 printf("%s (%zu) matched (cryptodev device %s)\n",
584 alg->name, size, crfind(crid));
591 ocf_hmac(const struct alg *alg, const char *buffer, size_t size,
592 const char *key, size_t key_len, char *digest, int *cridp)
594 struct ocf_session ses;
595 struct session2_op sop;
599 sop.mackeylen = key_len;
600 sop.mackey = (char *)key;
602 if (!ocf_init_session(&sop, "HMAC", alg->name, &ses))
605 ocf_init_cop(&ses, &cop);
608 cop.src = (char *)buffer;
611 if (ioctl(ses.fd, CIOCCRYPT, &cop) < 0) {
612 warn("cryptodev %s (%zu) HMAC failed for device %s", alg->name,
614 ocf_destroy_session(&ses);
619 ocf_destroy_session(&ses);
624 run_hmac_test(const struct alg *alg, size_t size)
628 u_int key_len, digest_len;
630 char control_digest[EVP_MAX_MD_SIZE], test_digest[EVP_MAX_MD_SIZE];
632 memset(control_digest, 0x3c, sizeof(control_digest));
633 memset(test_digest, 0x3c, sizeof(test_digest));
636 key_len = EVP_MD_size(md);
637 assert(EVP_MD_size(md) <= sizeof(control_digest));
639 key = alloc_buffer(key_len);
640 buffer = alloc_buffer(size);
643 digest_len = sizeof(control_digest);
644 if (HMAC(md, key, key_len, (u_char *)buffer, size,
645 (u_char *)control_digest, &digest_len) == NULL)
646 errx(1, "OpenSSL %s (%zu) HMAC failed: %s", alg->name,
647 size, ERR_error_string(ERR_get_error(), NULL));
649 /* cryptodev HMAC. */
650 if (!ocf_hmac(alg, buffer, size, key, key_len, test_digest, &crid))
652 if (memcmp(control_digest, test_digest, sizeof(control_digest)) != 0) {
653 if (memcmp(control_digest, test_digest, EVP_MD_size(md)) == 0)
654 printf("%s (%zu) mismatch in trailer:\n",
657 printf("%s (%zu) mismatch:\n", alg->name, size);
658 printf("control:\n");
659 hexdump(control_digest, sizeof(control_digest), NULL, 0);
660 printf("test (cryptodev device %s):\n", crfind(crid));
661 hexdump(test_digest, sizeof(test_digest), NULL, 0);
666 printf("%s (%zu) matched (cryptodev device %s)\n",
667 alg->name, size, crfind(crid));
675 openssl_cipher(const struct alg *alg, const EVP_CIPHER *cipher, const char *key,
676 const char *iv, const char *input, char *output, size_t size, int enc)
681 ctx = EVP_CIPHER_CTX_new();
683 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
684 size, ERR_error_string(ERR_get_error(), NULL));
685 if (EVP_CipherInit_ex(ctx, cipher, NULL, (const u_char *)key,
686 (const u_char *)iv, enc) != 1)
687 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
688 size, ERR_error_string(ERR_get_error(), NULL));
689 EVP_CIPHER_CTX_set_padding(ctx, 0);
690 if (EVP_CipherUpdate(ctx, (u_char *)output, &outl,
691 (const u_char *)input, size) != 1)
692 errx(1, "OpenSSL %s (%zu) cipher update failed: %s", alg->name,
693 size, ERR_error_string(ERR_get_error(), NULL));
695 if (EVP_CipherFinal_ex(ctx, (u_char *)output + outl, &outl) != 1)
696 errx(1, "OpenSSL %s (%zu) cipher final failed: %s", alg->name,
697 size, ERR_error_string(ERR_get_error(), NULL));
700 errx(1, "OpenSSL %s (%zu) cipher size mismatch: %d", alg->name,
702 EVP_CIPHER_CTX_free(ctx);
706 ocf_init_cipher_session(const struct alg *alg, const char *key, size_t key_len,
707 struct ocf_session *ses)
709 struct session2_op sop;
712 sop.keylen = key_len;
713 sop.key = (char *)key;
714 sop.cipher = alg->cipher;
715 return (ocf_init_session(&sop, "cipher", alg->name, ses));
719 ocf_cipher(const struct ocf_session *ses, const struct alg *alg, const char *iv,
720 const char *input, char *output, size_t size, int op)
724 ocf_init_cop(ses, &cop);
727 cop.src = (char *)input;
731 if (ioctl(ses->fd, CIOCCRYPT, &cop) < 0) {
732 warn("cryptodev %s (%zu) cipher failed for device %s",
733 alg->name, size, crfind(crid));
741 run_cipher_test(const struct alg *alg, size_t size)
743 struct ocf_session ses;
744 const EVP_CIPHER *cipher;
745 char *buffer, *cleartext, *ciphertext;
747 u_int iv_len, key_len;
749 cipher = alg->evp_cipher();
750 if (size % EVP_CIPHER_block_size(cipher) != 0) {
753 "%s (%zu): invalid buffer size (block size %d)\n",
754 alg->name, size, EVP_CIPHER_block_size(cipher));
759 * XTS requires at least one full block so that any partial
760 * block at the end has cipher text to steal. Hardcoding the
761 * AES block size isn't ideal, but OpenSSL doesn't have a
762 * notion of a "native" block size.
764 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE &&
765 size < AES_BLOCK_LEN) {
767 printf("%s (%zu): invalid buffer size\n", alg->name,
772 key_len = EVP_CIPHER_key_length(cipher);
773 iv_len = EVP_CIPHER_iv_length(cipher);
775 key = alloc_buffer(key_len);
776 iv = generate_iv(iv_len, alg);
777 cleartext = alloc_buffer(size);
778 buffer = malloc(size);
779 ciphertext = malloc(size);
781 /* OpenSSL cipher. */
782 openssl_cipher(alg, cipher, key, iv, cleartext, ciphertext, size, 1);
783 if (size > 0 && memcmp(cleartext, ciphertext, size) == 0)
784 warnx("OpenSSL %s (%zu): cipher text unchanged", alg->name,
786 openssl_cipher(alg, cipher, key, iv, ciphertext, buffer, size, 0);
787 if (memcmp(cleartext, buffer, size) != 0) {
788 printf("OpenSSL %s (%zu): cipher mismatch:", alg->name, size);
789 printf("original:\n");
790 hexdump(cleartext, size, NULL, 0);
791 printf("decrypted:\n");
792 hexdump(buffer, size, NULL, 0);
796 if (!ocf_init_cipher_session(alg, key, key_len, &ses))
800 if (!ocf_cipher(&ses, alg, iv, cleartext, buffer, size, COP_ENCRYPT))
802 if (memcmp(ciphertext, buffer, size) != 0) {
803 printf("%s (%zu) encryption mismatch:\n", alg->name, size);
804 printf("control:\n");
805 hexdump(ciphertext, size, NULL, 0);
806 printf("test (cryptodev device %s):\n", crfind(ses.crid));
807 hexdump(buffer, size, NULL, 0);
812 if (!ocf_cipher(&ses, alg, iv, ciphertext, buffer, size, COP_DECRYPT))
814 if (memcmp(cleartext, buffer, size) != 0) {
815 printf("%s (%zu) decryption mismatch:\n", alg->name, size);
816 printf("control:\n");
817 hexdump(cleartext, size, NULL, 0);
818 printf("test (cryptodev device %s):\n", crfind(ses.crid));
819 hexdump(buffer, size, NULL, 0);
824 printf("%s (%zu) matched (cryptodev device %s)\n",
825 alg->name, size, crfind(ses.crid));
828 ocf_destroy_session(&ses);
837 ocf_init_eta_session(const struct alg *alg, const char *cipher_key,
838 size_t cipher_key_len, const char *auth_key, size_t auth_key_len,
839 struct ocf_session *ses)
841 struct session2_op sop;
844 sop.keylen = cipher_key_len;
845 sop.key = (char *)cipher_key;
846 sop.cipher = alg->cipher;
847 sop.mackeylen = auth_key_len;
848 sop.mackey = (char *)auth_key;
850 return (ocf_init_session(&sop, "ETA", alg->name, ses));
854 ocf_eta(const struct ocf_session *ses, const struct alg *alg, const char *iv,
855 size_t iv_len, const char *aad, size_t aad_len, const char *input,
856 char *output, size_t size, char *digest, int op)
861 struct crypt_aead caead;
863 ocf_init_caead(ses, &caead);
866 caead.aadlen = aad_len;
867 caead.ivlen = iv_len;
868 caead.src = (char *)input;
870 caead.aad = (char *)aad;
872 caead.iv = (char *)iv;
874 ret = ioctl(ses->fd, CIOCCRYPTAEAD, &caead);
878 ocf_init_cop(ses, &cop);
881 cop.src = (char *)input;
886 ret = ioctl(ses->fd, CIOCCRYPT, &cop);
895 run_eta_test(const struct alg *alg, size_t aad_len, size_t size)
897 struct ocf_session ses;
898 const EVP_CIPHER *cipher;
900 char *aad, *buffer, *cleartext, *ciphertext;
901 char *iv, *auth_key, *cipher_key;
902 u_int iv_len, auth_key_len, cipher_key_len, digest_len;
904 char control_digest[EVP_MAX_MD_SIZE], test_digest[EVP_MAX_MD_SIZE];
906 cipher = alg->evp_cipher();
907 if (size % EVP_CIPHER_block_size(cipher) != 0) {
910 "%s (%zu, %zu): invalid buffer size (block size %d)\n",
911 alg->name, aad_len, size,
912 EVP_CIPHER_block_size(cipher));
916 /* See comment in run_cipher_test. */
917 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE &&
918 size < AES_BLOCK_LEN) {
920 printf("%s (%zu): invalid buffer size\n", alg->name,
925 memset(control_digest, 0x3c, sizeof(control_digest));
926 memset(test_digest, 0x3c, sizeof(test_digest));
930 cipher_key_len = EVP_CIPHER_key_length(cipher);
931 iv_len = EVP_CIPHER_iv_length(cipher);
932 auth_key_len = EVP_MD_size(md);
934 cipher_key = alloc_buffer(cipher_key_len);
935 iv = generate_iv(iv_len, alg);
936 auth_key = alloc_buffer(auth_key_len);
937 cleartext = alloc_buffer(aad_len + size);
938 buffer = malloc(aad_len + size);
939 ciphertext = malloc(aad_len + size);
941 /* OpenSSL encrypt + HMAC. */
943 memcpy(ciphertext, cleartext, aad_len);
944 openssl_cipher(alg, cipher, cipher_key, iv, cleartext + aad_len,
945 ciphertext + aad_len, size, 1);
946 if (size > 0 && memcmp(cleartext + aad_len, ciphertext + aad_len,
948 warnx("OpenSSL %s (%zu, %zu): cipher text unchanged",
949 alg->name, aad_len, size);
950 digest_len = sizeof(control_digest);
951 if (HMAC(md, auth_key, auth_key_len, (u_char *)ciphertext,
952 aad_len + size, (u_char *)control_digest, &digest_len) == NULL)
953 errx(1, "OpenSSL %s (%zu, %zu) HMAC failed: %s", alg->name,
954 aad_len, size, ERR_error_string(ERR_get_error(), NULL));
956 if (!ocf_init_eta_session(alg, cipher_key, cipher_key_len, auth_key,
960 /* OCF encrypt + HMAC. */
961 error = ocf_eta(&ses, alg, iv, iv_len,
962 aad_len != 0 ? cleartext : NULL, aad_len, cleartext + aad_len,
963 buffer + aad_len, size, test_digest, COP_ENCRYPT);
965 warnc(error, "cryptodev %s (%zu, %zu) ETA failed for device %s",
966 alg->name, aad_len, size, crfind(ses.crid));
969 if (memcmp(ciphertext + aad_len, buffer + aad_len, size) != 0) {
970 printf("%s (%zu, %zu) encryption mismatch:\n", alg->name,
972 printf("control:\n");
973 hexdump(ciphertext + aad_len, size, NULL, 0);
974 printf("test (cryptodev device %s):\n", crfind(ses.crid));
975 hexdump(buffer + aad_len, size, NULL, 0);
978 if (memcmp(control_digest, test_digest, sizeof(control_digest)) != 0) {
979 if (memcmp(control_digest, test_digest, EVP_MD_size(md)) == 0)
980 printf("%s (%zu, %zu) enc hash mismatch in trailer:\n",
981 alg->name, aad_len, size);
983 printf("%s (%zu, %zu) enc hash mismatch:\n", alg->name,
985 printf("control:\n");
986 hexdump(control_digest, sizeof(control_digest), NULL, 0);
987 printf("test (cryptodev device %s):\n", crfind(ses.crid));
988 hexdump(test_digest, sizeof(test_digest), NULL, 0);
992 /* OCF HMAC + decrypt. */
993 error = ocf_eta(&ses, alg, iv, iv_len,
994 aad_len != 0 ? ciphertext : NULL, aad_len, ciphertext + aad_len,
995 buffer + aad_len, size, test_digest, COP_DECRYPT);
997 warnc(error, "cryptodev %s (%zu, %zu) ETA failed for device %s",
998 alg->name, aad_len, size, crfind(ses.crid));
1001 if (memcmp(cleartext + aad_len, buffer + aad_len, size) != 0) {
1002 printf("%s (%zu, %zu) decryption mismatch:\n", alg->name,
1004 printf("control:\n");
1005 hexdump(cleartext, size, NULL, 0);
1006 printf("test (cryptodev device %s):\n", crfind(ses.crid));
1007 hexdump(buffer, size, NULL, 0);
1011 /* Verify OCF HMAC + decrypt fails with busted MAC. */
1012 test_digest[0] ^= 0x1;
1013 error = ocf_eta(&ses, alg, iv, iv_len,
1014 aad_len != 0 ? ciphertext : NULL, aad_len, ciphertext + aad_len,
1015 buffer + aad_len, size, test_digest, COP_DECRYPT);
1016 if (error != EBADMSG) {
1019 "cryptodev %s (%zu, %zu) corrupt tag failed for device %s",
1020 alg->name, aad_len, size, crfind(ses.crid));
1023 "cryptodev %s (%zu, %zu) corrupt tag didn't fail for device %s",
1024 alg->name, aad_len, size, crfind(ses.crid));
1029 printf("%s (%zu, %zu) matched (cryptodev device %s)\n",
1030 alg->name, aad_len, size, crfind(ses.crid));
1033 ocf_destroy_session(&ses);
1043 openssl_gmac(const struct alg *alg, const EVP_CIPHER *cipher, const char *key,
1044 const char *iv, const char *input, size_t size, char *tag)
1046 EVP_CIPHER_CTX *ctx;
1049 ctx = EVP_CIPHER_CTX_new();
1051 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1052 size, ERR_error_string(ERR_get_error(), NULL));
1053 if (EVP_EncryptInit_ex(ctx, cipher, NULL, (const u_char *)key,
1054 (const u_char *)iv) != 1)
1055 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1056 size, ERR_error_string(ERR_get_error(), NULL));
1057 EVP_CIPHER_CTX_set_padding(ctx, 0);
1058 if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)input,
1060 errx(1, "OpenSSL %s (%zu) update failed: %s",
1061 alg->name, size, ERR_error_string(ERR_get_error(), NULL));
1062 if (EVP_EncryptFinal_ex(ctx, NULL, &outl) != 1)
1063 errx(1, "OpenSSL %s (%zu) final failed: %s", alg->name,
1064 size, ERR_error_string(ERR_get_error(), NULL));
1065 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN,
1067 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1068 size, ERR_error_string(ERR_get_error(), NULL));
1069 EVP_CIPHER_CTX_free(ctx);
1073 ocf_gmac(const struct alg *alg, const char *input, size_t size, const char *key,
1074 size_t key_len, const char *iv, char *tag, int *cridp)
1076 struct ocf_session ses;
1077 struct session2_op sop;
1078 struct crypt_op cop;
1081 sop.mackeylen = key_len;
1082 sop.mackey = (char *)key;
1084 if (!ocf_init_session(&sop, "GMAC", alg->name, &ses))
1087 ocf_init_cop(&ses, &cop);
1090 cop.src = (char *)input;
1094 if (ioctl(ses.fd, CIOCCRYPT, &cop) < 0) {
1095 warn("cryptodev %s (%zu) failed for device %s", alg->name,
1096 size, crfind(crid));
1097 ocf_destroy_session(&ses);
1102 ocf_destroy_session(&ses);
1107 run_gmac_test(const struct alg *alg, size_t size)
1109 const EVP_CIPHER *cipher;
1110 char *iv, *key, *buffer;
1111 u_int iv_len, key_len, digest_len;
1113 char control_tag[AES_GMAC_HASH_LEN], test_tag[AES_GMAC_HASH_LEN];
1115 cipher = alg->evp_cipher();
1117 memset(control_tag, 0x3c, sizeof(control_tag));
1118 memset(test_tag, 0x3c, sizeof(test_tag));
1120 key_len = EVP_CIPHER_key_length(cipher);
1121 iv_len = EVP_CIPHER_iv_length(cipher);
1123 key = alloc_buffer(key_len);
1124 iv = generate_iv(iv_len, alg);
1125 buffer = alloc_buffer(size);
1128 openssl_gmac(alg, cipher, key, iv, buffer, size, control_tag);
1131 if (!ocf_gmac(alg, buffer, size, key, key_len, iv, test_tag, &crid))
1133 if (memcmp(control_tag, test_tag, sizeof(control_tag)) != 0) {
1134 printf("%s (%zu) mismatch:\n", alg->name, size);
1135 printf("control:\n");
1136 hexdump(control_tag, sizeof(control_tag), NULL, 0);
1137 printf("test (cryptodev device %s):\n", crfind(crid));
1138 hexdump(test_tag, sizeof(test_tag), NULL, 0);
1143 printf("%s (%zu) matched (cryptodev device %s)\n",
1144 alg->name, size, crfind(crid));
1152 openssl_gcm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher,
1153 const char *key, const char *iv, const char *aad, size_t aad_len,
1154 const char *input, char *output, size_t size, char *tag)
1156 EVP_CIPHER_CTX *ctx;
1159 ctx = EVP_CIPHER_CTX_new();
1161 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1162 size, ERR_error_string(ERR_get_error(), NULL));
1163 if (EVP_EncryptInit_ex(ctx, cipher, NULL, (const u_char *)key,
1164 (const u_char *)iv) != 1)
1165 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1166 size, ERR_error_string(ERR_get_error(), NULL));
1167 EVP_CIPHER_CTX_set_padding(ctx, 0);
1169 if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)aad,
1171 errx(1, "OpenSSL %s (%zu) aad update failed: %s",
1173 ERR_error_string(ERR_get_error(), NULL));
1175 if (EVP_EncryptUpdate(ctx, (u_char *)output, &outl,
1176 (const u_char *)input, size) != 1)
1177 errx(1, "OpenSSL %s (%zu) encrypt update failed: %s", alg->name,
1178 size, ERR_error_string(ERR_get_error(), NULL));
1180 if (EVP_EncryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1)
1181 errx(1, "OpenSSL %s (%zu) encrypt final failed: %s", alg->name,
1182 size, ERR_error_string(ERR_get_error(), NULL));
1185 errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name,
1187 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN,
1189 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1190 size, ERR_error_string(ERR_get_error(), NULL));
1191 EVP_CIPHER_CTX_free(ctx);
1196 openssl_gcm_decrypt(const struct alg *alg, const EVP_CIPHER *cipher,
1197 const char *key, const char *iv, const char *aad, size_t aad_len,
1198 const char *input, char *output, size_t size, char *tag)
1200 EVP_CIPHER_CTX *ctx;
1204 ctx = EVP_CIPHER_CTX_new();
1206 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1207 size, ERR_error_string(ERR_get_error(), NULL));
1208 if (EVP_DecryptInit_ex(ctx, cipher, NULL, (const u_char *)key,
1209 (const u_char *)iv) != 1)
1210 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1211 size, ERR_error_string(ERR_get_error(), NULL));
1212 EVP_CIPHER_CTX_set_padding(ctx, 0);
1214 if (EVP_DecryptUpdate(ctx, NULL, &outl, (const u_char *)aad,
1216 errx(1, "OpenSSL %s (%zu) aad update failed: %s",
1218 ERR_error_string(ERR_get_error(), NULL));
1220 if (EVP_DecryptUpdate(ctx, (u_char *)output, &outl,
1221 (const u_char *)input, size) != 1)
1222 errx(1, "OpenSSL %s (%zu) decrypt update failed: %s", alg->name,
1223 size, ERR_error_string(ERR_get_error(), NULL));
1225 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_GMAC_HASH_LEN,
1227 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1228 size, ERR_error_string(ERR_get_error(), NULL));
1229 valid = (EVP_DecryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1);
1232 errx(1, "OpenSSL %s (%zu) decrypt size mismatch: %d", alg->name,
1234 EVP_CIPHER_CTX_free(ctx);
1240 openssl_ccm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher,
1241 const char *key, const char *iv, size_t iv_len, const char *aad,
1242 size_t aad_len, const char *input, char *output, size_t size, char *tag)
1244 EVP_CIPHER_CTX *ctx;
1247 ctx = EVP_CIPHER_CTX_new();
1249 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1250 size, ERR_error_string(ERR_get_error(), NULL));
1251 if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1)
1252 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1253 size, ERR_error_string(ERR_get_error(), NULL));
1254 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_len, NULL) != 1)
1255 errx(1, "OpenSSL %s (%zu) setting iv length failed: %s", alg->name,
1256 size, ERR_error_string(ERR_get_error(), NULL));
1257 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1)
1258 errx(1, "OpenSSL %s (%zu) setting tag length failed: %s", alg->name,
1259 size, ERR_error_string(ERR_get_error(), NULL));
1260 if (EVP_EncryptInit_ex(ctx, NULL, NULL, (const u_char *)key,
1261 (const u_char *)iv) != 1)
1262 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1263 size, ERR_error_string(ERR_get_error(), NULL));
1264 if (EVP_EncryptUpdate(ctx, NULL, &outl, NULL, size) != 1)
1265 errx(1, "OpenSSL %s (%zu) unable to set data length: %s", alg->name,
1266 size, ERR_error_string(ERR_get_error(), NULL));
1269 if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)aad,
1271 errx(1, "OpenSSL %s (%zu) aad update failed: %s",
1273 ERR_error_string(ERR_get_error(), NULL));
1275 if (EVP_EncryptUpdate(ctx, (u_char *)output, &outl,
1276 (const u_char *)input, size) != 1)
1277 errx(1, "OpenSSL %s (%zu) encrypt update failed: %s", alg->name,
1278 size, ERR_error_string(ERR_get_error(), NULL));
1280 if (EVP_EncryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1)
1281 errx(1, "OpenSSL %s (%zu) encrypt final failed: %s", alg->name,
1282 size, ERR_error_string(ERR_get_error(), NULL));
1285 errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name,
1287 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, AES_CBC_MAC_HASH_LEN,
1289 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1290 size, ERR_error_string(ERR_get_error(), NULL));
1291 EVP_CIPHER_CTX_free(ctx);
1295 ocf_init_aead_session(const struct alg *alg, const char *key, size_t key_len,
1296 struct ocf_session *ses)
1298 struct session2_op sop;
1301 sop.keylen = key_len;
1302 sop.key = (char *)key;
1303 sop.cipher = alg->cipher;
1304 return (ocf_init_session(&sop, "AEAD", alg->name, ses));
1308 ocf_aead(const struct ocf_session *ses, const struct alg *alg, const char *iv,
1309 size_t iv_len, const char *aad, size_t aad_len, const char *input,
1310 char *output, size_t size, char *tag, int op)
1312 struct crypt_aead caead;
1314 ocf_init_caead(ses, &caead);
1317 caead.aadlen = aad_len;
1318 caead.ivlen = iv_len;
1319 caead.src = (char *)input;
1321 caead.aad = (char *)aad;
1323 caead.iv = (char *)iv;
1325 if (ioctl(ses->fd, CIOCCRYPTAEAD, &caead) < 0)
1330 #define AEAD_MAX_TAG_LEN MAX(AES_GMAC_HASH_LEN, AES_CBC_MAC_HASH_LEN)
1333 run_aead_test(const struct alg *alg, size_t aad_len, size_t size)
1335 struct ocf_session ses;
1336 const EVP_CIPHER *cipher;
1337 char *aad, *buffer, *cleartext, *ciphertext;
1339 u_int iv_len, key_len;
1341 char control_tag[AEAD_MAX_TAG_LEN], test_tag[AEAD_MAX_TAG_LEN];
1343 cipher = alg->evp_cipher();
1344 if (size % EVP_CIPHER_block_size(cipher) != 0) {
1347 "%s (%zu, %zu): invalid buffer size (block size %d)\n",
1348 alg->name, aad_len, size,
1349 EVP_CIPHER_block_size(cipher));
1353 memset(control_tag, 0x3c, sizeof(control_tag));
1354 memset(test_tag, 0x3c, sizeof(test_tag));
1356 key_len = EVP_CIPHER_key_length(cipher);
1357 iv_len = EVP_CIPHER_iv_length(cipher);
1360 * AES-CCM can have varying IV lengths; however, for the moment
1361 * we only support AES_CCM_IV_LEN (12). So if the sizes are
1362 * different, we'll fail.
1364 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE &&
1365 iv_len != AES_CCM_IV_LEN) {
1367 printf("OpenSSL CCM IV length (%d) != AES_CCM_IV_LEN",
1372 key = alloc_buffer(key_len);
1373 iv = generate_iv(iv_len, alg);
1374 cleartext = alloc_buffer(size);
1375 buffer = malloc(size);
1376 ciphertext = malloc(size);
1378 aad = alloc_buffer(aad_len);
1382 /* OpenSSL encrypt */
1383 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE)
1384 openssl_ccm_encrypt(alg, cipher, key, iv, iv_len, aad,
1385 aad_len, cleartext, ciphertext, size, control_tag);
1387 openssl_gcm_encrypt(alg, cipher, key, iv, aad, aad_len,
1388 cleartext, ciphertext, size, control_tag);
1390 if (!ocf_init_aead_session(alg, key, key_len, &ses))
1394 error = ocf_aead(&ses, alg, iv, iv_len, aad, aad_len, cleartext, buffer,
1395 size, test_tag, COP_ENCRYPT);
1397 warnc(error, "cryptodev %s (%zu, %zu) failed for device %s",
1398 alg->name, aad_len, size, crfind(ses.crid));
1401 if (memcmp(ciphertext, buffer, size) != 0) {
1402 printf("%s (%zu, %zu) encryption mismatch:\n", alg->name,
1404 printf("control:\n");
1405 hexdump(ciphertext, size, NULL, 0);
1406 printf("test (cryptodev device %s):\n", crfind(crid));
1407 hexdump(buffer, size, NULL, 0);
1410 if (memcmp(control_tag, test_tag, sizeof(control_tag)) != 0) {
1411 printf("%s (%zu, %zu) enc tag mismatch:\n", alg->name, aad_len,
1413 printf("control:\n");
1414 hexdump(control_tag, sizeof(control_tag), NULL, 0);
1415 printf("test (cryptodev device %s):\n", crfind(crid));
1416 hexdump(test_tag, sizeof(test_tag), NULL, 0);
1421 error = ocf_aead(&ses, alg, iv, iv_len, aad, aad_len, ciphertext,
1422 buffer, size, control_tag, COP_DECRYPT);
1424 warnc(error, "cryptodev %s (%zu, %zu) failed for device %s",
1425 alg->name, aad_len, size, crfind(ses.crid));
1428 if (memcmp(cleartext, buffer, size) != 0) {
1429 printf("%s (%zu, %zu) decryption mismatch:\n", alg->name,
1431 printf("control:\n");
1432 hexdump(cleartext, size, NULL, 0);
1433 printf("test (cryptodev device %s):\n", crfind(crid));
1434 hexdump(buffer, size, NULL, 0);
1438 /* Verify OCF decrypt fails with busted tag. */
1440 error = ocf_aead(&ses, alg, iv, iv_len, aad, aad_len, ciphertext,
1441 buffer, size, test_tag, COP_DECRYPT);
1442 if (error != EBADMSG) {
1445 "cryptodev %s (%zu, %zu) corrupt tag failed for device %s",
1446 alg->name, aad_len, size, crfind(ses.crid));
1449 "cryptodev %s (%zu, %zu) corrupt tag didn't fail for device %s",
1450 alg->name, aad_len, size, crfind(ses.crid));
1455 printf("%s (%zu, %zu) matched (cryptodev device %s)\n",
1456 alg->name, aad_len, size, crfind(ses.crid));
1459 ocf_destroy_session(&ses);
1469 run_test(const struct alg *alg, size_t aad_len, size_t size)
1472 switch (alg->type) {
1474 run_hash_test(alg, size);
1477 run_hmac_test(alg, size);
1480 run_gmac_test(alg, size);
1483 run_cipher_test(alg, size);
1486 run_eta_test(alg, aad_len, size);
1489 run_aead_test(alg, aad_len, size);
1495 run_test_sizes(const struct alg *alg)
1499 switch (alg->type) {
1501 for (i = 0; i < nsizes; i++)
1502 run_test(alg, 0, sizes[i]);
1506 for (i = 0; i < naad_sizes; i++)
1507 for (j = 0; j < nsizes; j++)
1508 run_test(alg, aad_sizes[i], sizes[j]);
1514 run_hash_tests(void)
1518 for (i = 0; i < nitems(algs); i++)
1519 if (algs[i].type == T_HASH)
1520 run_test_sizes(&algs[i]);
1528 for (i = 0; i < nitems(algs); i++)
1529 if (algs[i].type == T_HMAC || algs[i].type == T_GMAC)
1530 run_test_sizes(&algs[i]);
1534 run_cipher_tests(void)
1538 for (i = 0; i < nitems(algs); i++)
1539 if (algs[i].type == T_CIPHER)
1540 run_test_sizes(&algs[i]);
1546 const struct alg *cipher, *mac;
1550 for (i = 0; i < nitems(algs); i++) {
1552 if (cipher->type != T_CIPHER)
1554 for (j = 0; j < nitems(algs); j++) {
1556 if (mac->type != T_HMAC)
1558 eta = build_eta(cipher, mac);
1559 run_test_sizes(eta);
1566 run_aead_tests(void)
1570 for (i = 0; i < nitems(algs); i++)
1571 if (algs[i].type == T_AEAD)
1572 run_test_sizes(&algs[i]);
1576 main(int ac, char **av)
1578 const char *algname;
1579 const struct alg *alg;
1588 crid = CRYPTO_FLAG_HARDWARE;
1591 while ((ch = getopt(ac, av, "A:a:d:vz")) != -1)
1594 if (naad_sizes >= nitems(aad_sizes)) {
1595 warnx("Too many AAD sizes, ignoring extras");
1598 aad_sizes[naad_sizes] = strtol(optarg, &cp, 0);
1600 errx(1, "Bad AAD size %s", optarg);
1607 crid = crlookup(optarg);
1622 if (nsizes >= nitems(sizes)) {
1623 warnx("Too many sizes, ignoring extras");
1626 sizes[nsizes] = strtol(av[0], &cp, 0);
1628 errx(1, "Bad size %s", av[0]);
1634 if (algname == NULL)
1635 errx(1, "Algorithm required");
1637 if (naad_sizes == 0) {
1639 for (i = 0; i <= 32; i++) {
1640 aad_sizes[naad_sizes] = i;
1645 while (base_size * 2 < 512) {
1647 assert(naad_sizes < nitems(aad_sizes));
1648 aad_sizes[naad_sizes] = base_size;
1659 for (i = 1; i <= 32; i++) {
1665 while (base_size * 2 < 240 * 1024) {
1667 assert(nsizes < nitems(sizes));
1668 sizes[nsizes] = base_size;
1672 if (sizes[nsizes - 1] < 240 * 1024) {
1673 assert(nsizes < nitems(sizes));
1674 sizes[nsizes] = 240 * 1024;
1683 if (strcasecmp(algname, "hash") == 0)
1685 else if (strcasecmp(algname, "mac") == 0)
1687 else if (strcasecmp(algname, "cipher") == 0)
1689 else if (strcasecmp(algname, "eta") == 0)
1691 else if (strcasecmp(algname, "aead") == 0)
1693 else if (strcasecmp(algname, "all") == 0) {
1699 } else if (strchr(algname, '+') != NULL) {
1700 eta = build_eta_name(algname);
1701 run_test_sizes(eta);
1704 alg = find_alg(algname);
1706 errx(1, "Invalid algorithm %s", algname);
1707 run_test_sizes(alg);