2 * Copyright (c) 2017 Chelsio Communications, Inc.
4 * Written by: John Baldwin <jhb@FreeBSD.org>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * Copyright (c) 2004 Sam Leffler, Errno Consulting
29 * All rights reserved.
31 * Redistribution and use in source and binary forms, with or without
32 * modification, are permitted provided that the following conditions
34 * 1. Redistributions of source code must retain the above copyright
35 * notice, this list of conditions and the following disclaimer,
36 * without modification.
37 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
38 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
39 * redistribution must be conditioned upon including a substantially
40 * similar Disclaimer requirement for further binary redistribution.
41 * 3. Neither the names of the above-listed copyright holders nor the names
42 * of any contributors may be used to endorse or promote products derived
43 * from this software without specific prior written permission.
46 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
47 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
48 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
49 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
50 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
51 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
52 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
53 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
54 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
55 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
56 * THE POSSIBILITY OF SUCH DAMAGES.
62 * A different tool for checking hardware crypto support. Whereas
63 * cryptotest is focused on simple performance numbers, this tool is
64 * focused on correctness. For each crypto operation, it performs the
65 * operation once in software via OpenSSL and a second time via
66 * OpenCrypto and compares the results.
68 * cryptocheck [-vz] [-A aad length] [-a algorithm] [-d dev] [size ...]
72 * -z Run all algorithms on a variety of buffer sizes.
74 * Supported algorithms:
76 * hash Run all hash tests
77 * mac Run all mac tests
78 * cipher Run all cipher tests
79 * eta Run all encrypt-then-authenticate tests
80 * aead Run all authenticated encryption with associated data
85 * sha224 224-bit SHA-2
86 * sha256 256-bit SHA-2
87 * sha384 384-bit SHA-2
88 * sha512 512-bit SHA-2
94 * sha224hmac 224-bit SHA-2 HMAC
95 * sha256hmac 256-bit SHA-2 HMAC
96 * sha384hmac 384-bit SHA-2 HMAC
97 * sha512hmac 512-bit SHA-2 HMAC
99 * gmac192 192-bit GMAC
100 * gmac256 256-bit GMAC
103 * aes-cbc 128-bit AES-CBC
104 * aes-cbc192 192-bit AES-CBC
105 * aes-cbc256 256-bit AES-CBC
106 * aes-ctr 128-bit AES-CTR
107 * aes-ctr192 192-bit AES-CTR
108 * aes-ctr256 256-bit AES-CTR
109 * aes-xts 128-bit AES-XTS
110 * aes-xts256 256-bit AES-XTS
113 * Encrypt then Authenticate:
116 * Authenticated Encryption with Associated Data:
117 * aes-gcm 128-bit AES-GCM
118 * aes-gcm192 192-bit AES-GCM
119 * aes-gcm256 256-bit AES-GCM
120 * aes-ccm 128-bit AES-CCM
121 * aes-ccm192 192-bit AES-CCM
122 * aes-ccm256 256-bit AES-CCM
125 #include <sys/param.h>
126 #include <sys/sysctl.h>
136 #include <openssl/err.h>
137 #include <openssl/hmac.h>
139 #include <crypto/cryptodev.h>
151 enum { T_HASH, T_HMAC, T_GMAC, T_CIPHER, T_ETA, T_AEAD } type;
152 const EVP_CIPHER *(*evp_cipher)(void);
153 const EVP_MD *(*evp_md)(void);
155 { .name = "sha1", .mac = CRYPTO_SHA1, .type = T_HASH,
156 .evp_md = EVP_sha1 },
157 { .name = "sha224", .mac = CRYPTO_SHA2_224, .type = T_HASH,
158 .evp_md = EVP_sha224 },
159 { .name = "sha256", .mac = CRYPTO_SHA2_256, .type = T_HASH,
160 .evp_md = EVP_sha256 },
161 { .name = "sha384", .mac = CRYPTO_SHA2_384, .type = T_HASH,
162 .evp_md = EVP_sha384 },
163 { .name = "sha512", .mac = CRYPTO_SHA2_512, .type = T_HASH,
164 .evp_md = EVP_sha512 },
165 { .name = "sha1hmac", .mac = CRYPTO_SHA1_HMAC, .type = T_HMAC,
166 .evp_md = EVP_sha1 },
167 { .name = "sha224hmac", .mac = CRYPTO_SHA2_224_HMAC, .type = T_HMAC,
168 .evp_md = EVP_sha224 },
169 { .name = "sha256hmac", .mac = CRYPTO_SHA2_256_HMAC, .type = T_HMAC,
170 .evp_md = EVP_sha256 },
171 { .name = "sha384hmac", .mac = CRYPTO_SHA2_384_HMAC, .type = T_HMAC,
172 .evp_md = EVP_sha384 },
173 { .name = "sha512hmac", .mac = CRYPTO_SHA2_512_HMAC, .type = T_HMAC,
174 .evp_md = EVP_sha512 },
175 { .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HASH,
176 .evp_md = EVP_blake2b512 },
177 { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH,
178 .evp_md = EVP_blake2s256 },
179 { .name = "gmac", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
180 .evp_cipher = EVP_aes_128_gcm },
181 { .name = "gmac192", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
182 .evp_cipher = EVP_aes_192_gcm },
183 { .name = "gmac256", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
184 .evp_cipher = EVP_aes_256_gcm },
185 { .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
186 .evp_cipher = EVP_aes_128_cbc },
187 { .name = "aes-cbc192", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
188 .evp_cipher = EVP_aes_192_cbc },
189 { .name = "aes-cbc256", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
190 .evp_cipher = EVP_aes_256_cbc },
191 { .name = "aes-ctr", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
192 .evp_cipher = EVP_aes_128_ctr },
193 { .name = "aes-ctr192", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
194 .evp_cipher = EVP_aes_192_ctr },
195 { .name = "aes-ctr256", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
196 .evp_cipher = EVP_aes_256_ctr },
197 { .name = "aes-xts", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER,
198 .evp_cipher = EVP_aes_128_xts },
199 { .name = "aes-xts256", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER,
200 .evp_cipher = EVP_aes_256_xts },
201 { .name = "chacha20", .cipher = CRYPTO_CHACHA20, .type = T_CIPHER,
202 .evp_cipher = EVP_chacha20 },
203 { .name = "aes-gcm", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD,
204 .evp_cipher = EVP_aes_128_gcm },
205 { .name = "aes-gcm192", .cipher = CRYPTO_AES_NIST_GCM_16,
206 .type = T_AEAD, .evp_cipher = EVP_aes_192_gcm },
207 { .name = "aes-gcm256", .cipher = CRYPTO_AES_NIST_GCM_16,
208 .type = T_AEAD, .evp_cipher = EVP_aes_256_gcm },
209 { .name = "aes-ccm", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
210 .evp_cipher = EVP_aes_128_ccm },
211 { .name = "aes-ccm192", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
212 .evp_cipher = EVP_aes_192_ccm },
213 { .name = "aes-ccm256", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
214 .evp_cipher = EVP_aes_256_ccm },
219 static size_t aad_len;
225 "usage: cryptocheck [-z] [-a algorithm] [-d dev] [size ...]\n");
229 static const struct alg *
230 find_alg(const char *name)
234 for (i = 0; i < nitems(algs); i++)
235 if (strcasecmp(algs[i].name, name) == 0)
241 build_eta(const struct alg *cipher, const struct alg *mac)
246 assert(cipher->type == T_CIPHER);
247 assert(mac->type == T_HMAC);
248 eta = calloc(1, sizeof(*eta));
249 asprintf(&name, "%s+%s", cipher->name, mac->name);
251 eta->cipher = cipher->cipher;
254 eta->evp_cipher = cipher->evp_cipher;
255 eta->evp_md = mac->evp_md;
260 free_eta(struct alg *eta)
262 free(__DECONST(char *, eta->name));
267 build_eta_name(const char *name)
269 const struct alg *cipher, *mac;
270 const char *mac_name;
271 char *cp, *cipher_name;
273 cp = strchr(name, '+');
274 cipher_name = strndup(name, cp - name);
276 cipher = find_alg(cipher_name);
278 if (cipher == NULL || cipher->type != T_CIPHER)
279 errx(1, "Invalid cipher %s", cipher_name);
280 mac = find_alg(mac_name);
281 if (mac == NULL || mac->type != T_HMAC)
282 errx(1, "Invalid hmac %s", mac_name);
283 return (build_eta(cipher, mac));
292 fd = open("/dev/crypto", O_RDWR | O_CLOEXEC, 0);
294 err(1, "/dev/crypto");
300 * Called on exit to change kern.cryptodevallowsoft back to 0
302 #define CRYPT_SOFT_ALLOW "kern.cryptodevallowsoft"
305 reset_user_soft(void)
308 sysctlbyname(CRYPT_SOFT_ALLOW, NULL, NULL, &off, sizeof(off));
312 enable_user_soft(void)
316 size_t cursize = sizeof(curstate);
318 if (sysctlbyname(CRYPT_SOFT_ALLOW, &curstate, &cursize,
319 &on, sizeof(on)) == 0) {
321 atexit(reset_user_soft);
326 crlookup(const char *devname)
328 struct crypt_find_op find;
330 if (strncmp(devname, "soft", 4) == 0) {
332 return CRYPTO_FLAG_SOFTWARE;
336 strlcpy(find.name, devname, sizeof(find.name));
337 if (ioctl(devcrypto(), CIOCFINDDEV, &find) == -1)
338 err(1, "ioctl(CIOCFINDDEV)");
345 static struct crypt_find_op find;
347 if (crid == CRYPTO_FLAG_SOFTWARE)
349 else if (crid == CRYPTO_FLAG_HARDWARE)
352 bzero(&find, sizeof(find));
354 if (ioctl(devcrypto(), CRIOFINDDEV, &find) == -1)
355 err(1, "ioctl(CIOCFINDDEV): crid %d", crid);
364 if (ioctl(devcrypto(), CRIOGET, &fd) == -1)
365 err(1, "ioctl(CRIOGET)");
366 if (fcntl(fd, F_SETFD, 1) == -1)
367 err(1, "fcntl(F_SETFD) (crget)");
375 0x10,0x54,0x11,0x48,0x45,0x12,0x4f,0x13,0x49,0x53,0x14,0x41,
376 0x15,0x16,0x4e,0x55,0x54,0x17,0x18,0x4a,0x4f,0x42,0x19,0x01
378 return 0x20+a[random()%nitems(a)];
382 alloc_buffer(size_t len)
388 for (i = 0; i < len; i++)
394 generate_iv(size_t len, const struct alg *alg)
398 iv = alloc_buffer(len);
399 switch (alg->cipher) {
401 /* Clear the low 32 bits of the IV to hold the counter. */
409 * Clear the low 64-bits to only store a 64-bit block
426 ocf_init_sop(struct session2_op *sop)
428 memset(sop, 0, sizeof(*sop));
433 ocf_init_session(struct session2_op *sop, const char *type, const char *name,
434 struct ocf_session *ses)
439 if (ioctl(fd, CIOCGSESSION2, sop) < 0) {
440 warn("cryptodev %s %s not supported for device %s",
441 type, name, crfind(crid));
448 ses->crid = sop->crid;
453 ocf_destroy_session(struct ocf_session *ses)
458 if (ioctl(ses->fd, CIOCFSESSION, &ses->ses) < 0)
459 warn("ioctl(CIOCFSESSION)");
465 ocf_init_cop(const struct ocf_session *ses, struct crypt_op *cop)
467 memset(cop, 0, sizeof(*cop));
472 ocf_init_caead(const struct ocf_session *ses, struct crypt_aead *caead)
474 memset(caead, 0, sizeof(*caead));
475 caead->ses = ses->ses;
479 ocf_hash(const struct alg *alg, const char *buffer, size_t size, char *digest,
482 struct ocf_session ses;
483 struct session2_op sop;
489 if (!ocf_init_session(&sop, "HASH", alg->name, &ses))
492 ocf_init_cop(&ses, &cop);
495 cop.src = (char *)buffer;
498 if (ioctl(ses.fd, CIOCCRYPT, &cop) < 0) {
499 warn("cryptodev %s (%zu) HASH failed for device %s", alg->name,
501 ocf_destroy_session(&ses);
506 ocf_destroy_session(&ses);
511 openssl_hash(const struct alg *alg, const EVP_MD *md, const void *buffer,
512 size_t size, void *digest_out, unsigned *digest_sz_out)
520 mdctx = EVP_MD_CTX_create();
524 rc = EVP_DigestInit_ex(mdctx, md, NULL);
528 rc = EVP_DigestUpdate(mdctx, buffer, size);
532 rc = EVP_DigestFinal_ex(mdctx, digest_out, digest_sz_out);
536 EVP_MD_CTX_destroy(mdctx);
540 errx(1, "OpenSSL %s HASH failed%s: %s", alg->name, errs,
541 ERR_error_string(ERR_get_error(), NULL));
545 run_hash_test(const struct alg *alg, size_t size)
551 char control_digest[EVP_MAX_MD_SIZE], test_digest[EVP_MAX_MD_SIZE];
553 memset(control_digest, 0x3c, sizeof(control_digest));
554 memset(test_digest, 0x3c, sizeof(test_digest));
557 assert(EVP_MD_size(md) <= sizeof(control_digest));
559 buffer = alloc_buffer(size);
562 digest_len = sizeof(control_digest);
563 openssl_hash(alg, md, buffer, size, control_digest, &digest_len);
565 /* cryptodev HASH. */
566 if (!ocf_hash(alg, buffer, size, test_digest, &crid))
568 if (memcmp(control_digest, test_digest, sizeof(control_digest)) != 0) {
569 if (memcmp(control_digest, test_digest, EVP_MD_size(md)) == 0)
570 printf("%s (%zu) mismatch in trailer:\n",
573 printf("%s (%zu) mismatch:\n", alg->name, size);
574 printf("control:\n");
575 hexdump(control_digest, sizeof(control_digest), NULL, 0);
576 printf("test (cryptodev device %s):\n", crfind(crid));
577 hexdump(test_digest, sizeof(test_digest), NULL, 0);
582 printf("%s (%zu) matched (cryptodev device %s)\n",
583 alg->name, size, crfind(crid));
590 ocf_hmac(const struct alg *alg, const char *buffer, size_t size,
591 const char *key, size_t key_len, char *digest, int *cridp)
593 struct ocf_session ses;
594 struct session2_op sop;
598 sop.mackeylen = key_len;
599 sop.mackey = (char *)key;
601 if (!ocf_init_session(&sop, "HMAC", alg->name, &ses))
604 ocf_init_cop(&ses, &cop);
607 cop.src = (char *)buffer;
610 if (ioctl(ses.fd, CIOCCRYPT, &cop) < 0) {
611 warn("cryptodev %s (%zu) HMAC failed for device %s", alg->name,
613 ocf_destroy_session(&ses);
618 ocf_destroy_session(&ses);
623 run_hmac_test(const struct alg *alg, size_t size)
627 u_int key_len, digest_len;
629 char control_digest[EVP_MAX_MD_SIZE], test_digest[EVP_MAX_MD_SIZE];
631 memset(control_digest, 0x3c, sizeof(control_digest));
632 memset(test_digest, 0x3c, sizeof(test_digest));
635 key_len = EVP_MD_size(md);
636 assert(EVP_MD_size(md) <= sizeof(control_digest));
638 key = alloc_buffer(key_len);
639 buffer = alloc_buffer(size);
642 digest_len = sizeof(control_digest);
643 if (HMAC(md, key, key_len, (u_char *)buffer, size,
644 (u_char *)control_digest, &digest_len) == NULL)
645 errx(1, "OpenSSL %s (%zu) HMAC failed: %s", alg->name,
646 size, ERR_error_string(ERR_get_error(), NULL));
648 /* cryptodev HMAC. */
649 if (!ocf_hmac(alg, buffer, size, key, key_len, test_digest, &crid))
651 if (memcmp(control_digest, test_digest, sizeof(control_digest)) != 0) {
652 if (memcmp(control_digest, test_digest, EVP_MD_size(md)) == 0)
653 printf("%s (%zu) mismatch in trailer:\n",
656 printf("%s (%zu) mismatch:\n", alg->name, size);
657 printf("control:\n");
658 hexdump(control_digest, sizeof(control_digest), NULL, 0);
659 printf("test (cryptodev device %s):\n", crfind(crid));
660 hexdump(test_digest, sizeof(test_digest), NULL, 0);
665 printf("%s (%zu) matched (cryptodev device %s)\n",
666 alg->name, size, crfind(crid));
674 openssl_cipher(const struct alg *alg, const EVP_CIPHER *cipher, const char *key,
675 const char *iv, const char *input, char *output, size_t size, int enc)
680 ctx = EVP_CIPHER_CTX_new();
682 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
683 size, ERR_error_string(ERR_get_error(), NULL));
684 if (EVP_CipherInit_ex(ctx, cipher, NULL, (const u_char *)key,
685 (const u_char *)iv, enc) != 1)
686 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
687 size, ERR_error_string(ERR_get_error(), NULL));
688 EVP_CIPHER_CTX_set_padding(ctx, 0);
689 if (EVP_CipherUpdate(ctx, (u_char *)output, &outl,
690 (const u_char *)input, size) != 1)
691 errx(1, "OpenSSL %s (%zu) cipher update failed: %s", alg->name,
692 size, ERR_error_string(ERR_get_error(), NULL));
694 if (EVP_CipherFinal_ex(ctx, (u_char *)output + outl, &outl) != 1)
695 errx(1, "OpenSSL %s (%zu) cipher final failed: %s", alg->name,
696 size, ERR_error_string(ERR_get_error(), NULL));
699 errx(1, "OpenSSL %s (%zu) cipher size mismatch: %d", alg->name,
701 EVP_CIPHER_CTX_free(ctx);
705 ocf_init_cipher_session(const struct alg *alg, const char *key, size_t key_len,
706 struct ocf_session *ses)
708 struct session2_op sop;
711 sop.keylen = key_len;
712 sop.key = (char *)key;
713 sop.cipher = alg->cipher;
714 return (ocf_init_session(&sop, "cipher", alg->name, ses));
718 ocf_cipher(const struct ocf_session *ses, const struct alg *alg, const char *iv,
719 const char *input, char *output, size_t size, int op)
723 ocf_init_cop(ses, &cop);
726 cop.src = (char *)input;
730 if (ioctl(ses->fd, CIOCCRYPT, &cop) < 0) {
731 warn("cryptodev %s (%zu) cipher failed for device %s",
732 alg->name, size, crfind(crid));
740 run_cipher_test(const struct alg *alg, size_t size)
742 struct ocf_session ses;
743 const EVP_CIPHER *cipher;
744 char *buffer, *cleartext, *ciphertext;
746 u_int iv_len, key_len;
748 cipher = alg->evp_cipher();
749 if (size % EVP_CIPHER_block_size(cipher) != 0) {
752 "%s (%zu): invalid buffer size (block size %d)\n",
753 alg->name, size, EVP_CIPHER_block_size(cipher));
757 key_len = EVP_CIPHER_key_length(cipher);
758 iv_len = EVP_CIPHER_iv_length(cipher);
760 key = alloc_buffer(key_len);
761 iv = generate_iv(iv_len, alg);
762 cleartext = alloc_buffer(size);
763 buffer = malloc(size);
764 ciphertext = malloc(size);
766 /* OpenSSL cipher. */
767 openssl_cipher(alg, cipher, key, iv, cleartext, ciphertext, size, 1);
768 if (size > 0 && memcmp(cleartext, ciphertext, size) == 0)
769 errx(1, "OpenSSL %s (%zu): cipher text unchanged", alg->name,
771 openssl_cipher(alg, cipher, key, iv, ciphertext, buffer, size, 0);
772 if (memcmp(cleartext, buffer, size) != 0) {
773 printf("OpenSSL %s (%zu): cipher mismatch:", alg->name, size);
774 printf("original:\n");
775 hexdump(cleartext, size, NULL, 0);
776 printf("decrypted:\n");
777 hexdump(buffer, size, NULL, 0);
781 if (!ocf_init_cipher_session(alg, key, key_len, &ses))
785 if (!ocf_cipher(&ses, alg, iv, cleartext, buffer, size, COP_ENCRYPT))
787 if (memcmp(ciphertext, buffer, size) != 0) {
788 printf("%s (%zu) encryption mismatch:\n", alg->name, size);
789 printf("control:\n");
790 hexdump(ciphertext, size, NULL, 0);
791 printf("test (cryptodev device %s):\n", crfind(ses.crid));
792 hexdump(buffer, size, NULL, 0);
797 if (!ocf_cipher(&ses, alg, iv, ciphertext, buffer, size, COP_DECRYPT))
799 if (memcmp(cleartext, buffer, size) != 0) {
800 printf("%s (%zu) decryption mismatch:\n", alg->name, size);
801 printf("control:\n");
802 hexdump(cleartext, size, NULL, 0);
803 printf("test (cryptodev device %s):\n", crfind(ses.crid));
804 hexdump(buffer, size, NULL, 0);
809 printf("%s (%zu) matched (cryptodev device %s)\n",
810 alg->name, size, crfind(ses.crid));
813 ocf_destroy_session(&ses);
822 ocf_init_eta_session(const struct alg *alg, const char *cipher_key,
823 size_t cipher_key_len, const char *auth_key, size_t auth_key_len,
824 struct ocf_session *ses)
826 struct session2_op sop;
829 sop.keylen = cipher_key_len;
830 sop.key = (char *)cipher_key;
831 sop.cipher = alg->cipher;
832 sop.mackeylen = auth_key_len;
833 sop.mackey = (char *)auth_key;
835 return (ocf_init_session(&sop, "ETA", alg->name, ses));
839 ocf_eta(const struct ocf_session *ses, const struct alg *alg, const char *iv,
840 size_t iv_len, const char *aad, size_t aad_len, const char *input,
841 char *output, size_t size, char *digest, int op)
846 struct crypt_aead caead;
848 ocf_init_caead(ses, &caead);
851 caead.aadlen = aad_len;
852 caead.ivlen = iv_len;
853 caead.src = (char *)input;
855 caead.aad = (char *)aad;
857 caead.iv = (char *)iv;
859 ret = ioctl(ses->fd, CIOCCRYPTAEAD, &caead);
863 ocf_init_cop(ses, &cop);
866 cop.src = (char *)input;
871 ret = ioctl(ses->fd, CIOCCRYPT, &cop);
880 run_eta_test(const struct alg *alg, size_t size)
882 struct ocf_session ses;
883 const EVP_CIPHER *cipher;
885 char *aad, *buffer, *cleartext, *ciphertext;
886 char *iv, *auth_key, *cipher_key;
887 u_int iv_len, auth_key_len, cipher_key_len, digest_len;
889 char control_digest[EVP_MAX_MD_SIZE], test_digest[EVP_MAX_MD_SIZE];
891 cipher = alg->evp_cipher();
892 if (size % EVP_CIPHER_block_size(cipher) != 0) {
895 "%s (%zu): invalid buffer size (block size %d)\n",
896 alg->name, size, EVP_CIPHER_block_size(cipher));
900 memset(control_digest, 0x3c, sizeof(control_digest));
901 memset(test_digest, 0x3c, sizeof(test_digest));
905 cipher_key_len = EVP_CIPHER_key_length(cipher);
906 iv_len = EVP_CIPHER_iv_length(cipher);
907 auth_key_len = EVP_MD_size(md);
909 cipher_key = alloc_buffer(cipher_key_len);
910 iv = generate_iv(iv_len, alg);
911 auth_key = alloc_buffer(auth_key_len);
912 cleartext = alloc_buffer(aad_len + size);
913 buffer = malloc(aad_len + size);
914 ciphertext = malloc(aad_len + size);
916 /* OpenSSL encrypt + HMAC. */
918 memcpy(ciphertext, cleartext, aad_len);
919 openssl_cipher(alg, cipher, cipher_key, iv, cleartext + aad_len,
920 ciphertext + aad_len, size, 1);
921 if (size > 0 && memcmp(cleartext + aad_len, ciphertext + aad_len,
923 errx(1, "OpenSSL %s (%zu): cipher text unchanged", alg->name,
925 digest_len = sizeof(control_digest);
926 if (HMAC(md, auth_key, auth_key_len, (u_char *)ciphertext,
927 aad_len + size, (u_char *)control_digest, &digest_len) == NULL)
928 errx(1, "OpenSSL %s (%zu) HMAC failed: %s", alg->name,
929 size, ERR_error_string(ERR_get_error(), NULL));
931 if (!ocf_init_eta_session(alg, cipher_key, cipher_key_len, auth_key,
935 /* OCF encrypt + HMAC. */
936 error = ocf_eta(&ses, alg, iv, iv_len,
937 aad_len != 0 ? cleartext : NULL, aad_len, cleartext + aad_len,
938 buffer + aad_len, size, test_digest, COP_ENCRYPT);
940 warnc(error, "cryptodev %s (%zu) ETA failed for device %s",
941 alg->name, size, crfind(ses.crid));
944 if (memcmp(ciphertext + aad_len, buffer + aad_len, size) != 0) {
945 printf("%s (%zu) encryption mismatch:\n", alg->name, size);
946 printf("control:\n");
947 hexdump(ciphertext + aad_len, size, NULL, 0);
948 printf("test (cryptodev device %s):\n", crfind(ses.crid));
949 hexdump(buffer + aad_len, size, NULL, 0);
952 if (memcmp(control_digest, test_digest, sizeof(control_digest)) != 0) {
953 if (memcmp(control_digest, test_digest, EVP_MD_size(md)) == 0)
954 printf("%s (%zu) enc hash mismatch in trailer:\n",
957 printf("%s (%zu) enc hash mismatch:\n", alg->name,
959 printf("control:\n");
960 hexdump(control_digest, sizeof(control_digest), NULL, 0);
961 printf("test (cryptodev device %s):\n", crfind(ses.crid));
962 hexdump(test_digest, sizeof(test_digest), NULL, 0);
966 /* OCF HMAC + decrypt. */
967 error = ocf_eta(&ses, alg, iv, iv_len,
968 aad_len != 0 ? ciphertext : NULL, aad_len, ciphertext + aad_len,
969 buffer + aad_len, size, test_digest, COP_DECRYPT);
971 warnc(error, "cryptodev %s (%zu) ETA failed for device %s",
972 alg->name, size, crfind(ses.crid));
975 if (memcmp(cleartext + aad_len, buffer + aad_len, size) != 0) {
976 printf("%s (%zu) decryption mismatch:\n", alg->name, size);
977 printf("control:\n");
978 hexdump(cleartext, size, NULL, 0);
979 printf("test (cryptodev device %s):\n", crfind(ses.crid));
980 hexdump(buffer, size, NULL, 0);
984 /* Verify OCF HMAC + decrypt fails with busted MAC. */
985 test_digest[0] ^= 0x1;
986 error = ocf_eta(&ses, alg, iv, iv_len,
987 aad_len != 0 ? ciphertext : NULL, aad_len, ciphertext + aad_len,
988 buffer + aad_len, size, test_digest, COP_DECRYPT);
989 if (error != EBADMSG) {
992 "cryptodev %s (%zu) corrupt tag failed for device %s",
993 alg->name, size, crfind(ses.crid));
996 "cryptodev %s (%zu) corrupt tag didn't fail for device %s",
997 alg->name, size, crfind(ses.crid));
1002 printf("%s (%zu) matched (cryptodev device %s)\n",
1003 alg->name, size, crfind(ses.crid));
1006 ocf_destroy_session(&ses);
1016 openssl_gmac(const struct alg *alg, const EVP_CIPHER *cipher, const char *key,
1017 const char *iv, const char *input, size_t size, char *tag)
1019 EVP_CIPHER_CTX *ctx;
1022 ctx = EVP_CIPHER_CTX_new();
1024 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1025 size, ERR_error_string(ERR_get_error(), NULL));
1026 if (EVP_EncryptInit_ex(ctx, cipher, NULL, (const u_char *)key,
1027 (const u_char *)iv) != 1)
1028 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1029 size, ERR_error_string(ERR_get_error(), NULL));
1030 EVP_CIPHER_CTX_set_padding(ctx, 0);
1031 if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)input,
1033 errx(1, "OpenSSL %s (%zu) update failed: %s",
1034 alg->name, size, ERR_error_string(ERR_get_error(), NULL));
1035 if (EVP_EncryptFinal_ex(ctx, NULL, &outl) != 1)
1036 errx(1, "OpenSSL %s (%zu) final failed: %s", alg->name,
1037 size, ERR_error_string(ERR_get_error(), NULL));
1038 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN,
1040 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1041 size, ERR_error_string(ERR_get_error(), NULL));
1042 EVP_CIPHER_CTX_free(ctx);
1046 ocf_gmac(const struct alg *alg, const char *input, size_t size, const char *key,
1047 size_t key_len, const char *iv, char *tag, int *cridp)
1049 struct ocf_session ses;
1050 struct session2_op sop;
1051 struct crypt_op cop;
1054 sop.mackeylen = key_len;
1055 sop.mackey = (char *)key;
1057 if (!ocf_init_session(&sop, "GMAC", alg->name, &ses))
1060 ocf_init_cop(&ses, &cop);
1063 cop.src = (char *)input;
1067 if (ioctl(ses.fd, CIOCCRYPT, &cop) < 0) {
1068 warn("cryptodev %s (%zu) failed for device %s", alg->name,
1069 size, crfind(crid));
1070 ocf_destroy_session(&ses);
1075 ocf_destroy_session(&ses);
1080 run_gmac_test(const struct alg *alg, size_t size)
1082 const EVP_CIPHER *cipher;
1083 char *iv, *key, *buffer;
1084 u_int iv_len, key_len, digest_len;
1086 char control_tag[AES_GMAC_HASH_LEN], test_tag[AES_GMAC_HASH_LEN];
1088 cipher = alg->evp_cipher();
1090 memset(control_tag, 0x3c, sizeof(control_tag));
1091 memset(test_tag, 0x3c, sizeof(test_tag));
1093 key_len = EVP_CIPHER_key_length(cipher);
1094 iv_len = EVP_CIPHER_iv_length(cipher);
1096 key = alloc_buffer(key_len);
1097 iv = generate_iv(iv_len, alg);
1098 buffer = alloc_buffer(size);
1101 openssl_gmac(alg, cipher, key, iv, buffer, size, control_tag);
1104 if (!ocf_gmac(alg, buffer, size, key, key_len, iv, test_tag, &crid))
1106 if (memcmp(control_tag, test_tag, sizeof(control_tag)) != 0) {
1107 printf("%s (%zu) mismatch:\n", alg->name, size);
1108 printf("control:\n");
1109 hexdump(control_tag, sizeof(control_tag), NULL, 0);
1110 printf("test (cryptodev device %s):\n", crfind(crid));
1111 hexdump(test_tag, sizeof(test_tag), NULL, 0);
1116 printf("%s (%zu) matched (cryptodev device %s)\n",
1117 alg->name, size, crfind(crid));
1125 openssl_gcm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher,
1126 const char *key, const char *iv, const char *aad, size_t aad_len,
1127 const char *input, char *output, size_t size, char *tag)
1129 EVP_CIPHER_CTX *ctx;
1132 ctx = EVP_CIPHER_CTX_new();
1134 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1135 size, ERR_error_string(ERR_get_error(), NULL));
1136 if (EVP_EncryptInit_ex(ctx, cipher, NULL, (const u_char *)key,
1137 (const u_char *)iv) != 1)
1138 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1139 size, ERR_error_string(ERR_get_error(), NULL));
1140 EVP_CIPHER_CTX_set_padding(ctx, 0);
1142 if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)aad,
1144 errx(1, "OpenSSL %s (%zu) aad update failed: %s",
1146 ERR_error_string(ERR_get_error(), NULL));
1148 if (EVP_EncryptUpdate(ctx, (u_char *)output, &outl,
1149 (const u_char *)input, size) != 1)
1150 errx(1, "OpenSSL %s (%zu) encrypt update failed: %s", alg->name,
1151 size, ERR_error_string(ERR_get_error(), NULL));
1153 if (EVP_EncryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1)
1154 errx(1, "OpenSSL %s (%zu) encrypt final failed: %s", alg->name,
1155 size, ERR_error_string(ERR_get_error(), NULL));
1158 errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name,
1160 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN,
1162 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1163 size, ERR_error_string(ERR_get_error(), NULL));
1164 EVP_CIPHER_CTX_free(ctx);
1169 openssl_gcm_decrypt(const struct alg *alg, const EVP_CIPHER *cipher,
1170 const char *key, const char *iv, const char *aad, size_t aad_len,
1171 const char *input, char *output, size_t size, char *tag)
1173 EVP_CIPHER_CTX *ctx;
1177 ctx = EVP_CIPHER_CTX_new();
1179 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1180 size, ERR_error_string(ERR_get_error(), NULL));
1181 if (EVP_DecryptInit_ex(ctx, cipher, NULL, (const u_char *)key,
1182 (const u_char *)iv) != 1)
1183 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1184 size, ERR_error_string(ERR_get_error(), NULL));
1185 EVP_CIPHER_CTX_set_padding(ctx, 0);
1187 if (EVP_DecryptUpdate(ctx, NULL, &outl, (const u_char *)aad,
1189 errx(1, "OpenSSL %s (%zu) aad update failed: %s",
1191 ERR_error_string(ERR_get_error(), NULL));
1193 if (EVP_DecryptUpdate(ctx, (u_char *)output, &outl,
1194 (const u_char *)input, size) != 1)
1195 errx(1, "OpenSSL %s (%zu) decrypt update failed: %s", alg->name,
1196 size, ERR_error_string(ERR_get_error(), NULL));
1198 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_GMAC_HASH_LEN,
1200 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1201 size, ERR_error_string(ERR_get_error(), NULL));
1202 valid = (EVP_DecryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1);
1205 errx(1, "OpenSSL %s (%zu) decrypt size mismatch: %d", alg->name,
1207 EVP_CIPHER_CTX_free(ctx);
1213 openssl_ccm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher,
1214 const char *key, const char *iv, size_t iv_len, const char *aad,
1215 size_t aad_len, const char *input, char *output, size_t size, char *tag)
1217 EVP_CIPHER_CTX *ctx;
1220 ctx = EVP_CIPHER_CTX_new();
1222 errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name,
1223 size, ERR_error_string(ERR_get_error(), NULL));
1224 if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1)
1225 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1226 size, ERR_error_string(ERR_get_error(), NULL));
1227 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_len, NULL) != 1)
1228 errx(1, "OpenSSL %s (%zu) setting iv length failed: %s", alg->name,
1229 size, ERR_error_string(ERR_get_error(), NULL));
1230 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1)
1231 errx(1, "OpenSSL %s (%zu) setting tag length failed: %s", alg->name,
1232 size, ERR_error_string(ERR_get_error(), NULL));
1233 if (EVP_EncryptInit_ex(ctx, NULL, NULL, (const u_char *)key,
1234 (const u_char *)iv) != 1)
1235 errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
1236 size, ERR_error_string(ERR_get_error(), NULL));
1237 if (EVP_EncryptUpdate(ctx, NULL, &outl, NULL, size) != 1)
1238 errx(1, "OpenSSL %s (%zu) unable to set data length: %s", alg->name,
1239 size, ERR_error_string(ERR_get_error(), NULL));
1242 if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)aad,
1244 errx(1, "OpenSSL %s (%zu) aad update failed: %s",
1246 ERR_error_string(ERR_get_error(), NULL));
1248 if (EVP_EncryptUpdate(ctx, (u_char *)output, &outl,
1249 (const u_char *)input, size) != 1)
1250 errx(1, "OpenSSL %s (%zu) encrypt update failed: %s", alg->name,
1251 size, ERR_error_string(ERR_get_error(), NULL));
1253 if (EVP_EncryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1)
1254 errx(1, "OpenSSL %s (%zu) encrypt final failed: %s", alg->name,
1255 size, ERR_error_string(ERR_get_error(), NULL));
1258 errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name,
1260 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, AES_CBC_MAC_HASH_LEN,
1262 errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name,
1263 size, ERR_error_string(ERR_get_error(), NULL));
1264 EVP_CIPHER_CTX_free(ctx);
1268 ocf_init_aead_session(const struct alg *alg, const char *key, size_t key_len,
1269 struct ocf_session *ses)
1271 struct session2_op sop;
1274 sop.keylen = key_len;
1275 sop.key = (char *)key;
1276 sop.cipher = alg->cipher;
1277 return (ocf_init_session(&sop, "AEAD", alg->name, ses));
1281 ocf_aead(const struct ocf_session *ses, const struct alg *alg, const char *iv,
1282 size_t iv_len, const char *aad, size_t aad_len, const char *input,
1283 char *output, size_t size, char *tag, int op)
1285 struct crypt_aead caead;
1287 ocf_init_caead(ses, &caead);
1290 caead.aadlen = aad_len;
1291 caead.ivlen = iv_len;
1292 caead.src = (char *)input;
1294 caead.aad = (char *)aad;
1296 caead.iv = (char *)iv;
1298 if (ioctl(ses->fd, CIOCCRYPTAEAD, &caead) < 0)
1303 #define AEAD_MAX_TAG_LEN MAX(AES_GMAC_HASH_LEN, AES_CBC_MAC_HASH_LEN)
1306 run_aead_test(const struct alg *alg, size_t size)
1308 struct ocf_session ses;
1309 const EVP_CIPHER *cipher;
1310 char *aad, *buffer, *cleartext, *ciphertext;
1312 u_int iv_len, key_len;
1314 char control_tag[AEAD_MAX_TAG_LEN], test_tag[AEAD_MAX_TAG_LEN];
1316 cipher = alg->evp_cipher();
1317 if (size % EVP_CIPHER_block_size(cipher) != 0) {
1320 "%s (%zu): invalid buffer size (block size %d)\n",
1321 alg->name, size, EVP_CIPHER_block_size(cipher));
1325 memset(control_tag, 0x3c, sizeof(control_tag));
1326 memset(test_tag, 0x3c, sizeof(test_tag));
1328 key_len = EVP_CIPHER_key_length(cipher);
1329 iv_len = EVP_CIPHER_iv_length(cipher);
1332 * AES-CCM can have varying IV lengths; however, for the moment
1333 * we only support AES_CCM_IV_LEN (12). So if the sizes are
1334 * different, we'll fail.
1336 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE &&
1337 iv_len != AES_CCM_IV_LEN) {
1339 printf("OpenSSL CCM IV length (%d) != AES_CCM_IV_LEN",
1344 key = alloc_buffer(key_len);
1345 iv = generate_iv(iv_len, alg);
1346 cleartext = alloc_buffer(size);
1347 buffer = malloc(size);
1348 ciphertext = malloc(size);
1350 aad = alloc_buffer(aad_len);
1354 /* OpenSSL encrypt */
1355 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE)
1356 openssl_ccm_encrypt(alg, cipher, key, iv, iv_len, aad,
1357 aad_len, cleartext, ciphertext, size, control_tag);
1359 openssl_gcm_encrypt(alg, cipher, key, iv, aad, aad_len,
1360 cleartext, ciphertext, size, control_tag);
1362 if (!ocf_init_aead_session(alg, key, key_len, &ses))
1366 error = ocf_aead(&ses, alg, iv, iv_len, aad, aad_len, cleartext, buffer,
1367 size, test_tag, COP_ENCRYPT);
1369 warnc(error, "cryptodev %s (%zu) failed for device %s",
1370 alg->name, size, crfind(ses.crid));
1373 if (memcmp(ciphertext, buffer, size) != 0) {
1374 printf("%s (%zu) encryption mismatch:\n", alg->name, size);
1375 printf("control:\n");
1376 hexdump(ciphertext, size, NULL, 0);
1377 printf("test (cryptodev device %s):\n", crfind(crid));
1378 hexdump(buffer, size, NULL, 0);
1381 if (memcmp(control_tag, test_tag, sizeof(control_tag)) != 0) {
1382 printf("%s (%zu) enc tag mismatch:\n", alg->name, size);
1383 printf("control:\n");
1384 hexdump(control_tag, sizeof(control_tag), NULL, 0);
1385 printf("test (cryptodev device %s):\n", crfind(crid));
1386 hexdump(test_tag, sizeof(test_tag), NULL, 0);
1391 error = ocf_aead(&ses, alg, iv, iv_len, aad, aad_len, ciphertext,
1392 buffer, size, control_tag, COP_DECRYPT);
1394 warnc(error, "cryptodev %s (%zu) failed for device %s",
1395 alg->name, size, crfind(ses.crid));
1398 if (memcmp(cleartext, buffer, size) != 0) {
1399 printf("%s (%zu) decryption mismatch:\n", alg->name, size);
1400 printf("control:\n");
1401 hexdump(cleartext, size, NULL, 0);
1402 printf("test (cryptodev device %s):\n", crfind(crid));
1403 hexdump(buffer, size, NULL, 0);
1407 /* Verify OCF decrypt fails with busted tag. */
1409 error = ocf_aead(&ses, alg, iv, iv_len, aad, aad_len, ciphertext,
1410 buffer, size, test_tag, COP_DECRYPT);
1411 if (error != EBADMSG) {
1414 "cryptodev %s (%zu) corrupt tag failed for device %s",
1415 alg->name, size, crfind(ses.crid));
1418 "cryptodev %s (%zu) corrupt tag didn't fail for device %s",
1419 alg->name, size, crfind(ses.crid));
1424 printf("%s (%zu) matched (cryptodev device %s)\n",
1425 alg->name, size, crfind(ses.crid));
1428 ocf_destroy_session(&ses);
1438 run_test(const struct alg *alg, size_t size)
1441 switch (alg->type) {
1443 run_hash_test(alg, size);
1446 run_hmac_test(alg, size);
1449 run_gmac_test(alg, size);
1452 run_cipher_test(alg, size);
1455 run_eta_test(alg, size);
1458 run_aead_test(alg, size);
1464 run_test_sizes(const struct alg *alg, size_t *sizes, u_int nsizes)
1468 for (i = 0; i < nsizes; i++)
1469 run_test(alg, sizes[i]);
1473 run_hash_tests(size_t *sizes, u_int nsizes)
1477 for (i = 0; i < nitems(algs); i++)
1478 if (algs[i].type == T_HASH)
1479 run_test_sizes(&algs[i], sizes, nsizes);
1483 run_mac_tests(size_t *sizes, u_int nsizes)
1487 for (i = 0; i < nitems(algs); i++)
1488 if (algs[i].type == T_HMAC || algs[i].type == T_GMAC)
1489 run_test_sizes(&algs[i], sizes, nsizes);
1493 run_cipher_tests(size_t *sizes, u_int nsizes)
1497 for (i = 0; i < nitems(algs); i++)
1498 if (algs[i].type == T_CIPHER)
1499 run_test_sizes(&algs[i], sizes, nsizes);
1503 run_eta_tests(size_t *sizes, u_int nsizes)
1505 const struct alg *cipher, *mac;
1509 for (i = 0; i < nitems(algs); i++) {
1511 if (cipher->type != T_CIPHER)
1513 for (j = 0; j < nitems(algs); j++) {
1515 if (mac->type != T_HMAC)
1517 eta = build_eta(cipher, mac);
1518 run_test_sizes(eta, sizes, nsizes);
1525 run_aead_tests(size_t *sizes, u_int nsizes)
1529 for (i = 0; i < nitems(algs); i++)
1530 if (algs[i].type == T_AEAD)
1531 run_test_sizes(&algs[i], sizes, nsizes);
1535 main(int ac, char **av)
1537 const char *algname;
1538 const struct alg *alg;
1546 crid = CRYPTO_FLAG_HARDWARE;
1549 while ((ch = getopt(ac, av, "A:a:d:vz")) != -1)
1552 aad_len = atoi(optarg);
1558 crid = crlookup(optarg);
1575 if (nsizes >= nitems(sizes)) {
1576 warnx("Too many sizes, ignoring extras");
1579 sizes[nsizes] = strtol(av[0], &cp, 0);
1581 errx(1, "Bad size %s", av[0]);
1587 if (algname == NULL)
1588 errx(1, "Algorithm required");
1593 while (sizes[nsizes - 1] * 2 < 240 * 1024) {
1594 assert(nsizes < nitems(sizes));
1595 sizes[nsizes] = sizes[nsizes - 1] * 2;
1598 if (sizes[nsizes - 1] < 240 * 1024) {
1599 assert(nsizes < nitems(sizes));
1600 sizes[nsizes] = 240 * 1024;
1606 if (strcasecmp(algname, "hash") == 0)
1607 run_hash_tests(sizes, nsizes);
1608 else if (strcasecmp(algname, "mac") == 0)
1609 run_mac_tests(sizes, nsizes);
1610 else if (strcasecmp(algname, "cipher") == 0)
1611 run_cipher_tests(sizes, nsizes);
1612 else if (strcasecmp(algname, "eta") == 0)
1613 run_eta_tests(sizes, nsizes);
1614 else if (strcasecmp(algname, "aead") == 0)
1615 run_aead_tests(sizes, nsizes);
1616 else if (strcasecmp(algname, "all") == 0) {
1617 run_hash_tests(sizes, nsizes);
1618 run_mac_tests(sizes, nsizes);
1619 run_cipher_tests(sizes, nsizes);
1620 run_eta_tests(sizes, nsizes);
1621 run_aead_tests(sizes, nsizes);
1622 } else if (strchr(algname, '+') != NULL) {
1623 eta = build_eta_name(algname);
1624 run_test_sizes(eta, sizes, nsizes);
1627 alg = find_alg(algname);
1629 errx(1, "Invalid algorithm %s", algname);
1630 run_test_sizes(alg, sizes, nsizes);