From 0b866c3ad53620cce326c69ce9d36d56d84225ec Mon Sep 17 00:00:00 2001 From: mikeb Date: Fri, 15 Aug 2014 14:39:04 +0000 Subject: [PATCH] Convert AES-CTR regress test from /dev/crypto to using kernel source code directly. This test is converted the same way jsing@ has recently converted an XTS test by pulling in xform.c code. --- regress/sys/crypto/aesctr/Makefile | 23 ++++- regress/sys/crypto/aesctr/aesctr.c | 134 +++++++++++------------------ 2 files changed, 70 insertions(+), 87 deletions(-) diff --git a/regress/sys/crypto/aesctr/Makefile b/regress/sys/crypto/aesctr/Makefile index 31ae500f188..972b7719d9e 100644 --- a/regress/sys/crypto/aesctr/Makefile +++ b/regress/sys/crypto/aesctr/Makefile @@ -1,10 +1,29 @@ -# $OpenBSD: Makefile,v 1.1 2005/05/25 05:47:53 markus Exp $ +# $OpenBSD: Makefile,v 1.2 2014/08/15 14:39:04 mikeb Exp $ + +DIR= ${.CURDIR}/../../../../sys + +CFLAGS+= -I${DIR} PROG= aesctr +SRCS= aesctr.c + +CDIAGFLAGS= -Wall +CDIAGFLAGS+= -Werror +CDIAGFLAGS+= -Wpointer-arith +CDIAGFLAGS+= -Wno-uninitialized +CDIAGFLAGS+= -Wstrict-prototypes +CDIAGFLAGS+= -Wmissing-prototypes +CDIAGFLAGS+= -Wunused +CDIAGFLAGS+= -Wsign-compare +CDIAGFLAGS+= -Wshadow REGRESS_ROOT_TARGETS= run-regress-${PROG} +.PATH: ${DIR}/crypto +SRCS+= cast.c ecb_enc.c ecb3_enc.c gmac.c rijndael.c set_key.c +SRCS+= xform.c + run-regress-${PROG}: ${PROG} - ${SUDO} ./${PROG} + ./${PROG} .include diff --git a/regress/sys/crypto/aesctr/aesctr.c b/regress/sys/crypto/aesctr/aesctr.c index 4cc1a6e39ce..a7107331a8d 100644 --- a/regress/sys/crypto/aesctr/aesctr.c +++ b/regress/sys/crypto/aesctr/aesctr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aesctr.c,v 1.1 2005/05/25 05:47:53 markus Exp $ */ +/* $OpenBSD: aesctr.c,v 1.2 2014/08/15 14:39:04 mikeb Exp $ */ /* * Copyright (c) 2005 Markus Friedl @@ -16,13 +16,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include #include -#include -#include -#include +#include #include -#include #include #include #include @@ -130,88 +126,63 @@ struct { }, }; -static int -syscrypt(const unsigned char *key, size_t klen, const unsigned char *iv, - const unsigned char *in, unsigned char *out, size_t len, int encrypt) -{ - struct session_op session; - struct crypt_op cryp; - int cryptodev_fd = -1, fd = -1; +/* Stubs */ - if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) { - warn("/dev/crypto"); - goto err; - } - if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) { - warn("CRIOGET failed"); - goto err; - } - memset(&session, 0, sizeof(session)); - session.cipher = CRYPTO_AES_CTR; - session.key = (caddr_t) key; - session.keylen = klen; - if (ioctl(fd, CIOCGSESSION, &session) == -1) { - warn("CIOCGSESSION"); - goto err; - } - memset(&cryp, 0, sizeof(cryp)); - cryp.ses = session.ses; - cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; - cryp.flags = 0; - cryp.len = len; - cryp.src = (caddr_t) in; - cryp.dst = (caddr_t) out; - cryp.iv = (caddr_t) iv; - cryp.mac = 0; - if (ioctl(fd, CIOCCRYPT, &cryp) == -1) { - warn("CIOCCRYPT"); - goto err; - } - if (ioctl(fd, CIOCFSESSION, &session.ses) == -1) { - warn("CIOCFSESSION"); - goto err; - } - close(fd); - close(cryptodev_fd); - return (0); +u_int32_t deflate_global(u_int8_t *, u_int32_t, int, u_int8_t **); -err: - if (fd != -1) - close(fd); - if (cryptodev_fd != -1) - close(cryptodev_fd); - return (-1); +u_int32_t +deflate_global(u_int8_t *data, u_int32_t size, int comp, u_int8_t **out) +{ + return 0; } -static int -getallowsoft(void) +void explicit_bzero(void *, size_t); + +void +explicit_bzero(void *b, size_t len) { - int mib[2], old; - size_t olen; + bzero(b, len); +} - olen = sizeof(old); +/* Definitions from /sys/crypto/xform.c */ - mib[0] = CTL_KERN; - mib[1] = KERN_CRYPTODEVALLOWSOFT; - if (sysctl(mib, 2, &old, &olen, NULL, 0) < 0) - err(1, "sysctl failed"); +#define AESCTR_NONCESIZE 4 +#define AESCTR_IVSIZE 8 +#define AESCTR_BLOCKSIZE 16 - return old; -} +struct aes_ctr_ctx { + u_int32_t ac_ek[4*(AES_MAXROUNDS + 1)]; + u_int8_t ac_block[AESCTR_BLOCKSIZE]; + int ac_nr; +}; -static void -setallowsoft(int new) -{ - int mib[2], old; - size_t olen, nlen; +int aes_ctr_setkey(void *, u_int8_t *, int); +void aes_ctr_encrypt(caddr_t, u_int8_t *); +void aes_ctr_decrypt(caddr_t, u_int8_t *); +void aes_ctr_reinit(caddr_t, u_int8_t *); - olen = nlen = sizeof(new); +static int +docrypt(const unsigned char *key, size_t klen, const unsigned char *iv, + const unsigned char *in, unsigned char *out, size_t len, int encrypt) +{ + u_int8_t block[AESCTR_BLOCKSIZE]; + struct aes_ctr_ctx ctx; + int error = 0; + size_t i; - mib[0] = CTL_KERN; - mib[1] = KERN_CRYPTODEVALLOWSOFT; + error = aes_ctr_setkey(&ctx, (u_int8_t *)key, klen); + if (error) + return -1; + aes_ctr_reinit((caddr_t)&ctx, (u_int8_t *)iv); + for (i = 0; i < len / AESCTR_BLOCKSIZE; i++) { + bcopy(in, block, AESCTR_BLOCKSIZE); + in += AESCTR_BLOCKSIZE; + aes_ctr_crypt(&ctx, block); + bcopy(block, out, AESCTR_BLOCKSIZE); + out += AESCTR_BLOCKSIZE; + } + return 0; - if (sysctl(mib, 2, &old, &olen, &new, nlen) < 0) - err(1, "sysctl failed"); } static int @@ -268,7 +239,7 @@ run(int num) warn("malloc"); return (1); } - if (syscrypt(data[TST_KEY], length[TST_KEY], + if (docrypt(data[TST_KEY], length[TST_KEY], data[TST_IV], data[TST_PLAIN], p, length[TST_PLAIN], 0) < 0) { warnx("crypt with /dev/crypto failed"); @@ -285,16 +256,9 @@ done: int main(int argc, char **argv) { - int allowed = 0, fail = 0, i; + int fail = 0, i; - if (geteuid() == 0) { - allowed = getallowsoft(); - if (allowed == 0) - setallowsoft(1); - } for (i = 0; i < (sizeof(tests) / sizeof(tests[0])); i++) fail += run(i); - if (geteuid() == 0 && allowed == 0) - setallowsoft(0); exit((fail > 0) ? 1 : 0); } -- 2.20.1