From nobody Thu Oct 21 17:06:54 2021 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C0EBF1806B16; Thu, 21 Oct 2021 17:06:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HZv6756XKz4gwS; Thu, 21 Oct 2021 17:06:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A5F9E1ED6D; Thu, 21 Oct 2021 17:06:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19LH6spk080146; Thu, 21 Oct 2021 17:06:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19LH6sS0080145; Thu, 21 Oct 2021 17:06:54 GMT (envelope-from git) Date: Thu, 21 Oct 2021 17:06:54 GMT Message-Id: <202110211706.19LH6sS0080145@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 1ab6c8ca7eed - stable/13 - cryptocheck: Add support for the Poly1305 digest. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 1ab6c8ca7eed3d0e75959636d6855a92ebf5015b Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=1ab6c8ca7eed3d0e75959636d6855a92ebf5015b commit 1ab6c8ca7eed3d0e75959636d6855a92ebf5015b Author: John Baldwin AuthorDate: 2021-03-03 23:17:00 +0000 Commit: John Baldwin CommitDate: 2021-10-21 15:51:23 +0000 cryptocheck: Add support for the Poly1305 digest. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D28758 (cherry picked from commit 68c03734484f679bf2f15fc81359128e331db364) --- tools/tools/crypto/cryptocheck.c | 90 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 85 insertions(+), 5 deletions(-) diff --git a/tools/tools/crypto/cryptocheck.c b/tools/tools/crypto/cryptocheck.c index fc08396b45f5..389d0cc9f610 100644 --- a/tools/tools/crypto/cryptocheck.c +++ b/tools/tools/crypto/cryptocheck.c @@ -98,6 +98,7 @@ * gmac 128-bit GMAC * gmac192 192-bit GMAC * gmac256 256-bit GMAC + * poly1305 * * Ciphers: * aes-cbc 128-bit AES-CBC @@ -149,10 +150,12 @@ static const struct alg { const char *name; int cipher; int mac; - enum { T_HASH, T_HMAC, T_GMAC, T_CIPHER, T_ETA, T_AEAD } type; + enum { T_HASH, T_HMAC, T_GMAC, T_DIGEST, T_CIPHER, T_ETA, T_AEAD } type; + int key_len; int tag_len; const EVP_CIPHER *(*evp_cipher)(void); const EVP_MD *(*evp_md)(void); + int pkey; } algs[] = { { .name = "sha1", .mac = CRYPTO_SHA1, .type = T_HASH, .evp_md = EVP_sha1 }, @@ -184,6 +187,8 @@ static const struct alg { .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_192_gcm }, { .name = "gmac256", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_256_gcm }, + { .name = "poly1305", .mac = CRYPTO_POLY1305, .type = T_DIGEST, + .key_len = POLY1305_KEY_LEN, .pkey = EVP_PKEY_POLY1305 }, { .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, .evp_cipher = EVP_aes_128_cbc }, { .name = "aes-cbc192", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, @@ -1061,7 +1066,7 @@ openssl_gmac(const struct alg *alg, const EVP_CIPHER *cipher, const char *key, } static bool -ocf_gmac(const struct alg *alg, const char *input, size_t size, const char *key, +ocf_mac(const struct alg *alg, const char *input, size_t size, const char *key, size_t key_len, const char *iv, char *tag, int *cridp) { struct ocf_session ses; @@ -1072,7 +1077,7 @@ ocf_gmac(const struct alg *alg, const char *input, size_t size, const char *key, sop.mackeylen = key_len; sop.mackey = key; sop.mac = alg->mac; - if (!ocf_init_session(&sop, "GMAC", alg->name, &ses)) + if (!ocf_init_session(&sop, "MAC", alg->name, &ses)) return (false); ocf_init_cop(&ses, &cop); @@ -1119,7 +1124,78 @@ run_gmac_test(const struct alg *alg, size_t size) openssl_gmac(alg, cipher, key, iv, buffer, size, control_tag); /* OCF GMAC. */ - if (!ocf_gmac(alg, buffer, size, key, key_len, iv, test_tag, &crid)) + if (!ocf_mac(alg, buffer, size, key, key_len, iv, test_tag, &crid)) + goto out; + if (memcmp(control_tag, test_tag, sizeof(control_tag)) != 0) { + printf("%s (%zu) mismatch:\n", alg->name, size); + printf("control:\n"); + hexdump(control_tag, sizeof(control_tag), NULL, 0); + printf("test (cryptodev device %s):\n", crfind(crid)); + hexdump(test_tag, sizeof(test_tag), NULL, 0); + goto out; + } + + if (verbose) + printf("%s (%zu) matched (cryptodev device %s)\n", + alg->name, size, crfind(crid)); + +out: + free(buffer); + free(key); +} + +static void +openssl_digest(const struct alg *alg, const char *key, u_int key_len, + const char *input, size_t size, char *tag, u_int tag_len) +{ + EVP_MD_CTX *mdctx; + EVP_PKEY *pkey; + size_t len; + + pkey = EVP_PKEY_new_raw_private_key(alg->pkey, NULL, key, key_len); + if (pkey == NULL) + errx(1, "OpenSSL %s (%zu) pkey new failed: %s", alg->name, + size, ERR_error_string(ERR_get_error(), NULL)); + mdctx = EVP_MD_CTX_new(); + if (mdctx == NULL) + errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name, + size, ERR_error_string(ERR_get_error(), NULL)); + if (EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey) != 1) + errx(1, "OpenSSL %s (%zu) digest sign init failed: %s", + alg->name, size, ERR_error_string(ERR_get_error(), NULL)); + if (EVP_DigestSignUpdate(mdctx, input, size) != 1) + errx(1, "OpenSSL %s (%zu) digest update failed: %s", alg->name, + size, ERR_error_string(ERR_get_error(), NULL)); + len = tag_len; + if (EVP_DigestSignFinal(mdctx, tag, &len) != 1) + errx(1, "OpenSSL %s (%zu) digest final failed: %s", alg->name, + size, ERR_error_string(ERR_get_error(), NULL)); + EVP_MD_CTX_free(mdctx); + EVP_PKEY_free(pkey); +} + +static void +run_digest_test(const struct alg *alg, size_t size) +{ + char *key, *buffer; + u_int key_len; + int crid; + char control_tag[EVP_MAX_MD_SIZE], test_tag[EVP_MAX_MD_SIZE]; + + memset(control_tag, 0x3c, sizeof(control_tag)); + memset(test_tag, 0x3c, sizeof(test_tag)); + + key_len = alg->key_len; + + key = alloc_buffer(key_len); + buffer = alloc_buffer(size); + + /* OpenSSL Poly1305. */ + openssl_digest(alg, key, key_len, buffer, size, control_tag, + sizeof(control_tag)); + + /* OCF Poly1305. */ + if (!ocf_mac(alg, buffer, size, key, key_len, NULL, test_tag, &crid)) goto out; if (memcmp(control_tag, test_tag, sizeof(control_tag)) != 0) { printf("%s (%zu) mismatch:\n", alg->name, size); @@ -1471,6 +1547,9 @@ run_test(const struct alg *alg, size_t aad_len, size_t size) case T_GMAC: run_gmac_test(alg, size); break; + case T_DIGEST: + run_digest_test(alg, size); + break; case T_CIPHER: run_cipher_test(alg, size); break; @@ -1518,7 +1597,8 @@ run_mac_tests(void) u_int i; for (i = 0; i < nitems(algs); i++) - if (algs[i].type == T_HMAC || algs[i].type == T_GMAC) + if (algs[i].type == T_HMAC || algs[i].type == T_GMAC || + algs[i].type == T_DIGEST) run_test_sizes(&algs[i]); }