Index: tools/tools/crypto/cryptocheck.c =================================================================== --- tools/tools/crypto/cryptocheck.c +++ tools/tools/crypto/cryptocheck.c @@ -120,6 +120,7 @@ * aes-ccm 128-bit AES-CCM * aes-ccm192 192-bit AES-CCM * aes-ccm256 256-bit AES-CCM + * chacha20-poly1305 Chacha20 (96 bit nonce) with Poly1305 per RFC 8439 */ #include @@ -148,6 +149,7 @@ const char *name; int cipher; int mac; + int tag_len; enum { T_HASH, T_HMAC, T_GMAC, T_CIPHER, T_ETA, T_AEAD } type; const EVP_CIPHER *(*evp_cipher)(void); const EVP_MD *(*evp_md)(void); @@ -201,17 +203,22 @@ { .name = "chacha20", .cipher = CRYPTO_CHACHA20, .type = T_CIPHER, .evp_cipher = EVP_chacha20 }, { .name = "aes-gcm", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD, - .evp_cipher = EVP_aes_128_gcm }, + .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_128_gcm }, { .name = "aes-gcm192", .cipher = CRYPTO_AES_NIST_GCM_16, - .type = T_AEAD, .evp_cipher = EVP_aes_192_gcm }, + .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN, + .evp_cipher = EVP_aes_192_gcm }, { .name = "aes-gcm256", .cipher = CRYPTO_AES_NIST_GCM_16, - .type = T_AEAD, .evp_cipher = EVP_aes_256_gcm }, + .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN, + .evp_cipher = EVP_aes_256_gcm }, { .name = "aes-ccm", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, .evp_cipher = EVP_aes_128_ccm }, { .name = "aes-ccm192", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, .evp_cipher = EVP_aes_192_ccm }, { .name = "aes-ccm256", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, .evp_cipher = EVP_aes_256_ccm }, + { .name = "chacha20-poly1305", .cipher = CRYPTO_CHACHA20_POLY1305, + .type = T_AEAD, .tag_len = POLY1305_HASH_LEN, + .evp_cipher = EVP_chacha20_poly1305 }, }; static bool verbose; @@ -1046,7 +1053,7 @@ if (EVP_EncryptFinal_ex(ctx, NULL, &outl) != 1) errx(1, "OpenSSL %s (%zu) final failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN, + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, AES_GMAC_HASH_LEN, tag) != 1) errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); @@ -1133,9 +1140,9 @@ } static void -openssl_gcm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, +openssl_aead_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, const char *key, const char *iv, const char *aad, size_t aad_len, - const char *input, char *output, size_t size, char *tag) + const char *input, char *output, size_t size, char *tag, size_t tag_len) { EVP_CIPHER_CTX *ctx; int outl, total; @@ -1168,8 +1175,7 @@ if ((size_t)total != size) errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name, size, total); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN, - tag) != 1) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_len, tag) != 1) errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); EVP_CIPHER_CTX_free(ctx); @@ -1177,9 +1183,9 @@ #ifdef notused static bool -openssl_gcm_decrypt(const struct alg *alg, const EVP_CIPHER *cipher, +openssl_aead_decrypt(const struct alg *alg, const EVP_CIPHER *cipher, const char *key, const char *iv, const char *aad, size_t aad_len, - const char *input, char *output, size_t size, char *tag) + const char *input, char *output, size_t size, char *tag, size_t tag_len) { EVP_CIPHER_CTX *ctx; int outl, total; @@ -1206,8 +1212,7 @@ errx(1, "OpenSSL %s (%zu) decrypt update failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); total = outl; - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_GMAC_HASH_LEN, - tag) != 1) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag) != 1) errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); valid = (EVP_DecryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1); @@ -1235,10 +1240,10 @@ if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_len, NULL) != 1) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, NULL) != 1) errx(1, "OpenSSL %s (%zu) setting iv length failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1) errx(1, "OpenSSL %s (%zu) setting tag length failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); if (EVP_EncryptInit_ex(ctx, NULL, NULL, (const u_char *)key, @@ -1268,7 +1273,7 @@ if ((size_t)total != size) errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name, size, total); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, AES_CBC_MAC_HASH_LEN, + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, AES_CBC_MAC_HASH_LEN, tag) != 1) errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); @@ -1311,7 +1316,8 @@ return (0); } -#define AEAD_MAX_TAG_LEN MAX(AES_GMAC_HASH_LEN, AES_CBC_MAC_HASH_LEN) +#define AEAD_MAX_TAG_LEN \ + MAX(MAX(AES_GMAC_HASH_LEN, AES_CBC_MAC_HASH_LEN), POLY1305_HASH_LEN) static void run_aead_test(const struct alg *alg, size_t aad_len, size_t size) @@ -1368,8 +1374,8 @@ openssl_ccm_encrypt(alg, cipher, key, iv, iv_len, aad, aad_len, cleartext, ciphertext, size, control_tag); else - openssl_gcm_encrypt(alg, cipher, key, iv, aad, aad_len, - cleartext, ciphertext, size, control_tag); + openssl_aead_encrypt(alg, cipher, key, iv, aad, aad_len, + cleartext, ciphertext, size, control_tag, alg->tag_len); if (!ocf_init_aead_session(alg, key, key_len, &ses)) goto out;