Changeset View
Changeset View
Standalone View
Standalone View
tools/tools/crypto/cryptocheck.c
Show First 20 Lines • Show All 114 Lines • ▼ Show 20 Lines | |||||
* | * | ||||
* Authenticated Encryption with Associated Data: | * Authenticated Encryption with Associated Data: | ||||
* aes-gcm 128-bit AES-GCM | * aes-gcm 128-bit AES-GCM | ||||
* aes-gcm192 192-bit AES-GCM | * aes-gcm192 192-bit AES-GCM | ||||
* aes-gcm256 256-bit AES-GCM | * aes-gcm256 256-bit AES-GCM | ||||
* aes-ccm 128-bit AES-CCM | * aes-ccm 128-bit AES-CCM | ||||
* aes-ccm192 192-bit AES-CCM | * aes-ccm192 192-bit AES-CCM | ||||
* aes-ccm256 256-bit AES-CCM | * aes-ccm256 256-bit AES-CCM | ||||
* chacha20-poly1305 Chacha20 (96 bit nonce) with Poly1305 per RFC 8439 | |||||
*/ | */ | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#include <sys/sysctl.h> | #include <sys/sysctl.h> | ||||
#include <assert.h> | #include <assert.h> | ||||
#include <err.h> | #include <err.h> | ||||
#include <fcntl.h> | #include <fcntl.h> | ||||
#include <libutil.h> | #include <libutil.h> | ||||
Show All 13 Lines | struct ocf_session { | ||||
int crid; | int crid; | ||||
}; | }; | ||||
static const struct alg { | static const struct alg { | ||||
const char *name; | const char *name; | ||||
int cipher; | int cipher; | ||||
int mac; | int mac; | ||||
enum { T_HASH, T_HMAC, T_GMAC, T_CIPHER, T_ETA, T_AEAD } type; | enum { T_HASH, T_HMAC, T_GMAC, T_CIPHER, T_ETA, T_AEAD } type; | ||||
int tag_len; | |||||
const EVP_CIPHER *(*evp_cipher)(void); | const EVP_CIPHER *(*evp_cipher)(void); | ||||
const EVP_MD *(*evp_md)(void); | const EVP_MD *(*evp_md)(void); | ||||
} algs[] = { | } algs[] = { | ||||
{ .name = "sha1", .mac = CRYPTO_SHA1, .type = T_HASH, | { .name = "sha1", .mac = CRYPTO_SHA1, .type = T_HASH, | ||||
.evp_md = EVP_sha1 }, | .evp_md = EVP_sha1 }, | ||||
{ .name = "sha224", .mac = CRYPTO_SHA2_224, .type = T_HASH, | { .name = "sha224", .mac = CRYPTO_SHA2_224, .type = T_HASH, | ||||
.evp_md = EVP_sha224 }, | .evp_md = EVP_sha224 }, | ||||
{ .name = "sha256", .mac = CRYPTO_SHA2_256, .type = T_HASH, | { .name = "sha256", .mac = CRYPTO_SHA2_256, .type = T_HASH, | ||||
Show All 12 Lines | const EVP_MD *(*evp_md)(void); | ||||
.evp_md = EVP_sha384 }, | .evp_md = EVP_sha384 }, | ||||
{ .name = "sha512hmac", .mac = CRYPTO_SHA2_512_HMAC, .type = T_HMAC, | { .name = "sha512hmac", .mac = CRYPTO_SHA2_512_HMAC, .type = T_HMAC, | ||||
.evp_md = EVP_sha512 }, | .evp_md = EVP_sha512 }, | ||||
{ .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HASH, | { .name = "blake2b", .mac = CRYPTO_BLAKE2B, .type = T_HASH, | ||||
.evp_md = EVP_blake2b512 }, | .evp_md = EVP_blake2b512 }, | ||||
{ .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH, | { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH, | ||||
.evp_md = EVP_blake2s256 }, | .evp_md = EVP_blake2s256 }, | ||||
{ .name = "gmac", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, | { .name = "gmac", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, | ||||
.evp_cipher = EVP_aes_128_gcm }, | .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_128_gcm }, | ||||
{ .name = "gmac192", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, | { .name = "gmac192", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, | ||||
.evp_cipher = EVP_aes_192_gcm }, | .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_192_gcm }, | ||||
{ .name = "gmac256", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, | { .name = "gmac256", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, | ||||
.evp_cipher = EVP_aes_256_gcm }, | .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_256_gcm }, | ||||
{ .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, | { .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, | ||||
.evp_cipher = EVP_aes_128_cbc }, | .evp_cipher = EVP_aes_128_cbc }, | ||||
{ .name = "aes-cbc192", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, | { .name = "aes-cbc192", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, | ||||
.evp_cipher = EVP_aes_192_cbc }, | .evp_cipher = EVP_aes_192_cbc }, | ||||
{ .name = "aes-cbc256", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, | { .name = "aes-cbc256", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, | ||||
.evp_cipher = EVP_aes_256_cbc }, | .evp_cipher = EVP_aes_256_cbc }, | ||||
{ .name = "aes-ctr", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER, | { .name = "aes-ctr", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER, | ||||
.evp_cipher = EVP_aes_128_ctr }, | .evp_cipher = EVP_aes_128_ctr }, | ||||
{ .name = "aes-ctr192", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER, | { .name = "aes-ctr192", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER, | ||||
.evp_cipher = EVP_aes_192_ctr }, | .evp_cipher = EVP_aes_192_ctr }, | ||||
{ .name = "aes-ctr256", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER, | { .name = "aes-ctr256", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER, | ||||
.evp_cipher = EVP_aes_256_ctr }, | .evp_cipher = EVP_aes_256_ctr }, | ||||
{ .name = "aes-xts", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER, | { .name = "aes-xts", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER, | ||||
.evp_cipher = EVP_aes_128_xts }, | .evp_cipher = EVP_aes_128_xts }, | ||||
{ .name = "aes-xts256", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER, | { .name = "aes-xts256", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER, | ||||
.evp_cipher = EVP_aes_256_xts }, | .evp_cipher = EVP_aes_256_xts }, | ||||
{ .name = "chacha20", .cipher = CRYPTO_CHACHA20, .type = T_CIPHER, | { .name = "chacha20", .cipher = CRYPTO_CHACHA20, .type = T_CIPHER, | ||||
.evp_cipher = EVP_chacha20 }, | .evp_cipher = EVP_chacha20 }, | ||||
{ .name = "aes-gcm", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD, | { .name = "aes-gcm", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD, | ||||
.evp_cipher = EVP_aes_128_gcm }, | .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_128_gcm }, | ||||
{ .name = "aes-gcm192", .cipher = CRYPTO_AES_NIST_GCM_16, | { .name = "aes-gcm192", .cipher = CRYPTO_AES_NIST_GCM_16, | ||||
.type = T_AEAD, .evp_cipher = EVP_aes_192_gcm }, | .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN, | ||||
.evp_cipher = EVP_aes_192_gcm }, | |||||
{ .name = "aes-gcm256", .cipher = CRYPTO_AES_NIST_GCM_16, | { .name = "aes-gcm256", .cipher = CRYPTO_AES_NIST_GCM_16, | ||||
.type = T_AEAD, .evp_cipher = EVP_aes_256_gcm }, | .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN, | ||||
.evp_cipher = EVP_aes_256_gcm }, | |||||
{ .name = "aes-ccm", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, | { .name = "aes-ccm", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, | ||||
.evp_cipher = EVP_aes_128_ccm }, | .evp_cipher = EVP_aes_128_ccm, .tag_len = AES_CBC_MAC_HASH_LEN }, | ||||
{ .name = "aes-ccm192", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, | { .name = "aes-ccm192", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, | ||||
.evp_cipher = EVP_aes_192_ccm }, | .evp_cipher = EVP_aes_192_ccm, .tag_len = AES_CBC_MAC_HASH_LEN }, | ||||
{ .name = "aes-ccm256", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, | { .name = "aes-ccm256", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, | ||||
.evp_cipher = EVP_aes_256_ccm }, | .evp_cipher = EVP_aes_256_ccm, .tag_len = AES_CBC_MAC_HASH_LEN }, | ||||
{ .name = "chacha20-poly1305", .cipher = CRYPTO_CHACHA20_POLY1305, | |||||
.type = T_AEAD, .tag_len = POLY1305_HASH_LEN, | |||||
.evp_cipher = EVP_chacha20_poly1305 }, | |||||
cem: Shouldn't CCM have a tag len as well? I know it's a bit of an oddball. | |||||
Done Inline ActionsHmm, the reason I didn't is that CCM doesn't use the "generic" aead routines because of it's oddball nature. I could add the tag len though for completeness, it just wouldn't be used. jhb: Hmm, the reason I didn't is that CCM doesn't use the "generic" aead routines because of it's… | |||||
}; | }; | ||||
static bool verbose; | static bool verbose; | ||||
static int requested_crid; | static int requested_crid; | ||||
static size_t aad_sizes[48], sizes[128]; | static size_t aad_sizes[48], sizes[128]; | ||||
static u_int naad_sizes, nsizes; | static u_int naad_sizes, nsizes; | ||||
static void | static void | ||||
▲ Show 20 Lines • Show All 818 Lines • ▼ Show 20 Lines | openssl_gmac(const struct alg *alg, const EVP_CIPHER *cipher, const char *key, | ||||
EVP_CIPHER_CTX_set_padding(ctx, 0); | EVP_CIPHER_CTX_set_padding(ctx, 0); | ||||
if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)input, | if (EVP_EncryptUpdate(ctx, NULL, &outl, (const u_char *)input, | ||||
size) != 1) | size) != 1) | ||||
errx(1, "OpenSSL %s (%zu) update failed: %s", | errx(1, "OpenSSL %s (%zu) update failed: %s", | ||||
alg->name, size, ERR_error_string(ERR_get_error(), NULL)); | alg->name, size, ERR_error_string(ERR_get_error(), NULL)); | ||||
if (EVP_EncryptFinal_ex(ctx, NULL, &outl) != 1) | if (EVP_EncryptFinal_ex(ctx, NULL, &outl) != 1) | ||||
errx(1, "OpenSSL %s (%zu) final failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) final failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN, | if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, alg->tag_len, | ||||
Done Inline Actionsalg->tag_len? cem: `alg->tag_len`? | |||||
Done Inline ActionsI could, I didn't change this one only because it is 'openssl_gmac' and thus GMAC specific. I wonder if I can just reuse 'openssl_aead' though for the GMAC case by passing in a zero-byte payload. If that works, I might add that as a separate cleanup prior to this in the series. jhb: I could, I didn't change this one only because it is 'openssl_gmac' and thus GMAC specific. I… | |||||
tag) != 1) | tag) != 1) | ||||
errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
EVP_CIPHER_CTX_free(ctx); | EVP_CIPHER_CTX_free(ctx); | ||||
} | } | ||||
static bool | static bool | ||||
ocf_gmac(const struct alg *alg, const char *input, size_t size, const char *key, | ocf_gmac(const struct alg *alg, const char *input, size_t size, const char *key, | ||||
▲ Show 20 Lines • Show All 70 Lines • ▼ Show 20 Lines | printf("%s (%zu) matched (cryptodev device %s)\n", | ||||
alg->name, size, crfind(crid)); | alg->name, size, crfind(crid)); | ||||
out: | out: | ||||
free(buffer); | free(buffer); | ||||
free(key); | free(key); | ||||
} | } | ||||
static void | static void | ||||
openssl_gcm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, | openssl_aead_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, | ||||
const char *key, const char *iv, const char *aad, size_t aad_len, | const char *key, const char *iv, const char *aad, size_t aad_len, | ||||
const char *input, char *output, size_t size, char *tag) | const char *input, char *output, size_t size, char *tag) | ||||
{ | { | ||||
Done Inline ActionsSeems odd to pass it when it's available in alg. cem: Seems odd to pass it when it's available in `alg`. | |||||
EVP_CIPHER_CTX *ctx; | EVP_CIPHER_CTX *ctx; | ||||
int outl, total; | int outl, total; | ||||
ctx = EVP_CIPHER_CTX_new(); | ctx = EVP_CIPHER_CTX_new(); | ||||
if (ctx == NULL) | if (ctx == NULL) | ||||
errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
if (EVP_EncryptInit_ex(ctx, cipher, NULL, (const u_char *)key, | if (EVP_EncryptInit_ex(ctx, cipher, NULL, (const u_char *)key, | ||||
Show All 15 Lines | openssl_aead_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, | ||||
total = outl; | total = outl; | ||||
if (EVP_EncryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1) | if (EVP_EncryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1) | ||||
errx(1, "OpenSSL %s (%zu) encrypt final failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) encrypt final failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
total += outl; | total += outl; | ||||
if ((size_t)total != size) | if ((size_t)total != size) | ||||
errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name, | errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name, | ||||
size, total); | size, total); | ||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN, | if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, alg->tag_len, | ||||
tag) != 1) | tag) != 1) | ||||
errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
EVP_CIPHER_CTX_free(ctx); | EVP_CIPHER_CTX_free(ctx); | ||||
} | } | ||||
#ifdef notused | #ifdef notused | ||||
static bool | static bool | ||||
openssl_gcm_decrypt(const struct alg *alg, const EVP_CIPHER *cipher, | openssl_aead_decrypt(const struct alg *alg, const EVP_CIPHER *cipher, | ||||
const char *key, const char *iv, const char *aad, size_t aad_len, | const char *key, const char *iv, const char *aad, size_t aad_len, | ||||
const char *input, char *output, size_t size, char *tag) | const char *input, char *output, size_t size, char *tag) | ||||
{ | { | ||||
EVP_CIPHER_CTX *ctx; | EVP_CIPHER_CTX *ctx; | ||||
int outl, total; | int outl, total; | ||||
bool valid; | bool valid; | ||||
ctx = EVP_CIPHER_CTX_new(); | ctx = EVP_CIPHER_CTX_new(); | ||||
Show All 12 Lines | if (EVP_DecryptUpdate(ctx, NULL, &outl, (const u_char *)aad, | ||||
alg->name, size, | alg->name, size, | ||||
ERR_error_string(ERR_get_error(), NULL)); | ERR_error_string(ERR_get_error(), NULL)); | ||||
} | } | ||||
if (EVP_DecryptUpdate(ctx, (u_char *)output, &outl, | if (EVP_DecryptUpdate(ctx, (u_char *)output, &outl, | ||||
(const u_char *)input, size) != 1) | (const u_char *)input, size) != 1) | ||||
errx(1, "OpenSSL %s (%zu) decrypt update failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) decrypt update failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
total = outl; | total = outl; | ||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_GMAC_HASH_LEN, | if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, alg->tag_len, | ||||
tag) != 1) | tag) != 1) | ||||
errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
valid = (EVP_DecryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1); | valid = (EVP_DecryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1); | ||||
total += outl; | total += outl; | ||||
if (total != size) | if (total != size) | ||||
errx(1, "OpenSSL %s (%zu) decrypt size mismatch: %d", alg->name, | errx(1, "OpenSSL %s (%zu) decrypt size mismatch: %d", alg->name, | ||||
size, total); | size, total); | ||||
Show All 12 Lines | openssl_ccm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, | ||||
ctx = EVP_CIPHER_CTX_new(); | ctx = EVP_CIPHER_CTX_new(); | ||||
if (ctx == NULL) | if (ctx == NULL) | ||||
errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) ctx new failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) | if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) | ||||
errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_len, NULL) != 1) | if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, NULL) != 1) | ||||
errx(1, "OpenSSL %s (%zu) setting iv length failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) setting iv length failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1) | if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1) | ||||
errx(1, "OpenSSL %s (%zu) setting tag length failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) setting tag length failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
if (EVP_EncryptInit_ex(ctx, NULL, NULL, (const u_char *)key, | if (EVP_EncryptInit_ex(ctx, NULL, NULL, (const u_char *)key, | ||||
(const u_char *)iv) != 1) | (const u_char *)iv) != 1) | ||||
errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
if (EVP_EncryptUpdate(ctx, NULL, &outl, NULL, size) != 1) | if (EVP_EncryptUpdate(ctx, NULL, &outl, NULL, size) != 1) | ||||
errx(1, "OpenSSL %s (%zu) unable to set data length: %s", alg->name, | errx(1, "OpenSSL %s (%zu) unable to set data length: %s", alg->name, | ||||
Show All 13 Lines | openssl_ccm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, | ||||
total = outl; | total = outl; | ||||
if (EVP_EncryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1) | if (EVP_EncryptFinal_ex(ctx, (u_char *)output + outl, &outl) != 1) | ||||
errx(1, "OpenSSL %s (%zu) encrypt final failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) encrypt final failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
total += outl; | total += outl; | ||||
if ((size_t)total != size) | if ((size_t)total != size) | ||||
errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name, | errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name, | ||||
size, total); | size, total); | ||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, AES_CBC_MAC_HASH_LEN, | if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, AES_CBC_MAC_HASH_LEN, | ||||
tag) != 1) | tag) != 1) | ||||
errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, | errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, | ||||
size, ERR_error_string(ERR_get_error(), NULL)); | size, ERR_error_string(ERR_get_error(), NULL)); | ||||
EVP_CIPHER_CTX_free(ctx); | EVP_CIPHER_CTX_free(ctx); | ||||
} | } | ||||
static bool | static bool | ||||
ocf_init_aead_session(const struct alg *alg, const char *key, size_t key_len, | ocf_init_aead_session(const struct alg *alg, const char *key, size_t key_len, | ||||
Show All 26 Lines | ocf_aead(const struct ocf_session *ses, const char *iv, size_t iv_len, | ||||
caead.tag = tag; | caead.tag = tag; | ||||
caead.iv = iv; | caead.iv = iv; | ||||
if (ioctl(ses->fd, CIOCCRYPTAEAD, &caead) < 0) | if (ioctl(ses->fd, CIOCCRYPTAEAD, &caead) < 0) | ||||
return (errno); | return (errno); | ||||
return (0); | return (0); | ||||
} | } | ||||
#define AEAD_MAX_TAG_LEN MAX(AES_GMAC_HASH_LEN, AES_CBC_MAC_HASH_LEN) | #define AEAD_MAX_TAG_LEN \ | ||||
MAX(MAX(AES_GMAC_HASH_LEN, AES_CBC_MAC_HASH_LEN), POLY1305_HASH_LEN) | |||||
static void | static void | ||||
run_aead_test(const struct alg *alg, size_t aad_len, size_t size) | run_aead_test(const struct alg *alg, size_t aad_len, size_t size) | ||||
{ | { | ||||
struct ocf_session ses; | struct ocf_session ses; | ||||
const EVP_CIPHER *cipher; | const EVP_CIPHER *cipher; | ||||
char *aad, *buffer, *cleartext, *ciphertext; | char *aad, *buffer, *cleartext, *ciphertext; | ||||
char *iv, *key; | char *iv, *key; | ||||
Show All 40 Lines | run_aead_test(const struct alg *alg, size_t aad_len, size_t size) | ||||
else | else | ||||
aad = NULL; | aad = NULL; | ||||
/* OpenSSL encrypt */ | /* OpenSSL encrypt */ | ||||
if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE) | if (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE) | ||||
openssl_ccm_encrypt(alg, cipher, key, iv, iv_len, aad, | openssl_ccm_encrypt(alg, cipher, key, iv, iv_len, aad, | ||||
aad_len, cleartext, ciphertext, size, control_tag); | aad_len, cleartext, ciphertext, size, control_tag); | ||||
else | else | ||||
openssl_gcm_encrypt(alg, cipher, key, iv, aad, aad_len, | openssl_aead_encrypt(alg, cipher, key, iv, aad, aad_len, | ||||
cleartext, ciphertext, size, control_tag); | cleartext, ciphertext, size, control_tag); | ||||
if (!ocf_init_aead_session(alg, key, key_len, &ses)) | if (!ocf_init_aead_session(alg, key, key_len, &ses)) | ||||
goto out; | goto out; | ||||
/* OCF encrypt */ | /* OCF encrypt */ | ||||
error = ocf_aead(&ses, iv, iv_len, aad, aad_len, cleartext, buffer, | error = ocf_aead(&ses, iv, iv_len, aad, aad_len, cleartext, buffer, | ||||
size, test_tag, COP_ENCRYPT); | size, test_tag, COP_ENCRYPT); | ||||
▲ Show 20 Lines • Show All 316 Lines • Show Last 20 Lines |
Shouldn't CCM have a tag len as well? I know it's a bit of an oddball.