examples/hmac.c

   1 /*
   2  * Demo on how to use /dev/crypto device for HMAC.
   3  *
   4  * Placed under public domain.
   5  *
   6  */
   7 #include <stdio.h>
   8 #include <string.h>
   9 #include <unistd.h>
  10 #include <fcntl.h>
  11
  12 #include <sys/ioctl.h>
  13 #include <crypto/cryptodev.h>
  14
  15 #define DATA_SIZE       4096
  16 #define BLOCK_SIZE      16
  17 #define KEY_SIZE        16
  18 #define SHA1_HASH_LEN   20
  19
  20 static int
  21 test_crypto(int cfd)
  22 {
  23         struct {
  24                 uint8_t in[DATA_SIZE],
  25                         encrypted[DATA_SIZE],
  26                         decrypted[DATA_SIZE],
  27                         iv[BLOCK_SIZE],
  28                         key[KEY_SIZE];
  29         } data;
  30         struct session_op sess;
  31         struct crypt_op cryp;
  32         uint8_t mac[AALG_MAX_RESULT_LEN];
  33         uint8_t oldmac[AALG_MAX_RESULT_LEN];
  34         uint8_t md5_hmac_out[] = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38";
  35         uint8_t sha1_out[] = "\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32";
  36         int i;
  37
  38         memset(&sess, 0, sizeof(sess));
  39         memset(&cryp, 0, sizeof(cryp));
  40
  41         /* Use the garbage that is on the stack :-) */
  42         /* memset(&data, 0, sizeof(data)); */
  43
  44         /* SHA1 plain test */
  45         memset(mac, 0, sizeof(mac));
  46
  47         sess.cipher = 0;
  48         sess.mac = CRYPTO_SHA1;
  49         if (ioctl(cfd, CIOCGSESSION, &sess)) {
  50                 perror("ioctl(CIOCGSESSION)");
  51                 return 1;
  52         }
  53
  54         cryp.ses = sess.ses;
  55         cryp.len = sizeof("what do ya want for nothing?")-1;
  56         cryp.src = "what do ya want for nothing?";
  57         cryp.mac = mac;
  58         cryp.op = COP_ENCRYPT;
  59         if (ioctl(cfd, CIOCCRYPT, &cryp)) {
  60                 perror("ioctl(CIOCCRYPT)");
  61                 return 1;
  62         }
  63
  64         if (memcmp(mac, sha1_out, 20)!=0) {
  65                 printf("mac: ");
  66                 for (i=0;i<SHA1_HASH_LEN;i++) {
  67                         printf("%.2x", (uint8_t)mac[i]);
  68                 }
  69                 puts("\n");
  70                 fprintf(stderr, "HASH test 1: failed\n");
  71         } else {
  72                 fprintf(stderr, "HASH test 1: passed\n");
  73         }
  74
  75         /* MD5-HMAC test */
  76         memset(mac, 0, sizeof(mac));
  77
  78         sess.cipher = 0;
  79         sess.mackey = (uint8_t*)"Jefe";
  80         sess.mackeylen = 4;
  81         sess.mac = CRYPTO_MD5_HMAC;
  82         if (ioctl(cfd, CIOCGSESSION, &sess)) {
  83                 perror("ioctl(CIOCGSESSION)");
  84                 return 1;
  85         }
  86
  87         cryp.ses = sess.ses;
  88         cryp.len = sizeof("what do ya want for nothing?")-1;
  89         cryp.src = "what do ya want for nothing?";
  90         cryp.mac = mac;
  91         cryp.op = COP_ENCRYPT;
  92         if (ioctl(cfd, CIOCCRYPT, &cryp)) {
  93                 perror("ioctl(CIOCCRYPT)");
  94                 return 1;
  95         }
  96
  97         if (memcmp(mac, md5_hmac_out, 16)!=0) {
  98                 printf("mac: ");
  99                 for (i=0;i<SHA1_HASH_LEN;i++) {
 100                         printf("%.2x", (uint8_t)mac[i]);
 101                 }
 102                 puts("\n");
 103                 fprintf(stderr, "HMAC test 1: failed\n");
 104         } else {
 105                 fprintf(stderr, "HMAC test 1: passed\n");
 106         }
 107
 108         /* Hash and encryption in one step test */
 109         sess.cipher = CRYPTO_AES_CBC;
 110         sess.mac = CRYPTO_SHA1_HMAC;
 111         sess.keylen = KEY_SIZE;
 112         sess.key = data.key;
 113         sess.mackeylen = 16;
 114         sess.mackey = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
 115         if (ioctl(cfd, CIOCGSESSION, &sess)) {
 116                 perror("ioctl(CIOCGSESSION)");
 117                 return 1;
 118         }
 119
 120         /* Encrypt data.in to data.encrypted */
 121         cryp.ses = sess.ses;
 122         cryp.len = sizeof(data.in);
 123         cryp.src = data.in;
 124         cryp.dst = data.encrypted;
 125         cryp.iv = data.iv;
 126         cryp.mac = mac;
 127         cryp.op = COP_ENCRYPT;
 128         if (ioctl(cfd, CIOCCRYPT, &cryp)) {
 129                 perror("ioctl(CIOCCRYPT)");
 130                 return 1;
 131         }
 132
 133         memcpy(oldmac, mac, sizeof(mac));
 134
 135         /* Decrypt data.encrypted to data.decrypted */
 136         cryp.src = data.encrypted;
 137         cryp.dst = data.decrypted;
 138         cryp.op = COP_DECRYPT;
 139         if (ioctl(cfd, CIOCCRYPT, &cryp)) {
 140                 perror("ioctl(CIOCCRYPT)");
 141                 return 1;
 142         }
 143
 144         /* Verify the result */
 145         if (memcmp(data.in, data.decrypted, sizeof(data.in)) != 0) {
 146                 fprintf(stderr,
 147                         "FAIL: Decrypted data are different from the input data.\n");
 148                 return 1;
 149         } else
 150                 printf("Crypt Test: passed\n");
 151
 152         if (memcmp(mac, oldmac, 20) != 0) {
 153                 fprintf(stderr,
 154                         "FAIL: Hash in decrypted data different than in encrypted.\n");
 155                 return 1;
 156         } else
 157                 printf("HMAC Test 2: passed\n");
 158
 159         /* Finish crypto session */
 160         if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
 161                 perror("ioctl(CIOCFSESSION)");
 162                 return 1;
 163         }
 164
 165         return 0;
 166 }
 167
 168 int
 169 main()
 170 {
 171         int fd = -1, cfd = -1;
 172
 173         /* Open the crypto device */
 174         fd = open("/dev/crypto", O_RDWR, 0);
 175         if (fd < 0) {
 176                 perror("open(/dev/crypto)");
 177                 return 1;
 178         }
 179
 180         /* Clone file descriptor */
 181         if (ioctl(fd, CRIOGET, &cfd)) {
 182                 perror("ioctl(CRIOGET)");
 183                 return 1;
 184         }
 185
 186         /* Set close-on-exec (not really neede here) */
 187         if (fcntl(cfd, F_SETFD, 1) == -1) {
 188                 perror("fcntl(F_SETFD)");
 189                 return 1;
 190         }
 191
 192         /* Run the test itself */
 193         if (test_crypto(cfd))
 194                 return 1;
 195
 196         /* Close cloned descriptor */
 197         if (close(cfd)) {
 198                 perror("close(cfd)");
 199                 return 1;
 200         }
 201
 202         /* Close the original descriptor */
 203         if (close(fd)) {
 204                 perror("close(fd)");
 205                 return 1;
 206         }
 207
 208         return 0;
 209 }