tests/async_hmac.c

   1 /*
   2  * Demo on how to use /dev/crypto device for HMAC.
   3  *
   4  * Placed under public domain.
   5  *
   6  */
   7 #include <stdio.h>
   8 #include <string.h>
   9 #include <unistd.h>
  10 #include <fcntl.h>
  11 #include <poll.h>
  12 #include <stdint.h>
  13
  14 #include <sys/ioctl.h>
  15 #include <crypto/cryptodev.h>
  16
  17 #include "testhelper.h"
  18
  19 static int debug = 0;
  20
  21 #define DATA_SIZE       4096
  22 #define BLOCK_SIZE      16
  23 #define KEY_SIZE        16
  24 #define SHA1_HASH_LEN   20
  25
  26 static int
  27 test_crypto(int cfd)
  28 {
  29         struct {
  30                 uint8_t in[DATA_SIZE],
  31                         encrypted[DATA_SIZE],
  32                         decrypted[DATA_SIZE],
  33                         iv[BLOCK_SIZE],
  34                         key[KEY_SIZE];
  35         } data;
  36         struct session_op sess;
  37         struct crypt_op cryp;
  38         uint8_t mac[AALG_MAX_RESULT_LEN];
  39         uint8_t oldmac[AALG_MAX_RESULT_LEN];
  40         uint8_t md5_hmac_out[] = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38";
  41         uint8_t sha1_out[] = "\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32";
  42         int i;
  43
  44         memset(&sess, 0, sizeof(sess));
  45         memset(&cryp, 0, sizeof(cryp));
  46
  47         /* Use the garbage that is on the stack :-) */
  48         /* memset(&data, 0, sizeof(data)); */
  49
  50         /* SHA1 plain test */
  51         memset(mac, 0, sizeof(mac));
  52
  53         sess.cipher = 0;
  54         sess.mac = CRYPTO_SHA1;
  55         if (ioctl(cfd, CIOCGSESSION, &sess)) {
  56                 perror("ioctl(CIOCGSESSION)");
  57                 return 1;
  58         }
  59
  60         cryp.ses = sess.ses;
  61         cryp.len = sizeof("what do ya want for nothing?")-1;
  62         cryp.src = "what do ya want for nothing?";
  63         cryp.mac = mac;
  64         cryp.op = COP_ENCRYPT;
  65
  66         DO_OR_DIE(do_async_crypt(cfd, &cryp), 0);
  67         DO_OR_DIE(do_async_fetch(cfd, &cryp), 0);
  68
  69         if (memcmp(mac, sha1_out, 20)!=0) {
  70                 printf("mac: ");
  71                 for (i=0;i<SHA1_HASH_LEN;i++) {
  72                         printf("%.2x", (uint8_t)mac[i]);
  73                 }
  74                 puts("\n");
  75                 fprintf(stderr, "HASH test 1: failed\n");
  76         } else {
  77                 if (debug) fprintf(stderr, "HASH test 1: passed\n");
  78         }
  79
  80         if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
  81                 perror("ioctl(CIOCFSESSION)");
  82                 return 1;
  83         }
  84
  85         /* MD5-HMAC test */
  86         memset(mac, 0, sizeof(mac));
  87
  88         sess.cipher = 0;
  89         sess.mackey = (uint8_t*)"Jefe";
  90         sess.mackeylen = 4;
  91         sess.mac = CRYPTO_MD5_HMAC;
  92         if (ioctl(cfd, CIOCGSESSION, &sess)) {
  93                 perror("ioctl(CIOCGSESSION)");
  94                 return 1;
  95         }
  96
  97         cryp.ses = sess.ses;
  98         cryp.len = sizeof("what do ya want for nothing?")-1;
  99         cryp.src = "what do ya want for nothing?";
 100         cryp.mac = mac;
 101         cryp.op = COP_ENCRYPT;
 102
 103         DO_OR_DIE(do_async_crypt(cfd, &cryp), 0);
 104         DO_OR_DIE(do_async_fetch(cfd, &cryp), 0);
 105
 106         if (memcmp(mac, md5_hmac_out, 16)!=0) {
 107                 printf("mac: ");
 108                 for (i=0;i<SHA1_HASH_LEN;i++) {
 109                         printf("%.2x", (uint8_t)mac[i]);
 110                 }
 111                 puts("\n");
 112                 fprintf(stderr, "HMAC test 1: failed\n");
 113         } else {
 114                 if (debug) fprintf(stderr, "HMAC test 1: passed\n");
 115         }
 116
 117         if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
 118                 perror("ioctl(CIOCFSESSION)");
 119                 return 1;
 120         }
 121
 122         /* Hash and encryption in one step test */
 123         sess.cipher = CRYPTO_AES_CBC;
 124         sess.mac = CRYPTO_SHA1_HMAC;
 125         sess.keylen = KEY_SIZE;
 126         sess.key = data.key;
 127         sess.mackeylen = 16;
 128         sess.mackey = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
 129         if (ioctl(cfd, CIOCGSESSION, &sess)) {
 130                 perror("ioctl(CIOCGSESSION)");
 131                 return 1;
 132         }
 133
 134         /* Encrypt data.in to data.encrypted */
 135         cryp.ses = sess.ses;
 136         cryp.len = sizeof(data.in);
 137         cryp.src = data.in;
 138         cryp.dst = data.encrypted;
 139         cryp.iv = data.iv;
 140         cryp.mac = mac;
 141         cryp.op = COP_ENCRYPT;
 142
 143         DO_OR_DIE(do_async_crypt(cfd, &cryp), 0);
 144         DO_OR_DIE(do_async_fetch(cfd, &cryp), 0);
 145
 146         memcpy(oldmac, mac, sizeof(mac));
 147
 148         /* Decrypt data.encrypted to data.decrypted */
 149         cryp.src = data.encrypted;
 150         cryp.dst = data.decrypted;
 151         cryp.op = COP_DECRYPT;
 152
 153         DO_OR_DIE(do_async_crypt(cfd, &cryp), 0);
 154         DO_OR_DIE(do_async_fetch(cfd, &cryp), 0);
 155
 156         /* Verify the result */
 157         if (memcmp(data.in, data.decrypted, sizeof(data.in)) != 0) {
 158                 fprintf(stderr,
 159                         "FAIL: Decrypted data are different from the input data.\n");
 160                 return 1;
 161         } else if (debug)
 162                 printf("Crypt Test: passed\n");
 163
 164         if (memcmp(mac, oldmac, 20) != 0) {
 165                 fprintf(stderr,
 166                         "FAIL: Hash in decrypted data different than in encrypted.\n");
 167                 return 1;
 168         } else if (debug)
 169                 printf("HMAC Test 2: passed\n");
 170
 171         /* Finish crypto session */
 172         if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
 173                 perror("ioctl(CIOCFSESSION)");
 174                 return 1;
 175         }
 176
 177         return 0;
 178 }
 179
 180 static int
 181 test_extras(int cfd)
 182 {
 183         struct session_op sess;
 184         struct crypt_op cryp;
 185         uint8_t mac[AALG_MAX_RESULT_LEN];
 186         uint8_t oldmac[AALG_MAX_RESULT_LEN];
 187         uint8_t md5_hmac_out[] = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38";
 188         uint8_t sha1_out[] = "\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32";
 189         int i;
 190
 191         memset(&sess, 0, sizeof(sess));
 192         memset(&cryp, 0, sizeof(cryp));
 193
 194         /* Use the garbage that is on the stack :-) */
 195         /* memset(&data, 0, sizeof(data)); */
 196
 197         /* SHA1 plain test */
 198         memset(mac, 0, sizeof(mac));
 199
 200         sess.cipher = 0;
 201         sess.mac = CRYPTO_SHA1;
 202         if (ioctl(cfd, CIOCGSESSION, &sess)) {
 203                 perror("ioctl(CIOCGSESSION)");
 204                 return 1;
 205         }
 206
 207         cryp.ses = sess.ses;
 208         cryp.len = sizeof("what do")-1;
 209         cryp.src = "what do";
 210         cryp.mac = mac;
 211         cryp.op = COP_ENCRYPT;
 212         cryp.flags = COP_FLAG_UPDATE;
 213
 214         DO_OR_DIE(do_async_crypt(cfd, &cryp), 0);
 215         DO_OR_DIE(do_async_fetch(cfd, &cryp), 0);
 216
 217         cryp.ses = sess.ses;
 218         cryp.len = sizeof(" ya want for nothing?")-1;
 219         cryp.src = " ya want for nothing?";
 220         cryp.mac = mac;
 221         cryp.op = COP_ENCRYPT;
 222         cryp.flags = COP_FLAG_FINAL;
 223
 224         DO_OR_DIE(do_async_crypt(cfd, &cryp), 0);
 225         DO_OR_DIE(do_async_fetch(cfd, &cryp), 0);
 226
 227         if (memcmp(mac, sha1_out, 20)!=0) {
 228                 printf("mac: ");
 229                 for (i=0;i<SHA1_HASH_LEN;i++) {
 230                         printf("%.2x", (uint8_t)mac[i]);
 231                 }
 232                 puts("\n");
 233                 fprintf(stderr, "HASH test [update]: failed\n");
 234         } else {
 235                 if (debug) fprintf(stderr, "HASH test [update]: passed\n");
 236         }
 237
 238         memset(mac, 0, sizeof(mac));
 239
 240         /* Finish crypto session */
 241         if (ioctl(cfd, CIOCFSESSION, &sess.ses)) {
 242                 perror("ioctl(CIOCFSESSION)");
 243                 return 1;
 244         }
 245
 246         return 0;
 247 }
 248
 249
 250 int
 251 main()
 252 {
 253         int fd = -1, cfd = -1;
 254
 255         /* Open the crypto device */
 256         fd = open("/dev/crypto", O_RDWR, 0);
 257         if (fd < 0) {
 258                 perror("open(/dev/crypto)");
 259                 return 1;
 260         }
 261
 262         /* Clone file descriptor */
 263         if (ioctl(fd, CRIOGET, &cfd)) {
 264                 perror("ioctl(CRIOGET)");
 265                 return 1;
 266         }
 267
 268         /* Set close-on-exec (not really neede here) */
 269         if (fcntl(cfd, F_SETFD, 1) == -1) {
 270                 perror("fcntl(F_SETFD)");
 271                 return 1;
 272         }
 273
 274         /* Run the test itself */
 275         if (test_crypto(cfd))
 276                 return 1;
 277
 278         if (test_extras(cfd))
 279                 return 1;
 280
 281         /* Close cloned descriptor */
 282         if (close(cfd)) {
 283                 perror("close(cfd)");
 284                 return 1;
 285         }
 286
 287         /* Close the original descriptor */
 288         if (close(fd)) {
 289                 perror("close(fd)");
 290                 return 1;
 291         }
 292
 293         return 0;
 294 }