CoCalc -- poly1305

GitHub Repository: freebsd/freebsd-src
Path: blob/main/tests/sys/opencrypto/poly1305_test.c
³⁹⁵³⁴ views
1
/*-
2
 * Copyright (c) 2018 Conrad Meyer <[email protected]>
3
 * All rights reserved.
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 * 1. Redistributions of source code must retain the above copyright
9
 *    notice, this list of conditions and the following disclaimer.
10
 * 2. Redistributions in binary form must reproduce the above copyright
11
 *    notice, this list of conditions and the following disclaimer in the
12
 *    documentation and/or other materials provided with the distribution.
13
 *
14
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24
 * SUCH DAMAGE.
25
 */
26

27
#include <sys/param.h>
28

29
#include <errno.h>
30
#include <fcntl.h>
31
#include <string.h>
32

33
#include <atf-c.h>
34

35
/* Be sure to include tree copy rather than system copy. */
36
#include "cryptodev.h"
37

38
#include "freebsd_test_suite/macros.h"
39

40
struct poly1305_kat {
41
	const char *vector_name;
42
	const char *test_key_hex;
43
	const char *test_msg_hex;
44
	const size_t test_msg_len;
45

46
	const char *expected_tag_hex;
47
};
48

49
static const struct poly1305_kat rfc7539_kats[] = {
50
{
51
	.vector_name = "RFC 7539 \xc2\xa7 2.5.2",
52
	.test_key_hex = "85:d6:be:78:57:55:6d:33:7f:44:52:fe:42:d5:06:a8"
53
	    ":01:03:80:8a:fb:0d:b2:fd:4a:bf:f6:af:41:49:f5:1b",
54
	.test_msg_hex =
55
"43 72 79 70 74 6f 67 72 61 70 68 69 63 20 46 6f "
56
"72 75 6d 20 52 65 73 65 61 72 63 68 20 47 72 6f "
57
"75 70",
58
	.test_msg_len = 34,
59
	.expected_tag_hex = "a8:06:1d:c1:30:51:36:c6:c2:2b:8b:af:0c:01:27:a9",
60
},
61
{
62
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #1",
63
	.test_key_hex =
64
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
65
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
66
	.test_msg_hex =
67
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
68
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
69
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
70
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
71
	.test_msg_len = 64,
72
	.expected_tag_hex = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
73
},
74
{
75
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #2",
76
	.test_key_hex =
77
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
78
"36 e5 f6 b5 c5 e0 60 70 f0 ef ca 96 22 7a 86 3e ",
79
	.test_msg_hex =
80
"41 6e 79 20 73 75 62 6d 69 73 73 69 6f 6e 20 74 "
81
"6f 20 74 68 65 20 49 45 54 46 20 69 6e 74 65 6e "
82
"64 65 64 20 62 79 20 74 68 65 20 43 6f 6e 74 72 "
83
"69 62 75 74 6f 72 20 66 6f 72 20 70 75 62 6c 69 "
84
"63 61 74 69 6f 6e 20 61 73 20 61 6c 6c 20 6f 72 "
85
"20 70 61 72 74 20 6f 66 20 61 6e 20 49 45 54 46 "
86
"20 49 6e 74 65 72 6e 65 74 2d 44 72 61 66 74 20 "
87
"6f 72 20 52 46 43 20 61 6e 64 20 61 6e 79 20 73 "
88
"74 61 74 65 6d 65 6e 74 20 6d 61 64 65 20 77 69 "
89
"74 68 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 "
90
"20 6f 66 20 61 6e 20 49 45 54 46 20 61 63 74 69 "
91
"76 69 74 79 20 69 73 20 63 6f 6e 73 69 64 65 72 "
92
"65 64 20 61 6e 20 22 49 45 54 46 20 43 6f 6e 74 "
93
"72 69 62 75 74 69 6f 6e 22 2e 20 53 75 63 68 20 "
94
"73 74 61 74 65 6d 65 6e 74 73 20 69 6e 63 6c 75 "
95
"64 65 20 6f 72 61 6c 20 73 74 61 74 65 6d 65 6e "
96
"74 73 20 69 6e 20 49 45 54 46 20 73 65 73 73 69 "
97
"6f 6e 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 "
98
"77 72 69 74 74 65 6e 20 61 6e 64 20 65 6c 65 63 "
99
"74 72 6f 6e 69 63 20 63 6f 6d 6d 75 6e 69 63 61 "
100
"74 69 6f 6e 73 20 6d 61 64 65 20 61 74 20 61 6e "
101
"79 20 74 69 6d 65 20 6f 72 20 70 6c 61 63 65 2c "
102
"20 77 68 69 63 68 20 61 72 65 20 61 64 64 72 65 "
103
"73 73 65 64 20 74 6f",
104
	.test_msg_len = 375,
105
	.expected_tag_hex = "36 e5 f6 b5 c5 e0 60 70 f0 ef ca 96 22 7a 86 3e",
106
},
107
{
108
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #3",
109
	.test_key_hex =
110
"36 e5 f6 b5 c5 e0 60 70 f0 ef ca 96 22 7a 86 3e "
111
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
112
	.test_msg_hex =
113
"41 6e 79 20 73 75 62 6d 69 73 73 69 6f 6e 20 74 "
114
"6f 20 74 68 65 20 49 45 54 46 20 69 6e 74 65 6e "
115
"64 65 64 20 62 79 20 74 68 65 20 43 6f 6e 74 72 "
116
"69 62 75 74 6f 72 20 66 6f 72 20 70 75 62 6c 69 "
117
"63 61 74 69 6f 6e 20 61 73 20 61 6c 6c 20 6f 72 "
118
"20 70 61 72 74 20 6f 66 20 61 6e 20 49 45 54 46 "
119
"20 49 6e 74 65 72 6e 65 74 2d 44 72 61 66 74 20 "
120
"6f 72 20 52 46 43 20 61 6e 64 20 61 6e 79 20 73 "
121
"74 61 74 65 6d 65 6e 74 20 6d 61 64 65 20 77 69 "
122
"74 68 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 "
123
"20 6f 66 20 61 6e 20 49 45 54 46 20 61 63 74 69 "
124
"76 69 74 79 20 69 73 20 63 6f 6e 73 69 64 65 72 "
125
"65 64 20 61 6e 20 22 49 45 54 46 20 43 6f 6e 74 "
126
"72 69 62 75 74 69 6f 6e 22 2e 20 53 75 63 68 20 "
127
"73 74 61 74 65 6d 65 6e 74 73 20 69 6e 63 6c 75 "
128
"64 65 20 6f 72 61 6c 20 73 74 61 74 65 6d 65 6e "
129
"74 73 20 69 6e 20 49 45 54 46 20 73 65 73 73 69 "
130
"6f 6e 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 "
131
"77 72 69 74 74 65 6e 20 61 6e 64 20 65 6c 65 63 "
132
"74 72 6f 6e 69 63 20 63 6f 6d 6d 75 6e 69 63 61 "
133
"74 69 6f 6e 73 20 6d 61 64 65 20 61 74 20 61 6e "
134
"79 20 74 69 6d 65 20 6f 72 20 70 6c 61 63 65 2c "
135
"20 77 68 69 63 68 20 61 72 65 20 61 64 64 72 65 "
136
"73 73 65 64 20 74 6f",
137
	.test_msg_len = 375,
138
	.expected_tag_hex = "f3 47 7e 7c d9 54 17 af 89 a6 b8 79 4c 31 0c f0",
139
},
140
{
141
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #4",
142
	.test_key_hex =
143
"1c 92 40 a5 eb 55 d3 8a f3 33 88 86 04 f6 b5 f0 "
144
"47 39 17 c1 40 2b 80 09 9d ca 5c bc 20 70 75 c0 ",
145
	.test_msg_hex =
146
"27 54 77 61 73 20 62 72 69 6c 6c 69 67 2c 20 61 "
147
"6e 64 20 74 68 65 20 73 6c 69 74 68 79 20 74 6f "
148
"76 65 73 0a 44 69 64 20 67 79 72 65 20 61 6e 64 "
149
"20 67 69 6d 62 6c 65 20 69 6e 20 74 68 65 20 77 "
150
"61 62 65 3a 0a 41 6c 6c 20 6d 69 6d 73 79 20 77 "
151
"65 72 65 20 74 68 65 20 62 6f 72 6f 67 6f 76 65 "
152
"73 2c 0a 41 6e 64 20 74 68 65 20 6d 6f 6d 65 20 "
153
"72 61 74 68 73 20 6f 75 74 67 72 61 62 65 2e",
154
	.test_msg_len = 127,
155
	.expected_tag_hex = "45 41 66 9a 7e aa ee 61 e7 08 dc 7c bc c5 eb 62",
156
},
157
{
158
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #5",
159
	.test_key_hex =
160
"02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
161
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
162
	.test_msg_hex =
163
"FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF",
164
	.test_msg_len = 16,
165
	.expected_tag_hex = "03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
166
},
167
{
168
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #6",
169
	.test_key_hex =
170
"02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
171
"FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ",
172
	.test_msg_hex =
173
"02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
174
	.test_msg_len = 16,
175
	.expected_tag_hex = "03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
176

177
},
178
{
179
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #7",
180
	.test_key_hex =
181
"01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
182
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
183
	.test_msg_hex =
184
"FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF "
185
"F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF "
186
"11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
187
	.test_msg_len = 48,
188
	.expected_tag_hex = "05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
189
},
190
{
191
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #8",
192
	.test_key_hex =
193
"01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
194
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
195
	.test_msg_hex =
196
"FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF "
197
"FB FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE "
198
"01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01",
199
	.test_msg_len = 48,
200
	.expected_tag_hex = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
201
},
202
{
203
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #9",
204
	.test_key_hex =
205
"02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
206
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
207
	.test_msg_hex =
208
"FD FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF",
209
	.test_msg_len = 16,
210
	.expected_tag_hex = "FA FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF",
211
},
212
{
213
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #10",
214
	.test_key_hex =
215
"01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 "
216
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
217
	.test_msg_hex =
218
"E3 35 94 D7 50 5E 43 B9 00 00 00 00 00 00 00 00 "
219
"33 94 D7 50 5E 43 79 CD 01 00 00 00 00 00 00 00 "
220
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 "
221
"01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
222
	.test_msg_len = 64,
223
	.expected_tag_hex = "14 00 00 00 00 00 00 00 55 00 00 00 00 00 00 00",
224
},
225
{
226
	.vector_name = "RFC 7539 \xc2\xa7 A.3 #11",
227
	.test_key_hex =
228
"01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 "
229
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ",
230
	.test_msg_hex =
231
"E3 35 94 D7 50 5E 43 B9 00 00 00 00 00 00 00 00 "
232
"33 94 D7 50 5E 43 79 CD 01 00 00 00 00 00 00 00 "
233
"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
234
	.test_msg_len = 48,
235
	.expected_tag_hex = "13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
236
},
237
};
238

239
static void
240
parse_hex(const struct poly1305_kat *kat, const char *hexstr, void *voutput,
241
    size_t explen)
242
{
243
	/* Space or colon delimited; may contain a single trailing space;
244
	 * length should match exactly.
245
	 */
246
	const char *sep, *it;
247
	size_t sym_len, count;
248
	char hbyte[3], *out;
249
	int res;
250

251
	out = voutput;
252
	memset(hbyte, 0, sizeof(hbyte));
253

254
	it = hexstr;
255
	count = 0;
256
	while (true) {
257
		sep = strpbrk(it, " :");
258
		if (sep == NULL)
259
			sym_len = strlen(it);
260
		else
261
			sym_len = sep - it;
262

263
		ATF_REQUIRE_EQ_MSG(sym_len, 2,
264
		    "invalid hex byte '%.*s' in vector %s", (int)sym_len, it,
265
		    kat->vector_name);
266

267
		memcpy(hbyte, it, 2);
268
		res = sscanf(hbyte, "%hhx", &out[count]);
269
		ATF_REQUIRE_EQ_MSG(res, 1,
270
		    "invalid hex byte '%s' in vector %s", hbyte,
271
		    kat->vector_name);
272

273
		count++;
274
		ATF_REQUIRE_MSG(count <= explen,
275
		    "got longer than expected value at %s", kat->vector_name);
276

277
		if (sep == NULL)
278
			break;
279
		it = sep;
280
		while (*it == ' ' || *it == ':')
281
			it++;
282
		if (*it == 0)
283
			break;
284
	}
285

286
	ATF_REQUIRE_EQ_MSG(count, explen, "got short value at %s",
287
	    kat->vector_name);
288
}
289

290
static void
291
parse_vector(const struct poly1305_kat *kat,
292
    uint8_t key[__min_size(POLY1305_KEY_LEN)], char *msg,
293
    uint8_t exptag[__min_size(POLY1305_HASH_LEN)])
294
{
295
	parse_hex(kat, kat->test_key_hex, key, POLY1305_KEY_LEN);
296
	parse_hex(kat, kat->test_msg_hex, msg, kat->test_msg_len);
297
	parse_hex(kat, kat->expected_tag_hex, exptag, POLY1305_HASH_LEN);
298
}
299

300
static int
301
get_handle_fd(void)
302
{
303
	int fd;
304

305
	fd = open("/dev/crypto", O_RDWR);
306
	ATF_REQUIRE(fd >= 0);
307
	return (fd);
308
}
309

310
static int
311
create_session(int fd, int alg, int crid, const void *key, size_t klen)
312
{
313
	struct session2_op sop;
314

315
	memset(&sop, 0, sizeof(sop));
316

317
	sop.mac = alg;
318
	sop.mackey = key;
319
	sop.mackeylen = klen;
320
	sop.crid = crid;
321

322
	ATF_REQUIRE_MSG(ioctl(fd, CIOCGSESSION2, &sop) >= 0,
323
	    "alg %d keylen %zu, errno=%d (%s)", alg, klen, errno,
324
	    strerror(errno));
325
	return (sop.ses);
326
}
327

328
static void
329
destroy_session(int fd, int _ses)
330
{
331
	uint32_t ses;
332

333
	ses = _ses;
334
	ATF_REQUIRE_MSG(ioctl(fd, CIOCFSESSION, &ses) >= 0,
335
	    "destroy session failed, errno=%d (%s)", errno, strerror(errno));
336
}
337

338
static void
339
do_cryptop(int fd, int ses, const void *inp, size_t inlen, void *out)
340
{
341
	struct crypt_op cop;
342

343
	memset(&cop, 0, sizeof(cop));
344

345
	cop.ses = ses;
346
	cop.len = inlen;
347
	cop.src = inp;
348
	cop.mac = out;
349
	ATF_CHECK_MSG(ioctl(fd, CIOCCRYPT, &cop) >= 0, "ioctl(CIOCCRYPT)");
350
}
351

352
static void
353
test_rfc7539_poly1305_vectors(int crid)
354
{
355
	uint8_t comptag[POLY1305_HASH_LEN], exptag[POLY1305_HASH_LEN],
356
	    key[POLY1305_KEY_LEN], msg[512];
357
	int fd, ses;
358
	size_t i;
359

360
	fd = get_handle_fd();
361

362
	for (i = 0; i < nitems(rfc7539_kats); i++) {
363
		const struct poly1305_kat *kat;
364

365
		kat = &rfc7539_kats[i];
366
		parse_vector(kat, key, msg, exptag);
367

368
		ses = create_session(fd, CRYPTO_POLY1305, crid, key, sizeof(key));
369

370
		do_cryptop(fd, ses, msg, kat->test_msg_len, comptag);
371
		ATF_CHECK_EQ_MSG(memcmp(comptag, exptag, sizeof(exptag)), 0,
372
		    "KAT %s failed:", kat->vector_name);
373

374
		destroy_session(fd, ses);
375
	}
376
}
377

378
ATF_TC(poly1305_vectors);
379
ATF_TC_HEAD(poly1305_vectors, tc)
380
{
381
	 atf_tc_set_md_var(tc, "require.kmods", "nexus/cryptosoft cryptodev");
382
}
383
ATF_TC_BODY(poly1305_vectors, tc)
384
{
385
	ATF_REQUIRE_SYSCTL_INT("kern.crypto.allow_soft", 1);
386
	test_rfc7539_poly1305_vectors(CRYPTO_FLAG_SOFTWARE);
387
}
388

389
ATF_TP_ADD_TCS(tp)
390
{
391

392
	ATF_TP_ADD_TC(tp, poly1305_vectors);
393

394
	return (atf_no_error());
395
}
396

397
Product

Resources

Company
