10e33efe4SConrad Meyer /*- 20e33efe4SConrad Meyer * Copyright (c) 2018 Conrad Meyer <cem@FreeBSD.org> 30e33efe4SConrad Meyer * All rights reserved. 40e33efe4SConrad Meyer * 50e33efe4SConrad Meyer * Redistribution and use in source and binary forms, with or without 60e33efe4SConrad Meyer * modification, are permitted provided that the following conditions 70e33efe4SConrad Meyer * are met: 80e33efe4SConrad Meyer * 1. Redistributions of source code must retain the above copyright 90e33efe4SConrad Meyer * notice, this list of conditions and the following disclaimer. 100e33efe4SConrad Meyer * 2. Redistributions in binary form must reproduce the above copyright 110e33efe4SConrad Meyer * notice, this list of conditions and the following disclaimer in the 120e33efe4SConrad Meyer * documentation and/or other materials provided with the distribution. 130e33efe4SConrad Meyer * 140e33efe4SConrad Meyer * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 150e33efe4SConrad Meyer * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 160e33efe4SConrad Meyer * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 170e33efe4SConrad Meyer * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 180e33efe4SConrad Meyer * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 190e33efe4SConrad Meyer * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 200e33efe4SConrad Meyer * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 210e33efe4SConrad Meyer * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 220e33efe4SConrad Meyer * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 230e33efe4SConrad Meyer * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 240e33efe4SConrad Meyer * SUCH DAMAGE. 250e33efe4SConrad Meyer * 260e33efe4SConrad Meyer * $FreeBSD$ 270e33efe4SConrad Meyer */ 280e33efe4SConrad Meyer 290e33efe4SConrad Meyer /* 300e33efe4SConrad Meyer * Derived from blake2b-test.c and blake2s-test.c: 310e33efe4SConrad Meyer * 320e33efe4SConrad Meyer * BLAKE2 reference source code package - optimized C implementations 330e33efe4SConrad Meyer * 340e33efe4SConrad Meyer * Written in 2012 by Samuel Neves <sneves@dei.uc.pt> 350e33efe4SConrad Meyer * 360e33efe4SConrad Meyer * To the extent possible under law, the author(s) have dedicated all copyright 370e33efe4SConrad Meyer * and related and neighboring rights to this software to the public domain 380e33efe4SConrad Meyer * worldwide. This software is distributed without any warranty. 390e33efe4SConrad Meyer * 400e33efe4SConrad Meyer * You should have received a copy of the CC0 Public Domain Dedication along with 410e33efe4SConrad Meyer * this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. 420e33efe4SConrad Meyer */ 430e33efe4SConrad Meyer 440e33efe4SConrad Meyer #include <sys/param.h> 450e33efe4SConrad Meyer 460e33efe4SConrad Meyer #include <errno.h> 470e33efe4SConrad Meyer #include <fcntl.h> 480e33efe4SConrad Meyer #include <string.h> 490e33efe4SConrad Meyer 500e33efe4SConrad Meyer #include <atf-c.h> 510e33efe4SConrad Meyer 520e33efe4SConrad Meyer /* Be sure to include tree copy rather than system copy. */ 530e33efe4SConrad Meyer #include "cryptodev.h" 540e33efe4SConrad Meyer 550e33efe4SConrad Meyer #include "freebsd_test_suite/macros.h" 560e33efe4SConrad Meyer 570e33efe4SConrad Meyer #include <blake2.h> 580e33efe4SConrad Meyer #include "blake2-kat.h" 590e33efe4SConrad Meyer 600e33efe4SConrad Meyer static uint8_t key2b[BLAKE2B_KEYBYTES]; 610e33efe4SConrad Meyer static uint8_t key2s[BLAKE2S_KEYBYTES]; 620e33efe4SConrad Meyer static uint8_t katbuf[KAT_LENGTH]; 630e33efe4SConrad Meyer 640e33efe4SConrad Meyer static void 650e33efe4SConrad Meyer initialize_constant_buffers(void) 660e33efe4SConrad Meyer { 670e33efe4SConrad Meyer size_t i; 680e33efe4SConrad Meyer 690e33efe4SConrad Meyer for (i = 0; i < sizeof(key2b); i++) 700e33efe4SConrad Meyer key2b[i] = (uint8_t)i; 710e33efe4SConrad Meyer for (i = 0; i < sizeof(key2s); i++) 720e33efe4SConrad Meyer key2s[i] = (uint8_t)i; 730e33efe4SConrad Meyer for (i = 0; i < sizeof(katbuf); i++) 740e33efe4SConrad Meyer katbuf[i] = (uint8_t)i; 750e33efe4SConrad Meyer } 760e33efe4SConrad Meyer 770e33efe4SConrad Meyer static int 78*871eec00SJohn Baldwin lookup_crid(int fd, const char *devname) 79*871eec00SJohn Baldwin { 80*871eec00SJohn Baldwin struct crypt_find_op find; 81*871eec00SJohn Baldwin 82*871eec00SJohn Baldwin find.crid = -1; 83*871eec00SJohn Baldwin strlcpy(find.name, devname, sizeof(find.name)); 84*871eec00SJohn Baldwin ATF_REQUIRE(ioctl(fd, CIOCFINDDEV, &find) != -1); 85*871eec00SJohn Baldwin return (find.crid); 86*871eec00SJohn Baldwin } 87*871eec00SJohn Baldwin 88*871eec00SJohn Baldwin static int 890e33efe4SConrad Meyer get_handle_fd(void) 900e33efe4SConrad Meyer { 910e33efe4SConrad Meyer int dc_fd, fd; 920e33efe4SConrad Meyer 930e33efe4SConrad Meyer dc_fd = open("/dev/crypto", O_RDWR); 940e33efe4SConrad Meyer 950e33efe4SConrad Meyer /* 960e33efe4SConrad Meyer * Why do we do this dance instead of just operating on /dev/crypto 970e33efe4SConrad Meyer * directly? I have no idea. 980e33efe4SConrad Meyer */ 990e33efe4SConrad Meyer ATF_REQUIRE(dc_fd >= 0); 1000e33efe4SConrad Meyer ATF_REQUIRE(ioctl(dc_fd, CRIOGET, &fd) != -1); 1010e33efe4SConrad Meyer close(dc_fd); 1020e33efe4SConrad Meyer return (fd); 1030e33efe4SConrad Meyer } 1040e33efe4SConrad Meyer 1050e33efe4SConrad Meyer static int 1060e33efe4SConrad Meyer create_session(int fd, int alg, int crid, const void *key, size_t klen) 1070e33efe4SConrad Meyer { 1080e33efe4SConrad Meyer struct session2_op sop; 1090e33efe4SConrad Meyer 1100e33efe4SConrad Meyer memset(&sop, 0, sizeof(sop)); 1110e33efe4SConrad Meyer 1120e33efe4SConrad Meyer sop.mac = alg; 1130e33efe4SConrad Meyer sop.mackey = key; 1140e33efe4SConrad Meyer sop.mackeylen = klen; 1150e33efe4SConrad Meyer sop.crid = crid; 1160e33efe4SConrad Meyer 1170e33efe4SConrad Meyer ATF_REQUIRE_MSG(ioctl(fd, CIOCGSESSION2, &sop) >= 0, 1180e33efe4SConrad Meyer "alg %d keylen %zu, errno=%d (%s)", alg, klen, errno, 1190e33efe4SConrad Meyer strerror(errno)); 1200e33efe4SConrad Meyer return (sop.ses); 1210e33efe4SConrad Meyer } 1220e33efe4SConrad Meyer 1230e33efe4SConrad Meyer static void 1240e33efe4SConrad Meyer do_cryptop(int fd, int ses, size_t inlen, void *out) 1250e33efe4SConrad Meyer { 1260e33efe4SConrad Meyer struct crypt_op cop; 1270e33efe4SConrad Meyer 1280e33efe4SConrad Meyer memset(&cop, 0, sizeof(cop)); 1290e33efe4SConrad Meyer 1300e33efe4SConrad Meyer cop.ses = ses; 1310e33efe4SConrad Meyer cop.len = inlen; 1320e33efe4SConrad Meyer cop.src = katbuf; 1330e33efe4SConrad Meyer cop.mac = out; 1340e33efe4SConrad Meyer ATF_CHECK_MSG(ioctl(fd, CIOCCRYPT, &cop) >= 0, "ioctl(CIOCCRYPT)"); 1350e33efe4SConrad Meyer } 1360e33efe4SConrad Meyer 1370e33efe4SConrad Meyer static void 138*871eec00SJohn Baldwin test_blake2b_vectors(const char *devname, const char *modname) 1390e33efe4SConrad Meyer { 1400e33efe4SConrad Meyer uint8_t hash[BLAKE2B_OUTBYTES]; 141*871eec00SJohn Baldwin int crid, fd, ses; 1420e33efe4SConrad Meyer size_t i; 1430e33efe4SConrad Meyer 1440e33efe4SConrad Meyer ATF_REQUIRE_KERNEL_MODULE(modname); 1450e33efe4SConrad Meyer ATF_REQUIRE_KERNEL_MODULE("cryptodev"); 1460e33efe4SConrad Meyer 1470e33efe4SConrad Meyer initialize_constant_buffers(); 1480e33efe4SConrad Meyer fd = get_handle_fd(); 149*871eec00SJohn Baldwin crid = lookup_crid(fd, devname); 1500e33efe4SConrad Meyer ses = create_session(fd, CRYPTO_BLAKE2B, crid, key2b, sizeof(key2b)); 1510e33efe4SConrad Meyer 1520e33efe4SConrad Meyer for (i = 0; i < sizeof(katbuf); i++) { 1530e33efe4SConrad Meyer do_cryptop(fd, ses, i, hash); 1540e33efe4SConrad Meyer ATF_CHECK_EQ_MSG( 1550e33efe4SConrad Meyer memcmp(hash, blake2b_keyed_kat[i], sizeof(hash)), 1560e33efe4SConrad Meyer 0, 1570e33efe4SConrad Meyer "different at %zu", i); 1580e33efe4SConrad Meyer } 1590e33efe4SConrad Meyer } 1600e33efe4SConrad Meyer 1610e33efe4SConrad Meyer static void 162*871eec00SJohn Baldwin test_blake2s_vectors(const char *devname, const char *modname) 1630e33efe4SConrad Meyer { 1640e33efe4SConrad Meyer uint8_t hash[BLAKE2S_OUTBYTES]; 165*871eec00SJohn Baldwin int crid, fd, ses; 1660e33efe4SConrad Meyer size_t i; 1670e33efe4SConrad Meyer 1680e33efe4SConrad Meyer ATF_REQUIRE_KERNEL_MODULE(modname); 1690e33efe4SConrad Meyer ATF_REQUIRE_KERNEL_MODULE("cryptodev"); 1700e33efe4SConrad Meyer 1710e33efe4SConrad Meyer initialize_constant_buffers(); 1720e33efe4SConrad Meyer fd = get_handle_fd(); 173*871eec00SJohn Baldwin crid = lookup_crid(fd, devname); 1740e33efe4SConrad Meyer ses = create_session(fd, CRYPTO_BLAKE2S, crid, key2s, sizeof(key2s)); 1750e33efe4SConrad Meyer 1760e33efe4SConrad Meyer for (i = 0; i < sizeof(katbuf); i++) { 1770e33efe4SConrad Meyer do_cryptop(fd, ses, i, hash); 1780e33efe4SConrad Meyer ATF_CHECK_EQ_MSG( 1790e33efe4SConrad Meyer memcmp(hash, blake2s_keyed_kat[i], sizeof(hash)), 1800e33efe4SConrad Meyer 0, 1810e33efe4SConrad Meyer "different at %zu", i); 1820e33efe4SConrad Meyer } 1830e33efe4SConrad Meyer } 1840e33efe4SConrad Meyer 1850e33efe4SConrad Meyer ATF_TC_WITHOUT_HEAD(blake2b_vectors); 1860e33efe4SConrad Meyer ATF_TC_BODY(blake2b_vectors, tc) 1870e33efe4SConrad Meyer { 1883c5ba95aSAlan Somers ATF_REQUIRE_SYSCTL_INT("kern.cryptodevallowsoft", 1); 189*871eec00SJohn Baldwin test_blake2b_vectors("cryptosoft0", "nexus/cryptosoft"); 1900e33efe4SConrad Meyer } 1910e33efe4SConrad Meyer 1920e33efe4SConrad Meyer ATF_TC_WITHOUT_HEAD(blake2s_vectors); 1930e33efe4SConrad Meyer ATF_TC_BODY(blake2s_vectors, tc) 1940e33efe4SConrad Meyer { 1953c5ba95aSAlan Somers ATF_REQUIRE_SYSCTL_INT("kern.cryptodevallowsoft", 1); 196*871eec00SJohn Baldwin test_blake2s_vectors("cryptosoft0", "nexus/cryptosoft"); 1970e33efe4SConrad Meyer } 1980e33efe4SConrad Meyer 1990e33efe4SConrad Meyer #if defined(__i386__) || defined(__amd64__) 2000e33efe4SConrad Meyer ATF_TC_WITHOUT_HEAD(blake2b_vectors_x86); 2010e33efe4SConrad Meyer ATF_TC_BODY(blake2b_vectors_x86, tc) 2020e33efe4SConrad Meyer { 203*871eec00SJohn Baldwin ATF_REQUIRE_SYSCTL_INT("kern.cryptodevallowsoft", 1); 204*871eec00SJohn Baldwin test_blake2b_vectors("blaketwo0", "nexus/blake2"); 2050e33efe4SConrad Meyer } 2060e33efe4SConrad Meyer 2070e33efe4SConrad Meyer ATF_TC_WITHOUT_HEAD(blake2s_vectors_x86); 2080e33efe4SConrad Meyer ATF_TC_BODY(blake2s_vectors_x86, tc) 2090e33efe4SConrad Meyer { 210*871eec00SJohn Baldwin ATF_REQUIRE_SYSCTL_INT("kern.cryptodevallowsoft", 1); 211*871eec00SJohn Baldwin test_blake2s_vectors("blaketwo0", "nexus/blake2"); 2120e33efe4SConrad Meyer } 2130e33efe4SConrad Meyer #endif 2140e33efe4SConrad Meyer 2150e33efe4SConrad Meyer ATF_TP_ADD_TCS(tp) 2160e33efe4SConrad Meyer { 2170e33efe4SConrad Meyer 2180e33efe4SConrad Meyer ATF_TP_ADD_TC(tp, blake2b_vectors); 2190e33efe4SConrad Meyer ATF_TP_ADD_TC(tp, blake2s_vectors); 2200e33efe4SConrad Meyer #if defined(__i386__) || defined(__amd64__) 2210e33efe4SConrad Meyer ATF_TP_ADD_TC(tp, blake2b_vectors_x86); 2220e33efe4SConrad Meyer ATF_TP_ADD_TC(tp, blake2s_vectors_x86); 2230e33efe4SConrad Meyer #endif 2240e33efe4SConrad Meyer 2250e33efe4SConrad Meyer return (atf_no_error()); 2260e33efe4SConrad Meyer } 227