1*1e7bbbc5SConrad Meyer /*- 2*1e7bbbc5SConrad Meyer * Copyright (c) 2018 Conrad Meyer <cem@FreeBSD.org> 3*1e7bbbc5SConrad Meyer * All rights reserved. 4*1e7bbbc5SConrad Meyer * 5*1e7bbbc5SConrad Meyer * Redistribution and use in source and binary forms, with or without 6*1e7bbbc5SConrad Meyer * modification, are permitted provided that the following conditions 7*1e7bbbc5SConrad Meyer * are met: 8*1e7bbbc5SConrad Meyer * 1. Redistributions of source code must retain the above copyright 9*1e7bbbc5SConrad Meyer * notice, this list of conditions and the following disclaimer. 10*1e7bbbc5SConrad Meyer * 2. Redistributions in binary form must reproduce the above copyright 11*1e7bbbc5SConrad Meyer * notice, this list of conditions and the following disclaimer in the 12*1e7bbbc5SConrad Meyer * documentation and/or other materials provided with the distribution. 13*1e7bbbc5SConrad Meyer * 14*1e7bbbc5SConrad Meyer * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15*1e7bbbc5SConrad Meyer * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16*1e7bbbc5SConrad Meyer * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17*1e7bbbc5SConrad Meyer * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18*1e7bbbc5SConrad Meyer * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19*1e7bbbc5SConrad Meyer * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20*1e7bbbc5SConrad Meyer * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21*1e7bbbc5SConrad Meyer * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22*1e7bbbc5SConrad Meyer * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23*1e7bbbc5SConrad Meyer * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24*1e7bbbc5SConrad Meyer * SUCH DAMAGE. 25*1e7bbbc5SConrad Meyer * 26*1e7bbbc5SConrad Meyer * $FreeBSD$ 27*1e7bbbc5SConrad Meyer */ 28*1e7bbbc5SConrad Meyer 29*1e7bbbc5SConrad Meyer #include <sys/param.h> 30*1e7bbbc5SConrad Meyer 31*1e7bbbc5SConrad Meyer #include <errno.h> 32*1e7bbbc5SConrad Meyer #include <fcntl.h> 33*1e7bbbc5SConrad Meyer #include <string.h> 34*1e7bbbc5SConrad Meyer 35*1e7bbbc5SConrad Meyer #include <atf-c.h> 36*1e7bbbc5SConrad Meyer 37*1e7bbbc5SConrad Meyer /* Be sure to include tree copy rather than system copy. */ 38*1e7bbbc5SConrad Meyer #include "cryptodev.h" 39*1e7bbbc5SConrad Meyer 40*1e7bbbc5SConrad Meyer #include "freebsd_test_suite/macros.h" 41*1e7bbbc5SConrad Meyer 42*1e7bbbc5SConrad Meyer struct poly1305_kat { 43*1e7bbbc5SConrad Meyer const char *vector_name; 44*1e7bbbc5SConrad Meyer const char *test_key_hex; 45*1e7bbbc5SConrad Meyer const char *test_msg_hex; 46*1e7bbbc5SConrad Meyer const size_t test_msg_len; 47*1e7bbbc5SConrad Meyer 48*1e7bbbc5SConrad Meyer const char *expected_tag_hex; 49*1e7bbbc5SConrad Meyer }; 50*1e7bbbc5SConrad Meyer 51*1e7bbbc5SConrad Meyer static const struct poly1305_kat rfc7539_kats[] = { 52*1e7bbbc5SConrad Meyer { 53*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 2.5.2", 54*1e7bbbc5SConrad Meyer .test_key_hex = "85:d6:be:78:57:55:6d:33:7f:44:52:fe:42:d5:06:a8" 55*1e7bbbc5SConrad Meyer ":01:03:80:8a:fb:0d:b2:fd:4a:bf:f6:af:41:49:f5:1b", 56*1e7bbbc5SConrad Meyer .test_msg_hex = 57*1e7bbbc5SConrad Meyer "43 72 79 70 74 6f 67 72 61 70 68 69 63 20 46 6f " 58*1e7bbbc5SConrad Meyer "72 75 6d 20 52 65 73 65 61 72 63 68 20 47 72 6f " 59*1e7bbbc5SConrad Meyer "75 70", 60*1e7bbbc5SConrad Meyer .test_msg_len = 34, 61*1e7bbbc5SConrad Meyer .expected_tag_hex = "a8:06:1d:c1:30:51:36:c6:c2:2b:8b:af:0c:01:27:a9", 62*1e7bbbc5SConrad Meyer }, 63*1e7bbbc5SConrad Meyer { 64*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #1", 65*1e7bbbc5SConrad Meyer .test_key_hex = 66*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 67*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ", 68*1e7bbbc5SConrad Meyer .test_msg_hex = 69*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 70*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 71*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 72*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ", 73*1e7bbbc5SConrad Meyer .test_msg_len = 64, 74*1e7bbbc5SConrad Meyer .expected_tag_hex = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", 75*1e7bbbc5SConrad Meyer }, 76*1e7bbbc5SConrad Meyer { 77*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #2", 78*1e7bbbc5SConrad Meyer .test_key_hex = 79*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 80*1e7bbbc5SConrad Meyer "36 e5 f6 b5 c5 e0 60 70 f0 ef ca 96 22 7a 86 3e ", 81*1e7bbbc5SConrad Meyer .test_msg_hex = 82*1e7bbbc5SConrad Meyer "41 6e 79 20 73 75 62 6d 69 73 73 69 6f 6e 20 74 " 83*1e7bbbc5SConrad Meyer "6f 20 74 68 65 20 49 45 54 46 20 69 6e 74 65 6e " 84*1e7bbbc5SConrad Meyer "64 65 64 20 62 79 20 74 68 65 20 43 6f 6e 74 72 " 85*1e7bbbc5SConrad Meyer "69 62 75 74 6f 72 20 66 6f 72 20 70 75 62 6c 69 " 86*1e7bbbc5SConrad Meyer "63 61 74 69 6f 6e 20 61 73 20 61 6c 6c 20 6f 72 " 87*1e7bbbc5SConrad Meyer "20 70 61 72 74 20 6f 66 20 61 6e 20 49 45 54 46 " 88*1e7bbbc5SConrad Meyer "20 49 6e 74 65 72 6e 65 74 2d 44 72 61 66 74 20 " 89*1e7bbbc5SConrad Meyer "6f 72 20 52 46 43 20 61 6e 64 20 61 6e 79 20 73 " 90*1e7bbbc5SConrad Meyer "74 61 74 65 6d 65 6e 74 20 6d 61 64 65 20 77 69 " 91*1e7bbbc5SConrad Meyer "74 68 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 " 92*1e7bbbc5SConrad Meyer "20 6f 66 20 61 6e 20 49 45 54 46 20 61 63 74 69 " 93*1e7bbbc5SConrad Meyer "76 69 74 79 20 69 73 20 63 6f 6e 73 69 64 65 72 " 94*1e7bbbc5SConrad Meyer "65 64 20 61 6e 20 22 49 45 54 46 20 43 6f 6e 74 " 95*1e7bbbc5SConrad Meyer "72 69 62 75 74 69 6f 6e 22 2e 20 53 75 63 68 20 " 96*1e7bbbc5SConrad Meyer "73 74 61 74 65 6d 65 6e 74 73 20 69 6e 63 6c 75 " 97*1e7bbbc5SConrad Meyer "64 65 20 6f 72 61 6c 20 73 74 61 74 65 6d 65 6e " 98*1e7bbbc5SConrad Meyer "74 73 20 69 6e 20 49 45 54 46 20 73 65 73 73 69 " 99*1e7bbbc5SConrad Meyer "6f 6e 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 " 100*1e7bbbc5SConrad Meyer "77 72 69 74 74 65 6e 20 61 6e 64 20 65 6c 65 63 " 101*1e7bbbc5SConrad Meyer "74 72 6f 6e 69 63 20 63 6f 6d 6d 75 6e 69 63 61 " 102*1e7bbbc5SConrad Meyer "74 69 6f 6e 73 20 6d 61 64 65 20 61 74 20 61 6e " 103*1e7bbbc5SConrad Meyer "79 20 74 69 6d 65 20 6f 72 20 70 6c 61 63 65 2c " 104*1e7bbbc5SConrad Meyer "20 77 68 69 63 68 20 61 72 65 20 61 64 64 72 65 " 105*1e7bbbc5SConrad Meyer "73 73 65 64 20 74 6f", 106*1e7bbbc5SConrad Meyer .test_msg_len = 375, 107*1e7bbbc5SConrad Meyer .expected_tag_hex = "36 e5 f6 b5 c5 e0 60 70 f0 ef ca 96 22 7a 86 3e", 108*1e7bbbc5SConrad Meyer }, 109*1e7bbbc5SConrad Meyer { 110*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #3", 111*1e7bbbc5SConrad Meyer .test_key_hex = 112*1e7bbbc5SConrad Meyer "36 e5 f6 b5 c5 e0 60 70 f0 ef ca 96 22 7a 86 3e " 113*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ", 114*1e7bbbc5SConrad Meyer .test_msg_hex = 115*1e7bbbc5SConrad Meyer "41 6e 79 20 73 75 62 6d 69 73 73 69 6f 6e 20 74 " 116*1e7bbbc5SConrad Meyer "6f 20 74 68 65 20 49 45 54 46 20 69 6e 74 65 6e " 117*1e7bbbc5SConrad Meyer "64 65 64 20 62 79 20 74 68 65 20 43 6f 6e 74 72 " 118*1e7bbbc5SConrad Meyer "69 62 75 74 6f 72 20 66 6f 72 20 70 75 62 6c 69 " 119*1e7bbbc5SConrad Meyer "63 61 74 69 6f 6e 20 61 73 20 61 6c 6c 20 6f 72 " 120*1e7bbbc5SConrad Meyer "20 70 61 72 74 20 6f 66 20 61 6e 20 49 45 54 46 " 121*1e7bbbc5SConrad Meyer "20 49 6e 74 65 72 6e 65 74 2d 44 72 61 66 74 20 " 122*1e7bbbc5SConrad Meyer "6f 72 20 52 46 43 20 61 6e 64 20 61 6e 79 20 73 " 123*1e7bbbc5SConrad Meyer "74 61 74 65 6d 65 6e 74 20 6d 61 64 65 20 77 69 " 124*1e7bbbc5SConrad Meyer "74 68 69 6e 20 74 68 65 20 63 6f 6e 74 65 78 74 " 125*1e7bbbc5SConrad Meyer "20 6f 66 20 61 6e 20 49 45 54 46 20 61 63 74 69 " 126*1e7bbbc5SConrad Meyer "76 69 74 79 20 69 73 20 63 6f 6e 73 69 64 65 72 " 127*1e7bbbc5SConrad Meyer "65 64 20 61 6e 20 22 49 45 54 46 20 43 6f 6e 74 " 128*1e7bbbc5SConrad Meyer "72 69 62 75 74 69 6f 6e 22 2e 20 53 75 63 68 20 " 129*1e7bbbc5SConrad Meyer "73 74 61 74 65 6d 65 6e 74 73 20 69 6e 63 6c 75 " 130*1e7bbbc5SConrad Meyer "64 65 20 6f 72 61 6c 20 73 74 61 74 65 6d 65 6e " 131*1e7bbbc5SConrad Meyer "74 73 20 69 6e 20 49 45 54 46 20 73 65 73 73 69 " 132*1e7bbbc5SConrad Meyer "6f 6e 73 2c 20 61 73 20 77 65 6c 6c 20 61 73 20 " 133*1e7bbbc5SConrad Meyer "77 72 69 74 74 65 6e 20 61 6e 64 20 65 6c 65 63 " 134*1e7bbbc5SConrad Meyer "74 72 6f 6e 69 63 20 63 6f 6d 6d 75 6e 69 63 61 " 135*1e7bbbc5SConrad Meyer "74 69 6f 6e 73 20 6d 61 64 65 20 61 74 20 61 6e " 136*1e7bbbc5SConrad Meyer "79 20 74 69 6d 65 20 6f 72 20 70 6c 61 63 65 2c " 137*1e7bbbc5SConrad Meyer "20 77 68 69 63 68 20 61 72 65 20 61 64 64 72 65 " 138*1e7bbbc5SConrad Meyer "73 73 65 64 20 74 6f", 139*1e7bbbc5SConrad Meyer .test_msg_len = 375, 140*1e7bbbc5SConrad Meyer .expected_tag_hex = "f3 47 7e 7c d9 54 17 af 89 a6 b8 79 4c 31 0c f0", 141*1e7bbbc5SConrad Meyer }, 142*1e7bbbc5SConrad Meyer { 143*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #4", 144*1e7bbbc5SConrad Meyer .test_key_hex = 145*1e7bbbc5SConrad Meyer "1c 92 40 a5 eb 55 d3 8a f3 33 88 86 04 f6 b5 f0 " 146*1e7bbbc5SConrad Meyer "47 39 17 c1 40 2b 80 09 9d ca 5c bc 20 70 75 c0 ", 147*1e7bbbc5SConrad Meyer .test_msg_hex = 148*1e7bbbc5SConrad Meyer "27 54 77 61 73 20 62 72 69 6c 6c 69 67 2c 20 61 " 149*1e7bbbc5SConrad Meyer "6e 64 20 74 68 65 20 73 6c 69 74 68 79 20 74 6f " 150*1e7bbbc5SConrad Meyer "76 65 73 0a 44 69 64 20 67 79 72 65 20 61 6e 64 " 151*1e7bbbc5SConrad Meyer "20 67 69 6d 62 6c 65 20 69 6e 20 74 68 65 20 77 " 152*1e7bbbc5SConrad Meyer "61 62 65 3a 0a 41 6c 6c 20 6d 69 6d 73 79 20 77 " 153*1e7bbbc5SConrad Meyer "65 72 65 20 74 68 65 20 62 6f 72 6f 67 6f 76 65 " 154*1e7bbbc5SConrad Meyer "73 2c 0a 41 6e 64 20 74 68 65 20 6d 6f 6d 65 20 " 155*1e7bbbc5SConrad Meyer "72 61 74 68 73 20 6f 75 74 67 72 61 62 65 2e", 156*1e7bbbc5SConrad Meyer .test_msg_len = 127, 157*1e7bbbc5SConrad Meyer .expected_tag_hex = "45 41 66 9a 7e aa ee 61 e7 08 dc 7c bc c5 eb 62", 158*1e7bbbc5SConrad Meyer }, 159*1e7bbbc5SConrad Meyer { 160*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #5", 161*1e7bbbc5SConrad Meyer .test_key_hex = 162*1e7bbbc5SConrad Meyer "02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 163*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ", 164*1e7bbbc5SConrad Meyer .test_msg_hex = 165*1e7bbbc5SConrad Meyer "FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF", 166*1e7bbbc5SConrad Meyer .test_msg_len = 16, 167*1e7bbbc5SConrad Meyer .expected_tag_hex = "03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", 168*1e7bbbc5SConrad Meyer }, 169*1e7bbbc5SConrad Meyer { 170*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #6", 171*1e7bbbc5SConrad Meyer .test_key_hex = 172*1e7bbbc5SConrad Meyer "02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 173*1e7bbbc5SConrad Meyer "FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ", 174*1e7bbbc5SConrad Meyer .test_msg_hex = 175*1e7bbbc5SConrad Meyer "02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", 176*1e7bbbc5SConrad Meyer .test_msg_len = 16, 177*1e7bbbc5SConrad Meyer .expected_tag_hex = "03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", 178*1e7bbbc5SConrad Meyer 179*1e7bbbc5SConrad Meyer }, 180*1e7bbbc5SConrad Meyer { 181*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #7", 182*1e7bbbc5SConrad Meyer .test_key_hex = 183*1e7bbbc5SConrad Meyer "01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 184*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ", 185*1e7bbbc5SConrad Meyer .test_msg_hex = 186*1e7bbbc5SConrad Meyer "FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF " 187*1e7bbbc5SConrad Meyer "F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF " 188*1e7bbbc5SConrad Meyer "11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", 189*1e7bbbc5SConrad Meyer .test_msg_len = 48, 190*1e7bbbc5SConrad Meyer .expected_tag_hex = "05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", 191*1e7bbbc5SConrad Meyer }, 192*1e7bbbc5SConrad Meyer { 193*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #8", 194*1e7bbbc5SConrad Meyer .test_key_hex = 195*1e7bbbc5SConrad Meyer "01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 196*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ", 197*1e7bbbc5SConrad Meyer .test_msg_hex = 198*1e7bbbc5SConrad Meyer "FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF " 199*1e7bbbc5SConrad Meyer "FB FE FE FE FE FE FE FE FE FE FE FE FE FE FE FE " 200*1e7bbbc5SConrad Meyer "01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01", 201*1e7bbbc5SConrad Meyer .test_msg_len = 48, 202*1e7bbbc5SConrad Meyer .expected_tag_hex = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", 203*1e7bbbc5SConrad Meyer }, 204*1e7bbbc5SConrad Meyer { 205*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #9", 206*1e7bbbc5SConrad Meyer .test_key_hex = 207*1e7bbbc5SConrad Meyer "02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 208*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ", 209*1e7bbbc5SConrad Meyer .test_msg_hex = 210*1e7bbbc5SConrad Meyer "FD FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF", 211*1e7bbbc5SConrad Meyer .test_msg_len = 16, 212*1e7bbbc5SConrad Meyer .expected_tag_hex = "FA FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF", 213*1e7bbbc5SConrad Meyer }, 214*1e7bbbc5SConrad Meyer { 215*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #10", 216*1e7bbbc5SConrad Meyer .test_key_hex = 217*1e7bbbc5SConrad Meyer "01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 " 218*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ", 219*1e7bbbc5SConrad Meyer .test_msg_hex = 220*1e7bbbc5SConrad Meyer "E3 35 94 D7 50 5E 43 B9 00 00 00 00 00 00 00 00 " 221*1e7bbbc5SConrad Meyer "33 94 D7 50 5E 43 79 CD 01 00 00 00 00 00 00 00 " 222*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 " 223*1e7bbbc5SConrad Meyer "01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", 224*1e7bbbc5SConrad Meyer .test_msg_len = 64, 225*1e7bbbc5SConrad Meyer .expected_tag_hex = "14 00 00 00 00 00 00 00 55 00 00 00 00 00 00 00", 226*1e7bbbc5SConrad Meyer }, 227*1e7bbbc5SConrad Meyer { 228*1e7bbbc5SConrad Meyer .vector_name = "RFC 7539 \xc2\xa7 A.3 #11", 229*1e7bbbc5SConrad Meyer .test_key_hex = 230*1e7bbbc5SConrad Meyer "01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 " 231*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ", 232*1e7bbbc5SConrad Meyer .test_msg_hex = 233*1e7bbbc5SConrad Meyer "E3 35 94 D7 50 5E 43 B9 00 00 00 00 00 00 00 00 " 234*1e7bbbc5SConrad Meyer "33 94 D7 50 5E 43 79 CD 01 00 00 00 00 00 00 00 " 235*1e7bbbc5SConrad Meyer "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", 236*1e7bbbc5SConrad Meyer .test_msg_len = 48, 237*1e7bbbc5SConrad Meyer .expected_tag_hex = "13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", 238*1e7bbbc5SConrad Meyer }, 239*1e7bbbc5SConrad Meyer }; 240*1e7bbbc5SConrad Meyer 241*1e7bbbc5SConrad Meyer static void 242*1e7bbbc5SConrad Meyer parse_hex(const struct poly1305_kat *kat, const char *hexstr, void *voutput, 243*1e7bbbc5SConrad Meyer size_t explen) 244*1e7bbbc5SConrad Meyer { 245*1e7bbbc5SConrad Meyer /* Space or colon delimited; may contain a single trailing space; 246*1e7bbbc5SConrad Meyer * length should match exactly. 247*1e7bbbc5SConrad Meyer */ 248*1e7bbbc5SConrad Meyer const char *sep, *it; 249*1e7bbbc5SConrad Meyer size_t sym_len, count; 250*1e7bbbc5SConrad Meyer char hbyte[3], *out; 251*1e7bbbc5SConrad Meyer int res; 252*1e7bbbc5SConrad Meyer 253*1e7bbbc5SConrad Meyer out = voutput; 254*1e7bbbc5SConrad Meyer memset(hbyte, 0, sizeof(hbyte)); 255*1e7bbbc5SConrad Meyer 256*1e7bbbc5SConrad Meyer it = hexstr; 257*1e7bbbc5SConrad Meyer count = 0; 258*1e7bbbc5SConrad Meyer while (true) { 259*1e7bbbc5SConrad Meyer sep = strpbrk(it, " :"); 260*1e7bbbc5SConrad Meyer if (sep == NULL) 261*1e7bbbc5SConrad Meyer sym_len = strlen(it); 262*1e7bbbc5SConrad Meyer else 263*1e7bbbc5SConrad Meyer sym_len = sep - it; 264*1e7bbbc5SConrad Meyer 265*1e7bbbc5SConrad Meyer ATF_REQUIRE_EQ_MSG(sym_len, 2, 266*1e7bbbc5SConrad Meyer "invalid hex byte '%.*s' in vector %s", (int)sym_len, it, 267*1e7bbbc5SConrad Meyer kat->vector_name); 268*1e7bbbc5SConrad Meyer 269*1e7bbbc5SConrad Meyer memcpy(hbyte, it, 2); 270*1e7bbbc5SConrad Meyer res = sscanf(hbyte, "%hhx", &out[count]); 271*1e7bbbc5SConrad Meyer ATF_REQUIRE_EQ_MSG(res, 1, 272*1e7bbbc5SConrad Meyer "invalid hex byte '%s' in vector %s", hbyte, 273*1e7bbbc5SConrad Meyer kat->vector_name); 274*1e7bbbc5SConrad Meyer 275*1e7bbbc5SConrad Meyer count++; 276*1e7bbbc5SConrad Meyer ATF_REQUIRE_MSG(count <= explen, 277*1e7bbbc5SConrad Meyer "got longer than expected value at %s", kat->vector_name); 278*1e7bbbc5SConrad Meyer 279*1e7bbbc5SConrad Meyer if (sep == NULL) 280*1e7bbbc5SConrad Meyer break; 281*1e7bbbc5SConrad Meyer it = sep; 282*1e7bbbc5SConrad Meyer while (*it == ' ' || *it == ':') 283*1e7bbbc5SConrad Meyer it++; 284*1e7bbbc5SConrad Meyer if (*it == 0) 285*1e7bbbc5SConrad Meyer break; 286*1e7bbbc5SConrad Meyer } 287*1e7bbbc5SConrad Meyer 288*1e7bbbc5SConrad Meyer ATF_REQUIRE_EQ_MSG(count, explen, "got short value at %s", 289*1e7bbbc5SConrad Meyer kat->vector_name); 290*1e7bbbc5SConrad Meyer } 291*1e7bbbc5SConrad Meyer 292*1e7bbbc5SConrad Meyer static void 293*1e7bbbc5SConrad Meyer parse_vector(const struct poly1305_kat *kat, 294*1e7bbbc5SConrad Meyer uint8_t key[__min_size(POLY1305_KEY_LEN)], char *msg, 295*1e7bbbc5SConrad Meyer uint8_t exptag[__min_size(POLY1305_HASH_LEN)]) 296*1e7bbbc5SConrad Meyer { 297*1e7bbbc5SConrad Meyer parse_hex(kat, kat->test_key_hex, key, POLY1305_KEY_LEN); 298*1e7bbbc5SConrad Meyer parse_hex(kat, kat->test_msg_hex, msg, kat->test_msg_len); 299*1e7bbbc5SConrad Meyer parse_hex(kat, kat->expected_tag_hex, exptag, POLY1305_HASH_LEN); 300*1e7bbbc5SConrad Meyer } 301*1e7bbbc5SConrad Meyer 302*1e7bbbc5SConrad Meyer static int 303*1e7bbbc5SConrad Meyer get_handle_fd(void) 304*1e7bbbc5SConrad Meyer { 305*1e7bbbc5SConrad Meyer int dc_fd, fd; 306*1e7bbbc5SConrad Meyer 307*1e7bbbc5SConrad Meyer dc_fd = open("/dev/crypto", O_RDWR); 308*1e7bbbc5SConrad Meyer 309*1e7bbbc5SConrad Meyer /* 310*1e7bbbc5SConrad Meyer * Why do we do this dance instead of just operating on /dev/crypto 311*1e7bbbc5SConrad Meyer * directly? I have no idea. 312*1e7bbbc5SConrad Meyer */ 313*1e7bbbc5SConrad Meyer ATF_REQUIRE(dc_fd >= 0); 314*1e7bbbc5SConrad Meyer ATF_REQUIRE(ioctl(dc_fd, CRIOGET, &fd) != -1); 315*1e7bbbc5SConrad Meyer close(dc_fd); 316*1e7bbbc5SConrad Meyer return (fd); 317*1e7bbbc5SConrad Meyer } 318*1e7bbbc5SConrad Meyer 319*1e7bbbc5SConrad Meyer static int 320*1e7bbbc5SConrad Meyer create_session(int fd, int alg, int crid, const void *key, size_t klen) 321*1e7bbbc5SConrad Meyer { 322*1e7bbbc5SConrad Meyer struct session2_op sop; 323*1e7bbbc5SConrad Meyer 324*1e7bbbc5SConrad Meyer memset(&sop, 0, sizeof(sop)); 325*1e7bbbc5SConrad Meyer 326*1e7bbbc5SConrad Meyer sop.mac = alg; 327*1e7bbbc5SConrad Meyer sop.mackey = key; 328*1e7bbbc5SConrad Meyer sop.mackeylen = klen; 329*1e7bbbc5SConrad Meyer sop.crid = crid; 330*1e7bbbc5SConrad Meyer 331*1e7bbbc5SConrad Meyer ATF_REQUIRE_MSG(ioctl(fd, CIOCGSESSION2, &sop) >= 0, 332*1e7bbbc5SConrad Meyer "alg %d keylen %zu, errno=%d (%s)", alg, klen, errno, 333*1e7bbbc5SConrad Meyer strerror(errno)); 334*1e7bbbc5SConrad Meyer return (sop.ses); 335*1e7bbbc5SConrad Meyer } 336*1e7bbbc5SConrad Meyer 337*1e7bbbc5SConrad Meyer static void 338*1e7bbbc5SConrad Meyer destroy_session(int fd, int _ses) 339*1e7bbbc5SConrad Meyer { 340*1e7bbbc5SConrad Meyer uint32_t ses; 341*1e7bbbc5SConrad Meyer 342*1e7bbbc5SConrad Meyer ses = _ses; 343*1e7bbbc5SConrad Meyer ATF_REQUIRE_MSG(ioctl(fd, CIOCFSESSION, &ses) >= 0, 344*1e7bbbc5SConrad Meyer "destroy session failed, errno=%d (%s)", errno, strerror(errno)); 345*1e7bbbc5SConrad Meyer } 346*1e7bbbc5SConrad Meyer 347*1e7bbbc5SConrad Meyer static void 348*1e7bbbc5SConrad Meyer do_cryptop(int fd, int ses, const void *inp, size_t inlen, void *out) 349*1e7bbbc5SConrad Meyer { 350*1e7bbbc5SConrad Meyer struct crypt_op cop; 351*1e7bbbc5SConrad Meyer 352*1e7bbbc5SConrad Meyer memset(&cop, 0, sizeof(cop)); 353*1e7bbbc5SConrad Meyer 354*1e7bbbc5SConrad Meyer cop.ses = ses; 355*1e7bbbc5SConrad Meyer cop.len = inlen; 356*1e7bbbc5SConrad Meyer cop.src = inp; 357*1e7bbbc5SConrad Meyer cop.mac = out; 358*1e7bbbc5SConrad Meyer ATF_CHECK_MSG(ioctl(fd, CIOCCRYPT, &cop) >= 0, "ioctl(CIOCCRYPT)"); 359*1e7bbbc5SConrad Meyer } 360*1e7bbbc5SConrad Meyer 361*1e7bbbc5SConrad Meyer static void 362*1e7bbbc5SConrad Meyer test_rfc7539_poly1305_vectors(int crid, const char *modname) 363*1e7bbbc5SConrad Meyer { 364*1e7bbbc5SConrad Meyer uint8_t comptag[POLY1305_HASH_LEN], exptag[POLY1305_HASH_LEN], 365*1e7bbbc5SConrad Meyer key[POLY1305_KEY_LEN], msg[512]; 366*1e7bbbc5SConrad Meyer int fd, ses; 367*1e7bbbc5SConrad Meyer size_t i; 368*1e7bbbc5SConrad Meyer 369*1e7bbbc5SConrad Meyer ATF_REQUIRE_KERNEL_MODULE(modname); 370*1e7bbbc5SConrad Meyer ATF_REQUIRE_KERNEL_MODULE("cryptodev"); 371*1e7bbbc5SConrad Meyer 372*1e7bbbc5SConrad Meyer fd = get_handle_fd(); 373*1e7bbbc5SConrad Meyer 374*1e7bbbc5SConrad Meyer for (i = 0; i < nitems(rfc7539_kats); i++) { 375*1e7bbbc5SConrad Meyer const struct poly1305_kat *kat; 376*1e7bbbc5SConrad Meyer 377*1e7bbbc5SConrad Meyer kat = &rfc7539_kats[i]; 378*1e7bbbc5SConrad Meyer parse_vector(kat, key, msg, exptag); 379*1e7bbbc5SConrad Meyer 380*1e7bbbc5SConrad Meyer ses = create_session(fd, CRYPTO_POLY1305, crid, key, sizeof(key)); 381*1e7bbbc5SConrad Meyer 382*1e7bbbc5SConrad Meyer do_cryptop(fd, ses, msg, kat->test_msg_len, comptag); 383*1e7bbbc5SConrad Meyer ATF_CHECK_EQ_MSG(memcmp(comptag, exptag, sizeof(exptag)), 0, 384*1e7bbbc5SConrad Meyer "KAT %s failed:", kat->vector_name); 385*1e7bbbc5SConrad Meyer 386*1e7bbbc5SConrad Meyer destroy_session(fd, ses); 387*1e7bbbc5SConrad Meyer } 388*1e7bbbc5SConrad Meyer } 389*1e7bbbc5SConrad Meyer 390*1e7bbbc5SConrad Meyer ATF_TC_WITHOUT_HEAD(poly1305_vectors); 391*1e7bbbc5SConrad Meyer ATF_TC_BODY(poly1305_vectors, tc) 392*1e7bbbc5SConrad Meyer { 393*1e7bbbc5SConrad Meyer ATF_REQUIRE_SYSCTL_INT("kern.cryptodevallowsoft", 1); 394*1e7bbbc5SConrad Meyer test_rfc7539_poly1305_vectors(CRYPTO_FLAG_SOFTWARE, "nexus/cryptosoft"); 395*1e7bbbc5SConrad Meyer } 396*1e7bbbc5SConrad Meyer 397*1e7bbbc5SConrad Meyer ATF_TP_ADD_TCS(tp) 398*1e7bbbc5SConrad Meyer { 399*1e7bbbc5SConrad Meyer 400*1e7bbbc5SConrad Meyer ATF_TP_ADD_TC(tp, poly1305_vectors); 401*1e7bbbc5SConrad Meyer 402*1e7bbbc5SConrad Meyer return (atf_no_error()); 403*1e7bbbc5SConrad Meyer } 404