📄 testipsec.c
字号:
/****************************************************************************
* testipsec.c - IPSec known-answer test for SEC2 device driver
****************************************************************************
* Copyright (c) 2004-2005 Freescale Semiconductor
* All Rights Reserved. Proprietary and Confidential.
*
* NOTICE: The information contained in this file is proprietary
* to Freescale Semiconductor, and is being made available to
* Freescale's customers under strict license agreements.
* Use or disclosure of this information is permissible only
* under the terms of the existing license agreement.
***************************************************************************/
/* Revision History:
* 1.1.0 Dec 05,2004 sec - prep for linux-compatible driver release
* 1.1.1 Jan 08,2005 sec - Todd's comprehensive test cases added and code
* cleaned up.
* 1.2 02-Feb-2005 sec - fix up type warnings
*/
#include "Sec2.h"
#include "sec2drvTest.h"
/* NOTE: (ENC_DATA_LENGTH - 8) must be a multiple of 16 or the AES tests will fail! */
#define ENC_DATA_LENGTH (3000)
typedef struct
{
unsigned long encryptopId;
unsigned long hmacopId;
unsigned long ipsecencopId;
unsigned long ipsecdecopId;
unsigned long keyBytes;
unsigned long hashOutBytes;
char testDesc[30];
} IPSECTESTTYPE;
static unsigned char PlainText[ENC_DATA_LENGTH] __attribute__ ((aligned (16)));
static unsigned char ipsecDecryptOut[ENC_DATA_LENGTH + 32] __attribute__ ((aligned (16)));
static unsigned char encryptOnlyOutput[ENC_DATA_LENGTH] __attribute__ ((aligned (8)));
static unsigned char ipsecoutput[ENC_DATA_LENGTH + 32] __attribute__ ((aligned (8)));
static unsigned char outivdata[16] __attribute__ ((aligned (8)));
static unsigned char hmacdigest[32] __attribute__ ((aligned (8)));
static unsigned char ipsecdigest[32] __attribute__ ((aligned (8)));
/* encrypt key - 24 bytes */
static const unsigned char EncKey[] __attribute__ ((aligned (16))) = {
0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68,
0x69, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76,
0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e
};
/* auth key - 16 bytes */
static const unsigned char authKey[] = {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
};
/* IV - 8 bytes */
/* static unsigned char in_iv[] __attribute__ ((aligned (16))) = "abcdef01"; */
static const unsigned char in_iv[] __attribute__ ((aligned (16))) = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
/**********************************************************************
**********************************************************************
* D E S C B C T E S T S *
**********************************************************************
**********************************************************************/
#define NUM_DES_CBC_TESTS 6
static IPSECTESTTYPE descbctest[NUM_DES_CBC_TESTS] =
{
/* IPSEC TDES CBC MD5 PAD */
DPD_TDES_CBC_CTX_ENCRYPT,
DPD_MD5_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_CBC_TDES_ENCRYPT_MD5_PAD,
DPD_IPSEC_CBC_TDES_DECRYPT_MD5_PAD,
24,
16,
"IPSEC TDES CBC MD5 PAD",
/* IPSEC TDES CBC SHA-1 PAD */
DPD_TDES_CBC_CTX_ENCRYPT,
DPD_SHA_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_CBC_TDES_ENCRYPT_SHA_PAD,
DPD_IPSEC_CBC_TDES_DECRYPT_SHA_PAD,
24,
20,
"IPSEC TDES CBC SHA-1 PAD",
/* IPSEC TDES CBC SHA-256 PAD */
DPD_TDES_CBC_CTX_ENCRYPT,
DPD_SHA256_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_CBC_TDES_ENCRYPT_SHA256_PAD,
DPD_IPSEC_CBC_TDES_DECRYPT_SHA256_PAD,
24,
32,
"IPSEC TDES CBC SHA-256 PAD",
/* IPSEC SDES CBC MD5 PAD */
DPD_SDES_CBC_CTX_ENCRYPT,
DPD_MD5_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_CBC_SDES_ENCRYPT_MD5_PAD,
DPD_IPSEC_CBC_SDES_DECRYPT_MD5_PAD,
8,
16,
"IPSEC SDES CBC MD5 PAD",
/* IPSEC SDES CBC SHA-1 PAD */
DPD_SDES_CBC_CTX_ENCRYPT,
DPD_SHA_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_CBC_SDES_ENCRYPT_SHA_PAD,
DPD_IPSEC_CBC_SDES_DECRYPT_SHA_PAD,
8,
20,
"IPSEC SDES CBC SHA-1 PAD",
/* IPSEC SDES CBC SHA-256 PAD */
DPD_SDES_CBC_CTX_ENCRYPT,
DPD_SHA256_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_CBC_SDES_ENCRYPT_SHA256_PAD,
DPD_IPSEC_CBC_SDES_DECRYPT_SHA256_PAD,
8,
32,
"IPSEC SDES CBC SHA-256 PAD"
};
static int testIPSECdescbcreq
(
int fd
)
{
IPSEC_CBC_REQ ipsecReq;
DES_LOADCTX_CRYPT_REQ desReq;
HMAC_PAD_REQ dyHmacReq;
int i, status, iTestIndex;
for (iTestIndex = 0; iTestIndex < NUM_DES_CBC_TESTS; iTestIndex++)
{
printf("\n*** Test %s ***\n", descbctest[iTestIndex].testDesc);
printf("Testing encryption\n");
/********************************************************************
* First step of test is to perform encryption and HMAC separately. *
* This result will compared with the IPSEC operation result later. *
********************************************************************/
/* Clear buffers */
memset(&ipsecReq, 0, sizeof(ipsecReq));
memset(&desReq, 0, sizeof(desReq));
memset(&dyHmacReq, 0, sizeof(dyHmacReq));
memset(ipsecoutput,0, ENC_DATA_LENGTH);
memset(ipsecDecryptOut,0, ENC_DATA_LENGTH);
memset(encryptOnlyOutput, 0, ENC_DATA_LENGTH);
/* Copy the first 8 bytes to leave unencrypted because this is the ESP header
in IPSec which is authenticated but not encrypted. */
memcpy(encryptOnlyOutput, PlainText, 8);
/* Set up encryption request */
desReq.opId = descbctest[iTestIndex].encryptopId;
desReq.inIvBytes = 8;
desReq.keyBytes = descbctest[iTestIndex].keyBytes;
desReq.inBytes = ENC_DATA_LENGTH - 8;
desReq.outIvBytes = 8;
desReq.keyData = (unsigned char *)EncKey;
desReq.inData = &PlainText[8];
desReq.inIvData = (unsigned char *)in_iv;
desReq.outData = &encryptOnlyOutput[8];
desReq.outIvData = outivdata;
/* Allocate buffers and copy data */
if (status = putKmem(fd, EncKey, &desReq.keyData, desReq.keyBytes))
return status;
if (status = putKmem(fd, &PlainText[8], &desReq.inData, ENC_DATA_LENGTH - 8))
goto free_descbc_enc_data_1;
if (status = putKmem(fd, in_iv, &desReq.inIvData, 8))
goto free_descbc_enc_data_2;
if (status = putKmem(fd, NULL, &desReq.outData, ENC_DATA_LENGTH - 8))
goto free_descbc_enc_data_3;
if (status = putKmem(fd, NULL, &desReq.outIvData, 8))
goto free_descbc_enc_data_4;
/* Issue IOCTL */
armCompletion(&desReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&desReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: cipher only encryption", status, &desReq))
goto free_descbc_enc_data_all;
/* If we got to here then there was no error. Get the encrypted data
and IV. */
getKmem(fd, &encryptOnlyOutput[8], &desReq.outData, ENC_DATA_LENGTH - 8);
getKmem(fd, outivdata, &desReq.outIvData, 8);
/* Free buffers. Labels are for error-handling only! */
free_descbc_enc_data_all:
freeKmem(fd, &desReq.outIvData);
free_descbc_enc_data_4:
freeKmem(fd, &desReq.outData);
free_descbc_enc_data_3:
freeKmem(fd, &desReq.inIvData);
free_descbc_enc_data_2:
freeKmem(fd, &desReq.inData);
free_descbc_enc_data_1:
freeKmem(fd, &desReq.keyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/* Set up HMAC request */
dyHmacReq.opId = descbctest[iTestIndex].hmacopId;
dyHmacReq.keyBytes = 16;
dyHmacReq.inBytes = ENC_DATA_LENGTH;
dyHmacReq.outBytes = descbctest[iTestIndex].hashOutBytes;
dyHmacReq.keyData = (unsigned char *)authKey;
dyHmacReq.inData = encryptOnlyOutput;
dyHmacReq.outData = hmacdigest;
/* Allocate buffers and copy data */
if (status = putKmem(fd, authKey, &dyHmacReq.keyData, 16)) return status;
if (status = putKmem(fd, encryptOnlyOutput, &dyHmacReq.inData, ENC_DATA_LENGTH))
goto free_descbc_hmac_data_2;
if (status = putKmem(fd, NULL, &dyHmacReq.outData, dyHmacReq.outBytes))
goto free_descbc_hmac_data_2;
/* Issue IOCTL */
armCompletion(&dyHmacReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&dyHmacReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: authentication only", status, &dyHmacReq))
goto free_descbc_hmac_data_all;
getKmem(fd, hmacdigest, &dyHmacReq.outData, dyHmacReq.outBytes);
/* Free buffers. Labels are for error-handling only! */
free_descbc_hmac_data_all:
freeKmem(fd, &dyHmacReq.outData);
free_descbc_hmac_data_2:
freeKmem(fd, &dyHmacReq.inData);
free_descbc_hmac_data_1:
freeKmem(fd, &dyHmacReq.keyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/********************************************************************
* Second step of test is to perform encryption and HMAC using the *
* single IPSEC operation ID. Compare this to the result obtained *
* in the first step. *
********************************************************************/
/* Set up IPSec request */
ipsecReq.opId = descbctest[iTestIndex].ipsecencopId;
ipsecReq.hashKeyBytes = 16;
ipsecReq.cryptCtxInBytes = 8;
ipsecReq.cryptKeyBytes = descbctest[iTestIndex].keyBytes;
ipsecReq.hashInDataBytes = 8;
ipsecReq.inDataBytes = ENC_DATA_LENGTH-8;
ipsecReq.hashDataOutBytes = descbctest[iTestIndex].hashOutBytes;
ipsecReq.hashKeyData = (unsigned char *)authKey;
ipsecReq.cryptCtxInData = (unsigned char *)in_iv;
ipsecReq.cryptKeyData = (unsigned char *)EncKey;
ipsecReq.hashInData = PlainText;
ipsecReq.inData = &PlainText[8];
ipsecReq.cryptDataOut = ipsecoutput;
ipsecReq.hashDataOut = ipsecdigest;
/* Allocate buffers and copy data */
if (status = putKmem(fd, authKey, &ipsecReq.hashKeyData, ipsecReq.hashKeyBytes))
return status;
if (status = putKmem(fd, in_iv, &ipsecReq.cryptCtxInData, ipsecReq.cryptCtxInBytes))
goto free_descbc_ipsec_data_1;
if (status = putKmem(fd, EncKey, &ipsecReq.cryptKeyData, ipsecReq.cryptKeyBytes))
goto free_descbc_ipsec_data_2;
if (status = putKmem(fd, PlainText, &ipsecReq.hashInData, ipsecReq.hashInDataBytes))
goto free_descbc_ipsec_data_3;
if (status = putKmem(fd, &PlainText[8], &ipsecReq.inData, ipsecReq.inDataBytes))
goto free_descbc_ipsec_data_4;
if (status = putKmem(fd, NULL, &ipsecReq.cryptDataOut, ipsecReq.inDataBytes))
goto free_descbc_ipsec_data_5;
if (status = putKmem(fd, NULL, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes))
goto free_descbc_ipsec_data_6;
/* Issue IOCTL */
armCompletion(&ipsecReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&ipsecReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: combined cipher/authentication", status, &ipsecReq))
goto free_descbc_ipsec_data_all;
/* Get output buffers */
getKmem(fd, ipsecoutput, &ipsecReq.cryptDataOut, ipsecReq.inDataBytes);
getKmem(fd, ipsecdigest, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes);
/* Free buffers. Labels are for error-handling only! */
free_descbc_ipsec_data_all:
freeKmem(fd, &ipsecReq.hashDataOut);
free_descbc_ipsec_data_6:
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -