📄 testipsec.c
字号:
freeKmem(fd, &ipsecReq.cryptDataOut);
free_descbc_ipsec_data_5:
freeKmem(fd, &ipsecReq.inData);
free_descbc_ipsec_data_4:
freeKmem(fd, &ipsecReq.hashInData);
free_descbc_ipsec_data_3:
freeKmem(fd, &ipsecReq.cryptKeyData);
free_descbc_ipsec_data_2:
freeKmem(fd, &ipsecReq.cryptCtxInData);
free_descbc_ipsec_data_1:
freeKmem(fd, &ipsecReq.hashKeyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/* Verify that separate and combined descriptor operations agree. */
if ((memcmp(&encryptOnlyOutput[8], ipsecoutput, ENC_DATA_LENGTH-8)) != 0)
{
printf ("separate and combined descriptors disagree on cypher\n");
return SEC2_UNKNOWN_ERROR;
}
if ((memcmp(ipsecdigest, hmacdigest, descbctest[iTestIndex].hashOutBytes)) !=0)
{
printf ("separate and combined descriptors disagree on digests\n");
return SEC2_UNKNOWN_ERROR;
}
printf("Testing decryption\n");
/********************************************************************
* Third step of test is to perform decryption and HMAC. Compare *
* this to the original plain text and HMAC digest. *
********************************************************************/
memset(ipsecDecryptOut,0, ENC_DATA_LENGTH);
memcpy(ipsecDecryptOut, PlainText, 8);
memset(&ipsecReq, 0, sizeof(ipsecReq));
memset(ipsecdigest,0, 20);
/* Set up IPSec request */
ipsecReq.opId = descbctest[iTestIndex].ipsecdecopId;
ipsecReq.hashKeyBytes = 16;
ipsecReq.cryptCtxInBytes = 8;
ipsecReq.cryptKeyBytes = descbctest[iTestIndex].keyBytes;
ipsecReq.hashInDataBytes = 8;
ipsecReq.inDataBytes = ENC_DATA_LENGTH-8;
ipsecReq.hashDataOutBytes = descbctest[iTestIndex].hashOutBytes;
ipsecReq.hashKeyData = (unsigned char *)authKey;
ipsecReq.cryptCtxInData = (unsigned char *)in_iv;;
ipsecReq.cryptKeyData = (unsigned char *)EncKey;
ipsecReq.hashInData = ipsecDecryptOut;
ipsecReq.inData = ipsecoutput;
ipsecReq.cryptDataOut = &ipsecDecryptOut[8];
ipsecReq.hashDataOut = ipsecdigest;
/* Allocate buffers and copy data */
if (status = putKmem(fd, authKey, &ipsecReq.hashKeyData, ipsecReq.hashKeyBytes))
return status;
if (status = putKmem(fd, in_iv, &ipsecReq.cryptCtxInData, ipsecReq.cryptCtxInBytes))
goto free_descbc_ipsec_decr_data_1;
if (status = putKmem(fd, EncKey, &ipsecReq.cryptKeyData, ipsecReq.cryptKeyBytes))
goto free_descbc_ipsec_decr_data_2;
if (status = putKmem(fd, ipsecDecryptOut, &ipsecReq.hashInData, ipsecReq.hashInDataBytes))
goto free_descbc_ipsec_decr_data_3;
if (status = putKmem(fd, ipsecoutput, &ipsecReq.inData, ipsecReq.inDataBytes))
goto free_descbc_ipsec_decr_data_4;
if (status = putKmem(fd, NULL, &ipsecReq.cryptDataOut, ipsecReq.inDataBytes))
goto free_descbc_ipsec_decr_data_5;
if (status = putKmem(fd, NULL, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes))
goto free_descbc_ipsec_decr_data_6;
/* Issue IOCTL */
armCompletion(&ipsecReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&ipsecReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: decryption", status, &ipsecReq))
goto free_descbc_ipsec_data_all;
/* Get output buffers */
getKmem(fd, &ipsecDecryptOut[8], &ipsecReq.cryptDataOut, ipsecReq.inDataBytes);
getKmem(fd, ipsecdigest, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes);
/* Free buffers. Labels are for error-handling only! */
free_descbc_ipsec_decr_data_all:
freeKmem(fd, &ipsecReq.hashDataOut);
free_descbc_ipsec_decr_data_6:
freeKmem(fd, &ipsecReq.cryptDataOut);
free_descbc_ipsec_decr_data_5:
freeKmem(fd, &ipsecReq.inData);
free_descbc_ipsec_decr_data_4:
freeKmem(fd, &ipsecReq.hashInData);
free_descbc_ipsec_decr_data_3:
freeKmem(fd, &ipsecReq.cryptKeyData);
free_descbc_ipsec_decr_data_2:
freeKmem(fd, &ipsecReq.cryptCtxInData);
free_descbc_ipsec_decr_data_1:
freeKmem(fd, &ipsecReq.hashKeyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/* Verify that separate and combined descriptor operations agree. */
if ((memcmp(PlainText, ipsecDecryptOut, ENC_DATA_LENGTH)) != 0)
{
printf ("IPSec decryption doesn't match plaintext.\n");
return SEC2_UNKNOWN_ERROR;
}
if ((memcmp(ipsecdigest, hmacdigest, descbctest[iTestIndex].hashOutBytes)) !=0)
{
printf ("IPSec decryption digest doesn't match HMAC digest\n");
return SEC2_UNKNOWN_ERROR;
}
printf("*** Test %s complete ***\n", descbctest[iTestIndex].testDesc);
}
return 0;
} /* testIPSECdescbcreq */
/**********************************************************************
**********************************************************************
* D E S E C B T E S T S *
**********************************************************************
**********************************************************************/
#define NUM_DES_ECB_TESTS 6
static IPSECTESTTYPE desecbtest[NUM_DES_ECB_TESTS] =
{
/* IPSEC TDES ECB MD5 PAD */
DPD_TDES_ECB_ENCRYPT,
DPD_MD5_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_ECB_TDES_ENCRYPT_MD5_PAD,
DPD_IPSEC_ECB_TDES_DECRYPT_MD5_PAD,
24,
16,
"IPSEC TDES ECB MD5 PAD",
/* IPSEC TDES ECB SHA-1 PAD */
DPD_TDES_ECB_ENCRYPT,
DPD_SHA_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_ECB_TDES_ENCRYPT_SHA_PAD,
DPD_IPSEC_ECB_TDES_DECRYPT_SHA_PAD,
24,
20,
"IPSEC TDES ECB SHA-1 PAD",
/* IPSEC TDES ECB SHA-256 PAD */
DPD_TDES_ECB_ENCRYPT,
DPD_SHA256_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_ECB_TDES_ENCRYPT_SHA256_PAD,
DPD_IPSEC_ECB_TDES_DECRYPT_SHA256_PAD,
24,
32,
"IPSEC TDES ECB SHA-256 PAD",
/* IPSEC SDES CBC MD5 PAD */
DPD_SDES_ECB_ENCRYPT,
DPD_MD5_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_ECB_SDES_ENCRYPT_MD5_PAD,
DPD_IPSEC_ECB_SDES_DECRYPT_MD5_PAD,
8,
16,
"IPSEC SDES ECB MD5 PAD",
/* IPSEC SDES ECB SHA-1 PAD */
DPD_SDES_ECB_ENCRYPT,
DPD_SHA_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_ECB_SDES_ENCRYPT_SHA_PAD,
DPD_IPSEC_ECB_SDES_DECRYPT_SHA_PAD,
8,
20,
"IPSEC SDES ECB SHA-1 PAD",
/* IPSEC SDES ECB SHA-256 PAD */
DPD_SDES_ECB_ENCRYPT,
DPD_SHA256_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_ECB_SDES_ENCRYPT_SHA256_PAD,
DPD_IPSEC_ECB_SDES_DECRYPT_SHA256_PAD,
8,
32,
"IPSEC SDES ECB SHA-256 PAD"
};
static int testIPSECdesecbreq
(
int fd
)
{
IPSEC_ECB_REQ ipsecReq;
DES_CRYPT_REQ desReq;
HMAC_PAD_REQ dyHmacReq;
int i, status, iTestIndex;
unsigned char hmacdigest[40] __attribute__ ((aligned (8)));
unsigned char ipsecdigest[40] __attribute__ ((aligned (8)));
for (iTestIndex = 0; iTestIndex < NUM_DES_ECB_TESTS; iTestIndex++)
{
printf("\n*** Test %s ***\n", desecbtest[iTestIndex].testDesc);
printf("Testing encryption\n");
/********************************************************************
* First step of test is to perform encryption and HMAC separately. *
* This result will compared with the IPSEC operation result later. *
********************************************************************/
/* Clear buffers */
memset(&ipsecReq, 0, sizeof(ipsecReq));
memset(&desReq, 0, sizeof(desReq));
memset(&dyHmacReq, 0, sizeof(dyHmacReq));
memset(ipsecoutput,0, ENC_DATA_LENGTH);
memset(ipsecDecryptOut,0, ENC_DATA_LENGTH);
memset(encryptOnlyOutput, 0, ENC_DATA_LENGTH);
/* Copy the first 8 bytes to leave unencrypted because this is the ESP header
in IPSec which is authenticated but not encrypted. */
memcpy(encryptOnlyOutput, PlainText, 8);
/* Set up encryption request */
desReq.opId = desecbtest[iTestIndex].encryptopId;
desReq.keyBytes = desecbtest[iTestIndex].keyBytes;
desReq.inBytes = ENC_DATA_LENGTH - 8;
desReq.keyData = (unsigned char *)EncKey;
desReq.inData = &PlainText[8];
desReq.outData = &encryptOnlyOutput[8];
/* Allocate buffers and copy data */
if (status = putKmem(fd, EncKey, &desReq.keyData, desReq.keyBytes))
return status;
if (status = putKmem(fd, &PlainText[8], &desReq.inData, ENC_DATA_LENGTH - 8))
goto free_desecb_enc_data_1;
if (status = putKmem(fd, NULL, &desReq.outData, ENC_DATA_LENGTH - 8))
goto free_desecb_enc_data_3;
/* Issue IOCTL */
armCompletion(&desReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&desReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: cipher only encryption", status, &desReq))
goto free_desecb_enc_data_all;
/* If we got to here then there was no error. Get the encrypted data
and IV. */
getKmem(fd, &encryptOnlyOutput[8], &desReq.outData, ENC_DATA_LENGTH - 8);
/* Free buffers. Labels are for error-handling only! */
free_desecb_enc_data_all:
free_desecb_enc_data_4:
freeKmem(fd, &desReq.outData);
free_desecb_enc_data_3:
freeKmem(fd, &desReq.inData);
free_desecb_enc_data_1:
freeKmem(fd, &desReq.keyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/* Set up HMAC request */
dyHmacReq.opId = desecbtest[iTestIndex].hmacopId;
dyHmacReq.keyBytes = 16;
dyHmacReq.inBytes = ENC_DATA_LENGTH;
dyHmacReq.outBytes = desecbtest[iTestIndex].hashOutBytes;
dyHmacReq.keyData = (unsigned char *)authKey;
dyHmacReq.inData = encryptOnlyOutput;
dyHmacReq.outData = hmacdigest;
/* Allocate buffers and copy data */
if (status = putKmem(fd, authKey, &dyHmacReq.keyData, 16)) return status;
if (status = putKmem(fd, encryptOnlyOutput, &dyHmacReq.inData, ENC_DATA_LENGTH))
goto free_desecb_hmac_data_1;
if (status = putKmem(fd, NULL, &dyHmacReq.outData, dyHmacReq.outBytes))
goto free_desecb_hmac_data_2;
/* Issue IOCTL */
armCompletion(&dyHmacReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&dyHmacReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: authentication only", status, &dyHmacReq))
goto free_desecb_hmac_data_all;
getKmem(fd, hmacdigest, &dyHmacReq.outData, dyHmacReq.outBytes);
/* Free buffers. Labels are for error-handling only! */
free_desecb_hmac_data_all:
freeKmem(fd, &dyHmacReq.outData);
free_desecb_hmac_data_2:
freeKmem(fd, &dyHmacReq.inData);
free_desecb_hmac_data_1:
freeKmem(fd, &dyHmacReq.keyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/********************************************************************
* Second step of test is to perform encryption and HMAC using the *
* single IPSEC operation ID. Compare this to the result obtained *
* in the first step. *
********************************************************************/
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -