📄 testipsec.c
字号:
/* Set up IPSec request */
ipsecReq.opId = desecbtest[iTestIndex].ipsecencopId;
ipsecReq.hashKeyBytes = 16;
ipsecReq.cryptKeyBytes = desecbtest[iTestIndex].keyBytes;
ipsecReq.hashInDataBytes = 8;
ipsecReq.inDataBytes = ENC_DATA_LENGTH - 8;
ipsecReq.hashDataOutBytes = desecbtest[iTestIndex].hashOutBytes;
ipsecReq.hashKeyData = (unsigned char *)authKey;
ipsecReq.cryptKeyData = (unsigned char *)EncKey;
ipsecReq.hashInData = PlainText;
ipsecReq.inData = &PlainText[8];
ipsecReq.cryptDataOut = ipsecoutput;
ipsecReq.hashDataOut = ipsecdigest;
/* Allocate buffers and copy data */
if (status = putKmem(fd, authKey, &ipsecReq.hashKeyData, ipsecReq.hashKeyBytes))
return status;
if (status = putKmem(fd, EncKey, &ipsecReq.cryptKeyData, ipsecReq.cryptKeyBytes))
goto free_desecb_ipsec_data_1;
if (status = putKmem(fd, PlainText, &ipsecReq.hashInData, ipsecReq.hashInDataBytes))
goto free_desecb_ipsec_data_2;
if (status = putKmem(fd, &PlainText[8], &ipsecReq.inData, ipsecReq.inDataBytes))
goto free_desecb_ipsec_data_3;
if (status = putKmem(fd, NULL, &ipsecReq.cryptDataOut, ipsecReq.inDataBytes))
goto free_desecb_ipsec_data_4;
if (status = putKmem(fd, NULL, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes))
goto free_desecb_ipsec_data_5;
/* Issue IOCTL */
armCompletion(&ipsecReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&ipsecReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: combined cipher/authentication", status, &ipsecReq))
goto free_desecb_ipsec_data_all;
/* Get output buffers */
getKmem(fd, ipsecoutput, &ipsecReq.cryptDataOut, ipsecReq.inDataBytes);
getKmem(fd, ipsecdigest, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes);
/* Free buffers. Labels are for error-handling only! */
free_desecb_ipsec_data_all:
freeKmem(fd, &ipsecReq.hashDataOut);
free_desecb_ipsec_data_5:
freeKmem(fd, &ipsecReq.cryptDataOut);
free_desecb_ipsec_data_4:
freeKmem(fd, &ipsecReq.inData);
free_desecb_ipsec_data_3:
freeKmem(fd, &ipsecReq.hashInData);
free_desecb_ipsec_data_2:
freeKmem(fd, &ipsecReq.cryptKeyData);
free_desecb_ipsec_data_1:
freeKmem(fd, &ipsecReq.hashKeyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/* Verify that separate and combined descriptor operations agree. */
if ((memcmp(&encryptOnlyOutput[8], ipsecoutput, ENC_DATA_LENGTH-8)) != 0)
{
printf ("separate and combined descriptors disagree on cypher\n");
return SEC2_UNKNOWN_ERROR;
}
if ((memcmp(ipsecdigest, hmacdigest, desecbtest[iTestIndex].hashOutBytes)) !=0)
{
printf ("separate and combined descriptors disagree on digests\n");
return SEC2_UNKNOWN_ERROR;
}
printf("Testing decryption\n");
/********************************************************************
* Third step of test is to perform decryption and HMAC. Compare *
* this to the original plain text and HMAC digest. *
********************************************************************/
memset(ipsecDecryptOut,0, ENC_DATA_LENGTH);
memcpy(ipsecDecryptOut, PlainText, 8);
memset(&ipsecReq, 0, sizeof(ipsecReq));
memset(ipsecdigest,0, 20);
/* Set up IPSec request */
ipsecReq.opId = desecbtest[iTestIndex].ipsecdecopId;
ipsecReq.hashKeyBytes = 16;
ipsecReq.cryptKeyBytes = desecbtest[iTestIndex].keyBytes;
ipsecReq.hashInDataBytes = 8;
ipsecReq.inDataBytes = ENC_DATA_LENGTH-8;
ipsecReq.hashDataOutBytes = desecbtest[iTestIndex].hashOutBytes;
ipsecReq.hashKeyData = (unsigned char *)authKey;
ipsecReq.cryptKeyData = (unsigned char *)EncKey;
ipsecReq.hashInData = ipsecDecryptOut;
ipsecReq.inData = ipsecoutput;
ipsecReq.cryptDataOut = &ipsecDecryptOut[8];
ipsecReq.hashDataOut = ipsecdigest;
/* Allocate buffers and copy data */
if (status = putKmem(fd, authKey, &ipsecReq.hashKeyData, ipsecReq.hashKeyBytes))
return status;
if (status = putKmem(fd, EncKey, &ipsecReq.cryptKeyData, ipsecReq.cryptKeyBytes))
goto free_desecb_ipsec_decr_data_1;
if (status = putKmem(fd, ipsecDecryptOut, &ipsecReq.hashInData, ipsecReq.hashInDataBytes))
goto free_desecb_ipsec_decr_data_2;
if (status = putKmem(fd, ipsecoutput, &ipsecReq.inData, ipsecReq.inDataBytes))
goto free_desecb_ipsec_decr_data_3;
if (status = putKmem(fd, NULL, &ipsecReq.cryptDataOut, ipsecReq.inDataBytes))
goto free_desecb_ipsec_decr_data_4;
if (status = putKmem(fd, NULL, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes))
goto free_desecb_ipsec_decr_data_5;
/* Issue IOCTL */
armCompletion(&ipsecReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&ipsecReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: decryption", status, &ipsecReq))
goto free_desecb_ipsec_data_all;
/* Get output buffers */
getKmem(fd, &ipsecDecryptOut[8], &ipsecReq.cryptDataOut, ipsecReq.inDataBytes);
getKmem(fd, ipsecdigest, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes);
/* Free buffers. Labels are for error-handling only! */
free_desecb_ipsec_decr_data_all:
freeKmem(fd, &ipsecReq.hashDataOut);
free_desecb_ipsec_decr_data_5:
freeKmem(fd, &ipsecReq.cryptDataOut);
free_desecb_ipsec_decr_data_4:
freeKmem(fd, &ipsecReq.inData);
free_desecb_ipsec_decr_data_3:
freeKmem(fd, &ipsecReq.hashInData);
free_desecb_ipsec_decr_data_2:
freeKmem(fd, &ipsecReq.cryptKeyData);
free_desecb_ipsec_decr_data_1:
freeKmem(fd, &ipsecReq.hashKeyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/* Verify that separate and combined descriptor operations agree. */
if ((memcmp(PlainText, ipsecDecryptOut, ENC_DATA_LENGTH)) != 0)
{
printf ("IPSec decryption doesn't match plaintext.\n");
return SEC2_UNKNOWN_ERROR;
}
if ((memcmp(ipsecdigest, hmacdigest, desecbtest[iTestIndex].hashOutBytes)) !=0)
{
printf ("IPSec decryption digest doesn't match HMAC digest\n");
return SEC2_UNKNOWN_ERROR;
}
printf("*** Test %s complete ***\n", desecbtest[iTestIndex].testDesc);
}
return 0;
} /* testIPSECdesecbreq */
/**********************************************************************
**********************************************************************
* A E S C B C T E S T S *
**********************************************************************
**********************************************************************/
#define NUM_AES_CBC_TESTS 3
static IPSECTESTTYPE aescbctest[NUM_AES_CBC_TESTS] =
{
/* IPSEC AES CBC MD5 PAD */
DPD_AESA_CBC_ENCRYPT_CRYPT,
DPD_MD5_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_AES_CBC_ENCRYPT_MD5_APAD,
DPD_IPSEC_AES_CBC_DECRYPT_MD5_APAD,
16,
16,
"IPSEC AES CBC MD5 PAD",
/* IPSEC AES CBC SHA-1 PAD */
DPD_AESA_CBC_ENCRYPT_CRYPT,
DPD_SHA_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_AES_CBC_ENCRYPT_SHA_APAD,
DPD_IPSEC_AES_CBC_DECRYPT_SHA_APAD,
24,
20,
"IPSEC AES CBC SHA-1 PAD",
/* IPSEC AES CBC SHA-256 PAD */
DPD_AESA_CBC_ENCRYPT_CRYPT,
DPD_SHA256_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_AES_CBC_ENCRYPT_SHA256_APAD,
DPD_IPSEC_AES_CBC_DECRYPT_SHA256_APAD,
24,
32,
"IPSEC AES CBC SHA-256 PAD"
};
static int testIPSECaescbcreq
(
int fd
)
{
IPSEC_AES_CBC_REQ ipsecReq;
AESA_CRYPT_REQ aesReq;
HMAC_PAD_REQ dyHmacReq;
int i, status, iTestIndex;
for (iTestIndex = 0; iTestIndex < NUM_AES_CBC_TESTS; iTestIndex++)
{
printf("\n*** Test %s ***\n", aescbctest[iTestIndex].testDesc);
printf("Testing encryption\n");
/********************************************************************
* First step of test is to perform encryption and HMAC separately. *
* This result will compared with the IPSEC operation result later. *
********************************************************************/
/* Clear buffers */
memset(&ipsecReq, 0, sizeof(ipsecReq));
memset(&aesReq, 0, sizeof(aesReq));
memset(&dyHmacReq, 0, sizeof(dyHmacReq));
memset(ipsecoutput,0, ENC_DATA_LENGTH);
memset(ipsecDecryptOut,0, ENC_DATA_LENGTH);
memset(encryptOnlyOutput, 0, ENC_DATA_LENGTH);
/* Copy the first 8 bytes to leave unencrypted because this is the ESP header
in IPSec which is authenticated but not encrypted. */
memcpy(encryptOnlyOutput, PlainText, 8);
/* Set up encryption request */
aesReq.opId = aescbctest[iTestIndex].encryptopId;
aesReq.inIvBytes = 16;
aesReq.keyBytes = aescbctest[iTestIndex].keyBytes;
aesReq.inBytes = ENC_DATA_LENGTH - 8;
aesReq.outCtxBytes= 16;
aesReq.keyData = (unsigned char *)EncKey;
aesReq.inData = &PlainText[8];
aesReq.inIvData = (unsigned char *)in_iv;
aesReq.outData = &encryptOnlyOutput[8];
aesReq.outCtxData = outivdata;
/* Allocate buffers and copy data */
if (status = putKmem(fd, EncKey, &aesReq.keyData, aesReq.keyBytes))
return status;
if (status = putKmem(fd, &PlainText[8], &aesReq.inData, ENC_DATA_LENGTH - 8))
goto free_aescbc_enc_data_1;
if (status = putKmem(fd, in_iv, &aesReq.inIvData, 16))
goto free_aescbc_enc_data_2;
if (status = putKmem(fd, NULL, &aesReq.outData, ENC_DATA_LENGTH - 8))
goto free_aescbc_enc_data_3;
if (status = putKmem(fd, NULL, &aesReq.outCtxData, 16))
goto free_aescbc_enc_data_4;
/* Issue IOCTL */
armCompletion(&aesReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&aesReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: cipher only encryption", status, &aesReq))
goto free_aescbc_enc_data_all;
/* If we got to here then there was no error. Get the encrypted data
and IV. */
getKmem(fd, &encryptOnlyOutput[8], &aesReq.outData, ENC_DATA_LENGTH - 8);
getKmem(fd, outivdata, &aesReq.outCtxData, 16);
/* Free buffers. Labels are for error-handling only! */
free_aescbc_enc_data_all:
freeKmem(fd, &aesReq.outCtxData);
free_aescbc_enc_data_4:
freeKmem(fd, &aesReq.outData);
free_aescbc_enc_data_3:
freeKmem(fd, &aesReq.inIvData);
free_aescbc_enc_data_2:
freeKmem(fd, &aesReq.inData);
free_aescbc_enc_data_1:
freeKmem(fd, &aesReq.keyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/* Set up HMAC request */
dyHmacReq.opId = aescbctest[iTestIndex].hmacopId;
dyHmacReq.keyBytes = 16;
dyHmacReq.inBytes = ENC_DATA_LENGTH;
dyHmacReq.outBytes = aescbctest[iTestIndex].hashOutBytes;
dyHmacReq.keyData = (unsigned char *)authKey;
dyHmacReq.inData = encryptOnlyOutput;
dyHmacReq.outData = hmacdigest;
/* Allocate buffers and copy data */
if (status = putKmem(fd, authKey, &dyHmacReq.keyData, 16)) return status;
if (status = putKmem(fd, encryptOnlyOutput, &dyHmacReq.inData, ENC_DATA_LENGTH))
goto free_aescbc_hmac_data_2;
if (status = putKmem(fd, NULL, &dyHmacReq.outData, dyHmacReq.outBytes))
goto free_aescbc_hmac_data_2;
/* Issue IOCTL */
armCompletion(&dyHmacReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&dyHmacReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: authentication only", status, &dyHmacReq))
goto free_aescbc_hmac_data_all;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -