📄 testipsec.c
字号:
getKmem(fd, hmacdigest, &dyHmacReq.outData, dyHmacReq.outBytes);
/* Free buffers. Labels are for error-handling only! */
free_aescbc_hmac_data_all:
freeKmem(fd, &dyHmacReq.outData);
free_aescbc_hmac_data_2:
freeKmem(fd, &dyHmacReq.inData);
free_aescbc_hmac_data_1:
freeKmem(fd, &dyHmacReq.keyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/********************************************************************
* Second step of test is to perform encryption and HMAC using the *
* single IPSEC operation ID. Compare this to the result obtained *
* in the first step. *
********************************************************************/
/* Set up IPSec request */
ipsecReq.opId = aescbctest[iTestIndex].ipsecencopId;
ipsecReq.hashKeyBytes = 16;
ipsecReq.cryptCtxInBytes = 16;
ipsecReq.cryptKeyBytes = aescbctest[iTestIndex].keyBytes;
ipsecReq.hashInDataBytes = 8;
ipsecReq.inDataBytes = ENC_DATA_LENGTH-8;
ipsecReq.hashDataOutBytes = aescbctest[iTestIndex].hashOutBytes;
ipsecReq.hashKeyData = (unsigned char *)authKey;
ipsecReq.cryptCtxInData = (unsigned char *)in_iv;;
ipsecReq.cryptKeyData = (unsigned char *)EncKey;
ipsecReq.hashInData = PlainText;
ipsecReq.inData = &PlainText[8];
ipsecReq.cryptDataOut = ipsecoutput;
ipsecReq.hashDataOut = ipsecdigest;
/* Allocate buffers and copy data */
if (status = putKmem(fd, authKey, &ipsecReq.hashKeyData, ipsecReq.hashKeyBytes))
return status;
if (status = putKmem(fd, in_iv, &ipsecReq.cryptCtxInData, ipsecReq.cryptCtxInBytes))
goto free_aescbc_ipsec_data_1;
if (status = putKmem(fd, EncKey, &ipsecReq.cryptKeyData, ipsecReq.cryptKeyBytes))
goto free_aescbc_ipsec_data_2;
if (status = putKmem(fd, PlainText, &ipsecReq.hashInData, ipsecReq.hashInDataBytes))
goto free_aescbc_ipsec_data_3;
if (status = putKmem(fd, &PlainText[8], &ipsecReq.inData, ipsecReq.inDataBytes))
goto free_aescbc_ipsec_data_4;
if (status = putKmem(fd, NULL, &ipsecReq.cryptDataOut, ipsecReq.inDataBytes))
goto free_aescbc_ipsec_data_5;
if (status = putKmem(fd, NULL, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes))
goto free_aescbc_ipsec_data_6;
/* Issue IOCTL */
armCompletion(&ipsecReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&ipsecReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: combined cipher/authentication", status, &ipsecReq))
goto free_aescbc_ipsec_data_all;
/* Get output buffers */
getKmem(fd, ipsecoutput, &ipsecReq.cryptDataOut, ipsecReq.inDataBytes);
getKmem(fd, ipsecdigest, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes);
/* Free buffers. Labels are for error-handling only! */
free_aescbc_ipsec_data_all:
freeKmem(fd, &ipsecReq.hashDataOut);
free_aescbc_ipsec_data_6:
freeKmem(fd, &ipsecReq.cryptDataOut);
free_aescbc_ipsec_data_5:
freeKmem(fd, &ipsecReq.inData);
free_aescbc_ipsec_data_4:
freeKmem(fd, &ipsecReq.hashInData);
free_aescbc_ipsec_data_3:
freeKmem(fd, &ipsecReq.cryptKeyData);
free_aescbc_ipsec_data_2:
freeKmem(fd, &ipsecReq.cryptCtxInData);
free_aescbc_ipsec_data_1:
freeKmem(fd, &ipsecReq.hashKeyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/* Verify that separate and combined descriptor operations agree. */
if ((memcmp(&encryptOnlyOutput[8], ipsecoutput, ENC_DATA_LENGTH-8)) != 0)
{
printf ("separate and combined descriptors disagree on cypher\n");
return SEC2_UNKNOWN_ERROR;
}
if ((memcmp(ipsecdigest, hmacdigest, aescbctest[iTestIndex].hashOutBytes)) !=0)
{
printf ("separate and combined descriptors disagree on digests\n");
return SEC2_UNKNOWN_ERROR;
}
printf("Testing decryption\n");
/********************************************************************
* Third step of test is to perform decryption and HMAC. Compare *
* this to the original plain text and HMAC digest. *
********************************************************************/
memset(ipsecDecryptOut,0, ENC_DATA_LENGTH);
memcpy(ipsecDecryptOut, PlainText, 8);
memset(&ipsecReq, 0, sizeof(ipsecReq));
memset(ipsecdigest,0, 20);
/* Set up IPSec request */
ipsecReq.opId = aescbctest[iTestIndex].ipsecdecopId;
ipsecReq.hashKeyBytes = 16;
ipsecReq.cryptCtxInBytes = 16;
ipsecReq.cryptKeyBytes = aescbctest[iTestIndex].keyBytes;
ipsecReq.hashInDataBytes = 8;
ipsecReq.inDataBytes = ENC_DATA_LENGTH-8;
ipsecReq.hashDataOutBytes = aescbctest[iTestIndex].hashOutBytes;
ipsecReq.hashKeyData = (unsigned char *)authKey;
ipsecReq.cryptCtxInData = (unsigned char *)in_iv;;
ipsecReq.cryptKeyData = (unsigned char *)EncKey;
ipsecReq.hashInData = ipsecDecryptOut;
ipsecReq.inData = ipsecoutput;
ipsecReq.cryptDataOut = &ipsecDecryptOut[8];
ipsecReq.hashDataOut = ipsecdigest;
/* Allocate buffers and copy data */
if (status = putKmem(fd, authKey, &ipsecReq.hashKeyData, ipsecReq.hashKeyBytes))
return status;
if (status = putKmem(fd, in_iv, &ipsecReq.cryptCtxInData, ipsecReq.cryptCtxInBytes))
goto free_aescbc_ipsec_decr_data_1;
if (status = putKmem(fd, EncKey, &ipsecReq.cryptKeyData, ipsecReq.cryptKeyBytes))
goto free_aescbc_ipsec_decr_data_2;
if (status = putKmem(fd, ipsecDecryptOut, &ipsecReq.hashInData, ipsecReq.hashInDataBytes))
goto free_aescbc_ipsec_decr_data_3;
if (status = putKmem(fd, ipsecoutput, &ipsecReq.inData, ipsecReq.inDataBytes))
goto free_aescbc_ipsec_decr_data_4;
if (status = putKmem(fd, NULL, &ipsecReq.cryptDataOut, ipsecReq.inDataBytes))
goto free_aescbc_ipsec_decr_data_5;
if (status = putKmem(fd, NULL, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes))
goto free_aescbc_ipsec_decr_data_6;
/* Issue IOCTL */
armCompletion(&ipsecReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&ipsecReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: decryption", status, &ipsecReq))
goto free_aescbc_ipsec_data_all;
/* Get output buffers */
getKmem(fd, &ipsecDecryptOut[8], &ipsecReq.cryptDataOut, ipsecReq.inDataBytes);
getKmem(fd, ipsecdigest, &ipsecReq.hashDataOut, ipsecReq.hashDataOutBytes);
/* Free buffers. Labels are for error-handling only! */
free_aescbc_ipsec_decr_data_all:
freeKmem(fd, &ipsecReq.hashDataOut);
free_aescbc_ipsec_decr_data_6:
freeKmem(fd, &ipsecReq.cryptDataOut);
free_aescbc_ipsec_decr_data_5:
freeKmem(fd, &ipsecReq.inData);
free_aescbc_ipsec_decr_data_4:
freeKmem(fd, &ipsecReq.hashInData);
free_aescbc_ipsec_decr_data_3:
freeKmem(fd, &ipsecReq.cryptKeyData);
free_aescbc_ipsec_decr_data_2:
freeKmem(fd, &ipsecReq.cryptCtxInData);
free_aescbc_ipsec_decr_data_1:
freeKmem(fd, &ipsecReq.hashKeyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/* Verify that separate and combined descriptor operations agree. */
if ((memcmp(PlainText, ipsecDecryptOut, ENC_DATA_LENGTH)) != 0)
{
printf ("IPSec decryption doesn't match plaintext.\n");
return SEC2_UNKNOWN_ERROR;
}
if ((memcmp(ipsecdigest, hmacdigest, aescbctest[iTestIndex].hashOutBytes)) !=0)
{
printf ("IPSec decryption digest doesn't match HMAC digest\n");
return SEC2_UNKNOWN_ERROR;
}
printf("*** Test %s complete ***\n", aescbctest[iTestIndex].testDesc);
}
return 0;
} /* testIPSECaescbcreq */
/**********************************************************************
**********************************************************************
* A E S E C B T E S T S *
**********************************************************************
**********************************************************************/
#define NUM_AES_ECB_TESTS 3
static IPSECTESTTYPE aesecbtest[NUM_AES_ECB_TESTS] =
{
/* IPSEC AES ECB MD5 PAD */
DPD_AESA_ECB_ENCRYPT_CRYPT,
DPD_MD5_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_AES_ECB_ENCRYPT_MD5_APAD,
DPD_IPSEC_AES_ECB_DECRYPT_MD5_APAD,
16,
16,
"IPSEC AES ECB MD5 PAD",
/* IPSEC AES ECB SHA-1 PAD */
DPD_AESA_ECB_ENCRYPT_CRYPT,
DPD_SHA_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_AES_ECB_ENCRYPT_SHA_APAD,
DPD_IPSEC_AES_ECB_DECRYPT_SHA_APAD,
24,
20,
"IPSEC AES ECB SHA-1 PAD",
/* IPSEC AES ECB SHA-256 PAD */
DPD_AESA_ECB_ENCRYPT_CRYPT,
DPD_SHA256_LDCTX_HMAC_PAD_ULCTX,
DPD_IPSEC_AES_ECB_ENCRYPT_SHA256_APAD,
DPD_IPSEC_AES_ECB_DECRYPT_SHA256_APAD,
24,
32,
"IPSEC AES ECB SHA-256 PAD"
};
static int testIPSECaesecbreq
(
int fd
)
{
IPSEC_AES_ECB_REQ ipsecReq;
AESA_CRYPT_REQ aesReq;
HMAC_PAD_REQ dyHmacReq;
int i, status, iTestIndex;
unsigned char hmacdigest[40] __attribute__ ((aligned (8)));
unsigned char ipsecdigest[40] __attribute__ ((aligned (8)));
for (iTestIndex = 0; iTestIndex < NUM_AES_ECB_TESTS; iTestIndex++)
{
printf("\n*** Test %s ***\n", aesecbtest[iTestIndex].testDesc);
printf("Testing encryption\n");
/********************************************************************
* First step of test is to perform encryption and HMAC separately. *
* This result will compared with the IPSEC operation result later. *
********************************************************************/
/* Clear buffers */
memset(&ipsecReq, 0, sizeof(ipsecReq));
memset(&aesReq, 0, sizeof(aesReq));
memset(&dyHmacReq, 0, sizeof(dyHmacReq));
memset(ipsecoutput,0, ENC_DATA_LENGTH);
memset(ipsecDecryptOut,0, ENC_DATA_LENGTH);
memset(encryptOnlyOutput, 0, ENC_DATA_LENGTH);
/* Copy the first 8 bytes to leave unencrypted because this is the ESP header
in IPSec which is authenticated but not encrypted. */
memcpy(encryptOnlyOutput, PlainText, 8);
/* Set up encryption request */
aesReq.opId = aesecbtest[iTestIndex].encryptopId;
aesReq.keyBytes = aesecbtest[iTestIndex].keyBytes;
aesReq.inBytes = ENC_DATA_LENGTH - 8;
aesReq.keyData = (unsigned char *)EncKey;
aesReq.inData = &PlainText[8];
aesReq.outData = &encryptOnlyOutput[8];
/* Allocate buffers and copy data */
if (status = putKmem(fd, EncKey, &aesReq.keyData, aesReq.keyBytes))
return status;
if (status = putKmem(fd, &PlainText[8], &aesReq.inData, ENC_DATA_LENGTH - 8))
goto free_aesecb_enc_data_1;
if (status = putKmem(fd, NULL, &aesReq.outData, ENC_DATA_LENGTH - 8))
goto free_aesecb_enc_data_2;
/* Issue IOCTL */
armCompletion(&aesReq);
status = ioctl(fd, IOCTL_PROC_REQ, (int)&aesReq);
/* Check for completion error */
if (status = waitCompletion("testIPSEC: cipher only encryption", status, &aesReq))
goto free_aesecb_enc_data_all;
/* If we got to here then there was no error. Get the encrypted data
and IV. */
getKmem(fd, &encryptOnlyOutput[8], &aesReq.outData, ENC_DATA_LENGTH - 8);
/* Free buffers. Labels are for error-handling only! */
free_aesecb_enc_data_all:
freeKmem(fd, &aesReq.outData);
free_aesecb_enc_data_2:
freeKmem(fd, &aesReq.inData);
free_aesecb_enc_data_1:
freeKmem(fd, &aesReq.keyData);
/* If we encountered an error along the way then return. */
if (status) return status;
/* Set up HMAC request */
dyHmacReq.opId = aesecbtest[iTestIndex].hmacopId;
dyHmacReq.keyBytes = 16;
dyHmacReq.inBytes = ENC_DATA_LENGTH;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -