diff options
Diffstat (limited to 'examples')
-rw-r--r-- | examples/Makefile | 10 | ||||
-rw-r--r-- | examples/cipher.c | 230 | ||||
-rw-r--r-- | examples/hmac.c | 210 | ||||
-rw-r--r-- | examples/speed.c | 95 |
4 files changed, 4 insertions, 541 deletions
diff --git a/examples/Makefile b/examples/Makefile index 33a67bc..69c1f5c 100644 --- a/examples/Makefile +++ b/examples/Makefile @@ -3,19 +3,13 @@ CFLAGS = -Wall -g -O2 -I../userspace GNUTLS_LDFLAGS = -L/usr/local/lib -lgnutls USERSPACE_LDFLAGS = -L../userspace -lcryptodev -progs := cipher hmac ncr ncr_lib pk pk_lib speed +progs := ncr ncr_lib pk pk_lib speed all: $(progs) -cipher: cipher.c - $(CC) $(CFLAGS) $< -o $@ - speed: speed.c $(CC) $(CFLAGS) $< -o $@ -hmac: hmac.c - $(CC) $(CFLAGS) $< -o $@ - ncr: ncr.c $(CC) $(CFLAGS) $< -o $@ @@ -33,8 +27,6 @@ check: $(progs) LD_LIBRARY_PATH=../userspace ./ncr_lib ./pk LD_LIBRARY_PATH=../userspace ./pk_lib - ./cipher - ./hmac ./speed clean: diff --git a/examples/cipher.c b/examples/cipher.c deleted file mode 100644 index 52b4996..0000000 --- a/examples/cipher.c +++ /dev/null @@ -1,230 +0,0 @@ -/* - * Demo on how to use /dev/crypto device for ciphering. - * - * Placed under public domain. - * - */ -#include <stdint.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <fcntl.h> - -#include <sys/ioctl.h> -#include "../cryptodev.h" - -#define DATA_SIZE 4096 -#define BLOCK_SIZE 16 -#define KEY_SIZE 16 - -static int -test_crypto(int cfd) -{ - uint8_t plaintext[DATA_SIZE]; - uint8_t ciphertext[DATA_SIZE]; - uint8_t iv[BLOCK_SIZE]; - uint8_t key[KEY_SIZE]; - - struct session_op sess; - struct crypt_op cryp; - - memset(&sess, 0, sizeof(sess)); - memset(&cryp, 0, sizeof(cryp)); - - memset(plaintext, 0x15, sizeof(plaintext)); - memset(key, 0x33, sizeof(key)); - memset(iv, 0x03, sizeof(iv)); - - /* Get crypto session for AES128 */ - sess.cipher = CRYPTO_AES_CBC; - sess.keylen = KEY_SIZE; - sess.key = key; - if (ioctl(cfd, CIOCGSESSION, &sess)) { - perror("ioctl(CIOCGSESSION)"); - return 1; - } - - /* Encrypt data.in to data.encrypted */ - cryp.ses = sess.ses; - cryp.len = sizeof(plaintext); - cryp.src = plaintext; - cryp.dst = ciphertext; - cryp.iv = iv; - cryp.op = COP_ENCRYPT; - if (ioctl(cfd, CIOCCRYPT, &cryp)) { - perror("ioctl(CIOCCRYPT)"); - return 1; - } - - if (ioctl(cfd, CIOCGSESSION, &sess)) { - perror("ioctl(CIOCGSESSION)"); - return 1; - } - - /* Decrypt data.encrypted to data.decrypted */ - cryp.ses = sess.ses; - cryp.len = sizeof(plaintext); - cryp.src = ciphertext; - cryp.dst = ciphertext; - cryp.iv = iv; - cryp.op = COP_DECRYPT; - if (ioctl(cfd, CIOCCRYPT, &cryp)) { - perror("ioctl(CIOCCRYPT)"); - return 1; - } - - /* Verify the result */ - if (memcmp(plaintext, ciphertext, sizeof(plaintext)) != 0) { - fprintf(stderr, - "FAIL: Decrypted data are different from the input data.\n"); - return 1; - } else - printf("Test passed\n"); - - /* Finish crypto session */ - if (ioctl(cfd, CIOCFSESSION, &sess.ses)) { - perror("ioctl(CIOCFSESSION)"); - return 1; - } - - return 0; -} - -static int test_aes(int cfd) -{ - uint8_t plaintext1[BLOCK_SIZE]; - uint8_t ciphertext1[BLOCK_SIZE] = { 0xdf, 0x55, 0x6a, 0x33, 0x43, 0x8d, 0xb8, 0x7b, 0xc4, 0x1b, 0x17, 0x52, 0xc5, 0x5e, 0x5e, 0x49 }; - uint8_t iv1[BLOCK_SIZE]; - uint8_t key1[KEY_SIZE] = { 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - uint8_t plaintext2[BLOCK_SIZE] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00 }; - uint8_t ciphertext2[BLOCK_SIZE] = { 0xb7, 0x97, 0x2b, 0x39, 0x41, 0xc4, 0x4b, 0x90, 0xaf, 0xa7, 0xb2, 0x64, 0xbf, 0xba, 0x73, 0x87 }; - uint8_t iv2[BLOCK_SIZE]; - uint8_t key2[KEY_SIZE]; - - struct session_op sess; - struct crypt_op cryp; - - memset(&sess, 0, sizeof(sess)); - memset(&cryp, 0, sizeof(cryp)); - - memset(plaintext1, 0x0, sizeof(plaintext1)); - memset(iv1, 0x0, sizeof(iv1)); - - /* Get crypto session for AES128 */ - sess.cipher = CRYPTO_AES_CBC; - sess.keylen = KEY_SIZE; - sess.key = key1; - if (ioctl(cfd, CIOCGSESSION, &sess)) { - perror("ioctl(CIOCGSESSION)"); - return 1; - } - - /* Encrypt data.in to data.encrypted */ - cryp.ses = sess.ses; - cryp.len = sizeof(plaintext1); - cryp.src = plaintext1; - cryp.dst = plaintext1; - cryp.iv = iv1; - cryp.op = COP_ENCRYPT; - if (ioctl(cfd, CIOCCRYPT, &cryp)) { - perror("ioctl(CIOCCRYPT)"); - return 1; - } - - /* Verify the result */ - if (memcmp(plaintext1, ciphertext1, sizeof(plaintext1)) != 0) { - fprintf(stderr, - "FAIL: Decrypted data are different from the input data.\n"); - return 1; - } - - /* Test 2 */ - - memset(key2, 0x0, sizeof(key2)); - memset(iv2, 0x0, sizeof(iv2)); - - /* Get crypto session for AES128 */ - sess.cipher = CRYPTO_AES_CBC; - sess.keylen = KEY_SIZE; - sess.key = key2; - if (ioctl(cfd, CIOCGSESSION, &sess)) { - perror("ioctl(CIOCGSESSION)"); - return 1; - } - - /* Encrypt data.in to data.encrypted */ - cryp.ses = sess.ses; - cryp.len = sizeof(plaintext2); - cryp.src = plaintext2; - cryp.dst = plaintext2; - cryp.iv = iv2; - cryp.op = COP_ENCRYPT; - if (ioctl(cfd, CIOCCRYPT, &cryp)) { - perror("ioctl(CIOCCRYPT)"); - return 1; - } - - /* Verify the result */ - if (memcmp(plaintext2, ciphertext2, sizeof(plaintext2)) != 0) { - fprintf(stderr, - "FAIL: Decrypted data are different from the input data.\n"); - return 1; - } - - printf("AES Test passed\n"); - - /* Finish crypto session */ - if (ioctl(cfd, CIOCFSESSION, &sess.ses)) { - perror("ioctl(CIOCFSESSION)"); - return 1; - } - - return 0; -} - -int -main() -{ - int fd = -1, cfd = -1; - - /* Open the crypto device */ - fd = open("/dev/crypto", O_RDWR, 0); - if (fd < 0) { - perror("open(/dev/crypto)"); - return 1; - } - - /* Clone file descriptor */ - if (ioctl(fd, CRIOGET, &cfd)) { - perror("ioctl(CRIOGET)"); - return 1; - } - - /* Set close-on-exec (not really neede here) */ - if (fcntl(cfd, F_SETFD, 1) == -1) { - perror("fcntl(F_SETFD)"); - return 1; - } - - /* Run the test itself */ - if (test_aes(cfd)) - return 1; - - if (test_crypto(cfd)) - return 1; - - /* Close cloned descriptor */ - if (close(cfd)) { - perror("close(cfd)"); - return 1; - } - - /* Close the original descriptor */ - if (close(fd)) { - perror("close(fd)"); - return 1; - } - - return 0; -} - diff --git a/examples/hmac.c b/examples/hmac.c deleted file mode 100644 index c54d741..0000000 --- a/examples/hmac.c +++ /dev/null @@ -1,210 +0,0 @@ -/* - * Demo on how to use /dev/crypto device for HMAC. - * - * Placed under public domain. - * - */ -#include <stdint.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <fcntl.h> - -#include <sys/ioctl.h> -#include "../cryptodev.h" - -#define DATA_SIZE 4096 -#define BLOCK_SIZE 16 -#define KEY_SIZE 16 -#define SHA1_HASH_LEN 20 - -static int -test_crypto(int cfd) -{ - struct { - uint8_t in[DATA_SIZE], - encrypted[DATA_SIZE], - decrypted[DATA_SIZE], - iv[BLOCK_SIZE], - key[KEY_SIZE]; - } data; - struct session_op sess; - struct crypt_op cryp; - uint8_t mac[AALG_MAX_RESULT_LEN]; - uint8_t oldmac[AALG_MAX_RESULT_LEN]; - uint8_t md5_hmac_out[] = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38"; - uint8_t sha1_out[] = "\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32"; - int i; - - memset(&sess, 0, sizeof(sess)); - memset(&cryp, 0, sizeof(cryp)); - - /* Use the garbage that is on the stack :-) */ - /* memset(&data, 0, sizeof(data)); */ - - /* SHA1 plain test */ - memset(mac, 0, sizeof(mac)); - - sess.cipher = 0; - sess.mac = CRYPTO_SHA1; - if (ioctl(cfd, CIOCGSESSION, &sess)) { - perror("ioctl(CIOCGSESSION)"); - return 1; - } - - cryp.ses = sess.ses; - cryp.len = sizeof("what do ya want for nothing?")-1; - cryp.src = "what do ya want for nothing?"; - cryp.mac = mac; - cryp.op = COP_ENCRYPT; - if (ioctl(cfd, CIOCCRYPT, &cryp)) { - perror("ioctl(CIOCCRYPT)"); - return 1; - } - - if (memcmp(mac, sha1_out, 20)!=0) { - printf("mac: "); - for (i=0;i<SHA1_HASH_LEN;i++) { - printf("%.2x", (uint8_t)mac[i]); - } - puts("\n"); - fprintf(stderr, "HASH test 1: failed\n"); - } else { - fprintf(stderr, "HASH test 1: passed\n"); - } - - /* MD5-HMAC test */ - memset(mac, 0, sizeof(mac)); - - sess.cipher = 0; - sess.mackey = (uint8_t*)"Jefe"; - sess.mackeylen = 4; - sess.mac = CRYPTO_MD5_HMAC; - if (ioctl(cfd, CIOCGSESSION, &sess)) { - perror("ioctl(CIOCGSESSION)"); - return 1; - } - - cryp.ses = sess.ses; - cryp.len = sizeof("what do ya want for nothing?")-1; - cryp.src = "what do ya want for nothing?"; - cryp.mac = mac; - cryp.op = COP_ENCRYPT; - if (ioctl(cfd, CIOCCRYPT, &cryp)) { - perror("ioctl(CIOCCRYPT)"); - return 1; - } - - if (memcmp(mac, md5_hmac_out, 16)!=0) { - printf("mac: "); - for (i=0;i<SHA1_HASH_LEN;i++) { - printf("%.2x", (uint8_t)mac[i]); - } - puts("\n"); - fprintf(stderr, "HMAC test 1: failed\n"); - } else { - fprintf(stderr, "HMAC test 1: passed\n"); - } - - /* Hash and encryption in one step test */ - sess.cipher = CRYPTO_AES_CBC; - sess.mac = CRYPTO_SHA1_HMAC; - sess.keylen = KEY_SIZE; - sess.key = data.key; - sess.mackeylen = 16; - sess.mackey = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; - if (ioctl(cfd, CIOCGSESSION, &sess)) { - perror("ioctl(CIOCGSESSION)"); - return 1; - } - - /* Encrypt data.in to data.encrypted */ - cryp.ses = sess.ses; - cryp.len = sizeof(data.in); - cryp.src = data.in; - cryp.dst = data.encrypted; - cryp.iv = data.iv; - cryp.mac = mac; - cryp.op = COP_ENCRYPT; - if (ioctl(cfd, CIOCCRYPT, &cryp)) { - perror("ioctl(CIOCCRYPT)"); - return 1; - } - - memcpy(oldmac, mac, sizeof(mac)); - - /* Decrypt data.encrypted to data.decrypted */ - cryp.src = data.encrypted; - cryp.dst = data.decrypted; - cryp.op = COP_DECRYPT; - if (ioctl(cfd, CIOCCRYPT, &cryp)) { - perror("ioctl(CIOCCRYPT)"); - return 1; - } - - /* Verify the result */ - if (memcmp(data.in, data.decrypted, sizeof(data.in)) != 0) { - fprintf(stderr, - "FAIL: Decrypted data are different from the input data.\n"); - return 1; - } else - printf("Crypt Test: passed\n"); - - if (memcmp(mac, oldmac, 20) != 0) { - fprintf(stderr, - "FAIL: Hash in decrypted data different than in encrypted.\n"); - return 1; - } else - printf("HMAC Test 2: passed\n"); - - /* Finish crypto session */ - if (ioctl(cfd, CIOCFSESSION, &sess.ses)) { - perror("ioctl(CIOCFSESSION)"); - return 1; - } - - return 0; -} - -int -main() -{ - int fd = -1, cfd = -1; - - /* Open the crypto device */ - fd = open("/dev/crypto", O_RDWR, 0); - if (fd < 0) { - perror("open(/dev/crypto)"); - return 1; - } - - /* Clone file descriptor */ - if (ioctl(fd, CRIOGET, &cfd)) { - perror("ioctl(CRIOGET)"); - return 1; - } - - /* Set close-on-exec (not really neede here) */ - if (fcntl(cfd, F_SETFD, 1) == -1) { - perror("fcntl(F_SETFD)"); - return 1; - } - - /* Run the test itself */ - if (test_crypto(cfd)) - return 1; - - /* Close cloned descriptor */ - if (close(cfd)) { - perror("close(cfd)"); - return 1; - } - - /* Close the original descriptor */ - if (close(fd)) { - perror("close(fd)"); - return 1; - } - - return 0; -} diff --git a/examples/speed.c b/examples/speed.c index 5898aaa..a46cedb 100644 --- a/examples/speed.c +++ b/examples/speed.c @@ -26,7 +26,6 @@ #include <sys/stat.h> #include <signal.h> #include <unistd.h> -#include "../cryptodev.h" #include "../ncr.h" static double udifftimeval(struct timeval start, struct timeval end) @@ -68,55 +67,6 @@ static void value2human(double bytes, double time, double* data, double* speed,c } -int encrypt_data(struct session_op *sess, int fdc, int chunksize) -{ - struct crypt_op cop; - char *buffer, iv[32]; - static int val = 23; - struct timeval start, end; - double total = 0; - double secs, ddata, dspeed; - char metric[16]; - - buffer = malloc(chunksize); - memset(iv, 0x23, 32); - - printf("\tEncrypting in chunks of %d bytes: ", chunksize); - fflush(stdout); - - memset(buffer, val++, chunksize); - - must_finish = 0; - alarm(5); - - gettimeofday(&start, NULL); - do { - memset(&cop, 0, sizeof(cop)); - cop.ses = sess->ses; - cop.len = chunksize; - cop.iv = (unsigned char *)iv; - cop.op = COP_ENCRYPT; - cop.flags = 0; - cop.src = cop.dst = (unsigned char *)buffer; - - if (ioctl(fdc, CIOCCRYPT, &cop)) { - perror("ioctl(CIOCCRYPT)"); - return 1; - } - total+=chunksize; - } while(must_finish==0); - gettimeofday(&end, NULL); - - secs = udifftimeval(start, end)/ 1000000.0; - - value2human(total, secs, &ddata, &dspeed, metric); - printf ("done. %.2f %s in %.2f secs: ", ddata, metric, secs); - printf ("%.2f %s/sec\n", dspeed, metric); - - return 0; -} - - int encrypt_data_ncr_direct(int cfd, int algo, int chunksize) { char *buffer, iv[32]; @@ -191,9 +141,7 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize) int main(void) { - int fd, i, fdc = -1; - struct session_op sess; - char keybuf[32]; + int fd, i; signal(SIGALRM, alarm_handler); @@ -201,57 +149,20 @@ int main(void) perror("open()"); return 1; } - if (ioctl(fd, CRIOGET, &fdc)) { - perror("ioctl(CRIOGET)"); - return 1; - } - - fprintf(stderr, "Testing NULL cipher: \n"); - memset(&sess, 0, sizeof(sess)); - sess.cipher = CRYPTO_NULL; - sess.keylen = 0; - sess.key = (unsigned char *)keybuf; - if (ioctl(fdc, CIOCGSESSION, &sess)) { - perror("ioctl(CIOCGSESSION)"); - return 1; - } - - for (i = 256; i <= (64 * 1024); i *= 2) { - if (encrypt_data(&sess, fdc, i)) - break; - } fprintf(stderr, "\nTesting NCR-DIRECT with NULL cipher: \n"); for (i = 256; i <= (64 * 1024); i *= 2) { - if (encrypt_data_ncr_direct(fdc, NCR_ALG_NULL, i)) + if (encrypt_data_ncr_direct(fd, NCR_ALG_NULL, i)) break; } - fprintf(stderr, "\nTesting AES-128-CBC cipher: \n"); - memset(&sess, 0, sizeof(sess)); - sess.cipher = CRYPTO_AES_CBC; - sess.keylen = 16; - memset(keybuf, 0x42, 16); - sess.key = (unsigned char *)keybuf; - if (ioctl(fdc, CIOCGSESSION, &sess)) { - perror("ioctl(CIOCGSESSION)"); - return 1; - } - - for (i = 256; i <= (64 * 1024); i *= 2) { - if (encrypt_data(&sess, fdc, i)) - break; - } - fprintf(stderr, "\nTesting NCR-DIRECT with AES-128-CBC cipher: \n"); for (i = 256; i <= (64 * 1024); i *= 2) { - if (encrypt_data_ncr_direct(fdc, NCR_ALG_AES_CBC, i)) + if (encrypt_data_ncr_direct(fd, NCR_ALG_AES_CBC, i)) break; } - - close(fdc); close(fd); return 0; } |