diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-02-20 10:54:35 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-02-20 10:54:35 +0100 |
commit | 2194982a6602203f7aae3c1bc4dccfa469c34e1a (patch) | |
tree | a977da561a16d1efafb2a72c1a0203e9b0f3a6b7 /examples | |
parent | cceea9e9eacfa8d165d4ad11900f061ac6401a11 (diff) | |
download | kernel-crypto-2194982a6602203f7aae3c1bc4dccfa469c34e1a.tar.gz kernel-crypto-2194982a6602203f7aae3c1bc4dccfa469c34e1a.tar.xz kernel-crypto-2194982a6602203f7aae3c1bc4dccfa469c34e1a.zip |
Examples were moved to examples/ directory.
Diffstat (limited to 'examples')
-rw-r--r-- | examples/Makefile | 9 | ||||
-rw-r--r-- | examples/cipher.c | 229 | ||||
-rw-r--r-- | examples/hmac.c | 208 |
3 files changed, 446 insertions, 0 deletions
diff --git a/examples/Makefile b/examples/Makefile new file mode 100644 index 00000000000..eb50a5f101f --- /dev/null +++ b/examples/Makefile @@ -0,0 +1,9 @@ +KERNEL_DIR ?= /lib/modules/$(shell uname -r)/build + +hostprogs := cipher hmac +example-cipher-objs := cipher.o +example-hmac-objs := hmac.o + +check: $(hostprogs) + ./cipher + ./hmac diff --git a/examples/cipher.c b/examples/cipher.c new file mode 100644 index 00000000000..d7982ae580e --- /dev/null +++ b/examples/cipher.c @@ -0,0 +1,229 @@ +/* + * Demo on how to use /dev/crypto device for ciphering. + * + * Placed under public domain. + * + */ +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <fcntl.h> + +#include <sys/ioctl.h> +#include <crypto/cryptodev.h> + +#define DATA_SIZE 4096 +#define BLOCK_SIZE 16 +#define KEY_SIZE 16 + +static int +test_crypto(int cfd) +{ + char plaintext[DATA_SIZE]; + char ciphertext[DATA_SIZE]; + char iv[BLOCK_SIZE]; + char key[KEY_SIZE]; + + struct session_op sess; + struct crypt_op cryp; + + memset(&sess, 0, sizeof(sess)); + memset(&cryp, 0, sizeof(cryp)); + + memset(plaintext, 0x15, sizeof(plaintext)); + memset(key, 0x33, sizeof(key)); + memset(iv, 0x03, sizeof(iv)); + + /* Get crypto session for AES128 */ + sess.cipher = CRYPTO_AES_CBC; + sess.keylen = KEY_SIZE; + sess.key = key; + if (ioctl(cfd, CIOCGSESSION, &sess)) { + perror("ioctl(CIOCGSESSION)"); + return 1; + } + + /* Encrypt data.in to data.encrypted */ + cryp.ses = sess.ses; + cryp.len = sizeof(plaintext); + cryp.src = plaintext; + cryp.dst = ciphertext; + cryp.iv = iv; + cryp.op = COP_ENCRYPT; + if (ioctl(cfd, CIOCCRYPT, &cryp)) { + perror("ioctl(CIOCCRYPT)"); + return 1; + } + + if (ioctl(cfd, CIOCGSESSION, &sess)) { + perror("ioctl(CIOCGSESSION)"); + return 1; + } + + /* Decrypt data.encrypted to data.decrypted */ + cryp.ses = sess.ses; + cryp.len = sizeof(plaintext); + cryp.src = ciphertext; + cryp.dst = ciphertext; + cryp.iv = iv; + cryp.op = COP_DECRYPT; + if (ioctl(cfd, CIOCCRYPT, &cryp)) { + perror("ioctl(CIOCCRYPT)"); + return 1; + } + + /* Verify the result */ + if (memcmp(plaintext, ciphertext, sizeof(plaintext)) != 0) { + fprintf(stderr, + "FAIL: Decrypted data are different from the input data.\n"); + return 1; + } else + printf("Test passed\n"); + + /* Finish crypto session */ + if (ioctl(cfd, CIOCFSESSION, &sess.ses)) { + perror("ioctl(CIOCFSESSION)"); + return 1; + } + + return 0; +} + +static int test_aes(int cfd) +{ + char plaintext1[BLOCK_SIZE]; + char ciphertext1[BLOCK_SIZE] = { 0xdf, 0x55, 0x6a, 0x33, 0x43, 0x8d, 0xb8, 0x7b, 0xc4, 0x1b, 0x17, 0x52, 0xc5, 0x5e, 0x5e, 0x49 }; + char iv1[BLOCK_SIZE]; + char key1[KEY_SIZE] = { 0xff, 0xff, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + char plaintext2[BLOCK_SIZE] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0x00 }; + char ciphertext2[BLOCK_SIZE] = { 0xb7, 0x97, 0x2b, 0x39, 0x41, 0xc4, 0x4b, 0x90, 0xaf, 0xa7, 0xb2, 0x64, 0xbf, 0xba, 0x73, 0x87 }; + char iv2[BLOCK_SIZE]; + char key2[KEY_SIZE]; + + struct session_op sess; + struct crypt_op cryp; + + memset(&sess, 0, sizeof(sess)); + memset(&cryp, 0, sizeof(cryp)); + + memset(plaintext1, 0x0, sizeof(plaintext1)); + memset(iv1, 0x0, sizeof(iv1)); + + /* Get crypto session for AES128 */ + sess.cipher = CRYPTO_AES_CBC; + sess.keylen = KEY_SIZE; + sess.key = key1; + if (ioctl(cfd, CIOCGSESSION, &sess)) { + perror("ioctl(CIOCGSESSION)"); + return 1; + } + + /* Encrypt data.in to data.encrypted */ + cryp.ses = sess.ses; + cryp.len = sizeof(plaintext1); + cryp.src = plaintext1; + cryp.dst = plaintext1; + cryp.iv = iv1; + cryp.op = COP_ENCRYPT; + if (ioctl(cfd, CIOCCRYPT, &cryp)) { + perror("ioctl(CIOCCRYPT)"); + return 1; + } + + /* Verify the result */ + if (memcmp(plaintext1, ciphertext1, sizeof(plaintext1)) != 0) { + fprintf(stderr, + "FAIL: Decrypted data are different from the input data.\n"); + return 1; + } + + /* Test 2 */ + + memset(key2, 0x0, sizeof(key2)); + memset(iv2, 0x0, sizeof(iv2)); + + /* Get crypto session for AES128 */ + sess.cipher = CRYPTO_AES_CBC; + sess.keylen = KEY_SIZE; + sess.key = key2; + if (ioctl(cfd, CIOCGSESSION, &sess)) { + perror("ioctl(CIOCGSESSION)"); + return 1; + } + + /* Encrypt data.in to data.encrypted */ + cryp.ses = sess.ses; + cryp.len = sizeof(plaintext2); + cryp.src = plaintext2; + cryp.dst = plaintext2; + cryp.iv = iv2; + cryp.op = COP_ENCRYPT; + if (ioctl(cfd, CIOCCRYPT, &cryp)) { + perror("ioctl(CIOCCRYPT)"); + return 1; + } + + /* Verify the result */ + if (memcmp(plaintext2, ciphertext2, sizeof(plaintext2)) != 0) { + fprintf(stderr, + "FAIL: Decrypted data are different from the input data.\n"); + return 1; + } + + printf("AES Test passed\n"); + + /* Finish crypto session */ + if (ioctl(cfd, CIOCFSESSION, &sess.ses)) { + perror("ioctl(CIOCFSESSION)"); + return 1; + } + + return 0; +} + +int +main() +{ + int fd = -1, cfd = -1; + + /* Open the crypto device */ + fd = open("/dev/crypto", O_RDWR, 0); + if (fd < 0) { + perror("open(/dev/crypto)"); + return 1; + } + + /* Clone file descriptor */ + if (ioctl(fd, CRIOGET, &cfd)) { + perror("ioctl(CRIOGET)"); + return 1; + } + + /* Set close-on-exec (not really neede here) */ + if (fcntl(cfd, F_SETFD, 1) == -1) { + perror("fcntl(F_SETFD)"); + return 1; + } + + /* Run the test itself */ + if (test_aes(cfd)) + return 1; + + if (test_crypto(cfd)) + return 1; + + /* Close cloned descriptor */ + if (close(cfd)) { + perror("close(cfd)"); + return 1; + } + + /* Close the original descriptor */ + if (close(fd)) { + perror("close(fd)"); + return 1; + } + + return 0; +} + diff --git a/examples/hmac.c b/examples/hmac.c new file mode 100644 index 00000000000..e652c1e30e2 --- /dev/null +++ b/examples/hmac.c @@ -0,0 +1,208 @@ +/* + * Demo on how to use /dev/crypto device for HMAC. + * + * Placed under public domain. + * + */ +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <fcntl.h> + +#include <sys/ioctl.h> +#include <crypto/cryptodev.h> + +#define DATA_SIZE 4096 +#define BLOCK_SIZE 16 +#define KEY_SIZE 16 + +static int +test_crypto(int cfd) +{ + struct { + uint8_t in[DATA_SIZE], + encrypted[DATA_SIZE], + decrypted[DATA_SIZE], + iv[BLOCK_SIZE], + key[KEY_SIZE]; + } data; + struct session_op sess; + struct crypt_op cryp; + uint8_t mac[HASH_MAX_LEN]; + uint8_t oldmac[HASH_MAX_LEN]; + uint8_t md5_hmac_out[] = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38"; + uint8_t sha1_out[] = "\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32"; + int i; + + memset(&sess, 0, sizeof(sess)); + memset(&cryp, 0, sizeof(cryp)); + + /* Use the garbage that is on the stack :-) */ + /* memset(&data, 0, sizeof(data)); */ + + /* SHA1 plain test */ + memset(mac, 0, sizeof(mac)); + + sess.cipher = 0; + sess.mac = CRYPTO_SHA1; + if (ioctl(cfd, CIOCGSESSION, &sess)) { + perror("ioctl(CIOCGSESSION)"); + return 1; + } + + cryp.ses = sess.ses; + cryp.len = sizeof("what do ya want for nothing?")-1; + cryp.src = "what do ya want for nothing?"; + cryp.mac = mac; + cryp.op = COP_ENCRYPT; + if (ioctl(cfd, CIOCCRYPT, &cryp)) { + perror("ioctl(CIOCCRYPT)"); + return 1; + } + + if (memcmp(mac, sha1_out, 20)!=0) { + printf("mac: "); + for (i=0;i<SHA1_HASH_LEN;i++) { + printf("%.2x", (uint8_t)mac[i]); + } + puts("\n"); + fprintf(stderr, "HASH test 1: failed\n"); + } else { + fprintf(stderr, "HASH test 1: passed\n"); + } + + /* MD5-HMAC test */ + memset(mac, 0, sizeof(mac)); + + sess.cipher = 0; + sess.mackey = (uint8_t*)"Jefe"; + sess.mackeylen = 4; + sess.mac = CRYPTO_MD5_HMAC; + if (ioctl(cfd, CIOCGSESSION, &sess)) { + perror("ioctl(CIOCGSESSION)"); + return 1; + } + + cryp.ses = sess.ses; + cryp.len = sizeof("what do ya want for nothing?")-1; + cryp.src = "what do ya want for nothing?"; + cryp.mac = mac; + cryp.op = COP_ENCRYPT; + if (ioctl(cfd, CIOCCRYPT, &cryp)) { + perror("ioctl(CIOCCRYPT)"); + return 1; + } + + if (memcmp(mac, md5_hmac_out, 16)!=0) { + printf("mac: "); + for (i=0;i<SHA1_HASH_LEN;i++) { + printf("%.2x", (uint8_t)mac[i]); + } + puts("\n"); + fprintf(stderr, "HMAC test 1: failed\n"); + } else { + fprintf(stderr, "HMAC test 1: passed\n"); + } + + /* Hash and encryption in one step test */ + sess.cipher = CRYPTO_AES_CBC; + sess.mac = CRYPTO_SHA1_HMAC; + sess.keylen = KEY_SIZE; + sess.key = data.key; + sess.mackeylen = 16; + sess.mackey = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; + if (ioctl(cfd, CIOCGSESSION, &sess)) { + perror("ioctl(CIOCGSESSION)"); + return 1; + } + + /* Encrypt data.in to data.encrypted */ + cryp.ses = sess.ses; + cryp.len = sizeof(data.in); + cryp.src = data.in; + cryp.dst = data.encrypted; + cryp.iv = data.iv; + cryp.mac = mac; + cryp.op = COP_ENCRYPT; + if (ioctl(cfd, CIOCCRYPT, &cryp)) { + perror("ioctl(CIOCCRYPT)"); + return 1; + } + + memcpy(oldmac, mac, sizeof(mac)); + + /* Decrypt data.encrypted to data.decrypted */ + cryp.src = data.encrypted; + cryp.dst = data.decrypted; + cryp.op = COP_DECRYPT; + if (ioctl(cfd, CIOCCRYPT, &cryp)) { + perror("ioctl(CIOCCRYPT)"); + return 1; + } + + /* Verify the result */ + if (memcmp(data.in, data.decrypted, sizeof(data.in)) != 0) { + fprintf(stderr, + "FAIL: Decrypted data are different from the input data.\n"); + return 1; + } else + printf("Crypt Test: passed\n"); + + if (memcmp(mac, oldmac, 20) != 0) { + fprintf(stderr, + "FAIL: Hash in decrypted data different than in encrypted.\n"); + return 1; + } else + printf("HMAC Test 2: passed\n"); + + /* Finish crypto session */ + if (ioctl(cfd, CIOCFSESSION, &sess.ses)) { + perror("ioctl(CIOCFSESSION)"); + return 1; + } + + return 0; +} + +int +main() +{ + int fd = -1, cfd = -1; + + /* Open the crypto device */ + fd = open("/dev/crypto", O_RDWR, 0); + if (fd < 0) { + perror("open(/dev/crypto)"); + return 1; + } + + /* Clone file descriptor */ + if (ioctl(fd, CRIOGET, &cfd)) { + perror("ioctl(CRIOGET)"); + return 1; + } + + /* Set close-on-exec (not really neede here) */ + if (fcntl(cfd, F_SETFD, 1) == -1) { + perror("fcntl(F_SETFD)"); + return 1; + } + + /* Run the test itself */ + if (test_crypto(cfd)) + return 1; + + /* Close cloned descriptor */ + if (close(cfd)) { + perror("close(cfd)"); + return 1; + } + + /* Close the original descriptor */ + if (close(fd)) { + perror("close(fd)"); + return 1; + } + + return 0; +} |