From nobody Thu Jan 06 22:47:20 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E4ADF193B5E1; Thu, 6 Jan 2022 22:47:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JVM1N3mL6z3v38; Thu, 6 Jan 2022 22:47:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 60FB228487; Thu, 6 Jan 2022 22:47:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 206MlKP9047410; Thu, 6 Jan 2022 22:47:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 206MlKM2047409; Thu, 6 Jan 2022 22:47:20 GMT (envelope-from git) Date: Thu, 6 Jan 2022 22:47:20 GMT Message-Id: <202201062247.206MlKM2047409@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 78beb051a266 - main - cryptocheck: Add aliases for algs with multiple key sizes. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 78beb051a2661b873342162b1ec0ad55b4e27261 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1641509240; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=52fFyU/JBtICsa4449itNY4Y+yASqWG7yt7WCFeeQM0=; b=jOTO8xEStxT/OKGrkwcZ0T6Y+PWY9/N6hMznEo94W7Pu8ZiUhZrju71y5OsXoORIe40I9Q aADnzp5eKemjpvIXkQJ0eJHLieUUkduo37W3FYTIP7pQfetibVlVkG/q2mFYqqIJTAqSqJ K38T6KkgAjk0PmcawxzkZvgKW0tz6OoiIb0lLL4NZPUEWBwp1qd2Le1o4aJVliavLq+7E3 o9rrgKRy5lQlQYj/6uMm0AF8MqmIP9vgCmzm2o+TfJitLfVoITTKvc2OxKl/T0P53hph3b VA8kaQbKOHC9/+VJkiGdlCLHEzExQsIWNzjXJqBI3lPYcQ2iPwbiHF3aH37F1g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1641509240; a=rsa-sha256; cv=none; b=BcAH9qAWqb7/LQG5nDQ01fnBtNkW0CdeF+wbzMbZ4L80h1aCpGDR/lE/wperMciktRK2QD RcIipK4Wb0TZzdykqfZ4UtRJ1QE6HsSpycGDcJWu3mS96ma6Unaojqp8C+Oi/EWLwNYugz W7PISIf+rJG38siPwSwMdeWLjoiZTG8ZvJWrxrfjJm4X5Fn7pnBNZ7PFKCUCOMRPKdqN/u xPfacqOUdk8j+scW/LKyT+hW1hsKZaQL7QevnQsExTHVIApBcJ64jsBMd5HgUFXMuC6GIY cqj1Ia/o/jhAZpqHx0wtVfXZhU1tz1oEKFHyH3b0E41QzWGLpolOqU6OSUHm7g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=78beb051a2661b873342162b1ec0ad55b4e27261 commit 78beb051a2661b873342162b1ec0ad55b4e27261 Author: John Baldwin AuthorDate: 2022-01-06 22:46:50 +0000 Commit: John Baldwin CommitDate: 2022-01-06 22:46:50 +0000 cryptocheck: Add aliases for algs with multiple key sizes. Previously algorithms such as AES-CBC would provide an algorithm without a key size for the smallest key size and additional algorithms with an explicit key size, e.g. "aes-cbc" (128 bits), "aes-cbc192", and "aes-cbc256". Instead, always make the key size name explicit and reuse the "generic" name to request running tests against all of the key sizes. For example, for AES-CBC this means "aes-cbc128" is now the name of the variant with a 128-bit key and "aes-cbc" runs tests of AES-CBC with all three key sizes. This makes it easier to run tests on all combinations of ciphers like AES-GCM or AES-CCM with -z in a single invocation. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33759 --- tools/tools/crypto/cryptocheck.c | 60 +++++++++++++++++++++++++++++----------- 1 file changed, 44 insertions(+), 16 deletions(-) diff --git a/tools/tools/crypto/cryptocheck.c b/tools/tools/crypto/cryptocheck.c index d4c0968173c6..bf2bf9e41340 100644 --- a/tools/tools/crypto/cryptocheck.c +++ b/tools/tools/crypto/cryptocheck.c @@ -102,21 +102,26 @@ * sha256hmac 256-bit SHA-2 HMAC * sha384hmac 384-bit SHA-2 HMAC * sha512hmac 512-bit SHA-2 HMAC - * gmac 128-bit GMAC + * gmac 128/192/256-bit GMAC + * gmac128 128-bit GMAC * gmac192 192-bit GMAC * gmac256 256-bit GMAC * poly1305 * * Ciphers: - * aes-cbc 128-bit AES-CBC + * aes-cbc 128/192/256-bit AES-CBC + * aes-cbc128 128-bit AES-CBC * aes-cbc192 192-bit AES-CBC * aes-cbc256 256-bit AES-CBC - * aes-ctr 128-bit AES-CTR + * aes-ctr 128/192/256-bit AES-CTR + * aes-ctr128 128-bit AES-CTR * aes-ctr192 192-bit AES-CTR * aes-ctr256 256-bit AES-CTR - * aes-xts 128-bit AES-XTS + * aes-xts 128/256-bit AES-XTS + * aes-xts128 128-bit AES-XTS * aes-xts256 256-bit AES-XTS - * camellia-cbc 128-bit Camellia-CBC + * camellia-cbc 128/192/256-bit Camellia-CBC + * camellia-cbc128 128-bit Camellia-CBC * camellia-cbc192 192-bit Camellia-CBC * camellia-cbc256 256-bit Camellia-CBC * chacha20 @@ -125,10 +130,12 @@ * + * * Authenticated Encryption with Associated Data: - * aes-gcm 128-bit AES-GCM + * aes-gcm 128/192/256-bit AES-GCM + * aes-gcm128 128-bit AES-GCM * aes-gcm192 192-bit AES-GCM * aes-gcm256 256-bit AES-GCM - * aes-ccm 128-bit AES-CCM + * aes-ccm 128/192/256-bit AES-CCM + * aes-ccm128 128-bit AES-CCM * aes-ccm192 192-bit AES-CCM * aes-ccm256 256-bit AES-CCM * chacha20-poly1305 Chacha20 with Poly1305 per RFC 8439 @@ -196,7 +203,7 @@ static const struct alg { .evp_md = EVP_blake2b512 }, { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH, .evp_md = EVP_blake2s256 }, - { .name = "gmac", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, + { .name = "gmac128", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_128_gcm }, { .name = "gmac192", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_192_gcm }, @@ -204,23 +211,23 @@ static const struct alg { .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_256_gcm }, { .name = "poly1305", .mac = CRYPTO_POLY1305, .type = T_DIGEST, .key_len = POLY1305_KEY_LEN, .pkey = EVP_PKEY_POLY1305 }, - { .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, + { .name = "aes-cbc128", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, .evp_cipher = EVP_aes_128_cbc }, { .name = "aes-cbc192", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, .evp_cipher = EVP_aes_192_cbc }, { .name = "aes-cbc256", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, .evp_cipher = EVP_aes_256_cbc }, - { .name = "aes-ctr", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER, + { .name = "aes-ctr128", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER, .evp_cipher = EVP_aes_128_ctr }, { .name = "aes-ctr192", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER, .evp_cipher = EVP_aes_192_ctr }, { .name = "aes-ctr256", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER, .evp_cipher = EVP_aes_256_ctr }, - { .name = "aes-xts", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER, + { .name = "aes-xts128", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER, .evp_cipher = EVP_aes_128_xts }, { .name = "aes-xts256", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER, .evp_cipher = EVP_aes_256_xts }, - { .name = "camellia-cbc", .cipher = CRYPTO_CAMELLIA_CBC, + { .name = "camellia-cbc128", .cipher = CRYPTO_CAMELLIA_CBC, .type = T_CIPHER, .evp_cipher = EVP_camellia_128_cbc }, { .name = "camellia-cbc192", .cipher = CRYPTO_CAMELLIA_CBC, .type = T_CIPHER, .evp_cipher = EVP_camellia_192_cbc }, @@ -228,16 +235,16 @@ static const struct alg { .type = T_CIPHER, .evp_cipher = EVP_camellia_256_cbc }, { .name = "chacha20", .cipher = CRYPTO_CHACHA20, .type = T_CIPHER, .evp_cipher = EVP_chacha20 }, - { .name = "aes-gcm", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD, - .tag_len = AES_GMAC_HASH_LEN, .iv_sizes = { AES_GCM_IV_LEN }, - .evp_cipher = EVP_aes_128_gcm }, + { .name = "aes-gcm128", .cipher = CRYPTO_AES_NIST_GCM_16, + .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN, + .iv_sizes = { AES_GCM_IV_LEN }, .evp_cipher = EVP_aes_128_gcm }, { .name = "aes-gcm192", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN, .iv_sizes = { AES_GCM_IV_LEN }, .evp_cipher = EVP_aes_192_gcm }, { .name = "aes-gcm256", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN, .iv_sizes = { AES_GCM_IV_LEN }, .evp_cipher = EVP_aes_256_gcm }, - { .name = "aes-ccm", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, + { .name = "aes-ccm128", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, .tag_len = AES_CBC_MAC_HASH_LEN, .iv_sizes = { 12, 7, 8, 9, 10, 11, 13 }, .evp_cipher = EVP_aes_128_ccm }, { .name = "aes-ccm192", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, @@ -1731,6 +1738,19 @@ run_aead_tests(void) run_test_sizes(&algs[i]); } +static void +run_prefix_tests(const char *prefix) +{ + size_t prefix_len; + u_int i; + + prefix_len = strlen(prefix); + for (i = 0; i < nitems(algs); i++) + if (strlen(algs[i].name) >= prefix_len && + memcmp(algs[i].name, prefix, prefix_len) == 0) + run_test_sizes(&algs[i]); +} + int main(int ac, char **av) { @@ -1860,6 +1880,14 @@ main(int ac, char **av) run_eta_tests(); else if (strcasecmp(algname, "aead") == 0) run_aead_tests(); + else if (strcasecmp(algname, "gmac") == 0 || + strcasecmp(algname, "aes-cbc") == 0 || + strcasecmp(algname, "aes-ctr") == 0 || + strcasecmp(algname, "aes-xts") == 0 || + strcasecmp(algname, "camellia-cbc") == 0 || + strcasecmp(algname, "aes-gcm") == 0 || + strcasecmp(algname, "aes-ccm") == 0) + run_prefix_tests(algname); else if (strcasecmp(algname, "all") == 0) { run_hash_tests(); run_mac_tests();