git: f0e7c59d30ca - stable/13 - cryptocheck: Add aliases for algs with multiple key sizes.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: John Baldwin <jhb_at_FreeBSD.org>
Date: Fri, 29 Apr 2022 23:12:32 UTC
The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=f0e7c59d30ca99fa921a2d93897c2a4610b932e4

commit f0e7c59d30ca99fa921a2d93897c2a4610b932e4
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-01-06 22:46:50 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-04-29 22:53:14 +0000

    cryptocheck: Add aliases for algs with multiple key sizes.
    
    Previously algorithms such as AES-CBC would provide an algorithm
    without a key size for the smallest key size and additional algorithms
    with an explicit key size, e.g. "aes-cbc" (128 bits), "aes-cbc192",
    and "aes-cbc256".
    
    Instead, always make the key size name explicit and reuse the
    "generic" name to request running tests against all of the key sizes.
    For example, for AES-CBC this means "aes-cbc128" is now the name of
    the variant with a 128-bit key and "aes-cbc" runs tests of AES-CBC
    with all three key sizes.
    
    This makes it easier to run tests on all combinations of ciphers like
    AES-GCM or AES-CCM with -z in a single invocation.
    
    Reviewed by:    markj
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D33759
    
    (cherry picked from commit 78beb051a2661b873342162b1ec0ad55b4e27261)
---
 tools/tools/crypto/cryptocheck.c | 60 +++++++++++++++++++++++++++++-----------
 1 file changed, 44 insertions(+), 16 deletions(-)

diff --git a/tools/tools/crypto/cryptocheck.c b/tools/tools/crypto/cryptocheck.c
index a2343675b927..e3102a9926d2 100644
--- a/tools/tools/crypto/cryptocheck.c
+++ b/tools/tools/crypto/cryptocheck.c
@@ -102,21 +102,26 @@
  *	sha256hmac	256-bit SHA-2 HMAC
  *	sha384hmac	384-bit SHA-2 HMAC
  *	sha512hmac	512-bit	SHA-2 HMAC
- *	gmac		128-bit GMAC
+ *	gmac		128/192/256-bit GMAC
+ *	gmac128		128-bit GMAC
  *	gmac192		192-bit GMAC
  *	gmac256		256-bit GMAC
  *	poly1305
  *
  * Ciphers:
- *	aes-cbc		128-bit AES-CBC
+ *	aes-cbc		128/192/256-bit AES-CBC
+ *	aes-cbc128	128-bit AES-CBC
  *	aes-cbc192	192-bit	AES-CBC
  *	aes-cbc256	256-bit AES-CBC
- *	aes-ctr		128-bit AES-CTR
+ *	aes-ctr		128/192/256-bit AES-CTR
+ *	aes-ctr128	128-bit AES-CTR
  *	aes-ctr192	192-bit AES-CTR
  *	aes-ctr256	256-bit AES-CTR
- *	aes-xts		128-bit AES-XTS
+ *	aes-xts		128/256-bit AES-XTS
+ *	aes-xts128	128-bit AES-XTS
  *	aes-xts256	256-bit AES-XTS
- *	camellia-cbc	128-bit Camellia-CBC
+ *	camellia-cbc	128/192/256-bit Camellia-CBC
+ *	camellia-cbc128	128-bit Camellia-CBC
  *	camellia-cbc192	192-bit	Camellia-CBC
  *	camellia-cbc256	256-bit Camellia-CBC
  *	chacha20
@@ -125,10 +130,12 @@
  *	<cipher>+<mac>
  *
  * Authenticated Encryption with Associated Data:
- *	aes-gcm		128-bit AES-GCM
+ *	aes-gcm		128/192/256-bit AES-GCM
+ *	aes-gcm128	128-bit AES-GCM
  *	aes-gcm192	192-bit AES-GCM
  *	aes-gcm256	256-bit AES-GCM
- *	aes-ccm		128-bit AES-CCM
+ *	aes-ccm		128/192/256-bit AES-CCM
+ *	aes-ccm128	128-bit AES-CCM
  *	aes-ccm192	192-bit AES-CCM
  *	aes-ccm256	256-bit AES-CCM
  *	chacha20-poly1305 Chacha20 with Poly1305 per RFC 8439
@@ -194,7 +201,7 @@ static const struct alg {
 	  .evp_md = EVP_blake2b512 },
 	{ .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH,
 	  .evp_md = EVP_blake2s256 },
-	{ .name = "gmac", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
+	{ .name = "gmac128", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
 	  .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_128_gcm },
 	{ .name = "gmac192", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC,
 	  .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_192_gcm },
@@ -202,23 +209,23 @@ static const struct alg {
 	  .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_256_gcm },
 	{ .name = "poly1305", .mac = CRYPTO_POLY1305, .type = T_DIGEST,
 	  .key_len = POLY1305_KEY_LEN, .pkey = EVP_PKEY_POLY1305 },
-	{ .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
+	{ .name = "aes-cbc128", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
 	  .evp_cipher = EVP_aes_128_cbc },
 	{ .name = "aes-cbc192", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
 	  .evp_cipher = EVP_aes_192_cbc },
 	{ .name = "aes-cbc256", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER,
 	  .evp_cipher = EVP_aes_256_cbc },
-	{ .name = "aes-ctr", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
+	{ .name = "aes-ctr128", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
 	  .evp_cipher = EVP_aes_128_ctr },
 	{ .name = "aes-ctr192", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
 	  .evp_cipher = EVP_aes_192_ctr },
 	{ .name = "aes-ctr256", .cipher = CRYPTO_AES_ICM, .type = T_CIPHER,
 	  .evp_cipher = EVP_aes_256_ctr },
-	{ .name = "aes-xts", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER,
+	{ .name = "aes-xts128", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER,
 	  .evp_cipher = EVP_aes_128_xts },
 	{ .name = "aes-xts256", .cipher = CRYPTO_AES_XTS, .type = T_CIPHER,
 	  .evp_cipher = EVP_aes_256_xts },
-	{ .name = "camellia-cbc", .cipher = CRYPTO_CAMELLIA_CBC,
+	{ .name = "camellia-cbc128", .cipher = CRYPTO_CAMELLIA_CBC,
 	  .type = T_CIPHER, .evp_cipher = EVP_camellia_128_cbc },
 	{ .name = "camellia-cbc192", .cipher = CRYPTO_CAMELLIA_CBC,
 	  .type = T_CIPHER, .evp_cipher = EVP_camellia_192_cbc },
@@ -226,16 +233,16 @@ static const struct alg {
 	  .type = T_CIPHER, .evp_cipher = EVP_camellia_256_cbc },
 	{ .name = "chacha20", .cipher = CRYPTO_CHACHA20, .type = T_CIPHER,
 	  .evp_cipher = EVP_chacha20 },
-	{ .name = "aes-gcm", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD,
-	  .tag_len = AES_GMAC_HASH_LEN, .iv_sizes = { AES_GCM_IV_LEN },
-	  .evp_cipher = EVP_aes_128_gcm },
+	{ .name = "aes-gcm128", .cipher = CRYPTO_AES_NIST_GCM_16,
+	  .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN,
+	  .iv_sizes = { AES_GCM_IV_LEN }, .evp_cipher = EVP_aes_128_gcm },
 	{ .name = "aes-gcm192", .cipher = CRYPTO_AES_NIST_GCM_16,
 	  .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN,
 	  .iv_sizes = { AES_GCM_IV_LEN }, .evp_cipher = EVP_aes_192_gcm },
 	{ .name = "aes-gcm256", .cipher = CRYPTO_AES_NIST_GCM_16,
 	  .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN,
 	  .iv_sizes = { AES_GCM_IV_LEN }, .evp_cipher = EVP_aes_256_gcm },
-	{ .name = "aes-ccm", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
+	{ .name = "aes-ccm128", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
 	  .tag_len = AES_CBC_MAC_HASH_LEN, .iv_sizes = { 12, 7, 8, 9, 10, 11, 13 },
 	  .evp_cipher = EVP_aes_128_ccm },
 	{ .name = "aes-ccm192", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD,
@@ -1729,6 +1736,19 @@ run_aead_tests(void)
 			run_test_sizes(&algs[i]);
 }
 
+static void
+run_prefix_tests(const char *prefix)
+{
+	size_t prefix_len;
+	u_int i;
+
+	prefix_len = strlen(prefix);
+	for (i = 0; i < nitems(algs); i++)
+		if (strlen(algs[i].name) >= prefix_len &&
+		    memcmp(algs[i].name, prefix, prefix_len) == 0)
+			run_test_sizes(&algs[i]);
+}
+
 int
 main(int ac, char **av)
 {
@@ -1858,6 +1878,14 @@ main(int ac, char **av)
 		run_eta_tests();
 	else if (strcasecmp(algname, "aead") == 0)
 		run_aead_tests();
+	else if (strcasecmp(algname, "gmac") == 0 ||
+	    strcasecmp(algname, "aes-cbc") == 0 ||
+	    strcasecmp(algname, "aes-ctr") == 0 ||
+	    strcasecmp(algname, "aes-xts") == 0 ||
+	    strcasecmp(algname, "camellia-cbc") == 0 ||
+	    strcasecmp(algname, "aes-gcm") == 0 ||
+	    strcasecmp(algname, "aes-ccm") == 0)
+		run_prefix_tests(algname);
 	else if (strcasecmp(algname, "all") == 0) {
 		run_hash_tests();
 		run_mac_tests();