From 2b98f9da5ca9a73a5e07360ba188cb7670e30e71 Mon Sep 17 00:00:00 2001 From: makejian Date: Wed, 13 Nov 2024 21:32:45 +0800 Subject: [PATCH 1/9] testing/crypto: change crypto module testcase into cmocka Convert crypto test cases from CLI-based tests to cmocka unit testing framework. This improves test isolation, mocking capabilities, and assertion handling. Refactored test cases for AES, 3DES, CRC32, HMAC, Hash, DHM, ECDSA, and RSA algorithms. Signed-off-by: makejian --- testing/drivers/crypto/3descbc.c | 29 +- testing/drivers/crypto/CMakeLists.txt | 44 ++- testing/drivers/crypto/Kconfig | 1 + testing/drivers/crypto/aescbc.c | 75 +++-- testing/drivers/crypto/aescmac.c | 49 +-- testing/drivers/crypto/aesctr.c | 33 +- testing/drivers/crypto/aesxts.c | 38 ++- testing/drivers/crypto/crc32.c | 115 +++---- testing/drivers/crypto/dhm.c | 74 ++--- testing/drivers/crypto/hash.c | 423 ++++++++++---------------- testing/drivers/crypto/hmac.c | 141 +++++---- testing/drivers/crypto/rsa.c | 93 ++---- 12 files changed, 481 insertions(+), 634 deletions(-) diff --git a/testing/drivers/crypto/3descbc.c b/testing/drivers/crypto/3descbc.c index 7966e34bb09..09b880516eb 100644 --- a/testing/drivers/crypto/3descbc.c +++ b/testing/drivers/crypto/3descbc.c @@ -29,6 +29,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -138,15 +144,11 @@ static int match(FAR unsigned char *a, FAR unsigned char *b, size_t len) } #define SZ 16 -/**************************************************************************** - * Public Functions - ****************************************************************************/ - -int main(int argc, FAR char **argv) +static void test_3descbc(void **state) { + const unsigned char key[24] = "012345670123456701234567"; unsigned char iv0[8]; unsigned char iv[8]; - unsigned char key[24] = "012345670123456701234567"; unsigned char b1[SZ]; unsigned char b2[SZ]; int i; @@ -202,5 +204,18 @@ int main(int argc, FAR char **argv) printf("ok, encrypt with /dev/crypto, decrypt with /dev/crypto\n"); } - exit((fail > 0) ? 1 : 0); + assert_int_equal(fail, 0); +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +int main(int argc, FAR char *argv[]) +{ + const struct CMUnitTest descbc_tests[] = { + cmocka_unit_test(test_3descbc), + }; + + return cmocka_run_group_tests(descbc_tests, NULL, NULL); } diff --git a/testing/drivers/crypto/CMakeLists.txt b/testing/drivers/crypto/CMakeLists.txt index 3918043a134..36e22236db4 100644 --- a/testing/drivers/crypto/CMakeLists.txt +++ b/testing/drivers/crypto/CMakeLists.txt @@ -32,7 +32,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - 3descbc.c) + 3descbc.c + DEPENDS + cmocka) endif() if(CONFIG_TESTING_CRYPTO_AES_XTS) @@ -46,7 +48,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - aesxts.c) + aesxts.c + DEPENDS + cmocka) endif() if(CONFIG_TESTING_CRYPTO_AES_CTR) @@ -60,7 +64,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - aesctr.c) + aesctr.c + DEPENDS + cmocka) endif() if(CONFIG_TESTING_CRYPTO_AES_CBC) @@ -74,7 +80,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - aescbc.c) + aescbc.c + DEPENDS + cmocka) endif() if(CONFIG_TESTING_CRYPTO_HMAC) @@ -88,7 +96,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - hmac.c) + hmac.c + DEPENDS + cmocka) endif() if(CONFIG_TESTING_CRYPTO_HASH) @@ -102,7 +112,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - hash.c) + hash.c + DEPENDS + cmocka) endif() if(CONFIG_TESTING_CRYPTO_CRC32) @@ -116,7 +128,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - crc32.c) + crc32.c + DEPENDS + cmocka) endif() if(CONFIG_TESTING_CRYPTO_AES_CMAC) @@ -130,7 +144,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - aescmac.c) + aescmac.c + DEPENDS + cmocka) endif() if(CONFIG_TESTING_CRYPTO_ECDSA) @@ -144,7 +160,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - ecdsa.c) + ecdsa.c + DEPENDS + cmocka) endif() if(CONFIG_TESTING_CRYPTO_ECDH) @@ -158,7 +176,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - dhm.c) + dhm.c + DEPENDS + cmocka) endif() if(CONFIG_TESTING_CRYPTO_RSA) @@ -172,7 +192,9 @@ if(CONFIG_TESTING_CRYPTO) MODULE ${CONFIG_TESTING_CRYPTO} SRCS - rsa.c) + rsa.c + DEPENDS + cmocka) endif() endif() diff --git a/testing/drivers/crypto/Kconfig b/testing/drivers/crypto/Kconfig index 8eca7f72802..d91f4aeea5e 100644 --- a/testing/drivers/crypto/Kconfig +++ b/testing/drivers/crypto/Kconfig @@ -1,6 +1,7 @@ config TESTING_CRYPTO tristate "crypto test" default n + depends on TESTING_CMOCKA ---help--- Enable crypto test diff --git a/testing/drivers/crypto/aescbc.c b/testing/drivers/crypto/aescbc.c index c807cb151ac..7a7558aa0f7 100644 --- a/testing/drivers/crypto/aescbc.c +++ b/testing/drivers/crypto/aescbc.c @@ -21,6 +21,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -45,7 +51,7 @@ struct tb FAR const char *cipher; uint32_t len; } -static testcase [] = +static const g_testcase [] = { { "\x06\xa9\x21\x40\x36\xb8\xa1\x5b\x51\x2e\x03\xd5\x34\x12\x00\x06", @@ -186,50 +192,37 @@ static int match(FAR unsigned char *a, FAR unsigned char *b, size_t len) return -1; } -/**************************************************************************** - * Public Functions - ****************************************************************************/ - -int main(int argc, char *argv[]) +static void test_aescbc(void **state) { - int ret; unsigned char out[64]; - for (int i = 0; i < nitems(testcase); i++) + for (int i = 0; i < nitems(g_testcase); i++) { - ret = syscrypt(testcase[i].key, 16, testcase[i].iv, testcase[i].plain, - out, testcase[i].len, 1); - if (ret) - { - printf("aescbc encrypt field in testcase:%d\n", i); - return -1; - } - - ret = match(out, (FAR unsigned char *)testcase[i].cipher, - testcase[i].len); - if (ret) - { - printf("aescbc encrypt field in testcase:%d\n", i); - return -1; - } - - ret = syscrypt(testcase[i].key, 16, testcase[i].iv, testcase[i].cipher, - out, testcase[i].len, 0); - if (ret) - { - printf("aescbc decrypt field in testcase:%d\n", i); - return -1; - } - - ret = match(out, (FAR unsigned char *)testcase[i].plain, - testcase[i].len); - if (ret) - { - printf("aescbc decrypt field in testcase:%d\n", i); - return -1; - } + assert_int_equal(syscrypt(g_testcase[i].key, 16, + g_testcase[i].iv, g_testcase[i].plain, + out, g_testcase[i].len, 1), 0); + + assert_int_equal(match(out, (FAR unsigned char *)g_testcase[i].cipher, + g_testcase[i].len), 0); + + assert_int_equal(syscrypt(g_testcase[i].key, 16, + g_testcase[i].iv, g_testcase[i].cipher, + out, g_testcase[i].len, 0), 0); + + assert_int_equal(match(out, (FAR unsigned char *)g_testcase[i].plain, + g_testcase[i].len), 0); } +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +int main(int argc, FAR char *argv[]) +{ + const struct CMUnitTest aescbc_tests[] = { + cmocka_unit_test(test_aescbc), + }; - printf("aescbc test ok\n"); - return 0; + return cmocka_run_group_tests(aescbc_tests, NULL, NULL); } diff --git a/testing/drivers/crypto/aescmac.c b/testing/drivers/crypto/aescmac.c index 0874e99580f..2706343206f 100644 --- a/testing/drivers/crypto/aescmac.c +++ b/testing/drivers/crypto/aescmac.c @@ -20,6 +20,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -52,7 +58,7 @@ static const unsigned char g_aes_128_key[16] = 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; -static const unsigned int g_message_lengths[4] = +static const unsigned int g_message_lengths[4] = { 0, 16, @@ -189,34 +195,29 @@ static int match(FAR const unsigned char *a, FAR const unsigned char *b, return -1; } -/**************************************************************************** - * Public Functions - ****************************************************************************/ - -int main(int argc, FAR char *argv[]) +static void test_aescmac(void **state) { - int ret; unsigned char out[64]; for (int i = 0; i < 4; i++) { - ret = syscrypt(g_aes_128_key, sizeof(g_aes_128_key), g_test_message, - g_message_lengths[i], out, sizeof(out)); - if (ret) - { - printf("aes cmac failed in testcase:%d\n", i); - return -1; - } - - ret = match(out, g_aes_128_expected_result[i], 16); - if (ret) - { - printf("aes cmac failed in testcase:%d\n", i); - return -1; - } - - printf("aescbc test %d ok\n", i); + assert_int_equal(syscrypt(g_aes_128_key, sizeof(g_aes_128_key), + g_test_message, g_message_lengths[i], + out, sizeof(out)), 0); + + assert_int_equal(match(out, g_aes_128_expected_result[i], 16), 0); } +} - return 0; +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +int main(int argc, FAR char *argv[]) +{ + const struct CMUnitTest aescmac_tests[] = { + cmocka_unit_test(test_aescmac), + }; + + return cmocka_run_group_tests(aescmac_tests, NULL, NULL); } diff --git a/testing/drivers/crypto/aesctr.c b/testing/drivers/crypto/aesctr.c index 25bbc8600ad..9920b954374 100644 --- a/testing/drivers/crypto/aesctr.c +++ b/testing/drivers/crypto/aesctr.c @@ -21,6 +21,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -51,7 +57,7 @@ struct { FAR char *data[TST_NUM]; } -static tests[] = +static const g_tests[] = { /* 128 bit key */ @@ -289,7 +295,7 @@ static int run(int num) for (i = 0; i < TST_NUM; i++) { - from = tests[num].data[i]; + from = g_tests[num].data[i]; if (debug) { printf("%s\n", from); @@ -342,19 +348,28 @@ static int run(int num) return (fail); } -/**************************************************************************** - * Public Functions - ****************************************************************************/ - -int main(int argc, FAR char **argv) +static void test_aesctr(void **state) { int fail = 0; int i; - for (i = 0; i < nitems(tests); i++) + for (i = 0; i < nitems(g_tests); i++) { fail += run(i); } - exit((fail > 0) ? 1 : 0); + assert_int_equal(fail, 0); +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +int main(int argc, FAR char *argv[]) +{ + const struct CMUnitTest aesctr_tests[] = { + cmocka_unit_test(test_aesctr), + }; + + return cmocka_run_group_tests(aesctr_tests, NULL, NULL); } diff --git a/testing/drivers/crypto/aesxts.c b/testing/drivers/crypto/aesxts.c index bcae79ad43b..dc7afc3c13f 100644 --- a/testing/drivers/crypto/aesxts.c +++ b/testing/drivers/crypto/aesxts.c @@ -30,6 +30,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -63,7 +69,7 @@ struct aes_xts_tv /* Test vectors from IEEE P1619/D16, Annex B. */ -struct aes_xts_tv aes_xts_test_vectors[] = +static const struct aes_xts_tv g_aes_xts_test_vectors[] = { { 0x00000000ull, @@ -1729,7 +1735,8 @@ struct aes_xts_tv aes_xts_test_vectors[] = }, }; -static int match(FAR unsigned char *a, FAR unsigned char *b, size_t len) +static int match(FAR unsigned char *a, + FAR const unsigned char *b, size_t len) { size_t i; @@ -1826,20 +1833,16 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, return (-1); } -/**************************************************************************** - * Public Functions - ****************************************************************************/ - -int main(int argc, FAR char **argv) +static void test_aesxts(void **state) { - struct aes_xts_tv *tv; + const struct aes_xts_tv *tv; u_int8_t result[512]; int fail = 0; size_t i; - for (i = 0; i < nitems(aes_xts_test_vectors); i++) + for (i = 0; i < nitems(g_aes_xts_test_vectors); i++) { - tv = &aes_xts_test_vectors[i]; + tv = &g_aes_xts_test_vectors[i]; /* Encrypt test */ @@ -1878,5 +1881,18 @@ int main(int argc, FAR char **argv) printf("OK decrypt test vector %zu\n", i); } - exit((fail > 0) ? 1 : 0); + assert_int_equal(fail, 0); +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +int main(int argc, FAR char *argv[]) +{ + const struct CMUnitTest aesxts_tests[] = { + cmocka_unit_test(test_aesxts), + }; + + return cmocka_run_group_tests(aesxts_tests, NULL, NULL); } diff --git a/testing/drivers/crypto/crc32.c b/testing/drivers/crypto/crc32.c index f21fd8d2899..bf49e73c2ba 100644 --- a/testing/drivers/crypto/crc32.c +++ b/testing/drivers/crypto/crc32.c @@ -20,6 +20,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -47,7 +53,7 @@ typedef struct tb } tb; -static tb g_crc32_testcase[] = +static const tb g_crc32_testcase[] = { /* testcase 1-7: Individual testing */ @@ -193,108 +199,59 @@ static int match(const uint32_t a, const uint32_t b) warnx("crc32 mismatch"); - printf("%02lx", a); - printf("%02lx", b); + printf("%02x", a); + printf("%02x", b); printf("\n"); return 1; } -/**************************************************************************** - * Public Functions - ****************************************************************************/ - -int main(void) +static void test_crc32(void **state) { crypto_context crc32_ctx; uint32_t output; uint32_t startval = 0; - int ret = 0; int i; - ret = syscrc32_init(&crc32_ctx); - if (ret != 0) - { - printf("syscrc32 init failed\n"); - } + assert_int_equal(syscrc32_init(&crc32_ctx), 0); /* testcase 1-7: test crc32 vector */ for (i = 0; i < sizeof(g_crc32_testcase) / sizeof(tb) - 1; i++) { - ret = syscrc32_start(&crc32_ctx, &startval); - if (ret != 0) - { - printf("syscrc32 start failed\n"); - goto err; - } - - ret = syscrc32_update(&crc32_ctx, g_crc32_testcase[i].data, - g_crc32_testcase[i].datalen); - if (ret) - { - printf("syscrc32 update failed\n"); - goto err; - } - - ret = syscrc32_finish(&crc32_ctx, &output); - if (ret) - { - printf("syscrc32 finish failed\n"); - goto err; - } - - ret = match(g_crc32_testcase[i].result, output); - if (ret) - { - printf("match crc32 test case %d failed\n", i + 1); - goto err; - } - else - { - printf("crc32 test case %d success\n", i + 1); - } + assert_int_equal(syscrc32_start(&crc32_ctx, &startval), 0); + assert_int_equal(syscrc32_update(&crc32_ctx, g_crc32_testcase[i].data, + g_crc32_testcase[i].datalen), 0); + + assert_int_equal(syscrc32_finish(&crc32_ctx, &output), 0); + assert_int_equal(match(g_crc32_testcase[i].result, output), 0); } /* testcase 8: test segmented computing capabilities in crc32 mode */ for (i = 0; i < 8; i++) { - ret = syscrc32_start(&crc32_ctx, &startval); - if (ret != 0) - { - printf("syscrc32 start failed\n"); - goto err; - } - - ret = syscrc32_update(&crc32_ctx, g_crc32_testcase[7].data, - g_crc32_testcase[7].datalen); - if (ret) - { - printf("syscrc32 update failed\n"); - goto err; - } - - ret = syscrc32_finish(&crc32_ctx, &startval); - if (ret) - { - printf("syscrc32 finish failed\n"); - goto err; - } - } + assert_int_equal(syscrc32_start(&crc32_ctx, &startval), 0); - ret = match(g_crc32_testcase[7].result, startval); - if (ret) - { - printf("match crc32 testcase 8 failed\n"); - goto err; - } - else - { - printf("crc32 test case 8 success\n"); + assert_int_equal(syscrc32_update(&crc32_ctx, g_crc32_testcase[7].data, + g_crc32_testcase[7].datalen), 0); + + assert_int_equal(syscrc32_finish(&crc32_ctx, &startval), 0); } -err: + assert_int_equal(match(g_crc32_testcase[7].result, startval), 0); syscrc32_free(&crc32_ctx); - return 0; +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +int main(int argc, FAR char *argv[]) +{ + const struct CMUnitTest crc32_tests[] = { + cmocka_unit_test(test_crc32), + }; + + return cmocka_run_group_tests(crc32_tests, NULL, NULL); } diff --git a/testing/drivers/crypto/dhm.c b/testing/drivers/crypto/dhm.c index 9595e4cb416..39501214b0f 100644 --- a/testing/drivers/crypto/dhm.c +++ b/testing/drivers/crypto/dhm.c @@ -23,6 +23,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -220,9 +226,8 @@ static int dh_compute_key(FAR cryptodev_context *ctx, return 0; } -static int test_dh_compute_key(void) +static void test_dhm(void **state) { - int ret; cryptodev_context ctx; static const unsigned char dhm_p_1024[] = DHM_RFC5114_MODP_1024_P_BIN; @@ -235,11 +240,7 @@ static int test_dh_compute_key(void) unsigned char gx2[DHM_SIZE]; unsigned char k2[DHM_SIZE]; - ret = cryptodev_init(&ctx); - if (ret != 0) - { - goto free; - } + assert_int_equal(cryptodev_init(&ctx), 0); /* X-private key GX-pulic key K-share key */ @@ -250,63 +251,32 @@ static int test_dh_compute_key(void) memset(gx2, 0, DHM_SIZE); memset(k2, 0, DHM_SIZE); - ret = dh_make_public(&ctx, dhm_p_1024, DHM_SIZE, dhm_g_1024, - DHM_SIZE, x1, DHM_SIZE, gx1, DHM_SIZE); - if (ret != 0) - { - printf("DH make Alice's public key failed\n"); - goto free; - } + assert_int_equal(dh_make_public(&ctx, dhm_p_1024, DHM_SIZE, dhm_g_1024, + DHM_SIZE, x1, DHM_SIZE, gx1, DHM_SIZE), 0); - ret = dh_make_public(&ctx, dhm_p_1024, DHM_SIZE, dhm_g_1024, - DHM_SIZE, x2, DHM_SIZE, gx2, DHM_SIZE); - if (ret != 0) - { - printf("DH make Bob's public failed\n"); - goto free; - } + assert_int_equal(dh_make_public(&ctx, dhm_p_1024, DHM_SIZE, dhm_g_1024, + DHM_SIZE, x2, DHM_SIZE, gx2, DHM_SIZE), 0); - ret = dh_compute_key(&ctx, gx2, DHM_SIZE, x1, DHM_SIZE, - dhm_p_1024, DHM_SIZE, k1, DHM_SIZE); - if (ret != 0) - { - printf("DH compute Alice's share key failed\n"); - goto free; - } + assert_int_equal(dh_compute_key(&ctx, gx2, DHM_SIZE, x1, DHM_SIZE, + dhm_p_1024, DHM_SIZE, k1, DHM_SIZE), 0); - ret = dh_compute_key(&ctx, gx1, DHM_SIZE, x2, DHM_SIZE, - dhm_p_1024, DHM_SIZE, k2, DHM_SIZE); - if (ret != 0) - { - printf("DH compute Bob's share key failed\n"); - goto free; - } + assert_int_equal(dh_compute_key(&ctx, gx1, DHM_SIZE, x2, DHM_SIZE, + dhm_p_1024, DHM_SIZE, k2, DHM_SIZE), 0); - ret = match(k1, k2, DHM_SIZE); - if (ret != 0) - { - printf("mismatch share key\n"); - } + assert_int_equal(match(k1, k2, DHM_SIZE), 0); -free: cryptodev_free(&ctx); - return 0; } /**************************************************************************** * Public Functions ****************************************************************************/ -int main(void) +int main(int argc, FAR char *argv[]) { - if (test_dh_compute_key() != 0) - { - printf("test dh compute key failed\n"); - } - else - { - printf("test dh compute key ok\n"); - } + const struct CMUnitTest dhm_tests[] = { + cmocka_unit_test(test_dhm), + }; - return 0; + return cmocka_run_group_tests(dhm_tests, NULL, NULL); } diff --git a/testing/drivers/crypto/hash.c b/testing/drivers/crypto/hash.c index a4688124e61..03773fd61f7 100644 --- a/testing/drivers/crypto/hash.c +++ b/testing/drivers/crypto/hash.c @@ -20,6 +20,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -53,7 +59,7 @@ typedef struct tb } tb; -tb md5_testcase[] = +static const tb g_md5_testcase[] = { { "", @@ -86,7 +92,7 @@ tb md5_testcase[] = } }; -tb sha_testcase[] = +static const tb g_sha_testcase[] = { { "abc", @@ -102,7 +108,7 @@ tb sha_testcase[] = } }; -tb sha512_testcase[] = +static const tb g_sha512_testcase[] = { { "abc", @@ -121,7 +127,7 @@ tb sha512_testcase[] = /* RFC 1321 test vectors */ -static const unsigned char md5_result[7][16] = +static const unsigned char g_md5_result[7][16] = { { 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e }, @@ -141,7 +147,7 @@ static const unsigned char md5_result[7][16] = /* FIPS-180-1 test vectors */ -static const unsigned char sha1_result[3][20] = +static const unsigned char g_sha1_result[3][20] = { { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d }, @@ -153,7 +159,7 @@ static const unsigned char sha1_result[3][20] = /* FIPS-180-2 test vectors */ -static const unsigned char sha256_result[3][32] = +static const unsigned char g_sha256_result[3][32] = { { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, @@ -171,7 +177,7 @@ static const unsigned char sha256_result[3][32] = /* FIPS-180-2 test vectors */ -static const unsigned char sha512_result[3][64] = +static const unsigned char g_sha512_result[3][64] = { { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, @@ -200,19 +206,19 @@ static const unsigned char sha512_result[3][64] = }; #ifdef CONFIG_TESTING_CRYPTO_HASH_HUGE_BLOCK -static const unsigned char md5_huge_block_result[16] = +static const unsigned char g_md5_huge_block_result[16] = { 0xef, 0x6d, 0xcc, 0xc8, 0xe1, 0xcc, 0x7f, 0x08, 0xc2, 0x71, 0xd4, 0xc4, 0xe0, 0x13, 0xa3, 0x9b }; -static const unsigned char sha1_huge_block_result[20] = +static const unsigned char g_sha1_huge_block_result[20] = { 0xf2, 0x35, 0x65, 0x81, 0x79, 0x4d, 0xac, 0x20, 0x79, 0x7b, 0xff, 0x38, 0xee, 0x2b, 0xdc, 0x44, 0x24, 0xd3, 0xf0, 0x4a }; -static const unsigned char sha256_huge_block_result[32] = +static const unsigned char g_sha256_huge_block_result[32] = { 0x79, 0xb1, 0xf2, 0x65, 0x7e, 0x33, 0x25, 0xff, 0x16, 0xdb, 0x5d, 0x3c, 0x65, 0xa4, 0x7b, 0x78, @@ -220,7 +226,7 @@ static const unsigned char sha256_huge_block_result[32] = 0x54, 0x01, 0x40, 0x0c, 0xff, 0x35, 0x1d, 0xd3 }; -static const unsigned char sha512_huge_block_result[64] = +static const unsigned char g_sha512_huge_block_result[64] = { 0xa4, 0x3a, 0x66, 0xe8, 0xf7, 0x59, 0x95, 0x6d, 0x09, 0x55, 0xdd, 0xad, 0x84, 0x7c, 0xd5, 0xe7, @@ -350,324 +356,221 @@ static int testing_hash_huge_block(crypto_context *ctx, int op, FAR const unsigned char *block, size_t len, FAR const unsigned char *result, size_t reslen) { - int ret = 0; unsigned char output[64]; - ret = syshash_start(ctx, op); - if (ret != 0) - { - return ret; - } - - ret = syshash_update(ctx, (char *)block, len); - if (ret != 0) - { - return ret; - } - - ret = syshash_finish(ctx, output); - if (ret != 0) - { - return ret; - } - + assert_int_equal(syshash_start(ctx, op), 0); + assert_int_equal(syshash_update(ctx, (char *)block, len), 0); + assert_int_equal(syshash_finish(ctx, output), 0); return match(result, output, reslen); } #endif -/**************************************************************************** - * Public Functions - ****************************************************************************/ - -int main(void) +static void test_hash_md5(void **state) { crypto_context md5_ctx; - crypto_context sha1_ctx; - crypto_context sha2_256_ctx; - crypto_context sha2_512_ctx; unsigned char output[64]; - unsigned char buf[1024]; - int ret = 0; int i; - int j; - ret += syshash_init(&md5_ctx); - ret += syshash_init(&sha1_ctx); - ret += syshash_init(&sha2_256_ctx); - ret += syshash_init(&sha2_512_ctx); - if (ret != 0) - { - printf("syshash init failed\n"); - } + assert_int_equal(syshash_init(&md5_ctx), 0); - for (i = 0; i < nitems(md5_testcase); i++) + for (i = 0; i < nitems(g_md5_testcase); i++) { - ret = syshash_start(&md5_ctx, CRYPTO_MD5); - if (ret != 0) - { - printf("syshash md5 start failed\n"); - goto err; - } + assert_int_equal(syshash_start(&md5_ctx, CRYPTO_MD5), 0); - ret = syshash_update(&md5_ctx, md5_testcase[i].data, - md5_testcase[i].datalen); - if (ret) - { - printf("syshash md5 update failed\n"); - goto err; - } + assert_int_equal(syshash_update(&md5_ctx, g_md5_testcase[i].data, + g_md5_testcase[i].datalen), 0); - ret = syshash_finish(&md5_ctx, output); - if (ret) - { - printf("syshash md5 finish failed\n"); - goto err; - } + assert_int_equal(syshash_finish(&md5_ctx, output), 0); - ret = match(md5_result[i], output, MD5_DIGEST_LENGTH); - if (ret) - { - printf("match md5 failed\n"); - goto err; - } - else - { - printf("hash md5 success\n"); - } + assert_int_equal(match(g_md5_result[i], output, MD5_DIGEST_LENGTH), 0); } - for (i = 0; i < nitems(sha_testcase); i++) +#ifdef CONFIG_TESTING_CRYPTO_HASH_HUGE_BLOCK + unsigned char *huge_block; + huge_block = (unsigned char *)malloc(HASH_HUGE_BLOCK_SIZE); + assert_true(huge_block != NULL); + + memset(huge_block, 'a', HASH_HUGE_BLOCK_SIZE); + assert_int_equal(testing_hash_huge_block(&md5_ctx, CRYPTO_MD5, + huge_block, HASH_HUGE_BLOCK_SIZE, + g_md5_huge_block_result, + MD5_DIGEST_LENGTH), 0); + + free(huge_block); +#endif + + syshash_free(&md5_ctx); +} + +static void test_hash_sha1(void **state) +{ + crypto_context sha1_ctx; + unsigned char output[64]; + unsigned char buf[1024]; + int i; + int j; + + assert_int_equal(syshash_init(&sha1_ctx), 0); + + for (i = 0; i < nitems(g_sha_testcase); i++) { - ret = syshash_start(&sha1_ctx, CRYPTO_SHA1); - if (ret != 0) - { - printf("syshash sha1 start failed\n"); - goto err; - } + assert_int_equal(syshash_start(&sha1_ctx, CRYPTO_SHA1), 0); if (i == 2) { - memset(buf, 'a', sha_testcase[i].datalen); + memset(buf, 'a', g_sha_testcase[i].datalen); for (j = 0; j < 1000; j++) { - ret = syshash_update(&sha1_ctx, (char *)buf, - sha_testcase[i].datalen); - if (ret) - { - break; - } + assert_int_equal(syshash_update(&sha1_ctx, (char *)buf, + g_sha_testcase[i].datalen), 0); } } else { - ret = syshash_update(&sha1_ctx, sha_testcase[i].data, - sha_testcase[i].datalen); - } - - if (ret) - { - printf("sha1 update failed\n"); - goto err; + assert_int_equal(syshash_update(&sha1_ctx, g_sha_testcase[i].data, + g_sha_testcase[i].datalen), 0); } - ret = syshash_finish(&sha1_ctx, output); - if (ret) - { - printf("sha1 finish failed\n"); - goto err; - } + assert_int_equal(syshash_finish(&sha1_ctx, output), 0); - ret = match((unsigned char *)sha1_result[i], - (unsigned char *)output, - SHA1_DIGEST_LENGTH); - if (ret) - { - printf("match sha1 failed\n"); - goto err; - } - else - { - printf("hash sha1 success\n"); - } + assert_int_equal(match((unsigned char *)g_sha1_result[i], + (unsigned char *)output, SHA1_DIGEST_LENGTH), 0); } - for (i = 0; i < nitems(sha_testcase); i++) +#ifdef CONFIG_TESTING_CRYPTO_HASH_HUGE_BLOCK + unsigned char *huge_block; + huge_block = (unsigned char *)malloc(HASH_HUGE_BLOCK_SIZE); + assert_true(huge_block != NULL); + + memset(huge_block, 'a', HASH_HUGE_BLOCK_SIZE); + assert_int_equal(testing_hash_huge_block(&sha1_ctx, CRYPTO_SHA1, + huge_block, HASH_HUGE_BLOCK_SIZE, + g_sha1_huge_block_result, + SHA1_DIGEST_LENGTH), 0); + + free(huge_block); +#endif + + syshash_free(&sha1_ctx); +} + +static void test_hash_sha256(void **state) +{ + crypto_context sha2_256_ctx; + unsigned char output[64]; + unsigned char buf[1024]; + int i; + int j; + + assert_int_equal(syshash_init(&sha2_256_ctx), 0); + + for (i = 0; i < nitems(g_sha_testcase); i++) { - ret = syshash_start(&sha2_256_ctx, CRYPTO_SHA2_256); - if (ret != 0) - { - printf("sha256 start failed\n"); - goto err; - } + assert_int_equal(syshash_start(&sha2_256_ctx, CRYPTO_SHA2_256), 0); if (i == 2) { - memset(buf, 'a', sha_testcase[i].datalen); + memset(buf, 'a', g_sha_testcase[i].datalen); for (j = 0; j < 1000; j++) { - ret = syshash_update(&sha2_256_ctx, (char *)buf, - sha_testcase[i].datalen); - if (ret) - { - break; - } + assert_int_equal(syshash_update(&sha2_256_ctx, (char *)buf, + g_sha_testcase[i].datalen), 0); } } else { - ret = syshash_update(&sha2_256_ctx, sha_testcase[i].data, - sha_testcase[i].datalen); + assert_int_equal(syshash_update(&sha2_256_ctx, + g_sha_testcase[i].data, + g_sha_testcase[i].datalen), 0); } - if (ret) - { - printf("sha256 update failed\n"); - goto err; - } + assert_int_equal(syshash_finish(&sha2_256_ctx, output), 0); + assert_int_equal(match((unsigned char *)g_sha256_result[i], + (unsigned char *)output, + SHA256_DIGEST_LENGTH), 0); + } - ret = syshash_finish(&sha2_256_ctx, output); - if (ret) - { - printf("sha256 finish failed\n"); - } +#ifdef CONFIG_TESTING_CRYPTO_HASH_HUGE_BLOCK + unsigned char *huge_block; + huge_block = (unsigned char *)malloc(HASH_HUGE_BLOCK_SIZE); + assert_true(huge_block != NULL); - ret = match((unsigned char *)sha256_result[i], - (unsigned char *)output, - SHA256_DIGEST_LENGTH); - if (ret) - { - printf("match sha256 failed\n"); - } - else - { - printf("hash sha256 success\n"); - } - } + memset(huge_block, 'a', HASH_HUGE_BLOCK_SIZE); + assert_int_equal(testing_hash_huge_block(&sha2_256_ctx, CRYPTO_SHA2_256, + huge_block, HASH_HUGE_BLOCK_SIZE, + g_sha256_huge_block_result, + SHA256_DIGEST_LENGTH), 0); - for (i = 0; i < nitems(sha512_testcase); i++) + free(huge_block); +#endif + + syshash_free(&sha2_256_ctx); +} + +static void test_hash_sha512(void **state) +{ + crypto_context sha2_512_ctx; + unsigned char output[64]; + unsigned char buf[1024]; + int i; + int j; + + assert_int_equal(syshash_init(&sha2_512_ctx), 0); + + for (i = 0; i < nitems(g_sha512_testcase); i++) { - ret = syshash_start(&sha2_512_ctx, CRYPTO_SHA2_512); - if (ret != 0) - { - printf("sha512 start failed\n"); - goto err; - } + assert_int_equal(syshash_start(&sha2_512_ctx, CRYPTO_SHA2_512), 0); if (i == 2) { - memset(buf, 'a', sha512_testcase[i].datalen); + memset(buf, 'a', g_sha512_testcase[i].datalen); for (j = 0; j < 1000; j++) { - ret = syshash_update(&sha2_512_ctx, (char *)buf, - sha512_testcase[i].datalen); - if (ret) - { - break; - } + assert_int_equal(syshash_update(&sha2_512_ctx, (char *)buf, + g_sha512_testcase[i].datalen), 0); } } else { - ret = syshash_update(&sha2_512_ctx, sha512_testcase[i].data, - sha512_testcase[i].datalen); - } - - if (ret) - { - printf("sha512 update failed\n"); - goto err; - } - - ret = syshash_finish(&sha2_512_ctx, output); - if (ret) - { - printf("sha512 finish failed\n"); - goto err; + assert_int_equal(syshash_update(&sha2_512_ctx, + g_sha512_testcase[i].data, + g_sha512_testcase[i].datalen), 0); } - ret = match((unsigned char *)sha512_result[i], - (unsigned char *)output, - SHA512_DIGEST_LENGTH); - if (ret) - { - printf("match sha512 failed\n"); - goto err; - } - else - { - printf("hash sha512 success\n"); - } + assert_int_equal(syshash_finish(&sha2_512_ctx, output), 0); + assert_int_equal(match((unsigned char *)g_sha512_result[i], + (unsigned char *)output, + SHA512_DIGEST_LENGTH), 0); } #ifdef CONFIG_TESTING_CRYPTO_HASH_HUGE_BLOCK unsigned char *huge_block; huge_block = (unsigned char *)malloc(HASH_HUGE_BLOCK_SIZE); - if (huge_block == NULL) - { - printf("huge block test no memory\n"); - goto err; - } + assert_true(huge_block != NULL); memset(huge_block, 'a', HASH_HUGE_BLOCK_SIZE); - ret = testing_hash_huge_block(&md5_ctx, CRYPTO_MD5, - huge_block, HASH_HUGE_BLOCK_SIZE, - md5_huge_block_result, - MD5_DIGEST_LENGTH); - if (ret != 0) - { - printf("md5 huge block test failed\n"); - } - else - { - printf("md5 huge block test success\n"); - } - - ret = testing_hash_huge_block(&sha1_ctx, CRYPTO_SHA1, - huge_block, HASH_HUGE_BLOCK_SIZE, - sha1_huge_block_result, - SHA1_DIGEST_LENGTH); - if (ret != 0) - { - printf("sha1 huge block test failed\n"); - } - else - { - printf("sha1 huge block test success\n"); - } - - ret = testing_hash_huge_block(&sha2_256_ctx, CRYPTO_SHA2_256, - huge_block, HASH_HUGE_BLOCK_SIZE, - sha256_huge_block_result, - SHA256_DIGEST_LENGTH); - if (ret != 0) - { - printf("sha256 huge block test failed\n"); - } - else - { - printf("sha256 huge block test success\n"); - } - - ret = testing_hash_huge_block(&sha2_512_ctx, CRYPTO_SHA2_512, - huge_block, HASH_HUGE_BLOCK_SIZE, - sha512_huge_block_result, - SHA512_DIGEST_LENGTH); - if (ret != 0) - { - printf("sha512 huge block test failed\n"); - } - else - { - printf("sha512 huge block test success\n"); - } - + assert_int_equal(testing_hash_huge_block(&sha2_512_ctx, CRYPTO_SHA2_512, + huge_block, HASH_HUGE_BLOCK_SIZE, + g_sha512_huge_block_result, + SHA512_DIGEST_LENGTH), 0); free(huge_block); #endif -err: - syshash_free(&md5_ctx); - syshash_free(&sha1_ctx); - syshash_free(&sha2_256_ctx); syshash_free(&sha2_512_ctx); - return 0; +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +int main(int argc, FAR char *argv[]) +{ + const struct CMUnitTest hash_tests[] = { + cmocka_unit_test(test_hash_md5), + cmocka_unit_test(test_hash_sha1), + cmocka_unit_test(test_hash_sha256), + cmocka_unit_test(test_hash_sha512), + }; + + return cmocka_run_group_tests(hash_tests, NULL, NULL); } diff --git a/testing/drivers/crypto/hmac.c b/testing/drivers/crypto/hmac.c index 4f0387bf807..86204265a35 100644 --- a/testing/drivers/crypto/hmac.c +++ b/testing/drivers/crypto/hmac.c @@ -21,6 +21,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -40,7 +46,7 @@ struct tb FAR char *data; int datalen; } -testcase[] = +static const g_testcase[] = { { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", @@ -106,7 +112,7 @@ testcase[] = }, }; -FAR char *md5_result[] = +static FAR const char *g_md5_result[] = { "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d", "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38", @@ -115,7 +121,7 @@ FAR char *md5_result[] = "\x09\xb8\xae\x7b\x15\xad\xbb\xb2\x43\xac\xa3\x49\x1b\x51\x51\x2b" }; -FAR char *sha1_result[] = +static FAR const char *g_sha1_result[] = { "\x67\x5b\x0b\x3a\x1b\x4d\xdf\x4e\x12\x48\x72\xda\x6c\x2f\x63\x2b" "\xfe\xd9\x57\xe9", @@ -129,7 +135,7 @@ FAR char *sha1_result[] = "\x97\xc6\x33\x56" }; -FAR char *sha256_result[] = +static FAR const char *g_sha256_result[] = { "\x49\x2c\xe0\x20\xfe\x25\x34\xa5\x78\x9d\xc3\x84\x88\x06\xc7\x8f" "\x4f\x67\x11\x39\x7f\x08\xe7\xe7\xa1\x2c\xa5\xa4\x48\x3c\x8a\xa6", @@ -143,8 +149,8 @@ FAR char *sha256_result[] = "\xbf\xdc\x63\x64\x4f\x07\x13\x93\x8a\x7f\x51\x53\x5c\x3a\x35\xe2" }; -int syshmac(int mac, FAR const char *key, size_t keylen, - FAR const char *s, size_t len, FAR char *out) +static int syshmac(int mac, FAR const char *key, size_t keylen, + FAR const char *s, size_t len, FAR char *out) { struct session_op session; struct crypt_op cryp; @@ -237,82 +243,71 @@ static int match(unsigned char *a, unsigned char *b, size_t len) return (1); } -/**************************************************************************** - * Public Functions - ****************************************************************************/ - -int main(void) +static void test_hmac_md5(void **state) { char output[32]; - int ret = 0; - for (int i = 0; i < nitems(testcase); i++) + + for (int i = 0; i < nitems(g_testcase); i++) { - ret += syshmac(CRYPTO_MD5_HMAC, testcase[i].key, - testcase[i].keylen, - testcase[i].data, testcase[i].datalen, output); - if (ret) - { - printf("syshamc md5 failed\n"); - } - - ret += match((unsigned char *)md5_result[i], - (unsigned char *)output, - MD5_DIGEST_LENGTH); - if (ret) - { - printf("match md5 failed\n"); - } - else - { - printf("hmac md5 success\n"); - } + assert_int_equal(syshmac(CRYPTO_MD5_HMAC, g_testcase[i].key, + g_testcase[i].keylen, + g_testcase[i].data, + g_testcase[i].datalen, + output), 0); + + assert_int_equal(match((unsigned char *)g_md5_result[i], + (unsigned char *)output, + MD5_DIGEST_LENGTH), 0); } +} + +static void test_hmac_sha1(void **state) +{ + char output[32]; - for (int i = 0; i < nitems(testcase); i++) + for (int i = 0; i < nitems(g_testcase); i++) { - ret = syshmac(CRYPTO_SHA1_HMAC, testcase[i].key, - testcase[i].keylen, - testcase[i].data, testcase[i].datalen, output); - if (ret) - { - printf("syshamc sha1 failed\n"); - } - - ret = match((unsigned char *)sha1_result[i], - (unsigned char *)output, - SHA1_DIGEST_LENGTH); - if (ret) - { - printf("match sha1 failed\n"); - } - else - { - printf("hmac sha1 success\n"); - } + assert_int_equal(syshmac(CRYPTO_SHA1_HMAC, g_testcase[i].key, + g_testcase[i].keylen, + g_testcase[i].data, + g_testcase[i].datalen, + output), 0); + + assert_int_equal(match((unsigned char *)g_sha1_result[i], + (unsigned char *)output, + SHA1_DIGEST_LENGTH), 0); } +} - for (int i = 0; i < nitems(testcase); i++) +static void test_hmac_sha256(void **state) +{ + char output[32]; + + for (int i = 0; i < nitems(g_testcase); i++) { - ret = syshmac(CRYPTO_SHA2_256_HMAC, testcase[i].key, - testcase[i].keylen, - testcase[i].data, testcase[i].datalen, output); - if (ret) - { - printf("syshamc sha256 failed\n"); - } - - ret = match((unsigned char *)sha256_result[i], - (unsigned char *)output, - SHA256_DIGEST_LENGTH); - if (ret) - { - printf("match sha256 failed\n"); - } - else - { - printf("hmac sha256 success\n"); - } + assert_int_equal(syshmac(CRYPTO_SHA2_256_HMAC, g_testcase[i].key, + g_testcase[i].keylen, + g_testcase[i].data, + g_testcase[i].datalen, + output), 0); + + assert_int_equal(match((unsigned char *)g_sha256_result[i], + (unsigned char *)output, + SHA256_DIGEST_LENGTH), 0); } +} - return 0; +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +int main(int argc, FAR char *argv[]) +{ + const struct CMUnitTest hmac_tests[] = { + cmocka_unit_test(test_hmac_md5), + cmocka_unit_test(test_hmac_sha1), + cmocka_unit_test(test_hmac_sha256), + }; + + return cmocka_run_group_tests(hmac_tests, NULL, NULL); } diff --git a/testing/drivers/crypto/rsa.c b/testing/drivers/crypto/rsa.c index 462aa2fc12d..269b192223f 100644 --- a/testing/drivers/crypto/rsa.c +++ b/testing/drivers/crypto/rsa.c @@ -20,6 +20,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -277,7 +283,7 @@ static int cryptodev_rsa_verify( return cryptk.crk_status; } -static int rsa_test(void) +static void test_rsa(void **state) { crypto_context_t ctx; rsa_data_t rsa_data; @@ -289,21 +295,12 @@ static int rsa_test(void) unsigned char data_he[MOD_LEN]; unsigned char pad_he[PADDING_LEN]; unsigned char hash_he[MOD_LEN]; - int ret = 0; - ret = cryptodev_init(&ctx); - if (ret != 0) - { - goto free; - } + assert_int_equal(cryptodev_init(&ctx), 0); - ret = rsa_data_init(&rsa_data, g_rsa_e, sizeof(g_rsa_e) - 1, - g_rsa_d, sizeof(g_rsa_d) - 1, - g_rsa_n, sizeof(g_rsa_n) - 1); - if (ret != 0) - { - goto free; - } + assert_int_equal(rsa_data_init(&rsa_data, g_rsa_e, sizeof(g_rsa_e) - 1, + g_rsa_d, sizeof(g_rsa_d) - 1, + g_rsa_n, sizeof(g_rsa_n) - 1), 0); /* test 1: encrypt with private key and decrypt with public key */ @@ -312,34 +309,15 @@ static int rsa_test(void) /* encrypt with private key: g_message ^ ctx.data.d % n = cipher */ - ret = cryptodev_rsa_calc(&ctx, &rsa_data, g_message, PLAIN_LEN, - cipher, MOD_LEN, TRUE); - if (ret != 0) - { - printf("rsa encrypt with private key failed\n"); - goto free; - } + assert_int_equal(cryptodev_rsa_calc(&ctx, &rsa_data, g_message, PLAIN_LEN, + cipher, MOD_LEN, TRUE), 0); /* dencrypt with public key: cipher ^ ctx.data.e % n = plain */ - ret = cryptodev_rsa_calc(&ctx, &rsa_data, cipher, MOD_LEN, plain, - PLAIN_LEN, FALSE); - if (ret != 0) - { - printf("rsa decrypt with pulic key failed\n"); - goto free; - } + assert_int_equal(cryptodev_rsa_calc(&ctx, &rsa_data, cipher, MOD_LEN, + plain, PLAIN_LEN, FALSE), 0); - ret = memcmp(g_message, plain, PLAIN_LEN); - if (ret != 0) - { - printf("rsa test case 1 failed\n"); - goto free; - } - else - { - printf("rsa test case 1 success\n"); - } + assert_int_equal(memcmp(g_message, plain, PLAIN_LEN), 0); /* test 2: rsa sign and verify */ @@ -359,46 +337,27 @@ static int rsa_test(void) /* sign with private key: (hash + padding) ^ d % n = sig */ - ret = cryptodev_rsa_calc(&ctx, &rsa_data, data_he, MOD_LEN, sig, - MOD_LEN, TRUE); - if (ret != 0) - { - printf("rsa sign failed\n"); - goto free; - } + assert_int_equal(cryptodev_rsa_calc(&ctx, &rsa_data, data_he, MOD_LEN, sig, + MOD_LEN, TRUE), 0); /* verify with public key: sig ^ e % n = (hash + padding) */ - ret = cryptodev_rsa_verify(&ctx, &rsa_data, sig, MOD_LEN, hash_he, - PLAIN_LEN, pad_he, PADDING_LEN); - if (ret != 0) - { - printf("rsa verify failed\n"); - } - else - { - printf("rsa test case 2 success\n"); - } + assert_int_equal(cryptodev_rsa_verify(&ctx, &rsa_data, sig, MOD_LEN, + hash_he, PLAIN_LEN, + pad_he, PADDING_LEN), 0); -free: cryptodev_free(&ctx); - return ret; } /**************************************************************************** * Public Functions ****************************************************************************/ -int main(void) +int main(int argc, FAR char *argv[]) { - if (rsa_test() == 0) - { - printf("rsa test success\n"); - } - else - { - printf("rsa test failed\n"); - } + const struct CMUnitTest rsa_tests[] = { + cmocka_unit_test(test_rsa), + }; - return 0; + return cmocka_run_group_tests(rsa_tests, NULL, NULL); } From af925a213f337873474c23e9c56e7533535a1319 Mon Sep 17 00:00:00 2001 From: makejian Date: Thu, 12 Dec 2024 10:40:30 +0800 Subject: [PATCH 2/9] testing/crypto: aes-cmac need to update message before finish Fix AES-CMAC test to properly update message content before completing the cryptographic operation, ensuring correct test execution flow. Signed-off-by: makejian --- testing/drivers/crypto/aescmac.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/testing/drivers/crypto/aescmac.c b/testing/drivers/crypto/aescmac.c index 2706343206f..e67c1c57bb8 100644 --- a/testing/drivers/crypto/aescmac.c +++ b/testing/drivers/crypto/aescmac.c @@ -132,6 +132,19 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, memset(&cryp, 0, sizeof(cryp)); cryp.ses = session.ses; cryp.op = COP_ENCRYPT; + + if (len > 0) + { + cryp.flags |= COP_FLAG_UPDATE; + cryp.len = len; + cryp.src = (caddr_t)message; + if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) + { + perror("CIOCCRYPT"); + goto err; + } + } + cryp.flags = 0; cryp.len = len; cryp.src = (caddr_t)message; From 9afe2abe8df18e906c70267e190515f6d2980389 Mon Sep 17 00:00:00 2001 From: makejian Date: Thu, 2 Jan 2025 10:36:36 +0800 Subject: [PATCH 3/9] testing/crypto: correct dependency configuration in UT testing Correct Kconfig dependency settings for crypto unit tests to ensure proper build configuration and test execution. Signed-off-by: makejian --- testing/drivers/crypto/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/testing/drivers/crypto/Kconfig b/testing/drivers/crypto/Kconfig index d91f4aeea5e..3cb9ce6ab75 100644 --- a/testing/drivers/crypto/Kconfig +++ b/testing/drivers/crypto/Kconfig @@ -1,7 +1,7 @@ config TESTING_CRYPTO tristate "crypto test" default n - depends on TESTING_CMOCKA + depends on (CRYPTO_CRYPTODEV_SOFTWARE || CRYPTO_CRYPTODEV_HARDWARE) && TESTING_CMOCKA ---help--- Enable crypto test @@ -53,6 +53,7 @@ config TESTING_CRYPTO_ECDSA config TESTING_CRYPTO_ECDH bool "ecdh crypto test" + depends on CRYPTO_RANDOM_POOL default n config TESTING_CRYPTO_RSA From c580b444d83f62b4f0572a9cb96d6ed7ade668e9 Mon Sep 17 00:00:00 2001 From: makejian Date: Wed, 23 Apr 2025 15:21:49 +0800 Subject: [PATCH 4/9] crypto: fix aesctr/aesxts to support qemu backend Fix AES-CTR and AES-XTS implementations for QEMU backend compatibility. Support output length parameter and enable testing with QEMU virtual cryptographic devices. Signed-off-by: makejian --- testing/drivers/crypto/3descbc.c | 2 + testing/drivers/crypto/aescbc.c | 2 + testing/drivers/crypto/aesctr.c | 47 ++++++++---------- testing/drivers/crypto/aesxts.c | 83 ++++++++++++++++++++++++-------- 4 files changed, 88 insertions(+), 46 deletions(-) diff --git a/testing/drivers/crypto/3descbc.c b/testing/drivers/crypto/3descbc.c index 09b880516eb..4177ec3aecd 100644 --- a/testing/drivers/crypto/3descbc.c +++ b/testing/drivers/crypto/3descbc.c @@ -72,6 +72,7 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, session.cipher = CRYPTO_3DES_CBC; session.key = (caddr_t) key; session.keylen = klen; + session.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; if (ioctl(cryptodev_fd, CIOCGSESSION, &session) == -1) { warn("CIOCGSESSION"); @@ -83,6 +84,7 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; cryp.flags = 0; cryp.len = len; + cryp.olen = len; cryp.src = (caddr_t) in; cryp.dst = (caddr_t) out; cryp.iv = (caddr_t) iv; diff --git a/testing/drivers/crypto/aescbc.c b/testing/drivers/crypto/aescbc.c index 7a7558aa0f7..a76c2eddc0d 100644 --- a/testing/drivers/crypto/aescbc.c +++ b/testing/drivers/crypto/aescbc.c @@ -118,6 +118,7 @@ static int syscrypt(FAR const char *key, size_t klen, memset(&session, 0, sizeof(session)); session.cipher = CRYPTO_AES_CBC; session.key = (caddr_t) key; + session.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; session.keylen = klen; if (ioctl(cryptodev_fd, CIOCGSESSION, &session) == -1) { @@ -131,6 +132,7 @@ static int syscrypt(FAR const char *key, size_t klen, cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; cryp.flags = 0; cryp.len = len; + cryp.olen = len; cryp.src = (caddr_t) in; cryp.dst = (caddr_t) out; cryp.iv = (caddr_t) tmp_iv; diff --git a/testing/drivers/crypto/aesctr.c b/testing/drivers/crypto/aesctr.c index 9920b954374..57be97c023d 100644 --- a/testing/drivers/crypto/aesctr.c +++ b/testing/drivers/crypto/aesctr.c @@ -63,18 +63,16 @@ static const g_tests[] = { { - "ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e " - "00 00 00 30", - "00 00 00 00 00 00 00 00 00 00 00 01", + "ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e", + "00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01", "53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67", "e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8" } }, { { - "7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 " - "00 6c b6 db", - "c0 54 3b 59 da 48 d9 0b 00 00 00 01", + "7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63", + "00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01", "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f " "10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f", "51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 " @@ -83,9 +81,8 @@ static const g_tests[] = }, { { - "76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc " - "00 e0 01 7b", - "27 77 7f 3f 4a 17 86 f0 00 00 00 01", + "76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc", + "00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01", "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f " "10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f" /* "20 21 22 23" */, @@ -102,9 +99,8 @@ static const g_tests[] = { { "16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed " - "86 3d 06 cc fd b7 85 15 " - "00 00 00 48", - "36 73 3c 14 7d 6d 93 cb 00 00 00 01", + "86 3d 06 cc fd b7 85 15", + "00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01", "53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67", "4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28", } @@ -112,9 +108,8 @@ static const g_tests[] = { { "7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c " - "67 8c 3d b8 e6 f6 a9 1a " - "00 96 b0 3b", - "02 0c 6e ad c2 cb 50 0d 00 00 00 01", + "67 8c 3d b8 e6 f6 a9 1a", + "00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01", "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f " "10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f", "45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f " @@ -124,9 +119,8 @@ static const g_tests[] = { { "02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b " - "f5 9b 60 a7 86 d3 e0 fe " - "00 07 bd fd", - "5c bd 60 27 8d cc 09 12 00 00 00 01", + "f5 9b 60 a7 86 d3 e0 fe", + "00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01", "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f " "10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f" /* "20 21 22 23" */, @@ -142,9 +136,8 @@ static const g_tests[] = { { "77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c " - "6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 " - "00 00 00 60", - "db 56 72 c9 7a a8 f0 b2 00 00 00 01", + "6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04", + "00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01", "53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67", "14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0" } @@ -152,9 +145,8 @@ static const g_tests[] = { { "f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 " - "c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 " - "00 fa ac 24", - "c1 58 5e f1 5a 43 d8 75 00 00 00 01", + "c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84", + "00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01", "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f " "10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f", "f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 " @@ -164,9 +156,8 @@ static const g_tests[] = { { "ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 " - "aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d " - "00 1c c5 b7", - "51 a5 1d 70 a1 c1 11 48 00 00 00 01", + "aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d", + "00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01", "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f " "10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f" /* "20 21 22 23" */, @@ -203,6 +194,7 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, session.cipher = CRYPTO_AES_CTR; session.key = (caddr_t) key; session.keylen = klen; + session.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; if (ioctl(cryptodev_fd, CIOCGSESSION, &session) == -1) { warn("CIOCGSESSION"); @@ -214,6 +206,7 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; cryp.flags = 0; cryp.len = len; + cryp.olen = len; cryp.src = (caddr_t) in; cryp.dst = (caddr_t) out; cryp.iv = (caddr_t) iv; diff --git a/testing/drivers/crypto/aesxts.c b/testing/drivers/crypto/aesxts.c index dc7afc3c13f..1a00581160b 100644 --- a/testing/drivers/crypto/aesxts.c +++ b/testing/drivers/crypto/aesxts.c @@ -59,7 +59,7 @@ struct aes_xts_ctx struct aes_xts_tv { - u_int64_t seqno; + u_int8_t data_unit[16]; u_int key_len; u_int8_t key[64]; u_int text_len; @@ -72,7 +72,10 @@ struct aes_xts_tv static const struct aes_xts_tv g_aes_xts_test_vectors[] = { { - 0x00000000ull, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 32, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -95,7 +98,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x3333333333ull, + { + 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 32, { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, @@ -118,7 +124,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x3333333333ull, + { + 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 32, { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, @@ -141,7 +150,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x00000000ull, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 32, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -284,7 +296,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x00000001ull, + { + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 32, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -427,7 +442,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x00000002ull, + { + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 32, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -570,7 +588,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x000000fdull, + { + 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 32, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -713,7 +734,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x000000feull, + { + 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 32, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -856,7 +880,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x000000ffull, + { + 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 32, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -999,7 +1026,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x000000ffull, + { + 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 64, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -1146,7 +1176,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x0000ffffull, + { + 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 64, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -1293,7 +1326,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0x00ffffffull, + { + 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 64, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -1440,7 +1476,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0xffffffffull, + { + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 64, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -1587,7 +1626,10 @@ static const struct aes_xts_tv g_aes_xts_test_vectors[] = }, }, { - 0xffffffffffull, + { + 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, 64, { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, @@ -1764,7 +1806,8 @@ static int match(FAR unsigned char *a, } static int syscrypt(FAR const unsigned char *key, size_t klen, - u_int64_t seqno, FAR const unsigned char *in, + FAR const uint8_t *data_unit, + FAR const unsigned char *in, FAR unsigned char *out, size_t len, int encrypt) { struct session_op session; @@ -1788,6 +1831,7 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, session.cipher = CRYPTO_AES_XTS; session.key = (caddr_t) key; session.keylen = klen; + session.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; if (ioctl(cryptodev_fd, CIOCGSESSION, &session) == -1) { warn("CIOCGSESSION"); @@ -1799,9 +1843,10 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; cryp.flags = 0; cryp.len = len; + cryp.olen = len; cryp.src = (caddr_t) in; cryp.dst = (caddr_t) out; - cryp.iv = (caddr_t) &seqno; + cryp.iv = (caddr_t) data_unit; cryp.mac = 0; if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) { @@ -1846,7 +1891,7 @@ static void test_aesxts(void **state) /* Encrypt test */ - if (syscrypt(tv->key, tv->key_len, tv->seqno, tv->plaintext, + if (syscrypt(tv->key, tv->key_len, tv->data_unit, tv->plaintext, result, tv->text_len, 1) < 0) { printf("FAIL encrypt test vector %zu\n", i); @@ -1864,7 +1909,7 @@ static void test_aesxts(void **state) /* Decrypt test */ - if (syscrypt(tv->key, tv->key_len, tv->seqno, tv->ciphertext, + if (syscrypt(tv->key, tv->key_len, tv->data_unit, tv->ciphertext, result, tv->text_len, 0) < 0) { printf("FAIL decrypt test vector %zu\n", i); From 15b67a1067dae72beac53402ed3584f14b50aa98 Mon Sep 17 00:00:00 2001 From: makejian Date: Thu, 22 May 2025 09:52:41 +0800 Subject: [PATCH 5/9] testing/crypto: add ivlen in test cases Add explicit IV length (ivlen) and output length (olen) parameters to test cases. This enables proper validation of IV handling across cryptographic algorithms. Signed-off-by: makejian --- testing/drivers/crypto/3descbc.c | 7 ++++--- testing/drivers/crypto/aescbc.c | 1 + testing/drivers/crypto/aescmac.c | 1 + testing/drivers/crypto/aesctr.c | 1 + testing/drivers/crypto/aesxts.c | 7 ++++--- testing/drivers/crypto/hash.c | 15 +++++++++------ testing/drivers/crypto/hmac.c | 9 +++++---- 7 files changed, 25 insertions(+), 16 deletions(-) diff --git a/testing/drivers/crypto/3descbc.c b/testing/drivers/crypto/3descbc.c index 4177ec3aecd..768c1021d25 100644 --- a/testing/drivers/crypto/3descbc.c +++ b/testing/drivers/crypto/3descbc.c @@ -47,7 +47,7 @@ #include static int syscrypt(FAR const unsigned char *key, size_t klen, - FAR const unsigned char *iv, + FAR const unsigned char *iv, size_t ivlen, FAR const unsigned char *in, FAR unsigned char *out, size_t len, int encrypt) { @@ -85,6 +85,7 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, cryp.flags = 0; cryp.len = len; cryp.olen = len; + cryp.ivlen = ivlen; cryp.src = (caddr_t) in; cryp.dst = (caddr_t) out; cryp.iv = (caddr_t) iv; @@ -184,14 +185,14 @@ static void test_3descbc(void **state) memset(b2, 0, sizeof(b2)); memcpy(iv, iv0, sizeof(iv0)); - if (syscrypt(key, sizeof(key), iv, b1, b2, sizeof(b1), 1) < 0) + if (syscrypt(key, sizeof(key), iv, sizeof(iv), b1, b2, sizeof(b1), 1) < 0) { warnx("encrypt with /dev/crypto failed"); fail++; } memcpy(iv, iv0, sizeof(iv0)); - if (syscrypt(key, sizeof(key), iv, b2, b2, sizeof(b1), 0) < 0) + if (syscrypt(key, sizeof(key), iv, sizeof(iv), b2, b2, sizeof(b1), 0) < 0) { warnx("decrypt with /dev/crypto failed"); fail++; diff --git a/testing/drivers/crypto/aescbc.c b/testing/drivers/crypto/aescbc.c index a76c2eddc0d..b78963d5270 100644 --- a/testing/drivers/crypto/aescbc.c +++ b/testing/drivers/crypto/aescbc.c @@ -133,6 +133,7 @@ static int syscrypt(FAR const char *key, size_t klen, cryp.flags = 0; cryp.len = len; cryp.olen = len; + cryp.ivlen = 16; cryp.src = (caddr_t) in; cryp.dst = (caddr_t) out; cryp.iv = (caddr_t) tmp_iv; diff --git a/testing/drivers/crypto/aescmac.c b/testing/drivers/crypto/aescmac.c index e67c1c57bb8..6d6a68ebb59 100644 --- a/testing/drivers/crypto/aescmac.c +++ b/testing/drivers/crypto/aescmac.c @@ -147,6 +147,7 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, cryp.flags = 0; cryp.len = len; + cryp.olen = outlen; cryp.src = (caddr_t)message; cryp.mac = (caddr_t)output; diff --git a/testing/drivers/crypto/aesctr.c b/testing/drivers/crypto/aesctr.c index 57be97c023d..57e86f1c92e 100644 --- a/testing/drivers/crypto/aesctr.c +++ b/testing/drivers/crypto/aesctr.c @@ -207,6 +207,7 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, cryp.flags = 0; cryp.len = len; cryp.olen = len; + cryp.ivlen = 16; cryp.src = (caddr_t) in; cryp.dst = (caddr_t) out; cryp.iv = (caddr_t) iv; diff --git a/testing/drivers/crypto/aesxts.c b/testing/drivers/crypto/aesxts.c index 1a00581160b..b2b964a61a1 100644 --- a/testing/drivers/crypto/aesxts.c +++ b/testing/drivers/crypto/aesxts.c @@ -1806,7 +1806,7 @@ static int match(FAR unsigned char *a, } static int syscrypt(FAR const unsigned char *key, size_t klen, - FAR const uint8_t *data_unit, + FAR const uint8_t *data_unit, size_t ivlen, FAR const unsigned char *in, FAR unsigned char *out, size_t len, int encrypt) { @@ -1844,6 +1844,7 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, cryp.flags = 0; cryp.len = len; cryp.olen = len; + cryp.ivlen = ivlen; cryp.src = (caddr_t) in; cryp.dst = (caddr_t) out; cryp.iv = (caddr_t) data_unit; @@ -1891,7 +1892,7 @@ static void test_aesxts(void **state) /* Encrypt test */ - if (syscrypt(tv->key, tv->key_len, tv->data_unit, tv->plaintext, + if (syscrypt(tv->key, tv->key_len, tv->data_unit, 16, tv->plaintext, result, tv->text_len, 1) < 0) { printf("FAIL encrypt test vector %zu\n", i); @@ -1909,7 +1910,7 @@ static void test_aesxts(void **state) /* Decrypt test */ - if (syscrypt(tv->key, tv->key_len, tv->data_unit, tv->ciphertext, + if (syscrypt(tv->key, tv->key_len, tv->data_unit, 16, tv->ciphertext, result, tv->text_len, 0) < 0) { printf("FAIL decrypt test vector %zu\n", i); diff --git a/testing/drivers/crypto/hash.c b/testing/drivers/crypto/hash.c index 03773fd61f7..a6349d71499 100644 --- a/testing/drivers/crypto/hash.c +++ b/testing/drivers/crypto/hash.c @@ -304,9 +304,12 @@ static int syshash_update(FAR crypto_context *ctx, FAR const char *s, return 0; } -static int syshash_finish(FAR crypto_context *ctx, FAR unsigned char *out) +static int syshash_finish(FAR crypto_context *ctx, + FAR unsigned char *out, + size_t olen) { ctx->cryp.flags = 0; + ctx->cryp.olen = olen; ctx->cryp.mac = (caddr_t) out; if (ioctl(ctx->crypto_fd, CIOCCRYPT, &ctx->cryp) == -1) @@ -360,7 +363,7 @@ static int testing_hash_huge_block(crypto_context *ctx, int op, assert_int_equal(syshash_start(ctx, op), 0); assert_int_equal(syshash_update(ctx, (char *)block, len), 0); - assert_int_equal(syshash_finish(ctx, output), 0); + assert_int_equal(syshash_finish(ctx, output, reslen), 0); return match(result, output, reslen); } #endif @@ -380,7 +383,7 @@ static void test_hash_md5(void **state) assert_int_equal(syshash_update(&md5_ctx, g_md5_testcase[i].data, g_md5_testcase[i].datalen), 0); - assert_int_equal(syshash_finish(&md5_ctx, output), 0); + assert_int_equal(syshash_finish(&md5_ctx, output, 16), 0); assert_int_equal(match(g_md5_result[i], output, MD5_DIGEST_LENGTH), 0); } @@ -431,7 +434,7 @@ static void test_hash_sha1(void **state) g_sha_testcase[i].datalen), 0); } - assert_int_equal(syshash_finish(&sha1_ctx, output), 0); + assert_int_equal(syshash_finish(&sha1_ctx, output, 20), 0); assert_int_equal(match((unsigned char *)g_sha1_result[i], (unsigned char *)output, SHA1_DIGEST_LENGTH), 0); @@ -484,7 +487,7 @@ static void test_hash_sha256(void **state) g_sha_testcase[i].datalen), 0); } - assert_int_equal(syshash_finish(&sha2_256_ctx, output), 0); + assert_int_equal(syshash_finish(&sha2_256_ctx, output, 32), 0); assert_int_equal(match((unsigned char *)g_sha256_result[i], (unsigned char *)output, SHA256_DIGEST_LENGTH), 0); @@ -537,7 +540,7 @@ static void test_hash_sha512(void **state) g_sha512_testcase[i].datalen), 0); } - assert_int_equal(syshash_finish(&sha2_512_ctx, output), 0); + assert_int_equal(syshash_finish(&sha2_512_ctx, output, 64), 0); assert_int_equal(match((unsigned char *)g_sha512_result[i], (unsigned char *)output, SHA512_DIGEST_LENGTH), 0); diff --git a/testing/drivers/crypto/hmac.c b/testing/drivers/crypto/hmac.c index 86204265a35..281996c9d4e 100644 --- a/testing/drivers/crypto/hmac.c +++ b/testing/drivers/crypto/hmac.c @@ -150,7 +150,7 @@ static FAR const char *g_sha256_result[] = }; static int syshmac(int mac, FAR const char *key, size_t keylen, - FAR const char *s, size_t len, FAR char *out) + FAR const char *s, size_t len, FAR char *out, size_t olen) { struct session_op session; struct crypt_op cryp; @@ -186,6 +186,7 @@ static int syshmac(int mac, FAR const char *key, size_t keylen, cryp.flags = 0; cryp.src = (caddr_t) s; cryp.len = len; + cryp.olen = olen; cryp.dst = 0; cryp.mac = (caddr_t) out; cryp.iv = 0; @@ -253,7 +254,7 @@ static void test_hmac_md5(void **state) g_testcase[i].keylen, g_testcase[i].data, g_testcase[i].datalen, - output), 0); + output, MD5_DIGEST_LENGTH), 0); assert_int_equal(match((unsigned char *)g_md5_result[i], (unsigned char *)output, @@ -271,7 +272,7 @@ static void test_hmac_sha1(void **state) g_testcase[i].keylen, g_testcase[i].data, g_testcase[i].datalen, - output), 0); + output, SHA1_DIGEST_LENGTH), 0); assert_int_equal(match((unsigned char *)g_sha1_result[i], (unsigned char *)output, @@ -289,7 +290,7 @@ static void test_hmac_sha256(void **state) g_testcase[i].keylen, g_testcase[i].data, g_testcase[i].datalen, - output), 0); + output, SHA256_DIGEST_LENGTH), 0); assert_int_equal(match((unsigned char *)g_sha256_result[i], (unsigned char *)output, From 5deb9bb288e7384eb104137c9f9d062adc29cc73 Mon Sep 17 00:00:00 2001 From: makejian Date: Fri, 20 Jun 2025 23:03:21 +0800 Subject: [PATCH 6/9] testing/crypto: aes support stream mode Extend AES testing to support stream mode operations with comprehensive test cases for streaming encryption/decryption workflows. Signed-off-by: makejian --- testing/drivers/crypto/aescbc.c | 98 ++++++++++++++++++++++++++ testing/drivers/crypto/aescmac.c | 4 +- testing/drivers/crypto/aesctr.c | 95 +++++++++++++++++++++++++ testing/drivers/crypto/aesxts.c | 116 +++++++++++++++++++++++++++++++ testing/drivers/crypto/hash.c | 2 + testing/drivers/crypto/hmac.c | 15 +++- 6 files changed, 325 insertions(+), 5 deletions(-) diff --git a/testing/drivers/crypto/aescbc.c b/testing/drivers/crypto/aescbc.c index b78963d5270..33ff928ff16 100644 --- a/testing/drivers/crypto/aescbc.c +++ b/testing/drivers/crypto/aescbc.c @@ -168,6 +168,89 @@ static int syscrypt(FAR const char *key, size_t klen, return (-1); } +static int syscrypt_stream(FAR const char *key, size_t klen, + FAR const char *iv, FAR const char *in, + FAR unsigned char *out, size_t len, int encrypt) +{ + struct session_op session; + struct crypt_op cryp; + size_t offset = 0; + int cryptodev_fd = -1; + int fd = -1; + char tmp_iv[16]; + + if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) + { + warn("/dev/crypto"); + goto err; + } + + if (ioctl(fd, CRIOGET, &cryptodev_fd) == -1) + { + warn("CRIOGET"); + goto err; + } + + memset(&session, 0, sizeof(session)); + session.cipher = CRYPTO_AES_CBC; + session.key = (caddr_t) key; + session.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; + session.keylen = klen; + if (ioctl(cryptodev_fd, CIOCGSESSION, &session) == -1) + { + warn("CIOCGSESSION"); + goto err; + } + + memset(&cryp, 0, sizeof(cryp)); + memcpy(tmp_iv, iv, 16); + cryp.ses = session.ses; + cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; + cryp.flags = 0; + cryp.mac = 0; + cryp.ivlen = RIJNDAEL128_BLOCK_LEN; + cryp.iv = (caddr_t)tmp_iv; + while (len >= RIJNDAEL128_BLOCK_LEN) + { + cryp.len = RIJNDAEL128_BLOCK_LEN; + cryp.olen = RIJNDAEL128_BLOCK_LEN; + cryp.src = (caddr_t) in + offset; + cryp.dst = (caddr_t) out + offset; + if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) + { + warn("CIOCCRYPT"); + goto err; + } + + cryp.flags |= COP_FLAG_UPDATE; + len -= RIJNDAEL128_BLOCK_LEN; + offset += RIJNDAEL128_BLOCK_LEN; + } + + if (ioctl(cryptodev_fd, CIOCFSESSION, &session.ses) == -1) + { + warn("CIOCFSESSION"); + goto err; + } + + close(cryptodev_fd); + close(fd); + return (0); + +err: + if (cryptodev_fd != -1) + { + close(cryptodev_fd); + } + + if (fd != -1) + { + close(fd); + } + + return (-1); +} + static int match(FAR unsigned char *a, FAR unsigned char *b, size_t len) { int i; @@ -214,6 +297,21 @@ static void test_aescbc(void **state) assert_int_equal(match(out, (FAR unsigned char *)g_testcase[i].plain, g_testcase[i].len), 0); + + assert_int_equal(syscrypt_stream(g_testcase[i].key, 16, + g_testcase[i].iv, g_testcase[i].plain, + out, g_testcase[i].len, 1), 0); + + assert_int_equal(match(out, (FAR unsigned char *)g_testcase[i].cipher, + g_testcase[i].len), 0); + + assert_int_equal(syscrypt_stream(g_testcase[i].key, 16, + g_testcase[i].iv, + g_testcase[i].cipher, + out, g_testcase[i].len, 0), 0); + + assert_int_equal(match(out, (FAR unsigned char *)g_testcase[i].plain, + g_testcase[i].len), 0); } } diff --git a/testing/drivers/crypto/aescmac.c b/testing/drivers/crypto/aescmac.c index 6d6a68ebb59..ba027ec96c2 100644 --- a/testing/drivers/crypto/aescmac.c +++ b/testing/drivers/crypto/aescmac.c @@ -146,9 +146,9 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, } cryp.flags = 0; - cryp.len = len; + cryp.len = 0; cryp.olen = outlen; - cryp.src = (caddr_t)message; + cryp.src = NULL; cryp.mac = (caddr_t)output; if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) diff --git a/testing/drivers/crypto/aesctr.c b/testing/drivers/crypto/aesctr.c index 57e86f1c92e..1ba7c45a0df 100644 --- a/testing/drivers/crypto/aesctr.c +++ b/testing/drivers/crypto/aesctr.c @@ -242,6 +242,90 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, return (-1); } +static +int syscrypt_stream(FAR const unsigned char *key, size_t klen, + FAR const unsigned char *iv, FAR const unsigned char *in, + FAR unsigned char *out, size_t len, int encrypt) +{ + struct session_op session; + struct crypt_op cryp; + uint32_t offset = 0; + int cryptodev_fd = -1; + int fd = -1; + + if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) + { + warn("/dev/crypto"); + goto err; + } + + if (ioctl(fd, CRIOGET, &cryptodev_fd) == -1) + { + warn("CRIOGET"); + goto err; + } + + memset(&session, 0, sizeof(session)); + session.cipher = CRYPTO_AES_CTR; + session.key = (caddr_t) key; + session.keylen = klen; + session.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; + if (ioctl(cryptodev_fd, CIOCGSESSION, &session) == -1) + { + warn("CIOCGSESSION"); + goto err; + } + + memset(&cryp, 0, sizeof(cryp)); + cryp.ses = session.ses; + cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; + cryp.flags = 0; + cryp.mac = 0; + cryp.ivlen = RIJNDAEL128_BLOCK_LEN; + cryp.iv = (caddr_t) iv; + while (len >= RIJNDAEL128_BLOCK_LEN) + { + cryp.len = RIJNDAEL128_BLOCK_LEN; + cryp.olen = RIJNDAEL128_BLOCK_LEN; + cryp.src = (caddr_t) in + offset; + cryp.dst = (caddr_t) out + offset; + if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) + { + warn("CIOCCRYPT"); + goto err; + } + + cryp.flags |= COP_FLAG_UPDATE; + cryp.ivlen = 0; + cryp.iv = NULL; + len -= RIJNDAEL128_BLOCK_LEN; + offset += RIJNDAEL128_BLOCK_LEN; + } + + if (ioctl(cryptodev_fd, CIOCFSESSION, &session.ses) == -1) + { + warn("CIOCFSESSION"); + goto err; + } + + close(cryptodev_fd); + close(fd); + return (0); + +err: + if (cryptodev_fd != -1) + { + close(cryptodev_fd); + } + + if (fd != -1) + { + close(fd); + } + + return (-1); +} + static int match(FAR unsigned char *a, FAR unsigned char *b, size_t len) { int i; @@ -332,6 +416,17 @@ static int run(int num) fail = !match(data[TST_CIPHER], p, len); printf("%s test vector %d\n", fail ? "FAILED" : "OK", num); + + if (syscrypt_stream(data[TST_KEY], length[TST_KEY], + data[TST_IV], data[TST_PLAIN], p, + length[TST_PLAIN], 0) < 0) + { + warnx("crypt with /dev/crypto failed"); + goto done; + } + + fail = !match(data[TST_CIPHER], p, len); + printf("%s test vector %d stream mode\n", fail ? "FAILED" : "OK", num); done: for (i = 0; i < TST_NUM; i++) { diff --git a/testing/drivers/crypto/aesxts.c b/testing/drivers/crypto/aesxts.c index b2b964a61a1..853a961fafd 100644 --- a/testing/drivers/crypto/aesxts.c +++ b/testing/drivers/crypto/aesxts.c @@ -1879,6 +1879,90 @@ static int syscrypt(FAR const unsigned char *key, size_t klen, return (-1); } +static int syscrypt_stream(FAR const unsigned char *key, size_t klen, + FAR const uint8_t *data_unit, size_t ivlen, + FAR const unsigned char *in, + FAR unsigned char *out, size_t len, int encrypt) +{ + struct session_op session; + struct crypt_op cryp; + uint32_t offset = 0; + int cryptodev_fd = -1; + int fd = -1; + + if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) + { + warn("/dev/crypto"); + goto err; + } + + if (ioctl(fd, CRIOGET, &cryptodev_fd) == -1) + { + warn("CRIOGET"); + goto err; + } + + memset(&session, 0, sizeof(session)); + session.cipher = CRYPTO_AES_XTS; + session.key = (caddr_t) key; + session.keylen = klen; + session.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; + if (ioctl(cryptodev_fd, CIOCGSESSION, &session) == -1) + { + warn("CIOCGSESSION"); + goto err; + } + + memset(&cryp, 0, sizeof(cryp)); + cryp.ses = session.ses; + cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; + cryp.flags = 0; + cryp.mac = 0; + cryp.ivlen = ivlen; + cryp.iv = (caddr_t)data_unit; + while (len >= RIJNDAEL128_BLOCK_LEN) + { + cryp.len = RIJNDAEL128_BLOCK_LEN; + cryp.olen = RIJNDAEL128_BLOCK_LEN; + cryp.src = (caddr_t)in + offset; + cryp.dst = (caddr_t)out + offset; + if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) + { + warn("CIOCCRYPT"); + goto err; + } + + cryp.ivlen = 0; + cryp.iv = (caddr_t)NULL; + cryp.flags |= COP_FLAG_UPDATE; + len -= RIJNDAEL128_BLOCK_LEN; + offset += RIJNDAEL128_BLOCK_LEN; + } + + if (ioctl(cryptodev_fd, CIOCFSESSION, &session.ses) == -1) + { + warn("CIOCFSESSION"); + goto err; + } + + close(cryptodev_fd); + close(fd); + return (0); + +err: + if (cryptodev_fd != -1) + { + close(cryptodev_fd); + } + + if (fd != -1) + { + close(fd); + } + + return (-1); +} + static void test_aesxts(void **state) { const struct aes_xts_tv *tv; @@ -1908,6 +1992,22 @@ static void test_aesxts(void **state) printf("OK encrypt test vector %zu\n", i); + if (syscrypt_stream(tv->key, tv->key_len, tv->data_unit, 16, + tv->plaintext, result, tv->text_len, 1) < 0) + { + printf("FAIL encrypt test vector %zu in stream mode\n", i); + fail++; + break; + } + + if (!match(result, tv->ciphertext, tv->text_len)) + { + fail++; + break; + } + + printf("OK encrypt test vector %zu in stream mode\n", i); + /* Decrypt test */ if (syscrypt(tv->key, tv->key_len, tv->data_unit, 16, tv->ciphertext, @@ -1925,6 +2025,22 @@ static void test_aesxts(void **state) } printf("OK decrypt test vector %zu\n", i); + + if (syscrypt_stream(tv->key, tv->key_len, tv->data_unit, 16, + tv->ciphertext, result, tv->text_len, 0) < 0) + { + printf("FAIL decrypt test vector %zu in stream mode\n", i); + fail++; + break; + } + + if (!match(result, tv->plaintext, tv->text_len)) + { + fail++; + break; + } + + printf("OK decrypt test vector %zu in stream mode\n", i); } assert_int_equal(fail, 0); diff --git a/testing/drivers/crypto/hash.c b/testing/drivers/crypto/hash.c index a6349d71499..67498f4c4b5 100644 --- a/testing/drivers/crypto/hash.c +++ b/testing/drivers/crypto/hash.c @@ -309,6 +309,8 @@ static int syshash_finish(FAR crypto_context *ctx, size_t olen) { ctx->cryp.flags = 0; + ctx->cryp.len = 0; + ctx->cryp.src = NULL; ctx->cryp.olen = olen; ctx->cryp.mac = (caddr_t) out; diff --git a/testing/drivers/crypto/hmac.c b/testing/drivers/crypto/hmac.c index 281996c9d4e..d53eb3b77df 100644 --- a/testing/drivers/crypto/hmac.c +++ b/testing/drivers/crypto/hmac.c @@ -183,12 +183,10 @@ static int syshmac(int mac, FAR const char *key, size_t keylen, memset(&cryp, 0, sizeof(cryp)); cryp.ses = session.ses; cryp.op = COP_ENCRYPT; - cryp.flags = 0; + cryp.flags |= COP_FLAG_UPDATE; cryp.src = (caddr_t) s; cryp.len = len; - cryp.olen = olen; cryp.dst = 0; - cryp.mac = (caddr_t) out; cryp.iv = 0; if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) { @@ -196,6 +194,17 @@ static int syshmac(int mac, FAR const char *key, size_t keylen, goto err; } + cryp.flags = 0; + cryp.len = 0; + cryp.src = NULL; + cryp.olen = olen; + cryp.mac = (caddr_t) out; + if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) + { + warn("CIOCCRYPT"); + goto err; + } + if (ioctl(cryptodev_fd, CIOCFSESSION, &session.ses) == -1) { warn("CIOCFSESSION"); From 4f8a9007ca88d83bf1b69922bb670d0b481cf0f3 Mon Sep 17 00:00:00 2001 From: makejian Date: Tue, 29 Jul 2025 21:08:51 +0800 Subject: [PATCH 7/9] crypto/testing: remove dependence crypto driver testing of cryptosoftware Remove unnecessary dependency on cryptosoftware implementation since crypto driver tests now support rpmsg and virtio driver backends. Signed-off-by: makejian --- testing/drivers/crypto/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/drivers/crypto/Kconfig b/testing/drivers/crypto/Kconfig index 3cb9ce6ab75..8a7e2de08dc 100644 --- a/testing/drivers/crypto/Kconfig +++ b/testing/drivers/crypto/Kconfig @@ -1,7 +1,7 @@ config TESTING_CRYPTO tristate "crypto test" default n - depends on (CRYPTO_CRYPTODEV_SOFTWARE || CRYPTO_CRYPTODEV_HARDWARE) && TESTING_CMOCKA + depends on TESTING_CMOCKA ---help--- Enable crypto test From 8b27dd756401f33ba846998961ddab88bd481dfc Mon Sep 17 00:00:00 2001 From: makejian Date: Wed, 14 Aug 2024 19:24:09 +0800 Subject: [PATCH 8/9] testing/crypto: add keymanagement test cases Add comprehensive key management test suite covering: - AES key generation (128, 192, 256-bit) - RSA keypair generation with variable key sizes - ECDSA keypair generation on SECP256R1 curve Tests key lifecycle operations and MTD-based persistent storage. Signed-off-by: makejian --- testing/drivers/crypto/CMakeLists.txt | 14 + testing/drivers/crypto/Kconfig | 4 + testing/drivers/crypto/Makefile | 5 + testing/drivers/crypto/keymanagement.c | 502 +++++++++++++++++++++++++ 4 files changed, 525 insertions(+) create mode 100644 testing/drivers/crypto/keymanagement.c diff --git a/testing/drivers/crypto/CMakeLists.txt b/testing/drivers/crypto/CMakeLists.txt index 36e22236db4..f0c021996a3 100644 --- a/testing/drivers/crypto/CMakeLists.txt +++ b/testing/drivers/crypto/CMakeLists.txt @@ -197,4 +197,18 @@ if(CONFIG_TESTING_CRYPTO) cmocka) endif() + if(CONFIG_TESTING_CRYPTO_KEY_MANAGEMENT) + nuttx_add_application( + NAME + keymanagement + PRIORITY + ${CONFIG_TESTING_CRYPTO_PRIORITY} + STACKSIZE + ${CONFIG_TESTING_CRYPTO_STACKSIZE} + MODULE + ${CONFIG_TESTING_CRYPTO} + SRCS + keymanagement.c) + endif() + endif() diff --git a/testing/drivers/crypto/Kconfig b/testing/drivers/crypto/Kconfig index 8a7e2de08dc..cf9543ff010 100644 --- a/testing/drivers/crypto/Kconfig +++ b/testing/drivers/crypto/Kconfig @@ -60,6 +60,10 @@ config TESTING_CRYPTO_RSA bool "rsa crypto test" default n +config TESTING_CRYPTO_KEY_MANAGEMENT + bool "key management test" + default n + config TESTING_CRYPTO_PRIORITY int "crypto test task priority" default 100 diff --git a/testing/drivers/crypto/Makefile b/testing/drivers/crypto/Makefile index 64c6dfac744..769dc7873a0 100644 --- a/testing/drivers/crypto/Makefile +++ b/testing/drivers/crypto/Makefile @@ -78,6 +78,11 @@ PROGNAME += rsa MAINSRC += rsa.c endif +ifeq ($(CONFIG_TESTING_CRYPTO_KEY_MANAGEMENT),y) +PROGNAME += keymanagement +MAINSRC += keymanagement.c +endif + PRIORITY = $(CONFIG_TESTING_CRYPTO_PRIORITY) STACKSIZE = $(CONFIG_TESTING_CRYPTO_STACKSIZE) MODULE = $(CONFIG_TESTING_CRYPTO) diff --git a/testing/drivers/crypto/keymanagement.c b/testing/drivers/crypto/keymanagement.c new file mode 100644 index 00000000000..b703a4828c7 --- /dev/null +++ b/testing/drivers/crypto/keymanagement.c @@ -0,0 +1,502 @@ +/**************************************************************************** + * apps/testing/drivers/crypto/keymanagement.c + * Copyright (c) 2008 Damien Bergamini + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + ****************************************************************************/ + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +typedef enum +{ + SYNC = 0, + ASYNC, +} +crypto_mode_t; + +typedef struct crypto_context_s +{ + int fd; + int cryptodev_fd; +} +crypto_context_t; + +/**************************************************************************** + * Private Data + ****************************************************************************/ + +static const unsigned char g_sha256_message[32] = +{ + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, + 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, + 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad +}; + +/**************************************************************************** + * Private Functions + ****************************************************************************/ + +static void show_usage(FAR const char *progname, int exitcode) +{ + printf("Usage: %s -a/-s \n", progname); + printf(" [-s] selects synchronous mode.\n"); + printf(" [-a] selects asynchronous mode.\n"); + exit(exitcode); +} + +static void crypto_free(FAR crypto_context_t *ctx) +{ + if (ctx->cryptodev_fd != 0) + { + close(ctx->cryptodev_fd); + ctx->cryptodev_fd = 0; + } + + if (ctx->fd != 0) + { + close(ctx->fd); + ctx->fd = 0; + } +} + +static int crypto_init(FAR crypto_context_t *ctx) +{ + memset(ctx, 0, sizeof(crypto_context_t)); + if ((ctx->fd = open("/dev/crypto", O_RDWR, 0)) < 0) + { + perror("CRIOGET"); + crypto_free(ctx); + return 1; + } + + if (ioctl(ctx->fd, CRIOGET, &ctx->cryptodev_fd) == -1) + { + perror("CRIOGET"); + crypto_free(ctx); + return 1; + } + + return 0; +} + +static int keyid_operation(FAR crypto_context_t *ctx, + int op, FAR int *keyid, + int paramin, int paramout, + FAR unsigned char *buf, int buflen, + FAR struct pollfd *fds) +{ + struct crypt_kop cryptk; + + memset(&cryptk, 0, sizeof(struct crypt_kop)); + cryptk.crk_op = op; + cryptk.crk_iparams = paramin; + cryptk.crk_oparams = paramout; + cryptk.crk_param[0].crp_p = (caddr_t)keyid; + cryptk.crk_param[0].crp_nbits = sizeof(int) * 8; + cryptk.crk_param[1].crp_p = (caddr_t)buf; + cryptk.crk_param[1].crp_nbits = buflen * 8; + if (fds != NULL) + { + cryptk.crk_flags |= CRYPTO_F_CBIMM; + } + + if (ioctl(ctx->cryptodev_fd, CIOCKEY, &cryptk) == -1) + { + perror("CIOCKEY"); + return -1; + } + + if (fds != NULL) + { + memset(fds, 0, sizeof(struct pollfd)); + fds->fd = ctx->cryptodev_fd; + fds->events = POLLIN; + + if (poll(fds, 1, -1) < 0) + { + perror("poll"); + return -1; + } + + if (fds->revents & POLLIN) + { + if (ioctl(ctx->cryptodev_fd, CIOCKEYRET, &cryptk) == -1) + { + perror("CIOCKEYRET"); + return -1; + } + } + else + { + perror("poll back"); + return -1; + } + } + + return cryptk.crk_status; +} + +static int p256_sign(FAR crypto_context_t *ctx, FAR int *keyid, + FAR const unsigned char *buf, size_t buflen, + FAR unsigned char *r, size_t rlen, + FAR unsigned char *s, size_t slen, + FAR struct pollfd *fds) +{ + struct crypt_kop cryptk; + + memset(&cryptk, 0, sizeof(cryptk)); + cryptk.crk_op = CRK_ECDSA_SECP256R1_SIGN; + cryptk.crk_iparams = 2; + cryptk.crk_oparams = 2; + cryptk.crk_param[0].crp_p = (caddr_t)keyid; + cryptk.crk_param[0].crp_nbits = sizeof(int) * 8; + cryptk.crk_param[1].crp_p = (caddr_t)buf; + cryptk.crk_param[1].crp_nbits = buflen * 8; + cryptk.crk_param[2].crp_p = (caddr_t)r; + cryptk.crk_param[2].crp_nbits = rlen * 8; + cryptk.crk_param[3].crp_p = (caddr_t)s; + cryptk.crk_param[3].crp_nbits = slen * 8; + if (fds != NULL) + { + cryptk.crk_flags |= CRYPTO_F_CBIMM; + } + + if (ioctl(ctx->cryptodev_fd, CIOCKEY, &cryptk) == -1) + { + perror("CIOCKEY"); + return -1; + } + + if (fds != NULL) + { + memset(fds, 0, sizeof(struct pollfd)); + fds->fd = ctx->cryptodev_fd; + fds->events = POLLIN; + + if (poll(fds, 1, -1) < 0) + { + perror("poll"); + return -1; + } + + if (fds->revents & POLLIN) + { + if (ioctl(ctx->cryptodev_fd, CIOCKEYRET, &cryptk) == -1) + { + perror("CIOCKEYRET"); + return -1; + } + } + else + { + perror("poll back"); + return -1; + } + } + + return cryptk.crk_status; +} + +static int p256_verify(FAR crypto_context_t *ctx, FAR int *keyid, + FAR const unsigned char *r, size_t rlen, + FAR const unsigned char *s, size_t slen, + FAR const unsigned char *buf, size_t buflen, + FAR struct pollfd *fds) +{ + struct crypt_kop cryptk; + + memset(&cryptk, 0, sizeof(cryptk)); + cryptk.crk_op = CRK_ECDSA_SECP256R1_VERIFY; + cryptk.crk_iparams = 6; + cryptk.crk_oparams = 0; + cryptk.crk_param[0].crp_p = (caddr_t)keyid; + cryptk.crk_param[0].crp_nbits = sizeof(int) * 8; + cryptk.crk_param[1].crp_p = (caddr_t)keyid; + cryptk.crk_param[1].crp_nbits = sizeof(int) * 8; + cryptk.crk_param[2].crp_p = NULL; + cryptk.crk_param[2].crp_nbits = 0; + cryptk.crk_param[3].crp_p = (caddr_t)r; + cryptk.crk_param[3].crp_nbits = rlen * 8; + cryptk.crk_param[4].crp_p = (caddr_t)s; + cryptk.crk_param[4].crp_nbits = slen * 8; + cryptk.crk_param[5].crp_p = (caddr_t)buf; + cryptk.crk_param[5].crp_nbits = buflen * 8; + if (fds != NULL) + { + cryptk.crk_flags |= CRYPTO_F_CBIMM; + } + + if (ioctl(ctx->cryptodev_fd, CIOCKEY, &cryptk) == -1) + { + perror("CIOCKEY"); + return -1; + } + + if (fds != NULL) + { + memset(fds, 0, sizeof(struct pollfd)); + fds->fd = ctx->cryptodev_fd; + fds->events = POLLIN; + + if (poll(fds, 1, -1) < 0) + { + perror("poll"); + return -1; + } + + if (fds->revents & POLLIN) + { + if (ioctl(ctx->cryptodev_fd, CIOCKEYRET, &cryptk) == -1) + { + perror("CIOCKEYRET"); + return -1; + } + } + else + { + perror("poll back"); + return -1; + } + } + + return cryptk.crk_status; +} + +int keymanagement_test(int mode) +{ + crypto_context_t ctx; + struct pollfd fds; + unsigned char buf[32]; + unsigned char r[32]; + unsigned char s[32]; + int keyid = -1; + int p256_prv_keyid = -1; + int p256_pub_keyid = -1; + int ret = 0; + + ret = crypto_init(&ctx); + if (ret != 0) + { + goto free; + } + + /* testcase 1: check keyid */ + + ret = keyid_operation(&ctx, CRK_ALLOCATE_KEY, &keyid, 0, 1, NULL, 0, + mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("keyid allocate %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + ret = keyid_operation(&ctx, CRK_VALIDATE_KEYID, &keyid, 1, 0, NULL, 0, + mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("keyid validate %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + printf("keymanagement testcase 1 %s success\n", + mode == SYNC ? "sync" : "async"); + + /* testcase 2: import and export key */ + + ret = keyid_operation(&ctx, CRK_IMPORT_KEY, &keyid, 2, 0, + g_sha256_message, sizeof(g_sha256_message), + mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("import key %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + ret = keyid_operation(&ctx, CRK_EXPORT_KEY, &keyid, 1, 1, buf, + sizeof(buf), mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("export key %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + if (memcmp(buf, g_sha256_message, sizeof(g_sha256_message)) != 0) + { + printf("keymanagement testcase 2 %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + ret = keyid_operation(&ctx, CRK_SAVE_KEY, &keyid, 1, 0, + NULL, 0, mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("save key %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + printf("keymanagement testcase 2 %s success\n", + mode == SYNC ? "sync" : "async"); + + /* testcase 3: load/unload key */ + + ret = keyid_operation(&ctx, CRK_LOAD_KEY, &keyid, 1, 0, + NULL, 0, mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("load key %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + ret = keyid_operation(&ctx, CRK_UNLOAD_KEY, &keyid, 1, 0, + NULL, 0, mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("unload key %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + printf("keymanagement testcase 3 %s success\n", + mode == SYNC ? "sync" : "async"); + + /* testcase 4: generate p256 key */ + + ret = keyid_operation(&ctx, CRK_ALLOCATE_KEY, &p256_prv_keyid, 0, 1, + NULL, 0, mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("allocate p256 private keyid %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + ret = keyid_operation(&ctx, CRK_ALLOCATE_KEY, &p256_pub_keyid, 0, 1, + NULL, 0, mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("allocate p256 public keyid %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + ret = keyid_operation(&ctx, CRK_GENERATE_SECP256R1_KEY, &p256_prv_keyid, + 2, 0, (unsigned char *)&p256_pub_keyid, sizeof(int), + mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("generate p256 key %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + printf("keymanagement testcase 4 %s success\n", + mode == SYNC ? "sync" : "async"); + + /* testcase 5: p256 test */ + + ret = p256_sign(&ctx, &p256_prv_keyid, g_sha256_message, + sizeof(g_sha256_message), r, 32, s, 32, + mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("p256 sign with key %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + ret = p256_verify(&ctx, &p256_pub_keyid, r, 32, s, 32, + g_sha256_message, sizeof(g_sha256_message), + mode == SYNC ? NULL : &fds); + if (ret != 0) + { + printf("p256 verify with key %s failed\n", + mode == SYNC ? "sync" : "async"); + goto free; + } + + printf("keymanagement testcase 5 %s success\n", + mode == SYNC ? "sync" : "async"); + +free: + if (keyid != -1) + { + keyid_operation(&ctx, CRK_DELETE_KEY, &keyid, 1, 0, NULL, 0, + mode == SYNC ? NULL : &fds); + } + + if (p256_prv_keyid != -1) + { + keyid_operation(&ctx, CRK_DELETE_KEY, &p256_prv_keyid, 1, 0, NULL, 0, + mode == SYNC ? NULL : &fds); + } + + if (p256_pub_keyid != -1) + { + keyid_operation(&ctx, CRK_DELETE_KEY, &p256_pub_keyid, 1, 0, NULL, 0, + mode == SYNC ? NULL : &fds); + } + + crypto_free(&ctx); + return 0; +} + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +int main(int argc, FAR char *argv[]) +{ + crypto_mode_t mode = SYNC; + + if (argc == 2 && argv[1] != NULL) + { + if (strcmp(argv[1], "-s") == 0) + { + mode = SYNC; + } + else if (strcmp(argv[1], "-a") == 0) + { + mode = ASYNC; + } + else + { + show_usage(argv[0], EXIT_FAILURE); + } + } + + return keymanagement_test(mode); +} From 713b2ef6059c76974095d8ffd233ed429b75ce5d Mon Sep 17 00:00:00 2001 From: makejian Date: Fri, 19 Sep 2025 15:40:51 +0800 Subject: [PATCH 9/9] testing/crypto: add test cases for testing cipher with keyid Add comprehensive test cases for key identifier (keyid) based cipher operations. Tests encrypted data verification using cryptographic keys referenced by unique identifiers, enabling testing of key management integration with cipher algorithms. Support for AES encryption/decryption, HMAC, and other algorithms with keyid-based access. Signed-off-by: makejian --- testing/drivers/crypto/keymanagement.c | 543 +++++++++++-------------- 1 file changed, 230 insertions(+), 313 deletions(-) diff --git a/testing/drivers/crypto/keymanagement.c b/testing/drivers/crypto/keymanagement.c index b703a4828c7..7aafeb9a20e 100644 --- a/testing/drivers/crypto/keymanagement.c +++ b/testing/drivers/crypto/keymanagement.c @@ -19,6 +19,12 @@ * Included Files ****************************************************************************/ +#include +#include +#include +#include +#include + #include #include #include @@ -44,6 +50,10 @@ typedef struct crypto_context_s { int fd; int cryptodev_fd; + struct crypt_kop cryptk; + struct cryptkop cryptkcb; + struct pollfd fds; + unsigned char bufcb[64]; } crypto_context_t; @@ -51,26 +61,44 @@ crypto_context_t; * Private Data ****************************************************************************/ -static const unsigned char g_sha256_message[32] = +static crypto_context_t g_keymgmt_ctx; + +static FAR char *g_aescbc_key = + "\x06\xa9\x21\x40\x36\xb8\xa1\x5b\x51\x2e\x03\xd5\x34\x12\x00\x06"; +static FAR char *g_aescbc_iv = + "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30\xb4\x22\xda\x80\x2c\x9f\xac\x41"; +static FAR char *g_aescbc_plain = "Single block msg"; +static FAR char *g_aescbc_cipher = + "\xe3\x53\x77\x9c\x10\x79\xae\xb8\x27\x08\x94\x2d\xbe\x77\x18\x1a"; + +static unsigned char g_aescmac_key[16] = +{ + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c +}; + +static unsigned char g_aescmac_message[] = +{ + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 +}; + +static unsigned char g_aescmac_mac[] = { - 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, - 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, - 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, - 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }; /**************************************************************************** * Private Functions ****************************************************************************/ -static void show_usage(FAR const char *progname, int exitcode) -{ - printf("Usage: %s -a/-s \n", progname); - printf(" [-s] selects synchronous mode.\n"); - printf(" [-a] selects asynchronous mode.\n"); - exit(exitcode); -} - static void crypto_free(FAR crypto_context_t *ctx) { if (ctx->cryptodev_fd != 0) @@ -89,6 +117,8 @@ static void crypto_free(FAR crypto_context_t *ctx) static int crypto_init(FAR crypto_context_t *ctx) { memset(ctx, 0, sizeof(crypto_context_t)); + ctx->cryptk.crk_arg = &ctx->cryptkcb; + if ((ctx->fd = open("/dev/crypto", O_RDWR, 0)) < 0) { perror("CRIOGET"); @@ -110,44 +140,51 @@ static int keyid_operation(FAR crypto_context_t *ctx, int op, FAR int *keyid, int paramin, int paramout, FAR unsigned char *buf, int buflen, - FAR struct pollfd *fds) + bool is_sync) { - struct crypt_kop cryptk; - - memset(&cryptk, 0, sizeof(struct crypt_kop)); - cryptk.crk_op = op; - cryptk.crk_iparams = paramin; - cryptk.crk_oparams = paramout; - cryptk.crk_param[0].crp_p = (caddr_t)keyid; - cryptk.crk_param[0].crp_nbits = sizeof(int) * 8; - cryptk.crk_param[1].crp_p = (caddr_t)buf; - cryptk.crk_param[1].crp_nbits = buflen * 8; - if (fds != NULL) + FAR unsigned char *bufcb; + + ctx->cryptk.crk_op = op; + ctx->cryptk.crk_iparams = paramin; + ctx->cryptk.crk_oparams = paramout; + ctx->cryptk.crk_param[0].crp_p = (caddr_t)keyid; + ctx->cryptk.crk_param[0].crp_nbits = sizeof(int) * 8; + ctx->cryptk.crk_param[1].crp_p = (caddr_t)buf; + ctx->cryptk.crk_param[1].crp_nbits = buflen * 8; + if (!is_sync) { - cryptk.crk_flags |= CRYPTO_F_CBIMM; + ctx->cryptk.crk_flags |= CRYPTO_F_CBIMM; + ctx->cryptkcb.krp_op = op; + ctx->cryptkcb.krp_iparams = paramin; + ctx->cryptkcb.krp_oparams = paramout; + ctx->cryptkcb.krp_param[0].crp_p = (caddr_t)keyid; + ctx->cryptkcb.krp_param[0].crp_nbits = sizeof(int) * 8; + ctx->cryptkcb.krp_flags |= CRYPTO_F_CBIMM; + ctx->cryptkcb.krp_param[1].crp_p = (caddr_t)ctx->bufcb; + ctx->cryptkcb.krp_param[1].crp_nbits = buflen * 8; } - if (ioctl(ctx->cryptodev_fd, CIOCKEY, &cryptk) == -1) + if (ioctl(ctx->cryptodev_fd, CIOCKEY, &ctx->cryptk) == -1) { perror("CIOCKEY"); return -1; } - if (fds != NULL) + if (!is_sync) { - memset(fds, 0, sizeof(struct pollfd)); - fds->fd = ctx->cryptodev_fd; - fds->events = POLLIN; + memset(&ctx->fds, 0, sizeof(struct pollfd)); + ctx->fds.fd = ctx->cryptodev_fd; + ctx->fds.events = POLLIN; - if (poll(fds, 1, -1) < 0) + if (poll(&ctx->fds, 1, -1) < 0) { perror("poll"); return -1; } - if (fds->revents & POLLIN) + if (ctx->fds.revents & POLLIN) { - if (ioctl(ctx->cryptodev_fd, CIOCKEYRET, &cryptk) == -1) + if (ioctl(ctx->cryptodev_fd, CIOCKEYRET, &ctx->cryptk) == -1) { perror("CIOCKEYRET"); return -1; @@ -160,318 +197,208 @@ static int keyid_operation(FAR crypto_context_t *ctx, } } - return cryptk.crk_status; + return ctx->cryptk.crk_status; } -static int p256_sign(FAR crypto_context_t *ctx, FAR int *keyid, - FAR const unsigned char *buf, size_t buflen, - FAR unsigned char *r, size_t rlen, - FAR unsigned char *s, size_t slen, - FAR struct pollfd *fds) +static int keymanagement_test(int mode) { - struct crypt_kop cryptk; + unsigned char data[32]; + unsigned char buf[32]; + int keyid = -1; - memset(&cryptk, 0, sizeof(cryptk)); - cryptk.crk_op = CRK_ECDSA_SECP256R1_SIGN; - cryptk.crk_iparams = 2; - cryptk.crk_oparams = 2; - cryptk.crk_param[0].crp_p = (caddr_t)keyid; - cryptk.crk_param[0].crp_nbits = sizeof(int) * 8; - cryptk.crk_param[1].crp_p = (caddr_t)buf; - cryptk.crk_param[1].crp_nbits = buflen * 8; - cryptk.crk_param[2].crp_p = (caddr_t)r; - cryptk.crk_param[2].crp_nbits = rlen * 8; - cryptk.crk_param[3].crp_p = (caddr_t)s; - cryptk.crk_param[3].crp_nbits = slen * 8; - if (fds != NULL) - { - cryptk.crk_flags |= CRYPTO_F_CBIMM; - } + arc4random_buf(data, sizeof(data)); - if (ioctl(ctx->cryptodev_fd, CIOCKEY, &cryptk) == -1) - { - perror("CIOCKEY"); - return -1; - } + assert_int_equal(crypto_init(&g_keymgmt_ctx), 0); - if (fds != NULL) - { - memset(fds, 0, sizeof(struct pollfd)); - fds->fd = ctx->cryptodev_fd; - fds->events = POLLIN; + /* testcase 1: check keyid */ - if (poll(fds, 1, -1) < 0) - { - perror("poll"); - return -1; - } + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_ALLOCATE_KEY, &keyid, + 0, 1, NULL, 0, mode == SYNC), 0); - if (fds->revents & POLLIN) - { - if (ioctl(ctx->cryptodev_fd, CIOCKEYRET, &cryptk) == -1) - { - perror("CIOCKEYRET"); - return -1; - } - } - else - { - perror("poll back"); - return -1; - } - } + /* testcase 2: import and export key */ - return cryptk.crk_status; -} + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_IMPORT_KEY, &keyid, + 2, 0, data, sizeof(data), + mode == SYNC), 0); -static int p256_verify(FAR crypto_context_t *ctx, FAR int *keyid, - FAR const unsigned char *r, size_t rlen, - FAR const unsigned char *s, size_t slen, - FAR const unsigned char *buf, size_t buflen, - FAR struct pollfd *fds) -{ - struct crypt_kop cryptk; + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_EXPORT_KEY, &keyid, + 1, 1, buf, sizeof(buf), mode == SYNC), 0); - memset(&cryptk, 0, sizeof(cryptk)); - cryptk.crk_op = CRK_ECDSA_SECP256R1_VERIFY; - cryptk.crk_iparams = 6; - cryptk.crk_oparams = 0; - cryptk.crk_param[0].crp_p = (caddr_t)keyid; - cryptk.crk_param[0].crp_nbits = sizeof(int) * 8; - cryptk.crk_param[1].crp_p = (caddr_t)keyid; - cryptk.crk_param[1].crp_nbits = sizeof(int) * 8; - cryptk.crk_param[2].crp_p = NULL; - cryptk.crk_param[2].crp_nbits = 0; - cryptk.crk_param[3].crp_p = (caddr_t)r; - cryptk.crk_param[3].crp_nbits = rlen * 8; - cryptk.crk_param[4].crp_p = (caddr_t)s; - cryptk.crk_param[4].crp_nbits = slen * 8; - cryptk.crk_param[5].crp_p = (caddr_t)buf; - cryptk.crk_param[5].crp_nbits = buflen * 8; - if (fds != NULL) - { - cryptk.crk_flags |= CRYPTO_F_CBIMM; - } + assert_int_equal(memcmp(buf, data, sizeof(data)), 0); - if (ioctl(ctx->cryptodev_fd, CIOCKEY, &cryptk) == -1) - { - perror("CIOCKEY"); - return -1; - } + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_SAVE_KEY, &keyid, + 1, 0, NULL, 0, mode == SYNC), 0); - if (fds != NULL) - { - memset(fds, 0, sizeof(struct pollfd)); - fds->fd = ctx->cryptodev_fd; - fds->events = POLLIN; + /* testcase 3: load/unload key */ - if (poll(fds, 1, -1) < 0) - { - perror("poll"); - return -1; - } + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_LOAD_KEY, &keyid, + 1, 0, NULL, 0, mode == SYNC), 0); - if (fds->revents & POLLIN) - { - if (ioctl(ctx->cryptodev_fd, CIOCKEYRET, &cryptk) == -1) - { - perror("CIOCKEYRET"); - return -1; - } - } - else - { - perror("poll back"); - return -1; - } - } + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_UNLOAD_KEY, &keyid, + 1, 0, NULL, 0, mode == SYNC), 0); + + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_DELETE_KEY, &keyid, + 1, 0, NULL, 0, mode == SYNC), 0); - return cryptk.crk_status; + crypto_free(&g_keymgmt_ctx); + return 0; } -int keymanagement_test(int mode) +static void test_keymgmt_sync(void **state) { - crypto_context_t ctx; - struct pollfd fds; - unsigned char buf[32]; - unsigned char r[32]; - unsigned char s[32]; + assert_int_equal(keymanagement_test(SYNC), 0); +} + +static void test_keymgmt_async(void **state) +{ + assert_int_equal(keymanagement_test(ASYNC), 0); +} + +static int aescbc_crypt(FAR crypto_context_t *ctx, + FAR const char *key, size_t klen, + FAR const char *iv, FAR const char *in, + FAR unsigned char *out, size_t len, int encrypt) +{ + struct session_op session; + struct crypt_op cryp; + + memset(&session, 0, sizeof(session)); + session.cipher = CRYPTO_AES_CBC; + session.key = (caddr_t)key; + session.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; + session.flags |= SOP_F_KEYID; + session.keylen = klen; + assert_int_equal(ioctl(ctx->cryptodev_fd, CIOCGSESSION, &session), 0); + + memset(&cryp, 0, sizeof(cryp)); + cryp.ses = session.ses; + cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT; + cryp.flags = 0; + cryp.len = len; + cryp.olen = len; + cryp.ivlen = 16; + cryp.src = (caddr_t)in; + cryp.dst = (caddr_t)out; + cryp.iv = (caddr_t)iv; + cryp.mac = 0; + assert_int_equal(ioctl(ctx->cryptodev_fd, CIOCCRYPT, &cryp), 0); + assert_int_equal(ioctl(ctx->cryptodev_fd, CIOCFSESSION, &session.ses), 0); + return 0; +} + +static void test_keymgmt_aescbc(void **state) +{ + unsigned char buf[64]; int keyid = -1; - int p256_prv_keyid = -1; - int p256_pub_keyid = -1; - int ret = 0; - ret = crypto_init(&ctx); - if (ret != 0) - { - goto free; - } + assert_int_equal(crypto_init(&g_keymgmt_ctx), 0); - /* testcase 1: check keyid */ + /* step 1: allocate one usable keyid */ - ret = keyid_operation(&ctx, CRK_ALLOCATE_KEY, &keyid, 0, 1, NULL, 0, - mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("keyid allocate %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_ALLOCATE_KEY, &keyid, + 0, 1, NULL, 0, TRUE), 0); - ret = keyid_operation(&ctx, CRK_VALIDATE_KEYID, &keyid, 1, 0, NULL, 0, - mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("keyid validate %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + /* step 2: import key */ - printf("keymanagement testcase 1 %s success\n", - mode == SYNC ? "sync" : "async"); + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_IMPORT_KEY, &keyid, + 2, 0, (unsigned char *)g_aescbc_key, + 16, TRUE), 0); - /* testcase 2: import and export key */ + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_SAVE_KEY, &keyid, + 1, 0, NULL, 0, TRUE), 0); - ret = keyid_operation(&ctx, CRK_IMPORT_KEY, &keyid, 2, 0, - g_sha256_message, sizeof(g_sha256_message), - mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("import key %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + /* step 3: calculate out */ - ret = keyid_operation(&ctx, CRK_EXPORT_KEY, &keyid, 1, 1, buf, - sizeof(buf), mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("export key %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + assert_int_equal(aescbc_crypt(&g_keymgmt_ctx, (char *)&keyid, + sizeof(uint32_t), g_aescbc_iv, + g_aescbc_plain, buf, 16, 1), 0); - if (memcmp(buf, g_sha256_message, sizeof(g_sha256_message)) != 0) - { - printf("keymanagement testcase 2 %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + assert_int_equal(memcmp(buf, g_aescbc_cipher, 16), 0); - ret = keyid_operation(&ctx, CRK_SAVE_KEY, &keyid, 1, 0, - NULL, 0, mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("save key %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + /* step 4: remove key */ - printf("keymanagement testcase 2 %s success\n", - mode == SYNC ? "sync" : "async"); + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_DELETE_KEY, &keyid, + 1, 0, NULL, 0, TRUE), 0); - /* testcase 3: load/unload key */ + crypto_free(&g_keymgmt_ctx); +} - ret = keyid_operation(&ctx, CRK_LOAD_KEY, &keyid, 1, 0, - NULL, 0, mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("load key %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } +static int aescmac_crypt(FAR crypto_context_t *ctx, + FAR const unsigned char *key, size_t klen, + FAR const unsigned char *message, size_t len, + FAR unsigned char *output, size_t outlen) +{ + struct session_op session; + struct crypt_op cryp; - ret = keyid_operation(&ctx, CRK_UNLOAD_KEY, &keyid, 1, 0, - NULL, 0, mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("unload key %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + memset(&session, 0, sizeof(session)); + session.cipher = CRYPTO_AES_CMAC; + session.key = (caddr_t)key; + session.keylen = klen; + session.mac = CRYPTO_AES_128_CMAC; + session.mackey = (caddr_t)key; + session.mackeylen = klen; + session.flags |= SOP_F_KEYID; - printf("keymanagement testcase 3 %s success\n", - mode == SYNC ? "sync" : "async"); + assert_int_equal(ioctl(ctx->cryptodev_fd, CIOCGSESSION, &session), 0); - /* testcase 4: generate p256 key */ + memset(&cryp, 0, sizeof(cryp)); + cryp.ses = session.ses; + cryp.op = COP_ENCRYPT; - ret = keyid_operation(&ctx, CRK_ALLOCATE_KEY, &p256_prv_keyid, 0, 1, - NULL, 0, mode == SYNC ? NULL : &fds); - if (ret != 0) + if (len > 0) { - printf("allocate p256 private keyid %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; + cryp.flags |= COP_FLAG_UPDATE; + cryp.len = len; + cryp.src = (caddr_t)message; + assert_int_equal(ioctl(ctx->cryptodev_fd, CIOCCRYPT, &cryp), 0); } - ret = keyid_operation(&ctx, CRK_ALLOCATE_KEY, &p256_pub_keyid, 0, 1, - NULL, 0, mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("allocate p256 public keyid %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + cryp.flags = 0; + cryp.len = 0; + cryp.olen = outlen; + cryp.src = NULL; + cryp.mac = (caddr_t)output; - ret = keyid_operation(&ctx, CRK_GENERATE_SECP256R1_KEY, &p256_prv_keyid, - 2, 0, (unsigned char *)&p256_pub_keyid, sizeof(int), - mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("generate p256 key %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + assert_int_equal(ioctl(ctx->cryptodev_fd, CIOCCRYPT, &cryp), 0); + assert_int_equal(ioctl(ctx->cryptodev_fd, CIOCFSESSION, &session.ses), 0); + return 0; +} - printf("keymanagement testcase 4 %s success\n", - mode == SYNC ? "sync" : "async"); +static void test_keymgmt_aescmac(void **state) +{ + unsigned char buf[64]; + int keyid = -1; - /* testcase 5: p256 test */ + assert_int_equal(crypto_init(&g_keymgmt_ctx), 0); - ret = p256_sign(&ctx, &p256_prv_keyid, g_sha256_message, - sizeof(g_sha256_message), r, 32, s, 32, - mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("p256 sign with key %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + /* step 1: allocate one usable keyid */ - ret = p256_verify(&ctx, &p256_pub_keyid, r, 32, s, 32, - g_sha256_message, sizeof(g_sha256_message), - mode == SYNC ? NULL : &fds); - if (ret != 0) - { - printf("p256 verify with key %s failed\n", - mode == SYNC ? "sync" : "async"); - goto free; - } + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_ALLOCATE_KEY, &keyid, + 0, 1, NULL, 0, TRUE), 0); - printf("keymanagement testcase 5 %s success\n", - mode == SYNC ? "sync" : "async"); + /* step 2: import key */ -free: - if (keyid != -1) - { - keyid_operation(&ctx, CRK_DELETE_KEY, &keyid, 1, 0, NULL, 0, - mode == SYNC ? NULL : &fds); - } + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_IMPORT_KEY, &keyid, + 2, 0, g_aescmac_key, 16, TRUE), 0); - if (p256_prv_keyid != -1) - { - keyid_operation(&ctx, CRK_DELETE_KEY, &p256_prv_keyid, 1, 0, NULL, 0, - mode == SYNC ? NULL : &fds); - } + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_SAVE_KEY, &keyid, + 1, 0, NULL, 0, TRUE), 0); - if (p256_pub_keyid != -1) - { - keyid_operation(&ctx, CRK_DELETE_KEY, &p256_pub_keyid, 1, 0, NULL, 0, - mode == SYNC ? NULL : &fds); - } + /* step 3: calculate out */ - crypto_free(&ctx); - return 0; + assert_int_equal(aescmac_crypt(&g_keymgmt_ctx, (unsigned char *)&keyid, + sizeof(uint32_t), g_aescmac_message, + 64, buf, 16), 0); + + assert_int_equal(memcmp(buf, g_aescmac_mac, 16), 0); + + /* step 4: remove key */ + + assert_int_equal(keyid_operation(&g_keymgmt_ctx, CRK_DELETE_KEY, &keyid, + 1, 0, NULL, 0, TRUE), 0); + + crypto_free(&g_keymgmt_ctx); } /**************************************************************************** @@ -480,23 +407,13 @@ int keymanagement_test(int mode) int main(int argc, FAR char *argv[]) { - crypto_mode_t mode = SYNC; - - if (argc == 2 && argv[1] != NULL) + const struct CMUnitTest keymgmt_tests[] = { - if (strcmp(argv[1], "-s") == 0) - { - mode = SYNC; - } - else if (strcmp(argv[1], "-a") == 0) - { - mode = ASYNC; - } - else - { - show_usage(argv[0], EXIT_FAILURE); - } - } + cmocka_unit_test(test_keymgmt_sync), + cmocka_unit_test(test_keymgmt_async), + cmocka_unit_test(test_keymgmt_aescbc), + cmocka_unit_test(test_keymgmt_aescmac), + }; - return keymanagement_test(mode); + return cmocka_run_group_tests(keymgmt_tests, NULL, NULL); }