aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorDamjan Marion <damarion@cisco.com>2019-03-29 13:47:54 +0100
committerDamjan Marion <damarion@cisco.com>2019-04-07 11:19:35 +0200
commit060bfb987a277624e5644de2fcbee1196c2c76e8 (patch)
tree2ca6ccf57c09c5e016f9613b0e0e75f8e49475eb /src/plugins
parentdc43bcd8abef2cee4eebdc94d9a82c0194ba00fb (diff)
crypto: add support for AEAD and AES-GCM
Change-Id: Iff6f81a49b9cff5522fbb4914d47472423eac5db Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/crypto_openssl/main.c86
-rw-r--r--src/plugins/unittest/CMakeLists.txt1
-rw-r--r--src/plugins/unittest/crypto/aes_cbc.c48
-rw-r--r--src/plugins/unittest/crypto/aes_gcm.c91
-rw-r--r--src/plugins/unittest/crypto/crypto.h7
-rw-r--r--src/plugins/unittest/crypto/rfc2202_hmac_md5.c42
-rw-r--r--src/plugins/unittest/crypto/rfc2202_hmac_sha1.c49
-rw-r--r--src/plugins/unittest/crypto/rfc4231.c172
-rw-r--r--src/plugins/unittest/crypto_test.c210
9 files changed, 488 insertions, 218 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index 850ec6520d6..9a78cb46dd9 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -37,11 +37,14 @@ typedef struct
static openssl_per_thread_data_t *per_thread_data = 0;
#define foreach_openssl_evp_op \
- _(DES_CBC, EVP_des_cbc) \
- _(3DES_CBC, EVP_des_ede3_cbc) \
- _(AES_128_CBC, EVP_aes_128_cbc) \
- _(AES_192_CBC, EVP_aes_192_cbc) \
- _(AES_256_CBC, EVP_aes_256_cbc)
+ _(cbc, DES_CBC, EVP_des_cbc) \
+ _(cbc, 3DES_CBC, EVP_des_ede3_cbc) \
+ _(cbc, AES_128_CBC, EVP_aes_128_cbc) \
+ _(cbc, AES_192_CBC, EVP_aes_192_cbc) \
+ _(cbc, AES_256_CBC, EVP_aes_256_cbc) \
+ _(gcm, AES_128_GCM, EVP_aes_128_gcm) \
+ _(gcm, AES_192_GCM, EVP_aes_192_gcm) \
+ _(gcm, AES_256_GCM, EVP_aes_256_gcm)
#define foreach_openssl_hmac_op \
_(MD5, EVP_md5) \
@@ -99,6 +102,62 @@ openssl_ops_dec_cbc (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
}
static_always_inline u32
+openssl_ops_enc_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
+ const EVP_CIPHER * cipher)
+{
+ openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
+ vm->thread_index);
+ EVP_CIPHER_CTX *ctx = ptd->evp_cipher_ctx;
+ u32 i;
+ for (i = 0; i < n_ops; i++)
+ {
+ vnet_crypto_op_t *op = ops[i];
+ int len;
+
+ if (op->flags & VNET_CRYPTO_OP_FLAG_INIT_IV)
+ RAND_bytes (op->iv, op->iv_len);
+
+ EVP_EncryptInit_ex (ctx, cipher, 0, 0, 0);
+ EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, op->iv_len, NULL);
+ EVP_EncryptInit_ex (ctx, 0, 0, op->key, op->iv);
+ EVP_EncryptUpdate (ctx, NULL, &len, op->aad, op->aad_len);
+ EVP_EncryptUpdate (ctx, op->dst, &len, op->src, op->len);
+ EVP_EncryptFinal_ex (ctx, op->dst + len, &len);
+ EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, op->tag_len, op->tag);
+ op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
+ }
+ return n_ops;
+}
+
+static_always_inline u32
+openssl_ops_dec_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
+ const EVP_CIPHER * cipher)
+{
+ openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
+ vm->thread_index);
+ EVP_CIPHER_CTX *ctx = ptd->evp_cipher_ctx;
+ u32 i;
+ for (i = 0; i < n_ops; i++)
+ {
+ vnet_crypto_op_t *op = ops[i];
+ int len;
+
+ EVP_DecryptInit_ex (ctx, cipher, 0, 0, 0);
+ EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, op->iv_len, 0);
+ EVP_DecryptInit_ex (ctx, 0, 0, op->key, op->iv);
+ EVP_DecryptUpdate (ctx, 0, &len, op->aad, op->aad_len);
+ EVP_DecryptUpdate (ctx, op->dst, &len, op->src, op->len);
+ EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, op->tag_len, op->tag);
+
+ if (EVP_DecryptFinal_ex (ctx, op->dst + len, &len) > 0)
+ op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
+ else
+ op->status = VNET_CRYPTO_OP_STATUS_FAIL_DECRYPT;
+ }
+ return n_ops;
+}
+
+static_always_inline u32
openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
const EVP_MD * md)
{
@@ -111,7 +170,7 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
{
vnet_crypto_op_t *op = ops[i];
unsigned int out_len;
- size_t sz = op->hmac_trunc_len ? op->hmac_trunc_len : EVP_MD_size (md);
+ size_t sz = op->digest_len ? op->digest_len : EVP_MD_size (md);
HMAC_Init_ex (ctx, op->key, op->key_len, md, NULL);
HMAC_Update (ctx, op->src, op->len);
@@ -119,7 +178,7 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
if (op->flags & VNET_CRYPTO_OP_FLAG_HMAC_CHECK)
{
- if ((memcmp (op->dst, buffer, sz)))
+ if ((memcmp (op->digest, buffer, sz)))
{
n_fail++;
op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
@@ -127,20 +186,20 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
}
}
else
- clib_memcpy_fast (op->dst, buffer, sz);
+ clib_memcpy_fast (op->digest, buffer, sz);
op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
}
return n_ops - n_fail;
}
-#define _(a, b) \
+#define _(m, a, b) \
static u32 \
openssl_ops_enc_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops) \
-{ return openssl_ops_enc_cbc (vm, ops, n_ops, b ()); } \
+{ return openssl_ops_enc_##m (vm, ops, n_ops, b ()); } \
\
u32 \
openssl_ops_dec_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops) \
-{ return openssl_ops_dec_cbc (vm, ops, n_ops, b ()); }
+{ return openssl_ops_dec_##m (vm, ops, n_ops, b ()); }
foreach_openssl_evp_op;
#undef _
@@ -160,17 +219,16 @@ crypto_openssl_init (vlib_main_t * vm)
vlib_thread_main_t *tm = vlib_get_thread_main ();
openssl_per_thread_data_t *ptd;
u8 *seed_data = 0;
+ clib_error_t *error;
time_t t;
pid_t pid;
- clib_error_t *error;
-
if ((error = vlib_call_init_function (vm, vnet_crypto_init)))
return error;
u32 eidx = vnet_crypto_register_engine (vm, "openssl", 50, "OpenSSL");
-#define _(a, b) \
+#define _(m, a, b) \
vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_ENC, \
openssl_ops_enc_##a); \
vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_DEC, \
diff --git a/src/plugins/unittest/CMakeLists.txt b/src/plugins/unittest/CMakeLists.txt
index 5c8825f4f3f..55766176fff 100644
--- a/src/plugins/unittest/CMakeLists.txt
+++ b/src/plugins/unittest/CMakeLists.txt
@@ -17,6 +17,7 @@ add_vpp_plugin(unittest
bihash_test.c
crypto_test.c
crypto/aes_cbc.c
+ crypto/aes_gcm.c
crypto/rfc2202_hmac_sha1.c
crypto/rfc2202_hmac_md5.c
crypto/rfc4231.c
diff --git a/src/plugins/unittest/crypto/aes_cbc.c b/src/plugins/unittest/crypto/aes_cbc.c
index 465f91e675f..b52f728a1cb 100644
--- a/src/plugins/unittest/crypto/aes_cbc.c
+++ b/src/plugins/unittest/crypto/aes_cbc.c
@@ -54,23 +54,15 @@ static u8 ciphertext128[] = {
};
/* *INDENT-OFF* */
-UNITTEST_REGISTER_CRYPTO_TEST (nist_aes128_cbc_enc) = {
+UNITTEST_REGISTER_CRYPTO_TEST (nist_aes128_cbc) = {
.name = "NIST SP 800-38A",
- .op = VNET_CRYPTO_OP_AES_128_CBC_ENC,
+ .alg = VNET_CRYPTO_ALG_AES_128_CBC,
.iv = TEST_DATA (iv),
.key = TEST_DATA (key128),
- .data = TEST_DATA (plaintext),
- .expected = TEST_DATA (ciphertext128),
+ .plaintext = TEST_DATA (plaintext),
+ .ciphertext = TEST_DATA (ciphertext128),
};
-UNITTEST_REGISTER_CRYPTO_TEST (nist_aes128_cbc_dec) = {
- .name = "NIST SP 800-38A",
- .op = VNET_CRYPTO_OP_AES_128_CBC_DEC,
- .iv = TEST_DATA (iv),
- .key = TEST_DATA (key128),
- .data = TEST_DATA (ciphertext128),
- .expected = TEST_DATA (plaintext),
-};
/* *INDENT-ON* */
static u8 key192[24] = {
@@ -91,23 +83,15 @@ static u8 ciphertext192[64] = {
};
/* *INDENT-OFF* */
-UNITTEST_REGISTER_CRYPTO_TEST (nist_aes192_cbc_enc) = {
+UNITTEST_REGISTER_CRYPTO_TEST (nist_aes192_cbc) = {
.name = "NIST SP 800-38A",
- .op = VNET_CRYPTO_OP_AES_192_CBC_ENC,
+ .alg = VNET_CRYPTO_ALG_AES_192_CBC,
.iv = TEST_DATA (iv),
.key = TEST_DATA (key192),
- .data = TEST_DATA (plaintext),
- .expected = TEST_DATA (ciphertext192),
+ .plaintext = TEST_DATA (plaintext),
+ .ciphertext = TEST_DATA (ciphertext192),
};
-UNITTEST_REGISTER_CRYPTO_TEST (nist_aes192_cbc_dec) = {
- .name = "NIST SP 800-38A",
- .op = VNET_CRYPTO_OP_AES_192_CBC_DEC,
- .iv = TEST_DATA (iv),
- .key = TEST_DATA (key192),
- .data = TEST_DATA (ciphertext192),
- .expected = TEST_DATA (plaintext),
-};
/* *INDENT-ON* */
static u8 key256[32] = {
@@ -129,23 +113,15 @@ static u8 ciphertext256[64] = {
};
/* *INDENT-OFF* */
-UNITTEST_REGISTER_CRYPTO_TEST (nist_aes256_cbc_enc) = {
+UNITTEST_REGISTER_CRYPTO_TEST (nist_aes256_cbc) = {
.name = "NIST SP 800-38A",
- .op = VNET_CRYPTO_OP_AES_256_CBC_ENC,
+ .alg = VNET_CRYPTO_ALG_AES_256_CBC,
.iv = TEST_DATA (iv),
.key = TEST_DATA (key256),
- .data = TEST_DATA (plaintext),
- .expected = TEST_DATA (ciphertext256),
+ .plaintext = TEST_DATA (plaintext),
+ .ciphertext = TEST_DATA (ciphertext256),
};
-UNITTEST_REGISTER_CRYPTO_TEST (nist_aes256_cbc_dec) = {
- .name = "NIST SP 800-38A",
- .op = VNET_CRYPTO_OP_AES_256_CBC_DEC,
- .iv = TEST_DATA (iv),
- .key = TEST_DATA (key256),
- .data = TEST_DATA (ciphertext256),
- .expected = TEST_DATA (plaintext),
-};
/* *INDENT-ON* */
/*
diff --git a/src/plugins/unittest/crypto/aes_gcm.c b/src/plugins/unittest/crypto/aes_gcm.c
new file mode 100644
index 00000000000..826979e74e7
--- /dev/null
+++ b/src/plugins/unittest/crypto/aes_gcm.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2019 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Test vectors published in GCM Specification */
+
+#include <vppinfra/clib.h>
+#include <vnet/crypto/crypto.h>
+#include <unittest/crypto/crypto.h>
+
+static u8 tc6_iv[] = {
+ 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
+ 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
+ 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
+ 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
+ 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
+ 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
+ 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
+ 0xa6, 0x37, 0xb3, 0x9b
+};
+
+static u8 tc6_plaintext[] = {
+ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+ 0xba, 0x63, 0x7b, 0x39,
+};
+
+static u8 tc6_key[] = {
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+};
+
+static u8 tc6_aad[] = {
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xab, 0xad, 0xda, 0xd2
+};
+
+static u8 tc6_ciphertext[] = {
+ 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
+ 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
+ 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
+ 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
+ 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
+ 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
+ 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
+ 0x4c, 0x34, 0xae, 0xe5
+};
+
+static u8 tc6_tag[] = {
+ 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
+ 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50,
+};
+
+/* *INDENT-OFF* */
+UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm_tc6) = {
+ .name = "GCM Spec. TC6",
+ .alg = VNET_CRYPTO_ALG_AES_128_GCM,
+ .iv = TEST_DATA (tc6_iv),
+ .key = TEST_DATA (tc6_key),
+ .plaintext = TEST_DATA (tc6_plaintext),
+ .ciphertext = TEST_DATA (tc6_ciphertext),
+ .tag = TEST_DATA (tc6_tag),
+ .aad = TEST_DATA (tc6_aad),
+};
+
+/* *INDENT-ON* */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/plugins/unittest/crypto/crypto.h b/src/plugins/unittest/crypto/crypto.h
index 1945c69fd4c..587d7b76a2f 100644
--- a/src/plugins/unittest/crypto/crypto.h
+++ b/src/plugins/unittest/crypto/crypto.h
@@ -26,10 +26,9 @@ typedef struct
typedef struct unittest_crypto_test_registration
{
char *name;
- vnet_crypto_alg_t alg:8;
- vnet_crypto_op_type_t op:8;
- unittest_crypto_test_data_t iv, key, data, expected;
- u8 hmac_trunc_len;
+ vnet_crypto_alg_t alg;
+ unittest_crypto_test_data_t iv, key, digest, plaintext, ciphertext, aad,
+ tag;
/* next */
struct unittest_crypto_test_registration *next;
diff --git a/src/plugins/unittest/crypto/rfc2202_hmac_md5.c b/src/plugins/unittest/crypto/rfc2202_hmac_md5.c
index da6da7e47f4..76bd8a5f443 100644
--- a/src/plugins/unittest/crypto/rfc2202_hmac_md5.c
+++ b/src/plugins/unittest/crypto/rfc2202_hmac_md5.c
@@ -34,10 +34,10 @@ static u8 md5_tc1_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_md5_tc1) = {
.name = "RFC2202 HMAC-MD5 TC1",
- .op = VNET_CRYPTO_OP_MD5_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_MD5,
.key = TEST_DATA (md5_tc1_key),
- .data = TEST_DATA (md5_tc1_data),
- .expected = TEST_DATA (md5_tc1_digest),
+ .plaintext = TEST_DATA (md5_tc1_data),
+ .digest = TEST_DATA (md5_tc1_digest),
};
/* *INDENT-ON* */
@@ -53,10 +53,10 @@ static u8 md5_tc2_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_md5_tc2) = {
.name = "RFC2202 HMAC-MD5 TC2",
- .op = VNET_CRYPTO_OP_MD5_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_MD5,
.key = TEST_DATA (md5_tc2_key),
- .data = TEST_DATA (md5_tc2_data),
- .expected = TEST_DATA (md5_tc2_digest),
+ .plaintext = TEST_DATA (md5_tc2_data),
+ .digest = TEST_DATA (md5_tc2_digest),
};
/* *INDENT-ON* */
@@ -83,10 +83,10 @@ static u8 md5_tc3_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_md5_tc3) = {
.name = "RFC2202 HMAC-MD5 TC3",
- .op = VNET_CRYPTO_OP_MD5_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_MD5,
.key = TEST_DATA (md5_tc3_key),
- .data = TEST_DATA (md5_tc3_data),
- .expected = TEST_DATA (md5_tc3_digest),
+ .plaintext = TEST_DATA (md5_tc3_data),
+ .digest = TEST_DATA (md5_tc3_digest),
};
/* *INDENT-ON* */
@@ -115,10 +115,10 @@ static u8 md5_tc4_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_md5_tc4) = {
.name = "RFC2202 HMAC-MD5 TC4",
- .op = VNET_CRYPTO_OP_MD5_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_MD5,
.key = TEST_DATA (md5_tc4_key),
- .data = TEST_DATA (md5_tc4_data),
- .expected = TEST_DATA (md5_tc4_digest),
+ .plaintext = TEST_DATA (md5_tc4_data),
+ .digest = TEST_DATA (md5_tc4_digest),
};
/* *INDENT-ON* */
@@ -137,10 +137,10 @@ static u8 md5_tc5_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_md5_tc5) = {
.name = "RFC2202 HMAC-MD5 TC5",
- .op = VNET_CRYPTO_OP_MD5_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_MD5,
.key = TEST_DATA (md5_tc5_key),
- .data = TEST_DATA (md5_tc5_data),
- .expected = TEST_DATA (md5_tc5_digest),
+ .plaintext = TEST_DATA (md5_tc5_data),
+ .digest = TEST_DATA (md5_tc5_digest),
};
/* *INDENT-ON* */
@@ -168,10 +168,10 @@ static u8 md5_tc6_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_md5_tc6) = {
.name = "RFC2202 HMAC-MD5 TC6",
- .op = VNET_CRYPTO_OP_MD5_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_MD5,
.key = TEST_DATA (md5_tc6_key),
- .data = TEST_DATA (md5_tc6_data),
- .expected = TEST_DATA (md5_tc6_digest),
+ .plaintext = TEST_DATA (md5_tc6_data),
+ .digest = TEST_DATA (md5_tc6_digest),
};
/* *INDENT-ON* */
@@ -186,10 +186,10 @@ static u8 md5_tc7_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_md5_tc7) = {
.name = "RFC2202 HMAC-MD5 TC7",
- .op = VNET_CRYPTO_OP_MD5_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_MD5,
.key = TEST_DATA (md5_tc6_key),
- .data = TEST_DATA (md5_tc7_data),
- .expected = TEST_DATA (md5_tc7_digest),
+ .plaintext = TEST_DATA (md5_tc7_data),
+ .digest = TEST_DATA (md5_tc7_digest),
};
/* *INDENT-ON* */
diff --git a/src/plugins/unittest/crypto/rfc2202_hmac_sha1.c b/src/plugins/unittest/crypto/rfc2202_hmac_sha1.c
index 13505218891..b3942aafa59 100644
--- a/src/plugins/unittest/crypto/rfc2202_hmac_sha1.c
+++ b/src/plugins/unittest/crypto/rfc2202_hmac_sha1.c
@@ -36,10 +36,10 @@ static u8 sha1_tc1_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_sha1_tc1) = {
.name = "RFC2202 HMAC-SHA-1 TC1",
- .op = VNET_CRYPTO_OP_SHA1_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA1,
.key = TEST_DATA (sha1_tc1_key),
- .data = TEST_DATA (sha1_tc1_data),
- .expected = TEST_DATA (sha1_tc1_digest),
+ .plaintext = TEST_DATA (sha1_tc1_data),
+ .digest = TEST_DATA (sha1_tc1_digest),
};
/* *INDENT-ON* */
@@ -56,10 +56,10 @@ static u8 sha1_tc2_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_sha1_tc2) = {
.name = "RFC2202 HMAC-SHA-1 TC2",
- .op = VNET_CRYPTO_OP_SHA1_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA1,
.key = TEST_DATA (sha1_tc2_key),
- .data = TEST_DATA (sha1_tc2_data),
- .expected = TEST_DATA (sha1_tc2_digest),
+ .plaintext = TEST_DATA (sha1_tc2_data),
+ .digest = TEST_DATA (sha1_tc2_digest),
};
/* *INDENT-ON* */
@@ -88,10 +88,10 @@ static u8 sha1_tc3_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_sha1_tc3) = {
.name = "RFC2202 HMAC-SHA-1 TC3",
- .op = VNET_CRYPTO_OP_SHA1_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA1,
.key = TEST_DATA (sha1_tc3_key),
- .data = TEST_DATA (sha1_tc3_data),
- .expected = TEST_DATA (sha1_tc3_digest),
+ .plaintext = TEST_DATA (sha1_tc3_data),
+ .digest = TEST_DATA (sha1_tc3_digest),
};
/* *INDENT-ON* */
@@ -121,10 +121,10 @@ static u8 sha1_tc4_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_sha1_tc4) = {
.name = "RFC2202 HMAC-SHA-1 TC4",
- .op = VNET_CRYPTO_OP_SHA1_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA1,
.key = TEST_DATA (sha1_tc4_key),
- .data = TEST_DATA (sha1_tc4_data),
- .expected = TEST_DATA (sha1_tc4_digest),
+ .plaintext = TEST_DATA (sha1_tc4_data),
+ .digest = TEST_DATA (sha1_tc4_digest),
};
/* *INDENT-ON* */
@@ -145,10 +145,10 @@ static u8 sha1_tc5_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_sha1_tc5) = {
.name = "RFC2202 HMAC-SHA-1 TC5",
- .op = VNET_CRYPTO_OP_SHA1_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA1,
.key = TEST_DATA (sha1_tc5_key),
- .data = TEST_DATA (sha1_tc5_data),
- .expected = TEST_DATA (sha1_tc5_digest),
+ .plaintext = TEST_DATA (sha1_tc5_data),
+ .digest = TEST_DATA (sha1_tc5_digest),
};
/* *INDENT-ON* */
@@ -160,11 +160,10 @@ static u8 sha1_tc5_digest_96[12] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_sha1_tc5_trunc) = {
.name = "RFC2202 HMAC-SHA-1-96 TC5-trunc",
- .op = VNET_CRYPTO_OP_SHA1_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA1,
.key = TEST_DATA (sha1_tc5_key),
- .data = TEST_DATA (sha1_tc5_data),
- .expected = TEST_DATA (sha1_tc5_digest_96),
- .hmac_trunc_len = 12,
+ .plaintext = TEST_DATA (sha1_tc5_data),
+ .digest = TEST_DATA (sha1_tc5_digest_96),
};
/* *INDENT-ON* */
@@ -193,10 +192,10 @@ static u8 sha1_tc6_digest[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_sha1_tc6) = {
.name = "RFC2202 HMAC-SHA-1 TC6",
- .op = VNET_CRYPTO_OP_SHA1_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA1,
.key = TEST_DATA (sha1_tc6_key),
- .data = TEST_DATA (sha1_tc6_data),
- .expected = TEST_DATA (sha1_tc6_digest),
+ .plaintext = TEST_DATA (sha1_tc6_data),
+ .digest = TEST_DATA (sha1_tc6_digest),
};
/* *INDENT-ON* */
@@ -212,10 +211,10 @@ static u8 sha1_tc7_digest[20] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc_2202_sha1_tc7) = {
.name = "RFC2202 HMAC-SHA-1 TC7",
- .op = VNET_CRYPTO_OP_SHA1_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA1,
.key = TEST_DATA (sha1_tc6_key),
- .data = TEST_DATA (sha1_tc7_data),
- .expected = TEST_DATA (sha1_tc7_digest),
+ .plaintext = TEST_DATA (sha1_tc7_data),
+ .digest = TEST_DATA (sha1_tc7_digest),
};
/* *INDENT-ON* */
diff --git a/src/plugins/unittest/crypto/rfc4231.c b/src/plugins/unittest/crypto/rfc4231.c
index 4943e7d647d..b247d62f2a9 100644
--- a/src/plugins/unittest/crypto/rfc4231.c
+++ b/src/plugins/unittest/crypto/rfc4231.c
@@ -64,34 +64,34 @@ static u8 tc1_digest_sha512[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc1_sha224) = {
.name = "RFC4231 TC1",
- .op = VNET_CRYPTO_OP_SHA224_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA224,
.key = TEST_DATA (tc1_key),
- .data = TEST_DATA (tc1_data),
- .expected = TEST_DATA (tc1_digest_sha224),
+ .plaintext = TEST_DATA (tc1_data),
+ .digest = TEST_DATA (tc1_digest_sha224),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc1_sha256) = {
.name = "RFC4231 TC1",
- .op = VNET_CRYPTO_OP_SHA256_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA256,
.key = TEST_DATA (tc1_key),
- .data = TEST_DATA (tc1_data),
- .expected = TEST_DATA (tc1_digest_sha256),
+ .plaintext = TEST_DATA (tc1_data),
+ .digest = TEST_DATA (tc1_digest_sha256),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc1_sha384) = {
.name = "RFC4231 TC1",
- .op = VNET_CRYPTO_OP_SHA384_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA384,
.key = TEST_DATA (tc1_key),
- .data = TEST_DATA (tc1_data),
- .expected = TEST_DATA (tc1_digest_sha384),
+ .plaintext = TEST_DATA (tc1_data),
+ .digest = TEST_DATA (tc1_digest_sha384),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc1_sha512) = {
.name = "RFC4231 TC1",
- .op = VNET_CRYPTO_OP_SHA512_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA512,
.key = TEST_DATA (tc1_key),
- .data = TEST_DATA (tc1_data),
- .expected = TEST_DATA (tc1_digest_sha512),
+ .plaintext = TEST_DATA (tc1_data),
+ .digest = TEST_DATA (tc1_digest_sha512),
};
/* *INDENT-ON* */
@@ -136,34 +136,34 @@ static u8 tc2_digest_sha512[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc2_sha224) = {
.name = "RFC4231 TC2",
- .op = VNET_CRYPTO_OP_SHA224_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA224,
.key = TEST_DATA (tc2_key),
- .data = TEST_DATA (tc2_data),
- .expected = TEST_DATA (tc2_digest_sha224),
+ .plaintext = TEST_DATA (tc2_data),
+ .digest = TEST_DATA (tc2_digest_sha224),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc2_sha256) = {
.name = "RFC4231 TC2",
- .op = VNET_CRYPTO_OP_SHA256_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA256,
.key = TEST_DATA (tc2_key),
- .data = TEST_DATA (tc2_data),
- .expected = TEST_DATA (tc2_digest_sha256),
+ .plaintext = TEST_DATA (tc2_data),
+ .digest = TEST_DATA (tc2_digest_sha256),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc2_sha384) = {
.name = "RFC4231 TC2",
- .op = VNET_CRYPTO_OP_SHA384_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA384,
.key = TEST_DATA (tc2_key),
- .data = TEST_DATA (tc2_data),
- .expected = TEST_DATA (tc2_digest_sha384),
+ .plaintext = TEST_DATA (tc2_data),
+ .digest = TEST_DATA (tc2_digest_sha384),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc2_sha512) = {
.name = "RFC4231 TC2",
- .op = VNET_CRYPTO_OP_SHA512_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA512,
.key = TEST_DATA (tc2_key),
- .data = TEST_DATA (tc2_data),
- .expected = TEST_DATA (tc2_digest_sha512),
+ .plaintext = TEST_DATA (tc2_data),
+ .digest = TEST_DATA (tc2_digest_sha512),
};
/* *INDENT-ON* */
@@ -220,34 +220,34 @@ static u8 tc3_digest_sha512[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc3_sha224) = {
.name = "RFC4231 TC3",
- .op = VNET_CRYPTO_OP_SHA224_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA224,
.key = TEST_DATA (tc3_key),
- .data = TEST_DATA (tc3_data),
- .expected = TEST_DATA (tc3_digest_sha224),
+ .plaintext = TEST_DATA (tc3_data),
+ .digest = TEST_DATA (tc3_digest_sha224),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc3_sha256) = {
.name = "RFC4231 TC3",
- .op = VNET_CRYPTO_OP_SHA256_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA256,
.key = TEST_DATA (tc3_key),
- .data = TEST_DATA (tc3_data),
- .expected = TEST_DATA (tc3_digest_sha256),
+ .plaintext = TEST_DATA (tc3_data),
+ .digest = TEST_DATA (tc3_digest_sha256),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc3_sha384) = {
.name = "RFC4231 TC3",
- .op = VNET_CRYPTO_OP_SHA384_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA384,
.key = TEST_DATA (tc3_key),
- .data = TEST_DATA (tc3_data),
- .expected = TEST_DATA (tc3_digest_sha384),
+ .plaintext = TEST_DATA (tc3_data),
+ .digest = TEST_DATA (tc3_digest_sha384),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc3_sha512) = {
.name = "RFC4231 TC3",
- .op = VNET_CRYPTO_OP_SHA512_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA512,
.key = TEST_DATA (tc3_key),
- .data = TEST_DATA (tc3_data),
- .expected = TEST_DATA (tc3_digest_sha512),
+ .plaintext = TEST_DATA (tc3_data),
+ .digest = TEST_DATA (tc3_digest_sha512),
};
/* *INDENT-ON* */
@@ -305,34 +305,34 @@ static u8 tc4_digest_sha512[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc4_sha224) = {
.name = "RFC4231 TC4",
- .op = VNET_CRYPTO_OP_SHA224_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA224,
.key = TEST_DATA (tc4_key),
- .data = TEST_DATA (tc4_data),
- .expected = TEST_DATA (tc4_digest_sha224),
+ .plaintext = TEST_DATA (tc4_data),
+ .digest = TEST_DATA (tc4_digest_sha224),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc4_sha256) = {
.name = "RFC4231 TC4",
- .op = VNET_CRYPTO_OP_SHA256_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA256,
.key = TEST_DATA (tc4_key),
- .data = TEST_DATA (tc4_data),
- .expected = TEST_DATA (tc4_digest_sha256),
+ .plaintext = TEST_DATA (tc4_data),
+ .digest = TEST_DATA (tc4_digest_sha256),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc4_sha384) = {
.name = "RFC4231 TC4",
- .op = VNET_CRYPTO_OP_SHA384_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA384,
.key = TEST_DATA (tc4_key),
- .data = TEST_DATA (tc4_data),
- .expected = TEST_DATA (tc4_digest_sha384),
+ .plaintext = TEST_DATA (tc4_data),
+ .digest = TEST_DATA (tc4_digest_sha384),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc4_sha512) = {
.name = "RFC4231 TC4",
- .op = VNET_CRYPTO_OP_SHA512_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA512,
.key = TEST_DATA (tc4_key),
- .data = TEST_DATA (tc4_data),
- .expected = TEST_DATA (tc4_digest_sha512),
+ .plaintext = TEST_DATA (tc4_data),
+ .digest = TEST_DATA (tc4_digest_sha512),
};
/* *INDENT-ON* */
@@ -371,38 +371,34 @@ static u8 tc5_digest_sha512[16] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc5_sha224) = {
.name = "RFC4231 TC5",
- .op = VNET_CRYPTO_OP_SHA224_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA224,
.key = TEST_DATA (tc5_key),
- .data = TEST_DATA (tc5_data),
- .expected = TEST_DATA (tc5_digest_sha224),
- .hmac_trunc_len = 16,
+ .plaintext = TEST_DATA (tc5_data),
+ .digest = TEST_DATA (tc5_digest_sha224),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc5_sha256) = {
.name = "RFC4231 TC5",
- .op = VNET_CRYPTO_OP_SHA256_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA256,
.key = TEST_DATA (tc5_key),
- .data = TEST_DATA (tc5_data),
- .expected = TEST_DATA (tc5_digest_sha256),
- .hmac_trunc_len = 16,
+ .plaintext = TEST_DATA (tc5_data),
+ .digest = TEST_DATA (tc5_digest_sha256),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc5_sha384) = {
.name = "RFC4231 TC5",
- .op = VNET_CRYPTO_OP_SHA384_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA384,
.key = TEST_DATA (tc5_key),
- .data = TEST_DATA (tc5_data),
- .expected = TEST_DATA (tc5_digest_sha384),
- .hmac_trunc_len = 16,
+ .plaintext = TEST_DATA (tc5_data),
+ .digest = TEST_DATA (tc5_digest_sha384),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc5_sha512) = {
.name = "RFC4231 TC5",
- .op = VNET_CRYPTO_OP_SHA512_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA512,
.key = TEST_DATA (tc5_key),
- .data = TEST_DATA (tc5_data),
- .expected = TEST_DATA (tc5_digest_sha512),
- .hmac_trunc_len = 16,
+ .plaintext = TEST_DATA (tc5_data),
+ .digest = TEST_DATA (tc5_digest_sha512),
};
/* *INDENT-ON* */
@@ -466,34 +462,34 @@ static u8 tc6_digest_sha512[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc6_sha224) = {
.name = "RFC4231 TC6",
- .op = VNET_CRYPTO_OP_SHA224_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA224,
.key = TEST_DATA (tc6_key),
- .data = TEST_DATA (tc6_data),
- .expected = TEST_DATA (tc6_digest_sha224),
+ .plaintext = TEST_DATA (tc6_data),
+ .digest = TEST_DATA (tc6_digest_sha224),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc6_sha256) = {
.name = "RFC4231 TC6",
- .op = VNET_CRYPTO_OP_SHA256_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA256,
.key = TEST_DATA (tc6_key),
- .data = TEST_DATA (tc6_data),
- .expected = TEST_DATA (tc6_digest_sha256),
+ .plaintext = TEST_DATA (tc6_data),
+ .digest = TEST_DATA (tc6_digest_sha256),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc6_sha384) = {
.name = "RFC4231 TC6",
- .op = VNET_CRYPTO_OP_SHA384_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA384,
.key = TEST_DATA (tc6_key),
- .data = TEST_DATA (tc6_data),
- .expected = TEST_DATA (tc6_digest_sha384),
+ .plaintext = TEST_DATA (tc6_data),
+ .digest = TEST_DATA (tc6_digest_sha384),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc6_sha512) = {
.name = "RFC4231 TC6",
- .op = VNET_CRYPTO_OP_SHA512_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA512,
.key = TEST_DATA (tc6_key),
- .data = TEST_DATA (tc6_data),
- .expected = TEST_DATA (tc6_digest_sha512),
+ .plaintext = TEST_DATA (tc6_data),
+ .digest = TEST_DATA (tc6_digest_sha512),
};
/* *INDENT-ON* */
@@ -559,34 +555,34 @@ static u8 tc7_digest_sha512[] = {
/* *INDENT-OFF* */
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc7_sha224) = {
.name = "RFC4231 TC7",
- .op = VNET_CRYPTO_OP_SHA224_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA224,
.key = TEST_DATA (tc7_key),
- .data = TEST_DATA (tc7_data),
- .expected = TEST_DATA (tc7_digest_sha224),
+ .plaintext = TEST_DATA (tc7_data),
+ .digest = TEST_DATA (tc7_digest_sha224),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc7_sha256) = {
.name = "RFC4231 TC7",
- .op = VNET_CRYPTO_OP_SHA256_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA256,
.key = TEST_DATA (tc7_key),
- .data = TEST_DATA (tc7_data),
- .expected = TEST_DATA (tc7_digest_sha256),
+ .plaintext = TEST_DATA (tc7_data),
+ .digest = TEST_DATA (tc7_digest_sha256),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc7_sha384) = {
.name = "RFC4231 TC7",
- .op = VNET_CRYPTO_OP_SHA384_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA384,
.key = TEST_DATA (tc7_key),
- .data = TEST_DATA (tc7_data),
- .expected = TEST_DATA (tc7_digest_sha384),
+ .plaintext = TEST_DATA (tc7_data),
+ .digest = TEST_DATA (tc7_digest_sha384),
};
UNITTEST_REGISTER_CRYPTO_TEST (rfc4231_tc7_sha512) = {
.name = "RFC4231 TC7",
- .op = VNET_CRYPTO_OP_SHA512_HMAC,
+ .alg = VNET_CRYPTO_ALG_HMAC_SHA512,
.key = TEST_DATA (tc7_key),
- .data = TEST_DATA (tc7_data),
- .expected = TEST_DATA (tc7_digest_sha512),
+ .plaintext = TEST_DATA (tc7_data),
+ .digest = TEST_DATA (tc7_digest_sha512),
};
/* *INDENT-ON* */
diff --git a/src/plugins/unittest/crypto_test.c b/src/plugins/unittest/crypto_test.c
index 768221b56ad..eb73e91e186 100644
--- a/src/plugins/unittest/crypto_test.c
+++ b/src/plugins/unittest/crypto_test.c
@@ -27,25 +27,56 @@ sort_registrations (void *a0, void *a1)
unittest_crypto_test_registration_t **r0 = a0;
unittest_crypto_test_registration_t **r1 = a1;
- return (r0[0]->op > r1[0]->op);
+ return (strncmp (r0[0]->name, r1[0]->name, 256));
}
static clib_error_t *
test_crypto (vlib_main_t * vm, crypto_test_main_t * tm)
{
+ vnet_crypto_main_t *cm = &crypto_main;
unittest_crypto_test_registration_t *r = tm->test_registrations;
unittest_crypto_test_registration_t **rv = 0;
+ vnet_crypto_alg_data_t *ad;
vnet_crypto_op_t *ops = 0, *op;
- u8 *computed_data = 0, *s = 0;
- u32 computed_data_total_len = 0, n_tests = 0;
+ u8 *computed_data = 0, *s = 0, *err = 0;
+ u32 computed_data_total_len = 0, n_ops = 0;
u32 i;
/* construct registration vector */
while (r)
{
vec_add1 (rv, r);
- computed_data_total_len += r->data.length;
- n_tests += 1;
+ ad = vec_elt_at_index (cm->algs, r->alg);
+
+ for (i = 0; i < VNET_CRYPTO_OP_N_TYPES; i++)
+ {
+ vnet_crypto_op_id_t id = ad->op_by_type[i];
+
+ if (id == 0)
+ continue;
+
+ switch (i)
+ {
+ case VNET_CRYPTO_OP_TYPE_ENCRYPT:
+ case VNET_CRYPTO_OP_TYPE_DECRYPT:
+ case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
+ computed_data_total_len += r->ciphertext.length;
+ n_ops += 1;
+ break;
+ case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
+ computed_data_total_len += r->ciphertext.length;
+ computed_data_total_len += r->tag.length;
+ n_ops += 1;
+ break;
+ case VNET_CRYPTO_OP_TYPE_HMAC:
+ computed_data_total_len += r->digest.length;
+ n_ops += 1;
+ break;
+ default:
+ break;
+ };
+ }
+
/* next */
r = r->next;
}
@@ -54,23 +85,79 @@ test_crypto (vlib_main_t * vm, crypto_test_main_t * tm)
vec_validate_aligned (computed_data, computed_data_total_len - 1,
CLIB_CACHE_LINE_BYTES);
- vec_validate_aligned (ops, n_tests - 1, CLIB_CACHE_LINE_BYTES);
+ vec_validate_aligned (ops, n_ops - 1, CLIB_CACHE_LINE_BYTES);
computed_data_total_len = 0;
+ op = ops;
/* *INDENT-OFF* */
vec_foreach_index (i, rv)
{
r = rv[i];
- op = ops + i;
- vnet_crypto_op_init (op, r->op);
- op->iv = r->iv.data;
- op->key = r->key.data;
- op->src = r->data.data;
- op->dst = computed_data + computed_data_total_len;
- op->len = r->data.length;
- op->key_len = r->key.length;
- op->hmac_trunc_len = r->hmac_trunc_len;
- computed_data_total_len += r->expected.length;
+ int t;
+ ad = vec_elt_at_index (cm->algs, r->alg);
+ for (t = 0; t < VNET_CRYPTO_OP_N_TYPES; t++)
+ {
+ vnet_crypto_op_id_t id = ad->op_by_type[t];
+
+ if (id == 0)
+ continue;
+
+ vnet_crypto_op_init (op, id);
+
+ switch (t)
+ {
+ case VNET_CRYPTO_OP_TYPE_ENCRYPT:
+ case VNET_CRYPTO_OP_TYPE_DECRYPT:
+ op->iv = r->iv.data;
+ op->iv_len = r->iv.length;
+ op->key = r->key.data;
+ op->key_len = r->key.length;
+ op->len = r->plaintext.length;
+ op->src = t == VNET_CRYPTO_OP_TYPE_ENCRYPT ?
+ r->plaintext.data : r->ciphertext.data;
+ op->dst = computed_data + computed_data_total_len;
+ computed_data_total_len += r->ciphertext.length;
+ break;
+ case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
+ case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
+ op->iv = r->iv.data;
+ op->iv_len = r->iv.length;
+ op->key = r->key.data;
+ op->key_len = r->key.length;
+ op->aad = r->aad.data;
+ op->aad_len = r->aad.length;
+ op->len = r->plaintext.length;
+ op->dst = computed_data + computed_data_total_len;
+ computed_data_total_len += r->ciphertext.length;
+ if (t == VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT)
+ {
+ op->src = r->plaintext.data;
+ op->tag = computed_data + computed_data_total_len;
+ computed_data_total_len += r->tag.length;
+ }
+ else
+ {
+ op->src = r->ciphertext.data;
+ op->tag = r->tag.data;
+ }
+ op->tag_len = r->tag.length;
+ break;
+ case VNET_CRYPTO_OP_TYPE_HMAC:
+ op->key = r->key.data;
+ op->key_len = r->key.length;
+ op->src = r->plaintext.data;
+ op->len = r->plaintext.length;
+ op->digest_len = r->digest.length;
+ op->digest = computed_data + computed_data_total_len;
+ computed_data_total_len += r->digest.length;
+ break;
+ default:
+ break;
+ };
+
+ op->user_data = i;
+ op++;
+ }
/* next */
r = r->next;
}
@@ -79,31 +166,92 @@ test_crypto (vlib_main_t * vm, crypto_test_main_t * tm)
vnet_crypto_process_ops (vm, ops, vec_len (ops));
/* *INDENT-OFF* */
- vec_foreach_index (i, rv)
+ vec_foreach (op, ops)
{
int fail = 0;
- r = rv[i];
- op = ops + i;
+ r = rv[op->user_data];
+ unittest_crypto_test_data_t *exp_pt = 0, *exp_ct = 0;
+ unittest_crypto_test_data_t *exp_digest = 0, *exp_tag = 0;
- if (memcmp (op->dst, r->expected.data, r->expected.length) != 0)
- fail = 1;
+ switch (vnet_crypto_get_op_type (op->op))
+ {
+ case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT:
+ exp_tag = &r->tag;
+ case VNET_CRYPTO_OP_TYPE_ENCRYPT:
+ exp_ct = &r->ciphertext;
+ break;
+ case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT:
+ case VNET_CRYPTO_OP_TYPE_DECRYPT:
+ exp_pt = &r->plaintext;
+ break;
+ case VNET_CRYPTO_OP_TYPE_HMAC:
+ exp_digest = &r->digest;
+ break;
+ default:
+ break;
+ }
+
+ vec_reset_length (err);
+
+ if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED)
+ err = format (err, "%sengine error: %U", vec_len (err) ? ", " : "",
+ format_vnet_crypto_op_status, op->status);
+
+ if (exp_ct && memcmp (op->dst, exp_ct->data, exp_ct->length) != 0)
+ err = format (err, "%sciphertext mismatch",
+ vec_len (err) ? ", " : "");
+
+ if (exp_pt && memcmp (op->dst, exp_pt->data, exp_pt->length) != 0)
+ err = format (err, "%splaintext mismatch", vec_len (err) ? ", " : "");
+
+ if (exp_tag && memcmp (op->tag, exp_tag->data, exp_tag->length) != 0)
+ err = format (err, "%stag mismatch", vec_len (err) ? ", " : "");
+
+ if (exp_digest &&
+ memcmp (op->digest, exp_digest->data, exp_digest->length) != 0)
+ err = format (err, "%sdigest mismatch", vec_len (err) ? ", " : "");
vec_reset_length (s);
- s = format (s, "%s (%U)", r->name,
- format_vnet_crypto_op, r->op);
+ s = format (s, "%s (%U)", r->name, format_vnet_crypto_op, op->op);
- vlib_cli_output (vm, "%-60v%s", s, fail ? "FAIL" : "OK");
- if (fail & tm->verbose)
+ if (vec_len (err))
+ fail = 1;
+
+ vlib_cli_output (vm, "%-60v%s%v", s, vec_len (err) ? "FAIL: " : "OK",
+ err);
+ if (tm->verbose)
{
- vlib_cli_output (vm, "Expected:\n%U\nCalculated:\n%U",
- format_hexdump, r->expected.data, r->expected.length,
- format_hexdump, op->dst, r->expected.length);
+ if (tm->verbose == 2)
+ fail = 1;
+
+ if (exp_ct && fail)
+ vlib_cli_output (vm, "Expected ciphertext:\n%U"
+ "\nCalculated ciphertext:\n%U",
+ format_hexdump, exp_ct->data, exp_ct->length,
+ format_hexdump, op->dst, exp_ct->length);
+ if (exp_pt && fail)
+ vlib_cli_output (vm, "Expected plaintext:\n%U"
+ "\nCalculated plaintext:\n%U",
+ format_hexdump, exp_pt->data, exp_pt->length,
+ format_hexdump, op->dst, exp_pt->length);
+ if (r->tag.length && fail)
+ vlib_cli_output (vm, "Expected tag:\n%U"
+ "\nCalculated tag:\n%U",
+ format_hexdump, r->tag.data, r->tag.length,
+ format_hexdump, op->tag, op->tag_len);
+ if (exp_digest && fail)
+ vlib_cli_output (vm, "Expected digest:\n%U"
+ "\nCalculated Digest:\n%U",
+ format_hexdump, exp_digest->data,
+ exp_digest->length, format_hexdump, op->digest,
+ op->digest_len);
}
}
/* *INDENT-ON* */
vec_free (computed_data);
vec_free (ops);
+ vec_free (err);
vec_free (rv);
vec_free (s);
return 0;
@@ -117,8 +265,10 @@ test_crypto_command_fn (vlib_main_t * vm,
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (input, "verbose %d", &tm->verbose))
- ;
+ if (unformat (input, "verbose"))
+ tm->verbose = 1;
+ else if (unformat (input, "detail"))
+ tm->verbose = 2;
else
return clib_error_return (0, "unknown input '%U'",
format_unformat_error, input);