From nobody Thu Oct 21 17:06:52 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D7E7A1806A04; Thu, 21 Oct 2021 17:06:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HZv644dSvz4h5q; Thu, 21 Oct 2021 17:06:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 710D21EFB3; Thu, 21 Oct 2021 17:06:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19LH6qrW080098; Thu, 21 Oct 2021 17:06:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19LH6q3K080097; Thu, 21 Oct 2021 17:06:52 GMT (envelope-from git) Date: Thu, 21 Oct 2021 17:06:52 GMT Message-Id: <202110211706.19LH6q3K080097@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 3a7ae9ce6dce - stable/13 - cryptocheck: Add Chacha20-Poly1305 AEAD coverage. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 3a7ae9ce6dcea8cc5beb0dc3284e1b50a60eff1e Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=3a7ae9ce6dcea8cc5beb0dc3284e1b50a60eff1e commit 3a7ae9ce6dcea8cc5beb0dc3284e1b50a60eff1e Author: John Baldwin AuthorDate: 2021-02-18 17:23:36 +0000 Commit: John Baldwin CommitDate: 2021-10-21 15:51:22 +0000 cryptocheck: Add Chacha20-Poly1305 AEAD coverage. - Make openssl_gcm_encrypt generic to AEAD ciphers (aside from CCM) and use it for Chacha20-Poly1305. - Use generic AEAD control constants instead of GCM/CCM specific names. Reviewed by: cem Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D27838 (cherry picked from commit 1bd9fc96d4e4a26bb0060698c07b6f13d19cd819) --- tools/tools/crypto/cryptocheck.c | 46 +++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/tools/tools/crypto/cryptocheck.c b/tools/tools/crypto/cryptocheck.c index efb68f8966ef..fc08396b45f5 100644 --- a/tools/tools/crypto/cryptocheck.c +++ b/tools/tools/crypto/cryptocheck.c @@ -120,6 +120,7 @@ * aes-ccm 128-bit AES-CCM * aes-ccm192 192-bit AES-CCM * aes-ccm256 256-bit AES-CCM + * chacha20-poly1305 Chacha20 (96 bit nonce) with Poly1305 per RFC 8439 */ #include @@ -149,6 +150,7 @@ static const struct alg { int cipher; int mac; enum { T_HASH, T_HMAC, T_GMAC, T_CIPHER, T_ETA, T_AEAD } type; + int tag_len; const EVP_CIPHER *(*evp_cipher)(void); const EVP_MD *(*evp_md)(void); } algs[] = { @@ -177,11 +179,11 @@ static const struct alg { { .name = "blake2s", .mac = CRYPTO_BLAKE2S, .type = T_HASH, .evp_md = EVP_blake2s256 }, { .name = "gmac", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, - .evp_cipher = EVP_aes_128_gcm }, + .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_128_gcm }, { .name = "gmac192", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, - .evp_cipher = EVP_aes_192_gcm }, + .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_192_gcm }, { .name = "gmac256", .mac = CRYPTO_AES_NIST_GMAC, .type = T_GMAC, - .evp_cipher = EVP_aes_256_gcm }, + .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_256_gcm }, { .name = "aes-cbc", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, .evp_cipher = EVP_aes_128_cbc }, { .name = "aes-cbc192", .cipher = CRYPTO_AES_CBC, .type = T_CIPHER, @@ -201,17 +203,22 @@ static const struct alg { { .name = "chacha20", .cipher = CRYPTO_CHACHA20, .type = T_CIPHER, .evp_cipher = EVP_chacha20 }, { .name = "aes-gcm", .cipher = CRYPTO_AES_NIST_GCM_16, .type = T_AEAD, - .evp_cipher = EVP_aes_128_gcm }, + .tag_len = AES_GMAC_HASH_LEN, .evp_cipher = EVP_aes_128_gcm }, { .name = "aes-gcm192", .cipher = CRYPTO_AES_NIST_GCM_16, - .type = T_AEAD, .evp_cipher = EVP_aes_192_gcm }, + .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN, + .evp_cipher = EVP_aes_192_gcm }, { .name = "aes-gcm256", .cipher = CRYPTO_AES_NIST_GCM_16, - .type = T_AEAD, .evp_cipher = EVP_aes_256_gcm }, + .type = T_AEAD, .tag_len = AES_GMAC_HASH_LEN, + .evp_cipher = EVP_aes_256_gcm }, { .name = "aes-ccm", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, - .evp_cipher = EVP_aes_128_ccm }, + .evp_cipher = EVP_aes_128_ccm, .tag_len = AES_CBC_MAC_HASH_LEN }, { .name = "aes-ccm192", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, - .evp_cipher = EVP_aes_192_ccm }, + .evp_cipher = EVP_aes_192_ccm, .tag_len = AES_CBC_MAC_HASH_LEN }, { .name = "aes-ccm256", .cipher = CRYPTO_AES_CCM_16, .type = T_AEAD, - .evp_cipher = EVP_aes_256_ccm }, + .evp_cipher = EVP_aes_256_ccm, .tag_len = AES_CBC_MAC_HASH_LEN }, + { .name = "chacha20-poly1305", .cipher = CRYPTO_CHACHA20_POLY1305, + .type = T_AEAD, .tag_len = POLY1305_HASH_LEN, + .evp_cipher = EVP_chacha20_poly1305 }, }; static bool verbose; @@ -1046,7 +1053,7 @@ openssl_gmac(const struct alg *alg, const EVP_CIPHER *cipher, const char *key, if (EVP_EncryptFinal_ex(ctx, NULL, &outl) != 1) errx(1, "OpenSSL %s (%zu) final failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN, + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, alg->tag_len, tag) != 1) errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); @@ -1133,7 +1140,7 @@ out: } static void -openssl_gcm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, +openssl_aead_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, const char *key, const char *iv, const char *aad, size_t aad_len, const char *input, char *output, size_t size, char *tag) { @@ -1168,7 +1175,7 @@ openssl_gcm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, if ((size_t)total != size) errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name, size, total); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GMAC_HASH_LEN, + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, alg->tag_len, tag) != 1) errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); @@ -1177,7 +1184,7 @@ openssl_gcm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, #ifdef notused static bool -openssl_gcm_decrypt(const struct alg *alg, const EVP_CIPHER *cipher, +openssl_aead_decrypt(const struct alg *alg, const EVP_CIPHER *cipher, const char *key, const char *iv, const char *aad, size_t aad_len, const char *input, char *output, size_t size, char *tag) { @@ -1206,7 +1213,7 @@ openssl_gcm_decrypt(const struct alg *alg, const EVP_CIPHER *cipher, errx(1, "OpenSSL %s (%zu) decrypt update failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); total = outl; - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_GMAC_HASH_LEN, + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, alg->tag_len, tag) != 1) errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); @@ -1235,10 +1242,10 @@ openssl_ccm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_len, NULL) != 1) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, NULL) != 1) errx(1, "OpenSSL %s (%zu) setting iv length failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1) + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1) errx(1, "OpenSSL %s (%zu) setting tag length failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); if (EVP_EncryptInit_ex(ctx, NULL, NULL, (const u_char *)key, @@ -1268,7 +1275,7 @@ openssl_ccm_encrypt(const struct alg *alg, const EVP_CIPHER *cipher, if ((size_t)total != size) errx(1, "OpenSSL %s (%zu) encrypt size mismatch: %d", alg->name, size, total); - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, AES_CBC_MAC_HASH_LEN, + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, AES_CBC_MAC_HASH_LEN, tag) != 1) errx(1, "OpenSSL %s (%zu) get tag failed: %s", alg->name, size, ERR_error_string(ERR_get_error(), NULL)); @@ -1311,7 +1318,8 @@ ocf_aead(const struct ocf_session *ses, const char *iv, size_t iv_len, return (0); } -#define AEAD_MAX_TAG_LEN MAX(AES_GMAC_HASH_LEN, AES_CBC_MAC_HASH_LEN) +#define AEAD_MAX_TAG_LEN \ + MAX(MAX(AES_GMAC_HASH_LEN, AES_CBC_MAC_HASH_LEN), POLY1305_HASH_LEN) static void run_aead_test(const struct alg *alg, size_t aad_len, size_t size) @@ -1368,7 +1376,7 @@ run_aead_test(const struct alg *alg, size_t aad_len, size_t size) openssl_ccm_encrypt(alg, cipher, key, iv, iv_len, aad, aad_len, cleartext, ciphertext, size, control_tag); else - openssl_gcm_encrypt(alg, cipher, key, iv, aad, aad_len, + openssl_aead_encrypt(alg, cipher, key, iv, aad, aad_len, cleartext, ciphertext, size, control_tag); if (!ocf_init_aead_session(alg, key, key_len, &ses))