tests/crypto - Sync with NetBSD-8 to match OpenSSL 1.0.2k update

tests/crypto/Makefile

@@ -3,6 +3,7 @@
 .include <bsd.own.mk>
 
 TESTS_SUBDIRS=		libcrypto
+
 .if !defined(__MINIX)
 TESTS_SUBDIRS+=		opencrypto
 .endif # !defined(__MINIX)

tests/crypto/libcrypto/Makefile

@@ -1,18 +1,13 @@
-# $NetBSD: Makefile,v 1.9 2012/07/14 04:06:17 christos Exp $
+# $NetBSD: Makefile,v 1.11 2017/05/21 15:28:42 riastradh Exp $
 
 .include <bsd.own.mk>
 
-.if ${MKCRYPTO} != "no"
-
 #__MINIX: Unsupported: threads
 SUBDIR+=bf bn cast conf des dh dsa ec ecdh ecdsa engine evp hmac lhash \
 	md2 md4 md5 rand rc2 rc4 ripemd rsa sha sha1 srp x509v3
 
 SUBDIR+=idea mdc2
-
-.if ${MKCRYPTO_RC5} != "no"
 SUBDIR+=rc5
-.endif
 
 TESTSDIR=	${TESTSBASE}/crypto/libcrypto
 
@@ -23,11 +18,3 @@ TESTS_SH+=	t_libcrypto
 TESTS_SH+=	t_pubkey
 
 .include <bsd.test.mk>
-
-.else
-
-NOPROG=
-
-.include <bsd.prog.mk>
-
-.endif

tests/crypto/libcrypto/rc4/Makefile

@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1 2009/02/13 20:58:15 jmmv Exp $
+# $NetBSD: Makefile,v 1.2 2016/10/14 16:09:45 spz Exp $
 
 HELPER_NAME=	rc4test
 HELPER_DIR=	rc4
+CPPFLAGS=	-DOPENSSL_PIC
 
 .include <bsd.init.mk>

tests/crypto/libcrypto/rc5/Makefile

@@ -1,14 +1,9 @@
-# $NetBSD: Makefile,v 1.3 2011/07/05 10:03:10 spz Exp $
+# $NetBSD: Makefile,v 1.4 2017/05/21 14:20:45 riastradh Exp $
 
 HELPER_NAME=	rc5test
 HELPER_DIR=	rc5
 
 .include <bsd.init.mk>
 
-.if ${MKCRYPTO_RC5} != "no"
-LDADD= -lcrypto_rc5 -lcrypto
-.else
-CPPFLAGS+= -DOPENSSL_NO_RC5
-.endif
-
+LDADD= -lcrypto
 LDADD+=		-Wl,--no-fatal-warnings

tests/crypto/libcrypto/t_ciphers.sh

@@ -1,4 +1,4 @@
-# $NetBSD: t_ciphers.sh,v 1.4 2012/07/14 16:04:06 spz Exp $
+# $NetBSD: t_ciphers.sh,v 1.5 2017/05/21 14:20:45 riastradh Exp $
 #
 # Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -103,9 +103,6 @@ rc5_head()
 }
 rc5_body()
 {
-	[ -x "$(atf_get_srcdir)/h_rc5test" ] \
-	    || atf_skip "RC5 support not available; system built" \
-	                "with MKCRYPTO_RC5=no"
 	atf_check -o ignore -e ignore "$(atf_get_srcdir)/h_rc5test"
 }
 

tests/crypto/libcrypto/t_libcrypto.sh

@@ -1,4 +1,4 @@
-# $NetBSD: t_libcrypto.sh,v 1.3 2010/11/08 19:06:12 pooka Exp $
+# $NetBSD: t_libcrypto.sh,v 1.4 2016/10/13 09:25:37 martin Exp $
 #
 # Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -49,7 +49,7 @@ atf_test_case bn
 bn_head()
 {
 	atf_set "descr" "Checks BIGNUM library"
-	atf_set "timeout" "300"
+	atf_set "timeout" "360"
 }
 bn_body()
 {

tests/crypto/libcrypto/t_pubkey.sh

@@ -1,4 +1,4 @@
-# $NetBSD: t_pubkey.sh,v 1.3 2011/06/09 05:25:21 spz Exp $
+# $NetBSD: t_pubkey.sh,v 1.4 2016/10/13 09:25:37 martin Exp $
 #
 # Copyright (c) 2008, 2009, 2010 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -49,7 +49,7 @@ atf_test_case rsa
 rsa_head()
 {
 	atf_set "descr" "Checks RSA"
-	atf_set "timeout" "300"
+	atf_set "timeout" "420"
 }
 rsa_body()
 {
@@ -60,7 +60,7 @@ atf_test_case ec
 ec_head()
 {
 	atf_set "descr" "Checks EC cipher"
-	atf_set "timeout" "300"
+	atf_set "timeout" "480"
 }
 ec_body()
 {
@@ -81,7 +81,7 @@ atf_test_case ecdsa
 ecdsa_head()
 {
 	atf_set "descr" "Checks ECDSA algorithm"
-	atf_set "timeout" "300"
+	atf_set "timeout" "480"
 }
 ecdsa_body()
 {

tests/crypto/opencrypto/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.2 2014/01/17 22:33:02 pgoyette Exp $
+# $NetBSD: Makefile,v 1.3 2017/04/17 03:59:37 knakahara Exp $
 
 .include <bsd.own.mk>
 
@@ -9,11 +9,13 @@ TESTS_SH+=	t_opencrypto
 BINDIR=		${TESTSDIR}
 MKMAN=		no
 
+PROGS+=		h_aescbc
 PROGS+=		h_aesctr1
 PROGS+=		h_aesctr2
 PROGS+=		h_arc4
 PROGS+=		h_camellia
 PROGS+=		h_cbcdes
+PROGS+=		h_cbc3des
 PROGS+=		h_comp
 PROGS+=		h_comp_zlib
 PROGS+=		h_comp_zlib_rnd

tests/crypto/opencrypto/h_aescbc.c

@@ -0,0 +1,163 @@
+/* $NetBSD: h_aescbc.c,v 1.1 2017/04/17 03:59:37 knakahara Exp $ */
+
+/*-
+ * Copyright (c) 2017 Internet Initiative Japan Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <err.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <sys/ioctl.h>
+#include <sys/time.h>
+
+#include <crypto/cryptodev.h>
+
+/*
+ * Test vectors from RFC 3602
+ */
+
+const struct {
+	size_t len;
+	size_t key_len;
+	unsigned char key[16];
+	unsigned char iv[16];
+	unsigned char plaintx[64];
+	unsigned char ciphertx[64];
+} tests[] = {
+	/* Case #1: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key */
+	{ 16, 16,
+	  { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
+	    0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06, },
+	  { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
+	    0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41, },
+	  "Single block msg",
+	  { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
+	    0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a, },
+	},
+
+	/* Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key */
+	{ 32, 16,
+	  { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
+	    0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a, },
+	  { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
+	    0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58, },
+	  { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+	    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+	    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, },
+	  { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
+	    0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
+	    0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
+	    0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1, },
+	},
+
+	/* Case #3: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key */
+	{ 48, 16,
+	  { 0x6c, 0x3e, 0xa0, 0x47, 0x76, 0x30, 0xce, 0x21,
+	    0xa2, 0xce, 0x33, 0x4a, 0xa7, 0x46, 0xc2, 0xcd, },
+	  { 0xc7, 0x82, 0xdc, 0x4c, 0x09, 0x8c, 0x66, 0xcb,
+	    0xd9, 0xcd, 0x27, 0xd8, 0x25, 0x68, 0x2c, 0x81, },
+	  "This is a 48-byte message (exactly 3 AES blocks)",
+	  { 0xd0, 0xa0, 0x2b, 0x38, 0x36, 0x45, 0x17, 0x53,
+	    0xd4, 0x93, 0x66, 0x5d, 0x33, 0xf0, 0xe8, 0x86,
+	    0x2d, 0xea, 0x54, 0xcd, 0xb2, 0x93, 0xab, 0xc7,
+	    0x50, 0x69, 0x39, 0x27, 0x67, 0x72, 0xf8, 0xd5,
+	    0x02, 0x1c, 0x19, 0x21, 0x6b, 0xad, 0x52, 0x5c,
+	    0x85, 0x79, 0x69, 0x5d, 0x83, 0xba, 0x26, 0x84, },
+	},
+
+	/* Case #4: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key */
+	{ 64, 16,
+	  { 0x56, 0xe4, 0x7a, 0x38, 0xc5, 0x59, 0x89, 0x74,
+	    0xbc, 0x46, 0x90, 0x3d, 0xba, 0x29, 0x03, 0x49, },
+	  { 0x8c, 0xe8, 0x2e, 0xef, 0xbe, 0xa0, 0xda, 0x3c,
+	    0x44, 0x69, 0x9e, 0xd7, 0xdb, 0x51, 0xb7, 0xd9, },
+	  { 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+	    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+	    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+	    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+	    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+	    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+	    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+	    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, },
+	  { 0xc3, 0x0e, 0x32, 0xff, 0xed, 0xc0, 0x77, 0x4e,
+	    0x6a, 0xff, 0x6a, 0xf0, 0x86, 0x9f, 0x71, 0xaa,
+	    0x0f, 0x3a, 0xf0, 0x7a, 0x9a, 0x31, 0xa9, 0xc6,
+	    0x84, 0xdb, 0x20, 0x7e, 0xb0, 0xef, 0x8e, 0x4e,
+	    0x35, 0x90, 0x7a, 0xa6, 0x32, 0xc3, 0xff, 0xdf,
+	    0x86, 0x8b, 0xb7, 0xb2, 0x9d, 0x3d, 0x46, 0xad,
+	    0x83, 0xce, 0x9f, 0x9a, 0x10, 0x2e, 0xe9, 0x9d,
+	    0x49, 0xa5, 0x3e, 0x87, 0xf4, 0xc3, 0xda, 0x55,
+	  },
+	},
+};
+
+int
+main(void)
+{
+	int fd, res;
+	size_t i;
+	struct session_op cs;
+	struct crypt_op co;
+	unsigned char buf[64];
+
+	for (i = 0; i < __arraycount(tests); i++) {
+		fd = open("/dev/crypto", O_RDWR, 0);
+		if (fd < 0)
+			err(1, "open %zu", i);
+		memset(&cs, 0, sizeof(cs));
+		cs.cipher = CRYPTO_AES_CBC;
+		cs.keylen = tests[i].key_len;
+		cs.key = __UNCONST(&tests[i].key);
+		res = ioctl(fd, CIOCGSESSION, &cs);
+		if (res < 0)
+			err(1, "CIOCGSESSION %zu", i);
+
+		memset(&co, 0, sizeof(co));
+		co.ses = cs.ses;
+		co.op = COP_ENCRYPT;
+		co.len = tests[i].len;
+		co.src = __UNCONST(&tests[i].plaintx);
+		co.dst = buf;
+		co.dst_len = sizeof(buf);
+		co.iv = __UNCONST(&tests[i].iv);
+		res = ioctl(fd, CIOCCRYPT, &co);
+		if (res < 0)
+			err(1, "CIOCCRYPT %zu", i);
+
+		if (memcmp(co.dst, tests[i].ciphertx, tests[i].len)) {
+			size_t j;
+			for (j = 0; j < tests[i].len; j++)
+				printf("0x%2zu:  0x%2x    0x%2x\n", j,
+					buf[j], tests[i].ciphertx[j]);
+			errx(1, "verification failed %zu", i);
+		}
+		close(fd);
+	}
+	return 0;
+}

tests/crypto/opencrypto/h_cbc3des.c

@@ -0,0 +1,103 @@
+/* $NetBSD: h_cbc3des.c,v 1.1 2017/04/17 03:59:37 knakahara Exp $ */
+
+/*-
+ * Copyright (c) 2017 Internet Initiative Japan Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <err.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <sys/ioctl.h>
+#include <sys/time.h>
+
+#include <crypto/cryptodev.h>
+
+unsigned char key[] =
+	"abcdefgh" \
+	"ijklmnop" \
+	"qrstuvwx";
+unsigned char iv[8] = {0};
+char plaintx[16] = "1234567890123456";
+
+const unsigned char ciphertx[16] = {
+	0xe0, 0xb9, 0xe7, 0x20, 0x6c, 0xc7, 0xb0, 0x24,
+	0xfa, 0xfc, 0x46, 0x1b, 0xad, 0xc1, 0xef, 0x4e,
+};
+
+int
+main(void)
+{
+	int fd, res;
+	struct session_op cs;
+	struct crypt_op co, co2;
+	unsigned char buf[16], buf2[16];
+
+	fd = open("/dev/crypto", O_RDWR, 0);
+	if (fd < 0)
+		err(1, "open");
+	memset(&cs, 0, sizeof(cs));
+	cs.cipher = CRYPTO_3DES_CBC;
+	cs.keylen = 24;
+	cs.key = key;
+	res = ioctl(fd, CIOCGSESSION, &cs);
+	if (res < 0)
+		err(1, "CIOCGSESSION");
+
+	memset(&co, 0, sizeof(co));
+	memset(&buf, 0, sizeof(buf));
+	co.ses = cs.ses;
+	co.op = COP_ENCRYPT;
+	co.len = sizeof(plaintx);
+	co.src = plaintx;
+	co.dst = buf;
+	co.dst_len = sizeof(buf);
+	co.iv = iv;
+	res = ioctl(fd, CIOCCRYPT, &co);
+	if (res < 0)
+		err(1, "CIOCCRYPT encrypto");
+
+	if (memcmp(co.dst, ciphertx, sizeof(ciphertx)))
+		errx(1, "encrypto verification failed");
+
+	memset(&co2, 0, sizeof(co2));
+	memset(&buf2, 0, sizeof(buf2));
+	co2.ses = cs.ses;
+	co2.op = COP_DECRYPT;
+	co2.len = sizeof(buf);
+	co2.src = buf;
+	co2.dst = buf2;
+	co2.dst_len = sizeof(buf2);
+	co2.iv = iv;
+	res = ioctl(fd, CIOCCRYPT, &co2);
+	if (res < 0)
+		err(1, "CIOCCRYPT decrypto");
+
+	if (memcmp(co2.dst, plaintx, sizeof(plaintx)))
+		errx(1, "decrypto verification failed");
+
+	return 0;
+}

tests/crypto/opencrypto/t_opencrypto.sh

@@ -1,4 +1,4 @@
-#	$NetBSD: t_opencrypto.sh,v 1.5 2015/03/16 16:42:27 prlw1 Exp $
+#	$NetBSD: t_opencrypto.sh,v 1.7 2017/04/17 03:59:37 knakahara Exp $
 #
 # Copyright (c) 2014 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -80,7 +80,11 @@ arc4_body() {
 }
 
 arc4_cleanup() {
-	common_cleanup
+	# No cleanup required since test is skipped.  Trying to run rump.halt
+	# at this point fails, causing the ATF environment to erroneously
+	# report a failed test!
+	#
+	# common_cleanup
 }
 
 atf_test_case camellia cleanup
@@ -109,6 +113,19 @@ cbcdes_cleanup() {
 	common_cleanup
 }
 
+atf_test_case cbc3des cleanup
+cbc3des_head() {
+	common_head "Test 3DES_CBC crypto"
+}
+
+cbc3des_body() {
+	common_body h_cbc3des
+}
+
+cbc3des_cleanup() {
+	common_cleanup
+}
+
 atf_test_case comp cleanup
 comp_head() {
 	common_head "Test GZIP_COMP Compression"
@@ -174,6 +191,19 @@ aesctr2_cleanup() {
 	common_cleanup
 }
 
+atf_test_case aescbc cleanup
+aescbc_head() {
+	common_head "Test AES_CBC crypto"
+}
+
+aescbc_body() {
+	common_body h_aescbc
+}
+
+aescbc_cleanup() {
+	common_cleanup
+}
+
 atf_test_case gcm cleanup
 gcm_head() {
 	common_head "Test AES_GCM_16 crypto"
@@ -258,11 +288,13 @@ atf_init_test_cases() {
 	atf_add_test_case arc4
 	atf_add_test_case camellia
 	atf_add_test_case cbcdes
+	atf_add_test_case cbc3des
 	atf_add_test_case comp
 	atf_add_test_case comp_deflate
 	atf_add_test_case comp_zlib_rnd
 	atf_add_test_case aesctr1
 	atf_add_test_case aesctr2
+	atf_add_test_case aescbc
 	atf_add_test_case gcm
 	atf_add_test_case md5
 	atf_add_test_case md5_hmac