Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/samples/crypto/fips140_lab_util.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * Copyright 2021 Google LLC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * This program provides commands that dump certain types of output from the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * fips140 kernel module, as required by the FIPS lab for evaluation purposes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  * While the fips140 kernel module can only be accessed directly by other kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  * code, an easy-to-use userspace utility program was desired for lab testing.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10)  * When possible, this program uses AF_ALG to access the crypto algorithms; this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11)  * requires that the kernel has AF_ALG enabled.  Where AF_ALG isn't sufficient,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12)  * a custom device node /dev/fips140 is used instead; this requires that the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13)  * fips140 module is loaded and has evaluation testing support compiled in.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15)  * This program can be compiled and run on an Android device as follows:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17)  *	NDK_DIR=$HOME/android-ndk-r23b  # adjust directory path as needed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18)  *	$NDK_DIR/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android31-clang \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19)  *		fips140_lab_util.c -O2 -Wall -o fips140_lab_util
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20)  *	adb push fips140_lab_util /data/local/tmp/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21)  *	adb root
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22)  *	adb shell /data/local/tmp/fips140_lab_util
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) #include <errno.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) #include <fcntl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) #include <limits.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) #include <linux/if_alg.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) #include <stdarg.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) #include <stdbool.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) #include <stdint.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) #include <stdio.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) #include <stdlib.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) #include <string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) #include <sys/ioctl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) #include <sys/socket.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) #include <sys/stat.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) #include <sys/sysmacros.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) #include <unistd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) #include "../../crypto/fips140-eval-testing-uapi.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) /* ---------------------------------------------------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44)  *			       Utility functions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45)  * ---------------------------------------------------------------------------*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) #define ARRAY_SIZE(A)	(sizeof(A) / sizeof((A)[0]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) static void __attribute__((noreturn))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) do_die(const char *format, va_list va, int err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	fputs("ERROR: ", stderr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 	vfprintf(stderr, format, va);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 	if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 		fprintf(stderr, ": %s", strerror(err));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 	putc('\n', stderr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	exit(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) static void __attribute__((noreturn, format(printf, 1, 2)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) die_errno(const char *format, ...)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	va_list va;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	va_start(va, format);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	do_die(format, va, errno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	va_end(va);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) static void __attribute__((noreturn, format(printf, 1, 2)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) die(const char *format, ...)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 	va_list va;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	va_start(va, format);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	do_die(format, va, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 	va_end(va);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) static void __attribute__((noreturn))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) assertion_failed(const char *expr, const char *file, int line)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	die("Assertion failed: %s at %s:%d", expr, file, line);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) #define ASSERT(e) ({ if (!(e)) assertion_failed(#e, __FILE__, __LINE__); })
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) static void rand_bytes(uint8_t *bytes, size_t count)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	size_t i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	for (i = 0; i < count; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		bytes[i] = rand();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) static const char *booltostr(bool b)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	return b ? "true" : "false";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) static const char *bytes_to_hex(const uint8_t *bytes, size_t count)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	static char hex[1025];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	size_t i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	ASSERT(count <= 512);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 	for (i = 0; i < count; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 		sprintf(&hex[2*i], "%02x", bytes[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	return hex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) static void usage(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) /* ---------------------------------------------------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115)  *			      /dev/fips140 ioctls
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)  * ---------------------------------------------------------------------------*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) static int get_fips140_device_number(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 	FILE *f;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	char line[128];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 	int number;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 	char name[32];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	f = fopen("/proc/devices", "r");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	if (!f)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 		die_errno("Failed to open /proc/devices");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 	while (fgets(line, sizeof(line), f)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 		if (sscanf(line, "%d %31s", &number, name) == 2 &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 		    strcmp(name, "fips140") == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 			return number;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	fclose(f);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 	die("fips140 device node is unavailable.\n"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) "The fips140 device node is only available when the fips140 module is loaded\n"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) "and has been built with evaluation testing support.");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) static void create_fips140_node_if_needed(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 	struct stat stbuf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 	int major;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 	if (stat("/dev/fips140", &stbuf) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 	major = get_fips140_device_number();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	if (mknod("/dev/fips140", S_IFCHR | 0600, makedev(major, 1)) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 		die_errno("Failed to create fips140 device node");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) static int fips140_dev_fd = -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) static int fips140_ioctl(int cmd, const void *arg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 	if (fips140_dev_fd < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 		create_fips140_node_if_needed();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 		fips140_dev_fd = open("/dev/fips140", O_RDONLY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 		if (fips140_dev_fd < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 			die_errno("Failed to open /dev/fips140");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	return ioctl(fips140_dev_fd, cmd, arg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) static bool fips140_is_approved_service(const char *name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	int ret = fips140_ioctl(FIPS140_IOCTL_IS_APPROVED_SERVICE, name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 		die_errno("FIPS140_IOCTL_IS_APPROVED_SERVICE unexpectedly failed");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	if (ret == 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 		return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 	if (ret == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	die("FIPS140_IOCTL_IS_APPROVED_SERVICE returned unexpected value %d",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 	    ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) static const char *fips140_module_version(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	static char buf[256];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	memset(buf, 0, sizeof(buf));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	ret = fips140_ioctl(FIPS140_IOCTL_MODULE_VERSION, buf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 		die_errno("FIPS140_IOCTL_MODULE_VERSION unexpectedly failed");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 	if (ret != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 		die("FIPS140_IOCTL_MODULE_VERSION returned unexpected value %d",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 		    ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 	return buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) /* ---------------------------------------------------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195)  *				AF_ALG utilities
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196)  * ---------------------------------------------------------------------------*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) #define AF_ALG_MAX_RNG_REQUEST_SIZE	128
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) static int get_alg_fd(const char *alg_type, const char *alg_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 	struct sockaddr_alg addr = {};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 	int alg_fd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	alg_fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 	if (alg_fd < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 		die("Failed to create AF_ALG socket.\n"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) "AF_ALG is only available when it has been enabled in the kernel.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 	strncpy((char *)addr.salg_type, alg_type, sizeof(addr.salg_type) - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	strncpy((char *)addr.salg_name, alg_name, sizeof(addr.salg_name) - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 	if (bind(alg_fd, (void *)&addr, sizeof(addr)) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 		die_errno("Failed to bind AF_ALG socket to %s %s",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 			  alg_type, alg_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 	return alg_fd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) static int get_req_fd(int alg_fd, const char *alg_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 	int req_fd = accept(alg_fd, NULL, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 	if (req_fd < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 		die_errno("Failed to get request file descriptor for %s",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 			  alg_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	return req_fd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) /* ---------------------------------------------------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230)  *			  show_invalid_inputs command
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231)  * ---------------------------------------------------------------------------*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) enum direction {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	UNSPECIFIED,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 	DECRYPT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	ENCRYPT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) static const struct invalid_input_test {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 	const char *alg_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 	const char *alg_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 	const char *key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 	size_t key_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	const char *msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 	size_t msg_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 	const char *iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	size_t iv_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 	enum direction direction;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 	int setkey_error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 	int crypt_error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) } invalid_input_tests[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 	{
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 		.alg_type = "skcipher",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 		.alg_name = "cbc(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 		.key_size = 16,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 		.alg_type = "skcipher",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 		.alg_name = "cbc(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 		.key_size = 17,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 		.setkey_error = EINVAL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 		.alg_type = "skcipher",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 		.alg_name = "cbc(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 		.key_size = 24,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 		.alg_type = "skcipher",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 		.alg_name = "cbc(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 		.key_size = 32,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 		.alg_type = "skcipher",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 		.alg_name = "cbc(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 		.key_size = 33,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 		.setkey_error = EINVAL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 		.alg_type = "skcipher",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 		.alg_name = "cbc(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 		.key_size = 16,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 		.msg_size = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) 		.direction = DECRYPT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 		.crypt_error = EINVAL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 		.alg_type = "skcipher",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) 		.alg_name = "cbc(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 		.key_size = 16,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) 		.msg_size = 16,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 		.direction = ENCRYPT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) 		.alg_type = "skcipher",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) 		.alg_name = "cbc(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) 		.key_size = 16,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) 		.msg_size = 17,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) 		.direction = ENCRYPT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) 		.crypt_error = EINVAL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) 		.alg_type = "hash",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) 		.alg_name = "cmac(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 		.key_size = 29,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) 		.setkey_error = EINVAL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) 		.alg_type = "skcipher",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) 		.alg_name = "xts(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 		.key_size = 32,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) 		.alg_type = "skcipher",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) 		.alg_name = "xts(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) 		.key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) 		       "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) 		.key_size = 32,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) 		.setkey_error = EINVAL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) static const char *describe_crypt_op(const struct invalid_input_test *t)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) 	if (t->direction == ENCRYPT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) 		return "encryption";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) 	if (t->direction == DECRYPT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) 		return "decryption";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) 	if (strcmp(t->alg_type, "hash") == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) 		return "hashing";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) 	ASSERT(0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) static bool af_alg_setkey(const struct invalid_input_test *t, int alg_fd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) 	const uint8_t *key = (const uint8_t *)t->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) 	uint8_t _key[t->key_size];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) 	if (t->key_size == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) 		return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) 	if (t->key == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) 		rand_bytes(_key, t->key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) 		key = _key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) 	if (setsockopt(alg_fd, SOL_ALG, ALG_SET_KEY, key, t->key_size) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) 		printf("%s: setting %zu-byte key failed with error '%s'\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) 		       t->alg_name, t->key_size, strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) 		printf("\tkey was %s\n\n", bytes_to_hex(key, t->key_size));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) 		ASSERT(t->setkey_error == errno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 	printf("%s: setting %zu-byte key succeeded\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) 	       t->alg_name, t->key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) 	printf("\tkey was %s\n\n", bytes_to_hex(key, t->key_size));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) 	ASSERT(t->setkey_error == 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) 	return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) static void af_alg_process_msg(const struct invalid_input_test *t, int alg_fd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) 	struct iovec iov;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) 	struct msghdr hdr = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) 		.msg_iov = &iov,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) 		.msg_iovlen = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) 	};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) 	const uint8_t *msg = (const uint8_t *)t->msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) 	uint8_t *_msg = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) 	uint8_t *output = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) 	uint8_t *control = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) 	size_t controllen = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) 	struct cmsghdr *cmsg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) 	int req_fd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) 	if (t->msg_size == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) 	req_fd = get_req_fd(alg_fd, t->alg_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) 	if (t->msg == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) 		_msg = malloc(t->msg_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) 		rand_bytes(_msg, t->msg_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) 		msg = _msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) 	output = malloc(t->msg_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) 	iov.iov_base = (void *)msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) 	iov.iov_len = t->msg_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) 	if (t->direction != UNSPECIFIED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 		controllen += CMSG_SPACE(sizeof(uint32_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) 	if (t->iv_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) 		controllen += CMSG_SPACE(sizeof(struct af_alg_iv) + t->iv_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) 	control = calloc(1, controllen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) 	hdr.msg_control = control;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) 	hdr.msg_controllen = controllen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) 	cmsg = CMSG_FIRSTHDR(&hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) 	if (t->direction != UNSPECIFIED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) 		cmsg->cmsg_level = SOL_ALG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) 		cmsg->cmsg_type = ALG_SET_OP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) 		cmsg->cmsg_len = CMSG_LEN(sizeof(uint32_t));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) 		*(uint32_t *)CMSG_DATA(cmsg) = t->direction == DECRYPT ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) 				ALG_OP_DECRYPT : ALG_OP_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) 		cmsg = CMSG_NXTHDR(&hdr, cmsg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) 	if (t->iv_size) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) 		struct af_alg_iv *alg_iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) 		cmsg->cmsg_level = SOL_ALG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) 		cmsg->cmsg_type = ALG_SET_IV;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) 		cmsg->cmsg_len = CMSG_LEN(sizeof(*alg_iv) + t->iv_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) 		alg_iv = (struct af_alg_iv *)CMSG_DATA(cmsg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) 		alg_iv->ivlen = t->iv_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) 		memcpy(alg_iv->iv, t->iv, t->iv_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) 	if (sendmsg(req_fd, &hdr, 0) != t->msg_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) 		die_errno("sendmsg failed");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) 	if (read(req_fd, output, t->msg_size) != t->msg_size) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) 		printf("%s: %s of %zu-byte message failed with error '%s'\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) 		       t->alg_name, describe_crypt_op(t), t->msg_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) 		       strerror(errno));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) 		printf("\tmessage was %s\n\n", bytes_to_hex(msg, t->msg_size));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) 		ASSERT(t->crypt_error == errno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) 		printf("%s: %s of %zu-byte message succeeded\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) 		       t->alg_name, describe_crypt_op(t), t->msg_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) 		printf("\tmessage was %s\n\n", bytes_to_hex(msg, t->msg_size));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) 		ASSERT(t->crypt_error == 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) 	free(_msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) 	free(output);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) 	free(control);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) 	close(req_fd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) static void test_invalid_input(const struct invalid_input_test *t)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) 	int alg_fd = get_alg_fd(t->alg_type, t->alg_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) 	if (af_alg_setkey(t, alg_fd))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) 		af_alg_process_msg(t, alg_fd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) 	close(alg_fd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) static int cmd_show_invalid_inputs(int argc, char *argv[])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) 	int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) 	for (i = 0; i < ARRAY_SIZE(invalid_input_tests); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) 		test_invalid_input(&invalid_input_tests[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) /* ---------------------------------------------------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447)  *			  show_module_version command
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448)  * ---------------------------------------------------------------------------*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) static int cmd_show_module_version(int argc, char *argv[])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) 	printf("fips140_module_version() => \"%s\"\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) 	       fips140_module_version());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) /* ---------------------------------------------------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458)  *			show_service_indicators command
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459)  * ---------------------------------------------------------------------------*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) static const char * const default_services_to_show[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) 	"aes",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) 	"cbc(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) 	"cbcmac(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) 	"cmac(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) 	"ctr(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) 	"cts(cbc(aes))",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) 	"ecb(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) 	"essiv(cbc(aes),sha256)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) 	"gcm(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) 	"hmac(sha1)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) 	"hmac(sha224)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) 	"hmac(sha256)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) 	"hmac(sha384)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) 	"hmac(sha512)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) 	"jitterentropy_rng",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) 	"sha1",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) 	"sha224",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) 	"sha256",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) 	"sha384",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) 	"sha512",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) 	"stdrng",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) 	"xcbc(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) 	"xts(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) static int cmd_show_service_indicators(int argc, char *argv[])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) 	const char * const *services = default_services_to_show;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) 	int count = ARRAY_SIZE(default_services_to_show);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) 	int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) 	if (argc > 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) 		services = (const char **)(argv + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) 		count = argc - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) 	for (i = 0; i < count; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) 		printf("fips140_is_approved_service(\"%s\") => %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) 		       services[i],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) 		       booltostr(fips140_is_approved_service(services[i])));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) /* ---------------------------------------------------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506)  *				     main()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507)  * ---------------------------------------------------------------------------*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) static const struct command {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) 	const char *name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) 	int (*func)(int argc, char *argv[]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) } commands[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) 	{ "show_invalid_inputs", cmd_show_invalid_inputs },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) 	{ "show_module_version", cmd_show_module_version },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) 	{ "show_service_indicators", cmd_show_service_indicators },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) static void usage(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) 	fprintf(stderr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) "Usage:\n"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) "       fips140_lab_util show_invalid_inputs\n"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) "       fips140_lab_util show_module_version\n"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) "       fips140_lab_util show_service_indicators [SERVICE]...\n"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) 	);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) int main(int argc, char *argv[])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) 	int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) 	if (argc < 2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) 		usage();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) 		return 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) 	for (i = 1; i < argc; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) 		if (strcmp(argv[i], "--help") == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) 			usage();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) 			return 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) 	for (i = 0; i < ARRAY_SIZE(commands); i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) 		if (strcmp(commands[i].name, argv[1]) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) 			return commands[i].func(argc - 1, argv + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) 	fprintf(stderr, "Unknown command: %s\n\n", argv[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) 	usage();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) 	return 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.