extending afalg with aes-cbc-192/256, afalgtest.c also updated accordingly. comments...
authorJitendraLulla <lullajd@yahoo.com>
Sat, 11 Nov 2017 06:31:58 +0000 (12:01 +0530)
committerMatt Caswell <matt@openssl.org>
Fri, 8 Dec 2017 10:39:52 +0000 (10:39 +0000)
fix  indentation, remove printf from afalgtest.c

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4717)

engines/e_afalg.c
engines/e_afalg.h
test/afalgtest.c

index 982a53d..5f9bc2d 100644 (file)
@@ -18,6 +18,7 @@
 #include <openssl/engine.h>
 #include <openssl/async.h>
 #include <openssl/err.h>
+#include "internal/nelem.h"
 
 #include <sys/socket.h>
 #include <linux/version.h>
@@ -78,7 +79,7 @@ static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
 static int afalg_destroy(ENGINE *e);
 static int afalg_init(ENGINE *e);
 static int afalg_finish(ENGINE *e);
-const EVP_CIPHER *afalg_aes_128_cbc(void);
+const EVP_CIPHER *afalg_aes_cbc(int nid);
 static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
                          const int **nids, int nid);
 static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -93,10 +94,14 @@ static const char *engine_afalg_id = "afalg";
 static const char *engine_afalg_name = "AFALG engine support";
 
 static int afalg_cipher_nids[] = {
-    NID_aes_128_cbc
+    NID_aes_128_cbc,
+    NID_aes_192_cbc,
+    NID_aes_256_cbc,
 };
 
-static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
+static cbc_handles cbc_handle[] = {{AES_KEY_SIZE_128, NULL},
+                                    {AES_KEY_SIZE_192, NULL},
+                                    {AES_KEY_SIZE_256, NULL}};
 
 static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
 {
@@ -350,7 +355,6 @@ static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
         AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED);
         return 0;
     }
-
     return 1;
 }
 
@@ -515,6 +519,8 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     ciphertype = EVP_CIPHER_CTX_nid(ctx);
     switch (ciphertype) {
     case NID_aes_128_cbc:
+    case NID_aes_192_cbc:
+    case NID_aes_256_cbc:
         strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME);
         break;
     default:
@@ -637,29 +643,45 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx)
     return 1;
 }
 
-const EVP_CIPHER *afalg_aes_128_cbc(void)
+cbc_handles *get_cipher_handle(int nid)
+{
+    switch (nid) {
+    case NID_aes_128_cbc:
+        return &cbc_handle[AES_CBC_128];
+    case NID_aes_192_cbc:
+        return &cbc_handle[AES_CBC_192];
+    case NID_aes_256_cbc:
+        return &cbc_handle[AES_CBC_256];
+    default:
+        return NULL;
+    }
+}
+
+const EVP_CIPHER *afalg_aes_cbc(int nid)
 {
-    if (_hidden_aes_128_cbc == NULL
-        && ((_hidden_aes_128_cbc =
-             EVP_CIPHER_meth_new(NID_aes_128_cbc,
-                                 AES_BLOCK_SIZE,
-                                 AES_KEY_SIZE_128)) == NULL
-            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc, AES_IV_LEN)
-            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
-                                          EVP_CIPH_CBC_MODE |
-                                          EVP_CIPH_FLAG_DEFAULT_ASN1)
-            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
-                                         afalg_cipher_init)
-            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
-                                              afalg_do_cipher)
-            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
-                                            afalg_cipher_cleanup)
-            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
-                                                  sizeof(afalg_ctx)))) {
-        EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
-        _hidden_aes_128_cbc = NULL;
-    }
-    return _hidden_aes_128_cbc;
+    cbc_handles *cipher_handle = get_cipher_handle(nid);
+    if (cipher_handle->_hidden == NULL
+        && ((cipher_handle->_hidden =
+         EVP_CIPHER_meth_new(nid,
+                             AES_BLOCK_SIZE,
+                             cipher_handle->key_size)) == NULL
+        || !EVP_CIPHER_meth_set_iv_length(cipher_handle->_hidden,
+                                          AES_IV_LEN)
+        || !EVP_CIPHER_meth_set_flags(cipher_handle->_hidden,
+                                      EVP_CIPH_CBC_MODE |
+                                      EVP_CIPH_FLAG_DEFAULT_ASN1)
+        || !EVP_CIPHER_meth_set_init(cipher_handle->_hidden,
+                                     afalg_cipher_init)
+        || !EVP_CIPHER_meth_set_do_cipher(cipher_handle->_hidden,
+                                          afalg_do_cipher)
+        || !EVP_CIPHER_meth_set_cleanup(cipher_handle->_hidden,
+                                        afalg_cipher_cleanup)
+        || !EVP_CIPHER_meth_set_impl_ctx_size(cipher_handle->_hidden,
+                                              sizeof(afalg_ctx)))) {
+        EVP_CIPHER_meth_free(cipher_handle->_hidden);
+        cipher_handle->_hidden= NULL;
+    }
+    return cipher_handle->_hidden;
 }
 
 static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
@@ -674,19 +696,21 @@ static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
 
     switch (nid) {
     case NID_aes_128_cbc:
-        *cipher = afalg_aes_128_cbc();
+    case NID_aes_192_cbc:
+    case NID_aes_256_cbc:
+        *cipher = afalg_aes_cbc(nid);
         break;
     default:
         *cipher = NULL;
         r = 0;
     }
-
     return r;
 }
 
 static int bind_afalg(ENGINE *e)
 {
     /* Ensure the afalg error handling is set up */
+    unsigned short i;
     ERR_load_AFALG_strings();
 
     if (!ENGINE_set_id(e, engine_afalg_id)
@@ -699,13 +723,15 @@ static int bind_afalg(ENGINE *e)
     }
 
     /*
-     * Create _hidden_aes_128_cbc by calling afalg_aes_128_cbc
+     * Create _hidden_aes_xxx_cbc by calling afalg_aes_xxx_cbc
      * now, as bind_aflag can only be called by one thread at a
      * time.
      */
-    if (afalg_aes_128_cbc() == NULL) {
-        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
-        return 0;
+    for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
+        if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) {
+            AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+            return 0;
+        }
     }
 
     if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
@@ -817,11 +843,20 @@ static int afalg_finish(ENGINE *e)
     return 1;
 }
 
+static int free_cbc(void)
+{
+    short int i;
+    for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
+        EVP_CIPHER_meth_free(cbc_handle[i]._hidden);
+        cbc_handle[i]._hidden = NULL;
+    }
+    return 1;
+}
+
 static int afalg_destroy(ENGINE *e)
 {
     ERR_unload_AFALG_strings();
-    EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
-    _hidden_aes_128_cbc = NULL;
+    free_cbc();
     return 1;
 }
 
index 948d67e..2c03c44 100644 (file)
@@ -41,6 +41,8 @@
 #  define AES_BLOCK_SIZE   16
 # endif
 # define AES_KEY_SIZE_128 16
+# define AES_KEY_SIZE_192 24
+# define AES_KEY_SIZE_256 32
 # define AES_IV_LEN       16
 
 # define MAX_INFLIGHTS 1
@@ -51,6 +53,19 @@ typedef enum {
     MODE_ASYNC
 } op_mode;
 
+enum {
+    AES_CBC_128 = 0,
+    AES_CBC_192,
+    AES_CBC_256
+};
+
+struct cbc_cipher_handles {
+    int key_size;
+    EVP_CIPHER *_hidden;
+};
+
+typedef struct cbc_cipher_handles cbc_handles;
+
 struct afalg_aio_st {
     int efd;
     op_mode mode;
index 18025ab..ec25d58 100644 (file)
@@ -17,7 +17,7 @@
 #include "testutil.h"
 
 /* Use a buffer size which is not aligned to block size */
-#define BUFFER_SIZE     (8 * 1024) - 13
+#define BUFFER_SIZE     17
 
 #ifndef OPENSSL_NO_ENGINE
 static ENGINE *e;
@@ -41,24 +41,50 @@ static ENGINE *e;
 #endif
 
 #ifndef OPENSSL_NO_AFALGENG
-static int test_afalg_aes_128_cbc(void)
+static int test_afalg_aes_cbc(int keysize_idx)
 {
     EVP_CIPHER_CTX *ctx;
-    const EVP_CIPHER *cipher = EVP_aes_128_cbc();
-    unsigned char key[] = "\x5F\x4D\xCC\x3B\x5A\xA7\x65\xD6\
-                           \x1D\x83\x27\xDE\xB8\x82\xCF\x99";
-    unsigned char iv[] = "\x2B\x95\x99\x0A\x91\x51\x37\x4A\
-                          \xBD\x8F\xF8\xC5\xA7\xA0\xFE\x08";
-
-    unsigned char in[BUFFER_SIZE];
+    const EVP_CIPHER *cipher;
+    unsigned char key[] = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
+                          "\x51\x2e\x03\xd5\x34\x12\x00\x06"
+                          "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
+                          "\x51\x2e\x03\xd5\x34\x12\x00\x06";
+    unsigned char iv[] = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
+                         "\xb4\x22\xda\x80\x2c\x9f\xac\x41";
+    /* input = "Single block msg\n"  17Bytes*/
+    unsigned char in[BUFFER_SIZE] = "\x53\x69\x6e\x67\x6c\x65\x20\x62"
+                                    "\x6c\x6f\x63\x6b\x20\x6d\x73\x67\x0a";
     unsigned char ebuf[BUFFER_SIZE + 32];
     unsigned char dbuf[BUFFER_SIZE + 32];
+    unsigned char encresult_128[] = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
+                                    "\x27\x08\x94\x2d\xbe\x77\x18\x1a\x2d";
+    unsigned char encresult_192[] = "\xf7\xe4\x26\xd1\xd5\x4f\x8f\x39"
+                                    "\xb1\x9e\xe0\xdf\x61\xb9\xc2\x55\xeb";
+    unsigned char encresult_256[] = "\xa0\x76\x85\xfd\xc1\x65\x71\x9d"
+                                    "\xc7\xe9\x13\x6e\xae\x55\x49\xb4\x13";
+    unsigned char *enc_result;
+
     int encl, encf, decl, decf;
     int ret = 0;
 
+    switch (keysize_idx) {
+        case 0:
+            cipher = EVP_aes_128_cbc();
+            enc_result = &encresult_128[0];
+            break;
+        case 1:
+            cipher = EVP_aes_192_cbc();
+            enc_result = &encresult_192[0];
+            break;
+        case 2:
+            cipher = EVP_aes_256_cbc();
+            enc_result = &encresult_256[0];
+            break;
+        default:
+            cipher = NULL;
+    }
     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
             return 0;
-    RAND_bytes(in, BUFFER_SIZE);
 
     if (!TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1))
             || !TEST_true(EVP_CipherUpdate(ctx, ebuf, &encl, in, BUFFER_SIZE))
@@ -66,6 +92,9 @@ static int test_afalg_aes_128_cbc(void)
         goto end;
     encl += encf;
 
+    if (!TEST_mem_eq(enc_result, BUFFER_SIZE, ebuf, BUFFER_SIZE))
+        goto end;
+
     if (!TEST_true(EVP_CIPHER_CTX_reset(ctx))
             || !TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 0))
             || !TEST_true(EVP_CipherUpdate(ctx, dbuf, &decl, ebuf, encl))
@@ -104,7 +133,7 @@ int setup_tests(void)
         TEST_info("Can't load AFALG engine");
     } else {
 # ifndef OPENSSL_NO_AFALGENG
-        ADD_TEST(test_afalg_aes_128_cbc);
+        ADD_ALL_TESTS(test_afalg_aes_cbc, 3);
 # endif
     }
 #endif