move md5.c, add des-ede3 test

3 files changed, 207 insertions, 4 deletions

diff --git a/regress/sys/crypto/Makefile b/regress/sys/crypto/Makefile
index 1c0db27d99d..f7afa0dba97 100644
--- a/regress/sys/crypto/Makefile
+++ b/regress/sys/crypto/Makefile
@@ -1,5 +1,7 @@
-#       $OpenBSD: Makefile,v 1.1 2002/03/19 17:23:30 markus Exp $
+#	$OpenBSD: Makefile,v 1.2 2002/03/21 15:08:53 markus Exp $
 
-PROG=   md5
+SUBDIR=auth enc
 
-.include <bsd.regress.mk>
+install:
+
+.include <bsd.subdir.mk>
diff --git a/regress/sys/crypto/md5.c b/regress/sys/crypto/auth/md5.c
index 301d1b34eab..4b64f419306 100644
--- a/regress/sys/crypto/md5.c
+++ b/regress/sys/crypto/auth/md5.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: md5.c,v 1.2 2002/03/19 20:10:25 markus Exp $  */
+/*      $OpenBSD: md5.c,v 1.1 2002/03/21 15:08:53 markus Exp $  */
 
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserverd.
diff --git a/regress/sys/crypto/enc/des3.c b/regress/sys/crypto/enc/des3.c
new file mode 100644
index 00000000000..64c0cdcfa78
--- /dev/null
+++ b/regress/sys/crypto/enc/des3.c
@@ -0,0 +1,201 @@
+/*      $OpenBSD: des3.c,v 1.1 2002/03/21 15:08:53 markus Exp $  */
+
+/*
+ * Copyright (c) 2002 Markus Friedl.  All rights reserverd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/sysctl.h>
+#include <crypto/cryptodev.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <err.h>
+#include <des.h>
+
+int
+syscrypt(const unsigned char *key, size_t klen, const unsigned char *iv,
+    const unsigned char *in, unsigned char *out, size_t len, int encrypt)
+{
+	struct session_op session;
+	struct crypt_op cryp;
+	int cryptodev_fd = -1, fd = -1, i;
+
+	if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+		warn("/dev/crypto");
+		goto err;
+	}
+	if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
+		warn("CRIOGET failed");
+		goto err;
+	}
+	memset(&session, 0, sizeof(session));
+	session.cipher = CRYPTO_3DES_CBC;
+	session.key = (caddr_t) key;
+	session.keylen = klen;
+	if (ioctl(fd, CIOCGSESSION, &session) == -1) {
+		warn("CIOCGSESSION");
+		goto err;
+	}
+	memset(&cryp, 0, sizeof(cryp));
+	cryp.ses = session.ses;
+	cryp.op = encrypt ? COP_ENCRYPT : COP_DECRYPT;
+	cryp.flags = 0;
+	cryp.len = len;
+	cryp.src = (caddr_t) in;
+	cryp.dst = (caddr_t) out;
+	cryp.iv = (caddr_t) iv;
+	cryp.mac = 0;
+	if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
+		warn("CIOCCRYPT");
+		goto err;
+	}
+	if (ioctl(fd, CIOCFSESSION, &session.ses) == -1) {
+		warn("CIOCFSESSION");
+		goto err;
+	}
+	close(fd);
+	close(cryptodev_fd);
+	return (0);
+
+err:
+	if (fd != -1)
+		close(fd);
+	if (cryptodev_fd != -1)
+		close(cryptodev_fd);
+	return (-1);
+}
+
+int
+getallowsoft(void)
+{
+	int mib[2], old;
+	size_t olen;
+
+	olen = sizeof(old);
+
+	mib[0] = CTL_KERN;
+	mib[1] = KERN_CRYPTODEVALLOWSOFT;
+	if (sysctl(mib, 2, &old, &olen, NULL, 0) < 0)
+		err(1, "sysctl failed");
+
+	return old;
+}
+
+void
+setallowsoft(int new)
+{
+	int mib[2], old;
+	size_t olen, nlen;
+
+	olen = nlen = sizeof(new);
+
+	mib[0] = CTL_KERN;
+	mib[1] = KERN_CRYPTODEVALLOWSOFT;
+
+	if (sysctl(mib, 2, &old, &olen, &new, nlen) < 0)
+		err(1, "sysctl failed");
+}
+
+int
+match(unsigned char *a, unsigned char *b, size_t len)
+{
+	int i;
+
+	if (memcmp(a, b, len) == 0)
+		return (1);
+
+	warnx("decrypt/plaintext mismatch");
+
+	for (i = 0; i < len; i++)
+		printf("%2.2x", a[i]);
+	printf("\n");
+	for (i = 0; i < len; i++)
+		printf("%2.2x", b[i]);
+	printf("\n");
+
+	return (0);
+}
+
+#define SZ 16
+
+int
+main(int argc, char **argv)
+{
+	des_key_schedule ks1, ks2, ks3;
+	unsigned char iv0[8], iv[8], key[24] = "012345670123456701234567";
+	unsigned char b1[SZ], b2[SZ];
+	int allowed, i, fail = 0;
+
+	if (geteuid() == 0) {
+		allowed = getallowsoft();
+		if (allowed == 0)
+			setallowsoft(1);
+	}
+
+	/* setup data and iv */
+	for (i = 0; i < sizeof(b1);  i+= sizeof(u_int32_t))
+		*(u_int32_t *)(b1 + i) = arc4random();
+	for (i = 0; i < sizeof(iv0); i+= sizeof(u_int32_t))
+		*(u_int32_t *)(iv0 + 1) = arc4random();
+	memset(b2, 0, sizeof(b2));
+
+	/* keysetup for software */
+        des_set_key((void *) key, ks1);
+        des_set_key((void *) (key+8), ks2);
+        des_set_key((void *) (key+16), ks3);
+
+	/* encrypt with software, decrypt with /dev/crypto */
+	memcpy(iv, iv0, sizeof(iv0));
+        des_ede3_cbc_encrypt((void *)b1, (void*)b2, sizeof(b1), ks1, ks2, ks3,
+	    (void*)iv, DES_ENCRYPT);
+	memcpy(iv, iv0, sizeof(iv0));
+	if (syscrypt(key, sizeof(key), iv, b2, b2, sizeof(b1), 0) < 0) {
+		warnx("decrypt with /dev/crypto failed");
+		fail++;
+	}
+	if (!match(b1, b2, sizeof(b1)))
+		fail++;
+	else
+		printf("ok, encrypt with software, decrypt with /dev/crypto\n");
+
+	/* encrypt with /dev/crypto, decrypt with software */
+	memcpy(iv, iv0, sizeof(iv0));
+	if (syscrypt(key, sizeof(key), iv, b1, b2, sizeof(b1), 1) < 0) {
+		warnx("encrypt with /dev/crypto failed");
+		fail++;
+	}
+	memcpy(iv, iv0, sizeof(iv0));
+        des_ede3_cbc_encrypt((void *)b2, (void*)b2, sizeof(b1), ks1, ks2, ks3,
+	    (void*)iv, DES_DECRYPT);
+	if (!match(b1, b2, sizeof(b1)))
+		fail++;
+	else
+		printf("ok, encrypt with /dev/crypto, decrypt with software\n");
+
+	if (geteuid() == 0 && allowed == 0)
+		setallowsoft(0);
+	exit((fail > 0) ? 1 : 0);
+}